vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Import gcrypt public-key cryptography and implement signature checking.

Browse source
This commit is contained in:
Vladimir 'phcoder' Serbinenko 2013-01-11 21:32:42 +01:00
parent 535714bdcf
commit 5e3b8dcbb5
238 changed files with 40500 additions and 417 deletions
Download patch file Download diff file Expand all files Collapse all files

211
util/import_gcry.py
View file

@ -39,6 +39,17 @@ try:
os.makedirs (cipher_dir_out)
except:
print ("WARNING: %s already exists" % cipher_dir_out)
mpidir = os.path.join (basedir, "mpi")
try:
os.makedirs (mpidir)
except:
print ("WARNING: %s already exists" % mpidir)
srcdir = os.path.join (basedir, "src")
try:
os.makedirs (srcdir)
except:
print ("WARNING: %s already exists" % srcdir)
cipher_files = sorted (os.listdir (cipher_dir_in))
conf = codecs.open (os.path.join ("grub-core", "Makefile.gcry.def"), "w", "utf-8")
@ -52,7 +63,7 @@ confutil.write (" cppflags = '$(CPPFLAGS_GCRY)';\n");
confutil.write (" extra_dist = grub-core/lib/libgcrypt-grub/cipher/ChangeLog;\n");
confutil.write ("\n");
chlog = ""
modules = []
modules_sym_md = []
# Strictly speaking CRC32/CRC24 work on bytes so this value should be 1
# But libgcrypt uses 64. Let's keep the value for compatibility. Since
@ -69,6 +80,8 @@ mdblocksizes = {"_gcry_digest_spec_crc32" : 64,
"_gcry_digest_spec_sha384" : 128,
"_gcry_digest_spec_sha512" : 128,
"_gcry_digest_spec_tiger" : 64,
"_gcry_digest_spec_tiger1" : 64,
"_gcry_digest_spec_tiger2" : 64,
"_gcry_digest_spec_whirlpool" : 64}
cryptolist = codecs.open (os.path.join (cipher_dir_out, "crypto.lst"), "w", "utf-8")
@ -92,7 +105,7 @@ for cipher_file in cipher_files:
if cipher_file == "ChangeLog":
continue
chlognew = " * %s" % cipher_file
if re.match ("(Manifest|Makefile\.am|ac\.c|cipher\.c|hash-common\.c|hmac-tests\.c|md\.c|pubkey\.c)$", cipher_file):
if re.match ("(Manifest|Makefile\.am|ac\.c|cipher\.c|hash-common\.c|hmac-tests\.c|md\.c|pubkey\.c)$", cipher_file) or cipher_file == "elgamal.c" or cipher_file == "primegen.c" or cipher_file == "test-getrusage.c":
chlog = "%s%s: Removed\n" % (chlog, chlognew)
continue
# Autogenerated files. Not even worth mentionning in ChangeLog
@ -124,10 +137,12 @@ for cipher_file in cipher_files:
ciphernames = []
mdnames = []
pknames = []
hold = False
skip = False
skip2 = False
ismd = False
ispk = False
iscipher = False
iscryptostart = False
iscomma = False
@ -159,7 +174,7 @@ for cipher_file in cipher_files:
sg = s.groups()[0]
cryptolist.write (("%s: %s\n") % (sg, modname))
iscryptostart = False
if ismd or iscipher:
if ismd or iscipher or ispk:
if not re.search (" *};", line) is None:
if not iscomma:
fw.write (" ,\n")
@ -175,6 +190,7 @@ for cipher_file in cipher_files:
% mdblocksizes [mdname])
ismd = False
iscipher = False
ispk = False
iscomma = not re.search (",$", line) is None
# Used only for selftests.
m = re.match ("(static byte|static unsigned char) (weak_keys_chksum)\[[0-9]*\] =", line)
@ -190,18 +206,33 @@ for cipher_file in cipher_files:
continue
if hold:
hold = False
# We're optimising for size.
if not re.match ("(run_selftests|selftest|_gcry_aes_c.._..c|_gcry_[a-z0-9]*_hash_buffer|tripledes_set2keys|do_tripledes_set_extra_info|_gcry_rmd160_mixblock|serpent_test)", line) is None:
# We're optimising for size and exclude anything needing good
# randomness.
if not re.match ("(run_selftests|selftest|_gcry_aes_c.._..c|_gcry_[a-z0-9]*_hash_buffer|tripledes_set2keys|do_tripledes_set_extra_info|_gcry_rmd160_mixblock|serpent_test|dsa_generate_ext|test_keys|gen_k|sign|gen_x931_parm_xp|generate_x931|generate_key|dsa_generate|dsa_sign|ecc_sign|generate|generate_fips186|_gcry_register_pk_dsa_progress|_gcry_register_pk_ecc_progress|progress|scanval|ec2os|ecc_generate_ext|ecc_generate|compute_keygrip|ecc_get_param|_gcry_register_pk_dsa_progress|gen_x931_parm_xp|gen_x931_parm_xi|rsa_decrypt|rsa_sign|rsa_generate_ext|rsa_generate|secret|check_exponent|rsa_blind|rsa_unblind|extract_a_from_sexp|curve_free|curve_copy|point_set)", line) is None:
skip = True
if not re.match ("serpent_test", line) is None:
fw.write ("static const char *serpent_test (void) { return 0; }\n");
if not re.match ("dsa_generate", line) is None:
fw.write ("#define dsa_generate 0");
if not re.match ("ecc_generate", line) is None:
fw.write ("#define ecc_generate 0");
if not re.match ("rsa_generate ", line) is None:
fw.write ("#define rsa_generate 0");
if not re.match ("rsa_sign", line) is None:
fw.write ("#define rsa_sign 0");
if not re.match ("rsa_decrypt", line) is None:
fw.write ("#define rsa_decrypt 0");
if not re.match ("dsa_sign", line) is None:
fw.write ("#define dsa_sign 0");
if not re.match ("ecc_sign", line) is None:
fw.write ("#define ecc_sign 0");
fname = re.match ("[a-zA-Z0-9_]*", line).group ()
chmsg = "(%s): Removed." % fname
if nch:
chlognew = "%s\n %s" % (chlognew, chmsg)
else:
chlognew = "%s %s" % (chlognew, chmsg)
nch = True
nch = True
continue
else:
fw.write (holdline)
@ -216,7 +247,8 @@ for cipher_file in cipher_files:
continue
m = re.match ("gcry_cipher_spec_t", line)
if isc and not m is None:
assert (not iscryptostart)
assert (not ismd)
assert (not ispk)
assert (not iscipher)
assert (not iscryptostart)
ciphername = line [len ("gcry_cipher_spec_t"):].strip ()
@ -224,9 +256,23 @@ for cipher_file in cipher_files:
ciphernames.append (ciphername)
iscipher = True
iscryptostart = True
m = re.match ("gcry_pk_spec_t", line)
if isc and not m is None:
assert (not ismd)
assert (not ispk)
assert (not iscipher)
assert (not iscryptostart)
pkname = line [len ("gcry_pk_spec_t"):].strip ()
pkname = re.match("[a-zA-Z0-9_]*",pkname).group ()
pknames.append (pkname)
ispk = True
iscryptostart = True
m = re.match ("gcry_md_spec_t", line)
if isc and not m is None:
assert (not ismd)
assert (not ispk)
assert (not iscipher)
assert (not iscryptostart)
mdname = line [len ("gcry_md_spec_t"):].strip ()
@ -245,7 +291,53 @@ for cipher_file in cipher_files:
chlognew = "%s %s" % (chlognew, chmsg)
nch = True
continue
m = re.match ("(static const char( |)\*|static gpg_err_code_t|void|static int|static gcry_err_code_t)$", line)
m = re.match ("static gcry_mpi_t gen_k .*;$", line)
if not m is None:
chmsg = "(gen_k): Removed declaration."
if nch:
chlognew = "%s\n %s" % (chlognew, chmsg)
else:
chlognew = "%s %s" % (chlognew, chmsg)
nch = True
continue
m = re.match ("static (int|void) test_keys .*;$", line)
if not m is None:
chmsg = "(test_keys): Removed declaration."
if nch:
chlognew = "%s\n %s" % (chlognew, chmsg)
else:
chlognew = "%s %s" % (chlognew, chmsg)
nch = True
continue
m = re.match ("static void secret .*;$", line)
if not m is None:
chmsg = "(secret): Removed declaration."
