1 files changed, 77 insertions, 6 deletions
diff --git a/utils/imxtools/sbtools/crypto.cpp b/utils/imxtools/sbtools/crypto.cpp
index 35068c3e7d..5ccde27fdd 100644
--- a/utils/imxtools/sbtools/crypto.cpp
+++ b/utils/imxtools/sbtools/crypto.cpp
@@ -20,9 +20,81 @@
 ****************************************************************************/
 #include "crypto.h"
 #include "misc.h"
+#include <cryptopp/modes.h>
+#include <cryptopp/aes.h>
-static enum crypto_method_t g_cur_method = CRYPTO_NONE;
+using namespace CryptoPP;
-static byte g_key[16];
+namespace
+{
+enum crypto_method_t g_cur_method = CRYPTO_NONE;
+byte g_key[16];
+CBC_Mode<AES>::Encryption g_aes_enc;
+CBC_Mode<AES>::Decryption g_aes_dec;
+bool g_aes_enc_key_dirty; /* true of g_aes_enc key needs to be updated */
+bool g_aes_dec_key_dirty; /* same for g_aes_dec */
+int cbc_mac2(
+    const byte *in_data, /* Input data */
+    byte *out_data, /* Output data (or NULL) */
+    int nr_blocks, /* Number of blocks to encrypt/decrypt (one block=16 bytes) */
+    byte key[16], /* Key */
+    byte iv[16], /* Initialisation Vector */
+    byte (*out_cbc_mac)[16], /* CBC-MAC of the result (or NULL) */
+    bool encrypt /* 1 to encrypt, 0 to decrypt */
+    )
+{
+    /* encrypt */
+    if(encrypt)
+    {
+        /* update keys if neeeded */
+        if(g_aes_enc_key_dirty)
+        {
+            /* we need to provide an IV with the key, although we change it
+             * everytime we run the cipher anyway */
+            g_aes_enc.SetKeyWithIV(g_key, 16, iv, 16);
+            g_aes_enc_key_dirty = false;
+        }
+        g_aes_enc.Resynchronize(iv, 16);
+        byte tmp[16];
+        /* we need some output buffer, either a temporary one if we are CBC-MACing
+         * only, or use output buffer if available */
+        byte *out_ptr = (out_data == NULL) ? tmp : out_data;
+        while(nr_blocks-- > 0)
+        {
+            g_aes_enc.ProcessData(out_ptr, in_data, 16);
+            /* if this is the last block, copy CBC-MAC */
+            if(nr_blocks == 0 && out_cbc_mac)
+                memcpy(out_cbc_mac, out_ptr, 16);
+            /* if we are writing data to the output buffer, advance output pointer */
+            if(out_data != NULL)
+                out_ptr += 16;
+            in_data += 16;
+        }
+        return CRYPTO_ERROR_SUCCESS;
+    }
+    /* decrypt */
+    else
+    {
+        /* update keys if neeeded */
+        if(g_aes_dec_key_dirty)
+        {
+            /* we need to provide an IV with the key, although we change it
+             * everytime we run the cipher anyway */
+            g_aes_dec.SetKeyWithIV(g_key, 16, iv, 16);
+            g_aes_dec_key_dirty = false;
+        }
+        /* we cannot produce a CBC-MAC in decrypt mode, output buffer exists */
+        if(out_cbc_mac || out_data == NULL)
+            return CRYPTO_ERROR_INVALID_OP;
+        g_aes_dec.Resynchronize(iv, 16);
+        g_aes_dec.ProcessData(out_data, in_data, nr_blocks * 16);
+        return CRYPTO_ERROR_SUCCESS;
+    }
+}
+}
 int crypto_setup(struct crypto_key_t *key)
 {
@@ -31,6 +103,8 @@ int crypto_setup(struct crypto_key_t *key)
    {
        case CRYPTO_KEY:
            memcpy(g_key, key->u.key, 16);
+            g_aes_dec_key_dirty = true;
+            g_aes_enc_key_dirty = true;
            return CRYPTO_ERROR_SUCCESS;
        default:
            return CRYPTO_ERROR_BADSETUP;
@@ -46,10 +120,7 @@ int crypto_apply(
    bool encrypt)
 {
    if(g_cur_method == CRYPTO_KEY)
-    {
+        return cbc_mac2(in_data, out_data, nr_blocks, g_key, iv, out_cbc_mac, encrypt);
-        cbc_mac(in_data, out_data, nr_blocks, g_key, iv, out_cbc_mac, encrypt);
-        return CRYPTO_ERROR_SUCCESS;
-    }
    else
        return CRYPTO_ERROR_BADSETUP;
 }

