/***************************************************************************** * 函 数 名 : crypto_hash * * 功能描述 : 计算输入的数据,输出16字节的HASH值,当前支持MD5、和SHA-1算法。 * * 输入参数 : data: 待计算HASH值的数据。 * len: 待计算HASH值的数据长度。(byte) * algorithm: 所要使用的HASH算法。 * hlen: 作为输入参数,存放HASH值的缓冲区的长度。(byte) * * 输出参数 : hash: 存放生成的HASH值。buffer必须大于16(MD5)/20(SHA-1)字节。 * hlen: 作为输出参数,存放生成的HASH值的长度。(byte) * * 返 回 值 : OK: 生成成功。 * ERROR: 生成失败。 * * 其它说明 : hlen为输入/输出参数,传入的hlen变量所用内存必须可写回。 * 所以避免直接传入类似sizeof()的函数调用结果。 * *****************************************************************************/ int crypto_hash_o(char *data, int len, CRYPTO_HASH_ALGORITHM algorithm, char *hash, int *hlen) { if(data == NULL || hash == NULL || hlen == NULL) { security_print("ERROR crypto_hash: param is NULL pointer!\n"); return BSP_ERROR; } if(len<=0 ) { security_print("ERROR crypto_hash: param is invalid!\n"); return BSP_ERROR; } switch(algorithm) { case CRYPTO_ALGORITHM_MD5: if(*hlen<16) { security_print("ERROR crypto_hash: param hlen is invalid!(hash bufsize is too small)\n"); return BSP_ERROR; } // FIXME: need rewrite MD5 function! NO return value! encrypt_lock_md5_data (data, len, hash); /* if(BSP_OK != encrypt_lock_md5_data (data, len, hash)) { security_print("ERROR crypto_hash: encrypt_lock_md5_data failed!\n"); return BSP_ERROR; } */ *hlen = MD5_HASH_LEN/8; break; case CRYPTO_ALGORITHM_SHA1: if(*hlen<20) { security_print("ERROR crypto_hash: param hlen is invalid!(hash bufsize is too small)\n"); return BSP_ERROR; } /*if(BSP_OK != SHA1Hash(data,len,(BSP_U32*)hash))*/ { security_print("ERROR crypto_hash: SHA1Hash not support!\n"); return BSP_ERROR; } /* *hlen = SHA1_HASH_LEN; */ break; case CRYPTO_ALGORITHM_SHA256: if (*hlen < SHA256_DIGEST_LENGTH) { security_print("ERROR crypto_hash: param hlen is invalid!(hash bufsize is too small)\n"); return BSP_ERROR; } SHA256_Hash((unsigned char*)data,len,(unsigned char*)hash); *hlen = SHA256_DIGEST_LENGTH; break; default: security_print("ERROR crypto_hash: unknown algorithm!\n"); return BSP_ERROR; } return BSP_OK; }/*lint !e429*/
s32 startSecure(void) { s32 sec_err_code = SEC_OK; u8 flag = 0; u8 * m3boot_ram_addr = NULL; u32 ulEfuseRootCaHash[SHA256_HASH_SIZE] = {0}; /*用来存放SHA256值的临时buffer*/ u32 efuse_security_flag = 0; u32 md5_hash[MD5_HASH_SIZE] = {0}; sec_err_code = secureAlreadyUse(&flag); if(sec_err_code) { return -1; } if( SECURE_ENABLE == flag ) /* has been written */ { return SEC_OK; } sec_err_code = secureSupport(&flag); if(SEC_OK != sec_err_code) { bsp_trace(BSP_LOG_LEVEL_ERROR, BSP_MODU_SECURITY, "[SEC ERROR]check Secure support error!\n"); return sec_err_code; } if(SECURE_NOT_SUPPORT == flag) { bsp_trace(BSP_LOG_LEVEL_ERROR, BSP_MODU_SECURITY, "[SEC ERROR]Secure not support!\n"); return SEC_ERROR_IMG_SECURY_NOT_SUPPORT; } m3boot_ram_addr = (u8*)osl_malloc(ROOT_CA_LEN); if(!m3boot_ram_addr) { bsp_trace(BSP_LOG_LEVEL_ERROR, BSP_MODU_SECURITY, "[SEC ERROR]NO mem error!\n"); return -1; } sec_err_code = BSP_mass_read("m3boot", /*P531_M3_LEN_INDEX + sizeof(u32)*/ROOT_CA_INDEX, ROOT_CA_LEN, m3boot_ram_addr); if(SEC_OK != sec_err_code) { bsp_trace(BSP_LOG_LEVEL_ERROR, BSP_MODU_SECURITY, "BSP_mass_read error!\n"); return sec_err_code; } #if 0//for debug, print rootca printf("\n"); for(i = 0; i < ROOT_CA_LEN / 4; i += 4) { printf("%X\n", *(unsigned long *)(m3boot_ram_addr + i)); } printf("\n"); #endif /*计算ROOT CA HASH*/ sec_err_code = kdf_sha256(m3boot_ram_addr, ROOT_CA_LEN, (u8*)ulEfuseRootCaHash); if(SEC_OK != sec_err_code) { bsp_trace(BSP_LOG_LEVEL_ERROR, BSP_MODU_SECURITY, "\r\ncalc RootCa sha1 err!\n"); return SEC_ERROR_SHA_ERR; } /*计算HASH值的MD5值*/ sec_err_code = encrypt_lock_md5_data(ulEfuseRootCaHash, SHA256_HASH_SIZE * sizeof(u32), md5_hash); if(sec_err_code) { return -1; } sec_err_code = bsp_efuse_read(&efuse_security_flag, EFUSE_GRP_SECURITY, 1); if( SEC_OK != sec_err_code) { bsp_trace(BSP_LOG_LEVEL_ERROR, BSP_MODU_SECURITY, "startSecure: run efuse_read error!\n"); return SEC_ERROR_EFUSE_READ_ERR; } efuse_security_flag |= EFUSEC_SEC_EN; /* write RootCA hash */ if( SEC_OK != bsp_efuse_write( md5_hash, EFUSE_GRP_ROOT_CA, 4 ) ) { return -1; } /* Last step, enable security boot */ if( SEC_OK != bsp_efuse_write( (u32 *)&efuse_security_flag, EFUSE_GRP_SECURITY, 1 ) ) { return -1; } bsp_trace(BSP_LOG_LEVEL_INFO, BSP_MODU_SECURITY, "\r\nstartSecure SUCC!\r\n", 0, 0, 0, 0, 0, 0 ); return 0; }