1 files changed, 3 insertions, 482 deletions
diff --git a/utils/sbtools/elftosb.c b/utils/sbtools/elftosb.c
index 5e65ba3261..3e217a8979 100644
--- a/utils/sbtools/elftosb.c
+++ b/utils/sbtools/elftosb.c
@@ -35,6 +35,7 @@
 #include "sb.h"
 #include "dbparser.h"
 #include "misc.h"
+#include "sb.h"
 char **g_extern;
 int g_extern_count;
@@ -51,47 +52,6 @@ int g_extern_count;
 * command file to sb conversion
 */
-#define SB_INST_DATA    0xff
-struct sb_inst_t
-{
-    uint8_t inst; /* SB_INST_* */
-    uint32_t size;
-    // <union>
-    void *data;
-    uint32_t pattern;
-    uint32_t addr;
-    // </union>
-    uint32_t argument; // for call and jump
-    /* for production use */
-    uint32_t padding_size;
-    uint8_t *padding;
-};
-struct sb_section_t
-{
-    uint32_t identifier;
-    bool is_data;
-    bool is_cleartext;
-    uint32_t alignment;
-    // data sections are handled as a single SB_INST_DATA virtual instruction 
-    int nr_insts;
-    struct sb_inst_t *insts;
-    /* for production use */
-    uint32_t file_offset; /* in blocks */
-    uint32_t sec_size; /* in blocks */
-};
-struct sb_file_t
-{
-    int nr_sections;
-    struct sb_section_t *sections;
-    struct sb_version_t product_ver;
-    struct sb_version_t component_ver;
-    /* for production use */
-    uint32_t image_size; /* in blocks */
-};
 static bool elf_read(void *user, uint32_t addr, void *buf, size_t count)
 {
    if(fseek((FILE *)user, addr, SEEK_SET) == -1)
@@ -355,443 +315,6 @@ static struct sb_file_t *apply_cmd_file(struct cmd_file_t *cmd_file)
    return sb;
 }
-/**
- * SB file production
- */
-/* helper function to augment an array, free old array */
-void *augment_array(void *arr, size_t elem_sz, size_t cnt, void *aug, size_t aug_cnt)
-{
-    void *p = xmalloc(elem_sz * (cnt + aug_cnt));
-    memcpy(p, arr, elem_sz * cnt);
-    memcpy(p + elem_sz * cnt, aug, elem_sz * aug_cnt);
-    free(arr);
-    return p;
-}
-static void fill_gaps(struct sb_file_t *sb)
-{
-    for(int i = 0; i < sb->nr_sections; i++)
-    {
-        struct sb_section_t *sec = &sb->sections[i];
-        for(int j = 0; j < sec->nr_insts; j++)
-        {
-            struct sb_inst_t *inst = &sec->insts[j];
-            if(inst->inst != SB_INST_LOAD)
-                continue;
-            inst->padding_size = ROUND_UP(inst->size, BLOCK_SIZE) - inst->size;
-            /* emulate elftosb2 behaviour: generate 15 bytes (that's a safe maximum) */
-            inst->padding = xmalloc(15);
-            generate_random_data(inst->padding, 15);
-        }
-    }
-}
-static void compute_sb_offsets(struct sb_file_t *sb)
-{
-    sb->image_size = 0;
-    /* sb header */
-    sb->image_size += sizeof(struct sb_header_t) / BLOCK_SIZE;
-    /* sections headers */
-    sb->image_size += sb->nr_sections * sizeof(struct sb_section_header_t) / BLOCK_SIZE;
-    /* key dictionary */
-    sb->image_size += g_nr_keys * sizeof(struct sb_key_dictionary_entry_t) / BLOCK_SIZE;
-    /* sections */
-    for(int i = 0; i < sb->nr_sections; i++)
-    {
-        /* each section has a preliminary TAG command */
-        sb->image_size += sizeof(struct sb_instruction_tag_t) / BLOCK_SIZE;
-        /* we might need to pad the section so compute next alignment */
-        uint32_t alignment = BLOCK_SIZE;
-        if((i + 1) < sb->nr_sections)
-            alignment = sb->sections[i + 1].alignment;
-        alignment /= BLOCK_SIZE; /* alignment in block sizes */
-        
-        struct sb_section_t *sec = &sb->sections[i];
-        if(g_debug)
-        {
-            printf("%s section 0x%08x", sec->is_data ? "Data" : "Boot",
-                sec->identifier);
-            if(sec->is_cleartext)
-                printf(" (cleartext)");
-            printf("\n");
-        }
-        
-        sec->file_offset = sb->image_size;
-        for(int j = 0; j < sec->nr_insts; j++)
-        {
-            struct sb_inst_t *inst = &sec->insts[j];
-            if(inst->inst == SB_INST_CALL || inst->inst == SB_INST_JUMP)
-            {
-                if(g_debug)
-                    printf("  %s | addr=0x%08x | arg=0x%08x\n",
-                        inst->inst == SB_INST_CALL ? "CALL" : "JUMP", inst->addr, inst->argument);
-                sb->image_size += sizeof(struct sb_instruction_call_t) / BLOCK_SIZE;
-                sec->sec_size += sizeof(struct sb_instruction_call_t) / BLOCK_SIZE;
-            }
-            else if(inst->inst == SB_INST_FILL)
-            {
-                if(g_debug)
-                    printf("  FILL | addr=0x%08x | len=0x%08x | pattern=0x%08x\n",
-                        inst->addr, inst->size, inst->pattern);
-                sb->image_size += sizeof(struct sb_instruction_fill_t) / BLOCK_SIZE;
-                sec->sec_size += sizeof(struct sb_instruction_fill_t) / BLOCK_SIZE;
-            }
-            else if(inst->inst == SB_INST_LOAD)
-            {
-                if(g_debug)
-                    printf("  LOAD | addr=0x%08x | len=0x%08x\n", inst->addr, inst->size);
-                /* load header */
-                sb->image_size += sizeof(struct sb_instruction_load_t) / BLOCK_SIZE;
-                sec->sec_size += sizeof(struct sb_instruction_load_t) / BLOCK_SIZE;
-                /* data + alignment */
-                sb->image_size += (inst->size + inst->padding_size) / BLOCK_SIZE;
-                sec->sec_size += (inst->size + inst->padding_size) / BLOCK_SIZE;
-            }
-            else if(inst->inst == SB_INST_MODE)
-            {
-                if(g_debug)
-                    printf("  MODE | mod=0x%08x", inst->addr);
-                sb->image_size += sizeof(struct sb_instruction_mode_t) / BLOCK_SIZE;
-                sec->sec_size += sizeof(struct sb_instruction_mode_t) / BLOCK_SIZE;
-            }
-            else if(inst->inst == SB_INST_DATA)
-            {
-                if(g_debug)
-                    printf("  DATA | size=0x%08x\n", inst->size);
-                sb->image_size += ROUND_UP(inst->size, BLOCK_SIZE) / BLOCK_SIZE;
-                sec->sec_size += ROUND_UP(inst->size, BLOCK_SIZE) / BLOCK_SIZE;
-            }
-            else
-                bug("die on inst %d\n", inst->inst);
-        }
-        /* we need to make sure next section starts on the right alignment.
