Use dedicated simple password retriever for size of future crypto disks modules and simplify entering passwords routines
This commit is contained in:
Vladimir 'phcoder' Serbinenko
parent
c0a6bd447e
commit
b391bdb2f2
7 changed files with 71 additions and 46 deletions
|
|
@ -27,20 +27,11 @@
|
|||
|
||||
static grub_dl_t my_mod;
|
||||
|
||||
#define MAX_PASSLEN 1024
|
||||
|
||||
static grub_err_t
|
||||
check_password (const char *user,
|
||||
check_password (const char *user, const char *entered,
|
||||
void *password)
|
||||
{
|
||||
char entered[MAX_PASSLEN];
|
||||
|
||||
grub_memset (entered, 0, sizeof (entered));
|
||||
|
||||
if (!GRUB_GET_PASSWORD (entered, sizeof (entered) - 1))
|
||||
return GRUB_ACCESS_DENIED;
|
||||
|
||||
if (grub_crypto_memcmp (entered, password, MAX_PASSLEN) != 0)
|
||||
if (grub_crypto_memcmp (entered, password, GRUB_AUTH_MAX_PASSLEN) != 0)
|
||||
return GRUB_ACCESS_DENIED;
|
||||
|
||||
grub_auth_authenticate (user);
|
||||
|
|
@ -59,12 +50,12 @@ grub_cmd_password (grub_command_t cmd __attribute__ ((unused)),
|
|||
if (argc != 2)
|
||||
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Two arguments expected.");
|
||||
|
||||
pass = grub_zalloc (MAX_PASSLEN);
|
||||
pass = grub_zalloc (GRUB_AUTH_MAX_PASSLEN);
|
||||
if (!pass)
|
||||
return grub_errno;
|
||||
copylen = grub_strlen (args[1]);
|
||||
if (copylen >= MAX_PASSLEN)
|
||||
copylen = MAX_PASSLEN - 1;
|
||||
if (copylen >= GRUB_AUTH_MAX_PASSLEN)
|
||||
copylen = GRUB_AUTH_MAX_PASSLEN - 1;
|
||||
grub_memcpy (pass, args[1], copylen);
|
||||
|
||||
err = grub_auth_register_authentication (args[0], check_password, pass);
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@
|
|||
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include <grub/auth.h>
|
||||
#include <grub/crypto.h>
|
||||
#include <grub/list.h>
|
||||
#include <grub/mm.h>
|
||||
|
|
@ -36,23 +37,17 @@ struct pbkdf2_password
|
|||
};
|
||||
|
||||
static grub_err_t
|
||||
check_password (const char *user, void *pin)
|
||||
check_password (const char *user, const char *entered, void *pin)
|
||||
{
|
||||
char entered[1024];
|
||||
grub_uint8_t *buf;
|
||||
struct pbkdf2_password *pass = pin;
|
||||
gcry_err_code_t err;
|
||||
|
||||
grub_memset (entered, 0, sizeof (entered));
|
||||
|
||||
if (!GRUB_GET_PASSWORD (entered, sizeof (entered) - 1))
|
||||
return GRUB_ACCESS_DENIED;
|
||||
|
||||
buf = grub_malloc (pass->buflen);
|
||||
if (!buf)
|
||||
return grub_crypto_gcry_error (GPG_ERR_OUT_OF_MEMORY);
|
||||
|
||||
err = grub_crypto_pbkdf2 (GRUB_MD_SHA512, (grub_uint8_t *) &entered,
|
||||
err = grub_crypto_pbkdf2 (GRUB_MD_SHA512, (grub_uint8_t *) entered,
|
||||
grub_strlen (entered),
|
||||
pass->salt, pass->saltlen, pass->c,
|
||||
buf, pass->buflen);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue