Commit c6831c74a9e9dbedc351de94d23d35188ae1a39b
1 parent
042de609ed
Exists in
smarc_8mq_lf_v2020.04
and in
17 other branches
env: Remove CONFIG_ENV_AES support
This support has been deprecated since v2017.09 due to security issues. We now remove this support. Signed-off-by: Tom Rini <trini@konsulko.com>
Showing 8 changed files with 2 additions and 180 deletions Side-by-side Diff
env/Kconfig
... | ... | @@ -360,14 +360,6 @@ |
360 | 360 | |
361 | 361 | endchoice |
362 | 362 | |
363 | -config ENV_AES | |
364 | - bool "AES-128 encryption for stored environment (DEPRECATED)" | |
365 | - help | |
366 | - Enable this to have the on-device stored environment be encrypted | |
367 | - with AES-128. The implementation here however has security | |
368 | - complications and is not recommended for use. Please see | |
369 | - CVE-2017-3225 and CVE-2017-3226 for more details. | |
370 | - | |
371 | 363 | config ENV_FAT_INTERFACE |
372 | 364 | string "Name of the block device for the environment" |
373 | 365 | depends on ENV_IS_IN_FAT |
env/common.c
... | ... | @@ -103,52 +103,6 @@ |
103 | 103 | H_NOCLEAR | H_INTERACTIVE, 0, nvars, vars); |
104 | 104 | } |
105 | 105 | |
106 | -#ifdef CONFIG_ENV_AES | |
107 | -#include <uboot_aes.h> | |
108 | -/** | |
109 | - * env_aes_cbc_get_key() - Get AES-128-CBC key for the environment | |
110 | - * | |
111 | - * This function shall return 16-byte array containing AES-128 key used | |
112 | - * to encrypt and decrypt the environment. This function must be overridden | |
113 | - * by the implementer as otherwise the environment encryption will not | |
114 | - * work. | |
115 | - */ | |
116 | -__weak uint8_t *env_aes_cbc_get_key(void) | |
117 | -{ | |
118 | - return NULL; | |
119 | -} | |
120 | - | |
121 | -static int env_aes_cbc_crypt(env_t *env, const int enc) | |
122 | -{ | |
123 | - unsigned char *data = env->data; | |
124 | - uint8_t *key; | |
125 | - uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; | |
126 | - uint32_t aes_blocks; | |
127 | - | |
128 | - key = env_aes_cbc_get_key(); | |
129 | - if (!key) | |
130 | - return -EINVAL; | |
131 | - | |
132 | - /* First we expand the key. */ | |
133 | - aes_expand_key(key, key_exp); | |
134 | - | |
135 | - /* Calculate the number of AES blocks to encrypt. */ | |
136 | - aes_blocks = ENV_SIZE / AES_KEY_LENGTH; | |
137 | - | |
138 | - if (enc) | |
139 | - aes_cbc_encrypt_blocks(key_exp, data, data, aes_blocks); | |
140 | - else | |
141 | - aes_cbc_decrypt_blocks(key_exp, data, data, aes_blocks); | |
142 | - | |
143 | - return 0; | |
144 | -} | |
145 | -#else | |
146 | -static inline int env_aes_cbc_crypt(env_t *env, const int enc) | |
147 | -{ | |
148 | - return 0; | |
149 | -} | |
150 | -#endif | |
151 | - | |
152 | 106 | /* |
153 | 107 | * Check if CRC is valid and (if yes) import the environment. |
154 | 108 | * Note that "buf" may or may not be aligned. |
... | ... | @@ -156,7 +110,6 @@ |
