From 7012c04ef3dea6ab05cab74879e1ab97c7a086e2 Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Mon, 6 Jan 2020 15:22:34 +0100 Subject: [PATCH 1/6] aes: add a define for the size of a block In the code, we use the size of the key for the size of the block. It's true when the key is 128 bits, but it become false for key of 192 bits and 256 bits. So to prepare the support of aes192 and 256, we introduce a constant for the iaes block size. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- cmd/aes.c | 2 +- include/uboot_aes.h | 5 +++-- lib/aes.c | 34 +++++++++++++++++----------------- 3 files changed, 21 insertions(+), 20 deletions(-) diff --git a/cmd/aes.c b/cmd/aes.c index 8c61cee8e89..24b0256a762 100644 --- a/cmd/aes.c +++ b/cmd/aes.c @@ -56,7 +56,7 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) aes_expand_key(key_ptr, key_exp); /* Calculate the number of AES blocks to encrypt. */ - aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH); + aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH); if (enc) aes_cbc_encrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr, diff --git a/include/uboot_aes.h b/include/uboot_aes.h index 2fda384e3b7..1ae3ac9cb22 100644 --- a/include/uboot_aes.h +++ b/include/uboot_aes.h @@ -18,7 +18,7 @@ typedef unsigned int u32; * AES encryption library, with small code size, supporting only 128-bit AES * * AES is a stream cipher which works a block at a time, with each block - * in this case being AES_KEY_LENGTH bytes. + * in this case being AES_BLOCK_LENGTH bytes. */ enum { @@ -28,6 +28,7 @@ enum { AES_KEY_LENGTH = 128 / 8, AES_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES_ROUNDS + 1), + AES_BLOCK_LENGTH = 128 / 8, }; /** @@ -62,7 +63,7 @@ void aes_decrypt(u8 *in, u8 *expkey, u8 *out); /** * Apply chain data to the destination using EOR * - * Each array is of length AES_KEY_LENGTH. + * Each array is of length AES_BLOCK_LENGTH. * * @cbc_chain_data Chain data * @src Source data diff --git a/lib/aes.c b/lib/aes.c index a12a1920843..cfa57b681c6 100644 --- a/lib/aes.c +++ b/lib/aes.c @@ -596,62 +596,62 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) { int i; - for (i = 0; i < AES_KEY_LENGTH; i++) + for (i = 0; i < AES_BLOCK_LENGTH; i++) *dst++ = *src++ ^ *cbc_chain_data++; } void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks) { - u8 tmp_data[AES_KEY_LENGTH]; + u8 tmp_data[AES_BLOCK_LENGTH]; u8 *cbc_chain_data = iv; u32 i; for (i = 0; i < num_aes_blocks; i++) { debug("encrypt_object: block %d of %d\n", i, num_aes_blocks); - debug_print_vector("AES Src", AES_KEY_LENGTH, src); + debug_print_vector("AES Src", AES_BLOCK_LENGTH, src); /* Apply the chain data */ aes_apply_cbc_chain_data(cbc_chain_data, src, tmp_data); - debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data); + debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data); /* Encrypt the AES block */ aes_encrypt(tmp_data, key_exp, dst); - debug_print_vector("AES Dst", AES_KEY_LENGTH, dst); + debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst); /* Update pointers for next loop. */ cbc_chain_data = dst; - src += AES_KEY_LENGTH; - dst += AES_KEY_LENGTH; + src += AES_BLOCK_LENGTH; + dst += AES_BLOCK_LENGTH; } } void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks) { - u8 tmp_data[AES_KEY_LENGTH], tmp_block[AES_KEY_LENGTH]; + u8 tmp_data[AES_BLOCK_LENGTH], tmp_block[AES_BLOCK_LENGTH]; /* Convenient array of 0's for IV */ - u8 cbc_chain_data[AES_KEY_LENGTH]; + u8 cbc_chain_data[AES_BLOCK_LENGTH]; u32 i; - memcpy(cbc_chain_data, iv, AES_KEY_LENGTH); + memcpy(cbc_chain_data, iv, AES_BLOCK_LENGTH); for (i = 0; i < num_aes_blocks; i++) { debug("encrypt_object: block %d of %d\n", i, num_aes_blocks); - debug_print_vector("AES Src", AES_KEY_LENGTH, src); + debug_print_vector("AES Src", AES_BLOCK_LENGTH, src); - memcpy(tmp_block, src, AES_KEY_LENGTH); + memcpy(tmp_block, src, AES_BLOCK_LENGTH); /* Decrypt the AES block */ aes_decrypt(src, key_exp, tmp_data); - debug_print_vector("AES Xor", AES_KEY_LENGTH, tmp_data); + debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data); /* Apply the chain data */ aes_apply_cbc_chain_data(cbc_chain_data, tmp_data, dst); - debug_print_vector("AES Dst", AES_KEY_LENGTH, dst); + debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst); /* Update pointers for next loop. */ - memcpy(cbc_chain_data, tmp_block, AES_KEY_LENGTH); - src += AES_KEY_LENGTH; - dst += AES_KEY_LENGTH; + memcpy(cbc_chain_data, tmp_block, AES_BLOCK_LENGTH); + src += AES_BLOCK_LENGTH; + dst += AES_BLOCK_LENGTH; } } From 8302d1708aef720d52942ea47bcebf9c1b8d5de0 Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Mon, 6 Jan 2020 15:22:35 +0100 Subject: [PATCH 2/6] aes: add support of aes192 and aes256 Until now, we only support aes128. This commit add the support of aes192 and aes256. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- arch/arm/mach-tegra/tegra20/crypto.c | 41 ++++++++------- cmd/aes.c | 38 +++++++++----- include/uboot_aes.h | 34 ++++++++---- lib/aes.c | 77 +++++++++++++++++++--------- 4 files changed, 125 insertions(+), 65 deletions(-) diff --git a/arch/arm/mach-tegra/tegra20/crypto.c b/arch/arm/mach-tegra/tegra20/crypto.c index 66fbc3b458c..b91191eba37 100644 --- a/arch/arm/mach-tegra/tegra20/crypto.c +++ b/arch/arm/mach-tegra/tegra20/crypto.c @@ -39,34 +39,35 @@ static void left_shift_vector(u8 *in, u8 *out, int size) /** * Sign a block of data, putting the result into dst. * - * \param key Input AES key, length AES_KEY_LENGTH + * \param key Input AES key, length AES128_KEY_LENGTH * \param key_schedule Expanded key to use * \param src Source data of length 'num_aes_blocks' blocks - * \param dst Destination buffer, length AES_KEY_LENGTH + * \param dst Destination buffer, length AES128_KEY_LENGTH * \param num_aes_blocks Number of AES blocks to encrypt */ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst, u32 num_aes_blocks) { - u8 tmp_data[AES_KEY_LENGTH]; - u8 iv[AES_KEY_LENGTH] = {0}; - u8 left[AES_KEY_LENGTH]; - u8 k1[AES_KEY_LENGTH]; + u8 tmp_data[AES128_KEY_LENGTH]; + u8 iv[AES128_KEY_LENGTH] = {0}; + u8 left[AES128_KEY_LENGTH]; + u8 k1[AES128_KEY_LENGTH]; u8 *cbc_chain_data; unsigned i; cbc_chain_data = zero_key; /* Convenient array of 0's for IV */ /* compute K1 constant needed by AES-CMAC calculation */ - for (i = 0; i < AES_KEY_LENGTH; i++) + for (i = 0; i < AES128_KEY_LENGTH; i++) tmp_data[i] = 0; - aes_cbc_encrypt_blocks(key_schedule, iv, tmp_data, left, 1); + aes_cbc_encrypt_blocks(AES128_KEY_LENGTH, key_schedule, iv, + tmp_data, left, 1); left_shift_vector(left, k1, sizeof(left)); if ((left[0] >> 7) != 0) /* get MSB of L */ - k1[AES_KEY_LENGTH-1] ^= AES_CMAC_CONST_RB; + k1[AES128_KEY_LENGTH - 1] ^= AES_CMAC_CONST_RB; /* compute the AES-CMAC value */ for (i = 0; i < num_aes_blocks; i++) { @@ -78,31 +79,32 @@ static void sign_object(u8 *key, u8 *key_schedule, u8 *src, u8 *dst, aes_apply_cbc_chain_data(tmp_data, k1, tmp_data); /* encrypt the AES block */ - aes_encrypt(tmp_data, key_schedule, dst); + aes_encrypt(AES128_KEY_LENGTH, tmp_data, + key_schedule, dst); debug("sign_obj: block %d of %d\n", i, num_aes_blocks); /* Update pointers for next loop. */ cbc_chain_data = dst; - src += AES_KEY_LENGTH; + src += AES128_KEY_LENGTH; } } /** * Encrypt and sign a block of data (depending on security mode). * - * \param key Input AES key, length AES_KEY_LENGTH + * \param key Input AES key, length AES128_KEY_LENGTH * \param oper Security operations mask to perform (enum security_op) * \param src Source data * \param length Size of source data - * \param sig_dst Destination address for signature, AES_KEY_LENGTH bytes + * \param sig_dst