diff options
Diffstat (limited to 'utils/sbtools/sb.c')
-rw-r--r-- | utils/sbtools/sb.c | 426 |
1 files changed, 426 insertions, 0 deletions
diff --git a/utils/sbtools/sb.c b/utils/sbtools/sb.c new file mode 100644 index 0000000000..3921710a2d --- /dev/null +++ b/utils/sbtools/sb.c | |||
@@ -0,0 +1,426 @@ | |||
1 | /*************************************************************************** | ||
2 | * __________ __ ___. | ||
3 | * Open \______ \ ____ ____ | | _\_ |__ _______ ___ | ||
4 | * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / | ||
5 | * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < | ||
6 | * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ | ||
7 | * \/ \/ \/ \/ \/ | ||
8 | * $Id$ | ||
9 | * | ||
10 | * Copyright (C) 2011 Amaury Pouly | ||
11 | * | ||
12 | * This program is free software; you can redistribute it and/or | ||
13 | * modify it under the terms of the GNU General Public License | ||
14 | * as published by the Free Software Foundation; either version 2 | ||
15 | * of the License, or (at your option) any later version. | ||
16 | * | ||
17 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | ||
18 | * KIND, either express or implied. | ||
19 | * | ||
20 | ****************************************************************************/ | ||
21 | #include <stdio.h> | ||
22 | #include <time.h> | ||
23 | #include <stdlib.h> | ||
24 | #include "misc.h" | ||
25 | #include "crypto.h" | ||
26 | #include "sb.h" | ||
27 | |||
28 | static void fill_gaps(struct sb_file_t *sb) | ||
29 | { | ||
30 | for(int i = 0; i < sb->nr_sections; i++) | ||
31 | { | ||
32 | struct sb_section_t *sec = &sb->sections[i]; | ||
33 | for(int j = 0; j < sec->nr_insts; j++) | ||
34 | { | ||
35 | struct sb_inst_t *inst = &sec->insts[j]; | ||
36 | if(inst->inst != SB_INST_LOAD) | ||
37 | continue; | ||
38 | inst->padding_size = ROUND_UP(inst->size, BLOCK_SIZE) - inst->size; | ||
39 | /* emulate elftosb2 behaviour: generate 15 bytes (that's a safe maximum) */ | ||
40 | inst->padding = xmalloc(15); | ||
41 | generate_random_data(inst->padding, 15); | ||
42 | } | ||
43 | } | ||
44 | } | ||
45 | |||
46 | static void compute_sb_offsets(struct sb_file_t *sb) | ||
47 | { | ||
48 | sb->image_size = 0; | ||
49 | /* sb header */ | ||
50 | sb->image_size += sizeof(struct sb_header_t) / BLOCK_SIZE; | ||
51 | /* sections headers */ | ||
52 | sb->image_size += sb->nr_sections * sizeof(struct sb_section_header_t) / BLOCK_SIZE; | ||
53 | /* key dictionary */ | ||
54 | sb->image_size += g_nr_keys * sizeof(struct sb_key_dictionary_entry_t) / BLOCK_SIZE; | ||
55 | /* sections */ | ||
56 | for(int i = 0; i < sb->nr_sections; i++) | ||
57 | { | ||
58 | /* each section has a preliminary TAG command */ | ||
59 | sb->image_size += sizeof(struct sb_instruction_tag_t) / BLOCK_SIZE; | ||
60 | /* we might need to pad the section so compute next alignment */ | ||
61 | uint32_t alignment = BLOCK_SIZE; | ||
62 | if((i + 1) < sb->nr_sections) | ||
