@ -22,6 +22,36 @@
# include "pbl_crc32.h"
# include <image.h>
/*
* OpenSSL 1.1 .0 and newer compatibility functions :
* https : //wiki.openssl.org/index.php/1.1_API_Changes
*/
# if OPENSSL_VERSION_NUMBER < 0x10100000L
static void * OPENSSL_zalloc ( size_t num )
{
void * ret = OPENSSL_malloc ( num ) ;
if ( ret ! = NULL )
memset ( ret , 0 , num ) ;
return ret ;
}
EVP_MD_CTX * EVP_MD_CTX_new ( void )
{
return OPENSSL_zalloc ( sizeof ( EVP_MD_CTX ) ) ;
}
void EVP_MD_CTX_free ( EVP_MD_CTX * ctx )
{
EVP_MD_CTX_cleanup ( ctx ) ;
OPENSSL_free ( ctx ) ;
}
int EVP_CIPHER_CTX_reset ( EVP_CIPHER_CTX * ctx )
{
return EVP_CIPHER_CTX_cleanup ( ctx ) ;
}
# endif
/*
* DCD block
@ -144,8 +174,8 @@ struct sb_image_ctx {
struct sb_dcd_ctx * dcd_head ;
struct sb_dcd_ctx * dcd_tail ;
EVP_CIPHER_CTX cipher_ctx ;
EVP_MD_CTX md_ctx ;
EVP_CIPHER_CTX * cipher_ctx ;
EVP_MD_CTX * md_ctx ;
uint8_t digest [ 32 ] ;
struct sb_key_dictionary_key sb_dict_key ;
@ -173,24 +203,26 @@ struct sb_image_ctx {
*/
static int sb_aes_init ( struct sb_image_ctx * ictx , uint8_t * iv , int enc )
{
EVP_CIPHER_CTX * ctx = & ictx - > cipher_ctx ;
EVP_CIPHER_CTX * ctx ;
int ret ;
/* If there is no init vector, init vector is all zeroes. */
if ( ! iv )
iv = ictx - > image_key ;
EVP_CIPHER_CTX_init ( ctx ) ;
ctx = EVP_CIPHER_CTX_new ( ) ;
ret = EVP_CipherInit ( ctx , EVP_aes_128_cbc ( ) , ictx - > image_key , iv , enc ) ;
if ( ret = = 1 )
if ( ret = = 1 ) {
EVP_CIPHER_CTX_set_padding ( ctx , 0 ) ;
ictx - > cipher_ctx = ctx ;
}
return ret ;
}
static int sb_aes_crypt ( struct sb_image_ctx * ictx , uint8_t * in_data ,
uint8_t * out_data , int in_len )
{
EVP_CIPHER_CTX * ctx = & ictx - > cipher_ctx ;
EVP_CIPHER_CTX * ctx = ictx - > cipher_ctx ;
int ret , outlen ;
uint8_t * outbuf ;
@ -215,13 +247,13 @@ err:
static int sb_aes_deinit ( EVP_CIPHER_CTX * ctx )
{
return EVP_CIPHER_CTX_cleanup ( ctx ) ;
return EVP_CIPHER_CTX_reset ( ctx ) ;
}
static int sb_aes_reinit ( struct sb_image_ctx * ictx , int enc )
{
int ret ;
EVP_CIPHER_CTX * ctx = & ictx - > cipher_ctx ;
EVP_CIPHER_CTX * ctx = ictx - > cipher_ctx ;
struct sb_boot_image_header * sb_header = & ictx - > payload ;
uint8_t * iv = sb_header - > iv ;
@ -276,7 +308,7 @@ static int sb_get_time(time_t time, struct tm *tm)
static void sb_encrypt_sb_header ( struct sb_image_ctx * ictx )
{
EVP_MD_CTX * md_ctx = & ictx - > md_ctx ;
EVP_MD_CTX * md_ctx = ictx - > md_ctx ;
struct sb_boot_image_header * sb_header = & ictx - > payload ;
uint8_t * sb_header_ptr = ( uint8_t * ) sb_header ;
@ -287,7 +319,7 @@ static void sb_encrypt_sb_header(struct sb_image_ctx *ictx)
static void sb_encrypt_sb_sections_header ( struct sb_image_ctx * ictx )
{
EVP_MD_CTX * md_ctx = & ictx - > md_ctx ;
EVP_MD_CTX * md_ctx = ictx - > md_ctx ;
struct sb_section_ctx * sctx = ictx - > sect_head ;
struct sb_sections_header * shdr ;
uint8_t * sb_sections_header_ptr ;
@ -307,7 +339,7 @@ static void sb_encrypt_sb_sections_header(struct sb_image_ctx *ictx)
static void sb_encrypt_key_dictionary_key ( struct sb_image_ctx * ictx )
{
EVP_MD_CTX * md_ctx = & ictx - > md_ctx ;
EVP_MD_CTX * md_ctx = ictx - > md_ctx ;
sb_aes_crypt ( ictx , ictx - > image_key , ictx - > sb_dict_key . key ,
sizeof ( ictx - > sb_dict_key . key ) ) ;
@ -316,7 +348,7 @@ static void sb_encrypt_key_dictionary_key(struct sb_image_ctx *ictx)
static void sb_decrypt_key_dictionary_key ( struct sb_image_ctx * ictx )
{
EVP_MD_CTX * md_ctx = & ictx - > md_ctx ;
EVP_MD_CTX * md_ctx = ictx - > md_ctx ;
EVP_DigestUpdate ( md_ctx , & ictx - > sb_dict_key , sizeof ( ictx - > sb_dict_key ) ) ;
sb_aes_crypt ( ictx , ictx - > sb_dict_key . key , ictx - > image_key ,
@ -326,7 +358,7 @@ static void sb_decrypt_key_dictionary_key(struct sb_image_ctx *ictx)
static void sb_encrypt_tag ( struct sb_image_ctx * ictx ,
struct sb_cmd_ctx * cctx )
{
EVP_MD_CTX * md_ctx = & ictx - > md_ctx ;
EVP_MD_CTX * md_ctx = ictx - > md_ctx ;
struct sb_command * cmd = & cctx - > payload ;
sb_aes_crypt ( ictx , ( uint8_t * ) cmd ,
@ -337,8 +369,8 @@ static void sb_encrypt_tag(struct sb_image_ctx *ictx,
static int sb_encrypt_image ( struct sb_image_ctx * ictx )
{
/* Start image-wide crypto. */
EVP_MD_CTX_init ( & ictx - > md_ctx ) ;
EVP_DigestInit ( & ictx - > md_ctx , EVP_sha1 ( ) ) ;
ictx - > md_ctx = EVP_MD_CTX_new ( ) ;
EVP_DigestInit ( ictx - > md_ctx , EVP_sha1 ( ) ) ;
/*
* SB image header .
@ -379,7 +411,7 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
} else if ( ccmd - > header . tag = = ROM_LOAD_CMD ) {
sb_aes_crypt ( ictx , cctx - > data , cctx - > data ,
cctx - > length ) ;
EVP_DigestUpdate ( & ictx - > md_ctx , cctx - > data ,
EVP_DigestUpdate ( ictx - > md_ctx , cctx - > data ,
cctx - > length ) ;
}
@ -394,11 +426,12 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
*/
sb_aes_reinit ( ictx , 1 ) ;
EVP_DigestFinal ( & ictx - > md_ctx , ictx - > digest , NULL ) ;
EVP_DigestFinal ( ictx - > md_ctx , ictx - > digest , NULL ) ;
EVP_MD_CTX_free ( ictx - > md_ctx ) ;
sb_aes_crypt ( ictx , ictx - > digest , ictx - > digest , sizeof ( ictx - > digest ) ) ;
/* Stop the encryption session. */
sb_aes_deinit ( & ictx - > cipher_ctx ) ;
sb_aes_deinit ( ictx - > cipher_ctx ) ;
return 0 ;
}
@ -1322,7 +1355,7 @@ static int sb_postfill_image_header(struct sb_image_ctx *ictx)
struct sb_boot_image_header * hdr = & ictx - > payload ;
struct sb_section_ctx * sctx = ictx - > sect_head ;
uint32_t kd_size , sections_blocks ;
EVP_MD_CTX md_ctx ;
EVP_MD_CTX * md_ctx ;
/* The main SB header size in blocks. */
hdr - > image_blocks = hdr - > header_blocks ;
@ -1359,13 +1392,14 @@ static int sb_postfill_image_header(struct sb_image_ctx *ictx)
hdr - > key_dictionary_block + kd_size / SB_BLOCK_SIZE ;
/* Compute header digest. */
EVP_MD_CTX_init ( & md_ctx ) ;
