ADD: [uboot] Add unix crypt feature

Use unix crypt (sha256) for password check. BugzId: 43635 SVN commit 22143@trunk
2016-10-07 13:39:43 +00:00 · 2016-10-07 13:39:43 +00:00 · f5e5778c9c
parent 1ae87e60b5
commit f5e5778c9c
7 changed files with 387 additions and 27 deletions
--- a/common/main.c
+++ b/common/main.c
@ -30,6 +30,9 @@
 #include <common.h>
 #include <watchdog.h>
 #include <command.h>
+#ifdef CONFIG_CRYPT
+#include <crypt.h>
+#endif
 #ifdef CONFIG_MODEM_SUPPORT
 #include <malloc.h>		/* for free() prototype */
 #endif
@ -269,18 +272,21 @@ static __inline__ int abortboot(int bootdelay)
 # endif	/* CONFIG_AUTOBOOT_KEYED */
 #endif	/* CONFIG_BOOTDELAY >= 0  */

-
+#ifdef CONFIG_CRYPT
 /****************************************************************************
- *  check if ubootpwd exists in data partition and perform a login, 
+ *  check if ubootpwd exists in data partition and perform a login,
 *  otherwise continue booting
 */

 int login (void)
 {
    char *stored = (char*)0x02700000;
-    char buf[256], entered[16];
+    char buf[256], entered[32];
    const int max = 255;
    int len, i, tries;
+    char *hash_type = 0, *salt = 0, *hash = 0;
+    uint8_t bin_hash[32], bin_salt[32];
+	int legacy_md5 = 0;

    puts("\nautoboot has been stopped, press 'e' to enter: ");

@ -296,12 +302,13 @@ int login (void)

    memset(stored, 0x0, max);
    len = cmd_yaffs_mread_file("/data/root/boot/bootpass", stored);
-    if (len != 16) {
-        /* no file or md5 hash found */
+    if (len == 16) {
+        legacy_md5 = 1;
+    }
+    else if (len <= 0) {
        puts("Login succeeded\n\n");
        return 1;
    }
-
    for (tries = 1; ; tries++) {
        puts("\nEnter password: ");

@ -316,16 +323,25 @@ int login (void)
        buf[max-1] = 0;

        if (strlen(buf) > 0) {
-            puts("\n");
-            md5((unsigned char*) buf, strlen(buf), (unsigned char *)entered);
-            if (memcmp(stored, entered, 16) == 0) {
-                break;
-            } else {
-                puts("Login incorrect\n");
-                if (tries == 3) {
-                    return 0;
-                }
-            }
+			puts("\n");
+			if (legacy_md5) {
+				md5((unsigned char*) buf, strlen(buf), (unsigned char *)entered);
+				if (memcmp(stored, entered, 16) == 0) {
+					break;
+				}
+			}
+			else {
+				char *cp = sha_crypt(buf, stored);
+				if (memcmp(cp, stored, len) == 0) {
+					free(cp);
+					break;
+				}
+				free(cp);
+			}
+			puts("Login incorrect\n");
+			if (tries == 3) {
+				return 0;
+			}
        }
    }

@ -333,7 +349,9 @@ int login (void)
    puts("Login succeeded\n\n");
    return 1;
 }
-
+#else
+int login (void) {return 1;}
+#endif /*CONFIG_CRYPT*/
 /****************************************************************************/

 void main_loop (void)
--- a/include/configs/NBHW08.h
+++ b/include/configs/NBHW08.h
@ -670,6 +670,8 @@
 #define CONFIG_SYS_HZ   1000    /* decrementer freq: 1ms ticks */

