Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 1 | /* Copyright (c) 2015, The Linux Foundation. All rights reserved. |
| 2 | * |
| 3 | * Redistribution and use in source and binary forms, with or without |
| 4 | * modification, are permitted provided that the following conditions are |
| 5 | * met: |
| 6 | * * Redistributions of source code must retain the above copyright |
| 7 | * notice, this list of conditions and the following disclaimer. |
| 8 | * * Redistributions in binary form must reproduce the above |
| 9 | * copyright notice, this list of conditions and the following |
| 10 | * disclaimer in the documentation and/or other materials provided |
| 11 | * with the distribution. |
| 12 | * * Neither the name of The Linux Foundation nor the names of its |
| 13 | * contributors may be used to endorse or promote products derived |
| 14 | * from this software without specific prior written permission. |
| 15 | * |
| 16 | * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED |
| 17 | * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| 18 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT |
| 19 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS |
| 20 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 21 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 22 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR |
| 23 | * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| 24 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE |
| 25 | * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
| 26 | * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 | */ |
| 28 | |
| 29 | #include <debug.h> |
| 30 | #include <dev/fbcon.h> |
| 31 | #include <target.h> |
| 32 | #include <mmc.h> |
| 33 | #include <partition_parser.h> |
| 34 | #include <platform.h> |
| 35 | #include <crypto_hash.h> |
| 36 | #include <malloc.h> |
| 37 | #include <sha.h> |
| 38 | #include <string.h> |
| 39 | #include <rand.h> |
| 40 | #include <stdlib.h> |
| 41 | #include "scm.h" |
| 42 | #include "mdtp.h" |
| 43 | |
| 44 | #define DIP_ENCRYPT 0 |
| 45 | #define DIP_DECRYPT 1 |
| 46 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 47 | #define MDTP_MAJOR_VERSION (0) |
| 48 | #define MDTP_MINOR_VERSION (2) |
| 49 | |
| 50 | /** Extract major version number from complete version. */ |
| 51 | #define MDTP_GET_MAJOR_VERSION(version) ((version) >> 16) |
| 52 | |
| 53 | static int is_mdtp_activated = -1; |
| 54 | |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 55 | static int mdtp_tzbsp_dec_verify_DIP(DIP_t *enc_dip, DIP_t *dec_dip, uint32_t *verified); |
| 56 | static int mdtp_tzbsp_enc_hash_DIP(DIP_t *dec_dip, DIP_t *enc_dip); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 57 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 58 | uint32_t g_mdtp_version = (((MDTP_MAJOR_VERSION << 16) & 0xFFFF0000) | (MDTP_MINOR_VERSION & 0x0000FFFF)); |
| 59 | |
| 60 | int scm_random(uint32_t * rbuf, uint32_t r_len); |
| 61 | int check_aboot_addr_range_overlap(uint32_t start, uint32_t size); |
| 62 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 63 | /********************************************************************************/ |
| 64 | |
| 65 | /* Read the DIP from EMMC */ |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 66 | static int read_DIP(DIP_t *dip) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 67 | { |
| 68 | unsigned long long ptn = 0; |
| 69 | uint32_t actual_partition_size; |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 70 | uint32_t block_size = mmc_get_device_blocksize(); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 71 | |
| 72 | int index = INVALID_PTN; |
| 73 | |
| 74 | ASSERT(dip != NULL); |
| 75 | |
| 76 | index = partition_get_index("dip"); |
| 77 | ptn = partition_get_offset(index); |
| 78 | |
| 79 | if(ptn == 0) |
| 80 | { |
| 81 | return -1; |
| 82 | } |
| 83 | |
| 84 | actual_partition_size = ROUNDUP(sizeof(DIP_t), block_size); |
| 85 | |
| 86 | if(mmc_read(ptn, (void *)dip, actual_partition_size)) |
| 87 | { |
| 88 | dprintf(CRITICAL, "mdtp: read_DIP: ERROR, cannot read DIP info\n"); |
| 89 | return -1; |
| 90 | } |
| 91 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 92 | dprintf(SPEW, "mdtp: read_DIP: SUCCESS, read %d bytes\n", actual_partition_size); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 93 | |
| 94 | return 0; |
| 95 | } |
| 96 | |
| 97 | /* Store the DIP into the EMMC */ |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 98 | static int write_DIP(DIP_t *dip) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 99 | { |
| 100 | unsigned long long ptn = 0; |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 101 | uint32_t block_size = mmc_get_device_blocksize(); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 102 | |
| 103 | int index = INVALID_PTN; |
| 104 | |
| 105 | ASSERT(dip != NULL); |
| 106 | |
| 107 | index = partition_get_index("dip"); |
| 108 | ptn = partition_get_offset(index); |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 109 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 110 | if(ptn == 0) |
| 111 | { |
| 112 | return -1; |
| 113 | } |
| 114 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 115 | if(mmc_write(ptn, ROUNDUP(sizeof(DIP_t), block_size), (void *)dip)) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 116 | { |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 117 | dprintf(CRITICAL, "mdtp: write_DIP: ERROR, cannot write DIP info\n"); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 118 | return -1; |
| 119 | } |
| 120 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 121 | dprintf(SPEW, "mdtp: write_DIP: SUCCESS, write %d bytes\n", ROUNDUP(sizeof(DIP_t), block_size)); |
| 122 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 123 | return 0; |
| 124 | } |
| 125 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 126 | /* Deactivate MDTP by storing the default DIP into the EMMC */ |
| 127 | static void write_deactivated_DIP() |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 128 | { |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 129 | DIP_t *enc_dip; |
| 130 | DIP_t *dec_dip; |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 131 | int ret; |
| 132 | |
| 133 | enc_dip = malloc(sizeof(DIP_t)); |
| 134 | if (enc_dip == NULL) |
| 135 | { |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 136 | dprintf(CRITICAL, "mdtp: write_deactivated_DIP: ERROR, cannot allocate DIP\n"); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 137 | return; |
| 138 | } |
| 139 | |
| 140 | dec_dip = malloc(sizeof(DIP_t)); |
| 141 | if (dec_dip == NULL) |
| 142 | { |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 143 | dprintf(CRITICAL, "mdtp: write_deactivated_DIP: ERROR, cannot allocate DIP\n"); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 144 | free(enc_dip); |
| 145 | return; |
| 146 | } |
| 147 | |
| 148 | memset(dec_dip, 0, sizeof(DIP_t)); |
| 149 | |
| 150 | dec_dip->status = DIP_STATUS_DEACTIVATED; |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 151 | dec_dip->version = g_mdtp_version; |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 152 | |
| 153 | ret = mdtp_tzbsp_enc_hash_DIP(dec_dip, enc_dip); |
| 154 | if(ret < 0) |
| 155 | { |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 156 | dprintf(CRITICAL, "mdtp: write_deactivated_DIP: ERROR, cannot cipher DIP\n"); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 157 | goto out; |
| 158 | } |
| 159 | |
| 160 | ret = write_DIP(enc_dip); |
| 161 | if(ret < 0) |
| 162 | { |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 163 | dprintf(CRITICAL, "mdtp: write_deactivated_DIP: ERROR, cannot write DIP\n"); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 164 | goto out; |
| 165 | } |
| 166 | |
| 167 | out: |
| 168 | free(enc_dip); |
| 169 | free(dec_dip); |
| 170 | } |
| 171 | |
| 172 | /* Validate a hash calculated on entire given partition */ |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 173 | static int verify_partition_single_hash(char *name, uint64_t size, DIP_hash_table_entry_t *hash_table) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 174 | { |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 175 | unsigned char digest[HASH_LEN]={0}; |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 176 | unsigned long long ptn = 0; |
| 177 | int index = INVALID_PTN; |
