|
| From: | Glenn Washburn |
| Subject: | [PATCH v8 0/7] Cryptodisk detached headers and key files |
| Date: | Sat, 1 Jan 2022 21:52:53 -0600 |
This patch series is an updated version of the v7 sent by Denis Carikli with
modifications to reflect changes in argument passing to crypto backends. The
previous patch #6 titled "Add support for LUKS1 key files" has been removed
as its not needed anymore. Patches #6 and #7 are new, for updating the
cryptomount help string and adding support for detached headers in the LUKS2
crypto backend, respectively.
I modified the commit tags from v7 as seemed appropriate to me, but they may
not be desirable as-is.
Glenn
Denis 'GNUtoo' Carikli (2):
cryptodisk: luks: unify grub_cryptodisk_dev function names
cryptodisk: geli: unify grub_cryptodisk_dev function names
Glenn Washburn (3):
cryptodisk: enable the backends to implement detached headers
cryptodisk: Improve cryptomount short help string
luks2: Add detached header support
John Lane (2):
cryptodisk: add support for LUKS1 detached headers
cryptodisk: enable the backends to implement key files
grub-core/disk/cryptodisk.c | 100 +++++++++++++++++++++++++++++++++++-
grub-core/disk/geli.c | 18 +++++--
grub-core/disk/luks.c | 48 +++++++++++++----
grub-core/disk/luks2.c | 59 +++++++++++++++++----
include/grub/cryptodisk.h | 4 ++
include/grub/file.h | 4 ++
6 files changed, 208 insertions(+), 25 deletions(-)
Range-diff against v7:
1: 2ad229622 ! 1: e301e06b2 cryptodisk: luks: unify grub_cryptodisk_dev
function names
@@ grub-core/disk/luks.c: gcry_err_code_t AF_merge (const gcry_md_spec_t *
hash, gr
grub_size_t blocknumbers);
static grub_cryptodisk_t
--configure_ciphers (grub_disk_t disk, const char *check_uuid,
-- int check_boot)
-+luks_scan (grub_disk_t disk, const char *check_uuid, int check_boot)
+-configure_ciphers (grub_disk_t disk, grub_cryptomount_args_t cargs)
++luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
{
grub_cryptodisk_t newdev;
const char *iptr;
2: f5fd41a71 ! 2: e759d96cd cryptodisk: geli: unify grub_cryptodisk_dev
function names
@@ grub-core/disk/geli.c: grub_util_get_geli_uuid (const char *dev)
#endif
static grub_cryptodisk_t
--configure_ciphers (grub_disk_t disk, const char *check_uuid,
-- int boot_only)
-+geli_scan (grub_disk_t disk, const char *check_uuid, int boot_only)
+-configure_ciphers (grub_disk_t disk, grub_cryptomount_args_t cargs)
++geli_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
{
grub_cryptodisk_t newdev;
struct grub_geli_phdr header;
-@@ grub-core/disk/geli.c: configure_ciphers (grub_disk_t disk, const char
*check_uuid,
+@@ grub-core/disk/geli.c: configure_ciphers (grub_disk_t disk,
grub_cryptomount_args_t cargs)
}
static grub_err_t
--recover_key (grub_disk_t source, grub_cryptodisk_t dev)
-+geli_recover_key (grub_disk_t source, grub_cryptodisk_t dev)
+-recover_key (grub_disk_t source, grub_cryptodisk_t dev,
grub_cryptomount_args_t cargs)
++geli_recover_key (grub_disk_t source, grub_cryptodisk_t dev,
grub_cryptomount_args_t cargs)
{
grub_size_t keysize;
grub_uint8_t digest[GRUB_CRYPTO_MAX_MDLEN];
-@@ grub-core/disk/geli.c: recover_key (grub_disk_t source,
grub_cryptodisk_t dev)
+@@ grub-core/disk/geli.c: recover_key (grub_disk_t source,
grub_cryptodisk_t dev, grub_cryptomount_args_t
}
struct grub_cryptodisk_dev geli_crypto = {
3: 365839627 < -: --------- cryptodisk: enable the backends to implement
detached headers
-: --------- > 3: ee04480ba cryptodisk: enable the backends to implement
detached headers
4: 1e1257bb6 ! 4: 69684640b cryptodisk: add support for LUKS1 detached headers
@@ Commit message
Signed-off-by: John Lane <john@lane.uk.net>
GNUtoo@cyberdimension.org: rebase, small fixes, commit message
