Commit | Line | Data |
---|---|---|
6fa3eb70 S |
1 | #include <linux/kernel.h> |
2 | #include <linux/module.h> | |
3 | #include <linux/crypto.h> | |
4 | #include <linux/scatterlist.h> | |
5 | #include <linux/gfp.h> | |
6 | #include <linux/err.h> | |
7 | #include <linux/syscalls.h> | |
8 | #include <linux/slab.h> | |
9 | #include <linux/delay.h> | |
10 | #include <linux/sched.h> | |
11 | ||
12 | #include <asm/mach/arch.h> | |
13 | #include <asm/mach/time.h> | |
14 | #include <asm/mach/map.h> | |
15 | #include <asm/mach-types.h> | |
16 | ||
17 | #include <mach/mt_typedefs.h> | |
18 | #include <mach/sbchk_base.h> | |
19 | ||
20 | /************************************************************************** | |
21 | * MODULE DEFINITION | |
22 | **************************************************************************/ | |
23 | #define MOD "SBCHK_BASE" | |
24 | #define KER_SHA1_TEST (0) | |
25 | ||
26 | /************************************************************************** | |
27 | * MODULE MACRO | |
28 | **************************************************************************/ | |
29 | #ifndef ASSERT | |
30 | #define ASSERT(expr) BUG_ON(!(expr)) | |
31 | #endif | |
32 | ||
33 | /************************************************************************** | |
34 | * GLOBAL VARIABLES | |
35 | **************************************************************************/ | |
36 | bool bIsChecked = FALSE; | |
37 | ||
38 | /************************************************************************** | |
39 | * UTILITIES | |
40 | **************************************************************************/ | |
41 | void sbchk_dump(unsigned char* buf, unsigned int len) | |
42 | { | |
43 | unsigned int i = 1; | |
44 | ||
45 | for (i =1; i <len+1; i++) | |
46 | { | |
47 | printk("%02x",buf[i-1]); | |
48 | } | |
49 | ||
50 | printk("\n"); | |
51 | } | |
52 | ||
53 | void sbchk_hex_string(unsigned char* buf, unsigned int len) | |
54 | { | |
55 | unsigned int i = 1; | |
56 | ||
57 | for (i =1; i <len+1; i++) | |
58 | { | |
59 | printk("%c",buf[i-1]); | |
60 | } | |
61 | ||
62 | printk("\n"); | |
63 | } | |
64 | ||
65 | /************************************************************************** | |
66 | * KERNEL SHA1 FUNCTION | |
67 | **************************************************************************/ | |
68 | unsigned int sbchk_sha1(char * code, unsigned int code_len, char* result) | |
69 | { | |
70 | unsigned int ret = SEC_OK; | |
71 | struct scatterlist sg[1]; | |
72 | struct crypto_hash *tfm = NULL; | |
73 | struct hash_desc desc; | |
74 | ||
75 | tfm = crypto_alloc_hash("sha1", 0, CRYPTO_ALG_ASYNC); | |
76 | if(IS_ERR(tfm)) | |
77 | { | |
78 | ret = SBCHK_BASE_HASH_INIT_FAIL; | |
79 | goto _exit; | |
80 | } | |
81 | ||
82 | /* sg_init_one(&sg[0], plaintext, length); */ | |
83 | sg_set_buf(&sg[0], code, code_len); | |
84 | ||
85 | desc.tfm = tfm; | |
86 | desc.flags = 0; | |
87 | memset(result, 0, 20); /* SHA1 returns 20 bytes */ | |
88 | if (crypto_hash_digest(&desc, sg, code_len, result)) | |
89 | { | |
90 | ret = SBCHK_BASE_HASH_DATA_FAIL; | |
