[grub2.git] / grub-core / lib / crypto.c

/*
 *  GRUB  --  GRand Unified Bootloader
 *  Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006
 *                2007, 2008, 2009  Free Software Foundation, Inc.
 *
 *  GRUB is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  GRUB is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
 */

#include <grub/crypto.h>
#include <grub/misc.h>
#include <grub/mm.h>
#include <grub/term.h>
#include <grub/dl.h>
#include <grub/i18n.h>
#include <grub/env.h>

GRUB_MOD_LICENSE ("GPLv3+");

struct grub_crypto_hmac_handle
{
  const struct gcry_md_spec *md;
  void *ctx;
  void *opad;
};

static gcry_cipher_spec_t *grub_ciphers = NULL;
static gcry_md_spec_t *grub_digests = NULL;

void (*grub_crypto_autoload_hook) (const char *name) = NULL;

/* Based on libgcrypt-1.4.4/src/misc.c.  */
void
grub_burn_stack (grub_size_t size)
{
  char buf[64];

  grub_memset (buf, 0, sizeof (buf));
  if (size > sizeof (buf))
    grub_burn_stack (size - sizeof (buf));
}

void
_gcry_burn_stack (int size)
{
  grub_burn_stack (size);
}

void __attribute__ ((noreturn))
_gcry_assert_failed (const char *expr, const char *file, int line,
		     const char *func)
  
{
  grub_fatal ("assertion %s at %s:%d (%s) failed\n", expr, file, line, func);
}


void _gcry_log_error (const char *fmt, ...)
{
  va_list args;
  const char *debug = grub_env_get ("debug");

  if (! debug)
    return;

  if (grub_strword (debug, "all") || grub_strword (debug, "gcrypt"))
    {
      grub_printf ("gcrypt error: ");
      va_start (args, fmt);
      grub_vprintf (fmt, args);
      va_end (args);
      grub_refresh ();
    }
}

void 
grub_cipher_register (gcry_cipher_spec_t *cipher)
{
  cipher->next = grub_ciphers;
  grub_ciphers = cipher;
}

void
grub_cipher_unregister (gcry_cipher_spec_t *cipher)
{
  gcry_cipher_spec_t **ciph;
  for (ciph = &grub_ciphers; *ciph; ciph = &((*ciph)->next))
    if (*ciph == cipher)
      {
	*ciph = (*ciph)->next;
	break;
      }
}

void 
grub_md_register (gcry_md_spec_t *digest)
{
  digest->next = grub_digests;
  grub_digests = digest;
}

void 
grub_md_unregister (gcry_md_spec_t *cipher)
{
  gcry_md_spec_t **ciph;
  for (ciph = &grub_digests; *ciph; ciph = &((*ciph)->next))
    if (*ciph == cipher)
      {
	*ciph = (*ciph)->next;
	break;
      }
}

void
grub_crypto_hash (const gcry_md_spec_t *hash, void *out, const void *in,
		  grub_size_t inlen)
{
  GRUB_PROPERLY_ALIGNED_ARRAY (ctx, GRUB_CRYPTO_MAX_MD_CONTEXT_SIZE);

  if (hash->contextsize > sizeof (ctx))
    grub_fatal ("Too large md context");
  hash->init (&ctx);
  hash->write (&ctx, in, inlen);
  hash->final (&ctx);
  grub_memcpy (out, hash->read (&ctx), hash->mdlen);
}

const gcry_md_spec_t *
grub_crypto_lookup_md_by_name (const char *name)
{
  const gcry_md_spec_t *md;
  int first = 1;
  while (1)
    {
      for (md = grub_digests; md; md = md->next)
	if (grub_strcasecmp (name, md->name) == 0)
	  return md;
      if (grub_crypto_autoload_hook && first)
	grub_crypto_autoload_hook (name);
      else
	return NULL;
      first = 0;
    }
}

