coreboot-kgpe-d16/util/broadcom/secimage/crypto.c

/*
 * Copyright (C) 2015 Broadcom Corporation
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation version 2.
 *
 * This program is distributed "as is" WITHOUT ANY WARRANTY of any
 * kind, whether express or implied; without even the implied warranty
 * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 */

#include <stdio.h>
#include <string.h>
#include <stdint.h>
#include "secimage.h"
#include <openssl/hmac.h>

/*----------------------------------------------------------------------
 * Name    : HmacSha256Hash
 * Purpose :
 * Input   : none
 * Output  : none
 *---------------------------------------------------------------------*/
int HmacSha256Hash(uint8_t *data, uint32_t len, uint8_t *hash, uint8_t *key)
{
	HMAC_CTX hctx;

	HMAC_CTX_init(&hctx);
	HMAC_Init_ex(&hctx, key, 32, EVP_sha256(), NULL);

	/* FIXME: why we need this? NULL means to use whatever there is?
	 * if removed, result is different
	 */
	HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL);
	HMAC_Update(&hctx, data, len);
	HMAC_Final(&hctx, hash, NULL);

	HMAC_CTX_cleanup(&hctx);
	return 0;
}

/*----------------------------------------------------------------------
 * Name    : AppendHMACSignature
 * Purpose : Appends HMAC signature at the end of the data
 *---------------------------------------------------------------------*/
int AppendHMACSignature(uint8_t *data, uint32_t length, char *filename,
			uint32_t offset)
{
	uint8_t  hmackey[32];
	uint32_t len;
	uint32_t status;
	uint8_t *digest = data + length;

	len = ReadBinaryFile(filename, hmackey, 32);
	if (len != 32) {
		printf("Error reading hmac key file\n");
		return 0;
	}

	status = HmacSha256Hash(&data[offset], length - offset, digest,
				hmackey);

	if (status) {
		printf("HMAC-SHA256 hash error\n");
		return 0;
	}

	return 32;
}
broadcom/cygnus: add secimage and sign bootblock secimage is a tool which adds a header and signature to the binary first loaded by the soc. ARM core frequency is set to 1 Ghz. BUG=chrome-os-partner:36421 BRANCH=broadcom-firmware TEST=booted b0 board Change-Id: Ia08600d45c47ee4f08d253980036916e44b0044a Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 36284d1b242c26b0b5aac2894f7ed1790da1ef15 Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Reviewed-on: https://chrome-internal-review.googlesource.com/197155 Original-Reviewed-by: Scott Branden <sbranden@broadcom.com> Original-Reviewed-by: Julius Werner <jwerner@chromium.org> Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com> Original-Tested-by: Daisuke Nojiri <dnojiri@google.com> Original-Change-Id: Iaddd24006b368c8f37e075cb51e151e985029f3b Original-Reviewed-on: https://chromium-review.googlesource.com/264417 Reviewed-on: http://review.coreboot.org/9914 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org> 2015-02-10 03:15:17 +01:00			`/*`
			`* Copyright (C) 2015 Broadcom Corporation`
			`*`
			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU General Public License as`
			`* published by the Free Software Foundation version 2.`
			`*`
			`* This program is distributed "as is" WITHOUT ANY WARRANTY of any`
			`* kind, whether express or implied; without even the implied warranty`
			`* of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*/`

			`#include <stdio.h>`
			`#include <string.h>`
			`#include <stdint.h>`
			`#include "secimage.h"`
			`#include <openssl/hmac.h>`

			`/*----------------------------------------------------------------------`
			`* Name : HmacSha256Hash`
			`* Purpose :`
			`* Input : none`
			`* Output : none`
			`---------------------------------------------------------------------/`
			`int HmacSha256Hash(uint8_t data, uint32_t len, uint8_t hash, uint8_t *key)`
			`{`
			`HMAC_CTX hctx;`

			`HMAC_CTX_init(&hctx);`
			`HMAC_Init_ex(&hctx, key, 32, EVP_sha256(), NULL);`

secimage: reformat Change-Id: Ibfa8b6b60b2b39212cef27bb2a5f8849218164bb Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-on: http://review.coreboot.org/11133 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <pgeorgi@google.com> 2015-08-07 01:55:09 +02:00			`/* FIXME: why we need this? NULL means to use whatever there is?`
broadcom/cygnus: add secimage and sign bootblock secimage is a tool which adds a header and signature to the binary first loaded by the soc. ARM core frequency is set to 1 Ghz. BUG=chrome-os-partner:36421 BRANCH=broadcom-firmware TEST=booted b0 board Change-Id: Ia08600d45c47ee4f08d253980036916e44b0044a Signed-off-by: Patrick Georgi <pgeorgi@chromium.org> Original-Commit-Id: 36284d1b242c26b0b5aac2894f7ed1790da1ef15 Original-Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Original-Reviewed-on: https://chrome-internal-review.googlesource.com/197155 Original-Reviewed-by: Scott Branden <sbranden@broadcom.com> Original-Reviewed-by: Julius Werner <jwerner@chromium.org> Original-Commit-Queue: Daisuke Nojiri <dnojiri@google.com> Original-Tested-by: Daisuke Nojiri <dnojiri@google.com> Original-Change-Id: Iaddd24006b368c8f37e075cb51e151e985029f3b Original-Reviewed-on: https://chromium-review.googlesource.com/264417 Reviewed-on: http://review.coreboot.org/9914 Tested-by: build bot (Jenkins) Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org> 2015-02-10 03:15:17 +01:00			`* if removed, result is different`
			`*/`
			`HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL);`
			`HMAC_Update(&hctx, data, len);`
			`HMAC_Final(&hctx, hash, NULL);`

			`HMAC_CTX_cleanup(&hctx);`
			`return 0;`
			`}`

			`/*----------------------------------------------------------------------`
			`* Name : AppendHMACSignature`
			`* Purpose : Appends HMAC signature at the end of the data`
			`---------------------------------------------------------------------/`
			`int AppendHMACSignature(uint8_t data, uint32_t length, char filename,`
			`uint32_t offset)`
			`{`
			`uint8_t hmackey[32];`
			`uint32_t len;`
			`uint32_t status;`
			`uint8_t *digest = data + length;`

			`len = ReadBinaryFile(filename, hmackey, 32);`
			`if (len != 32) {`
			`printf("Error reading hmac key file\n");`
			`return 0;`
			`}`

			`status = HmacSha256Hash(&data[offset], length - offset, digest,`
			`hmackey);`

			`if (status) {`
			`printf("HMAC-SHA256 hash error\n");`
			`return 0;`
			`}`

			`return 32;`
			`}`