aboutsummaryrefslogtreecommitdiff
path: root/tools/env/fw_env.c
diff options
context:
space:
mode:
authorTom Rini2017-11-14 08:39:35 -0500
committerTom Rini2017-11-21 07:43:31 -0500
commitc6831c74a9e9dbedc351de94d23d35188ae1a39b (patch)
treeec3444def18bc20f81dce3594b01dfdba9097949 /tools/env/fw_env.c
parent042de609ed49cfc41afb13639850c7b01079a527 (diff)
env: Remove CONFIG_ENV_AES support
This support has been deprecated since v2017.09 due to security issues. We now remove this support. Signed-off-by: Tom Rini <trini@konsulko.com>
Diffstat (limited to 'tools/env/fw_env.c')
-rw-r--r--tools/env/fw_env.c79
1 files changed, 0 insertions, 79 deletions
diff --git a/tools/env/fw_env.c b/tools/env/fw_env.c
index ab06415898c..963a6152a50 100644
--- a/tools/env/fw_env.c
+++ b/tools/env/fw_env.c
@@ -111,8 +111,6 @@ static struct environment environment = {
.flag_scheme = FLAG_NONE,
};
-static int env_aes_cbc_crypt(char *data, const int enc, uint8_t *key);
-
static int HaveRedundEnv = 0;
static unsigned char active_flag = 1;
@@ -217,34 +215,6 @@ char *fw_getdefenv(char *name)
return NULL;
}
-int parse_aes_key(char *key, uint8_t *bin_key)
-{
- char tmp[5] = { '0', 'x', 0, 0, 0 };
- unsigned long ul;
- int i;
-
- if (strnlen(key, 64) != 32) {
- fprintf(stderr,
- "## Error: '-a' option requires 16-byte AES key\n");
- return -1;
- }
-
- for (i = 0; i < 16; i++) {
- tmp[2] = key[0];
- tmp[3] = key[1];
- errno = 0;
- ul = strtoul(tmp, NULL, 16);
- if (errno) {
- fprintf(stderr,
- "## Error: '-a' option requires valid AES key\n");
- return -1;
- }
- bin_key[i] = ul & 0xff;
- key += 2;
- }
- return 0;
-}
-
/*
* Print the current definition of one, or more, or all
* environment variables
@@ -313,16 +283,6 @@ int fw_env_flush(struct env_opts *opts)
if (!opts)
opts = &default_opts;
- if (opts->aes_flag) {
- ret = env_aes_cbc_crypt(environment.data, 1,
- opts->aes_key);
- if (ret) {
- fprintf(stderr,
- "Error: can't encrypt env for flash\n");
- return ret;
- }
- }
-
/*
* Update CRC
*/
@@ -976,28 +936,6 @@ static int flash_flag_obsolete (int dev, int fd, off_t offset)
return rc;
}
-/* Encrypt or decrypt the environment before writing or reading it. */
-static int env_aes_cbc_crypt(char *payload, const int enc, uint8_t *key)
-{
- uint8_t *data = (uint8_t *)payload;
- const int len = usable_envsize;
- uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
- uint32_t aes_blocks;
-
- /* First we expand the key. */
- aes_expand_key(key, key_exp);
-
- /* Calculate the number of AES blocks to encrypt. */
- aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
-
- if (enc)
- aes_cbc_encrypt_blocks(key_exp, data, data, aes_blocks);
- else
- aes_cbc_decrypt_blocks(key_exp, data, data, aes_blocks);
-
- return 0;
-}
-
static int flash_write (int fd_current, int fd_target, int dev_target)
{
int rc;
@@ -1182,13 +1120,6 @@ int fw_env_open(struct env_opts *opts)
crc0 = crc32 (0, (uint8_t *) environment.data, ENV_SIZE);
- if (opts->aes_flag) {
- ret = env_aes_cbc_crypt(environment.data, 0,
- opts->aes_key);
- if (ret)
- goto open_cleanup;
- }
-
crc0_ok = (crc0 == *environment.crc);
if (!HaveRedundEnv) {
if (!crc0_ok) {
@@ -1244,13 +1175,6 @@ int fw_env_open(struct env_opts *opts)
crc1 = crc32 (0, (uint8_t *) redundant->data, ENV_SIZE);
- if (opts->aes_flag) {
- ret = env_aes_cbc_crypt(redundant->data, 0,
- opts->aes_key);
- if (ret)
- goto open_cleanup;
- }
-
crc1_ok = (crc1 == redundant->crc);
flag1 = redundant->flags;
@@ -1498,9 +1422,6 @@ static int parse_config(struct env_opts *opts)
if (HaveRedundEnv)
usable_envsize -= sizeof(char);
- if (opts->aes_flag)
- usable_envsize &= ~(AES_KEY_LENGTH - 1);
-
return 0;
}