[PATCH v3 0/8] common: Introduce crypt-style password support

Steffen Jaeckel jaeckel-floss at eyet-services.de
Mon Jun 21 22:23:43 CEST 2021


This patchset introduces support for crypt-style passwords to unlock
the console in autoboot mode.

The implementation of crypt-sha256 and crypt-sha512 originate from
libxcrypt at https://github.com/besser82/libxcrypt.git
Version v4.4.17
Git commit hash 6b110bc

I didn't re-format those two files to make diffing to the original
versions from libxcrypt easier, which leads to a huge load of
checkpatch.pl warnings&errors. Please advise on whether they should be
re-formatted or can be kept as is.

The remaining warnings from checkpatch.pl are intentional resp. open for
discussion.

A sandbox defconfig with password entry has been added. I'm not sure
whether this should be kept or not, it's just there as an example.

Cheers,
Steffen

Changes in v3:
Add unit-tests for autoboot
Introduce `bootstopusesha256` to allow fallback to plain SHA256-based
hashing
Add AUTOBOOT_FLUSH_STDIN option
Drop the changes to bcm963158_ram_defconfig

Changes in v2:
Update Kconfig way of enabling, setting hashes etc.

Changes in v1:
Added unit-tests of crypt_compare()
Wrapped crypt functions to encapsulate errno

Steffen Jaeckel (8):
  lib: add crypt subsystem
  lib: wrap crypt API to hide errno usage
  common: integrate crypt-based passwords
  common: Rename macro appropriately
  common: allow disabling of timeout for password entry
  common: add AUTOBOOT_FLUSH_STDIN option
  common: add support to fallback to plain SHA256
  test: add first autoboot unit tests

 common/Kconfig.boot         |  65 ++++++-
 common/autoboot.c           | 135 ++++++++++++--
 common/console.c            |   5 +
 configs/sandbox_defconfig   |  11 ++
 include/console.h           |  17 ++
 include/crypt.h             |  14 ++
 include/test/common.h       |  15 ++
 include/test/suites.h       |   1 +
 lib/Kconfig                 |   1 +
 lib/Makefile                |   1 +
 lib/crypt/Kconfig           |  28 +++
 lib/crypt/Makefile          |  10 ++
 lib/crypt/alg-sha256.h      |  11 ++
 lib/crypt/alg-sha512.h      |  11 ++
 lib/crypt/crypt-port.h      |  30 ++++
 lib/crypt/crypt-sha256.c    | 335 ++++++++++++++++++++++++++++++++++
 lib/crypt/crypt-sha512.c    | 350 ++++++++++++++++++++++++++++++++++++
 lib/crypt/crypt.c           |  76 ++++++++
 test/Kconfig                |   9 +
 test/Makefile               |   1 +
 test/cmd_ut.c               |   1 +
 test/common/Makefile        |   3 +
 test/common/cmd_ut_common.c |  22 +++
 test/common/test_autoboot.c |  90 ++++++++++
 test/lib/Makefile           |   1 +
 test/lib/test_crypt.c       |  64 +++++++
 26 files changed, 1285 insertions(+), 22 deletions(-)
 create mode 100644 include/crypt.h
 create mode 100644 include/test/common.h
 create mode 100644 lib/crypt/Kconfig
 create mode 100644 lib/crypt/Makefile
 create mode 100644 lib/crypt/alg-sha256.h
 create mode 100644 lib/crypt/alg-sha512.h
 create mode 100644 lib/crypt/crypt-port.h
 create mode 100644 lib/crypt/crypt-sha256.c
 create mode 100644 lib/crypt/crypt-sha512.c
 create mode 100644 lib/crypt/crypt.c
 create mode 100644 test/common/Makefile
 create mode 100644 test/common/cmd_ut_common.c
 create mode 100644 test/common/test_autoboot.c
 create mode 100644 test/lib/test_crypt.c

-- 
2.31.1



More information about the U-Boot mailing list