[U-Boot] [PATCH v1 4/4] autoboot.c: Add feature to stop autobooting via SHA256 encrypted password
Magnus Lilja
lilja.magnus at gmail.com
Thu May 7 22:56:52 CEST 2015
Hi Stefan
On 7 May 2015 at 14:13, Stefan Roese <sr at denx.de> wrote:
> This patch adds the feature to only stop the autobooting, and therefor
> boot into the U-Boot prompt, when the input string / password matches
> a values that is encypted via a SHA256 hash and saved in the environment.
>
> This feature is enabled by defined these config options:
> CONFIG_AUTOBOOT_KEYED
> CONFIG_AUTOBOOT_STOP_STR_SHA256
>
> + /*
> + * Generate the binary value from the environment hash value
> + * so that we can compare this value with the computed hash
> + * from the user input
> + */
> + for (i = 0; i < SHA256_SUM_LEN; i++) {
> + char chr[3];
> +
> + strncpy(chr, &sha_env_str[i * 2], 2);
> + sha_env[i] = simple_strtoul(chr, NULL, 16);
> + }
> +
> + /*
> + * We don't know how long the stop-string is, so we need to
> + * generate the sha256 hash upon each input character and
> + * compare the value with the one saved in the environment
> + */
> + do {
> + if (tstc()) {
> + presskey[presskey_len++] = getc();
> +
> + /* Calculate sha256 upon each new char */
> + sha256_csum_wd((unsigned char *)presskey, presskey_len,
> + sha, CHUNKSZ_SHA256);
> +
> + /* And check if sha matches saved value in env */
> + if (memcmp(sha, sha_env, SHA256_SUM_LEN) == 0)
> + abort = 1;
> + }
> + } while (!abort && get_ticks() <= etime);
I don't know what the security requirements are for this feature, i.e.
what strength the mechanism should have but:
1. Simply hashing the password is not recommended, a long salt
(generated by a good random number generator) should be pre-pended to
the passphrase before hashing. See [1]
2. Using memcmp() is not recommended for the above comparison. See [1]
(SlowEqual example).
3. I haven't looked closely at the code above but it looks to me that
there is no check that the stop-string entered by the user/attacker
fits the presskey buffer. I.e. a buffer overflow attack might be
possible.
[1] https://crackstation.net/hashing-security.htm
Regards, Magnus
More information about the U-Boot
mailing list