 #define CONFIG_MD5      1
+#define CONFIG_SHA256   1
+#define CONFIG_CRYPT    1

 /*
 * For booting Linux, the board info and command line data
--- a/include/configs/NBHW09.h
+++ b/include/configs/NBHW09.h
@ -15,9 +15,9 @@
 *  20101217  rs           created
 *  20101223  rs           major cleanup, first usable release
 *  20110128  rs           fixed DRAM timings
- *  20110506  rs           FB22197: Fixed BAT configuration for SPL, 
+ *  20110506  rs           FB22197: Fixed BAT configuration for SPL,
 *                          removed NOR flash settings
- *  20110513  rs           FB22003: Enabled D-Cache (removed PCIex support for 
+ *  20110513  rs           FB22003: Enabled D-Cache (removed PCIex support for
 *                          U-Boot itself, but not for Linux)
 *  20130610  mm/as        FB29758: Updated DDR timings
 *
@ -160,8 +160,8 @@

 #define CONFIG_SYS_DDR_SDRAM_CLK_CNTL DDR_SDRAM_CLK_CNTL_CLK_ADJUST_05

-/* 
- * Driver SW override, highest Z, 150 Ohm termination, DDR2, reordering enabled, 
+/*
+ * Driver SW override, highest Z, 150 Ohm termination, DDR2, reordering enabled,
 * MVREF internally generated
 *   Caution: Drive Strength defines in mpc83xx.h do not match values
 *   in MPC8308 Reference Manual (NOMZ = 1100b, MPC8308 Ref. Manual -> Higher Z)
@ -180,7 +180,7 @@
 #define CONFIG_SYS_DDR_SIZE       64          /* MB */
 #define CONFIG_SYS_DDR_CS0_BNDS   0x00000003  /* 0000:0000 - 03FF:FFFF */

-/* Enabled, No Read ODT, Write ODT for all CS, 
+/* Enabled, No Read ODT, Write ODT for all CS,
 * 4 Banks, 13 Rows, 10 Columns
 */
 #define CONFIG_SYS_DDR_CS0_CONFIG	( \
@ -222,7 +222,7 @@
        | ( 2 << TIMING_CFG1_WRTORD_SHIFT ) )
        /* 0x26259222 */

-/* ADD_LAT = 1, CPO = 4, Write Latency = 2, 
+/* ADD_LAT = 1, CPO = 4, Write Latency = 2,
 * Read To Precharge (Trtp) = 1, Write cmd to strobe = 1/2 clk delay
 * Min. CKE pulse width = 3 cycles, Tfaw = 7 clks
 */
@ -252,7 +252,7 @@
        /* 0x43100000 */

 /* Internal ODT on during read, 1 refresh at a time */
-#define CONFIG_SYS_DDR_SDRAM_CFG2 0x00401000 
+#define CONFIG_SYS_DDR_SDRAM_CFG2 0x00401000

 /*
 * MR   : 0x0232 (Burst Len = 4, Sequential, CAS Latency = 3, Write Recovery = 2)
@ -602,7 +602,7 @@
 /*
 * Environment
 */
- 
+
 /* U-Boot environment is stored in EEPROM */
 #undef  CONFIG_ENV_IS_IN_NAND
 #define CONFIG_ENV_IS_IN_EEPROM 1
@ -612,7 +612,7 @@
 #define CONFIG_LOADS_ECHO             1     /* echo on for serial download */
 #define CONFIG_SYS_LOADS_BAUD_CHANGE  1     /* allow baudrate change */

-#define CONFIG_SYS_CONSOLE_IS_IN_ENV        /* Avoids U-Boot setting stder, stdin, stdout variables -> read it for env. */ 
+#define CONFIG_SYS_CONSOLE_IS_IN_ENV        /* Avoids U-Boot setting stder, stdin, stdout variables -> read it for env. */
 #define CONFIG_SYS_CONSOLE_INFO_QUIET				/* Suppress display of console information at boot. */

 /*
@ -681,6 +681,8 @@
 #define CONFIG_SYS_HZ   1000    /* decrementer freq: 1ms ticks */

 #define CONFIG_MD5      1
+#define CONFIG_SHA256   1
+#define CONFIG_CRYPT    1

 /*
 * For booting Linux, the board info and command line data
@ -728,7 +730,7 @@
 #define CONFIG_SYS_IBAT2U 0
 #define CONFIG_SYS_DBAT2L CONFIG_SYS_IBAT2L
 #define CONFIG_SYS_DBAT2U CONFIG_SYS_IBAT2U
-#endif 
+#endif

 /* Stack in dcache : cacheable, no memory coherence */
 #define CONFIG_SYS_IBAT3L (CONFIG_SYS_INIT_RAM_ADDR | BATL_PP_RW)
--- a/include/configs/NBHW12.h
+++ b/include/configs/NBHW12.h
@ -702,6 +702,8 @@
 #define CONFIG_SYS_HZ   1000    /* decrementer freq: 1ms ticks */

 #define CONFIG_MD5      1
+#define CONFIG_SHA256   1
+#define CONFIG_CRYPT    1

 /*
 * For booting Linux, the board info and command line data
--- a/include/crypt.h
+++ b/include/crypt.h
@ -0,0 +1,6 @@
+#ifndef _CRYPT_H
+#define _CRYPT_H
+
+extern char * sha_crypt(const char *key, const char *salt);
+
+#endif /* _CRYPT_H */
--- a/lib_generic/Makefile
+++ b/lib_generic/Makefile
@ -32,6 +32,7 @@ COBJS-$(CONFIG_BZIP2) += bzlib_decompress.o
 COBJS-$(CONFIG_BZIP2) += bzlib_randtable.o
 COBJS-$(CONFIG_BZIP2) += bzlib_huffman.o
 COBJS-$(CONFIG_USB_TTY) += circbuf.o
+COBJS-$(CONFIG_CRYPT) += crypt.o
 COBJS-y += crc16.o
 COBJS-y += crc32.o
 COBJS-y += ctype.o
--- a/lib_generic/crypt.c
+++ b/lib_generic/crypt.c
@ -0,0 +1,329 @@
+#include <common.h>
+#include <sha256.h>
+#include <malloc.h>
+#include <linux/types.h>
+
+/* The crypt source code was ported from busybox sources pw_crypt */
+
+/* Used by pw_encrypt_XXX.c */
+static const uint8_t ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+static char*
+to64(char *s, unsigned v, int n)
+{
+	while (--n >= 0) {
+		*s++ = ascii64[v & 0x3f];
+		v >>= 6;
+	}
+	return s;
+}
+
+/* SHA256 and SHA512-based Unix crypt implementation.
+ * Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>.
+ */
+
+/* Prefix for optional rounds specification.  */
+static const char str_rounds[] = "rounds=%u$";
+
+/* Maximum salt string length.  */
+#define SALT_LEN_MAX 16
+/* Default number of rounds if not explicitly specified.  */
+#define ROUNDS_DEFAULT 5000
+/* Minimum number of rounds.  */
+#define ROUNDS_MIN 1000
+/* Maximum number of rounds.  */
+#define ROUNDS_MAX 999999999
+
+char *sha_crypt(const char *key_data, const char *salt_data)
+{
+	void (*sha_begin)(void *ctx);
+	void (*sha_hash)(void *ctx, const void *buffer, size_t len);
+	void* (*sha_end)( void *ctx, void *resbuf);
+	int _32or64;
+
+	char *result, *resptr;
+
+	/* btw, sha256 needs [32] and uint32_t only */
+	unsigned char alt_result[64] __attribute__((__aligned__(__alignof__(uint64_t))));
+	unsigned char temp_result[64] __attribute__((__aligned__(__alignof__(uint64_t))));
+	union {
+		sha256_context x;
+    #if 0
+		sha512_ctx_t y;
+    #endif
+	} ctx;
+	union {
+		sha256_context x;
+    #if 0
+		sha512_ctx_t y;
+    #endif
+	} alt_ctx;
+	unsigned salt_len;
+	unsigned key_len;
+	unsigned cnt;
+	unsigned rounds;
+	char *cp;
+	char is_sha512;
+    char *tmp;
+
+	/* Analyze salt, construct already known part of result */
+	cnt = strlen(salt_data) + 1 + 43 + 1;
+	is_sha512 = salt_data[1];
+	if (is_sha512 == '6') {
+        printf("SHA-512 is not supported yet");
+        return 0;
+		/* cnt += 43; */
+    }
+	result = resptr = malloc(cnt); /* will provide NUL terminator */
+    memset(result, 0, cnt);
