LUKS and GELI support.
* Makefile.util.def (libgrubkern.a): Add grub-core/lib/crypto.c, grub-core/disk/luks.c, grub-core/disk/geli.c, grub-core/disk/cryptodisk.c, grub-core/disk/AFSplitter.c, grub-core/lib/pbkdf2.c, grub-core/commands/extcmd.c, grub-core/lib/arg.c. (libgrubmods.a): Remove gcrypts cflags and cppflags. Remove grub-core/commands/extcmd.c, grub-core/lib/arg.c, grub-core/lib/crypto.c, grub-core/lib/libgcrypt-grub/cipher/sha512.c, grub-core/lib/libgcrypt-grub/cipher/crc.c and grub-core/lib/pbkdf2.c. (grub-bin2h): Add libgcry.a. (grub-mkimage): Likewise. (grub-mkrelpath): Likewise. (grub-script-check): Likewise. (grub-editenv): Likewise. (grub-mkpasswd-pbkdf2): Likewise. (grub-pe2elf): Likewise. (grub-fstest): Likewise. (grub-mkfont): Likewise. (grub-mkdevicemap): Likewise. (grub-probe): Likewise. (grub-ofpath): Likewise. (grub-mklayout): Likewise. (example_unit_test): Likewise. (grub-menulst2cfg): Likewise. * autogen.sh (UTIL_DEFS): Add Makefile.utilgcry.def. * grub-core/Makefile.core.def (cryptodisk): New module. (luks): Likewise. (geli): Likewise. * grub-core/disk/AFSplitter.c: New file. * grub-core/disk/cryptodisk.c: Likewise. * grub-core/disk/geli.c: Likewise. * grub-core/disk/luks.c: Likewise. * grub-core/kern/emu/getroot.c (get_dm_uuid): New function based on grub_util_is_lvm. (grub_util_get_dm_abstraction): New function. (grub_util_follow_gpart_up): Likewise. (grub_util_get_geom_abstraction): Likewise. (grub_util_get_dev_abstraction): Use new functions. (grub_util_pull_device): Pull GELI and LUKS. (grub_util_get_grub_dev): Handle LUKS and GELI. * grub-core/kern/emu/hostdisk.c (grub_util_get_fd_sectors): New function. (grub_util_biosdisk_open): Use grub_util_get_fd_sectors. (follow_geom_up): Removed. (grub_util_fd_seek): New function. (open_device): Use grub_util_fd_seek. (nread): Rename to .. (grub_util_fd_read): ... this. All users updated. * grub-core/lib/crypto.c (grub_crypto_ecb_decrypt): A better prototype. (grub_crypto_cbc_decrypt): Likewise. (grub_crypto_hmac_write): Likewise. (grub_crypto_hmac_buffer): Likewise. (grub_password_get): Extend to util. * include/grub/crypto.h (gcry_cipher_spec) [GRUB_UTIL]: New member modname. (gcry_md_spec) [GRUB_UTIL]: Likewise. * include/grub/cryptodisk.h: New file. * include/grub/disk.h (grub_disk_dev_id): Rename LUKS to CRYPTODISK. * include/grub/emu/getroot.h (grub_dev_abstraction_types): Add LUKS and GELI. (grub_util_follow_gpart_up): New proto. * include/grub/emu/hostdisk.h (grub_util_fd_seek): Likewise. (grub_util_fd_read): Likewise. (grub_cryptodisk_cheat_mount): Likewise. (grub_util_cryptodisk_print_uuid): Likewise. (grub_util_get_fd_sectors): Likewise. * util/grub-fstest.c (mount_crypt): New var. (fstest): Mount crypto if requested. (options): New option -C. (argp_parser): Parse -C. (main): Init and fini gcry. * util/grub-install.in: Support cryptodisk install. * util/grub-mkconfig.in: Export GRUB_ENABLE_CRYPTODISK. * util/grub-mkconfig_lib.in (is_path_readable_by_grub): Support cryptodisk. (prepare_grub_to_access_device): Likewise. * util/grub-mkpasswd-pbkdf2.c (main): Use grub_password_get. * util/grub-probe.c (probe_partmap): Support cryptodisk UUID probe. (probe_cryptodisk_uuid): New function. (probe_abstraction): Likewise. (probe): Use new functions. * util/import_gcry.py: Create Makefile.utilgcry.def. Add modname member. Also-By: Michael Gorven <michael@gorven.za.net> Also-By: Clemens Fruhwirth <clemens@endorphin.org>
This commit is contained in:
Vladimir Serbinenko
Vladimir 'phcoder' Serbinenko
commit
a251b71915
