CMXSL.org/package-helpers-cmxsl
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
package-helpers-cmxsl/helpers/DATA/grub2/0004-Cryptomount-support-plain-dm-crypt.patch
Ruben Rodriguez 5d581ad75e Removed upstreamed changes to libsdl1.2
2019-04-30 22:40:01 -04:00

644 lines
22 KiB
Diff
Raw Blame History

From a8f9e3dcece89c179e89414abe89985c7ab1e03f Mon Sep 17 00:00:00 2001
From: John Lane <john@lane.uk.net>
Date: Fri, 26 Jun 2015 22:09:52 +0100
Subject: [PATCH 4/7] Cryptomount support plain dm-crypt
Patch modified to take into account a change to context
brought about by c93d3e694713b8230fa2cf88414fabe005b56782
grub-core/disk/cryptodisk.c
142c142
< if (disklast)
---
>
---
grub-core/disk/cryptodisk.c | 298 +++++++++++++++++++++++++++++++++++++++++++-
grub-core/disk/luks.c | 195 +----------------------------
include/grub/cryptodisk.h | 8 ++
3 files changed, 310 insertions(+), 191 deletions(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 5261af547..7f656f75c 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -45,6 +45,12 @@ static const struct grub_arg_option options[] =
{"keyfile", 'k', 0, N_("Key file"), 0, ARG_TYPE_STRING},
{"keyfile-offset", 'O', 0, N_("Key file offset (bytes)"), 0, ARG_TYPE_INT},
{"keyfile-size", 'S', 0, N_("Key file data size (bytes)"), 0, ARG_TYPE_INT},
+ {"plain", 'p', 0, N_("Plain (no LUKS header)"), 0, ARG_TYPE_NONE},
+ {"cipher", 'c', 0, N_("Plain mode cipher"), 0, ARG_TYPE_STRING},
+ {"digest", 'd', 0, N_("Plain mode passphrase digest (hash)"), 0, ARG_TYPE_STRING},
+ {"offset", 'o', 0, N_("Plain mode data sector offset"), 0, ARG_TYPE_INT},
+ {"size", 's', 0, N_("Size of raw device (sectors, defaults to whole device)"), 0, ARG_TYPE_INT},
+ {"key-size", 'K', 0, N_("Set key size (bits)"), 0, ARG_TYPE_INT},
{0, 0, 0, 0, 0, 0}
};
@@ -933,6 +939,48 @@ grub_cryptodisk_scan_device (const char *name,
return have_it && search_uuid ? 1 : 0;
}
+/* Hashes a passphrase into a key and stores it with cipher. */
+static gcry_err_code_t
+set_passphrase (grub_cryptodisk_t dev, grub_size_t keysize, const char *passphrase)
+{
+ grub_uint8_t derived_hash[GRUB_CRYPTODISK_MAX_KEYLEN * 2], *dh = derived_hash;
+ char *p;
+ unsigned int round, i;
+ unsigned int len, size;
+
+ /* Need no passphrase if there's no key */
+ if (keysize == 0)
+ return GPG_ERR_INV_KEYLEN;
+
+ /* Hack to support the "none" hash */
+ if (dev->hash)
+ len = dev->hash->mdlen;
+ else
+ len = grub_strlen (passphrase);
+
+ if (keysize > GRUB_CRYPTODISK_MAX_KEYLEN || len > GRUB_CRYPTODISK_MAX_KEYLEN)
+ return GPG_ERR_INV_KEYLEN;
+
+ p = grub_malloc (grub_strlen (passphrase) + 2 + keysize / len);
+ if (!p)
+ return grub_errno;
+
+ for (round = 0, size = keysize; size; round++, dh += len, size -= len)
+ {
+ for (i = 0; i < round; i++)
+ p[i] = 'A';
+
+ grub_strcpy (p + i, passphrase);
+
+ if (len > size)
+ len = size;
+
+ grub_crypto_hash (dev->hash, dh, p, grub_strlen (p));
+ }
+
+ return grub_cryptodisk_setkey (dev, derived_hash, keysize);
+}
+
static grub_err_t
grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
{
@@ -1060,7 +1108,63 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
return GRUB_ERR_NONE;
}
- err = grub_cryptodisk_scan_device_real (diskname, disk);
+ if (state[7].set) /* Plain mode */
+ {
+ char *cipher;
+ char *mode;
+ char *digest;
+ int offset, size, key_size;
+
