From 0892b79339cd0ab93642a6e5d1b240bcfcae5471 Mon Sep 17 00:00:00 2001
From: liuxin <bit_coffee@163.com>
Date: Wed, 6 Oct 2021 20:45:28 +0800
Subject: [PATCH] A new parameter is added for grub-mkpasswd-pbkdf2 tool to
specify a specific salt value.
After a specific salt value is specified, the output password
is the same every time. It is convenient for the operating system of the
release version to use this function for password verification.
---
util/grub-mkpasswd-pbkdf2.c | 88 +++++++++++++++++++++++++++++++++++--
1 file changed, 85 insertions(+), 3 deletions(-)
diff --git a/util/grub-mkpasswd-pbkdf2.c b/util/grub-mkpasswd-pbkdf2.c
index 5805f3c10..4ce9d21a4 100644
--- a/util/grub-mkpasswd-pbkdf2.c
+++ b/util/grub-mkpasswd-pbkdf2.c
@@ -33,6 +33,9 @@
#define _GNU_SOURCE 1
+#define GRUB_PARAM_SUCCESS 0
+#define GRUB_PARAM_ERROR 1
+
#pragma GCC diagnostic ignored "-Wmissing-prototypes"
#pragma GCC diagnostic ignored "-Wmissing-declarations"
#include <argp.h>
@@ -46,6 +49,7 @@ static struct argp_option options[] = {
{"iteration-count", 'c', N_("NUM"), 0, N_("Number of PBKDF2 iterations"), 0},
{"buflen", 'l', N_("NUM"), 0, N_("Length of generated hash"), 0},
{"salt", 's', N_("NUM"), 0, N_("Length of salt"), 0},
+ {"salt arg", 'a', N_("VARCHAR"), 0, N_("preset salt var(hex code)"), 0},
{ 0, 0, 0, 0, 0, 0 }
};
@@ -54,8 +58,48 @@ struct arguments
unsigned int count;
unsigned int buflen;
unsigned int saltlen;
+ char *salt;
};
+static int
+illegal_char(char t)
+{
+ char legalstr[] = "0123456789ABCDEF";
+ for (int i = 0; i < grub_strlen(legalstr); ++i)
+ {
+ if (t == legalstr[i])
+ return GRUB_PARAM_SUCCESS;
+ }
+ return GRUB_PARAM_ERROR;
+}
+
+static int
+check_salt_verify(const char *arg)
+{
+ grub_size_t len = grub_strlen(arg);
+ if (len <= 0 || len >= GRUB_SIZE_MAX)
+ {
+ fprintf (stderr, _("salt length may be empty or too long!\n"));
+ return GRUB_PARAM_ERROR;
+ }
+ if (len % 2 !=0)
+ {
+ fprintf (stderr, _("the salt value length is an even number!\n"));
+ return GRUB_PARAM_ERROR;
+ }
+ for (int i = 0; i < len; ++i)
+ {
+ if(illegal_char(arg[i]))
+ {
+ fprintf (stderr,
+ _("only hexadecimal numbers consisting of " \
+ "digits and uppercase letters are supported\n"));
+ return GRUB_PARAM_ERROR;
+ }
+ }
+ return GRUB_PARAM_SUCCESS;
+}
+
static error_t
argp_parser (int key, char *arg, struct argp_state *state)
{
@@ -76,6 +120,12 @@ argp_parser (int key, char *arg, struct argp_state *state)
case 's':
arguments->saltlen = strtoul (arg, NULL, 0);
break;
+ case 'a':
+ if (check_salt_verify(arg))
+ return ARGP_ERR_UNKNOWN;
+ arguments->saltlen = grub_strlen(arg) / 2;
+ arguments->salt = arg;
+ break;
default:
return ARGP_ERR_UNKNOWN;
}
@@ -110,13 +160,36 @@ hexify (char *hex, grub_uint8_t *bin, grub_size_t n)
*hex = 0;
}
+static void
+hextobyte(const char *hex, grub_uint8_t *bin, grub_size_t n)
+{
+ while(n)
+ {
+ grub_uint8_t tmp = 0x00;
+ if (*hex <= '9' && *hex >= '0')
+ tmp += (grub_uint8_t)((*hex - '0') << 4 & 0xf0);
+ else
+ tmp += (grub_uint8_t)((*hex - 'A' + 10) << 4 & 0xf0);
+ hex++;
+ if (*hex <= '9' && *hex >= '0')
+ tmp += (grub_uint8_t)((*hex - '0') & 0x0f);
+ else
+ tmp += (grub_uint8_t)((*hex - 'A' + 10) & 0x0f);
+ *bin = tmp;
+ bin++;
+ hex++;
+ n -= 2;
+ }
+}
+
int
main (int argc, char *argv[])
{
struct arguments arguments = {
.count = 10000,
.buflen = 64,
- .saltlen = 64
+ .saltlen = 64,
+ .salt = NULL
};
char *result, *ptr;
gcry_err_code_t gcry_err;
@@ -133,6 +206,14 @@ main (int argc, char *argv[])
exit(1);
}
+ if (arguments.salt !=NULL &&
+ grub_strlen(arguments.salt) != 2 * arguments.saltlen)
+ {
+ fprintf (stderr, "%s",
+ _("If the -a parameter is set, don't set the -s parameter again\n"));
+ exit(1);
+ }
+
buf = xmalloc (arguments.buflen);
salt = xmalloc (arguments.saltlen);
@@ -160,8 +241,9 @@ main (int argc, char *argv[])
grub_util_error ("%s", _("passwords don't match"));
}
memset (pass2, 0, sizeof (pass2));
-
- if (grub_get_random (salt, arguments.saltlen))
+ if (arguments.salt != NULL)
+ hextobyte(arguments.salt, salt, arguments.saltlen * 2);
+ else if (grub_get_random (salt, arguments.saltlen))
{
memset (pass1, 0, sizeof (pass1));
free (buf);
--
2.30.0