md_ctx = EVP_MD_CTX_new ( ) ;
EVP_DigestInit ( & md_ctx , EVP_sha1 ( ) ) ;
EVP_DigestUpdate ( & md_ctx , hdr - > signature1 ,
EVP_DigestInit ( md_ctx , EVP_sha1 ( ) ) ;
EVP_DigestUpdate ( md_ctx , hdr - > signature1 ,
sizeof ( struct sb_boot_image_header ) -
sizeof ( hdr - > digest ) ) ;
EVP_DigestFinal ( & md_ctx , hdr - > digest , NULL ) ;
EVP_DigestFinal ( md_ctx , hdr - > digest , NULL ) ;
EVP_MD_CTX_free ( md_ctx ) ;
return 0 ;
}
@ -1621,12 +1655,12 @@ static int sb_verify_image_header(struct sb_image_ctx *ictx,
struct tm tm ;
int sz , ret = 0 ;
unsigned char digest [ 20 ] ;
EVP_MD_CTX md_ctx ;
EVP_MD_CTX * md_ctx ;
unsigned long size ;
/* Start image-wide crypto. */
EVP_MD_CTX_init ( & ictx - > md_ctx ) ;
EVP_DigestInit ( & ictx - > md_ctx , EVP_sha1 ( ) ) ;
ictx - > md_ctx = EVP_MD_CTX_new ( ) ;
EVP_DigestInit ( ictx - > md_ctx , EVP_sha1 ( ) ) ;
soprintf ( ictx , " ---------- Verifying SB Image Header ---------- \n " ) ;
@ -1637,12 +1671,13 @@ static int sb_verify_image_header(struct sb_image_ctx *ictx,
}
/* Compute header digest. */
EVP_MD_CTX_init ( & md_ctx ) ;
EVP_DigestInit ( & md_ctx , EVP_sha1 ( ) ) ;
EVP_DigestUpdate ( & md_ctx , hdr - > signature1 ,
md_ctx = EVP_MD_CTX_new ( ) ;
EVP_DigestInit ( md_ctx , EVP_sha1 ( ) ) ;
EVP_DigestUpdate ( md_ctx , hdr - > signature1 ,
sizeof ( struct sb_boot_image_header ) -
sizeof ( hdr - > digest ) ) ;
EVP_DigestFinal ( & md_ctx , digest , NULL ) ;
EVP_DigestFinal ( md_ctx , digest , NULL ) ;
EVP_MD_CTX_free ( md_ctx ) ;
sb_aes_init ( ictx , NULL , 1 ) ;
sb_encrypt_sb_header ( ictx ) ;
@ -1761,7 +1796,7 @@ static int sb_verify_image_header(struct sb_image_ctx *ictx,
static void sb_decrypt_tag ( struct sb_image_ctx * ictx ,
struct sb_cmd_ctx * cctx )
{
EVP_MD_CTX * md_ctx = & ictx - > md_ctx ;
EVP_MD_CTX * md_ctx = ictx - > md_ctx ;
struct sb_command * cmd = & cctx - > payload ;
sb_aes_crypt ( ictx , ( uint8_t * ) & cctx - > c_payload ,
@ -1818,7 +1853,7 @@ static int sb_verify_command(struct sb_image_ctx *ictx,
* tsize + = size ;
EVP_DigestUpdate ( & ictx - > md_ctx , cctx - > data , asize ) ;
EVP_DigestUpdate ( ictx - > md_ctx , cctx - > data , asize ) ;
sb_aes_crypt ( ictx , cctx - > data , cctx - > data , asize ) ;
if ( ccmd - > load . crc32 ! = pbl_crc32 ( 0 ,
@ -2007,7 +2042,8 @@ static int sb_verify_image_end(struct sb_image_ctx *ictx,
}
/* Check the image digest. */
EVP_DigestFinal ( & ictx - > md_ctx , ictx - > digest , NULL ) ;
EVP_DigestFinal ( ictx - > md_ctx , ictx - > digest , NULL ) ;
EVP_MD_CTX_free ( ictx - > md_ctx ) ;
/* Decrypt the image digest from the input image. */
sb_aes_reinit ( ictx , 0 ) ;
@ -2083,7 +2119,7 @@ err_verify:
soprintf ( ictx , " Verification %s \n " , ret ? " FAILED " : " PASSED " ) ;
/* Stop the encryption session. */
sb_aes_deinit ( & ictx - > cipher_ctx ) ;
sb_aes_deinit ( ictx - > cipher_ctx ) ;
fclose ( fp ) ;
return ret ;