From: Eneas U de Queiroz Date: Fri, 17 Feb 2023 11:12:40 +0000 (-0300) Subject: uencrypt: add support for mbedtls X-Git-Tag: v23.05.0-rc1~774 X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=4662adef2ad02dc5903516f69da017dcecf392c9;p=openwrt%2Fopenwrt.git uencrypt: add support for mbedtls This commit includes some additional changes: - better handling of iv and keys in openssl/wolfssl variants - fix compiler warnings and whitespace - build all 3 variants as separate packages - adjust the new package name in targets' DEVICE_PACKAGES - remove PKG_FLAGS:=nonshared [Beeline SmartBox Flash - OK] Tested-by: Mikhail Zhilkin [after test: replaced a hardcoded IV size of 16 by cipher_info->iv_size] Signed-off-by: Eneas U de Queiroz --- diff --git a/package/utils/uencrypt/Makefile b/package/utils/uencrypt/Makefile index a9779e2825..21d2d96f4d 100644 --- a/package/utils/uencrypt/Makefile +++ b/package/utils/uencrypt/Makefile @@ -4,55 +4,80 @@ include $(TOPDIR)/rules.mk PKG_NAME:=uencrypt -PKG_RELEASE:=3 +PKG_RELEASE:=4 -PKG_FLAGS:=nonshared PKG_LICENSE:=GPL-2.0-or-later PKG_MAINTAINER:=Eneas U de Queiroz -PKG_CONFIG_DEPENDS:=\ - CONFIG_UENCRYPT_OPENSSL \ - CONFIG_UENCRYPT_WOLFSSL include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk CMAKE_INSTALL:=1 -CMAKE_OPTIONS+=$(if $(CONFIG_UENCRYPT_WOLFSSL),-DUSE_WOLFSSL=1) +ifeq ($(BUILD_VARIANT),mbedtls) + CMAKE_OPTIONS+=-DUSE_MBEDTLS=1 +else ifeq ($(BUILD_VARIANT),wolfssl) + CMAKE_OPTIONS+=-DUSE_WOLFSSL=1 +endif -define Package/uencrypt +define Package/uencrypt/default SECTION:=utils CATEGORY:=Base system - TITLE:=Decryption utility for Arcadyan WG4xx223 and TP-Link Deco S4 - DEPENDS:=+UENCRYPT_WOLFSSL:libwolfssl +UENCRYPT_OPENSSL:libopenssl + TITLE:=Small Decryption utility endef -define Package/uencrypt/description +define Package/uencrypt/default/description This is a small encrypton/decryption program. It defaults to AES-128-CBC, but supports any encryption provided by - the available openssl/wolfssl library. Even though it can - be used for regular encryption and decryption operations, + the crypto library. Even though it can be used for + non-critical* regular encryption and decryption operations, it is included here to unencrypt the configuration from mtd - on Arcadyan WG430223/WG443223 and TP-Link Deco S4 routers + on some devices. + + * Key and IV are exposed on cmdline + + This variant uses $(1) as crypto provider endef -define Package/uencrypt/config - if PACKAGE_uencrypt - choice - prompt "Crypto provider" - default UENCRYPT_WOLFSSL +define Package/uencrypt-mbedtls + $(Package/uencrypt/default) + VARIANT:=mbedtls + TITLE+= using mbedTLS + DEPENDS:=+libmbedtls + CONFLICTS:=uencrypt-openssl uencrypt-wolfssl +endef - config UENCRYPT_OPENSSL - bool "OpenSSL" +Package/uencrypt-mbedtls/description= \ + $(call Package/uencrypt/default/description,mbedTLS) - config UENCRYPT_WOLFSSL - bool "wolfSSL" - endchoice - endif +define Package/uencrypt-openssl + $(Package/uencrypt/default) + VARIANT:=openssl + TITLE+= using OpenSSL + DEPENDS:=+libopenssl + CONFLICTS:=uencrypt-wolfssl endef -define Package/uencrypt/install +Package/uencrypt-openssl/description= \ + $(call Package/uencrypt/default/description,OpenSSL) + +define Package/uencrypt-wolfssl + $(Package/uencrypt/default) + VARIANT:=wolfssl + TITLE+= using wolfSSL + DEPENDS:=+libwolfssl +endef + +Package/uencrypt-wolfssl/description= \ + $(call Package/uencrypt/default/description,wolfSSL) + +define Package/uencrypt/default/install $(INSTALL_DIR) $(1)/usr/bin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/uencrypt $(1)/usr/bin endef +Package/uencrypt-openssl/install = $(Package/uencrypt/default/install) +Package/uencrypt-wolfssl/install = $(Package/uencrypt/default/install) +Package/uencrypt-mbedtls/install = $(Package/uencrypt/default/install) -$(eval $(call BuildPackage,uencrypt)) +$(eval $(call BuildPackage,uencrypt-mbedtls)) +$(eval $(call BuildPackage,uencrypt-openssl)) +$(eval $(call BuildPackage,uencrypt-wolfssl)) diff --git a/package/utils/uencrypt/src/CMakeLists.txt b/package/utils/uencrypt/src/CMakeLists.txt index cd25d2f12f..eadb2eadb3 100644 --- a/package/utils/uencrypt/src/CMakeLists.txt +++ b/package/utils/uencrypt/src/CMakeLists.txt @@ -5,16 +5,27 @@ cmake_minimum_required(VERSION 2.8.12 FATAL_ERROR) project(uencrypt LANGUAGES C) option(USE_WOLFSSL "Use WolfSSL as crypto provider" OFF) -if (USE_WOLFSSL) - add_definitions(-DUSE_WOLFSSL) - find_library(WOLFSSL_LIBRARY wolfssl REQUIRED) - set(CRYPTO_LIBRARIES ${WOLFSSL_LIBRARY}) +option(USE_MBEDTLS "Use mbedTLS as crypto provider" OFF) +if (USE_MBEDTLS) + if (USE_WOLFSSL) + message(WARNING "USE_MBEDTLS and USE_WOLFSSL are both set. Building with USE_MBEDTLS.") + endif() + add_definitions(-DUSE_MBEDTLS) + find_library(MBEDCRYPTO_LIBRARY mbedcrypto REQUIRED) + set(CRYPTO_LIBRARIES ${MBEDCRYPTO_LIBRARY}) + add_executable(${PROJECT_NAME} ${PROJECT_NAME}-mbedtls.c) else() - find_package(OpenSSL REQUIRED) - set(CRYPTO_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY}) + add_executable(${PROJECT_NAME} ${PROJECT_NAME}-openssl.c) + if (USE_WOLFSSL) + add_definitions(-DUSE_WOLFSSL) + find_library(WOLFSSL_LIBRARY wolfssl REQUIRED) + set(CRYPTO_LIBRARIES ${WOLFSSL_LIBRARY}) + else() + find_package(OpenSSL REQUIRED) + set(CRYPTO_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY}) + endif() endif() -add_executable(${PROJECT_NAME} ${PROJECT_NAME}.c) target_link_libraries(${PROJECT_NAME} ${CRYPTO_LIBRARIES}) install(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION bin) diff --git a/package/utils/uencrypt/src/uencrypt-mbedtls.c b/package/utils/uencrypt/src/uencrypt-mbedtls.c new file mode 100644 index 0000000000..731beaad0f --- /dev/null +++ b/package/utils/uencrypt/src/uencrypt-mbedtls.c @@ -0,0 +1,212 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later + * Copyright (C) 2023 Eneas Ulir de Queiroz + */ + +#include +#include +#include +#include +#include +#include +#include + +int do_crypt(FILE *infile, FILE *outfile, const mbedtls_cipher_info_t *cipher_info, + const unsigned char *key, const unsigned char *iv, int enc, int padding) +{ + mbedtls_cipher_context_t ctx; + unsigned char inbuf[1024], outbuf[1024 + MBEDTLS_MAX_BLOCK_LENGTH]; + size_t inlen, outlen; + int ret = 0; + int step; + + mbedtls_cipher_init(&ctx); + if ((ret = mbedtls_cipher_setup(&ctx, cipher_info))) { + fprintf(stderr, "Error: mbedtls_cipher_setup: %d\n", ret); + goto out; + } + step = iv ? 1024 : mbedtls_cipher_get_block_size(&ctx); + if ((ret = mbedtls_cipher_setkey(&ctx, key, (int) mbedtls_cipher_get_key_bitlen(&ctx), + enc ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT))) { + fprintf(stderr, "Error: mbedtls_cipher_setkey: %d\n", ret); + goto out; + } + if (iv && (ret = mbedtls_cipher_set_iv(&ctx, iv, cipher_info->iv_size))) { + fprintf(stderr, "Error: mbedtls_cipher_set_iv: %d\n", ret); + goto out; + } + + if (cipher_info->block_size > 1) { + if (cipher_info->mode == MBEDTLS_MODE_CBC) { + if ((ret = mbedtls_cipher_set_padding_mode(&ctx, + padding ? MBEDTLS_PADDING_PKCS7 + : MBEDTLS_PADDING_NONE))) { + fprintf(stderr, "Error: mbedtls_cipher_set_padding_mode: %d\n", ret); + goto out; + } + } else { + if (cipher_info->mode != MBEDTLS_MODE_CBC && padding) { + fprintf(stderr, "Error: mbedTLS only supports padding with CBC ciphers.\n"); + goto out; + } + } + } + + if ((ret = mbedtls_cipher_reset(&ctx))) { + fprintf(stderr, "Error: mbedtls_cipher_reset: %d\n", ret); + goto out; + } + + for (;;) { + inlen = fread(inbuf, 1, step, infile); + if (inlen <= 0) + break; + if ((ret = mbedtls_cipher_update(&ctx, inbuf, inlen, outbuf, &outlen))) { + fprintf(stderr, "Error: mbedtls_cipher_update: %d\n", ret); + goto out; + } + fwrite(outbuf, 1, outlen, outfile); + } + if ((ret = mbedtls_cipher_finish(&ctx, outbuf, &outlen))) { + fprintf(stderr, "Error: mbedtls_cipher_finish: %d\n", ret); + goto out; + } + fwrite(outbuf, 1, outlen, outfile); + +out: + mbedtls_cipher_free(&ctx); + return ret; +} + +static void check_enc_dec(const int enc) +{ + if (enc == -1) + return; + fprintf(stderr, "Error: both -d and -e were specified.\n"); + exit(EXIT_FAILURE); +} + +static void check_cipher(const mbedtls_cipher_info_t *cipher_info) +{ + const int *list; + + if (cipher_info == NULL) { + fprintf(stderr, "Error: invalid cipher: %s.\n", optarg); + fprintf(stderr, "Supported ciphers: \n"); + for (list = mbedtls_cipher_list(); *list; list++) { + cipher_info = mbedtls_cipher_info_from_type(*list); + if (!cipher_info) + continue; + fprintf(stderr, "\t%s\n", cipher_info->name); + } + exit(EXIT_FAILURE); + } +} + +static void show_usage(const char* name) +{ + fprintf(stderr, "Usage: %s: [-d | -e] [-n] -k key [-i iv] [-c cipher]\n" + "-d = decrypt; -e = encrypt; -n = no padding\n", name); +} + +char *hexstr2buf(const char *str, size_t *len) +{ + char *buf; + size_t inlen = strlen(str); + + *len = 0; + if (inlen % 2) + return NULL; + + *len = inlen >> 1; + buf = malloc(*len); + for (size_t x = 0; x < *len; x++) + sscanf(str + x * 2, "%2hhx", buf + x); + return buf; +} + +static char* upperstr(char *str) { + for (char *s = str; *s; s++) + *s = toupper((unsigned char) *s); + return str; +} + +int main(int argc, char *argv[]) +{ + int enc = -1; + unsigned char *iv = NULL; + unsigned char *key = NULL; + size_t keylen = 0, ivlen = 0; + int opt; + int padding = 1; + const mbedtls_cipher_info_t *cipher_info = + mbedtls_cipher_info_from_type (MBEDTLS_CIPHER_AES_128_CBC); + int ret; + + while ((opt = getopt(argc, argv, "c:dei:k:n")) != -1) { + switch (opt) { + case 'c': + cipher_info = mbedtls_cipher_info_from_string(upperstr(optarg)); + check_cipher(cipher_info); + break; + case 'd': + check_enc_dec(enc); + enc = 0; + break; + case 'e': + check_enc_dec(enc); + enc = 1; + break; + case 'i': + iv = (unsigned char *) hexstr2buf((const char *)optarg, &ivlen); + if (iv == NULL) { + fprintf(stderr, "Error setting IV to %s. The IV should be encoded in hex.\n", + optarg); + exit(EINVAL); + } + break; + case 'k': + key = (unsigned char *) hexstr2buf((const char *)optarg, &keylen); + if (key == NULL) { + fprintf(stderr, "Error setting key to %s. The key should be encoded in hex.\n", + optarg); + exit(EINVAL); + } + break; + case 'n': + padding = 0; + break; + default: + show_usage(argv[0]); + exit(EINVAL); + } + } + if (cipher_info->iv_size) { + if (iv == NULL) { + fprintf(stderr, "Error: iv not set.\n"); + show_usage(argv[0]); + exit(EXIT_FAILURE); + } + if (ivlen != cipher_info->iv_size) { + fprintf(stderr, "Error: IV must be %d bytes; given IV is %zd bytes.\n", + cipher_info->iv_size, ivlen); + exit(EXIT_FAILURE); + } + } + if (key == NULL) { + fprintf(stderr, "Error: key not set.\n"); + show_usage(argv[0]); + exit(EXIT_FAILURE); + } + if (keylen != cipher_info->key_bitlen >> 3) { + fprintf(stderr, "Error: key must be %d bytes; given key is %zd bytes.\n", + cipher_info->key_bitlen >> 3, keylen); + exit(EXIT_FAILURE); + } + ret = do_crypt(stdin, stdout, cipher_info, key, iv, !!enc, padding); + if (iv) + memset(iv, 0, ivlen); + memset(key, 0, keylen); + free(iv); + free(key); + return ret; +} diff --git a/package/utils/uencrypt/src/uencrypt-openssl.c b/package/utils/uencrypt/src/uencrypt-openssl.c new file mode 100644 index 0000000000..ed09466443 --- /dev/null +++ b/package/utils/uencrypt/src/uencrypt-openssl.c @@ -0,0 +1,159 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later + * Copyright (C) 2022-2023 Eneas Ulir de Queiroz + */ + +#include +#include +#include +#include +#include + +#ifdef USE_WOLFSSL +# include +# include +#else +# include +#endif + +int do_crypt(FILE *infile, FILE *outfile, const EVP_CIPHER *cipher, const unsigned char *key, + const unsigned char *iv, int enc, int padding) +{ + EVP_CIPHER_CTX *ctx; + unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; + int inlen, outlen; + + ctx = EVP_CIPHER_CTX_new(); + EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); + EVP_CIPHER_CTX_set_padding(ctx, padding); + + for (;;) { + inlen = fread(inbuf, 1, 1024, infile); + if (inlen <= 0) + break; + if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) { + EVP_CIPHER_CTX_free(ctx); + return -1; + } + fwrite(outbuf, 1, outlen, outfile); + } + if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) { + EVP_CIPHER_CTX_free(ctx); + return -1; + } + fwrite(outbuf, 1, outlen, outfile); + + EVP_CIPHER_CTX_free(ctx); + return 0; +} + +static void check_enc_dec(const int enc) +{ + if (enc == -1) + return; + fprintf(stderr, "Error: both -d and -e were specified.\n"); + exit(EXIT_FAILURE); +} + +#ifndef USE_WOLFSSL +static void print_ciphers(const OBJ_NAME *name,void *arg) { + fprintf(arg, "\t%s\n", name->name); +} +#endif + +static void check_cipher(const EVP_CIPHER *cipher) +{ + if (cipher == NULL) { + fprintf(stderr, "Error: invalid cipher: %s.\n", optarg); +#ifndef USE_WOLFSSL + fprintf(stderr, "Supported ciphers: \n"); + OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, print_ciphers, stderr); +#endif + exit(EXIT_FAILURE); + } +} + +static void show_usage(const char* name) +{ + fprintf(stderr, "Usage: %s: [-d | -e] [-n] -k key [-i iv] [-c cipher]\n" + "-d = decrypt; -e = encrypt; -n = no padding\n", name); +} + +int main(int argc, char *argv[]) +{ + int enc = -1; + unsigned char *iv = NULL; + unsigned char *key = NULL; + long ivlen = 0, keylen = 0; + int cipher_ivlen, cipher_keylen; + int opt; + int padding = 1; + const EVP_CIPHER *cipher = EVP_aes_128_cbc(); + int ret; + + while ((opt = getopt(argc, argv, "c:dei:k:n")) != -1) { + switch (opt) { + case 'c': + cipher = EVP_get_cipherbyname(optarg); + check_cipher(cipher); + break; + case 'd': + check_enc_dec(enc); + enc = 0; + break; + case 'e': + check_enc_dec(enc); + enc = 1; + break; + case 'i': + iv = OPENSSL_hexstr2buf((const char *)optarg, &ivlen); + if (iv == NULL) { + fprintf(stderr, "Error setting IV to %s. The IV should be encoded in hex.\n", + optarg); + exit(EINVAL); + } + break; + case 'k': + key = OPENSSL_hexstr2buf((const char *)optarg, &keylen); + if (key == NULL) { + fprintf(stderr, "Error setting key to %s. The key should be encoded in hex.\n", + optarg); + exit(EINVAL); + } + break; + case 'n': + padding = 0; + break; + default: + show_usage(argv[0]); + exit(EINVAL); + } + } + if (key == NULL) { + fprintf(stderr, "Error: key not set.\n"); + show_usage(argv[0]); + exit(EXIT_FAILURE); + } + if ((cipher_keylen = EVP_CIPHER_key_length(cipher)) != keylen) { + fprintf(stderr, "Error: key must be %d bytes; given key is %ld bytes.\n", + cipher_keylen, keylen); + exit(EXIT_FAILURE); + } + if ((cipher_ivlen = EVP_CIPHER_iv_length(cipher))) { + if (iv == NULL) { + fprintf(stderr, "Error: IV not set.\n"); + show_usage(argv[0]); + exit(EXIT_FAILURE); + } + if (cipher_ivlen != ivlen) { + fprintf(stderr, "Error: IV must be %d bytes; given IV is %ld bytes.\n", + cipher_ivlen, ivlen); + exit(EXIT_FAILURE); + } + } + ret = do_crypt(stdin, stdout, cipher, key, iv, !!enc, padding); + if (ret) + fprintf(stderr, "Error during crypt operation.\n"); + OPENSSL_free(iv); + OPENSSL_free(key); + return ret; +} diff --git a/package/utils/uencrypt/src/uencrypt.c b/package/utils/uencrypt/src/uencrypt.c deleted file mode 100644 index ab9a202cec..0000000000 --- a/package/utils/uencrypt/src/uencrypt.c +++ /dev/null @@ -1,150 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-or-later - * Copyright (C) 2022 Eneas Ulir de Queiroz - */ - -#include -#include -#include -#include -#include - -#ifdef USE_WOLFSSL -# include -# include -#else -# include -#endif - -int do_crypt(FILE *infile, FILE *outfile, const EVP_CIPHER *cipher, const char *key, const char *iv, - int enc, int padding) -{ - EVP_CIPHER_CTX *ctx; - unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; - int inlen, outlen; - - ctx = EVP_CIPHER_CTX_new(); - EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); - EVP_CIPHER_CTX_set_padding(ctx, padding); - - for (;;) { - inlen = fread(inbuf, 1, 1024, infile); - if (inlen <= 0) - break; - if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, inlen)) { - EVP_CIPHER_CTX_free(ctx); - return -1; - } - fwrite(outbuf, 1, outlen, outfile); - } - if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) { - EVP_CIPHER_CTX_free(ctx); - return -1; - } - fwrite(outbuf, 1, outlen, outfile); - - EVP_CIPHER_CTX_free(ctx); - return 0; -} - -static void check_enc_dec(const int enc) -{ - if (enc == -1) - return; - fprintf(stderr, "Error: both -d and -e were specified.\n"); - exit(EXIT_FAILURE); -} - -#ifndef USE_WOLFSSL -static void print_ciphers(const OBJ_NAME *name,void *arg) { - fprintf(arg, "\t%s\n", name->name); -} -#endif - -static void check_cipher(const EVP_CIPHER *cipher) -{ - if (cipher == NULL) { - fprintf(stderr, "Error: invalid cipher: %s.