24 changed files with 2971 additions and 346 deletions
|
|
@ -23,6 +23,13 @@
|
|||
#include <grub/term.h>
|
||||
#include <grub/dl.h>
|
||||
|
||||
#ifdef GRUB_UTIL
|
||||
#include <termios.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
|
||||
GRUB_MOD_LICENSE ("GPLv3+");
|
||||
|
||||
struct grub_crypto_hmac_handle
|
||||
|
|
@ -186,9 +193,10 @@ grub_crypto_xor (void *out, const void *in1, const void *in2, grub_size_t size)
|
|||
|
||||
gcry_err_code_t
|
||||
grub_crypto_ecb_decrypt (grub_crypto_cipher_handle_t cipher,
|
||||
void *out, void *in, grub_size_t size)
|
||||
void *out, const void *in, grub_size_t size)
|
||||
{
|
||||
grub_uint8_t *inptr, *outptr, *end;
|
||||
const grub_uint8_t *inptr;
|
||||
grub_uint8_t *outptr, *end;
|
||||
if (!cipher->cipher->decrypt)
|
||||
return GPG_ERR_NOT_SUPPORTED;
|
||||
if (size % cipher->cipher->blocksize != 0)
|
||||
|
|
@ -242,10 +250,11 @@ grub_crypto_cbc_encrypt (grub_crypto_cipher_handle_t cipher,
|
|||
|
||||
gcry_err_code_t
|
||||
grub_crypto_cbc_decrypt (grub_crypto_cipher_handle_t cipher,
|
||||
void *out, void *in, grub_size_t size,
|
||||
void *out, const void *in, grub_size_t size,
|
||||
void *iv)
|
||||
{
|
||||
grub_uint8_t *inptr, *outptr, *end;
|
||||
const grub_uint8_t *inptr;
|
||||
grub_uint8_t *outptr, *end;
|
||||
grub_uint8_t ivt[cipher->cipher->blocksize];
|
||||
if (!cipher->cipher->decrypt)
|
||||
return GPG_ERR_NOT_SUPPORTED;
|
||||
|
|
@ -336,7 +345,8 @@ grub_crypto_hmac_init (const struct gcry_md_spec *md,
|
|||
}
|
||||
|
||||
void
|
||||
grub_crypto_hmac_write (struct grub_crypto_hmac_handle *hnd, void *data,
|
||||
grub_crypto_hmac_write (struct grub_crypto_hmac_handle *hnd,
|
||||
const void *data,
|
||||
grub_size_t datalen)
|
||||
{
|
||||
hnd->md->write (hnd->ctx, data, datalen);
|
||||
|
|
@ -378,7 +388,7 @@ grub_crypto_hmac_fini (struct grub_crypto_hmac_handle *hnd, void *out)
|
|||
gcry_err_code_t
|
||||
grub_crypto_hmac_buffer (const struct gcry_md_spec *md,
|
||||
const void *key, grub_size_t keylen,
|
||||
void *data, grub_size_t datalen, void *out)
|
||||
const void *data, grub_size_t datalen, void *out)
|
||||
{
|
||||
struct grub_crypto_hmac_handle *hnd;
|
||||
|
||||
|
|
@ -414,10 +424,43 @@ grub_crypto_memcmp (const void *a, const void *b, grub_size_t n)
|
|||
return !!counter;
|
||||
}
|
||||
|
||||
#ifndef GRUB_MKPASSWD
|
||||
int
|
||||
grub_password_get (char buf[], unsigned buf_size)
|
||||
{
|
||||
#ifdef GRUB_UTIL
|
||||
FILE *in;
|
||||
struct termios s, t;
|
||||
int tty_changed = 0;
|
||||
char *ptr;
|
||||
|
||||
/* Disable echoing. Based on glibc. */
|
||||
in = fopen ("/dev/tty", "w+c");
|
||||
if (in == NULL)
|
||||
in = stdin;
|
||||
|
||||
if (tcgetattr (fileno (in), &t) == 0)
|
||||
{
|
||||
/* Save the old one. */
|
||||
s = t;
|
||||
/* Tricky, tricky. */
|
||||
t.c_lflag &= ~(ECHO|ISIG);
|
||||
tty_changed = (tcsetattr (fileno (in), TCSAFLUSH, &t) == 0);
|
||||
}
|
||||
else
|
||||
tty_changed = 0;
|
||||
fgets (buf, buf_size, stdin);
|
||||
ptr = buf + strlen (buf) - 1;
|
||||
while (buf <= ptr && (*ptr == '\n' || *ptr == '\r'))
|
||||
*ptr-- = 0;
|
||||
/* Restore the original setting. */
|
||||
if (tty_changed)
|
||||
(void) tcsetattr (fileno (in), TCSAFLUSH, &s);
|
||||
|
||||
grub_xputs ("\n");
|
||||
grub_refresh ();
|
||||
|
||||
return 1;
|
||||
#else
|
||||
unsigned cur_len = 0;
|
||||
int key;
|
||||
|
||||
|
|
@ -452,5 +495,5 @@ grub_password_get (char buf[], unsigned buf_size)
|
|||
grub_refresh ();
|
||||
|
||||
return (key != '\e');
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue