search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Indentation fix, cleanup.
[AROS.git] / arch / all-pc / boot / grub2-aros / grub-core / disk / cryptodisk.c
blob376ab83268f907f286448c61551385e22aeb59df
1 /*
2 * GRUB -- GRand Unified Bootloader
3 * Copyright (C) 2003,2007,2010,2011 Free Software Foundation, Inc.
4 *
5 * GRUB is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
9 *
10 * GRUB is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
17 */
18
19 #include <grub/cryptodisk.h>
20 #include <grub/mm.h>
21 #include <grub/misc.h>
22 #include <grub/dl.h>
23 #include <grub/extcmd.h>
24 #include <grub/i18n.h>
25 #include <grub/fs.h>
26 #include <grub/file.h>
27 #include <grub/procfs.h>
28
29 #ifdef GRUB_UTIL
30 #include <grub/emu/hostdisk.h>
31 #endif
32
33 GRUB_MOD_LICENSE ("GPLv3+");
34
35 grub_cryptodisk_dev_t grub_cryptodisk_list;
36
37 static const struct grub_arg_option options[] =
38 {
39 {"uuid", 'u', 0, N_("Mount by UUID."), 0, 0},
40 /* TRANSLATORS: It's still restricted to cryptodisks only. */
41 {"all", 'a', 0, N_("Mount all."), 0, 0},
42 {"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0},
43 {0, 0, 0, 0, 0, 0}
44 };
45
46 /* Our irreducible polynom is x^128+x^7+x^2+x+1. Lowest byte of it is: */
47 #define GF_POLYNOM 0x87
48 static inline int GF_PER_SECTOR (const struct grub_cryptodisk *dev)
49 {
50 return 1U << (dev->log_sector_size - GRUB_CRYPTODISK_GF_LOG_BYTES);
51 }
52
53 static grub_cryptodisk_t cryptodisk_list = NULL;
54 static grub_uint8_t last_cryptodisk_id = 0;
55
56 static void
57 gf_mul_x (grub_uint8_t *g)
58 {
59 int over = 0, over2 = 0;
60 unsigned j;
61
62 for (j = 0; j < GRUB_CRYPTODISK_GF_BYTES; j++)
63 {
64 over2 = !!(g[j] & 0x80);
65 g[j] <<= 1;
66 g[j] |= over;
67 over = over2;
68 }
69 if (over)
70 g[0] ^= GF_POLYNOM;
71 }
72
73
74 static void
75 gf_mul_x_be (grub_uint8_t *g)
76 {
77 int over = 0, over2 = 0;
78 int j;
79
80 for (j = (int) GRUB_CRYPTODISK_GF_BYTES - 1; j >= 0; j--)
81 {
82 over2 = !!(g[j] & 0x80);
83 g[j] <<= 1;
84 g[j] |= over;
85 over = over2;
86 }
87 if (over)
88 g[GRUB_CRYPTODISK_GF_BYTES - 1] ^= GF_POLYNOM;
89 }
90
91 static void
92 gf_mul_be (grub_uint8_t *o, const grub_uint8_t *a, const grub_uint8_t *b)
93 {
94 unsigned i;
95 grub_uint8_t t[GRUB_CRYPTODISK_GF_BYTES];
96 grub_memset (o, 0, GRUB_CRYPTODISK_GF_BYTES);
97 grub_memcpy (t, b, GRUB_CRYPTODISK_GF_BYTES);
98 for (i = 0; i < GRUB_CRYPTODISK_GF_SIZE; i++)
99 {
100 if (((a[GRUB_CRYPTODISK_GF_BYTES - i / GRUB_CHAR_BIT - 1] >> (i % GRUB_CHAR_BIT))) & 1)
101 grub_crypto_xor (o, o, t, GRUB_CRYPTODISK_GF_BYTES);
102 gf_mul_x_be (t);
103 }
104 }
105
106 static gcry_err_code_t
107 grub_crypto_pcbc_decrypt (grub_crypto_cipher_handle_t cipher,
108 void *out, void *in, grub_size_t size,
109 void *iv)
110 {
111 grub_uint8_t *inptr, *outptr, *end;
112 grub_uint8_t ivt[GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE];
113 if (cipher->cipher->blocksize > GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE)
114 return GPG_ERR_INV_ARG;
115 if (!cipher->cipher->decrypt)
116 return GPG_ERR_NOT_SUPPORTED;
117 if (size % cipher->cipher->blocksize != 0)
118 return GPG_ERR_INV_ARG;
119 end = (grub_uint8_t *) in + size;
120 for (inptr = in, outptr = out; inptr < end;
121 inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
122 {
123 grub_memcpy (ivt, inptr, cipher->cipher->blocksize);
124 cipher->cipher->decrypt (cipher->ctx, outptr, inptr);
125 grub_crypto_xor (outptr, outptr, iv, cipher->cipher->blocksize);
126 grub_crypto_xor (iv, ivt, outptr, cipher->cipher->blocksize);
127 }
128 return GPG_ERR_NO_ERROR;
129 }
130
131 static gcry_err_code_t
132 grub_crypto_pcbc_encrypt (grub_crypto_cipher_handle_t cipher,
133 void *out, void *in, grub_size_t size,
134 void *iv)
135 {
136 grub_uint8_t *inptr, *outptr, *end;
137 grub_uint8_t ivt[GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE];