\n", optarg); -#ifndef USE_WOLFSSL - fprintf(stderr, "Supported ciphers: \n", optarg); - OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, print_ciphers, stderr); -#endif - exit(EXIT_FAILURE); - } -} - -static void show_usage(const char* name) -{ - fprintf(stderr, "Usage: %s: [-d | -e] [-n] -k key [-i iv] [-c cipher]\n" - "-d = decrypt; -e = encrypt; -n = no padding\n", name); -} - -int main(int argc, char *argv[]) -{ - int enc = -1; - unsigned char *iv = NULL; - unsigned char *key = NULL; - long len; - int opt; - int padding = 1; - int need_iv = 1; - const EVP_CIPHER *cipher = EVP_aes_128_cbc(); - int ret; - - while ((opt = getopt(argc, argv, "c:dei:k:n")) != -1) { - switch (opt) { - case 'c': - cipher = EVP_get_cipherbyname(optarg); - check_cipher(cipher); - int arglen = strlen(optarg); - if (arglen > 3 && strncmp(optarg+arglen-3, "ecb", 3) == 0) //if ends with "ecb" - need_iv = 0; - break; - case 'd': - check_enc_dec(enc); - enc = 0; - break; - case 'e': - check_enc_dec(enc); - enc = 1; - break; - case 'i': - iv = OPENSSL_hexstr2buf((const char *)optarg, &len); - if (iv == NULL) { - fprintf(stderr, "Error setting IV to %s. The IV should be encoded in hex.\n", - optarg); - exit(EINVAL); - } - break; - case 'k': - key = OPENSSL_hexstr2buf((const char *)optarg, &len); - if (key == NULL) { - fprintf(stderr, "Error setting key to %s. The key should be encoded in hex.\n", - optarg); - exit(EINVAL); - } - break; - case 'n': - padding = 0; - break; - default: - show_usage(argv[0]); - exit(EINVAL); - } - } - if (need_iv && iv == NULL) { - fprintf(stderr, "Error: iv not set.\n"); - show_usage(argv[0]); - exit(EXIT_FAILURE); - } - if (key == NULL) { - fprintf(stderr, "Error: key not set.\n"); - show_usage(argv[0]); - exit(EXIT_FAILURE); - } - ret = do_crypt(stdin, stdout, cipher, key, iv, !!enc, padding); - if (ret) - fprintf(stderr, "Error during crypt operation.\n"); - OPENSSL_free(iv); - OPENSSL_free(key); - return ret; -} diff --git a/target/linux/ath79/image/generic-tp-link.mk b/target/linux/ath79/image/generic-tp-link.mk index 314ece1e03..8336189293 100644 --- a/target/linux/ath79/image/generic-tp-link.mk +++ b/target/linux/ath79/image/generic-tp-link.mk @@ -509,7 +509,7 @@ define Device/tplink_deco-s4-v2 IMAGE_SIZE := 13824k DEVICE_MODEL := Deco S4 DEVICE_VARIANT := v2 - DEVICE_PACKAGES := kmod-ath10k-ct ath10k-firmware-qca9888-ct uencrypt + DEVICE_PACKAGES := kmod-ath10k-ct ath10k-firmware-qca9888-ct uencrypt-mbedtls SUPPORTED_DEVICES += deco-s4-v2 TPLINK_BOARD_ID := DECO-S4-V2 endef diff --git a/target/linux/ramips/image/mt7621.mk b/target/linux/ramips/image/mt7621.mk index 90b8bba2a5..07e63a5cf1 100644 --- a/target/linux/ramips/image/mt7621.mk +++ b/target/linux/ramips/image/mt7621.mk @@ -379,7 +379,7 @@ define Device/beeline_smartbox-flash IMAGES += factory.trx IMAGE/factory.trx := append-kernel | append-ubi | check-size IMAGE/sysupgrade.bin := sysupgrade-tar | append-metadata - DEVICE_PACKAGES := kmod-usb3 kmod-mt7615-firmware uencrypt + DEVICE_PACKAGES := kmod-usb3 kmod-mt7615-firmware uencrypt-mbedtls endef TARGET_DEVICES += beeline_smartbox-flash @@ -1587,7 +1587,7 @@ define Device/mts_wg430223 IMAGES += factory.trx IMAGE/factory.trx := append-kernel | append-ubi | check-size IMAGE/sysupgrade.bin := sysupgrade-tar | append-metadata - DEVICE_PACKAGES := kmod-mt7615-firmware uencrypt + DEVICE_PACKAGES := kmod-mt7615-firmware uencrypt-mbedtls endef TARGET_DEVICES += mts_wg430223