Message ID | 20201122011859.105816-1-joel.peshkin@broadcom.com |
---|---|
State | Accepted |
Commit | 652b504ff2dc41313ad7f38a00e1d5730966f164 |
Delegated to: | Tom Rini |
Headers | show |
Series | [v3] Add optional salt to AUTOBOOT_STOP_STR_SHA256 | expand |
On Sat, 21 Nov 2020 at 18:19, Joel Peshkin <joel.peshkin@broadcom.com> wrote: > > Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string > followed by a ":" is prepended to the sha256, the portion to the left > of the colon will be used as a salt and the password will be appended > to the salt before the sha256 is computed and compared. > > Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com> > Cc: Simon Glass <sjg@chromium.org> > Cc: Bin Meng <bmeng.cn@gmail.com> > Cc: Patrick Delaunay <patrick.delaunay@st.com> > Cc: Heiko Schocher <hs@denx.de> > Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> > Cc: Joel Peshkin <joel.peshkin@broadcom.com> > To: u-boot@lists.denx.de > > --- > Changes for v2: > - Increase MAX_DELAY_STOP_STR > - Check salt size against MAX_DELAY_STOP_STR before copying > - Minor cleanup > Changes for v3: > - Cleanup changing (c) to c after review feedback > --- > common/Kconfig.boot | 5 ++++- > common/autoboot.c | 12 ++++++++++-- > 2 files changed, 14 insertions(+), 3 deletions(-) > Reviewed-by: Simon Glass <sjg@chromium.org> (as I don't see it in v2)
Hello Joel, Am 22.11.20 um 02:18 schrieb Joel Peshkin: > Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string > followed by a ":" is prepended to the sha256, the portion to the left > of the colon will be used as a salt and the password will be appended > to the salt before the sha256 is computed and compared. > > Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com> > Cc: Simon Glass <sjg@chromium.org> > Cc: Bin Meng <bmeng.cn@gmail.com> > Cc: Patrick Delaunay <patrick.delaunay@st.com> > Cc: Heiko Schocher <hs@denx.de> > Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> > Cc: Joel Peshkin <joel.peshkin@broadcom.com> > To: u-boot@lists.denx.de > > --- > Changes for v2: > - Increase MAX_DELAY_STOP_STR > - Check salt size against MAX_DELAY_STOP_STR before copying > - Minor cleanup > Changes for v3: > - Cleanup changing (c) to c after review feedback > --- > common/Kconfig.boot | 5 ++++- > common/autoboot.c | 12 ++++++++++-- > 2 files changed, 14 insertions(+), 3 deletions(-) Reviewed-by: Heiko Schocher <hs@denx.de> bye, Heiko
On Sat, Nov 21, 2020 at 05:18:59PM -0800, Joel Peshkin wrote: > Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string > followed by a ":" is prepended to the sha256, the portion to the left > of the colon will be used as a salt and the password will be appended > to the salt before the sha256 is computed and compared. > > Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com> > Cc: Simon Glass <sjg@chromium.org> > Cc: Bin Meng <bmeng.cn@gmail.com> > Cc: Patrick Delaunay <patrick.delaunay@st.com> > Cc: Heiko Schocher <hs@denx.de> > Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> > Cc: Joel Peshkin <joel.peshkin@broadcom.com> > To: u-boot@lists.denx.de > Reviewed-by: Simon Glass <sjg@chromium.org> > Reviewed-by: Heiko Schocher <hs@denx.de> Applied to u-boot/master, thanks!
diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 3f6d9c1..8a98672 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -819,7 +819,10 @@ config AUTOBOOT_STOP_STR_SHA256 This option adds the feature to only stop the autobooting, and therefore boot into the U-Boot prompt, when the input string / password matches a values that is encypted via - a SHA256 hash and saved in the environment. + a SHA256 hash and saved in the environment variable + "bootstopkeysha256". If the value in that variable + includes a ":", the portion prior to the ":" will be treated + as a salt value. config AUTOBOOT_USE_MENUKEY bool "Allow a specify key to run a menu from the environment" diff --git a/common/autoboot.c b/common/autoboot.c index e628baf..ddb6246 100644 --- a/common/autoboot.c +++ b/common/autoboot.c @@ -25,7 +25,7 @@ DECLARE_GLOBAL_DATA_PTR; -#define MAX_DELAY_STOP_STR 32 +#define MAX_DELAY_STOP_STR 64 #ifndef DEBUG_BOOTKEYS #define DEBUG_BOOTKEYS 0 @@ -80,6 +80,7 @@ static int passwd_abort_sha256(uint64_t etime) u8 sha_env[SHA256_SUM_LEN]; u8 *sha; char *presskey; + char *c; const char *algo_name = "sha256"; u_int presskey_len = 0; int abort = 0; @@ -89,6 +90,14 @@ static int passwd_abort_sha256(uint64_t etime) if (sha_env_str == NULL) sha_env_str = AUTOBOOT_STOP_STR_SHA256; + presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR); + c = strstr(sha_env_str, ":"); + if (c && (c - sha_env_str < MAX_DELAY_STOP_STR)) { + /* preload presskey with salt */ + memcpy(presskey, sha_env_str, c - sha_env_str); + presskey_len = c - sha_env_str; + sha_env_str = c + 1; + } /* * Generate the binary value from the environment hash value * so that we can compare this value with the computed hash @@ -100,7 +109,6 @@ static int passwd_abort_sha256(uint64_t etime) return 0; } - presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR); sha = malloc_cache_aligned(SHA256_SUM_LEN); size = SHA256_SUM_LEN; /*
Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string followed by a ":" is prepended to the sha256, the portion to the left of the colon will be used as a salt and the password will be appended to the salt before the sha256 is computed and compared. Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com> Cc: Simon Glass <sjg@chromium.org> Cc: Bin Meng <bmeng.cn@gmail.com> Cc: Patrick Delaunay <patrick.delaunay@st.com> Cc: Heiko Schocher <hs@denx.de> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: Joel Peshkin <joel.peshkin@broadcom.com> To: u-boot@lists.denx.de --- Changes for v2: - Increase MAX_DELAY_STOP_STR - Check salt size against MAX_DELAY_STOP_STR before copying - Minor cleanup Changes for v3: - Cleanup changing (c) to c after review feedback --- common/Kconfig.boot | 5 ++++- common/autoboot.c | 12 ++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-)