diff options
Diffstat (limited to 'util/grub-mkpasswd-pbkdf2.c')
| -rw-r--r-- | util/grub-mkpasswd-pbkdf2.c | 210 |
1 files changed, 210 insertions, 0 deletions
diff --git a/util/grub-mkpasswd-pbkdf2.c b/util/grub-mkpasswd-pbkdf2.c new file mode 100644 index 0000000..5805f3c --- /dev/null +++ b/util/grub-mkpasswd-pbkdf2.c @@ -0,0 +1,210 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 1992-1999,2001,2003,2004,2005,2009 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see <http://www.gnu.org/licenses/>. + */ + +#include <config.h> + +#include <grub/types.h> +#include <grub/crypto.h> +#include <grub/auth.h> +#include <grub/emu/misc.h> +#include <grub/util/misc.h> +#include <grub/i18n.h> +#include <grub/misc.h> + +#include <unistd.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#define _GNU_SOURCE 1 + +#pragma GCC diagnostic ignored "-Wmissing-prototypes" +#pragma GCC diagnostic ignored "-Wmissing-declarations" +#include <argp.h> +#pragma GCC diagnostic error "-Wmissing-prototypes" +#pragma GCC diagnostic error "-Wmissing-declarations" + + +#include "progname.h" + +static struct argp_option options[] = { + {"iteration-count", 'c', N_("NUM"), 0, N_("Number of PBKDF2 iterations"), 0}, + {"buflen", 'l', N_("NUM"), 0, N_("Length of generated hash"), 0}, + {"salt", 's', N_("NUM"), 0, N_("Length of salt"), 0}, + { 0, 0, 0, 0, 0, 0 } +}; + +struct arguments +{ + unsigned int count; + unsigned int buflen; + unsigned int saltlen; +}; + +static error_t +argp_parser (int key, char *arg, struct argp_state *state) +{ + /* Get the input argument from argp_parse, which we + know is a pointer to our arguments structure. */ + struct arguments *arguments = state->input; + + switch (key) + { + case 'c': + arguments->count = strtoul (arg, NULL, 0); + break; + + case 'l': + arguments->buflen = strtoul (arg, NULL, 0); + break; + + case 's': + arguments->saltlen = strtoul (arg, NULL, 0); + break; + default: + return ARGP_ERR_UNKNOWN; + } + return 0; +} + +static struct argp argp = { + options, argp_parser, N_("[OPTIONS]"), + N_("Generate PBKDF2 password hash."), + NULL, NULL, NULL +}; + + +static void +hexify (char *hex, grub_uint8_t *bin, grub_size_t n) +{ + while (n--) + { + if (((*bin & 0xf0) >> 4) < 10) + *hex = ((*bin & 0xf0) >> 4) + '0'; + else + *hex = ((*bin & 0xf0) >> 4) + 'A' - 10; + hex++; + + if ((*bin & 0xf) < 10) + *hex = (*bin & 0xf) + '0'; + else + *hex = (*bin & 0xf) + 'A' - 10; + hex++; + bin++; + } + *hex = 0; +} + +int +main (int argc, char *argv[]) +{ + struct arguments arguments = { + .count = 10000, + .buflen = 64, + .saltlen = 64 + }; + char *result, *ptr; + gcry_err_code_t gcry_err; + grub_uint8_t *buf, *salt; + char pass1[GRUB_AUTH_MAX_PASSLEN]; + char pass2[GRUB_AUTH_MAX_PASSLEN]; + + grub_util_host_init (&argc, &argv); + + /* Check for options. */ + if (argp_parse (&argp, argc, argv, 0, 0, &arguments) != 0) + { + fprintf (stderr, "%s", _("Error in parsing command line arguments\n")); + exit(1); + } + + buf = xmalloc (arguments.buflen); + salt = xmalloc (arguments.saltlen); + + printf ("%s", _("Enter password: ")); + if (!grub_password_get (pass1, GRUB_AUTH_MAX_PASSLEN)) + { + free (buf); + free (salt); + grub_util_error ("%s", _("failure to read password")); + } + printf ("%s", _("Reenter password: ")); + if (!grub_password_get (pass2, GRUB_AUTH_MAX_PASSLEN)) + { + free (buf); + free (salt); + grub_util_error ("%s", _("failure to read password")); + } + + if (strcmp (pass1, pass2) != 0) + { + memset (pass1, 0, sizeof (pass1)); + memset (pass2, 0, sizeof (pass2)); + free (buf); + free (salt); + grub_util_error ("%s", _("passwords don't match")); + } + memset (pass2, 0, sizeof (pass2)); + + if (grub_get_random (salt, arguments.saltlen)) + { + memset (pass1, 0, sizeof (pass1)); + free (buf); + free (salt); + grub_util_error ("%s", _("couldn't retrieve random data for salt")); + } + + gcry_err = grub_crypto_pbkdf2 (GRUB_MD_SHA512, + (grub_uint8_t *) pass1, strlen (pass1), + salt, arguments.saltlen, + arguments.count, buf, arguments.buflen); + memset (pass1, 0, sizeof (pass1)); + + if (gcry_err) + { + memset (buf, 0, arguments.buflen); + free (buf); + memset (salt, 0, arguments.saltlen); + free (salt); + grub_util_error (_("cryptographic error number %d"), gcry_err); + } + + result = xmalloc (sizeof ("grub.pbkdf2.sha512.XXXXXXXXXXXXXXXXXXX.S.S") + + arguments.buflen * 2 + arguments.saltlen * 2); + ptr = result; + memcpy (ptr, "grub.pbkdf2.sha512.", sizeof ("grub.pbkdf2.sha512.") - 1); + ptr += sizeof ("grub.pbkdf2.sha512.") - 1; + + grub_snprintf (ptr, sizeof ("XXXXXXXXXXXXXXXXXXX"), "%d", arguments.count); + ptr += strlen (ptr); + *ptr++ = '.'; + hexify (ptr, salt, arguments.saltlen); + ptr += arguments.saltlen * 2; + *ptr++ = '.'; + hexify (ptr, buf, arguments.buflen); + ptr += arguments.buflen * 2; + *ptr = '\0'; + + printf (_("PBKDF2 hash of your password is %s\n"), result); + memset (buf, 0, arguments.buflen); + free (buf); + memset (salt, 0, arguments.saltlen); + free (salt); + + return 0; +} |