+	*resptr++ = '$';
+	*resptr++ = is_sha512;
+	*resptr++ = '$';
+	rounds = ROUNDS_DEFAULT;
+	salt_data += 3;
+	if (strncmp(salt_data, str_rounds, 7) == 0) {
+		/* 7 == strlen("rounds=") */
+		char *endp;
+		cnt = simple_strtoul(salt_data + 7, &endp, 10);
+		if (*endp == '$') {
+			salt_data = endp + 1;
+			rounds = cnt;
+			if (rounds < ROUNDS_MIN)
+				rounds = ROUNDS_MIN;
+			if (rounds > ROUNDS_MAX)
+				rounds = ROUNDS_MAX;
+			/* add "rounds=NNNNN$" to result */
+			resptr += sprintf(resptr, str_rounds, rounds);
+		}
+	}
+    {
+        char *salt_end = strchr(salt_data, '$');
+        if (salt_end != 0) {
+            salt_len = salt_end - salt_data;
+        }
+        else {
+          salt_len = strnlen(salt_data, SALT_LEN_MAX);
+        }
+    }
+	// salt_len = (int)strchrnul(salt_data, '$') - (int)salt_data;
+	if (salt_len > SALT_LEN_MAX)
+		salt_len = SALT_LEN_MAX;
+	/* xstrdup assures suitable alignment; also we will use it
+	   as a scratch space later. */
+    tmp = malloc(strnlen(salt_data, 128));
+    memcpy(tmp, salt_data, strnlen(salt_data, 128));
+    salt_data = tmp;
+	//salt_data = xstrndup(salt_data, salt_len);
+	/* add "salt$" to result */
+	strcpy(resptr, salt_data);
+	resptr += salt_len;
+	*resptr++ = '$';
+	/* key data doesn't need much processing */
+	key_len = strlen(key_data);
+    tmp = malloc(strnlen(key_data, 256));
+    memcpy(tmp, key_data, strnlen(key_data, 256));
+    key_data = tmp;
+	// key_data = xstrdup(key_data);
+
+	/* Which flavor of SHAnnn ops to use? */
+	sha_begin = (void*)sha256_starts;
+	sha_hash = (void*)sha256_update;
+	sha_end = (void*)sha256_finish;
+	_32or64 = 32;
+    /* Not supported */
+#if 0
+	if (is_sha512 == '6') {
+		sha_begin = (void*)sha512_begin;
+		sha_hash = (void*)sha512_hash;
+		sha_end = (void*)sha512_end;
+		_32or64 = 64;
+	}
+#endif
+
+	/* Add KEY, SALT.  */
+	sha_begin(&ctx);
+	sha_hash(&ctx, key_data, key_len);
+	sha_hash(&ctx, salt_data, salt_len);
+
+	/* Compute alternate SHA sum with input KEY, SALT, and KEY.
+	   The final result will be added to the first context.  */
+	sha_begin(&alt_ctx);
+	sha_hash(&alt_ctx, key_data, key_len);
+	sha_hash(&alt_ctx, salt_data, salt_len);
+	sha_hash(&alt_ctx, key_data, key_len);
+	sha_end(&alt_ctx, alt_result);
+
+	/* Add result of this to the other context.  */
+	/* Add for any character in the key one byte of the alternate sum.  */
+	for (cnt = key_len; cnt > _32or64; cnt -= _32or64)
+		sha_hash(&ctx, alt_result, _32or64);
+	sha_hash(&ctx, alt_result, cnt);
+
+	/* Take the binary representation of the length of the key and for every
+	   1 add the alternate sum, for every 0 the key.  */
+	for (cnt = key_len; cnt != 0; cnt >>= 1)
+		if ((cnt & 1) != 0)
+			sha_hash(&ctx, alt_result, _32or64);
+		else
+			sha_hash(&ctx, key_data, key_len);
+
+	/* Create intermediate result.  */
+	sha_end(&ctx, alt_result);
+
+	/* Start computation of P byte sequence.  */
+	/* For every character in the password add the entire password.  */