| 178 | unsigned char *buf = (unsigned char *)target_get_scratch_address(); |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 179 | uint32_t block_size = mmc_get_device_blocksize(); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 180 | uint64_t actual_partition_size = ROUNDUP(size, block_size); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 181 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 182 | dprintf(SPEW, "mdtp: verify_partition_single_hash: %s, %llu\n", name, size); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 183 | |
| 184 | ASSERT(name != NULL); |
| 185 | ASSERT(hash_table != NULL); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 186 | ASSERT(size > 0); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 187 | |
| 188 | index = partition_get_index(name); |
| 189 | ptn = partition_get_offset(index); |
| 190 | |
| 191 | if(ptn == 0) { |
| 192 | dprintf(CRITICAL, "mdtp: verify_partition_single_hash: %s: partition was not found\n", name); |
| 193 | return -1; |
| 194 | } |
| 195 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 196 | if (mmc_read(ptn, (void *)buf, actual_partition_size)) |
| 197 | { |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 198 | dprintf(CRITICAL, "mdtp: verify_partition_single_hash: %s: mmc_read() fail.\n", name); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 199 | return -1; |
| 200 | } |
| 201 | |
Amit Blay | fe64921 | 2015-01-25 11:21:10 +0200 | [diff] [blame] | 202 | /* calculating the hash value using HW crypto */ |
| 203 | target_crypto_init_params(); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 204 | hash_find(buf, size, digest, CRYPTO_AUTH_ALG_SHA256); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 205 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 206 | if (memcmp(digest, hash_table->hash, HASH_LEN)) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 207 | { |
| 208 | dprintf(CRITICAL, "mdtp: verify_partition_single_hash: %s: Failed partition hash verification\n", name); |
| 209 | |
| 210 | return -1; |
| 211 | } |
| 212 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 213 | dprintf(SPEW, "verify_partition_single_hash: %s: VERIFIED!\n", name); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 214 | |
| 215 | return 0; |
| 216 | } |
| 217 | |
| 218 | /* Validate a hash table calculated per block of a given partition */ |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 219 | static int verify_partition_block_hash(char *name, |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 220 | uint64_t size, |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 221 | uint32_t verify_num_blocks, |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 222 | DIP_hash_table_entry_t *hash_table, |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 223 | uint8_t *force_verify_block) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 224 | { |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 225 | unsigned char digest[HASH_LEN]={0}; |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 226 | unsigned long long ptn = 0; |
| 227 | int index = INVALID_PTN; |
| 228 | unsigned char *buf = (unsigned char *)target_get_scratch_address(); |
| 229 | uint32_t bytes_to_read; |
| 230 | uint32_t block_num = 0; |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 231 | uint32_t total_num_blocks = ((size - 1) / MDTP_FWLOCK_BLOCK_SIZE) + 1; |
| 232 | uint32_t rand_int; |
| 233 | uint32_t block_size = mmc_get_device_blocksize(); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 234 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 235 | dprintf(SPEW, "mdtp: verify_partition_block_hash: %s, %llu\n", name, size); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 236 | |
| 237 | ASSERT(name != NULL); |
| 238 | ASSERT(hash_table != NULL); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 239 | ASSERT(size > 0); |
| 240 | ASSERT(force_verify_block != NULL); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 241 | |
| 242 | index = partition_get_index(name); |
| 243 | ptn = partition_get_offset(index); |
| 244 | |
| 245 | if(ptn == 0) { |
| 246 | dprintf(CRITICAL, "mdtp: verify_partition_block_hash: %s: partition was not found\n", name); |
| 247 | return -1; |
| 248 | } |
| 249 | |
Amit Blay | fe64921 | 2015-01-25 11:21:10 +0200 | [diff] [blame] | 250 | /* initiating parameters for hash calculation using HW crypto */ |
| 251 | target_crypto_init_params(); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 252 | if (check_aboot_addr_range_overlap((uint32_t)buf, ROUNDUP(MDTP_FWLOCK_BLOCK_SIZE, block_size))) |
| 253 | { |
| 254 | dprintf(CRITICAL, "mdtp: verify_partition_block_hash: %s: image buffer address overlaps with aboot addresses.\n", name); |
| 255 | return -1; |
| 256 | } |
Amit Blay | fe64921 | 2015-01-25 11:21:10 +0200 | [diff] [blame] | 257 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 258 | while (MDTP_FWLOCK_BLOCK_SIZE * block_num < size) |
| 259 | { |
| 260 | if (*force_verify_block == 0) |
| 261 | { |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 262 | if(scm_random((uint32_t *)&rand_int, sizeof(rand_int))) |
| 263 | { |
| 264 | dprintf(CRITICAL,"mdtp: scm_call for random failed\n"); |
| 265 | return -1; |
| 266 | } |
| 267 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 268 | /* Skip validation of this block with probability of verify_num_blocks / total_num_blocks */ |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 269 | if ((rand_int % total_num_blocks) >= verify_num_blocks) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 270 | { |
| 271 | block_num++; |
| 272 | hash_table += 1; |
| 273 | force_verify_block += 1; |
| 274 | dprintf(CRITICAL, "mdtp: verify_partition_block_hash: %s: skipped verification of block %d\n", name, block_num); |
| 275 | continue; |
| 276 | } |
| 277 | } |
| 278 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 279 | if ((size - (MDTP_FWLOCK_BLOCK_SIZE * block_num) < MDTP_FWLOCK_BLOCK_SIZE)) |
| 280 | { |
| 281 | bytes_to_read = size - (MDTP_FWLOCK_BLOCK_SIZE * block_num); |
| 282 | } else |
| 283 | { |
| 284 | bytes_to_read = MDTP_FWLOCK_BLOCK_SIZE; |
| 285 | } |
| 286 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 287 | if (mmc_read(ptn + (MDTP_FWLOCK_BLOCK_SIZE * block_num), (void *)buf, ROUNDUP(bytes_to_read, block_size))) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 288 | { |
| 289 | dprintf(CRITICAL, "mdtp: verify_partition_block_hash: %s: mmc_read() fail.\n", name); |
| 290 | return -1; |
| 291 | } |
| 292 | |
Amit Blay | fe64921 | 2015-01-25 11:21:10 +0200 | [diff] [blame] | 293 | /* calculating the hash value using HW */ |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 294 | hash_find(buf, bytes_to_read, digest, CRYPTO_AUTH_ALG_SHA256); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 295 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 296 | if (memcmp(digest, hash_table->hash, HASH_LEN)) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 297 | { |
| 298 | dprintf(CRITICAL, "mdtp: verify_partition_block_hash: %s: Failed partition hash[%d] verification\n", name, block_num); |
| 299 | return -1; |
| 300 | } |
| 301 | |
| 302 | block_num++; |
| 303 | hash_table += 1; |
| 304 | force_verify_block += 1; |
| 305 | } |
| 306 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 307 | dprintf(SPEW, "verify_partition_block_hash: %s: VERIFIED!\n", name); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 308 | |
| 309 | return 0; |
| 310 | } |
| 311 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 312 | /* Validate the partition parameters read from DIP */ |
| 313 | static int validate_partition_params(uint64_t size, |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 314 | mdtp_fwlock_mode_t hash_mode, |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 315 | uint32_t verify_ratio) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 316 | { |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 317 | if (size == 0 || size > (uint64_t)MDTP_FWLOCK_BLOCK_SIZE * (uint64_t)MAX_BLOCKS || |
| 318 | hash_mode >= MDTP_FWLOCK_MODE_SIZE || verify_ratio > 100) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 319 | { |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 320 | dprintf(CRITICAL, "mdtp: validate_partition_params: error, size=%llu, hash_mode=%d, verify_ratio=%d\n", |
| 321 | size, hash_mode, verify_ratio); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 322 | return -1; |
| 323 | } |
| 324 | |
| 325 | return 0; |
| 326 | } |
| 327 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 328 | /* Verify a given partitinon */ |
| 329 | static int verify_partition(char *name, |
| 330 | uint64_t size, |
| 331 | mdtp_fwlock_mode_t hash_mode, |
| 332 | uint32_t verify_num_blocks, |
| 333 | DIP_hash_table_entry_t *hash_table, |
