From f5e5778c9ce87bef03656c0a0bf88e36f053f3fe Mon Sep 17 00:00:00 2001 From: Stefan Eichenberger Date: Fri, 7 Oct 2016 13:39:43 +0000 Subject: [PATCH] ADD: [uboot] Add unix crypt feature Use unix crypt (sha256) for password check. BugzId: 43635 SVN commit 22143@trunk --- common/main.c | 52 +++++-- include/configs/NBHW08.h | 2 + include/configs/NBHW09.h | 22 +-- include/configs/NBHW12.h | 2 + include/crypt.h | 6 + lib_generic/Makefile | 1 + lib_generic/crypt.c | 329 +++++++++++++++++++++++++++++++++++++++ 7 files changed, 387 insertions(+), 27 deletions(-) create mode 100644 include/crypt.h create mode 100644 lib_generic/crypt.c diff --git a/common/main.c b/common/main.c index 7958810b14..33dc0f792a 100644 --- a/common/main.c +++ b/common/main.c @@ -30,6 +30,9 @@ #include #include #include +#ifdef CONFIG_CRYPT +#include +#endif #ifdef CONFIG_MODEM_SUPPORT #include /* for free() prototype */ #endif @@ -269,18 +272,21 @@ static __inline__ int abortboot(int bootdelay) # endif /* CONFIG_AUTOBOOT_KEYED */ #endif /* CONFIG_BOOTDELAY >= 0 */ - +#ifdef CONFIG_CRYPT /**************************************************************************** - * check if ubootpwd exists in data partition and perform a login, + * check if ubootpwd exists in data partition and perform a login, * otherwise continue booting */ int login (void) { char *stored = (char*)0x02700000; - char buf[256], entered[16]; + char buf[256], entered[32]; const int max = 255; int len, i, tries; + char *hash_type = 0, *salt = 0, *hash = 0; + uint8_t bin_hash[32], bin_salt[32]; + int legacy_md5 = 0; puts("\nautoboot has been stopped, press 'e' to enter: "); @@ -296,12 +302,13 @@ int login (void) memset(stored, 0x0, max); len = cmd_yaffs_mread_file("/data/root/boot/bootpass", stored); - if (len != 16) { - /* no file or md5 hash found */ + if (len == 16) { + legacy_md5 = 1; + } + else if (len <= 0) { puts("Login succeeded\n\n"); return 1; } - for (tries = 1; ; tries++) { puts("\nEnter password: "); @@ -316,16 +323,25 @@ int login (void) buf[max-1] = 0; if (strlen(buf) > 0) { - puts("\n"); - md5((unsigned char*) buf, strlen(buf), (unsigned char *)entered); - if (memcmp(stored, entered, 16) == 0) { - break; - } else { - puts("Login incorrect\n"); - if (tries == 3) { - return 0; - } - } + puts("\n"); + if (legacy_md5) { + md5((unsigned char*) buf, strlen(buf), (unsigned char *)entered); + if (memcmp(stored, entered, 16) == 0) { + break; + } + } + else { + char *cp = sha_crypt(buf, stored); + if (memcmp(cp, stored, len) == 0) { + free(cp); + break; + } + free(cp); + } + puts("Login incorrect\n"); + if (tries == 3) { + return 0; + } } } @@ -333,7 +349,9 @@ int login (void) puts("Login succeeded\n\n"); return 1; } - +#else +int login (void) {return 1;} +#endif /*CONFIG_CRYPT*/ /****************************************************************************/ void main_loop (void) diff --git a/include/configs/NBHW08.h b/include/configs/NBHW08.h index 0acbb39125..bc2f931802 100755 --- a/include/configs/NBHW08.h +++ b/include/configs/NBHW08.h @@ -670,6 +670,8 @@ #define CONFIG_SYS_HZ 1000 /* decrementer freq: 1ms ticks */ #define CONFIG_MD5 1 +#define CONFIG_SHA256 1 +#define CONFIG_CRYPT 1 /* * For booting Linux, the board info and command line data diff --git a/include/configs/NBHW09.h b/include/configs/NBHW09.h index e492e859ee..e9c142511f 100644 --- a/include/configs/NBHW09.h +++ b/include/configs/NBHW09.h @@ -15,9 +15,9 @@ * 20101217 rs created * 20101223 rs major cleanup, first usable release * 20110128 rs fixed DRAM timings - * 20110506 rs FB22197: Fixed BAT configuration for SPL, + * 20110506 rs FB22197: Fixed BAT configuration for SPL, * removed NOR flash settings - * 20110513 rs FB22003: Enabled D-Cache (removed PCIex support for + * 20110513 rs FB22003: Enabled D-Cache (removed PCIex support for * U-Boot itself, but not for Linux) * 20130610 mm/as FB29758: Updated DDR timings * @@ -160,8 +160,8 @@ #define CONFIG_SYS_DDR_SDRAM_CLK_CNTL DDR_SDRAM_CLK_CNTL_CLK_ADJUST_05 -/* - * Driver SW override, highest Z, 150 Ohm termination, DDR2, reordering enabled, +/* + * Driver SW override, highest Z, 150 Ohm termination, DDR2, reordering enabled, * MVREF internally generated * Caution: Drive Strength defines in mpc83xx.h do not match values * in MPC8308 Reference Manual (NOMZ = 1100b, MPC8308 Ref. Manual -> Higher Z) @@ -180,7 +180,7 @@ #define CONFIG_SYS_DDR_SIZE 64 /* MB */ #define CONFIG_SYS_DDR_CS0_BNDS 0x00000003 /* 0000:0000 - 03FF:FFFF */ -/* Enabled, No Read ODT, Write ODT for all CS, +/* Enabled, No Read ODT, Write ODT for all CS, * 4 Banks, 13 Rows, 10 Columns */ #define CONFIG_SYS_DDR_CS0_CONFIG ( \ @@ -222,7 +222,7 @@ | ( 2 << TIMING_CFG1_WRTORD_SHIFT ) ) /* 0x26259222 */ -/* ADD_LAT = 1, CPO = 4, Write Latency = 2, +/* ADD_LAT = 1, CPO = 4, Write Latency = 2, * Read To Precharge (Trtp) = 1, Write cmd to strobe = 1/2 clk delay * Min. CKE pulse width = 3 cycles, Tfaw = 7 clks */ @@ -252,7 +252,7 @@ /* 0x43100000 */ /* Internal ODT on during read, 1 refresh at a time */ -#define CONFIG_SYS_DDR_SDRAM_CFG2 0x00401000 +#define CONFIG_SYS_DDR_SDRAM_CFG2 0x00401000 /* * MR : 0x0232 (Burst Len = 4, Sequential, CAS Latency = 3, Write Recovery = 2) @@ -602,7 +602,7 @@ /* * Environment */ - + /* U-Boot environment is stored in EEPROM */ #undef CONFIG_ENV_IS_IN_NAND #define CONFIG_ENV_IS_IN_EEPROM 1 @@ -612,7 +612,7 @@ #define CONFIG_LOADS_ECHO 1 /* echo on for serial download */ #define CONFIG_SYS_LOADS_BAUD_CHANGE 1 /* allow baudrate change */ -#define CONFIG_SYS_CONSOLE_IS_IN_ENV /* Avoids U-Boot setting stder, stdin, stdout variables -> read it for env. */ +#define CONFIG_SYS_CONSOLE_IS_IN_ENV /* Avoids U-Boot setting stder, stdin, stdout variables -> read it for env. */ #define CONFIG_SYS_CONSOLE_INFO_QUIET /* Suppress display of console information at boot. */ /* @@ -681,6 +681,8 @@ #define CONFIG_SYS_HZ 1000 /* decrementer freq: 1ms ticks */ #define CONFIG_MD5 1 +#define CONFIG_SHA256 1 +#define CONFIG_CRYPT 1 /* * For booting Linux, the board info and command line data @@ -728,7 +730,7 @@ #define