ZFS crypto support.
* Makefile.util.def (libgrubmods): Add grub-core/fs/zfs/zfscrypt.c. * grub-core/Makefile.core.def (zfscrypt): New module. * grub-core/fs/zfs/zfs.c (subvolume): New structure. (grub_zfs_data): Replace mdn with subvol. Put case_insensitivity inside it. All users updated. (grub_zfs_decrypt): New var. (grub_zfs_load_key): Likewise. (zio_checksum_functions): Add SHA256+MAC. (zio_checksum_verify): Handle incomplete comparison due to MAC. (zio_read): Handle encrypted blocks. (zap_verify): Remove incorrect check. (fzap_iterate): Handle non-standard fzap. (zap_iterate): Likewise. (zap_iterate_u64): New function. (dnode_get_fullpath): Load keys. * grub-core/fs/zfs/zfscrypt.c: New file. * grub-core/lib/crypto.c (grub_crypto_cipher_close): Removed. (grub_crypto_ecb_encrypt): Make input const. * include/grub/crypto.h (grub_crypto_cipher_close): Inline. (grub_crypto_ecb_encrypt): Make input const. (GRUB_CIPHER_AES): New macro. * include/grub/zfs/dmu.h (dmu_object_type): Add DMU_OT_DSL_KEYCHAIN. * include/grub/zfs/dsl_dir.h (dsl_dir_phys): Add keychain. * include/grub/zfs/spa.h (grub_zfs_endian): Moved from here ... * include/grub/zfs/zfs.h (grub_zfs_endian): ... here. Added GURB_ZFS_ prefix. All users updated. (grub_zfs_add_key): New proto. (grub_zfs_decrypt): Likewise. (grub_zfs_load_key): Likewise. * include/grub/zfs/zio.h (zio_checksum): Add SHA256+MAC. * util/grub-fstest.c (options): Add -K option. (argp_parser): Likewise.
This commit is contained in:
commit
3084ede4c7
13 changed files with 950 additions and 127 deletions
37
ChangeLog
37
ChangeLog
|
@ -1,3 +1,40 @@
|
||||||
|
2011-11-06 Vladimir Serbinenko <phcoder@gmail.com>
|
||||||
|
|
||||||
|
ZFS crypto support.
|
||||||
|
|
||||||
|
* Makefile.util.def (libgrubmods): Add grub-core/fs/zfs/zfscrypt.c.
|
||||||
|
* grub-core/Makefile.core.def (zfscrypt): New module.
|
||||||
|
* grub-core/fs/zfs/zfs.c (subvolume): New structure.
|
||||||
|
(grub_zfs_data): Replace mdn with subvol. Put case_insensitivity inside
|
||||||
|
it. All users updated.
|
||||||
|
(grub_zfs_decrypt): New var.
|
||||||
|
(grub_zfs_load_key): Likewise.
|
||||||
|
(zio_checksum_functions): Add SHA256+MAC.
|
||||||
|
(zio_checksum_verify): Handle incomplete comparison due to MAC.
|
||||||
|
(zio_read): Handle encrypted blocks.
|
||||||
|
(zap_verify): Remove incorrect check.
|
||||||
|
(fzap_iterate): Handle non-standard fzap.
|
||||||
|
(zap_iterate): Likewise.
|
||||||
|
(zap_iterate_u64): New function.
|
||||||
|
(dnode_get_fullpath): Load keys.
|
||||||
|
* grub-core/fs/zfs/zfscrypt.c: New file.
|
||||||
|
* grub-core/lib/crypto.c (grub_crypto_cipher_close): Removed.
|
||||||
|
(grub_crypto_ecb_encrypt): Make input const.
|
||||||
|
* include/grub/crypto.h (grub_crypto_cipher_close): Inline.
|
||||||
|
(grub_crypto_ecb_encrypt): Make input const.
|
||||||
|
(GRUB_CIPHER_AES): New macro.
|
||||||
|
* include/grub/zfs/dmu.h (dmu_object_type): Add DMU_OT_DSL_KEYCHAIN.
|
||||||
|
* include/grub/zfs/dsl_dir.h (dsl_dir_phys): Add keychain.
|
||||||
|
* include/grub/zfs/spa.h (grub_zfs_endian): Moved from here ...
|
||||||
|
* include/grub/zfs/zfs.h (grub_zfs_endian): ... here. Added GURB_ZFS_
|
||||||
|
prefix. All users updated.
|
||||||
|
(grub_zfs_add_key): New proto.
|
||||||
|
(grub_zfs_decrypt): Likewise.
|
||||||
|
(grub_zfs_load_key): Likewise.
|
||||||
|
* include/grub/zfs/zio.h (zio_checksum): Add SHA256+MAC.
|
||||||
|
* util/grub-fstest.c (options): Add -K option.
|
||||||
|
(argp_parser): Likewise.
|
||||||
|
|
||||||
2011-11-05 Vladimir Serbinenko <phcoder@gmail.com>
|
2011-11-05 Vladimir Serbinenko <phcoder@gmail.com>
|
||||||
|
|
||||||
Support zle compression on ZFS.
|
Support zle compression on ZFS.
|
||||||
|
|
|
@ -82,6 +82,7 @@ library = {
|
||||||
common = grub-core/fs/ufs2.c;
|
common = grub-core/fs/ufs2.c;
|
||||||
common = grub-core/fs/ufs.c;
|
common = grub-core/fs/ufs.c;
|
||||||
common = grub-core/fs/xfs.c;
|
common = grub-core/fs/xfs.c;
|
||||||
|
common = grub-core/fs/zfs/zfscrypt.c;
|
||||||
common = grub-core/fs/zfs/zfs.c;
|
common = grub-core/fs/zfs/zfs.c;
|
||||||
common = grub-core/fs/zfs/zfsinfo.c;
|
common = grub-core/fs/zfs/zfsinfo.c;
|
||||||
common = grub-core/fs/zfs/zfs_lzjb.c;
|
common = grub-core/fs/zfs/zfs_lzjb.c;
|
||||||
|
|
|
@ -1116,6 +1116,11 @@ module = {
|
||||||
common = fs/zfs/zfs_fletcher.c;
|
common = fs/zfs/zfs_fletcher.c;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
module = {
|
||||||
|
name = zfscrypt;
|
||||||
|
common = fs/zfs/zfscrypt.c;
|
||||||
|
};
|
||||||
|
|
||||||
module = {
|
module = {
|
||||||
name = zfsinfo;
|
name = zfsinfo;
|
||||||
common = fs/zfs/zfsinfo.c;
|
common = fs/zfs/zfsinfo.c;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* GRUB -- GRand Unified Bootloader
|
* GRUB -- GRand Unified Bootloader
|
||||||
* Copyright (C) 1999,2000,2001,2002,2003,2004,2009,2010 Free Software Foundation, Inc.
|
* Copyright (C) 1999,2000,2001,2002,2003,2004,2009,2010,2011 Free Software Foundation, Inc.
|
||||||
* Copyright 2010 Sun Microsystems, Inc.
|
* Copyright 2010 Sun Microsystems, Inc.
|
||||||
*
|
*
|
||||||
* GRUB is free software; you can redistribute it and/or modify
|
* GRUB is free software; you can redistribute it and/or modify
|
||||||
|
@ -52,6 +52,7 @@
|
||||||
#include <grub/zfs/dsl_dir.h>
|
#include <grub/zfs/dsl_dir.h>
|
||||||
#include <grub/zfs/dsl_dataset.h>
|
#include <grub/zfs/dsl_dataset.h>
|
||||||
#include <grub/deflate.h>
|
#include <grub/deflate.h>
|
||||||
|
#include <grub/crypto.h>
|
||||||
|
|
||||||
GRUB_MOD_LICENSE ("GPLv3+");
|
GRUB_MOD_LICENSE ("GPLv3+");
|
||||||
|
|
||||||
|
@ -161,6 +162,20 @@ struct grub_zfs_device_desc
|
||||||
int original;
|
int original;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct subvolume
|
||||||
|
{
|
||||||
|
dnode_end_t mdn;
|
||||||
|
grub_uint64_t obj;
|
||||||
|
grub_uint64_t case_insensitive;
|
||||||
|
grub_size_t nkeys;
|
||||||
|
struct
|
||||||
|
{
|
||||||
|
grub_crypto_cipher_handle_t cipher;
|
||||||
|
grub_uint64_t txg;
|
||||||
|
grub_uint64_t algo;
|
||||||
|
} *keyring;
|
||||||
|
};
|
||||||
|
|
||||||
struct grub_zfs_data
|
struct grub_zfs_data
|
||||||
{
|
{
|
||||||
/* cache for a file block of the currently zfs_open()-ed file */
|
/* cache for a file block of the currently zfs_open()-ed file */
|
||||||
|
@ -176,8 +191,8 @@ struct grub_zfs_data
|
||||||
grub_zfs_endian_t dnode_endian;
|
grub_zfs_endian_t dnode_endian;
|
||||||
|
|
||||||
dnode_end_t mos;
|
dnode_end_t mos;
|
||||||
dnode_end_t mdn;
|
|
||||||
dnode_end_t dnode;
|
dnode_end_t dnode;
|
||||||
|
struct subvolume subvol;
|
||||||
|
|
||||||
struct grub_zfs_device_desc *devices_attached;
|
struct grub_zfs_device_desc *devices_attached;
|
||||||
unsigned n_devices_attached;
|
unsigned n_devices_attached;
|
||||||
|
@ -190,6 +205,17 @@ struct grub_zfs_data
|
||||||
grub_uint64_t guid;
|
grub_uint64_t guid;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
grub_err_t (*grub_zfs_decrypt) (grub_crypto_cipher_handle_t cipher,
|
||||||
|
grub_uint64_t algo,
|
||||||
|
void *nonce,
|
||||||
|
char *buf, grub_size_t size,
|
||||||
|
const grub_uint32_t *expected_mac,
|
||||||
|
grub_zfs_endian_t endian) = NULL;
|
||||||
|
grub_crypto_cipher_handle_t (*grub_zfs_load_key) (const struct grub_zfs_key *key,
|
||||||
|
grub_size_t keysize,
|
||||||
|
grub_uint64_t salt,
|
||||||
|
grub_uint64_t algo) = NULL;
|
||||||
|
|
||||||
static grub_err_t
|
static grub_err_t
|
||||||
zlib_decompress (void *s, void *d,
|
zlib_decompress (void *s, void *d,
|
||||||
grub_size_t slen, grub_size_t dlen)
|
grub_size_t slen, grub_size_t dlen)
|
||||||
|
@ -292,6 +318,7 @@ static zio_checksum_info_t zio_checksum_table[ZIO_CHECKSUM_FUNCTIONS] = {
|
||||||
{fletcher_4, 1, 0, "fletcher4"},
|
{fletcher_4, 1, 0, "fletcher4"},
|
||||||
{zio_checksum_SHA256, 1, 0, "SHA256"},
|
{zio_checksum_SHA256, 1, 0, "SHA256"},
|
||||||
{NULL, 0, 0, "zilog2"},
|
{NULL, 0, 0, "zilog2"},
|
||||||
|
{zio_checksum_SHA256, 1, 0, "SHA256+MAC"},
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -302,7 +329,8 @@ static zio_checksum_info_t zio_checksum_table[ZIO_CHECKSUM_FUNCTIONS] = {
|
||||||
*/
|
*/
|
||||||
static grub_err_t
|
static grub_err_t
|
||||||
zio_checksum_verify (zio_cksum_t zc, grub_uint32_t checksum,
|
zio_checksum_verify (zio_cksum_t zc, grub_uint32_t checksum,
|
||||||
grub_zfs_endian_t endian, char *buf, grub_size_t size)
|
grub_zfs_endian_t endian,
|
||||||
|
char *buf, grub_size_t size)
|
||||||
{
|
{
|
||||||
zio_eck_t *zec = (zio_eck_t *) (buf + size) - 1;
|
zio_eck_t *zec = (zio_eck_t *) (buf + size) - 1;
|
||||||
zio_checksum_info_t *ci = &zio_checksum_table[checksum];
|
zio_checksum_info_t *ci = &zio_checksum_table[checksum];
|
||||||
|
@ -312,7 +340,7 @@ zio_checksum_verify (zio_cksum_t zc, grub_uint32_t checksum,
|
||||||
{
|
{
|
||||||
grub_dprintf ("zfs", "unknown checksum function %d\n", checksum);
|
grub_dprintf ("zfs", "unknown checksum function %d\n", checksum);
|
||||||