156 | 110 | int env_import(const char *buf, int check) |
157 | 111 | { |
158 | 112 | env_t *ep = (env_t *)buf; |
159 | - int ret; | |
160 | 113 | |
161 | 114 | if (check) { |
162 | 115 | uint32_t crc; |
... | ... | @@ -169,14 +122,6 @@ |
169 | 122 | } |
170 | 123 | } |
171 | 124 | |
172 | - /* Decrypt the env if desired. */ | |
173 | - ret = env_aes_cbc_crypt(ep, 0); | |
174 | - if (ret) { | |
175 | - pr_err("Failed to decrypt env!\n"); | |
176 | - set_default_env("!import failed"); | |
177 | - return ret; | |
178 | - } | |
179 | - | |
180 | 125 | if (himport_r(&env_htab, (char *)ep->data, ENV_SIZE, '\0', 0, 0, |
181 | 126 | 0, NULL)) { |
182 | 127 | gd->flags |= GD_FLG_ENV_READY; |
... | ... | @@ -242,7 +187,6 @@ |
242 | 187 | { |
243 | 188 | char *res; |
244 | 189 | ssize_t len; |
245 | - int ret; | |
246 | 190 | |
247 | 191 | res = (char *)env_out->data; |
248 | 192 | len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); |
... | ... | @@ -250,11 +194,6 @@ |
250 | 194 | pr_err("Cannot export environment: errno = %d\n", errno); |
251 | 195 | return 1; |
252 | 196 | } |
253 | - | |
254 | - /* Encrypt the env if desired. */ | |
255 | - ret = env_aes_cbc_crypt(env_out, 1); | |
256 | - if (ret) | |
257 | - return ret; | |
258 | 197 | |
259 | 198 | env_out->crc = crc32(0, env_out->data, ENV_SIZE); |
260 | 199 |
include/environment.h
... | ... | @@ -143,12 +143,7 @@ |
143 | 143 | # define ENV_HEADER_SIZE (sizeof(uint32_t)) |
144 | 144 | #endif |
145 | 145 | |
146 | -#ifdef CONFIG_ENV_AES | |
147 | -/* Make sure the payload is multiple of AES block size */ | |
148 | -#define ENV_SIZE ((CONFIG_ENV_SIZE - ENV_HEADER_SIZE) & ~(16 - 1)) | |
149 | -#else | |
150 | 146 | #define ENV_SIZE (CONFIG_ENV_SIZE - ENV_HEADER_SIZE) |
151 | -#endif | |
152 | 147 | |
153 | 148 | typedef struct environment_s { |
154 | 149 | uint32_t crc; /* CRC32 over data bytes */ |
... | ... | @@ -156,12 +151,7 @@ |
156 | 151 | unsigned char flags; /* active/obsolete flags */ |
157 | 152 | #endif |
158 | 153 | unsigned char data[ENV_SIZE]; /* Environment data */ |
159 | -} env_t | |
160 | -#ifdef CONFIG_ENV_AES | |
161 | -/* Make sure the env is aligned to block size. */ | |
162 | -__attribute__((aligned(16))) | |
163 | -#endif | |
164 | -; | |
154 | +} env_t; | |
165 | 155 | |
166 | 156 | #ifdef ENV_IS_EMBEDDED |
167 | 157 | extern env_t environment; |
tools/env/Makefile
tools/env/aes.c
1 | -#include "../../lib/aes.c" |
tools/env/fw_env.c
... | ... | @@ -111,8 +111,6 @@ |
111 | 111 | .flag_scheme = FLAG_NONE, |
112 | 112 | }; |
113 | 113 | |
114 | -static int env_aes_cbc_crypt(char *data, const int enc, uint8_t *key); | |
115 | - | |
116 | 114 | static int HaveRedundEnv = 0; |
117 | 115 | |
118 | 116 | static unsigned char active_flag = 1; |
... | ... | @@ -217,34 +215,6 @@ |
217 | 215 | return NULL; |
218 | 216 | } |
219 | 217 | |
220 | -int parse_aes_key(char *key, uint8_t *bin_key) | |
221 | -{ | |
222 | - char tmp[5] = { '0', 'x', 0, 0, 0 }; | |
