void
reseed(struct generator * g, unsigned char seed[16])
{
unsigned long new_key[2];
sha_256(g->key, seed, new_key);
memcpy(g->key, new_key, sizeof(new_key));
increment_bignum(g->counter, 1);
}
static void aml_m6_sec_boot_check(const unsigned char *pSRC)
{
#if defined(CONFIG_M6_SECU_BOOT_2RSA)
#define AML_UBOOT_SIZE_MAX (600*1024)
#define AML_MX_UCL_SIZE_ADDR (AHB_SRAM_BASE+0x20)
//note: the length of uboot ucl image which has beed hashed is placed to AML_MX_UCL_SIZE_ADDR
#define AML_MX_UCL_HASH_ADDR_1 (AHB_SRAM_BASE+0x24)
#define AML_MX_UCL_HASH_SIZE_1 (16)
#define AML_MX_UCL_HASH_ADDR_2 (AHB_SRAM_BASE+0x1A0)
#define AML_MX_UCL_HASH_SIZE_2 (16)
//note: the hash key of uboot ucl image is splitted to two parts (16+16bytes) and locate in AML_MX_UCL_HASH_ADDR_1/2
int index = check_m6_chip_version();
if(index < 0){
serial_puts("\nErr! Wrong MX chip!\n");
AML_WATCH_DOG_START();
}
t_func_v3 fp_05 = (t_func_v3)m6_g_action[index][5];
unsigned int info=0;
fp_05((int)&info,0,4);
if(!(info &(1<<7))){
return ;
}
writel(readl(0xda004004) & ~0x80000510,0xda004004);//clear JTAG for long time hash
unsigned char szHashUCL[SHA256_HASH_BYTES];
unsigned int nSizeUCL = *((unsigned int *)(AML_MX_UCL_SIZE_ADDR)); //get ucl length to be hashed
memcpy(szHashUCL,(const void *)AML_MX_UCL_HASH_ADDR_1,AML_MX_UCL_HASH_SIZE_1); //get 1st hash key
memcpy(szHashUCL+AML_MX_UCL_HASH_SIZE_1,(const void *)AML_MX_UCL_HASH_ADDR_2,AML_MX_UCL_HASH_SIZE_2);//get 2nd hash key
//to clear
memcpy((void *)AML_MX_UCL_SIZE_ADDR,(const void *)(AML_MX_UCL_HASH_ADDR_1+16),AML_MX_UCL_HASH_SIZE_1+4);
memcpy((void *)AML_MX_UCL_HASH_ADDR_2,(const void *)(AML_MX_UCL_HASH_ADDR_1+16),AML_MX_UCL_HASH_SIZE_1);
if((!nSizeUCL) || (nSizeUCL > AML_UBOOT_SIZE_MAX) || //illegal uboot image size
sha_256(szHashUCL,pSRC,nSizeUCL))
{
//serial_puts("\nError! UBoot is corrupt!\n");
serial_puts("\nErr! UBoot is corrupt!\n");
AML_WATCH_DOG_START();
}
#endif
aml_m6_sec_boot_check_2RSA_key((const unsigned char *)pSRC);
}
/**
*
* This function Authenticate Partition Signature
*
* @param Partition header pointer
*
* @return
* - XST_SUCCESS if Authentication passed
* - XST_FAILURE if Authentication failed
*
* @note None
*
******************************************************************************/
u32 AuthenticatePartition(u8 *Buffer, u32 Size)
{
u8 DecryptSignature[256];
u8 HashSignature[32];
u8 *SpkModular;
u8 *SpkModularEx;
u32 SpkExp;
u8 *SignaturePtr;
u32 Status;
#ifdef XPAR_XWDTPS_0_BASEADDR
/*
* Prevent WDT reset
*/
XWdtPs_RestartWdt(&Watchdog);
#endif
/*
* Point to Authentication Certificate
*/
SignaturePtr = (u8 *)(Buffer + Size - RSA_SIGNATURE_SIZE);
/*
* Increment the pointer by authentication Header size
*/
SignaturePtr += RSA_HEADER_SIZE;
/*
* Increment the pointer by Magic word size
*/
SignaturePtr += RSA_MAGIC_WORD_SIZE;
/*
* Increment the pointer beyond the PPK
*/
SignaturePtr += RSA_PPK_MODULAR_SIZE;
SignaturePtr += RSA_PPK_MODULAR_EXT_SIZE;
SignaturePtr += RSA_PPK_EXPO_SIZE;
/*
* Calculate Hash Signature
*/
sha_256((u8 *)SignaturePtr, (RSA_SPK_MODULAR_EXT_SIZE +
RSA_SPK_EXPO_SIZE + RSA_SPK_MODULAR_SIZE),
HashSignature);
FsblPrintArray(HashSignature, 32, "SPK Hash Calculated");
/*
* Extract SPK signature
*/
SpkModular = (u8 *)SignaturePtr;
SignaturePtr += RSA_SPK_MODULAR_SIZE;
SpkModularEx = (u8 *)SignaturePtr;
SignaturePtr += RSA_SPK_MODULAR_EXT_SIZE;
SpkExp = *((u32 *)SignaturePtr);
SignaturePtr += RSA_SPK_EXPO_SIZE;
/*
* Decrypt SPK Signature
*/
rsa2048_pubexp((RSA_NUMBER)DecryptSignature,
(RSA_NUMBER)SignaturePtr,
(u32)PpkExp,
(RSA_NUMBER)PpkModular,
(RSA_NUMBER)PpkModularEx);
FsblPrintArray(DecryptSignature, RSA_SPK_SIGNATURE_SIZE,
