LUKS and GELI support.

* Makefile.util.def (libgrubkern.a): Add grub-core/lib/crypto.c,
	grub-core/disk/luks.c, grub-core/disk/geli.c,
	grub-core/disk/cryptodisk.c, grub-core/disk/AFSplitter.c,
	grub-core/lib/pbkdf2.c, grub-core/commands/extcmd.c,
	grub-core/lib/arg.c.
	(libgrubmods.a): Remove gcrypts cflags and cppflags.
	Remove grub-core/commands/extcmd.c, grub-core/lib/arg.c,
	grub-core/lib/crypto.c, grub-core/lib/libgcrypt-grub/cipher/sha512.c,
	grub-core/lib/libgcrypt-grub/cipher/crc.c and grub-core/lib/pbkdf2.c.
	(grub-bin2h): Add libgcry.a.
	(grub-mkimage): Likewise.
	(grub-mkrelpath): Likewise.
	(grub-script-check): Likewise.
	(grub-editenv): Likewise.
	(grub-mkpasswd-pbkdf2): Likewise.
	(grub-pe2elf): Likewise.
	(grub-fstest): Likewise.
	(grub-mkfont): Likewise.
	(grub-mkdevicemap): Likewise.
	(grub-probe): Likewise.
	(grub-ofpath): Likewise.
	(grub-mklayout): Likewise.
	(example_unit_test): Likewise.
	(grub-menulst2cfg): Likewise.
	* autogen.sh (UTIL_DEFS): Add Makefile.utilgcry.def.
	* grub-core/Makefile.core.def (cryptodisk): New module.
	(luks): Likewise.
	(geli): Likewise.
	* grub-core/disk/AFSplitter.c: New file.
	* grub-core/disk/cryptodisk.c: Likewise.
	* grub-core/disk/geli.c: Likewise.
	* grub-core/disk/luks.c: Likewise.
	* grub-core/kern/emu/getroot.c (get_dm_uuid): New function based on
	grub_util_is_lvm.
	(grub_util_get_dm_abstraction): New function.
	(grub_util_follow_gpart_up): Likewise.
	(grub_util_get_geom_abstraction): Likewise.
	(grub_util_get_dev_abstraction): Use new functions.
	(grub_util_pull_device): Pull GELI and LUKS.
	(grub_util_get_grub_dev): Handle LUKS and GELI.
	* grub-core/kern/emu/hostdisk.c (grub_util_get_fd_sectors): New function.
	(grub_util_biosdisk_open): Use grub_util_get_fd_sectors.
	(follow_geom_up): Removed.
	(grub_util_fd_seek): New function.
	(open_device): Use grub_util_fd_seek.
	(nread): Rename to ..
	(grub_util_fd_read): ... this. All users updated.
	* grub-core/lib/crypto.c (grub_crypto_ecb_decrypt): A better prototype.
	(grub_crypto_cbc_decrypt): Likewise.
	(grub_crypto_hmac_write): Likewise.
	(grub_crypto_hmac_buffer): Likewise.
	(grub_password_get): Extend to util.
	* include/grub/crypto.h (gcry_cipher_spec) [GRUB_UTIL]:
	New member modname.
	(gcry_md_spec) [GRUB_UTIL]: Likewise.
	* include/grub/cryptodisk.h: New file.
	* include/grub/disk.h (grub_disk_dev_id): Rename LUKS to CRYPTODISK.
	* include/grub/emu/getroot.h (grub_dev_abstraction_types): Add
	LUKS and GELI.
	(grub_util_follow_gpart_up): New proto.
	* include/grub/emu/hostdisk.h (grub_util_fd_seek): Likewise.
	(grub_util_fd_read): Likewise.
	(grub_cryptodisk_cheat_mount): Likewise.
	(grub_util_cryptodisk_print_uuid): Likewise.
	(grub_util_get_fd_sectors): Likewise.
	* util/grub-fstest.c (mount_crypt): New var.
	(fstest): Mount crypto if requested.
	(options): New option -C.
	(argp_parser): Parse -C.
	(main): Init and fini gcry.
	* util/grub-install.in: Support cryptodisk install.
	* util/grub-mkconfig.in: Export GRUB_ENABLE_CRYPTODISK.
	* util/grub-mkconfig_lib.in (is_path_readable_by_grub): Support
	cryptodisk.
	(prepare_grub_to_access_device): Likewise.
	* util/grub-mkpasswd-pbkdf2.c (main): Use grub_password_get.
	* util/grub-probe.c (probe_partmap): Support cryptodisk UUID probe.
	(probe_cryptodisk_uuid): New function.
	(probe_abstraction): Likewise.
	(probe): Use new functions.
	* util/import_gcry.py: Create Makefile.utilgcry.def.
	Add modname member.

