From 2d959549857305d5e4d95a19a0850885f85179d6 Mon Sep 17 00:00:00 2001 From: Hernan Gatta Date: Tue, 1 Feb 2022 05:02:53 -0800 Subject: [PATCH 10/14] protectors: Add key protectors framework A key protector encapsulates functionality to retrieve an unlocking key for a fully-encrypted disk from a specific source. A key protector module registers itself with the key protectors framework when it is loaded and unregisters when unloaded. Additionally, a key protector may accept parameters that describe how it should operate. The key protectors framework, besides offering registration and unregistration functions, also offers a one-stop routine for finding and invoking a key protector by name. If a key protector with the specified name exists and if an unlocking key is successfully retrieved by it, the function returns to the caller the retrieved key and its length. Signed-off-by: Hernan Gatta --- grub-core/Makefile.am | 1 + grub-core/Makefile.core.def | 1 + grub-core/kern/protectors.c | 75 +++++++++++++++++++++++++++++++++++++ include/grub/protector.h | 48 ++++++++++++++++++++++++ 4 files changed, 125 insertions(+) create mode 100644 grub-core/kern/protectors.c create mode 100644 include/grub/protector.h diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am index de241f0d04..dc07ba6f87 100644 --- a/grub-core/Makefile.am +++ b/grub-core/Makefile.am @@ -90,6 +90,7 @@ endif KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/mm.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/parser.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/partition.h +KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/protector.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/stack_protector.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/term.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/time.h diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def index f3140815b8..b0001a33cf 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -138,6 +138,7 @@ kernel = { common = kern/misc.c; common = kern/parser.c; common = kern/partition.c; + common = kern/protectors.c; common = kern/rescue_parser.c; common = kern/rescue_reader.c; common = kern/term.c; diff --git a/grub-core/kern/protectors.c b/grub-core/kern/protectors.c new file mode 100644 index 0000000000..21954dfa48 --- /dev/null +++ b/grub-core/kern/protectors.c @@ -0,0 +1,75 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2022 Microsoft Corporation + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include +#include +#include +#include + +struct grub_key_protector *grub_key_protectors = NULL; + +grub_err_t +grub_key_protector_register (struct grub_key_protector *protector) +{ + if (!protector || !protector->name || !grub_strlen(protector->name)) + return GRUB_ERR_BAD_ARGUMENT; + + if (grub_key_protectors && + grub_named_list_find (GRUB_AS_NAMED_LIST (grub_key_protectors), + protector->name)) + return GRUB_ERR_BAD_ARGUMENT; + + grub_list_push (GRUB_AS_LIST_P (&grub_key_protectors), + GRUB_AS_LIST (protector)); + + return GRUB_ERR_NONE; +} + +grub_err_t +grub_key_protector_unregister (struct grub_key_protector *protector) +{ + if (!protector) + return GRUB_ERR_BAD_ARGUMENT; + + grub_list_remove (GRUB_AS_LIST (protector)); + + return GRUB_ERR_NONE; +} + +grub_err_t +grub_key_protector_recover_key (const char *protector, grub_uint8_t **key, + grub_size_t *key_size) +{ + struct grub_key_protector *kp = NULL; + + if (!grub_key_protectors) + return GRUB_ERR_OUT_OF_RANGE; + + if (!protector || !grub_strlen (protector)) + return GRUB_ERR_BAD_ARGUMENT; + + kp = grub_named_list_find (GRUB_AS_NAMED_LIST (grub_key_protectors), + protector); + if (!kp) + return grub_error (GRUB_ERR_OUT_OF_RANGE, + N_("A key protector with name '%s' could not be found. " + "Is the name spelled correctly and is the " + "corresponding module loaded?"), protector); + + return kp->recover_key (key, key_size); +} diff --git a/include/grub/protector.h b/include/grub/protector.h new file mode 100644 index 0000000000..179020a344 --- /dev/null +++ b/include/grub/protector.h @@ -0,0 +1,48 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2022 Microsoft Corporation + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#ifndef GRUB_PROTECTOR_HEADER +#define GRUB_PROTECTOR_HEADER 1 + +#include +#include + +struct grub_key_protector +{ + struct grub_key_protector *next; + struct grub_key_protector **prev; + + const char *name; + + grub_err_t (*recover_key) (grub_uint8_t **key, grub_size_t *key_size); +}; + +extern struct grub_key_protector *EXPORT_VAR (grub_key_protectors); + +grub_err_t +EXPORT_FUNC (grub_key_protector_register) (struct grub_key_protector *protector); + +grub_err_t +EXPORT_FUNC (grub_key_protector_unregister) (struct grub_key_protector *protector); + +grub_err_t +EXPORT_FUNC (grub_key_protector_recover_key) (const char *protector, + grub_uint8_t **key, + grub_size_t *key_size); + +#endif /* ! GRUB_PROTECTOR_HEADER */ -- 2.34.1