Destination address for signature, AES128_KEY_LENGTH bytes */ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src, u32 length, u8 *sig_dst) { u32 num_aes_blocks; - u8 key_schedule[AES_EXPAND_KEY_LENGTH]; - u8 iv[AES_KEY_LENGTH] = {0}; + u8 key_schedule[AES128_EXPAND_KEY_LENGTH]; + u8 iv[AES128_KEY_LENGTH] = {0}; debug("encrypt_and_sign: length = %d\n", length); @@ -110,15 +112,16 @@ static int encrypt_and_sign(u8 *key, enum security_op oper, u8 *src, * The only need for a key is for signing/checksum purposes, so * if not encrypting, expand a key of 0s. */ - aes_expand_key(oper & SECURITY_ENCRYPT ? key : zero_key, key_schedule); + aes_expand_key(oper & SECURITY_ENCRYPT ? key : zero_key, + AES128_KEY_LENGTH, key_schedule); - num_aes_blocks = (length + AES_KEY_LENGTH - 1) / AES_KEY_LENGTH; + num_aes_blocks = (length + AES128_KEY_LENGTH - 1) / AES128_KEY_LENGTH; if (oper & SECURITY_ENCRYPT) { /* Perform this in place, resulting in src being encrypted. */ debug("encrypt_and_sign: begin encryption\n"); - aes_cbc_encrypt_blocks(key_schedule, iv, src, src, - num_aes_blocks); + aes_cbc_encrypt_blocks(AES128_KEY_LENGTH, key_schedule, iv, src, + src, num_aes_blocks); debug("encrypt_and_sign: end encryption\n"); } diff --git a/cmd/aes.c b/cmd/aes.c index 24b0256a762..8c5b42fd2c4 100644 --- a/cmd/aes.c +++ b/cmd/aes.c @@ -2,7 +2,7 @@ /* * Copyright (C) 2014 Marek Vasut * - * Command for en/de-crypting block of memory with AES-128-CBC cipher. + * Command for en/de-crypting block of memory with AES-[128/192/256]-CBC cipher. */ #include @@ -13,6 +13,18 @@ #include #include +u32 aes_get_key_len(char *command) +{ + u32 key_len = AES128_KEY_LENGTH; + + if (!strcmp(command, "aes.192")) + key_len = AES192_KEY_LENGTH; + else if (!strcmp(command, "aes.256")) + key_len = AES256_KEY_LENGTH; + + return key_len; +} + /** * do_aes() - Handle the "aes" command-line command * @cmdtp: Command data struct pointer @@ -27,13 +39,15 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) { uint32_t key_addr, iv_addr, src_addr, dst_addr, len; uint8_t *key_ptr, *iv_ptr, *src_ptr, *dst_ptr; - uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; - uint32_t aes_blocks; + u8 key_exp[AES256_EXPAND_KEY_LENGTH]; + u32 aes_blocks, key_len; int enc; if (argc != 7) return CMD_RET_USAGE; + key_len = aes_get_key_len(argv[0]); + if (!strncmp(argv[1], "enc", 3)) enc = 1; else if (!strncmp(argv[1], "dec", 3)) @@ -47,23 +61,23 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) dst_addr = simple_strtoul(argv[5], NULL, 16); len = simple_strtoul(argv[6], NULL, 16); - key_ptr = (uint8_t *)map_sysmem(key_addr, 128 / 8); + key_ptr = (uint8_t *)map_sysmem(key_addr, key_len); iv_ptr = (uint8_t *)map_sysmem(iv_addr, 128 / 8); src_ptr = (uint8_t *)map_sysmem(src_addr, len); dst_ptr = (uint8_t *)map_sysmem(dst_addr, len); /* First we expand the key. */ - aes_expand_key(key_ptr, key_exp); + aes_expand_key(key_ptr, key_len, key_exp); /* Calculate the number of AES blocks to encrypt. */ aes_blocks = DIV_ROUND_UP(len, AES_BLOCK_LENGTH); if (enc) - aes_cbc_encrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr, - aes_blocks); + aes_cbc_encrypt_blocks(key_len, key_exp, iv_ptr, src_ptr, + dst_ptr, aes_blocks); else - aes_cbc_decrypt_blocks(key_exp, iv_ptr, src_ptr, dst_ptr, - aes_blocks); + aes_cbc_decrypt_blocks(key_len, key_exp, iv_ptr, src_ptr, + dst_ptr, aes_blocks); unmap_sysmem(key_ptr); unmap_sysmem(iv_ptr); @@ -76,13 +90,13 @@ static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) /***************************************************/ #ifdef CONFIG_SYS_LONGHELP static char aes_help_text[] = - "enc key iv src dst len - Encrypt block of data $len bytes long\n" + "[.128,.192,.256] enc key iv src dst len - Encrypt block of data $len bytes long\n" " at address $src using a key at address\n" " $key with initialization vector at address\n" " $iv. Store the result at address $dst.\n" " The $len size must be multiple of 16 bytes.\n" " The $key and $iv must be 16 bytes long.\n" - "aes dec key iv src dst len - Decrypt block of data $len bytes long\n" + "aes [.128,.192,.256] dec key iv src dst len - Decrypt block of data $len bytes long\n" " at address $src using a key at address\n" " $key with initialization vector at address\n" " $iv. Store the result at address $dst.\n" @@ -92,6 +106,6 @@ static char aes_help_text[] = U_BOOT_CMD( aes, 7, 1, do_aes, - "AES 128 CBC encryption", + "AES 128/192/256 CBC encryption", aes_help_text ); diff --git a/include/uboot_aes.h b/include/uboot_aes.h index 1ae3ac9cb22..d2583bed992 100644 --- a/include/uboot_aes.h +++ b/include/uboot_aes.h @@ -23,11 +23,18 @@ typedef unsigned int u32; enum { AES_STATECOLS = 4, /* columns in the state & expanded key */ - AES_KEYCOLS = 4, /* columns in a key */ - AES_ROUNDS = 10, /* rounds in encryption */ - - AES_KEY_LENGTH = 128 / 8, - AES_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES_ROUNDS + 1), + AES128_KEYCOLS = 4, /* columns in a key for aes128 */ + AES192_KEYCOLS = 6, /* columns in a key for aes128 */ + AES256_KEYCOLS = 8, /* columns in a key for aes128 */ + AES128_ROUNDS = 10, /* rounds in encryption for aes128 */ + AES192_ROUNDS = 12, /* rounds in encryption for aes192 */ + AES256_ROUNDS = 14, /* rounds in encryption for aes256 */ + AES128_KEY_LENGTH = 128 / 8, + AES192_KEY_LENGTH = 192 / 8, + AES256_KEY_LENGTH = 256 / 8, + AES128_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES128_ROUNDS + 1), + AES192_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES192_ROUNDS + 1), + AES256_EXPAND_KEY_LENGTH = 4 * AES_STATECOLS * (AES256_ROUNDS + 1), AES_BLOCK_LENGTH = 128 / 8, }; @@ -37,28 +44,31 @@ enum { * Expand a key into a key schedule, which is then used for the other * operations. * - * @key Key, of length AES_KEY_LENGTH bytes + * @key Key + * @key_size Size of the key (in bits) * @expkey Buffer to place expanded key, AES_EXPAND_KEY_LENGTH */ -void aes_expand_key(u8 *key, u8 *expkey); +void aes_expand_key(u8 *key, u32 key_size, u8 *expkey); /** * aes_encrypt() - Encrypt single block of data with AES 128 * + * @key_size Size of the aes key (in bits) * @in Input data * @expkey Expanded key to use for encryption (from aes_expand_key()) * @out Output data */ -void aes_encrypt(u8 *in, u8 *expkey, u8 *out); +void aes_encrypt(u32 key_size, u8 *in, u8 *expkey, u8 *out); /** * aes_decrypt() - Decrypt single block of data with AES 128 * + * @key_size Size of the aes key (in bits) * @in Input data * @expkey Expanded key to use for decryption (from aes_expand_key()) * @out Output data */ -void aes_decrypt(u8 *in, u8 *expkey, u8 *out); +void aes_decrypt(u32 key_size, u8 *in, u8 *expkey, u8 *out); /** * Apply chain data to the destination using EOR @@ -74,25 +84,27 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst); /** * aes_cbc_encrypt_blocks() - Encrypt multiple blocks of data with AES CBC. * + * @key_size Size of the aes key (in bits) * @key_exp Expanded key to use * @iv Initialization vector * @src Source data to encrypt * @dst Destination buffer * @num_aes_blocks Number of AES blocks to encrypt */ -void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, +void aes_cbc_encrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks); /** * Decrypt multiple blocks of data with AES CBC. * + * @key_size Size of the aes key (in bits) * @key_exp Expanded key to use * @iv Initialization vector * @src Source data to decrypt * @dst Destination buffer * @num_aes_blocks Number of AES blocks to decrypt */ -void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, +void aes_cbc_decrypt_blocks(u32 key_size, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks); #endif /* _AES_REF_H_ */ diff --git a/lib/aes.c b/lib/aes.c index cfa57b681c6..ce53c9f1f37 100644 --- a/lib/aes.c +++ b/lib/aes.c @@ -508,50 +508,79 @@ static u8 rcon[11] = { 0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36 }; +static u32 aes_get_rounds(u32 key_len) +{ + u32 rounds = AES128_ROUNDS; + + if (key_len == AES192_KEY_LENGTH) + rounds = AES192_ROUNDS; + else if (key_len == AES256_KEY_LENGTH) + rounds = AES256_ROUNDS; + + return rounds; +} + +static u32 aes_get_keycols(u32 key_len) +{ + u32 keycols = AES128_KEYCOLS; + + if (key_len == AES192_KEY_LENGTH) + keycols = AES192_KEYCOLS; + else if (key_len == AES256_KEY_LENGTH) + keycols = AES256_KEYCOLS; + + return keycols; +} + /* produce AES_STATECOLS bytes for each round */ -void aes_expand_key(u8 *key, u8 *expkey) +void aes_expand_key(u8 *key, u32 key_len, u8 *expkey) { u8 tmp0, tmp1, tmp2, tmp3, tmp4; - u32 idx; + u32 idx, aes_rounds, aes_keycols; - memcpy(expkey, key, AES_KEYCOLS * 4); + aes_rounds = aes_get_rounds(key_len); + aes_keycols = aes_get_keycols(key_len); - for (idx = AES_KEYCOLS; idx < AES_STATECOLS * (AES_ROUNDS + 1); idx++) { + memcpy(expkey, key, key_len); + + for (idx = aes_keycols; idx < AES_STATECOLS * (aes_rounds + 1); idx++) { tmp0 = expkey[4*idx - 4]; tmp1 = expkey[4*idx - 3]; tmp2 = expkey[4*idx - 2]; tmp3 = expkey[4*idx - 1]; - if (!(idx % AES_KEYCOLS)) { + if (!(idx % aes_keycols)) { tmp4 = tmp3; tmp3 = sbox[tmp0]; - tmp0 = sbox[tmp1] ^ rcon[idx / AES_KEYCOLS]; + tmp0 = sbox[tmp1] ^ rcon[idx / aes_keycols]; tmp1 = sbox[tmp2]; tmp2 = sbox[tmp4]; - } else if ((AES_KEYCOLS > 6) && (idx % AES_KEYCOLS == 4)) { + } else if ((aes_keycols > 6) && (idx % aes_keycols == 4)) { tmp0 = sbox[tmp0]; tmp1 = sbox[tmp1]; tmp2 = sbox[tmp2]; tmp3 = sbox[tmp3]; } - expkey[4*idx+0] = expkey[4*idx - 4*AES_KEYCOLS + 0] ^ tmp0; - expkey[4*idx+1] = expkey[4*idx - 4*AES_KEYCOLS + 1] ^ tmp1; - expkey[4*idx+2] = expkey[4*idx - 4*AES_KEYCOLS + 2] ^ tmp2; - expkey[4*idx+3] = expkey[4*idx - 4*AES_KEYCOLS + 3] ^ tmp3; + expkey[4*idx+0] = expkey[4*idx - 4*aes_keycols + 0] ^ tmp0; + expkey[4*idx+1] = expkey[4*idx - 4*aes_keycols + 1] ^ tmp1; + expkey[4*idx+2] = expkey[4*idx - 4*aes_keycols + 2] ^ tmp2; + expkey[4*idx+3] = expkey[4*idx - 4*aes_keycols + 3] ^ tmp3; } } /* encrypt one 128 bit block */ -void aes_encrypt(u8 *in, u8 *expkey, u8 *out) +void aes_encrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out) { u8 state[AES_STATECOLS * 4]; - u32 round; + u32 round, aes_rounds; + + aes_rounds = aes_get_rounds(key_len); memcpy(state, in, AES_STATECOLS * 4); add_round_key((u32 *)state, (u32 *)expkey); - for (round = 1; round < AES_ROUNDS + 1; round++) { - if (round < AES_ROUNDS) + for (round = 1; round < aes_rounds + 1; round++) { + if (round < aes_rounds) mix_sub_columns(state); else shift_rows(state); @@ -563,18 +592,20 @@ void aes_encrypt(u8 *in, u8 *expkey, u8 *out) memcpy(out, state, sizeof(state)); } -void aes_decrypt(u8 *in, u8 *expkey, u8 *out) +void aes_decrypt(u32 key_len, u8 *in, u8 *expkey, u8 *out) { u8 state[AES_STATECOLS * 4]; - int round; + int round, aes_rounds; + + aes_rounds = aes_get_rounds(key_len); memcpy(state, in, sizeof(state)); add_round_key((u32 *)state, - (u32 *)expkey + AES_ROUNDS * AES_STATECOLS); + (u32 *)expkey + aes_rounds * AES_STATECOLS); inv_shift_rows(state); - for (round = AES_ROUNDS; round--; ) { + for (round = aes_rounds; round--; ) { add_round_key((u32 *)state, (u32 *)expkey + round * AES_STATECOLS); if (round) @@ -600,7 +631,7 @@ void aes_apply_cbc_chain_data(u8 *cbc_chain_data, u8 *src, u8 *dst) *dst++ = *src++ ^ *cbc_chain_data++; } -void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, +void aes_cbc_encrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks) { u8 tmp_data[AES_BLOCK_LENGTH]; @@ -616,7 +647,7 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data); /* Encrypt the AES block */ - aes_encrypt(tmp_data, key_exp, dst); + aes_encrypt(key_len, tmp_data, key_exp, dst); debug_print_vector("AES Dst", AES_BLOCK_LENGTH, dst); /* Update pointers for next loop. */ @@ -626,7 +657,7 @@ void aes_cbc_encrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, } } -void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, +void aes_cbc_decrypt_blocks(u32 key_len, u8 *key_exp, u8 *iv, u8 *src, u8 *dst, u32 num_aes_blocks) { u8 tmp_data[AES_BLOCK_LENGTH], tmp_block[AES_BLOCK_LENGTH]; @@ -642,7 +673,7 @@ void aes_cbc_decrypt_blocks(u8 *key_exp, u8 *iv, u8 *src, u8 *dst, memcpy(tmp_block, src, AES_BLOCK_LENGTH); /* Decrypt the AES block */ - aes_decrypt(src, key_exp, tmp_data); + aes_decrypt(key_len, src, key_exp, tmp_data); debug_print_vector("AES Xor", AES_BLOCK_LENGTH, tmp_data); /* Apply the chain data */ From ebcdb8df513e721f10c7a7623fc71d7653a116a7 Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Mon, 6 Jan 2020 15:22:36 +0100 Subject: [PATCH 3/6] aes: add test unit for aes128 This commit add test unit for aes128. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- test/lib/Makefile | 1 + test/lib/test_aes.c | 162 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 163 insertions(+) create mode 100644 test/lib/test_aes.c diff --git a/test/lib/Makefile b/test/lib/Makefile index 72d2ec74b5f..230068d5a00 100644 --- a/test/lib/Makefile +++ b/test/lib/Makefile @@ -8,3 +8,4 @@ obj-y += lmb.o obj-y += string.o obj-$(CONFIG_ERRNO_STR) += test_errno_str.o obj-$(CONFIG_UT_LIB_ASN1) += asn1.o +obj-$(CONFIG_AES) += test_aes.o diff --git a/test/lib/test_aes.c b/test/lib/test_aes.c new file mode 100644 index 00000000000..2b0e89449bf --- /dev/null +++ b/test/lib/test_aes.c @@ -0,0 +1,162 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2019 Philippe Reynes + * + * Unit tests for aes functions + */ + +#include +#include +#include +#include +#include +#include +#include + +#define TEST_AES_ONE_BLOCK 0 +#define TEST_AES_CBC_CHAIN 1 + +struct test_aes_s { + int key_len; + int key_exp_len; + int type; + int num_block; +}; + +static struct test_aes_s test_aes[] = { + { AES128_KEY_LENGTH, AES128_EXPAND_KEY_LENGTH, TEST_AES_ONE_BLOCK, 1 }, + { AES128_KEY_LENGTH, AES128_EXPAND_KEY_LENGTH, TEST_AES_CBC_CHAIN, 16 }, +}; + +static void rand_buf(u8 *buf, int size) +{ + int i; + + for (i = 0; i < size; i++) + buf[i] = rand() & 0xff; +} + +static int lib_test_aes_one_block(struct unit_test_state *uts, int key_len, + u8 *key_exp, u8 *iv, int num_block, + u8 *nocipher, u8 *ciphered, u8 *uncipher) +{ + aes_encrypt(key_len, nocipher, key_exp, ciphered); + aes_decrypt(key_len, ciphered, key_exp, uncipher); + + ut_asserteq_mem(nocipher, uncipher, AES_BLOCK_LENGTH); + + /* corrupt the expanded key */ + key_exp[0]++; + aes_decrypt(key_len, ciphered, key_exp, uncipher); + ut_assertf(memcmp(nocipher, uncipher, AES_BLOCK_LENGTH), + "nocipher and uncipher should be different\n"); + + return 0; +} + +static int lib_test_aes_cbc_chain(struct unit_test_state *uts, int key_len, + u8 *key_exp, u8 *iv, int num_block, + u8 *nocipher, u8 *ciphered, u8 *uncipher) +{ + aes_cbc_encrypt_blocks(key_len, key_exp, iv, + nocipher, ciphered, num_block); + aes_cbc_decrypt_blocks(key_len, key_exp, iv, + ciphered, uncipher, num_block); + + ut_asserteq_mem(nocipher, uncipher, num_block * AES_BLOCK_LENGTH); + + /* corrupt the expanded key */ + key_exp[0]++; + aes_cbc_decrypt_blocks(key_len, key_exp, iv, + ciphered, uncipher, num_block); + ut_assertf(memcmp(nocipher, uncipher, num_block * AES_BLOCK_LENGTH), + "nocipher and uncipher should be different\n"); + + return 0; +} + +static int _lib_test_aes_run(struct unit_test_state *uts, int key_len, + int key_exp_len, int type, int num_block) +{ + u8 *key, *key_exp, *iv; + u8 *nocipher, *ciphered, *uncipher; + int