• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (C) 2021 HiSilicon (Shanghai) Technologies CO., LIMITED.
2#
3# This program is free software; you can redistribute it and/or
4# modify it under the terms of the GNU General Public License
5# as published by the Free Software Foundation; either version 2
6# of the License, or (at your option) any later version.
7#
8# This program is distributed in the hope that it will be useful,
9# but WITHOUT ANY WARRANTY; without even the implied warranty of
10# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11# GNU General Public License for more details.
12#
13# You should have received a copy of the GNU General Public License
14# along with this program; if not, write to the Free Software
15# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
16
17#! /bin/sh
18
19#If want to decrypt ddr_init.bin,u-boot.bin and their signatures,
20#you must to set the KEY and IV for aes, and IV can't be zero;
21#otherwise, ddr_init.bin, u-boot.bin and their signatures would
22#not be decrypted.
23
24#The IV and KEY must be used at the same time.
25
26#The length of IV should be 16 Byte.
27IV=
28
29#The length of KEY should be 32 Byte.
30KEY=
31
32#please set ddr_file uboot_file
33ddr_init_file=ddr_init_reg_info.bin
34uboot_file=u-boot-original.bin
35
36echo "please set ddr_init_file/uboot_file !!!"
37echo "";
38echo "usage:";
39echo "     ddr_init_file = $ddr_init_file";
40echo ""
41echo "     uboot_file    = $uboot_file";
42echo "";
43echo "     IV            = $IV";
44echo "";
45echo "     KEY           = $KEY";
46echo "";
47
48
49dec2hex(){
50	printf "0x%08x" $1
51}
52
53function H_TO_NL {
54        local tmp1=$[$1 & 0xff]
55        local tmp2=$[$[$1 & 0xff00] >> 8]
56        local tmp3=$[$[$1 & 0xff0000] >> 16]
57        local tmp4=$[$[$1 & 0xff000000] >> 24]
58        local val=$[$[$tmp1 << 24] | $[$tmp2 << 16] | $[$tmp3 << 8] | $tmp4]
59
60        echo $val
61}
62
63##################2048############################
64if [ -f rsa2048pem/rsa_pub_2048.pem ]; then
65echo "....................rsa_2048........................."
66#4:RSA_pub
67openssl base64 -d -in rsa2048pem/rsa_pub_2048.pem -out private.bin
68dd if=./private.bin of=./fb1 bs=1 skip=33 count=256
69for((i=1;i<=253;i++))
70do
71	echo 0x00 | xxd -r >> fb2
72done
73dd if=./private.bin of=./fb3 bs=1 skip=291 count=3
74cat fb1 fb2 fb3 > all.bin
75cp all.bin rsa2048pem/rsa_pub_2048.bin
76filesize=`wc -c < all.bin`
77if [ $filesize == 512 ];then
78echo ""
79echo 0:RSA_PUB creat OK!
80echo RSA_PUB file_size = $filesize
81echo ""
82else
83echo 0:RSA_PUB creat error!
84echo RSA_PUB file_size = $filesize
85echo ""
86fi
87rm -f fb1 fb2 fb3 private.bin
88
89#5:IV
90if [ $IV ];then
91echo 0x$IV | xxd -r >> all.bin
92else
93echo 0x00000000000000000000000000000000 | xxd -r >> all.bin
94fi
95
96#6:DDR_len
97#1)The ddr image must be filled with 16 bytes.
98filesize=`wc -c < $ddr_init_file`
99echo "1:The ddr image must be 16-byte aligned!"
100echo $ddr_init_file dec_size = $filesize
101a=$(($filesize % 16))
102if [ $a == 0 ];then
103b=0
104else
105b=$((16-$a))
106fi
107cp $ddr_init_file ddr_16byte_alig.bin
108for((i=1;i<=$b;i++))
109do
110	echo 0x00 | xxd -r >> ddr_16byte_alig.bin
111done
112filesize=`wc -c < ddr_16byte_alig.bin`
113echo ddr_16byte_alig.bin dec_size = $filesize
114echo ""
115#2)fill iamge len
116a=$(dec2hex $filesize)
117a=$(H_TO_NL $a)
118a=$(dec2hex $a)
119echo $a | xxd -r > ddr_len.txt
120#big_lit ddr_len.txt
121cat ddr_len.txt >> all.bin
122
123#7:DDR.BIN
124cat ddr_16byte_alig.bin >> all.bin
125
126#8:ddr_sig
127openssl dgst -sha256 -sign rsa2048pem/rsa_priv_2048.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out ddr_sig.bin ddr_16byte_alig.bin
128if [ -f ddr_sig.bin ]; then
129echo 2:creat ddr_sig.bin ok!
