From 761255928e0a56ce915f35f6c22b8b6945050659 Mon Sep 17 00:00:00 2001 From: Amaury Pouly Date: Mon, 29 Nov 2010 14:15:06 +0000 Subject: [PATCH] sbinfo: add full support for various kind of cryptographic checks - now have a AES128, SHA1 and CRC implementation - now crc check the boot section chunks as well as the instruction headers - now sha1 check the sb header and the whole file - nearly all fields of the sb format are now documented git-svn-id: svn://svn.rockbox.org/rockbox/trunk@28708 a1c6a512-1295-4272-9138-f99709370657 --- utils/sbinfo/Makefile | 4 +- utils/sbinfo/{aes128_impl.c => aes128.c} | 50 ++++++- utils/sbinfo/aes128_impl.h | 10 -- utils/sbinfo/crc.c | 78 ++++++++++ utils/sbinfo/crypto.h | 57 ++++++++ utils/sbinfo/sbinfo.c | 172 +++++++++++++---------- utils/sbinfo/sha1.c | 150 ++++++++++++++++++++ 7 files changed, 433 insertions(+), 88 deletions(-) rename utils/sbinfo/{aes128_impl.c => aes128.c} (92%) delete mode 100644 utils/sbinfo/aes128_impl.h create mode 100644 utils/sbinfo/crc.c create mode 100644 utils/sbinfo/crypto.h create mode 100644 utils/sbinfo/sha1.c diff --git a/utils/sbinfo/Makefile b/utils/sbinfo/Makefile index 6a857b0b0c..8b2cd2649d 100644 --- a/utils/sbinfo/Makefile +++ b/utils/sbinfo/Makefile @@ -2,8 +2,8 @@ TGT = sbinfo all: $(TGT) -$(TGT): sbinfo.c - $(CC) -std=c99 -o $(TGT) -W -Wall sbinfo.c aes128_impl.c +$(TGT): sbinfo.c crc.c crypto.h aes128.c sha1.c + $(CC) -g -std=c99 -o $(TGT) -W -Wall sbinfo.c aes128.c crc.c sha1.c clean: rm -fr $(TGT) diff --git a/utils/sbinfo/aes128_impl.c b/utils/sbinfo/aes128.c similarity index 92% rename from utils/sbinfo/aes128_impl.c rename to utils/sbinfo/aes128.c index edb2139fa7..d435009a14 100644 --- a/utils/sbinfo/aes128_impl.c +++ b/utils/sbinfo/aes128.c @@ -6,7 +6,7 @@ // http://en.wikipeia.org/wiki/Rijndael_mix_columns // http://en.wikipedia.org/wiki/Rijndael_S-box // This code is public domain, or any OSI-approved license, your choice. No warranty. -#include "aes128_impl.h" +#include "crypto.h" // Here are all the lookup tables for the row shifts, rcon, s-boxes, and galois field multiplications byte shift_rows_table[] = {0,5,10,15,4,9,14,3,8,13,2,7,12,1,6,11}; @@ -234,3 +234,51 @@ int main(void) return 0; } */ + +void cbc_mac( + byte *in_data, /* Input data */ + byte *out_data, /* Output data (or NULL) */ + int nr_blocks, /* Number of blocks to encrypt/decrypt (one block=16 bytes) */ + byte key[16], /* Key */ + byte iv[16], /* Initialisation Vector */ + byte (*out_cbc_mac)[16], /* CBC-MAC of the result (or NULL) */ + int encrypt /* 1 to encrypt, 0 to decrypt */ + ) +{ + byte feedback[16]; + memcpy(feedback, iv, 16); + + if(encrypt) + { + /* for each block */ + for(int i = 0; i < nr_blocks; i++) + { + /* xor it with feedback */ + xor_(feedback, &in_data[i * 16], 16); + /* encrypt it using aes */ + EncryptAES(feedback, key, feedback); + /* write cipher to output */ + if(out_data) + memcpy(&out_data[i * 16], feedback, 16); + } + if(out_cbc_mac) + memcpy(out_cbc_mac, feedback, 16); + } + else + { + /* nothing to do ? */ + if(out_data == NULL) + return; + + /* for each block */ + for(int i = 0; i < nr_blocks; i++) + { + /* decrypt it using aes */ + DecryptAES(&in_data[i * 16], key, &out_data[i * 16]); + /* xor it with iv */ + xor_(&out_data[i * 16], feedback, 16); + /* copy cipher to iv */ + memcpy(feedback, &in_data[i * 16], 16); + } + } +} diff --git a/utils/sbinfo/aes128_impl.h b/utils/sbinfo/aes128_impl.h deleted file mode 100644 index 7f1b966cd3..0000000000 --- a/utils/sbinfo/aes128_impl.h +++ /dev/null @@ -1,10 +0,0 @@ -#include -#include -#include - -typedef uint8_t byte; - -void xor_(byte *a, byte *b, int n); -void EncryptAES(byte *msg, byte *key, byte *c); -void DecryptAES(byte *c, byte *key, byte *m); -void Pretty(byte* b,int len,const char* label); diff --git a/utils/sbinfo/crc.c b/utils/sbinfo/crc.c new file mode 100644 index 0000000000..8030141567 --- /dev/null +++ b/utils/sbinfo/crc.c @@ -0,0 +1,78 @@ +/*************************************************************************** + * __________ __ ___. + * Open \______ \ ____ ____ | | _\_ |__ _______ ___ + * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / + * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < + * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ + * \/ \/ \/ \/ \/ + * $Id$ + * + * Copyright (C) 2010 Amaury Pouly + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ****************************************************************************/ +#include "crypto.h" + +/* Table extracted from firmware, don't know if this is regular CRC32 */ + +static uint32_t crc_table[256] = { + 0x0, 0x4C11DB7, 0x9823B6E, 0x0D4326D9, 0x130476DC, 0x17C56B6B, 0x1A864DB2, + 0x1E475005, 0x2608EDB8, 0x22C9F00F, 0x2F8AD6D6, 0x2B4BCB61, 0x350C9B64, + 0x31CD86D3, 0x3C8EA00A, 0x384FBDBD, 0x4C11DB70, 0x48D0C6C7, 0x4593E01E, + 0x4152FDA9, 0x5F15ADAC, 0x5BD4B01B, 0x569796C2, 0x52568B75, 0x6A1936C8, + 0x6ED82B7F, 0x639B0DA6, 0x675A1011, 0x791D4014, 0x7DDC5DA3, 0x709F7B7A, + 0x745E66CD, 0x9823B6E0, 0x9CE2AB57, 0x91A18D8E, 0x95609039, 0x8B27C03C, + 0x8FE6DD8B, 0x82A5FB52, 0x8664E6E5, 0x0BE2B5B58, 0x0BAEA46EF, 0x0B7A96036, + 0x0B3687D81, 0x0AD2F2D84, 0x0A9EE3033, 0x0A4AD16EA, 0x0A06C0B5D, 0x0D4326D90, + 0x0D0F37027, 0x0DDB056FE, 0x0D9714B49, 0x0C7361B4C, 0x0C3F706FB, 0x0CEB42022, + 0x0CA753D95, 0x0F23A8028, 0x0F6FB9D9F, 0x0FBB8BB46, 0x0FF79A6F1, 0x0E13EF6F4, + 0x0E5FFEB43, 0x0E8BCCD9A, 0x0EC7DD02D, 0x34867077, 0x30476DC0, 0x3D044B19, + 0x39C556AE, 0x278206AB, 0x23431B1C, 0x2E003DC5, 0x2AC12072, 0x128E9DCF, + 0x164F8078, 0x1B0CA6A1, 0x1FCDBB16, 0x18AEB13, 0x54BF6A4, 0x808D07D, + 0x0CC9CDCA, 0x7897AB07, 0x7C56B6B0, 0x71159069, 0x75D48DDE, 0x6B93DDDB, + 0x6F52C06C, 0x6211E6B5, 0x66D0FB02, 0x5E9F46BF, 0x5A5E5B08, 0x571D7DD1, + 0x53DC6066, 0x4D9B3063, 0x495A2DD4, 0x44190B0D, 0x40D816BA, 0x0ACA5C697, + 0x0A864DB20, 0x0A527FDF9, 0x0A1E6E04E, 0x0BFA1B04B, 0x0BB60ADFC, 0x0B6238B25, + 0x0B2E29692, 0x8AAD2B2F, 0x8E6C3698, 0x832F1041, 0x87EE0DF6, 0x99A95DF3, + 0x9D684044, 0x902B669D, 0x94EA7B2A, 0x0E0B41DE7, 0x0E4750050, 0x0E9362689, + 0x0EDF73B3E, 0x0F3B06B3B, 0x0F771768C, 0x0FA325055, 0x0FEF34DE2, 0x0C6BCF05F, + 0x0C27DEDE8, 0x0CF3ECB31, 0x0CBFFD686, 0x0D5B88683, 0x0D1799B34, 0x0DC3ABDED, + 0x0D8FBA05A, 0x690CE0EE, 0x6DCDFD59, 0x608EDB80, 0x644FC637, 0x7A089632, + 0x7EC98B85, 