diff options
| author | Paul Kocialkowski <contact@paulk.fr> | 2016-12-23 14:13:48 +0100 |
|---|---|---|
| committer | Leah Rowe <info@minifree.org> | 2017-01-15 14:24:40 +0000 |
| commit | 3d08effb91acf985bae9c4eb4386937ce7ed92a9 (patch) | |
| tree | 9d890b07e4abf2f885cf9c494a9103bf4b96d891 /resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch | |
| parent | 0698cb38d1e26495c953f01daf9604551b6ed7d5 (diff) | |
| download | librebootfr-3d08effb91acf985bae9c4eb4386937ce7ed92a9.tar.gz librebootfr-3d08effb91acf985bae9c4eb4386937ce7ed92a9.zip | |
Current build system removal
Signed-off-by: Paul Kocialkowski <contact@paulk.fr>
Diffstat (limited to 'resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch')
| -rw-r--r-- | resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch | 636 |
1 files changed, 0 insertions, 636 deletions
diff --git a/resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch b/resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch deleted file mode 100644 index 54635442..00000000 --- a/resources/grub/patch/grub.johnlane.ie/0004-Cryptomount-support-plain-dm-crypt.patch +++ /dev/null @@ -1,636 +0,0 @@ -From 632155a6e8923cdd5c1d4e23576cfadcb78ee67b Mon Sep 17 00:00:00 2001 -From: John Lane <john@lane.uk.net> -Date: Fri, 26 Jun 2015 22:09:52 +0100 -Subject: [PATCH 05/10] Cryptomount support plain dm-crypt - ---- - grub-core/disk/cryptodisk.c | 298 +++++++++++++++++++++++++++++++++++++++++++- - grub-core/disk/luks.c | 195 +---------------------------- - include/grub/cryptodisk.h | 8 ++ - 3 files changed, 311 insertions(+), 190 deletions(-) - -diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index 0e7ced8..57fb904 100644 ---- a/grub-core/disk/cryptodisk.c -+++ b/grub-core/disk/cryptodisk.c -@@ -45,6 +45,12 @@ static const struct grub_arg_option options[] = - {"keyfile", 'k', 0, N_("Key file"), 0, ARG_TYPE_STRING}, - {"keyfile-offset", 'O', 0, N_("Key file offset (bytes)"), 0, ARG_TYPE_INT}, - {"keyfile-size", 'S', 0, N_("Key file data size (bytes)"), 0, ARG_TYPE_INT}, -+ {"plain", 'p', 0, N_("Plain (no LUKS header)"), 0, ARG_TYPE_NONE}, -+ {"cipher", 'c', 0, N_("Plain mode cipher"), 0, ARG_TYPE_STRING}, -+ {"digest", 'd', 0, N_("Plain mode passphrase digest (hash)"), 0, ARG_TYPE_STRING}, -+ {"offset", 'o', 0, N_("Plain mode data sector offset"), 0, ARG_TYPE_INT}, -+ {"size", 's', 0, N_("Size of raw device (sectors, defaults to whole device)"), 0, ARG_TYPE_INT}, -+ {"key-size", 'K', 0, N_("Set key size (bits)"), 0, ARG_TYPE_INT}, - {0, 0, 0, 0, 0, 0} - }; - -@@ -932,6 +938,48 @@ grub_cryptodisk_scan_device (const char *name, - return have_it && search_uuid ? 1 : 0; - } - -+/* Hashes a passphrase into a key and stores it with cipher. */ -+static gcry_err_code_t -+set_passphrase (grub_cryptodisk_t dev, grub_size_t keysize, const char *passphrase) -+{ -+ grub_uint8_t derived_hash[GRUB_CRYPTODISK_MAX_KEYLEN * 2], *dh = derived_hash; -+ char *p; -+ unsigned int round, i; -+ unsigned int len, size; -+ -+ /* Need no passphrase if there's no key */ -+ if (keysize == 0) -+ return GPG_ERR_INV_KEYLEN; -+ -+ /* Hack to support the "none" hash */ -+ if (dev->hash) -+ len = dev->hash->mdlen; -+ else -+ len = grub_strlen (passphrase); -+ -+ if (keysize > GRUB_CRYPTODISK_MAX_KEYLEN || len > GRUB_CRYPTODISK_MAX_KEYLEN) -+ return GPG_ERR_INV_KEYLEN; -+ -+ p = grub_malloc (grub_strlen (passphrase) + 2 + keysize / len); -+ if (!p) -+ return grub_errno; -+ -+ for (round = 0, size = keysize; size; round++, dh += len, size -= len) -+ { -+ for (i = 0; i < round; i++) -+ p[i] = 'A'; -+ -+ grub_strcpy (p + i, passphrase); -+ -+ if (len > size) -+ len = size; -+ -+ grub_crypto_hash (dev->hash, dh, p, grub_strlen (p)); -+ } -+ -+ return grub_cryptodisk_setkey (dev, derived_hash, keysize); -+} -+ - static grub_err_t - grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - { -@@ -1061,6 +1109,64 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - - err = grub_cryptodisk_scan_device_real (diskname, disk); - -+ if (state[7].set) /* Plain mode */ -+ { -+ char *cipher; -+ char *mode; -+ char *digest; -+ int offset, size, key_size; -+ -+ cipher = grub_strdup (state[8].set ? state[8].arg : GRUB_CRYPTODISK_PLAIN_CIPHER); -+ digest = grub_strdup (state[9].set ? state[9].arg : GRUB_CRYPTODISK_PLAIN_DIGEST); -+ offset = state[10].set ? grub_strtoul (state[10].arg, 0, 0) : 0; -+ size = state[11].set ? grub_strtoul (state[11].arg, 0, 0) : 0; -+ key_size = ( state[12].set ? grub_strtoul (state[12].arg, 0, 0) \ -+ : GRUB_CRYPTODISK_PLAIN_KEYSIZE ) / 8; -+ -+ /* no strtok, do it manually */ -+ mode = grub_strchr(cipher,'-'); -+ if (!mode) -+ return GRUB_ERR_BAD_ARGUMENT; -+ else -+ *mode++ = 0; -+ -+ dev = grub_cryptodisk_create (disk, NULL, cipher, mode, digest); -+ -+ dev->offset = offset; -+ if (size) dev->total_length = size; -+ -+ if (key) -+ { -+ err = grub_cryptodisk_setkey (dev, key, key_size); -+ if (err) -+ return err; -+ } -+ else -+ { -+ char passphrase[GRUB_CRYPTODISK_MAX_PASSPHRASE] = ""; -+ -+ grub_printf_ (N_("Enter passphrase for %s: "), diskname); -+ if (!grub_password_get (passphrase, GRUB_CRYPTODISK_MAX_PASSPHRASE)) -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); -+ -+ err = set_passphrase (dev, key_size, passphrase); -+ if (err) -+ { -+ grub_crypto_cipher_close (dev->cipher); -+ return err; -+ } -+ } -+ -+ grub_cryptodisk_insert (dev, diskname, disk); -+ -+ grub_free (cipher); -+ grub_free (digest); -+ -+ err = GRUB_ERR_NONE; -+ } -+ else -+ err = grub_cryptodisk_scan_device_real (args[0], disk); -+ - grub_disk_close (disk); - if (disklast) - *disklast = ')'; -@@ -1192,13 +1298,203 @@ struct grub_procfs_entry luks_script = - .get_contents = luks_script_get - }; - -+grub_cryptodisk_t -+grub_cryptodisk_create (grub_disk_t disk, char *uuid, -+ char *ciphername, char *ciphermode, char *hashspec) -+{ -+ grub_cryptodisk_t newdev; -+ char *cipheriv = NULL; -+ grub_crypto_cipher_handle_t cipher = NULL, secondary_cipher = NULL; -+ grub_crypto_cipher_handle_t essiv_cipher = NULL; -+ const gcry_md_spec_t *hash = NULL, *essiv_hash = NULL; -+ const struct gcry_cipher_spec *ciph; -+ grub_cryptodisk_mode_t mode; -+ grub_cryptodisk_mode_iv_t mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64; -+ int benbi_log = 0; -+ -+ if (!uuid) -+ uuid = (char*)"00000000000000000000000000000000"; -+ -+ ciph = grub_crypto_lookup_cipher_by_name (ciphername); -+ if (!ciph) -+ { -+ grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher %s isn't available", -+ ciphername); -+ return NULL; -+ } -+ -+ /* Configure the cipher used for the bulk data. */ -+ cipher = grub_crypto_cipher_open (ciph); -+ if (!cipher) -+ return NULL; -+ -+ /* Configure the cipher mode. */ -+ if (grub_strcmp (ciphermode, "ecb") == 0) -+ { -+ mode = GRUB_CRYPTODISK_MODE_ECB; -+ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN; -+ cipheriv = NULL; -+ } -+ else if (grub_strcmp (ciphermode, "plain") == 0) -+ { -+ mode = GRUB_CRYPTODISK_MODE_CBC; -+ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN; -+ cipheriv = NULL; -+ } -+ else if (grub_memcmp (ciphermode, "cbc-", sizeof ("cbc-") - 1) == 0) -+ { -+ mode = GRUB_CRYPTODISK_MODE_CBC; -+ cipheriv = ciphermode + sizeof ("cbc-") - 1; -+ } -+ else if (grub_memcmp (ciphermode, "pcbc-", sizeof ("pcbc-") - 1) == 0) -+ { -+ mode = GRUB_CRYPTODISK_MODE_PCBC; -+ cipheriv = ciphermode + sizeof ("pcbc-") - 1; -+ } -+ else if (grub_memcmp (ciphermode, "xts-", sizeof ("xts-") - 1) == 0) -+ { -+ mode = GRUB_CRYPTODISK_MODE_XTS; -+ cipheriv = ciphermode + sizeof ("xts-") - 1; -+ secondary_cipher = grub_crypto_cipher_open (ciph); -+ if (!secondary_cipher) -+ { -+ grub_crypto_cipher_close (cipher); -+ return NULL; -+ } -+ if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d", -+ cipher->cipher->blocksize); -+ grub_crypto_cipher_close (cipher); -+ grub_crypto_cipher_close (secondary_cipher); -+ return NULL; -+ } -+ if (secondary_cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES) -+ { -+ grub_crypto_cipher_close (cipher); -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d", -+ secondary_cipher->cipher->blocksize); -+ grub_crypto_cipher_close (secondary_cipher); -+ return NULL; -+ } -+ } -+ else if (grub_memcmp (ciphermode, "lrw-", sizeof ("lrw-") - 1) == 0) -+ { -+ mode = GRUB_CRYPTODISK_MODE_LRW; -+ cipheriv = ciphermode + sizeof ("lrw-") - 1; -+ if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported LRW block size: %d", -+ cipher->cipher->blocksize); -+ grub_crypto_cipher_close (cipher); -+ return NULL; -+ } -+ } -+ else -+ { -+ grub_crypto_cipher_close (cipher); -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown cipher mode: %s", -+ ciphermode); -+ return NULL; -+ } -+ -+ if (cipheriv == NULL); -+ else if (grub_memcmp (cipheriv, "plain", sizeof ("plain") - 1) == 0) -+ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN; -+ else if (grub_memcmp (cipheriv, "plain64", sizeof ("plain64") - 1) == 0) -+ mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64; -+ else if (grub_memcmp (cipheriv, "benbi", sizeof ("benbi") - 1) == 0) -+ { -+ if (cipher->cipher->blocksize & (cipher->cipher->blocksize - 1) -+ || cipher->cipher->blocksize == 0) -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported benbi blocksize: %d", -+ cipher->cipher->blocksize); -+ /* FIXME should we return an error here? */ -+ for (benbi_log = 0; -+ (cipher->cipher->blocksize << benbi_log) < GRUB_DISK_SECTOR_SIZE; -+ benbi_log++); -+ mode_iv = GRUB_CRYPTODISK_MODE_IV_BENBI; -+ } -+ else if (grub_memcmp (cipheriv, "null", sizeof ("null") - 1) == 0) -+ mode_iv = GRUB_CRYPTODISK_MODE_IV_NULL; -+ else if (grub_memcmp (cipheriv, "essiv:", sizeof ("essiv:") - 1) == 0) -+ { -+ char *hash_str = cipheriv + 6; -+ -+ mode_iv = GRUB_CRYPTODISK_MODE_IV_ESSIV; -+ -+ /* Configure the hash and cipher used for ESSIV. */ -+ essiv_hash = grub_crypto_lookup_md_by_name (hash_str); -+ if (!essiv_hash) -+ { -+ grub_crypto_cipher_close (cipher); -+ grub_crypto_cipher_close (secondary_cipher); -+ grub_error (GRUB_ERR_FILE_NOT_FOUND, -+ "Couldn't load %s hash", hash_str); -+ return NULL; -+ } -+ essiv_cipher = grub_crypto_cipher_open (ciph); -+ if (!essiv_cipher) -+ { -+ grub_crypto_cipher_close (cipher); -+ grub_crypto_cipher_close (secondary_cipher); -+ return NULL; -+ } -+ } -+ else -+ { -+ grub_crypto_cipher_close (cipher); -+ grub_crypto_cipher_close (secondary_cipher); -+ grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown IV mode: %s", -+ cipheriv); -+ return NULL; -+ } -+ -+ /* Configure the passphrase hash (LUKS also uses AF splitter and HMAC). */ -+ hash = grub_crypto_lookup_md_by_name (hashspec); -+ if (!hash) -+ { -+ grub_crypto_cipher_close (cipher); -+ grub_crypto_cipher_close (essiv_cipher); -+ grub_crypto_cipher_close (secondary_cipher); -+ grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash", -+ hashspec); -+ return NULL; -+ } -+ -+ newdev = grub_zalloc (sizeof (struct grub_cryptodisk)); -+ if (!newdev) -+ { -+ grub_crypto_cipher_close (cipher); -+ grub_crypto_cipher_close (essiv_cipher); -+ grub_crypto_cipher_close (secondary_cipher); -+ return NULL; -+ } -+ newdev->cipher = cipher; -+ newdev->offset = 0; -+ newdev->source_disk = NULL; -+ newdev->benbi_log = benbi_log; -+ newdev->mode = mode; -+ newdev->mode_iv = mode_iv; -+ newdev->secondary_cipher = secondary_cipher; -+ newdev->essiv_cipher = essiv_cipher; -+ newdev->essiv_hash = essiv_hash; -+ newdev->hash = hash; -+ newdev->log_sector_size = 9; -+ newdev->total_length = grub_disk_get_size (disk) - newdev->offset; -+ grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid)); -+ COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid)); -+ -+ return newdev; -+} -+ - static grub_extcmd_t cmd; - - GRUB_MOD_INIT (cryptodisk) - { - grub_disk_dev_register (&grub_cryptodisk_dev); - cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0, -- N_("SOURCE|-u UUID|-a|-b|-H file"), -+ N_("SOURCE|-u UUID|-a|-b|-H file|-p -c cipher -d digest"), - N_("Mount a crypto device."), options); - grub_procfs_register ("luks_script", &luks_script); - } -diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c -index 11e437e..4ebe21b 100644 ---- a/grub-core/disk/luks.c -+++ b/grub-core/disk/luks.c -@@ -30,8 +30,6 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - --#define MAX_PASSPHRASE 256 -- - #define LUKS_KEY_ENABLED 0x00AC71F3 - - /* On disk LUKS header */ -@@ -76,15 +74,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - char uuid[sizeof (header.uuid) + 1]; - char ciphername[sizeof (header.cipherName) + 1]; - char ciphermode[sizeof (header.cipherMode) + 1]; -- char *cipheriv = NULL; - char hashspec[sizeof (header.hashSpec) + 1]; -- grub_crypto_cipher_handle_t cipher = NULL, secondary_cipher = NULL; -- grub_crypto_cipher_handle_t essiv_cipher = NULL; -- const gcry_md_spec_t *hash = NULL, *essiv_hash = NULL; -- const struct gcry_cipher_spec *ciph; -- grub_cryptodisk_mode_t mode; -- grub_cryptodisk_mode_iv_t mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64; -- int benbi_log = 0; - grub_err_t err; - - err = GRUB_ERR_NONE; -@@ -119,7 +109,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - iptr++) - { - if (*iptr != '-') -- *optr++ = *iptr; -+ *optr++ = *iptr; - } - *optr = 0; - -@@ -129,6 +119,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - return NULL; - } - -+ - /* Make sure that strings are null terminated. */ - grub_memcpy (ciphername, header.cipherName, sizeof (header.cipherName)); - ciphername[sizeof (header.cipherName)] = 0; -@@ -137,184 +128,10 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - grub_memcpy (hashspec, header.hashSpec, sizeof (header.hashSpec)); - hashspec[sizeof (header.hashSpec)] = 0; - -- ciph = grub_crypto_lookup_cipher_by_name (ciphername); -- if (!ciph) -- { -- grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher %s isn't available", -- ciphername); -- return NULL; -- } -- -- /* Configure the cipher used for the bulk data. */ -- cipher = grub_crypto_cipher_open (ciph); -- if (!cipher) -- return NULL; -- -- if (grub_be_to_cpu32 (header.keyBytes) > 1024) -- { -- grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid keysize %d", -- grub_be_to_cpu32 (header.keyBytes)); -- grub_crypto_cipher_close (cipher); -- return NULL; -- } -- -- /* Configure the cipher mode. */ -- if (grub_strcmp (ciphermode, "ecb") == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_ECB; -- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN; -- cipheriv = NULL; -- } -- else if (grub_strcmp (ciphermode, "plain") == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_CBC; -- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN; -- cipheriv = NULL; -- } -- else if (grub_memcmp (ciphermode, "cbc-", sizeof ("cbc-") - 1) == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_CBC; -- cipheriv = ciphermode + sizeof ("cbc-") - 1; -- } -- else if (grub_memcmp (ciphermode, "pcbc-", sizeof ("pcbc-") - 1) == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_PCBC; -- cipheriv = ciphermode + sizeof ("pcbc-") - 1; -- } -- else if (grub_memcmp (ciphermode, "xts-", sizeof ("xts-") - 1) == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_XTS; -- cipheriv = ciphermode + sizeof ("xts-") - 1; -- secondary_cipher = grub_crypto_cipher_open (ciph); -- if (!secondary_cipher) -- { -- grub_crypto_cipher_close (cipher); -- return NULL; -- } -- if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES) -- { -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d", -- cipher->cipher->blocksize); -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (secondary_cipher); -- return NULL; -- } -- if (secondary_cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES) -- { -- grub_crypto_cipher_close (cipher); -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d", -- secondary_cipher->cipher->blocksize); -- grub_crypto_cipher_close (secondary_cipher); -- return NULL; -- } -- } -- else if (grub_memcmp (ciphermode, "lrw-", sizeof ("lrw-") - 1) == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_LRW; -- cipheriv = ciphermode + sizeof ("lrw-") - 1; -- if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES) -- { -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported LRW block size: %d", -- cipher->cipher->blocksize); -- grub_crypto_cipher_close (cipher); -- return NULL; -- } -- } -- else -- { -- grub_crypto_cipher_close (cipher); -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown cipher mode: %s", -- ciphermode); -- return NULL; -- } -- -- if (cipheriv == NULL); -- else if (grub_memcmp (cipheriv, "plain", sizeof ("plain") - 1) == 0) -- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN; -- else if (grub_memcmp (cipheriv, "plain64", sizeof ("plain64") - 1) == 0) -- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64; -- else if (grub_memcmp (cipheriv, "benbi", sizeof ("benbi") - 1) == 0) -- { -- if (cipher->cipher->blocksize & (cipher->cipher->blocksize - 1) -- || cipher->cipher->blocksize == 0) -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported benbi blocksize: %d", -- cipher->cipher->blocksize); -- /* FIXME should we return an error here? */ -- for (benbi_log = 0; -- (cipher->cipher->blocksize << benbi_log) < GRUB_DISK_SECTOR_SIZE; -- benbi_log++); -- mode_iv = GRUB_CRYPTODISK_MODE_IV_BENBI; -- } -- else if (grub_memcmp (cipheriv, "null", sizeof ("null") - 1) == 0) -- mode_iv = GRUB_CRYPTODISK_MODE_IV_NULL; -- else if (grub_memcmp (cipheriv, "essiv:", sizeof ("essiv:") - 1) == 0) -- { -- char *hash_str = cipheriv + 6; -- -- mode_iv = GRUB_CRYPTODISK_MODE_IV_ESSIV; -- -- /* Configure the hash and cipher used for ESSIV. */ -- essiv_hash = grub_crypto_lookup_md_by_name (hash_str); -- if (!essiv_hash) -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (secondary_cipher); -- grub_error (GRUB_ERR_FILE_NOT_FOUND, -- "Couldn't load %s hash", hash_str); -- return NULL; -- } -- essiv_cipher = grub_crypto_cipher_open (ciph); -- if (!essiv_cipher) -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (secondary_cipher); -- return NULL; -- } -- } -- else -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (secondary_cipher); -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown IV mode: %s", -- cipheriv); -- return NULL; -- } -- -- /* Configure the hash used for the AF splitter and HMAC. */ -- hash = grub_crypto_lookup_md_by_name (hashspec); -- if (!hash) -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (essiv_cipher); -- grub_crypto_cipher_close (secondary_cipher); -- grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash", -- hashspec); -- return NULL; -- } -+ newdev = grub_cryptodisk_create (disk, uuid, ciphername, ciphermode, hashspec); - -- newdev = grub_zalloc (sizeof (struct grub_cryptodisk)); -- if (!newdev) -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (essiv_cipher); -- grub_crypto_cipher_close (secondary_cipher); -- return NULL; -- } -- newdev->cipher = cipher; - newdev->offset = grub_be_to_cpu32 (header.payloadOffset); -- newdev->source_disk = NULL; -- newdev->benbi_log = benbi_log; -- newdev->mode = mode; -- newdev->mode_iv = mode_iv; -- newdev->secondary_cipher = secondary_cipher; -- newdev->essiv_cipher = essiv_cipher; -- newdev->essiv_hash = essiv_hash; -- newdev->hash = hash; -- newdev->log_sector_size = 9; -- newdev->total_length = grub_disk_get_size (disk) - newdev->offset; -- grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid)); - newdev->modname = "luks"; -- COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid)); - - return newdev; - } -@@ -329,7 +146,7 @@ luks_recover_key (grub_disk_t source, - struct grub_luks_phdr header; - grub_size_t keysize; - grub_uint8_t *split_key = NULL; -- char interactive_passphrase[MAX_PASSPHRASE] = ""; -+ char interactive_passphrase[GRUB_CRYPTODISK_MAX_PASSPHRASE] = ""; - grub_uint8_t *passphrase; - grub_size_t passphrase_length; - grub_uint8_t candidate_digest[sizeof (header.mkDigest)]; -@@ -376,7 +193,7 @@ luks_recover_key (grub_disk_t source, - /* Use bytestring from key file as passphrase */ - passphrase = keyfile_bytes; - passphrase_length = keyfile_bytes_size; -- keyfile_bytes = NULL; /* use it only once */ -+ keyfile_bytes = NULL; /* use it only once */ - } - else - { -@@ -387,7 +204,7 @@ luks_recover_key (grub_disk_t source, - grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, - source->partition ? "," : "", tmp ? : "", dev->uuid); - grub_free (tmp); -- if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE)) -+ if (!grub_password_get (interactive_passphrase, GRUB_CRYPTODISK_MAX_PASSPHRASE)) - { - grub_free (split_key); - return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); -diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h -index 67f6b0b..bb25ab7 100644 ---- a/include/grub/cryptodisk.h -+++ b/include/grub/cryptodisk.h -@@ -54,9 +54,14 @@ typedef enum - #define GRUB_CRYPTODISK_GF_LOG_BYTES (GRUB_CRYPTODISK_GF_LOG_SIZE - 3) - #define GRUB_CRYPTODISK_GF_BYTES (1U << GRUB_CRYPTODISK_GF_LOG_BYTES) - #define GRUB_CRYPTODISK_MAX_KEYLEN 128 -+#define GRUB_CRYPTODISK_MAX_PASSPHRASE 256 - - #define GRUB_CRYPTODISK_MAX_KEYFILE_SIZE 8192 - -+#define GRUB_CRYPTODISK_PLAIN_CIPHER "aes-cbc-essiv:sha256" -+#define GRUB_CRYPTODISK_PLAIN_DIGEST "ripemd160" -+#define GRUB_CRYPTODISK_PLAIN_KEYSIZE 256 -+ - struct grub_cryptodisk; - - typedef gcry_err_code_t -@@ -160,4 +165,7 @@ grub_util_get_geli_uuid (const char *dev); - grub_cryptodisk_t grub_cryptodisk_get_by_uuid (const char *uuid); - grub_cryptodisk_t grub_cryptodisk_get_by_source_disk (grub_disk_t disk); - -+grub_cryptodisk_t grub_cryptodisk_create (grub_disk_t disk, char *uuid, -+ char *ciphername, char *ciphermode, char *digest); -+ - #endif --- -1.9.1 - |