imxtools/sbtools: switch AES implementation to Crypto++

Instead of having our own copy of the AES code, use a good library to do that.
Crypto++ is well-maintained, supports a lot of ciphers, works on many OSes, and
is optimized for many architectures.

Change-Id: I7d7d24b47993206d7338c5f9bac8bbdd3915a667

5 files changed, 84 insertions, 312 deletions

diff --git a/rbutil/mkimxboot/Makefile b/rbutil/mkimxboot/Makefile
index 7441e162c2..e635f64103 100644
--- a/rbutil/mkimxboot/Makefile
+++ b/rbutil/mkimxboot/Makefile
@@ -10,11 +10,12 @@ IMXTOOLS_DIR=../../utils/imxtools/sbtools/
 CFLAGS += -I$(IMXTOOLS_DIR) -Wall
 # std=gnu99 is required by MinGW on Windows (c99 is sufficient for Linux / MXE)
 CFLAGS += -std=gnu99 -g -O3
+LDFLAGS += -lcrypto++
 
 OUTPUT = mkimxboot
 
 # inputs for lib
-IMXTOOLS_SOURCES = misc.c sb.c crypto.cpp crc.c aes128.c sha1.c elf.c
+IMXTOOLS_SOURCES = misc.c sb.c crypto.cpp crc.c sha1.c elf.c
 LIBSOURCES := dualboot.c mkimxboot.c md5.c \
 	      $(addprefix $(IMXTOOLS_DIR),$(IMXTOOLS_SOURCES))
 # inputs for binary only
diff --git a/utils/imxtools/sbtools/Makefile b/utils/imxtools/sbtools/Makefile
index 2dad20fe0c..f5eb8c16c4 100644
--- a/utils/imxtools/sbtools/Makefile
+++ b/utils/imxtools/sbtools/Makefile
@@ -3,8 +3,8 @@ CC=gcc
 CXX=g++
 LD=g++
 CFLAGS=-O3 -g -std=c99 -Wall `pkg-config --cflags libusb-1.0` $(DEFINES)
-CXXFLAGS=-O3 -g -Wall $(DEFINES)
-LDFLAGS=`pkg-config --libs libusb-1.0`
+CXXFLAGS=-O3 -g -Wall `pkg-config --cflags libcrypto++` $(DEFINES)
+LDFLAGS=`pkg-config --libs libusb-1.0` `pkg-config --libs libcrypto++`
 BINS=elftosb sbtoelf sbloader rsrctool elftosb1
 
 all: $(BINS)
@@ -15,10 +15,10 @@ all: $(BINS)
 %.o: %.cpp
 	$(CXX) $(CXXFLAGS) -c -o $@ $<
 
-sbtoelf: sbtoelf.o crc.o crypto.o aes128.o sha1.o xorcrypt.o dbparser.o elf.o misc.o sb.o sb1.o
+sbtoelf: sbtoelf.o crc.o crypto.o sha1.o xorcrypt.o dbparser.o elf.o misc.o sb.o sb1.o
 	$(LD) -o $@ $^ $(LDFLAGS)
 
-elftosb: elftosb.o crc.o crypto.o aes128.o sha1.o elf.o dbparser.o misc.o sb.o
+elftosb: elftosb.o crc.o crypto.o sha1.o elf.o dbparser.o misc.o sb.o
 	$(LD) -o $@ $^ $(LDFLAGS)
 
