mail archive of the barebox mailing list
 help / color / mirror / Atom feed
* [PATCH 00/10 v3] prepare for rsa support
@ 2015-03-16 10:13 Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 10:15 ` [PATCH 01/10] digest: add verify callback Jean-Christophe PLAGNIOL-VILLARD
  0 siblings, 1 reply; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 10:13 UTC (permalink / raw)
  To: barebox

Hi,

	The following patch series prepare for the adding of the rsa digest
	support

	This will allow to verify a rsa signature of a file

	Introduction of a new command digest to handle the digest and check

	The next patch series will add RSA and keystore support

v2:

	- rebase on next
	- add pbkdf2 to password/login framework
	- command allow to have runtime output
	  used it in the new digest to print the supported algo

v3:
	add more fix to ensure all the digest_xx call return are checked

The following changes since commit bbba2d05585637d04657dce293c0cb0611dbfeea:

  Merge branch 'for-next/state' into next (2015-03-13 08:32:38 +0100)

are available in the git repository at:

  git://git.jcrosoft.org/barebox.git delivery/digest

for you to fetch changes up to e4ec247ea29b5b48386f6a959f96f78d9cef729b:

  digest: digest_file_window: check every digest_xxx return (2015-03-14 11:08:05 +0800)

----------------------------------------------------------------
Jean-Christophe PLAGNIOL-VILLARD (10):
      digest: add verify callback
      command: rename digest.c to hashsum.c
      command: allow runtime usage
      command: add generic digest command
      digest: add digest callback
      crypto: add pbkdf2 hmac key generator
      password: add pbkdf2 support
      digest: allow algo to specify their length at runtime
      crypto: hmac: use digest_digest and check the return of every digest_xxx
      digest: digest_file_window: check every digest_xxx return

 commands/Kconfig        |  26 +++++++++++++------
 commands/Makefile       |   3 ++-
 commands/digest.c       | 268 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------------------------------------------------------------------------------------------------------
 commands/hashsum.c      | 187 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 commands/internal.h     |   3 +++
 common/Kconfig          |   4 +++
 common/command.c        |   2 ++
 common/password.c       |  79 ++++++++++++++++++++++++++++++++++++--------------------
 crypto/Kconfig          |   5 ++++
 crypto/Makefile         |   2 ++
 crypto/digest.c         |  75 +++++++++++++++++++++++++++++++++++++++++++++++------
 crypto/hmac.c           |  51 +++++++++++++++++++++++-------------
 crypto/internal.h       |   4 +++
 crypto/md5.c            |   2 ++
 crypto/pbkdf2.c         |  94 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 crypto/sha1.c           |   2 ++
 crypto/sha2.c           |   3 +++
 crypto/sha4.c           |   3 +++
 include/command.h       |   3 +++
 include/crypto/pbkdf2.h |  23 +++++++++++++++++
 include/digest.h        |  25 +++++++++++++++---
 21 files changed, 647 insertions(+), 217 deletions(-)
 create mode 100644 commands/hashsum.c
 create mode 100644 commands/internal.h
 create mode 100644 crypto/pbkdf2.c
 create mode 100644 include/crypto/pbkdf2.h

Best Regards,
J.

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* [PATCH 01/10] digest: add verify callback
  2015-03-16 10:13 [PATCH 00/10 v3] prepare for rsa support Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 10:15 ` Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 10:15   ` [PATCH 02/10] command: rename digest.c to hashsum.c Jean-Christophe PLAGNIOL-VILLARD
                     ` (8 more replies)
  0 siblings, 9 replies; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 10:15 UTC (permalink / raw)
  To: barebox

this will allow to compare a md with the original one

When calling this do not call final

For RSA_SIGN verification final does not exist only verify
as final will be for signing

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/digest.c   | 24 +++++++++++++++++++++++-
 crypto/hmac.c     |  1 +
 crypto/internal.h |  2 ++
 crypto/md5.c      |  1 +
 crypto/sha1.c     |  1 +
 crypto/sha2.c     |  2 ++
 crypto/sha4.c     |  2 ++
 include/digest.h  |  6 ++++++
 8 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/crypto/digest.c b/crypto/digest.c
index c06089d..52e8796 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -26,6 +26,8 @@
 #include <module.h>
 #include <linux/err.h>
 
+#include "internal.h"
+
 static LIST_HEAD(digests);
 
 static struct digest_algo *digest_algo_get_by_name(const char *name);
@@ -37,9 +39,29 @@ static int dummy_init(struct digest *d)
 
 static void dummy_free(struct digest *d) {}
 
+int digest_generic_verify(struct digest *d, const unsigned char *md)
+{
+	int ret;
+	int len = digest_length(d);
+	unsigned char *tmp;
+
+	tmp = xmalloc(len);
+
+	ret = digest_final(d, tmp);
+	if (ret)
+		goto end;
+
+	ret = memcmp(md, tmp, len);
+	ret = ret ? -EINVAL : 0;
+end:
+	free(tmp);
+	return ret;
+}
+
 int digest_algo_register(struct digest_algo *d)
 {
-	if (!d || !d->name || !d->update || !d->final || d->length < 1)
+	if (!d || !d->name || !d->update || !d->final || !d->verify ||
+	    d->length < 1)
 		return -EINVAL;
 
 	if (!d->init)
diff --git a/crypto/hmac.c b/crypto/hmac.c
index 1462730..f39e4c8 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -136,6 +136,7 @@ struct digest_algo hmac_algo = {
 	.init = digest_hmac_init,
 	.update = digest_hmac_update,
 	.final = digest_hmac_final,
+	.verify = digest_generic_verify,
 	.set_key = digest_hmac_set_key,
 	.free = digest_hmac_free,
 	.ctx_length = sizeof(struct digest_hmac),
diff --git a/crypto/internal.h b/crypto/internal.h
index cc409d8..f482654 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -13,3 +13,5 @@ static inline int digest_hmac_register(struct digest_algo *algo,
 	return 0;
 }
 #endif
+
+int digest_generic_verify(struct digest *d, const unsigned char *md);
diff --git a/crypto/md5.c b/crypto/md5.c
index fe17ff5..4847b38 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -294,6 +294,7 @@ static struct digest_algo md5 = {
 	.init = digest_md5_init,
 	.update = digest_md5_update,
 	.final = digest_md5_final,
+	.verify = digest_generic_verify,
 	.length = 16,
 	.ctx_length = sizeof(struct MD5Context),
 };
diff --git a/crypto/sha1.c b/crypto/sha1.c
index a244b5d..09dee87 100644
--- a/crypto/sha1.c
+++ b/crypto/sha1.c
@@ -315,6 +315,7 @@ static struct digest_algo m = {
 	.init = digest_sha1_init,
 	.update = digest_sha1_update,
 	.final = digest_sha1_final,
+	.verify = digest_generic_verify,
 	.length = SHA1_SUM_LEN,
 	.ctx_length = sizeof(sha1_context),
 };
diff --git a/crypto/sha2.c b/crypto/sha2.c
index cb89c82..9bf6541 100644
--- a/crypto/sha2.c
+++ b/crypto/sha2.c
@@ -304,6 +304,7 @@ static struct digest_algo m224 = {
 	.init = digest_sha224_init,
 	.update = digest_sha2_update,
 	.final = digest_sha2_final,
+	.verify = digest_generic_verify,
 	.length = SHA224_SUM_LEN,
 	.ctx_length = sizeof(sha2_context),
 };
@@ -335,6 +336,7 @@ static struct digest_algo m256 = {
 	.init = digest_sha256_init,
 	.update = digest_sha2_update,
 	.final = digest_sha2_final,
+	.verify = digest_generic_verify,
 	.length = SHA256_SUM_LEN,
 	.ctx_length = sizeof(sha2_context),
 };
diff --git a/crypto/sha4.c b/crypto/sha4.c
index 1c768e7..5c3097d 100644
--- a/crypto/sha4.c
+++ b/crypto/sha4.c
@@ -309,6 +309,7 @@ static struct digest_algo m384 = {
 	.init = digest_sha384_init,
 	.update = digest_sha4_update,
 	.final = digest_sha4_final,
+	.verify = digest_generic_verify,
 	.length = SHA384_SUM_LEN,
 	.ctx_length = sizeof(sha4_context),
 };
@@ -341,6 +342,7 @@ static struct digest_algo m512 = {
 	.init = digest_sha512_init,
 	.update = digest_sha4_update,
 	.final = digest_sha4_final,
+	.verify = digest_generic_verify,
 	.length = SHA512_SUM_LEN,
 	.ctx_length = sizeof(sha4_context),
 };
diff --git a/include/digest.h b/include/digest.h
index b890a7a..cba7814 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -32,6 +32,7 @@ struct digest_algo {
 	int (*update)(struct digest *d, const void *data, unsigned long len);
 	int (*final)(struct digest *d, unsigned char *md);
 	int (*set_key)(struct digest *d, const unsigned char *key, unsigned int len);
+	int (*verify)(struct digest *d, const unsigned char *md);
 
 	unsigned int length;
 	unsigned int ctx_length;
@@ -80,6 +81,11 @@ static inline int digest_final(struct digest *d, unsigned char *md)
 	return d->algo->final(d, md);
 }
 
