| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | /* |
| 2 | *********************************************************** |
| 3 | */ |
| 4 | |
| 5 | #include <common.h> |
| 6 | #include <asm/io.h> |
| 7 | #include <asm/string.h> |
| 8 | #include <sdio.h> |
| 9 | #include <image.h> |
| 10 | #include <key.h> |
| 11 | |
| 12 | |
| 13 | #include "efuse.h" |
| 14 | #include "drv_rsa.h" |
| 15 | #include "drv_hash.h" |
| 16 | |
| 17 | |
| 18 | #define E_N_LEN 256 |
| 19 | #define HASH_LEN 128 |
| 20 | |
| 21 | |
| 22 | |
| 23 | /* |
| 24 | ****************************************************************************** |
| 25 | * Function: |
| 26 | * Description: |
| 27 | * Parameters: |
| 28 | * Input: |
| 29 | * Output: |
| 30 | * Returns: |
| 31 | * Others: |
| 32 | ******************************************************************************* |
| 33 | */ |
| 34 | static u8 data_cmp_word(u32* src, u32* dst, u32 cnt) |
| 35 | { |
| 36 | u32 i; |
| 37 | for(i = 0; i < cnt; i++) |
| 38 | { |
| 39 | if(src[i] != dst[i]) |
| 40 | { |
| 41 | return 1; |
| 42 | } |
| 43 | } |
| 44 | return 0; |
| 45 | } |
| 46 | |
| 47 | |
| 48 | /* |
| 49 | ****************************************************************************** |
| 50 | * Function: |
| 51 | * Description: |
| 52 | * Parameters: |
| 53 | * Input: |
| 54 | * Output: |
| 55 | * Returns: |
| 56 | * Others: |
| 57 | ******************************************************************************* |
| 58 | */ |
| 59 | int SecureVerify(u32 puiSdrmStartAddr) |
| 60 | { |
| 61 | u32 uiLen = 0; |
| 62 | u32 uiRet = -1; |
| 63 | image_header_t *puiLegacyImgAddr = NULL; |
| 64 | sImageHeader *psImageHeader = NULL; |
| 65 | efuse_struct *psEfuseInfo = NULL; |
| 66 | |
| 67 | u32 *puiDataLoadAddr = NULL; |
| 68 | u32 *puiArrPubKeyEN = NULL; |
| 69 | u32 *puiArrHASH = NULL; |
| 70 | u32 uiHashResArr[4] = {0}; |
| 71 | u32 uiHashResLen = 0; |
| 72 | u32 uiHashVerifySize = 0; |
| 73 | u32 uiRsaResArr[32] = {0}; |
| 74 | int guiEfuseStatus = 1; |
| 75 | |
| 76 | u32 sRamKey[5] = {SECURE_EN,SECURE_PUK_HASH0,SECURE_PUK_HASH1, |
| 77 | SECURE_PUK_HASH2,SECURE_PUK_HASH3}; |
| 78 | |
| 79 | T_Rsa_Paramter sRSAInput; |
| 80 | u32 *puiRsaResAddr = NULL; |
| 81 | |
| 82 | if(0 == puiSdrmStartAddr) |
| 83 | { |
| 84 | return -1; |
| 85 | } |
| 86 | |
| 87 | psImageHeader = (sImageHeader *)puiSdrmStartAddr; |
| 88 | puiLegacyImgAddr = (image_header_t *)(puiSdrmStartAddr + sizeof(sImageHeader)); |
| 89 | uiHashVerifySize = ___htonl(puiLegacyImgAddr->ih_size) + sizeof(image_header_t); |
| 90 | |
| 91 | guiEfuseStatus = get_secure_verify_status(); |
| 92 | if(guiEfuseStatus == 0) //efuse secure verify. |
| 93 | psEfuseInfo = (efuse_struct*)EFUSE_RAM_BASE; |
| 94 | else |
| 95 | psEfuseInfo = (efuse_struct*)sRamKey; |
| 96 | |
| 97 | /* |
| 98 | * 0. ¼ì²éPubKeyÊÇ·ñ±»´Û¸Ä¡£ |
| 99 | * - ¶ÔPubKeyÃ÷ÎĽøÐÐHASH_MD5ÔËË㣬 |
| 100 | * ²¢ÇÒÓëefuseÖб£´æµÄpuk_hash±È½Ï¡£ |
| 101 | * - ±È½ÏÊý¾ÝÏàͬ£¬·µ»Ø0£» |
| 102 | * - ²»Í¬£¬·µ»Ø1¡£ |
| 103 | */ |
| 104 | uiLen = E_N_LEN; //¹«Ô¿EºÍN£¬¹²256byte³¤¶È¡£ |
| 105 | puiArrPubKeyEN = psImageHeader->uiPubKeyRsaE; |
| 106 | |
| 107 | uiRet = Hash_Calculate(HASH_MODE_MD5, |
| 108 | HASH_SMALL_ENDIAN, |
| 109 | puiArrPubKeyEN, |
| 110 | uiLen, |
| 111 | NULL, |
| 112 | 0, |
| 113 | uiHashResArr, |
| 114 | &uiHashResLen); |
| 115 | if(uiRet != 0) |
| 116 | { |
| 117 | return -1; |
| 118 | } |
| 119 | |
| 120 | if(data_cmp_word((u32 *)psEfuseInfo->puk_hash, |
| 121 | uiHashResArr, uiHashResLen)) |
| 122 | { |
| 123 | printf("Puk hash verify fail!\n"); |
| 124 | return -1; |
| 125 | } |
| 126 | |
| 127 | puiArrHASH = psImageHeader->uiHashY; |
| 128 | uiLen = HASH_LEN; |
| 129 | |
| 130 | /* |
| 131 | * 1. ÀûÓù«Ô¿¶ÔuiHashY'½øÐнâÃÜ£¬µÃµ½1024bit½á¹û¡£ |
| 132 | */ |
| 133 | sRSAInput.udCalMode = RSA_MOD_EXPO_WITH_INIT; |
| 134 | sRSAInput.udNbitLen = 1024; |
| 135 | sRSAInput.udEbitLen = 1024; |
| 136 | sRSAInput.pudInputM = puiArrHASH; |
| 137 | sRSAInput.pudInputE = puiArrPubKeyEN; |
| 138 | sRSAInput.pudInputN = (puiArrPubKeyEN + 32); |
| 139 | sRSAInput.pudOutputP = uiRsaResArr; |
| 140 | |
| 141 | uiRet = Rsa_Calculate(sRSAInput); |
| 142 | if(uiRet != 0) |
| 143 | { |
| 144 | printf("Rsa_Calculate fail!\n"); |
| 145 | return -1; |
| 146 | } |
| 147 | |
| 148 | //È¡×îºó4×Ö½Ú×÷ΪPubKey½âÃܺóµÄHASH_MD5Öµ¡£ |
| 149 | puiRsaResAddr = sRSAInput.pudOutputP + (32 - uiHashResLen); |
| 150 | |
| 151 | /* |
| 152 | * 2. ¼ÆËãÏÂÒ»¼¶¾µÏñµÄHASH_MD5Öµ¡£ |
| 153 | * - ¶ÔLegacyImage(64 BytesµÄÍ·ÐÅÏ¢+°æ±¾Çø)½øÐÐhash¼ÆË㣬 |
| 154 | * ²¢ÇÒÓëPubKeyÑéÇ©µÄ½á¹û½øÐбȽϡ£ |
| 155 | */ |
| 156 | uiLen = uiHashVerifySize; |
| 157 | puiDataLoadAddr = (u32 *)(___htonl(puiLegacyImgAddr->ih_load) |
| 158 | - sizeof(image_header_t)); |
| 159 | |
| 160 | /* Cleanup Output Buffer. */ |
| 161 | uiHashResLen = 0; |
| 162 | memset(uiHashResArr, 0, 4*sizeof(uiHashResArr[0])); |
| 163 | |
| 164 | uiRet = Hash_Calculate(HASH_MODE_MD5, |
| 165 | HASH_SMALL_ENDIAN, |
| 166 | puiDataLoadAddr, |
| 167 | uiLen, |
| 168 | NULL, |
| 169 | 0, |
| 170 | uiHashResArr, |
| 171 | &uiHashResLen); |
| 172 | if(uiRet != 0) |
| 173 | { |
| 174 | printf("Hash_Calculate Fail!\n"); |
| 175 | return -1; |
| 176 | } |
| 177 | |
| 178 | if(data_cmp_word(puiRsaResAddr, uiHashResArr, uiHashResLen)) |
| 179 | { |
| 180 | printf("SignImage Verify Fail!\n"); |
| 181 | return -1; |
| 182 | } |
| 183 | |
| 184 | return 0; |
| 185 | } |
| 186 | |
| 187 | |
| 188 | |
| 189 | |