return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
|
return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,
|
||||||
"unknown checksum function %d", checksum);
|
"unknown checksum function %d", checksum);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ci->ci_eck)
|
if (ci->ci_eck)
|
||||||
|
@ -326,10 +354,8 @@ zio_checksum_verify (zio_cksum_t zc, grub_uint32_t checksum,
|
||||||
else
|
else
|
||||||
ci->ci_func (buf, size, endian, &actual_cksum);
|
ci->ci_func (buf, size, endian, &actual_cksum);
|
||||||
|
|
||||||
if ((actual_cksum.zc_word[0] != zc.zc_word[0])
|
if (grub_memcmp (&actual_cksum, &zc,
|
||||||
|| (actual_cksum.zc_word[1] != zc.zc_word[1])
|
checksum != ZIO_CHECKSUM_SHA256_MAC ? 32 : 20) != 0)
|
||||||
|| (actual_cksum.zc_word[2] != zc.zc_word[2])
|
|
||||||
|| (actual_cksum.zc_word[3] != zc.zc_word[3]))
|
|
||||||
{
|
{
|
||||||
grub_dprintf ("zfs", "checksum %s verification failed\n", ci->ci_name);
|
grub_dprintf ("zfs", "checksum %s verification failed\n", ci->ci_name);
|
||||||
grub_dprintf ("zfs", "actual checksum %016llx %016llx %016llx %016llx\n",
|
grub_dprintf ("zfs", "actual checksum %016llx %016llx %016llx %016llx\n",
|
||||||
|
@ -362,14 +388,16 @@ static int
|
||||||
vdev_uberblock_compare (uberblock_t * ub1, uberblock_t * ub2)
|
vdev_uberblock_compare (uberblock_t * ub1, uberblock_t * ub2)
|
||||||
{
|
{
|
||||||
grub_zfs_endian_t ub1_endian, ub2_endian;
|
grub_zfs_endian_t ub1_endian, ub2_endian;
|
||||||
if (grub_zfs_to_cpu64 (ub1->ub_magic, LITTLE_ENDIAN) == UBERBLOCK_MAGIC)
|
if (grub_zfs_to_cpu64 (ub1->ub_magic, GRUB_ZFS_LITTLE_ENDIAN)
|
||||||
ub1_endian = LITTLE_ENDIAN;
|
== UBERBLOCK_MAGIC)
|
||||||
|
ub1_endian = GRUB_ZFS_LITTLE_ENDIAN;
|
||||||
else
|
else
|
||||||
ub1_endian = BIG_ENDIAN;
|
ub1_endian = GRUB_ZFS_BIG_ENDIAN;
|
||||||
if (grub_zfs_to_cpu64 (ub2->ub_magic, LITTLE_ENDIAN) == UBERBLOCK_MAGIC)
|
if (grub_zfs_to_cpu64 (ub2->ub_magic, GRUB_ZFS_LITTLE_ENDIAN)
|
||||||
ub2_endian = LITTLE_ENDIAN;
|
== UBERBLOCK_MAGIC)
|
||||||
|
ub2_endian = GRUB_ZFS_LITTLE_ENDIAN;
|
||||||
else
|
else
|
||||||
ub2_endian = BIG_ENDIAN;
|
ub2_endian = GRUB_ZFS_BIG_ENDIAN;
|
||||||
|
|
||||||
if (grub_zfs_to_cpu64 (ub1->ub_txg, ub1_endian)
|
if (grub_zfs_to_cpu64 (ub1->ub_txg, ub1_endian)
|
||||||
< grub_zfs_to_cpu64 (ub2->ub_txg, ub2_endian))
|
< grub_zfs_to_cpu64 (ub2->ub_txg, ub2_endian))
|
||||||
|
@ -401,20 +429,23 @@ uberblock_verify (uberblock_phys_t * ub, grub_uint64_t offset)
|
||||||
{
|
{
|
||||||
uberblock_t *uber = &ub->ubp_uberblock;
|
uberblock_t *uber = &ub->ubp_uberblock;
|
||||||
grub_err_t err;
|
grub_err_t err;
|
||||||
grub_zfs_endian_t endian = UNKNOWN_ENDIAN;
|
grub_zfs_endian_t endian = GRUB_ZFS_UNKNOWN_ENDIAN;
|
||||||
zio_cksum_t zc;
|
zio_cksum_t zc;
|
||||||
|
|
||||||
if (grub_zfs_to_cpu64 (uber->ub_magic, LITTLE_ENDIAN) == UBERBLOCK_MAGIC
|
if (grub_zfs_to_cpu64 (uber->ub_magic, GRUB_ZFS_LITTLE_ENDIAN)
|
||||||
&& grub_zfs_to_cpu64 (uber->ub_version, LITTLE_ENDIAN) > 0
|
== UBERBLOCK_MAGIC
|
||||||
&& grub_zfs_to_cpu64 (uber->ub_version, LITTLE_ENDIAN) <= SPA_VERSION)
|
&& grub_zfs_to_cpu64 (uber->ub_version, GRUB_ZFS_LITTLE_ENDIAN) > 0
|
||||||
endian = LITTLE_ENDIAN;
|
&& grub_zfs_to_cpu64 (uber->ub_version, GRUB_ZFS_LITTLE_ENDIAN)
|
||||||
|
<= SPA_VERSION)
|
||||||
|
endian = GRUB_ZFS_LITTLE_ENDIAN;
|
||||||
|
|
||||||
if (grub_zfs_to_cpu64 (uber->ub_magic, BIG_ENDIAN) == UBERBLOCK_MAGIC
|
if (grub_zfs_to_cpu64 (uber->ub_magic, GRUB_ZFS_BIG_ENDIAN) == UBERBLOCK_MAGIC
|
||||||
&& grub_zfs_to_cpu64 (uber->ub_version, BIG_ENDIAN) > 0
|
&& grub_zfs_to_cpu64 (uber->ub_version, GRUB_ZFS_BIG_ENDIAN) > 0
|
||||||
&& grub_zfs_to_cpu64 (uber->ub_version, BIG_ENDIAN) <= SPA_VERSION)
|
&& grub_zfs_to_cpu64 (uber->ub_version, GRUB_ZFS_BIG_ENDIAN)
|
||||||
endian = BIG_ENDIAN;
|
<= SPA_VERSION)
|
||||||
|
endian = GRUB_ZFS_BIG_ENDIAN;
|
||||||
|
|
||||||
if (endian == UNKNOWN_ENDIAN)
|
if (endian == GRUB_ZFS_UNKNOWN_ENDIAN)
|
||||||
return grub_error (GRUB_ERR_BAD_FS, "invalid uberblock magic");
|
return grub_error (GRUB_ERR_BAD_FS, "invalid uberblock magic");
|
||||||
|
|
||||||
grub_memset (&zc, 0, sizeof (zc));
|
grub_memset (&zc, 0, sizeof (zc));
|
||||||
|
@ -1335,7 +1366,7 @@ zio_read_gang (blkptr_t * bp, grub_zfs_endian_t endian, dva_t * dva, void *buf,
|
||||||
zio_gb = grub_malloc (SPA_GANGBLOCKSIZE);
|
zio_gb = grub_malloc (SPA_GANGBLOCKSIZE);
|
||||||
if (!zio_gb)
|
if (!zio_gb)
|
||||||
return grub_errno;
|
return grub_errno;
|
||||||
grub_dprintf ("zfs", endian == LITTLE_ENDIAN ? "little-endian gang\n"
|
grub_dprintf ("zfs", endian == GRUB_ZFS_LITTLE_ENDIAN ? "little-endian gang\n"
|
||||||
:"big-endian gang\n");
|
:"big-endian gang\n");
|
||||||
|
|
||||||
err = read_dva (dva, endian, data, zio_gb, SPA_GANGBLOCKSIZE);
|
err = read_dva (dva, endian, data, zio_gb, SPA_GANGBLOCKSIZE);
|
||||||
|
@ -1415,11 +1446,11 @@ zio_read_data (blkptr_t * bp, grub_zfs_endian_t endian, void *buf,
|
||||||
* and put the uncompressed data in buf.
|
* and put the uncompressed data in buf.
|
||||||
*/
|
*/
|
||||||
static grub_err_t
|
static grub_err_t
|
||||||
zio_read (blkptr_t * bp, grub_zfs_endian_t endian, void **buf,
|
zio_read (blkptr_t *bp, grub_zfs_endian_t endian, void **buf,
|
||||||
grub_size_t *size, struct grub_zfs_data *data)
|
grub_size_t *size, struct grub_zfs_data *data)
|
||||||
{
|
{
|
||||||
grub_size_t lsize, psize;
|
grub_size_t lsize, psize;
|
||||||
unsigned int comp;
|
unsigned int comp, encrypted;
|
||||||
char *compbuf = NULL;
|
char *compbuf = NULL;
|
||||||
grub_err_t err;
|
grub_err_t err;
|
||||||
zio_cksum_t zc = bp->blk_cksum;
|
zio_cksum_t zc = bp->blk_cksum;
|
||||||
|
@ -1429,6 +1460,7 @@ zio_read (blkptr_t * bp, grub_zfs_endian_t endian, void **buf,
|
||||||
|
|
||||||
checksum = (grub_zfs_to_cpu64((bp)->blk_prop, endian) >> 40) & 0xff;
|
checksum = (grub_zfs_to_cpu64((bp)->blk_prop, endian) >> 40) & 0xff;
|
||||||
comp = (grub_zfs_to_cpu64((bp)->blk_prop, endian)>>32) & 0xff;
|
comp = (grub_zfs_to_cpu64((bp)->blk_prop, endian)>>32) & 0xff;
|
||||||
|
encrypted = ((grub_zfs_to_cpu64((bp)->blk_prop, endian) >> 60) & 3);
|
||||||
lsize = (BP_IS_HOLE(bp) ? 0 :
|
lsize = (BP_IS_HOLE(bp) ? 0 :
|
||||||
(((grub_zfs_to_cpu64 ((bp)->blk_prop, endian) & 0xffff) + 1)
|
(((grub_zfs_to_cpu64 ((bp)->blk_prop, endian) & 0xffff) + 1)
|
||||||
<< SPA_MINBLOCKSHIFT));
|
<< SPA_MINBLOCKSHIFT));
|
||||||
|
@ -1447,7 +1479,8 @@ zio_read (blkptr_t * bp, grub_zfs_endian_t endian, void **buf,
|
||||||
|
|
||||||
if (comp != ZIO_COMPRESS_OFF)
|
if (comp != ZIO_COMPRESS_OFF)
|
||||||
{
|
{
|
||||||
compbuf = grub_malloc (psize);
|
/* It's not really necessary to align to 16, just for safety. */
|
||||||
|
compbuf = grub_malloc (ALIGN_UP (psize, 16));
|
||||||
if (! compbuf)
|
if (! compbuf)
|
||||||
return grub_errno;
|
return grub_errno;
|
||||||
}
|
}
|
||||||
|
@ -1462,8 +1495,10 @@ zio_read (blkptr_t * bp, grub_zfs_endian_t endian, void **buf,
|
||||||
*buf = NULL;
|
*buf = NULL;
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
grub_memset (compbuf, 0, ALIGN_UP (psize, 16) - psize);
|
||||||
|
|
||||||
err = zio_checksum_verify (zc, checksum, endian, compbuf, psize);
|
err = zio_checksum_verify (zc, checksum, endian,
|
||||||
|
compbuf, psize);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
grub_dprintf ("zfs", "incorrect checksum\n");
|
grub_dprintf ("zfs", "incorrect checksum\n");
|
||||||
|
@ -1472,6 +1507,51 @@ zio_read (blkptr_t * bp, grub_zfs_endian_t endian, void **buf,
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (encrypted)
|
||||||
|
{
|
||||||
|
if (!grub_zfs_decrypt)
|
||||||
|
err = grub_error (GRUB_ERR_BAD_FS, "zfscrypt module not loaded");
|
||||||
|
else
|
||||||
|
{
|
||||||
|
unsigned i, besti = 0;
|
||||||
|
grub_uint64_t bestval = 0;
|
||||||
|
for (i = 0; i < data->subvol.nkeys; i++)
|
||||||
|
if (data->subvol.keyring[i].txg <= grub_zfs_to_cpu64 (bp->blk_birth,
|
||||||
|
endian)
|
||||||
|
&& data->subvol.keyring[i].txg > bestval)
|
||||||
|
{
|
||||||
|
besti = i;
|
||||||
|
bestval = data->subvol.keyring[i].txg;
|
||||||
|
}
|
||||||
|
if (bestval == 0)
|
||||||
|
{
|
||||||
|
grub_free (compbuf);
|
||||||
|
*buf = NULL;
|
||||||
|
grub_dprintf ("zfs", "no key for txg %" PRIxGRUB_UINT64_T "\n",
|
||||||
|
grub_zfs_to_cpu64 (bp->blk_birth,
|
||||||
|
endian));
|
||||||
|
return grub_error (GRUB_ERR_BAD_FS, "no key found in keychain");
|
||||||
|
}
|
||||||
|
grub_dprintf ("zfs", "using key %u (%" PRIxGRUB_UINT64_T
|
||||||
|
", %p) for txg %" PRIxGRUB_UINT64_T "\n",
|
||||||
|
besti, data->subvol.keyring[besti].txg,
|
||||||
|
data->subvol.keyring[besti].cipher,
|
||||||
|
grub_zfs_to_cpu64 (bp->blk_birth,
|
||||||
|
endian));
|
||||||
|
err = grub_zfs_decrypt (data->subvol.keyring[besti].cipher,
|
||||||
|
data->subvol.keyring[besti].algo,
|
||||||
|
&(bp)->blk_dva[encrypted],
|
||||||
|
compbuf, psize, ((grub_uint32_t *) &zc + 5),
|
||||||
|
endian);
|
||||||
|
}
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
grub_free (compbuf);
|
||||||
|
*buf = NULL;
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (comp != ZIO_COMPRESS_OFF)
|
if (comp != ZIO_COMPRESS_OFF)
|
||||||
{
|
{
|
||||||
*buf = grub_malloc (lsize);
|
*buf = grub_malloc (lsize);
|
||||||
|
@ -1572,7 +1652,7 @@ dmu_read (dnode_end_t * dn, grub_uint64_t blkid, void **buf,
|
||||||
*/
|
*/
|
||||||
static grub_err_t
|
static grub_err_t
|
||||||
mzap_lookup (mzap_phys_t * zapobj, grub_zfs_endian_t endian,
|
mzap_lookup (mzap_phys_t * zapobj, grub_zfs_endian_t endian,
|
||||||
int objsize, char *name, grub_uint64_t * value,
|
int objsize, const char *name, grub_uint64_t * value,
|
||||||
int case_insensitive)
|
int case_insensitive)
|
||||||
{
|
{
|
||||||
int i, chunks;
|
int i, chunks;
|
||||||
|
@ -1799,9 +1879,6 @@ zap_verify (zap_phys_t *zap, grub_zfs_endian_t endian)
|
||||||
if (grub_zfs_to_cpu64 (zap->zap_magic, endian) != (grub_uint64_t) ZAP_MAGIC)
|
if (grub_zfs_to_cpu64 (zap->zap_magic, endian) != (grub_uint64_t) ZAP_MAGIC)
|
||||||
return grub_error (GRUB_ERR_BAD_FS, "bad ZAP magic");
|
return grub_error (GRUB_ERR_BAD_FS, "bad ZAP magic");
|
||||||
|
|
||||||
if (zap->zap_flags != 0)
|
|
||||||
return grub_error (GRUB_ERR_BAD_FS, "bad ZAP flags");
|
|
||||||
|
|
||||||
if (zap->zap_salt == 0)
|
if (zap->zap_salt == 0)
|
||||||
return grub_error (GRUB_ERR_BAD_FS, "bad ZAP salt");
|
return grub_error (GRUB_ERR_BAD_FS, "bad ZAP salt");
|
||||||
|
|
||||||
|
@ -1854,9 +1931,13 @@ fzap_lookup (dnode_end_t * zap_dnode, zap_phys_t * zap,
|
||||||
/* XXX */
|
/* XXX */
|
||||||
static int
|
static int
|
||||||
fzap_iterate (dnode_end_t * zap_dnode, zap_phys_t * zap,
|
fzap_iterate (dnode_end_t * zap_dnode, zap_phys_t * zap,
|
||||||
int NESTED_FUNC_ATTR (*hook) (const char *name,
|
grub_size_t name_elem_length,
|
||||||
grub_uint64_t val),
|
int NESTED_FUNC_ATTR (*hook) (const void *name,
|
||||||
struct grub_zfs_data *data)
|
grub_size_t name_length,
|
||||||
|
const void *val_in,
|
||||||
|
grub_size_t nelem,
|
||||||
|
grub_size_t elemsize),
|
||||||
|
struct grub_zfs_data *data)
|
||||||
{
|
{
|
||||||
zap_leaf_phys_t *l;
|
zap_leaf_phys_t *l;
|
||||||
void *l_in;
|
void *l_in;
|
||||||
|
@ -1918,9 +1999,9 @@ fzap_iterate (dnode_end_t * zap_dnode, zap_phys_t * zap,
|
||||||
for (chunk = 0; chunk < ZAP_LEAF_NUMCHUNKS (blksft); chunk++)
|
for (chunk = 0; chunk < ZAP_LEAF_NUMCHUNKS (blksft); chunk++)
|
||||||
{
|
{
|
||||||
char *buf;
|
char *buf;
|
||||||
struct zap_leaf_array *la;
|
|
||||||
struct zap_leaf_entry *le;
|
struct zap_leaf_entry *le;
|
||||||
grub_uint64_t val;
|
char *val;
|
||||||
|
grub_size_t val_length;
|
||||||
le = ZAP_LEAF_ENTRY (l, blksft, chunk);
|
le = ZAP_LEAF_ENTRY (l, blksft, chunk);
|
||||||
|
|
||||||
/* Verify the chunk entry */
|
/* Verify the chunk entry */
|
||||||
|
@ -1928,36 +2009,42 @@ fzap_iterate (dnode_end_t * zap_dnode, zap_phys_t * zap,
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
buf = grub_malloc (grub_zfs_to_cpu16 (le->le_name_length, endian)
|
buf = grub_malloc (grub_zfs_to_cpu16 (le->le_name_length, endian)
|
||||||
+ 1);
|
* name_elem_length + 1);
|
||||||
if (zap_leaf_array_get (l, endian, blksft,
|
if (zap_leaf_array_get (l, endian, blksft,
|
||||||
grub_zfs_to_cpu16 (le->le_name_chunk,
|
grub_zfs_to_cpu16 (le->le_name_chunk,
|
||||||
endian),
|
endian),
|
||||||
grub_zfs_to_cpu16 (le->le_name_length,
|
grub_zfs_to_cpu16 (le->le_name_length,
|
||||||
endian), buf))
|
endian)
|
||||||
|
* name_elem_length, buf))
|
||||||
{
|
{
|
||||||
grub_free (buf);
|
grub_free (buf);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
buf[le->le_name_length] = 0;
|
buf[le->le_name_length * name_elem_length] = 0;
|
||||||
|
|
||||||
if (le->le_int_size != 8
|
val_length = ((int) le->le_value_length
|
||||||
|| grub_zfs_to_cpu16 (le->le_value_length, endian) != 1)
|
* (int) le->le_int_size);
|
||||||
continue;
|
val = grub_malloc (grub_zfs_to_cpu16 (val_length, endian));
|
||||||
|
if (zap_leaf_array_get (l, endian, blksft,
|
||||||
|
grub_zfs_to_cpu16 (le->le_value_chunk,
|
||||||
|
endian),
|
||||||
|
val_length, val))
|
||||||
|
{
|
||||||
|
grub_free (buf);
|
||||||
|
grub_free (val);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
/* get the uint64_t property value */
|
if (hook (buf, le->le_name_length,
|
||||||
la = &ZAP_LEAF_CHUNK (l, blksft,
|
val, le->le_value_length, le->le_int_size))
|
||||||
grub_zfs_to_cpu16 (le->le_value_chunk,
|
|
||||||
endian)).l_array;
|
|
||||||
val = grub_be_to_cpu64 (la->la_array64);
|
|
||||||
if (hook (buf, val))
|
|
||||||
return 1;
|
return 1;
|
||||||
grub_free (buf);
|
grub_free (buf);
|
||||||
|
grub_free (val);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Read in the data of a zap object and find the value for a matching
|
* Read in the data of a zap object and find the value for a matching
|
||||||
* property name.
|
* property name.
|
||||||
|
@ -2009,9 +2096,10 @@ zap_lookup (dnode_end_t * zap_dnode, char *name, grub_uint64_t * val,
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
zap_iterate (dnode_end_t * zap_dnode,
|
zap_iterate_u64 (dnode_end_t * zap_dnode,
|
||||||
int NESTED_FUNC_ATTR (*hook) (const char *name, grub_uint64_t val),
|
int NESTED_FUNC_ATTR (*hook) (const char *name,
|
||||||
struct grub_zfs_data *data)
|
grub_uint64_t val),
|
||||||
|
struct grub_zfs_data *data)
|
||||||
{
|
{
|
||||||
grub_uint64_t block_type;
|
grub_uint64_t block_type;
|
||||||
int size;
|
int size;
|
||||||
|
@ -2020,6 +2108,23 @@ zap_iterate (dnode_end_t * zap_dnode,
|
||||||
int ret;
|
int ret;
|
||||||
grub_zfs_endian_t endian;
|
grub_zfs_endian_t endian;
|
||||||
|
|
||||||
|
auto int NESTED_FUNC_ATTR transform (const void *name,
|
||||||
|
grub_size_t namelen,
|
||||||
|
const void *val_in,
|
||||||
|
grub_size_t nelem,
|
||||||
|
grub_size_t elemsize);
|
||||||
|
|
||||||
|
int NESTED_FUNC_ATTR transform (const void *name,
|
||||||
|
grub_size_t namelen __attribute__ ((unused)),
|
||||||
|
const void *val_in,
|
||||||
|
grub_size_t nelem,
|
||||||
|
grub_size_t elemsize)
|
||||||
|
{
|
||||||
|
if (elemsize != sizeof (grub_uint64_t) || nelem != 1)
|
||||||
|
return 0;
|
||||||
|
return hook (name, grub_be_to_cpu64 (*(const grub_uint64_t *) val_in));
|
||||||
|
}
|
||||||
|
|
||||||
/* Read in the first block of the zap object data. */
|
/* Read in the first block of the zap object data. */
|
||||||
size = grub_zfs_to_cpu16 (zap_dnode->dn.dn_datablkszsec, zap_dnode->endian) << SPA_MINBLOCKSHIFT;
|
size = grub_zfs_to_cpu16 (zap_dnode->dn.dn_datablkszsec, zap_dnode->endian) << SPA_MINBLOCKSHIFT;
|
||||||
err = dmu_read (zap_dnode, 0, &zapbuf, &endian, data);
|
err = dmu_read (zap_dnode, 0, &zapbuf, &endian, data);
|
||||||
|
@ -2040,7 +2145,50 @@ zap_iterate (dnode_end_t * zap_dnode,
|
||||||
{
|
{
|
||||||
grub_dprintf ("zfs", "fat zap\n");
|
grub_dprintf ("zfs", "fat zap\n");
|
||||||
/* this is a fat zap */
|
/* this is a fat zap */
|
||||||
ret = fzap_iterate (zap_dnode, zapbuf, hook, data);
|
ret = fzap_iterate (zap_dnode, zapbuf, 1, transform, data);
|
||||||
|
grub_free (zapbuf);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
grub_error (GRUB_ERR_BAD_FS, "unknown ZAP type");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
zap_iterate (dnode_end_t * zap_dnode,
|
||||||
|
grub_size_t nameelemlen,
|
||||||
|
int NESTED_FUNC_ATTR (*hook) (const void *name,
|
||||||
|
grub_size_t namelen,
|
||||||
|
const void *val_in,
|
||||||
|
grub_size_t nelem,
|
||||||
|
grub_size_t elemsize),
|
||||||
|
struct grub_zfs_data *data)
|
||||||
|
{
|
||||||
|
grub_uint64_t block_type;
|
||||||
|
int size;
|
||||||
|
void *zapbuf;
|
||||||
|
grub_err_t err;
|
||||||
|
int ret;
|
||||||
|
grub_zfs_endian_t endian;
|
||||||
|
|
||||||
|
/* Read in the first block of the zap object data. */
|
||||||
|
size = grub_zfs_to_cpu16 (zap_dnode->dn.dn_datablkszsec, zap_dnode->endian) << SPA_MINBLOCKSHIFT;
|
||||||
|
err = dmu_read (zap_dnode, 0, &zapbuf, &endian, data);
|
||||||
|
if (err)
|
||||||
|
return 0;
|
||||||
|
block_type = grub_zfs_to_cpu64 (*((grub_uint64_t *) zapbuf), endian);
|
||||||
|
|
||||||
|
grub_dprintf ("zfs", "zap iterate\n");
|
||||||
|
|
||||||
|
if (block_type == ZBT_MICRO)
|
||||||
|
{
|
||||||
|
grub_error (GRUB_ERR_BAD_FS, "micro ZAP where FAT ZAP expected");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
if (block_type == ZBT_HEADER)
|
||||||
|
{
|
||||||
|
grub_dprintf ("zfs", "fat zap\n");
|
||||||
|
/* this is a fat zap */
|
||||||
|
ret = fzap_iterate (zap_dnode, zapbuf, nameelemlen, hook, data);
|
||||||
grub_free (zapbuf);
|
grub_free (zapbuf);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -2124,10 +2272,10 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, grub_uint8_t type,
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
static grub_err_t
|
static grub_err_t
|
||||||
dnode_get_path (dnode_end_t * mdn, const char *path_in, dnode_end_t * dn,
|
dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
|
||||||
struct grub_zfs_data *data, int *case_insensitive)
|
struct grub_zfs_data *data)
|
||||||
{
|
{
|
||||||
grub_uint64_t objnum, version, insensitivity;
|
grub_uint64_t objnum, version;
|
||||||
char *cname, ch;
|
char *cname, ch;
|
||||||
grub_err_t err = GRUB_ERR_NONE;
|
grub_err_t err = GRUB_ERR_NONE;
|
||||||
char *path, *path_buf;
|
char *path, *path_buf;
|
||||||
|
@ -2144,7 +2292,7 @@ dnode_get_path (dnode_end_t * mdn, const char *path_in, dnode_end_t * dn,
|
||||||
dn_new->next = 0;
|
dn_new->next = 0;
|
||||||
dnode_path = root = dn_new;
|
dnode_path = root = dn_new;
|
||||||
|
|
||||||
err = dnode_get (mdn, MASTER_NODE_OBJ, DMU_OT_MASTER_NODE,
|
err = dnode_get (&subvol->mdn, MASTER_NODE_OBJ, DMU_OT_MASTER_NODE,
|
||||||
&(dnode_path->dn), data);
|
&(dnode_path->dn), data);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
|
@ -2166,15 +2314,14 @@ dnode_get_path (dnode_end_t * mdn, const char *path_in, dnode_end_t * dn,
|
||||||
return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "too new ZPL version");
|
return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "too new ZPL version");
|
||||||
}
|
}
|
||||||
|
|
||||||
err = zap_lookup (&(dnode_path->dn), "casesensitivity", &insensitivity,
|
err = zap_lookup (&(dnode_path->dn), "casesensitivity",
|
||||||
|
&subvol->case_insensitive,
|
||||||
data, 0);
|
data, 0);
|
||||||
if (err == GRUB_ERR_FILE_NOT_FOUND)
|
if (err == GRUB_ERR_FILE_NOT_FOUND)
|
||||||
{
|
{
|
||||||
grub_errno = GRUB_ERR_NONE;
|
grub_errno = GRUB_ERR_NONE;
|
||||||
insensitivity = 0;
|
subvol->case_insensitive = 0;
|
||||||
}
|
}
|
||||||
if (case_insensitive)
|
|
||||||
*case_insensitive = insensitivity;
|
|
||||||
|
|
||||||
err = zap_lookup (&(dnode_path->dn), ZFS_ROOT_OBJ, &objnum, data, 0);
|
err = zap_lookup (&(dnode_path->dn), ZFS_ROOT_OBJ, &objnum, data, 0);
|
||||||
if (err)
|
if (err)
|
||||||
|
@ -2183,7 +2330,7 @@ dnode_get_path (dnode_end_t * mdn, const char *path_in, dnode_end_t * dn,
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
err = dnode_get (mdn, objnum, 0, &(dnode_path->dn), data);
|
err = dnode_get (&subvol->mdn, objnum, 0, &(dnode_path->dn), data);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
grub_free (dn_new);
|
grub_free (dn_new);
|
||||||
|
@ -2237,7 +2384,8 @@ dnode_get_path (dnode_end_t * mdn, const char *path_in, dnode_end_t * dn,
|
||||||
grub_free (path_buf);
|
grub_free (path_buf);
|
||||||
return grub_error (GRUB_ERR_BAD_FILE_TYPE, "not a directory");
|
return grub_error (GRUB_ERR_BAD_FILE_TYPE, "not a directory");
|
||||||
}
|
}
|
||||||
err = zap_lookup (&(dnode_path->dn), cname, &objnum, data, insensitivity);
|
err = zap_lookup (&(dnode_path->dn), cname, &objnum,
|
||||||
|
data, subvol->case_insensitive);
|
||||||
if (err)
|
if (err)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -2251,7 +2399,7 @@ dnode_get_path (dnode_end_t * mdn, const char *path_in, dnode_end_t * dn,
|
||||||
dnode_path = dn_new;
|
dnode_path = dn_new;
|
||||||
|
|
||||||
objnum = ZFS_DIRENT_OBJ (objnum);
|
objnum = ZFS_DIRENT_OBJ (objnum);
|
||||||
err = dnode_get (mdn, objnum, 0, &(dnode_path->dn), data);
|
err = dnode_get (&subvol->mdn, objnum, 0, &(dnode_path->dn), data);
|
||||||
if (err)
|
if (err)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -2545,14 +2693,65 @@ make_mdn (dnode_end_t * mdn, struct grub_zfs_data *data)
|
||||||
}
|
}
|
||||||
|
|
||||||
static grub_err_t
|
static grub_err_t
|
||||||
dnode_get_fullpath (const char *fullpath, dnode_end_t * mdn,
|
dnode_get_fullpath (const char *fullpath, struct subvolume *subvol,
|
||||||
grub_uint64_t *mdnobj, dnode_end_t * dn, int *isfs,
|
dnode_end_t * dn, int *isfs,
|
||||||
struct grub_zfs_data *data, int *case_insensitive)
|
struct grub_zfs_data *data)
|
||||||
{
|
{
|
||||||
char *fsname, *snapname;
|
char *fsname, *snapname;
|
||||||
const char *ptr_at, *filename;
|
const char *ptr_at, *filename;
|
||||||
grub_uint64_t headobj;
|
grub_uint64_t headobj;
|
||||||
|
grub_uint64_t keychainobj;
|
||||||
|
grub_uint64_t salt;
|
||||||
grub_err_t err;
|
grub_err_t err;
|
||||||
|
int keyn = 0;
|
||||||
|
|
||||||
|
auto int NESTED_FUNC_ATTR count_zap_keys (const void *name,
|
||||||
|
grub_size_t namelen,
|
||||||
|
const void *val_in,
|
||||||
|
grub_size_t nelem,
|
||||||
|
grub_size_t elemsize);
|
||||||
|
int NESTED_FUNC_ATTR count_zap_keys (const void *name __attribute__ ((unused)),
|
||||||
|
grub_size_t namelen __attribute__ ((unused)),
|
||||||
|
const void *val_in __attribute__ ((unused)),
|
||||||
|
grub_size_t nelem __attribute__ ((unused)),
|
||||||
|
grub_size_t elemsize __attribute__ ((unused)))
|
||||||
|
{
|
||||||
|
subvol->nkeys++;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
auto int NESTED_FUNC_ATTR load_zap_key (const void *name,
|
||||||
|
grub_size_t namelen,
|
||||||
|
const void *val_in,
|
||||||
|
grub_size_t nelem,
|
||||||
|
grub_size_t elemsize);
|
||||||
|
int NESTED_FUNC_ATTR load_zap_key (const void *name,
|
||||||
|
grub_size_t namelen,
|
||||||
|
const void *val_in,
|
||||||
|
grub_size_t nelem,
|
||||||
|
grub_size_t elemsize)
|
||||||
|
{
|
||||||
|
if (namelen != 1)
|
||||||
|
{
|
||||||
|
grub_dprintf ("zfs", "Unexpected key index size %" PRIuGRUB_SIZE "\n",
|
||||||
|
namelen);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (elemsize != 1)
|
||||||
|
{
|
||||||
|
grub_dprintf ("zfs", "Unexpected key element size %" PRIuGRUB_SIZE "\n",
|
||||||
|
elemsize);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
subvol->keyring[keyn].txg = grub_be_to_cpu64 (*(grub_uint64_t *) name);
|
||||||
|
subvol->keyring[keyn].algo = grub_le_to_cpu64 (*(grub_uint64_t *) val_in);
|
||||||
|
subvol->keyring[keyn].cipher = grub_zfs_load_key (val_in, nelem, salt,
|
||||||
|
subvol->keyring[keyn].algo);
|
||||||
|
keyn++;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
ptr_at = grub_strchr (fullpath, '@');
|
ptr_at = grub_strchr (fullpath, '@');
|
||||||
if (! ptr_at)
|
if (! ptr_at)
|
||||||
|
@ -2605,29 +2804,80 @@ dnode_get_fullpath (const char *fullpath, dnode_end_t * mdn,
|
||||||
|
|
||||||
headobj = grub_zfs_to_cpu64 (((dsl_dir_phys_t *) DN_BONUS (&dn->dn))->dd_head_dataset_obj, dn->endian);
|
headobj = grub_zfs_to_cpu64 (((dsl_dir_phys_t *) DN_BONUS (&dn->dn))->dd_head_dataset_obj, dn->endian);
|
||||||
|
|
||||||
grub_dprintf ("zfs", "endian = %d\n", mdn->endian);
|
grub_dprintf ("zfs", "endian = %d\n", subvol->mdn.endian);
|
||||||
|
|
||||||
err = dnode_get (&(data->mos), headobj, DMU_OT_DSL_DATASET, mdn, data);
|
err = dnode_get (&(data->mos), headobj, DMU_OT_DSL_DATASET, &subvol->mdn,
|
||||||
|
data);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
grub_free (fsname);
|
grub_free (fsname);
|
||||||
grub_free (snapname);
|
grub_free (snapname);
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
grub_dprintf ("zfs", "endian = %d\n", mdn->endian);
|
grub_dprintf ("zfs", "endian = %d\n", subvol->mdn.endian);
|
||||||
|
|
||||||
|
keychainobj = grub_zfs_to_cpu64 (((dsl_dir_phys_t *) DN_BONUS (&dn->dn))->keychain, dn->endian);
|
||||||
|
if (grub_zfs_load_key && keychainobj)
|
||||||
|
{
|
||||||
|
dnode_end_t keychain_dn, props_dn;
|
||||||
|
grub_uint64_t propsobj;
|
||||||
|
propsobj = grub_zfs_to_cpu64 (((dsl_dir_phys_t *) DN_BONUS (&dn->dn))->dd_props_zapobj, dn->endian);
|
||||||
|
|
||||||
|
err = dnode_get (&(data->mos), propsobj, DMU_OT_DSL_PROPS,
|
||||||
|
&props_dn, data);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
grub_free (fsname);
|
||||||
|
grub_free (snapname);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
err = zap_lookup (&props_dn, "salt", &salt, data, 0);
|
||||||
|
if (err == GRUB_ERR_FILE_NOT_FOUND)
|
||||||
|
{
|
||||||
|
err = 0;
|
||||||
|
grub_errno = 0;
|
||||||
|
salt = 0;
|
||||||
|
}
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
grub_dprintf ("zfs", "failed here\n");
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
err = dnode_get (&(data->mos), keychainobj, DMU_OT_DSL_KEYCHAIN,
|
||||||
|
&keychain_dn, data);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
grub_free (fsname);
|
||||||
|
grub_free (snapname);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
subvol->nkeys = 0;
|
||||||
|
zap_iterate (&keychain_dn, 8, count_zap_keys, data);
|
||||||
|
subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0]));
|
||||||
|
if (!subvol->keyring)
|
||||||
|
{
|
||||||
|
grub_free (fsname);
|
||||||
|
grub_free (snapname);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
zap_iterate (&keychain_dn, 8, load_zap_key, data);
|
||||||
|
}
|
||||||
|
|
||||||
if (snapname)
|
if (snapname)
|
||||||
{
|
{
|
||||||
grub_uint64_t snapobj;
|
grub_uint64_t snapobj;
|
||||||
|
|
||||||
snapobj = grub_zfs_to_cpu64 (((dsl_dataset_phys_t *) DN_BONUS (&mdn->dn))->ds_snapnames_zapobj, mdn->endian);
|
snapobj = grub_zfs_to_cpu64 (((dsl_dataset_phys_t *) DN_BONUS (&subvol->mdn.dn))->ds_snapnames_zapobj, subvol->mdn.endian);
|
||||||
|
|
||||||
err = dnode_get (&(data->mos), snapobj,