+static inline int digest_verify(struct digest *d, const unsigned char *md)
+{
+	return d->algo->verify(d, md);
+}
+
 static inline int digest_length(struct digest *d)
 {
 	return d->algo->length;
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* [PATCH 02/10] command: rename digest.c to hashsum.c
  2015-03-16 10:15 ` [PATCH 01/10] digest: add verify callback Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 10:15   ` Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 10:15   ` [PATCH 03/10] command: allow runtime usage Jean-Christophe PLAGNIOL-VILLARD
                     ` (7 subsequent siblings)
  8 siblings, 0 replies; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 10:15 UTC (permalink / raw)
  To: barebox

as I'll add a new generic command named digest

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 commands/Kconfig                 | 14 +++++++-------
 commands/Makefile                |  2 +-
 commands/{digest.c => hashsum.c} |  0
 3 files changed, 8 insertions(+), 8 deletions(-)
 rename commands/{digest.c => hashsum.c} (100%)

diff --git a/commands/Kconfig b/commands/Kconfig
index 286e9ce..7e3e8b7 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -12,7 +12,7 @@ config HAS_POWEROFF
 
 if COMMAND_SUPPORT
 
-config COMPILE_DIGEST
+config COMPILE_HASH
 	tristate
 	select DIGEST
 	help
@@ -917,7 +917,7 @@ config CMD_LS
 
 config CMD_MD5SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select MD5
 	prompt "md5sum"
 	help
@@ -982,7 +982,7 @@ config CMD_RMDIR
 
 config CMD_SHA1SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA1
 	prompt "sha1sum"
 	help
@@ -994,7 +994,7 @@ config CMD_SHA1SUM
 
 config CMD_SHA224SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA224
 	prompt "sha224sum"
 	help
@@ -1006,7 +1006,7 @@ config CMD_SHA224SUM
 
 config CMD_SHA256SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA256
 	prompt "sha256sum"
 	help
@@ -1018,7 +1018,7 @@ config CMD_SHA256SUM
 
 config CMD_SHA384SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA384
 	prompt "sha384sum"
 	help
@@ -1030,7 +1030,7 @@ config CMD_SHA384SUM
 
 config CMD_SHA512SUM
 	tristate
-	select COMPILE_DIGEST
+	select COMPILE_HASH
 	select SHA512
 	prompt "sha512sum"
 	help
diff --git a/commands/Makefile b/commands/Makefile
index 7344e01..e42662f 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -1,5 +1,5 @@
 obj-$(CONFIG_STDDEV)		+= stddev.o
-obj-$(CONFIG_COMPILE_DIGEST)	+= digest.o
+obj-$(CONFIG_COMPILE_HASH)	+= hashsum.o
 obj-$(CONFIG_COMPILE_MEMORY)	+= mem.o
 obj-$(CONFIG_CMD_BOOTM)		+= bootm.o
 obj-$(CONFIG_CMD_UIMAGE)	+= uimage.o
diff --git a/commands/digest.c b/commands/hashsum.c
similarity index 100%
rename from commands/digest.c
rename to commands/hashsum.c
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* [PATCH 03/10] command: allow runtime usage
  2015-03-16 10:15 ` [PATCH 01/10] digest: add verify callback Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 10:15   ` [PATCH 02/10] command: rename digest.c to hashsum.c Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 10:15   ` Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 10:15   ` [PATCH 04/10] command: add generic digest command Jean-Christophe PLAGNIOL-VILLARD
                     ` (6 subsequent siblings)
  8 siblings, 0 replies; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 10:15 UTC (permalink / raw)
  To: barebox

This will allow as example to list the currently supported digest.

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 common/command.c  | 2 ++
 include/command.h | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/common/command.c b/common/command.c
index 61191c2..dc2cb88 100644
--- a/common/command.c
+++ b/common/command.c
@@ -47,6 +47,8 @@ void barebox_cmd_usage(struct command *cmdtp)
 		puts(cmdtp->help);
 		putchar('\n');
 	}
+	if (cmdtp->usage)
+		cmdtp->usage();
 #endif
 }
 EXPORT_SYMBOL(barebox_cmd_usage);
diff --git a/include/command.h b/include/command.h
index 5d5bf53..3aca1a9 100644
--- a/include/command.h
+++ b/include/command.h
@@ -54,6 +54,7 @@ struct command {
 	uint32_t	group;
 #ifdef	CONFIG_LONGHELP
 	const char	*help;		/* Help  message	(long)	*/
+	void		(*usage)(void);
 #endif
 }
 #ifdef __x86_64__
@@ -115,8 +116,10 @@ static const __maybe_unused char cmd_##_name##_help[] =
 
 #ifdef CONFIG_LONGHELP
 #define BAREBOX_CMD_HELP(text)	.help = text,
+#define BAREBOX_CMD_USAGE(fn)	.usage = fn,
 #else
 #define BAREBOX_CMD_HELP(text)
+#define BAREBOX_CMD_USAGE(fn)
 #endif
 
 #define BAREBOX_CMD_GROUP(grp)	.group = grp,
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* [PATCH 04/10] command: add generic digest command
  2015-03-16 10:15 ` [PATCH 01/10] digest: add verify callback Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 10:15   ` [PATCH 02/10] command: rename digest.c to hashsum.c Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 10:15   ` [PATCH 03/10] command: allow runtime usage Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 10:15   ` Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 11:49     ` Jan Lübbe
  2015-03-16 10:15   ` [PATCH 05/10] digest: add digest callback Jean-Christophe PLAGNIOL-VILLARD
                     ` (5 subsequent siblings)
  8 siblings, 1 reply; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 10:15 UTC (permalink / raw)
  To: barebox

That can be used for digest calculation and verify

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 commands/Kconfig    |  12 +++-
 commands/Makefile   |   1 +
 commands/digest.c   | 193 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 commands/hashsum.c  |  68 ++++--------------
 commands/internal.h |   3 +
 crypto/digest.c     |  25 +++++--
 include/digest.h    |   8 ++-
 7 files changed, 248 insertions(+), 62 deletions(-)
 create mode 100644 commands/digest.c
 create mode 100644 commands/internal.h

diff --git a/commands/Kconfig b/commands/Kconfig
index 7e3e8b7..847ff76 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -14,7 +14,7 @@ if COMMAND_SUPPORT
 
 config COMPILE_HASH
 	tristate
-	select DIGEST
+	select CMD_DIGEST
 	help
 	  Turns on compilation of digest.c
 
@@ -842,6 +842,16 @@ config CMD_CMP
 
 	  Returns successfully if the two files are the same, return with an error if not
 
+config CMD_DIGEST
+	tristate
+	select DIGEST
+	prompt "digest"
+	help
+	  Usage: digest -a <algo> [-k <key> | -K <file>] [-s <sig> | -S <file>] FILE|AREA
+
+	  Calculate a digest over a FILE or a memory area with the possibility
+	  to checkit.
+
 config CMD_DIRNAME
 	tristate
 	prompt "dirname"
diff --git a/commands/Makefile b/commands/Makefile
index e42662f..b902f58 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -1,4 +1,5 @@
 obj-$(CONFIG_STDDEV)		+= stddev.o
+obj-$(CONFIG_CMD_DIGEST)	+= digest.o
 obj-$(CONFIG_COMPILE_HASH)	+= hashsum.o
 obj-$(CONFIG_COMPILE_MEMORY)	+= mem.o
 obj-$(CONFIG_CMD_BOOTM)		+= bootm.o
diff --git a/commands/digest.c b/commands/digest.c
new file mode 100644
index 0000000..2569975
--- /dev/null
+++ b/commands/digest.c
@@ -0,0 +1,193 @@
+/*
+ * Copyright (c) 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ *
+ * GPLv2 ONLY
+ */
+
+#include <common.h>
+#include <command.h>
+#include <fs.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <xfuncs.h>
+#include <malloc.h>
+#include <digest.h>
+#include <getopt.h>
+#include <libfile.h>
+
+#include "internal.h"
+
+int __do_digest(struct digest *d, unsigned char *key, int keylen,
+		       unsigned char *sig,
+		       int argc, char *argv[])
+{
+	int ret = 0;
+	int i;
+	unsigned char *hash;
+
+	if (argc < 1)
+		return COMMAND_ERROR_USAGE;
+
+	hash = calloc(digest_length(d), sizeof(unsigned char));
+	if (!hash) {
+		perror("calloc");
+		return COMMAND_ERROR_USAGE;
+	}
+
+	while (*argv) {
+		char *filename = "/dev/mem";
+		loff_t start = 0, size = ~0;
+
+		/* arguments are either file, file+area or area */
+		if (parse_area_spec(*argv, &start, &size)) {
+			filename = *argv;
+			if (argv[1] && !parse_area_spec(argv[1], &start, &size))
+				argv++;
+		}
+
+		ret = digest_file_window(d, filename,
+					 key, keylen,
+					 hash, sig, start, size);
+		if (ret < 0) {
+			ret = 1;
+		} else {
+			if (!sig) {
+				for (i = 0; i < digest_length(d); i++)
+					printf("%02x", hash[i]);
+
+				printf("  %s\t0x%08llx ... 0x%08llx\n",
+					filename, start, start + size);
+			}
+		}
+
+		argv++;
+	}
+
+	free(hash);
+	digest_free(d);
+
+	return ret;
+}
+
+static void prints_algo_help(void)
+{
+	puts("\navailable algo:\n");
+	digest_algo_prints("\t");
+}
+
+static int do_digest(int argc, char *argv[])
+{
+	struct digest *d;
+	unsigned char *tmp_key = NULL;
+	unsigned char *tmp_sig = NULL;
+	char *sig = NULL;
+	char *sigfile = NULL;
+	size_t siglen = 0;
+	char *key = NULL;
+	char *keyfile = NULL;
+	size_t keylen = 0;
+	size_t digestlen = 0;
+	char *algo = NULL;
+	int opt, ret;
+
+	if (argc < 2)
+		return COMMAND_ERROR_USAGE;
+
+	while((opt = getopt(argc, argv, "a:k:K:s:S:")) > 0) {
+		switch(opt) {
+		case 'k':
+			key = optarg;
+			keylen = strlen(key);
+			break;
+		case 'K':
+			keyfile = optarg;
+			break;
+		case 'a':
+			algo = optarg;
+			break;
+		case 's':
+			sig = optarg;
+			siglen = strlen(sig);
+			break;
+		case 'S':
+			sigfile = optarg;
+			break;
+		}
+	}
+
+	if (!algo)
+		return COMMAND_ERROR_USAGE;
+
+	d = digest_alloc(algo);
+	if (!d) {
+		eprintf("algo '%s' not found\n", algo);
+		return COMMAND_ERROR_USAGE;
+	}
+
+	argc -= optind;
+	argv += optind;
+
+	if (keyfile) {
+		tmp_key = key = read_file(keyfile, &keylen);
+		if (!key) {
+			eprintf("file '%s' not found\n", keyfile);
+			goto err;
+		}
+	}
+
+	digest_set_key(d, key, keylen);
+	free(tmp_key);
+
+	if (sigfile) {
+		sig = tmp_sig = read_file(sigfile, &siglen);
+		if (!tmp_sig) {
+			eprintf("file '%s' not found\n", sigfile);
+			goto err;
+		}
+	}
+
+	if (sig) {
+		digestlen = digest_length(d);
+		if (siglen == 2 * digestlen) {
+			if (!tmp_sig)
+				tmp_sig = xmalloc(digestlen);
+
+			ret = hex2bin(tmp_sig, sig, digestlen);
+			if (ret)
+				goto err;
+
+			sig = tmp_sig;
+		} else if (siglen != digestlen) {
+			eprintf("%s wrong size digest %ld expected %ld not found\n",
+				sigfile, siglen, digestlen);
+			goto err;
+		}
+	}
+
+	ret = __do_digest(d, NULL, 0, sig, argc, argv);
+	free(tmp_sig);
+	return ret;
+
+err:
+	digest_free(d);
+	return COMMAND_ERROR;
+}
+
+BAREBOX_CMD_HELP_START(digest)
+BAREBOX_CMD_HELP_TEXT("Calculate a digest over a FILE or a memory area.")
+BAREBOX_CMD_HELP_TEXT("Options:")
+BAREBOX_CMD_HELP_OPT ("-a <algo>\t",  "digest to use")
+BAREBOX_CMD_HELP_OPT ("-k <key>\t",  "key as text")
+BAREBOX_CMD_HELP_OPT ("-K <file>\t",  "key file")
+BAREBOX_CMD_HELP_OPT ("-s <sig>\t",  "digest")
+BAREBOX_CMD_HELP_OPT ("-S <file>\t",  "digest flie")
+BAREBOX_CMD_HELP_END
+
+BAREBOX_CMD_START(digest)
+	.cmd		= do_digest,
+	BAREBOX_CMD_DESC("calculate digest")
+	BAREBOX_CMD_OPTS("-a <algo> [-k <key> | -K <file>] [-s <sig> | -S <file>] FILE|AREA")
+	BAREBOX_CMD_GROUP(CMD_GRP_FILE)
+	BAREBOX_CMD_HELP(cmd_digest_help)
+	BAREBOX_CMD_USAGE(prints_algo_help)
+BAREBOX_CMD_END
diff --git a/commands/hashsum.c b/commands/hashsum.c
index 701e6a1..dc48af5 100644
--- a/commands/hashsum.c
+++ b/commands/hashsum.c
@@ -27,12 +27,11 @@
 #include <digest.h>
 #include <getopt.h>
 