 elftosb1: elftosb1.o xorcrypt.o elf.o misc.o sb1.o
diff --git a/utils/imxtools/sbtools/aes128.c b/utils/imxtools/sbtools/aes128.c
deleted file mode 100644
index af3d48761c..0000000000
--- a/utils/imxtools/sbtools/aes128.c
+++ /dev/null
@@ -1,286 +0,0 @@
-// Simple, thoroughly commented implementation of 128-bit AES / Rijndael using C
-// Chris Hulbert - chris.hulbert@gmail.com - http://splinter.com.au/blog
-// References:
-// http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
-// http://en.wikipedia.org/wiki/Rijndael_key_schedule
-// http://en.wikipeia.org/wiki/Rijndael_mix_columns
-// http://en.wikipedia.org/wiki/Rijndael_S-box
-// This code is public domain, or any OSI-approved license, your choice. No warranty.
-#include "crypto.h"
- 
-// Here are all the lookup tables for the row shifts, rcon, s-boxes, and galois field multiplications
-byte shift_rows_table[]     = {0,5,10,15,4,9,14,3,8,13,2,7,12,1,6,11};
-byte shift_rows_table_inv[] = {0,13,10,7,4,1,14,11,8,5,2,15,12,9,6,3};
-byte lookup_rcon[]={0x8d,0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,0x1b,0x36,0x6c,0xd8,0xab,0x4d,0x9a};
-byte lookup_sbox[]={0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5,0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76,0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0,0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0,0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc,0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15,0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a,0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75,0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0,0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84,0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b,0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf,0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85,0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8,0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5,0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2,0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17,0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73,0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88,0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb,0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c,0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79,0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9,0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08,0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6,0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a,0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e,0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e,0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94,0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf,0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68,0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16};
-byte lookup_sbox_inv[]={0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d};
-byte lookup_g2  []={0x00,0x02,0x04,0x06,0x08,0x0a,0x0c,0x0e,0x10,0x12,0x14,0x16,0x18,0x1a,0x1c,0x1e,0x20,0x22,0x24,0x26,0x28,0x2a,0x2c,0x2e,0x30,0x32,0x34,0x36,0x38,0x3a,0x3c,0x3e,0x40,0x42,0x44,0x46,0x48,0x4a,0x4c,0x4e,0x50,0x52,0x54,0x56,0x58,0x5a,0x5c,0x5e,0x60,0x62,0x64,0x66,0x68,0x6a,0x6c,0x6e,0x70,0x72,0x74,0x76,0x78,0x7a,0x7c,0x7e,0x80,0x82,0x84,0x86,0x88,0x8a,0x8c,0x8e,0x90,0x92,0x94,0x96,0x98,0x9a,0x9c,0x9e,0xa0,0xa2,0xa4,0xa6,0xa8,0xaa,0xac,0xae,0xb0,0xb2,0xb4,0xb6,0xb8,0xba,0xbc,0xbe,0xc0,0xc2,0xc4,0xc6,0xc8,0xca,0xcc,0xce,0xd0,0xd2,0xd4,0xd6,0xd8,0xda,0xdc,0xde,0xe0,0xe2,0xe4,0xe6,0xe8,0xea,0xec,0xee,0xf0,0xf2,0xf4,0xf6,0xf8,0xfa,0xfc,0xfe,0x1b,0x19,0x1f,0x1d,0x13,0x11,0x17,0x15,0x0b,0x09,0x0f,0x0d,0x03,0x01,0x07,0x05,0x3b,0x39,0x3f,0x3d,0x33,0x31,0x37,0x35,0x2b,0x29,0x2f,0x2d,0x23,0x21,0x27,0x25,0x5b,0x59,0x5f,0x5d,0x53,0x51,0x57,0x55,0x4b,0x49,0x4f,0x4d,0x43,0x41,0x47,0x45,0x7b,0x79,0x7f,0x7d,0x73,0x71,0x77,0x75,0x6b,0x69,0x6f,0x6d,0x63,0x61,0x67,0x65,0x9b,0x99,0x9f,0x9d,0x93,0x91,0x97,0x95,0x8b,0x89,0x8f,0x8d,0x83,0x81,0x87,0x85,0xbb,0xb9,0xbf,0xbd,0xb3,0xb1,0xb7,0xb5,0xab,0xa9,0xaf,0xad,0xa3,0xa1,0xa7,0xa5,0xdb,0xd9,0xdf,0xdd,0xd3,0xd1,0xd7,0xd5,0xcb,0xc9,0xcf,0xcd,0xc3,0xc1,0xc7,0xc5,0xfb,0xf9,0xff,0xfd,0xf3,0xf1,0xf7,0xf5,0xeb,0xe9,0xef,0xed,0xe3,0xe1,0xe7,0xe5};
