Nyaaori/rockbox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

One-Time Password client (HOTP and TOTP)

Browse source 
* Implements RFC 4226 (HOTP) and RFC 6238 (TOTP)

* Adds sha1.c to apps/plugins/lib (orignally tools/hmac-sha1.c)

* See manual entry for more information

Change-Id: Ia4a4031b29f97361b541e71438aa7f3ea82212f2
This commit is contained in:
Franklin Wei 2016-05-25 21:43:32 -04:00
parent 59ae562a32
commit 30d7ead6af
9 changed files with 1724 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apps/plugins/CATEGORIES
View file

@ -65,6 +65,7 @@ mp3_encoder,apps
mpegplayer,viewers
nim,games
oscilloscope,demos
otp,apps
pacbox,games
pdbox,viewers
pegbox,games

1
apps/plugins/SOURCES
View file

@ -33,6 +33,7 @@ disktidy.c
flipit.c
shopper.c
resistor.c
otp.c
#ifdef USB_ENABLE_HID
remote_control.c

1
apps/plugins/lib/SOURCES
View file

@ -1,3 +1,4 @@
sha1.c
gcc-support.c
pluginlib_actions.c
helper.c

434
apps/plugins/lib/sha1.c Normal file
View file

@ -0,0 +1,434 @@
/* sha1.c - Functions to compute SHA1 message digest of files or
memory blocks according to the NIST specification FIPS-180-1.
Copyright (C) 2000, 2001, 2003, 2004, 2005, 2006 Free Software
Foundation, Inc.
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2, or (at your option) any
later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
/* Written by Scott G. Miller
Credits:
Robert Klep <robert@ilse.nl> -- Expansion function fix
*/
#include "plugin.h"
#include "sha1.h"
#ifdef WORDS_BIGENDIAN
# define SWAP(n) (n)
#else
# define SWAP(n) \
(((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
#endif
#define BLOCKSIZE 4096
#if BLOCKSIZE % 64 != 0
# error "invalid BLOCKSIZE"
#endif
/* This array contains the bytes used to pad the buffer to the next
64-byte boundary. (RFC 1321, 3.1: Step 1) */
static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
/* Take a pointer to a 160 bit block of data (five 32 bit ints) and
initialize it to the start constants of the SHA1 algorithm. This
must be called before using hash in the call to sha1_hash. */
void
sha1_init_ctx (struct sha1_ctx *ctx)
{
ctx->A = 0x67452301;
ctx->B = 0xefcdab89;
ctx->C = 0x98badcfe;
ctx->D = 0x10325476;
ctx->E = 0xc3d2e1f0;
ctx->total[0] = ctx->total[1] = 0;
ctx->buflen = 0;
}
/* Put result from CTX in first 20 bytes following RESBUF. The result
must be in little endian byte order.
IMPORTANT: On some systems it is required that RESBUF is correctly
aligned for a 32-bit value. */
void *
sha1_read_ctx (const struct sha1_ctx *ctx, void *resbuf)
{
((uint32_t *) resbuf)[0] = SWAP (ctx->A);
((uint32_t *) resbuf)[1] = SWAP (ctx->B);
((uint32_t *) resbuf)[2] = SWAP (ctx->C);
((uint32_t *) resbuf)[3] = SWAP (ctx->D);
((uint32_t *) resbuf)[4] = SWAP (ctx->E);
return resbuf;
}
/* Process the remaining bytes in the internal buffer and the usual
prolog according to the standard and write the result to RESBUF.
IMPORTANT: On some systems it is required that RESBUF is correctly
aligned for a 32-bit value. */
void *
sha1_finish_ctx (struct sha1_ctx *ctx, void *resbuf)
{
/* Take yet unprocessed bytes into account. */
uint32_t bytes = ctx->buflen;
size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
/* Now count remaining bytes. */
ctx->total[0] += bytes;
if (ctx->total[0] < bytes)
++ctx->total[1];
/* Put the 64-bit file length in *bits* at the end of the buffer. */
ctx->buffer[size - 2] = SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29));
ctx->buffer[size - 1] = SWAP (ctx->total[0] << 3);
memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
/* Process last bytes. */
sha1_process_block (ctx->buffer, size * 4, ctx);
return sha1_read_ctx (ctx, resbuf);
}
/* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The
result is always in little endian byte order, so that a byte-wise
