Merge tag 'xilinx-for-v2020.07-rc2' of https://gitlab.denx.de/u-boot/custodians/u...
[platform/kernel/u-boot.git] / lib / aes / aes-encrypt.c
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * Copyright (c) 2019,Softathome
4  */
5 #include "mkimage.h"
6 #include <stdio.h>
7 #include <string.h>
8 #include <image.h>
9 #include <time.h>
10 #include <openssl/bn.h>
11 #include <openssl/rsa.h>
12 #include <openssl/pem.h>
13 #include <openssl/err.h>
14 #include <openssl/ssl.h>
15 #include <openssl/evp.h>
16 #include <openssl/engine.h>
17 #include <uboot_aes.h>
18
19 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
20 #define HAVE_ERR_REMOVE_THREAD_STATE
21 #endif
22
23 int image_aes_encrypt(struct image_cipher_info *info,
24                       unsigned char *data, int size,
25                       unsigned char **cipher, int *cipher_len)
26 {
27         EVP_CIPHER_CTX *ctx;
28         unsigned char *buf = NULL;
29         int buf_len, len, ret = 0;
30
31         /* create and initialise the context */
32         ctx = EVP_CIPHER_CTX_new();
33         if (!ctx) {
34                 printf("Can't create context\n");
35                 return -1;
36         }
37
38         /* allocate a buffer for the result */
39         buf = malloc(size + AES_BLOCK_LENGTH);
40         if (!buf) {
41                 printf("Can't allocate memory to encrypt\n");
42                 ret = -1;
43                 goto out;
44         }
45
46         if (EVP_EncryptInit_ex(ctx, info->cipher->calculate_type(),
47                                NULL, info->key, info->iv) != 1) {
48                 printf("Can't init encryption\n");
49                 ret = -1;
50                 goto out;
51         }
52
53         if (EVP_EncryptUpdate(ctx, buf, &len, data, size) != 1) {
54                 printf("Can't encrypt data\n");
55                 ret = -1;
56                 goto out;
57         }
58
59         buf_len = len;
60
61         if (EVP_EncryptFinal_ex(ctx, buf + len, &len) != 1) {
62                 printf("Can't finalise the encryption\n");
63                 ret = -1;
64                 goto out;
65         }
66
67         buf_len += len;
68
69         *cipher = buf;
70         *cipher_len = buf_len;
71
72  out:
73         EVP_CIPHER_CTX_free(ctx);
74         return ret;
75 }
76
77 int image_aes_add_cipher_data(struct image_cipher_info *info, void *keydest)
78 {
79         int parent, node;
80         char name[128];
81         int ret = 0;
82
83         /* Either create or overwrite the named cipher node */
84         parent = fdt_subnode_offset(keydest, 0, FIT_CIPHER_NODENAME);
85         if (parent == -FDT_ERR_NOTFOUND) {
86                 parent = fdt_add_subnode(keydest, 0, FIT_CIPHER_NODENAME);
87                 if (parent < 0) {
88                         ret = parent;
89                         if (ret != -FDT_ERR_NOSPACE) {
90                                 fprintf(stderr,
91                                         "Couldn't create cipher node: %s\n",
92                                         fdt_strerror(parent));
93                         }
94                 }
95         }
96         if (ret)
97                 goto done;
98
99         /* Either create or overwrite the named key node */
100         snprintf(name, sizeof(name), "key-%s-%s-%s",
101                  info->name, info->keyname, info->ivname);
102         node = fdt_subnode_offset(keydest, parent, name);
103         if (node == -FDT_ERR_NOTFOUND) {
104                 node = fdt_add_subnode(keydest, parent, name);
105                 if (node < 0) {
106                         ret = node;
107                         if (ret != -FDT_ERR_NOSPACE) {
108                                 fprintf(stderr,
109                                         "Could not create key subnode: %s\n",
110                                         fdt_strerror(node));
111                         }
112                 }
113         } else if (node < 0) {
114                 fprintf(stderr, "Cannot select keys parent: %s\n",
115                         fdt_strerror(node));
116                 ret = node;
117         }
118
119         if (!ret)
120                 ret = fdt_setprop(keydest, node, "iv",
121                                   info->iv, info->cipher->iv_len);
122
123         if (!ret)
124                 ret = fdt_setprop(keydest, node, "key",
125                                   info->key, info->cipher->key_len);
126
127         if (!ret)
128                 ret = fdt_setprop_u32(keydest, node, "key-len",
129                                       info->cipher->key_len);
130
131 done:
132         if (ret)
133                 ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
134
135         return ret;
136 }