From b166ae6ba45d2b1069a948e24b1148bf7db196a8 Mon Sep 17 00:00:00 2001
From: John Klug <john.klug@multitech.com>
Date: Tue, 4 Apr 2017 11:08:46 -0500
Subject: Add password creation utility mts-ubpasswd

---
 .../u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch | 312 +++++++++++++++++++++
 1 file changed, 312 insertions(+)
 create mode 100644 recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch

(limited to 'recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch')

diff --git a/recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch b/recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch
new file mode 100644
index 0000000..5338a6a
--- /dev/null
+++ b/recipes-bsp/u-boot/u-boot-2012.10/u-boot-2012.10-pwd.patch
@@ -0,0 +1,312 @@
+diff --git a/common/Makefile b/common/Makefile
+index 973f05a..12e8c00 100644
+--- a/common/Makefile
++++ b/common/Makefile
+@@ -173,7 +173,7 @@ COBJS-$(CONFIG_YAFFS2) += cmd_yaffs2.o
+ COBJS-$(CONFIG_CMD_SPL) += cmd_spl.o
+ COBJS-$(CONFIG_CMD_ZIP) += cmd_zip.o
+ COBJS-$(CONFIG_CMD_ZFS) += cmd_zfs.o
+-
++COBJS-$(CONFIG_MTS_PASSWD) += mts_passwd.o
+ # others
+ ifdef CONFIG_DDR_SPD
+ SPD := y
+diff --git a/common/main.c b/common/main.c
+index 9507cec..249bf6e 100644
+--- a/common/main.c
++++ b/common/main.c
+@@ -403,7 +403,7 @@ void main_loop (void)
+ 	}
+ #endif /* CONFIG_MENUKEY */
+ #endif /* CONFIG_BOOTDELAY */
+-
++	mts_run_passwd_loop();
+ 	/*
+ 	 * Main Loop for Monitor Command Processing
+ 	 */
+diff --git a/common/mts_passwd.c b/common/mts_passwd.c
+new file mode 100644
+index 0000000..947ac3a
+--- /dev/null
++++ b/common/mts_passwd.c
+@@ -0,0 +1,248 @@
++#include <common.h>
++#include <linux/ctype.h>
++#include <watchdog.h>
++#include <sha256.h>
++#include <mts_passwd.h>
++
++#define MTS_PASSWD_ATTEMPTS (3)
++#define MTS_PASSWD_MAX_LEN  (30)
++#define MTS_PASSWD_HASH_VAR "mtsp"
++#define MTS_PASSWD_SALT_VAR "mtss"
++#define MTS_PASSWD_PROMPT   "Enter password : "
++
++static
++void mts_do_reset(unsigned long delay)
++{
++    mdelay(delay);
++    do_reset(NULL, 0, 0, NULL);
++}
++
++/*
++ *
++ * Figure out if device is locked or not
++ *
++ */
++static
++int mts_get_protection_status(void)
++{
++    int rc = 0; /* UNLOCKED */
++    char *var = NULL;
++    int len;
++
++    var = getenv(MTS_PASSWD_HASH_VAR);
++
++    do {
++        /* Variable is not set */
++        if (!var) break;
++
++        len = strlen(var);
++
++        /* Variable is empty */
++        if (len == 0) break;
++
++        /*
++         * Length should be correct. Otherwise, do not unlock the device, just show the message and reset.
++         */
++        if (len != 2*SHA256_SUM_LEN) {
++            puts("WARNING: password is corrupted\n");
++            mts_do_reset(1000);
++        }
++
++        /* LOCKED */
++        rc = 1;
++
++    } while (0);
++
++    return rc;
++}
++
++
++/*
++ *
++ * Helper function for the password reading
++ *
++ */
++static
++char *mts_password_delete_char(char *buffer, char *p, int *colp, int *np, int plen)
++{
++    static char erase_seq[] = "\b \b";
++
++    if (*np == 0) {
++        return (p);
++    }
++
++    --p;
++    puts(erase_seq);
++    (*colp)--;
++
++    (*np)--;
++    return (p);
++}
++
++/*
++ *
++ * Read password helper
++ *
++ */
++static
++int mts_password_into_buffer(const char *const prompt, char *buf, size_t buflen)
++{
++    char *p = buf;
++    char *p_buf = p;
++    int   n = 0;         /* buffer index */
++    int   plen = 0;      /* prompt length */
++    int   col;           /* output column cnt */
++    char  c;
++
++    /* print prompt */
++    if (prompt) {
++        plen = strlen(prompt);
++        puts (prompt);
++    }
++
++    col = plen;
++
++    for (;;) {
++
++        WATCHDOG_RESET();
++
++        c = getc();
++
++        /*
++         * Special character handling
++         */
++        switch (c) {
++        case '\r':           /* Enter */
++        case '\n':
++            *p = '\0';
++            puts("\r\n");
++            return (p - p_buf);
++
++        case '\0':           /* nul */