91 | goto _exit; | |
92 | } | |
93 | ||
94 | crypto_free_hash(tfm); | |
95 | ||
96 | _exit: | |
97 | ||
98 | return ret; | |
99 | } | |
100 | ||
101 | /************************************************************************** | |
102 | * KERNEL SHA1 TEST | |
103 | **************************************************************************/ | |
104 | void sbchk_test(void) | |
105 | { | |
106 | char * code1 = "2ew34123132513451345"; | |
107 | char * code2 = "234123132513451345"; | |
108 | char * code3 = "2ew34123132513451345"; | |
109 | char *hash_rs1,*hash_rs2,*hash_rs3; | |
110 | ||
111 | hash_rs1 = (char *)kmalloc(HASH_OUTPUT_LEN,GFP_KERNEL); | |
112 | hash_rs2 = (char *)kmalloc(HASH_OUTPUT_LEN,GFP_KERNEL); | |
113 | hash_rs3 = (char *)kmalloc(HASH_OUTPUT_LEN,GFP_KERNEL); | |
114 | ||
115 | sbchk_sha1(code1,strlen(code1),hash_rs1); | |
116 | sbchk_sha1(code2,strlen(code2),hash_rs2); | |
117 | sbchk_sha1(code3,strlen(code3),hash_rs3); | |
118 | ||
119 | printk("[%s] dump result 1:\n",MOD); | |
120 | sbchk_dump(hash_rs1,HASH_OUTPUT_LEN); | |
121 | printk("[%s] dump result 2:\n",MOD); | |
122 | sbchk_dump(hash_rs2,HASH_OUTPUT_LEN); | |
123 | printk("[%s] dump result 3:\n",MOD); | |
124 | sbchk_dump(hash_rs3,HASH_OUTPUT_LEN); | |
125 | ||
126 | if(memcmp(hash_rs1,hash_rs2,HASH_OUTPUT_LEN) != 0) | |
127 | { | |
128 | printk("[%s] <1>code1 != code2. TEST PASS\n",MOD); | |
129 | } | |
130 | else | |
131 | { | |
132 | printk("[%s] <1>code1 == code2. TEST FAIL (KERNEL SHA1 FAIL)\n",MOD); | |
133 | ASSERT(0); | |
134 | } | |
135 | ||
136 | if(memcmp(hash_rs1,hash_rs3,HASH_OUTPUT_LEN) != 0) | |
137 | { | |
138 | printk("[%s] <1>code1 != code3. TEST FAIL (KERNEL SHA1 FAIL)\n",MOD); | |
139 | ASSERT(0); | |
140 | } | |
141 | else | |
142 | { | |
143 | printk("[%s] <1>code1 == code3. TEST PASS\n",MOD); | |
144 | } | |
145 | ||
146 | kfree(hash_rs1); | |
147 | kfree(hash_rs2); | |
148 | kfree(hash_rs3); | |
149 | } | |
150 | ||
151 | /************************************************************************** | |
152 | * CHECK FILE HASH | |
153 | **************************************************************************/ | |
154 | unsigned int sbchk_verify(char* file_path, char* hash_val) | |
155 | { | |
156 | struct file *fd; | |
157 | unsigned int ret = SEC_OK; | |
158 | unsigned int file_size = 0; | |
159 | char *hash_rs = NULL; | |
160 | char *buf = NULL; | |
161 | bool bBufAllocated = FALSE; | |
162 | struct inode *inode; | |
163 | ||
164 | /* save current file system type */ | |
165 | mm_segment_t fs = get_fs(); | |
166 | ||
167 | /* ----------------------- */ | |
168 | /* open security file */ | |
169 | /* ----------------------- */ | |
170 | /* open engine */ | |
171 | fd = filp_open(file_path, O_RDONLY, 0); | |
172 | if (fd < 0) | |
173 | { | |
174 | printk("[%s] Open '%s' fail\n",MOD,file_path); | |
175 | ret = SBCHK_BASE_OPEN_FAIL; | |
176 | goto _end; | |
177 | } | |
178 | ||
179 | /* ----------------------- */ | |
180 | /* configure file system */ | |
181 | /* ----------------------- */ | |
182 | set_fs(KERNEL_DS); | |
183 | ||
184 | /* ----------------------- */ | |
185 | /* allocate buffer */ | |
186 | /* ----------------------- */ | |
187 | inode=fd->f_dentry->d_inode; | |
188 | file_size=inode->i_size; | |
189 | printk("[%s] '%s' exists ('%d' byets)\n",MOD,file_path,file_size); | |
190 | buf = (char *)kmalloc(file_size,GFP_KERNEL); | |
191 | hash_rs = (char *)kmalloc(HASH_OUTPUT_LEN,GFP_KERNEL); | |
192 | bBufAllocated = TRUE; | |
193 | ||
194 | /* ----------------------- */ | |
195 | /* read security file */ | |
196 | /* ----------------------- */ | |
197 | /* read image to input buffer */ | |
198 | if(0 >= (file_size = fd->f_op->read(fd,buf,file_size,&fd->f_pos))) | |
199 | { | |
200 | ret = SBCHK_BASE_READ_FAIL; | |
201 | printk("[%s] Read '%s' '%d' byets fail\n",MOD,file_path,file_size); | |
202 | goto _end; | |
203 | } | |
204 | ||
205 | printk("[%s] Read '%s' '%d' byets\n",MOD,file_path,file_size); | |
206 | ||
207 | /* ----------------------- */ | |
208 | /* calculate hash */ | |
209 | /* ----------------------- */ | |
210 | sbchk_sha1(buf,file_size,hash_rs); | |
211 | printk("[%s] Calculate the hash value of '%s' = \n",MOD,file_path); | |
212 | sbchk_dump(hash_rs,HASH_OUTPUT_LEN); | |
213 | ||
214 | ||
215 | /* ----------------------- */ | |
216 | /* verify hash */ | |
217 | /* ----------------------- */ | |
218 | #if SBCHK_BASE_HASH_CHECK | |
219 | { | |
220 | unsigned int i = 0; | |
221 | char hash_rsn[HASH_OUTPUT_LEN*2+1] = {0}; | |
222 | char *hash_prsn = hash_rsn; | |
223 | ||
224 | ||
225 | /* convert hash value to 'hex' string */ | |
226 | for(i=0;i<HASH_OUTPUT_LEN;i++) | |
227 | { | |
228 | sprintf(hash_prsn, "%02x", hash_rs[i]); | |
229 | hash_prsn += 2; | |
230 | } | |
231 | ||
232 | ||
233 | /* compare hash value */ | |
234 | if(memcmp(hash_rsn,hash_val,HASH_OUTPUT_LEN) != 0) | |
235 | { | |
236 | printk("[%s] Hash check fail. The value should be \n",MOD); | |
237 | sbchk_hex_string(hash_val,HASH_OUTPUT_LEN*2); | |
238 | ret = SBCHK_BASE_HASH_CHECK_FAIL; | |
239 | goto _end; | |
240 | } | |
241 | else | |
242 | { | |
243 | printk("[%s] Hash check pass\n",MOD); | |
244 | sbchk_hex_string(hash_val,HASH_OUTPUT_LEN*2); | |
245 | } | |
246 | } | |
247 | #endif | |
248 | ||
249 | ||
250 | _end: | |
251 | ||
252 | set_fs(fs); | |
253 | if(TRUE == bBufAllocated) | |
254 | { | |
255 | kfree(hash_rs); | |
256 | kfree(buf); | |
257 | } | |
258 | return ret; | |
259 | } | |
260 | ||
261 | /************************************************************************** | |
262 | * KERNEL SBCHK | |
263 | **************************************************************************/ | |
264 | void sbchk_base(void) | |
265 | { | |
266 | ||
267 | #ifdef CONFIG_SBCHK_BASE_ENABLE | |
268 | ||
269 | unsigned int ret = SEC_OK; | |
270 | ||
271 | /* --------------------------------- */ | |
272 | /* verify security file */ | |
273 | /* --------------------------------- */ | |
274 | if(FALSE == bIsChecked) | |
275 | { | |
276 | bIsChecked = TRUE; | |
277 | printk("[%s] Enter\n",MOD); | |
278 | ||
279 | /* --------------------------------- */ | |
280 | /* test sbchk_sha1 */ | |
281 | /* --------------------------------- */ | |
282 | #if KER_SHA1_TEST | |
283 | sbchk_test(); | |
284 | #endif | |
285 | ||
286 | /* --------------------------------- */ | |
287 | /* verify user space security engine */ | |
288 | /* --------------------------------- */ | |
289 | if(SEC_OK != (ret = sbchk_verify(SBCHK_ENGINE_PATH,SBCHK_ENGINE_HASH))) | |
290 | { | |
291 | msleep(20000); | |
292 | printk("[%s] Verify '%s' fail. ret '%x'\n",MOD,SBCHK_ENGINE_PATH,ret); | |
293 | /* punishment can be customized */ | |
294 | ASSERT(0); | |
295 | } | |
296 | ||
297 | /* --------------------------------- */ | |
298 | /* verify kernel security module */ | |
299 | /* --------------------------------- */ | |
300 | if(SEC_OK != (ret = sbchk_verify(SBCHK_MODULE_PATH,SBCHK_MODULE_HASH))) | |
301 | { | |
302 | msleep(20000); | |
303 | printk("[%s] Verify '%s' fail. ret '%x'\n",MOD,SBCHK_MODULE_PATH,ret); | |
304 | /* punishment can be customized */ | |
305 | ASSERT(0); | |
306 | } | |
307 | ||
308 | /* --------------------------------- */ | |
309 | /* verify kernel core modem module */ | |
310 | /* --------------------------------- */ | |
311 | if(SEC_OK != (ret = sbchk_verify(MODEM_CORE_MODULE_PATH,MODEM_CORE_MODULE_HASH))) | |
312 | { | |
313 | msleep(20000); | |
314 | printk("[%s] Verify '%s' fail. ret '%x'\n",MOD,MODEM_CORE_MODULE_PATH,ret); | |
315 | /* punishment can be customized */ | |
316 | ASSERT(0); | |
317 | } | |
318 | ||
319 | /* --------------------------------- */ | |
320 | /* verify kernel plat modem module */ | |
321 | /* --------------------------------- */ | |
322 | if(SEC_OK != (ret = sbchk_verify(MODEM_PLAT_MODULE_PATH,MODEM_PLAT_MODULE_HASH))) | |
323 | { | |
324 | msleep(20000); | |
325 | printk("[%s] Verify '%s' fail. ret '%x'\n",MOD,MODEM_PLAT_MODULE_PATH,ret); | |
326 | /* punishment can be customized */ | |
327 | ASSERT(0); | |
328 | } | |
329 | ||
330 | #if 0 | |
331 | /* --------------------------------- */ | |
332 | /* verify init rc */ | |
333 | /* --------------------------------- */ | |
334 | if(SEC_OK != (ret = sbchk_verify(INIT_RC_PATH,INIT_RC_HASH))) | |
335 | { | |
336 | msleep(20000); | |
337 | printk("[%s] Verify '%s' fail. ret '%x'\n",MOD,INIT_RC_PATH,ret); | |
338 | /* punishment can be customized */ | |
339 | ASSERT(0); | |
340 | } | |
341 | #endif | |
342 | } | |
343 | ||
344 | #endif | |
345 | ||
346 | } | |
347 | ||
348 | /************************************************************************** | |
349 | * GET devinfo info with index | |
350 | **************************************************************************/ | |
351 | u32 get_devinfo_with_index(u32 index) | |
352 | { | |
353 | int size = (sizeof(g_devinfo_data)/sizeof(u32)); | |
354 | if ((index >= 0) && (index < size)){ | |
355 | return g_devinfo_data[index]; | |
356 | }else{ | |
357 | printk("devinfo data index out of range:%d\n", index); | |
358 | printk("devinfo data size:%d\n", size); | |
359 | return SBCHK_BASE_INDEX_OUT_OF_RANGE; | |
360 | } | |
361 | } | |
362 | ||
363 |