-         * Since each section starts with a boot tag, we thus need to ensure
-         * that this sections ends at adress X such that X+BLOCK_SIZE is
-         * a multiple of the alignment.
-         * For data sections, we just add random data, otherwise we add nops */
-        uint32_t missing_sz = alignment - ((sb->image_size + 1) % alignment);
-        if(missing_sz != alignment)
-        {
-            struct sb_inst_t *aug_insts;
-            int nr_aug_insts = 0;
-            if(sb->sections[i].is_data)
-            {
-                nr_aug_insts = 1;
-                aug_insts = malloc(sizeof(struct sb_inst_t));
-                memset(aug_insts, 0, sizeof(struct sb_inst_t));
-                aug_insts[0].inst = SB_INST_DATA;
-                aug_insts[0].size = missing_sz * BLOCK_SIZE;
-                aug_insts[0].data = xmalloc(missing_sz * BLOCK_SIZE);
-                generate_random_data(aug_insts[0].data, missing_sz * BLOCK_SIZE);
-                if(g_debug)
-                    printf("  DATA | size=0x%08x\n", aug_insts[0].size);
-            }
-            else
-            {
-                nr_aug_insts = missing_sz;
-                aug_insts = malloc(sizeof(struct sb_inst_t) * nr_aug_insts);
-                memset(aug_insts, 0, sizeof(struct sb_inst_t) * nr_aug_insts);
-                for(int j = 0; j < nr_aug_insts; j++)
-                {
-                    aug_insts[j].inst = SB_INST_NOP;
-                    if(g_debug)
-                        printf("  NOOP\n");
-                }
-            }
-            sb->sections[i].insts = augment_array(sb->sections[i].insts, sizeof(struct sb_inst_t),
-                sb->sections[i].nr_insts, aug_insts, nr_aug_insts);
-            sb->sections[i].nr_insts += nr_aug_insts;
-            /* augment image and section size */
-            sb->image_size += missing_sz;
-            sec->sec_size += missing_sz;
-        }
-    }
-    /* final signature */
-    sb->image_size += 2;
-}
-static uint64_t generate_timestamp()
-{
-    struct tm tm_base = {0, 0, 0, 1, 0, 100, 0, 0, 1, 0, NULL}; /* 2000/1/1 0:00:00 */
-    time_t t = time(NULL) - mktime(&tm_base);
-    return (uint64_t)t * 1000000L;
-}
-static uint16_t swap16(uint16_t t)
-{
-    return (t << 8) | (t >> 8);
-}
-static void fix_version(struct sb_version_t *ver)
-{
-    ver->major = swap16(ver->major);
-    ver->minor = swap16(ver->minor);
-    ver->revision = swap16(ver->revision);
-}
-static void produce_sb_header(struct sb_file_t *sb, struct sb_header_t *sb_hdr)
-{
-    struct sha_1_params_t sha_1_params;
-    
-    sb_hdr->signature[0] = 'S';
-    sb_hdr->signature[1] = 'T';
-    sb_hdr->signature[2] = 'M';
-    sb_hdr->signature[3] = 'P';
-    sb_hdr->major_ver = IMAGE_MAJOR_VERSION;
-    sb_hdr->minor_ver = IMAGE_MINOR_VERSION;
-    sb_hdr->flags = 0;
-    sb_hdr->image_size = sb->image_size;
-    sb_hdr->header_size = sizeof(struct sb_header_t) / BLOCK_SIZE;
-    sb_hdr->first_boot_sec_id = sb->sections[0].identifier;
-    sb_hdr->nr_keys = g_nr_keys;
-    sb_hdr->nr_sections = sb->nr_sections;
-    sb_hdr->sec_hdr_size = sizeof(struct sb_section_header_t) / BLOCK_SIZE;
-    sb_hdr->key_dict_off = sb_hdr->header_size +
-        sb_hdr->sec_hdr_size * sb_hdr->nr_sections;
-    sb_hdr->first_boot_tag_off = sb_hdr->key_dict_off +
-        sizeof(struct sb_key_dictionary_entry_t) * sb_hdr->nr_keys / BLOCK_SIZE;
-    generate_random_data(sb_hdr->rand_pad0, sizeof(sb_hdr->rand_pad0));
-    generate_random_data(sb_hdr->rand_pad1, sizeof(sb_hdr->rand_pad1));
-    sb_hdr->timestamp = generate_timestamp();
-    sb_hdr->product_ver = sb->product_ver;
-    fix_version(&sb_hdr->product_ver);
-    sb_hdr->component_ver = sb->component_ver;
-    fix_version(&sb_hdr->component_ver);
-    sb_hdr->drive_tag = 0;
-    sha_1_init(&sha_1_params);
-    sha_1_update(&sha_1_params, &sb_hdr->signature[0],
-        sizeof(struct sb_header_t) - sizeof(sb_hdr->sha1_header));
-    sha_1_finish(&sha_1_params);
-    sha_1_output(&sha_1_params, sb_hdr->sha1_header);
-}
-static void produce_sb_section_header(struct sb_section_t *sec,
-    struct sb_section_header_t *sec_hdr)
-{
-    sec_hdr->identifier = sec->identifier;
-    sec_hdr->offset = sec->file_offset;
-    sec_hdr->size = sec->sec_size;
-    sec_hdr->flags = (sec->is_data ? 0 : SECTION_BOOTABLE)
-        | (sec->is_cleartext ? SECTION_CLEARTEXT : 0);
-}
-static uint8_t instruction_checksum(struct sb_instruction_header_t *hdr)
-{
-    uint8_t sum = 90;
-    byte *ptr = (byte *)hdr;
-    for(int i = 1; i < 16; i++)
-        sum += ptr[i];
-    return sum;
-}
-static void produce_section_tag_cmd(struct sb_section_t *sec,