|
err = dnode_get (&(data->mos), snapobj,
|
||||||
DMU_OT_DSL_DS_SNAP_MAP, mdn, data);
|
DMU_OT_DSL_DS_SNAP_MAP, &subvol->mdn, data);
|
||||||
if (!err)
|
if (!err)
|
||||||
err = zap_lookup (mdn, snapname, &headobj, data, 0);
|
err = zap_lookup (&subvol->mdn, snapname, &headobj, data, 0);
|
||||||
if (!err)
|
if (!err)
|
||||||
err = dnode_get (&(data->mos), headobj, DMU_OT_DSL_DATASET, mdn, data);
|
err = dnode_get (&(data->mos), headobj, DMU_OT_DSL_DATASET,
|
||||||
|
&subvol->mdn, data);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
grub_free (fsname);
|
grub_free (fsname);
|
||||||
|
@ -2636,12 +2886,11 @@ dnode_get_fullpath (const char *fullpath, dnode_end_t * mdn,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (mdnobj)
|
subvol->obj = headobj;
|
||||||
*mdnobj = headobj;
|
|
||||||
|
|
||||||
make_mdn (mdn, data);
|
make_mdn (&subvol->mdn, data);
|
||||||
|
|
||||||
grub_dprintf ("zfs", "endian = %d\n", mdn->endian);
|
grub_dprintf ("zfs", "endian = %d\n", subvol->mdn.endian);
|
||||||
|
|
||||||
if (*isfs)
|
if (*isfs)
|
||||||
{
|
{
|
||||||
|
@ -2649,7 +2898,7 @@ dnode_get_fullpath (const char *fullpath, dnode_end_t * mdn,
|
||||||
grub_free (snapname);
|
grub_free (snapname);
|
||||||
return GRUB_ERR_NONE;
|
return GRUB_ERR_NONE;
|
||||||
}
|
}
|
||||||
err = dnode_get_path (mdn, filename, dn, data, case_insensitive);
|
err = dnode_get_path (subvol, filename, dn, data);
|
||||||
grub_free (fsname);
|
grub_free (fsname);
|
||||||
grub_free (snapname);
|
grub_free (snapname);
|
||||||
return err;
|
return err;
|
||||||
|
@ -2918,6 +3167,9 @@ zfs_unmount (struct grub_zfs_data *data)
|
||||||
grub_free (data->dnode_buf);
|
grub_free (data->dnode_buf);
|
||||||
grub_free (data->dnode_mdn);
|
grub_free (data->dnode_mdn);
|
||||||
grub_free (data->file_buf);
|
grub_free (data->file_buf);
|
||||||
|
for (i = 0; i < data->subvol.nkeys; i++)
|
||||||
|
grub_crypto_cipher_close (data->subvol.keyring[i].cipher);
|
||||||
|
grub_free (data->subvol.keyring);
|
||||||
grub_free (data);
|
grub_free (data);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2933,7 +3185,7 @@ zfs_mount (grub_device_t dev)
|
||||||
grub_err_t err;
|
grub_err_t err;
|
||||||
objset_phys_t *osp = 0;
|
objset_phys_t *osp = 0;
|
||||||
grub_size_t ospsize;
|
grub_size_t ospsize;
|
||||||
grub_zfs_endian_t ub_endian = UNKNOWN_ENDIAN;
|
grub_zfs_endian_t ub_endian = GRUB_ZFS_UNKNOWN_ENDIAN;
|
||||||
uberblock_t *ub;
|
uberblock_t *ub;
|
||||||
|
|
||||||
if (! dev->disk)
|
if (! dev->disk)
|
||||||
|
@ -2964,8 +3216,8 @@ zfs_mount (grub_device_t dev)
|
||||||
|
|
||||||
ub = &(data->current_uberblock);
|
ub = &(data->current_uberblock);
|
||||||
ub_endian = (grub_zfs_to_cpu64 (ub->ub_magic,
|
ub_endian = (grub_zfs_to_cpu64 (ub->ub_magic,
|
||||||
LITTLE_ENDIAN) == UBERBLOCK_MAGIC
|
GRUB_ZFS_LITTLE_ENDIAN) == UBERBLOCK_MAGIC
|
||||||
? LITTLE_ENDIAN : BIG_ENDIAN);
|
? GRUB_ZFS_LITTLE_ENDIAN : GRUB_ZFS_BIG_ENDIAN);
|
||||||
|
|
||||||
err = zio_read (&ub->ub_rootbp, ub_endian,
|
err = zio_read (&ub->ub_rootbp, ub_endian,
|
||||||
(void **) &osp, &ospsize, data);
|
(void **) &osp, &ospsize, data);
|
||||||
|
@ -3054,7 +3306,7 @@ static grub_err_t
|
||||||
zfs_mtime (grub_device_t device, grub_int32_t *mt)
|
zfs_mtime (grub_device_t device, grub_int32_t *mt)
|
||||||
{
|
{
|
||||||
struct grub_zfs_data *data;
|
struct grub_zfs_data *data;
|
||||||
grub_zfs_endian_t ub_endian = UNKNOWN_ENDIAN;
|
grub_zfs_endian_t ub_endian = GRUB_ZFS_UNKNOWN_ENDIAN;
|
||||||
uberblock_t *ub;
|
uberblock_t *ub;
|
||||||
|
|
||||||
*mt = 0;
|
*mt = 0;
|
||||||
|
@ -3065,8 +3317,8 @@ zfs_mtime (grub_device_t device, grub_int32_t *mt)
|
||||||
|
|
||||||
ub = &(data->current_uberblock);
|
ub = &(data->current_uberblock);
|
||||||
ub_endian = (grub_zfs_to_cpu64 (ub->ub_magic,
|
ub_endian = (grub_zfs_to_cpu64 (ub->ub_magic,
|
||||||
LITTLE_ENDIAN) == UBERBLOCK_MAGIC
|
GRUB_ZFS_LITTLE_ENDIAN) == UBERBLOCK_MAGIC
|
||||||
? LITTLE_ENDIAN : BIG_ENDIAN);
|
? GRUB_ZFS_LITTLE_ENDIAN : GRUB_ZFS_BIG_ENDIAN);
|
||||||
|
|
||||||
*mt = grub_zfs_to_cpu64 (ub->ub_timestamp, ub_endian);
|
*mt = grub_zfs_to_cpu64 (ub->ub_timestamp, ub_endian);
|
||||||
zfs_unmount (data);
|
zfs_unmount (data);
|
||||||
|
@ -3088,8 +3340,8 @@ grub_zfs_open (struct grub_file *file, const char *fsfilename)
|
||||||
if (! data)
|
if (! data)
|
||||||
return grub_errno;
|
return grub_errno;
|
||||||
|
|
||||||
err = dnode_get_fullpath (fsfilename, &(data->mdn), 0,
|
err = dnode_get_fullpath (fsfilename, &(data->subvol),
|
||||||
&(data->dnode), &isfs, data, NULL);
|
&(data->dnode), &isfs, data);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
zfs_unmount (data);
|
zfs_unmount (data);
|
||||||
|
@ -3252,8 +3504,9 @@ grub_zfs_getmdnobj (grub_device_t dev, const char *fsfilename,
|
||||||
if (! data)
|
if (! data)
|
||||||
return grub_errno;
|
return grub_errno;
|
||||||
|
|
||||||
err = dnode_get_fullpath (fsfilename, &(data->mdn), mdnobj,
|
err = dnode_get_fullpath (fsfilename, &(data->subvol),
|
||||||
&(data->dnode), &isfs, data, NULL);
|
&(data->dnode), &isfs, data);
|
||||||
|
*mdnobj = data->subvol.obj;
|
||||||
zfs_unmount (data);
|
zfs_unmount (data);
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
@ -3348,7 +3601,6 @@ grub_zfs_dir (grub_device_t device, const char *path,
|
||||||
struct grub_zfs_data *data;
|
struct grub_zfs_data *data;
|
||||||
grub_err_t err;
|
grub_err_t err;
|
||||||
int isfs;
|
int isfs;
|
||||||
int case_insensitive = 0;
|
|
||||||
auto int NESTED_FUNC_ATTR iterate_zap (const char *name, grub_uint64_t val);
|
auto int NESTED_FUNC_ATTR iterate_zap (const char *name, grub_uint64_t val);
|
||||||
auto int NESTED_FUNC_ATTR iterate_zap_fs (const char *name,
|
auto int NESTED_FUNC_ATTR iterate_zap_fs (const char *name,
|
||||||
grub_uint64_t val);
|
grub_uint64_t val);
|
||||||
|
@ -3361,7 +3613,7 @@ grub_zfs_dir (grub_device_t device, const char *path,
|
||||||
dnode_end_t dn;
|
dnode_end_t dn;
|
||||||
grub_memset (&info, 0, sizeof (info));
|
grub_memset (&info, 0, sizeof (info));
|
||||||
|
|
||||||
dnode_get (&(data->mdn), val, 0, &dn, data);
|
dnode_get (&(data->subvol.mdn), val, 0, &dn, data);
|
||||||
|
|
||||||
if (dn.dn.dn_bonustype == DMU_OT_SA)
|
if (dn.dn.dn_bonustype == DMU_OT_SA)
|
||||||
{
|
{
|
||||||
|
@ -3393,7 +3645,7 @@ grub_zfs_dir (grub_device_t device, const char *path,
|
||||||
hdrsize = SA_HDR_SIZE (((sa_hdr_phys_t *) sahdrp));
|
hdrsize = SA_HDR_SIZE (((sa_hdr_phys_t *) sahdrp));
|
||||||
info.mtimeset = 1;
|
info.mtimeset = 1;
|
||||||
info.mtime = grub_zfs_to_cpu64 (*(grub_uint64_t *) ((char *) sahdrp + hdrsize + SA_MTIME_OFFSET), dn.endian);
|
info.mtime = grub_zfs_to_cpu64 (*(grub_uint64_t *) ((char *) sahdrp + hdrsize + SA_MTIME_OFFSET), dn.endian);
|
||||||
info.case_insensitive = case_insensitive;
|
info.case_insensitive = data->subvol.case_insensitive;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dn.dn.dn_bonustype == DMU_OT_ZNODE)
|
if (dn.dn.dn_bonustype == DMU_OT_ZNODE)
|
||||||
|
@ -3448,8 +3700,7 @@ grub_zfs_dir (grub_device_t device, const char *path,
|
||||||
data = zfs_mount (device);
|
data = zfs_mount (device);
|
||||||
if (! data)
|
if (! data)
|
||||||
return grub_errno;
|
return grub_errno;
|
||||||
err = dnode_get_fullpath (path, &(data->mdn), 0, &(data->dnode), &isfs, data,
|
err = dnode_get_fullpath (path, &(data->subvol), &(data->dnode), &isfs, data);
|
||||||
&case_insensitive);
|
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
zfs_unmount (data);
|
zfs_unmount (data);
|
||||||
|
@ -3475,7 +3726,7 @@ grub_zfs_dir (grub_device_t device, const char *path,
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
zap_iterate (&dn, iterate_zap_fs, data);
|
zap_iterate_u64 (&dn, iterate_zap_fs, data);
|
||||||
|
|
||||||
err = dnode_get (&(data->mos), headobj, DMU_OT_DSL_DATASET, &dn, data);
|
err = dnode_get (&(data->mos), headobj, DMU_OT_DSL_DATASET, &dn, data);
|
||||||
if (err)
|
if (err)
|
||||||
|
@ -3494,7 +3745,7 @@ grub_zfs_dir (grub_device_t device, const char *path,
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
zap_iterate (&dn, iterate_zap_snap, data);
|
zap_iterate_u64 (&dn, iterate_zap_snap, data);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -3503,7 +3754,7 @@ grub_zfs_dir (grub_device_t device, const char *path,
|
||||||
zfs_unmount (data);
|
zfs_unmount (data);
|
||||||
return grub_error (GRUB_ERR_BAD_FILE_TYPE, "not a directory");
|
return grub_error (GRUB_ERR_BAD_FILE_TYPE, "not a directory");
|
||||||
}
|
}
|
||||||
zap_iterate (&(data->dnode), iterate_zap, data);
|
zap_iterate_u64 (&(data->dnode), iterate_zap, data);
|
||||||
}
|
}
|
||||||
zfs_unmount (data);
|
zfs_unmount (data);
|
||||||
return grub_errno;
|
return grub_errno;
|
||||||
|
|
466
grub-core/fs/zfs/zfscrypt.c
Normal file
466
grub-core/fs/zfs/zfscrypt.c
Normal file
|
@ -0,0 +1,466 @@
|
||||||
|
/*
|
||||||
|
* GRUB -- GRand Unified Bootloader
|
||||||
|
* Copyright (C) 2011 Free Software Foundation, Inc.
