All of lore.kernel.org
 help / color / mirror / Atom feed
From: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
To: u-boot@lists.denx.de
Cc: Steffen Jaeckel <jaeckel-floss@eyet-services.de>,
	Alexandru Gagniuc <mr.nuke.me@gmail.com>,
	Anastasiia Lukianenko <anastasiia_lukianenko@epam.com>,
	Andrii Anisov <andrii_anisov@epam.com>,
	Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
	Aswath Govindraju <a-govindraju@ti.com>,
	Bin Meng <bmeng.cn@gmail.com>,
	Christian Gmeiner <christian.gmeiner@gmail.com>,
	Da Xue <da@libre.computer>, Heiko Schocher <hs@denx.de>,
	Heinrich Schuchardt <xypron.glpk@gmx.de>,
	Joel Peshkin <joel.peshkin@broadcom.com>,
	Joel Stanley <joel@jms.id.au>,
	Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>,
	Marek Szyprowski <m.szyprowski@samsung.com>,
	Masahisa Kojima <masahisa.kojima@linaro.org>,
	Patrick Delaunay <patrick.delaunay@foss.st.com>,
	Priyanka Jain <priyanka.jain@nxp.com>,
	Sean Anderson <seanga2@gmail.com>,
	Siew Chin Lim <elly.siew.chin.lim@intel.com>,
	Simon Glass <sjg@chromium.org>, Tero Kristo <t-kristo@ti.com>,
	"Yuezhang.Mo@sony.com" <Yuezhang.Mo@sony.com>
Subject: [PATCH v4 0/8] common: Introduce crypt-style password support
Date: Thu,  8 Jul 2021 01:09:38 +0200	[thread overview]
Message-ID: <20210707230946.2497660-1-jaeckel-floss@eyet-services.de> (raw)


This patchset introduces support for crypt-style passwords to unlock
the console in autoboot mode.

The implementation of crypt-sha256 and crypt-sha512 originate from
libxcrypt at https://github.com/besser82/libxcrypt.git
Version v4.4.17
Git commit hash 6b110bc

I didn't re-format those two files to make diffing to the original
versions from libxcrypt easier, which leads to a huge load of
checkpatch.pl warnings&errors. Please advise on whether they should be
re-formatted or can be kept as is.

The remaining warnings from checkpatch.pl are intentional resp. open for
discussion.

A sandbox defconfig with password entry has been added. I'm not sure
whether this should be kept or not, it's just there as an example.

Cheers,
Steffen

Changes in v4:
Fix depends for unit-tests
Take review comments into account
Add another test with `bootstopusesha256` unset

Changes in v3:
Add unit-tests for autoboot
Introduce `bootstopusesha256` to allow fallback to plain SHA256-based
hashing
Add AUTOBOOT_FLUSH_STDIN option
Drop the changes to bcm963158_ram_defconfig

Changes in v2:
Update Kconfig way of enabling, setting hashes etc.

Changes in v1:
Added unit-tests of crypt_compare()
Wrapped crypt functions to encapsulate errno

Steffen Jaeckel (8):
  lib: add crypt subsystem
  lib: wrap crypt API to hide errno usage
  common: integrate crypt-based passwords
  common: Rename macro appropriately
  common: allow disabling of timeout for password entry
  common: add AUTOBOOT_FLUSH_STDIN option
  common: add support to fallback to plain SHA256
  test: add first autoboot unit tests