-byte lookup_g3  []={0x00,0x03,0x06,0x05,0x0c,0x0f,0x0a,0x09,0x18,0x1b,0x1e,0x1d,0x14,0x17,0x12,0x11,0x30,0x33,0x36,0x35,0x3c,0x3f,0x3a,0x39,0x28,0x2b,0x2e,0x2d,0x24,0x27,0x22,0x21,0x60,0x63,0x66,0x65,0x6c,0x6f,0x6a,0x69,0x78,0x7b,0x7e,0x7d,0x74,0x77,0x72,0x71,0x50,0x53,0x56,0x55,0x5c,0x5f,0x5a,0x59,0x48,0x4b,0x4e,0x4d,0x44,0x47,0x42,0x41,0xc0,0xc3,0xc6,0xc5,0xcc,0xcf,0xca,0xc9,0xd8,0xdb,0xde,0xdd,0xd4,0xd7,0xd2,0xd1,0xf0,0xf3,0xf6,0xf5,0xfc,0xff,0xfa,0xf9,0xe8,0xeb,0xee,0xed,0xe4,0xe7,0xe2,0xe1,0xa0,0xa3,0xa6,0xa5,0xac,0xaf,0xaa,0xa9,0xb8,0xbb,0xbe,0xbd,0xb4,0xb7,0xb2,0xb1,0x90,0x93,0x96,0x95,0x9c,0x9f,0x9a,0x99,0x88,0x8b,0x8e,0x8d,0x84,0x87,0x82,0x81,0x9b,0x98,0x9d,0x9e,0x97,0x94,0x91,0x92,0x83,0x80,0x85,0x86,0x8f,0x8c,0x89,0x8a,0xab,0xa8,0xad,0xae,0xa7,0xa4,0xa1,0xa2,0xb3,0xb0,0xb5,0xb6,0xbf,0xbc,0xb9,0xba,0xfb,0xf8,0xfd,0xfe,0xf7,0xf4,0xf1,0xf2,0xe3,0xe0,0xe5,0xe6,0xef,0xec,0xe9,0xea,0xcb,0xc8,0xcd,0xce,0xc7,0xc4,0xc1,0xc2,0xd3,0xd0,0xd5,0xd6,0xdf,0xdc,0xd9,0xda,0x5b,0x58,0x5d,0x5e,0x57,0x54,0x51,0x52,0x43,0x40,0x45,0x46,0x4f,0x4c,0x49,0x4a,0x6b,0x68,0x6d,0x6e,0x67,0x64,0x61,0x62,0x73,0x70,0x75,0x76,0x7f,0x7c,0x79,0x7a,0x3b,0x38,0x3d,0x3e,0x37,0x34,0x31,0x32,0x23,0x20,0x25,0x26,0x2f,0x2c,0x29,0x2a,0x0b,0x08,0x0d,0x0e,0x07,0x04,0x01,0x02,0x13,0x10,0x15,0x16,0x1f,0x1c,0x19,0x1a};
-byte lookup_g9  []={0x00,0x09,0x12,0x1b,0x24,0x2d,0x36,0x3f,0x48,0x41,0x5a,0x53,0x6c,0x65,0x7e,0x77,0x90,0x99,0x82,0x8b,0xb4,0xbd,0xa6,0xaf,0xd8,0xd1,0xca,0xc3,0xfc,0xf5,0xee,0xe7,0x3b,0x32,0x29,0x20,0x1f,0x16,0x0d,0x04,0x73,0x7a,0x61,0x68,0x57,0x5e,0x45,0x4c,0xab,0xa2,0xb9,0xb0,0x8f,0x86,0x9d,0x94,0xe3,0xea,0xf1,0xf8,0xc7,0xce,0xd5,0xdc,0x76,0x7f,0x64,0x6d,0x52,0x5b,0x40,0x49,0x3e,0x37,0x2c,0x25,0x1a,0x13,0x08,0x01,0xe6,0xef,0xf4,0xfd,0xc2,0xcb,0xd0,0xd9,0xae,0xa7,0xbc,0xb5,0x8a,0x83,0x98,0x91,0x4d,0x44,0x5f,0x56,0x69,0x60,0x7b,0x72,0x05,0x0c,0x17,0x1e,0x21,0x28,0x33,0x3a,0xdd,0xd4,0xcf,0xc6,0xf9,0xf0,0xeb,0xe2,0x95,0x9c,0x87,0x8e,0xb1,0xb8,0xa3,0xaa,0xec,0xe5,0xfe,0xf7,0xc8,0xc1,0xda,0xd3,0xa4,0xad,0xb6,0xbf,0x80,0x89,0x92,0x9b,0x7c,0x75,0x6e,0x67,0x58,0x51,0x4a,0x43,0x34,0x3d,0x26,0x2f,0x10,0x19,0x02,0x0b,0xd7,0xde,0xc5,0xcc,0xf3,0xfa,0xe1,0xe8,0x9f,0x96,0x8d,0x84,0xbb,0xb2,0xa9,0xa0,0x47,0x4e,0x55,0x5c,0x63,0x6a,0x71,0x78,0x0f,0x06,0x1d,0x14,0x2b,0x22,0x39,0x30,0x9a,0x93,0x88,0x81,0xbe,0xb7,0xac,0xa5,0xd2,0xdb,0xc0,0xc9,0xf6,0xff,0xe4,0xed,0x0a,0x03,0x18,0x11,0x2e,0x27,0x3c,0x35,0x42,0x4b,0x50,0x59,0x66,0x6f,0x74,0x7d,0xa1,0xa8,0xb3,0xba,0x85,0x8c,0x97,0x9e,0xe9,0xe0,0xfb,0xf2,0xcd,0xc4,0xdf,0xd6,0x31,0x38,0x23,0x2a,0x15,0x1c,0x07,0x0e,0x79,0x70,0x6b,0x62,0x5d,0x54,0x4f,0x46};
-byte lookup_g11 []={0x00,0x0b,0x16,0x1d,0x2c,0x27,0x3a,0x31,0x58,0x53,0x4e,0x45,0x74,0x7f,0x62,0x69,0xb0,0xbb,0xa6,0xad,0x9c,0x97,0x8a,0x81,0xe8,0xe3,0xfe,0xf5,0xc4,0xcf,0xd2,0xd9,0x7b,0x70,0x6d,0x66,0x57,0x5c,0x41,0x4a,0x23,0x28,0x35,0x3e,0x0f,0x04,0x19,0x12,0xcb,0xc0,0xdd,0xd6,0xe7,0xec,0xf1,0xfa,0x93,0x98,0x85,0x8e,0xbf,0xb4,0xa9,0xa2,0xf6,0xfd,0xe0,0xeb,0xda,0xd1,0xcc,0xc7,0xae,0xa5,0xb8,0xb3,0x82,0x89,0x94,0x9f,0x46,0x4d,0x50,0x5b,0x6a,0x61,0x7c,0x77,0x1e,0x15,0x08,0x03,0x32,0x39,0x24,0x2f,0x8d,0x86,0x9b,0x90,0xa1,0xaa,0xb7,0xbc,0xd5,0xde,0xc3,0xc8,0xf9,0xf2,0xef,0xe4,0x3d,0x36,0x2b,0x20,0x11,0x1a,0x07,0x0c,0x65,0x6e,0x73,0x78,0x49,0x42,0x5f,0x54,0xf7,0xfc,0xe1,0xea,0xdb,0xd0,0xcd,0xc6,0xaf,0xa4,0xb9,0xb2,0x83,0x88,0x95,0x9e,0x47,0x4c,0x51,0x5a,0x6b,0x60,0x7d,0x76,0x1f,0x14,0x09,0x02,0x33,0x38,0x25,0x2e,0x8c,0x87,0x9a,0x91,0xa0,0xab,0xb6,0xbd,0xd4,0xdf,0xc2,0xc9,0xf8,0xf3,0xee,0xe5,0x3c,0x37,0x2a,0x21,0x10,0x1b,0x06,0x0d,0x64,0x6f,0x72,0x79,0x48,0x43,0x5e,0x55,0x01,0x0a,0x17,0x1c,0x2d,0x26,0x3b,0x30,0x59,0x52,0x4f,0x44,0x75,0x7e,0x63,0x68,0xb1,0xba,0xa7,0xac,0x9d,0x96,0x8b,0x80,0xe9,0xe2,0xff,0xf4,0xc5,0xce,0xd3,0xd8,0x7a,0x71,0x6c,0x67,0x56,0x5d,0x40,0x4b,0x22,0x29,0x34,0x3f,0x0e,0x05,0x18,0x13,0xca,0xc1,0xdc,0xd7,0xe6,0xed,0xf0,0xfb,0x92,0x99,0x84,0x8f,0xbe,0xb5,0xa8,0xa3};
-byte lookup_g13 []={0x00,0x0d,0x1a,0x17,0x34,0x39,0x2e,0x23,0x68,0x65,0x72,0x7f,0x5c,0x51,0x46,0x4b,0xd0,0xdd,0xca,0xc7,0xe4,0xe9,0xfe,0xf3,0xb8,0xb5,0xa2,0xaf,0x8c,0x81,0x96,0x9b,0xbb,0xb6,0xa1,0xac,0x8f,0x82,0x95,0x98,0xd3,0xde,0xc9,0xc4,0xe7,0xea,0xfd,0xf0,0x6b,0x66,0x71,0x7c,0x5f,0x52,0x45,0x48,0x03,0x0e,0x19,0x14,0x37,0x3a,0x2d,0x20,0x6d,0x60,0x77,0x7a,0x59,0x54,0x43,0x4e,0x05,0x08,0x1f,0x12,0x31,0x3c,0x2b,0x26,0xbd,0xb0,0xa7,0xaa,0x89,0x84,0x93,0x9e,0xd5,0xd8,0xcf,0xc2,0xe1,0xec,0xfb,0xf6,0xd6,0xdb,0xcc,0xc1,0xe2,0xef,0xf8,0xf5,0xbe,0xb3,0xa4,0xa9,0x8a,0x87,0x90,0x9d,0x06,0x0b,0x1c,0x11,0x32,0x3f,0x28,0x25,0x6e,0x63,0x74,0x79,0x5a,0x57,0x40,0x4d,0xda,0xd7,0xc0,0xcd,0xee,0xe3,0xf4,0xf9,0xb2,0xbf,0xa8,0xa5,0x86,0x8b,0x9c,0x91,0x0a,0x07,0x10,0x1d,0x3e,0x33,0x24,0x29,0x62,0x6f,0x78,0x75,0x56,0x5b,0x4c,0x41,0x61,0x6c,0x7b,0x76,0x55,0x58,0x4f,0x42,0x09,0x04,0x13,0x1e,0x3d,0x30,0x27,0x2a,0xb1,0xbc,0xab,0xa6,0x85,0x88,0x9f,0x92,0xd9,0xd4,0xc3,0xce,0xed,0xe0,0xf7,0xfa,0xb7,0xba,0xad,0xa0,0x83,0x8e,0x99,0x94,0xdf,0xd2,0xc5,0xc8,0xeb,0xe6,0xf1,0xfc,0x67,0x6a,0x7d,0x70,0x53,0x5e,0x49,0x44,0x0f,0x02,0x15,0x18,0x3b,0x36,0x21,0x2c,0x0c,0x01,0x16,0x1b,0x38,0x35,0x22,0x2f,0x64,0x69,0x7e,0x73,0x50,0x5d,0x4a,0x47,0xdc,0xd1,0xc6,0xcb,0xe8,0xe5,0xf2,0xff,0xb4,0xb9,0xae,0xa3,0x80,0x8d,0x9a,0x97};
-byte lookup_g14 []={0x00,0x0e,0x1c,0x12,0x38,0x36,0x24,0x2a,0x70,0x7e,0x6c,0x62,0x48,0x46,0x54,0x5a,0xe0,0xee,0xfc,0xf2,0xd8,0xd6,0xc4,0xca,0x90,0x9e,0x8c,0x82,0xa8,0xa6,0xb4,0xba,0xdb,0xd5,0xc7,0xc9,0xe3,0xed,0xff,0xf1,0xab,0xa5,0xb7,0xb9,0x93,0x9d,0x8f,0x81,0x3b,0x35,0x27,0x29,0x03,0x0d,0x1f,0x11,0x4b,0x45,0x57,0x59,0x73,0x7d,0x6f,0x61,0xad,0xa3,0xb1,0xbf,0x95,0x9b,0x89,0x87,0xdd,0xd3,0xc1,0xcf,0xe5,0xeb,0xf9,0xf7,0x4d,0x43,0x51,0x5f,0x75,0x7b,0x69,0x67,0x3d,0x33,0x21,0x2f,0x05,0x0b,0x19,0x17,0x76,0x78,0x6a,0x64,0x4e,0x40,0x52,0x5c,0x06,0x08,0x1a,0x14,0x3e,0x30,0x22,0x2c,0x96,0x98,0x8a,0x84,0xae,0xa0,0xb2,0xbc,0xe6,0xe8,0xfa,0xf4,0xde,0xd0,0xc2,0xcc,0x41,0x4f,0x5d,0x53,0x79,0x77,0x65,0x6b,0x31,0x3f,0x2d,0x23,0x09,0x07,0x15,0x1b,0xa1,0xaf,0xbd,0xb3,0x99,0x97,0x85,0x8b,0xd1,0xdf,0xcd,0xc3,0xe9,0xe7,0xf5,0xfb,0x9a,0x94,0x86,0x88,0xa2,0xac,0xbe,0xb0,0xea,0xe4,0xf6,0xf8,0xd2,0xdc,0xce,0xc0,0x7a,0x74,0x66,0x68,0x42,0x4c,0x5e,0x50,0x0a,0x04,0x16,0x18,0x32,0x3c,0x2e,0x20,0xec,0xe2,0xf0,0xfe,0xd4,0xda,0xc8,0xc6,0x9c,0x92,0x80,0x8e,0xa4,0xaa,0xb8,0xb6,0x0c,0x02,0x10,0x1e,0x34,0x3a,0x28,0x26,0x7c,0x72,0x60,0x6e,0x44,0x4a,0x58,0x56,0x37,0x39,0x2b,0x25,0x0f,0x01,0x13,0x1d,0x47,0x49,0x5b,0x55,0x7f,0x71,0x63,0x6d,0xd7,0xd9,0xcb,0xc5,0xef,0xe1,0xf3,0xfd,0xa7,0xa9,0xbb,0xb5,0x9f,0x91,0x83,0x8d};
-
-// Xor's all elements in a n byte array a by b
-void xor_(byte *a, byte *b, int n) {
-  int i;
-  for (i=0;i<n;i++)
-    a[i] ^= b[i];
-}
-
-// Xor the current cipher state by a specific round key
-static void xor_round_key(byte *state, byte *keys, int round) {
-  xor_(state,keys+round*16,16);
-}
-
-// Apply and reverse the rijndael s-box to all elements in an array
-// http://en.wikipedia.org/wiki/Rijndael_S-box
-static void sub_bytes(byte *a,int n) {
-  int i;
-  for (i=0;i<n;i++)
-    a[i] = lookup_sbox[a[i]];
-}
-static void sub_bytes_inv(byte *a,int n) {
-  int i;
-  for (i=0;i<n;i++)
-    a[i] = lookup_sbox_inv[a[i]];
-}
-
-// Perform the core key schedule transform on 4 bytes, as part of the key expansion process
-// http://en.wikipedia.org/wiki/Rijndael_key_schedule#Key_schedule_core
-static void key_schedule_core(byte *a, int i) { 
-  byte temp = a[0];     // Rotate the output eight bits to the left
-  a[0]=a[1];
-  a[1]=a[2];
-  a[2]=a[3];
-  a[3]=temp;
-  sub_bytes(a,4);       // Apply Rijndael's S-box on all four individual bytes in the output word