-    struct sb_instruction_tag_t *tag, bool is_last)
-{
-    tag->hdr.opcode = SB_INST_TAG;
-    tag->hdr.flags = is_last ? SB_INST_LAST_TAG : 0;
-    tag->identifier = sec->identifier;
-    tag->len = sec->sec_size;
-    tag->flags = (sec->is_data ? 0 : SECTION_BOOTABLE)
-        | (sec->is_cleartext ? SECTION_CLEARTEXT : 0);
-    tag->hdr.checksum = instruction_checksum(&tag->hdr);
-}
-void produce_sb_instruction(struct sb_inst_t *inst,
-    struct sb_instruction_common_t *cmd)
-{
-    memset(cmd, 0, sizeof(struct sb_instruction_common_t));
-    cmd->hdr.opcode = inst->inst;
-    switch(inst->inst)
-    {
-        case SB_INST_CALL:
-        case SB_INST_JUMP:
-            cmd->addr = inst->addr;
-            cmd->data = inst->argument;
-            break;
-        case SB_INST_FILL:
-            cmd->addr = inst->addr;
-            cmd->len = inst->size;
-            cmd->data = inst->pattern;
-            break;
-        case SB_INST_LOAD:
-            cmd->addr = inst->addr;
-            cmd->len = inst->size;
-            cmd->data = crc_continue(crc(inst->data, inst->size),
-                inst->padding, inst->padding_size);
-            break;
-        case SB_INST_MODE:
-            cmd->data = inst->addr;
-            break;
-        case SB_INST_NOP:
-            break;
-        default:
-            bug("die\n");
-    }
-    cmd->hdr.checksum = instruction_checksum(&cmd->hdr);
-}
-static void produce_sb_file(struct sb_file_t *sb, const char *filename)
-{
-    FILE *fd = fopen(filename, "wb");
-    if(fd == NULL)
-        bugp("cannot open output file");
-    struct crypto_key_t real_key;
-    real_key.method = CRYPTO_KEY;
-    byte crypto_iv[16];
-    byte (*cbc_macs)[16] = xmalloc(16 * g_nr_keys);
-    /* init CBC-MACs */
-    for(int i = 0; i < g_nr_keys; i++)
-        memset(cbc_macs[i], 0, 16);
-    fill_gaps(sb);
-    compute_sb_offsets(sb);
-    generate_random_data(real_key.u.key, 16);
-    /* global SHA-1 */
-    struct sha_1_params_t file_sha1;
-    sha_1_init(&file_sha1);
-    /* produce and write header */
-    struct sb_header_t sb_hdr;
-    produce_sb_header(sb, &sb_hdr);
-    sha_1_update(&file_sha1, (byte *)&sb_hdr, sizeof(sb_hdr));
-    fwrite(&sb_hdr, 1, sizeof(sb_hdr), fd);
-    
-    memcpy(crypto_iv, &sb_hdr, 16);
-    /* update CBC-MACs */
-    for(int i = 0; i < g_nr_keys; i++)
-        crypto_cbc((byte *)&sb_hdr, NULL, sizeof(sb_hdr) / BLOCK_SIZE, &g_key_array[i],
-            cbc_macs[i], &cbc_macs[i], 1);
-    
-    /* produce and write section headers */
-    for(int i = 0; i < sb_hdr.nr_sections; i++)
-    {
-        struct sb_section_header_t sb_sec_hdr;
-        produce_sb_section_header(&sb->sections[i], &sb_sec_hdr);
-        sha_1_update(&file_sha1, (byte *)&sb_sec_hdr, sizeof(sb_sec_hdr));
-        fwrite(&sb_sec_hdr, 1, sizeof(sb_sec_hdr), fd);
-        /* update CBC-MACs */
-        for(int j = 0; j < g_nr_keys; j++)
-            crypto_cbc((byte *)&sb_sec_hdr, NULL, sizeof(sb_sec_hdr) / BLOCK_SIZE,
-                &g_key_array[j], cbc_macs[j], &cbc_macs[j], 1);
-    }
-    /* produce key dictionary */
-    for(int i = 0; i < g_nr_keys; i++)
-    {
-        struct sb_key_dictionary_entry_t entry;
-        memcpy(entry.hdr_cbc_mac, cbc_macs[i], 16);
-        crypto_cbc(real_key.u.key, entry.key, 1, &g_key_array[i],
-            crypto_iv, NULL, 1);
-        
-        fwrite(&entry, 1, sizeof(entry), fd);
-        sha_1_update(&file_sha1, (byte *)&entry, sizeof(entry));
-    }
-    /* HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK */
-    /* Image crafting, don't use it unless you understand what you do */
-    if(strlen(s_getenv("SB_OVERRIDE_REAL_KEY")) != 0)
-    {
-        const char *key = s_getenv("SB_OVERRIDE_REAL_KEY");
-        if(strlen(key) != 32)
-            bugp("Cannot override real key: invalid key length\n");
-        for(int i = 0; i < 16; i++)
-        {
-            byte a, b;
-            if(convxdigit(key[2 * i], &a) || convxdigit(key[2 * i + 1], &b))
-            bugp("Cannot override real key: key should be a 128-bit key written in hexadecimal\n");
-            real_key.u.key[i] = (a << 4) | b;
-        }
-    }
-    if(strlen(s_getenv("SB_OVERRIDE_IV")) != 0)
-    {
-        const char *iv = s_getenv("SB_OVERRIDE_IV");
-        if(strlen(iv) != 32)
-            bugp("Cannot override iv: invalid key length\n");
-        for(int i = 0; i < 16; i++)
-        {
-            byte a, b;
-            if(convxdigit(iv[2 * i], &a) || convxdigit(iv[2 * i + 1], &b))
-            bugp("Cannot override iv: key should be a 128-bit key written in hexadecimal\n");
-            crypto_iv[i] = (a << 4) | b;
