2N/A/*
2N/A * GRUB -- GRand Unified Bootloader
2N/A * Copyright (C) 2003,2007,2010,2011 Free Software Foundation, Inc.
2N/A *
2N/A * GRUB is free software: you can redistribute it and/or modify
2N/A * it under the terms of the GNU General Public License as published by
2N/A * the Free Software Foundation, either version 3 of the License, or
2N/A * (at your option) any later version.
2N/A *
2N/A * GRUB is distributed in the hope that it will be useful,
2N/A * but WITHOUT ANY WARRANTY; without even the implied warranty of
2N/A * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2N/A * GNU General Public License for more details.
2N/A *
2N/A * You should have received a copy of the GNU General Public License
2N/A * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
2N/A */
2N/A
2N/A#include <grub/cryptodisk.h>
2N/A#include <grub/mm.h>
2N/A#include <grub/misc.h>
2N/A#include <grub/dl.h>
2N/A#include <grub/extcmd.h>
2N/A#include <grub/i18n.h>
2N/A
2N/A#ifdef GRUB_UTIL
2N/A#include <errno.h>
2N/A#include <sys/types.h>
2N/A#include <sys/stat.h>
2N/A#include <fcntl.h>
2N/A#include <grub/emu/hostdisk.h>
2N/A#include <unistd.h>
2N/A#include <string.h>
2N/A#endif
2N/A
2N/AGRUB_MOD_LICENSE ("GPLv3+");
2N/A
2N/Agrub_cryptodisk_dev_t grub_cryptodisk_list;
2N/A
2N/Astatic const struct grub_arg_option options[] =
2N/A {
2N/A {"uuid", 'u', 0, N_("Mount by UUID."), 0, 0},
2N/A {"all", 'a', 0, N_("Mount all."), 0, 0},
2N/A {"boot", 'b', 0, N_("Mount all volumes marked as boot."), 0, 0},
2N/A {0, 0, 0, 0, 0, 0}
2N/A };
2N/A
2N/A/* Our irreducible polynom is x^128+x^7+x^2+x+1. Lowest byte of it is: */
2N/A#define GF_POLYNOM 0x87
2N/Astatic inline int GF_PER_SECTOR (const struct grub_cryptodisk *dev)
2N/A{
2N/A return 1U << (dev->log_sector_size - GRUB_CRYPTODISK_GF_LOG_BYTES);
2N/A}
2N/A
2N/Astatic grub_cryptodisk_t cryptodisk_list = NULL;
2N/Astatic grub_uint8_t n = 0;
2N/A
2N/Astatic void
2N/Agf_mul_x (grub_uint8_t *g)
2N/A{
2N/A int over = 0, over2 = 0;
2N/A unsigned j;
2N/A
2N/A for (j = 0; j < GRUB_CRYPTODISK_GF_BYTES; j++)
2N/A {
2N/A over2 = !!(g[j] & 0x80);
2N/A g[j] <<= 1;
2N/A g[j] |= over;
2N/A over = over2;
2N/A }
2N/A if (over)
2N/A g[0] ^= GF_POLYNOM;
2N/A}
2N/A
2N/A
2N/Astatic void
2N/Agf_mul_x_be (grub_uint8_t *g)
2N/A{
2N/A int over = 0, over2 = 0;
2N/A int j;
2N/A
2N/A for (j = (int) GRUB_CRYPTODISK_GF_BYTES - 1; j >= 0; j--)
2N/A {
2N/A over2 = !!(g[j] & 0x80);
2N/A g[j] <<= 1;
2N/A g[j] |= over;
2N/A over = over2;
2N/A }
2N/A if (over)
2N/A g[GRUB_CRYPTODISK_GF_BYTES - 1] ^= GF_POLYNOM;
2N/A}
2N/A
2N/Astatic void
2N/Agf_mul_be (grub_uint8_t *o, const grub_uint8_t *a, const grub_uint8_t *b)
2N/A{
2N/A unsigned i;
2N/A grub_uint8_t t[GRUB_CRYPTODISK_GF_BYTES];
2N/A grub_memset (o, 0, GRUB_CRYPTODISK_GF_BYTES);
2N/A grub_memcpy (t, b, GRUB_CRYPTODISK_GF_BYTES);
2N/A for (i = 0; i < GRUB_CRYPTODISK_GF_SIZE; i++)
2N/A {
2N/A if (((a[GRUB_CRYPTODISK_GF_BYTES - i / 8 - 1] >> (i % 8))) & 1)
2N/A grub_crypto_xor (o, o, t, GRUB_CRYPTODISK_GF_BYTES);
2N/A gf_mul_x_be (t);
2N/A }
2N/A}
2N/A
2N/Astatic gcry_err_code_t
