# SPDX-License-Identifier: BSD-3-Clause
#
# Copyright 2017-2018, 2023 NXP
#
##########################################################################
#!/bin/bash
#
# SCRIPT:  	createSRKFuses
#
# DESCRIPTION:	Create SRK fuses from SRK table generated by SRKTOOL or 
# 		createSrkTable script. This script shows steps to compute
#		SRK fuses and can be verified against the fuses generated
#		by SRKTOOL or createSRKTable script.
#
##########################################################################


#Debug
DEBUG=0

# Help
if [[ "$1" = "-h" || "$1" = "--help" || "$1" = "" ]] ; then
	echo
	echo "./createSRKFuses [-h|--help] for help"
	echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
	echo "Number of SRK : 1 - 4"
	echo "SRK Key Length : 1024, 2048, 3072, 4096"
	exit 1
fi

# Input SRK Table file
SRKtablefile="$1"
if [[ -n "$SRKtablefile" &&  -f "$SRKtablefile" ]] ; then
	echo "SRK table file is $1"
else
	echo "File $1 doesnt exist or is empty"
	echo
	echo "./createSRKFuses [-h|--help] for help"
	echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
	echo "Number of SRK : 1 - 4"
	echo "SRK Key Length : 1024, 2048, 3072, 4096"
	exit 1
fi

# Number of SRK certs
if [[ $2 > 0 && $2 < 5 ]] ; then
	nSRK=$2
	echo "Number of SRKs are $nSRK"
else
	echo "Number of SRKs need to be between 1 and 4"
	echo
	echo "./createSRKFuses [-h|--help] for help"
	echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
	echo "Number of SRK : 1 - 4"
	echo "SRK Key Length : 1024, 2048, 3072, 4096"
	exit 1
fi

# SRK key length
lSRK=$3
if [[ $lSRK = 1024 || $lSRK = 2048 || $lSRK = 3072 || $lSRK = 4096 ]] ; then
	echo "SRK Key length is $lSRK"
else
	echo "SRK key length needs to be 1024, 2048, 3072 or 4096 bits"
	echo
	echo "./createSRKFuses [-h|--help] for help"
	echo "Usage: ./createSRKFuses <SRK table> <Number of SRKs> <SRK key length>"
	echo "Number of SRK : 1 - 4"
	echo "SRK Key Length : 1024, 2048, 3072, 4096"
	exit 1
fi

# Decide size of cert w.r.t SRK Key Length
if [ $lSRK = 1024 ] ; then
	countSize=143;
elif [ $lSRK = 2048 ] ; then
	countSize=271;
elif [ $lSRK = 3072 ] ; then
	countSize=399;
elif [ $lSRK = 4096 ] ; then
	countSize=527;
fi


# Divide SRK certificates into individual file
i=$nSRK
for nSRK in {1..4} ; do
	dd if=$1 of=SRKCert$nSRK bs=1 skip=$((4+($countSize*($nSRK-1)))) count=$countSize
	echo "File SRKCert$nSRK created"
	if [ $nSRK = $i ] ; then
		break
	fi
done

#SRK certs being hashed once
i=1
for fSRK in SRKCert[1234] ; do
	sha256sum $fSRK | \
		awk '{print $1}' | \
			perl -e 'print pack "H*", <STDIN>' | \
				dd of=$fSRK.bin bs=1 count=32
	echo "File $fSRK.bin created"
	if [ $nSRK = $i ] ; then
		break
	fi
	i=$((i+1))
done

#SRK certs hashed again
cat SRKCert[1234].bin | \
	sha256sum | awk '{print $1}' | \
		perl -e 'print pack "H*", <STDIN>' | \
			dd of=SRK_fuses.bin bs=1 count=32

#remove all temp files
if [ $DEBUG = 0 ]; then
	rm -v SRKCert*
fi

if [ $DEBUG != 0 ]; then
#hexdiff if available
#	hexdiff SRK_fuses.bin SRK_1_2_3_4_fuse.bin
	
	echo "Created Hash SRK_fuses.bin"
	hexdump SRK_fuses.bin
	echo -n "Enter the SRK fuse filename created by SRKTOOL/createSRKTable script > "
	read SRKfuse
	echo "Existing Hash from SRK tool in $SRKfuse file"
	hexdump $SRKfuse
fi
