[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v6 6/6] cryptodisk: Add support for LUKS1 key files
From: |
Denis 'GNUtoo' Carikli |
Subject: |
[PATCH v6 6/6] cryptodisk: Add support for LUKS1 key files |
Date: |
Wed, 19 Aug 2020 17:09:14 +0200 |
cryptsetup supports key files thourh the --key-file
--header command line argument for both LUKS1 and LUKS2.
This adds support for LUKS1 key files.
Signed-off-by: John Lane <john@lane.uk.net>
GNUtoo@cyberdimension.org: rebase, fixes, commit message
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Reviewed-by: Patrick Steinhardt <ps@pks.im>
---
ChangeLog since v4:
- Added Reviewed-by tag
ChangeLog since v5:
- No changes
---
grub-core/disk/luks.c | 43 ++++++++++++++++++++++++++-----------------
1 file changed, 26 insertions(+), 17 deletions(-)
diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
index 0dd33b2af..125a21902 100644
--- a/grub-core/disk/luks.c
+++ b/grub-core/disk/luks.c
@@ -167,7 +167,9 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t
dev, grub_file_t hdr,
struct grub_luks_phdr header;
grub_size_t keysize;
grub_uint8_t *split_key = NULL;
- char passphrase[MAX_PASSPHRASE] = "";
+ char interactive_passphrase[MAX_PASSPHRASE] = "";
+ grub_uint8_t *passphrase;
+ grub_size_t passphrase_length;
grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
unsigned i;
grub_size_t length;
@@ -176,10 +178,6 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t
dev, grub_file_t hdr,
char *tmp;
grub_uint32_t sector;
- /* Keyfiles are not implemented yet */
- if (keyfile_bytes || keyfile_bytes_size)
- return GRUB_ERR_NOT_IMPLEMENTED_YET;
-
if (hdr)
{
if (grub_file_seek (hdr, 0) == (grub_off_t) -1)
@@ -208,18 +206,29 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t
dev, grub_file_t hdr,
if (!split_key)
return grub_errno;
- /* Get the passphrase from the user. */
- tmp = NULL;
- if (source->partition)
- tmp = grub_partition_get_name (source->partition);
- grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
- source->partition ? "," : "", tmp ? : "",
- dev->uuid);
- grub_free (tmp);
- if (!grub_password_get (passphrase, MAX_PASSPHRASE))
+ if (keyfile_bytes)
{
- grub_free (split_key);
- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
+ /* Use bytestring from key file as passphrase */
+ passphrase = keyfile_bytes;
+ passphrase_length = keyfile_bytes_size;
+ }
+ else
+ {
+ /* Get the passphrase from the user. */
+ tmp = NULL;
+ if (source->partition)
+ tmp = grub_partition_get_name (source->partition);
+ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
+ source->partition ? "," : "", tmp ? : "", dev->uuid);
+ grub_free (tmp);
+ if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE))
+ {
+ grub_free (split_key);
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
+ }
+
+ passphrase = (grub_uint8_t *)interactive_passphrase;
+ passphrase_length = grub_strlen (interactive_passphrase);
}
/* Try to recover master key from each active keyslot. */
@@ -237,7 +246,7 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t
dev, grub_file_t hdr,
/* Calculate the PBKDF2 of the user supplied passphrase. */
gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase,
- grub_strlen (passphrase),
+ passphrase_length,
header.keyblock[i].passwordSalt,
sizeof (header.keyblock[i].passwordSalt),
grub_be_to_cpu32 (header.keyblock[i].
--
2.28.0
- [PATCH] v6 for detached headers and key files, Denis 'GNUtoo' Carikli, 2020/08/19
- [PATCH v6 1/6] cryptodisk: luks: unify grub_cryptodisk_dev function names, Denis 'GNUtoo' Carikli, 2020/08/19
- [PATCH v6 2/6] cryptodisk: geli: unify grub_cryptodisk_dev function names, Denis 'GNUtoo' Carikli, 2020/08/19
- [PATCH v6 3/6] cryptodisk: enable the backends to implement detached headers, Denis 'GNUtoo' Carikli, 2020/08/19
- [PATCH v6 5/6] cryptodisk: enable the backends to implement key files, Denis 'GNUtoo' Carikli, 2020/08/19
- [PATCH v6 6/6] cryptodisk: Add support for LUKS1 key files,
Denis 'GNUtoo' Carikli <=
- [PATCH v6 4/6] cryptodisk: add support for LUKS1 detached headers, Denis 'GNUtoo' Carikli, 2020/08/19
- Re: [PATCH] v6 for detached headers and key files, Glenn Washburn, 2020/08/19