0x738AAD5C, 0x774BB0EB, 0x4F040D56, 0x4BC510E1, 0x46863638, + 0x42472B8F, 0x5C007B8A, 0x58C1663D, 0x558240E4, 0x51435D53, 0x251D3B9E, + 0x21DC2629, 0x2C9F00F0, 0x285E1D47, 0x36194D42, 0x32D850F5, 0x3F9B762C, + 0x3B5A6B9B, 0x315D626, 0x7D4CB91, 0x0A97ED48, 0x0E56F0FF, 0x1011A0FA, + 0x14D0BD4D, 0x19939B94, 0x1D528623, 0x0F12F560E, 0x0F5EE4BB9, 0x0F8AD6D60, + 0x0FC6C70D7, 0x0E22B20D2, 0x0E6EA3D65, 0x0EBA91BBC, 0x0EF68060B, 0x0D727BBB6, + 0x0D3E6A601, 0x0DEA580D8, 0x0DA649D6F, 0x0C423CD6A, 0x0C0E2D0DD, 0x0CDA1F604, + 0x0C960EBB3, 0x0BD3E8D7E, 0x0B9FF90C9, 0x0B4BCB610, 0x0B07DABA7, 0x0AE3AFBA2, + 0x0AAFBE615, 0x0A7B8C0CC, 0x0A379DD7B, 0x9B3660C6, 0x9FF77D71, 0x92B45BA8, + 0x9675461F, 0x8832161A, 0x8CF30BAD, 0x81B02D74, 0x857130C3, 0x5D8A9099, + 0x594B8D2E, 0x5408ABF7, 0x50C9B640, 0x4E8EE645, 0x4A4FFBF2, 0x470CDD2B, + 0x43CDC09C, 0x7B827D21, 0x7F436096, 0x7200464F, 0x76C15BF8, 0x68860BFD, + 0x6C47164A, 0x61043093, 0x65C52D24, 0x119B4BE9, 0x155A565E, 0x18197087, + 0x1CD86D30, 0x29F3D35, 0x65E2082, 0x0B1D065B, 0x0FDC1BEC, 0x3793A651, + 0x3352BBE6, 0x3E119D3F, 0x3AD08088, 0x2497D08D, 0x2056CD3A, 0x2D15EBE3, + 0x29D4F654, 0x0C5A92679, 0x0C1683BCE, 0x0CC2B1D17, 0x0C8EA00A0, 0x0D6AD50A5, + 0x0D26C4D12, 0x0DF2F6BCB, 0x0DBEE767C, 0x0E3A1CBC1, 0x0E760D676, 0x0EA23F0AF, + 0x0EEE2ED18, 0x0F0A5BD1D, 0x0F464A0AA, 0x0F9278673, 0x0FDE69BC4, 0x89B8FD09, + 0x8D79E0BE, 0x803AC667, 0x84FBDBD0, 0x9ABC8BD5, 0x9E7D9662, 0x933EB0BB, + 0x97FFAD0C, 0x0AFB010B1, 0x0AB710D06, 0x0A6322BDF, 0x0A2F33668, 0x0BCB4666D, + 0x0B8757BDA, 0x0B5365D03, 0x0B1F740B4 +}; + +uint32_t crc(byte *data, int size) +{ + uint32_t c = 0xffffffff; + /* normal CRC */ + for(int i = 0; i < size; i++) + c = crc_table[data[i] ^ (c >> 24)] ^ (c << 8); + return c; +} diff --git a/utils/sbinfo/crypto.h b/utils/sbinfo/crypto.h new file mode 100644 index 0000000000..e36900df47 --- /dev/null +++ b/utils/sbinfo/crypto.h @@ -0,0 +1,57 @@ +/*************************************************************************** + * __________ __ ___. + * Open \______ \ ____ ____ | | _\_ |__ _______ ___ + * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / + * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < + * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ + * \/ \/ \/ \/ \/ + * $Id$ + * + * Copyright (C) 2010 Amaury Pouly + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ****************************************************************************/ +#include +#include +#include + +typedef uint8_t byte; + +/* aes128.c */ +void xor_(byte *a, byte *b, int n); +void EncryptAES(byte *msg, byte *key, byte *c); +void DecryptAES(byte *c, byte *key, byte *m); +void Pretty(byte* b,int len,const char* label); +void cbc_mac( + byte *in_data, /* Input data */ + byte *out_data, /* Output data (or NULL) */ + int nr_blocks, /* Number of blocks to encrypt/decrypt (one block=16 bytes) */ + byte key[16], /* Key */ + byte iv[16], /* Initialisation Vector */ + byte (*out_cbc_mac)[16], /* CBC-MAC of the result (or NULL) */ + int encrypt /* 1 to encrypt, 0 to decrypt */ + ); + +/* crc.c */ +uint32_t crc(byte *data, int size); + +/* sha1.c */ +struct sha_1_params_t +{ + uint32_t