From e1741c512c66c468f3c3399aff451ae428cd6824 Mon Sep 17 00:00:00 2001 From: Daisuke Nojiri Date: Mon, 9 Feb 2015 18:15:17 -0800 Subject: broadcom/cygnus: add secimage and sign bootblock secimage is a tool which adds a header and signature to the binary first loaded by the soc. ARM core frequency is set to 1 Ghz. BUG=chrome-os-partner:36421 BRANCH=broadcom-firmware TEST=booted b0 board Change-Id: Ia08600d45c47ee4f08d253980036916e44b0044a Signed-off-by: Patrick Georgi Original-Commit-Id: 36284d1b242c26b0b5aac2894f7ed1790da1ef15 Original-Signed-off-by: Daisuke Nojiri Original-Reviewed-on: https://chrome-internal-review.googlesource.com/197155 Original-Reviewed-by: Scott Branden Original-Reviewed-by: Julius Werner Original-Commit-Queue: Daisuke Nojiri Original-Tested-by: Daisuke Nojiri Original-Change-Id: Iaddd24006b368c8f37e075cb51e151e985029f3b Original-Reviewed-on: https://chromium-review.googlesource.com/264417 Reviewed-on: http://review.coreboot.org/9914 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer --- util/broadcom/secimage/crypto.c | 75 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 util/broadcom/secimage/crypto.c (limited to 'util/broadcom/secimage/crypto.c') diff --git a/util/broadcom/secimage/crypto.c b/util/broadcom/secimage/crypto.c new file mode 100644 index 0000000000..c1afbc898d --- /dev/null +++ b/util/broadcom/secimage/crypto.c @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2015 Broadcom Corporation + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation version 2. + * + * This program is distributed "as is" WITHOUT ANY WARRANTY of any + * kind, whether express or implied; without even the implied warranty + * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + + +#include +#include +#include +#include "secimage.h" +#include + + +/*---------------------------------------------------------------------- + * Name : HmacSha256Hash + * Purpose : + * Input : none + * Output : none + *---------------------------------------------------------------------*/ +int HmacSha256Hash(uint8_t *data, uint32_t len, uint8_t *hash, uint8_t *key) +{ + HMAC_CTX hctx; + + HMAC_CTX_init(&hctx); + HMAC_Init_ex(&hctx, key, 32, EVP_sha256(), NULL); + + /* + * FIXME: why we need this? NULL means to use whatever there is? + * if removed, result is different + */ + HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL); + HMAC_Update(&hctx, data, len); + HMAC_Final(&hctx, hash, NULL); + + HMAC_CTX_cleanup(&hctx); + return 0; +} + + +/*---------------------------------------------------------------------- + * Name : AppendHMACSignature + * Purpose : Appends HMAC signature at the end of the data + *---------------------------------------------------------------------*/ +int AppendHMACSignature(uint8_t *data, uint32_t length, char *filename, + uint32_t offset) +{ + uint8_t hmackey[32]; + uint32_t len; + uint32_t status; + uint8_t *digest = data + length; + + len = ReadBinaryFile(filename, hmackey, 32); + if (len != 32) { + printf("Error reading hmac key file\n"); + return 0; + } + + status = HmacSha256Hash(&data[offset], length - offset, digest, + hmackey); + + if (status) { + printf("HMAC-SHA256 hash error\n"); + return 0; + } + + return 32; +} -- cgit v1.2.3