204 static int sb_aes_init(struct sb_image_ctx *ictx, uint8_t *iv, int enc)  in sb_aes_init()  argument
211 		iv = ictx->image_key;  in sb_aes_init()
214 	ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), ictx->image_key, iv, enc);  in sb_aes_init()
217 		ictx->cipher_ctx = ctx;  in sb_aes_init()
222 static int sb_aes_crypt(struct sb_image_ctx *ictx, uint8_t *in_data,  in sb_aes_crypt()  argument
225 	EVP_CIPHER_CTX *ctx = ictx->cipher_ctx;  in sb_aes_crypt()
253 static int sb_aes_reinit(struct sb_image_ctx *ictx, int enc)  in sb_aes_reinit()  argument
256 	EVP_CIPHER_CTX *ctx = ictx->cipher_ctx;  in sb_aes_reinit()
257 	struct sb_boot_image_header *sb_header = &ictx->payload;  in sb_aes_reinit()
263 	return sb_aes_init(ictx, iv, enc);  in sb_aes_reinit()
269 static void soprintf(struct sb_image_ctx *ictx, const char *fmt, ...)  in soprintf()  argument
273 	if (ictx->silent_dump)  in soprintf()
309 static void sb_encrypt_sb_header(struct sb_image_ctx *ictx)  in sb_encrypt_sb_header()  argument
311 	EVP_MD_CTX *md_ctx = ictx->md_ctx;  in sb_encrypt_sb_header()
312 	struct sb_boot_image_header *sb_header = &ictx->payload;  in sb_encrypt_sb_header()
316 	sb_aes_crypt(ictx, sb_header_ptr, NULL, sizeof(*sb_header));  in sb_encrypt_sb_header()
320 static void sb_encrypt_sb_sections_header(struct sb_image_ctx *ictx)  in sb_encrypt_sb_sections_header()  argument
322 	EVP_MD_CTX *md_ctx = ictx->md_ctx;  in sb_encrypt_sb_sections_header()
323 	struct sb_section_ctx *sctx = ictx->sect_head;  in sb_encrypt_sb_sections_header()
332 		sb_aes_crypt(ictx, sb_sections_header_ptr,  in sb_encrypt_sb_sections_header()
333 			     ictx->sb_dict_key.cbc_mac, size);  in sb_encrypt_sb_sections_header()
340 static void sb_encrypt_key_dictionary_key(struct sb_image_ctx *ictx)  in sb_encrypt_key_dictionary_key()  argument
342 	EVP_MD_CTX *md_ctx = ictx->md_ctx;  in sb_encrypt_key_dictionary_key()
344 	sb_aes_crypt(ictx, ictx->image_key, ictx->sb_dict_key.key,  in sb_encrypt_key_dictionary_key()
345 		     sizeof(ictx->sb_dict_key.key));  in sb_encrypt_key_dictionary_key()
346 	EVP_DigestUpdate(md_ctx, &ictx->sb_dict_key, sizeof(ictx->sb_dict_key));  in sb_encrypt_key_dictionary_key()
349 static void sb_decrypt_key_dictionary_key(struct sb_image_ctx *ictx)  in sb_decrypt_key_dictionary_key()  argument
351 	EVP_MD_CTX *md_ctx = ictx->md_ctx;  in sb_decrypt_key_dictionary_key()
353 	EVP_DigestUpdate(md_ctx, &ictx->sb_dict_key, sizeof(ictx->sb_dict_key));  in sb_decrypt_key_dictionary_key()
354 	sb_aes_crypt(ictx, ictx->sb_dict_key.key, ictx->image_key,  in sb_decrypt_key_dictionary_key()
355 		     sizeof(ictx->sb_dict_key.key));  in sb_decrypt_key_dictionary_key()
358 static void sb_encrypt_tag(struct sb_image_ctx *ictx,  in sb_encrypt_tag()  argument
361 	EVP_MD_CTX *md_ctx = ictx->md_ctx;  in sb_encrypt_tag()
364 	sb_aes_crypt(ictx, (uint8_t *)cmd,  in sb_encrypt_tag()
369 static int sb_encrypt_image(struct sb_image_ctx *ictx)  in sb_encrypt_image()  argument
372 	ictx->md_ctx = EVP_MD_CTX_new();  in sb_encrypt_image()
373 	EVP_DigestInit(ictx->md_ctx, EVP_sha1());  in sb_encrypt_image()
378 	sb_aes_init(ictx, NULL, 1);  in sb_encrypt_image()
379 	sb_encrypt_sb_header(ictx);  in sb_encrypt_image()
384 	sb_encrypt_sb_sections_header(ictx);  in sb_encrypt_image()
389 	sb_aes_reinit(ictx, 1);  in sb_encrypt_image()
390 	sb_encrypt_key_dictionary_key(ictx);  in sb_encrypt_image()
397 	struct sb_section_ctx *sctx = ictx->sect_head;  in sb_encrypt_image()
402 		sb_aes_reinit(ictx, 1);  in sb_encrypt_image()
407 			sb_encrypt_tag(ictx, cctx);  in sb_encrypt_image()
410 				sb_aes_reinit(ictx, 1);  in sb_encrypt_image()
412 				sb_aes_crypt(ictx, cctx->data, cctx->data,  in sb_encrypt_image()
414 				EVP_DigestUpdate(ictx->md_ctx, cctx->data,  in sb_encrypt_image()
427 	sb_aes_reinit(ictx, 1);  in sb_encrypt_image()
429 	EVP_DigestFinal(ictx->md_ctx, ictx->digest, NULL);  in sb_encrypt_image()
430 	EVP_MD_CTX_free(ictx->md_ctx);  in sb_encrypt_image()
431 	sb_aes_crypt(ictx, ictx->digest, ictx->digest, sizeof(ictx->digest));  in sb_encrypt_image()
434 	sb_aes_deinit(ictx->cipher_ctx);  in sb_encrypt_image()
560 static int sb_build_dcd(struct sb_image_ctx *ictx, struct sb_cmd_list *cmd)  in sb_build_dcd()  argument
600 	if (!ictx->dcd_head) {  in sb_build_dcd()
601 		ictx->dcd_head = dctx;  in sb_build_dcd()
602 		ictx->dcd_tail = dctx;  in sb_build_dcd()
604 		ictx->dcd_tail->dcd = dctx;  in sb_build_dcd()
605 		ictx->dcd_tail = dctx;  in sb_build_dcd()
616 static int sb_build_dcd_block(struct sb_image_ctx *ictx,  in sb_build_dcd_block()  argument
624 	struct sb_dcd_ctx *dctx = ictx->dcd_tail;  in sb_build_dcd_block()
710 static int sb_build_section(struct sb_image_ctx *ictx, struct sb_cmd_list *cmd)  in sb_build_section()  argument
756 	ictx->sect_count++;  in sb_build_section()
760 		if (ictx->sect_boot_found) {  in sb_build_section()
765 			ictx->sect_boot = id;  in sb_build_section()
766 			ictx->sect_boot_found = 1;  in sb_build_section()
770 	if (!ictx->sect_head) {  in sb_build_section()
771 		ictx->sect_head = sctx;  in sb_build_section()
772 		ictx->sect_tail = sctx;  in sb_build_section()
774 		ictx->sect_tail->sect = sctx;  in sb_build_section()
775 		ictx->sect_tail = sctx;  in sb_build_section()
785 static int sb_build_command_nop(struct sb_image_ctx *ictx)  in sb_build_command_nop()  argument
787 	struct sb_section_ctx *sctx = ictx->sect_tail;  in sb_build_command_nop()
819 static int sb_build_command_tag(struct sb_image_ctx *ictx,  in sb_build_command_tag()  argument
822 	struct sb_section_ctx *sctx = ictx->sect_tail;  in sb_build_command_tag()
863 static int sb_build_command_load(struct sb_image_ctx *ictx,  in sb_build_command_load()  argument
866 	struct sb_section_ctx *sctx = ictx->sect_tail;  in sb_build_command_load()
949 		struct sb_dcd_ctx *dctx = ictx->dcd_head;  in sb_build_command_load()
1036 static int sb_build_command_fill(struct sb_image_ctx *ictx,  in sb_build_command_fill()  argument
1039 	struct sb_section_ctx *sctx = ictx->sect_tail;  in sb_build_command_fill()
1133 static int sb_build_command_jump_call(struct sb_image_ctx *ictx,  in sb_build_command_jump_call()  argument
1137 	struct sb_section_ctx *sctx = ictx->sect_tail;  in sb_build_command_jump_call()
1224 static int sb_build_command_jump(struct sb_image_ctx *ictx,  in sb_build_command_jump()  argument
1227 	return sb_build_command_jump_call(ictx, cmd, 0);  in sb_build_command_jump()
1230 static int sb_build_command_call(struct sb_image_ctx *ictx,  in sb_build_command_call()  argument
1233 	return sb_build_command_jump_call(ictx, cmd, 1);  in sb_build_command_call()
1236 static int sb_build_command_mode(struct sb_image_ctx *ictx,  in sb_build_command_mode()  argument
1239 	struct sb_section_ctx *sctx = ictx->sect_tail;  in sb_build_command_mode()
1314 static int sb_prefill_image_header(struct sb_image_ctx *ictx)  in sb_prefill_image_header()  argument
1316 	struct sb_boot_image_header *hdr = &ictx->payload;  in sb_prefill_image_header()
1344 	hdr->flags = ictx->display_progress ?  in sb_prefill_image_header()
1353 static int sb_postfill_image_header(struct sb_image_ctx *ictx)  in sb_postfill_image_header()  argument
1355 	struct sb_boot_image_header *hdr = &ictx->payload;  in sb_postfill_image_header()
1356 	struct sb_section_ctx *sctx = ictx->sect_head;  in sb_postfill_image_header()
1368 	hdr->section_count = ictx->sect_count;  in sb_postfill_image_header()
1374 	if (!ictx->sect_boot_found) {  in sb_postfill_image_header()
1378 	hdr->first_boot_section_id = ictx->sect_boot;  in sb_postfill_image_header()
1407 static int sb_fixup_sections_and_tags(struct sb_image_ctx *ictx)  in sb_fixup_sections_and_tags()  argument
1410 	struct sb_boot_image_header *ihdr = &ictx->payload;  in sb_fixup_sections_and_tags()
1411 	struct sb_section_ctx *sctx = ictx->sect_head;  in sb_fixup_sections_and_tags()
1449 static int sb_parse_line(struct sb_image_ctx *ictx, struct sb_cmd_list *cmd)  in sb_parse_line()  argument
1467 		ictx->display_progress = 1;  in sb_parse_line()
1473 		ictx->in_section = 0;  in sb_parse_line()
1474 		ictx->in_dcd = 1;  in sb_parse_line()
1475 		sb_build_dcd(ictx, cmd);  in sb_parse_line()
1481 		ictx->in_section = 1;  in sb_parse_line()
1482 		ictx->in_dcd = 0;  in sb_parse_line()
1483 		sb_build_section(ictx, cmd);  in sb_parse_line()
1487 	if (!ictx->in_section && !ictx->in_dcd) {  in sb_parse_line()
1493 	if (ictx->in_section) {  in sb_parse_line()
1496 			ret = sb_build_command_nop(ictx);  in sb_parse_line()
1498 			ret = sb_build_command_tag(ictx, cmd);  in sb_parse_line()
1500 			ret = sb_build_command_load(ictx, cmd);  in sb_parse_line()
1502 			ret = sb_build_command_fill(ictx, cmd);  in sb_parse_line()
1504 			ret = sb_build_command_jump(ictx, cmd);  in sb_parse_line()
1506 			ret = sb_build_command_call(ictx, cmd);  in sb_parse_line()
1508 			ret = sb_build_command_mode(ictx, cmd);  in sb_parse_line()
1515 	} else if (ictx->in_dcd) {  in sb_parse_line()
1538 			ret = sb_build_dcd_block(ictx, cmd,  in sb_parse_line()
1541 			ret = sb_build_dcd_block(ictx, cmd,  in sb_parse_line()
1544 			ret = sb_build_dcd_block(ictx, cmd,  in sb_parse_line()
1547 			ret = sb_build_dcd_block(ictx, cmd,  in sb_parse_line()
1550 			ret = sb_build_dcd_block(ictx, cmd,  in sb_parse_line()
1553 			ret = sb_build_dcd_block(ictx, cmd,  in sb_parse_line()
1556 			ret = sb_build_dcd_block(ictx, cmd,  in sb_parse_line()
1559 			ret = sb_build_dcd_block(ictx, cmd, SB_DCD_NOOP);  in sb_parse_line()
1578 	if (ictx->in_section && !ret) {  in sb_parse_line()
1579 		ictx->sect_tail->size += ictx->sect_tail->cmd_tail->size;  in sb_parse_line()
1580 		ictx->sect_tail->payload.section_size =  in sb_parse_line()
1581 			ictx->sect_tail->size / SB_BLOCK_SIZE;  in sb_parse_line()
1587 static int sb_load_cmdfile(struct sb_image_ctx *ictx)  in sb_load_cmdfile()  argument
1596 	fp = fopen(ictx->cfg_filename, "r");  in sb_load_cmdfile()
1610 		sb_parse_line(ictx, &cmd);  in sb_load_cmdfile()
1622 		ictx->cfg_filename);  in sb_load_cmdfile()
1626 static int sb_build_tree_from_cfg(struct sb_image_ctx *ictx)  in sb_build_tree_from_cfg()  argument
1630 	ret = sb_load_cmdfile(ictx);  in sb_build_tree_from_cfg()
1634 	ret = sb_prefill_image_header(ictx);  in sb_build_tree_from_cfg()
1638 	ret = sb_postfill_image_header(ictx);  in sb_build_tree_from_cfg()
1642 	ret = sb_fixup_sections_and_tags(ictx);  in sb_build_tree_from_cfg()
1649 static int sb_verify_image_header(struct sb_image_ctx *ictx,  in sb_verify_image_header()  argument
1653 	struct sb_boot_image_header *hdr = &ictx->payload;  in sb_verify_image_header()
1662 	ictx->md_ctx = EVP_MD_CTX_new();  in sb_verify_image_header()
1663 	EVP_DigestInit(ictx->md_ctx, EVP_sha1());  in sb_verify_image_header()
1665 	soprintf(ictx, "---------- Verifying SB Image Header ----------\n");  in sb_verify_image_header()
1667 	size = fread(&ictx->payload, 1, sizeof(ictx->payload), fp);  in sb_verify_image_header()
1668 	if (size != sizeof(ictx->payload)) {  in sb_verify_image_header()
1682 	sb_aes_init(ictx, NULL, 1);  in sb_verify_image_header()
1683 	sb_encrypt_sb_header(ictx);  in sb_verify_image_header()
1687 	soprintf(ictx, "%s Image header checksum:        %s\n", stat[!!ret],  in sb_verify_image_header()
1695 	soprintf(ictx, "%s Signatures:                   '%.4s' '%.4s'\n",  in sb_verify_image_header()
1703 	soprintf(ictx, "%s Image version:                v%i.%i\n", stat[!!ret],  in sb_verify_image_header()
1709 	soprintf(ictx,  in sb_verify_image_header()
1716 	soprintf(ictx, "%s Product version:              %x.%x.%x\n", stat[0],  in sb_verify_image_header()
1720 	soprintf(ictx, "%s Component version:            %x.%x.%x\n", stat[0],  in sb_verify_image_header()
1727 	soprintf(ictx, "%s Image flags:                  %s\n", stat[!!ret],  in sb_verify_image_header()
1735 	soprintf(ictx, "%s Drive tag:                    %i\n", stat[!!ret],  in sb_verify_image_header()
