[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v8 3/7] cryptodisk: enable the backends to implement detached hea
From: |
Glenn Washburn |
Subject: |
[PATCH v8 3/7] cryptodisk: enable the backends to implement detached headers |
Date: |
Sat, 1 Jan 2022 21:52:56 -0600 |
Signed-off-by: John Lane <john@lane.uk.net>
GNUtoo@cyberdimension.org: rebase, patch split, small fixes, commit message
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
development@efficientek.com: rebase, rework for cryptomount parameter passing
Signed-off-by: Glenn Washburn <development@efficientek.com>
---
grub-core/disk/cryptodisk.c | 15 ++++++++++++++-
grub-core/disk/geli.c | 10 ++++++++++
grub-core/disk/luks.c | 8 ++++++++
grub-core/disk/luks2.c | 8 ++++++++
include/grub/cryptodisk.h | 2 ++
include/grub/file.h | 2 ++
6 files changed, 44 insertions(+), 1 deletion(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 497097394..e90f680f0 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -42,6 +42,7 @@ static const struct grub_arg_option options[] =
{"all", 'a', 0, N_("Mount all."), 0, 0},
{"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0},
{"password", 'p', 0, N_("Password to open volumes."), 0, ARG_TYPE_STRING},
+ {"header", 'H', 0, N_("Read header from file"), 0, ARG_TYPE_STRING},
{0, 0, 0, 0, 0, 0}
};
@@ -1173,6 +1174,18 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int
argc, char **args)
cargs.key_len = grub_strlen (state[3].arg);
}
+ if (state[4].set) /* Detached header */
+ {
+ if (state[0].set)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT,
+ N_("Cannot use UUID lookup with detached header"));
+
+ cargs.hdr_file = grub_file_open (state[4].arg,
+ GRUB_FILE_TYPE_CRYPTODISK_DETACHED_HEADER);
+ if (!cargs.hdr_file)
+ return grub_errno;
+ }
+
if (state[0].set) /* uuid */
{
int found_uuid;
@@ -1385,7 +1398,7 @@ GRUB_MOD_INIT (cryptodisk)
{
grub_disk_dev_register (&grub_cryptodisk_dev);
cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0,
- N_("[-p password] <SOURCE|-u UUID|-a|-b>"),
+ N_("[-p password] [-H file] <SOURCE|-u
UUID|-a|-b>"),
N_("Mount a crypto device."), options);
grub_procfs_register ("luks_script", &luks_script);
}
diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c
index 5b3a11881..0b8046746 100644
--- a/grub-core/disk/geli.c
+++ b/grub-core/disk/geli.c
@@ -52,6 +52,7 @@
#include <grub/dl.h>
#include <grub/err.h>
#include <grub/disk.h>
+#include <grub/file.h>
#include <grub/crypto.h>
#include <grub/partition.h>
#include <grub/i18n.h>
@@ -121,6 +122,7 @@ enum
/* FIXME: support version 0. */
/* FIXME: support big-endian pre-version-4 volumes. */
+/* FIXME: support for detached headers. */
/* FIXME: support for keyfiles. */
/* FIXME: support for HMAC. */
const char *algorithms[] = {
@@ -252,6 +254,10 @@ geli_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
grub_disk_addr_t sector;
grub_err_t err;
+ /* Detached headers are not implemented yet */
+ if (cargs->hdr_file)
+ return NULL;
+
if (2 * GRUB_MD_SHA256->mdlen + 1 > GRUB_CRYPTODISK_MAX_UUID_LENGTH)
return NULL;
@@ -412,6 +418,10 @@ geli_recover_key (grub_disk_t source, grub_cryptodisk_t
dev, grub_cryptomount_ar
if (cargs->key_data == NULL || cargs->key_len == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data");
+ /* Detached headers are not implemented yet */
+ if (cargs->hdr_file)
+ return GRUB_ERR_NOT_IMPLEMENTED_YET;
+
if (dev->cipher->cipher->blocksize > GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE)
return grub_error (GRUB_ERR_BUG, "cipher block is too long");
diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
index d57257b3e..032a9db3c 100644
--- a/grub-core/disk/luks.c
