• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#! /bin/sh
2
3#If want to decrypt ddr_init.bin,u-boot.bin and their signatures,
4#you must to set the KEY and IV for aes, and IV can't be zero;
5#otherwise, ddr_init.bin, u-boot.bin and their signatures would
6#not be decrypted.
7
8#The IV and KEY must be used at the same time.
9
10#The length of IV should be 16 Byte.
11IV=
12
13#The length of KEY should be 32 Byte.
14KEY=
15
16#please set ddr_file uboot_file
17ddr_init_file=ddr_init_reg_info.bin
18uboot_file=u-boot-original.bin
19
20echo "please set ddr_init_file/uboot_file !!!"
21echo "";
22echo "usage:";
23echo "     ddr_init_file = $ddr_init_file";
24echo ""
25echo "     uboot_file    = $uboot_file";
26echo "";
27echo "     IV            = $IV";
28echo "";
29echo "     KEY           = $KEY";
30echo "";
31
32
33dec2hex(){
34	printf "0x%08x" $1
35}
36
37function H_TO_NL {
38        local tmp1=$[$1 & 0xff]
39        local tmp2=$[$[$1 & 0xff00] >> 8]
40        local tmp3=$[$[$1 & 0xff0000] >> 16]
41        local tmp4=$[$[$1 & 0xff000000] >> 24]
42        local val=$[$[$tmp1 << 24] | $[$tmp2 << 16] | $[$tmp3 << 8] | $tmp4]
43
44        echo $val
45}
46
47##################2048############################
48if [ -f rsa2048pem/rsa_pub_2048.pem ]; then
49echo "....................rsa_2048........................."
50#4:RSA_pub
51openssl base64 -d -in rsa2048pem/rsa_pub_2048.pem -out private.bin
52dd if=./private.bin of=./fb1 bs=1 skip=33 count=256
53for((i=1;i<=253;i++))
54do
55	echo 0x00 | xxd -r >> fb2
56done
57dd if=./private.bin of=./fb3 bs=1 skip=291 count=3
58cat fb1 fb2 fb3 > all.bin
59cp all.bin rsa2048pem/rsa_pub_2048.bin
60filesize=`wc -c < all.bin`
61if [ $filesize == 512 ];then
62echo ""
63echo 0:RSA_PUB creat OK!
64echo RSA_PUB file_size = $filesize
65echo ""
66else
67echo 0:RSA_PUB creat error!
68echo RSA_PUB file_size = $filesize
69echo ""
70fi
71rm -f fb1 fb2 fb3 private.bin
72
73#5:IV
74if [ $IV ];then
75echo 0x$IV | xxd -r >> all.bin
76else
77echo 0x00000000000000000000000000000000 | xxd -r >> all.bin
78fi
79
80#6:DDR_len
81#1)The ddr image must be filled with 16 bytes.
82filesize=`wc -c < $ddr_init_file`
83echo "1:The ddr image must be 16-byte aligned!"
84echo $ddr_init_file dec_size = $filesize
85a=$(($filesize % 16))
86if [ $a == 0 ];then
87b=0
88else
89b=$((16-$a))
90fi
91cp $ddr_init_file ddr_16byte_alig.bin
92for((i=1;i<=$b;i++))
93do
94	echo 0x00 | xxd -r >> ddr_16byte_alig.bin
95done
96filesize=`wc -c < ddr_16byte_alig.bin`
97echo ddr_16byte_alig.bin dec_size = $filesize
98echo ""
99#2)fill iamge len
100a=$(dec2hex $filesize)
101a=$(H_TO_NL $a)
102a=$(dec2hex $a)
103echo $a | xxd -r > ddr_len.txt
104#big_lit ddr_len.txt
105cat ddr_len.txt >> all.bin
106
107#7:DDR.BIN
108cat ddr_16byte_alig.bin >> all.bin
109
110#8:ddr_sig
111openssl dgst -sha256 -sign rsa2048pem/rsa_priv_2048.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out ddr_sig.bin ddr_16byte_alig.bin
112if [ -f ddr_sig.bin ]; then
113echo 2:creat ddr_sig.bin ok!
114echo ""
115fi
116
117cat ddr_sig.bin >> all.bin
118
119#9:u-boot_len
120#1)The boot image must be filled with 16 bytes.
121filesize=`wc -c < $uboot_file`
122echo "3:The boot image must be 16-byte aligned!"
123echo $uboot_file dec_size = $filesize
124a=$(($filesize % 16))
125if [ $a == 0 ];then
126b=0
127else
128b=$((16-$a))
129fi
130cp $uboot_file uboot_16byte_alig.bin
131for((i=1;i<=$b;i++))
132do
133	echo 0x00 | xxd -r >> uboot_16byte_alig.bin
134done
135#2)fill iamge len
136filesize=`wc -c < uboot_16byte_alig.bin`
137filesize=$[filesize]
138echo uboot_16byte_alig.bin dec_size = $filesize
139echo ""
140a=$(dec2hex $filesize)
141a=$(H_TO_NL $a)
142a=$(dec2hex $a)
143echo $a | xxd -r > uboot_len.txt
144#big_lit uboot_len.txt
145cat uboot_len.txt >> all.bin
146
147#10:u-boot.bin + uboot_sing.bin
148if [ $KEY ]; then
149#IV and KEY have set,
150#1) Obtain a new KEY by decrypting the ECB mode.
151echo 0x50db86c592c52f0c436cca6f2ffecaf5 | xxd -r > seed_1.bin
152echo 0x4a96ae013fc60e205e9da4c9d5ad9b99 | xxd -r > seed_2.bin
153openssl enc -nopad -d -nosalt -aes-256-ecb -K "$KEY"  -in seed_1.bin -out out_1.bin
154openssl enc -nopad -d -nosalt -aes-256-ecb -K "$KEY"  -in seed_2.bin -out out_2.bin
155cat out_2.bin >> out_1.bin
156KEY_ecb=$(xxd -ps out_1.bin | sed 'N;s/\n//g')
157rm out_*.bin seed_*.bin
158echo 4:Obtain a new KEY by decrypting the ECB mode!
159echo new_KEY = $KEY_ecb
160echo ""
161#boot_sig+boot ---->> openssl_cbc ------>> cbc mode boot
162#2)boot_sig+boot
163openssl dgst -sha256 -sign rsa2048pem/rsa_priv_2048.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out uboot_sig.bin uboot_16byte_alig.bin
164if [ -f uboot_sig.bin ];then
165echo 5:AES:creat uboot_sig.bin OK!
166echo ""
167else
168echo 5:AES:creat uboot_sig.bin error!
169echo ""
170fi
171cp uboot_16byte_alig.bin u-cbc.bin
172cat uboot_sig.bin >> u-cbc.bin
173#3) Use the new KEY and IV to encrypt the image in CBC mode.
174if [ $IV ];then
175openssl enc -aes-256-cbc -nopad -K "$KEY_ecb"  -iv "$IV" -in u-cbc.bin -out cbc_boot.bin
176else
177echo error: please set IV!
178fi
179cat cbc_boot.bin >> all.bin
180rm u-cbc.bin cbc_boot.bin
181
182else
183#If the IV and KEY are not set, use the default image.
184#1)boot_bin
185cat uboot_16byte_alig.bin >> all.bin
186#2):boot_sig
187openssl dgst -sha256 -sign rsa2048pem/rsa_priv_2048.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out uboot_sig.bin uboot_16byte_alig.bin
188if [ -f uboot_sig.bin ];then
189echo 4:RSA:creat uboot_sig.bin OK!
190echo ""
191else
192echo 4:RSA:creat uboot_sig.bin error!
193fi
194cat uboot_sig.bin >> all.bin
195fi
196
197#1:MAGIC
198touch head.txt
199val=0x4253424D
200val=$(H_TO_NL $val)
201val=$(dec2hex $val)
202echo $val | xxd -r > head.txt
203
204#2:TOTAL_LEN
205filesize=`wc -c < all.bin`
206filesize=$[$filesize+16]
207echo all.bin dec_size = $filesize
208a=$(dec2hex $filesize)
209a=$(H_TO_NL $a)
210a=$(dec2hex $a)
211echo $a | xxd -r >> head.txt
212
213#3:RSA2048
214a=0x00000100
215a=$(H_TO_NL $a)
216a=$(dec2hex $a)
217echo $a | xxd -r >> head.txt
218echo $a | xxd -r >> head.txt
219
220#######big->lit##########
221#touch head_e.txt
222#Fill in the first 16 bytes of the image.
223cat all.bin  >> head.txt
224cat head.txt > u-boot-rsa2048.bin
225
226#Gets the hash value of the public KEY
227echo Gets the hash value of the public KEY!