const gcry_cipher_spec_t *
grub_crypto_lookup_cipher_by_name (const char *name)
{
  const gcry_cipher_spec_t *ciph;
  int first = 1;
  while (1)
    {
      for (ciph = grub_ciphers; ciph; ciph = ciph->next)
	{
	  const char **alias;
	  if (grub_strcasecmp (name, ciph->name) == 0)
	    return ciph;
	  if (!ciph->aliases)
	    continue;
	  for (alias = ciph->aliases; *alias; alias++)
	    if (grub_strcasecmp (name, *alias) == 0)
	      return ciph;
	}
      if (grub_crypto_autoload_hook && first)
	grub_crypto_autoload_hook (name);
      else
	return NULL;
      first = 0;
    }
}


grub_crypto_cipher_handle_t
grub_crypto_cipher_open (const struct gcry_cipher_spec *cipher)
{
  grub_crypto_cipher_handle_t ret;
  ret = grub_malloc (sizeof (*ret) + cipher->contextsize);
  if (!ret)
    return NULL;
  ret->cipher = cipher;
  return ret;
}

gcry_err_code_t
grub_crypto_cipher_set_key (grub_crypto_cipher_handle_t cipher,
			    const unsigned char *key,
			    unsigned keylen)
{
  return cipher->cipher->setkey (cipher->ctx, key, keylen);
}

gcry_err_code_t
grub_crypto_ecb_decrypt (grub_crypto_cipher_handle_t cipher,
			 void *out, const void *in, grub_size_t size)
{
  const grub_uint8_t *inptr, *end;
  grub_uint8_t *outptr;
  if (!cipher->cipher->decrypt)
    return GPG_ERR_NOT_SUPPORTED;
  if (size % cipher->cipher->blocksize != 0)
    return GPG_ERR_INV_ARG;
  end = (const grub_uint8_t *) in + size;
  for (inptr = in, outptr = out; inptr < end;
       inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
    cipher->cipher->decrypt (cipher->ctx, outptr, inptr);
  return GPG_ERR_NO_ERROR;
}

gcry_err_code_t
grub_crypto_ecb_encrypt (grub_crypto_cipher_handle_t cipher,
			 void *out, const void *in, grub_size_t size)
{
  const grub_uint8_t *inptr, *end;
  grub_uint8_t *outptr;
  if (!cipher->cipher->encrypt)
    return GPG_ERR_NOT_SUPPORTED;
  if (size % cipher->cipher->blocksize != 0)
    return GPG_ERR_INV_ARG;
  end = (const grub_uint8_t *) in + size;
  for (inptr = in, outptr = out; inptr < end;
       inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
    cipher->cipher->encrypt (cipher->ctx, outptr, inptr);
  return GPG_ERR_NO_ERROR;
}

gcry_err_code_t
grub_crypto_cbc_encrypt (grub_crypto_cipher_handle_t cipher,
			 void *out, const void *in, grub_size_t size,
			 void *iv_in)
{
  grub_uint8_t *outptr;
  const grub_uint8_t *inptr, *end;
  void *iv;
  if (!cipher->cipher->decrypt)
    return GPG_ERR_NOT_SUPPORTED;
  if (size % cipher->cipher->blocksize != 0)
    return GPG_ERR_INV_ARG;
  end = (const grub_uint8_t *) in + size;
  iv = iv_in;
  for (inptr = in, outptr = out; inptr < end;
       inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
    {
      grub_crypto_xor (outptr, inptr, iv, cipher->cipher->blocksize);
      cipher->cipher->encrypt (cipher->ctx, outptr, outptr);
      iv = outptr;
    }
  grub_memcpy (iv_in, iv, cipher->cipher->blocksize);
  return GPG_ERR_NO_ERROR;
}