1743 	soprintf(ictx, "%s Image header size (blocks):   %i\n", stat[!!ret],  in sb_verify_image_header()
1751 	soprintf(ictx, "%s Section header size (blocks): %i\n", stat[!!ret],  in sb_verify_image_header()
1756 	soprintf(ictx, "%s Sections count:               %i\n", stat[!!ret],  in sb_verify_image_header()
1758 	soprintf(ictx, "%s First bootable section        %i\n", stat[!!ret],  in sb_verify_image_header()
1763 	soprintf(ictx, "%s Image size (blocks):          %i\n", stat[!!ret],  in sb_verify_image_header()
1771 	soprintf(ictx, "%s Key dict offset (blocks):     %i\n", stat[!!ret],  in sb_verify_image_header()
1778 	soprintf(ictx, "%s Number of encryption keys:    %i\n", stat[!!ret],  in sb_verify_image_header()
1788 	soprintf(ictx, "%s First TAG block (blocks):     %i\n", stat[!!ret],  in sb_verify_image_header()
1796 static void sb_decrypt_tag(struct sb_image_ctx *ictx,  in sb_decrypt_tag()  argument
1799 	EVP_MD_CTX *md_ctx = ictx->md_ctx;  in sb_decrypt_tag()
1802 	sb_aes_crypt(ictx, (uint8_t *)&cctx->c_payload,  in sb_decrypt_tag()
1807 static int sb_verify_command(struct sb_image_ctx *ictx,  in sb_verify_command()  argument
1829 		soprintf(ictx, " NOOP # %s\n", csum);  in sb_verify_command()
1834 		soprintf(ictx, " TAG %s # %s\n", flag, csum);  in sb_verify_command()
1835 		sb_aes_reinit(ictx, 0);  in sb_verify_command()
1838 		soprintf(ictx, " LOAD addr=0x%08x length=0x%08x # %s\n",  in sb_verify_command()
1856 		EVP_DigestUpdate(ictx->md_ctx, cctx->data, asize);  in sb_verify_command()
1857 		sb_aes_crypt(ictx, cctx->data, cctx->data, asize);  in sb_verify_command()
1868 		soprintf(ictx,  in sb_verify_command()
1876 		soprintf(ictx,  in sb_verify_command()
1883 		soprintf(ictx,  in sb_verify_command()
1890 				soprintf(ictx, " MODE %s # %s\n",  in sb_verify_command()
1902 static int sb_verify_commands(struct sb_image_ctx *ictx,  in sb_verify_commands()  argument
1909 	sb_aes_reinit(ictx, 0);  in sb_verify_commands()
1931 		sb_decrypt_tag(ictx, cctx);  in sb_verify_commands()
1933 		ret = sb_verify_command(ictx, cctx, fp, &tsize);  in sb_verify_commands()
1941 static int sb_verify_sections_cmds(struct sb_image_ctx *ictx, FILE *fp)  in sb_verify_sections_cmds()  argument
1943 	struct sb_boot_image_header *hdr = &ictx->payload;  in sb_verify_sections_cmds()
1951 	soprintf(ictx, "----- Verifying  SB Sections and Commands -----\n");  in sb_verify_sections_cmds()
1957 		if (!ictx->sect_head) {  in sb_verify_sections_cmds()
1958 			ictx->sect_head = sctx;  in sb_verify_sections_cmds()
1959 			ictx->sect_tail = sctx;  in sb_verify_sections_cmds()
1961 			ictx->sect_tail->sect = sctx;  in sb_verify_sections_cmds()
1962 			ictx->sect_tail = sctx;  in sb_verify_sections_cmds()
1972 	size = fread(&ictx->sb_dict_key, 1, sizeof(ictx->sb_dict_key), fp);  in sb_verify_sections_cmds()
1973 	if (size != sizeof(ictx->sb_dict_key)) {  in sb_verify_sections_cmds()
1978 	sb_encrypt_sb_sections_header(ictx);  in sb_verify_sections_cmds()
1979 	sb_aes_reinit(ictx, 0);  in sb_verify_sections_cmds()
