forked from Xilinx/bootgen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauthentication-versal.h
executable file
·293 lines (259 loc) · 11.1 KB
/
authentication-versal.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
/******************************************************************************
* Copyright 2015-2020 Xilinx, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
#pragma once
#ifndef _VERSAL_AUTHENTICATION_CONTEXT_H_
#define _VERSAL_AUTHENTICATION_CONTEXT_H_
/*
-------------------------------------------------------------------------------
*********************************************** H E A D E R F I L E S ***
-------------------------------------------------------------------------------
*/
#include <stdint.h>
#include <string>
#include <list>
#include <string.h>
#include "binary.h"
#include "baseclass.h"
#include "bootgenenum.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include "authkeys-versal.h"
#include "hash.h"
#include "systemutils.h"
#include "authentication.h"
/* Forward class references */
class BaseThing;
class Section;
class BootImage;
class Binary;
class AuthenticationCertificate;
class PartitionHeader;
class Key;
/*
-------------------------------------------------------------------------------
********************************************* P R E P R O C E S S O R S ***
-------------------------------------------------------------------------------
*/
#define AC_SHA3_PADDING_SIZE 64
#define PAD1_LENGTH 8
#define PAD2_LENGTH 415
#define SALT_LENGTH 48
#define AUTH_HDR_VERSAL 0x115
#define AUTH_HDR_VERSAL_ECDSA 0x106
#define AUTH_HDR_VERSAL_ECDSA_P521 0x126
#define AC_HDR_PPK_SELECT_BIT_SHIFT 16
#define AC_HDR_SHA_2_3_BIT_SHIFT 2
#define SHA3_PAD_LENGTH 104
//Auth Certificate offset defines
#define AC_HEADER_OFFSET 0x0
#define AC_SPK_ID_OFFSET 0x4
#define AC_UDF_OFFSET 0x8
#define AC_PPK_KEY_OFFSET 0x40
#define AC_PPK_SHA3PAD_OFFSET 0x444
#define AC_SPK_KEY_OFFSET 0x450
#define AC_SPK_SHA3PAD_OFFSET 0x854
#define AC_ALLIGNMENT_OFFSET 0x858
#define AC_SPK_SIGN_OFFSET 0x860
#define AC_BH_SIGN_OFFSET 0xa60
#define AC_PARTITION_SIGN_OFFSET 0xc60
#define AC_PPK_SHA3PAD_SIZE 12
#define AC_SPK_SHA3PAD_SIZE 4
#define AC_ALLIGNMENT_SIZE 12
/*
-------------------------------------------------------------------------------
*************************************************** S T R U C T U R E S ***
-------------------------------------------------------------------------------
*/
typedef struct
{
uint32_t acHeader; // 0x000
uint32_t spkId; // 0x004
uint8_t acUdf[UDF_DATA_SIZE]; // 0x008
ACKey4096Sha3Padding acPpk; // 0x040
uint8_t ppkSHA3Padding[12]; // 0x444
ACKey4096Sha3Padding acSpk; // 0x450
uint8_t spkSHA3Padding[4]; // 0x854
uint8_t allignment[8]; // 0x858
ACSignature4096 acSpkSignature; // 0x860
ACSignature4096 acHeaderSignature; // 0xA60
ACSignature4096 acPartitionSignature; // 0xC60
} AuthCertificate4096Sha3PaddingStructure;
/* ECDSA Authentication Certificate */
typedef struct
{
uint32_t acHeader; // 0x000
uint32_t spkId; // 0x004
uint8_t acUdf[UDF_DATA_SIZE]; // 0x008
ACKeyECDSA acPpk; // 0x040
uint8_t ppkSHA3Padding[12]; // 0x444
ACKeyECDSA acSpk; // 0x450
uint8_t spkSHA3Padding[4]; // 0x854
uint8_t allignment[8]; // 0x858
ACSignatureECDSA acSpkSignature; // 0x860
ACSignatureECDSA acHeaderSignature; // 0xA60
ACSignatureECDSA acPartitionSignature; // 0xC60
} AuthCertificateECDSAStructure;
typedef struct
{
uint32_t acHeader; // 0x000
uint32_t spkId; // 0x004
uint8_t acUdf[UDF_DATA_SIZE]; // 0x008
ACKeyECDSAP521 acPpk; // 0x040
uint8_t ppkSHA3Padding[12]; // 0x444
ACKeyECDSAP521 acSpk; // 0x450
uint8_t spkSHA3Padding[4]; // 0x854
uint8_t allignment[8]; // 0x858
ACSignatureECDSA acSpkSignature; // 0x860
ACSignatureECDSA acHeaderSignature; // 0xA60
ACSignatureECDSA acPartitionSignature; // 0xC60
} AuthCertificateECDSAp521Structure;
/* RSA Secure-Debug Image Structure */
typedef struct
{
uint32_t acHeader; // 0x000
uint32_t spkId; // 0x004
uint8_t SHA3Padding[96]; // 0x008
ACKey4096 acPpk; // 0x020
uint8_t ppkSHA3Padding[12]; // 0x424
ACSignature4096 acPartitionSignature; // 0x430
} SecureDebugImage4096Sha3PaddingStructure;
/* ECDSA Secure-Debug Image Structure */
typedef struct
{
uint32_t acHeader; // 0x000
uint32_t spkId; // 0x004
uint8_t SHA3Padding[96]; // 0x008
ACKeyECDSA acPpk; // 0x020
uint8_t ppkSHA3Padding[12]; // 0x424
ACSignatureECDSA acPartitionSignature; // 0x430
} SecureDebugImageECDSAStructure;
/******************************************************************************/
class ECDSAAuthenticationAlgorithm : public AuthenticationAlgorithm
{
public:
ECDSAAuthenticationAlgorithm();
~ECDSAAuthenticationAlgorithm();