if nch:
chlognew = "%s\n %s" % (chlognew, chmsg)
else:
chlognew = "%s %s" % (chlognew, chmsg)
nch = True
continue
m = re.match ("static void \(\*progress_cb\).*;$", line)
if not m is None:
chmsg = "(progress_cb): Removed declaration."
if nch:
chlognew = "%s\n %s" % (chlognew, chmsg)
else:
chlognew = "%s %s" % (chlognew, chmsg)
nch = True
continue
m = re.match ("static void \*progress_cb_data.*;$", line)
if not m is None:
chmsg = "(progress_cb): Removed declaration."
if nch:
chlognew = "%s\n %s" % (chlognew, chmsg)
else:
chlognew = "%s %s" % (chlognew, chmsg)
nch = True
continue
m = re.match ("(static const char( |)\*|static gpg_err_code_t|void|static int|static gcry_err_code_t|static gcry_mpi_t|static void|void|static elliptic_curve_t) *$", line)
if not m is None:
hold = True
holdline = line
@ -257,6 +349,12 @@ for cipher_file in cipher_files:
if not m is None:
skip_statement = True
continue
m = re.match ("static void sign|static gpg_err_code_t sign|static gpg_err_code_t generate",
line)
if not m is None:
skip_statement = True
continue
m = re.match ("cipher_extra_spec_t", line)
if isc and not m is None:
skip2 = True
@ -269,6 +367,18 @@ for cipher_file in cipher_files:
chlognew = "%s %s" % (chlognew, chmsg)
nch = True
continue
m = re.match ("pk_extra_spec_t", line)
if isc and not m is None:
skip2 = True
fname = line[len ("pk_extra_spec_t "):]
fname = re.match ("[a-zA-Z0-9_]*", fname).group ()
chmsg = "(%s): Removed." % fname
if nch:
chlognew = "%s\n %s" % (chlognew, chmsg)
else:
chlognew = "%s %s" % (chlognew, chmsg)
nch = True
continue
m = re.match ("md_extra_spec_t", line)
if isc and not m is None:
skip2 = True
@ -282,13 +392,14 @@ for cipher_file in cipher_files:
nch = True
continue
fw.write (line)
if len (ciphernames) > 0 or len (mdnames) > 0:
if len (ciphernames) > 0 or len (mdnames) > 0 or len (pknames) > 0:
if isglue:
modfiles = "lib/libgcrypt-grub/cipher/%s lib/libgcrypt-grub/cipher/%s" \
% (cipher_file, cipher_file.replace ("-glue.c", ".c"))
else:
modfiles = "lib/libgcrypt-grub/cipher/%s" % cipher_file
modules.append (modname)
if len (ciphernames) > 0 or len (mdnames) > 0:
modules_sym_md.append (modname)
chmsg = "(GRUB_MOD_INIT(%s)): New function\n" % modname
if nch:
chlognew = "%s\n %s" % (chlognew, chmsg)
@ -305,6 +416,11 @@ for cipher_file in cipher_files:
chmsg = "Register digest %s" % mdname
chlognew = "%s\n %s" % (chlognew, chmsg)
fw.write (" grub_md_register (&%s);\n" % mdname)
for pkname in pknames:
chmsg = "Register pk %s" % mdname
chlognew = "%s\n %s" % (chlognew, chmsg)
fw.write (" grub_crypto_pk_%s = &%s;\n"
% (pkname.replace ("_gcry_pubkey_spec_", ""), pkname))
fw.write ("}")
chmsg = "(GRUB_MOD_FINI(%s)): New function\n" % modname
chlognew = "%s\n %s" % (chlognew, chmsg)
@ -318,13 +434,22 @@ for cipher_file in cipher_files:
chmsg = "Unregister MD %s" % mdname
chlognew = "%s\n %s" % (chlognew, chmsg)
fw.write (" grub_md_unregister (&%s);\n" % mdname)
for pkname in pknames:
chmsg = "Unregister pk %s" % mdname
chlognew = "%s\n %s" % (chlognew, chmsg)
fw.write (" grub_crypto_pk_%s = 0;\n"
% (pkname.replace ("_gcry_pubkey_spec_", "")))
fw.write ("}\n")
conf.write ("module = {\n")
conf.write (" name = %s;\n" % modname)
for src in modfiles.split():
conf.write (" common = %s;\n" % src)
confutil.write (" common = grub-core/%s;\n" % src)