63 | alignment = sb->sections[i + 1].alignment; | ||
64 | alignment /= BLOCK_SIZE; /* alignment in block sizes */ | ||
65 | |||
66 | struct sb_section_t *sec = &sb->sections[i]; | ||
67 | |||
68 | if(g_debug) | ||
69 | { | ||
70 | printf("%s section 0x%08x", sec->is_data ? "Data" : "Boot", | ||
71 | sec->identifier); | ||
72 | if(sec->is_cleartext) | ||
73 | printf(" (cleartext)"); | ||
74 | printf("\n"); | ||
75 | } | ||
76 | |||
77 | sec->file_offset = sb->image_size; | ||
78 | for(int j = 0; j < sec->nr_insts; j++) | ||
79 | { | ||
80 | struct sb_inst_t *inst = &sec->insts[j]; | ||
81 | if(inst->inst == SB_INST_CALL || inst->inst == SB_INST_JUMP) | ||
82 | { | ||
83 | if(g_debug) | ||
84 | printf(" %s | addr=0x%08x | arg=0x%08x\n", | ||
85 | inst->inst == SB_INST_CALL ? "CALL" : "JUMP", inst->addr, inst->argument); | ||
86 | sb->image_size += sizeof(struct sb_instruction_call_t) / BLOCK_SIZE; | ||
87 | sec->sec_size += sizeof(struct sb_instruction_call_t) / BLOCK_SIZE; | ||
88 | } | ||
89 | else if(inst->inst == SB_INST_FILL) | ||
90 | { | ||
91 | if(g_debug) | ||
92 | printf(" FILL | addr=0x%08x | len=0x%08x | pattern=0x%08x\n", | ||
93 | inst->addr, inst->size, inst->pattern); | ||
94 | sb->image_size += sizeof(struct sb_instruction_fill_t) / BLOCK_SIZE; | ||
95 | sec->sec_size += sizeof(struct sb_instruction_fill_t) / BLOCK_SIZE; | ||
96 | } | ||
97 | else if(inst->inst == SB_INST_LOAD) | ||
98 | { | ||
99 | if(g_debug) | ||
100 | printf(" LOAD | addr=0x%08x | len=0x%08x\n", inst->addr, inst->size); | ||
101 | /* load header */ | ||
102 | sb->image_size += sizeof(struct sb_instruction_load_t) / BLOCK_SIZE; | ||
103 | sec->sec_size += sizeof(struct sb_instruction_load_t) / BLOCK_SIZE; | ||
104 | /* data + alignment */ | ||
105 | sb->image_size += (inst->size + inst->padding_size) / BLOCK_SIZE; | ||
106 | sec->sec_size += (inst->size + inst->padding_size) / BLOCK_SIZE; | ||
107 | } | ||
108 | else if(inst->inst == SB_INST_MODE) | ||
109 | { | ||
110 | if(g_debug) | ||
111 | printf(" MODE | mod=0x%08x", inst->addr); | ||
112 | sb->image_size += sizeof(struct sb_instruction_mode_t) / BLOCK_SIZE; | ||
113 | sec->sec_size += sizeof(struct sb_instruction_mode_t) / BLOCK_SIZE; | ||
114 | } | ||
115 | else if(inst->inst == SB_INST_DATA) | ||
116 | { | ||
117 | if(g_debug) | ||
118 | printf(" DATA | size=0x%08x\n", inst->size); | ||
119 | sb->image_size += ROUND_UP(inst->size, BLOCK_SIZE) / BLOCK_SIZE; | ||
120 | sec->sec_size += ROUND_UP(inst->size, BLOCK_SIZE) / BLOCK_SIZE; | ||
121 | } | ||
122 | else | ||
123 | bug("die on inst %d\n", inst->inst); | ||
124 | } | ||
125 | /* we need to make sure next section starts on the right alignment. | ||
126 | * Since each section starts with a boot tag, we thus need to ensure | ||
127 | * that this sections ends at adress X such that X+BLOCK_SIZE is | ||
128 | * a multiple of the alignment. | ||
129 | * For data sections, we just add random data, otherwise we add nops */ | ||
