diff options
| author | Marcin Bukat <marcin.bukat@gmail.com> | 2012-03-04 15:34:29 +0100 |
|---|---|---|
| committer | Marcin Bukat <marcin.bukat@gmail.com> | 2013-06-27 13:50:11 +0200 |
| commit | 0b29691324e5700f15ea653592bf29f8552d47d7 (patch) | |
| tree | 00e4f77f28c813a493cd8af22170f486f6e82903 /firmware/target/arm/pp/mi4-loader.c | |
| parent | 46ea8bfe7c690c8db230fff3a582a69779f8e432 (diff) | |
| download | rockbox-0b29691324e5700f15ea653592bf29f8552d47d7.tar.gz rockbox-0b29691324e5700f15ea653592bf29f8552d47d7.zip | |
Move load_firmware() to separate file
The idea is to share loading code between bootloaders and rolo().
Change-Id: I1656ed91946d7a05cb7c9fa7a16793c3c862a5cd
Reviewed-on: http://gerrit.rockbox.org/190
Reviewed-by: Marcin Bukat <marcin.bukat@gmail.com>
Diffstat (limited to 'firmware/target/arm/pp/mi4-loader.c')
| -rw-r--r-- | firmware/target/arm/pp/mi4-loader.c | 237 |
1 files changed, 237 insertions, 0 deletions
diff --git a/firmware/target/arm/pp/mi4-loader.c b/firmware/target/arm/pp/mi4-loader.c new file mode 100644 index 0000000000..c465b898b4 --- /dev/null +++ b/firmware/target/arm/pp/mi4-loader.c @@ -0,0 +1,237 @@ +/*************************************************************************** + * __________ __ ___. + * Open \______ \ ____ ____ | | _\_ |__ _______ ___ + * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / + * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < + * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ + * \/ \/ \/ \/ \/ + * + * Copyright (C) 2006 by Barry Wardell + * + * Based on Rockbox iriver bootloader by Linus Nielsen Feltzing + * and the ipodlinux bootloader by Daniel Palffy and Bernard Leach + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ****************************************************************************/ + +#include <stdbool.h> +#include <stdio.h> +#include "config.h" +#include "mi4-loader.h" +#include "loader_strerror.h" +#include "crc32-mi4.h" +#include "file.h" + +static inline unsigned int le2int(unsigned char* buf) +{ + int32_t res = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0]; + + return res; +} + +static inline void int2le(unsigned int val, unsigned char* addr) +{ + addr[0] = val & 0xFF; + addr[1] = (val >> 8) & 0xff; + addr[2] = (val >> 16) & 0xff; + addr[3] = (val >> 24) & 0xff; +} + +static struct tea_key tea_keytable[] = { + { "default" , { 0x20d36cc0, 0x10e8c07d, 0xc0e7dcaa, 0x107eb080 } }, + { "sansa", { 0xe494e96e, 0x3ee32966, 0x6f48512b, 0xa93fbb42 } }, + { "sansa_gh", { 0xd7b10538, 0xc662945b, 0x1b3fce68, 0xf389c0e6 } }, + { "sansa_103", { 0x1d29ddc0, 0x2579c2cd, 0xce339e1a, 0x75465dfe } }, + { "rhapsody", { 0x7aa9c8dc, 0xbed0a82a, 0x16204cc7, 0x5904ef38 } }, + { "p610", { 0x950e83dc, 0xec4907f9, 0x023734b9, 0x10cfb7c7 } }, + { "p640", { 0x220c5f23, 0xd04df68e, 0x431b5e25, 0x4dcc1fa1 } }, + { "virgin", { 0xe83c29a1, 0x04862973, 0xa9b3f0d4, 0x38be2a9c } }, + { "20gc_eng", { 0x0240772c, 0x6f3329b5, 0x3ec9a6c5, 0xb0c9e493 } }, + { "20gc_fre", { 0xbede8817, 0xb23bfe4f, 0x80aa682d, 0xd13f598c } }, + { "elio_p722", { 0x6af3b9f8, 0x777483f5, 0xae8181cc, 0xfa6d8a84 } }, + { "c200", { 0xbf2d06fa, 0xf0e23d59, 0x29738132, 0xe2d04ca7 } }, + { "c200_103", { 0x2a7968de, 0x15127979, 0x142e60a7, 0xe49c1893 } }, + { "c200_106", { 0xa913d139, 0xf842f398, 0x3e03f1a6, 0x060ee012 } }, + { "view", { 0x70e19bda, 0x0c69ea7d, 0x2b8b1ad1, 0xe9767ced } }, + { "sa9200", { 0x33ea0236, 0x9247bdc5, 0xdfaedf9f, 0xd67c9d30 } }, + { "hdd1630/hdd63x0", { 0x04543ced, 0xcebfdbad, 0xf7477872, 0x0d12342e } }, + { "vibe500", { 0xe3a66156, 0x77c6b67a, 0xe821dca5, 0xca8ca37c } }, +}; + +/* + +tea_decrypt() from http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm + +"Following is an adaptation of the reference encryption and decryption +routines in C, released into the public domain by David Wheeler and +Roger Needham:" + +*/ + +/* NOTE: The mi4 version of TEA uses a different initial value to sum compared + to the reference implementation and the main loop is 8 iterations, not + 32. +*/ + +static void tea_decrypt(uint32_t* v0, uint32_t* v1, uint32_t* k) { + uint32_t sum=0xF1BBCDC8, i; /* set up */ + uint32_t delta=0x9E3779B9; /* a key schedule constant */ + uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */ + for(i=0; i<8; i++) { /* basic cycle start */ + *v1 -= ((*v0<<4) + k2) ^ (*v0 + sum) ^ ((*v0>>5) + k3); + *v0 -= ((*v1<<4) + k0) ^ (*v1 + sum) ^ ((*v1>>5) + k1); + sum -= delta; /* end cycle */ + } +} + +/* mi4 files are encrypted in 64-bit blocks (two little-endian 32-bit + integers) and the key is incremented after each block + */ + +static void tea_decrypt_buf(unsigned char* src, + unsigned char* dest, + size_t n, uint32_t * key) +{ + uint32_t v0, v1; + unsigned int i; + + for (i = 0; i < (n / 8); i++) { + v0 = le2int(src); + v1 = le2int(src+4); + + tea_decrypt(&v0, &v1, key); + + int2le(v0, dest); + int2le(v1, dest+4); + + src += 8; + dest += 8; + + /* Now increment the key */ + key[0]++; + if (key[0]==0) { + key[1]++; + if (key[1]==0) { + key[2]++; + if (key[2]==0) { + key[3]++; + } + } + } + } +} + +static int tea_find_key(struct mi4header_t *mi4header, unsigned char* buf) +{ + unsigned int i; + uint32_t key[4]; + uint32_t keyinc; + unsigned char magic_dec[8]; + int key_found = -1; + unsigned int magic_location = mi4header->length-4; + int unaligned = 0; + + if ( (magic_location % 8) != 0 ) + { + unaligned = 1; + magic_location -= 4; + } + + for (i=0; i < NUM_KEYS && (key_found<0) ; i++) { + key[0] = tea_keytable[i].key[0]; + key[1] = tea_keytable[i].key[1]; + key[2] = tea_keytable[i].key[2]; + key[3] = tea_keytable[i].key[3]; + + /* Now increment the key */ + keyinc = (magic_location-mi4header->plaintext)/8; + if ((key[0]+keyinc) < key[0]) key[1]++; + key[0] += keyinc; + if (key[1]==0) key[2]++; + if (key[2]==0) key[3]++; + + /* Decrypt putative magic */ + tea_decrypt_buf(&buf[magic_location], magic_dec, 8, key); + + if (le2int(&magic_dec[4*unaligned]) == 0xaa55aa55) + { + key_found = i; + } + } + + return key_found; +} + +/* Load mi4 format firmware image */ +int load_mi4(unsigned char* buf, + const char* firmware, + unsigned int buffer_size) +{ + int fd; + struct mi4header_t mi4header; + int rc; + unsigned long sum; + char filename[MAX_PATH]; + + snprintf(filename,sizeof(filename), BOOTDIR "/%s",firmware); + fd = open(filename, O_RDONLY); + if(fd < 0) + { + snprintf(filename,sizeof(filename),"/%s",firmware); + fd = open(filename, O_RDONLY); + if(fd < 0) + return EFILE_NOT_FOUND; + } + + read(fd, &mi4header, MI4_HEADER_SIZE); + + /* MI4 file size */ + if ((mi4header.mi4size-MI4_HEADER_SIZE) > buffer_size) + { + close(fd); + return EFILE_TOO_BIG; + } + + /* Load firmware file */ + lseek(fd, MI4_HEADER_SIZE, SEEK_SET); + rc = read(fd, buf, mi4header.mi4size-MI4_HEADER_SIZE); + close(fd); + if(rc < (int)mi4header.mi4size-MI4_HEADER_SIZE) + return EREAD_IMAGE_FAILED; + + /* Check CRC32 to see if we have a valid file */ + sum = chksum_crc32 (buf, mi4header.mi4size - MI4_HEADER_SIZE); + + if(sum != mi4header.crc32) + return EBAD_CHKSUM; + + if( (mi4header.plaintext + MI4_HEADER_SIZE) != mi4header.mi4size) + { + /* Load encrypted firmware */ + int key_index = tea_find_key(&mi4header, buf); + + if (key_index < 0) + return EINVALID_FORMAT; + + /* Plaintext part is already loaded */ + buf += mi4header.plaintext; + + /* Decrypt in-place */ + tea_decrypt_buf(buf, buf, + mi4header.mi4size-(mi4header.plaintext+MI4_HEADER_SIZE), + tea_keytable[key_index].key); + + /* Check decryption was successfull */ + if(le2int(&buf[mi4header.length-mi4header.plaintext-4]) != 0xaa55aa55) + return EREAD_IMAGE_FAILED; + } + + return mi4header.mi4size - MI4_HEADER_SIZE; +} |