-  a[0]^=lookup_rcon[i]; // On just the first (leftmost) byte of the output word, perform the rcon operation with i
-                        // as the input, and exclusive or the rcon output with the first byte of the output word
-}
-
-// Expand the 16-byte key to 11 round keys (176 bytes)
-// http://en.wikipedia.org/wiki/Rijndael_key_schedule#The_key_schedule
-static void expand_key(byte *key, byte *keys) {
-  int bytes=16;             // The count of how many bytes we've created so far
-  int i=1;                  // The rcon iteration value i is set to 1
-  int j;                    // For repeating the second stage 3 times
-  byte t[4];                // Temporary working area known as 't' in the Wiki article
-  memcpy(keys,key,16);      // The first 16 bytes of the expanded key are simply the encryption key
-  
-  while (bytes<176) {       // Until we have 176 bytes of expanded key, we do the following:
-    memcpy(t,keys+bytes-4,4);          // We assign the value of the previous four bytes in the expanded key to t
-    key_schedule_core(t, i);           // We perform the key schedule core on t, with i as the rcon iteration value
-    i++;                               // We increment i by 1
-    xor_(t,keys+bytes-16,4);            // We exclusive-or t with the four-byte block 16 bytes before the new expanded key. 
-    memcpy(keys+bytes,t,4);            // This becomes the next 4 bytes in the expanded key
-    bytes+=4;                          // Keep track of how many expanded key bytes we've added
-
-    // We then do the following three times to create the next twelve bytes
-    for (j=0;j<3;j++) {
-      memcpy(t,keys+bytes-4,4);          // We assign the value of the previous 4 bytes in the expanded key to t
-      xor_(t,keys+bytes-16,4);            // We exclusive-or t with the four-byte block n bytes before
-      memcpy(keys+bytes,t,4);            // This becomes the next 4 bytes in the expanded key
-      bytes+=4;                          // Keep track of how many expanded key bytes we've added
-    }
-  }
-}
-
-// Apply / reverse the shift rows step on the 16 byte cipher state
-// http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#The_ShiftRows_step
-static void shift_rows(byte *state) {
-  int i;
-  byte temp[16];
-  memcpy(temp,state,16);
-  for (i=0;i<16;i++)
-    state[i]=temp[shift_rows_table[i]];
-}
-static void shift_rows_inv(byte *state) {
-  int i;
-  byte temp[16];
-  memcpy(temp,state,16);
-  for (i=0;i<16;i++)
-    state[i]=temp[shift_rows_table_inv[i]];
-}
-
-// Perform the mix columns matrix on one column of 4 bytes
-// http://en.wikipedia.org/wiki/Rijndael_mix_columns
-static void mix_col (byte *state) {
-  byte a0 = state[0];
-  byte a1 = state[1];
-  byte a2 = state[2];
-  byte a3 = state[3];
-  state[0] = lookup_g2[a0] ^ lookup_g3[a1] ^ a2 ^ a3;
-  state[1] = lookup_g2[a1] ^ lookup_g3[a2] ^ a3 ^ a0;
-  state[2] = lookup_g2[a2] ^ lookup_g3[a3] ^ a0 ^ a1;
-  state[3] = lookup_g2[a3] ^ lookup_g3[a0] ^ a1 ^ a2;
-}
-
-// Perform the mix columns matrix on each column of the 16 bytes
-static void mix_cols (byte *state) {
-  mix_col(state);
-  mix_col(state+4);
-  mix_col(state+8);
-  mix_col(state+12);
-}
-
-// Perform the inverse mix columns matrix on one column of 4 bytes
-// http://en.wikipedia.org/wiki/Rijndael_mix_columns
-static void mix_col_inv (byte *state) {
-  byte a0 = state[0];
-  byte a1 = state[1];
-  byte a2 = state[2];
-  byte a3 = state[3];
-  state[0] = lookup_g14[a0] ^ lookup_g9[a3] ^ lookup_g13[a2] ^ lookup_g11[a1];
-  state[1] = lookup_g14[a1] ^ lookup_g9[a0] ^ lookup_g13[a3] ^ lookup_g11[a2];
-  state[2] = lookup_g14[a2] ^ lookup_g9[a1] ^ lookup_g13[a0] ^ lookup_g11[a3];
-  state[3] = lookup_g14[a3] ^ lookup_g9[a2] ^ lookup_g13[a1] ^ lookup_g11[a0];
-}
-
-// Perform the inverse mix columns matrix on each column of the 16 bytes
-static void mix_cols_inv (byte *state) {
-  mix_col_inv(state);
-  mix_col_inv(state+4);
-  mix_col_inv(state+8);
-  mix_col_inv(state+12);
-}
-