228dd if=./u-boot-rsa2048.bin of=rsa2048pem/rsa_pub_2048.bin bs=1 skip=16 count=512
229openssl dgst -sha256 -r  -hex rsa2048pem/rsa_pub_2048.bin >rsa2048pem/rsa_pub_2048_sha256.txt
230./HASH rsa2048pem/rsa_pub_2048_sha256.txt
231./HASH rsa2048pem/rsa_pub_2048_sha256.txt > rsa2048pem/rsa2048_pem_hash_val.txt
232#clean
233rm ddr_16byte_alig.bin uboot_16byte_alig.bin all.bin
234rm *.txt *_sig.bin
235echo "....................................................."
236echo
237echo
238fi
239
240##################################################
241####################4096##########################
242#################################################
243if [ -f rsa4096pem/rsa_pub_4096.pem ]; then
244echo "....................rsa_4096........................."
245#4:RSA_pub
246openssl base64 -d -in rsa4096pem/rsa_pub_4096.pem -out private_4096.bin
247dd if=./private_4096.bin of=./fb1 bs=1 skip=33 count=512
248for((i=1;i<=509;i++))
249do
250	echo 0x00 | xxd -r >> fb2
251done
252dd if=./private_4096.bin of=./fb3 bs=1 skip=547 count=3
253cat fb1 fb2 fb3 > all.bin
254
255filesize=`wc -c < all.bin`
256if [ $filesize == 1024 ];then
257	echo ""
258	echo 0:RSA_PUB creat OK!
259	echo RSA_PUB file_size = $filesize
260	echo ""
261else
262	echo 0:RSA_PUB creat error!
263	echo RSA_PUB file_size = $filesize
264	echo ""
265fi
266rm -f fb1 fb2 fb3 private.bin
267
268#5:IV
269if [ $IV ];then
270echo 0x$IV | xxd -r >> all.bin
271else
272echo 0x00000000000000000000000000000000 | xxd -r >> all.bin
273fi
274
275#6:DDR_len
276#1)The ddr image must be filled with 16 bytes.
277filesize=`wc -c < $ddr_init_file`
278echo "1:The ddr image must be 16-byte aligned!"
279echo $ddr_init_file dec_size = $filesize
280a=$(($filesize % 16))
281if [ $a == 0 ];then
282b=0
283else
284b=$((16-$a))
285fi
286cp $ddr_init_file ddr_16byte_alig.bin
287for((i=1;i<=$b;i++))
288do
289	echo 0x00 | xxd -r >> ddr_16byte_alig.bin
290done
291filesize=`wc -c < ddr_16byte_alig.bin`
292echo ddr_16byte_alig.bin dec_size = $filesize
293echo ""
294#2)fill iamge len
295a=$(dec2hex $filesize)
296a=$(H_TO_NL $a)
297a=$(dec2hex $a)
298echo $a | xxd -r > ddr_len.txt
299#big_lit ddr_len.txt
300cat ddr_len.txt >> all.bin
301
302#7:DDR.BIN
303openssl dgst -sha256 -sign rsa4096pem/rsa_priv_4096.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out ddr_sig.bin ddr_16byte_alig.bin
304cat ddr_16byte_alig.bin >> all.bin
305
306#8:ddr_sig
307cat ddr_sig.bin >> all.bin
308if [ -f ddr_sig.bin ]; then
309echo 2:creat ddr_sig.bin ok!
310echo ""
311fi
312
313#9:u-boot_len
314#1)The boot image must be filled with 16 bytes.
315filesize=`wc -c < $uboot_file`
316echo "3:The boot image must be 16-byte aligned!"
317echo $uboot_file dec_size = $filesize
318a=$(($filesize % 16))
319if [ $a == 0 ];then
320b=0
321else
322b=$((16-$a))
323fi
324cp $uboot_file uboot_16byte_alig.bin
325for((i=1;i<=$b;i++))
326do
327	echo 0x00 | xxd -r >> uboot_16byte_alig.bin
328done
329#2)fill iamge len
330filesize=`wc -c < uboot_16byte_alig.bin`
331filesize=$[filesize]
332echo uboot_16byte_alig.bin dec_size = $filesize
333echo ""
334a=$(dec2hex $filesize)
335a=$(H_TO_NL $a)
336a=$(dec2hex $a)
337echo $a | xxd -r > uboot_len.txt
338#big_lit uboot_len.txt
339cat uboot_len.txt >> all.bin
340
341#10:u-boot.bin + uboot_sing.bin
342if [ $KEY ]; then
343#IV and KEY have set,
344#1) Obtain a new KEY by decrypting the ECB mode.