+ cipher = grub_strdup (state[8].set ? state[8].arg : GRUB_CRYPTODISK_PLAIN_CIPHER);
+ digest = grub_strdup (state[9].set ? state[9].arg : GRUB_CRYPTODISK_PLAIN_DIGEST);
+ offset = state[10].set ? grub_strtoul (state[10].arg, 0, 0) : 0;
+ size = state[11].set ? grub_strtoul (state[11].arg, 0, 0) : 0;
+ key_size = ( state[12].set ? grub_strtoul (state[12].arg, 0, 0) \
+ : GRUB_CRYPTODISK_PLAIN_KEYSIZE ) / 8;
+
+ /* no strtok, do it manually */
+ mode = grub_strchr(cipher,'-');
+ if (!mode)
+ return GRUB_ERR_BAD_ARGUMENT;
+ else
+ *mode++ = 0;
+
+ dev = grub_cryptodisk_create (disk, NULL, cipher, mode, digest);
+
+ dev->offset = offset;
+ if (size) dev->total_length = size;
+
+ if (key)
+ {
+ err = grub_cryptodisk_setkey (dev, key, key_size);
+ if (err)
+ return err;
+ }
+ else
+ {
+ char passphrase[GRUB_CRYPTODISK_MAX_PASSPHRASE] = "";
+
+ grub_printf_ (N_("Enter passphrase for %s: "), diskname);
+ if (!grub_password_get (passphrase, GRUB_CRYPTODISK_MAX_PASSPHRASE))
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
+
+ err = set_passphrase (dev, key_size, passphrase);
+ if (err)
+ {
+ grub_crypto_cipher_close (dev->cipher);
+ return err;
+ }
+ }
+
+ grub_cryptodisk_insert (dev, diskname, disk);
+
+ grub_free (cipher);
+ grub_free (digest);
+
+ err = GRUB_ERR_NONE;
+ }
+ else
+ err = grub_cryptodisk_scan_device_real (diskname, disk);
grub_disk_close (disk);
if (disklast)
@@ -1193,13 +1297,203 @@ struct grub_procfs_entry luks_script =
.get_contents = luks_script_get
};
+grub_cryptodisk_t
+grub_cryptodisk_create (grub_disk_t disk, char *uuid,
+ char *ciphername, char *ciphermode, char *hashspec)
+{
+ grub_cryptodisk_t newdev;
+ char *cipheriv = NULL;
+ grub_crypto_cipher_handle_t cipher = NULL, secondary_cipher = NULL;
+ grub_crypto_cipher_handle_t essiv_cipher = NULL;
+ const gcry_md_spec_t *hash = NULL, *essiv_hash = NULL;
+ const struct gcry_cipher_spec *ciph;
+ grub_cryptodisk_mode_t mode;
+ grub_cryptodisk_mode_iv_t mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64;
+ int benbi_log = 0;
+
+ if (!uuid)
+ uuid = (char*)"00000000000000000000000000000000";
+
+ ciph = grub_crypto_lookup_cipher_by_name (ciphername);
+ if (!ciph)
+ {
+ grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher %s isn't available",
+ ciphername);
+ return NULL;
+ }
+
+ /* Configure the cipher used for the bulk data. */
+ cipher = grub_crypto_cipher_open (ciph);
+ if (!cipher)
+ return NULL;
+
+ /* Configure the cipher mode. */
+ if (grub_strcmp (ciphermode, "ecb") == 0)
+ {
+ mode = GRUB_CRYPTODISK_MODE_ECB;
+ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
+ cipheriv = NULL;
+ }
+ else if (grub_strcmp (ciphermode, "plain") == 0)
+ {
+ mode = GRUB_CRYPTODISK_MODE_CBC;
+ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
+ cipheriv = NULL;
+ }
+ else if (grub_memcmp (ciphermode, "cbc-", sizeof ("cbc-") - 1) == 0)
+ {
+ mode = GRUB_CRYPTODISK_MODE_CBC;
+ cipheriv = ciphermode + sizeof ("cbc-") - 1;
+ }
+ else if (grub_memcmp (ciphermode, "pcbc-", sizeof ("pcbc-") - 1) == 0)
+ {
+ mode = GRUB_CRYPTODISK_MODE_PCBC;
+ cipheriv = ciphermode + sizeof ("pcbc-") - 1;
+ }
+ else if (grub_memcmp (ciphermode, "xts-", sizeof ("xts-") - 1) == 0)
+ {
+ mode = GRUB_CRYPTODISK_MODE_XTS;
+ cipheriv = ciphermode + sizeof ("xts-") - 1;
+ secondary_cipher = grub_crypto_cipher_open (ciph);
+ if (!secondary_cipher)
+ {
+ grub_crypto_cipher_close (cipher);
+ return NULL;
+ }
+ if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d",
+ cipher->cipher->blocksize);
+ grub_crypto_cipher_close (cipher);
+ grub_crypto_cipher_close (secondary_cipher);
+ return NULL;
+ }
+ if (secondary_cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
+ {
+ grub_crypto_cipher_close (cipher);
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d",
+ secondary_cipher->cipher->blocksize);
+ grub_crypto_cipher_close (secondary_cipher);
+ return NULL;
+ }
+ }
+ else if (grub_memcmp (ciphermode, "lrw-", sizeof ("lrw-") - 1) == 0)
+ {
+ mode = GRUB_CRYPTODISK_MODE_LRW;
+ cipheriv = ciphermode + sizeof ("lrw-") - 1;
+ if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported LRW block size: %d",
+ cipher->cipher->blocksize);
+ grub_crypto_cipher_close (cipher);
+ return NULL;
+ }
+ }
+ else
+ {
+ grub_crypto_cipher_close (cipher);
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown cipher mode: %s",
+ ciphermode);
+ return NULL;
+ }
+
+ if (cipheriv == NULL);
+ else if (grub_memcmp (cipheriv, "plain", sizeof ("plain") - 1) == 0)
+ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
+ else if (grub_memcmp (cipheriv, "plain64", sizeof ("plain64") - 1) == 0)
+ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64;
+ else if (grub_memcmp (cipheriv, "benbi", sizeof ("benbi") - 1) == 0)
+ {
+ if (cipher->cipher->blocksize & (cipher->cipher->blocksize - 1)
+ || cipher->cipher->blocksize == 0)
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported benbi blocksize: %d",
+ cipher->cipher->blocksize);
+ /* FIXME should we return an error here? */
+ for (benbi_log = 0;
+ (cipher->cipher->blocksize << benbi_log) < GRUB_DISK_SECTOR_SIZE;
+ benbi_log++);
+ mode_iv = GRUB_CRYPTODISK_MODE_IV_BENBI;
+ }
+ else if (grub_memcmp (cipheriv, "null", sizeof ("null") - 1) == 0)
+ mode_iv = GRUB_CRYPTODISK_MODE_IV_NULL;
+ else if (grub_memcmp (cipheriv, "essiv:", sizeof ("essiv:") - 1) == 0)
+ {
+ char *hash_str = cipheriv + 6;
+
+ mode_iv = GRUB_CRYPTODISK_MODE_IV_ESSIV;
+
+ /* Configure the hash and cipher used for ESSIV. */
+ essiv_hash = grub_crypto_lookup_md_by_name (hash_str);
+ if (!essiv_hash)
+ {
+ grub_crypto_cipher_close (cipher);
+ grub_crypto_cipher_close (secondary_cipher);
+ grub_error (GRUB_ERR_FILE_NOT_FOUND,
+ "Couldn't load %s hash", hash_str);
+ return NULL;
+ }
+ essiv_cipher = grub_crypto_cipher_open (ciph);
+ if (!essiv_cipher)
+ {
+ grub_crypto_cipher_close (cipher);
+ grub_crypto_cipher_close (secondary_cipher);
+ return NULL;
+ }
+ }
+ else
+ {
+ grub_crypto_cipher_close (cipher);
+ grub_crypto_cipher_close (secondary_cipher);
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown IV mode: %s",
+ cipheriv);
+ return NULL;
+ }
+
+ /* Configure the passphrase hash (LUKS also uses AF splitter and HMAC). */
+ hash = grub_crypto_lookup_md_by_name (hashspec);
+ if (!hash)
+ {
+ grub_crypto_cipher_close (cipher);
+ grub_crypto_cipher_close (essiv_cipher);
+ grub_crypto_cipher_close (secondary_cipher);
+ grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
+ hashspec);
+ return NULL;
+ }
+
+ newdev = grub_zalloc (sizeof (struct grub_cryptodisk));
+ if (!newdev)
+ {
+ grub_crypto_cipher_close (cipher);
+ grub_crypto_cipher_close (essiv_cipher);
+ grub_crypto_cipher_close (secondary_cipher);
+ return NULL;
+ }
+ newdev->cipher = cipher;
+ newdev->offset = 0;
+ newdev->source_disk = NULL;
+ newdev->benbi_log = benbi_log;
+ newdev->mode = mode;
+ newdev->mode_iv = mode_iv;
+ newdev->secondary_cipher = secondary_cipher;
+ newdev->essiv_cipher = essiv_cipher;
+ newdev->essiv_hash = essiv_hash;
+ newdev->hash = hash;
+ newdev->log_sector_size = 9;
+ newdev->total_length = grub_disk_get_size (disk) - newdev->offset;
+ grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid));
+ COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid));
+
+ return newdev;
+}
+
static grub_extcmd_t cmd;
GRUB_MOD_INIT (cryptodisk)
{
grub_disk_dev_register (&grub_cryptodisk_dev);
cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0,
- N_("SOURCE|-u UUID|-a|-b|-H file"),
+ N_("SOURCE|-u UUID|-a|-b|-H file|-p -c cipher -d digest"),
N_("Mount a crypto device."), options);
grub_procfs_register ("luks_script", &luks_script);
}
diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
index 11e437edb..4ebe21b4e 100644
--- a/grub-core/disk/luks.c
+++ b/grub-core/disk/luks.c
@@ -30,8 +30,6 @@
GRUB_MOD_LICENSE ("GPLv3+");
-#define MAX_PASSPHRASE 256
-
#define LUKS_KEY_ENABLED 0x00AC71F3
/* On disk LUKS header */
@@ -76,15 +74,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
char uuid[sizeof (header.uuid) + 1];
char ciphername[sizeof (header.cipherName) + 1];
char ciphermode[sizeof (header.cipherMode) + 1];
- char *cipheriv = NULL;
char hashspec[sizeof (header.hashSpec) + 1];
- grub_crypto_cipher_handle_t cipher = NULL, secondary_cipher = NULL;
- grub_crypto_cipher_handle_t essiv_cipher = NULL;
- const gcry_md_spec_t *hash = NULL, *essiv_hash = NULL;
- const struct gcry_cipher_spec *ciph;
- grub_cryptodisk_mode_t mode;
- grub_cryptodisk_mode_iv_t mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64;
- int benbi_log = 0;
grub_err_t err;
err = GRUB_ERR_NONE;
@@ -119,7 +109,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
iptr++)
{
if (*iptr != '-')
- *optr++ = *iptr;
+ *optr++ = *iptr;
}
*optr = 0;
@@ -129,6 +119,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
return NULL;
}
+
/* Make sure that strings are null terminated. */
grub_memcpy (ciphername, header.cipherName, sizeof (header.cipherName));
ciphername[sizeof (header.cipherName)] = 0;
@@ -137,184 +128,10 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
grub_memcpy (hashspec, header.hashSpec, sizeof (header.hashSpec));
hashspec[sizeof (header.hashSpec)] = 0;
- ciph = grub_crypto_lookup_cipher_by_name (ciphername);
- if (!ciph)
- {
- grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher %s isn't available",
- ciphername);
- return NULL;
- }
-
- /* Configure the cipher used for the bulk data. */
- cipher = grub_crypto_cipher_open (ciph);
- if (!cipher)
- return NULL;
-
- if (grub_be_to_cpu32 (header.keyBytes) > 1024)
- {
- grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid keysize %d",
- grub_be_to_cpu32 (header.keyBytes));
- grub_crypto_cipher_close (cipher);
- return NULL;
- }
-
- /* Configure the cipher mode. */
- if (grub_strcmp (ciphermode, "ecb") == 0)
- {
- mode = GRUB_CRYPTODISK_MODE_ECB;
- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
- cipheriv = NULL;
- }
- else if (grub_strcmp (ciphermode, "plain") == 0)
- {
- mode = GRUB_CRYPTODISK_MODE_CBC;
- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
- cipheriv = NULL;
- }
- else if (grub_memcmp (ciphermode, "cbc-", sizeof ("cbc-") - 1) == 0)
- {
- mode = GRUB_CRYPTODISK_MODE_CBC;
- cipheriv = ciphermode + sizeof ("cbc-") - 1;
- }
- else if (grub_memcmp (ciphermode, "pcbc-", sizeof ("pcbc-") - 1) == 0)
- {
- mode = GRUB_CRYPTODISK_MODE_PCBC;
- cipheriv = ciphermode + sizeof ("pcbc-") - 1;
- }
- else if (grub_memcmp (ciphermode, "xts-", sizeof ("xts-") - 1) == 0)
- {
- mode = GRUB_CRYPTODISK_MODE_XTS;
- cipheriv = ciphermode + sizeof ("xts-") - 1;
- secondary_cipher = grub_crypto_cipher_open (ciph);
- if (!secondary_cipher)
- {
- grub_crypto_cipher_close (cipher);
- return NULL;
- }
- if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
- {
- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d",
- cipher->cipher->blocksize);
- grub_crypto_cipher_close (cipher);
- grub_crypto_cipher_close (secondary_cipher);
- return NULL;
- }
- if (secondary_cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
- {
- grub_crypto_cipher_close (cipher);
- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d",
- secondary_cipher->cipher->blocksize);
- grub_crypto_cipher_close (secondary_cipher);
- return NULL;
- }
- }
- else if (grub_memcmp (ciphermode, "lrw-", sizeof ("lrw-") - 1) == 0)
- {
- mode = GRUB_CRYPTODISK_MODE_LRW;
- cipheriv = ciphermode + sizeof ("lrw-") - 1;
- if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES)
- {
- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported LRW block size: %d",
- cipher->cipher->blocksize);
- grub_crypto_cipher_close (cipher);
- return NULL;
- }
- }
- else
- {
- grub_crypto_cipher_close (cipher);
- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown cipher mode: %s",
- ciphermode);
- return NULL;
- }
-
- if (cipheriv == NULL);
- else if (grub_memcmp (cipheriv, "plain", sizeof ("plain") - 1) == 0)
- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN;
- else if (grub_memcmp (cipheriv, "plain64", sizeof ("plain64") - 1) == 0)
- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64;
- else if (grub_memcmp (cipheriv, "benbi", sizeof ("benbi") - 1) == 0)
- {
- if (cipher->cipher->blocksize & (cipher->cipher->blocksize - 1)
- || cipher->cipher->blocksize == 0)
- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported benbi blocksize: %d",
- cipher->cipher->blocksize);
- /* FIXME should we return an error here? */
- for (benbi_log = 0;
- (cipher->cipher->blocksize << benbi_log) < GRUB_DISK_SECTOR_SIZE;
- benbi_log++);
- mode_iv = GRUB_CRYPTODISK_MODE_IV_BENBI;
- }
- else if (grub_memcmp (cipheriv, "null", sizeof ("null") - 1) == 0)
- mode_iv = GRUB_CRYPTODISK_MODE_IV_NULL;
- else if (grub_memcmp (cipheriv, "essiv:", sizeof ("essiv:") - 1) == 0)
- {
- char *hash_str = cipheriv + 6;
-
- mode_iv = GRUB_CRYPTODISK_MODE_IV_ESSIV;
-
- /* Configure the hash and cipher used for ESSIV. */
- essiv_hash = grub_crypto_lookup_md_by_name (hash_str);
- if (!essiv_hash)
- {
- grub_crypto_cipher_close (cipher);
- grub_crypto_cipher_close (secondary_cipher);
- grub_error (GRUB_ERR_FILE_NOT_FOUND,
- "Couldn't load %s hash", hash_str);
- return NULL;
- }
- essiv_cipher = grub_crypto_cipher_open (ciph);
- if (!essiv_cipher)
- {
- grub_crypto_cipher_close (cipher);
- grub_crypto_cipher_close (secondary_cipher);
- return NULL;
- }
- }
- else
- {
- grub_crypto_cipher_close (cipher);
- grub_crypto_cipher_close (secondary_cipher);
- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown IV mode: %s",
- cipheriv);
- return NULL;
- }
-
- /* Configure the hash used for the AF splitter and HMAC. */
- hash = grub_crypto_lookup_md_by_name (hashspec);
- if (!hash)
- {
- grub_crypto_cipher_close (cipher);
- grub_crypto_cipher_close (essiv_cipher);
- grub_crypto_cipher_close (secondary_cipher);
- grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
- hashspec);
- return NULL;
- }
+ newdev = grub_cryptodisk_create (disk, uuid, ciphername, ciphermode, hashspec);
- newdev = grub_zalloc (sizeof (struct grub_cryptodisk));
- if (!newdev)
- {
- grub_crypto_cipher_close (cipher);
- grub_crypto_cipher_close (essiv_cipher);
- grub_crypto_cipher_close (secondary_cipher);
- return NULL;
- }
- newdev->cipher = cipher;
newdev->offset = grub_be_to_cpu32 (header.payloadOffset);
- newdev->source_disk = NULL;
- newdev->benbi_log = benbi_log;
- newdev->mode = mode;
- newdev->mode_iv = mode_iv;
- newdev->secondary_cipher = secondary_cipher;
- newdev->essiv_cipher = essiv_cipher;
- newdev->essiv_hash = essiv_hash;
- newdev->hash = hash;
- newdev->log_sector_size = 9;
- newdev->total_length = grub_disk_get_size (disk) - newdev->offset;
- grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid));
newdev->modname = "luks";
- COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid));
return newdev;
}
@@ -329,7 +146,7 @@ luks_recover_key (grub_disk_t source,
struct grub_luks_phdr header;
grub_size_t keysize;
grub_uint8_t *split_key = NULL;
- char interactive_passphrase[MAX_PASSPHRASE] = "";
+ char interactive_passphrase[GRUB_CRYPTODISK_MAX_PASSPHRASE] = "";
grub_uint8_t *passphrase;
grub_size_t passphrase_length;
grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
@@ -376,7 +193,7 @@ luks_recover_key (grub_disk_t source,
/* Use bytestring from key file as passphrase */
passphrase = keyfile_bytes;
passphrase_length = keyfile_bytes_size;
- keyfile_bytes = NULL; /* use it only once */
+ keyfile_bytes = NULL; /* use it only once */
}
else
{
@@ -387,7 +204,7 @@ luks_recover_key (grub_disk_t source,
grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
source->partition ? "," : "", tmp ? : "", dev->uuid);
grub_free (tmp);
- if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE))
+ if (!grub_password_get (interactive_passphrase, GRUB_CRYPTODISK_MAX_PASSPHRASE))
{
grub_free (split_key);
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
index 67f6b0b59..bb25ab730 100644
--- a/include/grub/cryptodisk.h
+++ b/include/grub/cryptodisk.h
@@ -54,9 +54,14 @@ typedef enum
#define GRUB_CRYPTODISK_GF_LOG_BYTES (GRUB_CRYPTODISK_GF_LOG_SIZE - 3)
#define GRUB_CRYPTODISK_GF_BYTES (1U << GRUB_CRYPTODISK_GF_LOG_BYTES)
#define GRUB_CRYPTODISK_MAX_KEYLEN 128
+#define GRUB_CRYPTODISK_MAX_PASSPHRASE 256
#define GRUB_CRYPTODISK_MAX_KEYFILE_SIZE 8192
+#define GRUB_CRYPTODISK_PLAIN_CIPHER "aes-cbc-essiv:sha256"
+#define GRUB_CRYPTODISK_PLAIN_DIGEST "ripemd160"
+#define GRUB_CRYPTODISK_PLAIN_KEYSIZE 256
+
struct grub_cryptodisk;
typedef gcry_err_code_t
@@ -160,4 +165,7 @@ grub_util_get_geli_uuid (const char *dev);
grub_cryptodisk_t grub_cryptodisk_get_by_uuid (const char *uuid);
grub_cryptodisk_t grub_cryptodisk_get_by_source_disk (grub_disk_t disk);
+grub_cryptodisk_t grub_cryptodisk_create (grub_disk_t disk, char *uuid,
+ char *ciphername, char *ciphermode, char *digest);
+
#endif
--
2.16.2
Reference in a new issue View git blame Copy permalink