fit: cipher: aes: allow to store the IV in the FIT image

Binaries may be encrypted in a FIT image with AES. This algo needs a key and an IV (Initialization Vector). The IV is provided in a file (pointer by iv-name-hint in the ITS file) when building the ITB file. This commits adds provide an alternative way to manage the IV. If the property iv-name-hint is not provided in the ITS file, the tool mkimage will generate an random IV and store it in the FIT image. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
2020-09-17 15:01:46 +02:00
parent 34ca77c1e1
commit a6982a6f76
4 changed files with 72 additions and 19 deletions
--- a/include/image.h
+++ b/include/image.h
@@ -1463,7 +1463,7 @@ struct cipher_algo {
 		       unsigned char **cipher, int *cipher_len);

 	int (*add_cipher_data)(struct image_cipher_info *info,
-			       void *keydest);
+			       void *keydest, void *fit, int node_noffset);

 	int (*decrypt)(struct image_cipher_info *info,
 		       const void *cipher, size_t cipher_len,
--- a/include/u-boot/aes.h
+++ b/include/u-boot/aes.h
@@ -13,7 +13,8 @@
 int image_aes_encrypt(struct image_cipher_info *info,
 		      const unsigned char *data, int size,
 		      unsigned char **cipher, int *cipher_len);
-int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest);
+int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest,
+			      void *fit, int node_noffset);
 #else
 int image_aes_encrypt(struct image_cipher_info *info,
 		      const unsigned char *data, int size,
@@ -22,7 +23,8 @@ int image_aes_encrypt(struct image_cipher_info *info,
 	return -ENXIO;
 }

-int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest)
+int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest,
+			      void *fit, int node_noffset)
 {
 	return -ENXIO;
 }