hash[5]; + uint64_t buffer_nr_bits; + uint32_t w[80]; +}; + +void sha_1_init(struct sha_1_params_t *params); +void sha_1_block(struct sha_1_params_t *params, uint32_t cur_hash[5], byte *data); +void sha_1_update(struct sha_1_params_t *params, byte *buffer, int size); +void sha_1_finish(struct sha_1_params_t *params); +void sha_1_output(struct sha_1_params_t *params, byte *out); diff --git a/utils/sbinfo/sbinfo.c b/utils/sbinfo/sbinfo.c index 779d926011..74b5a0b7be 100644 --- a/utils/sbinfo/sbinfo.c +++ b/utils/sbinfo/sbinfo.c @@ -38,7 +38,7 @@ #include #include #include -#include "aes128_impl.h" +#include "crypto.h" #if 1 /* ANSI colors */ @@ -78,9 +78,6 @@ uint8_t *buf; /* file content */ char out_prefix[PREFIX_SIZE]; const char *key_file; -#define SB_INST_OP(inst) (((inst) >> 8) & 0xff) -#define SB_INST_UNK(inst) ((inst) & 0xff) - #define SB_INST_NOP 0x0 #define SB_INST_TAG 0x1 #define SB_INST_LOAD 0x2 @@ -91,7 +88,9 @@ const char *key_file; struct sb_instruction_header_t { - uint32_t inst; + uint8_t checksum; + uint8_t opcode; + uint16_t zero_except_for_tag; } __attribute__((packed)); struct sb_instruction_load_t @@ -114,6 +113,7 @@ struct sb_instruction_call_t { struct sb_instruction_header_t hdr; uint32_t addr; + uint32_t zero; uint32_t arg; } __attribute__((packed)); @@ -165,6 +165,12 @@ static void print_key(byte key[16]) printf("%02X ", key[i]); } +static void print_sha1(byte sha[20]) +{ + for(int i = 0; i < 20; i++) + printf("%02X ", sha[i]); +} + /* verify the firmware header */ static void check(unsigned long filesize) { @@ -242,56 +248,17 @@ static key_array_t read_keys(int num_keys) return keys; } -static void cbc_mac( - byte *in_data, /* Input data */ - byte *out_data, /* Output data (or NULL) */ - int nr_blocks, /* Number of blocks to encrypt/decrypt (one block=16 bytes) */ - byte key[16], /* Key */ - byte iv[16], /* Initialisation Vector */ - byte (*out_cbc_mac)[16], /* CBC-MAC of the result (or NULL) */ - int encrypt /* 1 to encrypt, 0 to decrypt */ - ) -{ - byte feedback[16]; - memcpy(feedback, iv, 16); - - if(encrypt) - { - /* for each block */ - for(int i = 0; i < nr_blocks; i++) - { - /* xor it with feedback */ - xor_(feedback, &in_data[i * 16], 16); - /* encrypt it using aes */ - EncryptAES(feedback, key, feedback); - /* write cipher to output */ - if(out_data) - memcpy(&out_data[i * 16], feedback, 16); - } - if(out_cbc_mac) - memcpy(out_cbc_mac, feedback, 16); - } - else - { - /* nothing to do ? */ - if(out_data == NULL) - bugp("can't ask to decrypt with no output buffer"); - - /* for each block */ - for(int i = 0; i < nr_blocks; i++) - { - /* decrypt it using aes */ - DecryptAES(&in_data[i * 16], key, &out_data[i * 16]); - /* xor it with iv */ - xor_(&out_data[i * 16], feedback, 16); - /* copy cipher to iv */ - memcpy(feedback, &in_data[i * 16], 16); - } - } -} - #define ROUND_UP(val, round) ((((val) + (round) - 1) / (round)) * (round)) +static uint8_t instruction_checksum(struct sb_instruction_header_t *hdr) +{ + uint8_t sum = 90; + byte *ptr = (byte *)hdr; + for(int i = 1; i < 16; i++) + sum += ptr[i]; + return sum; +} + static void extract_section(int data_sec, char