From c6831c74a9e9dbedc351de94d23d35188ae1a39b Mon Sep 17 00:00:00 2001 From: Tom Rini Date: Tue, 14 Nov 2017 08:39:35 -0500 Subject: env: Remove CONFIG_ENV_AES support This support has been deprecated since v2017.09 due to security issues. We now remove this support. Signed-off-by: Tom Rini --- tools/env/Makefile | 2 +- tools/env/aes.c | 1 - tools/env/fw_env.c | 79 ------------------------------------------------- tools/env/fw_env.h | 5 ---- tools/env/fw_env_main.c | 14 --------- 5 files changed, 1 insertion(+), 100 deletions(-) delete mode 100644 tools/env/aes.c (limited to 'tools/env') diff --git a/tools/env/Makefile b/tools/env/Makefile index 95b28c0b3a3..95a03c98e75 100644 --- a/tools/env/Makefile +++ b/tools/env/Makefile @@ -25,7 +25,7 @@ hostprogs-y := fw_printenv lib-y += fw_env.o \ crc32.o ctype.o linux_string.o \ - env_attr.o env_flags.o aes.o + env_attr.o env_flags.o fw_printenv-objs := fw_env_main.o $(lib-y) diff --git a/tools/env/aes.c b/tools/env/aes.c deleted file mode 100644 index 9e42679e343..00000000000 --- a/tools/env/aes.c +++ /dev/null @@ -1 +0,0 @@ -#include "../../lib/aes.c" diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c index ab06415898c..963a6152a50 100644 --- a/tools/env/fw_env.c +++ b/tools/env/fw_env.c @@ -111,8 +111,6 @@ static struct environment environment = { .flag_scheme = FLAG_NONE, }; -static int env_aes_cbc_crypt(char *data, const int enc, uint8_t *key); - static int HaveRedundEnv = 0; static unsigned char active_flag = 1; @@ -217,34 +215,6 @@ char *fw_getdefenv(char *name) return NULL; } -int parse_aes_key(char *key, uint8_t *bin_key) -{ - char tmp[5] = { '0', 'x', 0, 0, 0 }; - unsigned long ul; - int i; - - if (strnlen(key, 64) != 32) { - fprintf(stderr, - "## Error: '-a' option requires 16-byte AES key\n"); - return -1; - } - - for (i = 0; i < 16; i++) { - tmp[2] = key[0]; - tmp[3] = key[1]; - errno = 0; - ul = strtoul(tmp, NULL, 16); - if (errno) { - fprintf(stderr, - "## Error: '-a' option requires valid AES key\n"); - return -1; - } - bin_key[i] = ul & 0xff; - key += 2; - } - return 0; -} - /* * Print the current definition of one, or more, or all * environment variables @@ -313,16 +283,6 @@ int fw_env_flush(struct env_opts *opts) if (!opts) opts = &default_opts; - if (opts->aes_flag) { - ret = env_aes_cbc_crypt(environment.data, 1, - opts->aes_key); - if (ret) { - fprintf(stderr, - "Error: can't encrypt env for flash\n"); - return ret; - } - } - /* * Update CRC */ @@ -976,28 +936,6 @@ static int flash_flag_obsolete (int dev, int fd, off_t offset) return rc; } -/* Encrypt or decrypt the environment before writing or reading it. */ -static int env_aes_cbc_crypt(char *payload, const int enc, uint8_t *key) -{ - uint8_t *data = (uint8_t *)payload; - const int len = usable_envsize; - uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; - uint32_t aes_blocks; - - /* First we expand the key. */ - aes_expand_key(key, key_exp); - - /* Calculate the number of AES blocks to encrypt. */ - aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH); - - if (enc) - aes_cbc_encrypt_blocks(key_exp, data, data, aes_blocks); - else - aes_cbc_decrypt_blocks(key_exp, data, data, aes_blocks); - - return 0; -} - static int flash_write (int fd_current, int fd_target, int dev_target) { int rc; @@ -1182,13 +1120,6 @@ int fw_env_open(struct env_opts *opts) crc0 = crc32 (0, (uint8_t *) environment.data, ENV_SIZE); - if (opts->aes_flag) { - ret = env_aes_cbc_crypt(environment.data, 0, - opts->aes_key); - if (ret) - goto open_cleanup; - } - crc0_ok = (crc0 == *environment.crc); if (!HaveRedundEnv) { if (!crc0_ok) { @@ -1244,13 +1175,6 @@ int fw_env_open(struct env_opts *opts) crc1 = crc32 (0, (uint8_t *) redundant->data, ENV_SIZE); - if (opts->aes_flag) { - ret = env_aes_cbc_crypt(redundant->data, 0, - opts->aes_key); - if (ret) - goto open_cleanup; - } - crc1_ok = (crc1 == redundant->crc); flag1 = redundant->flags; @@ -1498,9 +1422,6 @@ static int parse_config(struct env_opts *opts) if (HaveRedundEnv) usable_envsize -= sizeof(char); - if (opts->aes_flag) - usable_envsize &= ~(AES_KEY_LENGTH - 1); - return 0; } diff --git a/tools/env/fw_env.h b/tools/env/fw_env.h index 2d37eb50530..b86ca78ba27 100644 --- a/tools/env/fw_env.h +++ b/tools/env/fw_env.h @@ -6,7 +6,6 @@ */ #include -#include /* * Programs using the library must check which API is available, @@ -19,13 +18,9 @@ struct env_opts { #ifdef CONFIG_FILE char *config_file; #endif - int aes_flag; /* Is AES encryption used? */ - uint8_t aes_key[AES_KEY_LENGTH]; char *lockname; }; -int parse_aes_key(char *key, uint8_t *bin_key); - /** * fw_printenv() - print one or several environment variables * diff --git a/tools/env/fw_env_main.c b/tools/env/fw_env_main.c index 0b9063742ce..6fdf41c8760 100644 --- a/tools/env/fw_env_main.c +++ b/tools/env/fw_env_main.c @@ -43,7 +43,6 @@ static int do_printenv; static struct option long_options[] = { - {"aes", required_argument, NULL, 'a'}, {"config", required_argument, NULL, 'c'}, {"help", no_argument, NULL, 'h'}, {"script", required_argument, NULL, 's'}, @@ -70,9 +69,6 @@ void usage_printenv(void) "\n" " -h, --help print this help.\n" " -v, --version display version\n" -#ifdef CONFIG_ENV_AES - " -a, --aes aes key to access environment\n" -#endif #ifdef CONFIG_FILE " -c, --config configuration file, default:" CONFIG_FILE "\n" #endif @@ -89,9 +85,6 @@ void usage_env_set(void) "\n" " -h, --help print this help.\n" " -v, --version display version\n" -#ifdef CONFIG_ENV_AES - " -a, --aes aes key to access environment\n" -#endif #ifdef CONFIG_FILE " -c, --config configuration file, default:" CONFIG_FILE "\n" #endif @@ -130,13 +123,6 @@ static void parse_common_args(int argc, char *argv[]) while ((c = getopt_long(argc, argv, ":a:c:l:h:v", long_options, NULL)) != EOF) { switch (c) { - case 'a': - if (parse_aes_key(optarg, env_opts.aes_key)) { - fprintf(stderr, "AES key parse error\n"); - exit(EXIT_FAILURE); - } - env_opts.aes_flag = 1; - break; #ifdef CONFIG_FILE case 'c': env_opts.config_file = optarg; -- cgit v1.2.3