130 | uint32_t missing_sz = alignment - ((sb->image_size + 1) % alignment); | ||
131 | if(missing_sz != alignment) | ||
132 | { | ||
133 | struct sb_inst_t *aug_insts; | ||
134 | int nr_aug_insts = 0; | ||
135 | |||
136 | if(sb->sections[i].is_data) | ||
137 | { | ||
138 | nr_aug_insts = 1; | ||
139 | aug_insts = malloc(sizeof(struct sb_inst_t)); | ||
140 | memset(aug_insts, 0, sizeof(struct sb_inst_t)); | ||
141 | aug_insts[0].inst = SB_INST_DATA; | ||
142 | aug_insts[0].size = missing_sz * BLOCK_SIZE; | ||
143 | aug_insts[0].data = xmalloc(missing_sz * BLOCK_SIZE); | ||
144 | generate_random_data(aug_insts[0].data, missing_sz * BLOCK_SIZE); | ||
145 | if(g_debug) | ||
146 | printf(" DATA | size=0x%08x\n", aug_insts[0].size); | ||
147 | } | ||
148 | else | ||
149 | { | ||
150 | nr_aug_insts = missing_sz; | ||
151 | aug_insts = malloc(sizeof(struct sb_inst_t) * nr_aug_insts); | ||
152 | memset(aug_insts, 0, sizeof(struct sb_inst_t) * nr_aug_insts); | ||
153 | for(int j = 0; j < nr_aug_insts; j++) | ||
154 | { | ||
155 | aug_insts[j].inst = SB_INST_NOP; | ||
156 | if(g_debug) | ||
157 | printf(" NOOP\n"); | ||
158 | } | ||
159 | } | ||
160 | |||
161 | sb->sections[i].insts = augment_array(sb->sections[i].insts, sizeof(struct sb_inst_t), | ||
162 | sb->sections[i].nr_insts, aug_insts, nr_aug_insts); | ||
163 | sb->sections[i].nr_insts += nr_aug_insts; | ||
164 | |||
165 | /* augment image and section size */ | ||
166 | sb->image_size += missing_sz; | ||
167 | sec->sec_size += missing_sz; | ||
168 | } | ||
169 | } | ||
170 | /* final signature */ | ||
171 | sb->image_size += 2; | ||
172 | } | ||
173 | |||
174 | static uint64_t generate_timestamp() | ||
175 | { | ||
176 | struct tm tm_base = {0, 0, 0, 1, 0, 100, 0, 0, 1, 0, NULL}; /* 2000/1/1 0:00:00 */ | ||
177 | time_t t = time(NULL) - mktime(&tm_base); | ||
178 | return (uint64_t)t * 1000000L; | ||
179 | } | ||
180 | |||
181 | static uint16_t swap16(uint16_t t) | ||
182 | { | ||
183 | return (t << 8) | (t >> 8); | ||
184 | } | ||
185 | |||
186 | static void fix_version(struct sb_version_t *ver) | ||
187 | { | ||
188 | ver->major = swap16(ver->major); | ||
189 | ver->minor = swap16(ver->minor); | ||
190 | ver->revision = swap16(ver->revision); | ||
191 | } | ||
192 | |||
193 | static void produce_sb_header(struct sb_file_t *sb, struct sb_header_t *sb_hdr) | ||
194 | { | ||
195 | struct sha_1_params_t sha_1_params; | ||
196 | |||
197 | sb_hdr->signature[0] = 'S'; | ||
198 | sb_hdr->signature[1] = 'T'; | ||
199 | sb_hdr->signature[2] = 'M'; | ||
200 | sb_hdr->signature[3] = 'P'; | ||
201 | sb_hdr->major_ver = IMAGE_MAJOR_VERSION; | ||
202 | sb_hdr->minor_ver = IMAGE_MINOR_VERSION; | ||
203 | sb_hdr->flags = 0; | ||
204 | sb_hdr->image_size = sb->image_size; | ||
205 | sb_hdr->header_size = sizeof(struct sb_header_t) / BLOCK_SIZE; | ||
206 | sb_hdr->first_boot_sec_id = sb->sections[0].identifier; | ||
207 | sb_hdr->nr_keys = g_nr_keys; | ||
208 | sb_hdr->nr_sections = sb->nr_sections; | ||
209 | sb_hdr->sec_hdr_size = sizeof(struct sb_section_header_t) / BLOCK_SIZE; | ||
210 | sb_hdr->key_dict_off = sb_hdr->header_size + | ||
211 | sb_hdr->sec_hdr_size * sb_hdr->nr_sections; | ||
212 | sb_hdr->first_boot_tag_off = sb_hdr->key_dict_off + | ||
213 | sizeof(struct sb_key_dictionary_entry_t) * sb_hdr->nr_keys / BLOCK_SIZE; | ||
214 | generate_random_data(sb_hdr->rand_pad0, sizeof(sb_hdr->rand_pad0)); | ||
215 | generate_random_data(sb_hdr->rand_pad1, sizeof(sb_hdr->rand_pad1)); | ||
216 | sb_hdr->timestamp = generate_timestamp(); | ||
217 | sb_hdr->product_ver = sb->product_ver; | ||
218 | fix_version(&sb_hdr->product_ver); | ||
219 | sb_hdr->component_ver = sb->component_ver; | ||
220 | fix_version(&sb_hdr->component_ver); | ||
221 | sb_hdr->drive_tag = 0; | ||
222 | |||
223 | sha_1_init(&sha_1_params); | ||
224 | sha_1_update(&sha_1_params, &sb_hdr->signature[0], | ||
225 | sizeof(struct sb_header_t) - sizeof(sb_hdr->sha1_header)); | ||
226 | sha_1_finish(&sha_1_params); | ||
227 | sha_1_output(&sha_1_params, sb_hdr->sha1_header); | ||
228 | } | ||
229 | |||
230 | static void produce_sb_section_header(struct sb_section_t *sec, | ||
231 | struct sb_section_header_t *sec_hdr) | ||
232 | { | ||
233 | sec_hdr->identifier = sec->identifier; | ||
234 | sec_hdr->offset = sec->file_offset; | ||
235 | sec_hdr->size = sec->sec_size; | ||
236 | sec_hdr->flags = (sec->is_data ? 0 : SECTION_BOOTABLE) | ||
237 | | (sec->is_cleartext ? SECTION_CLEARTEXT : 0); | ||
238 | } | ||
239 | |||
240 | static uint8_t instruction_checksum(struct sb_instruction_header_t *hdr) | ||
241 | { | ||
242 | uint8_t sum = 90; | ||
243 | byte *ptr = (byte *)hdr; | ||
244 | for(int i = 1; i < 16; i++) | ||
245 | sum += ptr[i]; | ||
246 | return sum; | ||
247 | } | ||
248 | |||
249 | static void produce_section_tag_cmd(struct sb_section_t *sec, | ||
250 | struct sb_instruction_tag_t *tag, bool is_last) | ||
251 | { | ||
252 | tag->hdr.opcode = SB_INST_TAG; | ||
253 | tag->hdr.flags = is_last ? SB_INST_LAST_TAG : 0; | ||
254 | tag->identifier = sec->identifier; | ||
255 | tag->len = sec->sec_size; | ||
256 | tag->flags = (sec->is_data ? 0 : SECTION_BOOTABLE) | ||
257 | | (sec->is_cleartext ? SECTION_CLEARTEXT : 0); | ||
258 | tag->hdr.checksum = instruction_checksum(&tag->hdr); | ||
259 | } | ||
260 | |||
261 | void produce_sb_instruction(struct sb_inst_t *inst, | ||
262 | struct sb_instruction_common_t *cmd) | ||
263 | { | ||
264 | memset(cmd, 0, sizeof(struct sb_instruction_common_t)); | ||
265 | cmd->hdr.opcode = inst->inst; | ||
266 | switch(inst->inst) | ||
267 | { | ||
268 | case SB_INST_CALL: | ||
269 | case SB_INST_JUMP: | ||
270 | cmd->addr = inst->addr; | ||
271 | cmd->data = inst->argument; | ||
272 | break; | ||
273 | case SB_INST_FILL: | ||
274 | cmd->addr = inst->addr; | ||
275 | cmd->len = inst->size; | ||
276 | cmd->data = inst->pattern; | ||
277 | break; | ||