-static int do_digest(char *algorithm, int argc, char *argv[])
+#include "internal.h"
+
+static int do_hash(char *algo, int argc, char *argv[])
 {
 	struct digest *d;
-	int ret = 0;
-	int i;
-	unsigned char *hash;
 	unsigned char *key = NULL;
 	size_t keylen = 0;
 	int opt;
@@ -46,65 +45,26 @@ static int do_digest(char *algorithm, int argc, char *argv[])
 		}
 	}
 
-	argc -= optind;
-	argv += optind;
-
 	if (key) {
-		char *tmp = asprintf("hmac(%s)", algorithm);
+		char *tmp = asprintf("hmac(%s)", algo);
 		d = digest_alloc(tmp);
 		free(tmp);
 	} else {
-		d = digest_alloc(algorithm);
+		d = digest_alloc(algo);
 	}
 	BUG_ON(!d);
 
-	if (argc < 1)
-		return COMMAND_ERROR_USAGE;
-
-	hash = calloc(digest_length(d), sizeof(unsigned char));
-	if (!hash) {
-		perror("calloc");
-		return COMMAND_ERROR_USAGE;
-	}
-
-	while (*argv) {
-		char *filename = "/dev/mem";
-		loff_t start = 0, size = ~0;
-
-		/* arguments are either file, file+area or area */
-		if (parse_area_spec(*argv, &start, &size)) {
-			filename = *argv;
-			if (argv[0] && !parse_area_spec(argv[0], &start, &size))
-				argv++;
-		}
-
-		ret = digest_file_window(d, filename,
-					 key, keylen,
-					 hash, start, size);
-		if (ret < 0) {
-			ret = 1;
-		} else {
-			for (i = 0; i < digest_length(d); i++)
-				printf("%02x", hash[i]);
-
-			printf("  %s\t0x%08llx ... 0x%08llx\n",
-				filename, start, start + size);
-		}
-
-		argv++;
-	}
-
-	free(hash);
-	digest_free(d);
+	argc -= optind;
+	argv += optind;
 
-	return ret;
+	return __do_digest(d, key, keylen, NULL, argc, argv);
 }
 
 #ifdef CONFIG_CMD_MD5SUM
 
 static int do_md5(int argc, char *argv[])
 {
-	return do_digest("md5", argc, argv);
+	return do_hash("md5", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(md5sum)
@@ -125,7 +85,7 @@ BAREBOX_CMD_END
 
 static int do_sha1(int argc, char *argv[])
 {
-	return do_digest("sha1", argc, argv);
+	return do_hash("sha1", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha1sum)
@@ -146,7 +106,7 @@ BAREBOX_CMD_END
 
 static int do_sha224(int argc, char *argv[])
 {
-	return do_digest("sha224", argc, argv);
+	return do_hash("sha224", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha224sum)
@@ -167,7 +127,7 @@ BAREBOX_CMD_END
 
 static int do_sha256(int argc, char *argv[])
 {
-	return do_digest("sha256", argc, argv);
+	return do_hash("sha256", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha256sum)
@@ -188,7 +148,7 @@ BAREBOX_CMD_END
 
 static int do_sha384(int argc, char *argv[])
 {
-	return do_digest("sha384", argc, argv);
+	return do_hash("sha384", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha384sum)
@@ -209,7 +169,7 @@ BAREBOX_CMD_END
 
 static int do_sha512(int argc, char *argv[])
 {
-	return do_digest("sha512", argc, argv);
+	return do_hash("sha512", argc, argv);
 }
 
 BAREBOX_CMD_HELP_START(sha512sum)
diff --git a/commands/internal.h b/commands/internal.h
new file mode 100644
index 0000000..29cc656
--- /dev/null
+++ b/commands/internal.h
@@ -0,0 +1,3 @@
+int __do_digest(struct digest *d, unsigned char *key, int keylen,
+		       unsigned char *sig,
+		       int argc, char *argv[]);
diff --git a/crypto/digest.c b/crypto/digest.c
index 52e8796..9fa5bba 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -106,6 +106,15 @@ static struct digest_algo *digest_algo_get_by_name(const char *name)
 	return NULL;
 }
 
+void digest_algo_prints(const char *prefix)
+{
+	struct digest_algo* d;
+
+	list_for_each_entry(d, &digests, list) {
+		printf("%s%s\n", prefix, d->name);
+	}
+}
+
 struct digest *digest_alloc(const char *name)
 {
 	struct digest *d;
@@ -140,6 +149,7 @@ EXPORT_SYMBOL_GPL(digest_free);
 int digest_file_window(struct digest *d, const char *filename,
 		       const unsigned char *key, size_t keylen,
 		       unsigned char *hash,
+		       unsigned char *sig,
 		       ulong start, ulong size)
 {
 	ulong len = 0;
@@ -199,7 +209,10 @@ int digest_file_window(struct digest *d, const char *filename,
 		len += now;
 	}
 
-	digest_final(d, hash);
+	if (sig)
+		ret = digest_verify(d, sig);
+	else
+		digest_final(d, hash);
 
 out_free:
 	if (flags)
@@ -213,7 +226,8 @@ EXPORT_SYMBOL_GPL(digest_file_window);
 
 int digest_file(struct digest *d, const char *filename,
 		       const unsigned char *key, size_t keylen,
-		       unsigned char *hash)
+		       unsigned char *hash,
+		       unsigned char *sig)
 {
 	struct stat st;
 	int ret;
@@ -223,13 +237,14 @@ int digest_file(struct digest *d, const char *filename,
 	if (ret < 0)
 		return ret;
 
-	return digest_file_window(d, filename, key, keylen, hash, 0, st.st_size);
+	return digest_file_window(d, filename, key, keylen, hash, sig, 0, st.st_size);
 }
 EXPORT_SYMBOL_GPL(digest_file);
 
 int digest_file_by_name(const char *algo, const char *filename,
 		       const unsigned char *key, size_t keylen,
-		       unsigned char *hash)
+		       unsigned char *hash,
+		       unsigned char *sig)
 {
 	struct digest *d;
 	int ret;
@@ -238,7 +253,7 @@ int digest_file_by_name(const char *algo, const char *filename,
 	if (!d)
 		return -EIO;
 
-	ret = digest_file(d, filename, key, keylen, hash);
+	ret = digest_file(d, filename, key, keylen, hash, sig);
 	digest_free(d);
 	return ret;
 }
diff --git a/include/digest.h b/include/digest.h
index cba7814..ec904f0 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -50,6 +50,7 @@ struct digest {
  */
 int digest_algo_register(struct digest_algo *d);
 void digest_algo_unregister(struct digest_algo *d);
+void digest_algo_prints(const char *prefix);
 
 struct digest *digest_alloc(const char *name);
 void digest_free(struct digest *d);
@@ -57,13 +58,16 @@ void digest_free(struct digest *d);
 int digest_file_window(struct digest *d, const char *filename,
 		       const unsigned char *key, size_t keylen,
 		       unsigned char *hash,
+		       unsigned char *sig,
 		       ulong start, ulong size);
 int digest_file(struct digest *d, const char *filename,
 		       const unsigned char *key, size_t keylen,
-		       unsigned char *hash);
+		       unsigned char *hash,
+		       unsigned char *sig);
 int digest_file_by_name(const char *algo, const char *filename,
 		       const unsigned char *key, size_t keylen,
-		       unsigned char *hash);
+		       unsigned char *hash,
+		       unsigned char *sig);
 
 static inline int digest_init(struct digest *d)
 {
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* [PATCH 05/10] digest: add digest callback
  2015-03-16 10:15 ` [PATCH 01/10] digest: add verify callback Jean-Christophe PLAGNIOL-VILLARD
                     ` (2 preceding siblings ...)
  2015-03-16 10:15   ` [PATCH 04/10] command: add generic digest command Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 10:15   ` Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 10:15   ` [PATCH 06/10] crypto: add pbkdf2 hmac key generator Jean-Christophe PLAGNIOL-VILLARD
                     ` (4 subsequent siblings)
  8 siblings, 0 replies; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 10:15 UTC (permalink / raw)
  To: barebox

Combination of @init and @update and @final. This function
effectively behaves as the entire chain of operations, @init,
@update and @final issued in sequence. This is added for hardware
which cannot do even the @finup, but can only do the whole
transformation in one run.