 common/Kconfig.boot         |  65 ++++++-
 common/autoboot.c           | 136 ++++++++++++--
 common/console.c            |   5 +
 configs/sandbox_defconfig   |  13 +-
 include/console.h           |  17 ++
 include/crypt.h             |  14 ++
 include/test/common.h       |  15 ++
 include/test/suites.h       |   1 +
 lib/Kconfig                 |   1 +
 lib/Makefile                |   1 +
 lib/crypt/Kconfig           |  28 +++
 lib/crypt/Makefile          |  10 ++
 lib/crypt/alg-sha256.h      |  11 ++
 lib/crypt/alg-sha512.h      |  11 ++
 lib/crypt/crypt-port.h      |  30 ++++
 lib/crypt/crypt-sha256.c    | 335 ++++++++++++++++++++++++++++++++++
 lib/crypt/crypt-sha512.c    | 350 ++++++++++++++++++++++++++++++++++++
 lib/crypt/crypt.c           |  76 ++++++++
 test/Kconfig                |  10 ++
 test/Makefile               |   1 +
 test/cmd_ut.c               |   1 +
 test/common/Makefile        |   3 +
 test/common/cmd_ut_common.c |  22 +++
 test/common/test_autoboot.c |  90 ++++++++++
 test/lib/Makefile           |   1 +
 test/lib/test_crypt.c       |  64 +++++++
 26 files changed, 1288 insertions(+), 23 deletions(-)
 create mode 100644 include/crypt.h
 create mode 100644 include/test/common.h
 create mode 100644 lib/crypt/Kconfig
 create mode 100644 lib/crypt/Makefile
 create mode 100644 lib/crypt/alg-sha256.h
 create mode 100644 lib/crypt/alg-sha512.h
 create mode 100644 lib/crypt/crypt-port.h
 create mode 100644 lib/crypt/crypt-sha256.c
 create mode 100644 lib/crypt/crypt-sha512.c
 create mode 100644 lib/crypt/crypt.c
 create mode 100644 test/common/Makefile
 create mode 100644 test/common/cmd_ut_common.c
 create mode 100644 test/common/test_autoboot.c
 create mode 100644 test/lib/test_crypt.c

-- 
2.32.0


             reply	other threads:[~2021-07-07 23:10 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-07 23:09 Steffen Jaeckel [this message]
2021-07-07 23:09 ` [PATCH v4 1/8] lib: add crypt subsystem Steffen Jaeckel
2021-07-08  3:56   ` Heiko Schocher
2021-07-08 11:43     ` Steffen Jaeckel
2021-07-08 11:50       ` Heiko Schocher
2021-07-07 23:09 ` [PATCH v4 2/8] lib: wrap crypt API to hide errno usage Steffen Jaeckel
2021-07-08  3:58   ` Heiko Schocher
2021-07-07 23:09 ` [PATCH v4 3/8] common: integrate crypt-based passwords Steffen Jaeckel
2021-07-08  4:00   ` Heiko Schocher
2021-07-07 23:09 ` [PATCH v4 4/8] common: Rename macro appropriately Steffen Jaeckel
2021-07-08  4:04   ` Heiko Schocher
2021-07-07 23:09 ` [PATCH v4 5/8] common: allow disabling of timeout for password entry Steffen Jaeckel
2021-07-07 23:09 ` [PATCH v4 6/8] common: add AUTOBOOT_FLUSH_STDIN option Steffen Jaeckel
2021-07-07 23:09 ` [PATCH v4 7/8] common: add support to fallback to plain SHA256 Steffen Jaeckel
2021-07-07 23:09 ` [PATCH v4 8/8] test: add first autoboot unit tests Steffen Jaeckel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210707230946.2497660-1-jaeckel-floss@eyet-services.de \
    --to=jaeckel-floss@eyet-services.de \
    --cc=Yuezhang.Mo@sony.com \
    --cc=a-govindraju@ti.com \
    --cc=anastasiia_lukianenko@epam.com \
    --cc=andrii_anisov@epam.com \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=bmeng.cn@gmail.com \
    --cc=christian.gmeiner@gmail.com \
    --cc=da@libre.computer \
    --cc=elly.siew.chin.lim@intel.com \
    --cc=hs@denx.de \
    --cc=joel.peshkin@broadcom.com \
    --cc=joel@jms.id.au \
    --cc=klaus@linux.vnet.ibm.com \
    --cc=m.szyprowski@samsung.com \
    --cc=masahisa.kojima@linaro.org \
    --cc=mr.nuke.me@gmail.com \
    --cc=patrick.delaunay@foss.st.com \
    --cc=priyanka.jain@nxp.com \
    --cc=seanga2@gmail.com \
    --cc=sjg@chromium.org \
    --cc=t-kristo@ti.com \
    --cc=u-boot@lists.denx.de \
    --cc=xypron.glpk@gmx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.