278 | case SB_INST_LOAD: | ||
279 | cmd->addr = inst->addr; | ||
280 | cmd->len = inst->size; | ||
281 | cmd->data = crc_continue(crc(inst->data, inst->size), | ||
282 | inst->padding, inst->padding_size); | ||
283 | break; | ||
284 | case SB_INST_MODE: | ||
285 | cmd->data = inst->addr; | ||
286 | break; | ||
287 | case SB_INST_NOP: | ||
288 | break; | ||
289 | default: | ||
290 | bug("die\n"); | ||
291 | } | ||
292 | cmd->hdr.checksum = instruction_checksum(&cmd->hdr); | ||
293 | } | ||
294 | |||
295 | void sb_produce_file(struct sb_file_t *sb, const char *filename) | ||
296 | { | ||
297 | FILE *fd = fopen(filename, "wb"); | ||
298 | if(fd == NULL) | ||
299 | bugp("cannot open output file"); | ||
300 | |||
301 | struct crypto_key_t real_key; | ||
302 | real_key.method = CRYPTO_KEY; | ||
303 | byte crypto_iv[16]; | ||
304 | byte (*cbc_macs)[16] = xmalloc(16 * g_nr_keys); | ||
305 | /* init CBC-MACs */ | ||
306 | for(int i = 0; i < g_nr_keys; i++) | ||
307 | memset(cbc_macs[i], 0, 16); | ||
308 | |||
309 | fill_gaps(sb); | ||
310 | compute_sb_offsets(sb); | ||
311 | |||
312 | generate_random_data(real_key.u.key, 16); | ||
313 | |||
314 | /* global SHA-1 */ | ||
315 | struct sha_1_params_t file_sha1; | ||
316 | sha_1_init(&file_sha1); | ||
317 | /* produce and write header */ | ||
318 | struct sb_header_t sb_hdr; | ||
319 | produce_sb_header(sb, &sb_hdr); | ||
320 | sha_1_update(&file_sha1, (byte *)&sb_hdr, sizeof(sb_hdr)); | ||
321 | fwrite(&sb_hdr, 1, sizeof(sb_hdr), fd); | ||
322 | |||
323 | memcpy(crypto_iv, &sb_hdr, 16); | ||
324 | |||
325 | /* update CBC-MACs */ | ||
326 | for(int i = 0; i < g_nr_keys; i++) | ||
327 | crypto_cbc((byte *)&sb_hdr, NULL, sizeof(sb_hdr) / BLOCK_SIZE, &g_key_array[i], | ||
328 | cbc_macs[i], &cbc_macs[i], 1); | ||
329 | |||
330 | /* produce and write section headers */ | ||
331 | for(int i = 0; i < sb_hdr.nr_sections; i++) | ||
332 | { | ||
333 | struct sb_section_header_t sb_sec_hdr; | ||
334 | produce_sb_section_header(&sb->sections[i], &sb_sec_hdr); | ||
335 | sha_1_update(&file_sha1, (byte *)&sb_sec_hdr, sizeof(sb_sec_hdr)); | ||
336 | fwrite(&sb_sec_hdr, 1, sizeof(sb_sec_hdr), fd); | ||
337 | /* update CBC-MACs */ | ||
338 | for(int j = 0; j < g_nr_keys; j++) | ||
339 | crypto_cbc((byte *)&sb_sec_hdr, NULL, sizeof(sb_sec_hdr) / BLOCK_SIZE, | ||
340 | &g_key_array[j], cbc_macs[j], &cbc_macs[j], 1); | ||
341 | } | ||
342 | /* produce key dictionary */ | ||
343 | for(int i = 0; i < g_nr_keys; i++) | ||
344 | { | ||
345 | struct sb_key_dictionary_entry_t entry; | ||
346 | memcpy(entry.hdr_cbc_mac, cbc_macs[i], 16); | ||
347 | crypto_cbc(real_key.u.key, entry.key, 1, &g_key_array[i], | ||
348 | crypto_iv, NULL, 1); | ||
349 | |||
350 | fwrite(&entry, 1, sizeof(entry), fd); | ||
351 | sha_1_update(&file_sha1, (byte *)&entry, sizeof(entry)); | ||
352 | } | ||
353 | |||
354 | /* HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK HACK */ | ||
355 | /* Image crafting, don't use it unless you understand what you do */ | ||