|
||||||
|
*
|
||||||
|
* GRUB is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* GRUB is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <grub/err.h>
|
||||||
|
#include <grub/file.h>
|
||||||
|
#include <grub/mm.h>
|
||||||
|
#include <grub/misc.h>
|
||||||
|
#include <grub/disk.h>
|
||||||
|
#include <grub/partition.h>
|
||||||
|
#include <grub/dl.h>
|
||||||
|
#include <grub/types.h>
|
||||||
|
#include <grub/zfs/zfs.h>
|
||||||
|
#include <grub/zfs/zio.h>
|
||||||
|
#include <grub/zfs/dnode.h>
|
||||||
|
#include <grub/zfs/uberblock_impl.h>
|
||||||
|
#include <grub/zfs/vdev_impl.h>
|
||||||
|
#include <grub/zfs/zio_checksum.h>
|
||||||
|
#include <grub/zfs/zap_impl.h>
|
||||||
|
#include <grub/zfs/zap_leaf.h>
|
||||||
|
#include <grub/zfs/zfs_znode.h>
|
||||||
|
#include <grub/zfs/dmu.h>
|
||||||
|
#include <grub/zfs/dmu_objset.h>
|
||||||
|
#include <grub/zfs/sa_impl.h>
|
||||||
|
#include <grub/zfs/dsl_dir.h>
|
||||||
|
#include <grub/zfs/dsl_dataset.h>
|
||||||
|
#include <grub/crypto.h>
|
||||||
|
#include <grub/extcmd.h>
|
||||||
|
#include <grub/i18n.h>
|
||||||
|
|
||||||
|
GRUB_MOD_LICENSE ("GPLv3+");
|
||||||
|
|
||||||
|
enum grub_zfs_algo
|
||||||
|
{
|
||||||
|
GRUB_ZFS_ALGO_CCM,
|
||||||
|
GRUB_ZFS_ALGO_GCM,
|
||||||
|
};
|
||||||
|
|
||||||
|
struct grub_zfs_key
|
||||||
|
{
|
||||||
|
grub_uint64_t algo;
|
||||||
|
grub_uint8_t enc_nonce[13];
|
||||||
|
grub_uint8_t unused[3];
|
||||||
|
grub_uint8_t enc_key[48];
|
||||||
|
grub_uint8_t unknown_purpose_nonce[13];
|
||||||
|
grub_uint8_t unused2[3];
|
||||||
|
grub_uint8_t unknown_purpose_key[48];
|
||||||
|
};
|
||||||
|
|
||||||
|
struct grub_zfs_wrap_key
|
||||||
|
{
|
||||||
|
struct grub_zfs_wrap_key *next;
|
||||||
|
grub_size_t keylen;
|
||||||
|
int is_passphrase;
|
||||||
|
grub_uint64_t key[0];
|
||||||
|
};
|
||||||
|
|
||||||
|
static struct grub_zfs_wrap_key *zfs_wrap_keys;
|
||||||
|
|
||||||
|
grub_err_t
|
||||||
|
grub_zfs_add_key (grub_uint8_t *key_in,
|
||||||
|
grub_size_t keylen,
|
||||||
|
int passphrase)
|
||||||
|
{
|
||||||
|
struct grub_zfs_wrap_key *key;
|
||||||
|
if (!passphrase && keylen > 32)
|
||||||
|
keylen = 32;
|
||||||
|
key = grub_malloc (sizeof (*key) + keylen);
|
||||||
|
if (!key)
|
||||||
|
return grub_errno;
|
||||||
|
key->is_passphrase = passphrase;
|
||||||
|
key->keylen = keylen;
|
||||||
|
grub_memcpy (key->key, key_in, keylen);
|
||||||
|
key->next = zfs_wrap_keys;
|
||||||
|
zfs_wrap_keys = key;
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
static grub_err_t
|
||||||
|
grub_ccm_decrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
|
grub_uint8_t *out, const grub_uint8_t *in,
|
||||||
|
grub_size_t psize,
|
||||||
|
void *mac_out, const void *nonce,
|
||||||
|
unsigned l, unsigned m)
|
||||||
|
{
|
||||||
|
grub_uint8_t iv[16];
|
||||||
|
grub_uint8_t mul[16];
|
||||||
|
grub_uint32_t mac[4];
|
||||||
|
unsigned i, j;
|
||||||
|
grub_err_t err;
|
||||||
|
|
||||||
|
grub_memcpy (iv + 1, nonce, 15 - l);
|
||||||
|
|
||||||
|
iv[0] = (l - 1) | (((m-2) / 2) << 3);
|
||||||
|
for (j = 0; j < l; j++)
|
||||||
|
iv[15 - j] = psize >> (8 * j);
|
||||||
|
err = grub_crypto_ecb_encrypt (cipher, mac, iv, 16);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
iv[0] = l - 1;
|
||||||
|
|
||||||
|
for (i = 0; i < (psize + 15) / 16; i++)
|
||||||
|
{
|
||||||
|
grub_size_t csize;
|
||||||
|
csize = 16;
|
||||||
|
if (csize > psize - 16 * i)
|
||||||
|
csize = psize - 16 * i;
|
||||||
|
for (j = 0; j < l; j++)
|
||||||
|
iv[15 - j] = (i + 1) >> (8 * j);
|
||||||
|
err = grub_crypto_ecb_encrypt (cipher, mul, iv, 16);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
grub_crypto_xor (out + 16 * i, in + 16 * i, mul, csize);
|
||||||
|
grub_crypto_xor (mac, mac, out + 16 * i, csize);
|
||||||
|
err = grub_crypto_ecb_encrypt (cipher, mac, mac, 16);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
for (j = 0; j < l; j++)
|
||||||
|
iv[15 - j] = 0;
|
||||||
|
err = grub_crypto_ecb_encrypt (cipher, mul, iv, 16);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
if (mac_out)
|
||||||
|
grub_crypto_xor (mac_out, mac, mul, m);
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
grub_gcm_mul_x (grub_uint8_t *a)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
int c = 0, d = 0;
|
||||||
|
for (i = 0; i < 16; i++)
|
||||||
|
{
|
||||||
|
c = a[i] & 0x1;
|
||||||
|
a[i] = (a[i] >> 1) | (d << 7);
|
||||||
|
d = c;
|
||||||
|
}
|
||||||
|
if (d)
|
||||||
|
a[0] ^= 0xe1;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
grub_gcm_mul (grub_uint8_t *a, const grub_uint8_t *b)
|
||||||
|
{
|
||||||
|
grub_uint8_t res[16], bs[16];
|
||||||
|
int i;
|
||||||
|
grub_memcpy (bs, b, 16);
|
||||||
|
grub_memset (res, 0, 16);
|
||||||
|
for (i = 0; i < 128; i++)
|
||||||
|
{
|
||||||
|
if ((a[i / 8] << (i % 8)) & 0x80)
|
||||||
|
grub_crypto_xor (res, res, bs, 16);
|
||||||
|
grub_gcm_mul_x (bs);
|
||||||
|
}
|
||||||
|
|
||||||
|
grub_memcpy (a, res, 16);
|
||||||
|
}
|
||||||
|
|
||||||
|
static grub_err_t
|
||||||
|
grub_gcm_decrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
|
grub_uint8_t *out, const grub_uint8_t *in,
|
||||||
|
grub_size_t psize,
|
||||||
|
void *mac_out, const void *nonce,
|
||||||
|
unsigned nonce_len, unsigned m)
|
||||||
|
{
|
||||||
|
grub_uint8_t iv[16];
|
||||||
|
grub_uint8_t mul[16];
|
||||||
|
grub_uint8_t mac[16], h[16], mac_xor[16];
|
||||||
|
unsigned i, j;
|
||||||
|
grub_err_t err;
|
||||||
|
|
||||||
|
grub_memset (mac, 0, sizeof (mac));
|
||||||
|
|
||||||
|
err = grub_crypto_ecb_encrypt (cipher, h, mac, 16);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
if (nonce_len == 12)
|
||||||
|
{
|
||||||
|
grub_memcpy (iv, nonce, 12);
|
||||||
|
iv[12] = 0;
|
||||||
|
iv[13] = 0;
|
||||||
|
iv[14] = 0;
|
||||||
|
iv[15] = 1;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
grub_memset (iv, 0, sizeof (iv));
|
||||||
|
grub_memcpy (iv, nonce, nonce_len);
|
||||||
|
grub_gcm_mul (iv, h);
|
||||||
|
iv[15] ^= nonce_len * 8;
|
||||||
|
grub_gcm_mul (iv, h);
|
||||||
|
}
|
||||||
|
|
||||||
|
err = grub_crypto_ecb_encrypt (cipher, mac_xor, iv, 16);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
for (i = 0; i < (psize + 15) / 16; i++)
|
||||||
|
{
|
||||||
|
grub_size_t csize;
|
||||||
|
csize = 16;
|
||||||
|
if (csize > psize - 16 * i)
|
||||||
|
csize = psize - 16 * i;
|
||||||
|
for (j = 0; j < 4; j++)
|
||||||
|
{
|
||||||
|
iv[15 - j]++;
|
||||||
|
if (iv[15 - j] != 0)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
grub_crypto_xor (mac, mac, in + 16 * i, csize);
|
||||||
|
grub_gcm_mul (mac, h);
|
||||||
|
err = grub_crypto_ecb_encrypt (cipher, mul, iv, 16);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
grub_crypto_xor (out + 16 * i, in + 16 * i, mul, csize);
|
||||||
|
}
|
||||||
|
for (j = 0; j < 8; j++)
|
||||||
|
mac[15 - j] ^= ((psize * 8) >> (8 * j));
|
||||||
|
grub_gcm_mul (mac, h);
|
||||||
|
|
||||||
|
if (mac_out)
|
||||||
|
grub_crypto_xor (mac_out, mac, mac_xor, m);
|
||||||
|
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static grub_err_t
|
||||||
|
algo_decrypt (grub_crypto_cipher_handle_t cipher, grub_uint64_t algo,
|
||||||
|
grub_uint8_t *out, const grub_uint8_t *in,
|
||||||
|
grub_size_t psize,
|
||||||
|
void *mac_out, const void *nonce,
|
||||||
|
unsigned l, unsigned m)
|
||||||
|
{
|
||||||
|
switch (algo)
|
||||||
|
{
|
||||||
|
case 0:
|
||||||
|
return grub_ccm_decrypt (cipher, out, in, psize, mac_out, nonce, l, m);
|
||||||
|
case 1:
|
||||||
|
return grub_gcm_decrypt (cipher, out, in, psize, mac_out, nonce,
|
||||||
|
15 - l, m);
|
||||||
|
default:
|
||||||
|
return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "algorithm %"
|
||||||
|
PRIuGRUB_UINT64_T " is not supported yet", algo);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static grub_err_t
|
||||||
|
grub_zfs_decrypt_real (grub_crypto_cipher_handle_t cipher,
|
||||||
|
grub_uint64_t algo,
|
||||||
|
void *nonce,
|
||||||
|
char *buf, grub_size_t size,
|
||||||
|
const grub_uint32_t *expected_mac,
|
||||||
|
grub_zfs_endian_t endian)
|
||||||
|
{
|
||||||
|
grub_uint32_t mac[4];
|
||||||
|
unsigned i;
|
||||||
|
grub_uint32_t sw[4];
|
||||||
|
grub_err_t err;
|
||||||
|
|
||||||
|
grub_memcpy (sw, nonce, 16);
|
||||||
|
for (i = 0; i < 4; i++)
|
||||||
|
sw[i] = grub_cpu_to_be32 (grub_zfs_to_cpu32 (sw[i], endian));
|
||||||
|
|
||||||
|
if (!cipher)
|
||||||
|
return grub_error (GRUB_ERR_ACCESS_DENIED,
|
||||||
|
"no decryption key available");;
|
||||||
|
err = algo_decrypt (cipher, algo,
|
||||||
|
(grub_uint8_t *) buf,
|
||||||
|
(grub_uint8_t *) buf,
|
||||||
|
size, mac,
|
||||||
|
sw + 1, 3, 12);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
for (i = 0; i < 3; i++)
|
||||||
|
if (grub_zfs_to_cpu32 (expected_mac[i], endian)
|
||||||
|
!= grub_be_to_cpu32 (mac[i]))