if modname == "gcry_rijndael" or modname == "gcry_md4" or modname == "gcry_md5" or modname == "gcry_rmd160" or modname == "gcry_sha1" or modname == "gcry_sha256" or modname == "gcry_sha512" or modname == "gcry_tiger":
if len (ciphernames) > 0 or len (mdnames) > 0:
confutil.write (" common = grub-core/%s;\n" % src)
if modname == "gcry_ecc":
conf.write (" common = lib/libgcrypt-grub/mpi/ec.c;\n")
conf.write (" cflags = '$(CFLAGS_GCRY) -Wno-redundant-decls -Wno-sign-compare';\n")
elif modname == "gcry_rijndael" or modname == "gcry_md4" or modname == "gcry_md5" or modname == "gcry_rmd160" or modname == "gcry_sha1" or modname == "gcry_sha256" or modname == "gcry_sha512" or modname == "gcry_tiger":
# Alignment checked by hand
conf.write (" cflags = '$(CFLAGS_GCRY) -Wno-cast-align -Wno-strict-aliasing';\n");
else:
@ -346,6 +471,62 @@ for cipher_file in cipher_files:
print ("WARNING: unknown file %s" % cipher_file)
cryptolist.close ()
for src in sorted (os.listdir (os.path.join (indir, "src"))):
if src == "versioninfo.rc.in":
continue
outfile = os.path.join (basedir, "src", src)
infile = os.path.join (indir, "src", src)
if os.path.isdir (infile):
continue
fw = codecs.open (outfile, "w", "utf-8")
if src == "gcrypt-module.h":
fw.close ()
continue
if src == "visibility.h":
fw.write ("# include <grub/gcrypt/gcrypt.h>")
fw.close ()
continue
f = codecs.open (infile, "r", "utf-8")
fw.write (f.read ())
f.close ()
fw.close ()
for src in sorted (os.listdir (os.path.join (indir, "mpi"))):
infile = os.path.join (indir, "mpi", src)
outfile = os.path.join (basedir, "mpi", src)
if os.path.isdir (infile):
continue
f = codecs.open (infile, "r", "utf-8")
fw = codecs.open (outfile, "w", "utf-8")
fw.write ("/* This file was automatically imported with \n")
fw.write (" import_gcry.py. Please don't modify it */\n")
hold = False
skip = False
for line in f:
if skip:
if line[0] == "}":
skip = False
continue
if hold:
hold = False
# We're optimising for size and exclude anything needing good
# randomness.
if not re.match ("(_gcry_mpi_get_hw_config|gcry_mpi_randomize)", line) is None:
skip = True
continue
else:
fw.write (holdline)
m = re.match ("(const char( |)\*|void) *$", line)
if not m is None:
hold = True
holdline = line
continue
m = re.match ("#include \"mod-source-info\.h\"", line)
if not m is None:
continue
fw.write (line)
chlog = "%s * crypto.lst: New file.\n" % chlog
outfile = os.path.join (cipher_dir_out, "types.h")
@ -382,21 +563,21 @@ conf.close ();
initfile = codecs.open (os.path.join (cipher_dir_out, "init.c"), "w", "utf-8")
initfile.write ("#include <grub/crypto.h>\n")
for module in modules:
for module in modules_sym_md:
initfile.write ("extern void grub_%s_init (void);\n" % module)
initfile.write ("extern void grub_%s_fini (void);\n" % module)
initfile.write ("\n")
initfile.write ("void\n")
initfile.write ("grub_gcry_init_all (void)\n")
initfile.write ("{\n")
for module in modules:
for module in modules_sym_md:
initfile.write (" grub_%s_init ();\n" % module)
initfile.write ("}\n")
initfile.write ("\n")
initfile.write ("void\n")
initfile.write ("grub_gcry_fini_all (void)\n")
initfile.write ("{\n")
for module in modules:
for module in modules_sym_md:
initfile.write (" grub_%s_fini ();\n" % module)
initfile.write ("}\n")
initfile.close ()