Re: [PATCH v2 2/4] cryptodisk: Refactor password input from crypto dev m

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 2/4] cryptodisk: Refactor password input from crypto dev m

From:	Patrick Steinhardt
Subject:	Re: [PATCH v2 2/4] cryptodisk: Refactor password input from crypto dev modules into cryptodisk
Date:	Sun, 3 Oct 2021 21:10:01 +0200

On Mon, Sep 27, 2021 at 06:14:01PM -0500, Glenn Washburn wrote:
> The crypto device modules should only be setting up the crypto devices and
> not getting user input. This has the added benefit of simplifying the code
> such that three essentially duplicate pieces of code are merged into one.
> 
> Signed-off-by: Glenn Washburn <development@efficientek.com>
> ---
>  grub-core/disk/cryptodisk.c | 52 ++++++++++++++++++++++++++++++-------
>  grub-core/disk/geli.c       | 26 ++++---------------
>  grub-core/disk/luks.c       | 27 +++----------------
>  grub-core/disk/luks2.c      | 26 ++++---------------
>  include/grub/cryptodisk.h   |  1 +
>  5 files changed, 57 insertions(+), 75 deletions(-)
> 
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index ca034859e..86eaabe60 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -1001,9 +1001,11 @@ grub_cryptodisk_scan_device_real (const char *name,
>                                 grub_disk_t source,
>                                 grub_cryptomount_args_t cargs)
>  {
> -  grub_err_t err;
> +  grub_err_t ret = GRUB_ERR_NONE;
>    grub_cryptodisk_t dev;
>    grub_cryptodisk_dev_t cr;
> +  int askpass = 0;
> +  char *part = NULL;
>  
>    dev = grub_cryptodisk_get_by_source_disk (source);
>  
> @@ -1017,21 +1019,51 @@ grub_cryptodisk_scan_device_real (const char *name,
>        return grub_errno;
>      if (!dev)
>        continue;
> -    
> -    err = cr->recover_key (source, dev, cargs);
> -    if (err)
> -    {
> -      cryptodisk_close (dev);
> -      return err;
> -    }
> +
> +    if (cargs->key_len == 0)
> +      {
> +     /* Get the passphrase from the user, if no key data. */
> +     askpass = 1;
> +     if (source->partition)
> +       part = grub_partition_get_name (source->partition);
> +     grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
> +                  source->partition ? "," : "", part ? : "",
> +                  dev->uuid);
> +     grub_free (part);
> +
> +     cargs->key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE);
> +     if (!cargs->key_data)
> +       return grub_errno;
> +
> +     if (!grub_password_get ((char *) cargs->key_data, 
> GRUB_CRYPTODISK_MAX_PASSPHRASE))
> +       {
> +         ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
> +         goto error;
> +       }
> +     cargs->key_len = grub_strlen((char *) cargs->key_data);

Missing space.

> +      }
> +
> +    ret = cr->recover_key (source, dev, cargs);
> +    if (ret)
> +      goto error;
>  
>      grub_cryptodisk_insert (dev, name, source);
>  
>      have_it = 1;
>  
> -    return GRUB_ERR_NONE;
> +    goto cleanup;
>    }
> -  return GRUB_ERR_NONE;
> +  goto cleanup;
> +
> +error:
> +  cryptodisk_close (dev);
> +cleanup:
> +  if (askpass)
> +    {
> +      cargs->key_len = 0;
> +      grub_free(cargs->key_data);

Here, too. Otherwise, the patch looks good to me.

Patrick

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v2 2/4] cryptodisk: Refactor password input from crypto dev modules into cryptodisk, Patrick Steinhardt <=

Prev by Date: Re: [PATCH v2 1/4] cryptodisk: Add infrastructure to pass data from cryptomount to cryptodisk modules
Next by Date: Re: [PATCH v2 3/4] cryptodisk: Move global variables into grub_cryptomount_args struct
Previous by thread: Re: [PATCH v2 1/4] cryptodisk: Add infrastructure to pass data from cryptomount to cryptodisk modules
Next by thread: Re: [PATCH v2 3/4] cryptodisk: Move global variables into grub_cryptomount_args struct
Index(es):
- Date
- Thread