|
||||||
|
return grub_error (GRUB_ERR_BAD_FS, "MAC verification failed");
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
static grub_crypto_cipher_handle_t
|
||||||
|
grub_zfs_load_key_real (const struct grub_zfs_key *key,
|
||||||
|
grub_size_t keysize,
|
||||||
|
grub_uint64_t salt,
|
||||||
|
grub_uint64_t algo)
|
||||||
|
{
|
||||||
|
unsigned keylen;
|
||||||
|
struct grub_zfs_wrap_key *wrap_key;
|
||||||
|
grub_crypto_cipher_handle_t ret = NULL;
|
||||||
|
grub_err_t err;
|
||||||
|
|
||||||
|
if (keysize != sizeof (*key))
|
||||||
|
{
|
||||||
|
grub_dprintf ("zfs", "Unexpected key size %" PRIuGRUB_SIZE "\n", keysize);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (grub_memcmp (key->enc_key + 32, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 16)
|
||||||
|
== 0)
|
||||||
|
keylen = 16;
|
||||||
|
else if (grub_memcmp (key->enc_key + 40, "\0\0\0\0\0\0\0\0", 8) == 0)
|
||||||
|
keylen = 24;
|
||||||
|
else
|
||||||
|
keylen = 32;
|
||||||
|
|
||||||
|
for (wrap_key = zfs_wrap_keys; wrap_key; wrap_key = wrap_key->next)
|
||||||
|
{
|
||||||
|
grub_crypto_cipher_handle_t cipher;
|
||||||
|
grub_uint8_t decrypted[32], mac[32], wrap_key_real[32];
|
||||||
|
cipher = grub_crypto_cipher_open (GRUB_CIPHER_AES);
|
||||||
|
if (!cipher)
|
||||||
|
{
|
||||||
|
grub_errno = GRUB_ERR_NONE;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
grub_memset (wrap_key_real, 0, sizeof (wrap_key_real));
|
||||||
|
if (!wrap_key->is_passphrase)
|
||||||
|
grub_memcpy(wrap_key_real, wrap_key->key,
|
||||||
|
wrap_key->keylen < keylen ? wrap_key->keylen : keylen);
|
||||||
|
else
|
||||||
|
grub_crypto_pbkdf2 (GRUB_MD_SHA1,
|
||||||
|
(const grub_uint8_t *) wrap_key->key,
|
||||||
|
wrap_key->keylen,
|
||||||
|
(const grub_uint8_t *) &salt, sizeof (salt),
|
||||||
|
1000, wrap_key_real, keylen);
|
||||||
|
|
||||||
|
err = grub_crypto_cipher_set_key (cipher, wrap_key_real,
|
||||||
|
keylen);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
grub_errno = GRUB_ERR_NONE;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
err = algo_decrypt (cipher, algo, decrypted, key->unknown_purpose_key, 32,
|
||||||
|
mac, key->unknown_purpose_nonce, 2, 16);
|
||||||
|
if (err || (grub_crypto_memcmp (mac, key->unknown_purpose_key + 32, 16)
|
||||||
|
!= 0))
|
||||||
|
{
|
||||||
|
grub_dprintf ("zfs", "key loading failed\n");
|
||||||
|
grub_errno = GRUB_ERR_NONE;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
err = algo_decrypt (cipher, algo, decrypted, key->enc_key, keylen, mac,
|
||||||
|
key->enc_nonce, 2, 16);
|
||||||
|
if (err || grub_crypto_memcmp (mac, key->enc_key + keylen, 16) != 0)
|
||||||
|
{
|
||||||
|
grub_dprintf ("zfs", "key loading failed\n");
|
||||||
|
grub_errno = GRUB_ERR_NONE;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
ret = grub_crypto_cipher_open (GRUB_CIPHER_AES);
|
||||||
|
if (!ret)
|
||||||
|
{
|
||||||
|
grub_errno = GRUB_ERR_NONE;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
err = grub_crypto_cipher_set_key (ret, decrypted, keylen);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
grub_errno = GRUB_ERR_NONE;
|
||||||
|
grub_crypto_cipher_close (ret);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static const struct grub_arg_option options[] =
|
||||||
|
{
|
||||||
|
{"raw", 'r', 0, N_("Assume input is raw."), 0, 0},
|
||||||
|
{"hex", 'h', 0, N_("Assume input is hex."), 0, 0},
|
||||||
|
{"passphrase", 'p', 0, N_("Assume input is passphrase."), 0, 0},
|
||||||
|
{0, 0, 0, 0, 0, 0}
|
||||||
|
};
|
||||||
|
|
||||||
|
static grub_err_t
|
||||||
|
grub_cmd_zfs_key (grub_extcmd_context_t ctxt, int argc, char **args)
|
||||||
|
{
|
||||||
|
grub_uint8_t buf[1024];
|
||||||
|
grub_ssize_t real_size;
|
||||||
|
|
||||||
|
if (argc > 0)
|
||||||
|
{
|
||||||
|
grub_file_t file;
|
||||||
|
file = grub_file_open (args[0]);
|
||||||
|
if (!file)
|
||||||
|
return grub_errno;
|
||||||
|
real_size = grub_file_read (file, buf, 1024);
|
||||||
|
if (real_size < 0)
|
||||||
|
return grub_errno;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
grub_printf ("Enter ZFS password: ");
|
||||||
|
if (!grub_password_get ((char *) buf, 1023))
|
||||||
|
return grub_errno;
|
||||||
|
real_size = grub_strlen ((char *) buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ctxt->state[1].set)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
grub_err_t err;
|
||||||
|
for (i = 0; i < real_size / 2; i++)
|
||||||
|
{
|
||||||
|
char c1 = grub_tolower (buf[2 * i]) - '0';
|
||||||
|
char c2 = grub_tolower (buf[2 * i + 1]) - '0';
|
||||||
|
if (c1 > 9)
|
||||||
|
c1 += '0' - 'a' + 10;
|
||||||
|
if (c2 > 9)
|
||||||
|
c2 += '0' - 'a' + 10;
|
||||||
|
buf[i] = (c1 << 4) | c2;
|
||||||
|
}
|
||||||
|
err = grub_zfs_add_key (buf, real_size / 2, 0);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
return grub_zfs_add_key (buf, real_size,
|
||||||
|
ctxt->state[2].set
|
||||||
|
|| (argc == 0 && !ctxt->state[0].set
|
||||||
|
&& !ctxt->state[1].set));
|
||||||
|
}
|
||||||
|
|
||||||
|
static grub_extcmd_t cmd_key;
|
||||||
|
|
||||||
|
GRUB_MOD_INIT(zfscrypto)
|
||||||
|
{
|
||||||
|
grub_zfs_decrypt = grub_zfs_decrypt_real;
|
||||||
|
grub_zfs_load_key = grub_zfs_load_key_real;
|
||||||
|
cmd_key = grub_register_extcmd ("zfskey", grub_cmd_zfs_key, 0,
|
||||||
|
"zfskey [-h|-p|-r] [FILE]",
|
||||||
|
"Import ZFS wrapping key stored in FILE.",
|
||||||
|
options);
|
||||||
|
}
|
||||||
|
|
||||||
|
GRUB_MOD_FINI(zfscrypto)
|
||||||
|
{
|
||||||
|
grub_zfs_decrypt = 0;
|
||||||
|
grub_zfs_load_key = 0;
|
||||||
|
grub_unregister_extcmd (cmd_key);
|
||||||
|
}
|
|
@ -169,14 +169,6 @@ grub_crypto_cipher_set_key (grub_crypto_cipher_handle_t cipher,
|
||||||
return cipher->cipher->setkey (cipher->ctx, key, keylen);
|
return cipher->cipher->setkey (cipher->ctx, key, keylen);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void
|
|
||||||
grub_crypto_cipher_close (grub_crypto_cipher_handle_t cipher)
|
|
||||||
{
|
|
||||||
grub_free (cipher);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
void
|
void
|
||||||
grub_crypto_xor (void *out, const void *in1, const void *in2, grub_size_t size)
|
grub_crypto_xor (void *out, const void *in1, const void *in2, grub_size_t size)
|
||||||
{
|
{
|
||||||
|
@ -210,9 +202,10 @@ grub_crypto_ecb_decrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
|
|
||||||
gcry_err_code_t
|
gcry_err_code_t
|
||||||
grub_crypto_ecb_encrypt (grub_crypto_cipher_handle_t cipher,
|
grub_crypto_ecb_encrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
void *out, void *in, grub_size_t size)
|
void *out, const void *in, grub_size_t size)
|
||||||
{
|
{
|
||||||
grub_uint8_t *inptr, *outptr, *end;
|
const grub_uint8_t *inptr;
|
||||||
|
grub_uint8_t *outptr, *end;
|
||||||
if (!cipher->cipher->encrypt)
|
if (!cipher->cipher->encrypt)
|
||||||
return GPG_ERR_NOT_SUPPORTED;
|
return GPG_ERR_NOT_SUPPORTED;
|
||||||
if (size % cipher->cipher->blocksize != 0)
|
if (size % cipher->cipher->blocksize != 0)
|
||||||
|
|
|
@ -26,6 +26,7 @@
|
||||||
#include <grub/symbol.h>
|
#include <grub/symbol.h>
|
||||||
#include <grub/types.h>
|
#include <grub/types.h>
|
||||||
#include <grub/err.h>
|
#include <grub/err.h>
|
||||||
|
#include <grub/mm.h>
|
||||||
|
|
||||||
typedef enum
|
typedef enum
|
||||||
{
|
{
|
||||||
|
@ -191,8 +192,11 @@ grub_crypto_cipher_set_key (grub_crypto_cipher_handle_t cipher,
|
||||||
const unsigned char *key,
|
const unsigned char *key,
|
||||||
unsigned keylen);
|
unsigned keylen);
|
||||||
|
|
||||||
void
|
static inline void
|
||||||
grub_crypto_cipher_close (grub_crypto_cipher_handle_t cipher);
|
grub_crypto_cipher_close (grub_crypto_cipher_handle_t cipher)
|
||||||
|
{
|
||||||
|
grub_free (cipher);
|
||||||
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
grub_crypto_xor (void *out, const void *in1, const void *in2, grub_size_t size);
|
grub_crypto_xor (void *out, const void *in1, const void *in2, grub_size_t size);
|
||||||
|
@ -203,7 +207,7 @@ grub_crypto_ecb_decrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
|
|
||||||
gcry_err_code_t
|
gcry_err_code_t
|
||||||
grub_crypto_ecb_encrypt (grub_crypto_cipher_handle_t cipher,
|
grub_crypto_ecb_encrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
void *out, void *in, grub_size_t size);
|
void *out, const void *in, grub_size_t size);
|
||||||
gcry_err_code_t
|
gcry_err_code_t
|
||||||
grub_crypto_cbc_encrypt (grub_crypto_cipher_handle_t cipher,
|
grub_crypto_cbc_encrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
void *out, void *in, grub_size_t size,
|
void *out, void *in, grub_size_t size,
|
||||||
|
@ -251,11 +255,13 @@ extern gcry_md_spec_t _gcry_digest_spec_sha1;
|
||||||
extern gcry_md_spec_t _gcry_digest_spec_sha256;
|
extern gcry_md_spec_t _gcry_digest_spec_sha256;
|
||||||
extern gcry_md_spec_t _gcry_digest_spec_sha512;