	Also-By: Michael Gorven <michael@gorven.za.net>

	Also-By: Clemens Fruhwirth <clemens@endorphin.org>

include/grub/crypto.h

@@ -126,6 +126,9 @@ typedef struct gcry_cipher_spec
   gcry_cipher_decrypt_t decrypt;
   gcry_cipher_stencrypt_t stencrypt;
   gcry_cipher_stdecrypt_t stdecrypt;
+#ifdef GRUB_UTIL
+  const char *modname;
+#endif
   struct gcry_cipher_spec *next;
 } gcry_cipher_spec_t;
 
@@ -161,6 +164,9 @@ typedef struct gcry_md_spec
   grub_size_t contextsize; /* allocate this amount of context */
   /* Block size, needed for HMAC.  */
   grub_size_t blocksize;
+#ifdef GRUB_UTIL
+  const char *modname;
+#endif
   struct gcry_md_spec *next;
 } gcry_md_spec_t;
 
@@ -193,7 +199,7 @@ grub_crypto_xor (void *out, const void *in1, const void *in2, grub_size_t size);
 
 gcry_err_code_t
 grub_crypto_ecb_decrypt (grub_crypto_cipher_handle_t cipher,
-			 void *out, void *in, grub_size_t size);
+			 void *out, const void *in, grub_size_t size);
 
 gcry_err_code_t
 grub_crypto_ecb_encrypt (grub_crypto_cipher_handle_t cipher,
@@ -204,7 +210,7 @@ grub_crypto_cbc_encrypt (grub_crypto_cipher_handle_t cipher,
 			 void *iv_in);
 gcry_err_code_t
 grub_crypto_cbc_decrypt (grub_crypto_cipher_handle_t cipher,
-			 void *out, void *in, grub_size_t size,
+			 void *out, const void *in, grub_size_t size,
 			 void *iv);
 void 
 grub_cipher_register (gcry_cipher_spec_t *cipher);
@@ -229,7 +235,8 @@ struct grub_crypto_hmac_handle *
 grub_crypto_hmac_init (const struct gcry_md_spec *md,
 		       const void *key, grub_size_t keylen);
 void
-grub_crypto_hmac_write (struct grub_crypto_hmac_handle *hnd, void *data,
+grub_crypto_hmac_write (struct grub_crypto_hmac_handle *hnd,
+			const void *data,
 			grub_size_t datalen);
 gcry_err_code_t
 grub_crypto_hmac_fini (struct grub_crypto_hmac_handle *hnd, void *out);
@@ -237,7 +244,7 @@ grub_crypto_hmac_fini (struct grub_crypto_hmac_handle *hnd, void *out);
 gcry_err_code_t
 grub_crypto_hmac_buffer (const struct gcry_md_spec *md,
 			 const void *key, grub_size_t keylen,
-			 void *data, grub_size_t datalen, void *out);
+			 const void *data, grub_size_t datalen, void *out);
 
 extern gcry_md_spec_t _gcry_digest_spec_md5;
 extern gcry_md_spec_t _gcry_digest_spec_sha1;
@@ -274,4 +281,10 @@ grub_password_get (char buf[], unsigned buf_size);
 
 extern void (*grub_crypto_autoload_hook) (const char *name);
 