| 334 | uint8_t *force_verify_block) |
| 335 | { |
| 336 | if (hash_mode == MDTP_FWLOCK_MODE_SINGLE) |
| 337 | { |
| 338 | return verify_partition_single_hash(name, size, hash_table); |
| 339 | } else if (hash_mode == MDTP_FWLOCK_MODE_BLOCK || hash_mode == MDTP_FWLOCK_MODE_FILES) |
| 340 | { |
| 341 | return verify_partition_block_hash(name, size, verify_num_blocks, hash_table, force_verify_block); |
| 342 | } |
| 343 | |
| 344 | /* Illegal value of hash_mode */ |
| 345 | return -1; |
| 346 | } |
| 347 | |
| 348 | static int validate_dip(DIP_t *dip) |
| 349 | { |
| 350 | uint8_t *dip_p; |
| 351 | |
| 352 | ASSERT(dip != NULL); |
| 353 | |
| 354 | /* Make sure DIP version is supported by current SW */ |
| 355 | if (MDTP_GET_MAJOR_VERSION(dip->version) != MDTP_MAJOR_VERSION) |
| 356 | { |
| 357 | dprintf(CRITICAL, "mdtp: validate_dip: Wrong DIP version 0x%x\n", dip->version); |
| 358 | return -1; |
| 359 | } |
| 360 | |
| 361 | /* Make sure that deactivated DIP content is as expected */ |
| 362 | if (dip->status == DIP_STATUS_DEACTIVATED) |
| 363 | { |
| 364 | dip_p = (uint8_t*)&dip->mdtp_cfg; |
| 365 | while (dip_p < dip->hash) |
| 366 | { |
| 367 | if (*dip_p != 0) |
| 368 | { |
| 369 | dprintf(CRITICAL, "mdtp: validate_dip: error in deactivated DIP\n"); |
| 370 | return -1; |
| 371 | } |
| 372 | dip_p++; |
| 373 | } |
| 374 | } |
| 375 | |
| 376 | return 0; |
| 377 | } |
| 378 | |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 379 | /* Display the recovery UI to allow the user to enter the PIN and continue boot */ |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 380 | static void display_recovery_ui(DIP_t *dip) |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 381 | { |
| 382 | uint32_t pin_length = 0; |
| 383 | char entered_pin[MDTP_MAX_PIN_LEN+1] = {0}; |
| 384 | uint32_t i; |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 385 | char pin_mismatch = 0; |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 386 | |
| 387 | if (dip->mdtp_cfg.enable_local_pin_authentication) |
| 388 | { |
| 389 | dprintf(SPEW, "mdtp: display_recovery_ui: Local deactivation enabled\n"); |
| 390 | |
| 391 | pin_length = strlen(dip->mdtp_cfg.mdtp_pin.mdtp_pin); |
| 392 | |
| 393 | if (pin_length > MDTP_MAX_PIN_LEN || pin_length < MDTP_MIN_PIN_LEN) |
| 394 | { |
| 395 | dprintf(CRITICAL, "mdtp: display_recovery_ui: Error, invalid PIN length\n"); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 396 | display_error_msg(); /* This will never return */ |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 397 | } |
| 398 | |
| 399 | // Set entered_pin to initial '0' string + null terminator |
| 400 | for (i=0; i<pin_length; i++) |
| 401 | { |
| 402 | entered_pin[i] = '0'; |
| 403 | } |
| 404 | |
| 405 | // Allow the user to enter the PIN as many times as he wishes |
| 406 | // (with INVALID_PIN_DELAY_MSECONDS after each failed attempt) |
| 407 | while (1) |
| 408 | { |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 409 | get_pin_from_user(entered_pin, pin_length); |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 410 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 411 | // Go over the entire PIN in any case, to prevent side-channel attacks |
| 412 | for (i=0; i<pin_length; i++) |
| 413 | { |
| 414 | pin_mismatch |= dip->mdtp_cfg.mdtp_pin.mdtp_pin[i] ^ entered_pin[i]; |
| 415 | } |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 416 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 417 | if (0 == pin_mismatch) |
| 418 | { |
| 419 | // Valid PIN - deactivate and continue boot |
| 420 | dprintf(SPEW, "mdtp: display_recovery_ui: valid PIN, continue boot\n"); |
| 421 | write_deactivated_DIP(); |
| 422 | return; |
| 423 | } |
| 424 | else |
| 425 | { |
| 426 | // Invalid PIN - display an appropriate message (which also includes a wait |
| 427 | // for INVALID_PIN_DELAY_MSECONDS), and allow the user to try again |
| 428 | dprintf(CRITICAL, "mdtp: display_recovery_ui: ERROR, invalid PIN\n"); |
| 429 | display_invalid_pin_msg(); |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 430 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 431 | pin_mismatch = 0; |
| 432 | } |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 433 | } |
| 434 | } |
| 435 | else |
| 436 | { |