2N/Agrub_crypto_pcbc_decrypt (grub_crypto_cipher_handle_t cipher,
2N/A void *out, void *in, grub_size_t size,
2N/A void *iv)
2N/A{
2N/A grub_uint8_t *inptr, *outptr, *end;
2N/A grub_uint8_t ivt[cipher->cipher->blocksize];
2N/A if (!cipher->cipher->decrypt)
2N/A return GPG_ERR_NOT_SUPPORTED;
2N/A if (size % cipher->cipher->blocksize != 0)
2N/A return GPG_ERR_INV_ARG;
2N/A end = (grub_uint8_t *) in + size;
2N/A for (inptr = in, outptr = out; inptr < end;
2N/A inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
2N/A {
2N/A grub_memcpy (ivt, inptr, cipher->cipher->blocksize);
2N/A cipher->cipher->decrypt (cipher->ctx, outptr, inptr);
2N/A grub_crypto_xor (outptr, outptr, iv, cipher->cipher->blocksize);
2N/A grub_crypto_xor (iv, ivt, outptr, cipher->cipher->blocksize);
2N/A }
2N/A return GPG_ERR_NO_ERROR;
2N/A}
2N/A
2N/Astruct lrw_sector
2N/A{
2N/A grub_uint8_t low[GRUB_CRYPTODISK_GF_BYTES];
2N/A grub_uint8_t high[GRUB_CRYPTODISK_GF_BYTES];
2N/A grub_uint8_t low_byte, low_byte_c;
2N/A};
2N/A
2N/Astatic void
2N/Agenerate_lrw_sector (struct lrw_sector *sec,
2N/A const struct grub_cryptodisk *dev,
2N/A const grub_uint8_t *iv)
2N/A{
2N/A grub_uint8_t idx[GRUB_CRYPTODISK_GF_BYTES];
2N/A grub_uint16_t c;
2N/A int j;
2N/A grub_memcpy (idx, iv, GRUB_CRYPTODISK_GF_BYTES);
2N/A sec->low_byte = (idx[GRUB_CRYPTODISK_GF_BYTES - 1]
2N/A & (GF_PER_SECTOR (dev) - 1));
2N/A sec->low_byte_c = (((GF_PER_SECTOR (dev) - 1) & ~sec->low_byte) + 1);
2N/A idx[GRUB_CRYPTODISK_GF_BYTES - 1] &= ~(GF_PER_SECTOR (dev) - 1);
2N/A gf_mul_be (sec->low, dev->lrw_key, idx);
2N/A if (!sec->low_byte)
2N/A return;
2N/A
2N/A c = idx[GRUB_CRYPTODISK_GF_BYTES - 1] + GF_PER_SECTOR (dev);
2N/A if (c & 0x100)
2N/A {
2N/A for (j = GRUB_CRYPTODISK_GF_BYTES - 2; j >= 0; j--)
2N/A {
2N/A idx[j]++;
2N/A if (idx[j] != 0)
2N/A break;
2N/A }
2N/A }
2N/A idx[GRUB_CRYPTODISK_GF_BYTES - 1] = c;
2N/A gf_mul_be (sec->high, dev->lrw_key, idx);
2N/A}
2N/A
2N/Astatic void __attribute__ ((unused))
2N/Alrw_xor (const struct lrw_sector *sec,
2N/A const struct grub_cryptodisk *dev,
2N/A grub_uint8_t *b)
2N/A{
2N/A unsigned i;
2N/A
2N/A for (i = 0; i < sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES;
2N/A i += GRUB_CRYPTODISK_GF_BYTES)
2N/A grub_crypto_xor (b + i, b + i, sec->low, GRUB_CRYPTODISK_GF_BYTES);
2N/A grub_crypto_xor (b, b, dev->lrw_precalc + GRUB_CRYPTODISK_GF_BYTES * sec->low_byte,
2N/A sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES);
2N/A if (!sec->low_byte)
2N/A return;
2N/A
2N/A for (i = sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES;
2N/A i < (1U << dev->log_sector_size); i += GRUB_CRYPTODISK_GF_BYTES)
2N/A grub_crypto_xor (b + i, b + i, sec->high, GRUB_CRYPTODISK_GF_BYTES);
2N/A grub_crypto_xor (b + sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES,
2N/A b + sec->low_byte_c * GRUB_CRYPTODISK_GF_BYTES,
2N/A dev->lrw_precalc, sec->low_byte * GRUB_CRYPTODISK_GF_BYTES);
2N/A}
2N/A
2N/Agcry_err_code_t
2N/Agrub_cryptodisk_decrypt (struct grub_cryptodisk *dev,
2N/A grub_uint8_t * data, grub_size_t len,
2N/A grub_disk_addr_t sector)
2N/A{
2N/A grub_size_t i;
2N/A gcry_err_code_t err;
2N/A
2N/A /* The only mode without IV. */
2N/A if (dev->mode == GRUB_CRYPTODISK_MODE_ECB && !dev->rekey)
2N/A return grub_crypto_ecb_decrypt (dev->cipher, data, data, len);
2N/A
2N/A for (i = 0; i < len; i += (1U << dev->log_sector_size))
2N/A {
2N/A grub_size_t sz = ((dev->cipher->cipher->blocksize
2N/A + sizeof (grub_uint32_t) - 1)
2N/A / sizeof (grub_uint32_t));
2N/A grub_uint32_t iv[sz];
2N/A
2N/A if (dev->rekey)
2N/A {
2N/A grub_uint64_t zone = sector >> dev->rekey_shift;
2N/A if (zone != dev->last_rekey)
2N/A {
2N/A err = dev->rekey (dev, zone);
2N/A if (err)
2N/A return err;
2N/A dev->last_rekey = zone;
2N/A }
2N/A }
2N/A
2N/A grub_memset (iv, 0, sz * sizeof (iv[0]));
2N/A switch (dev->mode_iv)
2N/A {
2N/A case GRUB_CRYPTODISK_MODE_IV_NULL:
2N/A break;
2N/A case GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64_HASH:
2N/A {
2N/A grub_uint64_t tmp;
2N/A grub_uint64_t ctx[(dev->iv_hash->contextsize + 7) / 8];
2N/A
2N/A grub_memset (ctx, 0, sizeof (ctx));
2N/A
2N/A tmp = grub_cpu_to_le64 (sector << dev->log_sector_size);
2N/A dev->iv_hash->init (ctx);
2N/A dev->iv_hash->write (ctx, dev->iv_prefix, dev->iv_prefix_len);
2N/A dev->iv_hash->write (ctx, &tmp, sizeof (tmp));
2N/A dev->iv_hash->final (ctx);
2N/A
2N/A grub_memcpy (iv, dev->iv_hash->read (ctx), sizeof (iv));
2N/A }
2N/A break;
2N/A case GRUB_CRYPTODISK_MODE_IV_PLAIN64:
2N/A iv[1] = grub_cpu_to_le32 (sector >> 32);
2N/A case GRUB_CRYPTODISK_MODE_IV_PLAIN:
2N/A iv[0] = grub_cpu_to_le32 (sector & 0xFFFFFFFF);
2N/A break;
2N/A case GRUB_CRYPTODISK_MODE_IV_BYTECOUNT64:
2N/A iv[1] = grub_cpu_to_le32 (sector >> (32 - dev->log_sector_size));
2N/A iv[0] = grub_cpu_to_le32 ((sector << dev->log_sector_size)
2N/A & 0xFFFFFFFF);
2N/A break;
2N/A case GRUB_CRYPTODISK_MODE_IV_BENBI:
2N/A {
2N/A grub_uint64_t num = (sector << dev->benbi_log) + 1;
2N/A iv[sz - 2] = grub_cpu_to_be32 (num >> 32);
2N/A iv[sz - 1] = grub_cpu_to_be32 (num & 0xFFFFFFFF);
2N/A }
2N/A break;
2N/A case GRUB_CRYPTODISK_MODE_IV_ESSIV:
2N/A iv[0] = grub_cpu_to_le32 (sector & 0xFFFFFFFF);
2N/A err = grub_crypto_ecb_encrypt (dev->essiv_cipher, iv, iv,
2N/A dev->cipher->cipher->blocksize);
2N/A if (err)
2N/A return err;
2N/A }
2N/A
2N/A switch (dev->mode)
2N/A {
2N/A case GRUB_CRYPTODISK_MODE_CBC:
2N/A err = grub_crypto_cbc_decrypt (dev->cipher, data + i, data + i,
2N/A (1U << dev->log_sector_size), iv);
2N/A if (err)
2N/A return err;
2N/A break;
2N/A
2N/A case GRUB_CRYPTODISK_MODE_PCBC:
2N/A err = grub_crypto_pcbc_decrypt (dev->cipher, data + i, data + i,
2N/A (1U << dev->log_sector_size), iv);
2N/A if (err)
2N/A return err;
2N/A break;
2N/A case GRUB_CRYPTODISK_MODE_XTS:
2N/A {
2N/A unsigned j;
2N/A err = grub_crypto_ecb_encrypt (dev->secondary_cipher, iv, iv,
2N/A dev->cipher->cipher->blocksize);
2N/A if (err)
2N/A return err;
2N/A
2N/A for (j = 0; j < (1U << dev->log_sector_size);
2N/A j += dev->cipher->cipher->blocksize)
2N/A {
2N/A grub_crypto_xor (data + i + j, data + i + j, iv,
2N/A dev->cipher->cipher->blocksize);
2N/A err = grub_crypto_ecb_decrypt (dev->cipher, data + i + j,
2N/A data + i + j,
2N/A dev->cipher->cipher->blocksize);
2N/A if (err)
2N/A return err;
2N/A grub_crypto_xor (data + i + j, data + i + j, iv,
2N/A dev->cipher->cipher->blocksize);
2N/A gf_mul_x ((grub_uint8_t *) iv);
2N/A }
2N/A }
2N/A break;
2N/A case GRUB_CRYPTODISK_MODE_LRW:
2N/A {
2N/A struct lrw_sector sec;
2N/A
2N/A generate_lrw_sector (&sec, dev, (grub_uint8_t *) iv);
2N/A lrw_xor (&sec, dev, data + i);
2N/A
2N/A err = grub_crypto_ecb_decrypt (dev->cipher, data + i,
2N/A data + i,
2N/A (1U << dev->log_sector_size));
2N/A if (err)
2N/A return err;
2N/A lrw_xor (&sec, dev, data + i);
2N/A }
2N/A break;
2N/A case GRUB_CRYPTODISK_MODE_ECB:
2N/A grub_crypto_ecb_decrypt (dev->cipher, data + i, data + i,
2N/A (1U << dev->log_sector_size));
2N/A break;
2N/A default:
2N/A return GPG_ERR_NOT_IMPLEMENTED;
2N/A }
2N/A sector++;
2N/A }
2N/A return GPG_ERR_NO_ERROR;
2N/A}
2N/A
2N/Agcry_err_code_t
2N/Agrub_cryptodisk_setkey (grub_cryptodisk_t dev, grub_uint8_t *key, grub_size_t keysize)
2N/A{
2N/A gcry_err_code_t err;
2N/A int real_keysize;
2N/A
2N/A real_keysize = keysize;
2N/A if (dev->mode == GRUB_CRYPTODISK_MODE_XTS)
2N/A real_keysize /= 2;
2N/A if (dev->mode == GRUB_CRYPTODISK_MODE_LRW)
2N/A real_keysize -= dev->cipher->cipher->blocksize;
2N/A
2N/A /* Set the PBKDF2 output as the cipher key. */
2N/A err = grub_crypto_cipher_set_key (dev->cipher, key, real_keysize);
2N/A if (err)
2N/A return err;
2N/A
2N/A /* Configure ESSIV if necessary. */
2N/A if (dev->mode_iv == GRUB_CRYPTODISK_MODE_IV_ESSIV)
2N/A {
2N/A grub_size_t essiv_keysize = dev->essiv_hash->mdlen;
2N/A grub_uint8_t hashed_key[essiv_keysize];
2N/A
2N/A grub_crypto_hash (dev->essiv_hash, hashed_key, key, keysize);
2N/A err = grub_crypto_cipher_set_key (dev->essiv_cipher,
2N/A hashed_key, essiv_keysize);
2N/A if (err)
2N/A return err;
2N/A }
2N/A if (dev->mode == GRUB_CRYPTODISK_MODE_XTS)
2N/A {
2N/A err = grub_crypto_cipher_set_key (dev->secondary_cipher,
2N/A key + real_keysize,
2N/A keysize / 2);
2N/A if (err)
2N/A return err;
2N/A }
2N/A
2N/A if (dev->mode == GRUB_CRYPTODISK_MODE_LRW)
2N/A {
2N/A unsigned i;
2N/A grub_uint8_t idx[GRUB_CRYPTODISK_GF_BYTES];
2N/A
2N/A grub_free (dev->lrw_precalc);
2N/A grub_memcpy (dev->lrw_key, key + real_keysize,
2N/A dev->cipher->cipher->blocksize);
2N/A dev->lrw_precalc = grub_malloc ((1U << dev->log_sector_size));
2N/A if (!dev->lrw_precalc)
2N/A return GPG_ERR_OUT_OF_MEMORY;
2N/A grub_memset (idx, 0, GRUB_CRYPTODISK_GF_BYTES);
2N/A for (i = 0; i < (1U << dev->log_sector_size);
2N/A i += GRUB_CRYPTODISK_GF_BYTES)
2N/A {
2N/A idx[GRUB_CRYPTODISK_GF_BYTES - 1] = i / GRUB_CRYPTODISK_GF_BYTES;
2N/A gf_mul_be (dev->lrw_precalc + i, idx, dev->lrw_key);
2N/A }
2N/A }
2N/A return GPG_ERR_NO_ERROR;
2N/A}
2N/A
2N/Astatic int
2N/Agrub_cryptodisk_iterate (int (*hook) (const char *name),
2N/A grub_disk_pull_t pull)
2N/A{
2N/A grub_cryptodisk_t i;
2N/A
2N/A if (pull != GRUB_DISK_PULL_NONE)
2N/A return 0;
2N/A
2N/A for (i = cryptodisk_list; i != NULL; i = i->next)
2N/A {
2N/A char buf[30];
