sbtools: convert crypto to libtomcrypt.

Replace the use of crypto++ with tomcrypt, which is much smaller and C. This gets rid of various build issues for systems that don't ship crypo++ (i.e. everything except Linux.) Change-Id: Ic0799e17b94935c71b14765cf9a2a7ea2b0adc7a
2020-08-08 18:46:43 +02:00 · 2020-08-08 18:46:43 +02:00 · 2037b837f8
commit 2037b837f8
parent 815b289cb3
6 changed files with 50 additions and 64 deletions
--- a/rbutil/mkimxboot/Makefile
+++ b/rbutil/mkimxboot/Makefile
@ -8,24 +8,18 @@
 # We use the SB code available in the Rockbox utils/sbtools directory

 IMXTOOLS_DIR=../../utils/imxtools/sbtools/
-CFLAGS += -I$(IMXTOOLS_DIR) -Wall
+
+COMPILEFLAGS := -Wall -g -O3 -I$(IMXTOOLS_DIR)
+
 # std=gnu99 is required by MinGW on Windows (c99 is sufficient for Linux / MXE)
-CFLAGS += -std=gnu99 -g -O3
+CFLAGS += -std=gnu99 $(COMPILEFLAGS)
+CXXFLAGS += $(COMPILEFLAGS)

-# Location to pkg-config binary.
-PKGCONFIG := pkg-config
+TOMCRYPT_DIR := ../../utils/tomcrypt

-# Distros could use different names for the crypto library. We try a list
-# of candidate names, only one of them should be the valid one.
-LIBCRYPTO_NAMES = libcryptopp libcrypto++ cryptopp crypto++
-
-$(foreach l,$(LIBCRYPTO_NAMES),\
-	$(eval LDOPTS += $(shell $(PKGCONFIG) --silence-errors --libs $(l))))
-$(foreach l,$(LIBCRYPTO_NAMES),\
-	$(eval CFLAGS += $(shell $(PKGCONFIG) --silence-errors --cflags $(l))))
-$(foreach l,$(LIBCRYPTO_NAMES),\
-	$(eval CXXFLAGS += $(shell $(PKGCONFIG) --silence-errors --cflags $(l))))
-LDOPTS += -lpthread
+CXXFLAGS += -I$(TOMCRYPT_DIR)/src/headers
+CFLAGS += -I$(TOMCRYPT_DIR)/src/headers
+LDOPTS += -lpthread $(TOMCRYPT_DIR)/librbtomcrypt.a

 OUTPUT = mkimxboot

@ -33,6 +27,10 @@ OUTPUT = mkimxboot
 IMXTOOLS_SOURCES = misc.c sb.c crypto.cpp crc.c elf.c
 LIBSOURCES := dualboot.c mkimxboot.c md5.c \
 	      $(addprefix $(IMXTOOLS_DIR),$(IMXTOOLS_SOURCES))
+
+# for now build tomcrypt as part of the lib.
+LIBSOURCES += $(addprefix $(TOMCRYPT_DIR),$(TOMCRYPT_SOURCES))
+
 # inputs for binary only
 SOURCES := $(LIBSOURCES) main.c
 # dependencies for binary
@ -43,3 +41,8 @@ include ../libtools.make
 # explicit dependencies on dualboot.{c,h} and mkimxboot.h
 $(OBJDIR)mkimxboot.o: dualboot.h dualboot.c mkimxboot.c mkimxboot.h
 $(OBJDIR)main.o: dualboot.h dualboot.c main.c mkimxboot.h
+$(BINARY): librbtomcrypt.a
+
+librbtomcrypt.a:
+	$(MAKE) -C ../../utils/tomcrypt
+
--- a/rbutil/rbutilqt/Makefile.libs
+++ b/rbutil/rbutilqt/Makefile.libs
@ -33,12 +33,14 @@ export CC=$(EXTRALIBS_CC)
 export CXX=$(EXTRALIBS_CXX)
 export AR=$(EXTRALIBS_AR)

-libs: librbspeex libucl libipodpatcher libsansapatcher libmkamsboot libmktccboot libmkmpioboot libchinachippatcher libmkimxboot libmks5lboot libbzip2 libbspatch
+libs: librbspeex libucl libipodpatcher libsansapatcher libmkamsboot libmktccboot libmkmpioboot libchinachippatcher libmkimxboot libmks5lboot libbzip2 libbspatch librbtomcrypt

 # To support cross compiles, we explicitly pass the CC flag below for
 # all tools which override CC or CXX in their makefiles. CXX is only
 # used by mkimxboot.