138 if (cipher->cipher->blocksize > GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE)
139 return GPG_ERR_INV_ARG;
140 if (!cipher->cipher->decrypt)
141 return GPG_ERR_NOT_SUPPORTED;
142 if (size % cipher->cipher->blocksize != 0)
143 return GPG_ERR_INV_ARG;
144 end = (grub_uint8_t *) in + size;
145 for (inptr = in, outptr = out; inptr < end;
146 inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
147 {
148 grub_memcpy (ivt, inptr, cipher->cipher->blocksize);
149 grub_crypto_xor (outptr, outptr, iv, cipher->cipher->blocksize);
150 cipher->cipher->encrypt (cipher->ctx, outptr, inptr);
151 grub_crypto_xor (iv, ivt, outptr, cipher->cipher->blocksize);
152 }
153 return GPG_ERR_NO_ERROR;
154 }
155
156 struct lrw_sector
157 {
158 grub_uint8_t low[GRUB_CRYPTODISK_GF_BYTES];
159 grub_uint8_t high[GRUB_CRYPTODISK_GF_BYTES];
160 grub_uint8_t low_byte, low_byte_c;
161 };
162
163 static void
164 generate_lrw_sector (struct lrw_sector *sec,
165 const struct grub_cryptodisk *dev,
166 const grub_uint8_t *iv)
167 {
168 grub_uint8_t idx[GRUB_CRYPTODISK_GF_BYTES];
169 grub_uint16_t c;
170 int j;
171 grub_memcpy (idx, iv, GRUB_CRYPTODISK_GF_BYTES);
172 sec->low_byte = (idx[GRUB_CRYPTODISK_GF_BYTES - 1]
173 & (GF_PER_SECTOR (dev) - 1));
174 sec->low_byte_c = (((GF_PER_SECTOR (dev) - 1) & ~sec->low_byte) + 1);
175 idx[GRUB_CRYPTODISK_GF_BYTES - 1] &= ~(GF_PER_SECTOR (dev) - 1);
176 gf_mul_be (sec->low, dev->lrw_key, idx);
177 if (!sec->low_byte)
178 return;
179
180 c = idx[GRUB_CRYPTODISK_GF_BYTES - 1] + GF_PER_SECTOR (dev);
181 if (c & 0x100)
182 {
183 for (j = GRUB_CRYPTODISK_GF_BYTES - 2; j >= 0; j--)
184 {
185 idx[j]++;
186 if (idx[j] != 0)
187 break;
188 }
189 }
190 idx[GRUB_CRYPTODISK_GF_BYTES - 1] = c;
191 gf_mul_be (sec->high, dev->lrw_key, idx);
192 }
193
194 static void __attribute__ ((unused))
195 lrw_xor (const struct lrw_sector *sec,
196 const struct grub_cryptodisk *dev,
197 grub_uint8_t *b)
198 {
199 unsigned i;
200
201 for (i = 0; i < sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES;
202 i += GRUB_CRYPTODISK_GF_BYTES)
203 grub_crypto_xor (b + i, b + i, sec->low, GRUB_CRYPTODISK_GF_BYTES);
204 grub_crypto_xor (b, b, dev->lrw_precalc + GRUB_CRYPTODISK_GF_BYTES * sec->low_byte,
205 sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES);
206 if (!sec->low_byte)
207 return;
208
209 for (i = sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES;
210 i < (1U << dev->log_sector_size); i += GRUB_CRYPTODISK_GF_BYTES)
211 grub_crypto_xor (b + i, b + i, sec->high, GRUB_CRYPTODISK_GF_BYTES);
212 grub_crypto_xor (b + sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES,
213 b + sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES,
214 dev->lrw_precalc, sec->low_byte * GRUB_CRYPTODISK_GF_BYTES);
215 }
216
217 static gcry_err_code_t
218 grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
219 grub_uint8_t * data, grub_size_t len,
220 grub_disk_addr_t sector, int do_encrypt)
221 {
222 grub_size_t i;
223 gcry_err_code_t err;
224
225 if (dev->cipher->cipher->blocksize > GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE)
226 return GPG_ERR_INV_ARG;
227
228 /* The only mode without IV. */
229 if (dev->mode == GRUB_CRYPTODISK_MODE_ECB && !dev->rekey)
230 return (do_encrypt ? grub_crypto_ecb_encrypt (dev->cipher, data, data, len)
231 : grub_crypto_ecb_decrypt (dev->cipher, data, data, len));
232
233 for (i = 0; i < len; i += (1U << dev->log_sector_size))
234 {
235 grub_size_t sz = ((dev->cipher->cipher->blocksize
236 + sizeof (grub_uint32_t) - 1)
237 / sizeof (grub_uint32_t));
238 grub_uint32_t iv[(GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE + 3) / 4];
239
240 if (dev->rekey)
241 {
242 grub_uint64_t zone = sector >> dev->rekey_shift;
243 if (zone != dev->last_rekey)
244 {
245 err = dev->rekey (dev, zone);
246 if (err)
247 return err;
248 dev->last_rekey = zone;
249 }
250 }
251
252 grub_memset (iv, 0, sizeof (iv));
253 switch (dev->mode_iv)
254 {
