2 files changed, 273 insertions, 36 deletions
diff --git a/firmware/target/arm/pp/mi4-loader.c b/firmware/target/arm/pp/mi4-loader.c
new file mode 100644
index 0000000000..c465b898b4
--- /dev/null
+++ b/firmware/target/arm/pp/mi4-loader.c
@@ -0,0 +1,237 @@
+/***************************************************************************
+ *             __________               __   ___.
+ *   Open      \______   \ ____   ____ |  | _\_ |__   _______  ___
+ *   Source     |       _//  _ \_/ ___\|  |/ /| __ \ /  _ \  \/  /
+ *   Jukebox    |    |   (  <_> )  \___|    < | \_\ (  <_> > <  <
+ *   Firmware   |____|_  /\____/ \___  >__|_ \|___  /\____/__/\_ \
+ *                     \/            \/     \/    \/            \/
+ *
+ * Copyright (C) 2006 by Barry Wardell
+ *
+ * Based on Rockbox iriver bootloader by Linus Nielsen Feltzing
+ * and the ipodlinux bootloader by Daniel Palffy and Bernard Leach
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ****************************************************************************/
+#include <stdbool.h>
+#include <stdio.h>
+#include "config.h"
+#include "mi4-loader.h"
+#include "loader_strerror.h"
+#include "crc32-mi4.h"
+#include "file.h"
+static inline unsigned int le2int(unsigned char* buf)
+{
+   int32_t res = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0];
+   return res;
+}
+static inline void int2le(unsigned int val, unsigned char* addr)
+{
+    addr[0] = val & 0xFF;
+    addr[1] = (val >> 8) & 0xff;
+    addr[2] = (val >> 16) & 0xff;
+    addr[3] = (val >> 24) & 0xff;
+}
+static struct tea_key tea_keytable[] = {
+  { "default" ,          { 0x20d36cc0, 0x10e8c07d, 0xc0e7dcaa, 0x107eb080 } },
+  { "sansa",             { 0xe494e96e, 0x3ee32966, 0x6f48512b, 0xa93fbb42 } },
+  { "sansa_gh",          { 0xd7b10538, 0xc662945b, 0x1b3fce68, 0xf389c0e6 } },
+  { "sansa_103",         { 0x1d29ddc0, 0x2579c2cd, 0xce339e1a, 0x75465dfe } },
+  { "rhapsody",          { 0x7aa9c8dc, 0xbed0a82a, 0x16204cc7, 0x5904ef38 } },
+  { "p610",              { 0x950e83dc, 0xec4907f9, 0x023734b9, 0x10cfb7c7 } },
+  { "p640",              { 0x220c5f23, 0xd04df68e, 0x431b5e25, 0x4dcc1fa1 } },
+  { "virgin",            { 0xe83c29a1, 0x04862973, 0xa9b3f0d4, 0x38be2a9c } },
+  { "20gc_eng",          { 0x0240772c, 0x6f3329b5, 0x3ec9a6c5, 0xb0c9e493 } },
+  { "20gc_fre",          { 0xbede8817, 0xb23bfe4f, 0x80aa682d, 0xd13f598c } },
+  { "elio_p722",         { 0x6af3b9f8, 0x777483f5, 0xae8181cc, 0xfa6d8a84 } },
+  { "c200",              { 0xbf2d06fa, 0xf0e23d59, 0x29738132, 0xe2d04ca7 } },
+  { "c200_103",          { 0x2a7968de, 0x15127979, 0x142e60a7, 0xe49c1893 } },
+  { "c200_106",          { 0xa913d139, 0xf842f398, 0x3e03f1a6, 0x060ee012 } },
+  { "view",              { 0x70e19bda, 0x0c69ea7d, 0x2b8b1ad1, 0xe9767ced } },
+  { "sa9200",            { 0x33ea0236, 0x9247bdc5, 0xdfaedf9f, 0xd67c9d30 } },
+  { "hdd1630/hdd63x0",   { 0x04543ced, 0xcebfdbad, 0xf7477872, 0x0d12342e } },
+  { "vibe500",           { 0xe3a66156, 0x77c6b67a, 0xe821dca5, 0xca8ca37c } },
+};
+/*
+tea_decrypt() from http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm
+"Following is an adaptation of the reference encryption and decryption
+routines in C, released into the public domain by David Wheeler and
+Roger Needham:"
+*/
+/* NOTE: The mi4 version of TEA uses a different initial value to sum compared
+         to the reference implementation and the main loop is 8 iterations, not
+         32.
+*/
+static void tea_decrypt(uint32_t* v0, uint32_t* v1, uint32_t* k) {
+    uint32_t sum=0xF1BBCDC8, i;                    /* set up */
+    uint32_t delta=0x9E3779B9;                     /* a key schedule constant */
+    uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3];   /* cache key */
+    for(i=0; i<8; i++) {                               /* basic cycle start */
+        *v1 -= ((*v0<<4) + k2) ^ (*v0 + sum) ^ ((*v0>>5) + k3);
+        *v0 -= ((*v1<<4) + k0) ^ (*v1 + sum) ^ ((*v1>>5) + k1);
+        sum -= delta;                                   /* end cycle */
+    }
+}
+/* mi4 files are encrypted in 64-bit blocks (two little-endian 32-bit
+   integers) and the key is incremented after each block
+ */
+static void tea_decrypt_buf(unsigned char* src,
+                            unsigned char* dest,
+                            size_t n, uint32_t * key)
+{
+    uint32_t v0, v1;
+    unsigned int i;
+    for (i = 0; i < (n / 8); i++) {
+        v0 = le2int(src);
+        v1 = le2int(src+4);
+        tea_decrypt(&v0, &v1, key);
+        int2le(v0, dest);
+        int2le(v1, dest+4);
+        src += 8;
+        dest += 8;
+        /* Now increment the key */
+        key[0]++;
+        if (key[0]==0) {
+            key[1]++;
+            if (key[1]==0) {
+                key[2]++;
+                if (key[2]==0) {
+                    key[3]++;
+                }
+            }
+        }
+    }
+}
+static int tea_find_key(struct mi4header_t *mi4header, unsigned char* buf)
+{
+    unsigned int i;
+    uint32_t key[4];
+    uint32_t keyinc;
+    unsigned char magic_dec[8];
+    int key_found = -1;
+    unsigned int magic_location = mi4header->length-4;
+    int unaligned = 0;
+    if ( (magic_location % 8) != 0 )
+    {
+        unaligned = 1;
+        magic_location -= 4;
+    }
+    for (i=0; i < NUM_KEYS && (key_found<0) ; i++) {
+        key[0] = tea_keytable[i].key[0];
+        key[1] = tea_keytable[i].key[1];
+        key[2] = tea_keytable[i].key[2];
+        key[3] = tea_keytable[i].key[3];
+        /* Now increment the key */
+        keyinc = (magic_location-mi4header->plaintext)/8;
+        if ((key[0]+keyinc) < key[0]) key[1]++;
+        key[0] += keyinc;
+        if (key[1]==0) key[2]++;
+        if (key[2]==0) key[3]++;
+        /* Decrypt putative magic */
+        tea_decrypt_buf(&buf[magic_location], magic_dec, 8, key);
+        if (le2int(&magic_dec[4*unaligned]) == 0xaa55aa55)
+        {
+            key_found = i;
+        }
+    }
+    return key_found;
+}
+/* Load mi4 format firmware image */
+int load_mi4(unsigned char* buf,
+             const char* firmware,
+             unsigned int buffer_size)
+{
+    int fd;
+    struct mi4header_t mi4header;
+    int rc;
+    unsigned long sum;
+    char filename[MAX_PATH];
+    snprintf(filename,sizeof(filename), BOOTDIR "/%s",firmware);
+    fd = open(filename, O_RDONLY);
+    if(fd < 0)
+    {
+        snprintf(filename,sizeof(filename),"/%s",firmware);
+        fd = open(filename, O_RDONLY);
+        if(fd < 0)
+            return EFILE_NOT_FOUND;
+    }
+    read(fd, &mi4header, MI4_HEADER_SIZE);
+    /* MI4 file size */
+    if ((mi4header.mi4size-MI4_HEADER_SIZE) > buffer_size)
+    {
+        close(fd);