1980 	sb_decrypt_key_dictionary_key(ictx);  in sb_verify_sections_cmds()
1982 	sb_aes_reinit(ictx, 0);  in sb_verify_sections_cmds()
1984 	sctx = ictx->sect_head;  in sb_verify_sections_cmds()
1995 		soprintf(ictx, "SECTION 0x%x%s # size = %i bytes\n",  in sb_verify_sections_cmds()
2008 		ret = sb_verify_commands(ictx, sctx, fp);  in sb_verify_sections_cmds()
2022 static int sb_verify_image_end(struct sb_image_ctx *ictx,  in sb_verify_image_end()  argument
2030 	soprintf(ictx, "------------- Verifying image end -------------\n");  in sb_verify_image_end()
2045 	EVP_DigestFinal(ictx->md_ctx, ictx->digest, NULL);  in sb_verify_image_end()
2046 	EVP_MD_CTX_free(ictx->md_ctx);  in sb_verify_image_end()
2049 	sb_aes_reinit(ictx, 0);  in sb_verify_image_end()
2050 	sb_aes_crypt(ictx, digest, digest, sizeof(digest));  in sb_verify_image_end()
2053 	ret = memcmp(digest, ictx->digest, 20) ? -EINVAL : 0;  in sb_verify_image_end()
2056 		soprintf(ictx, "[FAIL] Full-image checksum:          BAD\n");  in sb_verify_image_end()
2058 		soprintf(ictx, "[PASS] Full-image checksum:          OK\n");  in sb_verify_image_end()
2064 static int sb_build_tree_from_img(struct sb_image_ctx *ictx)  in sb_build_tree_from_img()  argument
2070 	if (!ictx->input_filename) {  in sb_build_tree_from_img()
2075 	fp = fopen(ictx->input_filename, "r");  in sb_build_tree_from_img()
2091 	if (filesize < (signed)sizeof(ictx->payload)) {  in sb_build_tree_from_img()
2102 	ret = sb_verify_image_header(ictx, fp, filesize);  in sb_build_tree_from_img()
2107 	ret = sb_verify_sections_cmds(ictx, fp);  in sb_build_tree_from_img()
2111 	ret = sb_verify_image_end(ictx, fp, filesize);  in sb_build_tree_from_img()
2118 	soprintf(ictx, "-------------------- Result -------------------\n");  in sb_build_tree_from_img()
2119 	soprintf(ictx, "Verification %s\n", ret ? "FAILED" : "PASSED");  in sb_build_tree_from_img()
2122 	sb_aes_deinit(ictx->cipher_ctx);  in sb_build_tree_from_img()
2131 		ictx->input_filename);  in sb_build_tree_from_img()
2135 static void sb_free_image(struct sb_image_ctx *ictx)  in sb_free_image()  argument
2137 	struct sb_section_ctx *sctx = ictx->sect_head, *s_head;  in sb_free_image()
2138 	struct sb_dcd_ctx *dctx = ictx->dcd_head, *d_head;  in sb_free_image()
2250 static int sb_build_image(struct sb_image_ctx *ictx,  in sb_build_image()  argument
2253 	struct sb_boot_image_header *sb_header = &ictx->payload;  in sb_build_image()
2257 	struct sb_key_dictionary_key *sb_dict_key = &ictx->sb_dict_key;  in sb_build_image()
2263 		ictx->sect_count * sizeof(struct sb_sections_header) +  in sb_build_image()
2264 		sizeof(*sb_dict_key) + sizeof(ictx->digest);  in sb_build_image()
2266 	sctx = ictx->sect_head;  in sb_build_image()
2280 	sctx = ictx->sect_head;  in sb_build_image()
2290 	sctx = ictx->sect_head;  in sb_build_image()
2310 	memcpy(iptr, ictx->digest, sizeof(ictx->digest));  in sb_build_image()
2311 	iptr += sizeof(ictx->digest);  in sb_build_image()