env: Remove CONFIG_ENV_AES support

This support has been deprecated since v2017.09 due to security issues.
We now remove this support.

Signed-off-by: Tom Rini <trini@konsulko.com>

8 files changed, 2 insertions, 180 deletions

diff --git a/env/Kconfig b/env/Kconfig
index 8c9d800f48..2477bf8530 100644
--- a/env/Kconfig
+++ b/env/Kconfig
@@ -360,14 +360,6 @@ config ENV_IS_IN_UBI
 
 endchoice
 
-config ENV_AES
-	bool "AES-128 encryption for stored environment (DEPRECATED)"
-	help
-	  Enable this to have the on-device stored environment be encrypted
-	  with AES-128.  The implementation here however has security
-	  complications and is not recommended for use.  Please see
-	  CVE-2017-3225 and CVE-2017-3226 for more details.
-
 config ENV_FAT_INTERFACE
 	string "Name of the block device for the environment"
 	depends on ENV_IS_IN_FAT
diff --git a/env/common.c b/env/common.c
index 70715bb6e7..8167ea2992 100644
--- a/env/common.c
+++ b/env/common.c
@@ -103,52 +103,6 @@ int set_default_vars(int nvars, char * const vars[])
 				H_NOCLEAR | H_INTERACTIVE, 0, nvars, vars);
 }
 
-#ifdef CONFIG_ENV_AES
-#include <uboot_aes.h>
-/**
- * env_aes_cbc_get_key() - Get AES-128-CBC key for the environment
- *
- * This function shall return 16-byte array containing AES-128 key used
- * to encrypt and decrypt the environment. This function must be overridden
- * by the implementer as otherwise the environment encryption will not
- * work.
- */
-__weak uint8_t *env_aes_cbc_get_key(void)
-{
-	return NULL;
-}
-
-static int env_aes_cbc_crypt(env_t *env, const int enc)
-{
-	unsigned char *data = env->data;
-	uint8_t *key;
-	uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
-	uint32_t aes_blocks;
-
-	key = env_aes_cbc_get_key();
-	if (!key)
-		return -EINVAL;
-
-	/* First we expand the key. */
-	aes_expand_key(key, key_exp);
-
-	/* Calculate the number of AES blocks to encrypt. */
-	aes_blocks = ENV_SIZE / AES_KEY_LENGTH;
-
-	if (enc)
-		aes_cbc_encrypt_blocks(key_exp, data, data, aes_blocks);
-	else
-		aes_cbc_decrypt_blocks(key_exp, data, data, aes_blocks);
-
-	return 0;
-}
-#else
-static inline int env_aes_cbc_crypt(env_t *env, const int enc)
-{
-	return 0;
-}
-#endif
-
 /*
  * Check if CRC is valid and (if yes) import the environment.
  * Note that "buf" may or may not be aligned.
@@ -156,7 +110,6 @@ static inline int env_aes_cbc_crypt(env_t *env, const int enc)
 int env_import(const char *buf, int check)
 {
 	env_t *ep = (env_t *)buf;
-	int ret;
 
 	if (check) {
 		uint32_t crc;
@@ -169,14 +122,6 @@ int env_import(const char *buf, int check)
 		}
 	}
 
-	/* Decrypt the env if desired. */
-	ret = env_aes_cbc_crypt(ep, 0);
-	if (ret) {
-		pr_err("Failed to decrypt env!\n");
-		set_default_env("!import failed");
-		return ret;
-	}
-
 	if (himport_r(&env_htab, (char *)ep->data, ENV_SIZE, '\0', 0, 0,
 			0, NULL)) {
 		gd->flags |= GD_FLG_ENV_READY;
@@ -242,7 +187,6 @@ int env_export(env_t *env_out)
 {
 	char *res;
 	ssize_t	len;
-	int ret;
 
 	res = (char *)env_out->data;
 	len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
@@ -251,11 +195,6 @@ int env_export(env_t *env_out)
 		return 1;
 	}
 
-	/* Encrypt the env if desired. */
-	ret = env_aes_cbc_crypt(env_out, 1);
-	if (ret)
-		return ret;
-
 	env_out->crc = crc32(0, env_out->data, ENV_SIZE);
 
 #ifdef CONFIG_SYS_REDUNDAND_ENVIRONMENT
diff --git a/include/environment.h b/include/environment.h
index 7b98216389..d29f82cb5d 100644
--- a/include/environment.h
+++ b/include/environment.h
@@ -143,12 +143,7 @@ extern unsigned long nand_env_oob_offset;
 # define ENV_HEADER_SIZE	(sizeof(uint32_t))
 #endif
 
-#ifdef CONFIG_ENV_AES
-/* Make sure the payload is multiple of AES block size */
-#define ENV_SIZE ((CONFIG_ENV_SIZE - ENV_HEADER_SIZE) & ~(16 - 1))
-#else
 #define ENV_SIZE (CONFIG_ENV_SIZE - ENV_HEADER_SIZE)
-#endif
 
 typedef struct environment_s {
 	uint32_t	crc;		/* CRC32 over data bytes	*/
@@ -156,12 +151,7 @@ typedef struct environment_s {
 	unsigned char	flags;		/* active/obsolete flags	*/
 #endif
 	unsigned char	data[ENV_SIZE]; /* Environment data		*/
-} env_t
-#ifdef CONFIG_ENV_AES
-/* Make sure the env is aligned to block size. */
-__attribute__((aligned(16)))
-#endif
-;
+} env_t;
 
 #ifdef ENV_IS_EMBEDDED
 extern env_t environment;
diff --git a/tools/env/Makefile b/tools/env/Makefile
index 95b28c0b3a..95a03c98e7 100644
--- a/tools/env/Makefile
+++ b/tools/env/Makefile
@@ -25,7 +25,7 @@ hostprogs-y := fw_printenv
 
 lib-y += fw_env.o \
 	crc32.o ctype.o linux_string.o \
-	env_attr.o env_flags.o aes.o
+	env_attr.o env_flags.o
 
 fw_printenv-objs := fw_env_main.o $(lib-y)
 
diff --git a/tools/env/aes.c b/tools/env/aes.c
deleted file mode 100644
index 9e42679e34..0000000000
--- a/tools/env/aes.c
+++ /dev/null
@@ -1 +0,0 @@
-#include "../../lib/aes.c"
diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c
index ab06415898..963a6152a5 100644
--- a/tools/env/fw_env.c
+++ b/tools/env/fw_env.c
@@ -111,8 +111,6 @@ static struct environment environment = {
 	.flag_scheme = FLAG_NONE,
 };
 
-static int env_aes_cbc_crypt(char *data, const int enc, uint8_t *key);
-
 static int HaveRedundEnv = 0;
 
 static unsigned char active_flag = 1;
@@ -217,34 +215,6 @@ char *fw_getdefenv(char *name)
 	return NULL;
 }
 
-int parse_aes_key(char *key, uint8_t *bin_key)
-{
-	char tmp[5] = { '0', 'x', 0, 0, 0 };
-	unsigned long ul;
-	int i;
-
-	if (strnlen(key, 64) != 32) {
-		fprintf(stderr,
-			"## Error: '-a' option requires 16-byte AES key\n");
-		return -1;
-	}
-
-	for (i = 0; i < 16; i++) {
-		tmp[2] = key[0];
-		tmp[3] = key[1];
-		errno = 0;
-		ul = strtoul(tmp, NULL, 16);
-		if (errno) {
-			fprintf(stderr,
-				"## Error: '-a' option requires valid AES key\n");
-			return -1;
-		}
-		bin_key[i] = ul & 0xff;
-		key += 2;
-	}
-	return 0;
-}
-
 /*
  * Print the current definition of one, or more, or all
  * environment variables
@@ -313,16 +283,6 @@ int fw_env_flush(struct env_opts *opts)
 	if (!opts)
 		opts = &default_opts;
 
-	if (opts->aes_flag) {
-		ret = env_aes_cbc_crypt(environment.data, 1,
-					opts->aes_key);
-		if (ret) {
-			fprintf(stderr,
-				"Error: can't encrypt env for flash\n");
-			return ret;
-		}
-	}
-
 	/*
 	 * Update CRC
 	 */
@@ -976,28 +936,6 @@ static int flash_flag_obsolete (int dev, int fd, off_t offset)
 	return rc;
 }
 
