[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v9 6/7] luks2: Add detached header support
|
From: |
Glenn Washburn |
|
Subject: |
[PATCH v9 6/7] luks2: Add detached header support |
|
Date: |
Mon, 11 Apr 2022 06:40:27 +0000 |
If a header file is given to the LUKS2 backend, use that file as the LUKS2
header, instead of looking for it on the disk.
Signed-off-by: Glenn Washburn <development@efficientek.com>
---
grub-core/disk/luks2.c | 67 ++++++++++++++++++++++++++++++------------
1 file changed, 49 insertions(+), 18 deletions(-)
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index 349462c61a..af5bc4fc82 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -313,13 +313,22 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k,
grub_luks2_digest_t *d, grub_luks2_s
/* Determine whether to use primary or secondary header */
static grub_err_t
-luks2_read_header (grub_disk_t disk, grub_luks2_header_t *outhdr)
+luks2_read_header (grub_disk_t disk, grub_file_t hdr_file, grub_luks2_header_t
*outhdr)
{
grub_luks2_header_t primary, secondary, *header = &primary;
- grub_err_t ret;
+ grub_err_t ret = GRUB_ERR_NONE;
/* Read the primary LUKS header. */
- ret = grub_disk_read (disk, 0, 0, sizeof (primary), &primary);
+ if (hdr_file)
+ {
+ if (grub_file_seek (hdr_file, 0) == (grub_off_t) -1)
+ ret = grub_errno;
+
+ else if (grub_file_read (hdr_file, &primary, sizeof (primary)) != sizeof
(primary))
+ ret = grub_errno;
+ }
+ else
+ ret = grub_disk_read (disk, 0, 0, sizeof (primary), &primary);
if (ret)
return ret;
@@ -329,7 +338,16 @@ luks2_read_header (grub_disk_t disk, grub_luks2_header_t
*outhdr)
return GRUB_ERR_BAD_SIGNATURE;
/* Read the secondary header. */
- ret = grub_disk_read (disk, 0, grub_be_to_cpu64 (primary.hdr_size), sizeof
(secondary), &secondary);
+ if (hdr_file)
+ {
+ if (grub_file_seek (hdr_file, grub_be_to_cpu64 (primary.hdr_size)) ==
(grub_off_t) -1)
+ ret = grub_errno;
+
+ else if (grub_file_read (hdr_file, &secondary, sizeof (secondary)) !=
sizeof (secondary))
+ ret = grub_errno;
+ }
+ else
+ ret = grub_disk_read (disk, 0, grub_be_to_cpu64 (primary.hdr_size), sizeof
(secondary), &secondary);
if (ret)
return ret;
@@ -353,14 +371,10 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t
cargs)
char uuid[sizeof (header.uuid) + 1];
grub_size_t i, j;
- /* Detached headers are not implemented yet */
- if (cargs->hdr_file)
- return NULL;
-
if (cargs->check_boot)
return NULL;
- if (luks2_read_header (disk, &header))
+ if (luks2_read_header (disk, cargs->hdr_file, &header))
{
grub_errno = GRUB_ERR_NONE;
return NULL;
@@ -427,6 +441,7 @@ luks2_verify_key (grub_luks2_digest_t *d, grub_uint8_t
*candidate_key,
static grub_err_t
luks2_decrypt_key (grub_uint8_t *out_key,
grub_disk_t source, grub_cryptodisk_t crypt,
+ grub_cryptomount_args_t cargs,
grub_luks2_keyslot_t *k,
const grub_uint8_t *passphrase, grub_size_t passphraselen)
{
@@ -502,7 +517,17 @@ luks2_decrypt_key (grub_uint8_t *out_key,
}
grub_errno = GRUB_ERR_NONE;
- ret = grub_disk_read (source, 0, k->area.offset, k->area.size, split_key);
+ if (cargs->hdr_file)
+ {
+ if (grub_file_seek (cargs->hdr_file, k->area.offset) == (grub_off_t) -1)
+ ret = grub_errno;
+
+ else if (grub_file_read (cargs->hdr_file, split_key, k->area.size) !=
k->area.size)
+ ret = grub_errno;
+ }
+ else
+ ret = grub_disk_read (source, 0, k->area.offset, k->area.size, split_key);
+
if (ret)
{
grub_error (GRUB_ERR_IO, "Read error: %s\n", grub_errmsg);
@@ -564,11 +589,7 @@ luks2_recover_key (grub_disk_t source,
if (cargs->key_data == NULL || cargs->key_len == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data");
- /* Detached headers are not implemented yet */
- if (cargs->hdr_file)
- return GRUB_ERR_NOT_IMPLEMENTED_YET;
-
- ret = luks2_read_header (source, &header);
+ ret = luks2_read_header (source, cargs->hdr_file, &header);
if (ret)
return ret;
@@ -577,8 +598,18 @@ luks2_recover_key (grub_disk_t source,
return GRUB_ERR_OUT_OF_MEMORY;
/* Read the JSON area. */
- ret = grub_disk_read (source, 0, grub_be_to_cpu64 (header.hdr_offset) +
sizeof (header),
- grub_be_to_cpu64 (header.hdr_size) - sizeof (header),
json_header);
+ if (cargs->hdr_file)
+ {
+ if (grub_file_seek (cargs->hdr_file, grub_be_to_cpu64
(header.hdr_offset) + sizeof (header)) == (grub_off_t) -1)
+ ret = grub_errno;
+
+ else if (grub_file_read (cargs->hdr_file, json_header, grub_be_to_cpu64
(header.hdr_size) - sizeof (header)) != (grub_be_to_cpu64 (header.hdr_size) -
sizeof (header)))
+ ret = grub_errno;
+ }
+ else
+ ret = grub_disk_read (source, 0, grub_be_to_cpu64 (header.hdr_offset) +
sizeof (header),
+ grub_be_to_cpu64 (header.hdr_size) - sizeof (header),
json_header);
+
if (ret)
goto err;
@@ -716,7 +747,7 @@ luks2_recover_key (grub_disk_t source,
crypt->total_sectors = max_crypt_sectors - crypt->offset_sectors;
}
- ret = luks2_decrypt_key (candidate_key, source, crypt, &keyslot,
+ ret = luks2_decrypt_key (candidate_key, source, crypt, cargs, &keyslot,
cargs->key_data, cargs->key_len);
if (ret)
{
--
2.25.1
- [PATCH v9 7/7] docs: Add documentation on keyfile and detached header options to cryptomount, (continued)
- [PATCH v9 7/7] docs: Add documentation on keyfile and detached header options to cryptomount, Glenn Washburn, 2022/04/11
- [PATCH v9 2/7] cryptodisk: geli: Unify grub_cryptodisk_dev function names, Glenn Washburn, 2022/04/11
- [PATCH v9 3/7] cryptodisk: Add --header option to cryptomount and fail to implement it in the backends, Glenn Washburn, 2022/04/11
- [PATCH v9 4/7] cryptodisk: Add support for LUKS1 detached headers, Glenn Washburn, 2022/04/11
- [PATCH v9 5/7] cryptodisk: Add options to cryptomount to support keyfiles, Glenn Washburn, 2022/04/11
- [PATCH v9 6/7] luks2: Add detached header support,
Glenn Washburn <=