From patchwork Tue Nov 14 13:39:35 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Rini X-Patchwork-Id: 837858 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 3ybpXX1QMRz9s81 for ; Wed, 15 Nov 2017 00:39:54 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id CC323C21C4E; Tue, 14 Nov 2017 13:39:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 612DAC21C4C; Tue, 14 Nov 2017 13:39:44 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 2D34CC21C45; Tue, 14 Nov 2017 13:39:43 +0000 (UTC) Received: from mail-qt0-f193.google.com (mail-qt0-f193.google.com [209.85.216.193]) by lists.denx.de (Postfix) with ESMTPS id 74FC2C21C4C for ; Tue, 14 Nov 2017 13:39:42 +0000 (UTC) Received: by mail-qt0-f193.google.com with SMTP id p44so14613293qtj.6 for ; Tue, 14 Nov 2017 05:39:42 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=n8BbONEELBIh9rUXrSjtmzinD4UuDxiFlKdptyzwemI=; b=ZZPRrIdiOXe4DV7aW1ESODQVzDqGbQICGd/Pz/CUrqMP/rhx3goRgSu019vxjOlLnY 9KyQ5RVndBQvJ8JN6qGMZd0ORuaGKro82p8ANF7e04QTWT+ivhzmqIf2/JPolrWVznyu n6Vub4QY4+4X20z/ZUoMoktH5n8dek2SEIvin6QrliCopQ0HkFcHW/GoOn/VU9G3yGL5 yx69O3AjTDEjRKVmbIorCW/Md3peTh6ePtyRaNTyv8SsC15oMr7S5Jx4BhD2aoqKfDEV ZTHBELrZdmyEaZynFH6lVPZYAIPC8T476TXAoTZJq6zqfWMGDI1rqVUVPvW0xx63QGog qP7w== X-Gm-Message-State: AJaThX4PJ3wRpXowFE2lauInoVLrczCGjXkzGLHQ8iypfw6bYZJ/q2Iq Hwb7yR5QlKwlbEqY7kns9OdB X-Google-Smtp-Source: AGs4zMYIQrqZi/UjA3AB/wmBREMVSpfoiea6U/Z3LUS4/BdBne15dF35RJ2KWmRBhQ/JnzXh1SQ0Yw== X-Received: by 10.37.179.1 with SMTP id l1mr577364ybj.25.1510666780597; Tue, 14 Nov 2017 05:39:40 -0800 (PST) Received: from bill-the-cat.ec.rr.com (cpe-65-184-142-68.ec.res.rr.com. [65.184.142.68]) by smtp.gmail.com with ESMTPSA id b207sm8313605ywh.42.2017.11.14.05.39.38 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 14 Nov 2017 05:39:39 -0800 (PST) From: Tom Rini To: u-boot@lists.denx.de Date: Tue, 14 Nov 2017 08:39:35 -0500 Message-Id: <1510666775-17640-1-git-send-email-trini@konsulko.com> X-Mailer: git-send-email 2.7.4 Subject: [U-Boot] [PATCH] env: Remove CONFIG_ENV_AES support X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" This support has been deprecated since v2017.09 due to security issues. We now remove this support. Signed-off-by: Tom Rini --- env/Kconfig | 8 ----- env/common.c | 61 -------------------------------------- include/environment.h | 12 +------- tools/env/Makefile | 2 +- tools/env/aes.c | 1 - tools/env/fw_env.c | 79 ------------------------------------------------- tools/env/fw_env.h | 5 ---- tools/env/fw_env_main.c | 14 --------- 8 files changed, 2 insertions(+), 180 deletions(-) delete mode 100644 tools/env/aes.c diff --git a/env/Kconfig b/env/Kconfig index 8c9d800f485f..2477bf85309b 100644 --- a/env/Kconfig +++ b/env/Kconfig @@ -360,14 +360,6 @@ config ENV_IS_IN_UBI endchoice -config ENV_AES - bool "AES-128 encryption for stored environment (DEPRECATED)" - help - Enable this to have the on-device stored environment be encrypted - with AES-128. The implementation here however has security - complications and is not recommended for use. Please see - CVE-2017-3225 and CVE-2017-3226 for more details. - config ENV_FAT_INTERFACE string "Name of the block device for the environment" depends on ENV_IS_IN_FAT diff --git a/env/common.c b/env/common.c index 70715bb6e756..8167ea299264 100644 --- a/env/common.c +++ b/env/common.c @@ -103,52 +103,6 @@ int set_default_vars(int nvars, char * const vars[]) H_NOCLEAR | H_INTERACTIVE, 0, nvars, vars); } -#ifdef CONFIG_ENV_AES -#include -/** - * env_aes_cbc_get_key() - Get AES-128-CBC key for the environment - * - * This function shall return 16-byte array containing AES-128 key used - * to encrypt and decrypt the environment. This function must be overridden - * by the implementer as otherwise the environment encryption will not - * work. - */ -__weak uint8_t *env_aes_cbc_get_key(void) -{ - return NULL; -} - -static int env_aes_cbc_crypt(env_t *env, const int enc) -{ - unsigned char *data = env->data; - uint8_t *key; - uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; - uint32_t aes_blocks; - - key = env_aes_cbc_get_key(); - if (!key) - return -EINVAL; - - /* First we expand the key. */ - aes_expand_key(key, key_exp); - - /* Calculate the number of AES blocks to encrypt. */ - aes_blocks = ENV_SIZE / AES_KEY_LENGTH; - - if (enc) - aes_cbc_encrypt_blocks(key_exp, data, data, aes_blocks); - else - aes_cbc_decrypt_blocks(key_exp, data, data, aes_blocks); - - return 0; -} -#else -static inline int env_aes_cbc_crypt(env_t *env, const int enc) -{ - return 0; -} -#endif - /* * Check if CRC is valid and (if yes) import the environment. * Note that "buf" may or may not be aligned. @@ -156,7 +110,6 @@ static inline int env_aes_cbc_crypt(env_t *env, const int enc) int env_import(const char *buf, int check) { env_t *ep = (env_t *)buf; - int ret; if (check) { uint32_t crc; @@ -169,14 +122,6 @@ int env_import(const char *buf, int check) } } - /* Decrypt the env if desired. */ - ret = env_aes_cbc_crypt(ep, 0); - if (ret) { - pr_err("Failed to decrypt env!\n"); - set_default_env("!import failed"); - return ret; - } - if (himport_r(&env_htab, (char *)ep->data, ENV_SIZE, '\0', 0, 0, 0, NULL)) { gd->flags |= GD_FLG_ENV_READY; @@ -242,7 +187,6 @@ int env_export(env_t *env_out) { char *res; ssize_t len; - int ret; res = (char *)env_out->data; len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); @@ -251,11 +195,6 @@ int env_export(env_t *env_out) return 1; } - /* Encrypt the env if desired. */ - ret = env_aes_cbc_crypt(env_out, 1); - if (ret) - return ret; - env_out->crc = crc32(0, env_out->data, ENV_SIZE); #ifdef CONFIG_SYS_REDUNDAND_ENVIRONMENT diff --git a/include/environment.h b/include/environment.h index 7b9821638960..d29f82cb5d6f 100644 --- a/include/environment.h +++ b/include/environment.h @@ -143,12 +143,7 @@ extern unsigned long nand_env_oob_offset; # define ENV_HEADER_SIZE (sizeof(uint32_t)) #endif -#ifdef CONFIG_ENV_AES -/* Make sure the payload is multiple of AES block size */ -#define ENV_SIZE ((CONFIG_ENV_SIZE - ENV_HEADER_SIZE) & ~(16 - 1)) -#else #define ENV_SIZE (CONFIG_ENV_SIZE - ENV_HEADER_SIZE) -#endif typedef struct environment_s { uint32_t crc; /* CRC32 over data bytes */ @@ -156,12 +151,7 @@ typedef struct environment_s { unsigned char flags; /* active/obsolete flags */ #endif unsigned char data[ENV_SIZE]; /* Environment data */ -} env_t -#ifdef CONFIG_ENV_AES -/* Make sure the env is aligned to block size. */ -__attribute__((aligned(16))) -#endif -; +} env_t; #ifdef ENV_IS_EMBEDDED extern env_t environment; diff --git a/tools/env/Makefile b/tools/env/Makefile index 95b28c0b3a3c..95a03c98e75a 100644 --- a/tools/env/Makefile +++ b/tools/env/Makefile @@ -25,7 +25,7 @@ hostprogs-y := fw_printenv lib-y += fw_env.o \ crc32.o ctype.o linux_string.o \ - env_attr.o env_flags.o aes.o + env_attr.o env_flags.o fw_printenv-objs := fw_env_main.o $(lib-y) diff --git a/tools/env/aes.c b/tools/env/aes.c deleted file mode 100644 index 9e42679e3434..000000000000 --- a/tools/env/aes.c +++ /dev/null @@ -1 +0,0 @@ -#include "../../lib/aes.c" diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c index ab06415898c2..963a6152a501 100644 --- a/tools/env/fw_env.c +++ b/tools/env/fw_env.c @@ -111,8 +111,6 @@ static struct environment environment = { .flag_scheme = FLAG_NONE, }; -static int env_aes_cbc_crypt(char *data, const int enc, uint8_t *key); - static int HaveRedundEnv = 0; static unsigned char active_flag = 1; @@ -217,34 +215,6 @@ char *fw_getdefenv(char *name) return NULL; } -int parse_aes_key(char *key, uint8_t *bin_key) -{ - char tmp[5] = { '0', 'x', 0, 0, 0 }; - unsigned long ul; - int i; - - if (strnlen(key, 64) != 32) { - fprintf(stderr, - "## Error: '-a' option requires 16-byte AES key\n"); - return -1; - } - - for (i = 0; i < 16; i++) { - tmp[2] = key[0]; - tmp[3] = key[1]; - errno = 0; - ul = strtoul(tmp, NULL, 16); - if (errno) { - fprintf(stderr, - "## Error: '-a' option requires valid AES key\n"); - return -1; - } - bin_key[i] = ul & 0xff; - key += 2; - } - return 0; -} - /* * Print the current definition of one, or more, or all * environment variables @@ -313,16 +283,6 @@ int fw_env_flush(struct env_opts *opts) if (!opts) opts = &default_opts; - if (opts->aes_flag) { - ret = env_aes_cbc_crypt(environment.data, 1, - opts->aes_key); - if (ret) { - fprintf(stderr, - "Error: can't encrypt env for flash\n"); - return ret; - } - } - /* * Update CRC */ @@ -976,28 +936,6 @@ static int flash_flag_obsolete (int dev, int fd, off_t offset) return rc; } -/* Encrypt or decrypt the environment before writing or reading it. */ -static int env_aes_cbc_crypt(char *payload, const int enc, uint8_t *key) -{ - uint8_t *data = (uint8_t *)payload; - const int len = usable_envsize; - uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; - uint32_t aes_blocks; - - /* First we expand the key. */ - aes_expand_key(key, key_exp); - - /* Calculate the number of AES blocks to encrypt. */ - aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH); - - if (enc) - aes_cbc_encrypt_blocks(key_exp, data, data, aes_blocks); - else - aes_cbc_decrypt_blocks(key_exp, data, data, aes_blocks); - - return 0; -} - static int flash_write (int fd_current, int fd_target, int dev_target) { int rc; @@ -1182,13 +1120,6 @@ int fw_env_open(struct env_opts *opts) crc0 = crc32 (0, (uint8_t *) environment.data, ENV_SIZE); - if (opts->aes_flag) { - ret = env_aes_cbc_crypt(environment.data, 0, - opts->aes_key); - if (ret) - goto open_cleanup; - } - crc0_ok = (crc0 == *environment.crc); if (!HaveRedundEnv) { if (!crc0_ok) { @@ -1244,13 +1175,6 @@ int fw_env_open(struct env_opts *opts) crc1 = crc32 (0, (uint8_t *) redundant->data, ENV_SIZE); - if (opts->aes_flag) { - ret = env_aes_cbc_crypt(redundant->data, 0, - opts->aes_key); - if (ret) - goto open_cleanup; - } - crc1_ok = (crc1 == redundant->crc); flag1 = redundant->flags; @@ -1498,9 +1422,6 @@ static int parse_config(struct env_opts *opts) if (HaveRedundEnv) usable_envsize -= sizeof(char); - if (opts->aes_flag) - usable_envsize &= ~(AES_KEY_LENGTH - 1); - return 0; } diff --git a/tools/env/fw_env.h b/tools/env/fw_env.h index 2d37eb505309..b86ca78ba274 100644 --- a/tools/env/fw_env.h +++ b/tools/env/fw_env.h @@ -6,7 +6,6 @@ */ #include -#include /* * Programs using the library must check which API is available, @@ -19,13 +18,9 @@ struct env_opts { #ifdef CONFIG_FILE char *config_file; #endif - int aes_flag; /* Is AES encryption used? */ - uint8_t aes_key[AES_KEY_LENGTH]; char *lockname; }; -int parse_aes_key(char *key, uint8_t *bin_key); - /** * fw_printenv() - print one or several environment variables * diff --git a/tools/env/fw_env_main.c b/tools/env/fw_env_main.c index 0b9063742cec..6fdf41c87604 100644 --- a/tools/env/fw_env_main.c +++ b/tools/env/fw_env_main.c @@ -43,7 +43,6 @@ static int do_printenv; static struct option long_options[] = { - {"aes", required_argument, NULL, 'a'}, {"config", required_argument, NULL, 'c'}, {"help", no_argument, NULL, 'h'}, {"script", required_argument, NULL, 's'}, @@ -70,9 +69,6 @@ void usage_printenv(void) "\n" " -h, --help print this help.\n" " -v, --version display version\n" -#ifdef CONFIG_ENV_AES - " -a, --aes aes key to access environment\n" -#endif #ifdef CONFIG_FILE " -c, --config configuration file, default:" CONFIG_FILE "\n" #endif @@ -89,9 +85,6 @@ void usage_env_set(void) "\n" " -h, --help print this help.\n" " -v, --version display version\n" -#ifdef CONFIG_ENV_AES - " -a, --aes aes key to access environment\n" -#endif #ifdef CONFIG_FILE " -c, --config configuration file, default:" CONFIG_FILE "\n" #endif @@ -130,13 +123,6 @@ static void parse_common_args(int argc, char *argv[]) while ((c = getopt_long(argc, argv, ":a:c:l:h:v", long_options, NULL)) != EOF) { switch (c) { - case 'a': - if (parse_aes_key(optarg, env_opts.aes_key)) { - fprintf(stderr, "AES key parse error\n"); - exit(EXIT_FAILURE); - } - env_opts.aes_flag = 1; - break; #ifdef CONFIG_FILE case 'c': env_opts.config_file = optarg;