+        return EFILE_TOO_BIG;
+    }
+    /* Load firmware file */
+    lseek(fd, MI4_HEADER_SIZE, SEEK_SET);
+    rc = read(fd, buf, mi4header.mi4size-MI4_HEADER_SIZE);
+    close(fd);
+    if(rc < (int)mi4header.mi4size-MI4_HEADER_SIZE)
+        return EREAD_IMAGE_FAILED;
+    /* Check CRC32 to see if we have a valid file */
+    sum = chksum_crc32 (buf, mi4header.mi4size - MI4_HEADER_SIZE);
+    if(sum != mi4header.crc32)
+        return EBAD_CHKSUM;
+    if( (mi4header.plaintext + MI4_HEADER_SIZE) != mi4header.mi4size)
+    {
+        /* Load encrypted firmware */
+        int key_index = tea_find_key(&mi4header, buf);
+        if (key_index < 0)
+            return EINVALID_FORMAT;
+        /* Plaintext part is already loaded */
+        buf += mi4header.plaintext;
+        /* Decrypt in-place */
+        tea_decrypt_buf(buf, buf,
+                        mi4header.mi4size-(mi4header.plaintext+MI4_HEADER_SIZE),
+                        tea_keytable[key_index].key);
+        /* Check decryption was successfull */
+        if(le2int(&buf[mi4header.length-mi4header.plaintext-4]) != 0xaa55aa55)
+            return EREAD_IMAGE_FAILED;
+    }
+    return mi4header.mi4size - MI4_HEADER_SIZE;
+}
diff --git a/firmware/target/arm/rk27xx/rkw-loader.c b/firmware/target/arm/rk27xx/rkw-loader.c
index ed7e253f14..9b50e1b187 100644
--- a/firmware/target/arm/rk27xx/rkw-loader.c
+++ b/firmware/target/arm/rk27xx/rkw-loader.c
@@ -18,42 +18,22 @@
 *
 ****************************************************************************/
+#include <stdio.h>
 #include "config.h"
+#include "loader_strerror.h"
 #include "rkw-loader.h"
 #include "crc32-rkw.h"
 #include "file.h"
 #include "panic.h"
-/* error strings sorted by number */
-/* error 0 is empty */
-static const char *err_str[] = {
-    "Loading OK",
-    "Can't open RKW file",
-    "Can't read RKW header",
-    "Invalid RKW magic number",
-    "RKW header CRC error",
-    "RKW file too big",
-    "RKW Load address mismatch",
-    "Bad model number",
-    "Error Reading File",
-    "RKW firmware CRC error"
-};
-const char *rkw_strerror(int8_t errno)
-{
-    if ((uint8_t)-errno >= sizeof(err_str)/sizeof(err_str[0]) || errno > 0)
-        return "Unknown error";
-    return err_str[-errno];
-}
 /* loosely based on load_firmware()
- * on success we return size loaded image
+ * on success we return size of loaded image
 * on error we return negative value which can be deciphered by means
 * of rkw_strerror() function
 */
-int load_rkw(unsigned char* buf, const char* filename, int buffer_size)
+int load_rkw(unsigned char* buf, const char* firmware, int buffer_size)
 {
+    char filename[MAX_PATH];
    int fd;
    int rc;
    int len;
@@ -61,22 +41,42 @@ int load_rkw(unsigned char* buf, const char* filename, int buffer_size)
    uint32_t crc, fw_crc;
    struct rkw_header_t rkw_info;
-    fd = open(filename, O_RDONLY);
+    /* only filename passed */
+    if (firmware[0] != '/')
+    {
+        /* First check in BOOTDIR */
+        snprintf(filename, sizeof(filename), BOOTDIR "/%s",firmware);
-    if(fd < 0)
+        fd = open(filename, O_RDONLY);
-        return -1;
+        if(fd < 0)
+        {
+            /* Check in root dir */