CONFIG_SYS_IBAT2U 0 #define CONFIG_SYS_DBAT2L CONFIG_SYS_IBAT2L #define CONFIG_SYS_DBAT2U CONFIG_SYS_IBAT2U -#endif +#endif /* Stack in dcache : cacheable, no memory coherence */ #define CONFIG_SYS_IBAT3L (CONFIG_SYS_INIT_RAM_ADDR | BATL_PP_RW) diff --git a/include/configs/NBHW12.h b/include/configs/NBHW12.h index 79feaf9b07..6d953a48dc 100644 --- a/include/configs/NBHW12.h +++ b/include/configs/NBHW12.h @@ -702,6 +702,8 @@ #define CONFIG_SYS_HZ 1000 /* decrementer freq: 1ms ticks */ #define CONFIG_MD5 1 +#define CONFIG_SHA256 1 +#define CONFIG_CRYPT 1 /* * For booting Linux, the board info and command line data diff --git a/include/crypt.h b/include/crypt.h new file mode 100644 index 0000000000..348f43975a --- /dev/null +++ b/include/crypt.h @@ -0,0 +1,6 @@ +#ifndef _CRYPT_H +#define _CRYPT_H + +extern char * sha_crypt(const char *key, const char *salt); + +#endif /* _CRYPT_H */ diff --git a/lib_generic/Makefile b/lib_generic/Makefile index 2ec261af4a..c0e8f52d1c 100644 --- a/lib_generic/Makefile +++ b/lib_generic/Makefile @@ -32,6 +32,7 @@ COBJS-$(CONFIG_BZIP2) += bzlib_decompress.o COBJS-$(CONFIG_BZIP2) += bzlib_randtable.o COBJS-$(CONFIG_BZIP2) += bzlib_huffman.o COBJS-$(CONFIG_USB_TTY) += circbuf.o +COBJS-$(CONFIG_CRYPT) += crypt.o COBJS-y += crc16.o COBJS-y += crc32.o COBJS-y += ctype.o diff --git a/lib_generic/crypt.c b/lib_generic/crypt.c new file mode 100644 index 0000000000..626a2f16b8 --- /dev/null +++ b/lib_generic/crypt.c @@ -0,0 +1,329 @@ +#include +#include +#include +#include + +/* The crypt source code was ported from busybox sources pw_crypt */ + +/* Used by pw_encrypt_XXX.c */ +static const uint8_t ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +static char* +to64(char *s, unsigned v, int n) +{ + while (--n >= 0) { + *s++ = ascii64[v & 0x3f]; + v >>= 6; + } + return s; +} + +/* SHA256 and SHA512-based Unix crypt implementation. + * Released into the Public Domain by Ulrich Drepper . + */ + +/* Prefix for optional rounds specification. */ +static const char str_rounds[] = "rounds=%u$"; + +/* Maximum salt string length. */ +#define SALT_LEN_MAX 16 +/* Default number of rounds if not explicitly specified. */ +#define ROUNDS_DEFAULT 5000 +/* Minimum number of rounds. */ +#define ROUNDS_MIN 1000 +/* Maximum number of rounds. */ +#define ROUNDS_MAX 999999999 + +char *sha_crypt(const char *key_data, const char *salt_data) +{ + void (*sha_begin)(void *ctx); + void (*sha_hash)(void *ctx, const void *buffer, size_t len); + void* (*sha_end)( void *ctx, void *resbuf); + int _32or64; + + char *result, *resptr; + + /* btw, sha256 needs [32] and uint32_t only */ + unsigned char alt_result[64] __attribute__((__aligned__(__alignof__(uint64_t)))); + unsigned char temp_result[64] __attribute__((__aligned__(__alignof__(uint64_t)))); + union { + sha256_context x; + #if 0 + sha512_ctx_t y; + #endif + } ctx; + union { + sha256_context x; + #if 0 + sha512_ctx_t y; + #endif + } alt_ctx; + unsigned salt_len; + unsigned key_len; + unsigned cnt; + unsigned rounds; + char *cp; + char is_sha512; + char *tmp; + + /* Analyze salt, construct already known part of result */ + cnt = strlen(salt_data) + 1 + 43 + 1; + is_sha512 = salt_data[1]; + if (is_sha512 == '6') { + printf("SHA-512 is not supported yet"); + return 0; + /* cnt += 43; */ + } + result = resptr = malloc(cnt); /* will provide NUL terminator */ + memset(result, 0, cnt); + *resptr++ = '$'; + *resptr++ = is_sha512; + *resptr++ = '$'; + rounds = ROUNDS_DEFAULT; + salt_data += 3; + if (strncmp(salt_data, str_rounds, 7) == 0) { + /* 7 == strlen("rounds=") */ + char *endp; + cnt = simple_strtoul(salt_data + 7, &endp, 10); + if (*endp == '$') { + salt_data = endp + 1; + rounds = cnt; + if (rounds < ROUNDS_MIN) + rounds = ROUNDS_MIN; + if (rounds > ROUNDS_MAX) + rounds = ROUNDS_MAX; + /* add "rounds=NNNNN$" to result */ + resptr += sprintf(resptr, str_rounds, rounds); + } + } + { + char *salt_end = strchr(salt_data, '$'); + if (salt_end != 0) { + salt_len = salt_end - salt_data; + } + else { + salt_len = strnlen(salt_data, SALT_LEN_MAX); + } + } + // salt_len = (int)strchrnul(salt_data, '$') - (int)salt_data; + if (salt_len > SALT_LEN_MAX) + salt_len = SALT_LEN_MAX; + /* xstrdup assures suitable alignment; also we will use it + as a scratch space later. */ + tmp = malloc(strnlen(salt_data, 128)); + memcpy(tmp, salt_data, strnlen(salt_data, 128)); + salt_data = tmp; + //salt_data = xstrndup(salt_data, salt_len); + /* add "salt$" to result */ + strcpy(resptr, salt_data); + resptr += salt_len; + *resptr++ = '$'; + /* key data doesn't need much processing */ + key_len = strlen(key_data); + tmp = malloc(strnlen(key_data, 256)); + memcpy(tmp, key_data, strnlen(key_data, 256)); + key_data = tmp; + // key_data = xstrdup(key_data); + + /* Which flavor of SHAnnn ops to use? */ + sha_begin = (void*)sha256_starts; + sha_hash = (void*)sha256_update; + sha_end = (void*)sha256_finish; + _32or64 = 32; + /* Not supported */ +#if 0 + if (is_sha512 == '6') { + sha_begin = (void*)sha512_begin; + sha_hash = (void*)sha512_hash; + sha_end = (void*)sha512_end; + _32or64 = 64; + } +#endif + + /* Add KEY, SALT. */ + sha_begin(&ctx); + sha_hash(&ctx, key_data, key_len); + sha_hash(&ctx, salt_data, salt_len); + + /* Compute alternate SHA sum with input KEY, SALT, and KEY. + The final result will be added to the first context. */ + sha_begin(&alt_ctx); + sha_hash(&alt_ctx, key_data, key_len); + sha_hash(&alt_ctx, salt_data, salt_len); + sha_hash(&alt_ctx, key_data, key_len); + sha_end(&alt_ctx, alt_result); + + /* Add result of this to the other context. */ + /* Add for any character in the key one byte of the alternate sum. */ + for (cnt = key_len; cnt > _32or64; cnt -= _32or64) + sha_hash(&ctx, alt_result, _32or64); + sha_hash(&ctx, alt_result, cnt); + + /* Take the binary representation of the length of the key and for every + 1 add the alternate sum, for every 0 the key. */ + for (cnt = key_len; cnt != 0; cnt >>= 1) + if ((cnt & 1) != 0) + sha_hash(&ctx, alt_result, _32or64); + else + sha_hash(&ctx, key_data, key_len); + + /* Create