output yields to the wanted ASCII representation of the message
digest. */
void *sha1_buffer (const char *buffer, size_t len, void *resblock)
{
struct sha1_ctx ctx;
/* Initialize the computation context. */
sha1_init_ctx (&ctx);
/* Process whole buffer but last len % 64 bytes. */
sha1_process_bytes (buffer, len, &ctx);
/* Put result in desired memory area. */
return sha1_finish_ctx (&ctx, resblock);
}
void
sha1_process_bytes (const void *buffer, size_t len, struct sha1_ctx *ctx)
{
/* When we already have some bits in our internal buffer concatenate
both inputs first. */
if (ctx->buflen != 0)
{
size_t left_over = ctx->buflen;
size_t add = 128 - left_over > len ? len : 128 - left_over;
memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
ctx->buflen += add;
if (ctx->buflen > 64)
{
sha1_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
ctx->buflen &= 63;
/* The regions in the following copy operation cannot overlap. */
memcpy (ctx->buffer,
&((char *) ctx->buffer)[(left_over + add) & ~63],
ctx->buflen);
}
buffer = (const char *) buffer + add;
len -= add;
}
/* Process available complete blocks. */
if (len >= 64)
{
{
sha1_process_block (buffer, len & ~63, ctx);
buffer = (const char *) buffer + (len & ~63);
len &= 63;
}
}
/* Move remaining bytes in internal buffer. */
if (len > 0)
{
size_t left_over = ctx->buflen;
memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
left_over += len;
if (left_over >= 64)
{
sha1_process_block (ctx->buffer, 64, ctx);
left_over -= 64;
memcpy (ctx->buffer, &ctx->buffer[16], left_over);
}
ctx->buflen = left_over;
}
}
/* --- Code below is the primary difference between md5.c and sha1.c --- */
/* SHA1 round constants */
#define K1 0x5a827999
#define K2 0x6ed9eba1
#define K3 0x8f1bbcdc
#define K4 0xca62c1d6
/* Round functions. Note that F2 is the same as F4. */
#define F1(B,C,D) ( D ^ ( B & ( C ^ D ) ) )
#define F2(B,C,D) (B ^ C ^ D)
#define F3(B,C,D) ( ( B & C ) | ( D & ( B | C ) ) )
#define F4(B,C,D) (B ^ C ^ D)
/* Process LEN bytes of BUFFER, accumulating context into CTX.
It is assumed that LEN % 64 == 0.
Most of this code comes from GnuPG's cipher/sha1.c. */
void
sha1_process_block (const void *buffer, size_t len, struct sha1_ctx *ctx)
{
const uint32_t *words = buffer;
size_t nwords = len / sizeof (uint32_t);
const uint32_t *endp = words + nwords;
uint32_t x[16];
uint32_t a = ctx->A;
uint32_t b = ctx->B;
uint32_t c = ctx->C;
uint32_t d = ctx->D;
uint32_t e = ctx->E;
/* First increment the byte count. RFC 1321 specifies the possible
length of the file up to 2^64 bits. Here we only compute the
number of bytes. Do a double word increment. */
ctx->total[0] += len;
if (ctx->total[0] < len)
++ctx->total[1];
#define rol(x, n) (((x) << (n)) | ((uint32_t) (x) >> (32 - (n))))
#define M(I) ( tm = x[I&0x0f] ^ x[(I-14)&0x0f] \
^ x[(I-8)&0x0f] ^ x[(I-3)&0x0f] \
, (x[I&0x0f] = rol(tm, 1)) )
#define R(A,B,C,D,E,F,K,M) do { E += rol( A, 5 ) \
+ F( B, C, D ) \
+ K \
+ M; \
B = rol( B, 30 ); \
} while(0)
while (words < endp)
{
uint32_t tm;
int t;
for (t = 0; t < 16; t++)
{
x[t] = SWAP (*words);
words++;
}
R( a, b, c, d, e, F1, K1, x[ 0] );
R( e, a, b, c, d, F1, K1, x[ 1] );
R( d, e, a, b, c, F1, K1, x[ 2] );
R( c, d, e, a, b, F1, K1, x[ 3] );
R( b, c, d, e, a, F1, K1, x[ 4] );
R( a, b, c, d, e, F1, K1, x[ 5] );
R( e, a, b, c, d, F1, K1, x[ 6] );
R( d, e, a, b, c, F1, K1, x[ 7] );
R( c, d, e, a, b, F1, K1, x[ 8] );
R( b, c, d, e, a, F1, K1, x[ 9] );
R( a, b, c, d, e, F1, K1, x[10] );
R( e, a, b, c, d, F1, K1, x[11] );
R( d, e, a, b, c, F1, K1, x[12] );
R( c, d, e, a, b, F1, K1, x[13] );
R( b, c, d, e, a, F1, K1, x[14] );
R( a, b, c, d, e, F1, K1, x[15] );
R( e, a, b, c, d, F1, K1, M(16) );
R( d, e, a, b, c, F1, K1, M(17) );
R( c, d, e, a, b, F1, K1, M(18) );
