LUKS and GELI support.
* Makefile.util.def (libgrubkern.a): Add grub-core/lib/crypto.c, grub-core/disk/luks.c, grub-core/disk/geli.c, grub-core/disk/cryptodisk.c, grub-core/disk/AFSplitter.c, grub-core/lib/pbkdf2.c, grub-core/commands/extcmd.c, grub-core/lib/arg.c. (libgrubmods.a): Remove gcrypts cflags and cppflags. Remove grub-core/commands/extcmd.c, grub-core/lib/arg.c, grub-core/lib/crypto.c, grub-core/lib/libgcrypt-grub/cipher/sha512.c, grub-core/lib/libgcrypt-grub/cipher/crc.c and grub-core/lib/pbkdf2.c. (grub-bin2h): Add libgcry.a. (grub-mkimage): Likewise. (grub-mkrelpath): Likewise. (grub-script-check): Likewise. (grub-editenv): Likewise. (grub-mkpasswd-pbkdf2): Likewise. (grub-pe2elf): Likewise. (grub-fstest): Likewise. (grub-mkfont): Likewise. (grub-mkdevicemap): Likewise. (grub-probe): Likewise. (grub-ofpath): Likewise. (grub-mklayout): Likewise. (example_unit_test): Likewise. (grub-menulst2cfg): Likewise. * autogen.sh (UTIL_DEFS): Add Makefile.utilgcry.def. * grub-core/Makefile.core.def (cryptodisk): New module. (luks): Likewise. (geli): Likewise. * grub-core/disk/AFSplitter.c: New file. * grub-core/disk/cryptodisk.c: Likewise. * grub-core/disk/geli.c: Likewise. * grub-core/disk/luks.c: Likewise. * grub-core/kern/emu/getroot.c (get_dm_uuid): New function based on grub_util_is_lvm. (grub_util_get_dm_abstraction): New function. (grub_util_follow_gpart_up): Likewise. (grub_util_get_geom_abstraction): Likewise. (grub_util_get_dev_abstraction): Use new functions. (grub_util_pull_device): Pull GELI and LUKS. (grub_util_get_grub_dev): Handle LUKS and GELI. * grub-core/kern/emu/hostdisk.c (grub_util_get_fd_sectors): New function. (grub_util_biosdisk_open): Use grub_util_get_fd_sectors. (follow_geom_up): Removed. (grub_util_fd_seek): New function. (open_device): Use grub_util_fd_seek. (nread): Rename to .. (grub_util_fd_read): ... this. All users updated. * grub-core/lib/crypto.c (grub_crypto_ecb_decrypt): A better prototype. (grub_crypto_cbc_decrypt): Likewise. (grub_crypto_hmac_write): Likewise. (grub_crypto_hmac_buffer): Likewise. (grub_password_get): Extend to util. * include/grub/crypto.h (gcry_cipher_spec) [GRUB_UTIL]: New member modname. (gcry_md_spec) [GRUB_UTIL]: Likewise. * include/grub/cryptodisk.h: New file. * include/grub/disk.h (grub_disk_dev_id): Rename LUKS to CRYPTODISK. * include/grub/emu/getroot.h (grub_dev_abstraction_types): Add LUKS and GELI. (grub_util_follow_gpart_up): New proto. * include/grub/emu/hostdisk.h (grub_util_fd_seek): Likewise. (grub_util_fd_read): Likewise. (grub_cryptodisk_cheat_mount): Likewise. (grub_util_cryptodisk_print_uuid): Likewise. (grub_util_get_fd_sectors): Likewise. * util/grub-fstest.c (mount_crypt): New var. (fstest): Mount crypto if requested. (options): New option -C. (argp_parser): Parse -C. (main): Init and fini gcry. * util/grub-install.in: Support cryptodisk install. * util/grub-mkconfig.in: Export GRUB_ENABLE_CRYPTODISK. * util/grub-mkconfig_lib.in (is_path_readable_by_grub): Support cryptodisk. (prepare_grub_to_access_device): Likewise. * util/grub-mkpasswd-pbkdf2.c (main): Use grub_password_get. * util/grub-probe.c (probe_partmap): Support cryptodisk UUID probe. (probe_cryptodisk_uuid): New function. (probe_abstraction): Likewise. (probe): Use new functions. * util/import_gcry.py: Create Makefile.utilgcry.def. Add modname member. Also-By: Michael Gorven <michael@gorven.za.net> Also-By: Clemens Fruhwirth <clemens@endorphin.org>
This commit is contained in:
commit
a251b71915
24 changed files with 2971 additions and 346 deletions
|
@ -160,3 +160,4 @@ widthspec.bin
|
||||||
widthspec.h
|
widthspec.h
|
||||||
docs/stamp-1
|
docs/stamp-1
|
||||||
docs/version-dev.texi
|
docs/version-dev.texi
|
||||||
|
Makefile.utilgcry.def
|
||||||
|
|
89
ChangeLog
89
ChangeLog
|
@ -1,3 +1,92 @@
|
||||||
|
2011-07-07 Vladimir Serbinenko <phcoder@gmail.com>
|
||||||
|
2011-07-07 Michael Gorven <michael@gorven.za.net>
|
||||||
|
2011-07-07 Clemens Fruhwirth <clemens@endorphin.org>
|
||||||
|
|
||||||
|
LUKS and GELI support.
|
||||||
|
|
||||||
|
* Makefile.util.def (libgrubkern.a): Add grub-core/lib/crypto.c,
|
||||||
|
grub-core/disk/luks.c, grub-core/disk/geli.c,
|
||||||
|
grub-core/disk/cryptodisk.c, grub-core/disk/AFSplitter.c,
|
||||||
|
grub-core/lib/pbkdf2.c, grub-core/commands/extcmd.c,
|
||||||
|
grub-core/lib/arg.c.
|
||||||
|
(libgrubmods.a): Remove gcrypts cflags and cppflags.
|
||||||
|
Remove grub-core/commands/extcmd.c, grub-core/lib/arg.c,
|
||||||
|
grub-core/lib/crypto.c, grub-core/lib/libgcrypt-grub/cipher/sha512.c,
|
||||||
|
grub-core/lib/libgcrypt-grub/cipher/crc.c and grub-core/lib/pbkdf2.c.
|
||||||
|
(grub-bin2h): Add libgcry.a.
|
||||||
|
(grub-mkimage): Likewise.
|
||||||
|
(grub-mkrelpath): Likewise.
|
||||||
|
(grub-script-check): Likewise.
|
||||||
|
(grub-editenv): Likewise.
|
||||||
|
(grub-mkpasswd-pbkdf2): Likewise.
|
||||||
|
(grub-pe2elf): Likewise.
|
||||||
|
(grub-fstest): Likewise.
|
||||||
|
(grub-mkfont): Likewise.
|
||||||
|
(grub-mkdevicemap): Likewise.
|
||||||
|
(grub-probe): Likewise.
|
||||||
|
(grub-ofpath): Likewise.
|
||||||
|
(grub-mklayout): Likewise.
|
||||||
|
(example_unit_test): Likewise.
|
||||||
|
(grub-menulst2cfg): Likewise.
|
||||||
|
* autogen.sh (UTIL_DEFS): Add Makefile.utilgcry.def.
|
||||||
|
* grub-core/Makefile.core.def (cryptodisk): New module.
|
||||||
|
(luks): Likewise.
|
||||||
|
(geli): Likewise.
|
||||||
|
* grub-core/disk/AFSplitter.c: New file.
|
||||||
|
* grub-core/disk/cryptodisk.c: Likewise.
|
||||||
|
* grub-core/disk/geli.c: Likewise.
|
||||||
|
* grub-core/disk/luks.c: Likewise.
|
||||||
|
* grub-core/kern/emu/getroot.c (get_dm_uuid): New function based on
|
||||||
|
grub_util_is_lvm.
|
||||||
|
(grub_util_get_dm_abstraction): New function.
|
||||||
|
(grub_util_follow_gpart_up): Likewise.
|
||||||
|
(grub_util_get_geom_abstraction): Likewise.
|
||||||
|
(grub_util_get_dev_abstraction): Use new functions.
|
||||||
|
(grub_util_pull_device): Pull GELI and LUKS.
|
||||||
|
(grub_util_get_grub_dev): Handle LUKS and GELI.
|
||||||
|
* grub-core/kern/emu/hostdisk.c (grub_util_get_fd_sectors): New function.
|
||||||
|
(grub_util_biosdisk_open): Use grub_util_get_fd_sectors.
|
||||||
|
(follow_geom_up): Removed.
|
||||||
|
(grub_util_fd_seek): New function.
|
||||||
|
(open_device): Use grub_util_fd_seek.
|
||||||
|
(nread): Rename to ..
|
||||||
|
(grub_util_fd_read): ... this. All users updated.
|
||||||
|
* grub-core/lib/crypto.c (grub_crypto_ecb_decrypt): A better prototype.
|
||||||
|
(grub_crypto_cbc_decrypt): Likewise.
|
||||||
|
(grub_crypto_hmac_write): Likewise.
|
||||||
|
(grub_crypto_hmac_buffer): Likewise.
|
||||||
|
(grub_password_get): Extend to util.
|
||||||
|
* include/grub/crypto.h (gcry_cipher_spec) [GRUB_UTIL]:
|
||||||
|
New member modname.
|
||||||
|
(gcry_md_spec) [GRUB_UTIL]: Likewise.
|
||||||
|
* include/grub/cryptodisk.h: New file.
|
||||||
|
* include/grub/disk.h (grub_disk_dev_id): Rename LUKS to CRYPTODISK.
|
||||||
|
* include/grub/emu/getroot.h (grub_dev_abstraction_types): Add
|
||||||
|
LUKS and GELI.
|
||||||
|
(grub_util_follow_gpart_up): New proto.
|
||||||
|
* include/grub/emu/hostdisk.h (grub_util_fd_seek): Likewise.
|
||||||
|
(grub_util_fd_read): Likewise.
|
||||||
|
(grub_cryptodisk_cheat_mount): Likewise.
|
||||||
|
(grub_util_cryptodisk_print_uuid): Likewise.
|
||||||
|
(grub_util_get_fd_sectors): Likewise.
|
||||||
|
* util/grub-fstest.c (mount_crypt): New var.
|
||||||
|
(fstest): Mount crypto if requested.
|
||||||
|
(options): New option -C.
|
||||||
|
(argp_parser): Parse -C.
|
||||||
|
(main): Init and fini gcry.
|
||||||
|
* util/grub-install.in: Support cryptodisk install.
|
||||||
|
* util/grub-mkconfig.in: Export GRUB_ENABLE_CRYPTODISK.
|
||||||
|
* util/grub-mkconfig_lib.in (is_path_readable_by_grub): Support
|
||||||
|
cryptodisk.
|
||||||
|
(prepare_grub_to_access_device): Likewise.
|
||||||
|
* util/grub-mkpasswd-pbkdf2.c (main): Use grub_password_get.
|
||||||
|
* util/grub-probe.c (probe_partmap): Support cryptodisk UUID probe.
|
||||||
|
(probe_cryptodisk_uuid): New function.
|
||||||
|
(probe_abstraction): Likewise.
|
||||||
|
(probe): Use new functions.
|
||||||
|
* util/import_gcry.py: Create Makefile.utilgcry.def.
|
||||||
|
Add modname member.
|
||||||
|
|
||||||
2011-07-07 Vladimir Serbinenko <phcoder@gmail.com>
|
2011-07-07 Vladimir Serbinenko <phcoder@gmail.com>
|
||||||
|
|
||||||
Lazy device scanning.
|
Lazy device scanning.
|
||||||
|
|
|
@ -21,12 +21,18 @@ library = {
|
||||||
common = grub-core/kern/list.c;
|
common = grub-core/kern/list.c;
|
||||||
common = grub-core/kern/misc.c;
|
common = grub-core/kern/misc.c;
|
||||||
common = grub-core/kern/partition.c;
|
common = grub-core/kern/partition.c;
|
||||||
|
common = grub-core/lib/crypto.c;
|
||||||
|
common = grub-core/disk/luks.c;
|
||||||
|
common = grub-core/disk/geli.c;
|
||||||
|
common = grub-core/disk/cryptodisk.c;
|
||||||
|
common = grub-core/disk/AFSplitter.c;
|
||||||
|
common = grub-core/lib/pbkdf2.c;
|
||||||
|
common = grub-core/commands/extcmd.c;
|
||||||
|
common = grub-core/lib/arg.c;
|
||||||
};
|
};
|
||||||
|
|
||||||
library = {
|
library = {
|
||||||
name = libgrubmods.a;
|
name = libgrubmods.a;
|
||||||
cflags = '$(CFLAGS_GCRY)';
|
|
||||||
cppflags = '$(CPPFLAGS_GCRY)';
|
|
||||||
|
|
||||||
common_nodist = grub_script.tab.c;
|
common_nodist = grub_script.tab.c;
|
||||||
common_nodist = grub_script.yy.c;
|
common_nodist = grub_script.yy.c;
|
||||||
|
@ -36,7 +42,6 @@ library = {
|
||||||
|
|
||||||
common = grub-core/commands/blocklist.c;
|
common = grub-core/commands/blocklist.c;
|
||||||
common = grub-core/commands/testload.c;
|
common = grub-core/commands/testload.c;
|
||||||
common = grub-core/commands/extcmd.c;
|
|
||||||
common = grub-core/commands/ls.c;
|
common = grub-core/commands/ls.c;
|
||||||
common = grub-core/disk/dmraid_nvidia.c;
|
common = grub-core/disk/dmraid_nvidia.c;
|
||||||
common = grub-core/disk/loopback.c;
|
common = grub-core/disk/loopback.c;
|
||||||
|
@ -79,15 +84,10 @@ library = {
|
||||||
common = grub-core/fs/zfs/zfs_lzjb.c;
|
common = grub-core/fs/zfs/zfs_lzjb.c;
|
||||||
common = grub-core/fs/zfs/zfs_sha256.c;
|
common = grub-core/fs/zfs/zfs_sha256.c;
|
||||||
common = grub-core/fs/zfs/zfs_fletcher.c;
|
common = grub-core/fs/zfs/zfs_fletcher.c;
|
||||||
common = grub-core/lib/arg.c;
|
|
||||||
common = grub-core/lib/crypto.c;
|
|
||||||
common = grub-core/lib/envblk.c;
|
common = grub-core/lib/envblk.c;
|
||||||
common = grub-core/lib/hexdump.c;
|
common = grub-core/lib/hexdump.c;
|
||||||
common = grub-core/lib/libgcrypt-grub/cipher/sha512.c;
|
|
||||||
common = grub-core/lib/libgcrypt-grub/cipher/crc.c;
|
|
||||||
common = grub-core/lib/LzFind.c;
|
common = grub-core/lib/LzFind.c;
|
||||||
common = grub-core/lib/LzmaEnc.c;
|
common = grub-core/lib/LzmaEnc.c;
|
||||||
common = grub-core/lib/pbkdf2.c;
|
|
||||||
common = grub-core/lib/crc.c;
|
common = grub-core/lib/crc.c;
|
||||||
common = grub-core/normal/datetime.c;
|
common = grub-core/normal/datetime.c;
|
||||||
common = grub-core/normal/misc.c;
|
common = grub-core/normal/misc.c;
|
||||||
|
@ -113,6 +113,7 @@ program = {
|
||||||
name = grub-bin2h;
|
name = grub-bin2h;
|
||||||
common = util/bin2h.c;
|
common = util/bin2h.c;
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBINTL) $(LIBDEVMAPPER)';
|
ldadd = '$(LIBINTL) $(LIBDEVMAPPER)';
|
||||||
|
@ -128,6 +129,7 @@ program = {
|
||||||
extra_dist = util/grub-mkimagexx.c;
|
extra_dist = util/grub-mkimagexx.c;
|
||||||
|
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBLZMA)';
|
ldadd = '$(LIBLZMA)';
|
||||||
|
@ -142,6 +144,7 @@ program = {
|
||||||
common = util/grub-mkrelpath.c;
|
common = util/grub-mkrelpath.c;
|
||||||
|
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
||||||
|
@ -154,6 +157,7 @@ program = {
|
||||||
common = util/grub-script-check.c;
|
common = util/grub-script-check.c;
|
||||||
|
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
||||||
|
@ -166,6 +170,7 @@ program = {
|
||||||
common = util/grub-editenv.c;
|
common = util/grub-editenv.c;
|
||||||
|
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
||||||
|
@ -178,6 +183,7 @@ program = {
|
||||||
common = util/grub-mkpasswd-pbkdf2.c;
|
common = util/grub-mkpasswd-pbkdf2.c;
|
||||||
|
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
||||||
|
@ -198,6 +204,7 @@ program = {
|
||||||
common = util/grub-pe2elf.c;
|
common = util/grub-pe2elf.c;
|
||||||
|
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBINTL)';
|
ldadd = '$(LIBINTL)';
|
||||||
|
@ -216,6 +223,7 @@ program = {
|
||||||
cppflags = '$(CPPFLAGS_GCRY)';
|
cppflags = '$(CPPFLAGS_GCRY)';
|
||||||
|
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
||||||
|
@ -230,6 +238,7 @@ program = {
|
||||||
cflags = '$(freetype_cflags)';
|
cflags = '$(freetype_cflags)';
|
||||||
|
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(freetype_libs)';
|
ldadd = '$(freetype_libs)';
|
||||||
|
@ -250,6 +259,7 @@ program = {
|
||||||
sparc64_ieee1275 = util/ieee1275/devicemap.c;
|
sparc64_ieee1275 = util/ieee1275/devicemap.c;
|
||||||
|
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
||||||
|
@ -262,6 +272,7 @@ program = {
|
||||||
common = util/grub-probe.c;
|
common = util/grub-probe.c;
|
||||||
|
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
||||||
|
@ -279,6 +290,7 @@ program = {
|
||||||
|
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
||||||
|
|
||||||
|
@ -294,6 +306,7 @@ program = {
|
||||||
ieee1275 = util/ieee1275/ofpath.c;
|
ieee1275 = util/ieee1275/ofpath.c;
|
||||||
|
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBGEOM)';
|
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBUTIL) $(LIBGEOM)';
|
||||||
|
@ -308,6 +321,7 @@ program = {
|
||||||
common = util/grub-mklayout.c;
|
common = util/grub-mklayout.c;
|
||||||
|
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
||||||
|
@ -619,6 +633,7 @@ program = {
|
||||||
common = grub-core/tests/lib/test.c;
|
common = grub-core/tests/lib/test.c;
|
||||||
cflags = -Wno-format;
|
cflags = -Wno-format;
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
ldadd = '$(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
||||||
|
@ -632,6 +647,7 @@ program = {
|
||||||
common = grub-core/lib/i386/pc/vesa_modes_table.c;
|
common = grub-core/lib/i386/pc/vesa_modes_table.c;
|
||||||
|
|
||||||
ldadd = libgrubmods.a;
|
ldadd = libgrubmods.a;
|
||||||
|
ldadd = libgrubgcry.a;
|
||||||
ldadd = libgrubkern.a;
|
ldadd = libgrubkern.a;
|
||||||
ldadd = grub-core/gnulib/libgnu.a;
|
ldadd = grub-core/gnulib/libgnu.a;
|
||||||
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
ldadd = '$(LIBINTL) $(LIBDEVMAPPER) $(LIBZFS) $(LIBNVPAIR) $(LIBGEOM)';
|
||||||
|
|
|
@ -26,7 +26,7 @@ if [ "x${GRUB_CONTRIB}" != x ]; then
|
||||||
[ "${GRUB_CONTRIB}" = grub-core/contrib ] || ln -s ../contrib grub-core/contrib
|
[ "${GRUB_CONTRIB}" = grub-core/contrib ] || ln -s ../contrib grub-core/contrib
|
||||||
fi
|
fi
|
||||||
|
|
||||||
UTIL_DEFS=Makefile.util.def
|
UTIL_DEFS='Makefile.util.def Makefile.utilgcry.def'
|
||||||
CORE_DEFS='grub-core/Makefile.core.def grub-core/Makefile.gcry.def'
|
CORE_DEFS='grub-core/Makefile.core.def grub-core/Makefile.gcry.def'
|
||||||
|
|
||||||
for extra in contrib/*/Makefile.util.def; do
|
for extra in contrib/*/Makefile.util.def; do
|
||||||
|
|
|
@ -817,6 +817,22 @@ module = {
|
||||||
common = disk/loopback.c;
|
common = disk/loopback.c;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
module = {
|
||||||
|
name = cryptodisk;
|
||||||
|
common = disk/cryptodisk.c;
|
||||||
|
};
|
||||||
|
|
||||||
|
module = {
|
||||||
|
name = luks;
|
||||||
|
common = disk/luks.c;
|
||||||
|
common = disk/AFSplitter.c;
|
||||||
|
};
|
||||||
|
|
||||||
|
module = {
|
||||||
|
name = geli;
|
||||||
|
common = disk/geli.c;
|
||||||
|
};
|
||||||
|
|
||||||
module = {
|
module = {
|
||||||
name = lvm;
|
name = lvm;
|
||||||
common = disk/lvm.c;
|
common = disk/lvm.c;
|
||||||
|
|
89
grub-core/disk/AFSplitter.c
Normal file
89
grub-core/disk/AFSplitter.c
Normal file
|
@ -0,0 +1,89 @@
|
||||||
|
/*
|
||||||
|
* AFsplitter - Anti forensic information splitter
|
||||||
|
* Copyright 2004, Clemens Fruhwirth <clemens@endorphin.org>
|
||||||
|
*
|
||||||
|
* AFsplitter diffuses information over a large stripe of data,
|
||||||
|
* therefor supporting secure data destruction.
|
||||||
|
*
|
||||||
|
* This program is grub_free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the grub_free Software Foundation; either version 2 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Library General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, write to the grub_free Software
|
||||||
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <grub/crypto.h>
|
||||||
|
#include <grub/mm.h>
|
||||||
|
#include <grub/misc.h>
|
||||||
|
|
||||||
|
gcry_err_code_t AF_merge (const gcry_md_spec_t * hash, grub_uint8_t * src,
|
||||||
|
grub_uint8_t * dst, grub_size_t blocksize,
|
||||||
|
grub_size_t blocknumbers);
|
||||||
|
|
||||||
|
static void
|
||||||
|
diffuse (const gcry_md_spec_t * hash, grub_uint8_t * src,
|
||||||
|
grub_uint8_t * dst, grub_size_t size)
|
||||||
|
{
|
||||||
|
grub_size_t i;
|
||||||
|
grub_uint32_t IV; /* host byte order independend hash IV */
|
||||||
|
|
||||||
|
grub_size_t fullblocks = size / hash->mdlen;
|
||||||
|
int padding = size % hash->mdlen;
|
||||||
|
grub_uint8_t final[hash->mdlen];
|
||||||
|
grub_uint8_t temp[sizeof (IV) + hash->mdlen];
|
||||||
|
|
||||||
|
/* hash block the whole data set with different IVs to produce
|
||||||
|
* more than just a single data block
|
||||||
|
*/
|
||||||
|
for (i = 0; i < fullblocks; i++)
|
||||||
|
{
|
||||||
|
IV = grub_cpu_to_be32 (i);
|
||||||
|
grub_memcpy (temp, &IV, sizeof (IV));
|
||||||
|
grub_memcpy (temp + sizeof (IV), src + hash->mdlen * i, hash->mdlen);
|
||||||
|
grub_crypto_hash (hash, dst + hash->mdlen * i, temp,
|
||||||
|
sizeof (IV) + hash->mdlen);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (padding)
|
||||||
|
{
|
||||||
|
IV = grub_cpu_to_be32 (i);
|
||||||
|
grub_memcpy (temp, &IV, sizeof (IV));
|
||||||
|
grub_memcpy (temp + sizeof (IV), src + hash->mdlen * i, padding);
|
||||||
|
grub_crypto_hash (hash, final, temp, sizeof (IV) + padding);
|
||||||
|
grub_memcpy (dst + hash->mdlen * i, final, padding);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Merges the splitted master key stored on disk into the original key
|
||||||
|
*/
|
||||||
|
gcry_err_code_t
|
||||||
|
AF_merge (const gcry_md_spec_t * hash, grub_uint8_t * src, grub_uint8_t * dst,
|
||||||
|
grub_size_t blocksize, grub_size_t blocknumbers)
|
||||||
|
{
|
||||||
|
grub_size_t i;
|
||||||
|
grub_uint8_t *bufblock;
|
||||||
|
|
||||||
|
bufblock = grub_zalloc (blocksize);
|
||||||
|
if (bufblock == NULL)
|
||||||
|
return GPG_ERR_OUT_OF_MEMORY;
|
||||||
|
|
||||||
|
grub_memset (bufblock, 0, blocksize);
|
||||||
|
for (i = 0; i < blocknumbers - 1; i++)
|
||||||
|
{
|
||||||
|
grub_crypto_xor (bufblock, src + (blocksize * i), bufblock, blocksize);
|
||||||
|
diffuse (hash, bufblock, bufblock, blocksize);
|
||||||
|
}
|
||||||
|
grub_crypto_xor (dst, src + (i * blocksize), bufblock, blocksize);
|
||||||
|
|
||||||
|
grub_free (bufblock);
|
||||||
|
return GPG_ERR_NO_ERROR;
|
||||||
|
}
|
884
grub-core/disk/cryptodisk.c
Normal file
884
grub-core/disk/cryptodisk.c
Normal file
|
@ -0,0 +1,884 @@
|
||||||
|
/*
|
||||||
|
* GRUB -- GRand Unified Bootloader
|
||||||
|
* Copyright (C) 2003,2007,2010,2011 Free Software Foundation, Inc.
|
||||||
|
*
|
||||||
|
* GRUB is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* GRUB is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <grub/cryptodisk.h>
|
||||||
|
#include <grub/mm.h>
|
||||||
|
#include <grub/misc.h>
|
||||||
|
#include <grub/dl.h>
|
||||||
|
#include <grub/extcmd.h>
|
||||||
|
#include <grub/i18n.h>
|
||||||
|
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
#include <errno.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/stat.h>
|
||||||
|
#include <fcntl.h>
|
||||||
|
#include <grub/emu/hostdisk.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <string.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
GRUB_MOD_LICENSE ("GPLv3+");
|
||||||
|
|
||||||
|
grub_cryptodisk_dev_t grub_cryptodisk_list;
|
||||||
|
|
||||||
|
static const struct grub_arg_option options[] =
|
||||||
|
{
|
||||||
|
{"uuid", 'u', 0, N_("Mount by UUID."), 0, 0},
|
||||||
|
{"all", 'a', 0, N_("Mount all."), 0, 0},
|
||||||
|
{"boot", 'b', 0, N_("Mount all volumes marked as boot."), 0, 0},
|
||||||
|
{0, 0, 0, 0, 0, 0}
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Our irreducible polynom is x^128+x^7+x^2+x+1. Lowest byte of it is: */
|
||||||
|
#define GF_POLYNOM 0x87
|
||||||
|
static inline int GF_PER_SECTOR (const struct grub_cryptodisk *dev)
|
||||||
|
{
|
||||||
|
return 1U << (dev->log_sector_size - GRUB_CRYPTODISK_GF_LOG_BYTES);
|
||||||
|
}
|
||||||
|
|
||||||
|
static grub_cryptodisk_t cryptodisk_list = NULL;
|
||||||
|
static grub_uint8_t n = 0;
|
||||||
|
|
||||||
|
static void
|
||||||
|
gf_mul_x (grub_uint8_t *g)
|
||||||
|
{
|
||||||
|
int over = 0, over2 = 0;
|
||||||
|
unsigned j;
|
||||||
|
|
||||||
|
for (j = 0; j < GRUB_CRYPTODISK_GF_BYTES; j++)
|
||||||
|
{
|
||||||
|
over2 = !!(g[j] & 0x80);
|
||||||
|
g[j] <<= 1;
|
||||||
|
g[j] |= over;
|
||||||
|
over = over2;
|
||||||
|
}
|
||||||
|
if (over)
|
||||||
|
g[0] ^= GF_POLYNOM;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void
|
||||||
|
gf_mul_x_be (grub_uint8_t *g)
|
||||||
|
{
|
||||||
|
int over = 0, over2 = 0;
|
||||||
|
int j;
|
||||||
|
|
||||||
|
for (j = (int) GRUB_CRYPTODISK_GF_BYTES - 1; j >= 0; j--)
|
||||||
|
{
|
||||||
|
over2 = !!(g[j] & 0x80);
|
||||||
|
g[j] <<= 1;
|
||||||
|
g[j] |= over;
|
||||||
|
over = over2;
|
||||||
|
}
|
||||||
|
if (over)
|
||||||
|
g[GRUB_CRYPTODISK_GF_BYTES - 1] ^= GF_POLYNOM;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
gf_mul_be (grub_uint8_t *o, const grub_uint8_t *a, const grub_uint8_t *b)
|
||||||
|
{
|
||||||
|
unsigned i;
|
||||||
|
grub_uint8_t t[GRUB_CRYPTODISK_GF_BYTES];
|
||||||
|
grub_memset (o, 0, GRUB_CRYPTODISK_GF_BYTES);
|
||||||
|
grub_memcpy (t, b, GRUB_CRYPTODISK_GF_BYTES);
|
||||||
|
for (i = 0; i < GRUB_CRYPTODISK_GF_SIZE; i++)
|
||||||
|
{
|
||||||
|
if (((a[GRUB_CRYPTODISK_GF_BYTES - i / 8 - 1] >> (i % 8))) & 1)
|
||||||
|
grub_crypto_xor (o, o, t, GRUB_CRYPTODISK_GF_BYTES);
|
||||||
|
gf_mul_x_be (t);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static gcry_err_code_t
|
||||||
|
grub_crypto_pcbc_decrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
|
void *out, void *in, grub_size_t size,
|
||||||
|
void *iv)
|
||||||
|
{
|
||||||
|
grub_uint8_t *inptr, *outptr, *end;
|
||||||
|
grub_uint8_t ivt[cipher->cipher->blocksize];
|
||||||
|
if (!cipher->cipher->decrypt)
|
||||||
|
return GPG_ERR_NOT_SUPPORTED;
|
||||||
|
if (size % cipher->cipher->blocksize != 0)
|
||||||
|
return GPG_ERR_INV_ARG;
|
||||||
|
end = (grub_uint8_t *) in + size;
|
||||||
|
for (inptr = in, outptr = out; inptr < end;
|
||||||
|
inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
|
||||||
|
{
|
||||||
|
grub_memcpy (ivt, inptr, cipher->cipher->blocksize);
|
||||||
|
cipher->cipher->decrypt (cipher->ctx, outptr, inptr);
|
||||||
|
grub_crypto_xor (outptr, outptr, iv, cipher->cipher->blocksize);
|
||||||
|
grub_crypto_xor (iv, ivt, outptr, cipher->cipher->blocksize);
|
||||||
|
}
|
||||||
|
return GPG_ERR_NO_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
struct lrw_sector
|
||||||
|
{
|
||||||
|
grub_uint8_t low[GRUB_CRYPTODISK_GF_BYTES];
|
||||||
|
grub_uint8_t high[GRUB_CRYPTODISK_GF_BYTES];
|
||||||
|
grub_uint8_t low_byte, low_byte_c;
|
||||||
|
};
|
||||||
|
|
||||||
|
static void
|
||||||
|
generate_lrw_sector (struct lrw_sector *sec,
|
||||||
|
const struct grub_cryptodisk *dev,
|
||||||
|
const grub_uint8_t *iv)
|
||||||
|
{
|
||||||
|
grub_uint8_t idx[GRUB_CRYPTODISK_GF_BYTES];
|
||||||
|
grub_uint16_t c;
|
||||||
|
int j;
|
||||||
|
grub_memcpy (idx, iv, GRUB_CRYPTODISK_GF_BYTES);
|
||||||
|
sec->low_byte = (idx[GRUB_CRYPTODISK_GF_BYTES - 1]
|
||||||
|
& (GF_PER_SECTOR (dev) - 1));
|
||||||
|
sec->low_byte_c = (((GF_PER_SECTOR (dev) - 1) & ~sec->low_byte) + 1);
|
||||||
|
idx[GRUB_CRYPTODISK_GF_BYTES - 1] &= ~(GF_PER_SECTOR (dev) - 1);
|
||||||
|
gf_mul_be (sec->low, dev->lrw_key, idx);
|
||||||
|
if (!sec->low_byte)
|
||||||
|
return;
|
||||||
|
|
||||||
|
c = idx[GRUB_CRYPTODISK_GF_BYTES - 1] + GF_PER_SECTOR (dev);
|
||||||
|
if (c & 0x100)
|
||||||
|
{
|
||||||
|
for (j = GRUB_CRYPTODISK_GF_BYTES - 2; j >= 0; j--)
|
||||||
|
{
|
||||||
|
idx[j]++;
|
||||||
|
if (idx[j] != 0)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
idx[GRUB_CRYPTODISK_GF_BYTES - 1] = c;
|
||||||
|
gf_mul_be (sec->high, dev->lrw_key, idx);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void __attribute__ ((unused))
|
||||||
|
lrw_xor (const struct lrw_sector *sec,
|
||||||
|
const struct grub_cryptodisk *dev,
|
||||||
|
grub_uint8_t *b)
|
||||||
|
{
|
||||||
|
unsigned i;
|
||||||
|
|
||||||
|
for (i = 0; i < sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES;
|
||||||
|
i += GRUB_CRYPTODISK_GF_BYTES)
|
||||||
|
grub_crypto_xor (b + i, b + i, sec->low, GRUB_CRYPTODISK_GF_BYTES);
|
||||||
|
grub_crypto_xor (b, b, dev->lrw_precalc + GRUB_CRYPTODISK_GF_BYTES * sec->low_byte,
|
||||||
|
sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES);
|
||||||
|
if (!sec->low_byte)
|
||||||
|
return;
|
||||||
|
|
||||||
|
for (i = sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES;
|
||||||
|
i < (1U << dev->log_sector_size); i += GRUB_CRYPTODISK_GF_BYTES)
|
||||||
|
grub_crypto_xor (b + i, b + i, sec->high, GRUB_CRYPTODISK_GF_BYTES);
|
||||||
|
grub_crypto_xor (b + sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES,
|
||||||
|
b + sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES,
|
||||||
|
dev->lrw_precalc, sec->low_byte * GRUB_CRYPTODISK_GF_BYTES);
|
||||||
|
}
|
||||||
|
|
||||||
|
gcry_err_code_t
|
||||||
|
grub_cryptodisk_decrypt (struct grub_cryptodisk *dev,
|
||||||
|
grub_uint8_t * data, grub_size_t len,
|
||||||
|
grub_disk_addr_t sector)
|
||||||
|
{
|
||||||
|
grub_size_t i;
|
||||||
|
gcry_err_code_t err;
|
||||||
|
|
||||||
|
/* The only mode without IV. */
|
||||||
|
if (dev->mode == GRUB_CRYPTODISK_MODE_ECB && !dev->rekey)
|
||||||
|
return grub_crypto_ecb_decrypt (dev->cipher, data, data, len);
|
||||||
|
|
||||||
|
for (i = 0; i < len; i += (1U << dev->log_sector_size))
|
||||||
|
{
|
||||||
|
grub_size_t sz = ((dev->cipher->cipher->blocksize
|
||||||
|
+ sizeof (grub_uint32_t) - 1)
|
||||||
|
/ sizeof (grub_uint32_t));
|
||||||
|
grub_uint32_t iv[sz];
|
||||||
|
|
||||||
|
if (dev->rekey)
|
||||||
|
{
|
||||||
|
grub_uint64_t zone = sector >> dev->rekey_shift;
|
||||||
|
if (zone != dev->last_rekey)
|
||||||
|
{
|
||||||
|
err = dev->rekey (dev, zone);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
dev->last_rekey = zone;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
grub_memset (iv, 0, sz * sizeof (iv[0]));
|
||||||
|
switch (dev->mode_iv)
|
||||||
|
{
|
||||||
|
case GRUB_CRYPTODISK_MODE_IV_NULL:
|
||||||
|
break;
|
||||||
|
case GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64_HASH:
|
||||||
|
{
|
||||||
|
grub_uint64_t tmp;
|
||||||
|
grub_uint64_t ctx[(dev->iv_hash->contextsize + 7) / 8];
|
||||||
|
|
||||||
|
grub_memset (ctx, 0, sizeof (ctx));
|
||||||
|
|
||||||
|
tmp = grub_cpu_to_le64 (sector << dev->log_sector_size);
|
||||||
|
dev->iv_hash->init (ctx);
|
||||||
|
dev->iv_hash->write (ctx, dev->iv_prefix, dev->iv_prefix_len);
|
||||||
|
dev->iv_hash->write (ctx, &tmp, sizeof (tmp));
|
||||||
|
dev->iv_hash->final (ctx);
|
||||||
|
|
||||||
|
grub_memcpy (iv, dev->iv_hash->read (ctx), sizeof (iv));
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case GRUB_CRYPTODISK_MODE_IV_PLAIN64:
|
||||||
|
iv[1] = grub_cpu_to_le32 (sector >> 32);
|
||||||
|
case GRUB_CRYPTODISK_MODE_IV_PLAIN:
|
||||||
|
iv[0] = grub_cpu_to_le32 (sector & 0xFFFFFFFF);
|
||||||
|
break;
|
||||||
|
case GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64:
|
||||||
|
iv[1] = grub_cpu_to_le32 (sector >> (32 - dev->log_sector_size));
|
||||||
|
iv[0] = grub_cpu_to_le32 ((sector << dev->log_sector_size)
|
||||||
|
& 0xFFFFFFFF);
|
||||||
|
break;
|
||||||
|
case GRUB_CRYPTODISK_MODE_IV_BENBI:
|
||||||
|
{
|
||||||
|
grub_uint64_t num = (sector << dev->benbi_log) + 1;
|
||||||
|
iv[sz - 2] = grub_cpu_to_be32 (num >> 32);
|
||||||
|
iv[sz - 1] = grub_cpu_to_be32 (num & 0xFFFFFFFF);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case GRUB_CRYPTODISK_MODE_IV_ESSIV:
|
||||||
|
iv[0] = grub_cpu_to_le32 (sector & 0xFFFFFFFF);
|
||||||
|
err = grub_crypto_ecb_encrypt (dev->essiv_cipher, iv, iv,
|
||||||
|
dev->cipher->cipher->blocksize);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (dev->mode)
|
||||||
|
{
|
||||||
|
case GRUB_CRYPTODISK_MODE_CBC:
|
||||||
|
err = grub_crypto_cbc_decrypt (dev->cipher, data + i, data + i,
|
||||||
|
(1U << dev->log_sector_size), iv);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case GRUB_CRYPTODISK_MODE_PCBC:
|
||||||
|
err = grub_crypto_pcbc_decrypt (dev->cipher, data + i, data + i,
|
||||||
|
(1U << dev->log_sector_size), iv);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
break;
|
||||||
|
case GRUB_CRYPTODISK_MODE_XTS:
|
||||||
|
{
|
||||||
|
unsigned j;
|
||||||
|
err = grub_crypto_ecb_encrypt (dev->secondary_cipher, iv, iv,
|
||||||
|
dev->cipher->cipher->blocksize);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
for (j = 0; j < (1U << dev->log_sector_size);
|
||||||
|
j += dev->cipher->cipher->blocksize)
|
||||||
|
{
|
||||||
|
grub_crypto_xor (data + i + j, data + i + j, iv,
|
||||||
|
dev->cipher->cipher->blocksize);
|
||||||
|
err = grub_crypto_ecb_decrypt (dev->cipher, data + i + j,
|
||||||
|
data + i + j,
|
||||||
|
dev->cipher->cipher->blocksize);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
grub_crypto_xor (data + i + j, data + i + j, iv,
|
||||||
|
dev->cipher->cipher->blocksize);
|
||||||
|
gf_mul_x ((grub_uint8_t *) iv);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case GRUB_CRYPTODISK_MODE_LRW:
|
||||||
|
{
|
||||||
|
struct lrw_sector sec;
|
||||||
|
|
||||||
|
generate_lrw_sector (&sec, dev, (grub_uint8_t *) iv);
|
||||||
|
lrw_xor (&sec, dev, data + i);
|
||||||
|
|
||||||
|
err = grub_crypto_ecb_decrypt (dev->cipher, data + i,
|
||||||
|
data + i,
|
||||||
|
(1U << dev->log_sector_size));
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
lrw_xor (&sec, dev, data + i);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case GRUB_CRYPTODISK_MODE_ECB:
|
||||||
|
grub_crypto_ecb_decrypt (dev->cipher, data + i, data + i,
|
||||||
|
(1U << dev->log_sector_size));
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
return GPG_ERR_NOT_IMPLEMENTED;
|
||||||
|
}
|
||||||
|
sector++;
|
||||||
|
}
|
||||||
|
return GPG_ERR_NO_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
gcry_err_code_t
|
||||||
|
grub_cryptodisk_setkey (grub_cryptodisk_t dev, grub_uint8_t *key, grub_size_t keysize)
|
||||||
|
{
|
||||||
|
gcry_err_code_t err;
|
||||||
|
int real_keysize;
|
||||||
|
|
||||||
|
real_keysize = keysize;
|
||||||
|
if (dev->mode == GRUB_CRYPTODISK_MODE_XTS)
|
||||||
|
real_keysize /= 2;
|
||||||
|
if (dev->mode == GRUB_CRYPTODISK_MODE_LRW)
|
||||||
|
real_keysize -= dev->cipher->cipher->blocksize;
|
||||||
|
|
||||||
|
/* Set the PBKDF2 output as the cipher key. */
|
||||||
|
err = grub_crypto_cipher_set_key (dev->cipher, key, real_keysize);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
/* Configure ESSIV if necessary. */
|
||||||
|
if (dev->mode_iv == GRUB_CRYPTODISK_MODE_IV_ESSIV)
|
||||||
|
{
|
||||||
|
grub_size_t essiv_keysize = dev->essiv_hash->mdlen;
|
||||||
|
grub_uint8_t hashed_key[essiv_keysize];
|
||||||
|
|
||||||
|
grub_crypto_hash (dev->essiv_hash, hashed_key, key, keysize);
|
||||||
|
err = grub_crypto_cipher_set_key (dev->essiv_cipher,
|
||||||
|
hashed_key, essiv_keysize);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
if (dev->mode == GRUB_CRYPTODISK_MODE_XTS)
|
||||||
|
{
|
||||||
|
err = grub_crypto_cipher_set_key (dev->secondary_cipher,
|
||||||
|
key + real_keysize,
|
||||||
|
keysize / 2);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (dev->mode == GRUB_CRYPTODISK_MODE_LRW)
|
||||||
|
{
|
||||||
|
unsigned i;
|
||||||
|
grub_uint8_t idx[GRUB_CRYPTODISK_GF_BYTES];
|
||||||
|
|
||||||
|
grub_free (dev->lrw_precalc);
|
||||||
|
grub_memcpy (dev->lrw_key, key + real_keysize,
|
||||||
|
dev->cipher->cipher->blocksize);
|
||||||
|
dev->lrw_precalc = grub_malloc ((1U << dev->log_sector_size));
|
||||||
|
if (!dev->lrw_precalc)
|
||||||
|
return GPG_ERR_OUT_OF_MEMORY;
|
||||||
|
grub_memset (idx, 0, GRUB_CRYPTODISK_GF_BYTES);
|
||||||
|
for (i = 0; i < (1U << dev->log_sector_size);
|
||||||
|
i += GRUB_CRYPTODISK_GF_BYTES)
|
||||||
|
{
|
||||||
|
idx[GRUB_CRYPTODISK_GF_BYTES - 1] = i / GRUB_CRYPTODISK_GF_BYTES;
|
||||||
|
gf_mul_be (dev->lrw_precalc + i, idx, dev->lrw_key);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return GPG_ERR_NO_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
grub_cryptodisk_iterate (int (*hook) (const char *name),
|
||||||
|
grub_disk_pull_t pull)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_t i;
|
||||||
|
|
||||||
|
if (pull != GRUB_DISK_PULL_NONE)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
for (i = cryptodisk_list; i != NULL; i = i->next)
|
||||||
|
{
|
||||||
|
char buf[30];
|
||||||
|
grub_snprintf (buf, sizeof (buf), "crypto%lu", i->id);
|
||||||
|
if (hook (buf))
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
static grub_err_t
|
||||||
|
grub_cryptodisk_open (const char *name, grub_disk_t disk,
|
||||||
|
grub_disk_pull_t pull __attribute__ ((unused)))
|
||||||
|
{
|
||||||
|
grub_cryptodisk_t dev;
|
||||||
|
|
||||||
|
if (grub_memcmp (name, "crypto", sizeof ("crypto") - 1) != 0)
|
||||||
|
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "No such device");
|
||||||
|
|
||||||
|
if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) == 0)
|
||||||
|
{
|
||||||
|
for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
|
||||||
|
if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 0)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
unsigned long id = grub_strtoul (name + sizeof ("crypto") - 1, 0, 0);
|
||||||
|
if (grub_errno)
|
||||||
|
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "No such device");
|
||||||
|
/* Search for requested device in the list of CRYPTODISK devices. */
|
||||||
|
for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
|
||||||
|
if (dev->id == id)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (!dev)
|
||||||
|
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "No such device");
|
||||||
|
|
||||||
|
disk->log_sector_size = dev->log_sector_size;
|
||||||
|
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
if (dev->cheat)
|
||||||
|
{
|
||||||
|
if (dev->cheat_fd == -1)
|
||||||
|
dev->cheat_fd = open (dev->cheat, O_RDONLY);
|
||||||
|
if (dev->cheat_fd == -1)
|
||||||
|
return grub_error (GRUB_ERR_IO, "couldn't open %s: %s",
|
||||||
|
dev->cheat, strerror (errno));
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (!dev->source_disk)
|
||||||
|
{
|
||||||
|
grub_dprintf ("cryptodisk", "Opening device %s\n", name);
|
||||||
|
/* Try to open the source disk and populate the requested disk. */
|
||||||
|
dev->source_disk = grub_disk_open (dev->source);
|
||||||
|
if (!dev->source_disk)
|
||||||
|
return grub_errno;
|
||||||
|
}
|
||||||
|
|
||||||
|
disk->data = dev;
|
||||||
|
disk->total_sectors = dev->total_length;
|
||||||
|
disk->id = dev->id;
|
||||||
|
dev->ref++;
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
grub_cryptodisk_close (grub_disk_t disk)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
|
||||||
|
grub_dprintf ("cryptodisk", "Closing disk\n");
|
||||||
|
|
||||||
|
dev->ref--;
|
||||||
|
|
||||||
|
if (dev->ref != 0)
|
||||||
|
return;
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
if (dev->cheat)
|
||||||
|
{
|
||||||
|
close (dev->cheat_fd);
|
||||||
|
dev->cheat_fd = -1;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
grub_disk_close (dev->source_disk);
|
||||||
|
dev->source_disk = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static grub_err_t
|
||||||
|
grub_cryptodisk_read (grub_disk_t disk, grub_disk_addr_t sector,
|
||||||
|
grub_size_t size, char *buf)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
|
||||||
|
grub_err_t err;
|
||||||
|
gcry_err_code_t gcry_err;
|
||||||
|
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
if (dev->cheat)
|
||||||
|
{
|
||||||
|
err = grub_util_fd_seek (dev->cheat_fd, dev->cheat,
|
||||||
|
sector << disk->log_sector_size);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
if (grub_util_fd_read (dev->cheat_fd, buf, size << disk->log_sector_size)
|
||||||
|
!= (ssize_t) (size << disk->log_sector_size))
|
||||||
|
return grub_error (GRUB_ERR_READ_ERROR, "cannot read from `%s'",
|
||||||
|
dev->cheat);
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
grub_dprintf ("cryptodisk",
|
||||||
|
"Reading %" PRIuGRUB_SIZE " sectors from sector 0x%"
|
||||||
|
PRIxGRUB_UINT64_T " with offset of %" PRIuGRUB_UINT64_T "\n",
|
||||||
|
size, sector, dev->offset);
|
||||||
|
|
||||||
|
err = grub_disk_read (dev->source_disk,
|
||||||
|
(sector << (disk->log_sector_size
|
||||||
|
- GRUB_DISK_SECTOR_BITS)) + dev->offset, 0,
|
||||||
|
size << disk->log_sector_size, buf);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
grub_dprintf ("cryptodisk", "grub_disk_read failed with error %d\n", err);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
gcry_err = grub_cryptodisk_decrypt (dev, (grub_uint8_t *) buf,
|
||||||
|
size << disk->log_sector_size,
|
||||||
|
sector);
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
}
|
||||||
|
|
||||||
|
static grub_err_t
|
||||||
|
grub_cryptodisk_write (grub_disk_t disk __attribute ((unused)),
|
||||||
|
grub_disk_addr_t sector __attribute ((unused)),
|
||||||
|
grub_size_t size __attribute ((unused)),
|
||||||
|
const char *buf __attribute ((unused)))
|
||||||
|
{
|
||||||
|
return GRUB_ERR_NOT_IMPLEMENTED_YET;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
static grub_disk_memberlist_t
|
||||||
|
grub_cryptodisk_memberlist (grub_disk_t disk)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
|
||||||
|
grub_disk_memberlist_t list = NULL;
|
||||||
|
|
||||||
|
list = grub_malloc (sizeof (*list));
|
||||||
|
if (list)
|
||||||
|
{
|
||||||
|
list->disk = dev->source_disk;
|
||||||
|
list->next = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
return list;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
static void
|
||||||
|
cryptodisk_cleanup (void)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_t dev = cryptodisk_list;
|
||||||
|
grub_cryptodisk_t tmp;
|
||||||
|
|
||||||
|
while (dev != NULL)
|
||||||
|
{
|
||||||
|
grub_free (dev->source);
|
||||||
|
grub_free (dev->cipher);
|
||||||
|
grub_free (dev->secondary_cipher);
|
||||||
|
grub_free (dev->essiv_cipher);
|
||||||
|
tmp = dev->next;
|
||||||
|
grub_free (dev);
|
||||||
|
dev = tmp;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
grub_err_t
|
||||||
|
grub_cryptodisk_insert (grub_cryptodisk_t newdev, const char *name,
|
||||||
|
grub_disk_t source)
|
||||||
|
{
|
||||||
|
newdev->source = grub_strdup (name);
|
||||||
|
if (!newdev->source)
|
||||||
|
{
|
||||||
|
grub_free (newdev);
|
||||||
|
return grub_errno;
|
||||||
|
}
|
||||||
|
|
||||||
|
newdev->id = n++;
|
||||||
|
newdev->source_id = source->id;
|
||||||
|
newdev->source_dev_id = source->dev->id;
|
||||||
|
newdev->next = cryptodisk_list;
|
||||||
|
cryptodisk_list = newdev;
|
||||||
|
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
grub_cryptodisk_t
|
||||||
|
grub_cryptodisk_get_by_uuid (const char *uuid)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_t dev;
|
||||||
|
for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
|
||||||
|
if (grub_strcasecmp (dev->uuid, uuid) == 0)
|
||||||
|
return dev;
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
grub_cryptodisk_t
|
||||||
|
grub_cryptodisk_get_by_source_disk (grub_disk_t disk)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_t dev;
|
||||||
|
for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
|
||||||
|
if (dev->source_id == disk->id && dev->source_dev_id == disk->dev->id)
|
||||||
|
return dev;
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
grub_err_t
|
||||||
|
grub_cryptodisk_cheat_insert (grub_cryptodisk_t newdev, const char *name,
|
||||||
|
grub_disk_t source, const char *cheat)
|
||||||
|
{
|
||||||
|
newdev->cheat = grub_strdup (cheat);
|
||||||
|
newdev->source = grub_strdup (name);
|
||||||
|
if (!newdev->source || !newdev->cheat)
|
||||||
|
{
|
||||||
|
grub_free (newdev->source);
|
||||||
|
grub_free (newdev->cheat);
|
||||||
|
return grub_errno;
|
||||||
|
}
|
||||||
|
|
||||||
|
newdev->cheat_fd = -1;
|
||||||
|
newdev->source_id = source->id;
|
||||||
|
newdev->source_dev_id = source->dev->id;
|
||||||
|
newdev->id = n++;
|
||||||
|
newdev->next = cryptodisk_list;
|
||||||
|
cryptodisk_list = newdev;
|
||||||
|
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
grub_util_cryptodisk_print_abstraction (grub_disk_t disk)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
|
||||||
|
|
||||||
|
grub_printf ("cryptodisk %s ", dev->modname);
|
||||||
|
|
||||||
|
if (dev->cipher)
|
||||||
|
grub_printf ("%s ", dev->cipher->cipher->modname);
|
||||||
|
if (dev->secondary_cipher)
|
||||||
|
grub_printf ("%s ", dev->secondary_cipher->cipher->modname);
|
||||||
|
if (dev->essiv_cipher)
|
||||||
|
grub_printf ("%s ", dev->essiv_cipher->cipher->modname);
|
||||||
|
if (dev->hash)
|
||||||
|
grub_printf ("%s ", dev->hash->modname);
|
||||||
|
if (dev->essiv_hash)
|
||||||
|
grub_printf ("%s ", dev->essiv_hash->modname);
|
||||||
|
if (dev->iv_hash)
|
||||||
|
grub_printf ("%s ", dev->iv_hash->modname);
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
grub_util_cryptodisk_print_uuid (grub_disk_t disk)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
|
||||||
|
grub_printf ("%s ", dev->uuid);
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
||||||
|
static int check_boot, have_it;
|
||||||
|
static char *search_uuid;
|
||||||
|
|
||||||
|
static void
|
||||||
|
cryptodisk_close (grub_cryptodisk_t dev)
|
||||||
|
{
|
||||||
|
grub_crypto_cipher_close (dev->cipher);
|
||||||
|
grub_crypto_cipher_close (dev->secondary_cipher);
|
||||||
|
grub_crypto_cipher_close (dev->essiv_cipher);
|
||||||
|
grub_free (dev);
|
||||||
|
}
|
||||||
|
|
||||||
|
static grub_err_t
|
||||||
|
grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source)
|
||||||
|
{
|
||||||
|
grub_err_t err;
|
||||||
|
grub_cryptodisk_t dev;
|
||||||
|
grub_cryptodisk_dev_t cr;
|
||||||
|
|
||||||
|
dev = grub_cryptodisk_get_by_source_disk (source);
|
||||||
|
|
||||||
|
if (dev)
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
|
||||||
|
FOR_CRYPTODISK_DEVS (cr)
|
||||||
|
{
|
||||||
|
dev = cr->scan (source, search_uuid, check_boot);
|
||||||
|
if (grub_errno)
|
||||||
|
return grub_errno;
|
||||||
|
if (!dev)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
err = cr->recover_key (source, dev);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
cryptodisk_close (dev);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
grub_cryptodisk_insert (dev, name, source);
|
||||||
|
|
||||||
|
have_it = 1;
|
||||||
|
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
#include <grub/util/misc.h>
|
||||||
|
grub_err_t
|
||||||
|
grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat)
|
||||||
|
{
|
||||||
|
grub_err_t err;
|
||||||
|
grub_cryptodisk_t dev;
|
||||||
|
grub_cryptodisk_dev_t cr;
|
||||||
|
grub_disk_t source;
|
||||||
|
|
||||||
|
/* Try to open disk. */
|
||||||
|
source = grub_disk_open (sourcedev);
|
||||||
|
if (!source)
|
||||||
|
return grub_errno;
|
||||||
|
|
||||||
|
dev = grub_cryptodisk_get_by_source_disk (source);
|
||||||
|
|
||||||
|
if (dev)
|
||||||
|
{
|
||||||
|
grub_disk_close (source);
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
FOR_CRYPTODISK_DEVS (cr)
|
||||||
|
{
|
||||||
|
dev = cr->scan (source, search_uuid, check_boot);
|
||||||
|
if (grub_errno)
|
||||||
|
return grub_errno;
|
||||||
|
if (!dev)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
grub_util_info ("cheatmounted %s (%s) at %s", sourcedev, dev->modname,
|
||||||
|
cheat);
|
||||||
|
err = grub_cryptodisk_cheat_insert (dev, sourcedev, source, cheat);
|
||||||
|
grub_disk_close (source);
|
||||||
|
if (err)
|
||||||
|
grub_free (dev);
|
||||||
|
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
grub_disk_close (source);
|
||||||
|
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
static int
|
||||||
|
grub_cryptodisk_scan_device (const char *name)
|
||||||
|
{
|
||||||
|
grub_err_t err;
|
||||||
|
grub_disk_t source;
|
||||||
|
|
||||||
|
/* Try to open disk. */
|
||||||
|
source = grub_disk_open (name);
|
||||||
|
if (!source)
|
||||||
|
return grub_errno;
|
||||||
|
|
||||||
|
err = grub_cryptodisk_scan_device_real (name, source);
|
||||||
|
|
||||||
|
grub_disk_close (source);
|
||||||
|
|
||||||
|
if (err)
|
||||||
|
grub_print_error ();
|
||||||
|
return have_it && search_uuid ? 1 : 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static grub_err_t
|
||||||
|
grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
|
||||||
|
{
|
||||||
|
struct grub_arg_list *state = ctxt->state;
|
||||||
|
|
||||||
|
if (argc < 1 && !state[1].set && !state[2].set)
|
||||||
|
return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required");
|
||||||
|
|
||||||
|
have_it = 0;
|
||||||
|
if (state[0].set)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_t dev;
|
||||||
|
|
||||||
|
dev = grub_cryptodisk_get_by_uuid (args[0]);
|
||||||
|
if (dev)
|
||||||
|
{
|
||||||
|
grub_dprintf ("cryptodisk",
|
||||||
|
"already mounted as crypto%lu\n", dev->id);
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
check_boot = state[2].set;
|
||||||
|
search_uuid = args[0];
|
||||||
|
grub_device_iterate (&grub_cryptodisk_scan_device);
|
||||||
|
search_uuid = NULL;
|
||||||
|
|
||||||
|
if (!have_it)
|
||||||
|
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no such cryptodisk found");
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
else if (state[1].set || (argc == 0 && state[2].set))
|
||||||
|
{
|
||||||
|
search_uuid = NULL;
|
||||||
|
check_boot = state[2].set;
|
||||||
|
grub_device_iterate (&grub_cryptodisk_scan_device);
|
||||||
|
search_uuid = NULL;
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
grub_err_t err;
|
||||||
|
grub_disk_t disk;
|
||||||
|
grub_cryptodisk_t dev;
|
||||||
|
|
||||||
|
search_uuid = NULL;
|
||||||
|
check_boot = state[2].set;
|
||||||
|
disk = grub_disk_open (args[0]);
|
||||||
|
if (!disk)
|
||||||
|
return grub_errno;
|
||||||
|
|
||||||
|
dev = grub_cryptodisk_get_by_source_disk (disk);
|
||||||
|
if (dev)
|
||||||
|
{
|
||||||
|
grub_dprintf ("cryptodisk", "already mounted as crypto%lu\n", dev->id);
|
||||||
|
grub_disk_close (disk);
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
err = grub_cryptodisk_scan_device_real (args[0], disk);
|
||||||
|
|
||||||
|
grub_disk_close (disk);
|
||||||
|
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static struct grub_disk_dev grub_cryptodisk_dev = {
|
||||||
|
.name = "cryptodisk",
|
||||||
|
.id = GRUB_DISK_DEVICE_CRYPTODISK_ID,
|
||||||
|
.iterate = grub_cryptodisk_iterate,
|
||||||
|
.open = grub_cryptodisk_open,
|
||||||
|
.close = grub_cryptodisk_close,
|
||||||
|
.read = grub_cryptodisk_read,
|
||||||
|
.write = grub_cryptodisk_write,
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
.memberlist = grub_cryptodisk_memberlist,
|
||||||
|
#endif
|
||||||
|
.next = 0
|
||||||
|
};
|
||||||
|
|
||||||
|
static grub_extcmd_t cmd;
|
||||||
|
|
||||||
|
GRUB_MOD_INIT (cryptodisk)
|
||||||
|
{
|
||||||
|
grub_disk_dev_register (&grub_cryptodisk_dev);
|
||||||
|
cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0,
|
||||||
|
N_("SOURCE|-u UUID|-a|-b"),
|
||||||
|
N_("Mount a crypto device."), options);
|
||||||
|
}
|
||||||
|
|
||||||
|
GRUB_MOD_FINI (cryptodisk)
|
||||||
|
{
|
||||||
|
grub_disk_dev_unregister (&grub_cryptodisk_dev);
|
||||||
|
cryptodisk_cleanup ();
|
||||||
|
}
|
536
grub-core/disk/geli.c
Normal file
536
grub-core/disk/geli.c
Normal file
|
@ -0,0 +1,536 @@
|
||||||
|
/*
|
||||||
|
* GRUB -- GRand Unified Bootloader
|
||||||
|
* Copyright (C) 2003,2007,2010,2011 Free Software Foundation, Inc.
|
||||||
|
*
|
||||||
|
* GRUB is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* GRUB is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* This file is loosely based on FreeBSD geli implementation
|
||||||
|
(but no code was directly copied). FreeBSD geli is distributed under
|
||||||
|
following terms: */
|
||||||
|
/*-
|
||||||
|
* Copyright (c) 2005-2006 Pawel Jakub Dawidek <pjd@FreeBSD.org>
|
||||||
|
* All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
* 1. Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer in the
|
||||||
|
* documentation and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
|
||||||
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||||
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
|
||||||
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||||
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||||
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||||
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||||
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||||
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
|
* SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <grub/cryptodisk.h>
|
||||||
|
#include <grub/types.h>
|
||||||
|
#include <grub/misc.h>
|
||||||
|
#include <grub/mm.h>
|
||||||
|
#include <grub/dl.h>
|
||||||
|
#include <grub/err.h>
|
||||||
|
#include <grub/disk.h>
|
||||||
|
#include <grub/crypto.h>
|
||||||
|
#include <grub/partition.h>
|
||||||
|
#include <grub/i18n.h>
|
||||||
|
|
||||||
|
GRUB_MOD_LICENSE ("GPLv3+");
|
||||||
|
|
||||||
|
struct grub_geli_key
|
||||||
|
{
|
||||||
|
grub_uint8_t iv_key[64];
|
||||||
|
grub_uint8_t cipher_key[64];
|
||||||
|
grub_uint8_t hmac[64];
|
||||||
|
} __attribute__ ((packed));
|
||||||
|
|
||||||
|
struct grub_geli_phdr
|
||||||
|
{
|
||||||
|
grub_uint8_t magic[16];
|
||||||
|
#define GELI_MAGIC "GEOM::ELI"
|
||||||
|
grub_uint32_t version;
|
||||||
|
grub_uint32_t flags;
|
||||||
|
grub_uint16_t alg;
|
||||||
|
grub_uint16_t keylen;
|
||||||
|
grub_uint16_t unused3[5];
|
||||||
|
grub_uint32_t sector_size;
|
||||||
|
grub_uint8_t keys_used;
|
||||||
|
grub_uint32_t niter;
|
||||||
|
grub_uint8_t salt[64];
|
||||||
|
struct grub_geli_key keys[2];
|
||||||
|
} __attribute__ ((packed));
|
||||||
|
|
||||||
|
enum
|
||||||
|
{
|
||||||
|
GRUB_GELI_FLAGS_ONETIME = 1,
|
||||||
|
GRUB_GELI_FLAGS_BOOT = 2,
|
||||||
|
};
|
||||||
|
|
||||||
|
/* FIXME: support version 0. */
|
||||||
|
/* FIXME: support big-endian pre-version-4 volumes. */
|
||||||
|
/* FIXME: support for keyfiles. */
|
||||||
|
/* FIXME: support for HMAC. */
|
||||||
|
const char *algorithms[] = {
|
||||||
|
[0x01] = "des",
|
||||||
|
[0x02] = "3des",
|
||||||
|
[0x03] = "blowfish",
|
||||||
|
[0x04] = "cast5",
|
||||||
|
/* FIXME: 0x05 is skipjack, but we don't have it. */
|
||||||
|
[0x0b] = "aes",
|
||||||
|
/* FIXME: 0x10 is null. */
|
||||||
|
[0x15] = "camellia128",
|
||||||
|
[0x16] = "aes"
|
||||||
|
};
|
||||||
|
|
||||||
|
#define MAX_PASSPHRASE 256
|
||||||
|
|
||||||
|
static gcry_err_code_t
|
||||||
|
geli_rekey (struct grub_cryptodisk *dev, grub_uint64_t zoneno)
|
||||||
|
{
|
||||||
|
gcry_err_code_t gcry_err;
|
||||||
|
const struct {
|
||||||
|
char magic[4];
|
||||||
|
grub_uint64_t zone;
|
||||||
|
} __attribute__ ((packed)) tohash
|
||||||
|
= { {'e', 'k', 'e', 'y'}, grub_cpu_to_le64 (zoneno) };
|
||||||
|
grub_uint64_t key[(dev->hash->mdlen + 7) / 8];
|
||||||
|
|
||||||
|
grub_dprintf ("geli", "rekeying %" PRIuGRUB_UINT64_T " keysize=%d\n",
|
||||||
|
zoneno, dev->rekey_derived_size);
|
||||||
|
gcry_err = grub_crypto_hmac_buffer (dev->hash, dev->rekey_key, 64,
|
||||||
|
&tohash, sizeof (tohash), key);
|
||||||
|
if (gcry_err)
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
|
||||||
|
return grub_cryptodisk_setkey (dev, (grub_uint8_t *) key,
|
||||||
|
dev->rekey_derived_size);
|
||||||
|
}
|
||||||
|
|
||||||
|
static inline int
|
||||||
|
ascii2hex (char c)
|
||||||
|
{
|
||||||
|
if (c >= '0' && c <= '9')
|
||||||
|
return c - '0';
|
||||||
|
if (c >= 'a' && c <= 'f')
|
||||||
|
return c - 'a' + 10;
|
||||||
|
if (c >= 'A' && c <= 'F')
|
||||||
|
return c - 'A' + 10;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static inline gcry_err_code_t
|
||||||
|
make_uuid (const struct grub_geli_phdr *header,
|
||||||
|
char *uuid)
|
||||||
|
{
|
||||||
|
grub_uint8_t uuidbin[GRUB_MD_SHA256->mdlen];
|
||||||
|
gcry_err_code_t err;
|
||||||
|
grub_uint8_t *iptr;
|
||||||
|
char *optr;
|
||||||
|
|
||||||
|
err = grub_crypto_hmac_buffer (GRUB_MD_SHA256,
|
||||||
|
header->salt, sizeof (header->salt),
|
||||||
|
"uuid", sizeof ("uuid") - 1, uuidbin);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
optr = uuid;
|
||||||
|
for (iptr = uuidbin; iptr < &uuidbin[ARRAY_SIZE (uuidbin)]; iptr++)
|
||||||
|
{
|
||||||
|
grub_snprintf (optr, 3, "%02x", *iptr);
|
||||||
|
optr += 2;
|
||||||
|
}
|
||||||
|
*optr = 0;
|
||||||
|
return GPG_ERR_NO_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
|
||||||
|
#include <errno.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/stat.h>
|
||||||
|
#include <fcntl.h>
|
||||||
|
#include <grub/emu/hostdisk.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <grub/emu/misc.h>
|
||||||
|
|
||||||
|
char *
|
||||||
|
grub_util_get_geli_uuid (const char *dev)
|
||||||
|
{
|
||||||
|
int fd = open (dev, O_RDONLY);
|
||||||
|
grub_uint64_t s;
|
||||||
|
unsigned log_secsize;
|
||||||
|
grub_uint8_t hdr[512];
|
||||||
|
struct grub_geli_phdr *header;
|
||||||
|
char *uuid;
|
||||||
|
gcry_err_code_t err;
|
||||||
|
|
||||||
|
if (fd < 0)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
s = grub_util_get_fd_sectors (fd, &log_secsize);
|
||||||
|
grub_util_fd_seek (fd, dev, (s << log_secsize) - 512);
|
||||||
|
|
||||||
|
uuid = xmalloc (GRUB_MD_SHA256->mdlen * 2 + 1);
|
||||||
|
if (grub_util_fd_read (fd, (void *) &hdr, 512) < 0)
|
||||||
|
grub_util_error ("couldn't read ELI metadata");
|
||||||
|
|
||||||
|
COMPILE_TIME_ASSERT (sizeof (header) <= 512);
|
||||||
|
header = (void *) &hdr;
|
||||||
|
|
||||||
|
/* Look for GELI magic sequence. */
|
||||||
|
if (grub_memcmp (header->magic, GELI_MAGIC, sizeof (GELI_MAGIC))
|
||||||
|
|| grub_le_to_cpu32 (header->version) > 5
|
||||||
|
|| grub_le_to_cpu32 (header->version) < 1)
|
||||||
|
grub_util_error ("wrong ELI magic or version");
|
||||||
|
|
||||||
|
err = make_uuid ((void *) &hdr, uuid);
|
||||||
|
if (err)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
return uuid;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
static grub_cryptodisk_t
|
||||||
|
configure_ciphers (grub_disk_t disk, const char *check_uuid,
|
||||||
|
int boot_only)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_t newdev;
|
||||||
|
struct grub_geli_phdr header;
|
||||||
|
grub_crypto_cipher_handle_t cipher = NULL, secondary_cipher = NULL;
|
||||||
|
const struct gcry_cipher_spec *ciph;
|
||||||
|
const char *ciphername = NULL;
|
||||||
|
gcry_err_code_t gcry_err;
|
||||||
|
char uuid[GRUB_MD_SHA256->mdlen * 2 + 1];
|
||||||
|
grub_disk_addr_t sector;
|
||||||
|
grub_err_t err;
|
||||||
|
|
||||||
|
sector = grub_disk_get_size (disk);
|
||||||
|
if (sector == GRUB_DISK_SIZE_UNKNOWN || sector == 0)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
/* Read the GELI header. */
|
||||||
|
err = grub_disk_read (disk, sector - 1, 0, sizeof (header), &header);
|
||||||
|
if (err)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
/* Look for GELI magic sequence. */
|
||||||
|
if (grub_memcmp (header.magic, GELI_MAGIC, sizeof (GELI_MAGIC))
|
||||||
|
|| grub_le_to_cpu32 (header.version) > 5
|
||||||
|
|| grub_le_to_cpu32 (header.version) < 1)
|
||||||
|
{
|
||||||
|
grub_dprintf ("geli", "wrong magic %02x\n", header.magic[0]);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((grub_le_to_cpu32 (header.sector_size)
|
||||||
|
& (grub_le_to_cpu32 (header.sector_size) - 1))
|
||||||
|
|| grub_le_to_cpu32 (header.sector_size) == 0)
|
||||||
|
{
|
||||||
|
grub_dprintf ("geli", "incorrect sector size %d\n",
|
||||||
|
grub_le_to_cpu32 (header.sector_size));
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (grub_le_to_cpu32 (header.flags) & GRUB_GELI_FLAGS_ONETIME)
|
||||||
|
{
|
||||||
|
grub_dprintf ("geli", "skipping one-time volume\n");
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (boot_only && !(grub_le_to_cpu32 (header.flags) & GRUB_GELI_FLAGS_BOOT))
|
||||||
|
{
|
||||||
|
grub_dprintf ("geli", "not a boot volume\n");
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
gcry_err = make_uuid (&header, uuid);
|
||||||
|
if (gcry_err)
|
||||||
|
{
|
||||||
|
grub_crypto_gcry_error (gcry_err);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0)
|
||||||
|
{
|
||||||
|
grub_dprintf ("geli", "%s != %s\n", uuid, check_uuid);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (grub_le_to_cpu16 (header.alg) >= ARRAY_SIZE (algorithms)
|
||||||
|
|| algorithms[grub_le_to_cpu16 (header.alg)] == NULL)
|
||||||
|
{
|
||||||
|
grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher 0x%x unknown",
|
||||||
|
grub_le_to_cpu16 (header.alg));
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
ciphername = algorithms[grub_le_to_cpu16 (header.alg)];
|
||||||
|
ciph = grub_crypto_lookup_cipher_by_name (ciphername);
|
||||||
|
if (!ciph)
|
||||||
|
{
|
||||||
|
grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher %s isn't available",
|
||||||
|
ciphername);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Configure the cipher used for the bulk data. */
|
||||||
|
cipher = grub_crypto_cipher_open (ciph);
|
||||||
|
if (!cipher)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
if (grub_le_to_cpu16 (header.alg) == 0x16)
|
||||||
|
{
|
||||||
|
secondary_cipher = grub_crypto_cipher_open (ciph);
|
||||||
|
if (!secondary_cipher)
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (grub_le_to_cpu16 (header.keylen) > 1024)
|
||||||
|
{
|
||||||
|
grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid keysize %d",
|
||||||
|
grub_le_to_cpu16 (header.keylen));
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
newdev = grub_zalloc (sizeof (struct grub_cryptodisk));
|
||||||
|
if (!newdev)
|
||||||
|
return NULL;
|
||||||
|
newdev->cipher = cipher;
|
||||||
|
newdev->secondary_cipher = secondary_cipher;
|
||||||
|
newdev->offset = 0;
|
||||||
|
newdev->source_disk = NULL;
|
||||||
|
newdev->benbi_log = 0;
|
||||||
|
if (grub_le_to_cpu16 (header.alg) == 0x16)
|
||||||
|
{
|
||||||
|
newdev->mode = GRUB_CRYPTODISK_MODE_XTS;
|
||||||
|
newdev->mode_iv = GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
newdev->mode = GRUB_CRYPTODISK_MODE_CBC;
|
||||||
|
newdev->mode_iv = GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64_HASH;
|
||||||
|
}
|
||||||
|
newdev->essiv_cipher = NULL;
|
||||||
|
newdev->essiv_hash = NULL;
|
||||||
|
newdev->hash = GRUB_MD_SHA512;
|
||||||
|
newdev->iv_hash = GRUB_MD_SHA256;
|
||||||
|
|
||||||
|
for (newdev->log_sector_size = 0;
|
||||||
|
(1U << newdev->log_sector_size) < grub_le_to_cpu32 (header.sector_size);
|
||||||
|
newdev->log_sector_size++);
|
||||||
|
|
||||||
|
if (grub_le_to_cpu32 (header.version) >= 5)
|
||||||
|
{
|
||||||
|
newdev->rekey = geli_rekey;
|
||||||
|
newdev->rekey_shift = 20;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
newdev->modname = "geli";
|
||||||
|
#endif
|
||||||
|
|
||||||
|
newdev->total_length = grub_disk_get_size (disk) - 1;
|
||||||
|
grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid));
|
||||||
|
COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= 32 * 2 + 1);
|
||||||
|
return newdev;
|
||||||
|
}
|
||||||
|
|
||||||
|
static grub_err_t
|
||||||
|
recover_key (grub_disk_t source, grub_cryptodisk_t dev)
|
||||||
|
{
|
||||||
|
grub_size_t keysize;
|
||||||
|
grub_uint8_t digest[dev->hash->mdlen];
|
||||||
|
grub_uint8_t geomkey[dev->hash->mdlen];
|
||||||
|
grub_uint8_t verify_key[dev->hash->mdlen];
|
||||||
|
grub_uint8_t zero[dev->cipher->cipher->blocksize];
|
||||||
|
char passphrase[MAX_PASSPHRASE] = "";
|
||||||
|
unsigned i;
|
||||||
|
gcry_err_code_t gcry_err;
|
||||||
|
struct grub_geli_phdr header;
|
||||||
|
char *tmp;
|
||||||
|
grub_disk_addr_t sector;
|
||||||
|
grub_err_t err;
|
||||||
|
|
||||||
|
sector = grub_disk_get_size (source);
|
||||||
|
if (sector == GRUB_DISK_SIZE_UNKNOWN || sector == 0)
|
||||||
|
return grub_error (GRUB_ERR_OUT_OF_RANGE, "not a geli");
|
||||||
|
|
||||||
|
/* Read the GELI header. */
|
||||||
|
err = grub_disk_read (source, sector - 1, 0, sizeof (header), &header);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
keysize = grub_le_to_cpu16 (header.keylen) / 8;
|
||||||
|
grub_memset (zero, 0, sizeof (zero));
|
||||||
|
|
||||||
|
grub_printf ("Attempting to decrypt master key...\n");
|
||||||
|
|
||||||
|
/* Get the passphrase from the user. */
|
||||||
|
tmp = NULL;
|
||||||
|
if (source->partition)
|
||||||
|
tmp = grub_partition_get_name (source->partition);
|
||||||
|
grub_printf ("Enter passphrase for %s%s%s (%s): ", source->name,
|
||||||
|
source->partition ? "," : "", tmp ? : "",
|
||||||
|
dev->uuid);
|
||||||
|
grub_free (tmp);
|
||||||
|
if (!grub_password_get (passphrase, MAX_PASSPHRASE))
|
||||||
|
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
|
||||||
|
|
||||||
|
/* Calculate the PBKDF2 of the user supplied passphrase. */
|
||||||
|
if (grub_le_to_cpu32 (header.niter) != 0)
|
||||||
|
{
|
||||||
|
grub_uint8_t pbkdf_key[64];
|
||||||
|
gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase,
|
||||||
|
grub_strlen (passphrase),
|
||||||
|
header.salt,
|
||||||
|
sizeof (header.salt),
|
||||||
|
grub_le_to_cpu32 (header.niter),
|
||||||
|
pbkdf_key, sizeof (pbkdf_key));
|
||||||
|
|
||||||
|
if (gcry_err)
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
|
||||||
|
gcry_err = grub_crypto_hmac_buffer (dev->hash, NULL, 0, pbkdf_key,
|
||||||
|
sizeof (pbkdf_key), geomkey);
|
||||||
|
if (gcry_err)
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
struct grub_crypto_hmac_handle *hnd;
|
||||||
|
|
||||||
|
hnd = grub_crypto_hmac_init (dev->hash, NULL, 0);
|
||||||
|
if (!hnd)
|
||||||
|
return grub_crypto_gcry_error (GPG_ERR_OUT_OF_MEMORY);
|
||||||
|
|
||||||
|
grub_crypto_hmac_write (hnd, header.salt, sizeof (header.salt));
|
||||||
|
grub_crypto_hmac_write (hnd, passphrase, grub_strlen (passphrase));
|
||||||
|
|
||||||
|
gcry_err = grub_crypto_hmac_fini (hnd, geomkey);
|
||||||
|
if (gcry_err)
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
}
|
||||||
|
|
||||||
|
gcry_err = grub_crypto_hmac_buffer (dev->hash, geomkey,
|
||||||
|
sizeof (geomkey), "\1", 1, digest);
|
||||||
|
if (gcry_err)
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
|
||||||
|
gcry_err = grub_crypto_hmac_buffer (dev->hash, geomkey,
|
||||||
|
sizeof (geomkey), "\0", 1, verify_key);
|
||||||
|
if (gcry_err)
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
|
||||||
|
grub_dprintf ("geli", "keylen = %" PRIuGRUB_SIZE "\n", keysize);
|
||||||
|
|
||||||
|
/* Try to recover master key from each active keyslot. */
|
||||||
|
for (i = 0; i < ARRAY_SIZE (header.keys); i++)
|
||||||
|
{
|
||||||
|
struct grub_geli_key candidate_key;
|
||||||
|
grub_uint8_t key_hmac[dev->hash->mdlen];
|
||||||
|
|
||||||
|
/* Check if keyslot is enabled. */
|
||||||
|
if (! (header.keys_used & (1 << i)))
|
||||||
|
continue;
|
||||||
|
|
||||||
|
grub_dprintf ("geli", "Trying keyslot %d\n", i);
|
||||||
|
|
||||||
|
gcry_err = grub_crypto_cipher_set_key (dev->cipher,
|
||||||
|
digest, keysize);
|
||||||
|
if (gcry_err)
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
|
||||||
|
gcry_err = grub_crypto_cbc_decrypt (dev->cipher, &candidate_key,
|
||||||
|
&header.keys[i],
|
||||||
|
sizeof (candidate_key),
|
||||||
|
zero);
|
||||||
|
if (gcry_err)
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
|
||||||
|
gcry_err = grub_crypto_hmac_buffer (dev->hash, verify_key,
|
||||||
|
sizeof (verify_key),
|
||||||
|
&candidate_key,
|
||||||
|
(sizeof (candidate_key)
|
||||||
|
- sizeof (candidate_key.hmac)),
|
||||||
|
key_hmac);
|
||||||
|
if (gcry_err)
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
|
||||||
|
if (grub_memcmp (candidate_key.hmac, key_hmac, dev->hash->mdlen) != 0)
|
||||||
|
continue;
|
||||||
|
grub_printf ("Slot %d opened\n", i);
|
||||||
|
|
||||||
|
/* Set the master key. */
|
||||||
|
if (!dev->rekey)
|
||||||
|
{
|
||||||
|
grub_size_t real_keysize = keysize;
|
||||||
|
if (grub_le_to_cpu16 (header.alg) == 0x16)
|
||||||
|
real_keysize *= 2;
|
||||||
|
gcry_err = grub_cryptodisk_setkey (dev, candidate_key.cipher_key,
|
||||||
|
real_keysize);
|
||||||
|
if (gcry_err)
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
grub_size_t real_keysize = keysize;
|
||||||
|
if (grub_le_to_cpu16 (header.alg) == 0x16)
|
||||||
|
real_keysize *= 2;
|
||||||
|
/* For a reason I don't know, the IV key is used in rekeying. */
|
||||||
|
grub_memcpy (dev->rekey_key, candidate_key.iv_key,
|
||||||
|
sizeof (candidate_key.iv_key));
|
||||||
|
dev->rekey_derived_size = real_keysize;
|
||||||
|
dev->last_rekey = -1;
|
||||||
|
COMPILE_TIME_ASSERT (sizeof (dev->rekey_key)
|
||||||
|
>= sizeof (candidate_key.iv_key));
|
||||||
|
}
|
||||||
|
|
||||||
|
dev->iv_prefix_len = sizeof (candidate_key.iv_key);
|
||||||
|
grub_memcpy (dev->iv_prefix, candidate_key.iv_key,
|
||||||
|
sizeof (candidate_key.iv_key));
|
||||||
|
|
||||||
|
COMPILE_TIME_ASSERT (sizeof (dev->iv_prefix) >= sizeof (candidate_key.iv_key));
|
||||||
|
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
return GRUB_ACCESS_DENIED;
|
||||||
|
}
|
||||||
|
|
||||||
|
struct grub_cryptodisk_dev geli_crypto = {
|
||||||
|
.scan = configure_ciphers,
|
||||||
|
.recover_key = recover_key
|
||||||
|
};
|
||||||
|
|
||||||
|
GRUB_MOD_INIT (geli)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_dev_register (&geli_crypto);
|
||||||
|
}
|
||||||
|
|
||||||
|
GRUB_MOD_FINI (geli)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_dev_unregister (&geli_crypto);
|
||||||
|
}
|
470
grub-core/disk/luks.c
Normal file
470
grub-core/disk/luks.c
Normal file
|
@ -0,0 +1,470 @@
|
||||||
|
/*
|
||||||
|
* GRUB -- GRand Unified Bootloader
|
||||||
|
* Copyright (C) 2003,2007,2010,2011 Free Software Foundation, Inc.