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/digest.c   | 18 ++++++++++++++++++
 crypto/hmac.c     |  1 +
 crypto/internal.h |  2 ++
 crypto/md5.c      |  1 +
 crypto/sha1.c     |  1 +
 crypto/sha2.c     |  1 +
 crypto/sha4.c     |  1 +
 include/digest.h  |  8 ++++++++
 8 files changed, 33 insertions(+)

diff --git a/crypto/digest.c b/crypto/digest.c
index 9fa5bba..c261f7e 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -58,6 +58,24 @@ end:
 	return ret;
 }
 
+int digest_generic_digest(struct digest *d, const void *data,
+			  unsigned int len, u8 *md)
+
+{
+	int ret;
+
+	if (!data || len == 0 || !md)
+		return -EINVAL;
+
+	ret = digest_init(d);
+	if (ret)
+		return ret;
+	ret = digest_update(d, data, len);
+	if (ret)
+		return ret;
+	return digest_final(d, md);
+}
+
 int digest_algo_register(struct digest_algo *d)
 {
 	if (!d || !d->name || !d->update || !d->final || !d->verify ||
diff --git a/crypto/hmac.c b/crypto/hmac.c
index f39e4c8..b1c17af 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -136,6 +136,7 @@ struct digest_algo hmac_algo = {
 	.init = digest_hmac_init,
 	.update = digest_hmac_update,
 	.final = digest_hmac_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.set_key = digest_hmac_set_key,
 	.free = digest_hmac_free,
diff --git a/crypto/internal.h b/crypto/internal.h
index f482654..c6f5908 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -15,3 +15,5 @@ static inline int digest_hmac_register(struct digest_algo *algo,
 #endif
 
 int digest_generic_verify(struct digest *d, const unsigned char *md);
+int digest_generic_digest(struct digest *d, const void *data,
+			  unsigned int len, u8 *out);
diff --git a/crypto/md5.c b/crypto/md5.c
index 4847b38..b7ad6f2 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -294,6 +294,7 @@ static struct digest_algo md5 = {
 	.init = digest_md5_init,
 	.update = digest_md5_update,
 	.final = digest_md5_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.length = 16,
 	.ctx_length = sizeof(struct MD5Context),
diff --git a/crypto/sha1.c b/crypto/sha1.c
index 09dee87..b108f8a 100644
--- a/crypto/sha1.c
+++ b/crypto/sha1.c
@@ -315,6 +315,7 @@ static struct digest_algo m = {
 	.init = digest_sha1_init,
 	.update = digest_sha1_update,
 	.final = digest_sha1_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.length = SHA1_SUM_LEN,
 	.ctx_length = sizeof(sha1_context),
diff --git a/crypto/sha2.c b/crypto/sha2.c
index 9bf6541..375a40e 100644
--- a/crypto/sha2.c
+++ b/crypto/sha2.c
@@ -336,6 +336,7 @@ static struct digest_algo m256 = {
 	.init = digest_sha256_init,
 	.update = digest_sha2_update,
 	.final = digest_sha2_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.length = SHA256_SUM_LEN,
 	.ctx_length = sizeof(sha2_context),
diff --git a/crypto/sha4.c b/crypto/sha4.c
index 5c3097d..1b91e7f 100644
--- a/crypto/sha4.c
+++ b/crypto/sha4.c
@@ -342,6 +342,7 @@ static struct digest_algo m512 = {
 	.init = digest_sha512_init,
 	.update = digest_sha4_update,
 	.final = digest_sha4_final,
+	.digest = digest_generic_digest,
 	.verify = digest_generic_verify,
 	.length = SHA512_SUM_LEN,
 	.ctx_length = sizeof(sha4_context),
diff --git a/include/digest.h b/include/digest.h
index ec904f0..8250ca7 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -31,6 +31,8 @@ struct digest_algo {
 	int (*init)(struct digest *d);
 	int (*update)(struct digest *d, const void *data, unsigned long len);
 	int (*final)(struct digest *d, unsigned char *md);
+	int (*digest)(struct digest *d, const void *data,
+		      unsigned int len, u8 *out);
 	int (*set_key)(struct digest *d, const unsigned char *key, unsigned int len);
 	int (*verify)(struct digest *d, const unsigned char *md);
 
@@ -85,6 +87,12 @@ static inline int digest_final(struct digest *d, unsigned char *md)
 	return d->algo->final(d, md);
 }
 
+static inline int digest_digest(struct digest *d, const void *data,
+		      unsigned int len, u8 *md)
+{
+	return d->algo->digest(d, data, len, md);
+}
+
 static inline int digest_verify(struct digest *d, const unsigned char *md)
 {
 	return d->algo->verify(d, md);
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* [PATCH 06/10] crypto: add pbkdf2 hmac key generator
  2015-03-16 10:15 ` [PATCH 01/10] digest: add verify callback Jean-Christophe PLAGNIOL-VILLARD
                     ` (3 preceding siblings ...)
  2015-03-16 10:15   ` [PATCH 05/10] digest: add digest callback Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 10:15   ` Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 10:15   ` [PATCH 07/10] password: add pbkdf2 support Jean-Christophe PLAGNIOL-VILLARD
                     ` (3 subsequent siblings)
  8 siblings, 0 replies; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 10:15 UTC (permalink / raw)
  To: barebox

this will allow to generate a KEY + IV based on a password and salt for AES
encryption/decryption as example

or simply the key for hmac or rsa from text password

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/Kconfig          |  5 +++
 crypto/Makefile         |  2 ++
 crypto/pbkdf2.c         | 94 +++++++++++++++++++++++++++++++++++++++++++++++++
 include/crypto/pbkdf2.h | 23 ++++++++++++
 4 files changed, 124 insertions(+)
 create mode 100644 crypto/pbkdf2.c
 create mode 100644 include/crypto/pbkdf2.h

diff --git a/crypto/Kconfig b/crypto/Kconfig
index e72b91e..b721e30 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -34,3 +34,8 @@ config DIGEST_HMAC
 	bool "HMAC"
 
 endif
+
+config CRYPTO_PBKDF2
+	select DIGEST
+	select SHA1
+	bool
diff --git a/crypto/Makefile b/crypto/Makefile
index ff5c289..0bb67d5 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -9,3 +9,5 @@ obj-$(CONFIG_SHA224)	+= sha2.o
 obj-$(CONFIG_SHA256)	+= sha2.o
 obj-$(CONFIG_SHA384)	+= sha4.o
 obj-$(CONFIG_SHA512)	+= sha4.o
+
+obj-$(CONFIG_CRYPTO_PBKDF2)	+= pbkdf2.o
diff --git a/crypto/pbkdf2.c b/crypto/pbkdf2.c
new file mode 100644
index 0000000..c4ba7be
--- /dev/null
+++ b/crypto/pbkdf2.c
@@ -0,0 +1,94 @@
+/*
+ * (C) Copyright 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ *
+ * Under GPLv2 Only
+ */
+
+#include <common.h>
+#include <malloc.h>
+#include <errno.h>
+#include <crypto/pbkdf2.h>
+
+int pkcs5_pbkdf2_hmac(struct digest* d,
+		      const unsigned char *pwd, size_t pwd_len,
+		      const unsigned char *salt, size_t salt_len,
+		      uint32_t iteration,
+		      uint32_t key_len, unsigned char *key)
+{
+	int i, j, k;
+	unsigned char cnt[4];
+	uint32_t pass_len;
+	unsigned char *tmpdgt;
+	uint32_t d_len;
+	int ret;
+
+	if (!d)
+		return -EINVAL;
+
+	d_len = digest_length(d);
+	tmpdgt = malloc(d_len);
+	if (!tmpdgt)
+		return -ENOMEM;
+
+	i = 1;
+
+	ret = digest_set_key(d, pwd, pwd_len);
+	if (ret)
+		goto err;
+
+	while (key_len) {
+		pass_len = min(key_len, d_len);
+		cnt[0] = (i >> 24) & 0xff;
+		cnt[1] = (i >> 16) & 0xff;
+		cnt[2] = (i >> 8) & 0xff;
+		cnt[3] = i & 0xff;
+		ret = digest_init(d);
+		if (ret)
+			goto err;
+		ret = digest_update(d, salt, salt_len);
+		if (ret)
+			goto err;
+		ret = digest_update(d, cnt, 4);
+		if (ret)
+			goto err;
+		ret = digest_final(d, tmpdgt);
+		if (ret)
+			goto err;
+
+		memcpy(key, tmpdgt, pass_len);
+
+		for (j = 1; j < iteration; j++) {
+			ret = digest_digest(d, tmpdgt, d_len, tmpdgt);
+			if (ret)
+				goto err;
+
+			for(k = 0; k < pass_len; k++)
+				key[k] ^= tmpdgt[k];
+		}
+
+		key_len -= pass_len;
+		key += pass_len;
+		i++;
+	}
+
+	ret = 0;
+err:
+	free(tmpdgt);
+
+	return ret;;
+}
+
+int pkcs5_pbkdf2_hmac_sha1(const unsigned char *pwd, size_t pwd_len,
+			   const unsigned char *salt, size_t salt_len,
+			   uint32_t iter,
+			   uint32_t key_len, unsigned char *key)
+{
+	int ret;
+	struct digest* d = digest_alloc("hmac(sha1)");
+
+	ret = pkcs5_pbkdf2_hmac(d, pwd, pwd_len, salt, salt_len, iter,
+				 key_len, key);
+
+	digest_free(d);
+	return ret;
+}
diff --git a/include/crypto/pbkdf2.h b/include/crypto/pbkdf2.h
new file mode 100644
index 0000000..fa66675
--- /dev/null
+++ b/include/crypto/pbkdf2.h
@@ -0,0 +1,23 @@
+/*
+ * (C) Copyright 2015 Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
+ *
+ * Under GPLv2 Only
+ */
+
+#ifndef __PBKDF2_H__
+#define __PBKDF2_H__
+
+#include <digest.h>
+
+int pkcs5_pbkdf2_hmac_sha1(const unsigned char *pwd, size_t pwd_len,
+			   const unsigned char *salt, size_t salt_len,
+			   uint32_t iteration,
+			   uint32_t key_len, unsigned char *buf);
+
+int pkcs5_pbkdf2_hmac(struct digest* d,
+		      const unsigned char *pwd, size_t pwd_len,
+		      const unsigned char *salt, size_t salt_len,
+		      uint32_t iteration,
+		      uint32_t key_len, unsigned char *key);
+
+#endif /* __PBKDF2_H__ */
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* [PATCH 07/10] password: add pbkdf2 support
  2015-03-16 10:15 ` [PATCH 01/10] digest: add verify callback Jean-Christophe PLAGNIOL-VILLARD
                     ` (4 preceding siblings ...)
  2015-03-16 10:15   ` [PATCH 06/10] crypto: add pbkdf2 hmac key generator Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 10:15   ` Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 10:49     ` Jan Lübbe
  2015-03-16 10:15   ` [PATCH 08/10] digest: allow algo to specify their length at runtime Jean-Christophe PLAGNIOL-VILLARD
                     ` (2 subsequent siblings)
  8 siblings, 1 reply; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 10:15 UTC (permalink / raw)
  To: barebox

We will use "barebox_password" as salt and 10000 round to generate a
64 bytes key.