diff --git a/utils/imxtools/sbtools/crypto.cpp b/utils/imxtools/sbtools/crypto.cpp index 35068c3e7d..5ccde27fdd 100644 --- a/utils/imxtools/sbtools/crypto.cpp +++ b/utils/imxtools/sbtools/crypto.cpp
@@ -20,9 +20,81 @@
20	****************************************************************************/	20	****************************************************************************/
21	#include "crypto.h"	21	#include "crypto.h"
22	#include "misc.h"	22	#include "misc.h"
		23	#include <cryptopp/modes.h>
		24	#include <cryptopp/aes.h>
23		25
24	static enum crypto_method_t g_cur_method = CRYPTO_NONE;	26	using namespace CryptoPP;
25	static byte g_key[16];	27
		28	namespace
		29	{
		30
		31	enum crypto_method_t g_cur_method = CRYPTO_NONE;
		32	byte g_key[16];
		33	CBC_Mode<AES>::Encryption g_aes_enc;
		34	CBC_Mode<AES>::Decryption g_aes_dec;
		35	bool g_aes_enc_key_dirty; /* true of g_aes_enc key needs to be updated */
		36	bool g_aes_dec_key_dirty; /* same for g_aes_dec */
		37
		38	int cbc_mac2(
		39	const byte in_data, / Input data */
		40	byte out_data, / Output data (or NULL) */
		41	int nr_blocks, /* Number of blocks to encrypt/decrypt (one block=16 bytes) */
		42	byte key[16], /* Key */
		43	byte iv[16], /* Initialisation Vector */
		44	byte (out_cbc_mac)[16], / CBC-MAC of the result (or NULL) */
		45	bool encrypt /* 1 to encrypt, 0 to decrypt */
		46	)
		47	{
		48	/* encrypt */
		49	if(encrypt)
		50	{
		51	/* update keys if neeeded */
		52	if(g_aes_enc_key_dirty)
		53	{
		54	/* we need to provide an IV with the key, although we change it
		55	* everytime we run the cipher anyway */
		56	g_aes_enc.SetKeyWithIV(g_key, 16, iv, 16);
		57	g_aes_enc_key_dirty = false;
		58	}
		59	g_aes_enc.Resynchronize(iv, 16);
		60	byte tmp[16];
		61	/* we need some output buffer, either a temporary one if we are CBC-MACing
		62	* only, or use output buffer if available */
		63	byte *out_ptr = (out_data == NULL) ? tmp : out_data;
		64	while(nr_blocks-- > 0)
		65	{
		66	g_aes_enc.ProcessData(out_ptr, in_data, 16);
		67	/* if this is the last block, copy CBC-MAC */
		68	if(nr_blocks == 0 && out_cbc_mac)
		69	memcpy(out_cbc_mac, out_ptr, 16);
		70	/* if we are writing data to the output buffer, advance output pointer */
		71	if(out_data != NULL)
		72	out_ptr += 16;
		73	in_data += 16;
		74	}
		75	return CRYPTO_ERROR_SUCCESS;
		76	}
		77	/* decrypt */
		78	else
		79	{
		80	/* update keys if neeeded */
		81	if(g_aes_dec_key_dirty)
		82	{
		83	/* we need to provide an IV with the key, although we change it
		84	* everytime we run the cipher anyway */
		85	g_aes_dec.SetKeyWithIV(g_key, 16, iv, 16);
		86	g_aes_dec_key_dirty = false;
		87	}
		88	/* we cannot produce a CBC-MAC in decrypt mode, output buffer exists */
		89	if(out_cbc_mac \|\| out_data == NULL)
		90	return CRYPTO_ERROR_INVALID_OP;
		91	g_aes_dec.Resynchronize(iv, 16);
		92	g_aes_dec.ProcessData(out_data, in_data, nr_blocks * 16);
		93	return CRYPTO_ERROR_SUCCESS;
		94	}
		95	}
		96
		97	}
26		98
27	int crypto_setup(struct crypto_key_t *key)	99	int crypto_setup(struct crypto_key_t *key)
28	{	100	{
@@ -31,6 +103,8 @@ int crypto_setup(struct crypto_key_t *key)
31	{	103	{
32	case CRYPTO_KEY:	104	case CRYPTO_KEY:
33	memcpy(g_key, key->u.key, 16);	105	memcpy(g_key, key->u.key, 16);
		106	g_aes_dec_key_dirty = true;
		107	g_aes_enc_key_dirty = true;
34	return CRYPTO_ERROR_SUCCESS;	108	return CRYPTO_ERROR_SUCCESS;
35	default:	109	default:
36	return CRYPTO_ERROR_BADSETUP;	110	return CRYPTO_ERROR_BADSETUP;
@@ -46,10 +120,7 @@ int crypto_apply(
46	bool encrypt)	120	bool encrypt)
47	{	121	{
48	if(g_cur_method == CRYPTO_KEY)	122	if(g_cur_method == CRYPTO_KEY)
49	{	123	return cbc_mac2(in_data, out_data, nr_blocks, g_key, iv, out_cbc_mac, encrypt);
50	cbc_mac(in_data, out_data, nr_blocks, g_key, iv, out_cbc_mac, encrypt);
51	return CRYPTO_ERROR_SUCCESS;
52	}
53	else	124	else
54	return CRYPTO_ERROR_BADSETUP;	125	return CRYPTO_ERROR_BADSETUP;
55	}	126	}