+            snprintf(filename, sizeof(filename),"/%s",firmware);
+            fd = open(filename, O_RDONLY);
+            if (fd < 0)
+                return EFILE_NOT_FOUND;
+        }
+    }
+    else
+    {
+        /* full path passed */
+        fd = open(firmware, O_RDONLY);
+        if (fd < 0)
+            return EFILE_NOT_FOUND;
+    }
    rc = read(fd, &rkw_info, sizeof(rkw_info));
    if (rc < (int)sizeof(rkw_info))
    {
-        ret = -2;
+        ret = EREAD_HEADER_FAILED;
        goto end;
    }
    /* check if RKW is valid */
    if (rkw_info.magic_number != RKLD_MAGIC)
    {
-        ret = -3;
+        ret = EINVALID_FORMAT;
        goto end;
    }
@@ -86,7 +86,7 @@ int load_rkw(unsigned char* buf, const char* filename, int buffer_size)
        crc = crc32_rkw((uint8_t *)&rkw_info, sizeof(rkw_info)-sizeof(uint32_t));
        if (rkw_info.crc != crc)
        {
-            ret = -4;
+            ret = EBAD_HEADER_CHKSUM;
            goto end;
        }
    }
@@ -95,14 +95,14 @@ int load_rkw(unsigned char* buf, const char* filename, int buffer_size)
    len = rkw_info.load_limit - rkw_info.load_address;
    if (len > buffer_size)
    {
-        ret = -5;
+        ret = EFILE_TOO_BIG;
        goto end;
    }
    /* check load address - we support loading only at 0x60000000 */
    if (rkw_info.load_address != 0x60000000)
    {
-        ret = -6;
+        ret = EINVALID_LOAD_ADDR;
        goto end;
    }
@@ -112,7 +112,7 @@ int load_rkw(unsigned char* buf, const char* filename, int buffer_size)
     */
    if (rkw_info.reserved0 != 0 && rkw_info.reserved0 != MODEL_NUMBER)
    {
-        ret = -7;
+        ret = EBAD_MODEL;
        goto end;
    }
@@ -124,7 +124,7 @@ int load_rkw(unsigned char* buf, const char* filename, int buffer_size)
    if(rc < len)
    {
-        ret = -8;
+        ret = EREAD_IMAGE_FAILED;
        goto end;
    }
@@ -136,7 +136,7 @@ int load_rkw(unsigned char* buf, const char* filename, int buffer_size)
        if (fw_crc != crc)
        {
-            ret = -9;
+            ret = EBAD_CHKSUM;
            goto end;
        }
    }

diff --git a/firmware/target/arm/pp/mi4-loader.c b/firmware/target/arm/pp/mi4-loader.c new file mode 100644 index 0000000000..c465b898b4 --- /dev/null +++ b/firmware/target/arm/pp/mi4-loader.c
@@ -0,0 +1,237 @@
		1	/***************************************************************************
		2	* __________ __ ___.
		3	* Open \______ \ ____ ____ \| \| _\_ \|__ _______ ___
		4	* Source \| _// _ \_/ ___\\| \|/ /\| __ \ / _ \ \/ /
		5	* Jukebox \| \| ( <_> ) \___\| < \| \_\ ( <_> > < <
		6	* Firmware \|____\|_ /\____/ \___ >__\|_ \\|___ /\____/__/\_ \
		7	* \/ \/ \/ \/ \/
		8	*
		9	* Copyright (C) 2006 by Barry Wardell
		10	*
		11	* Based on Rockbox iriver bootloader by Linus Nielsen Feltzing
		12	* and the ipodlinux bootloader by Daniel Palffy and Bernard Leach
		13	*
		14	* This program is free software; you can redistribute it and/or
		15	* modify it under the terms of the GNU General Public License
		16	* as published by the Free Software Foundation; either version 2
		17	* of the License, or (at your option) any later version.
		18	*
		19	* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
		20	* KIND, either express or implied.
