a251b71915
* Makefile.util.def (libgrubkern.a): Add grub-core/lib/crypto.c, grub-core/disk/luks.c, grub-core/disk/geli.c, grub-core/disk/cryptodisk.c, grub-core/disk/AFSplitter.c, grub-core/lib/pbkdf2.c, grub-core/commands/extcmd.c, grub-core/lib/arg.c. (libgrubmods.a): Remove gcrypts cflags and cppflags. Remove grub-core/commands/extcmd.c, grub-core/lib/arg.c, grub-core/lib/crypto.c, grub-core/lib/libgcrypt-grub/cipher/sha512.c, grub-core/lib/libgcrypt-grub/cipher/crc.c and grub-core/lib/pbkdf2.c. (grub-bin2h): Add libgcry.a. (grub-mkimage): Likewise. (grub-mkrelpath): Likewise. (grub-script-check): Likewise. (grub-editenv): Likewise. (grub-mkpasswd-pbkdf2): Likewise. (grub-pe2elf): Likewise. (grub-fstest): Likewise. (grub-mkfont): Likewise. (grub-mkdevicemap): Likewise. (grub-probe): Likewise. (grub-ofpath): Likewise. (grub-mklayout): Likewise. (example_unit_test): Likewise. (grub-menulst2cfg): Likewise. * autogen.sh (UTIL_DEFS): Add Makefile.utilgcry.def. * grub-core/Makefile.core.def (cryptodisk): New module. (luks): Likewise. (geli): Likewise. * grub-core/disk/AFSplitter.c: New file. * grub-core/disk/cryptodisk.c: Likewise. * grub-core/disk/geli.c: Likewise. * grub-core/disk/luks.c: Likewise. * grub-core/kern/emu/getroot.c (get_dm_uuid): New function based on grub_util_is_lvm. (grub_util_get_dm_abstraction): New function. (grub_util_follow_gpart_up): Likewise. (grub_util_get_geom_abstraction): Likewise. (grub_util_get_dev_abstraction): Use new functions. (grub_util_pull_device): Pull GELI and LUKS. (grub_util_get_grub_dev): Handle LUKS and GELI. * grub-core/kern/emu/hostdisk.c (grub_util_get_fd_sectors): New function. (grub_util_biosdisk_open): Use grub_util_get_fd_sectors. (follow_geom_up): Removed. (grub_util_fd_seek): New function. (open_device): Use grub_util_fd_seek. (nread): Rename to .. (grub_util_fd_read): ... this. All users updated. * grub-core/lib/crypto.c (grub_crypto_ecb_decrypt): A better prototype. (grub_crypto_cbc_decrypt): Likewise. (grub_crypto_hmac_write): Likewise. (grub_crypto_hmac_buffer): Likewise. (grub_password_get): Extend to util. * include/grub/crypto.h (gcry_cipher_spec) [GRUB_UTIL]: New member modname. (gcry_md_spec) [GRUB_UTIL]: Likewise. * include/grub/cryptodisk.h: New file. * include/grub/disk.h (grub_disk_dev_id): Rename LUKS to CRYPTODISK. * include/grub/emu/getroot.h (grub_dev_abstraction_types): Add LUKS and GELI. (grub_util_follow_gpart_up): New proto. * include/grub/emu/hostdisk.h (grub_util_fd_seek): Likewise. (grub_util_fd_read): Likewise. (grub_cryptodisk_cheat_mount): Likewise. (grub_util_cryptodisk_print_uuid): Likewise. (grub_util_get_fd_sectors): Likewise. * util/grub-fstest.c (mount_crypt): New var. (fstest): Mount crypto if requested. (options): New option -C. (argp_parser): Parse -C. (main): Init and fini gcry. * util/grub-install.in: Support cryptodisk install. * util/grub-mkconfig.in: Export GRUB_ENABLE_CRYPTODISK. * util/grub-mkconfig_lib.in (is_path_readable_by_grub): Support cryptodisk. (prepare_grub_to_access_device): Likewise. * util/grub-mkpasswd-pbkdf2.c (main): Use grub_password_get. * util/grub-probe.c (probe_partmap): Support cryptodisk UUID probe. (probe_cryptodisk_uuid): New function. (probe_abstraction): Likewise. (probe): Use new functions. * util/import_gcry.py: Create Makefile.utilgcry.def. Add modname member. Also-By: Michael Gorven <michael@gorven.za.net> Also-By: Clemens Fruhwirth <clemens@endorphin.org>
259 lines
5.7 KiB
C
259 lines
5.7 KiB
C
/*
|
|
* GRUB -- GRand Unified Bootloader
|
|
* Copyright (C) 1992-1999,2001,2003,2004,2005,2009 Free Software Foundation, Inc.
|
|
*
|
|
* GRUB is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* GRUB is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include <config.h>
|
|
|
|
#include <grub/types.h>
|
|
#include <grub/crypto.h>
|
|
#include <grub/auth.h>
|
|
#include <grub/emu/misc.h>
|
|
#include <grub/util/misc.h>
|
|
#include <grub/i18n.h>
|
|
|
|
#include <unistd.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <getopt.h>
|
|
|
|
#include "progname.h"
|
|
|
|
static struct option options[] =
|
|
{
|
|
{"iteration_count", required_argument, 0, 'c'},
|
|
{"buflen", required_argument, 0, 'l'},
|
|
{"saltlen", required_argument, 0, 's'},
|
|
{"help", no_argument, 0, 'h'},
|
|
{"version", no_argument, 0, 'V'},
|
|
};
|
|
|
|
static void
|
|
usage (int status)
|
|
{
|
|
if (status)
|
|
fprintf (stderr, "Try `%s --help' for more information.\n", program_name);
|
|
else
|
|
printf ("\
|
|
Usage: %s [OPTIONS]\n\
|
|
\nOptions:\n\
|
|
-c number, --iteration-count=number Number of PBKDF2 iterations\n\
|
|
-l number, --buflen=number Length of generated hash\n\
|
|
-s number, --salt=number Length of salt\n\
|
|
\n\
|
|
Report bugs to <%s>.\n", program_name, PACKAGE_BUGREPORT);
|
|
|
|
exit (status);
|
|
}
|
|
|
|
static void
|
|
hexify (char *hex, grub_uint8_t *bin, grub_size_t n)
|
|
{
|
|
while (n--)
|
|
{
|
|
if (((*bin & 0xf0) >> 4) < 10)
|
|
*hex = ((*bin & 0xf0) >> 4) + '0';
|
|
else
|
|
*hex = ((*bin & 0xf0) >> 4) + 'A' - 10;
|
|
hex++;
|
|
|
|
if ((*bin & 0xf) < 10)
|
|
*hex = (*bin & 0xf) + '0';
|
|
else
|
|
*hex = (*bin & 0xf) + 'A' - 10;
|
|
hex++;
|
|
bin++;
|
|
}
|
|
*hex = 0;
|
|
}
|
|
|
|
int
|
|
main (int argc, char *argv[])
|
|
{
|
|
unsigned int count = 10000, buflen = 64, saltlen = 64;
|
|
char *bufhex, *salthex;
|
|
gcry_err_code_t gcry_err;
|
|
grub_uint8_t *buf, *salt;
|
|
ssize_t nr;
|
|
char pass1[GRUB_AUTH_MAX_PASSLEN];
|
|
char pass2[GRUB_AUTH_MAX_PASSLEN];
|
|
|
|
set_program_name (argv[0]);
|
|
|
|
grub_util_init_nls ();
|
|
|
|
/* Check for options. */
|
|
while (1)
|
|
{
|
|
int c = getopt_long (argc, argv, "c:l:s:hvV", options, 0);
|
|
|
|
if (c == -1)
|
|
break;
|
|
|
|
switch (c)
|
|
{
|
|
case 'c':
|
|
count = strtoul (optarg, NULL, 0);
|
|
break;
|
|
|
|
case 'l':
|
|
buflen = strtoul (optarg, NULL, 0);
|
|
break;
|
|
|
|
case 's':
|
|
saltlen = strtoul (optarg, NULL, 0);
|
|
break;
|
|
|
|
case 'h':
|
|
usage (0);
|
|
return 0;
|
|
|
|
case 'V':
|
|
printf ("%s (%s) %s\n", program_name,
|
|
PACKAGE_NAME, PACKAGE_VERSION);
|
|
return 0;
|
|
|
|
default:
|
|
usage (1);
|
|
return 1;
|
|
}
|
|
}
|
|
|
|
bufhex = malloc (buflen * 2 + 1);
|
|
if (!bufhex)
|
|
grub_util_error ("out of memory");
|
|
buf = malloc (buflen);
|
|
if (!buf)
|
|
{
|
|
free (bufhex);
|
|
grub_util_error ("out of memory");
|
|
}
|
|
|
|
salt = malloc (saltlen);
|
|
if (!salt)
|
|
{
|
|
free (bufhex);
|
|
free (buf);
|
|
grub_util_error ("out of memory");
|
|
}
|
|
salthex = malloc (saltlen * 2 + 1);
|
|
if (!salthex)
|
|
{
|
|
free (salt);
|
|
free (bufhex);
|
|
free (buf);
|
|
grub_util_error ("out of memory");
|
|
}
|
|
|
|
printf ("Enter password: ");
|
|
if (!grub_password_get (pass1, GRUB_AUTH_MAX_PASSLEN))
|
|
{
|
|
free (buf);
|
|
free (bufhex);
|
|
free (salthex);
|
|
free (salt);
|
|
grub_util_error ("failure to read password");
|
|
}
|
|
printf ("\nReenter password: ");
|
|
if (!grub_password_get (pass2, GRUB_AUTH_MAX_PASSLEN))
|
|
{
|
|
free (buf);
|
|
free (bufhex);
|
|
free (salthex);
|
|
free (salt);
|
|
grub_util_error ("failure to read password");
|
|
}
|
|
|
|
if (strcmp (pass1, pass2) != 0)
|
|
{
|
|
memset (pass1, 0, sizeof (pass1));
|
|
memset (pass2, 0, sizeof (pass2));
|
|
free (buf);
|
|
free (bufhex);
|
|
free (salthex);
|
|
free (salt);
|
|
grub_util_error ("passwords don't match");
|
|
}
|
|
memset (pass2, 0, sizeof (pass2));
|
|
|
|
#if ! defined (__linux__) && ! defined (__FreeBSD__)
|
|
printf ("WARNING: your random generator isn't known to be secure\n");
|
|
#endif
|
|
|
|
{
|
|
FILE *f;
|
|
size_t rd;
|
|
f = fopen ("/dev/urandom", "rb");
|
|
if (!f)
|
|
{
|
|
memset (pass1, 0, sizeof (pass1));
|
|
free (buf);
|
|
free (bufhex);
|
|
free (salthex);
|
|
free (salt);
|
|
fclose (f);
|
|
grub_util_error ("couldn't retrieve random data for salt");
|
|
}
|
|
rd = fread (salt, 1, saltlen, f);
|
|
if (rd != saltlen)
|
|
{
|
|
fclose (f);
|
|
memset (pass1, 0, sizeof (pass1));
|
|
free (buf);
|
|
free (bufhex);
|
|
free (salthex);
|
|
free (salt);
|
|
grub_util_error ("couldn't retrieve random data for salt");
|
|
}
|
|
fclose (f);
|
|
}
|
|
|
|
gcry_err = grub_crypto_pbkdf2 (GRUB_MD_SHA512,
|
|
(grub_uint8_t *) pass1, strlen (pass1),
|
|
salt, saltlen,
|
|
count, buf, buflen);
|
|
memset (pass1, 0, sizeof (pass1));
|
|
|
|
if (gcry_err)
|
|
{
|
|
memset (buf, 0, buflen);
|
|
memset (bufhex, 0, 2 * buflen);
|
|
free (buf);
|
|
free (bufhex);
|
|
memset (salt, 0, saltlen);
|
|
memset (salthex, 0, 2 * saltlen);
|
|
free (salt);
|
|
free (salthex);
|
|
grub_util_error ("cryptographic error number %d", gcry_err);
|
|
}
|
|
|
|
hexify (bufhex, buf, buflen);
|
|
hexify (salthex, salt, saltlen);
|
|
|
|
printf ("Your PBKDF2 is grub.pbkdf2.sha512.%d.%s.%s\n",
|
|
count, salthex, bufhex);
|
|
memset (buf, 0, buflen);
|
|
memset (bufhex, 0, 2 * buflen);
|
|
free (buf);
|
|
free (bufhex);
|
|
memset (salt, 0, saltlen);
|
|
memset (salthex, 0, 2 * saltlen);
|
|
free (salt);
|
|
free (salthex);
|
|
|
|
return 0;
|
|
}
|