Re: [PATCH v3] Add optional salt to AUTOBOOT_STOP_STR_SHA256
On Sat, Nov 21, 2020 at 05:18:59PM -0800, Joel Peshkin wrote: > Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string > followed by a ":" is prepended to the sha256, the portion to the left > of the colon will be used as a salt and the password will be appended > to the salt before the sha256 is computed and compared. > > Signed-off-by: Joel Peshkin > Cc: Simon Glass > Cc: Bin Meng > Cc: Patrick Delaunay > Cc: Heiko Schocher > Cc: Heinrich Schuchardt > Cc: Joel Peshkin > To: u-boot@lists.denx.de > Reviewed-by: Simon Glass > Reviewed-by: Heiko Schocher Applied to u-boot/master, thanks! -- Tom signature.asc Description: PGP signature
Re: [PATCH v3] Add optional salt to AUTOBOOT_STOP_STR_SHA256
Hello Joel, Am 22.11.20 um 02:18 schrieb Joel Peshkin: > Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string > followed by a ":" is prepended to the sha256, the portion to the left > of the colon will be used as a salt and the password will be appended > to the salt before the sha256 is computed and compared. > > Signed-off-by: Joel Peshkin > Cc: Simon Glass > Cc: Bin Meng > Cc: Patrick Delaunay > Cc: Heiko Schocher > Cc: Heinrich Schuchardt > Cc: Joel Peshkin > To: u-boot@lists.denx.de > > --- > Changes for v2: >- Increase MAX_DELAY_STOP_STR >- Check salt size against MAX_DELAY_STOP_STR before copying >- Minor cleanup > Changes for v3: >- Cleanup changing (c) to c after review feedback > --- > common/Kconfig.boot | 5 - > common/autoboot.c | 12 ++-- > 2 files changed, 14 insertions(+), 3 deletions(-) Reviewed-by: Heiko Schocher bye, Heiko -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: +49-8142-66989-52 Fax: +49-8142-66989-80 Email: h...@denx.de
Re: [PATCH v3] Add optional salt to AUTOBOOT_STOP_STR_SHA256
On Sat, 21 Nov 2020 at 18:19, Joel Peshkin wrote: > > Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string > followed by a ":" is prepended to the sha256, the portion to the left > of the colon will be used as a salt and the password will be appended > to the salt before the sha256 is computed and compared. > > Signed-off-by: Joel Peshkin > Cc: Simon Glass > Cc: Bin Meng > Cc: Patrick Delaunay > Cc: Heiko Schocher > Cc: Heinrich Schuchardt > Cc: Joel Peshkin > To: u-boot@lists.denx.de > > --- > Changes for v2: >- Increase MAX_DELAY_STOP_STR >- Check salt size against MAX_DELAY_STOP_STR before copying >- Minor cleanup > Changes for v3: >- Cleanup changing (c) to c after review feedback > --- > common/Kconfig.boot | 5 - > common/autoboot.c | 12 ++-- > 2 files changed, 14 insertions(+), 3 deletions(-) > Reviewed-by: Simon Glass (as I don't see it in v2)
[PATCH v3] Add optional salt to AUTOBOOT_STOP_STR_SHA256
Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string
followed by a ":" is prepended to the sha256, the portion to the left
of the colon will be used as a salt and the password will be appended
to the salt before the sha256 is computed and compared.
Signed-off-by: Joel Peshkin
Cc: Simon Glass
Cc: Bin Meng
Cc: Patrick Delaunay
Cc: Heiko Schocher
Cc: Heinrich Schuchardt
Cc: Joel Peshkin
To: u-boot@lists.denx.de
---
Changes for v2:
- Increase MAX_DELAY_STOP_STR
- Check salt size against MAX_DELAY_STOP_STR before copying
- Minor cleanup
Changes for v3:
- Cleanup changing (c) to c after review feedback
---
common/Kconfig.boot | 5 -
common/autoboot.c | 12 ++--
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 3f6d9c1..8a98672 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -819,7 +819,10 @@ config AUTOBOOT_STOP_STR_SHA256
This option adds the feature to only stop the autobooting,
and therefore boot into the U-Boot prompt, when the input
string / password matches a values that is encypted via
- a SHA256 hash and saved in the environment.
+ a SHA256 hash and saved in the environment variable
+ "bootstopkeysha256". If the value in that variable
+ includes a ":", the portion prior to the ":" will be treated
+ as a salt value.
config AUTOBOOT_USE_MENUKEY
bool "Allow a specify key to run a menu from the environment"
diff --git a/common/autoboot.c b/common/autoboot.c
index e628baf..ddb6246 100644
--- a/common/autoboot.c
+++ b/common/autoboot.c
@@ -25,7 +25,7 @@
DECLARE_GLOBAL_DATA_PTR;
-#define MAX_DELAY_STOP_STR 32
+#define MAX_DELAY_STOP_STR 64
#ifndef DEBUG_BOOTKEYS
#define DEBUG_BOOTKEYS 0
@@ -80,6 +80,7 @@ static int passwd_abort_sha256(uint64_t etime)
u8 sha_env[SHA256_SUM_LEN];
u8 *sha;
char *presskey;
+ char *c;
const char *algo_name = "sha256";
u_int presskey_len = 0;
int abort = 0;
@@ -89,6 +90,14 @@ static int passwd_abort_sha256(uint64_t etime)
if (sha_env_str == NULL)
sha_env_str = AUTOBOOT_STOP_STR_SHA256;
+ presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
+ c = strstr(sha_env_str, ":");
+ if (c && (c - sha_env_str < MAX_DELAY_STOP_STR)) {
+ /* preload presskey with salt */
+ memcpy(presskey, sha_env_str, c - sha_env_str);
+ presskey_len = c - sha_env_str;
+ sha_env_str = c + 1;
+ }
/*
* Generate the binary value from the environment hash value
* so that we can compare this value with the computed hash
@@ -100,7 +109,6 @@ static int passwd_abort_sha256(uint64_t etime)
return 0;
}
- presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
sha = malloc_cache_aligned(SHA256_SUM_LEN);
size = SHA256_SUM_LEN;
/*
--
1.8.3.1
smime.p7s
Description: S/MIME Cryptographic Signature