-        }
-        
-    }
-    /* KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH */
-    if(g_debug)
-    {
-        printf("Real key: ");
-        for(int j = 0; j < 16; j++)
-            printf("%02x", real_key.u.key[j]);
-        printf("\n");
-        printf("IV      : ");
-        for(int j = 0; j < 16; j++)
-            printf("%02x", crypto_iv[j]);
-        printf("\n");
-    }
-    /* produce sections data */
-    for(int i = 0; i< sb_hdr.nr_sections; i++)
-    {
-        /* produce tag command */
-        struct sb_instruction_tag_t tag_cmd;
-        produce_section_tag_cmd(&sb->sections[i], &tag_cmd, (i + 1) == sb_hdr.nr_sections);
-        if(g_nr_keys > 0)
-            crypto_cbc((byte *)&tag_cmd, (byte *)&tag_cmd, sizeof(tag_cmd) / BLOCK_SIZE,
-                &real_key, crypto_iv, NULL, 1);
-        sha_1_update(&file_sha1, (byte *)&tag_cmd, sizeof(tag_cmd));
-        fwrite(&tag_cmd, 1, sizeof(tag_cmd), fd);
-        /* produce other commands */
-        byte cur_cbc_mac[16];
-        memcpy(cur_cbc_mac, crypto_iv, 16);
-        for(int j = 0; j < sb->sections[i].nr_insts; j++)
-        {
-            struct sb_inst_t *inst = &sb->sections[i].insts[j];
-            /* command */
-            if(inst->inst != SB_INST_DATA)
-            {
-                struct sb_instruction_common_t cmd;
-                produce_sb_instruction(inst, &cmd);
-                if(g_nr_keys > 0 && !sb->sections[i].is_cleartext)
-                    crypto_cbc((byte *)&cmd, (byte *)&cmd, sizeof(cmd) / BLOCK_SIZE,
-                        &real_key, cur_cbc_mac, &cur_cbc_mac, 1);
-                sha_1_update(&file_sha1, (byte *)&cmd, sizeof(cmd));
-                fwrite(&cmd, 1, sizeof(cmd), fd);
-            }
-            /* data */
-            if(inst->inst == SB_INST_LOAD || inst->inst == SB_INST_DATA)
-            {
-                uint32_t sz = inst->size + inst->padding_size;
-                byte *data = xmalloc(sz);
-                memcpy(data, inst->data, inst->size);
-                memcpy(data + inst->size, inst->padding, inst->padding_size);
-                if(g_nr_keys > 0 && !sb->sections[i].is_cleartext)
-                    crypto_cbc(data, data, sz / BLOCK_SIZE,
-                        &real_key, cur_cbc_mac, &cur_cbc_mac, 1);
-                sha_1_update(&file_sha1, data, sz);
-                fwrite(data, 1, sz, fd);
-                free(data);
-            }
-        }
-    }
-    /* write file SHA-1 */
-    byte final_sig[32];
-    sha_1_finish(&file_sha1);
-    sha_1_output(&file_sha1, final_sig);
-    generate_random_data(final_sig + 20, 12);
-    if(g_nr_keys > 0)
-        crypto_cbc(final_sig, final_sig, 2, &real_key, crypto_iv, NULL, 1);
-    fwrite(final_sig, 1, 32, fd);
-    
-    fclose(fd);
-}
 void usage(void)
 {
    printf("Usage: elftosb [options | file]...\n");
@@ -848,9 +371,7 @@ int main(int argc, char **argv)
                break;
            case 'k':
            {
-                int kac;
+                add_keys_from_file(optarg);
-                key_array_t ka = read_keys(optarg, &kac);
-                add_keys(ka, kac);
                break;
            }
            case 'z':
@@ -922,7 +443,7 @@ int main(int argc, char **argv)
    struct cmd_file_t *cmd_file = db_parse_file(cmd_filename);
    struct sb_file_t *sb_file = apply_cmd_file(cmd_file);
-    produce_sb_file(sb_file, output_filename);
+    sb_produce_file(sb_file, output_filename);
    
    return 0;
 }

diff --git a/utils/sbtools/elftosb.c b/utils/sbtools/elftosb.c index 5e65ba3261..3e217a8979 100644 --- a/utils/sbtools/elftosb.c +++ b/utils/sbtools/elftosb.c
@@ -35,6 +35,7 @@
35	#include "sb.h"	35	#include "sb.h"
36	#include "dbparser.h"	36	#include "dbparser.h"
37	#include "misc.h"	37	#include "misc.h"
		38	#include "sb.h"
38		39
39	char **g_extern;	40	char **g_extern;
40	int g_extern_count;	41	int g_extern_count;
@@ -51,47 +52,6 @@ int g_extern_count;
51	* command file to sb conversion	52	* command file to sb conversion
52	*/	53	*/
53		54
54	#define SB_INST_DATA 0xff
55
56	struct sb_inst_t
57	{
58	uint8_t inst; /* SB_INST_* */
59	uint32_t size;
60	// <union>
61	void *data;
62	uint32_t pattern;
63	uint32_t addr;
64	// </union>
65	uint32_t argument; // for call and jump
66	/* for production use */
67	uint32_t padding_size;
68	uint8_t *padding;
69	};
70
71	struct sb_section_t
72	{
73	uint32_t identifier;
74	bool is_data;
75	bool is_cleartext;
76	uint32_t alignment;
77	// data sections are handled as a single SB_INST_DATA virtual instruction
78	int nr_insts;
79	struct sb_inst_t *insts;
80	/* for production use */
81	uint32_t file_offset; /* in blocks */