-// Encrypt a single 128 bit block by a 128 bit key using AES
-// http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
-void EncryptAES(byte *msg, byte *key, byte *c) {
-  int i; // To count the rounds
-  
-  // Key expansion
-  byte keys[176];
-  expand_key(key,keys);
-  
-  // First Round
-  memmove(c, msg, 16);
-  xor_round_key(c,keys,0);
-
-  // Middle rounds
-  for(i=0; i<9; i++) {
-    sub_bytes(c,16);
-    shift_rows(c);
-    mix_cols(c);
-    xor_round_key(c, keys, i+1);
-  }
-
-  // Final Round
-  sub_bytes(c,16);
-  shift_rows(c);
-  xor_round_key(c, keys, 10);
-}
-
-// Decrypt a single 128 bit block by a 128 bit key using AES
-// http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
-void DecryptAES(byte *c, byte *key, byte *m) {
-  int i; // To count the rounds
-  
-  // Key expansion
-  byte keys[176];
-  expand_key(key,keys);
-  
-  // Reverse the final Round
-  memcpy(m,c,16);
-  xor_round_key(m,keys,10);
-  shift_rows_inv(m);
-  sub_bytes_inv(m, 16);
-  
-  // Reverse the middle rounds
-  for (i=0; i<9; i++) {
-    xor_round_key(m,keys,9-i);
-    mix_cols_inv(m);
-    shift_rows_inv(m);
-    sub_bytes_inv(m, 16);
-  }
-  
-  // Reverse the first Round
-  xor_round_key(m, keys, 0);
-}
-
-/*
-// Pretty-print a key (or any smallish buffer) onto screen as hex
-void Pretty(byte* b,int len,const char* label)
-{
-  char out[100];
-  int i;
-  for (i=0;i<len;i++)
-    sprintf(out+i*2,"%02x",b[i]);
-
-  printf("%s%s",label, out);
-}
-*/
-
-/*
-// Test AES
-int main(void)
-{
-  byte key[] = {0x12,0x34,0x56,0x12,0x34,0x56,0x12,0x34,0x56,0x12,0x34,0x56,0x12,0x34,0x56,0x12};
-  byte msg[] = {0xab,0xcd,0xef,0xab,0xcd,0xef,0xab,0xcd,0xef,0xab,0xcd,0xef,0xab,0xcd,0xef,0xab};
-  byte encrypted[16], decrypted[16];
-
-  printf("Test AES\r\n\n");
-  Pretty(key,16,"Key:         ");
-  Pretty(msg,16,"Original:    ");
-
-  EncryptAES(msg,key,encrypted);
-  printf("Encrypted should be: 85E5A3D7356A61E29A8AFA559AD67102\r\n");
-  Pretty(encrypted,16,"Encrypted:   ");
-
-  DecryptAES(encrypted,key,decrypted);
-  Pretty(decrypted,16,"Decrypted:   ");
-  
-  return 0;
-}
-*/
-
-void cbc_mac(
-    byte *in_data, /* Input data */
-    byte *out_data, /* Output data (or NULL) */
-    int nr_blocks, /* Number of blocks to encrypt/decrypt (one block=16 bytes) */
-    byte key[16], /* Key */
-    byte iv[16], /* Initialisation Vector */
-    byte (*out_cbc_mac)[16], /* CBC-MAC of the result (or NULL) */
-    int encrypt /* 1 to encrypt, 0 to decrypt */
-    )
-{
-    byte feedback[16];
-    memcpy(feedback, iv, 16);
-
-    if(encrypt)
-    {
-        /* for each block */
-        for(int i = 0; i < nr_blocks; i++)
-        {
-            /* xor it with feedback */
-            xor_(feedback, &in_data[i * 16], 16);
-            /* encrypt it using aes */
-            EncryptAES(feedback, key, feedback);
-            /* write cipher to output */
-            if(out_data)
-                memcpy(&out_data[i * 16], feedback, 16);
-        }
-        if(out_cbc_mac)
-            memcpy(out_cbc_mac, feedback, 16);
-    }
-    else
-    {
-        /* nothing to do ? */
-        if(out_data == NULL)
-            return;
-
-        /* for each block */
-        for(int i = 0; i < nr_blocks; i++)
-        {
-            /* decrypt it using aes */
-            DecryptAES(&in_data[i * 16], key, &out_data[i * 16]);
-            /* xor it with iv */
-            xor_(&out_data[i * 16], feedback, 16);
-            /* copy cipher to iv */
-            memcpy(feedback, &in_data[i * 16], 16);
-        }
-        if(out_cbc_mac)
-            memcpy(out_cbc_mac, feedback, 16);
-    }
-}
diff --git a/utils/imxtools/sbtools/crypto.cpp b/utils/imxtools/sbtools/crypto.cpp
index 35068c3e7d..5ccde27fdd 100644
--- a/utils/imxtools/sbtools/crypto.cpp
+++ b/utils/imxtools/sbtools/crypto.cpp
@@ -20,9 +20,81 @@
  ****************************************************************************/
 #include "crypto.h"
 #include "misc.h"
+#include <cryptopp/modes.h>
+#include <cryptopp/aes.h>
 
