From c9b1ebc10bea80b7be294d75cada90c668b14ed6 Mon Sep 17 00:00:00 2001 From: Vladimir 'phcoder' Serbinenko Date: Mon, 9 Nov 2009 17:13:17 +0100 Subject: [PATCH] First try to gcry glue --- conf/common.rmk | 2 + conf/gcry.rmk | 52 +++++++++++++++ conf/i386-pc.rmk | 4 +- import_gcry.py | 136 ++++++++++++++++++++++++++++++++++++++ include/grub/crypto.h | 138 +++++++++++++++++++++++++++++++++++++++ include/grub/gcry_wrap.h | 36 ++++++++++ kern/crypto.c | 34 ++++++++++ 7 files changed, 401 insertions(+), 1 deletion(-) create mode 100644 conf/gcry.rmk create mode 100644 import_gcry.py create mode 100644 include/grub/crypto.h create mode 100644 include/grub/gcry_wrap.h create mode 100644 kern/crypto.c diff --git a/conf/common.rmk b/conf/common.rmk index e1ac5274c..0d19344a7 100644 --- a/conf/common.rmk +++ b/conf/common.rmk @@ -618,3 +618,5 @@ pkglib_MODULES += setjmp.mod setjmp_mod_SOURCES = lib/$(target_cpu)/setjmp.S setjmp_mod_ASFLAGS = $(COMMON_ASFLAGS) setjmp_mod_LDFLAGS = $(COMMON_LDFLAGS) + +include $(srcdir)/conf/gcry.mk diff --git a/conf/gcry.rmk b/conf/gcry.rmk new file mode 100644 index 000000000..0eb3c79bc --- /dev/null +++ b/conf/gcry.rmk @@ -0,0 +1,52 @@ +# -*- makefile -*- + +pkglib_MODULES += seed.mod +seed_mod_SOURCES = gcry/cipher/seed.c +seed_mod_ASFLAGS = $(COMMON_ASFLAGS) +seed_mod_LDFLAGS = $(COMMON_ASFLAGS) + +pkglib_MODULES += twofish.mod +twofish_mod_SOURCES = gcry/cipher/twofish.c +twofish_mod_ASFLAGS = $(COMMON_ASFLAGS) +twofish_mod_LDFLAGS = $(COMMON_ASFLAGS) + +pkglib_MODULES += des.mod +des_mod_SOURCES = gcry/cipher/des.c +des_mod_ASFLAGS = $(COMMON_ASFLAGS) +des_mod_LDFLAGS = $(COMMON_ASFLAGS) + +pkglib_MODULES += arcfour.mod +arcfour_mod_SOURCES = gcry/cipher/arcfour.c +arcfour_mod_ASFLAGS = $(COMMON_ASFLAGS) +arcfour_mod_LDFLAGS = $(COMMON_ASFLAGS) + +pkglib_MODULES += rfc2268.mod +rfc2268_mod_SOURCES = gcry/cipher/rfc2268.c +rfc2268_mod_ASFLAGS = $(COMMON_ASFLAGS) +rfc2268_mod_LDFLAGS = $(COMMON_ASFLAGS) + +pkglib_MODULES += cast5.mod +cast5_mod_SOURCES = gcry/cipher/cast5.c +cast5_mod_ASFLAGS = $(COMMON_ASFLAGS) +cast5_mod_LDFLAGS = $(COMMON_ASFLAGS) + +pkglib_MODULES += camellia-glue.mod +camellia-glue_mod_SOURCES = gcry/cipher/camellia-glue.c +camellia-glue_mod_ASFLAGS = $(COMMON_ASFLAGS) +camellia-glue_mod_LDFLAGS = $(COMMON_ASFLAGS) + +pkglib_MODULES += rijndael.mod +rijndael_mod_SOURCES = gcry/cipher/rijndael.c +rijndael_mod_ASFLAGS = $(COMMON_ASFLAGS) +rijndael_mod_LDFLAGS = $(COMMON_ASFLAGS) + +pkglib_MODULES += serpent.mod +serpent_mod_SOURCES = gcry/cipher/serpent.c +serpent_mod_ASFLAGS = $(COMMON_ASFLAGS) +serpent_mod_LDFLAGS = $(COMMON_ASFLAGS) + +pkglib_MODULES += blowfish.mod +blowfish_mod_SOURCES = gcry/cipher/blowfish.c +blowfish_mod_ASFLAGS = $(COMMON_ASFLAGS) +blowfish_mod_LDFLAGS = $(COMMON_ASFLAGS) + diff --git a/conf/i386-pc.rmk b/conf/i386-pc.rmk index 373b942cc..0e3291782 100644 --- a/conf/i386-pc.rmk +++ b/conf/i386-pc.rmk @@ -58,13 +58,15 @@ kernel_img_SOURCES = kern/i386/pc/startup.S \ kern/generic/millisleep.c \ kern/env.c \ term/i386/pc/console.c term/i386/vga_common.c \ + kern/crypto.c \ symlist.c kernel_img_HEADERS = boot.h cache.h device.h disk.h dl.h elf.h elfload.h \ env.h err.h file.h fs.h kernel.h loader.h misc.h mm.h net.h parser.h \ partition.h msdos_partition.h reader.h symbol.h term.h time.h types.h \ machine/biosdisk.h machine/boot.h machine/console.h machine/init.h \ machine/memory.h machine/loader.h machine/vga.h machine/vbe.h \ - machine/kernel.h machine/pxe.h i386/pit.h list.h handler.h command.h + machine/kernel.h machine/pxe.h i386/pit.h list.h handler.h command.h \ + crypto.h kernel_img_CFLAGS = $(COMMON_CFLAGS) $(TARGET_IMG_CFLAGS) kernel_img_ASFLAGS = $(COMMON_ASFLAGS) kernel_img_LDFLAGS = $(COMMON_LDFLAGS) $(TARGET_IMG_LDFLAGS)$(GRUB_KERNEL_MACHINE_LINK_ADDR) $(COMMON_CFLAGS) diff --git a/import_gcry.py b/import_gcry.py new file mode 100644 index 000000000..c751f5e6f --- /dev/null +++ b/import_gcry.py @@ -0,0 +1,136 @@ +import re +import sys +import os +import datetime + +if len (sys.argv) < 3: + print ("Usage: %s SOURCE DESTINATION" % sys.argv[0]) + exit (0) +indir = sys.argv[1] +outdir = sys.argv[2] + +basedir = os.path.join (outdir, "gcry") +os.makedirs (basedir) +cipher_dir_in = os.path.join (indir, "cipher") +cipher_dir_out = os.path.join (basedir, "cipher") +os.makedirs (cipher_dir_out) +cipher_files = os.listdir (cipher_dir_in) +conf = open (os.path.join (outdir, "conf", "gcry.rmk"), "w") +conf.write ("# -*- makefile -*-\n\n") +chlog = "" + +for cipher_file in cipher_files: + infile = os.path.join (cipher_dir_in, cipher_file) + outfile = os.path.join (cipher_dir_out, cipher_file) + if cipher_file == "ChangeLog": + continue + chlognew = " * %s" % cipher_file + nch = False + if re.match (".*\.[ch]$", cipher_file): + isc = re.match (".*\.c$", cipher_file) + f = open (infile, "r") + fw = open (outfile, "w") + fw.write ("/* This file was automatically imported with \n") + fw.write (" import_gcry.py. Please don't modify it */\n"); + ciphernames = [] + for line in f: + m = re.match ("#include <.*>", line) + if not m is None: + chmsg = "Removed including of %s" % \ + m.group () [len ("#include <"):len (m.group ()) - 1] + if nch: + chlognew = "%s\n %s" % (chlognew, chmsg) + else: + chlognew = "%s: %s" % (chlognew, chmsg) + nch = True + continue + m = re.match ("gcry_cipher_spec_t", line) + if isc and not m is None: + ciphername = line [len ("gcry_cipher_spec_t"):].strip () + ciphername = re.match("[a-zA-Z0-9_]*",ciphername).group () + ciphernames.append (ciphername) + fw.write (line) + if len (ciphernames) > 0: + modname = cipher_file [0:len(cipher_file) - 2] + chmsg = "(GRUB_MOD_INIT(%s)): New function\n" % modname + if nch: + chlognew = "%s\n %s" % (chlognew, chmsg) + else: + chlognew = "%s%s" % (chlognew, chmsg) + nch = True + fw.write ("\n\nGRUB_MOD_INIT(%s)\n" % modname) + fw.write ("{\n") + for ciphername in ciphernames: + chmsg = "Register cipher %s" % ciphername + chlognew = "%s\n %s" % (chlognew, chmsg) + fw.write (" grub_cipher_register (&%s);\n" % ciphername) + fw.write ("}") + chmsg = "(GRUB_MOD_FINI(%s)): New function\n" % modname + chlognew = "%s\n %s" % (chlognew, chmsg) + fw.write ("\n\nGRUB_MOD_FINI(%s)\n" % modname) + fw.write ("{\n") + for ciphername in ciphernames: + chmsg = "Unregister cipher %s" % ciphername + chlognew = "%s\n %s" % (chlognew, chmsg) + fw.write (" grub_cipher_unregister (&%s);\n" % ciphername) + fw.write ("}\n") + conf.write ("pkglib_MODULES += %s.mod\n" % modname) + conf.write ("%s_mod_SOURCES = gcry/cipher/%s\n" %\ + (modname, cipher_file)) + conf.write ("%s_mod_CFLAGS = $(COMMON_CFLAGS) -Wno-error\n" % modname) + conf.write ("%s_mod_LDFLAGS = $(COMMON_ASFLAGS)\n\n" % modname) + elif isc: + print ("WARNING: c file isn't a module: %s" % cipher_file) + f.close () + fw.close () + if nch: + chlog = "%s%s\n" % (chlog, chlognew) + continue + if re.match ("(Manifest|Makefile\.am)$", cipher_file): + chlog = "%s%sRemoved\n" % (chlog, chlognew) + continue + # Autogenerated files. Not even worth mentionning in ChangeLog + if re.match ("Makefile\.in$", cipher_file): + chlog = "%s%sRemoved\n" % (chlog, chlognew) + continue + chlog = "%s%sSkipped unknown file\n" % (chlog, chlognew) + print ("WARNING: unknown file %s" % cipher_file) + +outfile = os.path.join (cipher_dir_out, "types.h") +fw=open (outfile, "w") +fw.write ("#include \n") +fw.write ("#include \n") +chlog = "%s * types.h: New file.\n" % chlog +fw.close () + +outfile = os.path.join (cipher_dir_out, "cipher.h") +fw=open (outfile, "w") +fw.write ("#include \n") +fw.write ("#include \n") +chlog = "%s * cipher.h: Likewise.\n" % chlog +fw.close () + +outfile = os.path.join (cipher_dir_out, "g10lib.h") +fw=open (outfile, "w") +fw.write ("#include \n") +chlog = "%s * g10lib.h: Likewise.\n" % chlog +fw.close () + +infile = os.path.join (cipher_dir_in, "ChangeLog") +outfile = os.path.join (cipher_dir_out, "ChangeLog") + + +f=open (infile, "r") +fw=open (outfile, "w") +dt = datetime.date.today () +fw.write ("%04d-%02d-%02d Automatic import tool\n" % \ + (dt.year,dt.month, dt.day)) +fw.write ("\n") +fw.write (" Imported ciphers to GRUB\n") +fw.write ("\n") +fw.write (chlog) +fw.write ("\n") +for line in f: + fw.write (line) +f.close () +fw.close () diff --git a/include/grub/crypto.h b/include/grub/crypto.h new file mode 100644 index 000000000..36503c1a1 --- /dev/null +++ b/include/grub/crypto.h @@ -0,0 +1,138 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006 + * 2007, 2008, 2009 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +/* Contains elements based on gcrypt-module.h and gcrypt.h.in. + If it's changed please update this file. */ + +#ifndef GRUB_CIPHER_HEADER +#define GRUB_CIPHER_HEADER 1 + +#include +#include + +typedef enum + { + GPG_ERR_NO_ERROR, + GPG_ERR_BAD_MPI, + GPG_ERR_BAD_SECKEY, + GPG_ERR_BAD_SIGNATURE, + GPG_ERR_CIPHER_ALGO, + GPG_ERR_CONFLICT, + GPG_ERR_DECRYPT_FAILED, + GPG_ERR_DIGEST_ALGO, + GPG_ERR_GENERAL, + GPG_ERR_INTERNAL, + GPG_ERR_INV_ARG, + GPG_ERR_INV_CIPHER_MODE, + GPG_ERR_INV_FLAG, + GPG_ERR_INV_KEYLEN, + GPG_ERR_INV_OBJ, + GPG_ERR_INV_OP, + GPG_ERR_INV_SEXP, + GPG_ERR_INV_VALUE, + GPG_ERR_MISSING_VALUE, + GPG_ERR_NO_ENCRYPTION_SCHEME, + GPG_ERR_NO_OBJ, + GPG_ERR_NO_PRIME, + GPG_ERR_NO_SIGNATURE_SCHEME, + GPG_ERR_NOT_FOUND, + GPG_ERR_NOT_IMPLEMENTED, + GPG_ERR_NOT_SUPPORTED, + GPG_ERROR_CFLAGS, + GPG_ERR_PUBKEY_ALGO, + GPG_ERR_SELFTEST_FAILED, + GPG_ERR_TOO_SHORT, + GPG_ERR_UNSUPPORTED, + GPG_ERR_WEAK_KEY, + GPG_ERR_WRONG_KEY_USAGE, + GPG_ERR_WRONG_PUBKEY_ALGO, + } gcry_err_code_t; + +enum gcry_cipher_modes + { + GCRY_CIPHER_MODE_NONE = 0, /* Not yet specified. */ + GCRY_CIPHER_MODE_ECB = 1, /* Electronic codebook. */ + GCRY_CIPHER_MODE_CFB = 2, /* Cipher feedback. */ + GCRY_CIPHER_MODE_CBC = 3, /* Cipher block chaining. */ + GCRY_CIPHER_MODE_STREAM = 4, /* Used with stream ciphers. */ + GCRY_CIPHER_MODE_OFB = 5, /* Outer feedback. */ + GCRY_CIPHER_MODE_CTR = 6 /* Counter. */ + }; + +/* Type for the cipher_setkey function. */ +typedef gcry_err_code_t (*gcry_cipher_setkey_t) (void *c, + const unsigned char *key, + unsigned keylen); + +/* Type for the cipher_encrypt function. */ +typedef void (*gcry_cipher_encrypt_t) (void *c, + unsigned char *outbuf, + const unsigned char *inbuf); + +/* Type for the cipher_decrypt function. */ +typedef void (*gcry_cipher_decrypt_t) (void *c, + unsigned char *outbuf, + const unsigned char *inbuf); + +/* Type for the cipher_stencrypt function. */ +typedef void (*gcry_cipher_stencrypt_t) (void *c, + unsigned char *outbuf, + const unsigned char *inbuf, + unsigned int n); + +/* Type for the cipher_stdecrypt function. */ +typedef void (*gcry_cipher_stdecrypt_t) (void *c, + unsigned char *outbuf, + const unsigned char *inbuf, + unsigned int n); + +typedef struct gcry_cipher_oid_spec +{ + const char *oid; + int mode; +} gcry_cipher_oid_spec_t; + +/* Module specification structure for ciphers. */ +typedef struct gcry_cipher_spec +{ + const char *name; + const char **aliases; + gcry_cipher_oid_spec_t *oids; + grub_size_t blocksize; + grub_size_t keylen; + grub_size_t contextsize; + gcry_cipher_setkey_t setkey; + gcry_cipher_encrypt_t encrypt; + gcry_cipher_decrypt_t decrypt; + gcry_cipher_stencrypt_t stencrypt; + gcry_cipher_stdecrypt_t stdecrypt; +} gcry_cipher_spec_t; + +struct grub_cipher +{ + struct grub_cipher *next; + const char *name; +}; +typedef struct grub_cipher *grub_cipher_t; + +extern grub_cipher_t EXPORT_VAR (grub_ciphers); +void EXPORT_FUNC(grub_burn_stack) (grub_size_t size); + + +#endif diff --git a/include/grub/gcry_wrap.h b/include/grub/gcry_wrap.h new file mode 100644 index 000000000..364946d1b --- /dev/null +++ b/include/grub/gcry_wrap.h @@ -0,0 +1,36 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2009 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#ifndef GRUB_GCRY_WRAP_HEADER +#define GRUB_GCRY_WRAP_HEADER 1 + +#include +#include +#include +#include +#include + +typedef grub_uint32_t u32; +typedef grub_uint16_t u16; +typedef grub_uint8_t byte; +typedef grub_size_t size_t; + +#define _gcry_burn_stack grub_burn_stack +#define log_error(fmt, args...) grub_dprintf ("crypto", fmt, ## args) + +#endif diff --git a/kern/crypto.c b/kern/crypto.c new file mode 100644 index 000000000..7dd00c84d --- /dev/null +++ b/kern/crypto.c @@ -0,0 +1,34 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 1999, 2001, 2002, 2003, 2007, + * 2008, 2009 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ +#include +#include + +grub_cipher_t grub_ciphers; + +/* Based on libgcrypt-1.4.4/src/misc.c. */ +void +grub_burn_stack (grub_size_t size) +{ + char buf[64]; + + grub_memset (buf, 0, sizeof (buf)); + size -= sizeof (buf); + if (size > 0) + grub_burn_stack (size); +}