X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=common%2Fautoboot.c;h=223e06274025bea71afd2b15052ca2337d07d7bb;hb=0745008145e0a30db06b21533512893ba0f706a2;hp=30102a47a8aefecf85ccd38984e054541bbe669a;hpb=ed1d98d801dfb6384d0f2fff45ce1ebf884944ca;p=u-boot

diff --git a/common/autoboot.c b/common/autoboot.c
index 30102a47a8..223e062740 100644
--- a/common/autoboot.c
+++ b/common/autoboot.c
@@ -6,11 +6,14 @@
  */
 
 #include <common.h>
+#include <autoboot.h>
 #include <bootretry.h>
 #include <cli.h>
+#include <console.h>
 #include <fdtdec.h>
 #include <menu.h>
 #include <post.h>
+#include <u-boot/sha256.h>
 
 DECLARE_GLOBAL_DATA_PTR;
 
@@ -25,15 +28,81 @@ DECLARE_GLOBAL_DATA_PTR;
 /* Stored value of bootdelay, used by autoboot_command() */
 static int stored_bootdelay;
 
-/***************************************************************************
- * Watch for 'delay' seconds for autoboot stop or autoboot delay string.
- * returns: 0 -  no key string, allow autoboot 1 - got key string, abort
+#if defined(CONFIG_AUTOBOOT_KEYED)
+#if defined(CONFIG_AUTOBOOT_STOP_STR_SHA256)
+
+/*
+ * Use a "constant-length" time compare function for this
+ * hash compare:
+ *
+ * https://crackstation.net/hashing-security.htm
  */
-# if defined(CONFIG_AUTOBOOT_KEYED)
-static int abortboot_keyed(int bootdelay)
+static int slow_equals(u8 *a, u8 *b, int len)
+{
+	int diff = 0;
+	int i;
+
+	for (i = 0; i < len; i++)
+		diff |= a[i] ^ b[i];
+
+	return diff == 0;
+}
+
+static int passwd_abort(uint64_t etime)
+{
+	const char *sha_env_str = getenv("bootstopkeysha256");
+	u8 sha_env[SHA256_SUM_LEN];
+	u8 sha[SHA256_SUM_LEN];
+	char presskey[MAX_DELAY_STOP_STR];
+	const char *algo_name = "sha256";
+	u_int presskey_len = 0;
+	int abort = 0;
+	int size;
+	int ret;
+
+	if (sha_env_str == NULL)
+		sha_env_str = CONFIG_AUTOBOOT_STOP_STR_SHA256;
+
+	/*
+	 * Generate the binary value from the environment hash value
+	 * so that we can compare this value with the computed hash
+	 * from the user input
+	 */
+	ret = hash_parse_string(algo_name, sha_env_str, sha_env);
+	if (ret) {
+		printf("Hash %s not supported!\n", algo_name);
+		return 0;
+	}
+
+	/*
+	 * We don't know how long the stop-string is, so we need to
+	 * generate the sha256 hash upon each input character and
+	 * compare the value with the one saved in the environment
+	 */
+	do {
+		if (tstc()) {
+			/* Check for input string overflow */
+			if (presskey_len >= MAX_DELAY_STOP_STR)
+				return 0;
+
+			presskey[presskey_len++] = getc();
+
+			/* Calculate sha256 upon each new char */
+			hash_block(algo_name, (const void *)presskey,
+				   presskey_len, sha, &size);
+
+			/* And check if sha matches saved value in env */
+			if (slow_equals(sha, sha_env, SHA256_SUM_LEN))
+				abort = 1;
+		}
+	} while (!abort && get_ticks() <= etime);
+
+	return abort;
+}
+#else
+static int passwd_abort(uint64_t etime)
 {
 	int abort = 0;
-	uint64_t etime = endtick(bootdelay);
 	struct {
 		char *str;
 		u_int len;
@@ -41,9 +110,7 @@ static int abortboot_keyed(int bootdelay)
 	}
 	delaykey[] = {
 		{ .str = getenv("bootdelaykey"),  .retry = 1 },
-		{ .str = getenv("bootdelaykey2"), .retry = 1 },
 		{ .str = getenv("bootstopkey"),   .retry = 0 },
-		{ .str = getenv("bootstopkey2"),  .retry = 0 },
 	};
 
 	char presskey[MAX_DELAY_STOP_STR];
@@ -51,30 +118,13 @@ static int abortboot_keyed(int bootdelay)
 	u_int presskey_max = 0;
 	u_int i;
 