255 case GRUB_CRYPTODISK_MODE_IV_NULL:
256 break;
257 case GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64_HASH:
258 {
259 grub_uint64_t tmp;
260 void *ctx;
261
262 ctx = grub_zalloc (dev->iv_hash->contextsize);
263 if (!ctx)
264 return GPG_ERR_OUT_OF_MEMORY;
265
266 tmp = grub_cpu_to_le64 (sector << dev->log_sector_size);
267 dev->iv_hash->init (ctx);
268 dev->iv_hash->write (ctx, dev->iv_prefix, dev->iv_prefix_len);
269 dev->iv_hash->write (ctx, &tmp, sizeof (tmp));
270 dev->iv_hash->final (ctx);
271
272 grub_memcpy (iv, dev->iv_hash->read (ctx), sizeof (iv));
273 grub_free (ctx);
274 }
275 break;
276 case GRUB_CRYPTODISK_MODE_IV_PLAIN64:
277 iv[1] = grub_cpu_to_le32 (sector >> 32);
278 case GRUB_CRYPTODISK_MODE_IV_PLAIN:
279 iv[0] = grub_cpu_to_le32 (sector & 0xFFFFFFFF);
280 break;
281 case GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64:
282 iv[1] = grub_cpu_to_le32 (sector >> (32 - dev->log_sector_size));
283 iv[0] = grub_cpu_to_le32 ((sector << dev->log_sector_size)
284 & 0xFFFFFFFF);
285 break;
286 case GRUB_CRYPTODISK_MODE_IV_BENBI:
287 {
288 grub_uint64_t num = (sector << dev->benbi_log) + 1;
289 iv[sz - 2] = grub_cpu_to_be32 (num >> 32);
290 iv[sz - 1] = grub_cpu_to_be32 (num & 0xFFFFFFFF);
291 }
292 break;
293 case GRUB_CRYPTODISK_MODE_IV_ESSIV:
294 iv[0] = grub_cpu_to_le32 (sector & 0xFFFFFFFF);
295 err = grub_crypto_ecb_encrypt (dev->essiv_cipher, iv, iv,
296 dev->cipher->cipher->blocksize);
297 if (err)
298 return err;
299 }
300
301 switch (dev->mode)
302 {
303 case GRUB_CRYPTODISK_MODE_CBC:
304 if (do_encrypt)
305 err = grub_crypto_cbc_encrypt (dev->cipher, data + i, data + i,
306 (1U << dev->log_sector_size), iv);
307 else
308 err = grub_crypto_cbc_decrypt (dev->cipher, data + i, data + i,
309 (1U << dev->log_sector_size), iv);
310 if (err)
311 return err;
312 break;
313
314 case GRUB_CRYPTODISK_MODE_PCBC:
315 if (do_encrypt)
316 err = grub_crypto_pcbc_encrypt (dev->cipher, data + i, data + i,
317 (1U << dev->log_sector_size), iv);
318 else
319 err = grub_crypto_pcbc_decrypt (dev->cipher, data + i, data + i,
320 (1U << dev->log_sector_size), iv);
321 if (err)
322 return err;
323 break;
324 case GRUB_CRYPTODISK_MODE_XTS:
325 {
326 unsigned j;
327 err = grub_crypto_ecb_encrypt (dev->secondary_cipher, iv, iv,
328 dev->cipher->cipher->blocksize);
329 if (err)
330 return err;
331
332 for (j = 0; j < (1U << dev->log_sector_size);
333 j += dev->cipher->cipher->blocksize)
334 {
335 grub_crypto_xor (data + i + j, data + i + j, iv,
336 dev->cipher->cipher->blocksize);
337 if (do_encrypt)
338 err = grub_crypto_ecb_encrypt (dev->cipher, data + i + j,
339 data + i + j,
340 dev->cipher->cipher->blocksize);
341 else
342 err = grub_crypto_ecb_decrypt (dev->cipher, data + i + j,
343 data + i + j,
344 dev->cipher->cipher->blocksize);
345 if (err)
346 return err;
347 grub_crypto_xor (data + i + j, data + i + j, iv,
348 dev->cipher->cipher->blocksize);
349 gf_mul_x ((grub_uint8_t *) iv);
350 }
351 }
352 break;
353 case GRUB_CRYPTODISK_MODE_LRW:
354 {
355 struct lrw_sector sec;
356
357 generate_lrw_sector (&sec, dev, (grub_uint8_t *) iv);
358 lrw_xor (&sec, dev, data + i);
359
360 if (do_encrypt)
361 err = grub_crypto_ecb_encrypt (dev->cipher, data + i,
362 data + i,
363 (1U << dev->log_sector_size));
364 else
365 err = grub_crypto_ecb_decrypt (dev->cipher, data + i,
366 data + i,
367 (1U << dev->log_sector_size));
368 if (err)
369 return err;
370 lrw_xor (&sec, dev, data + i);
371 }
372 break;
373 case GRUB_CRYPTODISK_MODE_ECB:
374 if (do_encrypt)
375 err = grub_crypto_ecb_encrypt (dev->cipher, data + i, data + i,
376 (1U << dev->log_sector_size));
377 else
378 err = grub_crypto_ecb_decrypt (dev->cipher, data + i, data + i,
379 (1U << dev->log_sector_size));
380 if (err)
381 return err;
382 break;
383 default:
384 return GPG_ERR_NOT_IMPLEMENTED;
385 }
386 sector++;
387 }
388 return GPG_ERR_NO_ERROR;
389 }
390
391 gcry_err_code_t
