Hi Steffen, On Mon, 26 Apr 2021 at 05:19, Steffen Jaeckel <jaeckel-fl...@eyet-services.de> wrote: > > Add the basic functionality required to support the standard crypt > format. > The files crypt-sha256.c and crypt-sha512.c originate from libxcrypt and > their formatting is therefor retained. > The integration is done via a crypt_compare() function in crypt.c. > > ``` > libxcrypt $ git describe --long --always --all > tags/v4.4.17-0-g6b110bc > ``` > > Signed-off-by: Steffen Jaeckel <jaeckel-fl...@eyet-services.de> > --- > > Changes in v1: > Added unit-tests of crypt_compare() > Wrapped crypt functions to encapsulate errno > > include/crypt.h | 13 ++ > lib/Kconfig | 1 + > lib/Makefile | 1 + > lib/crypt/Kconfig | 29 ++++ > lib/crypt/Makefile | 10 ++ > lib/crypt/alg-sha256.h | 17 ++ > lib/crypt/alg-sha512.h | 17 ++ > lib/crypt/crypt-port.h | 28 ++++ > lib/crypt/crypt-sha256.c | 313 +++++++++++++++++++++++++++++++++++++ > lib/crypt/crypt-sha512.c | 328 +++++++++++++++++++++++++++++++++++++++ > lib/crypt/crypt.c | 73 +++++++++ > test/Kconfig | 9 ++ > test/lib/Makefile | 1 + > test/lib/test_crypt.c | 44 ++++++ > 14 files changed, 884 insertions(+) > create mode 100644 include/crypt.h > create mode 100644 lib/crypt/Kconfig > create mode 100644 lib/crypt/Makefile > create mode 100644 lib/crypt/alg-sha256.h > create mode 100644 lib/crypt/alg-sha512.h > create mode 100644 lib/crypt/crypt-port.h > create mode 100644 lib/crypt/crypt-sha256.c > create mode 100644 lib/crypt/crypt-sha512.c > create mode 100644 lib/crypt/crypt.c > create mode 100644 test/lib/test_crypt.c
Reviewed-by: Simon Glass <s...@chromium.org> nits below > > diff --git a/include/crypt.h b/include/crypt.h > new file mode 100644 > index 0000000000..e0be2832ff > --- /dev/null > +++ b/include/crypt.h > @@ -0,0 +1,13 @@ > +/* SPDX-License-Identifier: GPL-2.0+ */ > +/* Copyright (C) 2020 Steffen Jaeckel <jaeckel-fl...@eyet-services.de> */ > + > +/** > + * Compare should with the processed passphrase. > + * > + * @should The crypt-style string to compare against > + * @passphrase The plaintext passphrase > + * @equal Pointer to an int where the result is stored > + * '0' = unequal > + * '1' = equal Can this be a return value from the function? true/false > + */ > +void crypt_compare(const char *should, const char *passphrase, int *equal); > diff --git a/lib/Kconfig b/lib/Kconfig > index 6d2d41de30..c7c0b87ec7 100644 > --- a/lib/Kconfig > +++ b/lib/Kconfig > @@ -297,6 +297,7 @@ config AES > > source lib/rsa/Kconfig > source lib/crypto/Kconfig > +source lib/crypt/Kconfig > > config TPM > bool "Trusted Platform Module (TPM) Support" > diff --git a/lib/Makefile b/lib/Makefile > index 6825671955..f0d91986b1 100644 > --- a/lib/Makefile > +++ b/lib/Makefile > @@ -65,6 +65,7 @@ obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o > obj-$(CONFIG_SHA1) += sha1.o > obj-$(CONFIG_SHA256) += sha256.o > obj-$(CONFIG_SHA512_ALGO) += sha512.o > +obj-$(CONFIG_CRYPT_PW) += crypt/ > > obj-$(CONFIG_$(SPL_)ZLIB) += zlib/ > obj-$(CONFIG_$(SPL_)ZSTD) += zstd/ > diff --git a/lib/crypt/Kconfig b/lib/crypt/Kconfig > new file mode 100644 > index 0000000000..6f828cefd6 > --- /dev/null > +++ b/lib/crypt/Kconfig > @@ -0,0 +1,29 @@ > +config CRYPT_PW > + bool "Add crypt support for password-based unlock" > + help > + Enable support for crypt-style hashed passphrases. > + This will then be used as the mechanism of choice to > + verify whether the entered password to unlock the > + console is correct or not. > + To make it fully functional, one has also to enable > + CONFIG_AUTOBOOT_KEYED and CONFIG_AUTOBOOT_ENCRYPTION So should CRYPT_PW depend on one or both of those? > + > +if CRYPT_PW > + > +config CRYPT_PW_SHA256 > + bool "Provide sha256crypt" > + select SHA256 > + select SHA256_ALGO > + help > + Enables support for the sha256crypt password-hashing algorithm. > + The prefix is "$5$". > + > +config CRYPT_PW_SHA512 > + bool "Provide sha512crypt" > + select SHA512 > + select SHA512_ALGO > + help > + Enables support for the sha512crypt password-hashing algorithm. > + The prefix is "$6$". > + > +endif > diff --git a/lib/crypt/Makefile b/lib/crypt/Makefile > new file mode 100644 > index 0000000000..290231064c > --- /dev/null > +++ b/lib/crypt/Makefile > @@ -0,0 +1,10 @@ > +# SPDX-License-Identifier: GPL-2.0+ > +# > +# Copyright (c) 2013, Google Inc. > +# > +# (C) Copyright 2000-2007 > +# Wolfgang Denk, DENX Software Engineering, w...