2N/A grub_snprintf (buf, sizeof (buf), "crypto%lu", i->id);
2N/A if (hook (buf))
2N/A return 1;
2N/A }
2N/A
2N/A return GRUB_ERR_NONE;
2N/A}
2N/A
2N/Astatic grub_err_t
2N/Agrub_cryptodisk_open (const char *name, grub_disk_t disk)
2N/A{
2N/A grub_cryptodisk_t dev;
2N/A
2N/A if (grub_memcmp (name, "crypto", sizeof ("crypto") - 1) != 0)
2N/A return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "No such device");
2N/A
2N/A if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) == 0)
2N/A {
2N/A for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
2N/A if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 0)
2N/A break;
2N/A }
2N/A else
2N/A {
2N/A unsigned long id = grub_strtoul (name + sizeof ("crypto") - 1, 0, 0);
2N/A if (grub_errno)
2N/A return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "No such device");
2N/A /* Search for requested device in the list of CRYPTODISK devices. */
2N/A for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
2N/A if (dev->id == id)
2N/A break;
2N/A }
2N/A if (!dev)
2N/A return grub_error (GRUB_ERR_UNKNOWN_DEVICE, "No such device");
2N/A
2N/A disk->log_sector_size = dev->log_sector_size;
2N/A
2N/A#ifdef GRUB_UTIL
2N/A if (dev->cheat)
2N/A {
2N/A if (dev->cheat_fd == -1)
2N/A dev->cheat_fd = open (dev->cheat, O_RDONLY);
2N/A if (dev->cheat_fd == -1)
2N/A return grub_error (GRUB_ERR_IO, "couldn't open %s: %s",
2N/A dev->cheat, strerror (errno));
2N/A }
2N/A#endif
2N/A
2N/A if (!dev->source_disk)
2N/A {
2N/A grub_dprintf ("cryptodisk", "Opening device %s\n", name);
2N/A /* Try to open the source disk and populate the requested disk. */
2N/A dev->source_disk = grub_disk_open (dev->source);
2N/A if (!dev->source_disk)
2N/A return grub_errno;
2N/A }
2N/A
2N/A disk->data = dev;
2N/A disk->total_sectors = dev->total_length;
2N/A disk->id = dev->id;
2N/A dev->ref++;
2N/A return GRUB_ERR_NONE;
2N/A}
2N/A
2N/Astatic void
2N/Agrub_cryptodisk_close (grub_disk_t disk)
2N/A{
2N/A grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
2N/A grub_dprintf ("cryptodisk", "Closing disk\n");
2N/A
2N/A dev->ref--;
2N/A
2N/A if (dev->ref != 0)
2N/A return;
2N/A#ifdef GRUB_UTIL
2N/A if (dev->cheat)
2N/A {
2N/A close (dev->cheat_fd);
2N/A dev->cheat_fd = -1;
2N/A }
2N/A#endif
2N/A grub_disk_close (dev->source_disk);
2N/A dev->source_disk = NULL;
2N/A}
2N/A
2N/Astatic grub_err_t
2N/Agrub_cryptodisk_read (grub_disk_t disk, grub_disk_addr_t sector,
2N/A grub_size_t size, char *buf)
2N/A{
2N/A grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
2N/A grub_err_t err;
2N/A gcry_err_code_t gcry_err;
2N/A
2N/A#ifdef GRUB_UTIL
2N/A if (dev->cheat)
2N/A {
2N/A err = grub_util_fd_seek (dev->cheat_fd, dev->cheat,
2N/A sector << disk->log_sector_size);
2N/A if (err)
2N/A return err;
2N/A if (grub_util_fd_read (dev->cheat_fd, buf, size << disk->log_sector_size)
2N/A != (ssize_t) (size << disk->log_sector_size))
2N/A return grub_error (GRUB_ERR_READ_ERROR, "cannot read from `%s'",
2N/A dev->cheat);
2N/A return GRUB_ERR_NONE;
2N/A }
2N/A#endif
2N/A
2N/A grub_dprintf ("cryptodisk",
2N/A "Reading %" PRIuGRUB_SIZE " sectors from sector 0x%"
2N/A PRIxGRUB_UINT64_T " with offset of %" PRIuGRUB_UINT64_T "\n",
2N/A size, sector, dev->offset);
2N/A
2N/A err = grub_disk_read (dev->source_disk,
2N/A (sector << (disk->log_sector_size
2N/A - GRUB_DISK_SECTOR_BITS)) + dev->offset, 0,
2N/A size << disk->log_sector_size, buf);
2N/A if (err)
2N/A {
2N/A grub_dprintf ("cryptodisk", "grub_disk_read failed with error %d\n", err);
2N/A return err;
2N/A }
2N/A gcry_err = grub_cryptodisk_decrypt (dev, (grub_uint8_t *) buf,
2N/A size << disk->log_sector_size,
2N/A sector);
2N/A return grub_crypto_gcry_error (gcry_err);
2N/A}
2N/A
2N/Astatic grub_err_t
2N/Agrub_cryptodisk_write (grub_disk_t disk __attribute ((unused)),
2N/A grub_disk_addr_t sector __attribute ((unused)),
2N/A grub_size_t size __attribute ((unused)),
2N/A const char *buf __attribute ((unused)))
2N/A{
2N/A return GRUB_ERR_NOT_IMPLEMENTED_YET;
2N/A}
2N/A
2N/A#ifdef GRUB_UTIL
2N/Astatic grub_disk_memberlist_t
2N/Agrub_cryptodisk_memberlist (grub_disk_t disk)
2N/A{
2N/A grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
2N/A grub_disk_memberlist_t list = NULL;
2N/A
2N/A list = grub_malloc (sizeof (*list));
2N/A if (list)
2N/A {
2N/A list->disk = dev->source_disk;
2N/A list->next = NULL;
2N/A }
2N/A
2N/A return list;
2N/A}
2N/A#endif
2N/A
2N/Astatic void
2N/Acryptodisk_cleanup (void)
2N/A{
2N/A grub_cryptodisk_t dev = cryptodisk_list;
2N/A grub_cryptodisk_t tmp;
2N/A
2N/A while (dev != NULL)
2N/A {
2N/A grub_free (dev->source);
2N/A grub_free (dev->cipher);
2N/A grub_free (dev->secondary_cipher);
2N/A grub_free (dev->essiv_cipher);
2N/A tmp = dev->next;
2N/A grub_free (dev);
2N/A dev = tmp;
2N/A }
2N/A}
2N/A
2N/Agrub_err_t
2N/Agrub_cryptodisk_insert (grub_cryptodisk_t newdev, const char *name,
2N/A grub_disk_t source)
2N/A{
2N/A newdev->source = grub_strdup (name);
2N/A if (!newdev->source)
2N/A {
2N/A grub_free (newdev);
2N/A return grub_errno;
2N/A }
2N/A
2N/A newdev->id = n++;
2N/A newdev->source_id = source->id;
2N/A newdev->source_dev_id = source->dev->id;
2N/A newdev->next = cryptodisk_list;
2N/A cryptodisk_list = newdev;
2N/A
2N/A return GRUB_ERR_NONE;
2N/A}
2N/A
2N/Agrub_cryptodisk_t
2N/Agrub_cryptodisk_get_by_uuid (const char *uuid)
2N/A{
2N/A grub_cryptodisk_t dev;
2N/A for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
2N/A if (grub_strcasecmp (dev->uuid, uuid) == 0)
2N/A return dev;
2N/A return NULL;
2N/A}
2N/A
2N/Agrub_cryptodisk_t
2N/Agrub_cryptodisk_get_by_source_disk (grub_disk_t disk)
2N/A{
2N/A grub_cryptodisk_t dev;
2N/A for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
2N/A if (dev->source_id == disk->id && dev->source_dev_id == disk->dev->id)
2N/A return dev;
2N/A return NULL;
2N/A}
2N/A
2N/A#ifdef GRUB_UTIL
2N/Agrub_err_t
2N/Agrub_cryptodisk_cheat_insert (grub_cryptodisk_t newdev, const char *name,
2N/A grub_disk_t source, const char *cheat)
2N/A{
2N/A newdev->cheat = grub_strdup (cheat);
2N/A newdev->source = grub_strdup (name);
2N/A if (!newdev->source || !newdev->cheat)
2N/A {
2N/A grub_free (newdev->source);
2N/A grub_free (newdev->cheat);
2N/A return grub_errno;
2N/A }
2N/A
2N/A newdev->cheat_fd = -1;
2N/A newdev->source_id = source->id;
2N/A newdev->source_dev_id = source->dev->id;
2N/A newdev->id = n++;
2N/A newdev->next = cryptodisk_list;
2N/A cryptodisk_list = newdev;
2N/A
2N/A return GRUB_ERR_NONE;
2N/A}
2N/A
2N/Avoid
2N/Agrub_util_cryptodisk_print_abstraction (grub_disk_t disk)
2N/A{
2N/A grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
2N/A
2N/A grub_printf ("cryptodisk %s ", dev->modname);
2N/A
2N/A if (dev->cipher)
2N/A grub_printf ("%s ", dev->cipher->cipher->modname);
2N/A if (dev->secondary_cipher)
2N/A grub_printf ("%s ", dev->secondary_cipher->cipher->modname);
2N/A if (dev->essiv_cipher)
2N/A grub_printf ("%s ", dev->essiv_cipher->cipher->modname);
2N/A if (dev->hash)
2N/A grub_printf ("%s ", dev->hash->modname);
2N/A if (dev->essiv_hash)
2N/A grub_printf ("%s ", dev->essiv_hash->modname);
2N/A if (dev->iv_hash)
2N/A grub_printf ("%s ", dev->iv_hash->modname);
2N/A}
2N/A
2N/Avoid
2N/Agrub_util_cryptodisk_print_uuid (grub_disk_t disk)
2N/A{
2N/A grub_cryptodisk_t dev = (grub_cryptodisk_t) disk->data;
2N/A grub_printf ("%s ", dev->uuid);
2N/A}
2N/A
2N/A#endif
2N/A
2N/Astatic int check_boot, have_it;
2N/Astatic char *search_uuid;
2N/A
2N/Astatic void
2N/Acryptodisk_close (grub_cryptodisk_t dev)
2N/A{
2N/A grub_crypto_cipher_close (dev->cipher);
2N/A grub_crypto_cipher_close (dev->secondary_cipher);
2N/A grub_crypto_cipher_close (dev->essiv_cipher);
2N/A grub_free (dev);
2N/A}
2N/A
2N/Astatic grub_err_t
2N/Agrub_cryptodisk_scan_device_real (const char *name, grub_disk_t source)
2N/A{
2N/A grub_err_t err;
2N/A grub_cryptodisk_t dev;
2N/A grub_cryptodisk_dev_t cr;
2N/A
2N/A dev = grub_cryptodisk_get_by_source_disk (source);
2N/A
2N/A if (dev)
2N/A return GRUB_ERR_NONE;
2N/A
2N/A FOR_CRYPTODISK_DEVS (cr)
2N/A {
2N/A dev = cr->scan (source, search_uuid, check_boot);
2N/A if (grub_errno)
2N/A return grub_errno;
2N/A if (!dev)
2N/A continue;
2N/A
2N/A err = cr->recover_key (source, dev);
2N/A if (err)
2N/A {
2N/A cryptodisk_close (dev);
2N/A return err;
2N/A }
2N/A
2N/A grub_cryptodisk_insert (dev, name, source);
2N/A
2N/A have_it = 1;
2N/A
2N/A return GRUB_ERR_NONE;
2N/A }
2N/A return GRUB_ERR_NONE;
2N/A}
2N/A
2N/A#ifdef GRUB_UTIL
2N/A#include <grub/util/misc.h>
2N/Agrub_err_t
2N/Agrub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat)
2N/A{
2N/A grub_err_t err;
2N/A grub_cryptodisk_t dev;
2N/A grub_cryptodisk_dev_t cr;
2N/A grub_disk_t source;
2N/A
2N/A /* Try to open disk. */
2N/A source = grub_disk_open (sourcedev);
2N/A if (!source)
2N/A return grub_errno;
2N/A
2N/A dev = grub_cryptodisk_get_by_source_disk (source);
2N/A
2N/A if (dev)
2N/A {
2N/A grub_disk_close (source);
2N/A return GRUB_ERR_NONE;
2N/A }
2N/A
2N/A FOR_CRYPTODISK_DEVS (cr)
2N/A {
2N/A dev = cr->scan (source, search_uuid, check_boot);
2N/A if (grub_errno)
2N/A return grub_errno;
2N/A if (!dev)
2N/A continue;
2N/A
2N/A grub_util_info ("cheatmounted %s (%s) at %s", sourcedev, dev->modname,
2N/A cheat);
2N/A err = grub_cryptodisk_cheat_insert (dev, sourcedev, source, cheat);
2N/A grub_disk_close (source);
2N/A if (err)
2N/A grub_free (dev);
2N/A
2N/A return GRUB_ERR_NONE;
2N/A }
2N/A
2N/A grub_disk_close (source);
2N/A
2N/A return GRUB_ERR_NONE;
2N/A}
2N/A#endif
2N/A
2N/Astatic int
2N/Agrub_cryptodisk_scan_device (const char *name)
2N/A{
2N/A grub_err_t err;
2N/A grub_disk_t source;
2N/A
2N/A /* Try to open disk. */
2N/A source = grub_disk_open (name);
2N/A if (!source)
2N/A return grub_errno;
2N/A
2N/A err = grub_cryptodisk_scan_device_real (name, source);
2N/A
2N/A grub_disk_close (source);
2N/A
2N/A if (err)
2N/A grub_print_error ();
2N/A return have_it && search_uuid ? 1 : 0;
2N/A}
2N/A
2N/Astatic grub_err_t
2N/Agrub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
2N/A{
2N/A struct grub_arg_list *state = ctxt->state;
2N/A
2N/A if (argc < 1 && !state[1].set && !state[2].set)
2N/A return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required");
2N/A
2N/A have_it = 0;
2N/A if (state[0].set)
2N/A {
2N/A grub_cryptodisk_t dev;
2N/A
2N/A dev = grub_cryptodisk_get_by_uuid (args[0]);
2N/A if (dev)
2N/A {
2N/A grub_dprintf ("cryptodisk",
2N/A "already mounted as crypto%lu\n", dev->id);
2N/A return GRUB_ERR_NONE;
2N/A }
2N/A
2N/A check_boot = state[2].set;
2N/A search_uuid = args[0];
2N/A grub_device_iterate (&grub_cryptodisk_scan_device);
2N/A search_uuid = NULL;
2N/A
2N/A if (!have_it)
2N/A return grub_error (GRUB_ERR_BAD_ARGUMENT, "no such cryptodisk found");
2N/A return GRUB_ERR_NONE;
2N/A }
2N/A else if (state[1].set || (argc == 0 && state[2].set))
2N/A {
2N/A search_uuid = NULL;
2N/A check_boot = state[2].set;
2N/A grub_device_iterate (&grub_cryptodisk_scan_device);
2N/A search_uuid = NULL;
2N/A return GRUB_ERR_NONE;
2N/A }
2N/A else
2N/A {
2N/A grub_err_t err;
2N/A grub_disk_t disk;
2N/A grub_cryptodisk_t dev;
2N/A
2N/A search_uuid = NULL;
2N/A check_boot = state[2].set;
2N/A disk = grub_disk_open (args[0]);
2N/A if (!disk)
2N/A return grub_errno;
2N/A
2N/A dev = grub_cryptodisk_get_by_source_disk (disk);
2N/A if (dev)
2N/A {
2N/A grub_dprintf ("cryptodisk", "already mounted as crypto%lu\n", dev->id);
2N/A grub_disk_close (disk);
2N/A return GRUB_ERR_NONE;
2N/A }
2N/A
2N/A err = grub_cryptodisk_scan_device_real (args[0], disk);
2N/A
2N/A grub_disk_close (disk);
2N/A
2N/A return err;
2N/A }
2N/A}
2N/A
2N/Astatic struct grub_disk_dev grub_cryptodisk_dev = {
2N/A .name = "cryptodisk",
2N/A .id = GRUB_DISK_DEVICE_CRYPTODISK_ID,
2N/A .iterate = grub_cryptodisk_iterate,
2N/A .open = grub_cryptodisk_open,
2N/A .close = grub_cryptodisk_close,
2N/A .read = grub_cryptodisk_read,
2N/A .write = grub_cryptodisk_write,
2N/A#ifdef GRUB_UTIL
2N/A .memberlist = grub_cryptodisk_memberlist,
2N/A#endif
2N/A .next = 0
2N/A};
2N/A
2N/Astatic grub_extcmd_t cmd;
2N/A
2N/AGRUB_MOD_INIT (cryptodisk)
2N/A{
2N/A grub_disk_dev_register (&grub_cryptodisk_dev);
2N/A cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0,
2N/A N_("SOURCE|-u UUID|-a|-b"),
2N/A N_("Mount a crypto device."), options);
2N/A}
2N/A
2N/AGRUB_MOD_FINI (cryptodisk)
2N/A{
2N/A grub_disk_dev_unregister (&grub_cryptodisk_dev);
2N/A cryptodisk_cleanup ();
2N/A}