|
extern gcry_md_spec_t _gcry_digest_spec_sha512;
|
||||||
extern gcry_md_spec_t _gcry_digest_spec_crc32;
|
extern gcry_md_spec_t _gcry_digest_spec_crc32;
|
||||||
|
extern gcry_cipher_spec_t _gcry_cipher_spec_aes;
|
||||||
#define GRUB_MD_MD5 ((const gcry_md_spec_t *) &_gcry_digest_spec_md5)
|
#define GRUB_MD_MD5 ((const gcry_md_spec_t *) &_gcry_digest_spec_md5)
|
||||||
#define GRUB_MD_SHA1 ((const gcry_md_spec_t *) &_gcry_digest_spec_sha1)
|
#define GRUB_MD_SHA1 ((const gcry_md_spec_t *) &_gcry_digest_spec_sha1)
|
||||||
#define GRUB_MD_SHA256 ((const gcry_md_spec_t *) &_gcry_digest_spec_sha256)
|
#define GRUB_MD_SHA256 ((const gcry_md_spec_t *) &_gcry_digest_spec_sha256)
|
||||||
#define GRUB_MD_SHA512 ((const gcry_md_spec_t *) &_gcry_digest_spec_sha512)
|
#define GRUB_MD_SHA512 ((const gcry_md_spec_t *) &_gcry_digest_spec_sha512)
|
||||||
#define GRUB_MD_CRC32 ((const gcry_md_spec_t *) &_gcry_digest_spec_crc32)
|
#define GRUB_MD_CRC32 ((const gcry_md_spec_t *) &_gcry_digest_spec_crc32)
|
||||||
|
#define GRUB_CIPHER_AES ((const gcry_cipher_spec_t *) &_gcry_cipher_spec_aes)
|
||||||
|
|
||||||
/* Implement PKCS#5 PBKDF2 as per RFC 2898. The PRF to use is HMAC variant
|
/* Implement PKCS#5 PBKDF2 as per RFC 2898. The PRF to use is HMAC variant
|
||||||
of digest supplied by MD. Inputs are the password P of length PLEN,
|
of digest supplied by MD. Inputs are the password P of length PLEN,
|
||||||
|
|
|
@ -88,6 +88,7 @@ typedef enum dmu_object_type {
|
||||||
DMU_OT_SA_MASTER_NODE, /* ZAP */
|
DMU_OT_SA_MASTER_NODE, /* ZAP */
|
||||||
DMU_OT_SA_ATTR_REGISTRATION, /* ZAP */
|
DMU_OT_SA_ATTR_REGISTRATION, /* ZAP */
|
||||||
DMU_OT_SA_ATTR_LAYOUTS, /* ZAP */
|
DMU_OT_SA_ATTR_LAYOUTS, /* ZAP */
|
||||||
|
DMU_OT_DSL_KEYCHAIN = 54,
|
||||||
DMU_OT_NUMTYPES
|
DMU_OT_NUMTYPES
|
||||||
} dmu_object_type_t;
|
} dmu_object_type_t;
|
||||||
|
|
||||||
|
|
|
@ -42,7 +42,9 @@ typedef struct dsl_dir_phys {
|
||||||
grub_uint64_t dd_reserved;
|
grub_uint64_t dd_reserved;
|
||||||
grub_uint64_t dd_props_zapobj;
|
grub_uint64_t dd_props_zapobj;
|
||||||
grub_uint64_t dd_deleg_zapobj; /* dataset permissions */
|
grub_uint64_t dd_deleg_zapobj; /* dataset permissions */
|
||||||
grub_uint64_t dd_pad[20]; /* pad out to 256 bytes for good measure */
|
grub_uint64_t unused[7];
|
||||||
|
grub_uint64_t keychain;
|
||||||
|
grub_uint64_t unused2[12];
|
||||||
} dsl_dir_phys_t;
|
} dsl_dir_phys_t;
|
||||||
|
|
||||||
#endif /* _SYS_DSL_DIR_H */
|
#endif /* _SYS_DSL_DIR_H */
|
||||||
|
|
|
@ -20,26 +20,24 @@
|
||||||
#ifndef GRUB_ZFS_SPA_HEADER
|
#ifndef GRUB_ZFS_SPA_HEADER
|
||||||
#define GRUB_ZFS_SPA_HEADER 1
|
#define GRUB_ZFS_SPA_HEADER 1
|
||||||
|
|
||||||
typedef enum grub_zfs_endian
|
#define grub_zfs_to_cpu16(x,a) (((a) == GRUB_ZFS_BIG_ENDIAN) ? \
|
||||||
{
|
grub_be_to_cpu16(x) \
|
||||||
UNKNOWN_ENDIAN = -2,
|
|
||||||
LITTLE_ENDIAN = -1,
|
|
||||||
BIG_ENDIAN = 0
|
|
||||||
} grub_zfs_endian_t;
|
|
||||||
|
|
||||||
#define grub_zfs_to_cpu16(x,a) (((a) == BIG_ENDIAN) ? grub_be_to_cpu16(x) \
|
|
||||||
: grub_le_to_cpu16(x))
|
: grub_le_to_cpu16(x))
|
||||||
#define grub_cpu_to_zfs16(x,a) (((a) == BIG_ENDIAN) ? grub_cpu_to_be16(x) \
|
#define grub_cpu_to_zfs16(x,a) (((a) == GRUB_ZFS_BIG_ENDIAN) ? \
|
||||||
|
grub_cpu_to_be16(x) \
|
||||||
: grub_cpu_to_le16(x))
|
: grub_cpu_to_le16(x))
|
||||||
|
|
||||||
#define grub_zfs_to_cpu32(x,a) (((a) == BIG_ENDIAN) ? grub_be_to_cpu32(x) \
|
#define grub_zfs_to_cpu32(x,a) (((a) == GRUB_ZFS_BIG_ENDIAN) ? \
|
||||||
|
grub_be_to_cpu32(x) \
|
||||||
: grub_le_to_cpu32(x))
|
: grub_le_to_cpu32(x))
|
||||||
#define grub_cpu_to_zfs32(x,a) (((a) == BIG_ENDIAN) ? grub_cpu_to_be32(x) \
|
#define grub_cpu_to_zfs32(x,a) (((a) == GRUB_ZFS_BIG_ENDIAN) ? \
|
||||||
|
grub_cpu_to_be32(x) \
|
||||||
: grub_cpu_to_le32(x))
|
: grub_cpu_to_le32(x))
|
||||||
|
|
||||||
#define grub_zfs_to_cpu64(x,a) (((a) == BIG_ENDIAN) ? grub_be_to_cpu64(x) \
|
#define grub_zfs_to_cpu64(x,a) (((a) == GRUB_ZFS_BIG_ENDIAN) \
|
||||||
|
? grub_be_to_cpu64(x) \
|
||||||
: grub_le_to_cpu64(x))
|
: grub_le_to_cpu64(x))
|
||||||
#define grub_cpu_to_zfs64(x,a) (((a) == BIG_ENDIAN) ? grub_cpu_to_be64(x) \
|
#define grub_cpu_to_zfs64(x,a) (((a) == GRUB_ZFS_BIG_ENDIAN) ? grub_cpu_to_be64(x) \
|
||||||
: grub_cpu_to_le64(x))
|
: grub_cpu_to_le64(x))
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -24,6 +24,14 @@
|
||||||
|
|
||||||
#include <grub/err.h>
|
#include <grub/err.h>
|
||||||
#include <grub/disk.h>
|
#include <grub/disk.h>
|
||||||
|
#include <grub/crypto.h>
|
||||||
|
|
||||||
|
typedef enum grub_zfs_endian
|
||||||
|
{
|
||||||
|
GRUB_ZFS_UNKNOWN_ENDIAN = -2,
|
||||||
|
GRUB_ZFS_LITTLE_ENDIAN = -1,
|
||||||
|
GRUB_ZFS_BIG_ENDIAN = 0
|
||||||
|
} grub_zfs_endian_t;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* On-disk version number.
|
* On-disk version number.
|
||||||
|
@ -121,5 +129,25 @@ char *grub_zfs_nvlist_lookup_nvlist_array (const char *nvlist,
|
||||||
grub_size_t index);
|
grub_size_t index);
|
||||||
int grub_zfs_nvlist_lookup_nvlist_array_get_nelm (const char *nvlist,
|
int grub_zfs_nvlist_lookup_nvlist_array_get_nelm (const char *nvlist,
|
||||||
const char *name);
|
const char *name);
|
||||||
|
grub_err_t
|
||||||
|
grub_zfs_add_key (grub_uint8_t *key_in,
|
||||||
|
grub_size_t keylen,
|
||||||
|
int passphrase);
|
||||||
|
|
||||||
|
extern grub_err_t (*grub_zfs_decrypt) (grub_crypto_cipher_handle_t cipher,
|
||||||
|
grub_uint64_t algo,
|
||||||
|
void *nonce,
|
||||||
|
char *buf, grub_size_t size,
|
||||||
|
const grub_uint32_t *expected_mac,
|
||||||
|
grub_zfs_endian_t endian);
|
||||||
|
|
||||||
|
struct grub_zfs_key;
|
||||||
|
|
||||||
|
extern grub_crypto_cipher_handle_t (*grub_zfs_load_key) (const struct grub_zfs_key *key,
|
||||||
|
grub_size_t keysize,
|
||||||
|
grub_uint64_t salt,
|
||||||
|
grub_uint64_t algo);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#endif /* ! GRUB_ZFS_HEADER */
|
#endif /* ! GRUB_ZFS_HEADER */
|
||||||
|
|
|
@ -65,6 +65,7 @@ enum zio_checksum {
|
||||||
ZIO_CHECKSUM_FLETCHER_4,
|
ZIO_CHECKSUM_FLETCHER_4,
|
||||||
ZIO_CHECKSUM_SHA256,
|
ZIO_CHECKSUM_SHA256,
|
||||||
ZIO_CHECKSUM_ZILOG2,
|
ZIO_CHECKSUM_ZILOG2,
|
||||||
|
ZIO_CHECKSUM_SHA256_MAC,
|
||||||
ZIO_CHECKSUM_FUNCTIONS
|
ZIO_CHECKSUM_FUNCTIONS
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -33,6 +33,7 @@
|
||||||
#include <grub/crypto.h>
|
#include <grub/crypto.h>
|
||||||
#include <grub/command.h>
|
#include <grub/command.h>
|
||||||
#include <grub/i18n.h>
|
#include <grub/i18n.h>
|
||||||
|
#include <grub/zfs/zfs.h>
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
@ -438,6 +439,7 @@ static struct argp_option options[] = {
|
||||||
{"diskcount", 'c', "N", 0, N_("N input files."), 2},
|
{"diskcount", 'c', "N", 0, N_("N input files."), 2},
|
||||||
{"debug", 'd', "S", 0, N_("Set debug environment variable."), 2},
|
{"debug", 'd', "S", 0, N_("Set debug environment variable."), 2},
|
||||||
{"crypto", 'C', NULL, OPTION_ARG_OPTIONAL, N_("Mount crypto devices."), 2},
|
{"crypto", 'C', NULL, OPTION_ARG_OPTIONAL, N_("Mount crypto devices."), 2},
|
||||||
|
{"zfs-key", 'K', N_("FILE|prompt"), 0, N_("Load zfs crypto key."), 2},
|
||||||
{"verbose", 'v', NULL, OPTION_ARG_OPTIONAL, N_("Print verbose messages."), 2},
|
{"verbose", 'v', NULL, OPTION_ARG_OPTIONAL, N_("Print verbose messages."), 2},
|
||||||
{"uncompress", 'u', NULL, OPTION_ARG_OPTIONAL, N_("Uncompress data."), 2},
|
{"uncompress", 'u', NULL, OPTION_ARG_OPTIONAL, N_("Uncompress data."), 2},
|
||||||
{0, 0, 0, 0, 0, 0}
|
{0, 0, 0, 0, 0, 0}
|
||||||
|
@ -462,6 +464,38 @@ argp_parser (int key, char *arg, struct argp_state *state)
|
||||||
root = arg;
|
root = arg;
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
case 'K':
|
||||||
|
if (strcmp (arg, "prompt") == 0)
|
||||||
|
{
|
||||||
|
char buf[1024];
|
||||||
|
grub_printf ("Enter ZFS password: ");
|
||||||
|
if (grub_password_get (buf, 1023))
|
||||||
|
{
|
||||||
|
grub_zfs_add_key ((grub_uint8_t *) buf, grub_strlen (buf), 1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
FILE *f;
|
||||||
|
ssize_t real_size;
|
||||||
|
grub_uint8_t buf[1024];
|
||||||
|
f = fopen (arg, "rb");
|
||||||
|
if (!f)
|
||||||
|
{
|
||||||
|
printf ("Error loading file %s: %s\n", arg, strerror (errno));
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
real_size = fread (buf, 1, 1024, f);
|
||||||
|
if (real_size < 0)
|
||||||
|
{
|
||||||
|
printf ("Error loading file %s: %s\n", arg, strerror (errno));
|
||||||
|
fclose (f);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
grub_zfs_add_key (buf, real_size, 0);
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
|
||||||
case 'C':
|
case 'C':
|
||||||
mount_crypt = 1;
|
mount_crypt = 1;
|
||||||
return 0;
|
return 0;
|
||||||
|
|
Loading…
Reference in a new issue