-/* Encrypt or decrypt the environment before writing or reading it. */
-static int env_aes_cbc_crypt(char *payload, const int enc, uint8_t *key)
-{
-	uint8_t *data = (uint8_t *)payload;
-	const int len = usable_envsize;
-	uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
-	uint32_t aes_blocks;
-
-	/* First we expand the key. */
-	aes_expand_key(key, key_exp);
-
-	/* Calculate the number of AES blocks to encrypt. */
-	aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
-
-	if (enc)
-		aes_cbc_encrypt_blocks(key_exp, data, data, aes_blocks);
-	else
-		aes_cbc_decrypt_blocks(key_exp, data, data, aes_blocks);
-
-	return 0;
-}
-
 static int flash_write (int fd_current, int fd_target, int dev_target)
 {
 	int rc;
@@ -1182,13 +1120,6 @@ int fw_env_open(struct env_opts *opts)
 
 	crc0 = crc32 (0, (uint8_t *) environment.data, ENV_SIZE);
 
-	if (opts->aes_flag) {
-		ret = env_aes_cbc_crypt(environment.data, 0,
-					opts->aes_key);
-		if (ret)
-			goto open_cleanup;
-	}
-
 	crc0_ok = (crc0 == *environment.crc);
 	if (!HaveRedundEnv) {
 		if (!crc0_ok) {
@@ -1244,13 +1175,6 @@ int fw_env_open(struct env_opts *opts)
 
 		crc1 = crc32 (0, (uint8_t *) redundant->data, ENV_SIZE);
 
-		if (opts->aes_flag) {
-			ret = env_aes_cbc_crypt(redundant->data, 0,
-						opts->aes_key);
-			if (ret)
-				goto open_cleanup;
-		}
-
 		crc1_ok = (crc1 == redundant->crc);
 		flag1 = redundant->flags;
 
@@ -1498,9 +1422,6 @@ static int parse_config(struct env_opts *opts)
 	if (HaveRedundEnv)
 		usable_envsize -= sizeof(char);
 
-	if (opts->aes_flag)
-		usable_envsize &= ~(AES_KEY_LENGTH - 1);
-
 	return 0;
 }
 
diff --git a/tools/env/fw_env.h b/tools/env/fw_env.h
index 2d37eb5053..b86ca78ba2 100644
--- a/tools/env/fw_env.h
+++ b/tools/env/fw_env.h
@@ -6,7 +6,6 @@
  */
 
 #include <stdint.h>
-#include <uboot_aes.h>
 
 /*
  * Programs using the library must check which API is available,
@@ -19,13 +18,9 @@ struct env_opts {
 #ifdef CONFIG_FILE
 	char *config_file;
 #endif
-	int aes_flag; /* Is AES encryption used? */
-	uint8_t aes_key[AES_KEY_LENGTH];
 	char *lockname;
 };
 
-int parse_aes_key(char *key, uint8_t *bin_key);
-
 /**
  * fw_printenv() - print one or several environment variables
  *
diff --git a/tools/env/fw_env_main.c b/tools/env/fw_env_main.c
index 0b9063742c..6fdf41c876 100644
--- a/tools/env/fw_env_main.c
+++ b/tools/env/fw_env_main.c
@@ -43,7 +43,6 @@
 static int do_printenv;
 
 static struct option long_options[] = {
-	{"aes", required_argument, NULL, 'a'},
 	{"config", required_argument, NULL, 'c'},
 	{"help", no_argument, NULL, 'h'},
 	{"script", required_argument, NULL, 's'},
@@ -70,9 +69,6 @@ void usage_printenv(void)
 		"\n"
 		" -h, --help           print this help.\n"
 		" -v, --version        display version\n"
-#ifdef CONFIG_ENV_AES
-		" -a, --aes            aes key to access environment\n"
-#endif
 #ifdef CONFIG_FILE
 		" -c, --config         configuration file, default:" CONFIG_FILE "\n"
 #endif
@@ -89,9 +85,6 @@ void usage_env_set(void)
 		"\n"
 		" -h, --help           print this help.\n"
 		" -v, --version        display version\n"
-#ifdef CONFIG_ENV_AES
-		" -a, --aes            aes key to access environment\n"
-#endif
 #ifdef CONFIG_FILE
 		" -c, --config         configuration file, default:" CONFIG_FILE "\n"
 #endif
@@ -130,13 +123,6 @@ static void parse_common_args(int argc, char *argv[])
 	while ((c = getopt_long(argc, argv, ":a:c:l:h:v", long_options, NULL)) !=
 	       EOF) {
 		switch (c) {
-		case 'a':
-			if (parse_aes_key(optarg, env_opts.aes_key)) {
-				fprintf(stderr, "AES key parse error\n");
-				exit(EXIT_FAILURE);
-			}
-			env_opts.aes_flag = 1;
-			break;
 #ifdef CONFIG_FILE
 		case 'c':
 			env_opts.config_file = optarg;