+	sha_begin(&alt_ctx);
+	for (cnt = 0; cnt < key_len; ++cnt)
+		sha_hash(&alt_ctx, key_data, key_len);
+	sha_end(&alt_ctx, temp_result);
+
+	/* NB: past this point, raw key_data is not used anymore */
+
+	/* Create byte sequence P.  */
+#define p_bytes key_data /* reuse the buffer as it is of the key_len size */
+	cp = p_bytes; /* was: ... = alloca(key_len); */
+	for (cnt = key_len; cnt >= _32or64; cnt -= _32or64) {
+		cp = memcpy(cp, temp_result, _32or64);
+		cp += _32or64;
+	}
+	memcpy(cp, temp_result, cnt);
+
+	/* Start computation of S byte sequence.  */
+	/* For every character in the password add the entire password.  */
+	sha_begin(&alt_ctx);
+	for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt)
+		sha_hash(&alt_ctx, salt_data, salt_len);
+	sha_end(&alt_ctx, temp_result);
+
+	/* NB: past this point, raw salt_data is not used anymore */
+
+	/* Create byte sequence S.  */
+#define s_bytes salt_data /* reuse the buffer as it is of the salt_len size */
+	cp = s_bytes; /* was: ... = alloca(salt_len); */
+	for (cnt = salt_len; cnt >= _32or64; cnt -= _32or64) {
+		cp = memcpy(cp, temp_result, _32or64);
+		cp += _32or64;
+	}
+	memcpy(cp, temp_result, cnt);
+
+	/* Repeatedly run the collected hash value through SHA to burn
+	   CPU cycles.  */
+	for (cnt = 0; cnt < rounds; ++cnt) {
+		sha_begin(&ctx);
+
+		/* Add key or last result.  */
+		if ((cnt & 1) != 0)
+			sha_hash(&ctx, p_bytes, key_len);
+		else
+			sha_hash(&ctx, alt_result, _32or64);
+		/* Add salt for numbers not divisible by 3.  */
+		if (cnt % 3 != 0)
+			sha_hash(&ctx, s_bytes, salt_len);
+		/* Add key for numbers not divisible by 7.  */
+		if (cnt % 7 != 0)
+			sha_hash(&ctx, p_bytes, key_len);
+		/* Add key or last result.  */
+		if ((cnt & 1) != 0)
+			sha_hash(&ctx, alt_result, _32or64);
+		else
+			sha_hash(&ctx, p_bytes, key_len);
+
+		sha_end(&ctx, alt_result);
+	}
+
+
+	/* Append encrypted password to result buffer */
+//TODO: replace with something like
+//	bb_uuencode(cp, src, length, bb_uuenc_tbl_XXXbase64);
+#define b64_from_24bit(B2, B1, B0, N) \
+do {							\
+	unsigned w = ((B2) << 16) | ((B1) << 8) | (B0);	\
+	resptr = to64(resptr, w, N);			\
+} while (0)
+	if (is_sha512 == '5') {
+		unsigned i = 0;
+		unsigned j = 10;
+		unsigned k = 20;
+		/* strange swap of one byte (see below why) */
+		unsigned char alt_result_31 = alt_result[31];
+		alt_result[31] = alt_result[1];
+		while (1) {
+			b64_from_24bit(alt_result[i], alt_result[j], alt_result[k], 4);
+			if (i == 9)
+				break;
+			i += 21; i = (((i >> 4) & 2) + i) & 0x1f;
+			j += 21; j = (((j >> 4) & 2) + j) & 0x1f;
+			k += 21; k = (((k >> 4) & 2) + k) & 0x1f;
+		}
+		b64_from_24bit(0, alt_result_31, alt_result[30], 3);
+		/* was:
+		b64_from_24bit(alt_result[0], alt_result[10], alt_result[20], 4);
+		b64_from_24bit(alt_result[21], alt_result[1], alt_result[11], 4);
+		...............................^^^^^^^^^^^^^ why [1] and not [31]?
+		b64_from_24bit(alt_result[12], alt_result[22], alt_result[2], 4);