@denx.de. > + > +obj-$(CONFIG_CRYPT_PW) += crypt.o > +obj-$(CONFIG_CRYPT_PW_SHA256) += crypt-sha256.o > +obj-$(CONFIG_CRYPT_PW_SHA512) += crypt-sha512.o > diff --git a/lib/crypt/alg-sha256.h b/lib/crypt/alg-sha256.h > new file mode 100644 > index 0000000000..e4b29c9f31 > --- /dev/null > +++ b/lib/crypt/alg-sha256.h > @@ -0,0 +1,17 @@ > +/* SPDX-License-Identifier: GPL-2.0+ */ > +/* Copyright (C) 2020 Steffen Jaeckel <jaeckel-fl...@eyet-services.de> */ > + > +#ifndef USE_HOSTCC > +#include "common.h" > +#else > +#include <string.h> > +#endif > + > +#include "u-boot/sha256.h" > + > +#define INCLUDE_sha256crypt 1 > + > +#define SHA256_CTX sha256_context > +#define SHA256_Init sha256_starts > +#define SHA256_Update(c, i, l) sha256_update(c, (const void *)i, l) > +#define SHA256_Final(b, c) sha256_finish(c, b) > diff --git a/lib/crypt/alg-sha512.h b/lib/crypt/alg-sha512.h > new file mode 100644 > index 0000000000..93b6109fae > --- /dev/null > +++ b/lib/crypt/alg-sha512.h > @@ -0,0 +1,17 @@ > +/* SPDX-License-Identifier: GPL-2.0+ */ > +/* Copyright (C) 2020 Steffen Jaeckel <jaeckel-fl...@eyet-services.de> */ > + > +#ifndef USE_HOSTCC > +#include "common.h" > +#else > +#include <string.h> > +#endif > + > +#include "u-boot/sha512.h" > + > +#define INCLUDE_sha512crypt 1 > + > +#define SHA512_CTX sha512_context > +#define SHA512_Init sha512_starts > +#define SHA512_Update(c, i, l) sha512_update(c, (const void *)i, l) > +#define SHA512_Final(b, c) sha512_finish(c, b) > diff --git a/lib/crypt/crypt-port.h b/lib/crypt/crypt-port.h > new file mode 100644 > index 0000000000..680ffe9349 > --- /dev/null > +++ b/lib/crypt/crypt-port.h > @@ -0,0 +1,28 @@ > +/* SPDX-License-Identifier: GPL-2.0+ */ > +/* Copyright (C) 2020 Steffen Jaeckel <jaeckel-fl...@eyet-services.de> */ > + > +#include <linux/types.h> > +#include <vsprintf.h> > + > +#define NO_GENSALT > +#define CRYPT_OUTPUT_SIZE 384 > +#define ALG_SPECIFIC_SIZE 8192 > + > +#define ARG_UNUSED(x) (x) > + > +#define static_assert(a, b) _Static_assert(a, b) > + > +#define strtoul(cp, endp, base) simple_strtoul(cp, endp, base) > + > +extern const unsigned char ascii64[65]; > + > +#define b64t ((const char *)ascii64) > + > +void crypt_sha256crypt_rn(const char *phrase, size_t phr_size, > + const char *setting, size_t ARG_UNUSED(set_size), > + uint8_t *output, size_t out_size, void *scratch, > + size_t scr_size); > +void crypt_sha512crypt_rn(const char *phrase, size_t phr_size, > + const char *setting, size_t ARG_UNUSED(set_size), > + uint8_t *output, size_t out_size, void *scratch, > + size_t scr_size); > diff --git a/lib/crypt/crypt-sha256.c b/lib/crypt/crypt-sha256.c > new file mode 100644 > index 0000000000..37127d41e1 > --- /dev/null > +++ b/lib/crypt/crypt-sha256.c > @@ -0,0 +1,313 @@ > +/* One way encryption based on the SHA256-based Unix crypt implementation. > + * > + * Written by Ulrich Drepper <drepper at redhat.com> in 2007 [1]. > + * Modified by Zack Weinberg <zackw at panix.com> in 2017, 2018. > + * Composed by Björn Esser <besser82 at fedoraproject.org> in 2018. > + * Modified by Björn Esser <besser82 at fedoraproject.org> in 2020. > + * Modified by Steffen Jaeckel <jaeckel-floss at eyet-services.de> in 2020. > + * To the extent possible under law, the named authors have waived all > + * copyright and related or neighboring rights to this work. > + * > + * See https://creativecommons.org/publicdomain/zero/1.0/ for further > + * details. > + * > + * This file is a modified except from [2], lines 648 up to 909. > + * > + * [1] https://www.akkadia.org/drepper/sha-crypt.html > + * [2] https://www.akkadia.org/drepper/SHA-crypt.txt Can you add SPDX to the new files? [..]
