1 /*
2 * Copyright (c) 2013, Google Inc.
3 *
4 * SPDX-License-Identifier: GPL-2.0+
5 */
6
7 #ifndef USE_HOSTCC
8 #include <common.h>
9 #include <crypto.h>
10 #include <fdtdec.h>
11 #include <misc.h>
12 #include <asm/types.h>
13 #include <asm/byteorder.h>
14 #include <linux/errno.h>
15 #include <asm/types.h>
16 #include <asm/unaligned.h>
17 #include <dm.h>
18 #include <asm/arch/rk_atags.h>
19 #else
20 #include "fdt_host.h"
21 #include "mkimage.h"
22 #include <fdt_support.h>
23 #endif
24 #include <u-boot/rsa-mod-exp.h>
25 #include <u-boot/rsa.h>
26
27 /* Default public exponent for backward compatibility */
28 #define RSA_DEFAULT_PUBEXP 65537
29
30 /**
31 * rsa_verify_padding() - Verify RSA message padding is valid
32 *
33 * Verify a RSA message's padding is consistent with PKCS1.5
34 * padding as described in the RSA PKCS#1 v2.1 standard.
35 *
36 * @msg: Padded message
37 * @pad_len: Number of expected padding bytes
38 * @algo: Checksum algo structure having information on DER encoding etc.
39 * @return 0 on success, != 0 on failure
40 */
rsa_verify_padding(const uint8_t * msg,const int pad_len,struct checksum_algo * algo)41 static int rsa_verify_padding(const uint8_t *msg, const int pad_len,
42 struct checksum_algo *algo)
43 {
44 int ff_len;
45 int ret;
46
47 /* first byte must be 0x00 */
48 ret = *msg++;
49 /* second byte must be 0x01 */
50 ret |= *msg++ ^ 0x01;
51 /* next ff_len bytes must be 0xff */
52 ff_len = pad_len - algo->der_len - 3;
53 ret |= *msg ^ 0xff;
54 ret |= memcmp(msg, msg+1, ff_len-1);
55 msg += ff_len;
56 /* next byte must be 0x00 */
57 ret |= *msg++;
58 /* next der_len bytes must match der_prefix */
59 ret |= memcmp(msg, algo->der_prefix, algo->der_len);
60
61 return ret;
62 }
63
64 #if !defined(USE_HOSTCC)
65 #if CONFIG_IS_ENABLED(FIT_HW_CRYPTO)
rsa_convert_big_endian(uint32_t * dst,const uint32_t * src,int total_len,int convert_len)66 static void rsa_convert_big_endian(uint32_t *dst, const uint32_t *src,
67 int total_len, int convert_len)
68 {
69 int total_wd, convert_wd, i;
70
71 if (total_len < convert_len)
72 convert_len = total_len;
73
74 total_wd = total_len / sizeof(uint32_t);
75 convert_wd = convert_len / sizeof(uint32_t);
76 for (i = 0; i < convert_wd; i++)
77 dst[i] = fdt32_to_cpu(src[total_wd - 1 - i]);
78 }
79
rsa_mod_exp_hw(struct key_prop * prop,const uint8_t * sig,const uint32_t sig_len,const uint32_t key_len,uint8_t * output)80 static int rsa_mod_exp_hw(struct key_prop *prop, const uint8_t *sig,
81 const uint32_t sig_len, const uint32_t key_len,
82 uint8_t *output)
83 {
84 struct udevice *dev;
85 uint8_t sig_reverse[sig_len];
86 uint8_t buf[sig_len];
87 rsa_key rsa_key;
88 int i, ret;
89 #ifdef CONFIG_FIT_ENABLE_RSA4096_SUPPORT
90 if (key_len != RSA4096_BYTES)
91 return -EINVAL;
92
93 rsa_key.algo = CRYPTO_RSA4096;
94 #else
95 if (key_len != RSA2048_BYTES)
96 return -EINVAL;
97
98 rsa_key.algo = CRYPTO_RSA2048;
99 #endif
100 rsa_key.n = malloc(key_len);