Authentication::Type Type()
{
return Authentication::ECDSA;
}
int KeySize()
{
return sizeof(ACKeyECDSA);
}
void CreateSignature(const uint8_t *base, uint8_t* primaryKey, uint8_t *result0);
uint32_t getCertificateSize() { return certSize; }
void CreatePadding(uint8_t* signature, uint8_t* hash, uint8_t hashLength);
void ECDSASignature(const uint8_t *base, EC_KEY *eckey, uint8_t *result0);
Authentication::Type authType;
void RearrangeEndianess(uint8_t *array, uint32_t size);
uint32_t GetAuthHeader(void);
private:
uint32_t certSize;
};
/******************************************************************************/
class ECDSAP521AuthenticationAlgorithm : public AuthenticationAlgorithm
{
public:
ECDSAP521AuthenticationAlgorithm();
~ECDSAP521AuthenticationAlgorithm();
Authentication::Type Type()
{
return Authentication::ECDSAp521;
}
int KeySize()
{
return sizeof(ACKeyECDSAP521);
}
void CreateSignature(const uint8_t *base, uint8_t* primaryKey, uint8_t *result0);
uint32_t getCertificateSize() { return certSize; }
void CreatePadding(uint8_t* signature, uint8_t* hash, uint8_t hashLength);
void ECDSASignature(const uint8_t *base, EC_KEY *eckey, uint8_t *result0);
Authentication::Type authType;
void RearrangeEndianess(uint8_t *array, uint32_t size);
uint32_t GetAuthHeader(void);
private:
uint32_t certSize;
};
/******************************************************************************/
class RSA4096Sha3PaddingAuthenticationAlgorithm : public AuthenticationAlgorithm
{
public:
RSA4096Sha3PaddingAuthenticationAlgorithm();
~RSA4096Sha3PaddingAuthenticationAlgorithm();
Authentication::Type Type()
{
return Authentication::RSA;
}
void CreateSignature(const uint8_t *base, uint8_t* primaryKey, uint8_t *result0);
uint32_t getCertificateSize(void) { return certSize; }
void CreatePadding(uint8_t* signature, uint8_t* hash, uint8_t hashLength);
Authentication::Type authType;
void RearrangeEndianess(uint8_t* array, uint32_t size);
uint8_t* AttachSHA3Padding(uint8_t * data, const Binary::Length_t datalength);
int MaskGenerationFunction(unsigned char *mask, long len, const unsigned char *seed, long seedlen, const EVP_MD *dgst);
uint32_t GetAuthHeader(void);
private:
uint32_t certSize;
};
/******************************************************************************/
class VersalAuthenticationContext : public AuthenticationContext
{
public:
VersalAuthenticationContext(Authentication::Type type);
VersalAuthenticationContext(const AuthenticationContext* refAuthContext, Authentication::Type authtype);
VersalAuthenticationContext(const AuthCertificate4096Sha3PaddingStructure* existingCert, Authentication::Type authtype);
~VersalAuthenticationContext();
void Link(BootImage& bi, std::list<Section*> sections, AuthenticationCertificate* cert);
uint32_t getCertificateSize(void) { return certSize; }
void AddAuthCertSizeToTotalFSBLSize(PartitionHeader* header);
Section* CreateCertificate(BootImage& bi, Binary& cache, Section* dataSection);
void GenerateIHTHash(BootImage& bi, uint8_t* sha_hash_padded);
void GenerateBHHash(BootImage& bi, uint8_t* sha_hash_padded);
void GenerateSPKHash(uint8_t * sha_hash_padded);
void GeneratePPKHash(const std::string& filename);
void CopyPartitionSignature(BootImage& bi, std::list<Section*> sections, uint8_t* signatureBlock, Section* acSection);
static void GetPresign(const std::string& presignFilename, uint8_t* signature, uint32_t index);
void SetSPKSignatureFile(const std::string& filename);
void SetBHSignatureFile(const std::string& filename);
void GenerateSPKSignature(const std::string& filename);
void ResizeIfNecessary(Section* section);
void LoadUdfData(const std::string& filename, uint8_t* signature);
void CreateSPKSignature(void);
void CalculateAcHdrHash(uint8_t* sha_hash_padded, uint8_t* buffer);
void CreateAcHdrSignature(uint8_t *buffer);
void SetKeyLength(Authentication::Type type);
AuthenticationAlgorithm* GetAuthenticationAlgorithm(Authentication::Type type);
uint32_t GetCertificateSize();
private:
void CopybHSignature(BootImage& bi, uint8_t* ptr);
void CopyIHTSignature(BootImage& bi, uint8_t* ptr);
uint32_t certSize;
void CopySPKSignature(uint8_t* ptr);
std::string GetCertificateName(std::string name);
};
/******************************************************************************/
class VersalAuthenticationCertificate : public AuthenticationCertificate
{
public:
VersalAuthenticationCertificate(AuthenticationContext* context) : AuthenticationCertificate(context) {}
Section* AttachBootHeaderToFsbl(BootImage& bi) { return NULL; }
void Link(BootImage& bi, Section* section);
//AuthCertificate4096Sha3PaddingStructure *acStructure;
};
#endif