[U-Boot-Users] PATCH Add password to serial console
Francesco.Albanese at swisscom.com
Francesco.Albanese at swisscom.com
Thu Jun 5 17:49:28 CEST 2008
Hello,
I've been working on a board using u-boot and I had the need of locking the console: maybe you could be interested in evaluating this patch.
Features:
- Board independent functions
- Password hash: SHA256, no salt at the moment
- Logon with forced delay on error
- The password is set as environment variable
- New "lock" command to set/unset protection
Cheers,
Francesco Albanese
----------------------------------------------------------------
>From da58a257837469e2c9b011154b0cc35da15b68cc Mon Sep 17 00:00:00 2001
From: Francesco Albanese <Francesco.Albanese at swisscom.com>
Date: Thu, 5 Jun 2008 17:28:29 +0200
Subject: [PATCH] Add password protection
Signed-off-by: Francesco Albanese <Francesco.Albanese at swisscom.com>
---
common/Makefile | 3 +
common/cmd_lock.c | 122 ++++++++++++++++++++++++
common/main.c | 4 +
common/password.c | 269 ++++++++++++++++++++++++++++++++++++++++++++++++++++
common/sha256.c | 263 ++++++++++++++++++++++++++++++++++++++++++++++++++
include/password.h | 35 +++++++
include/sha256.h | 22 ++++
7 files changed, 718 insertions(+), 0 deletions(-)
create mode 100755 common/cmd_lock.c
create mode 100755 common/password.c
create mode 100755 common/sha256.c
create mode 100755 include/password.h
create mode 100755 include/sha256.h
diff --git a/common/Makefile b/common/Makefile
index b425795..b8fe45e 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -145,6 +145,9 @@ COBJS-y += cmd_mac.o
COBJS-$(CONFIG_CMD_MFSL) += cmd_mfsl.o
COBJS-$(CONFIG_MP) += cmd_mp.o
COBJS-$(CONFIG_CMD_SF) += cmd_sf.o
+COBJS-y += password.o
+COBJS-y += sha256.o
+COBJS-y += cmd_lock.o
COBJS := $(COBJS-y)
SRCS := $(AOBJS:.o=.S) $(COBJS:.o=.c)
diff --git a/common/cmd_lock.c b/common/cmd_lock.c
new file mode 100755
index 0000000..4e41fed
--- /dev/null
+++ b/common/cmd_lock.c
@@ -0,0 +1,122 @@
+#include <common.h>
+#include <command.h>
+#include <password.h>
+
+#define BUFFER_MAX_LEN PASSWORD_MAX_LEN+2
+
+#if defined(_USE_PASSWORD)
+
+DECLARE_GLOBAL_DATA_PTR;
+
+int
+do_lock(cmd_tbl_t * cmdtp, int flag, int argc, char *argv[])
+{
+ char *s = NULL;
+ char A_buffer[BUFFER_MAX_LEN] = "\0";
+ char B_buffer[BUFFER_MAX_LEN] = "\0";
+ int i;
+
+ s = getenv(PASSWORD_ENV_VAR);
+
+ if (!strcmp(argv[1], "enable") && argc == 2) {
+
+ if (!s) {
+
+ i = read_password("Enter new password:", A_buffer,
+ BUFFER_MAX_LEN);
+ if (i == -1)
+ return i;
+ i = read_password("Retype new password:", B_buffer,
+ BUFFER_MAX_LEN);
+ if (i == -1)
+ return i;
+
+ if (!strncmp(A_buffer, B_buffer, BUFFER_MAX_LEN)) {
+
+ i = set_protection(A_buffer, strlen(A_buffer));
+
+ if (i)
+ puts("Writing error\n");
+ else
+ puts("Password set\n");
+
+ } else
+ puts("Passwords mismatch\n");
+
+ memset(A_buffer, 0, BUFFER_MAX_LEN);
+ memset(B_buffer, 0, BUFFER_MAX_LEN);
+ }
+
+ else {
+ puts("Lock already enabled\n");
+
+ }
+
+ } else if (!strcmp(argv[1], "disable") && argc == 2) {
+
+ if (s) {
+
+ i = remove_protection();
+
+ if (i)
+ puts("Writing error\n");
+ else
+ puts("Password removed\n");
+ } else
+ puts("Lock already disabled\n");
+
+ } else if (!strcmp(argv[1], "change") && argc == 2) {
+
+ if (!s) {
+ puts("Lock is disabled - Run lock enable\n");
+ } else {
+
+ i = read_password("Enter new password:", A_buffer,
+ BUFFER_MAX_LEN);
+ if (i == -1)
+ return i;
+ i = read_password("Retype new password:", B_buffer,
+ BUFFER_MAX_LEN);
+ if (i == -1)
+ return i;
+
+ if (!strncmp(A_buffer, B_buffer, BUFFER_MAX_LEN)) {
+
+ i = set_protection(A_buffer, strlen(A_buffer));
+ if (i)
+ puts("Writing error\n");
+ else
+ puts("Password changed\n");
+ } else
+ puts("Passwords mismatch\n");
+
+ memset(A_buffer, 0, BUFFER_MAX_LEN);
+ memset(B_buffer, 0, BUFFER_MAX_LEN);
+
+ }
+
+ } else if (!strcmp(argv[1], "status") && argc == 2) {
+ if (s) {
+ puts("Lockdown enabled\n");
+ } else
+ puts("Lockdown disabled\n");
+
+ } else {
+ printf("Usage:\n%s\n", cmdtp->usage);
+ return 1;
+ }
+
+ return 0;
+
+}
+
+/* -------------------------------------------------------------------- */
+
+U_BOOT_CMD(lock, 2, 1, do_lock,
+ "lock - lock setting commands\n",
+ "\nlock enable - set password protection\n"
+ "lock disable - unset password protection\n"
+ "lock status - show lock status\n"
+ "lock change - change password\n");
+
+#endif /* _USE_PASSWORD */
diff --git a/common/main.c b/common/main.c
index 046da6f..8aff259 100644
--- a/common/main.c
+++ b/common/main.c
@@ -39,6 +39,7 @@
#endif
#include <post.h>
+#include <password.h>
#if defined(CONFIG_SILENT_CONSOLE) || defined(CONFIG_POST) ||
defined(CONFIG_CMDLINE_EDITING)
DECLARE_GLOBAL_DATA_PTR;
@@ -424,6 +425,9 @@ void main_loop (void)
}
#endif
+#ifdef _USE_PASSWORD
+ trap_loop();
+#endif
/*
* Main Loop for Monitor Command Processing
*/
diff --git a/common/password.c b/common/password.c
new file mode 100755
index 0000000..26e3f52
--- /dev/null
+++ b/common/password.c
@@ -0,0 +1,269 @@
+#include <common.h>
+#include <sha256.h>
+#include <password.h>
+
+static password_state_t lock_state = UNLOCKED;
+static char erase_seq[] = "\b \b";
+
+password_state_t
+check_lock_status()
+{
+ return lock_state;
+}
+
+/********************************************
+ * remove_protection()
+ *
+ * Remove password protection
+ */
+int
+remove_protection()
+{
+
+ setenv(PASSWORD_ENV_VAR, NULL);
+ return (saveenv()? 1 : 0);
+
+}
+
+/********************************************
+ * set_protection()
+ *
+ * Set / change password protection
+ */
+int
+set_protection(char *password, size_t password_length)
+{
+
+ char hash[256];
+ process_password(password, strlen(password), hash);
+
+ setenv(PASSWORD_ENV_VAR, hash);
+ return (saveenv()? 1 : 0);
+
+}
+
+/********************************************
+ * setup_lock_status()
+ *
+ * Control if a password is set as env
+ * Set the lock accordingly
+ * Return the lock status
+ */
+password_state_t
+setup_lock_status()
+{
+
+ char *s = NULL;
+
+ s = getenv(PASSWORD_ENV_VAR);
+
+ lock_state = s ? LOCKED : UNLOCKED;
+
+ return lock_state;
+
+}
+
+/********************************************
+ * unlock()
+ *
+ * If the password supplied match, unlock the lock :)
+ */
+password_state_t
+unlock(char *password, size_t length)
+{
+
+ lock_state = verify_password(password, length) ? LOCKED : UNLOCKED;
+ return lock_state;
+}
+
+/********************************************
+ * sha256()
+ *
+ * Apply SHA256 to input
+ */
+void
+sha256(uint8 * input, uint32 length, uint8 digest[32])
+{
+
+ sha256_context ctx;
+
+ sha256_starts(&ctx);
+ sha256_update(&ctx, input, length);
+ sha256_finish(&ctx, digest);
+
+ memset(&ctx, 0, sizeof (sha256_context));
+
+}
+
+/********************************************
+ * charify_digest()
+ *
+ * Represent raw hex as ASCII
+ */
+void
+charify_digest(uint8 digest[32], char *charified)
+{
+
+ int i;
+ char *c = charified;
+
+ for (i = 0; i < 32; i++) {
+ sprintf(c, "%02x", digest[i]);
+ c += 2;
+ }
+}
+
+/********************************************
+ * verify_password()
+ *
+ * Receive a password as input
+ * Process it
+ * Determine if the input and the stored password match
+ */
+int
+verify_password(char *password, size_t length)
+{
+
+ char *original = NULL;
+ char hash[256];
+
+ original = getenv(PASSWORD_ENV_VAR);
+ process_password(password, strlen(password), hash);
+
+ return strncmp(hash, original, 256);
+
+}
+
+/********************************************
+ * process_password()
+ *
+ * Receive a password as input
+ * Hash it
+ * Represent the 32 bytes digest using a 256 bytes ASCII string
+ */
+void
+process_password(char *password, size_t password_length, char *hash)
+{
+
+ uint8 digest[32];
+ char charified[256];
+ uint8 *input = (uint8 *) password;
+ uint32 input_length = (uint32) password_length;
+
+ sha256(input, input_length, digest);
+
+ charify_digest(digest, charified);
+
+ memcpy(hash, charified, 256);
+
+}
+
+static char *
+del_char(char *buffer, char *p, int *colp, int *np, int plen)
+{
+ if (*np == 0) {
+ return (p);
+ }
+
+ --p;
+ puts(erase_seq);
+ (*colp)--;
+
+ (*np)--;
+ return (p);
+}
+
+int
+read_password(const char *const prompt, char *buffer, size_t buffer_length)
+{
+
+ char *p = buffer;
+
+ char *p_buf = p;
+ int n = 0; /* buffer index */
+ int col; /* output column cnt */
+ int plen = 0; /* prompt length */
+ char c;
+
+ if (prompt) {
+ plen = strlen(prompt);
+ puts(prompt);
+ }
+ col = plen;
+
+ for (;;) {
+
+ c = getc();
+
+ /*
+ * Special character handling
+ */
+ switch (c) {
+ case '\r': /* Enter */
+ case '\n':
+ *p = '\0';
+ puts("\r\n");
+ return (p - p_buf);
+
+ case '\0': /* nul */
+ case '\t':
+ continue;
+
+ case 0x03: /* ^C - break */
+ p_buf[0] = '\0'; /* discard input */
+ return (-1);
+
+ case 0x08: /* ^H - backspace */
+ case 0x7F: /* DEL - backspace */
+ p = del_char(p_buf, p, &col, &n, plen);
+ continue;
+
+ default:
+
+ if (n < buffer_length - 2) {
+ ++col; /* echo input */
+ putc('*');
+
+ *p++ = c;
+ ++n;
+ } else { /* Buffer full */
+ putc('\a');
+ }
+ }
+ }
+
+}
+
+/********************************************
+ * trap_loop ()
+ *
+ * Lock console execution
+ */
+void
+trap_loop()
+{
+
+ char buffer[BUFFER_MAX_LEN] = "\0";
+ ulong delay = 1 * CFG_HZ;
+ ulong start;
+
+ if (setup_lock_status() == LOCKED) {
+
+ while (1) {
+
+ start = get_timer(0);
+ memset(buffer, 0, BUFFER_MAX_LEN);