name[5], byte *buf, int size, const char *indent) { char filename[PREFIX_SIZE + 16]; @@ -308,62 +275,77 @@ static void extract_section(int data_sec, char name[5], byte *buf, int size, con while(pos < size) { struct sb_instruction_header_t *hdr = (struct sb_instruction_header_t *)&buf[pos]; - if(SB_INST_OP(hdr->inst) == SB_INST_LOAD) + printf("%s", indent); + uint8_t checksum = instruction_checksum(hdr); + if(checksum != hdr->checksum) + { + color(GREY); + printf("[Bad checksum]"); + } + + if(hdr->opcode == SB_INST_LOAD) { struct sb_instruction_load_t *load = (struct sb_instruction_load_t *)&buf[pos]; color(RED); - printf("%sLOAD", indent); + printf("LOAD"); color(OFF);printf(" | "); color(BLUE); - printf("addr=%#08x", load->addr); + printf("addr=0x%08x", load->addr); color(OFF);printf(" | "); color(GREEN); - printf("len=%#08x", load->len); + printf("len=0x%08x", load->len); color(OFF);printf(" | "); color(YELLOW); - printf("crc=%#08x\n", load->crc); - color(OFF); + printf("crc=0x%08x", load->crc); + /* data is padded to 16-byte boundary with random data and crc'ed with it */ + uint32_t computed_crc = crc(&buf[pos + sizeof(struct sb_instruction_load_t)], + ROUND_UP(load->len, 16)); + color(RED); + if(load->crc == computed_crc) + printf(" Ok\n"); + else + printf(" Failed (crc=0x%08x)\n", computed_crc); pos += load->len + sizeof(struct sb_instruction_load_t); // unsure about rounding pos = ROUND_UP(pos, 16); } - else if(SB_INST_OP(hdr->inst) == SB_INST_FILL) + else if(hdr->opcode == SB_INST_FILL) { struct sb_instruction_fill_t *fill = (struct sb_instruction_fill_t *)&buf[pos]; color(RED); - printf("%sFILL", indent); + printf("FILL"); color(OFF);printf(" | "); color(BLUE); - printf("addr=%#08x", fill->addr); + printf("addr=0x%08x", fill->addr); color(OFF);printf(" | "); color(GREEN); - printf("len=%#08x", fill->len); + printf("len=0x%08x", fill->len); color(OFF);printf(" | "); color(YELLOW); - printf("pattern=%#08x\n", fill->pattern); + printf("pattern=0x%08x\n", fill->pattern); color(OFF); pos += sizeof(struct sb_instruction_fill_t); // fixme: useless as pos is a multiple of 16 and fill struct is 4-bytes wide ? pos = ROUND_UP(pos, 16); } - else if(SB_INST_OP(hdr->inst) == SB_INST_CALL || - SB_INST_OP(hdr->inst) == SB_INST_JUMP) + else if(hdr->opcode == SB_INST_CALL || + hdr->opcode == SB_INST_JUMP) { - int is_call = (SB_INST_OP(hdr->inst) == SB_INST_CALL); + int is_call = (hdr->opcode == SB_INST_CALL); struct sb_instruction_call_t *call = (struct sb_instruction_call_t *)&buf[pos]; color(RED); if(is_call) - printf("%sCALL", indent); + printf("CALL"); else - printf("%sJUMP", indent); + printf("JUMP"); color(OFF);printf(" | "); color(BLUE); - printf("addr=%#08x", call->addr); + printf("addr=0x%08x", call->addr); color(OFF);printf(" | "); color(GREEN); - printf("arg=%#08x\n", call->arg); + printf("arg=0x%08x\n", call->arg); color(OFF); pos += sizeof(struct sb_instruction_call_t); @@ -373,7 +355,7 @@ static void extract_section(int data_sec, char name[5], byte *buf, int size, con else { color(RED); - printf("Unknown instruction %d at address %#08lx\n", SB_INST_OP(hdr->inst), (unsigned long)pos); + printf("Unknown