From dbeb6db1b55a50dedf17e7d78ddb6fe9eebc2a63 Mon Sep 17 00:00:00 2001 From: Amaury Pouly Date: Wed, 4 Jan 2017 16:55:53 +0100 Subject: nwztools: cleanup crypto, switch MD5 to Crypto++ We already use Crypto++ for DES anyway, and using OpenSSL is not great because of its incompatible licence. Change-Id: I78771b84c1708795a0c0c30afa5bdfe4885dea4e --- utils/nwztools/upgtools/Makefile | 8 ++++---- utils/nwztools/upgtools/fwp.c | 16 +++++++--------- utils/nwztools/upgtools/fwp.h | 8 +++++--- utils/nwztools/upgtools/md5.cpp | 31 +++++++++++++++++++++++++++++++ utils/nwztools/upgtools/md5.h | 37 +++++++++++++++++++++++++++++++++++++ utils/nwztools/upgtools/mg.cpp | 26 ++++++++++++-------------- utils/nwztools/upgtools/mg.h | 11 ++++++----- utils/nwztools/upgtools/upg.c | 22 ++++++---------------- utils/nwztools/upgtools/upgtool.c | 2 -- 9 files changed, 108 insertions(+), 53 deletions(-) create mode 100644 utils/nwztools/upgtools/md5.cpp create mode 100644 utils/nwztools/upgtools/md5.h (limited to 'utils/nwztools/upgtools') diff --git a/utils/nwztools/upgtools/Makefile b/utils/nwztools/upgtools/Makefile index 1030b1b849..57525c1770 100644 --- a/utils/nwztools/upgtools/Makefile +++ b/utils/nwztools/upgtools/Makefile @@ -3,9 +3,9 @@ CC=gcc CXX=g++ LD=g++ PROFILE= -CFLAGS=-g $(PROFILE) -std=c99 -W -Wall $(DEFINES) `pkg-config --cflags openssl` `pkg-config --cflags libcrypto++` -CXXFLAGS=-g $(PROFILE) -W -Wall $(DEFINES) `pkg-config --cflags openssl` `pkg-config --cflags libcrypto++` -LDFLAGS=$(PROFILE) `pkg-config --libs openssl` `pkg-config --libs libcrypto++` -lcrypt -lpthread +CFLAGS=-g $(PROFILE) -std=c99 -W -Wall $(DEFINES) `pkg-config --cflags libcrypto++` +CXXFLAGS=-g $(PROFILE) -W -Wall $(DEFINES) `pkg-config --cflags libcrypto++` +LDFLAGS=$(PROFILE) `pkg-config --libs libcrypto++` -lpthread BINS=upgtool all: $(BINS) @@ -16,7 +16,7 @@ all: $(BINS) %.o: %.cpp $(CXX) $(CXXFLAGS) -c -o $@ $< -upgtool: upgtool.o upg.o misc.o fwp.o mg.o keysig_search.o +upgtool: upgtool.o upg.o misc.o fwp.o mg.o keysig_search.o md5.o $(LD) -o $@ $^ $(LDFLAGS) clean: diff --git a/utils/nwztools/upgtools/fwp.c b/utils/nwztools/upgtools/fwp.c index 34c55f6e5a..7d8f8002a8 100644 --- a/utils/nwztools/upgtools/fwp.c +++ b/utils/nwztools/upgtools/fwp.c @@ -18,21 +18,20 @@ * KIND, either express or implied. * ****************************************************************************/ -#include +#include #include #include "fwp.h" #include "misc.h" #include "mg.h" -#include -int fwp_read(void *in, int size, void *out, uint8_t *key) +void fwp_read(void *in, int size, void *out, uint8_t *key) { - return mg_decrypt_fw(in, size, out, key); + mg_decrypt_fw(in, size, out, key); } -int fwp_write(void *in, int size, void *out, uint8_t *key) +void fwp_write(void *in, int size, void *out, uint8_t *key) { - return mg_encrypt_fw(in, size, out, key); + mg_encrypt_fw(in, size, out, key); } static uint8_t g_key[NWZ_KEY_SIZE]; @@ -42,7 +41,7 @@ void fwp_setkey(char key[NWZ_KEY_SIZE]) memcpy(g_key, key, NWZ_KEY_SIZE); } -int fwp_crypt(void *buf, int size, int mode) +void fwp_crypt(void *buf, int size, int mode) { while(size >= NWZ_KEY_SIZE) { @@ -54,6 +53,5 @@ int fwp_crypt(void *buf, int size, int mode) size -= NWZ_KEY_SIZE; } if(size != 0) - abort(); - return 0; + abort(); /* size is not a multiple of 8 */ } diff --git a/utils/nwztools/upgtools/fwp.h b/utils/nwztools/upgtools/fwp.h index 0d928fbec1..32fe260090 100644 --- a/utils/nwztools/upgtools/fwp.h +++ b/utils/nwztools/upgtools/fwp.h @@ -33,11 +33,13 @@ extern "C" { #define NWZ_SIG_SIZE 8 #define NWZ_EXPKEY_SIZE (NWZ_KEY_SIZE * NWZ_KEY_SIZE) #define NWZ_DES_BLOCK 8 +#define NWZ_MD5_SIZE 16 -int fwp_read(void *in, int size, void *out, uint8_t *key); -int fwp_write(void *in, int size, void *out, uint8_t *key); +/* size must be a multiple of 8 */ +void fwp_read(void *in, int size, void *out, uint8_t *key); +void fwp_write(void *in, int size, void *out, uint8_t *key); void fwp_setkey(char key[8]); -int fwp_crypt(void *buf, int size, int mode); +void fwp_crypt(void *buf, int size, int mode); #ifdef __cplusplus } diff --git a/utils/nwztools/upgtools/md5.cpp b/utils/nwztools/upgtools/md5.cpp new file mode 100644 index 0000000000..3b0c2358e4 --- /dev/null +++ b/utils/nwztools/upgtools/md5.cpp @@ -0,0 +1,31 @@ +/*************************************************************************** + * __________ __ ___. + * Open \______ \ ____ ____ | | _\_ |__ _______ ___ + * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / + * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < + * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ + * \/ \/ \/ \/ \/ + * $Id$ + * + * Copyright (C) 2012 Amaury Pouly + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ****************************************************************************/ +#include "md5.h" +/* MD5 is considered insecure by crypto++ */ +#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 +#include + +using namespace CryptoPP::Weak; + +void MD5_CalculateDigest(void *digest, const void *input, size_t length) +{ + MD5().CalculateDigest((byte *)digest, (const byte *)input, length); +} diff --git a/utils/nwztools/upgtools/md5.h b/utils/nwztools/upgtools/md5.h new file mode 100644 index 0000000000..1e4b57ab0e --- /dev/null +++ b/utils/nwztools/upgtools/md5.h @@ -0,0 +1,37 @@ +/*************************************************************************** + * __________ __ ___. + * Open \______ \ ____ ____ | | _\_ |__ _______ ___ + * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / + * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < + * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ + * \/ \/ \/ \/ \/ + * $Id$ + * + * Copyright (C) 2016 Amaury Pouly + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ****************************************************************************/ +#ifndef __md5_h__ +#define __md5_h__ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Compute the MD5 digest of a buffer */ +void MD5_CalculateDigest(void *digest, const void *input, size_t length); + +#ifdef __cplusplus +} +#endif + +#endif /* __md5_h__ */ diff --git a/utils/nwztools/upgtools/mg.cpp b/utils/nwztools/upgtools/mg.cpp index f02b67375a..79039702db 100644 --- a/utils/nwztools/upgtools/mg.cpp +++ b/utils/nwztools/upgtools/mg.cpp @@ -28,43 +28,41 @@ using namespace CryptoPP; namespace { - inline int dec_des_ecb(void *in, int size, void *out, uint8_t *key) + inline void dec_des_ecb(void *in, int size, void *out, uint8_t *key) { ECB_Mode< DES >::Decryption dec; if(size % 8) - return 42; + abort(); /* size must be a multiple of 8 */ dec.SetKey(key, 8); dec.ProcessData((byte*)out, (byte*)in, size); - return 0; } - inline int enc_des_ecb(void *in, int size, void *out, uint8_t *key) + inline void enc_des_ecb(void *in, int size, void *out, uint8_t *key) { ECB_Mode< DES >::Encryption enc; if(size % 8) - return 42; + abort(); /* size must be a multiple of 8 */ enc.SetKey(key, 8); enc.ProcessData((byte*)out, (byte*)in, size); - return 0; } } -int mg_decrypt_fw(void *in, int size, void *out, uint8_t *key) +void mg_decrypt_fw(void *in, int size, void *out, uint8_t *key) { - return dec_des_ecb(in, size, out, key); + dec_des_ecb(in, size, out, key); } -int mg_encrypt_fw(void *in, int size, void *out, uint8_t *key) +void mg_encrypt_fw(void *in, int size, void *out, uint8_t *key) { - return enc_des_ecb(in, size, out, key); + enc_des_ecb(in, size, out, key); } -int mg_decrypt_pass(void *in, int size, void *out, uint8_t *key) +void mg_decrypt_pass(void *in, int size, void *out, uint8_t *key) { - return dec_des_ecb(in, size, out, key); + dec_des_ecb(in, size, out, key); } -int mg_encrypt_pass(void *in, int size, void *out, uint8_t *key) +void mg_encrypt_pass(void *in, int size, void *out, uint8_t *key) { - return enc_des_ecb(in, size, out, key); + enc_des_ecb(in, size, out, key); } diff --git a/utils/nwztools/upgtools/mg.h b/utils/nwztools/upgtools/mg.h index a0c1f2ef65..ef8dcd5ecb 100644 --- a/utils/nwztools/upgtools/mg.h +++ b/utils/nwztools/upgtools/mg.h @@ -26,12 +26,13 @@ #ifdef __cplusplus extern "C" { #endif -int mg_decrypt_fw(void *in, int size, void *out, uint8_t *key); -int mg_encrypt_fw(void *in, int size, void *out, uint8_t *key); -int mg_decrypt_pass(void *in, int size, void *out, uint8_t *key); -int mg_encrypt_pass(void *in, int size, void *out, uint8_t *key); +/* size must be a multiple of 8 */ +void mg_decrypt_fw(void *in, int size, void *out, uint8_t *key); +void mg_encrypt_fw(void *in, int size, void *out, uint8_t *key); +void mg_decrypt_pass(void *in, int size, void *out, uint8_t *key); +void mg_encrypt_pass(void *in, int size, void *out, uint8_t *key); #ifdef __cplusplus } #endif -#endif /* __mg_h__ */ \ No newline at end of file +#endif /* __mg_h__ */ diff --git a/utils/nwztools/upgtools/upg.c b/utils/nwztools/upgtools/upg.c index 44d3eca789..8a6a9f0754 100644 --- a/utils/nwztools/upgtools/upg.c +++ b/utils/nwztools/upgtools/upg.c @@ -22,7 +22,7 @@ #include #include #include -#include +#include "md5.h" struct nwz_model_t g_model_list[] = { @@ -97,19 +97,14 @@ struct upg_file_t *upg_read_memory(void *buf, size_t size, char key[NWZ_KEY_SIZE struct upg_md5_t *md5 = buf; cprintf(BLUE, "Preliminary\n"); cprintf(GREEN, " MD5: "); - for(int i = 0; i < MD5_DIGEST_LENGTH; i++) + for(int i = 0; i < NWZ_MD5_SIZE; i++) cprintf(YELLOW, "%02x", md5->md5[i]); cprintf(OFF, " "); /* check MD5 */ - uint8_t actual_md5[MD5_DIGEST_LENGTH]; - { - MD5_CTX c; - MD5_Init(&c); - MD5_Update(&c, md5 + 1, size - sizeof(struct upg_header_t)); - MD5_Final(actual_md5, &c); - } - if(memcmp(actual_md5, md5->md5, MD5_DIGEST_LENGTH) != 0) + uint8_t actual_md5[NWZ_MD5_SIZE]; + MD5_CalculateDigest(actual_md5, (md5 + 1), size - sizeof(struct upg_header_t)); + if(memcmp(actual_md5, md5->md5, NWZ_MD5_SIZE) != 0) { cprintf(RED, "Mismatch\n"); err_printf(GREY, "MD5 Mismatch\n"); @@ -223,12 +218,7 @@ void *upg_write_memory(struct upg_file_t *file, char key[NWZ_KEY_SIZE], /* encrypt everything and hash everything */ fwp_write(hdr, tot_size - sizeof(*md5), hdr, (void *)key); /* write final MD5 */ - { - MD5_CTX c; - MD5_Init(&c); - MD5_Update(&c, (void *)hdr, tot_size - sizeof(*md5)); - MD5_Final(md5->md5, &c); - } + MD5_CalculateDigest(md5->md5, (void *)hdr, tot_size - sizeof(*md5)); *out_size = tot_size; return buf; } diff --git a/utils/nwztools/upgtools/upgtool.c b/utils/nwztools/upgtools/upgtool.c index 0de46a4260..a1dce84870 100644 --- a/utils/nwztools/upgtools/upgtool.c +++ b/utils/nwztools/upgtools/upgtool.c @@ -29,7 +29,6 @@ #include "misc.h" #include "elf.h" #include -#include #include "crypt.h" #include "fwp.h" #include "keysig_search.h" @@ -482,4 +481,3 @@ int main(int argc, char **argv) return ret; } - -- cgit v1.2.3