223 | - unsigned long ul; | |
224 | - int i; | |
225 | - | |
226 | - if (strnlen(key, 64) != 32) { | |
227 | - fprintf(stderr, | |
228 | - "## Error: '-a' option requires 16-byte AES key\n"); | |
229 | - return -1; | |
230 | - } | |
231 | - | |
232 | - for (i = 0; i < 16; i++) { | |
233 | - tmp[2] = key[0]; | |
234 | - tmp[3] = key[1]; | |
235 | - errno = 0; | |
236 | - ul = strtoul(tmp, NULL, 16); | |
237 | - if (errno) { | |
238 | - fprintf(stderr, | |
239 | - "## Error: '-a' option requires valid AES key\n"); | |
240 | - return -1; | |
241 | - } | |
242 | - bin_key[i] = ul & 0xff; | |
243 | - key += 2; | |
244 | - } | |
245 | - return 0; | |
246 | -} | |
247 | - | |
248 | 218 | /* |
249 | 219 | * Print the current definition of one, or more, or all |
250 | 220 | * environment variables |
... | ... | @@ -313,16 +283,6 @@ |
313 | 283 | if (!opts) |
314 | 284 | opts = &default_opts; |
315 | 285 | |
316 | - if (opts->aes_flag) { | |
317 | - ret = env_aes_cbc_crypt(environment.data, 1, | |
318 | - opts->aes_key); | |
319 | - if (ret) { | |
320 | - fprintf(stderr, | |
321 | - "Error: can't encrypt env for flash\n"); | |
322 | - return ret; | |
323 | - } | |
324 | - } | |
325 | - | |
326 | 286 | /* |
327 | 287 | * Update CRC |
328 | 288 | */ |
... | ... | @@ -976,28 +936,6 @@ |
976 | 936 | return rc; |
977 | 937 | } |
978 | 938 | |
979 | -/* Encrypt or decrypt the environment before writing or reading it. */ | |
980 | -static int env_aes_cbc_crypt(char *payload, const int enc, uint8_t *key) | |
981 | -{ | |
982 | - uint8_t *data = (uint8_t *)payload; | |
983 | - const int len = usable_envsize; | |
984 | - uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; | |
985 | - uint32_t aes_blocks; | |
986 | - | |
987 | - /* First we expand the key. */ | |
988 | - aes_expand_key(key, key_exp); | |
989 | - | |
990 | - /* Calculate the number of AES blocks to encrypt. */ | |
991 | - aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH); | |
992 | - | |
993 | - if (enc) | |
994 | - aes_cbc_encrypt_blocks(key_exp, data, data, aes_blocks); | |
995 | - else | |
996 | - aes_cbc_decrypt_blocks(key_exp, data, data, aes_blocks); | |
997 | - | |
998 | - return 0; | |
999 | -} | |
1000 | - | |
1001 | 939 | static int flash_write (int fd_current, int fd_target, int dev_target) |
1002 | 940 | { |
1003 | 941 | int rc; |
... | ... | @@ -1182,13 +1120,6 @@ |
1182 | 1120 | |
1183 | 1121 | crc0 = crc32 (0, (uint8_t *) environment.data, ENV_SIZE); |
1184 | 1122 | |
1185 | - if (opts->aes_flag) { | |
1186 | - ret = env_aes_cbc_crypt(environment.data, 0, | |
1187 | - opts->aes_key); | |
1188 | - if (ret) | |
1189 | - goto open_cleanup; | |
1190 | - } | |
1191 | - | |
1192 | 1123 | crc0_ok = (crc0 == *environment.crc); |
1193 | 1124 | if (!HaveRedundEnv) { |
1194 | 1125 | if (!crc0_ok) { |
... | ... | @@ -1244,13 +1175,6 @@ |
1244 | 1175 | |
1245 | 1176 | crc1 = crc32 (0, (uint8_t *) redundant->data, ENV_SIZE); |
1246 | 1177 | |