| 437 | dprintf(CRITICAL, "mdtp: display_recovery_ui: Local deactivation disabled, unable to display recovery UI\n"); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 438 | display_error_msg(); /* This will never return */ |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 439 | } |
| 440 | } |
| 441 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 442 | /* Verify all protected partitinons according to the DIP */ |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 443 | static void verify_all_partitions(DIP_t *dip, verify_result_t *verify_result) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 444 | { |
| 445 | int i; |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 446 | bool verify_failure = FALSE; |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 447 | uint32_t total_num_blocks; |
| 448 | |
| 449 | ASSERT(dip != NULL); |
| 450 | ASSERT(verify_result != NULL); |
| 451 | |
| 452 | *verify_result = VERIFY_FAILED; |
| 453 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 454 | if (validate_dip(dip)) |
| 455 | { |
| 456 | dprintf(CRITICAL, "mdtp: verify_all_partitions: failed DIP validation\n"); |
| 457 | return; |
| 458 | } |
| 459 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 460 | if (dip->status == DIP_STATUS_DEACTIVATED) |
| 461 | { |
| 462 | *verify_result = VERIFY_SKIPPED; |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 463 | return; |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 464 | } |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 465 | else |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 466 | { |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 467 | for(i=0; i<MAX_PARTITIONS; i++) |
| 468 | { |
| 469 | if(dip->partition_cfg[i].lock_enabled && dip->partition_cfg[i].size) |
| 470 | { |
| 471 | total_num_blocks = ((dip->partition_cfg[i].size - 1) / MDTP_FWLOCK_BLOCK_SIZE); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 472 | if (validate_partition_params(dip->partition_cfg[i].size, |
| 473 | dip->partition_cfg[i].hash_mode, |
| 474 | dip->partition_cfg[i].verify_ratio)) |
| 475 | { |
| 476 | dprintf(CRITICAL, "mdtp: verify_all_partitions: Wrong partition parameters\n"); |
| 477 | verify_failure = TRUE; |
| 478 | break; |
| 479 | } |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 480 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 481 | verify_failure |= (verify_partition(dip->partition_cfg[i].name, |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 482 | dip->partition_cfg[i].size, |
| 483 | dip->partition_cfg[i].hash_mode, |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 484 | (dip->partition_cfg[i].verify_ratio * total_num_blocks) / 100, |
| 485 | dip->partition_cfg[i].hash_table, |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 486 | dip->partition_cfg[i].force_verify_block) != 0); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 487 | } |
| 488 | } |
| 489 | |
| 490 | if (verify_failure) |
| 491 | { |
| 492 | dprintf(CRITICAL, "mdtp: verify_all_partitions: Failed partition verification\n"); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 493 | return; |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 494 | } |
Shay Nachmani | bc10dfe | 2015-02-10 14:45:55 +0200 | [diff] [blame] | 495 | is_mdtp_activated = 1; |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 496 | |
| 497 | } |
| 498 | |
| 499 | *verify_result = VERIFY_OK; |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 500 | return; |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 501 | } |
| 502 | |
| 503 | /* Verify the DIP and all protected partitions */ |
| 504 | static void validate_DIP_and_firmware() |
| 505 | { |
| 506 | int ret; |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 507 | DIP_t *enc_dip; |
| 508 | DIP_t *dec_dip; |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 509 | uint32_t verified = 0; |
| 510 | verify_result_t verify_result; |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 511 | uint32_t block_size = mmc_get_device_blocksize(); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 512 | |
| 513 | enc_dip = malloc(ROUNDUP(sizeof(DIP_t), block_size)); |
| 514 | if (enc_dip == NULL) |
