Use dedicated simple password retriever for size of future crypto disks modules and simplify entering passwords routines

This commit is contained in:
Vladimir 'phcoder' Serbinenko 2009-12-06 20:11:50 +01:00
parent c0a6bd447e
commit b391bdb2f2
7 changed files with 71 additions and 46 deletions

View file

@ -27,20 +27,11 @@
static grub_dl_t my_mod;
#define MAX_PASSLEN 1024
static grub_err_t
check_password (const char *user,
check_password (const char *user, const char *entered,
void *password)
{
char entered[MAX_PASSLEN];
grub_memset (entered, 0, sizeof (entered));
if (!GRUB_GET_PASSWORD (entered, sizeof (entered) - 1))
return GRUB_ACCESS_DENIED;
if (grub_crypto_memcmp (entered, password, MAX_PASSLEN) != 0)
if (grub_crypto_memcmp (entered, password, GRUB_AUTH_MAX_PASSLEN) != 0)
return GRUB_ACCESS_DENIED;
grub_auth_authenticate (user);
@ -59,12 +50,12 @@ grub_cmd_password (grub_command_t cmd __attribute__ ((unused)),
if (argc != 2)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Two arguments expected.");
pass = grub_zalloc (MAX_PASSLEN);
pass = grub_zalloc (GRUB_AUTH_MAX_PASSLEN);
if (!pass)
return grub_errno;
copylen = grub_strlen (args[1]);
if (copylen >= MAX_PASSLEN)
copylen = MAX_PASSLEN - 1;
if (copylen >= GRUB_AUTH_MAX_PASSLEN)
copylen = GRUB_AUTH_MAX_PASSLEN - 1;
grub_memcpy (pass, args[1], copylen);
err = grub_auth_register_authentication (args[0], check_password, pass);

View file

@ -16,6 +16,7 @@
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
#include <grub/auth.h>
#include <grub/crypto.h>
#include <grub/list.h>
#include <grub/mm.h>
@ -36,23 +37,17 @@ struct pbkdf2_password
};
static grub_err_t
check_password (const char *user, void *pin)
check_password (const char *user, const char *entered, void *pin)
{
char entered[1024];
grub_uint8_t *buf;
struct pbkdf2_password *pass = pin;
gcry_err_code_t err;
grub_memset (entered, 0, sizeof (entered));
if (!GRUB_GET_PASSWORD (entered, sizeof (entered) - 1))
return GRUB_ACCESS_DENIED;
buf = grub_malloc (pass->buflen);
if (!buf)
return grub_crypto_gcry_error (GPG_ERR_OUT_OF_MEMORY);
err = grub_crypto_pbkdf2 (GRUB_MD_SHA512, (grub_uint8_t *) &entered,
err = grub_crypto_pbkdf2 (GRUB_MD_SHA512, (grub_uint8_t *) entered,
grub_strlen (entered),
pass->salt, pass->saltlen, pass->c,
buf, pass->buflen);

View file

@ -651,6 +651,6 @@ password_pbkdf2_mod_LDFLAGS = $(COMMON_LDFLAGS)
bin_UTILITIES += grub-mkpasswd-pbkdf2
grub_mkpasswd_pbkdf2_SOURCES = gnulib/progname.c util/grub-mkpasswd-pbkdf2.c lib/crypto.c lib/libgcrypt-grub/cipher/sha512.c lib/pbkdf2.c util/misc.c kern/err.c
grub_mkpasswd_pbkdf2_CFLAGS += -Wno-missing-field-initializers -Wno-error -I$(srcdir)/lib/libgcrypt_wrap
grub_mkpasswd_pbkdf2_CFLAGS += -Wno-missing-field-initializers -Wno-error -I$(srcdir)/lib/libgcrypt_wrap -DGRUB_MKPASSWD=1
include $(srcdir)/conf/gcry.mk

View file

@ -19,14 +19,11 @@
#define GRUB_AUTH_HEADER 1
#include <grub/err.h>
#include <grub/crypto.h>
/* Macros for indistinguishibility. */
#define GRUB_ACCESS_DENIED grub_error (GRUB_ERR_ACCESS_DENIED, "Access denied.")
#define GRUB_GET_PASSWORD(string, len) grub_cmdline_get ("Enter password: ", \
string, len, \
'*', 0, 0)
#define GRUB_AUTH_MAX_PASSLEN 1024
typedef grub_err_t (*grub_auth_callback_t) (const char*, void *);
typedef grub_err_t (*grub_auth_callback_t) (const char *, const char *, void *);
grub_err_t grub_auth_register_authentication (const char *user,
grub_auth_callback_t callback,

View file

@ -26,8 +26,6 @@
#include <grub/symbol.h>
#include <grub/types.h>
#include <grub/err.h>
/* For GRUB_ACCESS_DENIED. */
#include <grub/auth.h>
typedef enum
{
@ -264,6 +262,12 @@ grub_crypto_pbkdf2 (const struct gcry_md_spec *md,
grub_uint8_t *DK, grub_size_t dkLen);
int
grub_crypto_memcmp (void *a, void *b, grub_size_t n);
grub_crypto_memcmp (const void *a, const void *b, grub_size_t n);
int
grub_password_get (char buf[], unsigned buf_size);
/* For indistinguishibility. */
#define GRUB_ACCESS_DENIED grub_error (GRUB_ERR_ACCESS_DENIED, "Access denied.")
#endif

View file

@ -20,6 +20,7 @@
#include <grub/crypto.h>
#include <grub/misc.h>
#include <grub/mm.h>
#include <grub/term.h>
struct grub_crypto_hmac_handle
{
@ -372,10 +373,10 @@ grub_crypto_gcry_error (gcry_err_code_t in)
}
int
grub_crypto_memcmp (void *a, void *b, grub_size_t n)
grub_crypto_memcmp (const void *a, const void *b, grub_size_t n)
{
register grub_size_t counter = 0;
grub_uint8_t *pa, *pb;
const grub_uint8_t *pa, *pb;
for (pa = a, pb = b; n; pa++, pb++, n--)
{
@ -385,3 +386,44 @@ grub_crypto_memcmp (void *a, void *b, grub_size_t n)
return !!counter;
}
#ifndef GRUB_MKPASSWD
int
grub_password_get (char buf[], unsigned buf_size)
{
unsigned cur_len = 0;
int key;
while (1)
{
key = GRUB_TERM_ASCII_CHAR (grub_getkey ());
if (key == '\n' || key == '\r')
break;
if (key == '\e')
{
cur_len = 0;
break;
}
if (key == '\b')
{
cur_len--;
continue;
}
if (!grub_isprint (key))
continue;
if (cur_len + 2 < buf_size)
buf[cur_len++] = key;
}
grub_memset (buf + cur_len, 0, buf_size - cur_len);
grub_putchar ('\n');
grub_refresh ();
return (key != '\e');
}
#endif

View file

@ -160,6 +160,7 @@ grub_auth_check_authentication (const char *userlist)
struct grub_auth_user *cur = NULL;
grub_err_t err;
static unsigned long punishment_delay = 1;
char entered[GRUB_AUTH_MAX_PASSLEN];
auto int hook (grub_list_t item);
int hook (grub_list_t item)
@ -189,22 +190,17 @@ grub_auth_check_authentication (const char *userlist)
0, 0, 0))
goto access_denied;
grub_printf ("Enter password: ");
if (!grub_password_get (entered, GRUB_AUTH_MAX_PASSLEN))
goto access_denied;
grub_list_iterate (GRUB_AS_LIST (users), hook);
if (!cur || ! cur->callback)
{
grub_list_iterate (GRUB_AS_LIST (users), hook_any);
/* No users present at all. */
if (!cur)
goto access_denied;
/* Display any of available authentication schemes. */
err = cur->callback (login, 0);
goto access_denied;
}
err = cur->callback (login, cur->arg);
err = cur->callback (login, entered, cur->arg);
if (is_authenticated (userlist))
{
punishment_delay = 1;