		21	*
		22	****************************************************************************/
		23
		24	#include <stdbool.h>
		25	#include <stdio.h>
		26	#include "config.h"
		27	#include "mi4-loader.h"
		28	#include "loader_strerror.h"
		29	#include "crc32-mi4.h"
		30	#include "file.h"
		31
		32	static inline unsigned int le2int(unsigned char* buf)
		33	{
		34	int32_t res = (buf[3] << 24) \| (buf[2] << 16) \| (buf[1] << 8) \| buf[0];
		35
		36	return res;
		37	}
		38
		39	static inline void int2le(unsigned int val, unsigned char* addr)
		40	{
		41	addr[0] = val & 0xFF;
		42	addr[1] = (val >> 8) & 0xff;
		43	addr[2] = (val >> 16) & 0xff;
		44	addr[3] = (val >> 24) & 0xff;
		45	}
		46
		47	static struct tea_key tea_keytable[] = {
		48	{ "default" , { 0x20d36cc0, 0x10e8c07d, 0xc0e7dcaa, 0x107eb080 } },
		49	{ "sansa", { 0xe494e96e, 0x3ee32966, 0x6f48512b, 0xa93fbb42 } },
		50	{ "sansa_gh", { 0xd7b10538, 0xc662945b, 0x1b3fce68, 0xf389c0e6 } },
		51	{ "sansa_103", { 0x1d29ddc0, 0x2579c2cd, 0xce339e1a, 0x75465dfe } },
		52	{ "rhapsody", { 0x7aa9c8dc, 0xbed0a82a, 0x16204cc7, 0x5904ef38 } },
		53	{ "p610", { 0x950e83dc, 0xec4907f9, 0x023734b9, 0x10cfb7c7 } },
		54	{ "p640", { 0x220c5f23, 0xd04df68e, 0x431b5e25, 0x4dcc1fa1 } },
		55	{ "virgin", { 0xe83c29a1, 0x04862973, 0xa9b3f0d4, 0x38be2a9c } },
		56	{ "20gc_eng", { 0x0240772c, 0x6f3329b5, 0x3ec9a6c5, 0xb0c9e493 } },
		57	{ "20gc_fre", { 0xbede8817, 0xb23bfe4f, 0x80aa682d, 0xd13f598c } },
		58	{ "elio_p722", { 0x6af3b9f8, 0x777483f5, 0xae8181cc, 0xfa6d8a84 } },
		59	{ "c200", { 0xbf2d06fa, 0xf0e23d59, 0x29738132, 0xe2d04ca7 } },
		60	{ "c200_103", { 0x2a7968de, 0x15127979, 0x142e60a7, 0xe49c1893 } },
		61	{ "c200_106", { 0xa913d139, 0xf842f398, 0x3e03f1a6, 0x060ee012 } },
		62	{ "view", { 0x70e19bda, 0x0c69ea7d, 0x2b8b1ad1, 0xe9767ced } },
		63	{ "sa9200", { 0x33ea0236, 0x9247bdc5, 0xdfaedf9f, 0xd67c9d30 } },
		64	{ "hdd1630/hdd63x0", { 0x04543ced, 0xcebfdbad, 0xf7477872, 0x0d12342e } },
		65	{ "vibe500", { 0xe3a66156, 0x77c6b67a, 0xe821dca5, 0xca8ca37c } },
		66	};
		67
		68	/*
		69
		70	tea_decrypt() from http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm
		71
		72	"Following is an adaptation of the reference encryption and decryption
		73	routines in C, released into the public domain by David Wheeler and
		74	Roger Needham:"
		75
		76	*/
		77
		78	/* NOTE: The mi4 version of TEA uses a different initial value to sum compared
		79	to the reference implementation and the main loop is 8 iterations, not
		80	32.
		81	*/
		82
		83	static void tea_decrypt(uint32_t* v0, uint32_t* v1, uint32_t* k) {
		84	uint32_t sum=0xF1BBCDC8, i; /* set up */
		85	uint32_t delta=0x9E3779B9; /* a key schedule constant */
		86	uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */
		87	for(i=0; i<8; i++) { /* basic cycle start */
		88	v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
		89	v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
		90	sum -= delta; /* end cycle */
		91	}
		92	}
		93
		94	/* mi4 files are encrypted in 64-bit blocks (two little-endian 32-bit
		95	integers) and the key is incremented after each block
		96	*/
		97
		98	static void tea_decrypt_buf(unsigned char* src,
		99	unsigned char* dest,
		100	size_t n, uint32_t * key)
		101	{
		102	uint32_t v0, v1;
		103	unsigned int i;
		104
		105	for (i = 0; i < (n / 8); i++) {
		106	v0 = le2int(src);
		107	v1 = le2int(src+4);
		108
		109	tea_decrypt(&v0, &v1, key);
		110
		111	int2le(v0, dest);
		112	int2le(v1, dest+4);
		113
		114	src += 8;
		115	dest += 8;
		116
		117	/* Now increment the key */
		118	key[0]++;
		119	if (key[0]==0) {
		120	key[1]++;
		121	if (key[1]==0) {
		122	key[2]++;
		123	if (key[2]==0) {
		124	key[3]++;
		125	}
		126	}
		127	}
		128	}
		129	}
		130
		131	static int tea_find_key(struct mi4header_t mi4header, unsigned char buf)
		132	{
		133	unsigned int i;
		134	uint32_t key[4];
		135	uint32_t keyinc;
		136	unsigned char magic_dec[8];
		137	int key_found = -1;
		138	unsigned int magic_location = mi4header->length-4;
		139	int unaligned = 0;
		140
		141	if ( (magic_location % 8) != 0 )
		142	{
		143	unaligned = 1;
		144	magic_location -= 4;
		145	}
		146
		147	for (i=0; i < NUM_KEYS && (key_found<0) ; i++) {
		148	key[0] = tea_keytable[i].key[0];
		149	key[1] = tea_keytable[i].key[1];
		150	key[2] = tea_keytable[i].key[2];
		151	key[3] = tea_keytable[i].key[3];
		152
		153	/* Now increment the key */
		154	keyinc = (magic_location-mi4header->plaintext)/8;
		155	if ((key[0]+keyinc) < key[0]) key[1]++;
		156	key[0] += keyinc;
		157	if (key[1]==0) key[2]++;
		158	if (key[2]==0) key[3]++;
		159
		160	/* Decrypt putative magic */
		161	tea_decrypt_buf(&buf[magic_location], magic_dec, 8, key);
		162
		163	if (le2int(&magic_dec[4*unaligned]) == 0xaa55aa55)
		164	{
		165	key_found = i;
		166	}
		167	}
		168
		169	return key_found;
		170	}
		171
		172	/* Load mi4 format firmware image */
		173	int load_mi4(unsigned char* buf,
		174	const char* firmware,
		175	unsigned int buffer_size)
		176	{
		177	int fd;
		178	struct mi4header_t mi4header;
		179	int rc;
		180	unsigned long sum;
		181	char filename[MAX_PATH];
		182
		183	snprintf(filename,sizeof(filename), BOOTDIR "/%s",firmware);
		184	fd = open(filename, O_RDONLY);
		185	if(fd < 0)
		186	{
		187	snprintf(filename,sizeof(filename),"/%s",firmware);
		188	fd = open(filename, O_RDONLY);
		189	if(fd < 0)
		190	return EFILE_NOT_FOUND;
		191	}
		192
		193	read(fd, &mi4header, MI4_HEADER_SIZE);
		194
		195	/* MI4 file size */
		196	if ((mi4header.mi4size-MI4_HEADER_SIZE) > buffer_size)
		197	{
		198	close(fd);
		199	return EFILE_TOO_BIG;
		200	}
		201
		202	/* Load firmware file */