82	uint32_t sec_size; /* in blocks */
83	};
84
85	struct sb_file_t
86	{
87	int nr_sections;
88	struct sb_section_t *sections;
89	struct sb_version_t product_ver;
90	struct sb_version_t component_ver;
91	/* for production use */
92	uint32_t image_size; /* in blocks */
93	};
94
95	static bool elf_read(void user, uint32_t addr, void buf, size_t count)	55	static bool elf_read(void user, uint32_t addr, void buf, size_t count)
96	{	56	{
97	if(fseek((FILE *)user, addr, SEEK_SET) == -1)	57	if(fseek((FILE *)user, addr, SEEK_SET) == -1)
@@ -355,443 +315,6 @@ static struct sb_file_t apply_cmd_file(struct cmd_file_t cmd_file)
355	return sb;	315	return sb;
356	}	316	}
357		317
358	/**
359	* SB file production
360	*/
361
362	/* helper function to augment an array, free old array */
363	void augment_array(void arr, size_t elem_sz, size_t cnt, void *aug, size_t aug_cnt)
364	{
365	void p = xmalloc(elem_sz (cnt + aug_cnt));
366	memcpy(p, arr, elem_sz * cnt);
367	memcpy(p + elem_sz * cnt, aug, elem_sz * aug_cnt);
368	free(arr);
369	return p;
370	}
371
372	static void fill_gaps(struct sb_file_t *sb)
373	{
374	for(int i = 0; i < sb->nr_sections; i++)
375	{
376	struct sb_section_t *sec = &sb->sections[i];
377	for(int j = 0; j < sec->nr_insts; j++)
378	{
379	struct sb_inst_t *inst = &sec->insts[j];
380	if(inst->inst != SB_INST_LOAD)
381	continue;
382	inst->padding_size = ROUND_UP(inst->size, BLOCK_SIZE) - inst->size;
383	/* emulate elftosb2 behaviour: generate 15 bytes (that's a safe maximum) */
384	inst->padding = xmalloc(15);
385	generate_random_data(inst->padding, 15);
386	}
387	}
388	}
389
390	static void compute_sb_offsets(struct sb_file_t *sb)
391	{
392	sb->image_size = 0;
393	/* sb header */
394	sb->image_size += sizeof(struct sb_header_t) / BLOCK_SIZE;
395	/* sections headers */
396	sb->image_size += sb->nr_sections * sizeof(struct sb_section_header_t) / BLOCK_SIZE;
397	/* key dictionary */
398	sb->image_size += g_nr_keys * sizeof(struct sb_key_dictionary_entry_t) / BLOCK_SIZE;
399	/* sections */
400	for(int i = 0; i < sb->nr_sections; i++)
401	{
402	/* each section has a preliminary TAG command */
403	sb->image_size += sizeof(struct sb_instruction_tag_t) / BLOCK_SIZE;
404	/* we might need to pad the section so compute next alignment */
405	uint32_t alignment = BLOCK_SIZE;
406	if((i + 1) < sb->nr_sections)
407	alignment = sb->sections[i + 1].alignment;
408	alignment /= BLOCK_SIZE; /* alignment in block sizes */
409
410	struct sb_section_t *sec = &sb->sections[i];
411
412	if(g_debug)
413	{
414	printf("%s section 0x%08x", sec->is_data ? "Data" : "Boot",
415	sec->identifier);
416	if(sec->is_cleartext)
417	printf(" (cleartext)");
418	printf("\n");
419	}
420
421	sec->file_offset = sb->image_size;
422	for(int j = 0; j < sec->nr_insts; j++)
423	{
424	struct sb_inst_t *inst = &sec->insts[j];
425	if(inst->inst == SB_INST_CALL \|\| inst->inst == SB_INST_JUMP)
426	{
427	if(g_debug)
428	printf(" %s \| addr=0x%08x \| arg=0x%08x\n",
429	inst->inst == SB_INST_CALL ? "CALL" : "JUMP", inst->addr, inst->argument);
430	sb->image_size += sizeof(struct sb_instruction_call_t) / BLOCK_SIZE;
431	sec->sec_size += sizeof(struct sb_instruction_call_t) / BLOCK_SIZE;
432	}
433	else if(inst->inst == SB_INST_FILL)
434	{
435	if(g_debug)
436	printf(" FILL \| addr=0x%08x \| len=0x%08x \| pattern=0x%08x\n",
437	inst->addr, inst->size, inst->pattern);
438	sb->image_size += sizeof(struct sb_instruction_fill_t) / BLOCK_SIZE;
439	sec->sec_size += sizeof(struct sb_instruction_fill_t) / BLOCK_SIZE;
440	}
441	else if(inst->inst == SB_INST_LOAD)
442	{
443	if(g_debug)
444	printf(" LOAD \| addr=0x%08x \| len=0x%08x\n", inst->addr, inst->size);
445	/* load header */
446	sb->image_size += sizeof(struct sb_instruction_load_t) / BLOCK_SIZE;
447	sec->sec_size += sizeof(struct sb_instruction_load_t) / BLOCK_SIZE;
448	/* data + alignment */
449	sb->image_size += (inst->size + inst->padding_size) / BLOCK_SIZE;
450	sec->sec_size += (inst->size + inst->padding_size) / BLOCK_SIZE;
451	}
452	else if(inst->inst == SB_INST_MODE)
453	{
454	if(g_debug)
455	printf(" MODE \| mod=0x%08x", inst->addr);
456	sb->image_size += sizeof(struct sb_instruction_mode_t) / BLOCK_SIZE;
457	sec->sec_size += sizeof(struct sb_instruction_mode_t) / BLOCK_SIZE;
458	}
459	else if(inst->inst == SB_INST_DATA)
460	{
461	if(g_debug)
462	printf(" DATA \| size=0x%08x\n", inst->size);
463	sb->image_size += ROUND_UP(inst->size, BLOCK_SIZE) / BLOCK_SIZE;
464	sec->sec_size += ROUND_UP(inst->size, BLOCK_SIZE) / BLOCK_SIZE;
465	}
466	else
467	bug("die on inst %d\n", inst->inst);
468	}
469	/* we need to make sure next section starts on the right alignment.
