#include "fw_env.h"
+#include <aes.h>
+
+#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))
+
#define WHITESPACE(c) ((c == '\t') || (c == ' '))
#define min(x, y) ({ \
.flag_scheme = FLAG_NONE,
};
+/* Is AES encryption used? */
+static int aes_flag;
+static uint8_t aes_key[AES_KEY_LENGTH] = { 0 };
+static int env_aes_cbc_crypt(char *data, const int enc);
+
static int HaveRedundEnv = 0;
static unsigned char active_flag = 1;
if (HaveRedundEnv)
rc -= sizeof (char);
+
+ if (aes_flag)
+ rc &= ~(AES_KEY_LENGTH - 1);
+
return rc;
}
return NULL;
}
+static int parse_aes_key(char *key)
+{
+ char tmp[5] = { '0', 'x', 0, 0, 0 };
+ unsigned long ul;
+ int i;
+
+ if (strnlen(key, 64) != 32) {
+ fprintf(stderr,
+ "## Error: '-a' option requires 16-byte AES key\n");
+ return -1;
+ }
+
+ for (i = 0; i < 16; i++) {
+ tmp[2] = key[0];
+ tmp[3] = key[1];
+ errno = 0;
+ ul = strtoul(tmp, NULL, 16);
+ if (errno) {
+ fprintf(stderr,
+ "## Error: '-a' option requires valid AES key\n");
+ return -1;
+ }
+ aes_key[i] = ul & 0xff;
+ key += 2;
+ }
+ aes_flag = 1;
+
+ return 0;
+}
+
/*
* Print the current definition of one, or more, or all
* environment variables
int i, n_flag;
int rc = 0;
+ if (argc >= 2 && strcmp(argv[1], "-a") == 0) {
+ if (argc < 3) {
+ fprintf(stderr,
+ "## Error: '-a' option requires AES key\n");
+ return -1;
+ }
+ rc = parse_aes_key(argv[2]);
+ if (rc)
+ return rc;
+ argv += 2;
+ argc -= 2;
+ }
+
if (fw_env_open())
return -1;
int fw_env_close(void)
{
+ int ret;
+ if (aes_flag) {
+ ret = env_aes_cbc_crypt(environment.data, 1);
+ if (ret) {
+ fprintf(stderr,
+ "Error: can't encrypt env for flash\n");
+ return ret;
+ }
+ }
+
/*
* Update CRC
*/
*/
int fw_setenv(int argc, char *argv[])
{
- int i;
+ int i, rc;
size_t len;
char *name;
char *value = NULL;
return -1;
}
+ if (strcmp(argv[1], "-a") == 0) {
+ if (argc < 3) {
+ fprintf(stderr,
+ "## Error: '-a' option requires AES key\n");
+ return -1;
+ }
+ rc = parse_aes_key(argv[2]);
+ if (rc)
+ return rc;
+ argv += 2;
+ argc -= 2;
+ }
+
+ if (argc < 2) {
+ errno = EINVAL;
+ return -1;
+ }
+
if (fw_env_open()) {
fprintf(stderr, "Error: environment not initialized\n");
return -1;
return rc;
}
+/* Encrypt or decrypt the environment before writing or reading it. */
+static int env_aes_cbc_crypt(char *payload, const int enc)
+{
+ uint8_t *data = (uint8_t *)payload;
+ const int len = getenvsize();
+ uint8_t key_exp[AES_EXPAND_KEY_LENGTH];
+ uint32_t aes_blocks;
+
+ /* First we expand the key. */
+ aes_expand_key(aes_key, key_exp);
+
+ /* Calculate the number of AES blocks to encrypt. */
+ aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH);
+
+ if (enc)
+ aes_cbc_encrypt_blocks(key_exp, data, data, aes_blocks);
+ else
+ aes_cbc_decrypt_blocks(key_exp, data, data, aes_blocks);
+
+ return 0;
+}
+
static int flash_write (int fd_current, int fd_target, int dev_target)
{
int rc;
fprintf(stderr, "Writing new environment at 0x%lx on %s\n",
DEVOFFSET (dev_target), DEVNAME (dev_target));
#endif
+
rc = flash_write_buf(dev_target, fd_target, environment.image,
CUR_ENVSIZE, DEVOFFSET(dev_target),
DEVTYPE(dev_target));
rc = flash_read_buf(dev_current, fd, environment.image, CUR_ENVSIZE,
DEVOFFSET (dev_current), mtdinfo.type);
+ if (rc != CUR_ENVSIZE)
+ return -1;
- return (rc != CUR_ENVSIZE) ? -1 : 0;
+ return 0;
}
static int flash_io (int mode)
unsigned char flag1;
void *addr1;
+ int ret;
+
struct env_image_single *single;
struct env_image_redundant *redundant;
return -1;
crc0 = crc32 (0, (uint8_t *) environment.data, ENV_SIZE);
+
+ if (aes_flag) {
+ ret = env_aes_cbc_crypt(environment.data, 0);
+ if (ret)
+ return ret;
+ }
+
crc0_ok = (crc0 == *environment.crc);
if (!HaveRedundEnv) {
if (!crc0_ok) {
}
crc1 = crc32 (0, (uint8_t *) redundant->data, ENV_SIZE);
+
+ if (aes_flag) {
+ ret = env_aes_cbc_crypt(redundant->data, 0);
+ if (ret)
+ return ret;
+ }
+
crc1_ok = (crc1 == redundant->crc);
flag1 = redundant->flags;
* Command line user interface to firmware (=U-Boot) environment.
*
* Implements:
- * fw_printenv [[ -n name ] | [ name ... ]]
+ * fw_printenv [ -a key ] [[ -n name ] | [ name ... ]]
* - prints the value of a single environment variable
* "name", the ``name=value'' pairs of one or more
* environment variables "name", or the whole
* environment if no names are specified.
- * fw_setenv name [ value ... ]
+ * fw_setenv [ -a key ] name [ value ... ]
* - If a name without any values is given, the variable
* with this name is deleted from the environment;
* otherwise, all "value" arguments are concatenated,
* separated by single blank characters, and the
* resulting string is assigned to the environment
* variable "name"
+ *
+ * If '-a key' is specified, the env block is encrypted with AES 128 CBC.
+ * The 'key' argument is in the format of 32 hexadecimal numbers (16 bytes
+ * of AES key), eg. '-a aabbccddeeff00112233445566778899'.
*/
#include <fcntl.h>
fprintf(stderr, "fw_printenv/fw_setenv, "
"a command line interface to U-Boot environment\n\n"
- "usage:\tfw_printenv [-n] [variable name]\n"
- "\tfw_setenv [variable name] [variable value]\n"
+ "usage:\tfw_printenv [-a key] [-n] [variable name]\n"
+ "\tfw_setenv [-a key] [variable name] [variable value]\n"
"\tfw_setenv -s [ file ]\n"
"\tfw_setenv -s - < [ file ]\n\n"
"The file passed as argument contains only pairs "
cmdname = p + 1;
}
- while ((c = getopt_long (argc, argv, "ns:h",
+ while ((c = getopt_long (argc, argv, "a:ns:h",
long_options, NULL)) != EOF) {
switch (c) {
+ case 'a':
+ /* AES key, handled later */
+ break;
case 'n':
/* handled in fw_printenv */
break;