int main(int ac, char **av) { t_prog *lp; t_info *s; int i; int (**tab_fct)(); if (ac < 3) return (write(1, "Quel combat passionant\n", 23)); s = def_info(ac); i = 0; lp = def_prog(ac, av, s); def_proglist(ac - 1, s, lp); tab_fct = def_tab(); while (check_verif(s) > 1) { go_exec(s, lp, tab_fct); s->cycle = s->cycle + 1; } while (s->verif[i] == -1) i = i + 1; my_fwin(lp, i, ac - 1); return (0); }
static int sbromsw_toc1_traverse(void) { sbrom_toc1_item_group item_group; int ret; uint len, i; u8 buffer[SUNXI_X509_CERTIFF_MAX_LEN]; sunxi_certif_info_t root_certif; sunxi_certif_info_t sub_certif; u8 hash_of_file[256]; //u8 hash_in_certif[256]; //u8 key_certif_extension[260]; //u8 content_certif_key[520]; int out_to_ns; toc1_item_traverse(); printf("probe root certif\n"); sunxi_ss_open(); memset(buffer, 0, SUNXI_X509_CERTIFF_MAX_LEN); len = toc1_item_read_rootcertif(buffer, SUNXI_X509_CERTIFF_MAX_LEN); if(!len) { printf("%s error: cant read rootkey certif\n", __func__); return -1; } if(sunxi_certif_verify_itself(&root_certif, buffer, len)) { printf("certif invalid: root certif verify itself failed\n"); return -1; } do { memset(&item_group, 0, sizeof(sbrom_toc1_item_group)); ret = toc1_item_probe_next(&item_group); if(ret < 0) { printf("sbromsw_toc1_traverse err in toc1_item_probe_next\n"); return -1; } else if(ret == 0) { printf("sbromsw_toc1_traverse find out all items\n"); return 0; } if(item_group.bin_certif) { memset(buffer, 0, SUNXI_X509_CERTIFF_MAX_LEN); len = toc1_item_read(item_group.bin_certif, buffer, SUNXI_X509_CERTIFF_MAX_LEN); if(!len) { printf("%s error: cant read content key certif\n", __func__); return -1; } //证书内容进行自校验,确保没有被替换 if(sunxi_certif_verify_itself(&sub_certif, buffer, len)) { printf("%s error: cant verify the content certif\n", __func__); return -1; } // printf("key n:\n"); // ndump(sub_certif.pubkey.n, sub_certif.pubkey.n_len); // printf("key e:\n"); // ndump(sub_certif.pubkey.e, sub_certif.pubkey.e_len); //每当发现一个公钥证书,即在根证书中寻找匹配项目,找不到则认为有错误 for(i=0;i<root_certif.extension.extension_num;i++) { if(!strcmp((const char *)root_certif.extension.name[i], item_group.bin_certif->name)) { printf("find %s key stored in root certif\n", item_group.bin_certif->name); if(memcmp(root_certif.extension.value[i], sub_certif.pubkey.n+1, sub_certif.pubkey.n_len-1)) { printf("%s key n is incompatible\n", item_group.bin_certif->name); printf(">>>>>>>key in rootcertif<<<<<<<<<<\n"); ndump(root_certif.extension.value[i], sub_certif.pubkey.n_len-1); printf(">>>>>>>key in certif<<<<<<<<<<\n"); ndump(sub_certif.pubkey.n+1, sub_certif.pubkey.n_len-1); return -1; } if(memcmp(root_certif.extension.value[i] + sub_certif.pubkey.n_len-1, sub_certif.pubkey.e, sub_certif.pubkey.e_len)) { printf("%s key e is incompatible\n", item_group.bin_certif->name); printf(">>>>>>>key in rootcertif<<<<<<<<<<\n"); ndump(root_certif.extension.value[i] + sub_certif.pubkey.n_len-1, sub_certif.pubkey.e_len); printf(">>>>>>>key in certif<<<<<<<<<<\n"); ndump(sub_certif.pubkey.e, sub_certif.pubkey.e_len); return -1; } break; } } if(i==root_certif.extension.extension_num) { printf("cant find %s key stored in root certif", item_group.bin_certif->name); return -1; } } if(item_group.binfile) { //读出bin文件内容到内存 len = sunxi_flash_read(item_group.binfile->data_offset/512, (item_group.binfile->data_len+511)/512, (void *)item_group.binfile->run_addr); //len = sunxi_flash_read(item_group.binfile->data_offset/512, (item_group.binfile->data_len+511)/512, (void *)0x2a000000); if(!len) { printf("%s error: cant read bin file\n", __func__); return -1; } //计算文件hash memset(hash_of_file, 0, sizeof(hash_of_file)); ret = sunxi_sha_calc(hash_of_file, sizeof(hash_of_file), (u8 *)item_group.binfile->run_addr, item_group.binfile->data_len); //ret = sunxi_sha_calc(hash_of_file, sizeof(hash_of_file), (u8 *)0x2a000000, item_group.binfile->data_len); if(ret) { printf("sunxi_sha_calc: calc sha256 with hardware err\n"); return -1; } //使用内容证书的扩展项,和文件hash进行比较 //开始比较文件hash(小机端阶段计算得到)和证书hash(PC端计算得到) if(memcmp(hash_of_file, sub_certif.extension.value[0], 32)) { printf("hash compare is not correct\n"); printf(">>>>>>>hash of file<<<<<<<<<<\n"); ndump(hash_of_file, 32); printf(">>>>>>>hash in certif<<<<<<<<<<\n"); ndump(sub_certif.extension.value[0], 32); return -1; } printf("ready to run %s\n", item_group.binfile->name); if(strcmp(item_group.binfile->name, "u-boot")) { out_to_ns = 0; } else { out_to_ns = 1; } go_exec(item_group.binfile->run_addr, CONFIG_TOC0_CONFIG_ADDR, out_to_ns); } } while(1); return 0; }