1247 | - if (opts->aes_flag) { | |
1248 | - ret = env_aes_cbc_crypt(redundant->data, 0, | |
1249 | - opts->aes_key); | |
1250 | - if (ret) | |
1251 | - goto open_cleanup; | |
1252 | - } | |
1253 | - | |
1254 | 1178 | crc1_ok = (crc1 == redundant->crc); |
1255 | 1179 | flag1 = redundant->flags; |
1256 | 1180 | |
... | ... | @@ -1497,9 +1421,6 @@ |
1497 | 1421 | usable_envsize = CUR_ENVSIZE - sizeof(uint32_t); |
1498 | 1422 | if (HaveRedundEnv) |
1499 | 1423 | usable_envsize -= sizeof(char); |
1500 | - | |
1501 | - if (opts->aes_flag) | |
1502 | - usable_envsize &= ~(AES_KEY_LENGTH - 1); | |
1503 | 1424 | |
1504 | 1425 | return 0; |
1505 | 1426 | } |
tools/env/fw_env.h
... | ... | @@ -6,7 +6,6 @@ |
6 | 6 | */ |
7 | 7 | |
8 | 8 | #include <stdint.h> |
9 | -#include <uboot_aes.h> | |
10 | 9 | |
11 | 10 | /* |
12 | 11 | * Programs using the library must check which API is available, |
13 | 12 | |
... | ... | @@ -19,12 +18,8 @@ |
19 | 18 | #ifdef CONFIG_FILE |
20 | 19 | char *config_file; |
21 | 20 | #endif |
22 | - int aes_flag; /* Is AES encryption used? */ | |
23 | - uint8_t aes_key[AES_KEY_LENGTH]; | |
24 | 21 | char *lockname; |
25 | 22 | }; |
26 | - | |
27 | -int parse_aes_key(char *key, uint8_t *bin_key); | |
28 | 23 | |
29 | 24 | /** |
30 | 25 | * fw_printenv() - print one or several environment variables |
tools/env/fw_env_main.c
... | ... | @@ -43,7 +43,6 @@ |
43 | 43 | static int do_printenv; |
44 | 44 | |
45 | 45 | static struct option long_options[] = { |
46 | - {"aes", required_argument, NULL, 'a'}, | |
47 | 46 | {"config", required_argument, NULL, 'c'}, |
48 | 47 | {"help", no_argument, NULL, 'h'}, |
49 | 48 | {"script", required_argument, NULL, 's'}, |
... | ... | @@ -70,9 +69,6 @@ |
70 | 69 | "\n" |
71 | 70 | " -h, --help print this help.\n" |
72 | 71 | " -v, --version display version\n" |
73 | -#ifdef CONFIG_ENV_AES | |
74 | - " -a, --aes aes key to access environment\n" | |
75 | -#endif | |
76 | 72 | #ifdef CONFIG_FILE |
77 | 73 | " -c, --config configuration file, default:" CONFIG_FILE "\n" |
78 | 74 | #endif |
... | ... | @@ -89,9 +85,6 @@ |
89 | 85 | "\n" |
90 | 86 | " -h, --help print this help.\n" |
91 | 87 | " -v, --version display version\n" |
92 | -#ifdef CONFIG_ENV_AES | |
93 | - " -a, --aes aes key to access environment\n" | |
94 | -#endif | |
95 | 88 | #ifdef CONFIG_FILE |
96 | 89 | " -c, --config configuration file, default:" CONFIG_FILE "\n" |
97 | 90 | #endif |
... | ... | @@ -130,13 +123,6 @@ |
130 | 123 | while ((c = getopt_long(argc, argv, ":a:c:l:h:v", long_options, NULL)) != |
131 | 124 | EOF) { |
132 | 125 | switch (c) { |
133 | - case 'a': | |
134 | - if (parse_aes_key(optarg, env_opts.aes_key)) { | |
135 | - fprintf(stderr, "AES key parse error\n"); | |
136 | - exit(EXIT_FAILURE); | |
137 | - } | |
138 | - env_opts.aes_flag = 1; | |
139 | - break; | |
140 | 126 | #ifdef CONFIG_FILE |
141 | 127 | case 'c': |
142 | 128 | env_opts.config_file = optarg; |