+librbtomcrypt:
+	$(SILENT) $(MAKE) -C $(RBBASE_DIR)/utils/tomcrypt BUILD_DIR=$(BUILD_DIR)/tomcrypt librbtomcrypt.a
 librbspeex:
 	$(SILENT) $(MAKE) -C $(RBBASE_DIR)/tools/rbspeex BUILD_DIR=$(BUILD_DIR)/libspeex librbspeex.a

--- a/rbutil/rbutilqt/rbutilqt.pro
+++ b/rbutil/rbutilqt/rbutilqt.pro
@ -85,7 +85,8 @@ extralibs.commands = $$SILENT \
 # Note: order is important for RBLIBS! The libs are appended to the linker
 # flags in this order, put libucl at the end.
 RBLIBS = rbspeex ipodpatcher sansapatcher mkamsboot mktccboot \
-         mkmpioboot chinachippatcher mkimxboot mks5lboot bspatch ucl
+         mkmpioboot chinachippatcher mkimxboot mks5lboot bspatch ucl \
+         rbtomcrypt
 # NOTE: Linking bzip2 causes problems on Windows (Qt seems to export those
 # symbols as well, similar to what we have with zlib.) Only link that on
 # non-Windows for now.
@ -139,9 +140,6 @@ for(rblib, RBLIBS) {
    LIBS += -l$$rblib
 }

-# We need libcrypto++
-LIBS += -lcryptopp
-
 # on win32 libz is linked implicitly.
 !win32 {
    LIBS += -lz
--- a/utils/imxtools/sbtools/Makefile
+++ b/utils/imxtools/sbtools/Makefile
@ -3,10 +3,11 @@ CC := gcc
 CXX := g++
 LD := g++

-LIBUSB := $(shell pkg-config --cflags libusb-1.0)
-CFLAGS := -O3 -g -std=c99 -Wall $(shell pkg-config --cflags libusb-1.0) $(DEFINES)
-CXXFLAGS := -O3 -g -Wall $(pkg-config --cflags libcrypto++) $(DEFINES)
-LDFLAGS := $(shell pkg-config --libs libusb-1.0) $(shell pkg-config --libs libcrypto++)
+TOMCRYPT_DIR := ../../tomcrypt/
+
+CFLAGS := -O3 -g -std=c99 -Wall $(shell pkg-config --cflags libusb-1.0) $(DEFINES) -I$(TOMCRYPT_DIR)/src/headers
+CXXFLAGS := -O3 -g -Wall $(DEFINES) -I$(TOMCRYPT_DIR)/src/headers
+LDFLAGS := $(shell pkg-config --libs libusb-1.0)
 BINS := elftosb sbtoelf sbloader rsrctool elftosb1

 all: $(BINS)
@ -17,10 +18,10 @@ all: $(BINS)
 %.o: %.cpp
 	$(CXX) $(CXXFLAGS) -c -o $@ $<

-sbtoelf: sbtoelf.o crc.o crypto.o xorcrypt.o dbparser.o elf.o misc.o sb.o sb1.o
+sbtoelf: sbtoelf.o crc.o crypto.o xorcrypt.o dbparser.o elf.o misc.o sb.o sb1.o $(TOMCRYPT_DIR)/librbtomcrypt.a
 	$(LD) -o $@ $^ $(LDFLAGS)

-elftosb: elftosb.o crc.o crypto.o elf.o dbparser.o misc.o sb.o
+elftosb: elftosb.o crc.o crypto.o elf.o dbparser.o misc.o sb.o $(TOMCRYPT_DIR)/librbtomcrypt.a
 	$(LD) -o $@ $^ $(LDFLAGS)

 elftosb1: elftosb1.o xorcrypt.o elf.o misc.o sb1.o
@ -37,3 +38,7 @@ clean:

 veryclean:
 	rm -rf $(BINS)
+
+$(TOMCRYPT_DIR)/librbtomcrypt.a:
+	$(MAKE) -C $(TOMCRYPT_DIR)
+
--- a/utils/imxtools/sbtools/crypto.cpp
+++ b/utils/imxtools/sbtools/crypto.cpp
@ -20,21 +20,13 @@
 ****************************************************************************/
 #include "crypto.h"
 #include "misc.h"
-#include <cryptopp/modes.h>
-#include <cryptopp/aes.h>
-#include <cryptopp/sha.h>