392 grub_cryptodisk_decrypt (struct grub_cryptodisk *dev,
393 grub_uint8_t * data, grub_size_t len,
394 grub_disk_addr_t sector)
395 {
396 return grub_cryptodisk_endecrypt (dev, data, len, sector, 0);
397 }
398
399 gcry_err_code_t
400 grub_cryptodisk_setkey (grub_cryptodisk_t dev, grub_uint8_t *key, grub_size_t keysize)
401 {
402 gcry_err_code_t err;
403 int real_keysize;
404
405 real_keysize = keysize;
406 if (dev->mode == GRUB_CRYPTODISK_MODE_XTS)
407 real_keysize /= 2;
408 if (dev->mode == GRUB_CRYPTODISK_MODE_LRW)
409 real_keysize -= dev->cipher->cipher->blocksize;
410
411 /* Set the PBKDF2 output as the cipher key. */
412 err = grub_crypto_cipher_set_key (dev->cipher, key, real_keysize);
413 if (err)
414 return err;
415 grub_memcpy (dev->key, key, keysize);
416 dev->keysize = keysize;
417
418 /* Configure ESSIV if necessary. */
419 if (dev->mode_iv == GRUB_CRYPTODISK_MODE_IV_ESSIV)
420 {
421 grub_size_t essiv_keysize = dev->essiv_hash->mdlen;
422 grub_uint8_t hashed_key[GRUB_CRYPTO_MAX_MDLEN];
423 if (essiv_keysize > GRUB_CRYPTO_MAX_MDLEN)
424 return GPG_ERR_INV_ARG;
425
426 grub_crypto_hash (dev->essiv_hash, hashed_key, key, keysize);
427 err = grub_crypto_cipher_set_key (dev->essiv_cipher,
428 hashed_key, essiv_keysize);
429 if (err)
430 return err;
431 }
432 if (dev->mode == GRUB_CRYPTODISK_MODE_XTS)
433 {
434 err = grub_crypto_cipher_set_key (dev->secondary_cipher,
435 key + real_keysize,
436 keysize / 2);
437 if (err)
438 return err;
439 }
440
441 if (dev->mode == GRUB_CRYPTODISK_MODE_LRW)
442 {
443 unsigned i;
444 grub_uint8_t idx[GRUB_CRYPTODISK_GF_BYTES];
445
446 grub_free (dev->lrw_precalc);
447 grub_memcpy (dev->lrw_key, key + real_keysize,
448 dev->cipher->cipher->blocksize);
449 dev->lrw_precalc = grub_malloc ((1U << dev->log_sector_size));
450 if (!dev->lrw_precalc)
451 return GPG_ERR_OUT_OF_MEMORY;
452 grub_memset (idx, 0, GRUB_CRYPTODISK_GF_BYTES);
453 for (i = 0; i < (1U << dev->log_sector_size);
454 i += GRUB_CRYPTODISK_GF_BYTES)
455 {
456 idx[GRUB_CRYPTODISK_GF_BYTES - 1] = i / GRUB_CRYPTODISK_GF_BYTES;
457 gf_mul_be (dev->lrw_precalc + i, idx, dev->lrw_key);
458 }
459 }
460 return GPG_ERR_NO_ERROR;
461 }
462
463 static int
464 grub_cryptodisk_iterate (grub_disk_dev_iterate_hook_t hook, void *hook_data,
465 grub_disk_pull_t pull)
466 {
467 grub_cryptodisk_t i;
468
469 if (pull != GRUB_DISK_PULL_NONE)
470 return 0;
471
472 for (i = cryptodisk_list; i != NULL; i = i->next)
473 {
474 char buf[30];
475 grub_snprintf (buf, sizeof (buf), "crypto%lu", i->id);
476 if (hook (buf, hook_data))
477 return 1;
478 }
479
480 return GRUB_ERR_NONE;
481 }
482
483 static grub_err_t
484 grub_cryptodisk_open (const char *name, grub_disk_t disk)
485 {
486 grub_cryptodisk_t dev;
487
488 if (grub_memcmp (name, "crypto", sizeof ("crypto") - 1) != 0)
489 return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "No such device");
490
491 if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) == 0)
492 {
493 for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
494 if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 0)
495 break;
496 }
497 else
498 {
499 unsigned long id = grub_strtoul (name + sizeof ("crypto") - 1, 0, 0);
500 if (grub_errno)
501 return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "No such device");
502 /* Search for requested device in the list of CRYPTODISK devices. */
503 for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
504 if (dev->id == id)
505 break;
506 }
507 if (!dev)
508 return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "No such device");
509
510 disk->log_sector_size = dev->log_sector_size;
511
512 #ifdef GRUB_UTIL
513 if (dev->cheat)
514 {
515 if (!GRUB_UTIL_FD_IS_VALID (dev->cheat_fd))
516 dev->cheat_fd = grub_util_fd_open (dev->cheat, GRUB_UTIL_FD_O_RDONLY);
517 if (!GRUB_UTIL_FD_IS_VALID (dev->cheat_fd))
518 return grub_error (GRUB_ERR_IO, N_("cannot open `%s': %s"),