+#ifdef GRUB_UTIL
+void grub_gcry_init_all (void);
+void grub_gcry_fini_all (void);
+#endif
+
+
 #endif

include/grub/cryptodisk.h

@@ -0,0 +1,147 @@
+/*
+ *  GRUB  --  GRand Unified Bootloader
+ *  Copyright (C) 2002,2003,2004,2005,2006,2007,2008,2009  Free Software Foundation, Inc.
+ *
+ *  GRUB is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  GRUB is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_CRYPTODISK_HEADER
+#define GRUB_CRYPTODISK_HEADER	1
+
+#include <grub/disk.h>
+#include <grub/crypto.h>
+#include <grub/list.h>
+
+typedef enum
+  {
+    GRUB_CRYPTODISK_MODE_ECB,
+    GRUB_CRYPTODISK_MODE_CBC,
+    GRUB_CRYPTODISK_MODE_PCBC,
+    GRUB_CRYPTODISK_MODE_XTS,
+    GRUB_CRYPTODISK_MODE_LRW
+  } grub_cryptodisk_mode_t;
+
+typedef enum
+  {
+    GRUB_CRYPTODISK_MODE_IV_NULL,
+    GRUB_CRYPTODISK_MODE_IV_PLAIN,
+    GRUB_CRYPTODISK_MODE_IV_PLAIN64,
+    GRUB_CRYPTODISK_MODE_IV_ESSIV,
+    GRUB_CRYPTODISK_MODE_IV_BENBI,
+    GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64,
+    GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64_HASH
+  } grub_cryptodisk_mode_iv_t;
+
+#define GRUB_CRYPTODISK_MAX_UUID_LENGTH 71
+
+#define GRUB_CRYPTODISK_GF_LOG_SIZE 7
+#define GRUB_CRYPTODISK_GF_SIZE (1U << GRUB_CRYPTODISK_GF_LOG_SIZE)
+#define GRUB_CRYPTODISK_GF_LOG_BYTES (GRUB_CRYPTODISK_GF_LOG_SIZE - 3)
+#define GRUB_CRYPTODISK_GF_BYTES (1U << GRUB_CRYPTODISK_GF_LOG_BYTES)
+
+struct grub_cryptodisk;
+
+typedef gcry_err_code_t
+(*grub_cryptodisk_rekey_func_t) (struct grub_cryptodisk *dev,
+				 grub_uint64_t zoneno);
+
+struct grub_cryptodisk
+{
+  struct grub_cryptodisk *next;
+
+  char *source;
+  grub_disk_addr_t offset;
+  grub_disk_addr_t total_length;
+  grub_disk_t source_disk;
+  int ref;
+  grub_crypto_cipher_handle_t cipher;
+  grub_crypto_cipher_handle_t secondary_cipher;
+  grub_crypto_cipher_handle_t essiv_cipher;
+  const gcry_md_spec_t *essiv_hash, *hash, *iv_hash;
+  grub_cryptodisk_mode_t mode;
+  grub_cryptodisk_mode_iv_t mode_iv;
+  int benbi_log;
+  unsigned long id, source_id;
+  enum grub_disk_dev_id source_dev_id;
+  char uuid[GRUB_CRYPTODISK_MAX_UUID_LENGTH + 1];
+  grub_uint8_t lrw_key[GRUB_CRYPTODISK_GF_BYTES];
+  grub_uint8_t *lrw_precalc;
+  grub_uint8_t iv_prefix[64];
+  grub_size_t iv_prefix_len;
+#ifdef GRUB_UTIL
+  char *cheat;
+  const char *modname;
+  int cheat_fd;
+#endif
+  int log_sector_size;
+  grub_cryptodisk_rekey_func_t rekey;
+  int rekey_shift;
+  grub_uint8_t rekey_key[64];
+  grub_uint64_t last_rekey;
+  int rekey_derived_size;
+};
+typedef struct grub_cryptodisk *grub_cryptodisk_t;
+
+struct grub_cryptodisk_dev
+{
+  struct grub_cryptodisk_dev *next;
+
+  grub_cryptodisk_t (*scan) (grub_disk_t disk, const char *check_uuid,
+			     int boot_only);
+  grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev);
+};
+typedef struct grub_cryptodisk_dev *grub_cryptodisk_dev_t;
+
+extern grub_cryptodisk_dev_t EXPORT_VAR (grub_cryptodisk_list);
+
+#ifndef GRUB_LST_GENERATOR
+static inline void
+grub_cryptodisk_dev_register (grub_cryptodisk_dev_t cr)
+{
+  grub_list_push (GRUB_AS_LIST_P (&grub_cryptodisk_list), GRUB_AS_LIST (cr));
+}
+#endif
+
+static inline void
+grub_cryptodisk_dev_unregister (grub_cryptodisk_dev_t cr)
+{
+  grub_list_remove (GRUB_AS_LIST_P (&grub_cryptodisk_list), GRUB_AS_LIST (cr));
+}
+
+#define FOR_CRYPTODISK_DEVS(var) FOR_LIST_ELEMENTS((var), (grub_cryptodisk_list))
+
+gcry_err_code_t
+grub_cryptodisk_setkey (grub_cryptodisk_t dev,
+			grub_uint8_t *key, grub_size_t keysize);
+gcry_err_code_t
+grub_cryptodisk_decrypt (struct grub_cryptodisk *dev,
+			 grub_uint8_t * data, grub_size_t len,
+			 grub_disk_addr_t sector);
+grub_err_t
+grub_cryptodisk_insert (grub_cryptodisk_t newdev, const char *name,
+			grub_disk_t source);
+#ifdef GRUB_UTIL
+grub_err_t
+grub_cryptodisk_cheat_insert (grub_cryptodisk_t newdev, const char *name,
+			      grub_disk_t source, const char *cheat);
+void
+grub_util_cryptodisk_print_abstraction (grub_disk_t disk);
+char *
+grub_util_get_geli_uuid (const char *dev);
+#endif
+
+grub_cryptodisk_t grub_cryptodisk_get_by_uuid (const char *uuid);
+grub_cryptodisk_t grub_cryptodisk_get_by_source_disk (grub_disk_t disk);
+
+#endif

include/grub/disk.h

@@ -42,7 +42,7 @@ enum grub_disk_dev_id
     GRUB_DISK_DEVICE_PXE_ID,
     GRUB_DISK_DEVICE_SCSI_ID,
     GRUB_DISK_DEVICE_FILE_ID,
-    GRUB_DISK_DEVICE_LUKS_ID,
+    GRUB_DISK_DEVICE_CRYPTODISK_ID,
     GRUB_DISK_DEVICE_ARCDISK_ID,
   };
 

include/grub/emu/getroot.h

@@ -25,6 +25,8 @@ enum grub_dev_abstraction_types {
   GRUB_DEV_ABSTRACTION_NONE,
   GRUB_DEV_ABSTRACTION_LVM,
   GRUB_DEV_ABSTRACTION_RAID,
+  GRUB_DEV_ABSTRACTION_LUKS,
+  GRUB_DEV_ABSTRACTION_GELI,
 };
 
 char *grub_find_device (const char *dir, dev_t dev);
@@ -37,5 +39,9 @@ const char *grub_util_check_char_device (const char *blk_dev);
 #ifdef __linux__
 char **grub_util_raid_getmembers (const char *name, int bootable);
 #endif
+#if defined (__FreeBSD__) || defined(__FreeBSD_kernel__)
+void grub_util_follow_gpart_up (const char *name, grub_disk_addr_t *off_out,
+				char **name_out);
+#endif
 
 #endif /* ! GRUB_UTIL_GETROOT_HEADER */

include/grub/emu/hostdisk.h

@@ -21,6 +21,7 @@
 #define GRUB_BIOSDISK_MACHINE_UTIL_HEADER	1
 
 #include <grub/disk.h>
+#include <sys/types.h>
 
 void grub_util_biosdisk_init (const char *dev_map);
 void grub_util_biosdisk_fini (void);
@@ -30,5 +31,15 @@ int grub_util_biosdisk_is_present (const char *name);
 int grub_util_biosdisk_is_floppy (grub_disk_t disk);
 grub_err_t grub_util_biosdisk_flush (struct grub_disk *disk);
 void grub_util_pull_device (const char *osname);
+grub_err_t
+grub_util_fd_seek (int fd, const char *name, grub_uint64_t sector);
+ssize_t grub_util_fd_read (int fd, char *buf, size_t len);
+grub_err_t
+grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat);
+void grub_util_cryptodisk_print_uuid (grub_disk_t disk);
+#if !defined(__MINGW32__)
+grub_uint64_t
+grub_util_get_fd_sectors (int fd, unsigned *log_secsize);
+#endif
 
 #endif /* ! GRUB_BIOSDISK_MACHINE_UTIL_HEADER */