int key_manage_write(const char* keyname, const void* keydata, const unsigned dataLen)
{
int ret = 0;
int srcKeyType;
char* decryptBuf = NULL;
const int DecryptBufMaxLen = 64<<10;
ret = key_unify_query_key_has_configure(keyname);
if (!ret) {
KM_ERR ("There isn't cfg for key[%s]\n", keyname) ;
return __LINE__;
}
ret = km_get_user_key_format(keyname, &srcKeyType);
if (ret) {
KM_ERR ("Fail in get user key type\n") ;
return __LINE__;
}
decryptBuf = (char*)malloc(DecryptBufMaxLen);
switch (srcKeyType)
{
case KM_USER_KEY_TYPE_MAC:
{
ret = _burn_key_in_type_mac(keyname, (char*)keydata, dataLen, decryptBuf);
}
break;
case KM_USER_KEY_TYPE_SHA1:
{
ret = _burn_key_in_type_sha1(keyname, (char*)keydata, dataLen, decryptBuf);
}
break;
case KM_USER_KEY_TYPE_HDCP2:
{
ret = _burn_key_in_type_hdcp2(keyname, (char*)keydata, dataLen, decryptBuf);
}
break;
case KM_USER_KEY_TYPE_RAW:
{
ret = key_unify_write(keyname, (char*)keydata, dataLen);
}
break;
}
free(decryptBuf);
return ret;
}
//key value which end up 20 bytes sha1sum
//check the sha1sum and remove it after checked ok
static int _burn_key_in_type_sha1(const char* keyname, void* databuf, const unsigned bufLen, char* decryptBuf)
{
int ret = 0;
const unsigned srcKeyLen = bufLen;
const char* srcKeyVal = (char*)databuf;
const unsigned shaSumLen = 20;
const unsigned licLen = srcKeyLen - shaSumLen;
const u8* orgSum = (u8*)srcKeyVal + licLen;
u8 genSum[shaSumLen];
if (srcKeyLen <= 20) {
KM_ERR("Err key len %d for sha1 fmt\n", srcKeyLen);
return __LINE__;
}
sha1_csum((u8*)srcKeyVal, licLen, genSum);
ret = memcmp(orgSum, genSum, shaSumLen);
if (ret) {
const unsigned fmtStrLen = shaSumLen * 2 + 2;
char org_sha1Str[fmtStrLen + 2];
char gen_sha1Str[fmtStrLen + 2];
int byteIndex = 0;
org_sha1Str[0] = gen_sha1Str[0] = '\0';
for (byteIndex = 0; byteIndex < shaSumLen; ++byteIndex)
{
sprintf(org_sha1Str, "%s%02x", org_sha1Str, orgSum[byteIndex]);
sprintf(gen_sha1Str, "%s%02x", gen_sha1Str, genSum[byteIndex]);
}
KM_ERR("sha1sum, orgSum[%s] != genSum[%s]\n", org_sha1Str, gen_sha1Str);
return __LINE__;
}
KM_MSG("Verify key with sha1sum OK\n");
ret = key_unify_write(keyname, srcKeyVal, licLen);
return ret;
}
//key manager user interface: mac format check and change format if needed
static int _burn_key_in_type_mac(const char* keyname, const char* srcKeyVal, const unsigned srcKeyLen, void* decryptBuf)
{
int ret = 0;
int index = 0;
ssize_t targetKeyLen = 0;
char* dstKeyVal = (char*)decryptBuf;
if (_UsrMacKeyLen != srcKeyLen) {
KM_ERR("mac len %d is invalid, must be %d\n", srcKeyLen, _UsrMacKeyLen);
return -EINVAL;
}
for (index = 0; index < _UsrMacKeyLen; index += 3)
{
int k = 0;
const char* p = srcKeyVal + index;
for (k = 0; k < 2; ++k) {
const char c = *p++;
if (!isxdigit(c)) {
KM_ERR("mac str(%s) fmt err at index[%d]\n", srcKeyVal, index + k);
return __LINE__;
}
}
if (':' != *p && index + k < _UsrMacKeyLen) {
KM_ERR("mac str(%s) fmt err at index[%d], must be :, but %c\n", srcKeyVal, index + 2, *p);
return __LINE__;
}
}
enum key_manager_dev_e keyDev = keymanage_dts_get_key_device(keyname);
if (KEY_M_MAX_DEV == keyDev) {
KM_ERR("Fail get key dev for key[%s]\n", keyname);
return __LINE__;
}
if (KEY_M_EFUSE_NORMAL != keyDev) { targetKeyLen = _UsrMacKeyLen; }
else
{//efusekey, check configure size
ret = key_unify_query_size(keyname, &targetKeyLen);
if (ret) {
KM_ERR("Fail at get key size, ret=%d\n", ret);
return __LINE__;
}
if (6 != targetKeyLen && targetKeyLen != _UsrMacKeyLen) {
KM_ERR("efuse key[%s] len %zd err\n", keyname, targetKeyLen);
return __LINE__;
}
}
if (_UsrMacKeyLen == targetKeyLen) {//say its target not efuse ?