-#ifndef CONFIG_ZERO_BOOTDELAY_CHECK
-	if (bootdelay == 0)
-		return 0;
-#endif
-
-#  ifdef CONFIG_AUTOBOOT_PROMPT
-	printf(CONFIG_AUTOBOOT_PROMPT);
-#  endif
-
 #  ifdef CONFIG_AUTOBOOT_DELAY_STR
 	if (delaykey[0].str == NULL)
 		delaykey[0].str = CONFIG_AUTOBOOT_DELAY_STR;
 #  endif
-#  ifdef CONFIG_AUTOBOOT_DELAY_STR2
-	if (delaykey[1].str == NULL)
-		delaykey[1].str = CONFIG_AUTOBOOT_DELAY_STR2;
-#  endif
 #  ifdef CONFIG_AUTOBOOT_STOP_STR
-	if (delaykey[2].str == NULL)
-		delaykey[2].str = CONFIG_AUTOBOOT_STOP_STR;
-#  endif
-#  ifdef CONFIG_AUTOBOOT_STOP_STR2
-	if (delaykey[3].str == NULL)
-		delaykey[3].str = CONFIG_AUTOBOOT_STOP_STR2;
+	if (delaykey[1].str == NULL)
+		delaykey[1].str = CONFIG_AUTOBOOT_STOP_STR;
 #  endif
 
 	for (i = 0; i < sizeof(delaykey) / sizeof(delaykey[0]); i++) {
@@ -124,6 +174,33 @@ static int abortboot_keyed(int bootdelay)
 		}
 	} while (!abort && get_ticks() <= etime);
 
+	return abort;
+}
+#endif
+
+/***************************************************************************
+ * Watch for 'delay' seconds for autoboot stop or autoboot delay string.
+ * returns: 0 -  no key string, allow autoboot 1 - got key string, abort
+ */
+static int abortboot_keyed(int bootdelay)
+{
+	int abort;
+	uint64_t etime = endtick(bootdelay);
+
+#ifndef CONFIG_ZERO_BOOTDELAY_CHECK
+	if (bootdelay == 0)
+		return 0;
+#endif
+
+#  ifdef CONFIG_AUTOBOOT_PROMPT
+	/*
+	 * CONFIG_AUTOBOOT_PROMPT includes the %d for all boards.
+	 * To print the bootdelay value upon bootup.
+	 */
+	printf(CONFIG_AUTOBOOT_PROMPT, bootdelay);
+#  endif
+
+	abort = passwd_abort(etime);
 	if (!abort)
 		debug_bootkeys("key timeout\n");
 
@@ -210,7 +287,7 @@ static int abortboot(int bootdelay)
 
 static void process_fdt_options(const void *blob)
 {
-#if defined(CONFIG_OF_CONTROL)
+#if defined(CONFIG_OF_CONTROL) && defined(CONFIG_SYS_TEXT_BASE)
 	ulong addr;
 
 	/* Add an env variable to point to a kernel payload, if available */
@@ -222,7 +299,7 @@ static void process_fdt_options(const void *blob)
 	addr = fdtdec_get_config_int(gd->fdt_blob, "rootdisk-offset", 0);
 	if (addr)
 		setenv_addr("rootaddr", (void *)(CONFIG_SYS_TEXT_BASE + addr));
-#endif /* CONFIG_OF_CONTROL */
+#endif /* CONFIG_OF_CONTROL && CONFIG_SYS_TEXT_BASE */
 }
 
 const char *bootdelay_process(void)