-static enum crypto_method_t g_cur_method = CRYPTO_NONE;
-static byte g_key[16];
+using namespace CryptoPP;
+
+namespace
+{
+
+enum crypto_method_t g_cur_method = CRYPTO_NONE;
+byte g_key[16];
+CBC_Mode<AES>::Encryption g_aes_enc;
+CBC_Mode<AES>::Decryption g_aes_dec;
+bool g_aes_enc_key_dirty; /* true of g_aes_enc key needs to be updated */
+bool g_aes_dec_key_dirty; /* same for g_aes_dec */
+
+int cbc_mac2(
+    const byte *in_data, /* Input data */
+    byte *out_data, /* Output data (or NULL) */
+    int nr_blocks, /* Number of blocks to encrypt/decrypt (one block=16 bytes) */
+    byte key[16], /* Key */
+    byte iv[16], /* Initialisation Vector */
+    byte (*out_cbc_mac)[16], /* CBC-MAC of the result (or NULL) */
+    bool encrypt /* 1 to encrypt, 0 to decrypt */
+    )
+{
+    /* encrypt */
+    if(encrypt)
+    {
+        /* update keys if neeeded */
+        if(g_aes_enc_key_dirty)
+        {
+            /* we need to provide an IV with the key, although we change it
+             * everytime we run the cipher anyway */
+            g_aes_enc.SetKeyWithIV(g_key, 16, iv, 16);
+            g_aes_enc_key_dirty = false;
+        }
+        g_aes_enc.Resynchronize(iv, 16);
+        byte tmp[16];
+        /* we need some output buffer, either a temporary one if we are CBC-MACing
+         * only, or use output buffer if available */
+        byte *out_ptr = (out_data == NULL) ? tmp : out_data;
+        while(nr_blocks-- > 0)
+        {
+            g_aes_enc.ProcessData(out_ptr, in_data, 16);
+            /* if this is the last block, copy CBC-MAC */
+            if(nr_blocks == 0 && out_cbc_mac)
+                memcpy(out_cbc_mac, out_ptr, 16);
+            /* if we are writing data to the output buffer, advance output pointer */
+            if(out_data != NULL)
+                out_ptr += 16;
+            in_data += 16;
+        }
+        return CRYPTO_ERROR_SUCCESS;
+    }
+    /* decrypt */
+    else
+    {
+        /* update keys if neeeded */
+        if(g_aes_dec_key_dirty)
+        {
+            /* we need to provide an IV with the key, although we change it
+             * everytime we run the cipher anyway */
+            g_aes_dec.SetKeyWithIV(g_key, 16, iv, 16);
+            g_aes_dec_key_dirty = false;
+        }
+        /* we cannot produce a CBC-MAC in decrypt mode, output buffer exists */
+        if(out_cbc_mac || out_data == NULL)
+            return CRYPTO_ERROR_INVALID_OP;
+        g_aes_dec.Resynchronize(iv, 16);
+        g_aes_dec.ProcessData(out_data, in_data, nr_blocks * 16);
+        return CRYPTO_ERROR_SUCCESS;
+    }
+}
+
+}
 