ret; + + /* Allocate all the buffer */ + key = malloc(key_len); + ut_assertnonnull(key); + key_exp = malloc(key_exp_len); + ut_assertnonnull(key_exp); + iv = malloc(AES_BLOCK_LENGTH); + ut_assertnonnull(iv); + nocipher = malloc(num_block * AES_BLOCK_LENGTH); + ut_assertnonnull(nocipher); + ciphered = malloc((num_block + 1) * AES_BLOCK_LENGTH); + ut_assertnonnull(ciphered); + uncipher = malloc((num_block + 1) * AES_BLOCK_LENGTH); + ut_assertnonnull(uncipher); + + /* Initialize all buffer */ + rand_buf(key, key_len); + rand_buf(iv, AES_BLOCK_LENGTH); + rand_buf(nocipher, num_block * AES_BLOCK_LENGTH); + memset(ciphered, 0, (num_block + 1) * AES_BLOCK_LENGTH); + memset(uncipher, 0, (num_block + 1) * AES_BLOCK_LENGTH); + + /* Expand the key */ + aes_expand_key(key, key_len, key_exp); + + /* Encrypt and decrypt */ + switch (type) { + case TEST_AES_ONE_BLOCK: + ret = lib_test_aes_one_block(uts, key_len, key_exp, iv, + num_block, nocipher, + ciphered, uncipher); + break; + case TEST_AES_CBC_CHAIN: + ret = lib_test_aes_cbc_chain(uts, key_len, key_exp, iv, + num_block, nocipher, + ciphered, uncipher); + break; + default: + printf("%s: unknown type (type=%d)\n", __func__, type); + ret = -1; + }; + + /* Free all the data */ + free(key); + free(key_exp); + free(iv); + free(nocipher); + free(ciphered); + free(uncipher); + + return ret; +} + +static int lib_test_aes_run(struct unit_test_state *uts, + struct test_aes_s *test) +{ + int key_len = test->key_len; + int key_exp_len = test->key_exp_len; + int type = test->type; + int num_block = test->num_block; + + return _lib_test_aes_run(uts, key_len, key_exp_len, + type, num_block); +} + +static int lib_test_aes(struct unit_test_state *uts) +{ + int i, ret = 0; + + for (i = 0; i < ARRAY_SIZE(test_aes); i++) { + ret = lib_test_aes_run(uts, &test_aes[i]); + if (ret) + break; + } + + return ret; +} + +LIB_TEST(lib_test_aes, 0); From 1c6cd16de810f88c27c5c945a30e0e9f3842df68 Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Mon, 6 Jan 2020 15:22:37 +0100 Subject: [PATCH 4/6] aes: add test unit for aes196 and aes256 This commit add test unit for aes196 and aes256. Signed-off-by: Philippe Reynes Reviewed-by: Simon Glass --- test/lib/test_aes.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/lib/test_aes.c b/test/lib/test_aes.c index 2b0e89449bf..b7b4b775df5 100644 --- a/test/lib/test_aes.c +++ b/test/lib/test_aes.c @@ -26,6 +26,10 @@ struct test_aes_s { static struct test_aes_s test_aes[] = { { AES128_KEY_LENGTH, AES128_EXPAND_KEY_LENGTH, TEST_AES_ONE_BLOCK, 1 }, { AES128_KEY_LENGTH, AES128_EXPAND_KEY_LENGTH, TEST_AES_CBC_CHAIN, 16 }, + { AES192_KEY_LENGTH, AES192_EXPAND_KEY_LENGTH, TEST_AES_ONE_BLOCK, 1 }, + { AES192_KEY_LENGTH, AES192_EXPAND_KEY_LENGTH, TEST_AES_CBC_CHAIN, 16 }, + { AES256_KEY_LENGTH, AES256_EXPAND_KEY_LENGTH, TEST_AES_ONE_BLOCK, 1 }, + { AES256_KEY_LENGTH, AES256_EXPAND_KEY_LENGTH, TEST_AES_CBC_CHAIN, 16 }, }; static void rand_buf(u8 *buf, int size) From 7298e422504ef4455160216b9b7a1baa1169283f Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Wed, 18 Dec 2019 18:25:41 +0100 Subject: [PATCH 5/6] mkimage: fit: add support to encrypt image with aes This commit add the support of encrypting image with aes in mkimage. To enable the ciphering, a node cipher with a reference to a key and IV (Initialization Vector) must be added to the its file. Then mkimage add the encrypted image to the FIT and add the key and IV to the u-boot device tree. Signed-off-by: Philippe Reynes --- Kconfig | 8 ++ common/Makefile | 1 + common/image-cipher.c | 63 +++++++++ common/image-fit.c | 27 ++++ include/image.h | 63 +++++++++ include/u-boot/aes.h | 31 +++++ lib/aes/aes-encrypt.c | 136 ++++++++++++++++++++ tools/Makefile | 14 +- tools/fit_image.c | 83 +++++++++++- tools/image-host.c | 292 ++++++++++++++++++++++++++++++++++++++++++ 10 files changed, 716 insertions(+), 2 deletions(-) create mode 100644 common/image-cipher.c create mode 100644 include/u-boot/aes.h create mode 100644 lib/aes/aes-encrypt.c diff --git a/Kconfig b/Kconfig index d9be0daf23a..caae4aecbdf 100644 --- a/Kconfig +++ b/Kconfig @@ -383,6 +383,14 @@ config FIT_ENABLE_RSASSA_PSS_SUPPORT Enable this to support the pss padding algorithm as described in the rfc8017 (https://tools.ietf.org/html/rfc8017). +config FIT_CIPHER + bool "Enable ciphering data in a FIT uImages" + depends on DM + select AES + help + Enable the feature of data ciphering/unciphering in the tool mkimage + and in the u-boot support of the FIT image. + config FIT_VERBOSE bool "Show verbose messages when FIT images fail" help diff --git a/common/Makefile b/common/Makefile index 029cc0f2ce6..5f62b8d0b13 100644 --- a/common/Makefile +++ b/common/Makefile @@ -113,6 +113,7 @@ obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += image-fdt.o obj-$(CONFIG_$(SPL_TPL_)FIT) += image-fit.o obj-$(CONFIG_$(SPL_)MULTI_DTB_FIT) += boot_fit.o common_fit.o obj-$(CONFIG_$(SPL_TPL_)FIT_SIGNATURE) += image-sig.o +obj-$(CONFIG_$(SPL_TPL_)FIT_CIPHER) += image-cipher.o obj-$(CONFIG_IO_TRACE) += iotrace.o obj-y += memsize.o obj-y += stdio.o diff --git a/common/image-cipher.c b/common/image-cipher.c new file mode 100644 index 00000000000..ab8b45bae63 --- /dev/null +++ b/common/image-cipher.c @@ -0,0 +1,63 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2019, Softathome + */ + +#ifdef USE_HOSTCC +#include "mkimage.h" +#include +#else +#include +#include +DECLARE_GLOBAL_DATA_PTR; +#endif /* !USE_HOSTCC*/ +#include +#include +#include + +struct cipher_algo cipher_algos[] = { + { + .name = "aes128", + .key_len = AES128_KEY_LENGTH, + .iv_len = AES_BLOCK_LENGTH, +#if IMAGE_ENABLE_ENCRYPT + .calculate_type = EVP_aes_128_cbc, +#endif + .encrypt = image_aes_encrypt, + .add_cipher_data = image_aes_add_cipher_data + }, + { + .name = "aes192", + .key_len = AES192_KEY_LENGTH, + .iv_len = AES_BLOCK_LENGTH, +#if IMAGE_ENABLE_ENCRYPT + .calculate_type = EVP_aes_192_cbc, +#endif + .encrypt = image_aes_encrypt, + .add_cipher_data = image_aes_add_cipher_data + }, + { + .name = "aes256", + .key_len = AES256_KEY_LENGTH, + .iv_len = AES_BLOCK_LENGTH, +#if IMAGE_ENABLE_ENCRYPT + .calculate_type = EVP_aes_256_cbc, +#endif + .encrypt = image_aes_encrypt, + .add_cipher_data = image_aes_add_cipher_data + } +}; + +struct cipher_algo *image_get_cipher_algo(const char *full_name) +{ + int i; + const char *name; + + for (i = 0; i < ARRAY_SIZE(cipher_algos); i++) { + name = cipher_algos[i].name; + if (!strncmp(name, full_name, strlen(name))) + return &cipher_algos[i]; + } + + return NULL; +} diff --git a/common/image-fit.c b/common/image-fit.c index 231612ff5f0..6b50ceba1ab 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -1080,6 +1080,33 @@ static int fit_image_hash_get_ignore(const void *fit, int noffset, int *ignore) return 0; } +/** + * fit_image_cipher_get_algo - get cipher algorithm name + * @fit: pointer to the FIT format image header + * @noffset: cipher node offset + * @algo: double pointer to char, will hold pointer to the algorithm name + * + * fit_image_cipher_get_algo() finds cipher algorithm property in a given + * cipher node. If the property is found its data start address is returned + * to the caller. + * + * returns: + * 0, on success + * -1, on failure + */ +int fit_image_cipher_get_algo(const void *fit, int noffset, char **algo) +{ + int len; + + *algo = (char *)fdt_getprop(fit, noffset, FIT_ALGO_PROP, &len); + if (!