101 rsa_key.e = malloc(key_len);
102 rsa_key.c = malloc(key_len);
103 if (!rsa_key.n || !rsa_key.e || !rsa_key.c)
104 return -ENOMEM;
105
106 rsa_convert_big_endian(rsa_key.n, (uint32_t *)prop->modulus,
107 key_len, key_len);
108 rsa_convert_big_endian(rsa_key.e, (uint32_t *)prop->public_exponent_BN,
109 key_len, key_len);
110 #ifdef CONFIG_ROCKCHIP_CRYPTO_V1
111 rsa_convert_big_endian(rsa_key.c, (uint32_t *)prop->factor_c,
112 key_len, key_len);
113 #else
114 rsa_convert_big_endian(rsa_key.c, (uint32_t *)prop->factor_np,
115 key_len, key_len);
116 #endif
117 #if defined(CONFIG_ROCKCHIP_PRELOADER_ATAGS) && defined(CONFIG_SPL_BUILD)
118 char *rsa_key_data = malloc(3 * key_len);
119 int flag = 0;
120
121 if (rsa_key_data) {
122 memcpy(rsa_key_data, rsa_key.n, key_len);
123 memcpy(rsa_key_data + key_len, rsa_key.e, key_len);
124 memcpy(rsa_key_data + 2 * key_len, rsa_key.c, key_len);
125 if (fit_board_verify_required_sigs())
126 flag = PUBKEY_FUSE_PROGRAMMED;
127
128 if (atags_set_pub_key(rsa_key_data, 3 * key_len, flag))
129 printf("Send public key through atags fail.");
130 }
131 #endif
132 for (i = 0; i < sig_len; i++)
133 sig_reverse[sig_len-1-i] = sig[i];
134
135 dev = crypto_get_device(rsa_key.algo);
136 if (!dev) {
137 printf("No crypto device for expected RSA\n");
138 return -ENODEV;
139 }
140
141 ret = crypto_rsa_verify(dev, &rsa_key, (u8 *)sig_reverse, buf);
142 if (ret)
143 goto out;
144
145 for (i = 0; i < sig_len; i++)
146 sig_reverse[sig_len-1-i] = buf[i];
147
148 memcpy(output, sig_reverse, sig_len);
149 out:
150 free(rsa_key.n);
151 free(rsa_key.e);
152 free(rsa_key.c);
153
154 return ret;
155 }
156 #endif
157 #endif
158
padding_pkcs_15_verify(struct image_sign_info * info,uint8_t * msg,int msg_len,const uint8_t * hash,int hash_len)159 int padding_pkcs_15_verify(struct image_sign_info *info,
160 uint8_t *msg, int msg_len,
161 const uint8_t *hash, int hash_len)
162 {
163 struct checksum_algo *checksum = info->checksum;
164 int ret, pad_len = msg_len - checksum->checksum_len;
165
166 /* Check pkcs1.5 padding bytes. */
167 ret = rsa_verify_padding(msg, pad_len, checksum);
168 if (ret) {
169 debug("In RSAVerify(): Padding check failed!\n");
170 return -EINVAL;
171 }
172
173 /* Check hash. */
174 if (memcmp((uint8_t *)msg + pad_len, hash, msg_len - pad_len)) {
175 debug("In RSAVerify(): Hash check failed!\n");
176 return -EACCES;
177 }
178
179 return 0;
180 }
181
182 #ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
u32_i2osp(uint32_t val,uint8_t * buf)183 static void u32_i2osp(uint32_t val, uint8_t *buf)
184 {
185 buf[0] = (uint8_t)((val >> 24) & 0xff);
186 buf[1] = (uint8_t)((val >> 16) & 0xff);
187 buf[2] = (uint8_t)((val >> 8) & 0xff);
188 buf[3] = (uint8_t)((val >> 0) & 0xff);
189 }
190
191 /**
192 * mask_generation_function1() - generate an octet string
193 *
194 * Generate an octet string used to check rsa signature.
195 * It use an input octet string and a hash function.