+++ b/grub-core/disk/luks.c
@@ -75,6 +75,10 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
char hashspec[sizeof (header.hashSpec) + 1];
grub_err_t err;
+ /* Detached headers are not implemented yet */
+ if (cargs->hdr_file)
+ return NULL;
+
if (cargs->check_boot)
return NULL;
@@ -164,6 +168,10 @@ luks_recover_key (grub_disk_t source,
if (cargs->key_data == NULL || cargs->key_len == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data");
+ /* Detached headers are not implemented yet */
+ if (cargs->hdr_file)
+ return GRUB_ERR_NOT_IMPLEMENTED_YET;
+
err = grub_disk_read (source, 0, 0, sizeof (header), &header);
if (err)
return err;
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index ccfacb63a..567368f11 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -353,6 +353,10 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t
cargs)
char uuid[sizeof (header.uuid) + 1];
grub_size_t i, j;
+ /* Detached headers are not implemented yet */
+ if (cargs->hdr_file)
+ return NULL;
+
if (cargs->check_boot)
return NULL;
@@ -560,6 +564,10 @@ luks2_recover_key (grub_disk_t source,
if (cargs->key_data == NULL || cargs->key_len == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data");
+ /* Detached headers are not implemented yet */
+ if (cargs->hdr_file)
+ return GRUB_ERR_NOT_IMPLEMENTED_YET;
+
ret = luks2_read_header (source, &header);
if (ret)
return ret;
diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
index c6524c9ea..9fe451de9 100644
--- a/include/grub/cryptodisk.h
+++ b/include/grub/cryptodisk.h
@@ -20,6 +20,7 @@
#define GRUB_CRYPTODISK_HEADER 1
#include <grub/disk.h>
+#include <grub/file.h>
#include <grub/crypto.h>
#include <grub/list.h>
#ifdef GRUB_UTIL
@@ -77,6 +78,7 @@ struct grub_cryptomount_args
grub_uint8_t *key_data;
/* recover_key: Length of key_data */
grub_size_t key_len;
+ grub_file_t hdr_file;
};
typedef struct grub_cryptomount_args *grub_cryptomount_args_t;
diff --git a/include/grub/file.h b/include/grub/file.h
index 31567483c..3a3c49a04 100644
--- a/include/grub/file.h
+++ b/include/grub/file.h
@@ -90,6 +90,8 @@ enum grub_file_type
GRUB_FILE_TYPE_FONT,
/* File holding encryption key for encrypted ZFS. */
GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY,
+ /* File holding the encryption metadata header */
+ GRUB_FILE_TYPE_CRYPTODISK_DETACHED_HEADER,
/* File we open n grub-fstest. */
GRUB_FILE_TYPE_FSTEST,
/* File we open n grub-mount. */
--
2.27.0
- [PATCH v8 0/7] Cryptodisk detached headers and key files, Glenn Washburn, 2022/01/01
- [PATCH v8 1/7] cryptodisk: luks: unify grub_cryptodisk_dev function names, Glenn Washburn, 2022/01/01
- [PATCH v8 2/7] cryptodisk: geli: unify grub_cryptodisk_dev function names, Glenn Washburn, 2022/01/01
- [PATCH v8 3/7] cryptodisk: enable the backends to implement detached headers,
Glenn Washburn <=
- Re: [PATCH v8 3/7] cryptodisk: enable the backends to implement detached headers, Glenn Washburn, 2022/01/04
- Re: [PATCH v8 3/7] cryptodisk: enable the backends to implement detached headers, Glenn Washburn, 2022/01/04
- Re: [PATCH v8 3/7] cryptodisk: enable the backends to implement detached headers, Dmitry, 2022/01/04
- Re: [PATCH v8 3/7] cryptodisk: enable the backends to implement detached headers, Dmitry, 2022/01/04
- Re: [PATCH v8 3/7] cryptodisk: enable the backends to implement detached headers, Dmitry, 2022/01/04
- Re: [PATCH v8 3/7] cryptodisk: enable the backends to implement detached headers, Glenn Washburn, 2022/01/04
[PATCH v8 4/7] cryptodisk: add support for LUKS1 detached headers, Glenn Washburn, 2022/01/01
[PATCH v8 5/7] cryptodisk: enable the backends to implement key files, Glenn Washburn, 2022/01/01