|
||||||
|
*
|
||||||
|
* GRUB is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* GRUB is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <grub/cryptodisk.h>
|
||||||
|
#include <grub/types.h>
|
||||||
|
#include <grub/misc.h>
|
||||||
|
#include <grub/mm.h>
|
||||||
|
#include <grub/dl.h>
|
||||||
|
#include <grub/err.h>
|
||||||
|
#include <grub/disk.h>
|
||||||
|
#include <grub/crypto.h>
|
||||||
|
#include <grub/partition.h>
|
||||||
|
#include <grub/i18n.h>
|
||||||
|
|
||||||
|
GRUB_MOD_LICENSE ("GPLv3+");
|
||||||
|
|
||||||
|
#define MAX_PASSPHRASE 256
|
||||||
|
|
||||||
|
#define LUKS_KEY_ENABLED 0x00AC71F3
|
||||||
|
|
||||||
|
/* On disk LUKS header */
|
||||||
|
struct grub_luks_phdr
|
||||||
|
{
|
||||||
|
grub_uint8_t magic[6];
|
||||||
|
#define LUKS_MAGIC "LUKS\xBA\xBE"
|
||||||
|
grub_uint16_t version;
|
||||||
|
char cipherName[32];
|
||||||
|
char cipherMode[32];
|
||||||
|
char hashSpec[32];
|
||||||
|
grub_uint32_t payloadOffset;
|
||||||
|
grub_uint32_t keyBytes;
|
||||||
|
grub_uint8_t mkDigest[20];
|
||||||
|
grub_uint8_t mkDigestSalt[32];
|
||||||
|
grub_uint32_t mkDigestIterations;
|
||||||
|
char uuid[40];
|
||||||
|
struct
|
||||||
|
{
|
||||||
|
grub_uint32_t active;
|
||||||
|
grub_uint32_t passwordIterations;
|
||||||
|
grub_uint8_t passwordSalt[32];
|
||||||
|
grub_uint32_t keyMaterialOffset;
|
||||||
|
grub_uint32_t stripes;
|
||||||
|
} keyblock[8];
|
||||||
|
} __attribute__ ((packed));
|
||||||
|
|
||||||
|
typedef struct grub_luks_phdr *grub_luks_phdr_t;
|
||||||
|
|
||||||
|
gcry_err_code_t AF_merge (const gcry_md_spec_t * hash, grub_uint8_t * src,
|
||||||
|
grub_uint8_t * dst, grub_size_t blocksize,
|
||||||
|
grub_size_t blocknumbers);
|
||||||
|
|
||||||
|
static grub_cryptodisk_t
|
||||||
|
configure_ciphers (grub_disk_t disk, const char *check_uuid,
|
||||||
|
int check_boot)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_t newdev;
|
||||||
|
const char *iptr;
|
||||||
|
struct grub_luks_phdr header;
|
||||||
|
char *optr;
|
||||||
|
char uuid[sizeof (header.uuid) + 1];
|
||||||
|
char ciphername[sizeof (header.cipherName) + 1];
|
||||||
|
char ciphermode[sizeof (header.cipherMode) + 1];
|
||||||
|
char *cipheriv = NULL;
|
||||||
|
char hashspec[sizeof (header.hashSpec) + 1];
|
||||||
|
grub_crypto_cipher_handle_t cipher = NULL, secondary_cipher = NULL;
|
||||||
|
grub_crypto_cipher_handle_t essiv_cipher = NULL;
|
||||||
|
const gcry_md_spec_t *hash = NULL, *essiv_hash = NULL;
|
||||||
|
const struct gcry_cipher_spec *ciph;
|
||||||
|
grub_cryptodisk_mode_t mode;
|
||||||
|
grub_cryptodisk_mode_iv_t mode_iv;
|
||||||
|
int benbi_log = 0;
|
||||||
|
grub_err_t err;
|
||||||
|
|
||||||
|
if (check_boot)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
/* Read the LUKS header. */
|
||||||
|
err = grub_disk_read (disk, 0, 0, sizeof (header), &header);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
if (err == GRUB_ERR_OUT_OF_RANGE)
|
||||||
|
grub_errno = GRUB_ERR_NONE;
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Look for LUKS magic sequence. */
|
||||||
|
if (grub_memcmp (header.magic, LUKS_MAGIC, sizeof (header.magic))
|
||||||
|
|| grub_be_to_cpu16 (header.version) != 1)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
optr = uuid;
|
||||||
|
for (iptr = header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid)];
|
||||||
|
iptr++)
|
||||||
|
{
|
||||||
|
if (*iptr != '-')
|
||||||
|
*optr++ = *iptr;
|
||||||
|
}
|
||||||
|
*optr = 0;
|
||||||
|
|
||||||
|
if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0)
|
||||||
|
{
|
||||||
|
grub_dprintf ("luks", "%s != %s\n", uuid, check_uuid);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Make sure that strings are null terminated. */
|
||||||
|
grub_memcpy (ciphername, header.cipherName, sizeof (header.cipherName));
|
||||||
|
ciphername[sizeof (header.cipherName)] = 0;
|
||||||
|
grub_memcpy (ciphermode, header.cipherMode, sizeof (header.cipherMode));
|
||||||
|
ciphermode[sizeof (header.cipherMode)] = 0;
|
||||||
|
grub_memcpy (hashspec, header.hashSpec, sizeof (header.hashSpec));
|
||||||
|
hashspec[sizeof (header.hashSpec)] = 0;
|
||||||
|
|
||||||
|
ciph = grub_crypto_lookup_cipher_by_name (ciphername);
|
||||||
|
if (!ciph)
|
||||||
|
{
|
||||||
|
grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher %s isn't available",
|
||||||
|
ciphername);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Configure the cipher used for the bulk data. */
|
||||||
|
cipher = grub_crypto_cipher_open (ciph);
|
||||||
|
if (!cipher)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
if (grub_be_to_cpu32 (header.keyBytes) > 1024)
|
||||||
|
{
|
||||||
|
grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid keysize %d",
|
||||||
|
grub_be_to_cpu32 (header.keyBytes));
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Configure the cipher mode. */
|
||||||
|
if (grub_strcmp (ciphermode, "ecb") == 0)
|
||||||
|
{
|
||||||
|
mode = GRUB_CRYPTODISK_MODE_ECB;
|
||||||
|
mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
|
||||||
|
cipheriv = NULL;
|
||||||
|
}
|
||||||
|
else if (grub_strcmp (ciphermode, "plain") == 0)
|
||||||
|
{
|
||||||
|
mode = GRUB_CRYPTODISK_MODE_CBC;
|
||||||
|
mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
|
||||||
|
cipheriv = NULL;
|
||||||
|
}
|
||||||
|
else if (grub_memcmp (ciphermode, "cbc-", sizeof ("cbc-") - 1) == 0)
|
||||||
|
{
|
||||||
|
mode = GRUB_CRYPTODISK_MODE_CBC;
|
||||||
|
cipheriv = ciphermode + sizeof ("cbc-") - 1;
|
||||||
|
}
|
||||||
|
else if (grub_memcmp (ciphermode, "pcbc-", sizeof ("pcbc-") - 1) == 0)
|
||||||
|
{
|
||||||
|
mode = GRUB_CRYPTODISK_MODE_PCBC;
|
||||||
|
cipheriv = ciphermode + sizeof ("pcbc-") - 1;
|
||||||
|
}
|
||||||
|
else if (grub_memcmp (ciphermode, "xts-", sizeof ("xts-") - 1) == 0)
|
||||||
|
{
|
||||||
|
mode = GRUB_CRYPTODISK_MODE_XTS;
|
||||||
|
cipheriv = ciphermode + sizeof ("xts-") - 1;
|
||||||
|
secondary_cipher = grub_crypto_cipher_open (ciph);
|
||||||
|
if (!secondary_cipher)
|
||||||
|
{
|
||||||
|
grub_crypto_cipher_close (cipher);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
|
||||||
|
{
|
||||||
|
grub_crypto_cipher_close (cipher);
|
||||||
|
grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d",
|
||||||
|
cipher->cipher->blocksize);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
if (secondary_cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
|
||||||
|
{
|
||||||
|
grub_crypto_cipher_close (cipher);
|
||||||
|
grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d",
|
||||||
|
secondary_cipher->cipher->blocksize);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if (grub_memcmp (ciphermode, "lrw-", sizeof ("lrw-") - 1) == 0)
|
||||||
|
{
|
||||||
|
mode = GRUB_CRYPTODISK_MODE_LRW;
|
||||||
|
cipheriv = ciphermode + sizeof ("lrw-") - 1;
|
||||||
|
if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
|
||||||
|
{
|
||||||
|
grub_crypto_cipher_close (cipher);
|
||||||
|
grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported LRW block size: %d",
|
||||||
|
cipher->cipher->blocksize);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
grub_crypto_cipher_close (cipher);
|
||||||
|
grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown cipher mode: %s",
|
||||||
|
ciphermode);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (cipheriv == NULL);
|
||||||
|
else if (grub_memcmp (cipheriv, "plain", sizeof ("plain") - 1) == 0)
|
||||||
|
mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
|
||||||
|
else if (grub_memcmp (cipheriv, "plain64", sizeof ("plain64") - 1) == 0)
|
||||||
|
mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64;
|
||||||
|
else if (grub_memcmp (cipheriv, "benbi", sizeof ("benbi") - 1) == 0)
|
||||||
|
{
|
||||||
|
if (cipher->cipher->blocksize & (cipher->cipher->blocksize - 1)
|
||||||
|
|| cipher->cipher->blocksize == 0)
|
||||||
|
grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported benbi blocksize: %d",
|
||||||
|
cipher->cipher->blocksize);
|
||||||
|
for (benbi_log = 0;
|
||||||
|
(cipher->cipher->blocksize << benbi_log) < GRUB_DISK_SECTOR_SIZE;
|
||||||
|
benbi_log++);
|
||||||
|
mode_iv = GRUB_CRYPTODISK_MODE_IV_BENBI;
|
||||||
|
}
|
||||||
|
else if (grub_memcmp (cipheriv, "null", sizeof ("null") - 1) == 0)
|
||||||
|
mode_iv = GRUB_CRYPTODISK_MODE_IV_NULL;
|
||||||
|
else if (grub_memcmp (cipheriv, "essiv:", sizeof ("essiv:") - 1) == 0)
|
||||||
|
{
|
||||||
|
char *hash_str = cipheriv + 6;
|
||||||
|
|
||||||
|
mode_iv = GRUB_CRYPTODISK_MODE_IV_ESSIV;
|
||||||
|
|
||||||
|
/* Configure the hash and cipher used for ESSIV. */
|
||||||
|
essiv_hash = grub_crypto_lookup_md_by_name (hash_str);
|
||||||
|
if (!essiv_hash)
|
||||||
|
{
|
||||||
|
grub_crypto_cipher_close (cipher);
|
||||||
|
grub_error (GRUB_ERR_FILE_NOT_FOUND,
|
||||||
|
"Couldn't load %s hash", hash_str);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
essiv_cipher = grub_crypto_cipher_open (ciph);
|
||||||
|
if (!essiv_cipher)
|
||||||
|
{
|
||||||
|
grub_crypto_cipher_close (cipher);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
grub_crypto_cipher_close (cipher);
|
||||||
|
grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown IV mode: %s",
|
||||||
|
cipheriv);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Configure the hash used for the AF splitter and HMAC. */
|
||||||
|
hash = grub_crypto_lookup_md_by_name (hashspec);
|
||||||
|
if (!hash)
|
||||||
|
{
|
||||||
|
grub_crypto_cipher_close (cipher);
|
||||||
|
grub_crypto_cipher_close (essiv_cipher);
|
||||||
|
grub_crypto_cipher_close (secondary_cipher);
|
||||||
|
grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
|
||||||
|
hashspec);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
newdev = grub_zalloc (sizeof (struct grub_cryptodisk));
|
||||||
|
if (!newdev)
|
||||||
|
return NULL;
|
||||||
|
newdev->cipher = cipher;
|
||||||
|
newdev->offset = grub_be_to_cpu32 (header.payloadOffset);
|
||||||
|
newdev->source_disk = NULL;
|
||||||
|
newdev->benbi_log = benbi_log;
|
||||||
|
newdev->mode = mode;
|
||||||
|
newdev->mode_iv = mode_iv;
|
||||||
|
newdev->secondary_cipher = secondary_cipher;
|
||||||
|
newdev->essiv_cipher = essiv_cipher;
|
||||||
|
newdev->essiv_hash = essiv_hash;
|
||||||
|
newdev->hash = hash;
|
||||||
|
newdev->log_sector_size = 9;
|
||||||
|
newdev->total_length = grub_disk_get_size (disk) - newdev->offset;
|
||||||
|
grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid));
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
newdev->modname = "luks";
|
||||||
|
#endif
|
||||||
|
COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid));
|
||||||
|
return newdev;
|
||||||
|
}
|
||||||
|
|
||||||
|
static grub_err_t
|
||||||
|
luks_recover_key (grub_disk_t source,
|
||||||
|
grub_cryptodisk_t dev)
|
||||||
|
{
|
||||||
|
struct grub_luks_phdr header;
|
||||||
|
grub_size_t keysize;
|
||||||
|
grub_uint8_t *split_key = NULL;
|
||||||
|
char passphrase[MAX_PASSPHRASE] = "";
|
||||||
|
grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
|
||||||
|
unsigned i;
|
||||||
|
grub_size_t length;
|
||||||
|
grub_err_t err;
|
||||||
|
grub_size_t max_stripes = 1;
|
||||||
|
char *tmp;
|
||||||
|
|
||||||
|
err = grub_disk_read (source, 0, 0, sizeof (header), &header);
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
|
||||||
|
grub_printf ("Attempting to decrypt master key...\n");
|
||||||
|
keysize = grub_be_to_cpu32 (header.keyBytes);
|
||||||
|
|
||||||
|
for (i = 0; i < ARRAY_SIZE (header.keyblock); i++)
|
||||||
|
if (grub_be_to_cpu32 (header.keyblock[i].active) == LUKS_KEY_ENABLED
|
||||||
|
&& grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes)
|
||||||
|
max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes);
|
||||||
|
|
||||||
|
split_key = grub_malloc (keysize * max_stripes);
|
||||||
|
if (!split_key)
|
||||||
|
return grub_errno;
|
||||||
|
|
||||||
|
/* Get the passphrase from the user. */
|
||||||
|
tmp = NULL;
|
||||||
|
if (source->partition)
|
||||||
|
tmp = grub_partition_get_name (source->partition);
|
||||||
|
grub_printf ("Enter passphrase for %s%s%s (%s): ", source->name,
|
||||||
|
source->partition ? "," : "", tmp ? : "",
|
||||||
|
dev->uuid);
|
||||||
|
grub_free (tmp);
|
||||||
|
if (!grub_password_get (passphrase, MAX_PASSPHRASE))
|
||||||
|
{
|
||||||
|
grub_free (split_key);
|
||||||
|
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Try to recover master key from each active keyslot. */
|
||||||
|
for (i = 0; i < ARRAY_SIZE (header.keyblock); i++)
|
||||||
|
{
|
||||||
|
gcry_err_code_t gcry_err;
|
||||||
|
grub_uint8_t candidate_key[keysize];
|
||||||
|
grub_uint8_t digest[keysize];
|
||||||
|
|
||||||
|
/* Check if keyslot is enabled. */
|
||||||
|
if (grub_be_to_cpu32 (header.keyblock[i].active) != LUKS_KEY_ENABLED)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
grub_dprintf ("luks", "Trying keyslot %d\n", i);
|
||||||
|
|
||||||
|
/* Calculate the PBKDF2 of the user supplied passphrase. */
|
||||||
|
gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase,
|
||||||
|
grub_strlen (passphrase),
|
||||||
|
header.keyblock[i].passwordSalt,
|
||||||
|
sizeof (header.keyblock[i].passwordSalt),
|
||||||
|
grub_be_to_cpu32 (header.keyblock[i].
|
||||||
|
passwordIterations),
|
||||||
|
digest, keysize);
|
||||||
|
|
||||||
|
if (gcry_err)
|
||||||
|
{
|
||||||
|
grub_free (split_key);
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
}
|
||||||
|
|
||||||
|
grub_dprintf ("luks", "PBKDF2 done\n");
|
||||||
|
|
||||||
|
gcry_err = grub_cryptodisk_setkey (dev, digest, keysize);
|
||||||
|
if (gcry_err)
|
||||||
|
{
|
||||||
|
grub_free (split_key);
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
}
|
||||||
|
|
||||||
|
length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes));
|
||||||
|
|
||||||
|
/* Read and decrypt the key material from the disk. */
|
||||||
|
err = grub_disk_read (source,
|
||||||
|
grub_be_to_cpu32 (header.keyblock
|
||||||
|
[i].keyMaterialOffset), 0,
|
||||||
|
length, split_key);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
grub_free (split_key);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
gcry_err = grub_cryptodisk_decrypt (dev, split_key, length, 0);
|
||||||
|
if (gcry_err)
|
||||||
|
{
|
||||||
|
grub_free (split_key);
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Merge the decrypted key material to get the candidate master key. */
|
||||||
|
gcry_err = AF_merge (dev->hash, split_key, candidate_key, keysize,
|
||||||
|
grub_be_to_cpu32 (header.keyblock[i].stripes));
|
||||||
|
if (gcry_err)
|
||||||
|
{
|
||||||
|
grub_free (split_key);
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
}
|
||||||
|
|
||||||
|
grub_dprintf ("luks", "candidate key recovered\n");
|
||||||
|
|
||||||
|
/* Calculate the PBKDF2 of the candidate master key. */
|
||||||
|
gcry_err = grub_crypto_pbkdf2 (dev->hash, candidate_key,
|
||||||
|
grub_be_to_cpu32 (header.keyBytes),
|
||||||
|
header.mkDigestSalt,
|
||||||
|
sizeof (header.mkDigestSalt),
|
||||||
|
grub_be_to_cpu32
|
||||||
|
(header.mkDigestIterations),
|
||||||
|
candidate_digest,
|
||||||
|
sizeof (candidate_digest));
|
||||||
|
if (gcry_err)
|
||||||
|
{
|
||||||
|
grub_free (split_key);
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Compare the calculated PBKDF2 to the digest stored
|
||||||
|
in the header to see if it's correct. */
|
||||||
|
if (grub_memcmp (candidate_digest, header.mkDigest,
|
||||||
|
sizeof (header.mkDigest)) != 0)
|
||||||
|
{
|
||||||
|
grub_dprintf ("luks", "bad digest\n");
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
grub_printf ("Slot %d opened\n", i);
|
||||||
|
|
||||||
|
/* Set the master key. */
|
||||||
|
gcry_err = grub_cryptodisk_setkey (dev, candidate_key, keysize);
|
||||||
|
if (gcry_err)
|
||||||
|
{
|
||||||
|
grub_free (split_key);
|
||||||
|
return grub_crypto_gcry_error (gcry_err);
|
||||||
|
}
|
||||||
|
|
||||||
|
grub_free (split_key);
|
||||||
|
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
return GRUB_ACCESS_DENIED;
|
||||||
|
}
|
||||||
|
|
||||||
|
struct grub_cryptodisk_dev luks_crypto = {
|
||||||
|
.scan = configure_ciphers,
|
||||||
|
.recover_key = luks_recover_key
|
||||||
|
};
|
||||||
|
|
||||||
|
GRUB_MOD_INIT (luks)
|
||||||
|
{
|
||||||
|
COMPILE_TIME_ASSERT (sizeof (((struct grub_luks_phdr *) 0)->uuid)
|
||||||
|
< GRUB_CRYPTODISK_MAX_UUID_LENGTH);
|
||||||
|
grub_cryptodisk_dev_register (&luks_crypto);
|
||||||
|
}
|
||||||
|
|
||||||
|
GRUB_MOD_FINI (luks)
|
||||||
|
{
|
||||||
|
grub_cryptodisk_dev_unregister (&luks_crypto);
|
||||||
|
}
|
|
@ -33,6 +33,7 @@
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <grub/util/misc.h>
|
#include <grub/util/misc.h>
|
||||||
|
#include <grub/cryptodisk.h>
|
||||||
|
|
||||||
#ifdef HAVE_DEVICE_MAPPER
|
#ifdef HAVE_DEVICE_MAPPER
|
||||||
# include <libdevmapper.h>
|
# include <libdevmapper.h>
|
||||||
|
@ -698,58 +699,189 @@ grub_util_open_dm (const char *os_dev, struct dm_tree **tree,
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static int
|
static char *
|
||||||
grub_util_is_lvm (const char *os_dev)
|
get_dm_uuid (const char *os_dev)
|
||||||
{
|
{
|
||||||
if ((strncmp ("/dev/mapper/", os_dev, 12) != 0))
|
if ((strncmp ("/dev/mapper/", os_dev, 12) != 0))
|
||||||
return 0;
|
return NULL;
|
||||||
|
|
||||||
#ifdef HAVE_DEVICE_MAPPER
|
#ifdef HAVE_DEVICE_MAPPER
|
||||||
{
|
{
|
||||||
const char *node_uuid;
|
|
||||||
struct dm_tree *tree;
|
struct dm_tree *tree;
|
||||||
struct dm_tree_node *node;
|
struct dm_tree_node *node;
|
||||||
|
const char *node_uuid;
|
||||||
|
char *ret;
|
||||||
|
|
||||||
if (!grub_util_open_dm (os_dev, &tree, &node))
|
if (!grub_util_open_dm (os_dev, &tree, &node))
|
||||||
return 0;
|
return NULL;
|
||||||
|
|
||||||
node_uuid = dm_tree_node_get_uuid (node);
|
node_uuid = dm_tree_node_get_uuid (node);
|
||||||
if (! node_uuid)
|
if (! node_uuid)
|
||||||
{
|
{
|
||||||
grub_dprintf ("hostdisk", "%s has no DM uuid\n", os_dev);
|
grub_dprintf ("hostdisk", "%s has no DM uuid\n", os_dev);
|
||||||
dm_tree_free (tree);
|
dm_tree_free (tree);
|
||||||
return 0;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (strncmp (node_uuid, "LVM-", 4) != 0)
|
|
||||||
{
|
ret = grub_strdup (node_uuid);
|
||||||
|
|
||||||
dm_tree_free (tree);
|
dm_tree_free (tree);
|
||||||
return 0;
|
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
dm_tree_free (tree);
|
#endif
|
||||||
return 1;
|
|
||||||
}
|
return NULL;
|
||||||
#else
|
|
||||||
return 1;
|
|
||||||
#endif /* HAVE_DEVICE_MAPPER */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static enum grub_dev_abstraction_types
|
||||||
|
grub_util_get_dm_abstraction (const char *os_dev)
|
||||||
|
{
|
||||||
|
#ifdef HAVE_DEVICE_MAPPER
|
||||||
|
char *uuid;
|
||||||
|
|
||||||
|
uuid = get_dm_uuid (os_dev);
|
||||||
|
|
||||||
|
if (uuid == NULL)
|
||||||
|
return GRUB_DEV_ABSTRACTION_NONE;
|
||||||
|
|
||||||
|
if (strncmp (uuid, "LVM-", 4) == 0)
|
||||||
|
{
|
||||||
|
grub_free (uuid);
|
||||||
|
return GRUB_DEV_ABSTRACTION_LVM;
|
||||||
|
}
|
||||||
|
if (strncmp (uuid, "CRYPT-LUKS1-", 4) == 0)
|
||||||
|
{
|
||||||
|
grub_free (uuid);
|
||||||
|
return GRUB_DEV_ABSTRACTION_LUKS;
|
||||||
|
}
|
||||||
|
|
||||||
|
grub_free (uuid);
|
||||||
|
return GRUB_DEV_ABSTRACTION_NONE;
|
||||||
|
#else
|
||||||
|
if ((strncmp ("/dev/mapper/", os_dev, 12) != 0))
|
||||||
|
return GRUB_DEV_ABSTRACTION_NONE;
|
||||||
|
return GRUB_DEV_ABSTRACTION_LVM;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
#if defined (__FreeBSD__) || defined(__FreeBSD_kernel__)
|
||||||
|
#include <libgeom.h>
|
||||||
|
|
||||||
|
/* FIXME: geom actually gives us the whole container hierarchy.
|
||||||
|
It can be used more efficiently than this. */
|
||||||
|
void
|
||||||
|
grub_util_follow_gpart_up (const char *name, grub_disk_addr_t *off_out, char **name_out)
|
||||||
|
{
|
||||||
|
struct gmesh mesh;
|
||||||
|
struct gclass *class;
|
||||||
|
int error;
|
||||||
|
struct ggeom *geom;
|
||||||
|
|
||||||
|
grub_util_info ("following geom '%s'", name);
|
||||||
|
|
||||||
|
error = geom_gettree (&mesh);
|
||||||
|
if (error != 0)
|
||||||
|
grub_util_error ("couldn't open geom");
|
||||||
|
|
||||||
|
LIST_FOREACH (class, &mesh.lg_class, lg_class)
|
||||||
|
if (strcasecmp (class->lg_name, "part") == 0)
|
||||||
|
break;
|
||||||
|
if (!class)
|
||||||
|
grub_util_error ("couldn't open geom part");
|
||||||
|
|
||||||
|
LIST_FOREACH (geom, &class->lg_geom, lg_geom)
|
||||||
|
{
|
||||||
|
struct gprovider *provider;
|
||||||
|
LIST_FOREACH (provider, &geom->lg_provider, lg_provider)
|
||||||
|
if (strcmp (provider->lg_name, name) == 0)
|
||||||
|
{
|
||||||
|
char *name_tmp = xstrdup (geom->lg_name);
|
||||||
|
grub_disk_addr_t off = 0;
|
||||||
|
struct gconfig *config;
|
||||||
|
grub_util_info ("geom '%s' has parent '%s'", name, geom->lg_name);
|
||||||
|
|
||||||
|
grub_util_follow_gpart_up (name_tmp, &off, name_out);
|
||||||
|
free (name_tmp);
|
||||||
|
LIST_FOREACH (config, &provider->lg_config, lg_config)
|
||||||
|
if (strcasecmp (config->lg_name, "start") == 0)
|
||||||
|
off += strtoull (config->lg_val, 0, 10);
|
||||||
|
if (off_out)
|
||||||
|
*off_out = off;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
grub_util_info ("geom '%s' has no parent", name);
|
||||||
|
if (name_out)
|
||||||
|
*name_out = xstrdup (name);
|
||||||
|
if (off_out)
|
||||||
|
*off_out = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
static const char *
|
||||||
|
grub_util_get_geom_abstraction (const char *dev)
|
||||||
|
{
|
||||||
|
char *whole;
|
||||||
|
struct gmesh mesh;
|
||||||
|
struct gclass *class;
|
||||||
|
const char *name;
|
||||||
|
int error;
|
||||||
|
|
||||||
|
if (strncmp (dev, "/dev/", sizeof ("/dev/") - 1) != 0)
|
||||||
|
return 0;
|
||||||
|
name = dev + sizeof ("/dev/") - 1;
|
||||||
|
grub_util_follow_gpart_up (name, NULL, &whole);
|
||||||
|
|
||||||
|
grub_util_info ("following geom '%s'", name);
|
||||||
|
|
||||||
|
error = geom_gettree (&mesh);
|
||||||
|
if (error != 0)
|
||||||
|
grub_util_error ("couldn't open geom");
|
||||||
|
|
||||||
|
LIST_FOREACH (class, &mesh.lg_class, lg_class)
|
||||||
|
{
|
||||||
|
struct ggeom *geom;
|
||||||
|
LIST_FOREACH (geom, &class->lg_geom, lg_geom)
|
||||||
|
{
|
||||||
|
struct gprovider *provider;
|
||||||
|
LIST_FOREACH (provider, &geom->lg_provider, lg_provider)
|
||||||
|
if (strcmp (provider->lg_name, name) == 0)
|
||||||
|
return class->lg_name;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
int
|
int
|
||||||
grub_util_get_dev_abstraction (const char *os_dev __attribute__((unused)))
|
grub_util_get_dev_abstraction (const char *os_dev __attribute__((unused)))
|
||||||
{
|
{
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
|
enum grub_dev_abstraction_types ret;
|
||||||
|
|
||||||
/* User explicitly claims that this drive is visible by BIOS. */
|
/* User explicitly claims that this drive is visible by BIOS. */
|
||||||
if (grub_util_biosdisk_is_present (os_dev))
|
if (grub_util_biosdisk_is_present (os_dev))
|
||||||
return GRUB_DEV_ABSTRACTION_NONE;
|
return GRUB_DEV_ABSTRACTION_NONE;
|
||||||
|
|
||||||
/* Check for LVM. */
|
/* Check for LVM and LUKS. */
|
||||||
if (grub_util_is_lvm (os_dev))
|
ret = grub_util_get_dm_abstraction (os_dev);
|
||||||
return GRUB_DEV_ABSTRACTION_LVM;
|
|
||||||
|
if (ret != GRUB_DEV_ABSTRACTION_NONE)
|
||||||
|
return ret;
|
||||||
|
|
||||||
/* Check for RAID. */
|
/* Check for RAID. */
|
||||||
if (!strncmp (os_dev, "/dev/md", 7) && ! grub_util_device_is_mapped (os_dev))
|
if (!strncmp (os_dev, "/dev/md", 7) && ! grub_util_device_is_mapped (os_dev))
|
||||||
return GRUB_DEV_ABSTRACTION_RAID;
|
return GRUB_DEV_ABSTRACTION_RAID;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined (__FreeBSD__) || defined(__FreeBSD_kernel__)
|
||||||
|
const char *abs;
|
||||||
|
abs = grub_util_get_geom_abstraction (os_dev);
|
||||||
|
grub_util_info ("abstraction of %s is %s", os_dev, abs);
|
||||||
|
if (abs && grub_strcasecmp (abs, "eli") == 0)
|
||||||
|
return GRUB_DEV_ABSTRACTION_GELI;
|
||||||
|
#endif
|
||||||
|
|
||||||
/* No abstraction found. */
|
/* No abstraction found. */
|
||||||
return GRUB_DEV_ABSTRACTION_NONE;
|
return GRUB_DEV_ABSTRACTION_NONE;
|
||||||
}
|
}
|
||||||
|
@ -838,15 +970,84 @@ out:
|
||||||
void
|
void
|
||||||
grub_util_pull_device (const char *os_dev)
|
grub_util_pull_device (const char *os_dev)
|
||||||
{
|
{
|
||||||
switch (grub_util_get_dev_abstraction (os_dev))
|
int ab;
|
||||||
|
ab = grub_util_get_dev_abstraction (os_dev);
|
||||||
|
switch (ab)
|
||||||
{
|
{
|
||||||
|
case GRUB_DEV_ABSTRACTION_GELI:
|
||||||
|
{
|
||||||
|
char *whole;
|
||||||
|
struct gmesh mesh;
|
||||||
|
struct gclass *class;
|
||||||
|
const char *name;
|
||||||
|
int error;
|
||||||
|
char *lastsubdev = NULL;
|
||||||
|
|
||||||
|
if (strncmp (os_dev, "/dev/", sizeof ("/dev/") - 1) != 0)
|
||||||
|
return;
|
||||||
|
name = os_dev + sizeof ("/dev/") - 1;
|
||||||
|
grub_util_follow_gpart_up (name, NULL, &whole);
|
||||||
|
|
||||||
|
grub_util_info ("following geom '%s'", name);
|
||||||
|
|
||||||
|
error = geom_gettree (&mesh);
|
||||||
|
if (error != 0)
|
||||||
|
grub_util_error ("couldn't open geom");
|
||||||
|
|
||||||
|
LIST_FOREACH (class, &mesh.lg_class, lg_class)
|
||||||
|
{
|
||||||
|
struct ggeom *geom;
|
||||||
|
LIST_FOREACH (geom, &class->lg_geom, lg_geom)
|
||||||
|
{
|
||||||
|
struct gprovider *provider;
|
||||||
|
LIST_FOREACH (provider, &geom->lg_provider, lg_provider)
|
||||||
|
if (strcmp (provider->lg_name, name) == 0)
|
||||||
|
{
|
||||||
|
struct gconsumer *consumer;
|
||||||
|
char *fname;
|
||||||
|
char *uuid;
|
||||||
|
|
||||||
|
LIST_FOREACH (consumer, &geom->lg_consumer, lg_consumer)
|
||||||
|
break;
|
||||||
|
if (!consumer)
|
||||||
|
grub_util_error ("couldn't find geli consumer");
|
||||||
|
fname = xasprintf ("/dev/%s", consumer->lg_provider->lg_name);
|
||||||
|
grub_util_info ("consumer %s", consumer->lg_provider->lg_name);
|
||||||
|
lastsubdev = consumer->lg_provider->lg_name;
|
||||||
|
grub_util_pull_device (fname);
|
||||||
|
free (fname);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (ab == GRUB_DEV_ABSTRACTION_GELI && lastsubdev)
|
||||||
|
{
|
||||||
|
char *fname = xasprintf ("/dev/%s", lastsubdev);
|
||||||
|
char *grdev = grub_util_get_grub_dev (fname);
|
||||||
|
free (fname);
|
||||||
|
|
||||||
|
if (grdev)
|
||||||
|
{
|
||||||
|
grub_err_t err;
|
||||||
|
err = grub_cryptodisk_cheat_mount (grdev, os_dev);
|
||||||
|
if (err)
|
||||||
|
grub_util_error ("Can't mount crypto: %s", grub_errmsg);
|
||||||
|
}
|
||||||
|
|
||||||
|
grub_free (grdev);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
case GRUB_DEV_ABSTRACTION_LVM:
|
case GRUB_DEV_ABSTRACTION_LVM:
|
||||||
|
case GRUB_DEV_ABSTRACTION_LUKS:
|
||||||
#ifdef HAVE_DEVICE_MAPPER
|
#ifdef HAVE_DEVICE_MAPPER
|
||||||
{
|
{
|
||||||
struct dm_tree *tree;
|
struct dm_tree *tree;
|
||||||
struct dm_tree_node *node;
|
struct dm_tree_node *node;
|
||||||
struct dm_tree_node *child;
|
struct dm_tree_node *child;
|
||||||
void *handle = NULL;
|
void *handle = NULL;
|
||||||
|
char *lastsubdev = NULL;
|
||||||
|
|
||||||
if (!grub_util_open_dm (os_dev, &tree, &node))
|
if (!grub_util_open_dm (os_dev, &tree, &node))
|
||||||
return;
|
return;
|
||||||
|
@ -859,8 +1060,25 @@ grub_util_pull_device (const char *os_dev)
|
||||||
continue;
|
continue;
|
||||||
subdev = grub_find_device ("/dev", makedev (dm->major, dm->minor));
|
subdev = grub_find_device ("/dev", makedev (dm->major, dm->minor));
|
||||||
if (subdev)
|
if (subdev)
|
||||||
|
{
|
||||||
|
lastsubdev = subdev;
|
||||||
grub_util_pull_device (subdev);
|
grub_util_pull_device (subdev);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
if (ab == GRUB_DEV_ABSTRACTION_CRYPTO && lastsubdev)
|
||||||
|
{
|
||||||
|
char *grdev = grub_util_get_grub_dev (lastsubdev);
|
||||||
|
dm_tree_free (tree);
|
||||||
|
if (grdev)
|
||||||
|
{
|
||||||
|
grub_err_t err;
|
||||||
|
err = grub_luks_cheat_mount (grdev, os_dev);
|
||||||
|
if (err)
|
||||||
|
grub_util_error ("Can't mount crypto: %s", grub_errmsg);
|
||||||
|
}
|
||||||
|
grub_free (grdev);
|
||||||
|
}
|
||||||
|
else
|
||||||
dm_tree_free (tree);
|
dm_tree_free (tree);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -907,6 +1125,70 @@ grub_util_get_grub_dev (const char *os_dev)
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case GRUB_DEV_ABSTRACTION_LUKS:
|
||||||
|
{
|
||||||
|
char *uuid, *dash;
|
||||||
|
uuid = get_dm_uuid (os_dev);
|
||||||
|
if (!uuid)
|
||||||
|
break;
|
||||||
|
dash = grub_strchr (uuid + sizeof ("CRYPT-LUKS1-") - 1, '-');
|
||||||
|
if (dash)
|
||||||
|
*dash = 0;
|
||||||
|
grub_dev = grub_xasprintf ("cryptouuid/%s",
|
||||||
|
uuid + sizeof ("CRYPT-LUKS1-") - 1);
|
||||||
|
grub_free (uuid);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
case GRUB_DEV_ABSTRACTION_GELI:
|
||||||
|
{
|
||||||
|
char *whole;
|
||||||
|
struct gmesh mesh;
|
||||||
|
struct gclass *class;
|
||||||
|
const char *name;
|
||||||
|
int error;
|
||||||
|
|
||||||
|
if (strncmp (os_dev, "/dev/", sizeof ("/dev/") - 1) != 0)
|
||||||
|
return 0;
|
||||||
|
name = os_dev + sizeof ("/dev/") - 1;
|
||||||
|
grub_util_follow_gpart_up (name, NULL, &whole);
|
||||||
|
|
||||||
|
grub_util_info ("following geom '%s'", name);
|
||||||
|
|
||||||
|
error = geom_gettree (&mesh);
|
||||||
|
if (error != 0)
|
||||||
|
grub_util_error ("couldn't open geom");
|
||||||
|
|
||||||
|
LIST_FOREACH (class, &mesh.lg_class, lg_class)
|
||||||
|
{
|
||||||
|
struct ggeom *geom;
|
||||||
|
LIST_FOREACH (geom, &class->lg_geom, lg_geom)
|
||||||
|
{
|
||||||
|
struct gprovider *provider;
|
||||||
|
LIST_FOREACH (provider, &geom->lg_provider, lg_provider)
|
||||||
|
if (strcmp (provider->lg_name, name) == 0)
|
||||||
|
{
|
||||||
|
struct gconsumer *consumer;
|
||||||
|
char *fname;
|
||||||
|
char *uuid;
|
||||||
|
|
||||||
|
LIST_FOREACH (consumer, &geom->lg_consumer, lg_consumer)
|
||||||
|
break;
|
||||||
|
if (!consumer)
|
||||||
|
grub_util_error ("couldn't find geli consumer");
|
||||||
|
fname = xasprintf ("/dev/%s", consumer->lg_provider->lg_name);
|
||||||
|
uuid = grub_util_get_geli_uuid (fname);
|
||||||
|
if (!uuid)
|
||||||
|
grub_util_error ("couldn't retrieve geli UUID");
|
||||||
|
grub_dev = xasprintf ("cryptouuid/%s", uuid);
|
||||||
|
free (fname);
|
||||||
|
free (uuid);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
case GRUB_DEV_ABSTRACTION_RAID:
|
case GRUB_DEV_ABSTRACTION_RAID:
|
||||||
|
|
||||||
if (os_dev[7] == '_' && os_dev[8] == 'd')
|
if (os_dev[7] == '_' && os_dev[8] == 'd')
|
||||||
|
|
|
@ -106,9 +106,7 @@ struct hd_geometry
|
||||||
# include <libdevmapper.h>
|
# include <libdevmapper.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
|
#if defined(__NetBSD__)
|
||||||
#include <libgeom.h>
|
|
||||||
#elif defined(__NetBSD__)
|
|
||||||
# define HAVE_DIOCGDINFO
|
# define HAVE_DIOCGDINFO
|
||||||
# include <sys/ioctl.h>
|
# include <sys/ioctl.h>
|
||||||
# include <sys/disklabel.h> /* struct disklabel */
|
# include <sys/disklabel.h> /* struct disklabel */
|
||||||
|
@ -226,6 +224,82 @@ grub_util_biosdisk_iterate (int (*hook) (const char *name),
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if !defined(__MINGW32__)
|
||||||
|
grub_uint64_t
|
||||||
|
grub_util_get_fd_sectors (int fd, unsigned *log_secsize)
|
||||||
|
{
|
||||||
|
#if defined(__linux__) || defined(__CYGWIN__) || defined(__FreeBSD__) || \
|
||||||
|
defined(__FreeBSD_kernel__) || defined(__APPLE__) || defined(__NetBSD__)
|
||||||
|
# if defined(__NetBSD__)
|
||||||
|
struct disklabel label;
|
||||||
|
# else
|
||||||
|
unsigned long long nr;
|
||||||
|
# endif
|
||||||
|
unsigned sector_size, log_sector_size;
|
||||||
|
struct stat st;
|
||||||
|
|
||||||
|
if (fstat (fd, &st) < 0)
|
||||||
|
grub_util_error ("fstat failed");
|
||||||
|
|
||||||
|
# if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__APPLE__) || defined(__NetBSD__)
|
||||||
|
if (! S_ISCHR (st.st_mode))
|
||||||
|
# else
|
||||||
|
if (! S_ISBLK (st.st_mode))
|
||||||
|
# endif
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
# if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
|
||||||
|
if (ioctl (fd, DIOCGMEDIASIZE, &nr))
|
||||||
|
# elif defined(__APPLE__)
|
||||||
|
if (ioctl (fd, DKIOCGETBLOCKCOUNT, &nr))
|
||||||
|
# elif defined(__NetBSD__)
|
||||||
|
configure_device_driver (fd);
|
||||||
|
if (ioctl (fd, DIOCGDINFO, &label) == -1)
|
||||||
|
# else
|
||||||
|
if (ioctl (fd, BLKGETSIZE64, &nr))
|
||||||
|
# endif
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
# if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
|
||||||
|
if (ioctl (fd, DIOCGSECTORSIZE, §or_size))
|
||||||
|
# else
|
||||||
|
if (ioctl (fd, BLKSSZGET, §or_size))
|
||||||
|
# endif
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
if (sector_size & (sector_size - 1) || !sector_size)
|
||||||
|
goto fail;
|
||||||
|
for (log_sector_size = 0;
|
||||||
|
(1 << log_sector_size) < sector_size;
|
||||||
|
log_sector_size++);
|
||||||
|
|
||||||
|
if (log_secsize)
|
||||||
|
*log_secsize = log_sector_size;
|
||||||
|
|
||||||
|
# if defined (__APPLE__)
|
||||||
|
return nr;
|
||||||
|
# elif defined(__NetBSD__)
|
||||||
|
return label.d_secperunit;
|
||||||
|
# else
|
||||||
|
if (nr & ((1 << log_sector_size) - 1))
|
||||||
|
grub_util_error ("unaligned device size");
|
||||||
|
|
||||||
|
return (nr >> log_sector_size);
|
||||||
|
# endif
|
||||||
|
|
||||||
|
fail:
|
||||||
|
/* In GNU/Hurd, stat() will return the right size. */
|
||||||
|
#elif !defined (__GNU__)
|
||||||
|
# warning "No special routine to get the size of a block device is implemented for your OS. This is not possibly fatal."
|
||||||
|
#endif
|
||||||
|
|
||||||
|
if (log_secsize)
|
||||||
|
*log_secsize = 9;
|
||||||
|
|
||||||
|
return st.st_size >> 9;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static grub_err_t
|
static grub_err_t
|
||||||
grub_util_biosdisk_open (const char *name, grub_disk_t disk)
|
grub_util_biosdisk_open (const char *name, grub_disk_t disk)
|
||||||
{
|
{
|
||||||
|
@ -261,90 +335,30 @@ grub_util_biosdisk_open (const char *name, grub_disk_t disk)
|
||||||
|
|
||||||
return GRUB_ERR_NONE;
|
return GRUB_ERR_NONE;
|
||||||
}
|
}
|
||||||
#elif defined(__linux__) || defined(__CYGWIN__) || defined(__FreeBSD__) || \
|
#else
|
||||||
defined(__FreeBSD_kernel__) || defined(__APPLE__) || defined(__NetBSD__)
|
|
||||||
{
|
{
|
||||||
# if defined(__NetBSD__)
|
|
||||||
struct disklabel label;
|
|
||||||
# else
|
|
||||||
unsigned long long nr;
|
|
||||||
# endif
|
|
||||||
int sector_size;
|
|
||||||
int fd;
|
int fd;
|
||||||
|
|
||||||
fd = open (map[drive].device, O_RDONLY);
|
fd = open (map[drive].device, O_RDONLY);
|
||||||
if (fd == -1)
|
if (fd == -1)
|
||||||
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "cannot open `%s' while attempting to get disk size", map[drive].device);
|
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "cannot open `%s' while attempting to get disk size", map[drive].device);
|
||||||
|
|
||||||
|
disk->total_sectors = grub_util_get_fd_sectors (fd, &disk->log_sector_size);
|
||||||
|
|
||||||
# if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__APPLE__) || defined(__NetBSD__)
|
# if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__APPLE__) || defined(__NetBSD__)
|
||||||
if (fstat (fd, &st) < 0 || ! S_ISCHR (st.st_mode))
|
if (fstat (fd, &st) < 0 || ! S_ISCHR (st.st_mode))
|
||||||
# else
|
# else
|
||||||
if (fstat (fd, &st) < 0 || ! S_ISBLK (st.st_mode))
|
if (fstat (fd, &st) < 0 || ! S_ISBLK (st.st_mode))
|
||||||
# endif
|
# endif
|
||||||
{
|
|
||||||
close (fd);
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
data->is_disk = 1;
|
data->is_disk = 1;
|
||||||
|
|
||||||
# if defined(__FreeBSD__) || defined(__FreeBSD_kernel__)
|
|
||||||
if (ioctl (fd, DIOCGMEDIASIZE, &nr))
|
|
||||||
# elif defined(__APPLE__)
|
|
||||||
if (ioctl (fd, DKIOCGETBLOCKCOUNT, &nr))
|
|
||||||
# elif defined(__NetBSD__)
|
|
||||||
configure_device_driver (fd);
|
|
||||||
if (ioctl (fd, DIOCGDINFO, &label) == -1)
|
|
||||||
# else
|
|
||||||
if (ioctl (fd, BLKGETSIZE64, &nr))
|
|
||||||
# endif
|
|
||||||
{
|
|
||||||
close (fd);
|
close (fd);
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ioctl (fd, BLKSSZGET, §or_size))
|
|
||||||
{
|
|
||||||
close (fd);
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
close (fd);
|
|
||||||
|
|
||||||
if (sector_size & (sector_size - 1) || !sector_size)
|
|
||||||
goto fail;
|
|
||||||
for (disk->log_sector_size = 0;
|
|
||||||
(1 << disk->log_sector_size) < sector_size;
|
|
||||||
disk->log_sector_size++);
|
|
||||||
|
|
||||||
# if defined (__APPLE__)
|
|
||||||
disk->total_sectors = nr;
|
|
||||||
# elif defined(__NetBSD__)
|
|
||||||
disk->total_sectors = label.d_secperunit;
|
|
||||||
# else
|
|
||||||
disk->total_sectors = nr >> disk->log_sector_size;
|
|
||||||
|
|
||||||
if (nr & ((1 << disk->log_sector_size) - 1))
|
|
||||||
grub_util_error ("unaligned device size");
|
|
||||||
# endif
|
|
||||||
|
|
||||||
grub_util_info ("the size of %s is %llu", name, disk->total_sectors);
|
grub_util_info ("the size of %s is %llu", name, disk->total_sectors);
|
||||||
|
|
||||||
return GRUB_ERR_NONE;
|
return GRUB_ERR_NONE;
|
||||||
}
|
}
|
||||||
|
|
||||||
fail:
|
|
||||||
/* In GNU/Hurd, stat() will return the right size. */
|
|
||||||
#elif !defined (__GNU__)
|
|
||||||
# warning "No special routine to get the size of a block device is implemented for your OS. This is not possibly fatal."
|
|
||||||
#endif
|
#endif
|
||||||
if (stat (map[drive].device, &st) < 0)
|
|
||||||
return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "cannot stat `%s'", map[drive].device);
|
|
||||||
|
|
||||||
disk->total_sectors = st.st_size >> disk->log_sector_size;
|
|
||||||
|
|
||||||
grub_util_info ("the size of %s is %lu", name, disk->total_sectors);
|
|
||||||
|
|
||||||
return GRUB_ERR_NONE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
@ -366,55 +380,6 @@ grub_util_device_is_mapped (const char *dev)
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined (__FreeBSD__) || defined(__FreeBSD_kernel__)
|
#if defined (__FreeBSD__) || defined(__FreeBSD_kernel__)
|
||||||
/* FIXME: geom actually gives us the whole container hierarchy.
|
|
||||||
It can be used more efficiently than this. */
|
|
||||||
static void
|
|
||||||
follow_geom_up (const char *name, grub_disk_addr_t *off_out, char **name_out)
|
|
||||||
{
|
|
||||||
struct gmesh mesh;
|
|
||||||
struct gclass *class;
|
|
||||||
int error;
|
|
||||||
struct ggeom *geom;
|
|
||||||
|
|
||||||
grub_util_info ("following geom '%s'", name);
|
|
||||||
|
|
||||||
error = geom_gettree (&mesh);
|
|
||||||
if (error != 0)
|
|
||||||
grub_util_error ("couldn't open geom");
|
|
||||||
|
|
||||||
LIST_FOREACH (class, &mesh.lg_class, lg_class)
|
|
||||||
if (strcasecmp (class->lg_name, "part") == 0)
|
|
||||||
break;
|
|
||||||
if (!class)
|
|
||||||
grub_util_error ("couldn't open geom part");
|
|
||||||
|
|
||||||
LIST_FOREACH (geom, &class->lg_geom, lg_geom)
|
|
||||||
{
|
|
||||||
struct gprovider *provider;
|
|
||||||
LIST_FOREACH (provider, &geom->lg_provider, lg_provider)
|
|
||||||
if (strcmp (provider->lg_name, name) == 0)
|
|
||||||
{
|
|
||||||
char *name_tmp = xstrdup (geom->lg_name);
|
|
||||||
grub_disk_addr_t off = 0;
|
|
||||||
struct gconfig *config;
|
|
||||||
grub_util_info ("geom '%s' has parent '%s'", name, geom->lg_name);
|
|
||||||
|
|
||||||
follow_geom_up (name_tmp, &off, name_out);
|
|
||||||
free (name_tmp);
|
|
||||||
LIST_FOREACH (config, &provider->lg_config, lg_config)
|
|
||||||
if (strcasecmp (config->lg_name, "start") == 0)
|
|
||||||
off += strtoull (config->lg_val, 0, 10);
|
|
||||||
if (off_out)
|
|
||||||
*off_out = off;
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
grub_util_info ("geom '%s' has no parent", name);
|
|
||||||
if (name_out)
|
|
||||||
*name_out = xstrdup (name);
|
|
||||||
if (off_out)
|
|
||||||
*off_out = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static grub_disk_addr_t
|
static grub_disk_addr_t
|
||||||
find_partition_start (const char *dev)
|
find_partition_start (const char *dev)
|
||||||
|
@ -422,10 +387,11 @@ find_partition_start (const char *dev)
|
||||||
grub_disk_addr_t out;
|
grub_disk_addr_t out;
|
||||||
if (strncmp (dev, "/dev/", sizeof ("/dev/") - 1) != 0)
|
if (strncmp (dev, "/dev/", sizeof ("/dev/") - 1) != 0)
|
||||||
return 0;
|
return 0;
|
||||||
follow_geom_up (dev + sizeof ("/dev/") - 1, &out, NULL);
|
grub_util_follow_gpart_up (dev + sizeof ("/dev/") - 1, &out, NULL);
|
||||||
|
|
||||||
return out;
|
return out;
|
||||||
}
|
}
|
||||||
|
|
||||||
#elif defined(__linux__) || defined(__CYGWIN__) || defined(HAVE_DIOCGDINFO)
|
#elif defined(__linux__) || defined(__CYGWIN__) || defined(HAVE_DIOCGDINFO)
|
||||||
static grub_disk_addr_t
|
static grub_disk_addr_t
|
||||||
find_partition_start (const char *dev)
|
find_partition_start (const char *dev)
|
||||||
|
@ -657,6 +623,37 @@ linux_find_partition (char *dev, grub_disk_addr_t sector)
|
||||||
}
|
}
|
||||||
#endif /* __linux__ */
|
#endif /* __linux__ */
|
||||||
|
|
||||||
|
#if defined(__linux__) && (!defined(__GLIBC__) || \
|
||||||
|
((__GLIBC__ < 2) || ((__GLIBC__ == 2) && (__GLIBC_MINOR__ < 1))))
|
||||||
|
/* Maybe libc doesn't have large file support. */
|
||||||
|
grub_err_t
|
||||||
|
grub_util_fd_seek (int fd, const char *name, grub_uint64_t off)
|
||||||
|
{
|
||||||
|
loff_t offset, result;
|
||||||
|
static int _llseek (uint filedes, ulong hi, ulong lo,
|
||||||
|
loff_t *res, uint wh);
|
||||||
|
_syscall5 (int, _llseek, uint, filedes, ulong, hi, ulong, lo,
|
||||||
|
loff_t *, res, uint, wh);
|
||||||
|
|
||||||
|
offset = (loff_t) off;
|
||||||
|
if (_llseek (fd, offset >> 32, offset & 0xffffffff, &result, SEEK_SET))
|
||||||
|
{
|
||||||
|
return grub_error (GRUB_ERR_BAD_DEVICE, "cannot seek `%s'", name);
|
||||||
|
}
|
||||||
|
return GRUB_ERR_NONE;
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
grub_err_t
|
||||||
|
grub_util_fd_seek (int fd, const char *name, grub_uint64_t off)
|
||||||
|
{
|
||||||
|
off_t offset = (off_t) off;
|
||||||
|
|
||||||
|
if (lseek (fd, offset, SEEK_SET) != offset)
|
||||||
|
return grub_error (GRUB_ERR_BAD_DEVICE, "cannot seek `%s'", name);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static int
|
static int
|
||||||
open_device (const grub_disk_t disk, grub_disk_addr_t sector, int flags)
|
open_device (const grub_disk_t disk, grub_disk_addr_t sector, int flags)
|
||||||
{
|
{
|
||||||
|
@ -809,44 +806,20 @@ open_device (const grub_disk_t disk, grub_disk_addr_t sector, int flags)
|
||||||
configure_device_driver (fd);
|
configure_device_driver (fd);
|
||||||
#endif /* defined(__NetBSD__) */
|
#endif /* defined(__NetBSD__) */
|
||||||
|
|
||||||
#if defined(__linux__) && (!defined(__GLIBC__) || \
|
if (grub_util_fd_seek (fd, map[disk->id].device,
|
||||||
((__GLIBC__ < 2) || ((__GLIBC__ == 2) && (__GLIBC_MINOR__ < 1))))
|
sector << disk->log_sector_size))
|
||||||
/* Maybe libc doesn't have large file support. */
|
|
||||||
{
|
{
|
||||||
loff_t offset, result;
|
|
||||||
static int _llseek (uint filedes, ulong hi, ulong lo,
|
|
||||||
loff_t *res, uint wh);
|
|
||||||
_syscall5 (int, _llseek, uint, filedes, ulong, hi, ulong, lo,
|
|
||||||
loff_t *, res, uint, wh);
|
|
||||||
|
|
||||||
offset = (loff_t) sector << disk->log_sector_size;
|
|
||||||
if (_llseek (fd, offset >> 32, offset & 0xffffffff, &result, SEEK_SET))
|
|
||||||
{
|
|
||||||
grub_error (GRUB_ERR_BAD_DEVICE, "cannot seek `%s'", map[disk->id].device);
|
|
||||||
close (fd);
|
close (fd);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
#else
|
|
||||||
{
|
|
||||||
off_t offset = (off_t) sector << disk->log_sector_size;
|
|
||||||
|
|
||||||
if (lseek (fd, offset, SEEK_SET) != offset)
|
|
||||||
{
|
|
||||||
grub_error (GRUB_ERR_BAD_DEVICE, "cannot seek `%s'", map[disk->id].device);
|
|
||||||
close (fd);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return fd;
|
return fd;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Read LEN bytes from FD in BUF. Return less than or equal to zero if an
|
/* Read LEN bytes from FD in BUF. Return less than or equal to zero if an
|
||||||
error occurs, otherwise return LEN. */
|
error occurs, otherwise return LEN. */
|
||||||
static ssize_t
|
ssize_t
|
||||||
nread (int fd, char *buf, size_t len)
|
grub_util_fd_read (int fd, char *buf, size_t len)
|
||||||
{
|
{
|
||||||
ssize_t size = len;
|
ssize_t size = len;
|
||||||
|
|
||||||
|
@ -929,7 +902,7 @@ grub_util_biosdisk_read (grub_disk_t disk, grub_disk_addr_t sector,
|
||||||
sectors that are read together with the MBR in one read. It
|
sectors that are read together with the MBR in one read. It
|
||||||
should only remap the MBR, so we split the read in two
|
should only remap the MBR, so we split the read in two
|
||||||
parts. -jochen */
|
parts. -jochen */
|
||||||
if (nread (fd, buf, (1 << disk->log_sector_size))
|
if (grub_util_fd_read (fd, buf, (1 << disk->log_sector_size))
|
||||||
!= (1 << disk->log_sector_size))
|
!= (1 << disk->log_sector_size))
|
||||||
{
|
{
|
||||||
grub_error (GRUB_ERR_READ_ERROR, "cannot read `%s'", map[disk->id].device);
|
grub_error (GRUB_ERR_READ_ERROR, "cannot read `%s'", map[disk->id].device);
|
||||||
|
@ -941,7 +914,7 @@ grub_util_biosdisk_read (grub_disk_t disk, grub_disk_addr_t sector,
|
||||||
}
|
}
|
||||||
#endif /* __linux__ */
|
#endif /* __linux__ */
|
||||||
|
|
||||||
if (nread (fd, buf, size << disk->log_sector_size)
|
if (grub_util_fd_read (fd, buf, size << disk->log_sector_size)
|
||||||
!= (ssize_t) (size << disk->log_sector_size))
|
!= (ssize_t) (size << disk->log_sector_size))
|
||||||
grub_error (GRUB_ERR_READ_ERROR, "cannot read from `%s'", map[disk->id].device);
|
grub_error (GRUB_ERR_READ_ERROR, "cannot read from `%s'", map[disk->id].device);
|
||||||
|
|
||||||
|
@ -1516,7 +1489,7 @@ devmapper_out:
|
||||||
char *out, *out2;
|
char *out, *out2;
|
||||||
if (strncmp (os_dev, "/dev/", sizeof ("/dev/") - 1) != 0)
|
if (strncmp (os_dev, "/dev/", sizeof ("/dev/") - 1) != 0)
|
||||||
return xstrdup (os_dev);
|
return xstrdup (os_dev);
|
||||||
follow_geom_up (os_dev + sizeof ("/dev/") - 1, NULL, &out);
|
grub_util_follow_gpart_up (os_dev + sizeof ("/dev/") - 1, NULL, &out);
|
||||||
|
|
||||||
out2 = xasprintf ("/dev/%s", out);
|
out2 = xasprintf ("/dev/%s", out);
|
||||||
free (out);
|
free (out);
|
||||||
|
@ -1675,6 +1648,8 @@ grub_util_biosdisk_get_grub_dev (const char *os_dev)
|
||||||
struct stat st;
|
struct stat st;
|
||||||
int drive;
|
int drive;
|
||||||
|
|
||||||
|
grub_util_info ("Looking for %s", os_dev);
|
||||||
|
|
||||||
if (stat (os_dev, &st) < 0)
|
if (stat (os_dev, &st) < 0)
|
||||||
{
|
{
|
||||||
grub_error (GRUB_ERR_BAD_DEVICE, "cannot stat `%s'", os_dev);
|
grub_error (GRUB_ERR_BAD_DEVICE, "cannot stat `%s'", os_dev);
|
||||||
|
|
|
@ -23,6 +23,13 @@
|
||||||
#include <grub/term.h>
|
#include <grub/term.h>
|
||||||
#include <grub/dl.h>
|
#include <grub/dl.h>
|
||||||
|
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
#include <termios.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <stdio.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
GRUB_MOD_LICENSE ("GPLv3+");
|
GRUB_MOD_LICENSE ("GPLv3+");
|
||||||
|
|
||||||
struct grub_crypto_hmac_handle
|
struct grub_crypto_hmac_handle
|
||||||
|
@ -186,9 +193,10 @@ grub_crypto_xor (void *out, const void *in1, const void *in2, grub_size_t size)
|
||||||
|
|
||||||
gcry_err_code_t
|
gcry_err_code_t
|
||||||
grub_crypto_ecb_decrypt (grub_crypto_cipher_handle_t cipher,
|
grub_crypto_ecb_decrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
void *out, void *in, grub_size_t size)
|
void *out, const void *in, grub_size_t size)
|
||||||
{
|
{
|
||||||
grub_uint8_t *inptr, *outptr, *end;
|
const grub_uint8_t *inptr;
|
||||||
|
grub_uint8_t *outptr, *end;
|
||||||
if (!cipher->cipher->decrypt)
|
if (!cipher->cipher->decrypt)
|
||||||
return GPG_ERR_NOT_SUPPORTED;
|
return GPG_ERR_NOT_SUPPORTED;
|
||||||
if (size % cipher->cipher->blocksize != 0)
|
if (size % cipher->cipher->blocksize != 0)
|
||||||
|
@ -242,10 +250,11 @@ grub_crypto_cbc_encrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
|
|
||||||
gcry_err_code_t
|
gcry_err_code_t
|
||||||
grub_crypto_cbc_decrypt (grub_crypto_cipher_handle_t cipher,
|
grub_crypto_cbc_decrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
void *out, void *in, grub_size_t size,
|
void *out, const void *in, grub_size_t size,
|
||||||
void *iv)
|
void *iv)
|
||||||
{
|
{
|
||||||
grub_uint8_t *inptr, *outptr, *end;
|
const grub_uint8_t *inptr;
|
||||||
|
grub_uint8_t *outptr, *end;
|
||||||
grub_uint8_t ivt[cipher->cipher->blocksize];
|
grub_uint8_t ivt[cipher->cipher->blocksize];
|
||||||
if (!cipher->cipher->decrypt)
|
if (!cipher->cipher->decrypt)
|
||||||
return GPG_ERR_NOT_SUPPORTED;
|
return GPG_ERR_NOT_SUPPORTED;
|
||||||
|
@ -336,7 +345,8 @@ grub_crypto_hmac_init (const struct gcry_md_spec *md,
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
grub_crypto_hmac_write (struct grub_crypto_hmac_handle *hnd, void *data,
|
grub_crypto_hmac_write (struct grub_crypto_hmac_handle *hnd,
|
||||||
|
const void *data,
|
||||||
grub_size_t datalen)
|
grub_size_t datalen)
|
||||||
{
|
{
|
||||||
hnd->md->write (hnd->ctx, data, datalen);
|
hnd->md->write (hnd->ctx, data, datalen);
|
||||||
|
@ -378,7 +388,7 @@ grub_crypto_hmac_fini (struct grub_crypto_hmac_handle *hnd, void *out)
|
||||||
gcry_err_code_t
|
gcry_err_code_t
|
||||||
grub_crypto_hmac_buffer (const struct gcry_md_spec *md,
|
grub_crypto_hmac_buffer (const struct gcry_md_spec *md,
|
||||||
const void *key, grub_size_t keylen,
|
const void *key, grub_size_t keylen,
|
||||||
void *data, grub_size_t datalen, void *out)
|
const void *data, grub_size_t datalen, void *out)
|
||||||
{
|
{
|
||||||
struct grub_crypto_hmac_handle *hnd;
|
struct grub_crypto_hmac_handle *hnd;
|
||||||
|
|
||||||
|
@ -414,10 +424,43 @@ grub_crypto_memcmp (const void *a, const void *b, grub_size_t n)
|
||||||
return !!counter;
|
return !!counter;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifndef GRUB_MKPASSWD
|
|
||||||
int
|
int
|
||||||
grub_password_get (char buf[], unsigned buf_size)
|
grub_password_get (char buf[], unsigned buf_size)
|
||||||
{
|
{
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
FILE *in;
|
||||||
|
struct termios s, t;
|
||||||
|
int tty_changed = 0;
|
||||||
|
char *ptr;
|
||||||
|
|
||||||
|
/* Disable echoing. Based on glibc. */
|
||||||
|
in = fopen ("/dev/tty", "w+c");
|
||||||
|
if (in == NULL)
|
||||||
|
in = stdin;
|
||||||
|
|
||||||
|
if (tcgetattr (fileno (in), &t) == 0)
|
||||||
|
{
|
||||||
|
/* Save the old one. */
|
||||||
|
s = t;
|
||||||
|
/* Tricky, tricky. */
|
||||||
|
t.c_lflag &= ~(ECHO|ISIG);
|
||||||
|
tty_changed = (tcsetattr (fileno (in), TCSAFLUSH, &t) == 0);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
tty_changed = 0;
|
||||||
|
fgets (buf, buf_size, stdin);
|
||||||
|
ptr = buf + strlen (buf) - 1;
|
||||||
|
while (buf <= ptr && (*ptr == '\n' || *ptr == '\r'))
|
||||||
|
*ptr-- = 0;
|
||||||
|
/* Restore the original setting. */
|
||||||
|
if (tty_changed)
|
||||||
|
(void) tcsetattr (fileno (in), TCSAFLUSH, &s);
|
||||||
|
|
||||||
|
grub_xputs ("\n");
|
||||||
|
grub_refresh ();
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
#else
|
||||||
unsigned cur_len = 0;
|
unsigned cur_len = 0;
|
||||||
int key;
|
int key;
|
||||||
|
|
||||||
|
@ -452,5 +495,5 @@ grub_password_get (char buf[], unsigned buf_size)
|
||||||
grub_refresh ();
|
grub_refresh ();
|
||||||
|
|
||||||
return (key != '\e');
|
return (key != '\e');
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
|
}
|
||||||
|
|
|
@ -126,6 +126,9 @@ typedef struct gcry_cipher_spec
|
||||||
gcry_cipher_decrypt_t decrypt;
|
gcry_cipher_decrypt_t decrypt;
|
||||||
gcry_cipher_stencrypt_t stencrypt;
|
gcry_cipher_stencrypt_t stencrypt;
|
||||||
gcry_cipher_stdecrypt_t stdecrypt;
|
gcry_cipher_stdecrypt_t stdecrypt;
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
const char *modname;
|
||||||
|
#endif
|
||||||
struct gcry_cipher_spec *next;
|
struct gcry_cipher_spec *next;
|
||||||
} gcry_cipher_spec_t;
|
} gcry_cipher_spec_t;
|
||||||
|
|
||||||
|
@ -161,6 +164,9 @@ typedef struct gcry_md_spec
|
||||||
grub_size_t contextsize; /* allocate this amount of context */
|
grub_size_t contextsize; /* allocate this amount of context */
|
||||||
/* Block size, needed for HMAC. */
|
/* Block size, needed for HMAC. */
|
||||||
grub_size_t blocksize;
|
grub_size_t blocksize;
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
const char *modname;
|
||||||
|
#endif
|
||||||
struct gcry_md_spec *next;
|
struct gcry_md_spec *next;
|
||||||
} gcry_md_spec_t;
|
} gcry_md_spec_t;
|
||||||
|
|
||||||
|
@ -193,7 +199,7 @@ grub_crypto_xor (void *out, const void *in1, const void *in2, grub_size_t size);
|
||||||
|
|
||||||
gcry_err_code_t
|
gcry_err_code_t
|
||||||
grub_crypto_ecb_decrypt (grub_crypto_cipher_handle_t cipher,
|
grub_crypto_ecb_decrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
void *out, void *in, grub_size_t size);
|
void *out, const void *in, grub_size_t size);
|
||||||
|
|
||||||
gcry_err_code_t
|
gcry_err_code_t
|
||||||
grub_crypto_ecb_encrypt (grub_crypto_cipher_handle_t cipher,
|
grub_crypto_ecb_encrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
|
@ -204,7 +210,7 @@ grub_crypto_cbc_encrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
void *iv_in);
|
void *iv_in);
|
||||||
gcry_err_code_t
|
gcry_err_code_t
|
||||||
grub_crypto_cbc_decrypt (grub_crypto_cipher_handle_t cipher,
|
grub_crypto_cbc_decrypt (grub_crypto_cipher_handle_t cipher,
|
||||||
void *out, void *in, grub_size_t size,
|
void *out, const void *in, grub_size_t size,
|
||||||
void *iv);
|
void *iv);
|
||||||
void
|
void
|
||||||
grub_cipher_register (gcry_cipher_spec_t *cipher);
|
grub_cipher_register (gcry_cipher_spec_t *cipher);
|
||||||
|
@ -229,7 +235,8 @@ struct grub_crypto_hmac_handle *
|
||||||
grub_crypto_hmac_init (const struct gcry_md_spec *md,
|
grub_crypto_hmac_init (const struct gcry_md_spec *md,
|
||||||
const void *key, grub_size_t keylen);
|
const void *key, grub_size_t keylen);
|
||||||
void
|
void
|
||||||
grub_crypto_hmac_write (struct grub_crypto_hmac_handle *hnd, void *data,
|
grub_crypto_hmac_write (struct grub_crypto_hmac_handle *hnd,
|
||||||
|
const void *data,
|
||||||
grub_size_t datalen);
|
grub_size_t datalen);
|
||||||
gcry_err_code_t
|
gcry_err_code_t
|
||||||
grub_crypto_hmac_fini (struct grub_crypto_hmac_handle *hnd, void *out);
|
grub_crypto_hmac_fini (struct grub_crypto_hmac_handle *hnd, void *out);
|
||||||
|
@ -237,7 +244,7 @@ grub_crypto_hmac_fini (struct grub_crypto_hmac_handle *hnd, void *out);
|
||||||
gcry_err_code_t
|
gcry_err_code_t
|
||||||
grub_crypto_hmac_buffer (const struct gcry_md_spec *md,
|
grub_crypto_hmac_buffer (const struct gcry_md_spec *md,
|
||||||
const void *key, grub_size_t keylen,
|
const void *key, grub_size_t keylen,
|
||||||
void *data, grub_size_t datalen, void *out);
|
const void *data, grub_size_t datalen, void *out);
|
||||||
|
|
||||||
extern gcry_md_spec_t _gcry_digest_spec_md5;
|
extern gcry_md_spec_t _gcry_digest_spec_md5;
|
||||||
extern gcry_md_spec_t _gcry_digest_spec_sha1;
|
extern gcry_md_spec_t _gcry_digest_spec_sha1;
|
||||||
|
@ -274,4 +281,10 @@ grub_password_get (char buf[], unsigned buf_size);
|
||||||
|
|
||||||
extern void (*grub_crypto_autoload_hook) (const char *name);
|
extern void (*grub_crypto_autoload_hook) (const char *name);
|
||||||
|
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
void grub_gcry_init_all (void);
|
||||||
|
void grub_gcry_fini_all (void);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
147
include/grub/cryptodisk.h
Normal file
147
include/grub/cryptodisk.h
Normal file
|
@ -0,0 +1,147 @@
|
||||||
|
/*
|
||||||
|
* GRUB -- GRand Unified Bootloader
|
||||||
|
* Copyright (C) 2002,2003,2004,2005,2006,2007,2008,2009 Free Software Foundation, Inc.
|
||||||
|
*
|
||||||
|
* GRUB is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* GRUB is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef GRUB_CRYPTODISK_HEADER
|
||||||
|
#define GRUB_CRYPTODISK_HEADER 1
|
||||||
|
|
||||||
|
#include <grub/disk.h>
|
||||||
|
#include <grub/crypto.h>
|
||||||
|
#include <grub/list.h>
|
||||||
|
|
||||||
|
typedef enum
|
||||||
|
{
|
||||||
|
GRUB_CRYPTODISK_MODE_ECB,
|
||||||
|
GRUB_CRYPTODISK_MODE_CBC,
|
||||||
|
GRUB_CRYPTODISK_MODE_PCBC,
|
||||||
|
GRUB_CRYPTODISK_MODE_XTS,
|
||||||
|
GRUB_CRYPTODISK_MODE_LRW
|
||||||
|
} grub_cryptodisk_mode_t;
|
||||||
|
|
||||||
|
typedef enum
|
||||||
|
{
|
||||||
|
GRUB_CRYPTODISK_MODE_IV_NULL,
|
||||||
|
GRUB_CRYPTODISK_MODE_IV_PLAIN,
|
||||||
|
GRUB_CRYPTODISK_MODE_IV_PLAIN64,
|
||||||
|
GRUB_CRYPTODISK_MODE_IV_ESSIV,
|
||||||
|
GRUB_CRYPTODISK_MODE_IV_BENBI,
|
||||||
|
GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64,
|
||||||
|
GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64_HASH
|
||||||
|
} grub_cryptodisk_mode_iv_t;
|
||||||
|
|
||||||
|
#define GRUB_CRYPTODISK_MAX_UUID_LENGTH 71
|
||||||
|
|
||||||
|
#define GRUB_CRYPTODISK_GF_LOG_SIZE 7
|
||||||
|
#define GRUB_CRYPTODISK_GF_SIZE (1U << GRUB_CRYPTODISK_GF_LOG_SIZE)
|
||||||
|
#define GRUB_CRYPTODISK_GF_LOG_BYTES (GRUB_CRYPTODISK_GF_LOG_SIZE - 3)
|
||||||
|
#define GRUB_CRYPTODISK_GF_BYTES (1U << GRUB_CRYPTODISK_GF_LOG_BYTES)
|
||||||
|
|
||||||
|
struct grub_cryptodisk;
|
||||||
|
|
||||||
|
typedef gcry_err_code_t
|
||||||
|
(*grub_cryptodisk_rekey_func_t) (struct grub_cryptodisk *dev,
|
||||||
|
grub_uint64_t zoneno);
|
||||||
|
|
||||||
|
struct grub_cryptodisk
|
||||||
|
{
|
||||||
|
struct grub_cryptodisk *next;
|
||||||
|
|
||||||
|
char *source;
|
||||||
|
grub_disk_addr_t offset;
|
||||||
|
grub_disk_addr_t total_length;
|
||||||
|
grub_disk_t source_disk;
|
||||||
|
int ref;
|
||||||
|
grub_crypto_cipher_handle_t cipher;
|
||||||
|
grub_crypto_cipher_handle_t secondary_cipher;
|
||||||
|
grub_crypto_cipher_handle_t essiv_cipher;
|
||||||
|
const gcry_md_spec_t *essiv_hash, *hash, *iv_hash;
|
||||||
|
grub_cryptodisk_mode_t mode;
|
||||||
|
grub_cryptodisk_mode_iv_t mode_iv;
|
||||||
|
int benbi_log;
|
||||||
|
unsigned long id, source_id;
|
||||||
|
enum grub_disk_dev_id source_dev_id;
|
||||||
|
char uuid[GRUB_CRYPTODISK_MAX_UUID_LENGTH + 1];
|
||||||
|
grub_uint8_t lrw_key[GRUB_CRYPTODISK_GF_BYTES];
|
||||||
|
grub_uint8_t *lrw_precalc;
|
||||||
|
grub_uint8_t iv_prefix[64];
|
||||||
|
grub_size_t iv_prefix_len;
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
char *cheat;
|
||||||
|
const char *modname;
|
||||||
|
int cheat_fd;
|
||||||
|
#endif
|
||||||
|
int log_sector_size;
|
||||||
|
grub_cryptodisk_rekey_func_t rekey;
|
||||||
|
int rekey_shift;
|
||||||
|
grub_uint8_t rekey_key[64];
|
||||||
|
grub_uint64_t last_rekey;
|
||||||
|
int rekey_derived_size;
|
||||||
|
};
|
||||||
|
typedef struct grub_cryptodisk *grub_cryptodisk_t;
|
||||||
|
|
||||||
|
struct grub_cryptodisk_dev
|
||||||
|
{
|
||||||
|
struct grub_cryptodisk_dev *next;
|
||||||
|
|
||||||
|
grub_cryptodisk_t (*scan) (grub_disk_t disk, const char *check_uuid,
|
||||||
|
int boot_only);
|
||||||
|
grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev);
|
||||||
|
};
|
||||||
|
typedef struct grub_cryptodisk_dev *grub_cryptodisk_dev_t;
|
||||||
|
|
||||||
|
extern grub_cryptodisk_dev_t EXPORT_VAR (grub_cryptodisk_list);
|
||||||
|
|
||||||
|
#ifndef GRUB_LST_GENERATOR
|
||||||
|
static inline void
|
||||||
|
grub_cryptodisk_dev_register (grub_cryptodisk_dev_t cr)
|
||||||
|
{
|
||||||
|
grub_list_push (GRUB_AS_LIST_P (&grub_cryptodisk_list), GRUB_AS_LIST (cr));
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
static inline void
|
||||||
|
grub_cryptodisk_dev_unregister (grub_cryptodisk_dev_t cr)
|
||||||
|
{
|
||||||
|
grub_list_remove (GRUB_AS_LIST_P (&grub_cryptodisk_list), GRUB_AS_LIST (cr));
|
||||||
|
}
|
||||||
|
|
||||||
|
#define FOR_CRYPTODISK_DEVS(var) FOR_LIST_ELEMENTS((var), (grub_cryptodisk_list))
|
||||||
|
|
||||||
|
gcry_err_code_t
|
||||||
|
grub_cryptodisk_setkey (grub_cryptodisk_t dev,
|
||||||
|
grub_uint8_t *key, grub_size_t keysize);
|
||||||
|
gcry_err_code_t
|
||||||
|
grub_cryptodisk_decrypt (struct grub_cryptodisk *dev,
|
||||||
|
grub_uint8_t * data, grub_size_t len,
|
||||||
|
grub_disk_addr_t sector);
|
||||||
|
grub_err_t
|
||||||
|
grub_cryptodisk_insert (grub_cryptodisk_t newdev, const char *name,
|
||||||
|
grub_disk_t source);
|
||||||
|
#ifdef GRUB_UTIL
|
||||||
|
grub_err_t
|
||||||
|
grub_cryptodisk_cheat_insert (grub_cryptodisk_t newdev, const char *name,
|
||||||
|
grub_disk_t source, const char *cheat);
|
||||||
|
void
|
||||||
|
grub_util_cryptodisk_print_abstraction (grub_disk_t disk);
|
||||||
|
char *
|
||||||
|
grub_util_get_geli_uuid (const char *dev);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
grub_cryptodisk_t grub_cryptodisk_get_by_uuid (const char *uuid);
|
||||||
|
grub_cryptodisk_t grub_cryptodisk_get_by_source_disk (grub_disk_t disk);
|
||||||
|
|
||||||
|
#endif
|
|
@ -42,7 +42,7 @@ enum grub_disk_dev_id
|
||||||
GRUB_DISK_DEVICE_PXE_ID,
|
GRUB_DISK_DEVICE_PXE_ID,
|
||||||
GRUB_DISK_DEVICE_SCSI_ID,
|
GRUB_DISK_DEVICE_SCSI_ID,
|
||||||
GRUB_DISK_DEVICE_FILE_ID,
|
GRUB_DISK_DEVICE_FILE_ID,
|
||||||
GRUB_DISK_DEVICE_LUKS_ID,
|
GRUB_DISK_DEVICE_CRYPTODISK_ID,
|
||||||
GRUB_DISK_DEVICE_ARCDISK_ID,
|
GRUB_DISK_DEVICE_ARCDISK_ID,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -25,6 +25,8 @@ enum grub_dev_abstraction_types {
|
||||||
GRUB_DEV_ABSTRACTION_NONE,
|
GRUB_DEV_ABSTRACTION_NONE,
|
||||||
GRUB_DEV_ABSTRACTION_LVM,
|
GRUB_DEV_ABSTRACTION_LVM,
|
||||||
GRUB_DEV_ABSTRACTION_RAID,
|
GRUB_DEV_ABSTRACTION_RAID,
|
||||||
|
GRUB_DEV_ABSTRACTION_LUKS,
|
||||||
|
GRUB_DEV_ABSTRACTION_GELI,
|
||||||
};
|
};
|
||||||
|
|
||||||
char *grub_find_device (const char *dir, dev_t dev);
|
char *grub_find_device (const char *dir, dev_t dev);
|
||||||
|
@ -37,5 +39,9 @@ const char *grub_util_check_char_device (const char *blk_dev);
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
char **grub_util_raid_getmembers (const char *name, int bootable);
|
char **grub_util_raid_getmembers (const char *name, int bootable);
|
||||||
#endif
|
#endif
|
||||||
|
#if defined (__FreeBSD__) || defined(__FreeBSD_kernel__)
|
||||||
|
void grub_util_follow_gpart_up (const char *name, grub_disk_addr_t *off_out,
|
||||||
|
char **name_out);
|
||||||
|
#endif
|
||||||
|
|
||||||
#endif /* ! GRUB_UTIL_GETROOT_HEADER */
|
#endif /* ! GRUB_UTIL_GETROOT_HEADER */
|
||||||
|
|
|
@ -21,6 +21,7 @@
|
||||||
#define GRUB_BIOSDISK_MACHINE_UTIL_HEADER 1
|
#define GRUB_BIOSDISK_MACHINE_UTIL_HEADER 1
|
||||||
|
|
||||||
#include <grub/disk.h>
|
#include <grub/disk.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
|
||||||
void grub_util_biosdisk_init (const char *dev_map);
|
void grub_util_biosdisk_init (const char *dev_map);
|
||||||
void grub_util_biosdisk_fini (void);
|
void grub_util_biosdisk_fini (void);
|
||||||
|
@ -30,5 +31,15 @@ int grub_util_biosdisk_is_present (const char *name);
|
||||||
int grub_util_biosdisk_is_floppy (grub_disk_t disk);
|
int grub_util_biosdisk_is_floppy (grub_disk_t disk);
|
||||||
grub_err_t grub_util_biosdisk_flush (struct grub_disk *disk);
|
grub_err_t grub_util_biosdisk_flush (struct grub_disk *disk);
|
||||||
void grub_util_pull_device (const char *osname);
|
void grub_util_pull_device (const char *osname);
|
||||||
|
grub_err_t
|
||||||
|
grub_util_fd_seek (int fd, const char *name, grub_uint64_t sector);
|
||||||
|
ssize_t grub_util_fd_read (int fd, char *buf, size_t len);
|
||||||
|
grub_err_t
|
||||||
|
grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat);
|
||||||
|
void grub_util_cryptodisk_print_uuid (grub_disk_t disk);
|
||||||
|
#if !defined(__MINGW32__)
|
||||||
|
grub_uint64_t
|
||||||
|
grub_util_get_fd_sectors (int fd, unsigned *log_secsize);
|
||||||
|
#endif
|
||||||
|
|
||||||
#endif /* ! GRUB_BIOSDISK_MACHINE_UTIL_HEADER */
|
#endif /* ! GRUB_BIOSDISK_MACHINE_UTIL_HEADER */
|
||||||
|
|
|
@ -299,6 +299,7 @@ static char **images = NULL;
|
||||||
static int cmd = 0;
|
static int cmd = 0;
|
||||||
static char *debug_str = NULL;
|
static char *debug_str = NULL;
|
||||||
static char **args = NULL;
|
static char **args = NULL;
|
||||||
|
static int mount_crypt = 0;
|
||||||
|
|
||||||
static void
|
static void
|
||||||
fstest (int n, char **args)
|
fstest (int n, char **args)
|
||||||
|
@ -328,6 +329,15 @@ fstest (int n, char **args)
|
||||||
grub_free (host_file);
|
grub_free (host_file);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
char *argv[2] = { "-a", NULL};
|
||||||
|
if (mount_crypt)
|
||||||
|
{
|
||||||
|
if (execute_command ("cryptomount", 1, argv))
|
||||||
|
grub_util_error (_("cryptomount command fails: %s"), grub_errmsg);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
grub_lvm_fini ();
|
grub_lvm_fini ();
|
||||||
grub_mdraid09_fini ();
|
grub_mdraid09_fini ();
|
||||||
grub_mdraid1x_fini ();
|
grub_mdraid1x_fini ();
|
||||||
|
@ -397,6 +407,7 @@ static struct argp_option options[] = {
|
||||||
{"length", 'n', "N", 0, N_("Handle N bytes in output file."), 2},
|
{"length", 'n', "N", 0, N_("Handle N bytes in output file."), 2},
|
||||||
{"diskcount", 'c', "N", 0, N_("N input files."), 2},
|
{"diskcount", 'c', "N", 0, N_("N input files."), 2},
|
||||||
{"debug", 'd', "S", 0, N_("Set debug environment variable."), 2},
|
{"debug", 'd', "S", 0, N_("Set debug environment variable."), 2},
|
||||||
|
{"crypto", 'C', NULL, OPTION_ARG_OPTIONAL, N_("Mount crypto devices."), 2},
|
||||||
{"verbose", 'v', NULL, OPTION_ARG_OPTIONAL, N_("Print verbose messages."), 2},
|
{"verbose", 'v', NULL, OPTION_ARG_OPTIONAL, N_("Print verbose messages."), 2},
|
||||||
{0, 0, 0, 0, 0, 0}
|
{0, 0, 0, 0, 0, 0}
|
||||||
};
|
};
|
||||||
|
@ -420,6 +431,10 @@ argp_parser (int key, char *arg, struct argp_state *state)
|
||||||
root = arg;
|
root = arg;
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
case 'C':
|
||||||
|
mount_crypt = 1;
|
||||||
|
return 0;
|
||||||
|
|
||||||
case 's':
|
case 's':
|
||||||
skip = grub_strtoul (arg, &p, 0);
|
skip = grub_strtoul (arg, &p, 0);
|
||||||
if (*p == 's')
|
if (*p == 's')
|
||||||
|
@ -564,6 +579,7 @@ main (int argc, char *argv[])
|
||||||
|
|
||||||
/* Initialize all modules. */
|
/* Initialize all modules. */
|
||||||
grub_init_all ();
|
grub_init_all ();
|
||||||
|
grub_gcry_init_all ();
|
||||||
|
|
||||||
if (debug_str)
|
if (debug_str)
|
||||||
grub_env_set ("debug", debug_str);
|
grub_env_set ("debug", debug_str);
|
||||||
|
@ -592,6 +608,7 @@ main (int argc, char *argv[])
|
||||||
fstest (args_count - 1 - num_disks, args);
|
fstest (args_count - 1 - num_disks, args);
|
||||||
|
|
||||||
/* Free resources. */
|
/* Free resources. */
|
||||||
|
grub_gcry_fini_all ();
|
||||||
grub_fini_all ();
|
grub_fini_all ();
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
@ -456,6 +456,8 @@ for dir in "${localedir}"/*; do
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
is_path_readable_by_grub "${grubdir}" || (echo "${grubdir}" not readable 1>&2 ; exit 1)
|
||||||
|
|
||||||
# Write device to a variable so we don't have to traverse /dev every time.
|
# Write device to a variable so we don't have to traverse /dev every time.
|
||||||
grub_device="`"$grub_probe" --device-map="${device_map}" --target=device "${grubdir}"`" || exit 1
|
grub_device="`"$grub_probe" --device-map="${device_map}" --target=device "${grubdir}"`" || exit 1
|
||||||
|
|
||||||
|
@ -544,6 +546,12 @@ if [ "x${devabstraction_module}" = "x" ] ; then
|
||||||
|
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
if [ x$GRUB_CRYPTODISK_ENABLE = xy ]; then
|
||||||
|
for uuid in "`"${grub_probe}" --device "${device}" --target=cryptodisk_uuid`"; do
|
||||||
|
echo "cryptomount -u $uuid"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
echo "search.fs_uuid ${uuid} root " >> "${grubdir}/load.cfg"
|
echo "search.fs_uuid ${uuid} root " >> "${grubdir}/load.cfg"
|
||||||
echo 'set prefix=($root)'"${relative_grubdir}" >> "${grubdir}/load.cfg"
|
echo 'set prefix=($root)'"${relative_grubdir}" >> "${grubdir}/load.cfg"
|
||||||
config_opt="-c ${grubdir}/load.cfg "
|
config_opt="-c ${grubdir}/load.cfg "
|
||||||
|
|
|
@ -256,6 +256,7 @@ export GRUB_DEFAULT \
|
||||||
GRUB_DISABLE_OS_PROBER \
|
GRUB_DISABLE_OS_PROBER \
|
||||||
GRUB_INIT_TUNE \
|
GRUB_INIT_TUNE \
|
||||||
GRUB_SAVEDEFAULT \
|
GRUB_SAVEDEFAULT \
|
||||||
|
GRUB_ENABLE_CRYPTODISK \
|
||||||
GRUB_BADRAM
|
GRUB_BADRAM
|
||||||
|
|
||||||
if test "x${grub_cfg}" != "x"; then
|
if test "x${grub_cfg}" != "x"; then
|
||||||
|
|
|
@ -63,10 +63,22 @@ is_path_readable_by_grub ()
|
||||||
|
|
||||||
# ... or if we can't figure out the abstraction module, for example if
|
# ... or if we can't figure out the abstraction module, for example if
|
||||||
# memberlist fails on an LVM volume group.
|
# memberlist fails on an LVM volume group.
|
||||||
if "${grub_probe}" -t abstraction "$path" > /dev/null 2>&1 ; then : ; else
|
if abstractions="`"${grub_probe}" -t abstraction "$path"`" 2>&1 ; then
|
||||||
|
:
|
||||||
|
else
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ x$GRUB_CRYPTODISK_ENABLE = xy ]; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
for abstraction in $abstractions; do
|
||||||
|
if [ "x$abstraction" = xcryptodisk ]; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -126,6 +138,12 @@ prepare_grub_to_access_device ()
|
||||||
echo "insmod ${module}"
|
echo "insmod ${module}"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if [ x$GRUB_CRYPTODISK_ENABLE = xy ]; then
|
||||||
|
for uuid in "`"${grub_probe}" --device "${device}" --target=cryptodisk_uuid`"; do
|
||||||
|
echo "cryptomount -u $uuid"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
# If there's a filesystem UUID that GRUB is capable of identifying, use it;
|
# If there's a filesystem UUID that GRUB is capable of identifying, use it;
|
||||||
# otherwise set root as per value in device.map.
|
# otherwise set root as per value in device.map.
|
||||||
echo "set root='`"${grub_probe}" --device "${device}" --target=drive`'"
|
echo "set root='`"${grub_probe}" --device "${device}" --target=drive`'"
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
|
|
||||||
#include <grub/types.h>
|
#include <grub/types.h>
|
||||||
#include <grub/crypto.h>
|
#include <grub/crypto.h>
|
||||||
|
#include <grub/auth.h>
|
||||||
#include <grub/emu/misc.h>
|
#include <grub/emu/misc.h>
|
||||||
#include <grub/util/misc.h>
|
#include <grub/util/misc.h>
|
||||||
#include <grub/i18n.h>
|
#include <grub/i18n.h>
|
||||||
|
@ -29,7 +30,6 @@
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <getopt.h>
|
#include <getopt.h>
|
||||||
#include <termios.h>
|
|
||||||
|
|
||||||
#include "progname.h"
|
#include "progname.h"
|
||||||
|
|
||||||
|
@ -85,14 +85,12 @@ int
|
||||||
main (int argc, char *argv[])
|
main (int argc, char *argv[])
|
||||||
{
|
{
|
||||||
unsigned int count = 10000, buflen = 64, saltlen = 64;
|
unsigned int count = 10000, buflen = 64, saltlen = 64;
|
||||||
char *pass1, *pass2;
|
|
||||||
char *bufhex, *salthex;
|
char *bufhex, *salthex;
|
||||||
gcry_err_code_t gcry_err;
|
gcry_err_code_t gcry_err;
|
||||||
grub_uint8_t *buf, *salt;
|
grub_uint8_t *buf, *salt;
|
||||||
ssize_t nr;
|
ssize_t nr;
|
||||||
FILE *in, *out;
|
char pass1[GRUB_AUTH_MAX_PASSLEN];
|
||||||
struct termios s, t;
|
char pass2[GRUB_AUTH_MAX_PASSLEN];
|
||||||
int tty_changed;
|
|
||||||
|
|
||||||
set_program_name (argv[0]);
|
set_program_name (argv[0]);
|
||||||
|
|
||||||
|
@ -161,85 +159,36 @@ main (int argc, char *argv[])
|
||||||
grub_util_error ("out of memory");
|
grub_util_error ("out of memory");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Disable echoing. Based on glibc. */
|
|
||||||
in = fopen ("/dev/tty", "w+c");
|
|
||||||
if (in == NULL)
|
|
||||||
{
|
|
||||||
in = stdin;
|
|
||||||
out = stderr;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
out = in;
|
|
||||||
|
|
||||||
if (tcgetattr (fileno (in), &t) == 0)
|
|
||||||
{
|
|
||||||
/* Save the old one. */
|
|
||||||
s = t;
|
|
||||||
/* Tricky, tricky. */
|
|
||||||
t.c_lflag &= ~(ECHO|ISIG);
|
|
||||||
tty_changed = (tcsetattr (fileno (in), TCSAFLUSH, &t) == 0);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
tty_changed = 0;
|
|
||||||
|
|
||||||
printf ("Enter password: ");
|
printf ("Enter password: ");
|
||||||
pass1 = NULL;
|
if (!grub_password_get (pass1, GRUB_AUTH_MAX_PASSLEN))
|
||||||
{
|
|
||||||
grub_size_t n;
|
|
||||||
nr = getline (&pass1, &n, stdin);
|
|
||||||
}
|
|
||||||
if (nr < 0 || !pass1)
|
|
||||||
{
|
{
|
||||||
free (buf);
|
free (buf);
|
||||||
free (bufhex);
|
free (bufhex);
|
||||||
free (salthex);
|
free (salthex);
|
||||||
free (salt);
|
free (salt);
|
||||||
/* Restore the original setting. */
|
|
||||||
if (tty_changed)
|
|
||||||
(void) tcsetattr (fileno (in), TCSAFLUSH, &s);
|
|
||||||
grub_util_error ("failure to read password");
|
grub_util_error ("failure to read password");
|
||||||
}
|
}
|
||||||
if (nr >= 1 && pass1[nr-1] == '\n')
|
|
||||||
pass1[nr-1] = 0;
|
|
||||||
|
|
||||||
printf ("\nReenter password: ");
|
printf ("\nReenter password: ");
|
||||||
pass2 = NULL;
|
if (!grub_password_get (pass2, GRUB_AUTH_MAX_PASSLEN))
|
||||||
{
|
{
|
||||||
grub_size_t n;
|
|
||||||
nr = getline (&pass2, &n, stdin);
|
|
||||||
}
|
|
||||||
/* Restore the original setting. */
|
|
||||||
if (tty_changed)
|
|
||||||
(void) tcsetattr (fileno (in), TCSAFLUSH, &s);
|
|
||||||
printf ("\n");
|
|
||||||
|
|
||||||
if (nr < 0 || !pass2)
|
|
||||||
{
|
|
||||||
memset (pass1, 0, strlen (pass1));
|
|
||||||
free (pass1);
|
|
||||||
free (buf);
|
free (buf);
|
||||||
free (bufhex);
|
free (bufhex);
|
||||||
free (salthex);
|
free (salthex);
|
||||||
free (salt);
|
free (salt);
|
||||||
grub_util_error ("failure to read password");
|
grub_util_error ("failure to read password");
|
||||||
}
|
}
|
||||||
if (nr >= 1 && pass2[nr-1] == '\n')
|
|
||||||
pass2[nr-1] = 0;
|
|
||||||
|
|
||||||
if (strcmp (pass1, pass2) != 0)
|
if (strcmp (pass1, pass2) != 0)
|
||||||
{
|
{
|
||||||
memset (pass1, 0, strlen (pass1));
|
memset (pass1, 0, sizeof (pass1));
|
||||||
memset (pass2, 0, strlen (pass2));
|
memset (pass2, 0, sizeof (pass2));
|
||||||
free (pass1);
|
|
||||||
free (pass2);
|
|
||||||
free (buf);
|
free (buf);
|
||||||
free (bufhex);
|
free (bufhex);
|
||||||
free (salthex);
|
free (salthex);
|
||||||
free (salt);
|
free (salt);
|
||||||
grub_util_error ("passwords don't match");
|
grub_util_error ("passwords don't match");
|
||||||
}
|
}
|
||||||
memset (pass2, 0, strlen (pass2));
|
memset (pass2, 0, sizeof (pass2));
|
||||||
free (pass2);
|
|
||||||
|
|
||||||
#if ! defined (__linux__) && ! defined (__FreeBSD__)
|
#if ! defined (__linux__) && ! defined (__FreeBSD__)
|
||||||
printf ("WARNING: your random generator isn't known to be secure\n");
|
printf ("WARNING: your random generator isn't known to be secure\n");
|
||||||
|
@ -251,8 +200,7 @@ main (int argc, char *argv[])
|
||||||
f = fopen ("/dev/urandom", "rb");
|
f = fopen ("/dev/urandom", "rb");
|
||||||
if (!f)
|
if (!f)
|
||||||
{
|
{
|
||||||
memset (pass1, 0, strlen (pass1));
|
memset (pass1, 0, sizeof (pass1));
|
||||||
free (pass1);
|
|
||||||
free (buf);
|
free (buf);
|
||||||
free (bufhex);
|
free (bufhex);
|
||||||
free (salthex);
|
free (salthex);
|
||||||
|
@ -264,8 +212,7 @@ main (int argc, char *argv[])
|
||||||
if (rd != saltlen)
|
if (rd != saltlen)
|
||||||
{
|
{
|
||||||
fclose (f);
|
fclose (f);
|
||||||
memset (pass1, 0, strlen (pass1));
|
memset (pass1, 0, sizeof (pass1));
|
||||||
free (pass1);
|
|
||||||
free (buf);
|
free (buf);
|
||||||
free (bufhex);
|
free (bufhex);
|
||||||
free (salthex);
|
free (salthex);
|
||||||
|
@ -279,8 +226,7 @@ main (int argc, char *argv[])
|
||||||
(grub_uint8_t *) pass1, strlen (pass1),
|
(grub_uint8_t *) pass1, strlen (pass1),
|
||||||
salt, saltlen,
|
salt, saltlen,
|
||||||
count, buf, buflen);
|
count, buf, buflen);
|
||||||
memset (pass1, 0, strlen (pass1));
|
memset (pass1, 0, sizeof (pass1));
|
||||||
free (pass1);
|
|
||||||
|
|
||||||
if (gcry_err)
|
if (gcry_err)
|
||||||
{
|
{
|
||||||
|
|
|
@ -34,6 +34,8 @@
|
||||||
#include <grub/env.h>
|
#include <grub/env.h>
|
||||||
#include <grub/raid.h>
|
#include <grub/raid.h>
|
||||||
#include <grub/i18n.h>
|
#include <grub/i18n.h>
|
||||||
|
#include <grub/crypto.h>
|
||||||
|
#include <grub/cryptodisk.h>
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
@ -54,6 +56,7 @@ enum {
|
||||||
PRINT_DEVICE,
|
PRINT_DEVICE,
|
||||||
PRINT_PARTMAP,
|
PRINT_PARTMAP,
|
||||||
PRINT_ABSTRACTION,
|
PRINT_ABSTRACTION,
|
||||||
|
PRINT_CRYPTODISK_UUID
|
||||||
};
|
};
|
||||||
|
|
||||||
int print = PRINT_FS;
|
int print = PRINT_FS;
|
||||||
|
@ -63,15 +66,49 @@ static void
|
||||||
probe_partmap (grub_disk_t disk)
|
probe_partmap (grub_disk_t disk)
|
||||||
{
|
{
|
||||||
grub_partition_t part;
|
grub_partition_t part;
|
||||||
|
grub_disk_memberlist_t list = NULL, tmp;
|
||||||
|
|
||||||
if (disk->partition == NULL)
|
if (disk->partition == NULL)
|
||||||
{
|
{
|
||||||
grub_util_info ("no partition map found for %s", disk->name);
|
grub_util_info ("no partition map found for %s", disk->name);
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for (part = disk->partition; part; part = part->parent)
|
for (part = disk->partition; part; part = part->parent)
|
||||||
printf ("%s\n", part->partmap->name);
|
printf ("%s ", part->partmap->name);
|
||||||
|
|
||||||
|
/* In case of LVM/RAID, check the member devices as well. */
|
||||||
|
if (disk->dev->memberlist)
|
||||||
|
{
|
||||||
|
list = disk->dev->memberlist (disk);
|
||||||
|
}
|
||||||
|
while (list)
|
||||||
|
{
|
||||||
|
probe_partmap (list->disk);
|
||||||
|
tmp = list->next;
|
||||||
|
free (list);
|
||||||
|
list = tmp;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
probe_cryptodisk_uuid (grub_disk_t disk)
|
||||||
|
{
|
||||||
|
grub_disk_memberlist_t list = NULL, tmp;
|
||||||
|
|
||||||
|
/* In case of LVM/RAID, check the member devices as well. */
|
||||||
|
if (disk->dev->memberlist)
|
||||||
|
{
|
||||||
|
list = disk->dev->memberlist (disk);
|
||||||
|
}
|
||||||
|
while (list)
|
||||||
|
{
|
||||||
|
probe_cryptodisk_uuid (list->disk);
|
||||||
|
tmp = list->next;
|
||||||
|
free (list);
|
||||||
|
list = tmp;
|
||||||
|
}
|
||||||
|
if (disk->dev->id == GRUB_DISK_DEVICE_CRYPTODISK_ID)
|
||||||
|
grub_util_cryptodisk_print_uuid (disk);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
|
@ -88,6 +125,42 @@ probe_raid_level (grub_disk_t disk)
|
||||||
return ((struct grub_raid_array *) disk->data)->level;
|
return ((struct grub_raid_array *) disk->data)->level;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
probe_abstraction (grub_disk_t disk)
|
||||||
|
{
|
||||||
|
grub_disk_memberlist_t list = NULL, tmp;
|
||||||
|
int raid_level;
|
||||||
|
|
||||||
|
if (disk->dev->memberlist)
|
||||||
|
list = disk->dev->memberlist (disk);
|
||||||
|
while (list)
|
||||||
|
{
|
||||||
|
probe_abstraction (list->disk);
|
||||||
|
|
||||||
|
tmp = list->next;
|
||||||
|
free (list);
|
||||||
|
list = tmp;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (disk->dev->id == GRUB_DISK_DEVICE_LVM_ID)
|
||||||
|
printf ("lvm ");
|
||||||
|
|
||||||
|
if (disk->dev->id == GRUB_DISK_DEVICE_CRYPTODISK_ID)
|
||||||
|
grub_util_cryptodisk_print_abstraction (disk);
|
||||||
|
|
||||||
|
raid_level = probe_raid_level (disk);
|
||||||
|
if (raid_level >= 0)
|
||||||
|
{
|
||||||
|
printf ("raid ");
|
||||||
|
if (disk->dev->raidname)
|
||||||
|
printf ("%s ", disk->dev->raidname (disk));
|
||||||
|
}
|
||||||
|
if (raid_level == 5)
|
||||||
|
printf ("raid5rec ");
|
||||||
|
if (raid_level == 6)
|
||||||
|
printf ("raid6rec ");
|
||||||
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
probe (const char *path, char *device_name)
|
probe (const char *path, char *device_name)
|
||||||
{
|
{
|
||||||
|
@ -136,91 +209,23 @@ probe (const char *path, char *device_name)
|
||||||
|
|
||||||
if (print == PRINT_ABSTRACTION)
|
if (print == PRINT_ABSTRACTION)
|
||||||
{
|
{
|
||||||
grub_disk_memberlist_t list = NULL, tmp;
|
probe_abstraction (dev->disk);
|
||||||
const int is_lvm = (dev->disk->dev->id == GRUB_DISK_DEVICE_LVM_ID);
|
|
||||||
int is_raid = 0;
|
|
||||||
int is_raid5 = 0;
|
|
||||||
int is_raid6 = 0;
|
|
||||||
int raid_level;
|
|
||||||
grub_disk_t raid_disk;
|
|
||||||
|
|
||||||
raid_level = probe_raid_level (dev->disk);
|
|
||||||
if (raid_level >= 0)
|
|
||||||
{
|
|
||||||
is_raid = 1;
|
|
||||||
is_raid5 |= (raid_level == 5);
|
|
||||||
is_raid6 |= (raid_level == 6);
|
|
||||||
raid_disk = dev->disk;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((is_lvm) && (dev->disk->dev->memberlist))
|
|
||||||
list = dev->disk->dev->memberlist (dev->disk);
|
|
||||||
while (list)
|
|
||||||
{
|
|
||||||
raid_level = probe_raid_level (list->disk);
|
|
||||||
if (raid_level >= 0)
|
|
||||||
{
|
|
||||||
is_raid = 1;
|
|
||||||
is_raid5 |= (raid_level == 5);
|
|
||||||
is_raid6 |= (raid_level == 6);
|
|
||||||
raid_disk = list->disk;
|
|
||||||
}
|
|
||||||
|
|
||||||
tmp = list->next;
|
|
||||||
free (list);
|
|
||||||
list = tmp;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (is_raid)
|
|
||||||
{
|
|
||||||
printf ("raid ");
|
|
||||||
if (is_raid5)
|
|
||||||
printf ("raid5rec ");
|
|
||||||
if (is_raid6)
|
|
||||||
printf ("raid6rec ");
|
|
||||||
if (raid_disk->dev->raidname)
|
|
||||||
printf ("%s ", raid_disk->dev->raidname (raid_disk));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (is_lvm)
|
|
||||||
printf ("lvm ");
|
|
||||||
|
|
||||||
printf ("\n");
|
printf ("\n");
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (print == PRINT_CRYPTODISK_UUID)
|
||||||
|
{
|
||||||
|
probe_cryptodisk_uuid (dev->disk);
|
||||||
|
printf ("\n");
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (print == PRINT_PARTMAP)
|
if (print == PRINT_PARTMAP)
|
||||||
{
|
{
|
||||||
grub_disk_memberlist_t list = NULL, tmp;
|
|
||||||
|
|
||||||
/* Check if dev->disk itself is contained in a partmap. */
|
/* Check if dev->disk itself is contained in a partmap. */
|
||||||
probe_partmap (dev->disk);
|
probe_partmap (dev->disk);
|
||||||
|
printf ("\n");
|
||||||
/* In case of LVM/RAID, check the member devices as well. */
|
|
||||||
if (dev->disk->dev->memberlist)
|
|
||||||
list = dev->disk->dev->memberlist (dev->disk);
|
|
||||||
while (list)
|
|
||||||
{
|
|
||||||
probe_partmap (list->disk);
|
|
||||||
/* LVM on RAID */
|
|
||||||
if (list->disk->dev->memberlist)
|
|
||||||
{
|
|
||||||
grub_disk_memberlist_t sub_list;
|
|
||||||
|
|
||||||
sub_list = list->disk->dev->memberlist (list->disk);
|
|
||||||
while (sub_list)
|
|
||||||
{
|
|
||||||
probe_partmap (sub_list->disk);
|
|
||||||
tmp = sub_list->next;
|
|
||||||
free (sub_list);
|
|
||||||
sub_list = tmp;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
tmp = list->next;
|
|
||||||
free (list);
|
|
||||||
list = tmp;
|
|
||||||
}
|
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -289,8 +294,8 @@ Probe device information for a given path (or device, if the -d option is given)
|
||||||
\n\
|
\n\
|
||||||
-d, --device given argument is a system device, not a path\n\
|
-d, --device given argument is a system device, not a path\n\
|
||||||
-m, --device-map=FILE use FILE as the device map [default=%s]\n\
|
-m, --device-map=FILE use FILE as the device map [default=%s]\n\
|
||||||
-t, --target=(fs|fs_uuid|fs_label|drive|device|partmap|abstraction)\n\
|
-t, --target=(fs|fs_uuid|fs_label|drive|device|partmap|abstraction|cryptodisk_uuid)\n\
|
||||||
print filesystem module, GRUB drive, system device, partition map module or abstraction module [default=fs]\n\
|
print filesystem module, GRUB drive, system device, partition map module, abstraction module or CRYPTO UUID [default=fs]\n\
|
||||||
-h, --help display this message and exit\n\
|
-h, --help display this message and exit\n\
|
||||||
-V, --version print version information and exit\n\
|
-V, --version print version information and exit\n\
|
||||||
-v, --verbose print verbose messages\n\
|
-v, --verbose print verbose messages\n\
|
||||||
|
@ -348,6 +353,8 @@ main (int argc, char *argv[])
|
||||||
print = PRINT_PARTMAP;
|
print = PRINT_PARTMAP;
|
||||||
else if (!strcmp (optarg, "abstraction"))
|
else if (!strcmp (optarg, "abstraction"))
|
||||||
print = PRINT_ABSTRACTION;
|
print = PRINT_ABSTRACTION;
|
||||||
|
else if (!strcmp (optarg, "cryptodisk_uuid"))
|
||||||
|
print = PRINT_CRYPTODISK_UUID;
|
||||||
else
|
else
|
||||||
usage (1);
|
usage (1);
|
||||||
break;
|
break;
|
||||||
|
@ -393,6 +400,7 @@ main (int argc, char *argv[])
|
||||||
|
|
||||||
/* Initialize all modules. */
|
/* Initialize all modules. */
|
||||||
grub_init_all ();
|
grub_init_all ();
|
||||||
|
grub_gcry_init_all ();
|
||||||
|
|
||||||
grub_lvm_fini ();
|
grub_lvm_fini ();
|
||||||
grub_mdraid09_fini ();
|
grub_mdraid09_fini ();
|
||||||
|
@ -410,6 +418,7 @@ main (int argc, char *argv[])
|
||||||
probe (argument, NULL);
|
probe (argument, NULL);
|
||||||
|
|
||||||
/* Free resources. */
|
/* Free resources. */
|
||||||
|
grub_gcry_fini_all ();
|
||||||
grub_fini_all ();
|
grub_fini_all ();
|
||||||
grub_util_biosdisk_fini ();
|
grub_util_biosdisk_fini ();
|
||||||
|
|
||||||
|
|
|
@ -42,7 +42,15 @@ except:
|
||||||
cipher_files = os.listdir (cipher_dir_in)
|
cipher_files = os.listdir (cipher_dir_in)
|
||||||
conf = open (os.path.join ("grub-core", "Makefile.gcry.def"), "w")
|
conf = open (os.path.join ("grub-core", "Makefile.gcry.def"), "w")
|
||||||
conf.write ("AutoGen definitions Makefile.tpl;\n\n")
|
conf.write ("AutoGen definitions Makefile.tpl;\n\n")
|
||||||
|
confutil = open ("Makefile.utilgcry.def", "w")
|
||||||
|
confutil.write ("AutoGen definitions Makefile.tpl;\n\n")
|
||||||
|
confutil.write ("library = {\n");
|
||||||
|
confutil.write (" name = libgrubgcry.a;\n");
|
||||||
|
confutil.write (" cflags = '$(CFLAGS_GCRY)';\n");
|
||||||
|
confutil.write (" cppflags = '$(CPPFLAGS_GCRY)';\n");
|
||||||
|
confutil.write ("\n");
|
||||||
chlog = ""
|
chlog = ""
|
||||||
|
modules = []
|
||||||
|
|
||||||
# Strictly speaking CRC32/CRC24 work on bytes so this value should be 1
|
# Strictly speaking CRC32/CRC24 work on bytes so this value should be 1
|
||||||
# But libgcrypt uses 64. Let's keep the value for compatibility. Since
|
# But libgcrypt uses 64. Let's keep the value for compatibility. Since
|
||||||
|
@ -103,6 +111,7 @@ for cipher_file in cipher_files:
|
||||||
skip = False
|
skip = False
|
||||||
skip2 = False
|
skip2 = False
|
||||||
ismd = False
|
ismd = False
|
||||||
|
iscipher = False
|
||||||
iscryptostart = False
|
iscryptostart = False
|
||||||
iscomma = False
|
iscomma = False
|
||||||
isglue = False
|
isglue = False
|
||||||
|
@ -132,15 +141,22 @@ for cipher_file in cipher_files:
|
||||||
sg = s.groups()[0]
|
sg = s.groups()[0]
|
||||||
cryptolist.write (("%s: %s\n") % (sg, modname))
|
cryptolist.write (("%s: %s\n") % (sg, modname))
|
||||||
iscryptostart = False
|
iscryptostart = False
|
||||||
if ismd:
|
if ismd or iscipher:
|
||||||
if not re.search (" *};", line) is None:
|
if not re.search (" *};", line) is None:
|
||||||
if not mdblocksizes.has_key (mdname):
|
|
||||||
print ("ERROR: Unknown digest blocksize: %s\n" % mdname)
|
|
||||||
exit (1)
|
|
||||||
if not iscomma:
|
if not iscomma:
|
||||||
fw.write (" ,\n")
|
fw.write (" ,\n")
|
||||||
fw.write (" .blocksize = %s\n" % mdblocksizes [mdname])
|
fw.write ("#ifdef GRUB_UTIL\n");
|
||||||
|
fw.write (" .modname = \"%s\",\n" % modname);
|
||||||
|
fw.write ("#endif\n");
|
||||||
|
if ismd:
|
||||||
|
if not mdblocksizes.has_key (mdname):
|
||||||
|
print ("ERROR: Unknown digest blocksize: %s\n"
|
||||||
|
% mdname)
|
||||||
|
exit (1)
|
||||||
|
fw.write (" .blocksize = %s\n"
|
||||||
|
% mdblocksizes [mdname])
|
||||||
ismd = False
|
ismd = False
|
||||||
|
iscipher = False
|
||||||
iscomma = not re.search (",$", line) is None
|
iscomma = not re.search (",$", line) is None
|
||||||
# Used only for selftests.
|
# Used only for selftests.
|
||||||
m = re.match ("(static byte|static unsigned char) (weak_keys_chksum)\[[0-9]*\] =", line)
|
m = re.match ("(static byte|static unsigned char) (weak_keys_chksum)\[[0-9]*\] =", line)
|
||||||
|
@ -181,14 +197,18 @@ for cipher_file in cipher_files:
|
||||||
continue
|
continue
|
||||||
m = re.match ("gcry_cipher_spec_t", line)
|
m = re.match ("gcry_cipher_spec_t", line)
|
||||||
if isc and not m is None:
|
if isc and not m is None:
|
||||||
|
assert (not iscryptostart)
|
||||||
|
assert (not iscipher)
|
||||||
assert (not iscryptostart)
|
assert (not iscryptostart)
|
||||||
ciphername = line [len ("gcry_cipher_spec_t"):].strip ()
|
ciphername = line [len ("gcry_cipher_spec_t"):].strip ()
|
||||||
ciphername = re.match("[a-zA-Z0-9_]*",ciphername).group ()
|
ciphername = re.match("[a-zA-Z0-9_]*",ciphername).group ()
|
||||||
ciphernames.append (ciphername)
|
ciphernames.append (ciphername)
|
||||||
|
iscipher = True
|
||||||
iscryptostart = True
|
iscryptostart = True
|
||||||
m = re.match ("gcry_md_spec_t", line)
|
m = re.match ("gcry_md_spec_t", line)
|
||||||
if isc and not m is None:
|
if isc and not m is None:
|
||||||
assert (not ismd)
|
assert (not ismd)
|
||||||
|
assert (not iscipher)
|
||||||
assert (not iscryptostart)
|
assert (not iscryptostart)
|
||||||
mdname = line [len ("gcry_md_spec_t"):].strip ()
|
mdname = line [len ("gcry_md_spec_t"):].strip ()
|
||||||
mdname = re.match("[a-zA-Z0-9_]*",mdname).group ()
|
mdname = re.match("[a-zA-Z0-9_]*",mdname).group ()
|
||||||
|
@ -249,6 +269,7 @@ for cipher_file in cipher_files:
|
||||||
% (cipher_file, cipher_file.replace ("-glue.c", ".c"))
|
% (cipher_file, cipher_file.replace ("-glue.c", ".c"))
|
||||||
else:
|
else:
|
||||||
modfiles = "lib/libgcrypt-grub/cipher/%s" % cipher_file
|
modfiles = "lib/libgcrypt-grub/cipher/%s" % cipher_file
|
||||||
|
modules.append (modname)
|
||||||
chmsg = "(GRUB_MOD_INIT(%s)): New function\n" % modname
|
chmsg = "(GRUB_MOD_INIT(%s)): New function\n" % modname
|
||||||
if nch:
|
if nch:
|
||||||
chlognew = "%s\n %s" % (chlognew, chmsg)
|
chlognew = "%s\n %s" % (chlognew, chmsg)
|
||||||
|
@ -283,6 +304,7 @@ for cipher_file in cipher_files:
|
||||||
conf.write (" name = %s;\n" % modname)
|
conf.write (" name = %s;\n" % modname)
|
||||||
for src in modfiles.split():
|
for src in modfiles.split():
|
||||||
conf.write (" common = %s;\n" % src)
|
conf.write (" common = %s;\n" % src)
|
||||||
|
confutil.write (" common = grub-core/%s;\n" % src)
|
||||||
conf.write (" cflags = '$(CFLAGS_GCRY)';\n");
|
conf.write (" cflags = '$(CFLAGS_GCRY)';\n");
|
||||||
conf.write (" cppflags = '$(CPPFLAGS_GCRY)';\n");
|
conf.write (" cppflags = '$(CPPFLAGS_GCRY)';\n");
|
||||||
conf.write ("};\n\n")
|
conf.write ("};\n\n")
|
||||||
|
@ -329,6 +351,32 @@ fw.close ()
|
||||||
infile = os.path.join (cipher_dir_in, "ChangeLog")
|
infile = os.path.join (cipher_dir_in, "ChangeLog")
|
||||||
outfile = os.path.join (cipher_dir_out, "ChangeLog")
|
outfile = os.path.join (cipher_dir_out, "ChangeLog")
|
||||||
|
|
||||||
|
conf.close ();
|
||||||
|
|
||||||
|
initfile = open (os.path.join (cipher_dir_out, "init.c"), "w")
|
||||||
|
for module in modules:
|
||||||
|
initfile.write ("extern void grub_%s_init (void);\n" % module)
|
||||||
|
initfile.write ("extern void grub_%s_fini (void);\n" % module)
|
||||||
|
initfile.write ("\n")
|
||||||
|
initfile.write ("void\n")
|
||||||
|
initfile.write ("grub_gcry_init_all (void)\n")
|
||||||
|
initfile.write ("{\n")
|
||||||
|
for module in modules:
|
||||||
|
initfile.write (" grub_%s_init ();\n" % module)
|
||||||
|
initfile.write ("}\n")
|
||||||
|
initfile.write ("\n")
|
||||||
|
initfile.write ("void\n")
|
||||||
|
initfile.write ("grub_gcry_fini_all (void)\n")
|
||||||
|
initfile.write ("{\n")
|
||||||
|
for module in modules:
|
||||||
|
initfile.write (" grub_%s_fini ();\n" % module)
|
||||||
|
initfile.write ("}\n")
|
||||||
|
initfile.close ()
|
||||||
|
|
||||||
|
confutil.write (" common = grub-core/lib/libgcrypt-grub/cipher/init.c;\n")
|
||||||
|
confutil.write ("};\n");
|
||||||
|
confutil.close ();
|
||||||
|
|
||||||
|
|
||||||
f=open (infile, "r")
|
f=open (infile, "r")
|
||||||
fw=open (outfile, "w")
|
fw=open (outfile, "w")
|
||||||
|
|
Loading…
Reference in a new issue