fit: cipher: aes: allow to store the IV in the FIT image

Binaries may be encrypted in a FIT image with AES. This
algo needs a key and an IV (Initialization Vector). The
IV is provided in a file (pointer by iv-name-hint in the
ITS file) when building the ITB file.

This commits adds provide an alternative way to manage
the IV. If the property iv-name-hint is not provided in
the ITS file, the tool mkimage will generate an random
IV and store it in the FIT image.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

lib/aes/aes-encrypt.c

@@ -74,7 +74,8 @@ int image_aes_encrypt(struct image_cipher_info *info,
 	return ret;
 }
 
-int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest)
+int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest,
+			      void *fit, int node_noffset)
 {
 	int parent, node;
 	char name[128];
@@ -97,8 +98,13 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest)
 		goto done;
 
 	/* Either create or overwrite the named key node */
-	snprintf(name, sizeof(name), "key-%s-%s-%s",
-		 info->name, info->keyname, info->ivname);
+	if (info->ivname)
+		snprintf(name, sizeof(name), "key-%s-%s-%s",
+			 info->name, info->keyname, info->ivname);
+	else
+		snprintf(name, sizeof(name), "key-%s-%s",
+			 info->name, info->keyname);
+
 	node = fdt_subnode_offset(keydest, parent, name);
 	if (node == -FDT_ERR_NOTFOUND) {
 		node = fdt_add_subnode(keydest, parent, name);
@@ -116,9 +122,17 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest)
 		ret = node;
 	}
 
-	if (!ret)
+	if (ret)
+		goto done;
+
+	if (info->ivname)
+		/* Store the IV in the u-boot device tree */
 		ret = fdt_setprop(keydest, node, "iv",
 				  info->iv, info->cipher->iv_len);
+	else
+		/* Store the IV in the FIT image */
+		ret = fdt_setprop(fit, node_noffset, "iv",
+				  info->iv, info->cipher->iv_len);
 
 	if (!ret)
 		ret = fdt_setprop(keydest, node, "key",