+ goto out;
+ }
+
+ info->fit = fit;
+ info->node_noffset = noffset;
+ info->name = algo_name;
+
+ info->cipher = image_get_cipher_algo(algo_name);
+ if (!info->cipher) {
+ printf("Can't get algo for cipher '%s'\n", image_name);
+ goto out;
+ }
+
+ /* Read the key in the file */
+ snprintf(filename, sizeof(filename), "%s/%s%s",
+ info->keydir, info->keyname, ".bin");
+ info->key = malloc(info->cipher->key_len);
+ if (!info->key) {
+ printf("Can't allocate memory for key\n");
+ ret = -1;
+ goto out;
+ }
+ ret = fit_image_read_data(filename, (unsigned char *)info->key,
+ info->cipher->key_len);
+ if (ret < 0)
+ goto out;
+
+ /* Read the IV in the file */
+ snprintf(filename, sizeof(filename), "%s/%s%s",
+ info->keydir, info->ivname, ".bin");
+ info->iv = malloc(info->cipher->iv_len);
+ if (!info->iv) {
+ printf("Can't allocate memory for iv\n");
+ ret = -1;
+ goto out;
+ }
+ ret = fit_image_read_data(filename, (unsigned char *)info->iv,
+ info->cipher->iv_len);
+
+ out:
+ return ret;
+}
+
+int fit_image_write_cipher(void *fit, int image_noffset, int noffset,
+ const void *data, size_t size,
+ unsigned char *data_ciphered, int data_ciphered_len)
+{
+ int ret = -1;
+
+ /* Remove unciphered data */
+ ret = fdt_delprop(fit, image_noffset, FIT_DATA_PROP);
+ if (ret) {
+ printf("Can't remove data (err = %d)\n", ret);
+ goto out;
+ }
+
+ /* Add ciphered data */
+ ret = fdt_setprop(fit, image_noffset, FIT_DATA_PROP,
+ data_ciphered, data_ciphered_len);
+ if (ret) {
+ printf("Can't add ciphered data (err = %d)\n", ret);
+ goto out;
+ }
+
+ /* add non ciphered data size */
+ ret = fdt_setprop_u32(fit, image_noffset, "data-size-unciphered", size);
+ if (ret) {
+ printf("Can't add unciphered data size (err = %d)\n", ret);
+ goto out;
+ }
+
+ out:
+ return ret;
+}
+
+static int
+fit_image_process_cipher(const char *keydir, void *keydest, void *fit,
+ const char *image_name, int image_noffset,
+ const char *node_name, int node_noffset,
+ const void *data, size_t size,
+ const char *cmdname)
+{
+ struct image_cipher_info info;
+ unsigned char *data_ciphered = NULL;
+ int data_ciphered_len;
+ int ret;
+
+ memset(&info, 0, sizeof(info));
+
+ ret = fit_image_setup_cipher(&info, keydir, fit, image_name,
+ image_noffset, node_name, node_noffset);
+ if (ret)
+ goto out;
+
+ ret = info.cipher->encrypt(&info, data, size,
+ &data_ciphered, &data_ciphered_len);
+ if (ret)
+ goto out;
+
+ /*
+ * Write the public key into the supplied FDT file; this might fail
+ * several times, since we try signing with successively increasing
+ * size values
+ */
+ if (keydest) {
+ ret = info.cipher->add_cipher_data(&info, keydest);
+ if (ret) {
+ printf("Failed to add verification data for cipher '%s' in image '%s'\n",
+ info.keyname, image_name);
+ goto out;
+ }
+ }
+
+ ret = fit_image_write_cipher(fit, image_noffset, node_noffset,
+ data, size,
+ data_ciphered, data_ciphered_len);
+
+ out:
+ free(data_ciphered);
+ free((void *)info.key);
+ free((void *)info.iv);
+ return ret;
+}
+
+int fit_image_cipher_data(const char *keydir, void *keydest,
+ void *fit, int image_noffset, const char *comment,
+ int require_keys, const char *engine_id,
+ const char *cmdname)
+{
+ const char *image_name;
+ const void *data;
+ size_t size;
+ int node_noffset;
+
+ /* Get image name */
+ image_name = fit_get_name(fit, image_noffset, NULL);
+ if (!image_name) {
+ printf("Can't get image name\n");
projects / J-u-boot.git / blobdiff