+		b64_from_24bit(alt_result[3], alt_result[13], alt_result[23], 4);
+		b64_from_24bit(alt_result[24], alt_result[4], alt_result[14], 4);
+		b64_from_24bit(alt_result[15], alt_result[25], alt_result[5], 4);
+		b64_from_24bit(alt_result[6], alt_result[16], alt_result[26], 4);
+		b64_from_24bit(alt_result[27], alt_result[7], alt_result[17], 4);
+		b64_from_24bit(alt_result[18], alt_result[28], alt_result[8], 4);
+		b64_from_24bit(alt_result[9], alt_result[19], alt_result[29], 4);
+		b64_from_24bit(0, alt_result[31], alt_result[30], 3);
+		*/
+	} else {
+		unsigned i = 0;
+		unsigned j = 21;
+		unsigned k = 42;
+		while (1) {
+			b64_from_24bit(alt_result[i], alt_result[j], alt_result[k], 4);
+			if (i == 62)
+				break;
+			i += 22; i = ((i >> 6) + i) & 0x3f;
+			j += 22; j = ((j >> 6) + j) & 0x3f;
+			k += 22; k = ((k >> 6) + k) & 0x3f;
+		}
+		b64_from_24bit(0, 0, alt_result[63], 2);
+		/* was:
+		b64_from_24bit(alt_result[0], alt_result[21], alt_result[42], 4);
+		b64_from_24bit(alt_result[22], alt_result[43], alt_result[1], 4);
+		b64_from_24bit(alt_result[44], alt_result[2], alt_result[23], 4);
+		b64_from_24bit(alt_result[3], alt_result[24], alt_result[45], 4);
+		b64_from_24bit(alt_result[25], alt_result[46], alt_result[4], 4);
+		b64_from_24bit(alt_result[47], alt_result[5], alt_result[26], 4);
+		b64_from_24bit(alt_result[6], alt_result[27], alt_result[48], 4);
+		b64_from_24bit(alt_result[28], alt_result[49], alt_result[7], 4);
+		b64_from_24bit(alt_result[50], alt_result[8], alt_result[29], 4);
+		b64_from_24bit(alt_result[9], alt_result[30], alt_result[51], 4);
+		b64_from_24bit(alt_result[31], alt_result[52], alt_result[10], 4);
+		b64_from_24bit(alt_result[53], alt_result[11], alt_result[32], 4);
+		b64_from_24bit(alt_result[12], alt_result[33], alt_result[54], 4);
+		b64_from_24bit(alt_result[34], alt_result[55], alt_result[13], 4);
+		b64_from_24bit(alt_result[56], alt_result[14], alt_result[35], 4);
+		b64_from_24bit(alt_result[15], alt_result[36], alt_result[57], 4);
+		b64_from_24bit(alt_result[37], alt_result[58], alt_result[16], 4);
+		b64_from_24bit(alt_result[59], alt_result[17], alt_result[38], 4);
+		b64_from_24bit(alt_result[18], alt_result[39], alt_result[60], 4);
+		b64_from_24bit(alt_result[40], alt_result[61], alt_result[19], 4);
+		b64_from_24bit(alt_result[62], alt_result[20], alt_result[41], 4);
+		b64_from_24bit(0, 0, alt_result[63], 2);
+		*/
+	}
+	/* *resptr = '\0'; - xzalloc did it */
+#undef b64_from_24bit
+
+	/* Clear the buffer for the intermediate result so that people
+	   attaching to processes or reading core dumps cannot get any
+	   information.  */
+	memset(temp_result, 0, sizeof(temp_result));
+	memset(alt_result, 0, sizeof(alt_result));
+	memset(&ctx, 0, sizeof(ctx));
+	memset(&alt_ctx, 0, sizeof(alt_ctx));
+	memset(key_data, 0, key_len); /* also p_bytes */
+	memset(salt_data, 0, salt_len); /* also s_bytes */
+	free(key_data);
+	free(salt_data);
+#undef p_bytes
+#undef s_bytes
+
+	return result;
+}
+