356 | if(sb->real_key != NULL) | ||
357 | memcpy(real_key.u.key, *sb->real_key, 16); | ||
358 | if(sb->crypto_iv != NULL) | ||
359 | memcpy(crypto_iv, *sb->crypto_iv, 16); | ||
360 | /* KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH KCAH */ | ||
361 | if(g_debug) | ||
362 | { | ||
363 | printf("Real key: "); | ||
364 | for(int j = 0; j < 16; j++) | ||
365 | printf("%02x", real_key.u.key[j]); | ||
366 | printf("\n"); | ||
367 | printf("IV : "); | ||
368 | for(int j = 0; j < 16; j++) | ||
369 | printf("%02x", crypto_iv[j]); | ||
370 | printf("\n"); | ||
371 | } | ||
372 | /* produce sections data */ | ||
373 | for(int i = 0; i< sb_hdr.nr_sections; i++) | ||
374 | { | ||
375 | /* produce tag command */ | ||
376 | struct sb_instruction_tag_t tag_cmd; | ||
377 | produce_section_tag_cmd(&sb->sections[i], &tag_cmd, (i + 1) == sb_hdr.nr_sections); | ||
378 | if(g_nr_keys > 0) | ||
379 | crypto_cbc((byte *)&tag_cmd, (byte *)&tag_cmd, sizeof(tag_cmd) / BLOCK_SIZE, | ||
380 | &real_key, crypto_iv, NULL, 1); | ||
381 | sha_1_update(&file_sha1, (byte *)&tag_cmd, sizeof(tag_cmd)); | ||
382 | fwrite(&tag_cmd, 1, sizeof(tag_cmd), fd); | ||
383 | /* produce other commands */ | ||
384 | byte cur_cbc_mac[16]; | ||
385 | memcpy(cur_cbc_mac, crypto_iv, 16); | ||
386 | for(int j = 0; j < sb->sections[i].nr_insts; j++) | ||
387 | { | ||
388 | struct sb_inst_t *inst = &sb->sections[i].insts[j]; | ||
389 | /* command */ | ||
390 | if(inst->inst != SB_INST_DATA) | ||
391 | { | ||
392 | struct sb_instruction_common_t cmd; | ||
393 | produce_sb_instruction(inst, &cmd); | ||
394 | if(g_nr_keys > 0 && !sb->sections[i].is_cleartext) | ||
395 | crypto_cbc((byte *)&cmd, (byte *)&cmd, sizeof(cmd) / BLOCK_SIZE, | ||
396 | &real_key, cur_cbc_mac, &cur_cbc_mac, 1); | ||
397 | sha_1_update(&file_sha1, (byte *)&cmd, sizeof(cmd)); | ||
398 | fwrite(&cmd, 1, sizeof(cmd), fd); | ||
399 | } | ||
400 | /* data */ | ||
401 | if(inst->inst == SB_INST_LOAD || inst->inst == SB_INST_DATA) | ||
402 | { | ||
403 | uint32_t sz = inst->size + inst->padding_size; | ||
404 | byte *data = xmalloc(sz); | ||
405 | memcpy(data, inst->data, inst->size); | ||
406 | memcpy(data + inst->size, inst->padding, inst->padding_size); | ||
407 | if(g_nr_keys > 0 && !sb->sections[i].is_cleartext) | ||
408 | crypto_cbc(data, data, sz / BLOCK_SIZE, | ||
409 | &real_key, cur_cbc_mac, &cur_cbc_mac, 1); | ||
410 | sha_1_update(&file_sha1, data, sz); | ||
411 | fwrite(data, 1, sz, fd); | ||
412 | free(data); | ||
413 | } | ||
414 | } | ||
415 | } | ||
416 | /* write file SHA-1 */ | ||
417 | byte final_sig[32]; | ||
418 | sha_1_finish(&file_sha1); | ||
419 | sha_1_output(&file_sha1, final_sig); | ||
420 | generate_random_data(final_sig + 20, 12); | ||
421 | if(g_nr_keys > 0) | ||
422 | crypto_cbc(final_sig, final_sig, 2, &real_key, crypto_iv, NULL, 1); | ||
423 | fwrite(final_sig, 1, 32, fd); | ||
424 | |||
425 | fclose(fd); | ||
426 | } | ||