		203	lseek(fd, MI4_HEADER_SIZE, SEEK_SET);
		204	rc = read(fd, buf, mi4header.mi4size-MI4_HEADER_SIZE);
		205	close(fd);
		206	if(rc < (int)mi4header.mi4size-MI4_HEADER_SIZE)
		207	return EREAD_IMAGE_FAILED;
		208
		209	/* Check CRC32 to see if we have a valid file */
		210	sum = chksum_crc32 (buf, mi4header.mi4size - MI4_HEADER_SIZE);
		211
		212	if(sum != mi4header.crc32)
		213	return EBAD_CHKSUM;
		214
		215	if( (mi4header.plaintext + MI4_HEADER_SIZE) != mi4header.mi4size)
		216	{
		217	/* Load encrypted firmware */
		218	int key_index = tea_find_key(&mi4header, buf);
		219
		220	if (key_index < 0)
		221	return EINVALID_FORMAT;
		222
		223	/* Plaintext part is already loaded */
		224	buf += mi4header.plaintext;
		225
		226	/* Decrypt in-place */
		227	tea_decrypt_buf(buf, buf,
		228	mi4header.mi4size-(mi4header.plaintext+MI4_HEADER_SIZE),
		229	tea_keytable[key_index].key);
		230
		231	/* Check decryption was successfull */
		232	if(le2int(&buf[mi4header.length-mi4header.plaintext-4]) != 0xaa55aa55)
		233	return EREAD_IMAGE_FAILED;
		234	}
		235
		236	return mi4header.mi4size - MI4_HEADER_SIZE;
		237	}


diff --git a/firmware/target/arm/rk27xx/rkw-loader.c b/firmware/target/arm/rk27xx/rkw-loader.c index ed7e253f14..9b50e1b187 100644 --- a/firmware/target/arm/rk27xx/rkw-loader.c +++ b/firmware/target/arm/rk27xx/rkw-loader.c
@@ -18,42 +18,22 @@
18	*	18	*
19	****************************************************************************/	19	****************************************************************************/
20		20
		21	#include <stdio.h>
21	#include "config.h"	22	#include "config.h"
		23	#include "loader_strerror.h"
22	#include "rkw-loader.h"	24	#include "rkw-loader.h"
23	#include "crc32-rkw.h"	25	#include "crc32-rkw.h"
24	#include "file.h"	26	#include "file.h"
25	#include "panic.h"	27	#include "panic.h"
26		28
27	/* error strings sorted by number */
28	/* error 0 is empty */
29	static const char *err_str[] = {
30	"Loading OK",
31	"Can't open RKW file",
32	"Can't read RKW header",
33	"Invalid RKW magic number",
34	"RKW header CRC error",
35	"RKW file too big",
36	"RKW Load address mismatch",
37	"Bad model number",
38	"Error Reading File",
39	"RKW firmware CRC error"
40	};
41
42	const char *rkw_strerror(int8_t errno)
43	{
44	if ((uint8_t)-errno >= sizeof(err_str)/sizeof(err_str[0]) \|\| errno > 0)
45	return "Unknown error";
46
47	return err_str[-errno];
48	}
49
50	/* loosely based on load_firmware()	29	/* loosely based on load_firmware()
51	* on success we return size loaded image	30	* on success we return size of loaded image
52	* on error we return negative value which can be deciphered by means	31	* on error we return negative value which can be deciphered by means
53	* of rkw_strerror() function	32	* of rkw_strerror() function
54	*/	33	*/
55	int load_rkw(unsigned char* buf, const char* filename, int buffer_size)	34	int load_rkw(unsigned char* buf, const char* firmware, int buffer_size)
56	{	35	{
		36	char filename[MAX_PATH];
57	int fd;	37	int fd;
58	int rc;	38	int rc;
59	int len;	39	int len;
@@ -61,22 +41,42 @@ int load_rkw(unsigned char* buf, const char* filename, int buffer_size)