instruction %d at address 0x%08lx\n", hdr->opcode, (unsigned long)pos); break; } } @@ -381,12 +363,27 @@ static void extract_section(int data_sec, char name[5], byte *buf, int size, con static void extract(unsigned long filesize) { + struct sha_1_params_t sha_1_params; /* Basic header info */ color(BLUE); printf("Basic info:\n"); color(GREEN); printf("\tHeader SHA-1: "); - printhex(0, 20); + byte *hdr_sha1 = &buf[0]; + color(YELLOW); + print_sha1(hdr_sha1); + /* Check SHA1 sum */ + byte computed_sha1[20]; + sha_1_init(&sha_1_params); + sha_1_update(&sha_1_params, &buf[0x14], 0x4C); + sha_1_finish(&sha_1_params); + sha_1_output(&sha_1_params, computed_sha1); + color(RED); + if(memcmp(hdr_sha1, computed_sha1, 20) == 0) + printf(" Ok\n"); + else + printf(" Failed\n"); + color(GREEN); printf("\tFlags: "); printhex(0x18, 4); printf("\tTotal file size : %ld\n", filesize); @@ -448,6 +445,7 @@ static void extract(unsigned long filesize) /* copy the cbc mac */ byte hdr_cbc_mac[16]; memcpy(hdr_cbc_mac, &buf[0x60 + 16 * num_chunks + 32 * i], 16); + color(YELLOW); print_key(hdr_cbc_mac); /* check it */ byte computed_cbc_mac[16]; @@ -464,14 +462,17 @@ static void extract(unsigned long filesize) printf("\t\tEncrypted key : "); byte (*encrypted_key)[16]; encrypted_key = (key_array_t)&buf[0x60 + 16 * num_chunks + 32 * i + 16]; + color(YELLOW); print_key(*encrypted_key); printf("\n"); + color(GREEN); /* decrypt */ byte decrypted_key[16]; byte iv[16]; memcpy(iv, buf, 16); /* uses the first 16-bytes of SHA-1 sig as IV */ cbc_mac(*encrypted_key, decrypted_key, 1, keys[i], iv, NULL, 0); printf("\t\tDecrypted key : "); + color(YELLOW); print_key(decrypted_key); /* cross-check or copy */ if(i == 0) @@ -532,11 +533,32 @@ static void extract(unsigned long filesize) /* final signature */ color(BLUE); - printf("Final signature:\n\t"); + printf("Final signature:\n"); color(GREEN); + printf("\tEncrypted signature:\n"); + color(YELLOW); + printf("\t\t"); printhex(filesize - 32, 16); - printf("\t"); + printf("\t\t"); printhex(filesize - 16, 16); + /* decrypt it */ + byte *encrypted_block = &buf[filesize - 32]; + byte decrypted_block[32]; + cbc_mac(encrypted_block, decrypted_block, 2, real_key, buf, NULL, 0); + color(GREEN); + printf("\tDecrypted SHA-1:\n\t\t"); + color(YELLOW); + print_sha1(decrypted_block); + /* check it */ + sha_1_init(&sha_1_params); + sha_1_update(&sha_1_params, buf, filesize - 32); + sha_1_finish(&sha_1_params); + sha_1_output(&sha_1_params, computed_sha1); + color(RED); + if(memcmp(decrypted_block, computed_sha1, 20) == 0) + printf(" Ok\n"); + else + printf(" Failed\n"); } int main(int argc, const char **argv) diff --git a/utils/sbinfo/sha1.c b/utils/sbinfo/sha1.c new file mode 100644 index 0000000000..99657fb14a --- /dev/null +++ b/utils/sbinfo/sha1.c @@ -0,0 +1,150 @@ +/*************************************************************************** + * __________ __ ___. + * Open \______ \ ____ ____ | | _\_ |__ _______ ___ + * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / + * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < + * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ + * \/ \/ \/ \/ \/ + * $Id$ + * + * Copyright (C) 2010 Amaury Pouly + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ****************************************************************************/ +/* Based on http://en.wikipedia.org/wiki/SHA-1 */ +#include "crypto.h" + +static uint32_t rot_left(uint32_t val, int rot) +{ + return (val << rot) | (val >> (32 - rot)); +} + +static inline void byte_swapxx(byte *ptr, int size) +{ + for(int i = 0; i < size / 2; i++) + { + byte c = ptr[i]; + ptr[i] = ptr[size - i - 1]; + ptr[size - i - 1] = c; + } +} + +static void byte_swap32(uint32_t *v) +{ + byte_swapxx((byte *)v, 4); +} + +void sha_1_init(struct sha_1_params_t *params) +{ + params->hash[0] = 0x67452301; + params->hash[1] = 0xEFCDAB89; + params->hash[2] = 0x98BADCFE; + params->hash[3] = 0x10325476; + params->hash[4] = 0xC3D2E1F0; + params->buffer_nr_bits = 0; +} + +void sha_1_update(struct sha_1_params_t *params, byte *buffer, int size) +{ + int buffer_nr_bytes = (params->buffer_nr_bits / 8) % 64; + params->buffer_nr_bits += 8 * size; + int pos = 0; + if(buffer_nr_bytes + size >= 64) + { + pos = 64 - buffer_nr_bytes; + memcpy((byte *)(params->w) + buffer_nr_bytes, buffer, 64 - buffer_nr_bytes); + sha_1_block(params, params->hash, (byte *)params->w); + for(; pos + 64 <= size; pos += 64) + sha_1_block(params, params->hash, buffer + pos); + buffer_nr_bytes = 0; + } + memcpy((byte *)(params->w) + buffer_nr_bytes, buffer + pos, size - pos); +} + +void sha_1_finish(struct sha_1_params_t *params) +{ + /* length (in bits) in big endian BEFORE preprocessing */ + byte length_big_endian[8]; + memcpy(length_big_endian, ¶ms->buffer_nr_bits, 8); + byte_swapxx(length_big_endian, 8); + /* append '1' and then '0's to the message to get 448 bit length for the last block */ + byte b = 0x80; + sha_1_update(params, &b, 1); + b = 0; + while((params->buffer_nr_bits % 512) != 448) + sha_1_update(params, &b, 1); + /* append length */ + sha_1_update(params, length_big_endian, 8); + /* go back to big endian */ + for(int i = 0; i < 5; i++) + byte_swap32(¶ms->hash[i]); +} + +void sha_1_output(struct sha_1_params_t *params, byte *out) +{ + memcpy(out, params->hash, 20); +} + +void sha_1_block(struct sha_1_params_t *params, uint32_t cur_hash[5], byte *data) +{ + uint32_t a, b, c, d, e; + a = cur_hash[0]; + b = cur_hash[1]; + c = cur_hash[2]; + d = cur_hash[3]; + e = cur_hash[4]; + + #define w params->w + + memcpy(w, data, 64); + for(int i = 0; i < 16; i++) + byte_swap32(&w[i]); + + for(int i = 16; i <= 79; i++) + w[i] = rot_left(w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16], 1); + + for(int i = 0; i<= 79; i++) + { + uint32_t f, k; + if(i <= 19) + { + f = (b & c) | ((~b) & d); + k = 0x5A827999; + } + else if(i <= 39) + { + f = b ^ c ^ d; + k = 0x6ED9EBA1; + } + else if(i <= 59) + { + f = (b & c) | (b & d) | (c & d); + k = 0x8F1BBCDC; + } + else + { + f = b ^ c ^ d; + k = 0xCA62C1D6; + } + uint32_t temp = rot_left(a, 5) + f + e + k + w[i]; + e = d; + d = c; + c = rot_left(b, 30); + b = a; + a = temp; + } + #undef w + + cur_hash[0] += a; + cur_hash[1] += b; + cur_hash[2] += c; + cur_hash[3] += d; + cur_hash[4] += e; +}