Add optional salt to AUTOBOOT_STOP_STR_SHA256
Adds an optional SALT value to AUTOBOOT_STOP_STR_SHA256. If a string followed by a ":" is prepended to the sha256, the portion to the left of the colon will be used as a salt and the password will be appended to the salt before the sha256 is computed and compared. Signed-off-by: Joel Peshkin <joel.peshkin@broadcom.com> Cc: Simon Glass <sjg@chromium.org> Cc: Bin Meng <bmeng.cn@gmail.com> Cc: Patrick Delaunay <patrick.delaunay@st.com> Cc: Heiko Schocher <hs@denx.de> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: Joel Peshkin <joel.peshkin@broadcom.com> To: u-boot@lists.denx.de Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Heiko Schocher <hs@denx.de>
This commit is contained in:
Joel Peshkin
Tom Rini
parent
214cc199b4
commit
652b504ff2
2 changed files with 14 additions and 3 deletions
|
|
@ -819,7 +819,10 @@ config AUTOBOOT_STOP_STR_SHA256
|
|||
This option adds the feature to only stop the autobooting,
|
||||
and therefore boot into the U-Boot prompt, when the input
|
||||
string / password matches a values that is encypted via
|
||||
a SHA256 hash and saved in the environment.
|
||||
a SHA256 hash and saved in the environment variable
|
||||
"bootstopkeysha256". If the value in that variable
|
||||
includes a ":", the portion prior to the ":" will be treated
|
||||
as a salt value.
|
||||
|
||||
config AUTOBOOT_USE_MENUKEY
|
||||
bool "Allow a specify key to run a menu from the environment"
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@
|
|||
|
||||
DECLARE_GLOBAL_DATA_PTR;
|
||||
|
||||
#define MAX_DELAY_STOP_STR 32
|
||||
#define MAX_DELAY_STOP_STR 64
|
||||
|
||||
#ifndef DEBUG_BOOTKEYS
|
||||
#define DEBUG_BOOTKEYS 0
|
||||
|
|
@ -80,6 +80,7 @@ static int passwd_abort_sha256(uint64_t etime)
|
|||
u8 sha_env[SHA256_SUM_LEN];
|
||||
u8 *sha;
|
||||
char *presskey;
|
||||
char *c;
|
||||
const char *algo_name = "sha256";
|
||||
u_int presskey_len = 0;
|
||||
int abort = 0;
|
||||
|
|
@ -89,6 +90,14 @@ static int passwd_abort_sha256(uint64_t etime)
|
|||
if (sha_env_str == NULL)
|
||||
sha_env_str = AUTOBOOT_STOP_STR_SHA256;
|
||||
|
||||
presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
|
||||
c = strstr(sha_env_str, ":");
|
||||
if (c && (c - sha_env_str < MAX_DELAY_STOP_STR)) {
|
||||
/* preload presskey with salt */
|
||||
memcpy(presskey, sha_env_str, c - sha_env_str);
|
||||
presskey_len = c - sha_env_str;
|
||||
sha_env_str = c + 1;
|
||||
}
|
||||
/*
|
||||
* Generate the binary value from the environment hash value
|
||||
* so that we can compare this value with the computed hash
|
||||
|
|
@ -100,7 +109,6 @@ static int passwd_abort_sha256(uint64_t etime)
|
|||
return 0;
|
||||
}
|
||||
|
||||
presskey = malloc_cache_aligned(MAX_DELAY_STOP_STR);
|
||||
sha = malloc_cache_aligned(SHA256_SUM_LEN);
|
||||
size = SHA256_SUM_LEN;
|
||||
/*
|
||||
|
|
|
|||
Loading…
Reference in a new issue