61	uint32_t crc, fw_crc;	41	uint32_t crc, fw_crc;
62	struct rkw_header_t rkw_info;	42	struct rkw_header_t rkw_info;
63		43
64	fd = open(filename, O_RDONLY);	44	/* only filename passed */
		45	if (firmware[0] != '/')
		46	{
		47	/* First check in BOOTDIR */
		48	snprintf(filename, sizeof(filename), BOOTDIR "/%s",firmware);
65		49
66	if(fd < 0)	50	fd = open(filename, O_RDONLY);
67	return -1;	51	if(fd < 0)
		52	{
		53	/* Check in root dir */
		54	snprintf(filename, sizeof(filename),"/%s",firmware);
		55	fd = open(filename, O_RDONLY);
		56
		57	if (fd < 0)
		58	return EFILE_NOT_FOUND;
		59	}
		60	}
		61	else
		62	{
		63	/* full path passed */
		64	fd = open(firmware, O_RDONLY);
		65	if (fd < 0)
		66	return EFILE_NOT_FOUND;
		67	}
68		68
69	rc = read(fd, &rkw_info, sizeof(rkw_info));	69	rc = read(fd, &rkw_info, sizeof(rkw_info));
70	if (rc < (int)sizeof(rkw_info))	70	if (rc < (int)sizeof(rkw_info))
71	{	71	{
72	ret = -2;	72	ret = EREAD_HEADER_FAILED;
73	goto end;	73	goto end;
74	}	74	}
75		75
76	/* check if RKW is valid */	76	/* check if RKW is valid */
77	if (rkw_info.magic_number != RKLD_MAGIC)	77	if (rkw_info.magic_number != RKLD_MAGIC)
78	{	78	{
79	ret = -3;	79	ret = EINVALID_FORMAT;
80	goto end;	80	goto end;
81	}	81	}
82		82
@@ -86,7 +86,7 @@ int load_rkw(unsigned char* buf, const char* filename, int buffer_size)
86	crc = crc32_rkw((uint8_t *)&rkw_info, sizeof(rkw_info)-sizeof(uint32_t));	86	crc = crc32_rkw((uint8_t *)&rkw_info, sizeof(rkw_info)-sizeof(uint32_t));
87	if (rkw_info.crc != crc)	87	if (rkw_info.crc != crc)
88	{	88	{
89	ret = -4;	89	ret = EBAD_HEADER_CHKSUM;
90	goto end;	90	goto end;
91	}	91	}
92	}	92	}
@@ -95,14 +95,14 @@ int load_rkw(unsigned char* buf, const char* filename, int buffer_size)
95	len = rkw_info.load_limit - rkw_info.load_address;	95	len = rkw_info.load_limit - rkw_info.load_address;
96	if (len > buffer_size)	96	if (len > buffer_size)
97	{	97	{
98	ret = -5;	98	ret = EFILE_TOO_BIG;
99	goto end;	99	goto end;
100	}	100	}
101		101
102	/* check load address - we support loading only at 0x60000000 */	102	/* check load address - we support loading only at 0x60000000 */
103	if (rkw_info.load_address != 0x60000000)	103	if (rkw_info.load_address != 0x60000000)
104	{	104	{
105	ret = -6;	105	ret = EINVALID_LOAD_ADDR;
106	goto end;	106	goto end;
107	}	107	}
108		108
@@ -112,7 +112,7 @@ int load_rkw(unsigned char* buf, const char* filename, int buffer_size)
112	*/	112	*/
113	if (rkw_info.reserved0 != 0 && rkw_info.reserved0 != MODEL_NUMBER)	113	if (rkw_info.reserved0 != 0 && rkw_info.reserved0 != MODEL_NUMBER)
114	{	114	{
115	ret = -7;	115	ret = EBAD_MODEL;
116	goto end;	116	goto end;
117	}	117	}
118		118
@@ -124,7 +124,7 @@ int load_rkw(unsigned char* buf, const char* filename, int buffer_size)
124		124
125	if(rc < len)	125	if(rc < len)
126	{	126	{
127	ret = -8;	127	ret = EREAD_IMAGE_FAILED;
128	goto end;	128	goto end;
129	}	129	}
130		130
@@ -136,7 +136,7 @@ int load_rkw(unsigned char* buf, const char* filename, int buffer_size)
136		136
137	if (fw_crc != crc)	137	if (fw_crc != crc)
138	{	138	{
139	ret = -9;	139	ret = EBAD_CHKSUM;
140	goto end;	140	goto end;
141	}	141	}
142	}	142	}