R( b, c, d, e, a, F1, K1, M(19) );
R( a, b, c, d, e, F2, K2, M(20) );
R( e, a, b, c, d, F2, K2, M(21) );
R( d, e, a, b, c, F2, K2, M(22) );
R( c, d, e, a, b, F2, K2, M(23) );
R( b, c, d, e, a, F2, K2, M(24) );
R( a, b, c, d, e, F2, K2, M(25) );
R( e, a, b, c, d, F2, K2, M(26) );
R( d, e, a, b, c, F2, K2, M(27) );
R( c, d, e, a, b, F2, K2, M(28) );
R( b, c, d, e, a, F2, K2, M(29) );
R( a, b, c, d, e, F2, K2, M(30) );
R( e, a, b, c, d, F2, K2, M(31) );
R( d, e, a, b, c, F2, K2, M(32) );
R( c, d, e, a, b, F2, K2, M(33) );
R( b, c, d, e, a, F2, K2, M(34) );
R( a, b, c, d, e, F2, K2, M(35) );
R( e, a, b, c, d, F2, K2, M(36) );
R( d, e, a, b, c, F2, K2, M(37) );
R( c, d, e, a, b, F2, K2, M(38) );
R( b, c, d, e, a, F2, K2, M(39) );
R( a, b, c, d, e, F3, K3, M(40) );
R( e, a, b, c, d, F3, K3, M(41) );
R( d, e, a, b, c, F3, K3, M(42) );
R( c, d, e, a, b, F3, K3, M(43) );
R( b, c, d, e, a, F3, K3, M(44) );
R( a, b, c, d, e, F3, K3, M(45) );
R( e, a, b, c, d, F3, K3, M(46) );
R( d, e, a, b, c, F3, K3, M(47) );
R( c, d, e, a, b, F3, K3, M(48) );
R( b, c, d, e, a, F3, K3, M(49) );
R( a, b, c, d, e, F3, K3, M(50) );
R( e, a, b, c, d, F3, K3, M(51) );
R( d, e, a, b, c, F3, K3, M(52) );
R( c, d, e, a, b, F3, K3, M(53) );
R( b, c, d, e, a, F3, K3, M(54) );
R( a, b, c, d, e, F3, K3, M(55) );
R( e, a, b, c, d, F3, K3, M(56) );
R( d, e, a, b, c, F3, K3, M(57) );
R( c, d, e, a, b, F3, K3, M(58) );
R( b, c, d, e, a, F3, K3, M(59) );
R( a, b, c, d, e, F4, K4, M(60) );
R( e, a, b, c, d, F4, K4, M(61) );
R( d, e, a, b, c, F4, K4, M(62) );
R( c, d, e, a, b, F4, K4, M(63) );
R( b, c, d, e, a, F4, K4, M(64) );
R( a, b, c, d, e, F4, K4, M(65) );
R( e, a, b, c, d, F4, K4, M(66) );
R( d, e, a, b, c, F4, K4, M(67) );
R( c, d, e, a, b, F4, K4, M(68) );
R( b, c, d, e, a, F4, K4, M(69) );
R( a, b, c, d, e, F4, K4, M(70) );
R( e, a, b, c, d, F4, K4, M(71) );
R( d, e, a, b, c, F4, K4, M(72) );
R( c, d, e, a, b, F4, K4, M(73) );
R( b, c, d, e, a, F4, K4, M(74) );
R( a, b, c, d, e, F4, K4, M(75) );
R( e, a, b, c, d, F4, K4, M(76) );
R( d, e, a, b, c, F4, K4, M(77) );
R( c, d, e, a, b, F4, K4, M(78) );
R( b, c, d, e, a, F4, K4, M(79) );
a = ctx->A += a;
b = ctx->B += b;
c = ctx->C += c;
d = ctx->D += d;
e = ctx->E += e;
}
}
/* memxor.c -- perform binary exclusive OR operation of two memory blocks.
Copyright (C) 2005, 2006 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
/* Written by Simon Josefsson. The interface was inspired by memxor
in Niels Möller's Nettle. */
void *
memxor (void * dest, const void * src, size_t n)
{
char const *s = src;
char *d = dest;
for (; n > 0; n--)
*d++ ^= *s++;
return dest;
}
/* hmac-sha1.c -- hashed message authentication codes
Copyright (C) 2005, 2006 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
/* Written by Simon Josefsson. */
#define IPAD 0x36
#define OPAD 0x5c
int
hmac_sha1 (const void *key, size_t keylen,
const void *in, size_t inlen, void *resbuf)
{
struct sha1_ctx inner;
struct sha1_ctx outer;
char optkeybuf[20];
char block[64];
char innerhash[20];
/* Reduce the key's size, so that it becomes <= 64 bytes large. */
if (keylen > 64)
{
struct sha1_ctx keyhash;
sha1_init_ctx (&keyhash);
sha1_process_bytes (key, keylen, &keyhash);
sha1_finish_ctx (&keyhash, optkeybuf);
key = optkeybuf;
keylen = 20;
}
/* Compute INNERHASH from KEY and IN. */
sha1_init_ctx (&inner);
memset (block, IPAD, sizeof (block));
memxor (block, key, keylen);
sha1_process_block (block, 64, &inner);
sha1_process_bytes (in, inlen, &inner);
sha1_finish_ctx (&inner, innerhash);
/* Compute result from KEY and INNERHASH. */
sha1_init_ctx (&outer);
memset (block, OPAD, sizeof (block));
memxor (block, key, keylen);
sha1_process_block (block, 64, &outer);
sha1_process_bytes (innerhash, 20, &outer);
sha1_finish_ctx (&outer, resbuf);
return 0;
}