-using namespace CryptoPP;
+#include "tomcrypt.h"
+

-namespace
-{

 enum crypto_method_t g_cur_method = CRYPTO_NONE;
 uint8_t g_key[16];
-CBC_Mode<AES>::Encryption g_aes_enc;
-CBC_Mode<AES>::Decryption g_aes_dec;
-bool g_aes_enc_key_dirty; /* true of g_aes_enc key needs to be updated */
-bool g_aes_dec_key_dirty; /* same for g_aes_dec */

 int cbc_mac2(
    const uint8_t *in_data, /* Input data */
@ -46,25 +38,20 @@ int cbc_mac2(
    bool encrypt /* 1 to encrypt, 0 to decrypt */
    )
 {
+    int cipher = register_cipher(&aes_desc);
+    symmetric_CBC cbc;
+    cbc_start(cipher, iv, key, 16, 0, &cbc);
+
    /* encrypt */
    if(encrypt)
    {
-        /* update keys if neeeded */
-        if(g_aes_enc_key_dirty)
-        {
-            /* we need to provide an IV with the key, although we change it
-             * everytime we run the cipher anyway */
-            g_aes_enc.SetKeyWithIV(g_key, 16, iv, 16);
-            g_aes_enc_key_dirty = false;
-        }
-        g_aes_enc.Resynchronize(iv, 16);
        uint8_t tmp[16];
        /* we need some output buffer, either a temporary one if we are CBC-MACing
         * only, or use output buffer if available */
        uint8_t *out_ptr = (out_data == NULL) ? tmp : out_data;
        while(nr_blocks-- > 0)
        {
-            g_aes_enc.ProcessData(out_ptr, in_data, 16);
+            cbc_encrypt(in_data, out_ptr, 16, &cbc);
            /* if this is the last block, copy CBC-MAC */
            if(nr_blocks == 0 && out_cbc_mac)
                memcpy(out_cbc_mac, out_ptr, 16);
@ -78,24 +65,17 @@ int cbc_mac2(
    /* decrypt */
    else
    {
+        cbc_decrypt(in_data, out_data, nr_blocks * 16, &cbc);
+
        /* update keys if neeeded */
-        if(g_aes_dec_key_dirty)
-        {
-            /* we need to provide an IV with the key, although we change it
-             * everytime we run the cipher anyway */
-            g_aes_dec.SetKeyWithIV(g_key, 16, iv, 16);
-            g_aes_dec_key_dirty = false;
-        }
        /* we cannot produce a CBC-MAC in decrypt mode, output buffer exists */
        if(out_cbc_mac || out_data == NULL)
            return CRYPTO_ERROR_INVALID_OP;
-        g_aes_dec.Resynchronize(iv, 16);
-        g_aes_dec.ProcessData(out_data, in_data, nr_blocks * 16);
+
        return CRYPTO_ERROR_SUCCESS;
    }
 }

-}

 int crypto_setup(struct crypto_key_t *key)
 {
@ -104,8 +84,7 @@ int crypto_setup(struct crypto_key_t *key)
    {
        case CRYPTO_KEY:
            memcpy(g_key, key->u.key, 16);
-            g_aes_dec_key_dirty = true;
-            g_aes_enc_key_dirty = true;
+
            return CRYPTO_ERROR_SUCCESS;
        default:
            return CRYPTO_ERROR_BADSETUP;
@ -128,19 +107,17 @@ int crypto_apply(

 void sha_1_init(struct sha_1_params_t *params)
 {
-    params->object = new SHA1;
+    sha1_init(&params->state);
 }

 void sha_1_update(struct sha_1_params_t *params, uint8_t *buffer, int size)
 {
-    reinterpret_cast<SHA1 *>(params->object)->Update(buffer, size);
+    sha1_process(&params->state, buffer, size);
 }

 void sha_1_finish(struct sha_1_params_t *params)
 {
-    SHA1 *obj = reinterpret_cast<SHA1 *>(params->object);
-    obj->Final(params->hash);
-    delete obj;
+    sha1_done(&params->state, params->hash);
 }

 void sha_1_output(struct sha_1_params_t *params, uint8_t *out)
--- a/utils/imxtools/sbtools/crypto.h
+++ b/utils/imxtools/sbtools/crypto.h
@ -77,11 +77,12 @@ int crypto_apply(
 uint32_t crc(uint8_t *data, int size);
 uint32_t crc_continue(uint32_t previous_crc, uint8_t *data, int size);

+#include "tomcrypt.h"
 /* sha1.c */
 struct sha_1_params_t
 {
    uint8_t hash[20]; /* final hash */
-    void *object; /* pointer to CryptoPP::SHA1 object */
+    hash_state state; /* libtomcrypt state */
 };

 void sha_1_init(struct sha_1_params_t *params);