519 dev->cheat, grub_util_fd_strerror ());
520 }
521 #endif
522
523 if (!dev->source_disk)
524 {
525 grub_dprintf ("cryptodisk", "Opening device %s\n", name);
526 /* Try to open the source disk and populate the requested disk. */
527 dev->source_disk = grub_disk_open (dev->source);
528 if (!dev->source_disk)
529 return grub_errno;
530 }
531
532 disk->data = dev;
533 disk->total_sectors = dev->total_length;
534 disk->max_agglomerate = GRUB_DISK_MAX_MAX_AGGLOMERATE;
535 disk->id = dev->id;
536 dev->ref++;
537 return GRUB_ERR_NONE;
538 }
539
540 static void
541 grub_cryptodisk_close (grub_disk_t disk)
542 {
543 grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
544 grub_dprintf ("cryptodisk", "Closing disk\n");
545
546 dev->ref--;
547
548 if (dev->ref != 0)
549 return;
550 #ifdef GRUB_UTIL
551 if (dev->cheat)
552 {
553 grub_util_fd_close (dev->cheat_fd);
554 dev->cheat_fd = GRUB_UTIL_FD_INVALID;
555 }
556 #endif
557 grub_disk_close (dev->source_disk);
558 dev->source_disk = NULL;
559 }
560
561 static grub_err_t
562 grub_cryptodisk_read (grub_disk_t disk, grub_disk_addr_t sector,
563 grub_size_t size, char *buf)
564 {
565 grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
566 grub_err_t err;
567 gcry_err_code_t gcry_err;
568
569 #ifdef GRUB_UTIL
570 if (dev->cheat)
571 {
572 int r;
573 r = grub_util_fd_seek (dev->cheat_fd, sector << disk->log_sector_size);
574 if (r)
575 return grub_error (GRUB_ERR_BAD_DEVICE, N_("cannot seek `%s': %s"),
576 dev->cheat, grub_util_fd_strerror ());
577 if (grub_util_fd_read (dev->cheat_fd, buf, size << disk->log_sector_size)
578 != (ssize_t) (size << disk->log_sector_size))
579 return grub_error (GRUB_ERR_READ_ERROR, N_("cannot read `%s': %s"),
580 dev->cheat, grub_util_fd_strerror ());
581 return GRUB_ERR_NONE;
582 }
583 #endif
584
585 grub_dprintf ("cryptodisk",
586 "Reading %" PRIuGRUB_SIZE " sectors from sector 0x%"
587 PRIxGRUB_UINT64_T " with offset of %" PRIuGRUB_UINT64_T "\n",
588 size, sector, dev->offset);
589
590 err = grub_disk_read (dev->source_disk,
591 (sector << (disk->log_sector_size
592 - GRUB_DISK_SECTOR_BITS)) + dev->offset, 0,
593 size << disk->log_sector_size, buf);
594 if (err)
595 {
596 grub_dprintf ("cryptodisk", "grub_disk_read failed with error %d\n", err);
597 return err;
598 }
599 gcry_err = grub_cryptodisk_endecrypt (dev, (grub_uint8_t *) buf,
600 size << disk->log_sector_size,
601 sector, 0);
602 return grub_crypto_gcry_error (gcry_err);
603 }
604
605 static grub_err_t
606 grub_cryptodisk_write (grub_disk_t disk, grub_disk_addr_t sector,
607 grub_size_t size, const char *buf)
608 {
609 grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
610 gcry_err_code_t gcry_err;
611 char *tmp;
612 grub_err_t err;
613
614 #ifdef GRUB_UTIL
615 if (dev->cheat)
616 {
617 int r;
618 r = grub_util_fd_seek (dev->cheat_fd, sector << disk->log_sector_size);
619 if (r)
620 return grub_error (GRUB_ERR_BAD_DEVICE, N_("cannot seek `%s': %s"),
621 dev->cheat, grub_util_fd_strerror ());
622 if (grub_util_fd_write (dev->cheat_fd, buf, size << disk->log_sector_size)
623 != (ssize_t) (size << disk->log_sector_size))
624 return grub_error (GRUB_ERR_READ_ERROR, N_("cannot read `%s': %s"),
625 dev->cheat, grub_util_fd_strerror ());
626 return GRUB_ERR_NONE;
627 }
628 #endif
629
630 tmp = grub_malloc (size << disk->log_sector_size);
631 if (!tmp)
632 return grub_errno;
633 grub_memcpy (tmp, buf, size << disk->log_sector_size);
634
635 grub_dprintf ("cryptodisk",
636 "Writing %" PRIuGRUB_SIZE " sectors to sector 0x%"
637 PRIxGRUB_UINT64_T " with offset of %" PRIuGRUB_UINT64_T "\n",
638 size, sector, dev->offset);
639
640 gcry_err = grub_cryptodisk_endecrypt (dev, (grub_uint8_t *) tmp,
641 size << disk->log_sector_size,
642 sector, 1);
643 if (gcry_err)
644 {
645 grub_free (tmp);
646 return grub_crypto_gcry_error (gcry_err);
647 }
648
649 /* Since ->write was called so disk.mod is loaded but be paranoid */
650
651 if (grub_disk_write_weak)
652 err = grub_disk_write_weak (dev->source_disk,
653 (sector << (disk->log_sector_size
654 - GRUB_DISK_SECTOR_BITS))
655 + dev->offset,
656 0, size << disk->log_sector_size, tmp);
657 else
658 err = grub_error (GRUB_ERR_BUG, "disk.mod not loaded");
659 grub_free (tmp);
660 return err;
661 }
662
663 #ifdef GRUB_UTIL
664 static grub_disk_memberlist_t
665 grub_cryptodisk_memberlist (grub_disk_t disk)
666 {
667 grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
668 grub_disk_memberlist_t list = NULL;
669
670 list = grub_malloc (sizeof (*list));
671 if (list)
672 {
673 list->disk = dev->source_disk;
674 list->next = NULL;
675 }
676
677 return list;
678 }
679 #endif
680
681 static void
682 cryptodisk_cleanup (void)
683 {
684 #if 0
685 grub_cryptodisk_t dev = cryptodisk_list;
686 grub_cryptodisk_t tmp;
687
688 while (dev != NULL)
689 {
690 grub_free (dev->source);
691 grub_free (dev->cipher);
692 grub_free (dev->secondary_cipher);
693 grub_free (dev->essiv_cipher);
694 tmp = dev->next;
695 grub_free (dev);
696 dev = tmp;
697 }
698 #endif
699 }
700
701 grub_err_t
702 grub_cryptodisk_insert (grub_cryptodisk_t newdev, const char *name,
703 grub_disk_t source)
704 {
705 newdev->source = grub_strdup (name);
706 if (!newdev->source)
707 {
708 grub_free (newdev);
709 return grub_errno;
710 }
711
712 newdev->id = last_cryptodisk_id++;
713 newdev->source_id = source->id;
714 newdev->source_dev_id = source->dev->id;
715 newdev->next = cryptodisk_list;
716 cryptodisk_list = newdev;
717
718 return GRUB_ERR_NONE;
719 }
720
721 grub_cryptodisk_t
722 grub_cryptodisk_get_by_uuid (const char *uuid)
723 {
724 grub_cryptodisk_t dev;
725 for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
726 if (grub_strcasecmp (dev->uuid, uuid) == 0)
727 return dev;
728 return NULL;
729 }
730
731 grub_cryptodisk_t
732 grub_cryptodisk_get_by_source_disk (grub_disk_t disk)
733 {
734 grub_cryptodisk_t dev;
735 for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
736 if (dev->source_id == disk->id && dev->source_dev_id == disk->dev->id)
737 return dev;
738 return NULL;
739 }
740
741 #ifdef GRUB_UTIL
742 grub_err_t
743 grub_cryptodisk_cheat_insert (grub_cryptodisk_t newdev, const char *name,
744 grub_disk_t source, const char *cheat)
745 {
746 newdev->cheat = grub_strdup (cheat);
747 newdev->source = grub_strdup (name);
748 if (!newdev->source || !newdev->cheat)
749 {
750 grub_free (newdev->source);
751 grub_free (newdev->cheat);
752 return grub_errno;
753 }
754
755 newdev->cheat_fd = GRUB_UTIL_FD_INVALID;
756 newdev->source_id = source->id;
757 newdev->source_dev_id = source->dev->id;
758 newdev->id = last_cryptodisk_id++;
759 newdev->next = cryptodisk_list;
760 cryptodisk_list = newdev;
761
762 return GRUB_ERR_NONE;
763 }
764
765 void
766 grub_util_cryptodisk_get_abstraction (grub_disk_t disk,
767 void (*cb) (const char *val, void *data),
768 void *data)
769 {
770 grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
771
772 cb ("cryptodisk", data);
773 cb (dev->modname, data);
774
775 if (dev->cipher)
776 cb (dev->cipher->cipher->modname, data);
777 if (dev->secondary_cipher)
778 cb (dev->secondary_cipher->cipher->modname, data);
779 if (dev->essiv_cipher)
780 cb (dev->essiv_cipher->cipher->modname, data);
781 if (dev->hash)
782 cb (dev->hash->modname, data);
783 if (dev->essiv_hash)
784 cb (dev->essiv_hash->modname, data);
785 if (dev->iv_hash)
786 cb (dev->iv_hash->modname, data);
787 }
788
789 const char *
790 grub_util_cryptodisk_get_uuid (grub_disk_t disk)
791 {
792 grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
793 return dev->uuid;
794 }
795
796 #endif
797
798 static int check_boot, have_it;
799 static char *search_uuid;
800
801 static void
802 cryptodisk_close (grub_cryptodisk_t dev)
803 {
804 grub_crypto_cipher_close (dev->cipher);
805 grub_crypto_cipher_close (dev->secondary_cipher);
806 grub_crypto_cipher_close (dev->essiv_cipher);
807 grub_free (dev);
808 }
809
810 static grub_err_t
811 grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source)
812 {
813 grub_err_t err;
814 grub_cryptodisk_t dev;
815 grub_cryptodisk_dev_t cr;
816
817 dev = grub_cryptodisk_get_by_source_disk (source);
818
819 if (dev)
820 return GRUB_ERR_NONE;
821
822 FOR_CRYPTODISK_DEVS (cr)
823 {
824 dev = cr->scan (source, search_uuid, check_boot);
825 if (grub_errno)
826 return grub_errno;
827 if (!dev)
828 continue;
829
830 err = cr->recover_key (source, dev);
831 if (err)
832 {
833 cryptodisk_close (dev);
834 return err;
835 }
836
837 grub_cryptodisk_insert (dev, name, source);
838
839 have_it = 1;
840
841 return GRUB_ERR_NONE;
842 }
843 return GRUB_ERR_NONE;
844 }
845
846 #ifdef GRUB_UTIL
847 #include <grub/util/misc.h>
848 grub_err_t
849 grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat)
850 {
851 grub_err_t err;
852 grub_cryptodisk_t dev;
853 grub_cryptodisk_dev_t cr;
854 grub_disk_t source;
855
856 /* Try to open disk. */
857 source = grub_disk_open (sourcedev);
858 if (!source)
859 return grub_errno;
860
861 dev = grub_cryptodisk_get_by_source_disk (source);
862
863 if (dev)
864 {
865 grub_disk_close (source);
866 return GRUB_ERR_NONE;
867 }
868
869 FOR_CRYPTODISK_DEVS (cr)
870 {
871 dev = cr->scan (source, search_uuid, check_boot);
872 if (grub_errno)
873 return grub_errno;
874 if (!dev)
875 continue;
876
877 grub_util_info ("cheatmounted %s (%s) at %s", sourcedev, dev->modname,
878 cheat);
879 err = grub_cryptodisk_cheat_insert (dev, sourcedev, source, cheat);
880 grub_disk_close (source);
881 if (err)
882 grub_free (dev);
883
884 return GRUB_ERR_NONE;
885 }
886
887 grub_disk_close (source);
888
889 return GRUB_ERR_NONE;
890 }
891 #endif
892
893 static int
894 grub_cryptodisk_scan_device (const char *name,
895 void *data __attribute__ ((unused)))
896 {
897 grub_err_t err;
898 grub_disk_t source;
899
900 /* Try to open disk. */
901 source = grub_disk_open (name);
902 if (!source)
903 {
904 grub_print_error ();
905 return 0;
906 }
907
908 err = grub_cryptodisk_scan_device_real (name, source);
909
910 grub_disk_close (source);
911
912 if (err)
913 grub_print_error ();
914 return have_it && search_uuid ? 1 : 0;
915 }
916
917 static grub_err_t
918 grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
919 {
920 struct grub_arg_list *state = ctxt->state;
921
922 if (argc < 1 && !state[1].set && !state[2].set)
923 return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required");
924
925 have_it = 0;
926 if (state[0].set)
927 {
928 grub_cryptodisk_t dev;
929
930 dev = grub_cryptodisk_get_by_uuid (args[0]);
931 if (dev)
932 {
933 grub_dprintf ("cryptodisk",
934 "already mounted as crypto%lu\n", dev->id);
935 return GRUB_ERR_NONE;
936 }
937
938 check_boot = state[2].set;
939 search_uuid = args[0];
940 grub_device_iterate (&grub_cryptodisk_scan_device, NULL);
941 search_uuid = NULL;
942
943 if (!have_it)
944 return grub_error (GRUB_ERR_BAD_ARGUMENT, "no such cryptodisk found");
945 return GRUB_ERR_NONE;
946 }
947 else if (state[1].set || (argc == 0 && state[2].set))
948 {
949 search_uuid = NULL;
950 check_boot = state[2].set;
951 grub_device_iterate (&grub_cryptodisk_scan_device, NULL);
952 search_uuid = NULL;
953 return GRUB_ERR_NONE;
954 }
955 else
956 {
957 grub_err_t err;
958 grub_disk_t disk;
959 grub_cryptodisk_t dev;
960 char *diskname;
961 char *disklast;
962
963 search_uuid = NULL;
964 check_boot = state[2].set;
965 diskname = args[0];
966 if (diskname[0] == '(' && *(disklast = &diskname[grub_strlen (diskname) - 1]) == ')')
967 {
968 *disklast = '\0';
969 disk = grub_disk_open (diskname + 1);
970 *disklast = ')';
971 }
972 else
973 disk = grub_disk_open (diskname);
974 if (!disk)
975 return grub_errno;
976
977 dev = grub_cryptodisk_get_by_source_disk (disk);
978 if (dev)
979 {
980 grub_dprintf ("cryptodisk", "already mounted as crypto%lu\n", dev->id);
981 grub_disk_close (disk);
982 return GRUB_ERR_NONE;
983 }
984
985 err = grub_cryptodisk_scan_device_real (args[0], disk);
986
987 grub_disk_close (disk);
988
989 return err;
990 }
991 }
992
993 static struct grub_disk_dev grub_cryptodisk_dev = {
994 .name = "cryptodisk",
995 .id = GRUB_DISK_DEVICE_CRYPTODISK_ID,
996 .iterate = grub_cryptodisk_iterate,
997 .open = grub_cryptodisk_open,
998 .close = grub_cryptodisk_close,
999 .read = grub_cryptodisk_read,
1000 .write = grub_cryptodisk_write,
1001 #ifdef GRUB_UTIL
1002 .memberlist = grub_cryptodisk_memberlist,
1003 #endif
1004 .next = 0
1005 };
1006
1007 static char
1008 hex (grub_uint8_t val)
1009 {
1010 if (val < 10)
1011 return '0' + val;
1012 return 'a' + val - 10;
1013 }
1014
1015 /* Open a file named NAME and initialize FILE. */
1016 static char *
1017 luks_script_get (grub_size_t *sz)
1018 {
1019 grub_cryptodisk_t i;
1020 grub_size_t size = 0;
1021 char *ptr, *ret;
1022
1023 *sz = 0;
1024
1025 for (i = cryptodisk_list; i != NULL; i = i->next)
1026 if (grub_strcmp (i->modname, "luks") == 0)
1027 {
1028 size += sizeof ("luks_mount ");
1029 size += grub_strlen (i->uuid);
1030 size += grub_strlen (i->cipher->cipher->name);
1031 size += 54;
1032 if (i->essiv_hash)
1033 size += grub_strlen (i->essiv_hash->name);
1034 size += i->keysize * 2;
1035 }
1036
1037 ret = grub_malloc (size + 1);
1038 if (!ret)
1039 return 0;
1040
1041 ptr = ret;
1042
1043 for (i = cryptodisk_list; i != NULL; i = i->next)
1044 if (grub_strcmp (i->modname, "luks") == 0)
1045 {
1046 unsigned j;
1047 const char *iptr;
1048 ptr = grub_stpcpy (ptr, "luks_mount ");
1049 ptr = grub_stpcpy (ptr, i->uuid);
1050 *ptr++ = ' ';
1051 grub_snprintf (ptr, 21, "%" PRIuGRUB_UINT64_T " ", i->offset);
1052 while (*ptr)
1053 ptr++;
1054 for (iptr = i->cipher->cipher->name; *iptr; iptr++)
1055 *ptr++ = grub_tolower (*iptr);
1056 switch (i->mode)
1057 {
1058 case GRUB_CRYPTODISK_MODE_ECB:
1059 ptr = grub_stpcpy (ptr, "-ecb");
1060 break;
1061 case GRUB_CRYPTODISK_MODE_CBC:
1062 ptr = grub_stpcpy (ptr, "-cbc");
1063 break;
1064 case GRUB_CRYPTODISK_MODE_PCBC:
1065 ptr = grub_stpcpy (ptr, "-pcbc");
1066 break;
1067 case GRUB_CRYPTODISK_MODE_XTS:
1068 ptr = grub_stpcpy (ptr, "-xts");
1069 break;
1070 case GRUB_CRYPTODISK_MODE_LRW:
1071 ptr = grub_stpcpy (ptr, "-lrw");
1072 break;
1073 }
1074
1075 switch (i->mode_iv)
1076 {
1077 case GRUB_CRYPTODISK_MODE_IV_NULL:
1078 ptr = grub_stpcpy (ptr, "-null");
1079 break;
1080 case GRUB_CRYPTODISK_MODE_IV_PLAIN:
1081 ptr = grub_stpcpy (ptr, "-plain");
1082 break;
1083 case GRUB_CRYPTODISK_MODE_IV_PLAIN64:
1084 ptr = grub_stpcpy (ptr, "-plain64");
1085 break;
1086 case GRUB_CRYPTODISK_MODE_IV_BENBI:
1087 ptr = grub_stpcpy (ptr, "-benbi");
1088 break;
1089 case GRUB_CRYPTODISK_MODE_IV_ESSIV:
1090 ptr = grub_stpcpy (ptr, "-essiv:");
1091 ptr = grub_stpcpy (ptr, i->essiv_hash->name);
1092 break;
1093 case GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64:
1094 case GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64_HASH:
1095 break;
1096 }
1097 *ptr++ = ' ';
1098 for (j = 0; j < i->keysize; j++)
1099 {
1100 *ptr++ = hex (i->key[j] >> 4);
1101 *ptr++ = hex (i->key[j] & 0xf);
1102 }
1103 *ptr++ = '\n';
1104 }
1105 *ptr = '\0';
1106 *sz = ptr - ret;
1107 return ret;
1108 }
1109
1110 struct grub_procfs_entry luks_script =
1111 {
1112 .name = "luks_script",
1113 .get_contents = luks_script_get
1114 };
1115
1116 static grub_extcmd_t cmd;
1117
1118 GRUB_MOD_INIT (cryptodisk)
1119 {
1120 grub_disk_dev_register (&grub_cryptodisk_dev);
1121 cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0,
1122 N_("SOURCE|-u UUID|-a|-b"),
1123 N_("Mount a crypto device."), options);
1124 grub_procfs_register ("luks_script", &luks_script);
1125 }
1126
1127 GRUB_MOD_FINI (cryptodisk)
1128 {
1129 grub_disk_dev_unregister (&grub_cryptodisk_dev);
1130 cryptodisk_cleanup ();
1131 grub_procfs_unregister (&luks_script);
1132 }
Mirror of AROS' svn.