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 common/Kconfig    |  4 +++
 common/password.c | 79 +++++++++++++++++++++++++++++++++++--------------------
 2 files changed, 55 insertions(+), 28 deletions(-)

diff --git a/common/Kconfig b/common/Kconfig
index 96ace6b..ad8a596 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -453,6 +453,10 @@ config PASSWD_SUM_SHA512
 	bool "SHA512"
 	select SHA512
 
+config PASSWD_CRYPTO_PBKDF2
+	bool "PBKDF2"
+	select CRYPTO_PBKDF2
+
 endchoice
 
 endif
diff --git a/common/password.c b/common/password.c
index 6ecf717..0e1db61 100644
--- a/common/password.c
+++ b/common/password.c
@@ -26,6 +26,7 @@
 #include <xfuncs.h>
 #include <clock.h>
 #include <generated/passwd.h>
+#include <crypto/pbkdf2.h>
 
 #if defined(CONFIG_PASSWD_SUM_MD5)
 #define PASSWD_SUM "md5"
@@ -35,8 +36,14 @@
 #define PASSWD_SUM "sha256"
 #elif defined(CONFIG_PASSWD_SUM_SHA512)
 #define PASSWD_SUM "sha512"
+#else
+#define PASSWD_SUM	NULL
 #endif
 
+#define PBKDF2_SALT	"barebox_password"
+#define PBKDF2_LENGTH	64
+#define PBKDF2_COUNT	10000
+
 int password(unsigned char *passwd, size_t length, int flags, int timeout)
 {
 	unsigned char *buf = passwd;
@@ -277,45 +284,50 @@ EXPORT_SYMBOL(write_env_passwd);
 
 static int __check_passwd(unsigned char* passwd, size_t length, int std)
 {
-	struct digest *d;
+	struct digest *d = NULL;
 	unsigned char *passwd1_sum;
 	unsigned char *passwd2_sum;
 	int ret = 0;
+	int hash_len;
 
-	d = digest_alloc(PASSWD_SUM);
+	if (IS_ENABLED(CONFIG_PASSWD_CRYPTO_PBKDF2)) {
+		hash_len = PBKDF2_LENGTH;
+	} else {
+		d = digest_alloc(PASSWD_SUM);
 
-	passwd1_sum = calloc(digest_length(d), sizeof(unsigned char));
+		hash_len = digest_length(d);
+	}
 
+	passwd1_sum = calloc(hash_len * 2, sizeof(unsigned char));
 	if (!passwd1_sum)
 		return -ENOMEM;
 
-	passwd2_sum = calloc(digest_length(d), sizeof(unsigned char));
-
-	if (!passwd2_sum) {
-		ret = -ENOMEM;
-		goto err1;
-	}
+	passwd2_sum = passwd1_sum + hash_len;
 
-	digest_init(d);
+	if (IS_ENABLED(CONFIG_PASSWD_CRYPTO_PBKDF2)) {
+		char *salt = PBKDF2_SALT;
 
-	digest_update(d, passwd, length);
+		ret = pkcs5_pbkdf2_hmac_sha1(passwd, length, salt, strlen(salt),
+					PBKDF2_COUNT, hash_len, passwd1_sum);
+	} else {
+		ret = digest_digest(d, passwd, length, passwd1_sum);
+	}
 
-	digest_final(d, passwd1_sum);
+	if (ret)
+		goto err;
 
 	if (std)
-		ret = read_env_passwd(passwd2_sum, digest_length(d));
+		ret = read_env_passwd(passwd2_sum, hash_len);
 	else
-		ret = read_default_passwd(passwd2_sum, digest_length(d));
+		ret = read_default_passwd(passwd2_sum, hash_len);
 
 	if (ret < 0)
-		goto err2;
+		goto err;
 
-	if (strncmp(passwd1_sum, passwd2_sum, digest_length(d)) == 0)
+	if (strncmp(passwd1_sum, passwd2_sum, hash_len) == 0)
 		ret = 1;
 
-err2:
-	free(passwd2_sum);
-err1:
+err:
 	free(passwd1_sum);
 	digest_free(d);
 
@@ -346,25 +358,36 @@ int check_passwd(unsigned char* passwd, size_t length)
 
 int set_env_passwd(unsigned char* passwd, size_t length)
 {
-	struct digest *d;
+	struct digest *d = NULL;
 	unsigned char *passwd_sum;
-	int ret;
+	int ret, hash_len;
 
-	d = digest_alloc(PASSWD_SUM);
+	if (IS_ENABLED(CONFIG_PASSWD_CRYPTO_PBKDF2)) {
+		hash_len = PBKDF2_LENGTH;
+	} else {
+		d = digest_alloc(PASSWD_SUM);
 
-	passwd_sum = calloc(digest_length(d), sizeof(unsigned char));
+		hash_len = digest_length(d);
+	}
 
+	passwd_sum = calloc(hash_len, sizeof(unsigned char));
 	if (!passwd_sum)
 		return -ENOMEM;
 
-	digest_init(d);
+	if (IS_ENABLED(CONFIG_PASSWD_CRYPTO_PBKDF2)) {
+		char *salt = PBKDF2_SALT;
 
-	digest_update(d, passwd, length);
-
-	digest_final(d, passwd_sum);
+		ret = pkcs5_pbkdf2_hmac_sha1(passwd, length, salt, strlen(salt),
+				       PBKDF2_COUNT, hash_len, passwd_sum);
+	} else {
+		ret = digest_digest(d, passwd, length, passwd_sum);
+	}
+	if (ret)
+		goto err;
 
-	ret = write_env_passwd(passwd_sum, digest_length(d));
+	ret = write_env_passwd(passwd_sum, hash_len);
 
+err:
 	free(passwd_sum);
 
 	return ret;
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* [PATCH 08/10] digest: allow algo to specify their length at runtime
  2015-03-16 10:15 ` [PATCH 01/10] digest: add verify callback Jean-Christophe PLAGNIOL-VILLARD
                     ` (5 preceding siblings ...)
  2015-03-16 10:15   ` [PATCH 07/10] password: add pbkdf2 support Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 10:15   ` Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 10:15   ` [PATCH 09/10] crypto: hmac: use digest_digest and check the return of every digest_xxx Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 10:15   ` [PATCH 10/10] digest: digest_file_window: check every digest_xxx return Jean-Christophe PLAGNIOL-VILLARD
  8 siblings, 0 replies; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 10:15 UTC (permalink / raw)
  To: barebox

such as RSA as we load a DER key we will detect the key size
at runtime and so the algo length.

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 include/digest.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/digest.h b/include/digest.h
index 8250ca7..41ad912 100644
--- a/include/digest.h
+++ b/include/digest.h
@@ -45,6 +45,7 @@ struct digest_algo {
 struct digest {
 	struct digest_algo *algo;
 	void *ctx;
+	unsigned int length;
 };
 
 /*
@@ -100,7 +101,7 @@ static inline int digest_verify(struct digest *d, const unsigned char *md)
 
 static inline int digest_length(struct digest *d)
 {
-	return d->algo->length;
+	return d->length ? d->length : d->algo->length;
 }
 
 static inline int digest_set_key(struct digest *d, const unsigned char *key,
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* [PATCH 09/10] crypto: hmac: use digest_digest and check the return of every digest_xxx
  2015-03-16 10:15 ` [PATCH 01/10] digest: add verify callback Jean-Christophe PLAGNIOL-VILLARD
                     ` (6 preceding siblings ...)
  2015-03-16 10:15   ` [PATCH 08/10] digest: allow algo to specify their length at runtime Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 10:15   ` Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 10:15   ` [PATCH 10/10] digest: digest_file_window: check every digest_xxx return Jean-Christophe PLAGNIOL-VILLARD
  8 siblings, 0 replies; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 10:15 UTC (permalink / raw)
  To: barebox

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/hmac.c | 49 +++++++++++++++++++++++++++++++------------------
 1 file changed, 31 insertions(+), 18 deletions(-)

diff --git a/crypto/hmac.c b/crypto/hmac.c
index b1c17af..c2195d9 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -62,15 +62,15 @@ static int digest_hmac_set_key(struct digest *d, const unsigned char *key,
 {
 	struct digest_hmac_ctx *dh = d->ctx;
 	struct digest_hmac *hmac = to_digest_hmac(d->algo);
+	unsigned char *sum = NULL;
+	int ret;
 
 	free(dh->key);
 	if (len > hmac->pad_length) {
-		unsigned char *sum;
-
 		sum = xmalloc(digest_length(dh->d));
-		digest_init(dh->d);
-		digest_update(dh->d, dh->key, dh->keylen);
-		digest_final(dh->d, sum);
+		ret = digest_digest(dh->d, dh->key, dh->keylen, sum);
+		if (ret)
+			goto err;
 		dh->keylen = digest_length(dh->d);
 		dh->key = sum;
 	} else {
@@ -79,14 +79,17 @@ static int digest_hmac_set_key(struct digest *d, const unsigned char *key,
 		dh->keylen = len;
 	}
 