470	* Since each section starts with a boot tag, we thus need to ensure
471	* that this sections ends at adress X such that X+BLOCK_SIZE is
472	* a multiple of the alignment.
473	* For data sections, we just add random data, otherwise we add nops */
474	uint32_t missing_sz = alignment - ((sb->image_size + 1) % alignment);
475	if(missing_sz != alignment)
476	{
477	struct sb_inst_t *aug_insts;
478	int nr_aug_insts = 0;
479
480	if(sb->sections[i].is_data)
481	{
482	nr_aug_insts = 1;
483	aug_insts = malloc(sizeof(struct sb_inst_t));
484	memset(aug_insts, 0, sizeof(struct sb_inst_t));
485	aug_insts[0].inst = SB_INST_DATA;
486	aug_insts[0].size = missing_sz * BLOCK_SIZE;
487	aug_insts[0].data = xmalloc(missing_sz * BLOCK_SIZE);
488	generate_random_data(aug_insts[0].data, missing_sz * BLOCK_SIZE);
489	if(g_debug)
490	printf(" DATA \| size=0x%08x\n", aug_insts[0].size);
491	}
492	else
493	{
494	nr_aug_insts = missing_sz;
495	aug_insts = malloc(sizeof(struct sb_inst_t) * nr_aug_insts);
496	memset(aug_insts, 0, sizeof(struct sb_inst_t) * nr_aug_insts);
497	for(int j = 0; j < nr_aug_insts; j++)
498	{
499	aug_insts[j].inst = SB_INST_NOP;
500	if(g_debug)
501	printf(" NOOP\n");
502	}
503	}
504
505	sb->sections[i].insts = augment_array(sb->sections[i].insts, sizeof(struct sb_inst_t),
506	sb->sections[i].nr_insts, aug_insts, nr_aug_insts);
507	sb->sections[i].nr_insts += nr_aug_insts;
508
509	/* augment image and section size */
510	sb->image_size += missing_sz;
511	sec->sec_size += missing_sz;
512	}
513	}
514	/* final signature */
515	sb->image_size += 2;
516	}
517
518	static uint64_t generate_timestamp()
519	{
520	struct tm tm_base = {0, 0, 0, 1, 0, 100, 0, 0, 1, 0, NULL}; /* 2000/1/1 0:00:00 */
521	time_t t = time(NULL) - mktime(&tm_base);
522	return (uint64_t)t * 1000000L;
523	}
524
525	static uint16_t swap16(uint16_t t)
526	{
527	return (t << 8) \| (t >> 8);
528	}
529
530	static void fix_version(struct sb_version_t *ver)
531	{
532	ver->major = swap16(ver->major);
533	ver->minor = swap16(ver->minor);
534	ver->revision = swap16(ver->revision);
535	}
536
537	static void produce_sb_header(struct sb_file_t sb, struct sb_header_t sb_hdr)
538	{
539	struct sha_1_params_t sha_1_params;
540
541	sb_hdr->signature[0] = 'S';
542	sb_hdr->signature[1] = 'T';
543	sb_hdr->signature[2] = 'M';
544	sb_hdr->signature[3] = 'P';
545	sb_hdr->major_ver = IMAGE_MAJOR_VERSION;
546	sb_hdr->minor_ver = IMAGE_MINOR_VERSION;
547	sb_hdr->flags = 0;
548	sb_hdr->image_size = sb->image_size;
549	sb_hdr->header_size = sizeof(struct sb_header_t) / BLOCK_SIZE;
550	sb_hdr->first_boot_sec_id = sb->sections[0].identifier;
551	sb_hdr->nr_keys = g_nr_keys;
552	sb_hdr->nr_sections = sb->nr_sections;
553	sb_hdr->sec_hdr_size = sizeof(struct sb_section_header_t) / BLOCK_SIZE;
554	sb_hdr->key_dict_off = sb_hdr->header_size +
555	sb_hdr->sec_hdr_size * sb_hdr->nr_sections;
556	sb_hdr->first_boot_tag_off = sb_hdr->key_dict_off +
557	sizeof(struct sb_key_dictionary_entry_t) * sb_hdr->nr_keys / BLOCK_SIZE;
558	generate_random_data(sb_hdr->rand_pad0, sizeof(sb_hdr->rand_pad0));
559	generate_random_data(sb_hdr->rand_pad1, sizeof(sb_hdr->rand_pad1));
560	sb_hdr->timestamp = generate_timestamp();
561	sb_hdr->product_ver = sb->product_ver;
562	fix_version(&sb_hdr->product_ver);
563	sb_hdr->component_ver = sb->component_ver;
564	fix_version(&sb_hdr->component_ver);
565	sb_hdr->drive_tag = 0;
566
567	sha_1_init(&sha_1_params);
568	sha_1_update(&sha_1_params, &sb_hdr->signature[0],
569	sizeof(struct sb_header_t) - sizeof(sb_hdr->sha1_header));
570	sha_1_finish(&sha_1_params);
571	sha_1_output(&sha_1_params, sb_hdr->sha1_header);
572	}
573
574	static void produce_sb_section_header(struct sb_section_t *sec,
575	struct sb_section_header_t *sec_hdr)
576	{
577	sec_hdr->identifier = sec->identifier;
578	sec_hdr->offset = sec->file_offset;
579	sec_hdr->size = sec->sec_size;