196 *
197 * @checksum: A Hash function
198 * @seed: Specifies an input variable octet string
199 * @seed_len: Size of the input octet string
200 * @output: Specifies the output octet string
201 * @output_len: Size of the output octet string
202 * @return 0 if the octet string was correctly generated, others on error
203 */
mask_generation_function1(struct checksum_algo * checksum,uint8_t * seed,int seed_len,uint8_t * output,int output_len)204 static int mask_generation_function1(struct checksum_algo *checksum,
205 uint8_t *seed, int seed_len,
206 uint8_t *output, int output_len)
207 {
208 struct image_region region[2];
209 int ret = 0, i, i_output = 0, region_count = 2;
210 uint32_t counter = 0;
211 uint8_t buf_counter[4], *tmp;
212 int hash_len = checksum->checksum_len;
213
214 memset(output, 0, output_len);
215
216 region[0].data = seed;
217 region[0].size = seed_len;
218 region[1].data = &buf_counter[0];
219 region[1].size = 4;
220
221 tmp = malloc(hash_len);
222 if (!tmp) {
223 debug("%s: can't allocate array tmp\n", __func__);
224 ret = -ENOMEM;
225 goto out;
226 }
227
228 while (i_output < output_len) {
229 u32_i2osp(counter, &buf_counter[0]);
230
231 ret = checksum->calculate(checksum->name,
232 region, region_count,
233 tmp);
234 if (ret < 0) {
235 debug("%s: Error in checksum calculation\n", __func__);
236 goto out;
237 }
238
239 i = 0;
240 while ((i_output < output_len) && (i < hash_len)) {
241 output[i_output] = tmp[i];
242 i_output++;
243 i++;
244 }
245
246 counter++;
247 }
248
249 out:
250 free(tmp);
251
252 return ret;
253 }
254
compute_hash_prime(struct checksum_algo * checksum,uint8_t * pad,int pad_len,uint8_t * hash,int hash_len,uint8_t * salt,int salt_len,uint8_t * hprime)255 static int compute_hash_prime(struct checksum_algo *checksum,
256 uint8_t *pad, int pad_len,
257 uint8_t *hash, int hash_len,
258 uint8_t *salt, int salt_len,
259 uint8_t *hprime)
260 {
261 struct image_region region[3];
262 int ret, region_count = 3;
263
264 region[0].data = pad;
265 region[0].size = pad_len;
266 region[1].data = hash;
267 region[1].size = hash_len;
268 region[2].data = salt;
269 region[2].size = salt_len;
270
271 ret = checksum->calculate(checksum->name, region, region_count, hprime);
272 if (ret < 0) {
273 debug("%s: Error in checksum calculation\n", __func__);
274 goto out;
275 }
276
277 out:
278 return ret;
279 }
280
padding_pss_verify(struct image_sign_info * info,uint8_t * msg,int msg_len,const uint8_t * hash,int hash_len)281 int padding_pss_verify(struct image_sign_info *info,
282 uint8_t *msg, int msg_len,
283 const uint8_t *hash, int hash_len)
284 {
285 uint8_t *masked_db = NULL;
286 int masked_db_len = msg_len - hash_len - 1;
287 uint8_t *h = NULL, *hprime = NULL;
288 int h_len = hash_len;
289 uint8_t *db_mask = NULL;
290 int db_mask_len = masked_db_len;
291 uint8_t *db = NULL, *salt = NULL;
292 int db_len = masked_db_len, salt_len = msg_len - hash_len - 2;
293 uint8_t pad_zero[8] = { 0 };
294 int ret, i, leftmost_bits = 1;
295 uint8_t leftmost_mask;