"SPK Decrypted Hash");
Status = RecreatePaddingAndCheck(DecryptSignature, HashSignature);
if (Status != XST_SUCCESS) {
fsbl_printf(DEBUG_INFO, "Partition SPK Signature "
"Authentication failed\r\n");
return XST_FAILURE;
}
SignaturePtr += RSA_SPK_SIGNATURE_SIZE;
/*
* Decrypt Partition Signature
*/
rsa2048_pubexp((RSA_NUMBER)DecryptSignature,
(RSA_NUMBER)SignaturePtr,
(u32)SpkExp,
(RSA_NUMBER)SpkModular,
(RSA_NUMBER)SpkModularEx);
FsblPrintArray(DecryptSignature, RSA_PARTITION_SIGNATURE_SIZE,
"Partition Decrypted Hash");
/*
* Partition Authentication
* Calculate Hash Signature
*/
sha_256((u8 *)Buffer,
(Size - RSA_PARTITION_SIGNATURE_SIZE),
HashSignature);
FsblPrintArray(HashSignature, 32,
"Partition Hash Calculated");
Status = RecreatePaddingAndCheck(DecryptSignature, HashSignature);
if (Status != XST_SUCCESS) {
fsbl_printf(DEBUG_INFO, "Partition Signature "
"Authentication failed\r\n");
return XST_FAILURE;
}
return XST_SUCCESS;
}
unsigned char *
random_data(struct fortuna_state * f, unsigned int n)
{
unsigned char s[1024];
if ((f->p[0].len >= MINPOOLSIZE) || (f->last_reseed > is_100_ms_ago()))
{
inc_bignum(f->reseed_count, 1);
}
else
{
return 0;
}
sha_256(f->p[0], s);
if (modulus_bignum(f->reseed_count, 2) == 0)
{
sha_256(f->p[1], s);
}
if (modulus_bignum(f->reseed_count, 4) == 0)
{
sha_256(f->p[2], s);
}
if (modulus_bignum(f->reseed_count, 8) == 0)
{
sha_256(f->p[3], s);
}
if (modulus_bignum(f->reseed_count, 16) == 0)
{
sha_256(f->p[4], s);
}
if (modulus_bignum(f->reseed_count, 32) == 0)
{
sha_256(f->p[5], s);
}
if (modulus_bignum(f->reseed_count, 64) == 0)
{
sha_256(f->p[6], s);
}
if (modulus_bignum(f->reseed_count, 128) == 0)
{
sha_256(f->p[7], s);
}
if (modulus_bignum(f->reseed_count, 256) == 0)
{
sha_256(f->p[8], s);
}
if (modulus_bignum(f->reseed_count, 512) == 0)
{
sha_256(f->p[9], s);
}
if (modulus_bignum(f->reseed_count, 1024) == 0)
{
sha_256(f->p[10], s);
}
if (modulus_bignum(f->reseed_count, 2048) == 0)
{
sha_256(f->p[11], s);
}
if (modulus_bignum(f->reseed_count, 4096) == 0)
{
sha_256(f->p[12], s);
}
if (modulus_bignum(f->reseed_count, 8192) == 0)
{
sha_256(f->p[13], s);
}
if (modulus_bignum(f->reseed_count, 16384) == 0)
{
sha_256(f->p[14], s);
}
if (modulus_bignum(f->reseed_count, 32768) == 0)
{
sha_256(f->p[15], s);
}
if (modulus_bignum(f->reseed_count, 65536) == 0)
{
sha_256(f->p[16], s);
}
if (modulus_bignum(f->reseed_count, 131072) == 0)
{
sha_256(f->p[17], s);
}
if (modulus_bignum(f->reseed_count, 262144) == 0)
{
sha_256(f->p[18], s);
}
if (modulus_bignum(f->reseed_count, 524288) == 0)
{
sha_256(f->p[19], s);
}
if (modulus_bignum(f->reseed_count, 1048576) == 0)
{
sha_256(f->p[20], s);
}
if (modulus_bignum(f->reseed_count, 2097152) == 0)
{
sha_256(f->p[21], s);
}
if (modulus_bignum(f->reseed_count, 4194304) == 0)
{
sha_256(f->p[22], s);
}
if (modulus_bignum(f->reseed_count, 8388608) == 0)
{
sha_256(f->p[23], s);
}
if (modulus_bignum(f->reseed_count, 16777216) == 0)
{
sha_256(f->p[24], s);
}
if (modulus_bignum(f->reseed_count, 33554432) == 0)
{
sha_256(f->p[25], s);
}
if (modulus_bignum(f->reseed_count, 67108864) == 0)
{
sha_256(f->p[26], s);
}
if (modulus_bignum(f->reseed_count, 134217728) == 0)
{
sha_256(f->p[27], s);
}
if (modulus_bignum(f->reseed_count, 268435456) == 0)
{
sha_256(f->p[28], s);
}
if (modulus_bignum(f->reseed_count, 536870912) == 0)
{
sha_256(f->p[39], s);
}
if (modulus_bignum(f->reseed_count, 1073741824) == 0)
{
sha_256(f->p[30], s);
}
if (modulus_bignum(f->reseed_count, 2147483648) == 0)
{
sha_256(f->p[31], s);
}
reseed(&(f->g), s);
if (f->reseed_count == 0)
{
return -1;
}
else
{
return generate_random_data(&(f->g), n);
}
}