345echo 0x50db86c592c52f0c436cca6f2ffecaf5 | xxd -r > seed_1.bin
346echo 0x4a96ae013fc60e205e9da4c9d5ad9b99 | xxd -r > seed_2.bin
347openssl enc -nopad -d -nosalt -aes-256-ecb -K "$KEY"  -in seed_1.bin -out out_1.bin
348openssl enc -nopad -d -nosalt -aes-256-ecb -K "$KEY"  -in seed_2.bin -out out_2.bin
349cat out_2.bin >> out_1.bin
350KEY_ecb=$(xxd -ps out_1.bin | sed 'N;s/\n//g')
351rm out_*.bin seed_*.bin
352echo 4:Obtain a new KEY by decrypting the ECB mode!
353echo new_KEY = $KEY_ecb
354echo ""
355#boot_sig+boot ---->> openssl_cbc ------>> cbc mode boot
356#2)boot_sig+boot
357openssl dgst -sha256 -sign rsa4096pem/rsa_priv_4096.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out uboot_sig.bin uboot_16byte_alig.bin
358if [ -f uboot_sig.bin ];then
359echo 5:AES:creat uboot_sig.bin OK!
360echo ""
361else
362echo 5:AES:creat uboot_sig.bin error!
363echo ""
364fi
365
366cp uboot_16byte_alig.bin u-cbc.bin
367cat uboot_sig.bin >> u-cbc.bin
368#3) Use the new KEY and IV to encrypt the image in CBC mode.
369if [ $IV ];then
370openssl enc -aes-256-cbc -nopad -K "$KEY_ecb"  -iv "$IV" -in u-cbc.bin -out cbc_boot.bin
371fi
372cat cbc_boot.bin >> all.bin
373rm u-cbc.bin cbc_boot.bin
374
375else
376#If the IV and KEY are not set, use the default image.
377#1)boot_bin
378cat uboot_16byte_alig.bin >> all.bin
379#2):boot_sig
380openssl dgst -sha256 -sign rsa4096pem/rsa_priv_4096.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out uboot_sig.bin uboot_16byte_alig.bin
381if [ -f uboot_sig.bin ];then
382echo 4:RSA:creat uboot_sig.bin OK!
383echo ""
384else
385echo 4:RSA:creat uboot_sig.bin error!
386echo ""
387fi
388cat uboot_sig.bin >> all.bin
389fi
390
391#1:MAGIC
392touch head.txt
393val=0x4253424D
394val=$(H_TO_NL $val)
395val=$(dec2hex $val)
396echo $val | xxd -r > head.txt
397
398#2:TOTAL_LEN
399filesize=`wc -c < all.bin`
400filesize=$[$filesize+16]
401echo all.bin dec_size = $filesize
402a=$(dec2hex $filesize)
403a=$(H_TO_NL $a)
404a=$(dec2hex $a)
405echo $a | xxd -r >> head.txt
406
407#3:RSA4096
408a=0x00000200
409a=$(H_TO_NL $a)
410a=$(dec2hex $a)
411echo $a | xxd -r >> head.txt
412echo $a | xxd -r >> head.txt
413
414#######big->lit##########
415#touch head_e.txt
416#Fill in the first 16 bytes of the image.
417cat all.bin  >> head.txt
418cat head.txt > u-boot-rsa4096.bin
419
420#Gets the hash value of the public KEY
421echo Gets the hash value of the public KEY!
422dd if=./u-boot-rsa4096.bin of=rsa4096pem/rsa_pub_4096.bin bs=1 skip=16 count=1024
423openssl dgst -sha256 -r  -hex rsa4096pem/rsa_pub_4096.bin >rsa4096pem/rsa_pub_4096_sha256.txt
424./HASH rsa4096pem/rsa_pub_4096_sha256.txt
425./HASH rsa4096pem/rsa_pub_4096_sha256.txt > rsa4096pem/rsa4096_pem_hash_val.txt
426
427#clean
428rm ddr_16byte_alig.bin uboot_16byte_alig.bin all.bin
429rm *.txt *_sig.bin
430echo "....................................................."
431fi
432
433