296 struct checksum_algo *checksum = info->checksum;
297
298 /* first, allocate everything */
299 masked_db = malloc(masked_db_len);
300 h = malloc(h_len);
301 db_mask = malloc(db_mask_len);
302 db = malloc(db_len);
303 salt = malloc(salt_len);
304 hprime = malloc(hash_len);
305 if (!masked_db || !h || !db_mask || !db || !salt || !hprime) {
306 printf("%s: can't allocate some buffer\n", __func__);
307 ret = -ENOMEM;
308 goto out;
309 }
310
311 /* step 4: check if the last byte is 0xbc */
312 if (msg[msg_len - 1] != 0xbc) {
313 printf("%s: invalid pss padding (0xbc is missing)\n", __func__);
314 ret = -EINVAL;
315 goto out;
316 }
317
318 /* step 5 */
319 memcpy(masked_db, msg, masked_db_len);
320 memcpy(h, msg + masked_db_len, h_len);
321
322 /* step 6 */
323 leftmost_mask = (0xff >> (8 - leftmost_bits)) << (8 - leftmost_bits);
324 if (masked_db[0] & leftmost_mask) {
325 printf("%s: invalid pss padding ", __func__);
326 printf("(leftmost bit of maskedDB not zero)\n");
327 ret = -EINVAL;
328 goto out;
329 }
330
331 /* step 7 */
332 mask_generation_function1(checksum, h, h_len, db_mask, db_mask_len);
333
334 /* step 8 */
335 for (i = 0; i < db_len; i++)
336 db[i] = masked_db[i] ^ db_mask[i];
337
338 /* step 9 */
339 db[0] &= 0xff >> leftmost_bits;
340
341 /* step 10 */
342 if (db[0] != 0x01) {
343 printf("%s: invalid pss padding ", __func__);
344 printf("(leftmost byte of db isn't 0x01)\n");
345 ret = EINVAL;
346 goto out;
347 }
348
349 /* step 11 */
350 memcpy(salt, &db[1], salt_len);
351
352 /* step 12 & 13 */
353 compute_hash_prime(checksum, pad_zero, 8,
354 (uint8_t *)hash, hash_len,
355 salt, salt_len, hprime);
356
357 /* step 14 */
358 ret = memcmp(h, hprime, hash_len);
359
360 out:
361 free(hprime);
362 free(salt);
363 free(db);
364 free(db_mask);
365 free(h);
366 free(masked_db);
367
368 return ret;
369 }
370 #endif
371
372 /**
373 * rsa_verify_key() - Verify a signature against some data using RSA Key
374 *
375 * Verify a RSA PKCS1.5 signature against an expected hash using
376 * the RSA Key properties in prop structure.
377 *
378 * @info: Specifies key and FIT information
379 * @prop: Specifies key
380 * @sig: Signature
381 * @sig_len: Number of bytes in signature
382 * @hash: Pointer to the expected hash
383 * @key_len: Number of bytes in rsa key
384 * @return 0 if verified, -ve on error
385 */
rsa_verify_key(struct image_sign_info * info,struct key_prop * prop,const uint8_t * sig,const uint32_t sig_len,const uint8_t * hash,const uint32_t key_len)386 static int rsa_verify_key(struct image_sign_info *info,
387 struct key_prop *prop, const uint8_t *sig,
388 const uint32_t sig_len, const uint8_t *hash,
389 const uint32_t key_len)
390 {
391 int ret;
392 struct checksum_algo *checksum = info->checksum;
393 struct padding_algo *padding = info->padding;
394 int hash_len = checksum->checksum_len;
395
396 if (!prop || !sig || !hash || !checksum)
397 return -EIO;
398
399 if (sig_len != (prop->num_bits / 8)) {
400 debug("Signature is of incorrect length %d\n", sig_len);
401 return -EINVAL;
402 }
403
404 debug("Checksum algorithm: %s", checksum->name);
405
406 /* Sanity check for stack size */
407 if (sig_len > RSA_MAX_SIG_BITS / 8) {
408 debug("Signature length %u exceeds maximum %d\n", sig_len,
409 RSA_MAX_SIG_BITS / 8);
410 return -EINVAL;
411 }
412
413 uint8_t buf[sig_len];
414
415 #if !defined(USE_HOSTCC)
416 #if CONFIG_IS_ENABLED(FIT_HW_CRYPTO)
417 ret = rsa_mod_exp_hw(prop, sig, sig_len, key_len, buf);
418 #else
419 struct udevice *mod_exp_dev;
420
421 ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
422 if (ret) {
423 printf("RSA: Can't find Modular Exp implementation\n");
424 return -EINVAL;
425 }
426
427 ret = rsa_mod_exp(mod_exp_dev, sig, sig_len, prop, buf);
428 #endif
429 #else
430 ret = rsa_mod_exp_sw(sig, sig_len, prop, buf);
431 #endif
432 if (ret) {
433 debug("Error in Modular exponentation\n");
434 return ret;
435 }
436
437 ret = padding->verify(info, buf, key_len, hash, hash_len);
438 if (ret) {
439 debug("In RSAVerify(): padding check failed!\n");
440 return ret;
441 }
442
443 return 0;
444 }
445
rsa_get_key_prop(struct key_prop * prop,struct image_sign_info * info,int node)446 static int rsa_get_key_prop(struct key_prop *prop, struct image_sign_info *info, int node)
447 {
448 const void *blob = info->fdt_blob;
449 int length;
450 int hash_node;
451
452 if (node < 0) {
453 debug("%s: Skipping invalid node", __func__);
454 return -EBADF;
455 }
456
457 if (!prop) {
458 debug("%s: The prop is NULL", __func__);
459 return -EBADF;
460 }
461
462 prop->burn_key = fdtdec_get_int(blob, node, "burn-key-hash", 0);
463
464 prop->num_bits = fdtdec_get_int(blob, node, "rsa,num-bits", 0);
465
466 prop->n0inv = fdtdec_get_int(blob, node, "rsa,n0-inverse", 0);
467
468 prop->public_exponent = fdt_getprop(blob, node, "rsa,exponent", &length);
469 if (!prop->public_exponent || length < sizeof(uint64_t))
470 prop->public_exponent = NULL;
471
472 prop->exp_len = sizeof(uint64_t);
473 prop->modulus = fdt_getprop(blob, node, "rsa,modulus", NULL);
474 prop->public_exponent_BN = fdt_getprop(blob, node, "rsa,exponent-BN", NULL);
475 prop->rr = fdt_getprop(blob, node, "rsa,r-squared", NULL);
476 #ifdef CONFIG_ROCKCHIP_CRYPTO_V1
477 hash_node = fdt_subnode_offset(blob, node, "hash@c");
478 #else
479 hash_node = fdt_subnode_offset(blob, node, "hash@np");
480 #endif
481 if (hash_node >= 0)
482 prop->hash = fdt_getprop(blob, hash_node, "value", NULL);
483
484 if (!prop->num_bits || !prop->modulus) {
485 debug("%s: Missing RSA key info", __func__);
486 return -EFAULT;
487 }
488
489 #ifdef CONFIG_ROCKCHIP_CRYPTO_V1
490 prop->factor_c = fdt_getprop(blob, node, "rsa,c", NULL);
491 if (!prop.factor_c)
492 return -EFAULT;
493 #else
494 prop->factor_np = fdt_getprop(blob, node, "rsa,np", NULL);
495 if (!prop->factor_np)
496 return -EFAULT;
497 #endif
498
499 return 0;
500 }
501
502 /**
503 * rsa_verify_with_keynode() - Verify a signature against some data using
504 * information in node with prperties of RSA Key like modulus, exponent etc.