+ read_password("Enter password:", buffer,
+ BUFFER_MAX_LEN);
+
+ if (!unlock(buffer, strlen(buffer)))
+ return;
+
+ while (get_timer(start) < delay)
+ udelay(100);
+
+ delay *= 2;
+
+ }
+ }
+}
diff --git a/common/sha256.c b/common/sha256.c
new file mode 100755
index 0000000..0071829
--- /dev/null
+++ b/common/sha256.c
@@ -0,0 +1,263 @@
+/*
+ * FIPS-180-2 compliant SHA-256 implementation
+ *
+ * Copyright (C) 2001-2003 Christophe Devine
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+#include <common.h>
+#include <sha256.h>
+#include <password.h>
+
+#if defined(_USE_PASSWORD)
+
+#define GET_UINT32(n,b,i) \
+{ \
+ (n) = ( (uint32) (b)[(i) ] << 24 ) \
+ | ( (uint32) (b)[(i) + 1] << 16 ) \
+ | ( (uint32) (b)[(i) + 2] << 8 ) \
+ | ( (uint32) (b)[(i) + 3] ); \
+}
+
+#define PUT_UINT32(n,b,i) \
+{ \
+ (b)[(i) ] = (uint8) ( (n) >> 24 ); \
+ (b)[(i) + 1] = (uint8) ( (n) >> 16 ); \
+ (b)[(i) + 2] = (uint8) ( (n) >> 8 ); \
+ (b)[(i) + 3] = (uint8) ( (n) ); \
+}
+
+void
+sha256_starts(sha256_context * ctx)
+{
+ ctx->total[0] = 0;
+ ctx->total[1] = 0;
+
+ ctx->state[0] = 0x6A09E667;
+ ctx->state[1] = 0xBB67AE85;
+ ctx->state[2] = 0x3C6EF372;
+ ctx->state[3] = 0xA54FF53A;
+ ctx->state[4] = 0x510E527F;
+ ctx->state[5] = 0x9B05688C;
+ ctx->state[6] = 0x1F83D9AB;
+ ctx->state[7] = 0x5BE0CD19;
+}
+
+void
+sha256_process(sha256_context * ctx, uint8 data[64])
+{
+ uint32 temp1, temp2, W[64];
+ uint32 A, B, C, D, E, F, G, H;
+
+ GET_UINT32(W[0], data, 0);
+ GET_UINT32(W[1], data, 4);
+ GET_UINT32(W[2], data, 8);
+ GET_UINT32(W[3], data, 12);
+ GET_UINT32(W[4], data, 16);
+ GET_UINT32(W[5], data, 20);
+ GET_UINT32(W[6], data, 24);
+ GET_UINT32(W[7], data, 28);
+ GET_UINT32(W[8], data, 32);
+ GET_UINT32(W[9], data, 36);
+ GET_UINT32(W[10], data, 40);
+ GET_UINT32(W[11], data, 44);
+ GET_UINT32(W[12], data, 48);
+ GET_UINT32(W[13], data, 52);
+ GET_UINT32(W[14], data, 56);
+ GET_UINT32(W[15], data, 60);
+
+#define SHR(x,n) ((x & 0xFFFFFFFF) >> n)
+#define ROTR(x,n) (SHR(x,n) | (x << (32 - n)))
+
+#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
+#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
+
+#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
+#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
+
+#define F0(x,y,z) ((x & y) | (z & (x | y)))
+#define F1(x,y,z) (z ^ (x & (y ^ z)))
+
+#define R(t) \
+( \
+ W[t] = S1(W[t - 2]) + W[t - 7] + \
+ S0(W[t - 15]) + W[t - 16] \
+)
+
+#define P(a,b,c,d,e,f,g,h,x,K) \
+{ \
+ temp1 = h + S3(e) + F1(e,f,g) + K + x; \
+ temp2 = S2(a) + F0(a,b,c); \
+ d += temp1; h = temp1 + temp2; \
+}
+
+ A = ctx->state[0];
+ B = ctx->state[1];
+ C = ctx->state[2];
+ D = ctx->state[3];
+ E = ctx->state[4];
+ F = ctx->state[5];
+ G = ctx->state[6];
+ H = ctx->state[7];
+
+ P(A, B, C, D, E, F, G, H, W[0], 0x428A2F98);
+ P(H, A, B, C, D, E, F, G, W[1], 0x71374491);
+ P(G, H, A, B, C, D, E, F, W[2], 0xB5C0FBCF);
+ P(F, G, H, A, B, C, D, E, W[3], 0xE9B5DBA5);
+ P(E, F, G, H, A, B, C, D, W[4], 0x3956C25B);
+ P(D, E, F, G, H, A, B, C, W[5], 0x59F111F1);
+ P(C, D, E, F, G, H, A, B, W[6], 0x923F82A4);
+ P(B, C, D, E, F, G, H, A, W[7], 0xAB1C5ED5);