| 515 | { |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 516 | dprintf(CRITICAL, "mdtp: validate_DIP_and_firmware: ERROR, cannot allocate DIP\n"); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 517 | display_error_msg(); /* This will never return */ |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 518 | } |
| 519 | |
| 520 | dec_dip = malloc(ROUNDUP(sizeof(DIP_t), block_size)); |
| 521 | if (dec_dip == NULL) |
| 522 | { |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 523 | dprintf(CRITICAL, "mdtp: validate_DIP_and_firmware: ERROR, cannot allocate DIP\n"); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 524 | free(enc_dip); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 525 | display_error_msg(); /* This will never return */ |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 526 | } |
| 527 | |
| 528 | /* Read the DIP holding the MDTP Firmware Lock state from the DIP partition */ |
| 529 | ret = read_DIP(enc_dip); |
| 530 | if(ret < 0) |
| 531 | { |
| 532 | dprintf(CRITICAL, "mdtp: validate_DIP_and_firmware: ERROR, cannot read DIP\n"); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 533 | display_error_msg(); /* This will never return */ |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 534 | } |
| 535 | |
| 536 | /* Decrypt and verify the integrity of the DIP */ |
| 537 | ret = mdtp_tzbsp_dec_verify_DIP(enc_dip, dec_dip, &verified); |
| 538 | if(ret < 0) |
| 539 | { |
| 540 | dprintf(CRITICAL, "mdtp: validate_DIP_and_firmware: ERROR, cannot verify DIP\n"); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 541 | display_error_msg(); /* This will never return */ |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 542 | } |
| 543 | |
| 544 | /* In case DIP integrity verification fails, notify the user and halt */ |
| 545 | if(!verified) |
| 546 | { |
| 547 | dprintf(CRITICAL, "mdtp: validate_DIP_and_firmware: ERROR, corrupted DIP\n"); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 548 | display_error_msg(); /* This will never return */ |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 549 | } |
| 550 | |
| 551 | /* Verify the integrity of the partitions which are protectedm, according to the content of the DIP */ |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 552 | verify_all_partitions(dec_dip, &verify_result); |
| 553 | |
| 554 | /* Clear decrypted DIP since we don't need it anymore */ |
| 555 | memset(dec_dip, 0, sizeof(DIP_t)); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 556 | |
| 557 | if (verify_result == VERIFY_OK) |
| 558 | { |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 559 | dprintf(SPEW, "mdtp: validate_DIP_and_firmware: Verify OK\n"); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 560 | } |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 561 | else if (verify_result == VERIFY_SKIPPED) |
| 562 | { |
| 563 | dprintf(SPEW, "mdtp: validate_DIP_and_firmware: Verify skipped\n"); |
| 564 | } else /* VERIFY_FAILED */ |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 565 | { |
| 566 | dprintf(CRITICAL, "mdtp: validate_DIP_and_firmware: ERROR, corrupted firmware\n"); |
Reut Zysman | 1841127 | 2015-02-09 13:47:27 +0200 | [diff] [blame] | 567 | display_recovery_ui(dec_dip); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 568 | } |
| 569 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 570 | free(enc_dip); |
| 571 | free(dec_dip); |
| 572 | |
| 573 | return; |
| 574 | } |
| 575 | |
| 576 | /********************************************************************************/ |
| 577 | |
| 578 | /** Entry point of the MDTP Firmware Lock: If needed, verify the DIP |
| 579 | * and all protected partitions **/ |
| 580 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 581 | void mdtp_fwlock_verify_lock() |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 582 | { |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 583 | int ret; |
| 584 | bool enabled; |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 585 | |
Shay Nachmani | bc10dfe | 2015-02-10 14:45:55 +0200 | [diff] [blame] | 586 | /* sets the default value of this global to be MDTP not activated */ |
| 587 | is_mdtp_activated = 0; |
| 588 | |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 589 | ret = mdtp_fuse_get_enabled(&enabled); |
