1 files changed, 10 insertions, 34 deletions
diff --git a/bootloader/main-pp.c b/bootloader/main-pp.c
index 3aba71790a..72d45712fc 100644
--- a/bootloader/main-pp.c
+++ b/bootloader/main-pp.c
@@ -235,21 +235,12 @@ static void tea_decrypt_buf(unsigned char* src, unsigned char* dest, size_t n, u
    }
 }
-static inline bool tea_test_key(unsigned char magic_enc[8], uint32_t * key, int unaligned)
+static int tea_find_key(struct mi4header_t *mi4header, unsigned char* buf)
-{
-    unsigned char magic_dec[8];
-    tea_decrypt_buf(magic_enc, magic_dec, 8, key);
-    return (le2int(&magic_dec[4*unaligned]) == 0xaa55aa55);
-}
-static int tea_find_key(struct mi4header_t *mi4header, int fd)
 {
    unsigned int i;
-    int rc;
    uint32_t key[4];
    uint32_t keyinc;
-    unsigned char magic_enc[8];
+    unsigned char magic_dec[8];
    int key_found = -1;
    unsigned int magic_location = mi4header->length-4;
    int unaligned = 0;
@@ -260,12 +251,6 @@ static int tea_find_key(struct mi4header_t *mi4header, int fd)
        magic_location -= 4;
    }
-    /* Load encrypted magic 0xaa55aa55 to check key */
-    lseek(fd, MI4_HEADER_SIZE + magic_location, SEEK_SET);
-    rc = read(fd, magic_enc, 8);
-    if(rc < 8 )
-        return EREAD_IMAGE_FAILED;
    printf("Searching for key:");
    for (i=0; i < NUM_KEYS && (key_found<0) ; i++) {
@@ -281,10 +266,13 @@ static int tea_find_key(struct mi4header_t *mi4header, int fd)
        if (key[1]==0) key[2]++;
        if (key[2]==0) key[3]++;
-        if (tea_test_key(magic_enc,key,unaligned))
+        /* Decrypt putative magic */
+        tea_decrypt_buf(&buf[magic_location], magic_dec, 8, key);
+        if (le2int(&magic_dec[4*unaligned]) == 0xaa55aa55)
        {
            key_found = i;
-             printf("%s...found", tea_keytable[i].name);
+            printf("%s...found", tea_keytable[i].name);
        } else {
           /* printf("%s...failed", tea_keytable[i].name); */
        }
@@ -336,33 +324,25 @@ int load_mi4(unsigned char* buf, char* firmware, unsigned int buffer_size)
    /* Load firmware file */
    lseek(fd, MI4_HEADER_SIZE, SEEK_SET);
    rc = read(fd, buf, mi4header.mi4size-MI4_HEADER_SIZE);
+    close(fd);
    if(rc < (int)mi4header.mi4size-MI4_HEADER_SIZE)
-    {
-        close(fd);
        return EREAD_IMAGE_FAILED;
-    }
- 
    /* Check CRC32 to see if we have a valid file */
    sum = chksum_crc32 (buf, mi4header.mi4size - MI4_HEADER_SIZE);
    printf("Calculated CRC32: %x", sum);
    if(sum != mi4header.crc32)
-    {
-        close(fd);
        return EBAD_CHKSUM;
-    }
    if( (mi4header.plaintext + MI4_HEADER_SIZE) != mi4header.mi4size)
    {
        /* Load encrypted firmware */
-        int key_index = tea_find_key(&mi4header, fd);
+        int key_index = tea_find_key(&mi4header, buf);
        
        if (key_index < 0)
-        {
-            close(fd);
            return EINVALID_FORMAT;
-        }
        
        /* Plaintext part is already loaded */
        buf += mi4header.plaintext;
@@ -376,13 +356,9 @@ int load_mi4(unsigned char* buf, char* firmware, unsigned int buffer_size)
        
        /* Check decryption was successfull */
        if(le2int(&buf[mi4header.length-mi4header.plaintext-4]) != 0xaa55aa55)
-        {
-            close(fd);
            return EREAD_IMAGE_FAILED;
-        }
    }
-    close(fd);
    return EOK;
 }

diff --git a/bootloader/main-pp.c b/bootloader/main-pp.c index 3aba71790a..72d45712fc 100644 --- a/bootloader/main-pp.c +++ b/bootloader/main-pp.c
@@ -235,21 +235,12 @@ static void tea_decrypt_buf(unsigned char* src, unsigned char* dest, size_t n, u
235	}	235	}
236	}	236	}
237		237
238	static inline bool tea_test_key(unsigned char magic_enc[8], uint32_t * key, int unaligned)	238	static int tea_find_key(struct mi4header_t mi4header, unsigned char buf)
239	{
240	unsigned char magic_dec[8];
241	tea_decrypt_buf(magic_enc, magic_dec, 8, key);
242
243	return (le2int(&magic_dec[4*unaligned]) == 0xaa55aa55);
244	}
245
246	static int tea_find_key(struct mi4header_t *mi4header, int fd)
247	{	239	{
248	unsigned int i;	240	unsigned int i;
249	int rc;
250	uint32_t key[4];	241	uint32_t key[4];
251	uint32_t keyinc;	242	uint32_t keyinc;
252	unsigned char magic_enc[8];	243	unsigned char magic_dec[8];
253	int key_found = -1;	244	int key_found = -1;
254	unsigned int magic_location = mi4header->length-4;	245	unsigned int magic_location = mi4header->length-4;
255	int unaligned = 0;	246	int unaligned = 0;
@@ -260,12 +251,6 @@ static int tea_find_key(struct mi4header_t *mi4header, int fd)
260	magic_location -= 4;	251	magic_location -= 4;
261	}	252	}
262		253
263	/* Load encrypted magic 0xaa55aa55 to check key */
264	lseek(fd, MI4_HEADER_SIZE + magic_location, SEEK_SET);
265	rc = read(fd, magic_enc, 8);
266	if(rc < 8 )
267	return EREAD_IMAGE_FAILED;
268
269	printf("Searching for key:");	254	printf("Searching for key:");
270		255
271	for (i=0; i < NUM_KEYS && (key_found<0) ; i++) {	256	for (i=0; i < NUM_KEYS && (key_found<0) ; i++) {
@@ -281,10 +266,13 @@ static int tea_find_key(struct mi4header_t *mi4header, int fd)
281	if (key[1]==0) key[2]++;	266	if (key[1]==0) key[2]++;
282	if (key[2]==0) key[3]++;	267	if (key[2]==0) key[3]++;
283		268
284	if (tea_test_key(magic_enc,key,unaligned))	269	/* Decrypt putative magic */
		270	tea_decrypt_buf(&buf[magic_location], magic_dec, 8, key);
		271
		272	if (le2int(&magic_dec[4*unaligned]) == 0xaa55aa55)
285	{	273	{
286	key_found = i;	274	key_found = i;
287	printf("%s...found", tea_keytable[i].name);	275	printf("%s...found", tea_keytable[i].name);
288	} else {	276	} else {
289	/* printf("%s...failed", tea_keytable[i].name); */	277	/* printf("%s...failed", tea_keytable[i].name); */
290	}	278	}
@@ -336,33 +324,25 @@ int load_mi4(unsigned char* buf, char* firmware, unsigned int buffer_size)
336	/* Load firmware file */	324	/* Load firmware file */
337	lseek(fd, MI4_HEADER_SIZE, SEEK_SET);	325	lseek(fd, MI4_HEADER_SIZE, SEEK_SET);
338	rc = read(fd, buf, mi4header.mi4size-MI4_HEADER_SIZE);	326	rc = read(fd, buf, mi4header.mi4size-MI4_HEADER_SIZE);
		327	close(fd);
339	if(rc < (int)mi4header.mi4size-MI4_HEADER_SIZE)	328	if(rc < (int)mi4header.mi4size-MI4_HEADER_SIZE)
340	{
341	close(fd);
342	return EREAD_IMAGE_FAILED;	329	return EREAD_IMAGE_FAILED;
343	}	330
344
345	/* Check CRC32 to see if we have a valid file */	331	/* Check CRC32 to see if we have a valid file */
346	sum = chksum_crc32 (buf, mi4header.mi4size - MI4_HEADER_SIZE);	332	sum = chksum_crc32 (buf, mi4header.mi4size - MI4_HEADER_SIZE);
347		333
348	printf("Calculated CRC32: %x", sum);	334	printf("Calculated CRC32: %x", sum);
349		335
350	if(sum != mi4header.crc32)	336	if(sum != mi4header.crc32)
351	{
352	close(fd);
353	return EBAD_CHKSUM;	337	return EBAD_CHKSUM;
354	}
355		338
356	if( (mi4header.plaintext + MI4_HEADER_SIZE) != mi4header.mi4size)	339	if( (mi4header.plaintext + MI4_HEADER_SIZE) != mi4header.mi4size)
357	{	340	{
358	/* Load encrypted firmware */	341	/* Load encrypted firmware */
359	int key_index = tea_find_key(&mi4header, fd);	342	int key_index = tea_find_key(&mi4header, buf);
360		343
361	if (key_index < 0)	344	if (key_index < 0)
362	{
363	close(fd);
364	return EINVALID_FORMAT;	345	return EINVALID_FORMAT;
365	}
366		346
367	/* Plaintext part is already loaded */	347	/* Plaintext part is already loaded */
368	buf += mi4header.plaintext;	348	buf += mi4header.plaintext;
@@ -376,13 +356,9 @@ int load_mi4(unsigned char* buf, char* firmware, unsigned int buffer_size)
376		356
377	/* Check decryption was successfull */	357	/* Check decryption was successfull */
378	if(le2int(&buf[mi4header.length-mi4header.plaintext-4]) != 0xaa55aa55)	358	if(le2int(&buf[mi4header.length-mi4header.plaintext-4]) != 0xaa55aa55)
379	{
380	close(fd);
381	return EREAD_IMAGE_FAILED;	359	return EREAD_IMAGE_FAILED;
382	}
383	}	360	}
384		361
385	close(fd);
386	return EOK;	362	return EOK;
387	}	363	}
388		364