-	return 0;
+	ret = 0;
+err:
+	free(sum);
+	return ret;
 }
 
 static int digest_hmac_init(struct digest *d)
 {
 	struct digest_hmac_ctx *dh = d->ctx;
 	struct digest_hmac *hmac = to_digest_hmac(d->algo);
-	int i;
+	int i, ret;
 	unsigned char *key = dh->key;
 	unsigned int keylen = dh->keylen;
 
@@ -98,10 +101,10 @@ static int digest_hmac_init(struct digest *d)
 		dh->opad[i] = (unsigned char)(dh->opad[i] ^ key[i]);
 	}
 
-	digest_init(dh->d);
-	digest_update(dh->d, dh->ipad, hmac->pad_length);
-
-	return 0;
+	ret = digest_init(dh->d);
+	if (ret)
+		return ret;
+	return digest_update(dh->d, dh->ipad, hmac->pad_length);
 }
 
 static int digest_hmac_update(struct digest *d, const void *data,
@@ -117,18 +120,28 @@ static int digest_hmac_final(struct digest *d, unsigned char *md)
 	struct digest_hmac_ctx *dh = d->ctx;
 	struct digest_hmac *hmac = to_digest_hmac(d->algo);
 	unsigned char *tmp = NULL;
+	int ret;
 
 	tmp = xmalloc(digest_length(d));
 
-	digest_final(dh->d, tmp);
-	digest_init(dh->d);
-	digest_update(dh->d, dh->opad, hmac->pad_length);
-	digest_update(dh->d, tmp, digest_length(d));
-	digest_final(dh->d, md);
-
+	ret = digest_final(dh->d, tmp);
+	if (ret)
+		goto err;
+	ret = digest_init(dh->d);
+	if (ret)
+		goto err;
+	ret = digest_update(dh->d, dh->opad, hmac->pad_length);
+	if (ret)
+		goto err;
+	ret = digest_update(dh->d, tmp, digest_length(d));
+	if (ret)
+		goto err;
+	ret = digest_final(dh->d, md);
+
+err:
 	free(tmp);
 
-	return 0;
+	return ret;
 }
 
 struct digest_algo hmac_algo = {
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* [PATCH 10/10] digest: digest_file_window: check every digest_xxx return
  2015-03-16 10:15 ` [PATCH 01/10] digest: add verify callback Jean-Christophe PLAGNIOL-VILLARD
                     ` (7 preceding siblings ...)
  2015-03-16 10:15   ` [PATCH 09/10] crypto: hmac: use digest_digest and check the return of every digest_xxx Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 10:15   ` Jean-Christophe PLAGNIOL-VILLARD
  8 siblings, 0 replies; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 10:15 UTC (permalink / raw)
  To: barebox

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
---
 crypto/digest.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/crypto/digest.c b/crypto/digest.c
index c261f7e..ee1a321 100644
--- a/crypto/digest.c
+++ b/crypto/digest.c
@@ -178,7 +178,9 @@ int digest_file_window(struct digest *d, const char *filename,
 	if (key)
 		digest_set_key(d, key, keylen);
 
-	digest_init(d);
+	ret = digest_init(d);
+	if (ret)
+		return ret;
 
 	fd = open(filename, O_RDONLY);
 	if (fd < 0) {
@@ -222,7 +224,9 @@ int digest_file_window(struct digest *d, const char *filename,
 			goto out_free;
 		}
 
-		digest_update(d, buf, now);
+		ret = digest_update(d, buf, now);
+		if (ret)
+			goto out_free;
 		size -= now;
 		len += now;
 	}
@@ -230,7 +234,7 @@ int digest_file_window(struct digest *d, const char *filename,
 	if (sig)
 		ret = digest_verify(d, sig);
 	else
-		digest_final(d, hash);
+		ret = digest_final(d, hash);
 
 out_free:
 	if (flags)
-- 
2.1.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* Re: [PATCH 07/10] password: add pbkdf2 support
  2015-03-16 10:15   ` [PATCH 07/10] password: add pbkdf2 support Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 10:49     ` Jan Lübbe
  2015-03-16 11:01       ` Jean-Christophe PLAGNIOL-VILLARD
  0 siblings, 1 reply; 23+ messages in thread
From: Jan Lübbe @ 2015-03-16 10:49 UTC (permalink / raw)
  To: barebox

On Mo, 2015-03-16 at 11:15 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> We will use "barebox_password" as salt and 10000 round to generate a
> 64 bytes key.

The purpose of a salt is to protect a against dictionary or
rainbow-table (precomputed) attacks. That means that the Salt must be
randomly generated and saved with the password.

For setting a new password in barebox, even a low entropy salt will make
attacks significantly more expensive. So we should add some entropy from
user interaction timing in that case.

For hashing a password at compile time, we should get the salt from the
host system.

Regards,
Jan
-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* Re: [PATCH 07/10] password: add pbkdf2 support
  2015-03-16 10:49     ` Jan Lübbe
@ 2015-03-16 11:01       ` Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 11:05         ` Jan Lübbe
  0 siblings, 1 reply; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 11:01 UTC (permalink / raw)
  To: Jan Lübbe; +Cc: barebox

On 11:49 Mon 16 Mar     , Jan Lübbe wrote:
> On Mo, 2015-03-16 at 11:15 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > We will use "barebox_password" as salt and 10000 round to generate a
> > 64 bytes key.
> 
> The purpose of a salt is to protect a against dictionary or
> rainbow-table (precomputed) attacks. That means that the Salt must be
> randomly generated and saved with the password.
This will be a enough stong enven with static one to protect against
reverse hack for barebox protection

Use a 32 byte pass try to do an attack agaist dictionary.
it will take you more than 10 years to break it
> 
> For setting a new password in barebox, even a low entropy salt will make
> attacks significantly more expensive. So we should add some entropy from
> user interaction timing in that case.
yes we could do this too
> 
> For hashing a password at compile time, we should get the salt from the
> host system.
yes

do we really need it?

Best Regards,
J.
> 
> Regards,
> Jan
> -- 
> Pengutronix e.K.                           |                             |
> Industrial Linux Solutions                 | http://www.pengutronix.de/  |
> Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
> 
> 
> _______________________________________________
> barebox mailing list
> barebox@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/barebox

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* Re: [PATCH 07/10] password: add pbkdf2 support
  2015-03-16 11:01       ` Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 11:05         ` Jan Lübbe
  2015-03-16 11:25           ` Jean-Christophe PLAGNIOL-VILLARD
  0 siblings, 1 reply; 23+ messages in thread
From: Jan Lübbe @ 2015-03-16 11:05 UTC (permalink / raw)
  To: Jean-Christophe PLAGNIOL-VILLARD; +Cc: barebox

On Mo, 2015-03-16 at 12:01 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> On 11:49 Mon 16 Mar     , Jan Lübbe wrote:
> > On Mo, 2015-03-16 at 11:15 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > > We will use "barebox_password" as salt and 10000 round to generate a
> > > 64 bytes key.
> > 
> > The purpose of a salt is to protect a against dictionary or
> > rainbow-table (precomputed) attacks. That means that the Salt must be
> > randomly generated and saved with the password.
> This will be a enough stong enven with static one to protect against
> reverse hack for barebox protection
> 
> Use a 32 byte pass try to do an attack agaist dictionary.
> it will take you more than 10 years to break it
> > 
> > For setting a new password in barebox, even a low entropy salt will make
> > attacks significantly more expensive. So we should add some entropy from
> > user interaction timing in that case.
> yes we could do this too
> > 
> > For hashing a password at compile time, we should get the salt from the
> > host system.
> yes
> 
> do we really need it?

Yes, definitely. We must use the algorithms as they are intended to be
used.

If we try to move users away from RSA2048 because it will be vulnerable
in the future, we should not go against established practice for
password salts by hard-coding it. 

Regards,
Jan
-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* Re: [PATCH 07/10] password: add pbkdf2 support
  2015-03-16 11:05         ` Jan Lübbe
@ 2015-03-16 11:25           ` Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 11:41             ` Jan Lübbe
  0 siblings, 1 reply; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 11:25 UTC (permalink / raw)
  To: Jan Lübbe; +Cc: barebox

On 12:05 Mon 16 Mar     , Jan Lübbe wrote:
> On Mo, 2015-03-16 at 12:01 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > On 11:49 Mon 16 Mar     , Jan Lübbe wrote:
> > > On Mo, 2015-03-16 at 11:15 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > > > We will use "barebox_password" as salt and 10000 round to generate a
> > > > 64 bytes key.
> > > 
> > > The purpose of a salt is to protect a against dictionary or
> > > rainbow-table (precomputed) attacks. That means that the Salt must be
> > > randomly generated and saved with the password.
> > This will be a enough stong enven with static one to protect against
> > reverse hack for barebox protection
> > 
> > Use a 32 byte pass try to do an attack agaist dictionary.
> > it will take you more than 10 years to break it
> > > 
> > > For setting a new password in barebox, even a low entropy salt will make
> > > attacks significantly more expensive. So we should add some entropy from
> > > user interaction timing in that case.
> > yes we could do this too
> > > 
> > > For hashing a password at compile time, we should get the salt from the
> > > host system.
> > yes
> > 
> > do we really need it?
> 
> Yes, definitely. We must use the algorithms as they are intended to be
> used.
> 
> If we try to move users away from RSA2048 because it will be vulnerable
> in the future, we should not go against established practice for
> password salts by hard-coding it. 
I'm not against it but with the barebox entropy did not see the point to use
it.

so how do we generate the salt? what length

Personnaly I'll prefer

a random 64 bytes | sha256 | take first 32bytes. | pbkdf2 10000 round

result a 64 bytes password file <salt 32 byes><key 32 bytes>

Best Regards,
J.