505 *
506 * Parse sign-node and fill a key_prop structure with properties of the
507 * key. Verify a RSA PKCS1.5 signature against an expected hash using
508 * the properties parsed
509 *
510 * @info: Specifies key and FIT information
511 * @hash: Pointer to the expected hash
512 * @sig: Signature
513 * @sig_len: Number of bytes in signature
514 * @node: Node having the RSA Key properties
515 * @return 0 if verified, -ve on error
516 */
rsa_verify_with_keynode(struct image_sign_info * info,const void * hash,uint8_t * sig,uint sig_len,int node)517 static int rsa_verify_with_keynode(struct image_sign_info *info,
518 const void *hash, uint8_t *sig,
519 uint sig_len, int node)
520 {
521 struct key_prop prop;
522
523 if (rsa_get_key_prop(&prop, info, node))
524 return -EFAULT;
525
526 return rsa_verify_key(info, &prop, sig, sig_len, hash,
527 info->crypto->key_len);
528 }
529
rsa_verify(struct image_sign_info * info,const struct image_region region[],int region_count,uint8_t * sig,uint sig_len)530 int rsa_verify(struct image_sign_info *info,
531 const struct image_region region[], int region_count,
532 uint8_t *sig, uint sig_len)
533 {
534 const void *blob = info->fdt_blob;
535 /* Reserve memory for maximum checksum-length */
536 uint8_t hash[info->crypto->key_len];
537 int ndepth, noffset;
538 int sig_node, node;
539 char name[100];
540 int ret;
541
542 /*
543 * Verify that the checksum-length does not exceed the
544 * rsa-signature-length
545 */
546 if (info->checksum->checksum_len >
547 info->crypto->key_len) {
548 debug("%s: invlaid checksum-algorithm %s for %s\n",
549 __func__, info->checksum->name, info->crypto->name);
550 return -EINVAL;
551 }
552
553 sig_node = fdt_subnode_offset(blob, 0, FIT_SIG_NODENAME);
554 if (sig_node < 0) {
555 debug("%s: No signature node found\n", __func__);
556 return -ENOENT;
557 }
558
559 /* Calculate checksum with checksum-algorithm */
560 ret = info->checksum->calculate(info->checksum->name,
561 region, region_count, hash);
562 if (ret < 0) {
563 debug("%s: Error in checksum calculation\n", __func__);
564 return -EINVAL;
565 }
566
567 /* See if we must use a particular key */
568 if (info->required_keynode != -1) {
569 ret = rsa_verify_with_keynode(info, hash, sig, sig_len,
570 info->required_keynode);
571 if (!ret)
572 return ret;
573 }
574
575 /* Look for a key that matches our hint */
576 snprintf(name, sizeof(name), "key-%s", info->keyname);
577 node = fdt_subnode_offset(blob, sig_node, name);
578 ret = rsa_verify_with_keynode(info, hash, sig, sig_len, node);
579 if (!ret)
580 return ret;
581
582 /* No luck, so try each of the keys in turn */
583 for (ndepth = 0, noffset = fdt_next_node(info->fit, sig_node, &ndepth);
584 (noffset >= 0) && (ndepth > 0);
585 noffset = fdt_next_node(info->fit, noffset, &ndepth)) {
586 if (ndepth == 1 && noffset != node) {
587 ret = rsa_verify_with_keynode(info, hash, sig, sig_len,
588 noffset);
589 if (!ret)
590 break;
591 }
592 }
593
594 return ret;
595 }
596
597 #if !defined(USE_HOSTCC)
598 #if defined(CONFIG_SPL_BUILD) && defined(CONFIG_SPL_FIT_HW_CRYPTO) && \
599 defined(CONFIG_SPL_ROCKCHIP_SECURE_OTP)
rsa_burn_key_hash(struct image_sign_info * info)600 int rsa_burn_key_hash(struct image_sign_info *info)
601 {
602 char *rsa_key;
603 void *n, *e, *c;