580	sec_hdr->flags = (sec->is_data ? 0 : SECTION_BOOTABLE)
581	\| (sec->is_cleartext ? SECTION_CLEARTEXT : 0);
582	}
583
584	static uint8_t instruction_checksum(struct sb_instruction_header_t *hdr)
585	{
586	uint8_t sum = 90;
587	byte ptr = (byte )hdr;
588	for(int i = 1; i < 16; i++)
589	sum += ptr[i];
590	return sum;
591	}
592
593	static void produce_section_tag_cmd(struct sb_section_t *sec,
594	struct sb_instruction_tag_t *tag, bool is_last)
595	{
596	tag->hdr.opcode = SB_INST_TAG;
597	tag->hdr.flags = is_last ? SB_INST_LAST_TAG : 0;
598	tag->identifier = sec->identifier;
599	tag->len = sec->sec_size;
600	tag->flags = (sec->is_data ? 0 : SECTION_BOOTABLE)
601	\| (sec->is_cleartext ? SECTION_CLEARTEXT : 0);
602	tag->hdr.checksum = instruction_checksum(&tag->hdr);
603	}
604
605	void produce_sb_instruction(struct sb_inst_t *inst,
606	struct sb_instruction_common_t *cmd)
607	{
608	memset(cmd, 0, sizeof(struct sb_instruction_common_t));
609	cmd->hdr.opcode = inst->inst;
610	switch(inst->inst)
611	{
612	case SB_INST_CALL:
613	case SB_INST_JUMP:
614	cmd->addr = inst->addr;
615	cmd->data = inst->argument;
616	break;
617	case SB_INST_FILL:
618	cmd->addr = inst->addr;
619	cmd->len = inst->size;
620	cmd->data = inst->pattern;
621	break;
622	case SB_INST_LOAD:
623	cmd->addr = inst->addr;
624	cmd->len = inst->size;
625	cmd->data = crc_continue(crc(inst->data, inst->size),
626	inst->padding, inst->padding_size);
627	break;
628	case SB_INST_MODE:
629	cmd->data = inst->addr;
630	break;
631	case SB_INST_NOP:
632	break;
633	default:
634	bug("die\n");
635	}
636	cmd->hdr.checksum = instruction_checksum(&cmd->hdr);
637	}
638
639	static void produce_sb_file(struct sb_file_t sb, const char filename)
640	{
641	FILE *fd = fopen(filename, "wb");
642	if(fd == NULL)
643	bugp("cannot open output file");
644
645	struct crypto_key_t real_key;
646	real_key.method = CRYPTO_KEY;
647	byte crypto_iv[16];
648	byte (cbc_macs)[16] = xmalloc(16 g_nr_keys);
649	/* init CBC-MACs */
650	for(int i = 0; i < g_nr_keys; i++)
651	memset(cbc_macs[i], 0, 16);
652
653	fill_gaps(sb);
654	compute_sb_offsets(sb);
655
656	generate_random_data(real_key.u.key, 16);
657
658	/* global SHA-1 */
659	struct sha_1_params_t file_sha1;
660	sha_1_init(&file_sha1);
661	/* produce and write header */
662	struct sb_header_t sb_hdr;
663	produce_sb_header(sb, &sb_hdr);
664	sha_1_update(&file_sha1, (byte *)&sb_hdr, sizeof(sb_hdr));
665	fwrite(&sb_hdr, 1, sizeof(sb_hdr), fd);
666
667	memcpy(crypto_iv, &sb_hdr, 16);
668
669	/* update CBC-MACs */
670	for(int i = 0; i < g_nr_keys; i++)
671	crypto_cbc((byte *)&sb_hdr, NULL, sizeof(sb_hdr) / BLOCK_SIZE, &g_key_array[i],
672	cbc_macs[i], &cbc_macs[i], 1);
673
674	/* produce and write section headers */
675	for(int i = 0; i < sb_hdr.nr_sections; i++)
676	{
677	struct sb_section_header_t sb_sec_hdr;
678	produce_sb_section_header(&sb->sections[i], &sb_sec_hdr);
679	sha_1_update(&file_sha1, (byte *)&sb_sec_hdr, sizeof(sb_sec_hdr));
680	fwrite(&sb_sec_hdr, 1, sizeof(sb_sec_hdr), fd);
681	/* update CBC-MACs */
682	for(int j = 0; j < g_nr_keys; j++)
683	crypto_cbc((byte *)&sb_sec_hdr, NULL, sizeof(sb_sec_hdr) / BLOCK_SIZE,
684	&g_key_array[j], cbc_macs[j], &cbc_macs[j], 1);
685	}
686	/* produce key dictionary */
687	for(int i = 0; i < g_nr_keys; i++)
688	{
689	struct sb_key_dictionary_entry_t entry;
690	memcpy(entry.hdr_cbc_mac, cbc_macs[i], 16);
691	crypto_cbc(real_key.u.key, entry.key, 1, &g_key_array[i],
692	crypto_iv, NULL, 1);
693
694	fwrite(&entry, 1, sizeof(entry), fd);
695	sha_1_update(&file_sha1, (byte *)&entry, sizeof(entry));
696	}
697
698	/* HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK */
699	/* Image crafting, don't use it unless you understand what you do */
700	if(strlen(s_getenv("SB_OVERRIDE_REAL_KEY")) != 0)
701	{
702	const char *key = s_getenv("SB_OVERRIDE_REAL_KEY");
703	if(strlen(key) != 32)
704	bugp("Cannot override real key: invalid key length\n");