intermediate result. */ + sha_end(&ctx, alt_result); + + /* Start computation of P byte sequence. */ + /* For every character in the password add the entire password. */ + sha_begin(&alt_ctx); + for (cnt = 0; cnt < key_len; ++cnt) + sha_hash(&alt_ctx, key_data, key_len); + sha_end(&alt_ctx, temp_result); + + /* NB: past this point, raw key_data is not used anymore */ + + /* Create byte sequence P. */ +#define p_bytes key_data /* reuse the buffer as it is of the key_len size */ + cp = p_bytes; /* was: ... = alloca(key_len); */ + for (cnt = key_len; cnt >= _32or64; cnt -= _32or64) { + cp = memcpy(cp, temp_result, _32or64); + cp += _32or64; + } + memcpy(cp, temp_result, cnt); + + /* Start computation of S byte sequence. */ + /* For every character in the password add the entire password. */ + sha_begin(&alt_ctx); + for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt) + sha_hash(&alt_ctx, salt_data, salt_len); + sha_end(&alt_ctx, temp_result); + + /* NB: past this point, raw salt_data is not used anymore */ + + /* Create byte sequence S. */ +#define s_bytes salt_data /* reuse the buffer as it is of the salt_len size */ + cp = s_bytes; /* was: ... = alloca(salt_len); */ + for (cnt = salt_len; cnt >= _32or64; cnt -= _32or64) { + cp = memcpy(cp, temp_result, _32or64); + cp += _32or64; + } + memcpy(cp, temp_result, cnt); + + /* Repeatedly run the collected hash value through SHA to burn + CPU cycles. */ + for (cnt = 0; cnt < rounds; ++cnt) { + sha_begin(&ctx); + + /* Add key or last result. */ + if ((cnt & 1) != 0) + sha_hash(&ctx, p_bytes, key_len); + else + sha_hash(&ctx, alt_result, _32or64); + /* Add salt for numbers not divisible by 3. */ + if (cnt % 3 != 0) + sha_hash(&ctx, s_bytes, salt_len); + /* Add key for numbers not divisible by 7. */ + if (cnt % 7 != 0) + sha_hash(&ctx, p_bytes, key_len); + /* Add key or last result. */ + if ((cnt & 1) != 0) + sha_hash(&ctx, alt_result, _32or64); + else + sha_hash(&ctx, p_bytes, key_len); + + sha_end(&ctx, alt_result); + } + + + /* Append encrypted password to result buffer */ +//TODO: replace with something like +// bb_uuencode(cp, src, length, bb_uuenc_tbl_XXXbase64); +#define b64_from_24bit(B2, B1, B0, N) \ +do { \ + unsigned w = ((B2) << 16) | ((B1) << 8) | (B0); \ + resptr = to64(resptr, w, N); \ +} while (0) + if (is_sha512 == '5') { + unsigned i = 0; + unsigned j = 10; + unsigned k = 20; + /* strange swap of one byte (see below why) */ + unsigned char alt_result_31 = alt_result[31]; + alt_result[31] = alt_result[1]; + while (1) { + b64_from_24bit(alt_result[i], alt_result[j], alt_result[k], 4); + if (i == 9) + break; + i += 21; i = (((i >> 4) & 2) + i) & 0x1f; + j += 21; j = (((j >> 4) & 2) + j) & 0x1f; + k += 21; k = (((k >> 4) & 2) + k) & 0x1f; + } + b64_from_24bit(0, alt_result_31, alt_result[30], 3); + /* was: + b64_from_24bit(alt_result[0], alt_result[10], alt_result[20], 4); + b64_from_24bit(alt_result[21], alt_result[1], alt_result[11], 4); + ...............................^^^^^^^^^^^^^ why [1] and not [31]? + b64_from_24bit(alt_result[12], alt_result[22], alt_result[2], 4); + b64_from_24bit(alt_result[3], alt_result[13], alt_result[23], 4); + b64_from_24bit(alt_result[24], alt_result[4], alt_result[14], 4); + b64_from_24bit(alt_result[15], alt_result[25], alt_result[5], 4); + b64_from_24bit(alt_result[6], alt_result[16], alt_result[26], 4); + b64_from_24bit(alt_result[27], alt_result[7], alt_result[17], 4); + b64_from_24bit(alt_result[18], alt_result[28], alt_result[8], 4); + b64_from_24bit(alt_result[9], alt_result[19], alt_result[29], 4); + b64_from_24bit(0, alt_result[31], alt_result[30], 3); + */ + } else { + unsigned i = 0; + unsigned j = 21; + unsigned k = 42; + while (1) { + b64_from_24bit(alt_result[i], alt_result[j], alt_result[k], 4); + if (i == 62) + break; + i += 22; i = ((i >> 6) + i) & 0x3f; + j += 22; j = ((j >> 6) + j) & 0x3f; + k += 22; k = ((k >> 6) + k) & 0x3f; + } + b64_from_24bit(0, 0, alt_result[63], 2); + /* was: + b64_from_24bit(alt_result[0], alt_result[21], alt_result[42], 4); + b64_from_24bit(alt_result[22], alt_result[43], alt_result[1], 4); + b64_from_24bit(alt_result[44], alt_result[2], alt_result[23], 4); + b64_from_24bit(alt_result[3], alt_result[24], alt_result[45], 4); + b64_from_24bit(alt_result[25], alt_result[46], alt_result[4], 4); + b64_from_24bit(alt_result[47], alt_result[5], alt_result[26], 4); + b64_from_24bit(alt_result[6], alt_result[27], alt_result[48], 4); + b64_from_24bit(alt_result[28], alt_result[49], alt_result[7], 4); + b64_from_24bit(alt_result[50], alt_result[8], alt_result[29], 4); + b64_from_24bit(alt_result[9], alt_result[30], alt_result[51], 4); + b64_from_24bit(alt_result[31], alt_result[52], alt_result[10], 4); + b64_from_24bit(alt_result[53], alt_result[11], alt_result[32], 4); + b64_from_24bit(alt_result[12], alt_result[33], alt_result[54], 4); + b64_from_24bit(alt_result[34], alt_result[55], alt_result[13], 4); + b64_from_24bit(alt_result[56], alt_result[14], alt_result[35], 4); + b64_from_24bit(alt_result[15], alt_result[36], alt_result[57], 4); + b64_from_24bit(alt_result[37], alt_result[58], alt_result[16], 4); + b64_from_24bit(alt_result[59], alt_result[17], alt_result[38], 4); + b64_from_24bit(alt_result[18], alt_result[39], alt_result[60], 4); + b64_from_24bit(alt_result[40], alt_result[61], alt_result[19], 4); + b64_from_24bit(alt_result[62], alt_result[20], alt_result[41], 4); + b64_from_24bit(0, 0, alt_result[63], 2); + */ + } + /* *resptr = '\0'; - xzalloc did it */ +#undef b64_from_24bit + + /* Clear the buffer for the intermediate result so that people + attaching to processes or reading core dumps cannot get any + information. */ + memset(temp_result, 0, sizeof(temp_result)); + memset(alt_result, 0, sizeof(alt_result)); + memset(&ctx, 0, sizeof(ctx)); + memset(&alt_ctx, 0, sizeof(alt_ctx)); + memset(key_data, 0, key_len); /* also p_bytes */ + memset(salt_data, 0, salt_len); /* also s_bytes */ + free(key_data); + free(salt_data); +#undef p_bytes +#undef s_bytes + + return result; +} +