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
- Reviewed-by: Patrick Steinhardt <ps@pks.im>
+ development@efficientek.com: rebase
## grub-core/disk/luks.c ##
@@
@@ grub-core/disk/luks.c
#include <grub/crypto.h>
#include <grub/partition.h>
#include <grub/i18n.h>
-@@ grub-core/disk/luks.c: luks_scan (grub_disk_t disk, const char
*check_uuid, int check_boot,
+@@ grub-core/disk/luks.c: luks_scan (grub_disk_t disk,
grub_cryptomount_args_t cargs)
char ciphername[sizeof (header.cipherName) + 1];
char ciphermode[sizeof (header.cipherMode) + 1];
char hashspec[sizeof (header.hashSpec) + 1];
- grub_err_t err;
-
- /* Detached headers are not implemented yet */
-- if (hdr)
+- if (cargs->hdr_file)
- return NULL;
+ grub_err_t err = GRUB_ERR_NONE;
- if (check_boot)
+ if (cargs->check_boot)
return NULL;
/* Read the LUKS header. */
- err = grub_disk_read (disk, 0, 0, sizeof (header), &header);
-+ if (hdr)
++ if (cargs->hdr_file)
+ {
-+ if (grub_file_seek (hdr, 0) == (grub_off_t) -1)
++ if (grub_file_seek (cargs->hdr_file, 0) == (grub_off_t) -1)
+ return NULL;
+
-+ if (grub_file_read (hdr, &header, sizeof (header)) != sizeof
(header))
++ if (grub_file_read (cargs->hdr_file, &header, sizeof (header)) !=
sizeof (header))
+ return NULL;
+ }
+ else
@@ grub-core/disk/luks.c: luks_scan (grub_disk_t disk, const char
*check_uuid, int
if (err)
{
if (err == GRUB_ERR_OUT_OF_RANGE)
-@@ grub-core/disk/luks.c: luks_recover_key (grub_disk_t source,
grub_cryptodisk_t dev, grub_file_t hdr)
+@@ grub-core/disk/luks.c: luks_recover_key (grub_disk_t source,
grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
unsigned i;
grub_size_t length;
- grub_err_t err;
+ grub_err_t err = GRUB_ERR_NONE;
grub_size_t max_stripes = 1;
- char *tmp;
+ grub_uint32_t sector;
+ if (cargs->key_data == NULL || cargs->key_len == 0)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data");
+
- /* Detached headers are not implemented yet */
- if (hdr)
-- return GRUB_ERR_NOT_IMPLEMENTED_YET;
+ if (cargs->hdr_file)
+- return GRUB_ERR_NOT_IMPLEMENTED_YET;
+ {
-+ if (grub_file_seek (hdr, 0) == (grub_off_t) -1)
++ if (grub_file_seek (cargs->hdr_file, 0) == (grub_off_t) -1)
+ return grub_errno;
+
-+ if (grub_file_read (hdr, &header, sizeof (header)) != sizeof
(header))
++ if (grub_file_read (cargs->hdr_file, &header, sizeof (header)) !=
sizeof (header))
+ return grub_errno;
+ }
+ else
@@ grub-core/disk/luks.c: luks_recover_key (grub_disk_t source,
grub_cryptodisk_t d
if (err)
return err;
-@@ grub-core/disk/luks.c: luks_recover_key (grub_disk_t source,
grub_cryptodisk_t dev, grub_file_t hdr)
+@@ grub-core/disk/luks.c: luks_recover_key (grub_disk_t source,
return grub_crypto_gcry_error (gcry_err);
}
@@ grub-core/disk/luks.c: luks_recover_key (grub_disk_t source,
grub_cryptodisk_t d
- grub_be_to_cpu32 (header.keyblock
- [i].keyMaterialOffset), 0,
- length, split_key);
-+ if (hdr)
++ if (cargs->hdr_file)
+ {
-+ if (grub_file_seek (hdr, sector * 512) == (grub_off_t) -1)
++ if (grub_file_seek (cargs->hdr_file, sector * 512) ==
(grub_off_t) -1)
+ return grub_errno;
-+ if (grub_file_read (hdr, split_key, length) !=
(grub_ssize_t)length)
++ if (grub_file_read (cargs->hdr_file, split_key, length) !=
(grub_ssize_t)length)
+ return grub_errno;
+ }
+ else
5: a8b8c3f45 < -: --------- cryptodisk: enable the backends to implement key
files
6: 91a3795cc < -: --------- cryptodisk: Add support for LUKS1 key files
-: --------- > 5: ded97bfa3 cryptodisk: enable the backends to implement key
files
-: --------- > 6: 62f04499c cryptodisk: Improve cryptomount short help string
-: --------- > 7: 117658d72 luks2: Add detached header support
--
2.27.0
| [Prev in Thread] | Current Thread | [Next in Thread] |