705	for(int i = 0; i < 16; i++)
706	{
707	byte a, b;
708	if(convxdigit(key[2 * i], &a) \|\| convxdigit(key[2 * i + 1], &b))
709	bugp("Cannot override real key: key should be a 128-bit key written in hexadecimal\n");
710	real_key.u.key[i] = (a << 4) \| b;
711	}
712	}
713	if(strlen(s_getenv("SB_OVERRIDE_IV")) != 0)
714	{
715	const char *iv = s_getenv("SB_OVERRIDE_IV");
716	if(strlen(iv) != 32)
717	bugp("Cannot override iv: invalid key length\n");
718	for(int i = 0; i < 16; i++)
719	{
720	byte a, b;
721	if(convxdigit(iv[2 * i], &a) \|\| convxdigit(iv[2 * i + 1], &b))
722	bugp("Cannot override iv: key should be a 128-bit key written in hexadecimal\n");
723	crypto_iv[i] = (a << 4) \| b;
724	}
725
726	}
727	/* KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH */
728	if(g_debug)
729	{
730	printf("Real key: ");
731	for(int j = 0; j < 16; j++)
732	printf("%02x", real_key.u.key[j]);
733	printf("\n");
734	printf("IV : ");
735	for(int j = 0; j < 16; j++)
736	printf("%02x", crypto_iv[j]);
737	printf("\n");
738	}
739	/* produce sections data */
740	for(int i = 0; i< sb_hdr.nr_sections; i++)
741	{
742	/* produce tag command */
743	struct sb_instruction_tag_t tag_cmd;
744	produce_section_tag_cmd(&sb->sections[i], &tag_cmd, (i + 1) == sb_hdr.nr_sections);
745	if(g_nr_keys > 0)
746	crypto_cbc((byte )&tag_cmd, (byte )&tag_cmd, sizeof(tag_cmd) / BLOCK_SIZE,
747	&real_key, crypto_iv, NULL, 1);
748	sha_1_update(&file_sha1, (byte *)&tag_cmd, sizeof(tag_cmd));
749	fwrite(&tag_cmd, 1, sizeof(tag_cmd), fd);
750	/* produce other commands */
751	byte cur_cbc_mac[16];
752	memcpy(cur_cbc_mac, crypto_iv, 16);
753	for(int j = 0; j < sb->sections[i].nr_insts; j++)
754	{
755	struct sb_inst_t *inst = &sb->sections[i].insts[j];
756	/* command */
757	if(inst->inst != SB_INST_DATA)
758	{
759	struct sb_instruction_common_t cmd;
760	produce_sb_instruction(inst, &cmd);
761	if(g_nr_keys > 0 && !sb->sections[i].is_cleartext)
762	crypto_cbc((byte )&cmd, (byte )&cmd, sizeof(cmd) / BLOCK_SIZE,
763	&real_key, cur_cbc_mac, &cur_cbc_mac, 1);
764	sha_1_update(&file_sha1, (byte *)&cmd, sizeof(cmd));
765	fwrite(&cmd, 1, sizeof(cmd), fd);
766	}
767	/* data */
768	if(inst->inst == SB_INST_LOAD \|\| inst->inst == SB_INST_DATA)
769	{
770	uint32_t sz = inst->size + inst->padding_size;
771	byte *data = xmalloc(sz);
772	memcpy(data, inst->data, inst->size);
773	memcpy(data + inst->size, inst->padding, inst->padding_size);
774	if(g_nr_keys > 0 && !sb->sections[i].is_cleartext)
775	crypto_cbc(data, data, sz / BLOCK_SIZE,
776	&real_key, cur_cbc_mac, &cur_cbc_mac, 1);
777	sha_1_update(&file_sha1, data, sz);
778	fwrite(data, 1, sz, fd);
779	free(data);
780	}
781	}
782	}
783	/* write file SHA-1 */
784	byte final_sig[32];
785	sha_1_finish(&file_sha1);
786	sha_1_output(&file_sha1, final_sig);
787	generate_random_data(final_sig + 20, 12);
788	if(g_nr_keys > 0)
789	crypto_cbc(final_sig, final_sig, 2, &real_key, crypto_iv, NULL, 1);
790	fwrite(final_sig, 1, 32, fd);
791
792	fclose(fd);
793	}
794
795	void usage(void)	318	void usage(void)
796	{	319	{
797	printf("Usage: elftosb [options \| file]...\n");	320	printf("Usage: elftosb [options \| file]...\n");
@@ -848,9 +371,7 @@ int main(int argc, char **argv)
848	break;	371	break;
849	case 'k':	372	case 'k':
850	{	373	{
851	int kac;	374	add_keys_from_file(optarg);
852	key_array_t ka = read_keys(optarg, &kac);
853	add_keys(ka, kac);
854	break;	375	break;
855	}	376	}
856	case 'z':	377	case 'z':
@@ -922,7 +443,7 @@ int main(int argc, char **argv)
922		443
923	struct cmd_file_t *cmd_file = db_parse_file(cmd_filename);	444	struct cmd_file_t *cmd_file = db_parse_file(cmd_filename);
924	struct sb_file_t *sb_file = apply_cmd_file(cmd_file);	445	struct sb_file_t *sb_file = apply_cmd_file(cmd_file);
925	produce_sb_file(sb_file, output_filename);	446	sb_produce_file(sb_file, output_filename);
926		447
927	return 0;	448	return 0;
928	}	449	}