604 uint32_t key_len;
605 struct udevice *dev;
606 struct key_prop prop;
607 char name[100] = {0};
608 u16 secure_flags = 0;
609 const void *blob = info->fdt_blob;
610 uint8_t digest[FIT_MAX_HASH_LEN];
611 uint8_t digest_read[FIT_MAX_HASH_LEN];
612 int sig_node, node, digest_len, i, ret = 0;
613
614 dev = misc_otp_get_device(OTP_S);
615 if (!dev)
616 return -ENODEV;
617
618 ret = misc_otp_read(dev, OTP_SECURE_BOOT_ENABLE_ADDR,
619 &secure_flags, OTP_SECURE_BOOT_ENABLE_SIZE);
620 if (ret)
621 return ret;
622
623 if (secure_flags == 0xff)
624 return 0;
625
626 sig_node = fdt_subnode_offset(blob, 0, FIT_SIG_NODENAME);
627 if (sig_node < 0) {
628 debug("%s: No signature node found\n", __func__);
629 return -ENOENT;
630 }
631
632 snprintf(name, sizeof(name), "key-%s", info->keyname);
633 node = fdt_subnode_offset(blob, sig_node, name);
634
635 if (rsa_get_key_prop(&prop, info, node))
636 return -1;
637
638 if (!(prop.burn_key))
639 return -EPERM;
640
641 if (!prop.hash || !prop.modulus || !prop.public_exponent_BN)
642 return -ENOENT;
643 #ifdef CONFIG_ROCKCHIP_CRYPTO_V1
644 if (!prop.factor_c)
645 return -ENOENT;
646 #else
647 if (!prop.factor_np)
648 return -ENOENT;
649 #endif
650 key_len = info->crypto->key_len;
651 if (info->crypto->key_len != RSA2048_BYTES)
652 return -EINVAL;
653
654 rsa_key = calloc(key_len * 3, sizeof(char));
655 if (!rsa_key)
656 return -ENOMEM;
657
658 n = rsa_key;
659 e = rsa_key + CONFIG_RSA_N_SIZE;
660 c = rsa_key + CONFIG_RSA_N_SIZE + CONFIG_RSA_E_SIZE;
661 rsa_convert_big_endian(n, (uint32_t *)prop.modulus,
662 key_len, CONFIG_RSA_N_SIZE);
663 rsa_convert_big_endian(e, (uint32_t *)prop.public_exponent_BN,
664 key_len, CONFIG_RSA_E_SIZE);
665 #ifdef CONFIG_ROCKCHIP_CRYPTO_V1
666 rsa_convert_big_endian(c, (uint32_t *)prop.factor_c,
667 key_len, CONFIG_RSA_C_SIZE);
668 #else
669 rsa_convert_big_endian(c, (uint32_t *)prop.factor_np,
670 key_len, CONFIG_RSA_C_SIZE);
671 #endif
672
673 ret = calculate_hash(rsa_key, CONFIG_RSA_N_SIZE + CONFIG_RSA_E_SIZE + CONFIG_RSA_C_SIZE,
674 info->checksum->name, digest, &digest_len);
675 if (ret)
676 goto error;
677
678 if (memcmp(digest, prop.hash, digest_len) != 0) {
679 printf("RSA: Compare public key hash fail.\n");
680 goto error;
681 }
682
683 /* burn key hash here */
684 ret = misc_otp_read(dev, OTP_RSA_HASH_ADDR, digest_read, OTP_RSA_HASH_SIZE);
685 if (ret)
686 goto error;
687
688 for (i = 0; i < OTP_RSA_HASH_SIZE; i++) {
689 if (digest_read[i]) {
690 printf("RSA: The secure region has been written.\n");
691 ret = -EIO;
692 goto error;
693 }
694 }
695
696 ret = misc_otp_write(dev, OTP_RSA_HASH_ADDR, digest, OTP_RSA_HASH_SIZE);
697 if (ret)
698 goto error;
699
700 memset(digest_read, 0, FIT_MAX_HASH_LEN);
701 ret = misc_otp_read(dev, OTP_RSA_HASH_ADDR, digest_read, OTP_RSA_HASH_SIZE);
702 if (ret)
703 goto error;
704
705 if (memcmp(digest, digest_read, digest_len) != 0) {
706 printf("RSA: Write public key hash fail.\n");
707 goto error;
708 }
709
710 secure_flags = 0xff;
711 ret = misc_otp_write(dev, OTP_SECURE_BOOT_ENABLE_ADDR,
712 &secure_flags, OTP_SECURE_BOOT_ENABLE_SIZE);
713 if (ret)
714 goto error;
715
716 printf("RSA: Write key hash successfully\n");
717
718 error:
719 free(rsa_key);
720
721 return ret;
722 }
723 #endif
724 #endif
725