130echo ""
131fi
132
133cat ddr_sig.bin >> all.bin
134
135#9:u-boot_len
136#1)The boot image must be filled with 16 bytes.
137filesize=`wc -c < $uboot_file`
138echo "3:The boot image must be 16-byte aligned!"
139echo $uboot_file dec_size = $filesize
140a=$(($filesize % 16))
141if [ $a == 0 ];then
142b=0
143else
144b=$((16-$a))
145fi
146cp $uboot_file uboot_16byte_alig.bin
147for((i=1;i<=$b;i++))
148do
149	echo 0x00 | xxd -r >> uboot_16byte_alig.bin
150done
151#2)fill iamge len
152filesize=`wc -c < uboot_16byte_alig.bin`
153filesize=$[filesize]
154echo uboot_16byte_alig.bin dec_size = $filesize
155echo ""
156a=$(dec2hex $filesize)
157a=$(H_TO_NL $a)
158a=$(dec2hex $a)
159echo $a | xxd -r > uboot_len.txt
160#big_lit uboot_len.txt
161cat uboot_len.txt >> all.bin
162
163#10:u-boot.bin + uboot_sing.bin
164if [ $KEY ]; then
165#IV and KEY have set,
166#1) Obtain a new KEY by decrypting the ECB mode.
167echo 0x50db86c592c52f0c436cca6f2ffecaf5 | xxd -r > seed_1.bin
168echo 0x4a96ae013fc60e205e9da4c9d5ad9b99 | xxd -r > seed_2.bin
169openssl enc -nopad -d -nosalt -aes-256-ecb -K "$KEY"  -in seed_1.bin -out out_1.bin
170openssl enc -nopad -d -nosalt -aes-256-ecb -K "$KEY"  -in seed_2.bin -out out_2.bin
171cat out_2.bin >> out_1.bin
172KEY_ecb=$(xxd -ps out_1.bin | sed 'N;s/\n//g')
173rm out_*.bin seed_*.bin
174echo 4:Obtain a new KEY by decrypting the ECB mode!
175echo new_KEY = $KEY_ecb
176echo ""
177#boot_sig+boot ---->> openssl_cbc ------>> cbc mode boot
178#2)boot_sig+boot
179openssl dgst -sha256 -sign rsa2048pem/rsa_priv_2048.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out uboot_sig.bin uboot_16byte_alig.bin
180if [ -f uboot_sig.bin ];then
181echo 5:AES:creat uboot_sig.bin OK!
182echo ""
183else
184echo 5:AES:creat uboot_sig.bin error!
185echo ""
186fi
187cp uboot_16byte_alig.bin u-cbc.bin
188cat uboot_sig.bin >> u-cbc.bin
189#3) Use the new KEY and IV to encrypt the image in CBC mode.
190if [ $IV ];then
191openssl enc -aes-256-cbc -nopad -K "$KEY_ecb"  -iv "$IV" -in u-cbc.bin -out cbc_boot.bin
192else
193echo error: please set IV!
194fi
195cat cbc_boot.bin >> all.bin
196rm u-cbc.bin cbc_boot.bin
197
198else
199#If the IV and KEY are not set, use the default image.
200#1)boot_bin
201cat uboot_16byte_alig.bin >> all.bin
202#2):boot_sig
203openssl dgst -sha256 -sign rsa2048pem/rsa_priv_2048.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out uboot_sig.bin uboot_16byte_alig.bin
204if [ -f uboot_sig.bin ];then
205echo 4:RSA:creat uboot_sig.bin OK!
206echo ""
207else
208echo 4:RSA:creat uboot_sig.bin error!
209fi
210cat uboot_sig.bin >> all.bin
211fi
212
213#1:MAGIC
214touch head.txt
215val=0x4253424D
216val=$(H_TO_NL $val)
217val=$(dec2hex $val)
218echo $val | xxd -r > head.txt
219
220#2:TOTAL_LEN
221filesize=`wc -c < all.bin`
222filesize=$[$filesize+16]
223echo all.bin dec_size = $filesize
224a=$(dec2hex $filesize)
225a=$(H_TO_NL $a)
226a=$(dec2hex $a)
227echo $a | xxd -r >> head.txt
228
229#3:RSA2048
230a=0x00000100
231a=$(H_TO_NL $a)
232a=$(dec2hex $a)
233echo $a | xxd -r >> head.txt
234echo $a | xxd -r >> head.txt
235
236#######big->lit##########
237#touch head_e.txt
238#Fill in the first 16 bytes of the image.
239cat all.bin  >> head.txt
240cat head.txt > u-boot-rsa2048.bin
241
242#Gets the hash value of the public KEY
243echo Gets the hash value of the public KEY!
244dd if=./u-boot-rsa2048.bin of=rsa2048pem/rsa_pub_2048.bin bs=1 skip=16 count=512
245openssl dgst -sha256 -r  -hex rsa2048pem/rsa_pub_2048.bin >rsa2048pem/rsa_pub_2048_sha256.txt
246./HASH rsa2048pem/rsa_pub_2048_sha256.txt
247./HASH rsa2048pem/rsa_pub_2048_sha256.txt > rsa2048pem/rsa2048_pem_hash_val.txt
248#clean
249rm ddr_16byte_alig.bin uboot_16byte_alig.bin all.bin
250rm *.txt *_sig.bin
251echo "....................................................."
252echo
253echo
254fi
255
256##################################################
257####################4096##########################
258#################################################
259if [ -f rsa4096pem/rsa_pub_4096.pem ]; then
260echo "....................rsa_4096........................."
261#4:RSA_pub
262openssl base64 -d -in rsa4096pem/rsa_pub_4096.pem -out private_4096.bin
263dd if=./private_4096.bin of=./fb1 bs=1 skip=33 count=512
264for((i=1;i<=509;i++))
265do
266	echo 0x00 | xxd -r >> fb2
267done
268dd if=./private_4096.bin of=./fb3 bs=1 skip=547 count=3
269cat fb1 fb2 fb3 > all.bin
270
271filesize=`wc -c < all.bin`
272if [ $filesize == 1024 ];then
273	echo ""
274	echo 0:RSA_PUB creat OK!
275	echo RSA_PUB file_size = $filesize
276	echo ""
277else
278	echo 0:RSA_PUB creat error!
279	echo RSA_PUB file_size = $filesize
280	echo ""
281fi
282rm -f fb1 fb2 fb3 private.bin
283
284#5:IV
285if [ $IV ];then
286echo 0x$IV | xxd -r >> all.bin
287else
288echo 0x00000000000000000000000000000000 | xxd -r >> all.bin
289fi
290
291#6:DDR_len
292#1)The ddr image must be filled with 16 bytes.
293filesize=`wc -c < $ddr_init_file`
294echo "1:The ddr image must be 16-byte aligned!"
295echo $ddr_init_file dec_size = $filesize
296a=$(($filesize % 16))
297if [ $a == 0 ];then
298b=0
299else
300b=$((16-$a))
301fi
302cp $ddr_init_file ddr_16byte_alig.bin
303for((i=1;i<=$b;i++))
304do
305	echo 0x00 | xxd -r >> ddr_16byte_alig.bin
306done
307filesize=`wc -c < ddr_16byte_alig.bin`
308echo ddr_16byte_alig.bin dec_size = $filesize
309echo ""
310#2)fill iamge len
311a=$(dec2hex $filesize)
312a=$(H_TO_NL $a)
313a=$(dec2hex $a)
314echo $a | xxd -r > ddr_len.txt
315#big_lit ddr_len.txt
316cat ddr_len.txt >> all.bin
317
318#7:DDR.BIN
319openssl dgst -sha256 -sign rsa4096pem/rsa_priv_4096.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out ddr_sig.bin ddr_16byte_alig.bin
320cat ddr_16byte_alig.bin >> all.bin
321
322#8:ddr_sig
323cat ddr_sig.bin >> all.bin
324if [ -f ddr_sig.bin ]; then
325echo 2:creat ddr_sig.bin ok!
326echo ""
327fi
328
329#9:u-boot_len
330#1)The boot image must be filled with 16 bytes.
331filesize=`wc -c < $uboot_file`
332echo "3:The boot image must be 16-byte aligned!"
333echo $uboot_file dec_size = $filesize
334a=$(($filesize % 16))
335if [ $a == 0 ];then
336b=0
337else
338b=$((16-$a))
339fi
340cp $uboot_file uboot_16byte_alig.bin
341for((i=1;i<=$b;i++))
342do
343	echo 0x00 | xxd -r >> uboot_16byte_alig.bin
344done
345#2)fill iamge len
346filesize=`wc -c < uboot_16byte_alig.bin`
347filesize=$[filesize]
348echo uboot_16byte_alig.bin dec_size = $filesize
349echo ""
350a=$(dec2hex $filesize)
351a=$(H_TO_NL $a)
352a=$(dec2hex $a)
353echo $a | xxd -r > uboot_len.txt
354#big_lit uboot_len.txt
355cat uboot_len.txt >> all.bin
356
357#10:u-boot.bin + uboot_sing.bin
358if [ $KEY ]; then
359#IV and KEY have set,
360#1) Obtain a new KEY by decrypting the ECB mode.
361echo 0x50db86c592c52f0c436cca6f2ffecaf5 | xxd -r > seed_1.bin
362echo 0x4a96ae013fc60e205e9da4c9d5ad9b99 | xxd -r > seed_2.bin
363openssl enc -nopad -d -nosalt -aes-256-ecb -K "$KEY"  -in seed_1.bin -out out_1.bin
364openssl enc -nopad -d -nosalt -aes-256-ecb -K "$KEY"  -in seed_2.bin -out out_2.bin
365cat out_2.bin >> out_1.bin
366KEY_ecb=$(xxd -ps out_1.bin | sed 'N;s/\n//g')
367rm out_*.bin seed_*.bin
368echo 4:Obtain a new KEY by decrypting the ECB mode!
369echo new_KEY = $KEY_ecb
370echo ""
371#boot_sig+boot ---->> openssl_cbc ------>> cbc mode boot
372#2)boot_sig+boot
373openssl dgst -sha256 -sign rsa4096pem/rsa_priv_4096.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out uboot_sig.bin uboot_16byte_alig.bin
374if [ -f uboot_sig.bin ];then
375echo 5:AES:creat uboot_sig.bin OK!
376echo ""
377else
378echo 5:AES:creat uboot_sig.bin error!
379echo ""
380fi
381
382cp uboot_16byte_alig.bin u-cbc.bin
383cat uboot_sig.bin >> u-cbc.bin
384#3) Use the new KEY and IV to encrypt the image in CBC mode.
385if [ $IV ];then
386openssl enc -aes-256-cbc -nopad -K "$KEY_ecb"  -iv "$IV" -in u-cbc.bin -out cbc_boot.bin
387fi
388cat cbc_boot.bin >> all.bin
389rm u-cbc.bin cbc_boot.bin
390
391else
392#If the IV and KEY are not set, use the default image.
393#1)boot_bin
394cat uboot_16byte_alig.bin >> all.bin
395#2):boot_sig
396openssl dgst -sha256 -sign rsa4096pem/rsa_priv_4096.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out uboot_sig.bin uboot_16byte_alig.bin
397if [ -f uboot_sig.bin ];then
398echo 4:RSA:creat uboot_sig.bin OK!
399echo ""
400else
401echo 4:RSA:creat uboot_sig.bin error!
402echo ""
403fi
404cat uboot_sig.bin >> all.bin
405fi
406
407#1:MAGIC
408touch head.txt
409val=0x4253424D
410val=$(H_TO_NL $val)
411val=$(dec2hex $val)
412echo $val | xxd -r > head.txt
413
414#2:TOTAL_LEN
415filesize=`wc -c < all.bin`
416filesize=$[$filesize+16]
417echo all.bin dec_size = $filesize
418a=$(dec2hex $filesize)
419a=$(H_TO_NL $a)
420a=$(dec2hex $a)
421echo $a | xxd -r >> head.txt
422
423#3:RSA4096
424a=0x00000200
425a=$(H_TO_NL $a)
426a=$(dec2hex $a)
427echo $a | xxd -r >> head.txt
428echo $a | xxd -r >> head.txt
429
430#######big->lit##########
431#touch head_e.txt
432#Fill in the first 16 bytes of the image.
433cat all.bin  >> head.txt
434cat head.txt > u-boot-rsa4096.bin
435
436#Gets the hash value of the public KEY
437echo Gets the hash value of the public KEY!
438dd if=./u-boot-rsa4096.bin of=rsa4096pem/rsa_pub_4096.bin bs=1 skip=16 count=1024
439openssl dgst -sha256 -r  -hex rsa4096pem/rsa_pub_4096.bin >rsa4096pem/rsa_pub_4096_sha256.txt
440./HASH rsa4096pem/rsa_pub_4096_sha256.txt
441./HASH rsa4096pem/rsa_pub_4096_sha256.txt > rsa4096pem/rsa4096_pem_hash_val.txt
442
443#clean
444rm ddr_16byte_alig.bin uboot_16byte_alig.bin all.bin
445rm *.txt *_sig.bin
446echo "....................................................."
447fi
448
449