From 2037b837f81485770fcb066adea70b1d22e9b727 Mon Sep 17 00:00:00 2001 From: Dominik Riebeling Date: Sat, 8 Aug 2020 18:46:43 +0200 Subject: sbtools: convert crypto to libtomcrypt. Replace the use of crypto++ with tomcrypt, which is much smaller and C. This gets rid of various build issues for systems that don't ship crypo++ (i.e. everything except Linux.) Change-Id: Ic0799e17b94935c71b14765cf9a2a7ea2b0adc7a --- rbutil/mkimxboot/Makefile | 33 +++++++++++++------------ rbutil/rbutilqt/Makefile.libs | 4 ++- rbutil/rbutilqt/rbutilqt.pro | 6 ++--- utils/imxtools/sbtools/Makefile | 17 ++++++++----- utils/imxtools/sbtools/crypto.cpp | 51 +++++++++++---------------------------- utils/imxtools/sbtools/crypto.h | 3 ++- 6 files changed, 50 insertions(+), 64 deletions(-) diff --git a/rbutil/mkimxboot/Makefile b/rbutil/mkimxboot/Makefile index 9ad21a1966..d2c487c475 100644 --- a/rbutil/mkimxboot/Makefile +++ b/rbutil/mkimxboot/Makefile @@ -8,24 +8,18 @@ # We use the SB code available in the Rockbox utils/sbtools directory IMXTOOLS_DIR=../../utils/imxtools/sbtools/ -CFLAGS += -I$(IMXTOOLS_DIR) -Wall -# std=gnu99 is required by MinGW on Windows (c99 is sufficient for Linux / MXE) -CFLAGS += -std=gnu99 -g -O3 -# Location to pkg-config binary. -PKGCONFIG := pkg-config +COMPILEFLAGS := -Wall -g -O3 -I$(IMXTOOLS_DIR) + +# std=gnu99 is required by MinGW on Windows (c99 is sufficient for Linux / MXE) +CFLAGS += -std=gnu99 $(COMPILEFLAGS) +CXXFLAGS += $(COMPILEFLAGS) -# Distros could use different names for the crypto library. We try a list -# of candidate names, only one of them should be the valid one. -LIBCRYPTO_NAMES = libcryptopp libcrypto++ cryptopp crypto++ +TOMCRYPT_DIR := ../../utils/tomcrypt -$(foreach l,$(LIBCRYPTO_NAMES),\ - $(eval LDOPTS += $(shell $(PKGCONFIG) --silence-errors --libs $(l)))) -$(foreach l,$(LIBCRYPTO_NAMES),\ - $(eval CFLAGS += $(shell $(PKGCONFIG) --silence-errors --cflags $(l)))) -$(foreach l,$(LIBCRYPTO_NAMES),\ - $(eval CXXFLAGS += $(shell $(PKGCONFIG) --silence-errors --cflags $(l)))) -LDOPTS += -lpthread +CXXFLAGS += -I$(TOMCRYPT_DIR)/src/headers +CFLAGS += -I$(TOMCRYPT_DIR)/src/headers +LDOPTS += -lpthread $(TOMCRYPT_DIR)/librbtomcrypt.a OUTPUT = mkimxboot @@ -33,6 +27,10 @@ OUTPUT = mkimxboot IMXTOOLS_SOURCES = misc.c sb.c crypto.cpp crc.c elf.c LIBSOURCES := dualboot.c mkimxboot.c md5.c \ $(addprefix $(IMXTOOLS_DIR),$(IMXTOOLS_SOURCES)) + +# for now build tomcrypt as part of the lib. +LIBSOURCES += $(addprefix $(TOMCRYPT_DIR),$(TOMCRYPT_SOURCES)) + # inputs for binary only SOURCES := $(LIBSOURCES) main.c # dependencies for binary @@ -43,3 +41,8 @@ include ../libtools.make # explicit dependencies on dualboot.{c,h} and mkimxboot.h $(OBJDIR)mkimxboot.o: dualboot.h dualboot.c mkimxboot.c mkimxboot.h $(OBJDIR)main.o: dualboot.h dualboot.c main.c mkimxboot.h +$(BINARY): librbtomcrypt.a + +librbtomcrypt.a: + $(MAKE) -C ../../utils/tomcrypt + diff --git a/rbutil/rbutilqt/Makefile.libs b/rbutil/rbutilqt/Makefile.libs index 6d5c8c5354..938426f124 100644 --- a/rbutil/rbutilqt/Makefile.libs +++ b/rbutil/rbutilqt/Makefile.libs @@ -33,12 +33,14 @@ export CC=$(EXTRALIBS_CC) export CXX=$(EXTRALIBS_CXX) export AR=$(EXTRALIBS_AR) -libs: librbspeex libucl libipodpatcher libsansapatcher libmkamsboot libmktccboot libmkmpioboot libchinachippatcher libmkimxboot libmks5lboot libbzip2 libbspatch +libs: librbspeex libucl libipodpatcher libsansapatcher libmkamsboot libmktccboot libmkmpioboot libchinachippatcher libmkimxboot libmks5lboot libbzip2 libbspatch librbtomcrypt # To support cross compiles, we explicitly pass the CC flag below for # all tools which override CC or CXX in their makefiles. CXX is only # used by mkimxboot. +librbtomcrypt: + $(SILENT) $(MAKE) -C $(RBBASE_DIR)/utils/tomcrypt BUILD_DIR=$(BUILD_DIR)/tomcrypt librbtomcrypt.a librbspeex: $(SILENT) $(MAKE) -C $(RBBASE_DIR)/tools/rbspeex BUILD_DIR=$(BUILD_DIR)/libspeex librbspeex.a diff --git a/rbutil/rbutilqt/rbutilqt.pro b/rbutil/rbutilqt/rbutilqt.pro index d07c1e01bc..9d7da92dbf 100644 --- a/rbutil/rbutilqt/rbutilqt.pro +++ b/rbutil/rbutilqt/rbutilqt.pro @@ -85,7 +85,8 @@ extralibs.commands = $$SILENT \ # Note: order is important for RBLIBS! The libs are appended to the linker # flags in this order, put libucl at the end. RBLIBS = rbspeex ipodpatcher sansapatcher mkamsboot mktccboot \ - mkmpioboot chinachippatcher mkimxboot mks5lboot bspatch ucl + mkmpioboot chinachippatcher mkimxboot mks5lboot bspatch ucl \ + rbtomcrypt # NOTE: Linking bzip2 causes problems on Windows (Qt seems to export those # symbols as well, similar to what we have with zlib.) Only link that on # non-Windows for now. @@ -139,9 +140,6 @@ for(rblib, RBLIBS) { LIBS += -l$$rblib } -# We need libcrypto++ -LIBS += -lcryptopp - # on win32 libz is linked implicitly. !win32 { LIBS += -lz diff --git a/utils/imxtools/sbtools/Makefile b/utils/imxtools/sbtools/Makefile index 3e284e20dd..b1d0313f77 100644 --- a/utils/imxtools/sbtools/Makefile +++ b/utils/imxtools/sbtools/Makefile @@ -3,10 +3,11 @@ CC := gcc CXX := g++ LD := g++ -LIBUSB := $(shell pkg-config --cflags libusb-1.0) -CFLAGS := -O3 -g -std=c99 -Wall $(shell pkg-config --cflags libusb-1.0) $(DEFINES) -CXXFLAGS := -O3 -g -Wall $(pkg-config --cflags libcrypto++) $(DEFINES) -LDFLAGS := $(shell pkg-config --libs libusb-1.0) $(shell pkg-config --libs libcrypto++) +TOMCRYPT_DIR := ../../tomcrypt/ + +CFLAGS := -O3 -g -std=c99 -Wall $(shell pkg-config --cflags libusb-1.0) $(DEFINES) -I$(TOMCRYPT_DIR)/src/headers +CXXFLAGS := -O3 -g -Wall $(DEFINES) -I$(TOMCRYPT_DIR)/src/headers +LDFLAGS := $(shell pkg-config --libs libusb-1.0) BINS := elftosb sbtoelf sbloader rsrctool elftosb1 all: $(BINS) @@ -17,10 +18,10 @@ all: $(BINS) %.o: %.cpp $(CXX) $(CXXFLAGS) -c -o $@ $< -sbtoelf: sbtoelf.o crc.o crypto.o xorcrypt.o dbparser.o elf.o misc.o sb.o sb1.o +sbtoelf: sbtoelf.o crc.o crypto.o xorcrypt.o dbparser.o elf.o misc.o sb.o sb1.o $(TOMCRYPT_DIR)/librbtomcrypt.a $(LD) -o $@ $^ $(LDFLAGS) -elftosb: elftosb.o crc.o crypto.o elf.o dbparser.o misc.o sb.o +elftosb: elftosb.o crc.o crypto.o elf.o dbparser.o misc.o sb.o $(TOMCRYPT_DIR)/librbtomcrypt.a $(LD) -o $@ $^ $(LDFLAGS) elftosb1: elftosb1.o xorcrypt.o elf.o misc.o sb1.o @@ -37,3 +38,7 @@ clean: veryclean: rm -rf $(BINS) + +$(TOMCRYPT_DIR)/librbtomcrypt.a: + $(MAKE) -C $(TOMCRYPT_DIR) + diff --git a/utils/imxtools/sbtools/crypto.cpp b/utils/imxtools/sbtools/crypto.cpp index 5563fcfd3b..d3ec18bd11 100644 --- a/utils/imxtools/sbtools/crypto.cpp +++ b/utils/imxtools/sbtools/crypto.cpp @@ -20,21 +20,13 @@ ****************************************************************************/ #include "crypto.h" #include "misc.h" -#include -#include -#include -using namespace CryptoPP; +#include "tomcrypt.h" + -namespace -{ enum crypto_method_t g_cur_method = CRYPTO_NONE; uint8_t g_key[16]; -CBC_Mode::Encryption g_aes_enc; -CBC_Mode::Decryption g_aes_dec; -bool g_aes_enc_key_dirty; /* true of g_aes_enc key needs to be updated */ -bool g_aes_dec_key_dirty; /* same for g_aes_dec */ int cbc_mac2( const uint8_t *in_data, /* Input data */ @@ -46,25 +38,20 @@ int cbc_mac2( bool encrypt /* 1 to encrypt, 0 to decrypt */ ) { + int cipher = register_cipher(&aes_desc); + symmetric_CBC cbc; + cbc_start(cipher, iv, key, 16, 0, &cbc); + /* encrypt */ if(encrypt) { - /* update keys if neeeded */ - if(g_aes_enc_key_dirty) - { - /* we need to provide an IV with the key, although we change it - * everytime we run the cipher anyway */ - g_aes_enc.SetKeyWithIV(g_key, 16, iv, 16); - g_aes_enc_key_dirty = false; - } - g_aes_enc.Resynchronize(iv, 16); uint8_t tmp[16]; /* we need some output buffer, either a temporary one if we are CBC-MACing * only, or use output buffer if available */ uint8_t *out_ptr = (out_data == NULL) ? tmp : out_data; while(nr_blocks-- > 0) { - g_aes_enc.ProcessData(out_ptr, in_data, 16); + cbc_encrypt(in_data, out_ptr, 16, &cbc); /* if this is the last block, copy CBC-MAC */ if(nr_blocks == 0 && out_cbc_mac) memcpy(out_cbc_mac, out_ptr, 16); @@ -78,24 +65,17 @@ int cbc_mac2( /* decrypt */ else { + cbc_decrypt(in_data, out_data, nr_blocks * 16, &cbc); + /* update keys if neeeded */ - if(g_aes_dec_key_dirty) - { - /* we need to provide an IV with the key, although we change it - * everytime we run the cipher anyway */ - g_aes_dec.SetKeyWithIV(g_key, 16, iv, 16); - g_aes_dec_key_dirty = false; - } /* we cannot produce a CBC-MAC in decrypt mode, output buffer exists */ if(out_cbc_mac || out_data == NULL) return CRYPTO_ERROR_INVALID_OP; - g_aes_dec.Resynchronize(iv, 16); - g_aes_dec.ProcessData(out_data, in_data, nr_blocks * 16); + return CRYPTO_ERROR_SUCCESS; } } -} int crypto_setup(struct crypto_key_t *key) { @@ -104,8 +84,7 @@ int crypto_setup(struct crypto_key_t *key) { case CRYPTO_KEY: memcpy(g_key, key->u.key, 16); - g_aes_dec_key_dirty = true; - g_aes_enc_key_dirty = true; + return CRYPTO_ERROR_SUCCESS; default: return CRYPTO_ERROR_BADSETUP; @@ -128,19 +107,17 @@ int crypto_apply( void sha_1_init(struct sha_1_params_t *params) { - params->object = new SHA1; + sha1_init(¶ms->state); } void sha_1_update(struct sha_1_params_t *params, uint8_t *buffer, int size) { - reinterpret_cast(params->object)->Update(buffer, size); + sha1_process(¶ms->state, buffer, size); } void sha_1_finish(struct sha_1_params_t *params) { - SHA1 *obj = reinterpret_cast(params->object); - obj->Final(params->hash); - delete obj; + sha1_done(¶ms->state, params->hash); } void sha_1_output(struct sha_1_params_t *params, uint8_t *out) diff --git a/utils/imxtools/sbtools/crypto.h b/utils/imxtools/sbtools/crypto.h index bdb94bb881..446891b7f2 100644 --- a/utils/imxtools/sbtools/crypto.h +++ b/utils/imxtools/sbtools/crypto.h @@ -77,11 +77,12 @@ int crypto_apply( uint32_t crc(uint8_t *data, int size); uint32_t crc_continue(uint32_t previous_crc, uint8_t *data, int size); +#include "tomcrypt.h" /* sha1.c */ struct sha_1_params_t { uint8_t hash[20]; /* final hash */ - void *object; /* pointer to CryptoPP::SHA1 object */ + hash_state state; /* libtomcrypt state */ }; void sha_1_init(struct sha_1_params_t *params); -- cgit v1.2.3