+ P(A, B, C, D, E, F, G, H, W[8], 0xD807AA98);
+ P(H, A, B, C, D, E, F, G, W[9], 0x12835B01);
+ P(G, H, A, B, C, D, E, F, W[10], 0x243185BE);
+ P(F, G, H, A, B, C, D, E, W[11], 0x550C7DC3);
+ P(E, F, G, H, A, B, C, D, W[12], 0x72BE5D74);
+ P(D, E, F, G, H, A, B, C, W[13], 0x80DEB1FE);
+ P(C, D, E, F, G, H, A, B, W[14], 0x9BDC06A7);
+ P(B, C, D, E, F, G, H, A, W[15], 0xC19BF174);
+ P(A, B, C, D, E, F, G, H, R(16), 0xE49B69C1);
+ P(H, A, B, C, D, E, F, G, R(17), 0xEFBE4786);
+ P(G, H, A, B, C, D, E, F, R(18), 0x0FC19DC6);
+ P(F, G, H, A, B, C, D, E, R(19), 0x240CA1CC);
+ P(E, F, G, H, A, B, C, D, R(20), 0x2DE92C6F);
+ P(D, E, F, G, H, A, B, C, R(21), 0x4A7484AA);
+ P(C, D, E, F, G, H, A, B, R(22), 0x5CB0A9DC);
+ P(B, C, D, E, F, G, H, A, R(23), 0x76F988DA);
+ P(A, B, C, D, E, F, G, H, R(24), 0x983E5152);
+ P(H, A, B, C, D, E, F, G, R(25), 0xA831C66D);
+ P(G, H, A, B, C, D, E, F, R(26), 0xB00327C8);
+ P(F, G, H, A, B, C, D, E, R(27), 0xBF597FC7);
+ P(E, F, G, H, A, B, C, D, R(28), 0xC6E00BF3);
+ P(D, E, F, G, H, A, B, C, R(29), 0xD5A79147);
+ P(C, D, E, F, G, H, A, B, R(30), 0x06CA6351);
+ P(B, C, D, E, F, G, H, A, R(31), 0x14292967);
+ P(A, B, C, D, E, F, G, H, R(32), 0x27B70A85);
+ P(H, A, B, C, D, E, F, G, R(33), 0x2E1B2138);
+ P(G, H, A, B, C, D, E, F, R(34), 0x4D2C6DFC);
+ P(F, G, H, A, B, C, D, E, R(35), 0x53380D13);
+ P(E, F, G, H, A, B, C, D, R(36), 0x650A7354);
+ P(D, E, F, G, H, A, B, C, R(37), 0x766A0ABB);
+ P(C, D, E, F, G, H, A, B, R(38), 0x81C2C92E);
+ P(B, C, D, E, F, G, H, A, R(39), 0x92722C85);
+ P(A, B, C, D, E, F, G, H, R(40), 0xA2BFE8A1);
+ P(H, A, B, C, D, E, F, G, R(41), 0xA81A664B);
+ P(G, H, A, B, C, D, E, F, R(42), 0xC24B8B70);
+ P(F, G, H, A, B, C, D, E, R(43), 0xC76C51A3);
+ P(E, F, G, H, A, B, C, D, R(44), 0xD192E819);
+ P(D, E, F, G, H, A, B, C, R(45), 0xD6990624);
+ P(C, D, E, F, G, H, A, B, R(46), 0xF40E3585);
+ P(B, C, D, E, F, G, H, A, R(47), 0x106AA070);
+ P(A, B, C, D, E, F, G, H, R(48), 0x19A4C116);
+ P(H, A, B, C, D, E, F, G, R(49), 0x1E376C08);
+ P(G, H, A, B, C, D, E, F, R(50), 0x2748774C);
+ P(F, G, H, A, B, C, D, E, R(51), 0x34B0BCB5);
+ P(E, F, G, H, A, B, C, D, R(52), 0x391C0CB3);
+ P(D, E, F, G, H, A, B, C, R(53), 0x4ED8AA4A);
+ P(C, D, E, F, G, H, A, B, R(54), 0x5B9CCA4F);
+ P(B, C, D, E, F, G, H, A, R(55), 0x682E6FF3);
+ P(A, B, C, D, E, F, G, H, R(56), 0x748F82EE);
+ P(H, A, B, C, D, E, F, G, R(57), 0x78A5636F);
+ P(G, H, A, B, C, D, E, F, R(58), 0x84C87814);
+ P(F, G, H, A, B, C, D, E, R(59), 0x8CC70208);
+ P(E, F, G, H, A, B, C, D, R(60), 0x90BEFFFA);
+ P(D, E, F, G, H, A, B, C, R(61), 0xA4506CEB);
+ P(C, D, E, F, G, H, A, B, R(62), 0xBEF9A3F7);
+ P(B, C, D, E, F, G, H, A, R(63), 0xC67178F2);
+
+ ctx->state[0] += A;
+ ctx->state[1] += B;
+ ctx->state[2] += C;
+ ctx->state[3] += D;
+ ctx->state[4] += E;
+ ctx->state[5] += F;
+ ctx->state[6] += G;
+ ctx->state[7] += H;
+}
+
+void
+sha256_update(sha256_context * ctx, uint8 * input, uint32 length)
+{
+ uint32 left, fill;
+
+ if (!length)
+ return;
+
+ left = ctx->total[0] & 0x3F;
+ fill = 64 - left;
+
+ ctx->total[0] += length;
+ ctx->total[0] &= 0xFFFFFFFF;
+
+ if (ctx->total[0] < length)
+ ctx->total[1]++;
+
+ if (left && length >= fill) {
+ memcpy((void *) (ctx->buffer + left), (void *) input, fill);
+ sha256_process(ctx, ctx->buffer);
+ length -= fill;
+ input += fill;
+ left = 0;
+ }
+
+ while (length >= 64) {
+ sha256_process(ctx, input);
+ length -= 64;
+ input += 64;
+ }
+
+ if (length) {
+ memcpy((void *) (ctx->buffer + left), (void *) input, length);
+ }
+}
+
+static uint8 sha256_padding[64] = {
+ 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+void
+sha256_finish(sha256_context * ctx, uint8 digest[32])
+{
+ uint32 last, padn;
+ uint32 high, low;
+ uint8 msglen[8];
+
+ high = (ctx->total[0] >> 29)
+ | (ctx->total[1] << 3);
+ low = (ctx->total[0] << 3);
+
+ PUT_UINT32(high, msglen, 0);
+ PUT_UINT32(low, msglen, 4);
+
+ last = ctx->total[0] & 0x3F;
+ padn = (last < 56) ? (56 - last) : (120 - last);
+
+ sha256_update(ctx, sha256_padding, padn);
+ sha256_update(ctx, msglen, 8);
+
+ PUT_UINT32(ctx->state[0], digest, 0);
+ PUT_UINT32(ctx->state[1], digest, 4);
+ PUT_UINT32(ctx->state[2], digest, 8);
+ PUT_UINT32(ctx->state[3], digest, 12);
+ PUT_UINT32(ctx->state[4], digest, 16);
+ PUT_UINT32(ctx->state[5], digest, 20);
+ PUT_UINT32(ctx->state[6], digest, 24);
+ PUT_UINT32(ctx->state[7], digest, 28);
+}
+#endif
diff --git a/include/password.h b/include/password.h
new file mode 100755
index 0000000..72d067d
--- /dev/null
+++ b/include/password.h
@@ -0,0 +1,35 @@
+#ifndef _PASSWORD_H
+#define _PASSWORD_H
+
+#include <sha256.h>
+
+/*define this to enable password lock either here or in hw-config header
+ * #define _USE_PASSWORD 1
+ */
+#define PASSWORD_MAX_LEN 30
+#define PASSWORD_ENV_VAR "password"
+#define PASSWORD_HSH_LEN 32
+#define BUFFER_MAX_LEN PASSWORD_MAX_LEN+2
+
+typedef enum {
+ UNLOCKED = 0,
+ LOCKED = 1
+} password_state_t;
+
+void trap_loop(void);
+
+int remove_protection(void);
+int verify_password(char *password, size_t length);
+int set_protection(char *password, size_t password_length);
+int read_password(const char *const prompt, char *buffer, size_t
buffer_length);
+
+static char *del_char(char *buffer, char *p, int *colp, int *np, int plen);
+
+void charify_digest(uint8 digest[32], char *charified);
+void sha256(uint8 * input, uint32 length, uint8 digest[32]);
+void process_password(char *password, size_t password_length, char *hash);
+
+password_state_t check_lock_status(void);
+password_state_t setup_lock_status(void);
+password_state_t unlock(char *password, size_t length);
+#endif /* _PASSWORD_H */
diff --git a/include/sha256.h b/include/sha256.h
new file mode 100755
index 0000000..7b8dc81
--- /dev/null
+++ b/include/sha256.h
@@ -0,0 +1,22 @@
+#ifndef _SHA256_H
+#define _SHA256_H
+
+#ifndef uint8
+#define uint8 unsigned char
+#endif
+
+#ifndef uint32
+#define uint32 unsigned long int
+#endif
+
+typedef struct {
+ uint32 total[2];
+ uint32 state[8];
+ uint8 buffer[64];
+} sha256_context;
+
+void sha256_starts(sha256_context * ctx);
+void sha256_update(sha256_context * ctx, uint8 * input, uint32 length);
+void sha256_finish(sha256_context * ctx, uint8 digest[32]);
+
+#endif /* _SHA256_H */
--
1.5.2.5
More information about the U-Boot
mailing list