| 590 | if(ret) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 591 | { |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 592 | dprintf(CRITICAL, "mdtp: mdtp_fwlock_verify_lock: ERROR, cannot get enabled fuse\n"); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 593 | display_error_msg(); /* This will never return */ |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 594 | } |
| 595 | |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 596 | /* Continue with Firmware Lock verification only if enabled by eFuse */ |
| 597 | if (enabled) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 598 | { |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 599 | /* This function will handle firmware verification failure via UI */ |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 600 | validate_DIP_and_firmware(); |
| 601 | } |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 602 | } |
Shay Nachmani | bc10dfe | 2015-02-10 14:45:55 +0200 | [diff] [blame] | 603 | /********************************************************************************/ |
| 604 | |
| 605 | /** Indicates whether the MDTP is currently in ACTIVATED state **/ |
| 606 | int mdtp_activated(bool * activated){ |
| 607 | if(is_mdtp_activated < 0){ |
| 608 | /* mdtp_fwlock_verify_lock was not called before, the value is not valid */ |
| 609 | return is_mdtp_activated; |
| 610 | } |
| 611 | |
| 612 | *activated = is_mdtp_activated; |
| 613 | return 0; |
| 614 | } |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 615 | |
| 616 | /********************************************************************************/ |
| 617 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 618 | /* Decrypt a given DIP and verify its integrity */ |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 619 | static int mdtp_tzbsp_dec_verify_DIP(DIP_t *enc_dip, DIP_t *dec_dip, uint32_t *verified) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 620 | { |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 621 | unsigned char hash[HASH_LEN]; |
| 622 | SHA256_CTX sha256_ctx; |
| 623 | int ret; |
| 624 | |
| 625 | ASSERT(enc_dip != NULL); |
| 626 | ASSERT(dec_dip != NULL); |
| 627 | ASSERT(verified != NULL); |
| 628 | |
| 629 | ret = mdtp_cipher_dip_cmd((uint8_t*)enc_dip, sizeof(DIP_t), |
| 630 | (uint8_t*)dec_dip, sizeof(DIP_t), |
| 631 | DIP_DECRYPT); |
| 632 | if (ret) |
| 633 | { |
| 634 | dprintf(CRITICAL, "mdtp: mdtp_tzbsp_dec_verify_DIP: ERROR, cannot cipher DIP\n"); |
| 635 | *verified = 0; |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 636 | memset(dec_dip, 0, sizeof(DIP_t)); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 637 | return -1; |
| 638 | } |
| 639 | |
| 640 | SHA256_Init(&sha256_ctx); |
| 641 | SHA256_Update(&sha256_ctx, dec_dip, sizeof(DIP_t) - HASH_LEN); |
| 642 | SHA256_Final(hash, &sha256_ctx); |
| 643 | |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 644 | if (memcmp(hash, dec_dip->hash, HASH_LEN)) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 645 | { |
| 646 | *verified = 0; |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 647 | memset(dec_dip, 0, sizeof(DIP_t)); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 648 | } |
| 649 | else |
| 650 | { |
| 651 | *verified = 1; |
| 652 | } |
| 653 | |
| 654 | return 0; |
| 655 | } |
| 656 | |
Amit Blay | df42d2f | 2015-02-03 16:37:09 +0200 | [diff] [blame] | 657 | static int mdtp_tzbsp_enc_hash_DIP(DIP_t *dec_dip, DIP_t *enc_dip) |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 658 | { |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 659 | SHA256_CTX sha256_ctx; |
| 660 | int ret; |
| 661 | |
| 662 | ASSERT(dec_dip != NULL); |
| 663 | ASSERT(enc_dip != NULL); |
| 664 | |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 665 | SHA256_Init(&sha256_ctx); |
| 666 | SHA256_Update(&sha256_ctx, dec_dip, sizeof(DIP_t) - HASH_LEN); |
Amit Blay | 8e2731c | 2015-04-28 21:54:55 +0300 | [diff] [blame^] | 667 | SHA256_Final(dec_dip->hash, &sha256_ctx); |
Amit Blay | 6281ebc | 2015-01-11 14:44:08 +0200 | [diff] [blame] | 668 | |
| 669 | ret = mdtp_cipher_dip_cmd((uint8_t*)dec_dip, sizeof(DIP_t), |
| 670 | (uint8_t*)enc_dip, sizeof(DIP_t), |
| 671 | DIP_ENCRYPT); |
| 672 | if (ret) |
| 673 | { |
| 674 | dprintf(CRITICAL, "mdtp: mdtp_tzbsp_enc_hash_DIP: ERROR, cannot cipher DIP\n"); |
| 675 | return -1; |
| 676 | } |
| 677 | |
| 678 | return 0; |
| 679 | } |