*algo) { + fit_get_debug(fit, noffset, FIT_ALGO_PROP, len); + return -1; + } + + return 0; +} + ulong fit_get_end(const void *fit) { return map_to_sysmem((void *)(fit + fdt_totalsize(fit))); diff --git a/include/image.h b/include/image.h index 4a280b78e74..bb8abe566fe 100644 --- a/include/image.h +++ b/include/image.h @@ -930,6 +930,10 @@ int booti_setup(ulong image, ulong *relocated_addr, ulong *size, #define FIT_IGNORE_PROP "uboot-ignore" #define FIT_SIG_NODENAME "signature" +/* cipher node */ +#define FIT_CIPHER_NODENAME "cipher" +#define FIT_ALGO_PROP "algo" + /* image node */ #define FIT_DATA_PROP "data" #define FIT_DATA_POSITION_PROP "data-position" @@ -1028,6 +1032,10 @@ int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value, int fit_set_timestamp(void *fit, int noffset, time_t timestamp); +int fit_cipher_data(const char *keydir, void *keydest, void *fit, + const char *comment, int require_keys, + const char *engine_id, const char *cmdname); + /** * fit_add_verification_data() - add verification data to FIT image nodes * @@ -1138,6 +1146,7 @@ struct image_sign_info { const char *require_keys; /* Value for 'required' property */ const char *engine_id; /* Engine to use for signing */ }; + #endif /* Allow struct image_region to always be defined for rsa.h */ /* A part of an image, used for hashing */ @@ -1310,6 +1319,60 @@ static inline int fit_image_check_target_arch(const void *fdt, int node) #endif } +/* + * At present we only support ciphering on the host, and unciphering on the + * device + */ +#if defined(USE_HOSTCC) +# if defined(CONFIG_FIT_CIPHER) +# define IMAGE_ENABLE_ENCRYPT 1 +# define IMAGE_ENABLE_DECRYPT 1 +# include +# else +# define IMAGE_ENABLE_ENCRYPT 0 +# define IMAGE_ENABLE_DECRYPT 0 +# endif +#else +# define IMAGE_ENABLE_ENCRYPT 0 +# define IMAGE_ENABLE_DECRYPT CONFIG_IS_ENABLED(FIT_CIPHER) +#endif + +/* Information passed to the ciphering routines */ +struct image_cipher_info { + const char *keydir; /* Directory containing keys */ + const char *keyname; /* Name of key to use */ + const char *ivname; /* Name of IV to use */ + const void *fit; /* Pointer to FIT blob */ + int node_noffset; /* Offset of the cipher node */ + const char *name; /* Algorithm name */ + struct cipher_algo *cipher; /* Cipher algorithm information */ + const void *fdt_blob; /* FDT containing key and IV */ + const void *key; /* Value of the key */ + const void *iv; /* Value of the IV */ + size_t size_unciphered; /* Size of the unciphered data */ +}; + +struct cipher_algo { + const char *name; /* Name of algorithm */ + int key_len; /* Length of the key */ + int iv_len; /* Length of the IV */ + +#if IMAGE_ENABLE_ENCRYPT + const EVP_CIPHER * (*calculate_type)(void); +#endif + + int (*encrypt)(struct image_cipher_info *info, + const unsigned char *data, int data_len, + unsigned char **cipher, int *cipher_len); + + int (*add_cipher_data)(struct image_cipher_info *info, + void *keydest); +}; + +int fit_image_cipher_get_algo(const void *fit, int noffset, char **algo); + +struct cipher_algo *image_get_cipher_algo(const char *full_name); + #ifdef CONFIG_FIT_VERBOSE #define fit_unsupported(msg) printf("! %s:%d " \ "FIT images not supported for '%s'\n", \ diff --git a/include/u-boot/aes.h b/include/u-boot/aes.h new file mode 100644 index 00000000000..4fb2cb75027 --- /dev/null +++ b/include/u-boot/aes.h @@ -0,0 +1,31 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2019, Softathome + */ + +#ifndef _AES_H +#define _AES_H + +#include +#include + +#if IMAGE_ENABLE_ENCRYPT +int image_aes_encrypt(struct image_cipher_info *info, + const unsigned char *data, int size, + unsigned char **cipher, int *cipher_len); +int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest); +#else +int image_aes_encrypt(struct image_cipher_info *info, + const unsigned char *data, int size, + unsigned char **cipher, int *cipher_len) +{ + return -ENXIO; +} + +int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest) +{ + return -ENXIO; +} +#endif /* IMAGE_ENABLE_ENCRYPT */ + +#endif diff --git a/lib/aes/aes-encrypt.c b/lib/aes/aes-encrypt.c new file mode 100644 index 00000000000..de00a836f6b --- /dev/null +++ b/lib/aes/aes-encrypt.c @@ -0,0 +1,136 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2019,Softathome + */ +#include "mkimage.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if OPENSSL_VERSION_NUMBER >= 0x10000000L +#define HAVE_ERR_REMOVE_THREAD_STATE +#endif + +int image_aes_encrypt(struct image_cipher_info *info, + unsigned char *data, int size, + unsigned char **cipher, int *cipher_len) +{ + EVP_CIPHER_CTX *ctx; + unsigned char *buf = NULL; + int buf_len, len, ret = 0; + + /* create and initialise the context */ + ctx = EVP_CIPHER_CTX_new(); + if (!ctx) { + printf("Can't create context\n"); + return -1; + } + + /* allocate a buffer for the result */ + buf = malloc(size + AES_BLOCK_LENGTH); + if (!buf) { + printf("Can't allocate memory to encrypt\n"); + ret = -1; + goto out; + } + + if (EVP_EncryptInit_ex(ctx, info->cipher->calculate_type(), + NULL, info->key, info->iv) != 1) { + printf("Can't init encryption\n"); + ret = -1; + goto out; + } + + if (EVP_EncryptUpdate(ctx, buf, &len, data, size) != 1) { + printf("Can't encrypt data\n"); + ret = -1; + goto out; + } + + buf_len = len; + + if (EVP_EncryptFinal_ex(ctx, buf + len, &len) != 1) { + printf("Can't finalise the encryption\n"); + ret = -1; + goto out; + } + + buf_len += len; + + *cipher = buf; + *cipher_len = buf_len; + + out: + EVP_CIPHER_CTX_free(ctx); + return ret; +} + +int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest) +{ + int parent, node; + char name[128]; + int ret = 0; + + /* Either create or overwrite the named cipher node */ + parent = fdt_subnode_offset(keydest, 0, FIT_CIPHER_NODENAME); + if (parent == -FDT_ERR_NOTFOUND) { + parent = fdt_add_subnode(keydest, 0, FIT_CIPHER_NODENAME); + if (parent < 0) { + ret = parent; + if (ret != -FDT_ERR_NOSPACE) { + fprintf(stderr, + "Couldn't create cipher node: %s\n", + fdt_strerror(parent)); + } + } + } + if (ret) + goto done; + + /* Either create or overwrite the named key node */ + snprintf(name, sizeof(name), "key-%s-%s-%s", + info->name, info->keyname, info->ivname); + node = fdt_subnode_offset(keydest, parent, name); + if (node == -FDT_ERR_NOTFOUND) { + node = fdt_add_subnode(keydest, parent, name); + if (node < 0) { + ret = node; + if (ret != -FDT_ERR_NOSPACE) { + fprintf(stderr, + "Could not create key subnode: %s\n", + fdt_strerror(node)); + } + } + } else if (node < 0) { + fprintf(stderr, "Cannot select keys parent: %s\n", + fdt_strerror(node)); + ret = node; + } + + if (!ret) + ret = fdt_setprop(keydest, node, "iv", + info->iv, info->cipher->iv_len); + + if (!ret) + ret = fdt_setprop(keydest, node, "key", + info->key, info->cipher->key_len); + + if (!ret) + ret = fdt_setprop_u32(keydest, node, "key-len", + info->cipher->key_len); + +done: + if (ret) + ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO; + + return ret; +} diff --git a/tools/Makefile b/tools/Makefile index 345bc84e48d..051127a6150 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -59,6 +59,7 @@ hostprogs-$(CONFIG_CMD_BOOTEFI_SELFTEST) += file2include FIT_OBJS-$(CONFIG_FIT) := fit_common.o fit_image.o image-host.o common/image-fit.o FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := common/image-sig.o +FIT_CIPHER_OBJS-$(CONFIG_FIT_CIPHER) := common/image-cipher.o # The following files are synced with upstream DTC. # Use synced versions from scripts/dtc/libfdt/. @@ -75,6 +76,9 @@ RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/rsa/, \ rsa-sign.o rsa-verify.o rsa-checksum.o \ rsa-mod-exp.o) +AES_OBJS-$(CONFIG_FIT_CIPHER) := $(addprefix lib/aes/, \ + aes-encrypt.o) + ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o # common objs for dumpimage and mkimage @@ -82,6 +86,7 @@ dumpimage-mkimage-objs := aisimage.o \ atmelimage.o \ $(FIT_OBJS-y) \ $(FIT_SIG_OBJS-y) \ + $(FIT_CIPHER_OBJS-y) \ common/bootm.o \ lib/crc32.o \ default_image.o \ @@ -116,7 +121,8 @@ dumpimage-mkimage-objs := aisimage.o \ gpimage.o \ gpimage-common.o \ mtk_image.o \ - $(RSA_OBJS-y) + $(RSA_OBJS-y) \ + $(AES_OBJS-y) dumpimage-objs := $(dumpimage-mkimage-objs) dumpimage.o mkimage-objs := $(dumpimage-mkimage-objs) mkimage.o @@ -137,6 +143,12 @@ HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=$(CONFIG_FIT_SIGNATURE_MAX_SIZE) endif +ifdef CONFIG_FIT_CIPHER +# This affects include/image.h, but including the board config file +# is tricky, so manually define this options here. +HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER +endif + ifdef CONFIG_SYS_U_BOOT_OFFS HOSTCFLAGS_kwbimage.o += -DCONFIG_SYS_U_BOOT_OFFS=$(CONFIG_SYS_U_BOOT_OFFS) endif diff --git a/tools/fit_image.c b/tools/fit_image.c index 6aa4b1c7330..dd61a816c93 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -58,6 +58,14 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc, ret = fit_set_timestamp(ptr, 0, time); } + if (!ret) { + ret = fit_cipher_data(params->keydir, dest_blob, ptr, + params->comment, + params->require_keys, + params->engine_id, + params->cmdname); + } + if (!ret) { ret = fit_add_verification_data(params->keydir, dest_blob, ptr, params->comment, @@ -74,7 +82,6 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc, err_keydest: munmap(ptr, sbuf.st_size); close(tfd); - return ret; } @@ -621,6 +628,62 @@ err_no_fd: return ret; } +static int copyfile(const char *src, const char *dst) +{ + int fd_src = -1, fd_dst = -1; + void *buf = NULL; + ssize_t size; + size_t count; + int ret = -1; + + fd_src = open(src, O_RDONLY); + if (fd_src < 0) { + printf("Can't open file %s (%s)\n", src, strerror(errno)); + goto out; + } + + fd_dst = open(dst, O_WRONLY | O_CREAT, 0700); + if (fd_dst < 0) { + printf("Can't open file %s (%s)\n", dst, strerror(errno)); + goto out; + } + + buf = malloc(512); + if (!buf) { + printf("Can't allocate buffer to copy file\n"); + goto out; + } + + while (1) { + size = read(fd_src, buf, 512); + if (size < 0) { + printf("Can't read file %s\n", src); + goto out; + } + if (!size) + break; + + count = size; + size = write(fd_dst, buf, count); + if (size < 0) { + printf("Can't write file %s\n", dst); + goto out; + } + } + + ret = 0; + + out: + if (fd_src >= 0) + close(fd_src); + if (fd_dst >= 0) + close(fd_dst); + if (buf) + free(buf); + + return ret; +} + /** * fit_handle_file - main FIT file processing function * @@ -636,6 +699,7 @@ err_no_fd: static int fit_handle_file(struct image_tool_params *params) { char tmpfile[MKIMAGE_MAX_TMPFILE_LEN]; + char bakfile[MKIMAGE_MAX_TMPFILE_LEN + 4] = {0}; char cmd[MKIMAGE_MAX_DTC_CMDLINE_LEN]; size_t size_inc; int ret; @@ -670,6 +734,7 @@ static int fit_handle_file(struct image_tool_params *params) snprintf(cmd, sizeof(cmd), "cp \"%s\" \"%s\"", params->imagefile, tmpfile); } + if (*cmd && system(cmd) == -1) { fprintf (stderr, "%s: system(%s) failed: %s\n", params->cmdname, cmd, strerror(errno)); @@ -681,6 +746,14 @@ static int fit_handle_file(struct image_tool_params *params) if (ret) goto err_system; + /* + * Copy the tmpfile to bakfile, then in the following loop + * we copy bakfile to tmpfile. So we always start from the + * beginning. + */ + sprintf(bakfile, "%s%s", tmpfile, ".bak"); + rename(tmpfile, bakfile); + /* * Set hashes for images in the blob. Unfortunately we may need more * space in either FDT, so keep trying until we succeed. @@ -692,6 +765,11 @@ static int fit_handle_file(struct image_tool_params *params) * steps of this loop is enough to sign with several keys. */ for (size_inc = 0; size_inc < 64 * 1024; size_inc += 1024) { + if (copyfile(bakfile, tmpfile) < 0) { + printf("Can't copy %s to %s\n", bakfile, tmpfile); + ret = -EIO; + break; + } ret = fit_add_file_data(params, size_inc, tmpfile); if (!ret || ret != -ENOSPC) break; @@ -715,13 +793,16 @@ static int fit_handle_file(struct image_tool_params *params) params->cmdname, tmpfile, params->imagefile, strerror (errno)); unlink (tmpfile); + unlink(bakfile); unlink (params->imagefile); return EXIT_FAILURE; } + unlink(bakfile); return EXIT_SUCCESS; err_system: unlink(tmpfile); + unlink(bakfile); return -1; } diff --git a/tools/image-host.c b/tools/image-host.c index 88b329502ca..9483561bfa5 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -12,6 +12,7 @@ #include #include #include +#include /** * fit_set_hash_value - set hash value in requested has node @@ -268,6 +269,262 @@ static int fit_image_process_sig(const char *keydir, void *keydest, return 0; } +static int fit_image_read_data(char *filename, unsigned char *data, + int expected_size) +{ + struct stat sbuf; + int fd, ret = -1; + ssize_t n; + + /* Open file */ + fd = open(filename, O_RDONLY | O_BINARY); + if (fd < 0) { + printf("Can't open file %s (err=%d => %s)\n", + filename, errno, strerror(errno)); + return -1; + } + + /* Compute file size */ + if (fstat(fd, &sbuf) < 0) { + printf("Can't fstat file %s (err=%d => %s)\n", + filename, errno, strerror(errno)); + goto err; + } + + /* Check file size */ + if (sbuf.st_size != expected_size) { + printf("File %s don't have the expected size (size=%ld, expected=%d)\n", + filename, sbuf.st_size, expected_size); + goto err; + } + + /* Read data */ + n = read(fd, data, sbuf.st_size); + if (n < 0) { + printf("Can't read file %s (err=%d => %s)\n", + filename, errno, strerror(errno)); + goto err; + } + + /* Check that we have read all the file */ + if (n != sbuf.st_size) { + printf("Can't read all file %s (read %ld bytes, expexted %ld)\n", + filename, n, sbuf.st_size); + goto err; + } + + ret = 0; + +err: + close(fd); + return ret; +} + +static int fit_image_setup_cipher(struct image_cipher_info *info, + const char *keydir, void *fit, + const char *image_name, int image_noffset, + const char *node_name, int noffset) +{ + char *algo_name; + char filename[128]; + int ret = -1; + + if (fit_image_cipher_get_algo(fit, noffset, &algo_name)) { + printf("Can't get algo name for cipher '%s' in image '%s'\n", + node_name, image_name); + goto out; + } + + info->keydir = keydir; + + /* Read the key name */ + info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); + if (!info->keyname) { + printf("Can't get key name for cipher '%s' in image '%s'\n", + node_name, image_name); + goto out; + } + + /* Read the IV name */ + info->ivname = fdt_getprop(fit, noffset, "iv-name-hint", NULL); + if (!info->ivname) { + printf("Can't get iv name for cipher '%s' in image '%s'\n", + node_name, image_name); + goto out; + } + + info->fit = fit; + info->node_noffset = noffset; + info->name = algo_name; + + info->cipher = image_get_cipher_algo(algo_name); + if (!info->cipher) { + printf("Can't get algo for cipher '%s'\n", image_name); + goto out; + } + + /* Read the key in the file */ + snprintf(filename, sizeof(filename), "%s/%s%s", + info->keydir, info->keyname, ".bin"); + info->key = malloc(info->cipher->key_len); + if (!info->key) { + printf("Can't allocate memory for key\n"); + ret = -1; + goto out; + } + ret = fit_image_read_data(filename, (unsigned char *)info->key, + info->cipher->key_len); + if (ret < 0) + goto out; + + /* Read the IV in the file */ + snprintf(filename, sizeof(filename), "%s/%s%s", + info->keydir, info->ivname, ".bin"); + info->iv = malloc(info->cipher->iv_len); + if (!info->iv) { + printf("Can't allocate memory for iv\n"); + ret = -1; + goto out; + } + ret = fit_image_read_data(filename, (unsigned char *)info->iv, + info->cipher->iv_len); + + out: + return ret; +} + +int fit_image_write_cipher(void *fit, int image_noffset, int noffset, + const void *data, size_t size, + unsigned char *data_ciphered, int data_ciphered_len) +{ + int ret = -1; + + /* Remove unciphered data */ + ret = fdt_delprop(fit, image_noffset, FIT_DATA_PROP); + if (ret) { + printf("Can't remove data (err = %d)\n", ret); + goto out; + } + + /* Add ciphered data */ + ret = fdt_setprop(fit, image_noffset, FIT_DATA_PROP, + data_ciphered, data_ciphered_len); + if (ret) { + printf("Can't add ciphered data (err = %d)\n", ret); + goto out; + } + + /* add non ciphered data size */ + ret = fdt_setprop_u32(fit, image_noffset, "data-size-unciphered", size); + if (ret) { + printf("Can't add unciphered data size (err = %d)\n", ret); + goto out; + } + + out: + return ret; +} + +static int +fit_image_process_cipher(const char *keydir, void *keydest, void *fit, + const char *image_name, int image_noffset, + const char *node_name, int node_noffset, + const void *data, size_t size, + const char *cmdname) +{ + struct image_cipher_info info; + unsigned char *data_ciphered = NULL; + int data_ciphered_len; + int ret; + + memset(&info, 0, sizeof(info)); + + ret = fit_image_setup_cipher(&info, keydir, fit, image_name, + image_noffset, node_name, node_noffset); + if (ret) + goto out; + + ret = info.cipher->encrypt(&info, data, size, + &data_ciphered, &data_ciphered_len); + if (ret) + goto out; + + /* + * Write the public key into the supplied FDT file; this might fail + * several times, since we try signing with successively increasing + * size values + */ + if (keydest) { + ret = info.cipher->add_cipher_data(&info, keydest); + if (ret) { + printf("Failed to add verification data for cipher '%s' in image '%s'\n", + info.keyname, image_name); + goto out; + } + } + + ret = fit_image_write_cipher(fit, image_noffset, node_noffset, + data, size, + data_ciphered, data_ciphered_len); + + out: + free(data_ciphered); + free((void *)info.key); + free((void *)info.iv); + return ret; +} + +int fit_image_cipher_data(const char *keydir, void *keydest, + void *fit, int image_noffset, const char *comment, + int require_keys, const char *engine_id, + const char *cmdname) +{ + const char *image_name; + const void *data; + size_t size; + int node_noffset; + + /* Get image name */ + image_name = fit_get_name(fit, image_noffset, NULL); + if (!image_name) { + printf("Can't get image name\n"); + return -1; + } + + /* Get image data and data length */ + if (fit_image_get_data(fit, image_noffset, &data, &size)) { + printf("Can't get image data/size\n"); + return -1; + } + + /* Process all hash subnodes of the component image node */ + for (node_noffset = fdt_first_subnode(fit, image_noffset); + node_noffset >= 0; + node_noffset = fdt_next_subnode(fit, node_noffset)) { + const char *node_name; + int ret = 0; + + node_name = fit_get_name(fit, node_noffset, NULL); + if (!node_name) { + printf("Can't get node name\n"); + return -1; + } + + if (IMAGE_ENABLE_ENCRYPT && keydir && + !strncmp(node_name, FIT_CIPHER_NODENAME, + strlen(FIT_CIPHER_NODENAME))) + ret = fit_image_process_cipher(keydir, keydest, + fit, image_name, + image_noffset, + node_name, node_noffset, + data, size, cmdname); + if (ret) + return ret; + } + + return 0; +} + /** * fit_image_add_verification_data() - calculate/set verig. data for image node * @@ -675,6 +932,41 @@ static int fit_config_add_verification_data(const char *keydir, void *keydest, return 0; } +int fit_cipher_data(const char *keydir, void *keydest, void *fit, + const char *comment, int require_keys, + const char *engine_id, const char *cmdname) +{ + int images_noffset; + int noffset; + int ret; + + /* Find images parent node offset */ + images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH); + if (images_noffset < 0) { + printf("Can't find images parent node '%s' (%s)\n", + FIT_IMAGES_PATH, fdt_strerror(images_noffset)); + return images_noffset; + } + + /* Process its subnodes, print out component images details */ + for (noffset = fdt_first_subnode(fit, images_noffset); + noffset >= 0; + noffset = fdt_next_subnode(fit, noffset)) { + /* + * Direct child node of the images parent node, + * i.e. component image node. + */ + ret = fit_image_cipher_data(keydir, keydest, + fit, noffset, comment, + require_keys, engine_id, + cmdname); + if (ret) + return ret; + } + + return 0; +} + int fit_add_verification_data(const char *keydir, void *keydest, void *fit, const char *comment, int require_keys, const char *engine_id, const char *cmdname) From 4df3578119b043d76b86b50077b06898fc2a4f62 Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Wed, 18 Dec 2019 18:25:42 +0100 Subject: [PATCH 6/6] u-boot: fit: add support to decrypt fit with aes This commit add to u-boot the support to decrypt fit image encrypted with aes. The FIT image contains the key name and the IV name. Then u-boot look for the key and IV in his device tree and decrypt images before moving to the next stage. Signed-off-by: Philippe Reynes --- common/image-cipher.c | 104 ++++++++++++++++++++++++++++++++++++++++++ common/image-fit.c | 63 +++++++++++++++++++++++++ include/image.h | 12 +++++ include/u-boot/aes.h | 13 ++++++ lib/Makefile | 1 + lib/aes/Makefile | 5 ++ lib/aes/aes-decrypt.c | 41 +++++++++++++++++ tools/Makefile | 2 +- 8 files changed, 240 insertions(+), 1 deletion(-) create mode 100644 lib/aes/Makefile create mode 100644 lib/aes/aes-decrypt.c diff --git a/common/image-cipher.c b/common/image-cipher.c index ab8b45bae63..cee3b03ee50 100644 --- a/common/image-cipher.c +++ b/common/image-cipher.c @@ -24,6 +24,7 @@ struct cipher_algo cipher_algos[] = { .calculate_type = EVP_aes_128_cbc, #endif .encrypt = image_aes_encrypt, + .decrypt = image_aes_decrypt, .add_cipher_data = image_aes_add_cipher_data }, { @@ -34,6 +35,7 @@ struct cipher_algo cipher_algos[] = { .calculate_type = EVP_aes_192_cbc, #endif .encrypt = image_aes_encrypt, + .decrypt = image_aes_decrypt, .add_cipher_data = image_aes_add_cipher_data }, { @@ -44,6 +46,7 @@ struct cipher_algo cipher_algos[] = { .calculate_type = EVP_aes_256_cbc, #endif .encrypt = image_aes_encrypt, + .decrypt = image_aes_decrypt, .add_cipher_data = image_aes_add_cipher_data } }; @@ -61,3 +64,104 @@ struct cipher_algo *image_get_cipher_algo(const char *full_name) return NULL; } + +static int fit_image_setup_decrypt(struct image_cipher_info *info, + const void *fit, int image_noffset, + int cipher_noffset) +{ + const void *fdt = gd_fdt_blob(); + const char *node_name; + char node_path[128]; + int noffset; + char *algo_name; + int ret; + + node_name = fit_get_name(fit, image_noffset, NULL); + if (!node_name) { + printf("Can't get node name\n"); + return -1; + } + + if (fit_image_cipher_get_algo(fit, cipher_noffset, &algo_name)) { + printf("Can't get algo name for cipher '%s' in image '%s'\n", + node_name, node_name); + return -1; + } + + info->keyname = fdt_getprop(fit, cipher_noffset, "key-name-hint", NULL); + if (!info->keyname) { + printf("Can't get key name\n"); + return -1; + } + + info->ivname = fdt_getprop(fit, cipher_noffset, "iv-name-hint", NULL); + if (!info->ivname) { + printf("Can't get IV name\n"); + return -1; + } + + info->fit = fit; + info->node_noffset = image_noffset; + info->name = algo_name; + info->cipher = image_get_cipher_algo(algo_name); + if (!info->cipher) { + printf("Can't get cipher\n"); + return -1; + } + + ret = fit_image_get_data_size_unciphered(fit, image_noffset, + &info->size_unciphered); + if (ret) { + printf("Can't get size of unciphered data\n"); + return -1; + } + + /* + * Search the cipher node in the u-boot fdt + * the path should be: /cipher/key--- + */ + snprintf(node_path, sizeof(node_path), "/%s/key-%s-%s-%s", + FIT_CIPHER_NODENAME, algo_name, info->keyname, info->ivname); + + noffset = fdt_path_offset(fdt, node_path); + if (noffset < 0) { + printf("Can't found cipher node offset\n"); + return -1; + } + + /* read key */ + info->key = fdt_getprop(fdt, noffset, "key", NULL); + if (!info->key) { + printf("Can't get key in cipher node '%s'\n", node_path); + return -1; + } + + /* read iv */ + info->iv = fdt_getprop(fdt, noffset, "iv", NULL); + if (!info->iv) { + printf("Can't get IV in cipher node '%s'\n", node_path); + return -1; + } + + return 0; +} + +int fit_image_decrypt_data(const void *fit, + int image_noffset, int cipher_noffset, + const void *data_ciphered, size_t size_ciphered, + void **data_unciphered, size_t *size_unciphered) +{ + struct image_cipher_info info; + int ret; + + ret = fit_image_setup_decrypt(&info, fit, image_noffset, + cipher_noffset); + if (ret < 0) + goto out; + + ret = info.cipher->decrypt(&info, data_ciphered, size_ciphered, + data_unciphered, size_unciphered); + + out: + return ret; +} diff --git a/common/image-fit.c b/common/image-fit.c index 6b50ceba1ab..f3bb00c98a5 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -947,6 +947,31 @@ int fit_image_get_data_size(const void *fit, int noffset, int *data_size) return 0; } +/** + * Get 'data-size-unciphered' property from a given image node. + * + * @fit: pointer to the FIT image header + * @noffset: component image node offset + * @data_size: holds the data-size property + * + * returns: + * 0, on success + * -ENOENT if the property could not be found + */ +int fit_image_get_data_size_unciphered(const void *fit, int noffset, + size_t *data_size) +{ + const fdt32_t *val; + + val = fdt_getprop(fit, noffset, "data-size-unciphered", NULL); + if (!val) + return -ENOENT; + + *data_size = (size_t)fdt32_to_cpu(*val); + + return 0; +} + /** * fit_image_get_data_and_size - get data and its size including * both embedded and external data @@ -1381,6 +1406,32 @@ int fit_all_image_verify(const void *fit) return 1; } +#ifdef CONFIG_FIT_CIPHER +static int fit_image_uncipher(const void *fit, int image_noffset, + void **data, size_t *size) +{ + int cipher_noffset, ret; + void *dst; + size_t size_dst; + + cipher_noffset = fdt_subnode_offset(fit, image_noffset, + FIT_CIPHER_NODENAME); + if (cipher_noffset < 0) + return 0; + + ret = fit_image_decrypt_data(fit, image_noffset, cipher_noffset, + *data, *size, &dst, &size_dst); + if (ret) + goto out; + + *data = dst; + *size = size_dst; + + out: + return ret; +} +#endif /* CONFIG_FIT_CIPHER */ + /** * fit_image_check_os - check whether image node is of a given os type * @fit: pointer to the FIT format image header @@ -1981,6 +2032,18 @@ int fit_image_load(bootm_headers_t *images, ulong addr, return -ENOENT; } +#ifdef CONFIG_FIT_CIPHER + /* Decrypt data before uncompress/move */ + if (IMAGE_ENABLE_DECRYPT) { + puts(" Decrypting Data ... "); + if (fit_image_uncipher(fit, noffset, &buf, &size)) { + puts("Error\n"); + return -EACCES; + } + puts("OK\n"); + } +#endif + #if !defined(USE_HOSTCC) && defined(CONFIG_FIT_IMAGE_POST_PROCESS) /* perform any post-processing on the image data */ board_fit_image_post_process(&buf, &size); diff --git a/include/image.h b/include/image.h index bb8abe566fe..86ebaae4fe3 100644 --- a/include/image.h +++ b/include/image.h @@ -1023,6 +1023,8 @@ int fit_image_get_data_offset(const void *fit, int noffset, int *data_offset); int fit_image_get_data_position(const void *fit, int noffset, int *data_position); int fit_image_get_data_size(const void *fit, int noffset, int *data_size); +int fit_image_get_data_size_unciphered(const void *fit, int noffset, + size_t *data_size); int fit_image_get_data_and_size(const void *fit, int noffset, const void **data, size_t *size); @@ -1066,6 +1068,7 @@ int fit_image_verify_with_data(const void *fit, int image_noffset, int fit_image_verify(const void *fit, int noffset); int fit_config_verify(const void *fit, int conf_noffset); int fit_all_image_verify(const void *fit); +int fit_config_decrypt(const void *fit, int conf_noffset); int fit_image_check_os(const void *fit, int noffset, uint8_t os); int fit_image_check_arch(const void *fit, int noffset, uint8_t arch); int fit_image_check_type(const void *fit, int noffset, uint8_t type); @@ -1293,6 +1296,11 @@ int fit_image_verify_required_sigs(const void *fit, int image_noffset, int fit_image_check_sig(const void *fit, int noffset, const void *data, size_t size, int required_keynode, char **err_msgp); +int fit_image_decrypt_data(const void *fit, + int image_noffset, int cipher_noffset, + const void *data, size_t size, + void **data_unciphered, size_t *size_unciphered); + /** * fit_region_make_list() - Make a list of regions to hash * @@ -1367,6 +1375,10 @@ struct cipher_algo { int (*add_cipher_data)(struct image_cipher_info *info, void *keydest); + + int (*decrypt)(struct image_cipher_info *info, + const void *cipher, size_t cipher_len, + void **data, size_t *data_len); }; int fit_image_cipher_get_algo(const void *fit, int noffset, char **algo); diff --git a/include/u-boot/aes.h b/include/u-boot/aes.h index 4fb2cb75027..32281041de2 100644 --- a/include/u-boot/aes.h +++ b/include/u-boot/aes.h @@ -28,4 +28,17 @@ int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest) } #endif /* IMAGE_ENABLE_ENCRYPT */ +#if IMAGE_ENABLE_DECRYPT +int image_aes_decrypt(struct image_cipher_info *info, + const void *cipher, size_t cipher_len, + void **data, size_t *size); +#else +int image_aes_decrypt(struct image_cipher_info *info, + const void *cipher, size_t cipher_len, + void **data, size_t *size) +{ + return -ENXIO; +} +#endif /* IMAGE_ENABLE_DECRYPT */ + #endif diff --git a/lib/Makefile b/lib/Makefile index 6b7b9ce85c5..51eba80b896 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -21,6 +21,7 @@ obj-$(CONFIG_ASN1_DECODER) += asn1_decoder.o obj-y += crypto/ obj-$(CONFIG_AES) += aes.o +obj-$(CONFIG_AES) += aes/ obj-$(CONFIG_$(SPL_TPL_)BINMAN_FDT) += binman.o ifndef API_BUILD diff --git a/lib/aes/Makefile b/lib/aes/Makefile new file mode 100644 index 00000000000..daed52a713b --- /dev/null +++ b/lib/aes/Makefile @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: GPL-2.0+ +# +# Copyright (c) 2019, Softathome + +obj-$(CONFIG_$(SPL_)FIT_CIPHER) += aes-decrypt.o diff --git a/lib/aes/aes-decrypt.c b/lib/aes/aes-decrypt.c new file mode 100644 index 00000000000..345029fa784 --- /dev/null +++ b/lib/aes/aes-decrypt.c @@ -0,0 +1,41 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2019, softathome + */ + +#ifndef USE_HOSTCC +#include +#include +#endif +#include +#include + +int image_aes_decrypt(struct image_cipher_info *info, + const void *cipher, size_t cipher_len, + void **data, size_t *size) +{ +#ifndef USE_HOSTCC + unsigned char key_exp[AES256_EXPAND_KEY_LENGTH]; + unsigned int aes_blocks, key_len = info->cipher->key_len; + + *data = malloc(cipher_len); + if (!*data) { + printf("Can't allocate memory to decrypt\n"); + return -ENOMEM; + } + *size = info->size_unciphered; + + memcpy(&key_exp[0], info->key, key_len); + + /* First we expand the key. */ + aes_expand_key((u8 *)info->key, key_len, key_exp); + + /* Calculate the number of AES blocks to encrypt. */ + aes_blocks = DIV_ROUND_UP(cipher_len, AES_BLOCK_LENGTH); + + aes_cbc_decrypt_blocks(key_len, key_exp, (u8 *)info->iv, + (u8 *)cipher, *data, aes_blocks); +#endif + + return 0; +} diff --git a/tools/Makefile b/tools/Makefile index 051127a6150..99be724b82a 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -77,7 +77,7 @@ RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/rsa/, \ rsa-mod-exp.o) AES_OBJS-$(CONFIG_FIT_CIPHER) := $(addprefix lib/aes/, \ - aes-encrypt.o) + aes-encrypt.o aes-decrypt.o) ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o