116
apps/plugins/lib/sha1.h Normal file
View file

@ -0,0 +1,116 @@
/* Taken from gnulib (http://savannah.gnu.org/projects/gnulib/) */
/* Declarations of functions and data types used for SHA1 sum
library functions.
Copyright (C) 2000, 2001, 2003, 2005, 2006 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2, or (at your option) any
later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
#ifndef SHA1_H
#define SHA1_H 1
#include "plugin.h"
/* Structure to save state of computation between the single steps. */
struct sha1_ctx
{
uint32_t A;
uint32_t B;
uint32_t C;
uint32_t D;
uint32_t E;
uint32_t total[2];
uint32_t buflen;
uint32_t buffer[32];
};
/* Initialize structure containing state of computation. */
void sha1_init_ctx (struct sha1_ctx *ctx);
/* Starting with the result of former calls of this function (or the
initialization function update the context for the next LEN bytes
starting at BUFFER.
It is necessary that LEN is a multiple of 64!!! */
void sha1_process_block (const void *buffer, size_t len,
struct sha1_ctx *ctx);
/* Starting with the result of former calls of this function (or the
initialization function update the context for the next LEN bytes
starting at BUFFER.
It is NOT required that LEN is a multiple of 64. */
void sha1_process_bytes (const void *buffer, size_t len,
struct sha1_ctx *ctx);
/* Process the remaining bytes in the buffer and put result from CTX
in first 20 bytes following RESBUF. The result is always in little
endian byte order, so that a byte-wise output yields to the wanted
ASCII representation of the message digest.
IMPORTANT: On some systems it is required that RESBUF be correctly
aligned for a 32 bits value. */
void *sha1_finish_ctx (struct sha1_ctx *ctx, void *resbuf);
/* Put result from CTX in first 20 bytes following RESBUF. The result is
always in little endian byte order, so that a byte-wise output yields
to the wanted ASCII representation of the message digest.
IMPORTANT: On some systems it is required that RESBUF is correctly
aligned for a 32 bits value. */
void *sha1_read_ctx (const struct sha1_ctx *ctx, void *resbuf);
/* Compute SHA1 message digest for LEN bytes beginning at BUFFER. The
result is always in little endian byte order, so that a byte-wise
output yields to the wanted ASCII representation of the message
digest. */
void *sha1_buffer (const char *buffer, size_t len, void *resblock);
#endif
/* hmac.h -- hashed message authentication codes
Copyright (C) 2005 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
/* Written by Simon Josefsson. */
#ifndef HMAC_H
#define HMAC_H 1
#include <stddef.h>
/* Compute Hashed Message Authentication Code with SHA-1, over BUFFER
data of BUFLEN bytes using the KEY of KEYLEN bytes, writing the
output to pre-allocated 20 byte minimum RESBUF buffer. Return 0 on
success. */
int
hmac_sha1 (const void *key, size_t keylen,
const void *in, size_t inlen, void *resbuf);
#endif /* HMAC_H */