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* Re: [PATCH 07/10] password: add pbkdf2 support
  2015-03-16 11:25           ` Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 11:41             ` Jan Lübbe
  2015-03-16 11:52               ` Jean-Christophe PLAGNIOL-VILLARD
  0 siblings, 1 reply; 23+ messages in thread
From: Jan Lübbe @ 2015-03-16 11:41 UTC (permalink / raw)
  To: Jean-Christophe PLAGNIOL-VILLARD; +Cc: barebox

On Mo, 2015-03-16 at 12:25 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > Yes, definitely. We must use the algorithms as they are intended to be
> > used.
> > 
> > If we try to move users away from RSA2048 because it will be vulnerable
> > in the future, we should not go against established practice for
> > password salts by hard-coding it. 
> I'm not against it but with the barebox entropy did not see the point to use
> it.
> 
> so how do we generate the salt? what length
> 
> Personnaly I'll prefer
> 
> a random 64 bytes | sha256 | take first 32bytes. | pbkdf2 10000 round

Running SHA-256 on random data is useless for security. Just get
<hash-size> bytes from /dev/urandom on the host. We could generate a
file with the compile-time SALT which is then included.

On the running barebox, we could use SHA to hash the old password file
together with the current timer value. At least until we have something
better.

> result a 64 bytes password file <salt 32 byes><key 32 bytes>

Yes. As we select the algorithm at compile time, we don't the to save it
in the file.

Regards,
Jan
-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* Re: [PATCH 04/10] command: add generic digest command
  2015-03-16 10:15   ` [PATCH 04/10] command: add generic digest command Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 11:49     ` Jan Lübbe
  2015-03-16 14:51       ` Jean-Christophe PLAGNIOL-VILLARD
  0 siblings, 1 reply; 23+ messages in thread
From: Jan Lübbe @ 2015-03-16 11:49 UTC (permalink / raw)
  To: barebox

On Mo, 2015-03-16 at 11:15 +0100, Jean-Christophe PLAGNIOL-VILLARD
wrote:
> +BAREBOX_CMD_HELP_START(digest)
> +BAREBOX_CMD_HELP_TEXT("Calculate a digest over a FILE or a memory
> area.")
> +BAREBOX_CMD_HELP_TEXT("Options:")
> +BAREBOX_CMD_HELP_OPT ("-a <algo>\t",  "digest to use")
> +BAREBOX_CMD_HELP_OPT ("-k <key>\t",  "key as text")
> +BAREBOX_CMD_HELP_OPT ("-K <file>\t",  "key file")
> +BAREBOX_CMD_HELP_OPT ("-s <sig>\t",  "digest")
> +BAREBOX_CMD_HELP_OPT ("-S <file>\t",  "digest flie")
> +BAREBOX_CMD_HELP_END

We're mixing different terms here: digest and signature

Signature is usually used in the context of public key crypto, digest is
mostly used with for hashes. The command uses both interchangeably.

How about:
-a <algo>	hash or signature algorithm to use
-k <key>	use supplied <key> (ASCII or hex) for MAC
-K <file>	use key from <file> (binary) for MAC
-v <hex>	verify data against supplied <hex> (hash, MAC or signature)
-V <file>	verify data against <file> (hash, MAC or signature)

Regards,
Jan
-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* Re: [PATCH 07/10] password: add pbkdf2 support
  2015-03-16 11:41             ` Jan Lübbe
@ 2015-03-16 11:52               ` Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 11:58                 ` Jan Lübbe
  0 siblings, 1 reply; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 11:52 UTC (permalink / raw)
  To: Jan Lübbe; +Cc: barebox

On 12:41 Mon 16 Mar     , Jan Lübbe wrote:
> On Mo, 2015-03-16 at 12:25 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > > Yes, definitely. We must use the algorithms as they are intended to be
> > > used.
> > > 
> > > If we try to move users away from RSA2048 because it will be vulnerable
> > > in the future, we should not go against established practice for
> > > password salts by hard-coding it. 
> > I'm not against it but with the barebox entropy did not see the point to use
> > it.
> > 
> > so how do we generate the salt? what length
> > 
> > Personnaly I'll prefer
> > 
> > a random 64 bytes | sha256 | take first 32bytes. | pbkdf2 10000 round
> 
> Running SHA-256 on random data is useless for security.
SHA256 is to improve the entrpopy not security
> Just get
> <hash-size> bytes from /dev/urandom on the host. We could generate a
> file with the compile-time SALT which is then included.
> 
> On the running barebox, we could use SHA to hash the old password file
> together with the current timer value. At least until we have something
> better.
> 
> > result a 64 bytes password file <salt 32 byes><key 32 bytes>
> 
> Yes. As we select the algorithm at compile time, we don't the to save it
> in the file.

this is for barebox as we may not have any passwd file

Best Regards,
J.
> 
> Regards,
> Jan
> -- 
> Pengutronix e.K.                           |                             |
> Industrial Linux Solutions                 | http://www.pengutronix.de/  |
> Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
> 

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* Re: [PATCH 07/10] password: add pbkdf2 support
  2015-03-16 11:52               ` Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 11:58                 ` Jan Lübbe
  2015-03-16 12:10                   ` Jean-Christophe PLAGNIOL-VILLARD
  0 siblings, 1 reply; 23+ messages in thread
From: Jan Lübbe @ 2015-03-16 11:58 UTC (permalink / raw)
  To: Jean-Christophe PLAGNIOL-VILLARD; +Cc: barebox

On Mo, 2015-03-16 at 12:52 +0100, Jean-Christophe PLAGNIOL-VILLARD
wrote:
> On 12:41 Mon 16 Mar     , Jan Lübbe wrote:
> > On Mo, 2015-03-16 at 12:25 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > > > Yes, definitely. We must use the algorithms as they are intended to be
> > > > used.
> > > > 
> > > > If we try to move users away from RSA2048 because it will be vulnerable
> > > > in the future, we should not go against established practice for
> > > > password salts by hard-coding it. 
> > > I'm not against it but with the barebox entropy did not see the point to use
> > > it.
> > > 
> > > so how do we generate the salt? what length
> > > 
> > > Personnaly I'll prefer
> > > 
> > > a random 64 bytes | sha256 | take first 32bytes. | pbkdf2 10000 round
> > 
> > Running SHA-256 on random data is useless for security.
> SHA256 is to improve the entrpopy not security

Running a deterministic algorithm cannot increase entropy (only reduce
it).

> > Just get
> > <hash-size> bytes from /dev/urandom on the host. We could generate a
> > file with the compile-time SALT which is then included.
> > 
> > On the running barebox, we could use SHA to hash the old password file
> > together with the current timer value. At least until we have something
> > better.
> > 
> > > result a 64 bytes password file <salt 32 byes><key 32 bytes>
> > 
> > Yes. As we select the algorithm at compile time, we don't the to save it
> > in the file.
> 
> this is for barebox as we may not have any passwd file

The same applies also to the default_passwd compiled in variable.

Currently we have:
PASSWD_FILE := $(shell cd $(srctree); find $(CONFIG_PASSWORD_DEFAULT) -type f)
cmd_pwd_h = echo -n "static const char default_passwd[] = \"" > $@; \
        cat $< | tr -d '\n' >> $@; \
        echo "\";" >> $@

include/generated/passwd.h: $(PASSWD_FILE)
        $(call if_changed,pwd_h)

This would need to run the hash/pbkdf2 and store salt+key.

Regards,
Jan
-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* Re: [PATCH 07/10] password: add pbkdf2 support
  2015-03-16 11:58                 ` Jan Lübbe
@ 2015-03-16 12:10                   ` Jean-Christophe PLAGNIOL-VILLARD
  2015-03-16 13:14                     ` Jan Lübbe
  0 siblings, 1 reply; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 12:10 UTC (permalink / raw)
  To: Jan Lübbe; +Cc: barebox

On 12:58 Mon 16 Mar     , Jan Lübbe wrote:
> On Mo, 2015-03-16 at 12:52 +0100, Jean-Christophe PLAGNIOL-VILLARD
> wrote:
> > On 12:41 Mon 16 Mar     , Jan Lübbe wrote:
> > > On Mo, 2015-03-16 at 12:25 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > > > > Yes, definitely. We must use the algorithms as they are intended to be
> > > > > used.
> > > > > 
> > > > > If we try to move users away from RSA2048 because it will be vulnerable
> > > > > in the future, we should not go against established practice for
> > > > > password salts by hard-coding it. 
> > > > I'm not against it but with the barebox entropy did not see the point to use
> > > > it.
> > > > 
> > > > so how do we generate the salt? what length
> > > > 
> > > > Personnaly I'll prefer
> > > > 
> > > > a random 64 bytes | sha256 | take first 32bytes. | pbkdf2 10000 round
> > > 
> > > Running SHA-256 on random data is useless for security.
> > SHA256 is to improve the entrpopy not security
> 
> Running a deterministic algorithm cannot increase entropy (only reduce
> it).

check the kennel algo for PRGN

and youp will see why I want to use a sha

> 
> > > Just get
> > > <hash-size> bytes from /dev/urandom on the host. We could generate a
> > > file with the compile-time SALT which is then included.
> > > 
> > > On the running barebox, we could use SHA to hash the old password file
> > > together with the current timer value. At least until we have something
> > > better.
> > > 
> > > > result a 64 bytes password file <salt 32 byes><key 32 bytes>
> > > 
> > > Yes. As we select the algorithm at compile time, we don't the to save it
> > > in the file.
> > 
> > this is for barebox as we may not have any passwd file
> 
> The same applies also to the default_passwd compiled in variable.
> 
> Currently we have:
> PASSWD_FILE := $(shell cd $(srctree); find $(CONFIG_PASSWORD_DEFAULT) -type f)
> cmd_pwd_h = echo -n "static const char default_passwd[] = \"" > $@; \
>         cat $< | tr -d '\n' >> $@; \
>         echo "\";" >> $@
> 
> include/generated/passwd.h: $(PASSWD_FILE)
>         $(call if_changed,pwd_h)
> 
> This would need to run the hash/pbkdf2 and store salt+key.

no as the current current code expect you to give the correct file format for
the currently use password

so today the output of openssl

but yes we may need to do more here

Best Regards,
J.

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* Re: [PATCH 07/10] password: add pbkdf2 support
  2015-03-16 12:10                   ` Jean-Christophe PLAGNIOL-VILLARD
@ 2015-03-16 13:14                     ` Jan Lübbe
  2015-03-16 13:55                       ` Jean-Christophe PLAGNIOL-VILLARD
  0 siblings, 1 reply; 23+ messages in thread
From: Jan Lübbe @ 2015-03-16 13:14 UTC (permalink / raw)
  To: Jean-Christophe PLAGNIOL-VILLARD; +Cc: barebox

On Mo, 2015-03-16 at 13:10 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> On 12:58 Mon 16 Mar     , Jan Lübbe wrote:
> > > > > Personnaly I'll prefer
> > > > > 
> > > > > a random 64 bytes | sha256 | take first 32bytes. | pbkdf2 10000 round
> > > > 
> > > > Running SHA-256 on random data is useless for security.
> > > SHA256 is to improve the entrpopy not security
> > 
> > Running a deterministic algorithm cannot increase entropy (only reduce
> > it).
> 
> check the kennel algo for PRGN

PRNG? That is a different use case. The kernel takes sources of entropy
and uses those to seed an CSPRNG:
http://www.2uo.de/myths-about-urandom/

> and youp will see why I want to use a sha

Having high entropy and appearing random are different properties. As
SHA-256 is deterministic it *cannot* increase entropy:
http://en.wikipedia.org/wiki/Entropy_(information_theory)

> > > > Just get
> > > > <hash-size> bytes from /dev/urandom on the host. We could generate a
> > > > file with the compile-time SALT which is then included.
> > > > 
> > > > On the running barebox, we could use SHA to hash the old password file
> > > > together with the current timer value. At least until we have something
> > > > better.
> > > > 
> > > > > result a 64 bytes password file <salt 32 byes><key 32 bytes>
> > > > 
> > > > Yes. As we select the algorithm at compile time, we don't the to save it
> > > > in the file.
> > > 
> > > this is for barebox as we may not have any passwd file
> > 
> > The same applies also to the default_passwd compiled in variable.
> > 
> > Currently we have:
> > PASSWD_FILE := $(shell cd $(srctree); find $(CONFIG_PASSWORD_DEFAULT) -type f)
> > cmd_pwd_h = echo -n "static const char default_passwd[] = \"" > $@; \
> >         cat $< | tr -d '\n' >> $@; \
> >         echo "\";" >> $@
> > 
> > include/generated/passwd.h: $(PASSWD_FILE)
> >         $(call if_changed,pwd_h)
> > 
> > This would need to run the hash/pbkdf2 and store salt+key.
> 
> no as the current current code expect you to give the correct file format for
> the currently use password
> 
> so today the output of openssl

Ah, sorry I misread the code here. I though that the plaintext password
was in the config. CONFIG_PASSWORD_DEFAULT must be the name of a file in
the srctree with the format matching the selected hash algo?

> but yes we may need to do more here

It seems there is no standard tool to create password hashes which
supports all the algorithms we want to have.

So the current way is to use barebox itself to create the default
password file? Should be have a host tool for that or is barebox sandbox
enough?

Regards,
Jan
-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* Re: [PATCH 07/10] password: add pbkdf2 support
  2015-03-16 13:14                     ` Jan Lübbe
@ 2015-03-16 13:55                       ` Jean-Christophe PLAGNIOL-VILLARD
  0 siblings, 0 replies; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 13:55 UTC (permalink / raw)
  To: Jan Lübbe; +Cc: barebox

On 14:14 Mon 16 Mar     , Jan Lübbe wrote:
> On Mo, 2015-03-16 at 13:10 +0100, Jean-Christophe PLAGNIOL-VILLARD wrote:
> > On 12:58 Mon 16 Mar     , Jan Lübbe wrote:
> > > > > > Personnaly I'll prefer
> > > > > > 
> > > > > > a random 64 bytes | sha256 | take first 32bytes. | pbkdf2 10000 round
> > > > > 
> > > > > Running SHA-256 on random data is useless for security.
> > > > SHA256 is to improve the entrpopy not security
> > > 
> > > Running a deterministic algorithm cannot increase entropy (only reduce
> > > it).
> > 
> > check the kennel algo for PRGN
> 
> PRNG? That is a different use case. The kernel takes sources of entropy
> and uses those to seed an CSPRNG:
> http://www.2uo.de/myths-about-urandom/

I known how work urandom and random but the kernel do use SHA-1 for generating
the Random numbers. I do not want to go to deep in the algo we can look at the
code.
> 
> > and youp will see why I want to use a sha
> 
> Having high entropy and appearing random are different properties. As
> SHA-256 is deterministic it *cannot* increase entropy:
> http://en.wikipedia.org/wiki/Entropy_(information_theory)
I known about it
> 
> > > > > Just get
> > > > > <hash-size> bytes from /dev/urandom on the host. We could generate a
> > > > > file with the compile-time SALT which is then included.
> > > > > 
> > > > > On the running barebox, we could use SHA to hash the old password file
> > > > > together with the current timer value. At least until we have something
> > > > > better.
> > > > > 
> > > > > > result a 64 bytes password file <salt 32 byes><key 32 bytes>
> > > > > 
> > > > > Yes. As we select the algorithm at compile time, we don't the to save it
> > > > > in the file.
> > > > 
> > > > this is for barebox as we may not have any passwd file
> > > 
> > > The same applies also to the default_passwd compiled in variable.
> > > 
> > > Currently we have:
> > > PASSWD_FILE := $(shell cd $(srctree); find $(CONFIG_PASSWORD_DEFAULT) -type f)
> > > cmd_pwd_h = echo -n "static const char default_passwd[] = \"" > $@; \
> > >         cat $< | tr -d '\n' >> $@; \
> > >         echo "\";" >> $@
> > > 
> > > include/generated/passwd.h: $(PASSWD_FILE)
> > >         $(call if_changed,pwd_h)
> > > 
> > > This would need to run the hash/pbkdf2 and store salt+key.
> > 
> > no as the current current code expect you to give the correct file format for
> > the currently use password
> > 
> > so today the output of openssl
> 
> Ah, sorry I misread the code here. I though that the plaintext password
> was in the config. CONFIG_PASSWORD_DEFAULT must be the name of a file in
> the srctree with the format matching the selected hash algo?
> 
> > but yes we may need to do more here
> 
> It seems there is no standard tool to create password hashes which
> supports all the algorithms we want to have.
> 
> So the current way is to use barebox itself to create the default
> password file? Should be have a host tool for that or is barebox sandbox
> enough?

yes sandbox is enough we can create such tool but today it's just the sha of
the password store in base64 so you can easly create it in shell

if we start to play we random salt yes we do need a tool

Best Regards,
J.

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

* Re: [PATCH 04/10] command: add generic digest command
  2015-03-16 11:49     ` Jan Lübbe
@ 2015-03-16 14:51       ` Jean-Christophe PLAGNIOL-VILLARD
  0 siblings, 0 replies; 23+ messages in thread
From: Jean-Christophe PLAGNIOL-VILLARD @ 2015-03-16 14:51 UTC (permalink / raw)
  To: Jan Lübbe; +Cc: barebox

On 12:49 Mon 16 Mar     , Jan Lübbe wrote:
> On Mo, 2015-03-16 at 11:15 +0100, Jean-Christophe PLAGNIOL-VILLARD
> wrote:
> > +BAREBOX_CMD_HELP_START(digest)
> > +BAREBOX_CMD_HELP_TEXT("Calculate a digest over a FILE or a memory
> > area.")
> > +BAREBOX_CMD_HELP_TEXT("Options:")
> > +BAREBOX_CMD_HELP_OPT ("-a <algo>\t",  "digest to use")
> > +BAREBOX_CMD_HELP_OPT ("-k <key>\t",  "key as text")
> > +BAREBOX_CMD_HELP_OPT ("-K <file>\t",  "key file")
> > +BAREBOX_CMD_HELP_OPT ("-s <sig>\t",  "digest")
> > +BAREBOX_CMD_HELP_OPT ("-S <file>\t",  "digest flie")
> > +BAREBOX_CMD_HELP_END
> 
> We're mixing different terms here: digest and signature
> 
> Signature is usually used in the context of public key crypto, digest is
> mostly used with for hashes. The command uses both interchangeably.
> 
> How about:
> -a <algo>	hash or signature algorithm to use
> -k <key>	use supplied <key> (ASCII or hex) for MAC
> -K <file>	use key from <file> (binary) for MAC
> -v <hex>	verify data against supplied <hex> (hash, MAC or signature)
> -V <file>	verify data against <file> (hash, MAC or signature)

good for me

Best Regards,
J.
> 
> Regards,
> Jan
> -- 
> Pengutronix e.K.                           |                             |
> Industrial Linux Solutions                 | http://www.pengutronix.de/  |
> Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
> Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
> 
> 
> _______________________________________________
> barebox mailing list
> barebox@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/barebox

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

^ permalink raw reply	[flat|nested] 23+ messages in thread

end of thread, other threads:[~2015-03-16 14:51 UTC | newest]

Thread overview: 23+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-16 10:13 [PATCH 00/10 v3] prepare for rsa support Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15 ` [PATCH 01/10] digest: add verify callback Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15   ` [PATCH 02/10] command: rename digest.c to hashsum.c Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15   ` [PATCH 03/10] command: allow runtime usage Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15   ` [PATCH 04/10] command: add generic digest command Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 11:49     ` Jan Lübbe
2015-03-16 14:51       ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15   ` [PATCH 05/10] digest: add digest callback Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15   ` [PATCH 06/10] crypto: add pbkdf2 hmac key generator Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15   ` [PATCH 07/10] password: add pbkdf2 support Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:49     ` Jan Lübbe
2015-03-16 11:01       ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 11:05         ` Jan Lübbe
2015-03-16 11:25           ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 11:41             ` Jan Lübbe
2015-03-16 11:52               ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 11:58                 ` Jan Lübbe
2015-03-16 12:10                   ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 13:14                     ` Jan Lübbe
2015-03-16 13:55                       ` Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15   ` [PATCH 08/10] digest: allow algo to specify their length at runtime Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15   ` [PATCH 09/10] crypto: hmac: use digest_digest and check the return of every digest_xxx Jean-Christophe PLAGNIOL-VILLARD
2015-03-16 10:15   ` [PATCH 10/10] digest: digest_file_window: check every digest_xxx return Jean-Christophe PLAGNIOL-VILLARD

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox