[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v6 4/6] cryptodisk: add support for LUKS1 detached headers
From: |
Denis 'GNUtoo' Carikli |
Subject: |
[PATCH v6 4/6] cryptodisk: add support for LUKS1 detached headers |
Date: |
Wed, 19 Aug 2020 17:09:12 +0200 |
From: John Lane <john@lane.uk.net>
cryptsetup supports having a detached header through the
--header command line argument for both LUKS1 and LUKS2.
This adds support for LUKS1 detached headers.
Signed-off-by: John Lane <john@lane.uk.net>
GNUtoo@cyberdimension.org: rebase, small fixes, commit message
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Reviewed-by: Patrick Steinhardt <ps@pks.im>
---
ChangeLog since v4:
- Added Reviewed-by tag
ChangeLog since v5:
- Fixed missing grub_file_seek return value check
---
grub-core/disk/luks.c | 48 ++++++++++++++++++++++++++++++-------------
1 file changed, 34 insertions(+), 14 deletions(-)
diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
index 685235565..6286302e7 100644
--- a/grub-core/disk/luks.c
+++ b/grub-core/disk/luks.c
@@ -23,6 +23,7 @@
#include <grub/dl.h>
#include <grub/err.h>
#include <grub/disk.h>
+#include <grub/file.h>
#include <grub/crypto.h>
#include <grub/partition.h>
#include <grub/i18n.h>
@@ -76,17 +77,23 @@ luks_scan (grub_disk_t disk, const char *check_uuid, int
check_boot,
char ciphername[sizeof (header.cipherName) + 1];
char ciphermode[sizeof (header.cipherMode) + 1];
char hashspec[sizeof (header.hashSpec) + 1];
- grub_err_t err;
-
- /* Detached headers are not implemented yet */
- if (hdr)
- return NULL;
+ grub_err_t err = GRUB_ERR_NONE;
if (check_boot)
return NULL;
/* Read the LUKS header. */
- err = grub_disk_read (disk, 0, 0, sizeof (header), &header);
+ if (hdr)
+ {
+ if (grub_file_seek (hdr, 0) == (grub_off_t) -1)
+ return NULL;
+
+ if (grub_file_read (hdr, &header, sizeof (header)) != sizeof (header))
+ return NULL;
+ }
+ else
+ err = grub_disk_read (disk, 0, 0, sizeof (header), &header);
+
if (err)
{
if (err == GRUB_ERR_OUT_OF_RANGE)
@@ -163,15 +170,22 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t
dev, grub_file_t hdr)
grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
unsigned i;
grub_size_t length;
- grub_err_t err;
+ grub_err_t err = GRUB_ERR_NONE;
grub_size_t max_stripes = 1;
char *tmp;
+ grub_uint32_t sector;
- /* Detached headers are not implemented yet */
if (hdr)
- return GRUB_ERR_NOT_IMPLEMENTED_YET;
+ {
+ if (grub_file_seek (hdr, 0) == (grub_off_t) -1)
+ return grub_errno;
+
+ if (grub_file_read (hdr, &header, sizeof (header)) != sizeof (header))
+ return grub_errno;
+ }
+ else
+ err = grub_disk_read (source, 0, 0, sizeof (header), &header);
- err = grub_disk_read (source, 0, 0, sizeof (header), &header);
if (err)
return err;
@@ -240,13 +254,19 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t
dev, grub_file_t hdr)
return grub_crypto_gcry_error (gcry_err);
}
+ sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset);
length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes));
/* Read and decrypt the key material from the disk. */
- err = grub_disk_read (source,
- grub_be_to_cpu32 (header.keyblock
- [i].keyMaterialOffset), 0,
- length, split_key);
+ if (hdr)
+ {
+ if (grub_file_seek (hdr, sector * 512) == (grub_off_t) -1)
+ return grub_errno;
+ if (grub_file_read (hdr, split_key, length) != (grub_ssize_t)length)
+ return grub_errno;
+ }
+ else
+ err = grub_disk_read (source, sector, 0, length, split_key);
if (err)
{
grub_free (split_key);
--
2.28.0
- [PATCH] v6 for detached headers and key files, Denis 'GNUtoo' Carikli, 2020/08/19
- [PATCH v6 1/6] cryptodisk: luks: unify grub_cryptodisk_dev function names, Denis 'GNUtoo' Carikli, 2020/08/19
- [PATCH v6 2/6] cryptodisk: geli: unify grub_cryptodisk_dev function names, Denis 'GNUtoo' Carikli, 2020/08/19
- [PATCH v6 3/6] cryptodisk: enable the backends to implement detached headers, Denis 'GNUtoo' Carikli, 2020/08/19
- [PATCH v6 5/6] cryptodisk: enable the backends to implement key files, Denis 'GNUtoo' Carikli, 2020/08/19
- [PATCH v6 6/6] cryptodisk: Add support for LUKS1 key files, Denis 'GNUtoo' Carikli, 2020/08/19
- [PATCH v6 4/6] cryptodisk: add support for LUKS1 detached headers,
Denis 'GNUtoo' Carikli <=
- Re: [PATCH] v6 for detached headers and key files, Glenn Washburn, 2020/08/19