ret = key_unify_write(keyname, srcKeyVal, srcKeyLen);
return ret;
}
KM_DBG("targetKeyLen=%zd\n", targetKeyLen);
for (index = 0; index < targetKeyLen; ++index) {
const char *theByteStr = srcKeyVal + index * 3;
unsigned byteSum = 0;
byteSum = simple_strtoul(theByteStr, NULL, 16);
KM_DBG("byteSum[%d]=0x%x\n", index, byteSum);
if (byteSum > 0xff) {
KM_ERR("theByteStr=%s err\n", theByteStr);
return __LINE__;
}
dstKeyVal[index] = byteSum;
}
ret = key_unify_write(keyname, dstKeyVal, targetKeyLen);
return ret;
}
int do_keyunify(cmd_tbl_t * cmdtp, int flag, int argc, char *argv[])
{
int err;
char *cmd,*name;
unsigned int addr,len,reallen;
unsigned int keystate,keypermit;
if (argc < 2)
goto usage;
cmd = argv[1];
if(!strcmp(cmd,"init")){
if(argc > 3){
addr = simple_strtoul(argv[2], NULL, 16);
len = simple_strtoul(argv[3], NULL, 16);
}
else{
char initvalue[]={1,2,3,4};
addr = (unsigned int)&initvalue[0];
len = sizeof(initvalue);
}
err = key_unify_init((char *)addr,len);
return err;
}
if(!strcmp(cmd,"write")){
if(argc < 5)
goto usage;
name = argv[2];
addr = simple_strtoul(argv[3], NULL, 16);
len = simple_strtoul(argv[4], NULL, 16);
err = key_unify_write(name,(unsigned char *)addr,len);
if(err < 0){
printf("%s:%d,%s key write fail\n",__func__,__LINE__,name);
}
return err;
}
if(!strcmp(cmd,"read")){
if(argc < 6)
goto usage;
name = argv[2];
addr = simple_strtoul(argv[3], NULL, 16);
len = simple_strtoul(argv[4], NULL, 16);
reallen = simple_strtoul(argv[5], NULL, 16);
err = key_unify_read(name,(unsigned char *)addr,len,(unsigned int*)reallen);
if(err < 0){
printf("%s:%d,%s key read fail\n",__func__,__LINE__,name);
}
return err;
}
if(!strcmp(cmd,"query")){
if(argc < 5)
goto usage;
name = argv[2];
keystate = simple_strtoul(argv[3], NULL, 16);
keypermit = simple_strtoul(argv[4], NULL, 16);
err = key_unify_query(name,(unsigned int *)keystate,(unsigned int *)keypermit);
if(err < 0){
printf("%s:%d,%s key query fail\n",__func__,__LINE__,name);
}
if(err >=0){
if(*(unsigned int*)keystate == KEY_BURNED){
printf("%s key exist\n",name);
}
else{
printf("%s key not exist\n",name);
}
}
return err;
}
if(!strcmp(cmd,"secure")){
addr = simple_strtoul(argv[3], NULL, 16);
len = simple_strtoul(argv[4], NULL, 16);
err= key_unify_secure_boot_key(argv[2],(unsigned char *)addr,len);
if(err < 0){
printf("fail\n");
}
else if(err > 0){
printf("exist\n");
}
else{
printf("ok\n");
}
return err;
}
if(!strcmp(cmd,"uninit")){
key_unify_uninit();
return 0;
}
usage:
cmd_usage(cmdtp);
return 1;
}
