void reseed(struct generator * g, unsigned char seed[16]) { unsigned long new_key[2]; sha_256(g->key, seed, new_key); memcpy(g->key, new_key, sizeof(new_key)); increment_bignum(g->counter, 1); }
static void aml_m6_sec_boot_check(const unsigned char *pSRC) { #if defined(CONFIG_M6_SECU_BOOT_2RSA) #define AML_UBOOT_SIZE_MAX (600*1024) #define AML_MX_UCL_SIZE_ADDR (AHB_SRAM_BASE+0x20) //note: the length of uboot ucl image which has beed hashed is placed to AML_MX_UCL_SIZE_ADDR #define AML_MX_UCL_HASH_ADDR_1 (AHB_SRAM_BASE+0x24) #define AML_MX_UCL_HASH_SIZE_1 (16) #define AML_MX_UCL_HASH_ADDR_2 (AHB_SRAM_BASE+0x1A0) #define AML_MX_UCL_HASH_SIZE_2 (16) //note: the hash key of uboot ucl image is splitted to two parts (16+16bytes) and locate in AML_MX_UCL_HASH_ADDR_1/2 int index = check_m6_chip_version(); if(index < 0){ serial_puts("\nErr! Wrong MX chip!\n"); AML_WATCH_DOG_START(); } t_func_v3 fp_05 = (t_func_v3)m6_g_action[index][5]; unsigned int info=0; fp_05((int)&info,0,4); if(!(info &(1<<7))){ return ; } writel(readl(0xda004004) & ~0x80000510,0xda004004);//clear JTAG for long time hash unsigned char szHashUCL[SHA256_HASH_BYTES]; unsigned int nSizeUCL = *((unsigned int *)(AML_MX_UCL_SIZE_ADDR)); //get ucl length to be hashed memcpy(szHashUCL,(const void *)AML_MX_UCL_HASH_ADDR_1,AML_MX_UCL_HASH_SIZE_1); //get 1st hash key memcpy(szHashUCL+AML_MX_UCL_HASH_SIZE_1,(const void *)AML_MX_UCL_HASH_ADDR_2,AML_MX_UCL_HASH_SIZE_2);//get 2nd hash key //to clear memcpy((void *)AML_MX_UCL_SIZE_ADDR,(const void *)(AML_MX_UCL_HASH_ADDR_1+16),AML_MX_UCL_HASH_SIZE_1+4); memcpy((void *)AML_MX_UCL_HASH_ADDR_2,(const void *)(AML_MX_UCL_HASH_ADDR_1+16),AML_MX_UCL_HASH_SIZE_1); if((!nSizeUCL) || (nSizeUCL > AML_UBOOT_SIZE_MAX) || //illegal uboot image size sha_256(szHashUCL,pSRC,nSizeUCL)) { //serial_puts("\nError! UBoot is corrupt!\n"); serial_puts("\nErr! UBoot is corrupt!\n"); AML_WATCH_DOG_START(); } #endif aml_m6_sec_boot_check_2RSA_key((const unsigned char *)pSRC); }
/** * * This function Authenticate Partition Signature * * @param Partition header pointer * * @return * - XST_SUCCESS if Authentication passed * - XST_FAILURE if Authentication failed * * @note None * ******************************************************************************/ u32 AuthenticatePartition(u8 *Buffer, u32 Size) { u8 DecryptSignature[256]; u8 HashSignature[32]; u8 *SpkModular; u8 *SpkModularEx; u32 SpkExp; u8 *SignaturePtr; u32 Status; #ifdef XPAR_XWDTPS_0_BASEADDR /* * Prevent WDT reset */ XWdtPs_RestartWdt(&Watchdog); #endif /* * Point to Authentication Certificate */ SignaturePtr = (u8 *)(Buffer + Size - RSA_SIGNATURE_SIZE); /* * Increment the pointer by authentication Header size */ SignaturePtr += RSA_HEADER_SIZE; /* * Increment the pointer by Magic word size */ SignaturePtr += RSA_MAGIC_WORD_SIZE; /* * Increment the pointer beyond the PPK */ SignaturePtr += RSA_PPK_MODULAR_SIZE; SignaturePtr += RSA_PPK_MODULAR_EXT_SIZE; SignaturePtr += RSA_PPK_EXPO_SIZE; /* * Calculate Hash Signature */ sha_256((u8 *)SignaturePtr, (RSA_SPK_MODULAR_EXT_SIZE + RSA_SPK_EXPO_SIZE + RSA_SPK_MODULAR_SIZE), HashSignature); FsblPrintArray(HashSignature, 32, "SPK Hash Calculated"); /* * Extract SPK signature */ SpkModular = (u8 *)SignaturePtr; SignaturePtr += RSA_SPK_MODULAR_SIZE; SpkModularEx = (u8 *)SignaturePtr; SignaturePtr += RSA_SPK_MODULAR_EXT_SIZE; SpkExp = *((u32 *)SignaturePtr); SignaturePtr += RSA_SPK_EXPO_SIZE; /* * Decrypt SPK Signature */ rsa2048_pubexp((RSA_NUMBER)DecryptSignature, (RSA_NUMBER)SignaturePtr, (u32)PpkExp, (RSA_NUMBER)PpkModular, (RSA_NUMBER)PpkModularEx); FsblPrintArray(DecryptSignature, RSA_SPK_SIGNATURE_SIZE, "SPK