++        case '\t':
++            continue;
++
++        case 0x03:           /* ^C - break */
++            p_buf[0] = '\0'; /* discard input */
++            puts("\r\n");
++            return (-1);
++
++        case 0x08:           /* ^H  - backspace */
++        case 0x7F:           /* DEL - backspace */
++            p = mts_password_delete_char(p_buf, p, &col, &n, plen);
++            continue;
++
++        default:
++            /*
++             * Must be a normal character then
++             */
++           if (n < buflen - 2) {
++               ++col;       /* echo input */
++               *p++ = c;
++               ++n;
++           }
++           putc('*');
++        }
++    }
++}
++
++/*
++ *
++ * Read the password from input
++ *
++ */
++static 
++int read_password(char *buf, size_t buflen)
++{
++    return mts_password_into_buffer(MTS_PASSWD_PROMPT, buf, buflen);
++}
++
++/*
++ *
++ * Verify if the entered password is correct.
++ *
++ */
++static
++int verify_password(char *pwd, size_t pwdlen)
++{
++    char *hash_env = getenv(MTS_PASSWD_HASH_VAR);;
++    char *salt_env = getenv(MTS_PASSWD_SALT_VAR);
++
++    if (pwd && pwdlen > 0 && hash_env && (strlen(hash_env) == 2*SHA256_SUM_LEN)) {
++        uint8_t hash[SHA256_SUM_LEN];
++        uint8_t prefix[]={'0','3','e','3'};
++        sha256_context ctx;
++        char tmp[3];
++        int i;
++
++        sha256_starts(&ctx);
++        sha256_update(&ctx, prefix, 4);
++        sha256_update(&ctx, (uint8_t *) pwd, pwdlen);
++        if (salt_env) {
++            size_t saltlen = strlen(salt_env);
++            sha256_update(&ctx, (uint8_t *) salt_env, saltlen);
++        }
++        sha256_finish(&ctx, hash);
++        memset(&ctx, 0, sizeof(sha256_context));
++
++        for (i = 0; i < SHA256_SUM_LEN; i++) {
++            snprintf(tmp, sizeof tmp, "%02x", hash[i]);
++            if (tolower(tmp[0]) != tolower(hash_env[2*i]) ||
++                tolower(tmp[1]) != tolower(hash_env[2*i + 1])) {
++                break;
++            }
++        }
++
++        if (i == SHA256_SUM_LEN) {
++            return 1;
++        }
++    }
++
++    return 0;
++}
++
++/*
++ *
++ * Check is the device is locked and ask the password.
++ *
++ */
++void mts_run_passwd_loop(void)
++{
++    char buf[MTS_PASSWD_MAX_LEN] = "\0";
++    unsigned long delay = 1000; /* 1 second initially */
++    int len;
++    int trynr = 0;
++
++    /* Do not delete */
++    printf("", "mts password protected");
++
++    if (mts_get_protection_status() == 0) {
++        return;
++    }
++
++    while (1) {
++        if (trynr == MTS_PASSWD_ATTEMPTS) {
++            mts_do_reset(1000);
++        }
++
++        len = read_password(buf, MTS_PASSWD_MAX_LEN);
++        if (len > 0) {
++            if (verify_password(buf, len)) {
++               /* zero out */
++               memset(buf, 0, sizeof(buf));
++               return;
++            }
++            puts("Permission denied\n");
++        }
++
++        trynr++;
++
++        /* progressive delay */
++        mdelay(delay);
++        delay *= 2;
++        if (delay > 4000) delay = 4000;
++    }
++    /* zero out */
++    memset(buf, 0, sizeof(buf));
++    return;
++}
+diff --git a/include/common.h b/include/common.h
+index a7fb05e..b334700 100644
+--- a/include/common.h
++++ b/include/common.h
+@@ -41,6 +41,7 @@ typedef volatile unsigned char	vu_char;
+ #include <linux/string.h>
+ #include <asm/ptrace.h>
+ #include <stdarg.h>
++#include <mts_passwd.h>
+ #if defined(CONFIG_PCI) && (defined(CONFIG_4xx) && !defined(CONFIG_AP1000))
+ #include <pci.h>
+ #endif
+diff --git a/include/mts_passwd.h b/include/mts_passwd.h
+new file mode 100644
+index 0000000..1668d8f
+--- /dev/null
++++ b/include/mts_passwd.h
+@@ -0,0 +1,13 @@
++#ifndef _MTS_PASSWD_H
++#define _MTS_PASSWD_H
++
++#define CONFIG_MTS_PASSWD
++
++#if defined(CONFIG_MTS_PASSWD)
++#define CONFIG_SHA256
++void mts_run_passwd_loop(void);
++#else
++#define mts_run_passwd_loop() {}
++#endif
++
++#endif
+\ No newline at end of file
-- 
cgit v1.2.3