gcry_err_code_t
grub_crypto_cbc_decrypt (grub_crypto_cipher_handle_t cipher,
			 void *out, const void *in, grub_size_t size,
			 void *iv)
{
  const grub_uint8_t *inptr, *end;
  grub_uint8_t *outptr;
  grub_uint8_t ivt[GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE];
  if (!cipher->cipher->decrypt)
    return GPG_ERR_NOT_SUPPORTED;
  if (size % cipher->cipher->blocksize != 0)
    return GPG_ERR_INV_ARG;
  if (cipher->cipher->blocksize > GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE)
    return GPG_ERR_INV_ARG;
  end = (const grub_uint8_t *) in + size;
  for (inptr = in, outptr = out; inptr < end;
       inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
    {
      grub_memcpy (ivt, inptr, cipher->cipher->blocksize);
      cipher->cipher->decrypt (cipher->ctx, outptr, inptr);
      grub_crypto_xor (outptr, outptr, iv, cipher->cipher->blocksize);
      grub_memcpy (iv, ivt, cipher->cipher->blocksize);
    }
  return GPG_ERR_NO_ERROR;
}

/* Based on gcry/cipher/md.c.  */
struct grub_crypto_hmac_handle *
grub_crypto_hmac_init (const struct gcry_md_spec *md,
		       const void *key, grub_size_t keylen)
{
  grub_uint8_t *helpkey = NULL;
  grub_uint8_t *ipad = NULL, *opad = NULL;
  void *ctx = NULL;
  struct grub_crypto_hmac_handle *ret = NULL;
  unsigned i;

  if (md->mdlen > md->blocksize)
    return NULL;

  ctx = grub_malloc (md->contextsize);
  if (!ctx)
    goto err;

  if ( keylen > md->blocksize ) 
    {
      helpkey = grub_malloc (md->mdlen);
      if (!helpkey)
	goto err;
      grub_crypto_hash (md, helpkey, key, keylen);

      key = helpkey;
      keylen = md->mdlen;
    }

  ipad = grub_zalloc (md->blocksize);
  if (!ipad)
    goto err;

  opad = grub_zalloc (md->blocksize);
  if (!opad)
    goto err;

  grub_memcpy ( ipad, key, keylen );
  grub_memcpy ( opad, key, keylen );
  for (i=0; i < md->blocksize; i++ ) 
    {
      ipad[i] ^= 0x36;
      opad[i] ^= 0x5c;
    }
  grub_free (helpkey);
  helpkey = NULL;

  md->init (ctx);

  md->write (ctx, ipad, md->blocksize); /* inner pad */
  grub_memset (ipad, 0, md->blocksize);
  grub_free (ipad);
  ipad = NULL;

  ret = grub_malloc (sizeof (*ret));
  if (!ret)
    goto err;

  ret->md = md;
  ret->ctx = ctx;
  ret->opad = opad;

  return ret;

 err:
  grub_free (helpkey);
  grub_free (ctx);
  grub_free (ipad);
  grub_free (opad);
  return NULL;
}

void
grub_crypto_hmac_write (struct grub_crypto_hmac_handle *hnd,
			const void *data,
			grub_size_t datalen)
{
  hnd->md->write (hnd->ctx, data, datalen);
}

gcry_err_code_t
grub_crypto_hmac_fini (struct grub_crypto_hmac_handle *hnd, void *out)
{
  grub_uint8_t *p;
  grub_uint8_t *ctx2;

  ctx2 = grub_malloc (hnd->md->contextsize);
  if (!ctx2)
    return GPG_ERR_OUT_OF_MEMORY;

  hnd->md->final (hnd->ctx);
  hnd->md->read (hnd->ctx);
  p = hnd->md->read (hnd->ctx);

  hnd->md->init (ctx2);
  hnd->md->write (ctx2, hnd->opad, hnd->md->blocksize);
  hnd->md->write (ctx2, p, hnd->md->mdlen);
  hnd->md->final (ctx2);
  grub_memset (hnd->opad, 0, hnd->md->blocksize);
  grub_free (hnd->opad);
  grub_memset (hnd->ctx, 0, hnd->md->contextsize);
  grub_free (hnd->ctx);

  grub_memcpy (out, hnd->md->read (ctx2), hnd->md->mdlen);
  grub_memset (ctx2, 0, hnd->md->contextsize);
  grub_free (ctx2);

  grub_memset (hnd, 0, sizeof (*hnd));
  grub_free (hnd);