1095
apps/plugins/otp.c Normal file
View file

File diff suppressed because it is too large Load diff

2
manual/configure_rockbox/time_and_date.tex
View file

@ -1,5 +1,7 @@
% $Id:$ %
\label{ref:Timeanddateactual}
Time related menu options. Pressing \ActionStdContext{} will voice the current time
if voice support is enabled.

2
manual/plugins/main.tex
View file

@ -272,6 +272,8 @@ option from the \setting{Context Menu} (see \reference{ref:Contextmenu}).}
{\input{plugins/metronome.tex}}
{\input{plugins/otp.tex}}
\opt{lcd_bitmap}{\input{plugins/periodic_table.tex}}
\opt{swcodec}{\opt{recording_mic}{\input{plugins/pitch_detector.tex}}}

72
manual/plugins/otp.tex Normal file
View file

@ -0,0 +1,72 @@
% $Id$ %
\subsection{One-Time Password Client}
This plugin provides the ability to generate one-time passwords (OTPs)
for authentication purposes. It implements an HMAC-based One-Time
Password Algorithm (RFC 4226), and on targets which support it, a
Time-based One-Time Password Algorithm (RFC 6238).
\subsubsection{Adding Accounts}
The plugin supports two methods of adding accounts: URI import, and
manual entry.
\opt{rtc}{ It is important to note that for TOTP (time-based) accounts
to work properly, the clock on your device MUST be accurate to no
less than 30 seconds from the time on the authentication server, and
the correct time zone must be configured in the plugin. See
\reference{ref:Timeanddateactual} for more information. }
\subsubsection{URI Import}
This method of adding an account reads a list of URIs from a file. It
expects each URI to be on a line by itself in the following format:
\begin{verbatim}
otpauth://[hotp OR totp]/[account name]?secret=[Base32 secret][&counter=X][&period=X][&digits=X]
\end{verbatim}
An example is shown below, provisioning a TOTP key for an account called ``bob'':
\begin{verbatim}
otpauth://totp/bob?secret=JBSWY3DPEHPK3PXP
\end{verbatim}
Any other URI options are not supported and will be ignored.
Most services will provide a scannable QR code that encodes a OTP
URI. In order to use those, first scan the QR code separately and save
the URI to a file on your device. If necessary, rewrite the URI so it
is in the format shown above. For example, GitHub's URI has a slash
after the provider. In order for this URI to be properly parsed, you
must rewrite the account name so that it does not contain a slash.
\subsubsection{Manual Import}
If direct URI import is not possible, the plugin supports the manual
entry of data associated with an account. After you select the
``Manual Entry'' option, it will prompt you for an account name. You
may type anything you wish, but it should be memorable. It will then
prompt you for the Base32-encoded secret. Most services will provide
this to you directly, but some may only provide you with a QR code. In
these cases, you must scan the QR code separately, and then enter the
string following the ``secret='' parameter on your Rockbox device
manually.
On devices with a real-time clock, \opt{rtc}{like yours,} the plugin
will ask whether the account is a time-based account
(TOTP). \opt{rtc}{If you answer ``yes'' to this question, it will ask
for further information regarding the account. Usually it is safe to
accept the defaults here. } However, if your device lacks a
real-time clock, the plugin's functionality will be restricted to
HMAC-based (HOTP) accounts only. If this is the case, the plugin will
prompt you for information regarding the HOTP setup.
\opt{rtc} {
\subsection{Advanced Settings}
\subsubsection{Time Zone Configuration}
In order for TOTP accounts to work properly, the plugin must be able
to determine the current UTC time. This means that, first, your
device's clock must be synchronized with UTC time, and second, that
the plugin knows what time zone the clock is using. The plugin will
prompt you on its first run for this piece of information. However,
should this setting need changing at a later time, possibly due to
Daylight Saving Time adjustment, it is located under the
``Advanced'' submenu. NOTE: in the UI simulator, use the ``UTC''
setting no matter what the clock may read. }