 int crypto_setup(struct crypto_key_t *key)
 {
@@ -31,6 +103,8 @@ int crypto_setup(struct crypto_key_t *key)
     {
         case CRYPTO_KEY:
             memcpy(g_key, key->u.key, 16);
+            g_aes_dec_key_dirty = true;
+            g_aes_enc_key_dirty = true;
             return CRYPTO_ERROR_SUCCESS;
         default:
             return CRYPTO_ERROR_BADSETUP;
@@ -46,10 +120,7 @@ int crypto_apply(
     bool encrypt)
 {
     if(g_cur_method == CRYPTO_KEY)
-    {
-        cbc_mac(in_data, out_data, nr_blocks, g_key, iv, out_cbc_mac, encrypt);
-        return CRYPTO_ERROR_SUCCESS;
-    }
+        return cbc_mac2(in_data, out_data, nr_blocks, g_key, iv, out_cbc_mac, encrypt);
     else
         return CRYPTO_ERROR_BADSETUP;
 }
diff --git a/utils/imxtools/sbtools/crypto.h b/utils/imxtools/sbtools/crypto.h
index 9944289a4f..a282385cf2 100644
--- a/utils/imxtools/sbtools/crypto.h
+++ b/utils/imxtools/sbtools/crypto.h
@@ -32,21 +32,6 @@ extern "C" {
 
 typedef uint8_t byte;
 
-/* aes128.c */
-void xor_(byte *a, byte *b, int n);
-void EncryptAES(byte *msg, byte *key, byte *c);
-void DecryptAES(byte *c, byte *key, byte *m);
-void Pretty(byte* b,int len,const char* label);
-void cbc_mac(
-    byte *in_data, /* Input data */
-    byte *out_data, /* Output data (or NULL) */
-    int nr_blocks, /* Number of blocks to encrypt/decrypt (one block=16 bytes) */
-    byte key[16], /* Key */
-    byte iv[16], /* Initialisation Vector */
-    byte (*out_cbc_mac)[16], /* CBC-MAC of the result (or NULL) */
-    int encrypt /* 1 to encrypt, 0 to decrypt */
-    );
-
 /* crypto.c */
 enum crypto_method_t
 {
@@ -74,6 +59,7 @@ struct crypto_key_t
 
 #define CRYPTO_ERROR_SUCCESS    0
 #define CRYPTO_ERROR_BADSETUP   -1
+#define CRYPTO_ERROR_INVALID_OP -2
 
 /* parameter can be:
  * - CRYPTO_KEY: array of 16-bytes (the key)