  return GPG_ERR_NO_ERROR;
}

gcry_err_code_t
grub_crypto_hmac_buffer (const struct gcry_md_spec *md,
			 const void *key, grub_size_t keylen,
			 const void *data, grub_size_t datalen, void *out)
{
  struct grub_crypto_hmac_handle *hnd;

  hnd = grub_crypto_hmac_init (md, key, keylen);
  if (!hnd)
    return GPG_ERR_OUT_OF_MEMORY;

  grub_crypto_hmac_write (hnd, data, datalen);
  return grub_crypto_hmac_fini (hnd, out);
}


grub_err_t
grub_crypto_gcry_error (gcry_err_code_t in)
{
  if (in == GPG_ERR_NO_ERROR)
    return GRUB_ERR_NONE;
  return GRUB_ACCESS_DENIED;
}

int
grub_crypto_memcmp (const void *a, const void *b, grub_size_t n)
{
  register grub_size_t counter = 0;
  const grub_uint8_t *pa, *pb;

  for (pa = a, pb = b; n; pa++, pb++, n--)
    {
      if (*pa != *pb)
	counter++;
    }

  return !!counter;
}

#ifndef GRUB_UTIL

int
grub_password_get (char buf[], unsigned buf_size)
{
  unsigned cur_len = 0;
  int key;

  while (1)
    {
      key = grub_getkey (); 
      if (key == '\n' || key == '\r')
	break;

      if (key == '\e')
	{
	  cur_len = 0;
	  break;
	}

      if (key == '\b')
	{
	  cur_len--;
	  continue;
	}

      if (!grub_isprint (key))
	continue;

      if (cur_len + 2 < buf_size)
	buf[cur_len++] = key;
    }

  grub_memset (buf + cur_len, 0, buf_size - cur_len);

  grub_xputs ("\n");
  grub_refresh ();

  return (key != '\e');
}
#endif
Commit	Line	Data
d944246c VS	1	/*
	2	* GRUB -- GRand Unified Bootloader
	3	* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006
	4	* 2007, 2008, 2009 Free Software Foundation, Inc.
	5	*
	6	* GRUB is free software: you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation, either version 3 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* GRUB is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License
	17	* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
	18	*/
	19
	20	#include <grub/crypto.h>
	21	#include <grub/misc.h>
	22	#include <grub/mm.h>
b391bdb2	23	#include <grub/term.h>
e745cf0c	24	#include <grub/dl.h>
9c4b5c13	25	#include <grub/i18n.h>
5e3b8dcb	26	#include <grub/env.h>
e745cf0c VS	27
e745cf0c VS	28	GRUB_MOD_LICENSE ("GPLv3+");
d944246c	29
6e7d9194 VS	30	struct grub_crypto_hmac_handle
	31	{
	32	const struct gcry_md_spec *md;
	33	void *ctx;
	34	void *opad;
	35	};
	36
d944246c VS	37	static gcry_cipher_spec_t *grub_ciphers = NULL;
	38	static gcry_md_spec_t *grub_digests = NULL;
	39
7316783f VS	40	void (grub_crypto_autoload_hook) (const char name) = NULL;
7316783f VS	41
d944246c VS	42	/* Based on libgcrypt-1.4.4/src/misc.c. */
	43	void
	44	grub_burn_stack (grub_size_t size)
	45	{
	46	char buf[64];
	47
	48	grub_memset (buf, 0, sizeof (buf));
	49	if (size > sizeof (buf))
	50	grub_burn_stack (size - sizeof (buf));
	51	}
	52
5e3b8dcb VS	53	void
	54	_gcry_burn_stack (int size)
	55	{
	56	grub_burn_stack (size);
	57	}
	58
	59	void __attribute__ ((noreturn))
	60	_gcry_assert_failed (const char expr, const char file, int line,
	61	const char *func)
	62
	63	{
	64	grub_fatal ("assertion %s at %s:%d (%s) failed\n", expr, file, line, func);
	65	}
	66
	67
	68	void _gcry_log_error (const char *fmt, ...)
	69	{
	70	va_list args;
	71	const char *debug = grub_env_get ("debug");
	72
	73	if (! debug)
	74	return;
	75
	76	if (grub_strword (debug, "all") \|\| grub_strword (debug, "gcrypt"))
	77	{
	78	grub_printf ("gcrypt error: ");
	79	va_start (args, fmt);
	80	grub_vprintf (fmt, args);
	81	va_end (args);
	82	grub_refresh ();
	83	}
	84	}
d944246c VS	85
	86	void
	87	grub_cipher_register (gcry_cipher_spec_t *cipher)
	88	{
	89	cipher->next = grub_ciphers;
	90	grub_ciphers = cipher;
	91	}
	92
	93	void
	94	grub_cipher_unregister (gcry_cipher_spec_t *cipher)
	95	{
	96	gcry_cipher_spec_t **ciph;
	97	for (ciph = &grub_ciphers; ciph; ciph = &((ciph)->next))
	98	if (*ciph == cipher)
3851cc38 VS	99	{
	100	ciph = (ciph)->next;
	101	break;
	102	}
d944246c VS	103	}
	104
	105	void
	106	grub_md_register (gcry_md_spec_t *digest)
	107	{
	108	digest->next = grub_digests;
	109	grub_digests = digest;
	110	}
	111
	112	void
	113	grub_md_unregister (gcry_md_spec_t *cipher)
	114	{
	115	gcry_md_spec_t **ciph;
	116	for (ciph = &grub_digests; ciph; ciph = &((ciph)->next))
	117	if (*ciph == cipher)
3851cc38 VS	118	{
	119	ciph = (ciph)->next;
	120	break;
	121	}
d944246c VS	122	}
	123
	124	void
6e7d9194	125	grub_crypto_hash (const gcry_md_spec_t hash, void out, const void *in,
d944246c VS	126	grub_size_t inlen)
d944246c VS	127	{
7dd0a303 VS	128	GRUB_PROPERLY_ALIGNED_ARRAY (ctx, GRUB_CRYPTO_MAX_MD_CONTEXT_SIZE);
	129
	130	if (hash->contextsize > sizeof (ctx))
	131	grub_fatal ("Too large md context");
d944246c VS	132	hash->init (&ctx);
	133	hash->write (&ctx, in, inlen);
	134	hash->final (&ctx);
	135	grub_memcpy (out, hash->read (&ctx), hash->mdlen);
	136	}
	137
	138	const gcry_md_spec_t *
	139	grub_crypto_lookup_md_by_name (const char *name)
	140	{
	141	const gcry_md_spec_t *md;
7316783f VS	142	int first = 1;
	143	while (1)
	144	{
	145	for (md = grub_digests; md; md = md->next)
	146	if (grub_strcasecmp (name, md->name) == 0)
	147	return md;
	148	if (grub_crypto_autoload_hook && first)
	149	grub_crypto_autoload_hook (name);
	150	else
	151	return NULL;
	152	first = 0;
	153	}
d944246c VS	154	}
	155
	156	const gcry_cipher_spec_t *
	157	grub_crypto_lookup_cipher_by_name (const char *name)
	158	{
	159	const gcry_cipher_spec_t *ciph;
7316783f VS	160	int first = 1;
7316783f VS	161	while (1)
d944246c	162	{
7316783f VS	163	for (ciph = grub_ciphers; ciph; ciph = ciph->next)
	164	{
	165	const char **alias;
	166	if (grub_strcasecmp (name, ciph->name) == 0)
	167	return ciph;
	168	if (!ciph->aliases)
	169	continue;
	170	for (alias = ciph->aliases; *alias; alias++)
	171	if (grub_strcasecmp (name, *alias) == 0)
	172	return ciph;
	173	}
	174	if (grub_crypto_autoload_hook && first)
	175	grub_crypto_autoload_hook (name);
	176	else
	177	return NULL;
	178	first = 0;
d944246c	179	}
d944246c VS	180	}
	181
	182
	183	grub_crypto_cipher_handle_t
	184	grub_crypto_cipher_open (const struct gcry_cipher_spec *cipher)
	185	{
	186	grub_crypto_cipher_handle_t ret;
	187	ret = grub_malloc (sizeof (*ret) + cipher->contextsize);
	188	if (!ret)
	189	return NULL;
	190	ret->cipher = cipher;
	191	return ret;
	192	}
	193
	194	gcry_err_code_t
	195	grub_crypto_cipher_set_key (grub_crypto_cipher_handle_t cipher,
	196	const unsigned char *key,
	197	unsigned keylen)
	198	{
	199	return cipher->cipher->setkey (cipher->ctx, key, keylen);
	200	}
	201
fbf62978	202	gcry_err_code_t
d944246c	203	grub_crypto_ecb_decrypt (grub_crypto_cipher_handle_t cipher,
1a1f408f	204	void out, const void in, grub_size_t size)
d944246c	205	{
76a2a430 VS	206	const grub_uint8_t inptr, end;
76a2a430 VS	207	grub_uint8_t *outptr;
fbf62978 VS	208	if (!cipher->cipher->decrypt)
fbf62978 VS	209	return GPG_ERR_NOT_SUPPORTED;
d944246c	210	if (size % cipher->cipher->blocksize != 0)
fbf62978	211	return GPG_ERR_INV_ARG;
76a2a430	212	end = (const grub_uint8_t *) in + size;
d944246c VS	213	for (inptr = in, outptr = out; inptr < end;
	214	inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
	215	cipher->cipher->decrypt (cipher->ctx, outptr, inptr);
fbf62978	216	return GPG_ERR_NO_ERROR;
d944246c VS	217	}
d944246c VS	218
fbf62978	219	gcry_err_code_t
d944246c	220	grub_crypto_ecb_encrypt (grub_crypto_cipher_handle_t cipher,
1bc7cc1b	221	void out, const void in, grub_size_t size)
d944246c	222	{
76a2a430 VS	223	const grub_uint8_t inptr, end;
76a2a430 VS	224	grub_uint8_t *outptr;
fbf62978 VS	225	if (!cipher->cipher->encrypt)
fbf62978 VS	226	return GPG_ERR_NOT_SUPPORTED;
d944246c	227	if (size % cipher->cipher->blocksize != 0)
fbf62978	228	return GPG_ERR_INV_ARG;
76a2a430	229	end = (const grub_uint8_t *) in + size;
d944246c VS	230	for (inptr = in, outptr = out; inptr < end;
	231	inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
	232	cipher->cipher->encrypt (cipher->ctx, outptr, inptr);
fbf62978	233	return GPG_ERR_NO_ERROR;
d944246c VS	234	}
d944246c VS	235
fbf62978	236	gcry_err_code_t
d944246c	237	grub_crypto_cbc_encrypt (grub_crypto_cipher_handle_t cipher,
76a2a430	238	void out, const void in, grub_size_t size,
d944246c VS	239	void *iv_in)
d944246c VS	240	{
76a2a430 VS	241	grub_uint8_t *outptr;
76a2a430 VS	242	const grub_uint8_t inptr, end;
d944246c	243	void *iv;
fbf62978 VS	244	if (!cipher->cipher->decrypt)
fbf62978 VS	245	return GPG_ERR_NOT_SUPPORTED;
d944246c	246	if (size % cipher->cipher->blocksize != 0)
fbf62978	247	return GPG_ERR_INV_ARG;
76a2a430	248	end = (const grub_uint8_t *) in + size;
d944246c VS	249	iv = iv_in;
	250	for (inptr = in, outptr = out; inptr < end;
	251	inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
	252	{
	253	grub_crypto_xor (outptr, inptr, iv, cipher->cipher->blocksize);
	254	cipher->cipher->encrypt (cipher->ctx, outptr, outptr);
	255	iv = outptr;
	256	}
	257	grub_memcpy (iv_in, iv, cipher->cipher->blocksize);
fbf62978	258	return GPG_ERR_NO_ERROR;
d944246c VS	259	}
d944246c VS	260
fbf62978	261	gcry_err_code_t
d944246c	262	grub_crypto_cbc_decrypt (grub_crypto_cipher_handle_t cipher,
1a1f408f	263	void out, const void in, grub_size_t size,
d944246c VS	264	void *iv)
d944246c VS	265	{
76a2a430 VS	266	const grub_uint8_t inptr, end;
76a2a430 VS	267	grub_uint8_t *outptr;
4b85f122	268	grub_uint8_t ivt[GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE];
fbf62978 VS	269	if (!cipher->cipher->decrypt)
fbf62978 VS	270	return GPG_ERR_NOT_SUPPORTED;
d944246c	271	if (size % cipher->cipher->blocksize != 0)
fbf62978	272	return GPG_ERR_INV_ARG;
4b85f122 VS	273	if (cipher->cipher->blocksize > GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE)
4b85f122 VS	274	return GPG_ERR_INV_ARG;
76a2a430	275	end = (const grub_uint8_t *) in + size;
d944246c VS	276	for (inptr = in, outptr = out; inptr < end;
	277	inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
	278	{
	279	grub_memcpy (ivt, inptr, cipher->cipher->blocksize);
	280	cipher->cipher->decrypt (cipher->ctx, outptr, inptr);
	281	grub_crypto_xor (outptr, outptr, iv, cipher->cipher->blocksize);
	282	grub_memcpy (iv, ivt, cipher->cipher->blocksize);
	283	}
fbf62978 VS	284	return GPG_ERR_NO_ERROR;
	285	}
	286
6e7d9194 VS	287	/* Based on gcry/cipher/md.c. */
	288	struct grub_crypto_hmac_handle *
	289	grub_crypto_hmac_init (const struct gcry_md_spec *md,
	290	const void *key, grub_size_t keylen)
	291	{
	292	grub_uint8_t *helpkey = NULL;
	293	grub_uint8_t ipad = NULL, opad = NULL;
	294	void *ctx = NULL;
	295	struct grub_crypto_hmac_handle *ret = NULL;
	296	unsigned i;
	297
	298	if (md->mdlen > md->blocksize)
	299	return NULL;
	300
	301	ctx = grub_malloc (md->contextsize);
	302	if (!ctx)
	303	goto err;
	304
	305	if ( keylen > md->blocksize )
	306	{
	307	helpkey = grub_malloc (md->mdlen);
	308	if (!helpkey)
	309	goto err;
	310	grub_crypto_hash (md, helpkey, key, keylen);
	311
	312	key = helpkey;
	313	keylen = md->mdlen;
	314	}
	315
	316	ipad = grub_zalloc (md->blocksize);
	317	if (!ipad)
	318	goto err;
	319
	320	opad = grub_zalloc (md->blocksize);
	321	if (!opad)
	322	goto err;
	323
	324	grub_memcpy ( ipad, key, keylen );
	325	grub_memcpy ( opad, key, keylen );
	326	for (i=0; i < md->blocksize; i++ )
	327	{
	328	ipad[i] ^= 0x36;
	329	opad[i] ^= 0x5c;
	330	}
	331	grub_free (helpkey);
	332	helpkey = NULL;
	333
	334	md->init (ctx);
	335
	336	md->write (ctx, ipad, md->blocksize); /* inner pad */
	337	grub_memset (ipad, 0, md->blocksize);
	338	grub_free (ipad);
	339	ipad = NULL;
	340
	341	ret = grub_malloc (sizeof (*ret));
	342	if (!ret)
	343	goto err;
	344
	345	ret->md = md;
	346	ret->ctx = ctx;
	347	ret->opad = opad;
	348
	349	return ret;
	350
351	err:
352	grub_free (helpkey);
353	grub_free (ctx);
354	grub_free (ipad);
355	grub_free (opad);
356	return NULL;
357	}
358
359	void
848c83e7 VS	360	grub_crypto_hmac_write (struct grub_crypto_hmac_handle *hnd,
848c83e7 VS	361	const void *data,
6e7d9194 VS	362	grub_size_t datalen)
	363	{
	364	hnd->md->write (hnd->ctx, data, datalen);
	365	}
	366
	367	gcry_err_code_t
	368	grub_crypto_hmac_fini (struct grub_crypto_hmac_handle hnd, void out)
	369	{
	370	grub_uint8_t *p;
	371	grub_uint8_t *ctx2;
	372
	373	ctx2 = grub_malloc (hnd->md->contextsize);
	374	if (!ctx2)
	375	return GPG_ERR_OUT_OF_MEMORY;
	376
	377	hnd->md->final (hnd->ctx);
	378	hnd->md->read (hnd->ctx);
	379	p = hnd->md->read (hnd->ctx);
	380
	381	hnd->md->init (ctx2);
	382	hnd->md->write (ctx2, hnd->opad, hnd->md->blocksize);
	383	hnd->md->write (ctx2, p, hnd->md->mdlen);
	384	hnd->md->final (ctx2);
	385	grub_memset (hnd->opad, 0, hnd->md->blocksize);
	386	grub_free (hnd->opad);
	387	grub_memset (hnd->ctx, 0, hnd->md->contextsize);
	388	grub_free (hnd->ctx);
	389
	390	grub_memcpy (out, hnd->md->read (ctx2), hnd->md->mdlen);
	391	grub_memset (ctx2, 0, hnd->md->contextsize);
	392	grub_free (ctx2);
	393
	394	grub_memset (hnd, 0, sizeof (*hnd));
	395	grub_free (hnd);
	396
	397	return GPG_ERR_NO_ERROR;
	398	}
	399
	400	gcry_err_code_t
	401	grub_crypto_hmac_buffer (const struct gcry_md_spec *md,
	402	const void *key, grub_size_t keylen,
88ac3146	403	const void data, grub_size_t datalen, void out)
6e7d9194 VS	404	{
	405	struct grub_crypto_hmac_handle *hnd;
	406
	407	hnd = grub_crypto_hmac_init (md, key, keylen);
	408	if (!hnd)
	409	return GPG_ERR_OUT_OF_MEMORY;
	410
	411	grub_crypto_hmac_write (hnd, data, datalen);
	412	return grub_crypto_hmac_fini (hnd, out);
	413	}
	414
	415
fbf62978 VS	416	grub_err_t
	417	grub_crypto_gcry_error (gcry_err_code_t in)
	418	{
	419	if (in == GPG_ERR_NO_ERROR)
	420	return GRUB_ERR_NONE;
	421	return GRUB_ACCESS_DENIED;
d944246c	422	}
10e53efa VS	423
10e53efa VS	424	int
b391bdb2	425	grub_crypto_memcmp (const void a, const void b, grub_size_t n)
10e53efa VS	426	{
10e53efa VS	427	register grub_size_t counter = 0;
b391bdb2	428	const grub_uint8_t pa, pb;
10e53efa VS	429
	430	for (pa = a, pb = b; n; pa++, pb++, n--)
	431	{
	432	if (pa != pb)
	433	counter++;
	434	}
	435
	436	return !!counter;
	437	}
b391bdb2	438
4a445f58 VS	439	#ifndef GRUB_UTIL
4a445f58 VS	440
b391bdb2 VS	441	int
	442	grub_password_get (char buf[], unsigned buf_size)
	443	{
	444	unsigned cur_len = 0;
	445	int key;
	446
	447	while (1)
	448	{
87fae34a	449	key = grub_getkey ();
b391bdb2 VS	450	if (key == '\n' \|\| key == '\r')
	451	break;
	452
	453	if (key == '\e')
	454	{
	455	cur_len = 0;
	456	break;
	457	}
	458
	459	if (key == '\b')
	460	{
	461	cur_len--;
	462	continue;
	463	}
	464
	465	if (!grub_isprint (key))
	466	continue;
	467
	468	if (cur_len + 2 < buf_size)
	469	buf[cur_len++] = key;
	470	}
	471
	472	grub_memset (buf + cur_len, 0, buf_size - cur_len);
	473
dfed5c6b	474	grub_xputs ("\n");
b391bdb2 VS	475	grub_refresh ();
	476
	477	return (key != '\e');
2cb55e6f	478	}
4a445f58	479	#endif
5e3b8dcb	480