Decrypted Hash"); Status = RecreatePaddingAndCheck(DecryptSignature, HashSignature); if (Status != XST_SUCCESS) { fsbl_printf(DEBUG_INFO, "Partition SPK Signature " "Authentication failed\r\n"); return XST_FAILURE; } SignaturePtr += RSA_SPK_SIGNATURE_SIZE; /* * Decrypt Partition Signature */ rsa2048_pubexp((RSA_NUMBER)DecryptSignature, (RSA_NUMBER)SignaturePtr, (u32)SpkExp, (RSA_NUMBER)SpkModular, (RSA_NUMBER)SpkModularEx); FsblPrintArray(DecryptSignature, RSA_PARTITION_SIGNATURE_SIZE, "Partition Decrypted Hash"); /* * Partition Authentication * Calculate Hash Signature */ sha_256((u8 *)Buffer, (Size - RSA_PARTITION_SIGNATURE_SIZE), HashSignature); FsblPrintArray(HashSignature, 32, "Partition Hash Calculated"); Status = RecreatePaddingAndCheck(DecryptSignature, HashSignature); if (Status != XST_SUCCESS) { fsbl_printf(DEBUG_INFO, "Partition Signature " "Authentication failed\r\n"); return XST_FAILURE; } return XST_SUCCESS; }
unsigned char * random_data(struct fortuna_state * f, unsigned int n) { unsigned char s[1024]; if ((f->p[0].len >= MINPOOLSIZE) || (f->last_reseed > is_100_ms_ago())) { inc_bignum(f->reseed_count, 1); } else { return 0; } sha_256(f->p[0], s); if (modulus_bignum(f->reseed_count, 2) == 0) { sha_256(f->p[1], s); } if (modulus_bignum(f->reseed_count, 4) == 0) { sha_256(f->p[2], s); } if (modulus_bignum(f->reseed_count, 8) == 0) { sha_256(f->p[3], s); } if (modulus_bignum(f->reseed_count, 16) == 0) { sha_256(f->p[4], s); } if (modulus_bignum(f->reseed_count, 32) == 0) { sha_256(f->p[5], s); } if (modulus_bignum(f->reseed_count, 64) == 0) { sha_256(f->p[6], s); } if (modulus_bignum(f->reseed_count, 128) == 0) { sha_256(f->p[7], s); } if (modulus_bignum(f->reseed_count, 256) == 0) { sha_256(f->p[8], s); } if (modulus_bignum(f->reseed_count, 512) == 0) { sha_256(f->p[9], s); } if (modulus_bignum(f->reseed_count, 1024) == 0) { sha_256(f->p[10], s); } if (modulus_bignum(f->reseed_count, 2048) == 0) { sha_256(f->p[11], s); } if (modulus_bignum(f->reseed_count, 4096) == 0) { sha_256(f->p[12], s); } if (modulus_bignum(f->reseed_count, 8192) == 0) { sha_256(f->p[13], s); } if (modulus_bignum(f->reseed_count, 16384) == 0) { sha_256(f->p[14], s); } if (modulus_bignum(f->reseed_count, 32768) == 0) { sha_256(f->p[15], s); } if (modulus_bignum(f->reseed_count, 65536) == 0) { sha_256(f->p[16], s); } if (modulus_bignum(f->reseed_count, 131072) == 0) { sha_256(f->p[17], s); } if (modulus_bignum(f->reseed_count, 262144) == 0) { sha_256(f->p[18], s); } if (modulus_bignum(f->reseed_count, 524288) == 0) { sha_256(f->p[19], s); } if (modulus_bignum(f->reseed_count, 1048576) == 0) { sha_256(f->p[20], s); } if (modulus_bignum(f->reseed_count, 2097152) == 0) { sha_256(f->p[21], s); } if (modulus_bignum(f->reseed_count, 4194304) == 0) { sha_256(f->p[22], s); } if (modulus_bignum(f->reseed_count, 8388608) == 0) { sha_256(f->p[23], s); } if (modulus_bignum(f->reseed_count, 16777216) == 0) { sha_256(f->p[24], s); } if (modulus_bignum(f->reseed_count, 33554432) == 0) { sha_256(f->p[25], s); } if (modulus_bignum(f->reseed_count, 67108864) == 0) { sha_256(f->p[26], s); } if (modulus_bignum(f->reseed_count, 134217728) == 0) { sha_256(f->p[27], s); } if (modulus_bignum(f->reseed_count, 268435456) == 0) { sha_256(f->p[28], s); } if (modulus_bignum(f->reseed_count, 536870912) == 0) { sha_256(f->p[39], s); } if (modulus_bignum(f->reseed_count, 1073741824) == 0) { sha_256(f->p[30], s); } if (modulus_bignum(f->reseed_count, 2147483648) == 0) { sha_256(f->p[31], s); } reseed(&(f->g), s); if (f->reseed_count == 0) { return -1; } else { return generate_random_data(&(f->g), n); } }