[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v9 4/7] cryptodisk: Add support for LUKS1 detached headers
|
From: |
Glenn Washburn |
|
Subject: |
[PATCH v9 4/7] cryptodisk: Add support for LUKS1 detached headers |
|
Date: |
Mon, 11 Apr 2022 06:40:25 +0000 |
From: John Lane <john@lane.uk.net>
cryptsetup supports having a detached header through the --header command
line argument for both LUKS1 and LUKS2. Allow the LUKS1 backend to use a
given file as the LUKS1 header (aka detached header) instead of looking for
the header on the disk.
Signed-off-by: John Lane <john@lane.uk.net>
GNUtoo@cyberdimension.org: rebase, small fixes, commit message
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
development@efficientek.com: rebase, improve commit message
Signed-off-by: Glenn Washburn <development@efficientek.com>
---
grub-core/disk/luks.c | 48 ++++++++++++++++++++++++++++++-------------
1 file changed, 34 insertions(+), 14 deletions(-)
diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
index fe1655c3c2..195c4bb8da 100644
--- a/grub-core/disk/luks.c
+++ b/grub-core/disk/luks.c
@@ -23,6 +23,7 @@
#include <grub/dl.h>
#include <grub/err.h>
#include <grub/disk.h>
+#include <grub/file.h>
#include <grub/crypto.h>
#include <grub/partition.h>
#include <grub/i18n.h>
@@ -73,17 +74,23 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
char ciphername[sizeof (header.cipherName) + 1];
char ciphermode[sizeof (header.cipherMode) + 1];
char hashspec[sizeof (header.hashSpec) + 1];
- grub_err_t err;
-
- /* Detached headers are not implemented yet */
- if (cargs->hdr_file)
- return NULL;
+ grub_err_t err = GRUB_ERR_NONE;
if (cargs->check_boot)
return NULL;
/* Read the LUKS header. */
- err = grub_disk_read (disk, 0, 0, sizeof (header), &header);
+ if (cargs->hdr_file)
+ {
+ if (grub_file_seek (cargs->hdr_file, 0) == (grub_off_t) -1)
+ return NULL;
+
+ if (grub_file_read (cargs->hdr_file, &header, sizeof (header)) != sizeof
(header))
+ return NULL;
+ }
+ else
+ err = grub_disk_read (disk, 0, 0, sizeof (header), &header);
+
if (err)
{
if (err == GRUB_ERR_OUT_OF_RANGE)
@@ -162,17 +169,24 @@ luks_recover_key (grub_disk_t source,
grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
unsigned i;
grub_size_t length;
- grub_err_t err;
+ grub_err_t err = GRUB_ERR_NONE;
grub_size_t max_stripes = 1;
+ grub_uint32_t sector;
if (cargs->key_data == NULL || cargs->key_len == 0)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data");
- /* Detached headers are not implemented yet */
if (cargs->hdr_file)
- return GRUB_ERR_NOT_IMPLEMENTED_YET;
+ {
+ if (grub_file_seek (cargs->hdr_file, 0) == (grub_off_t) -1)
+ return grub_errno;
+
+ if (grub_file_read (cargs->hdr_file, &header, sizeof (header)) != sizeof
(header))
+ return grub_errno;
+ }
+ else
+ err = grub_disk_read (source, 0, 0, sizeof (header), &header);
- err = grub_disk_read (source, 0, 0, sizeof (header), &header);
if (err)
return err;
@@ -227,13 +241,19 @@ luks_recover_key (grub_disk_t source,
return grub_crypto_gcry_error (gcry_err);
}
+ sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset);
length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes));
/* Read and decrypt the key material from the disk. */
- err = grub_disk_read (source,
- grub_be_to_cpu32 (header.keyblock
- [i].keyMaterialOffset), 0,
- length, split_key);
+ if (cargs->hdr_file)
+ {
+ if (grub_file_seek (cargs->hdr_file, sector * 512) == (grub_off_t) -1)
+ return grub_errno;
+ if (grub_file_read (cargs->hdr_file, split_key, length) !=
(grub_ssize_t)length)
+ return grub_errno;
+ }
+ else
+ err = grub_disk_read (source, sector, 0, length, split_key);
if (err)
{
grub_free (split_key);
--
2.25.1
- [PATCH v9 0/7] Cryptodisk detached headers and key files, Glenn Washburn, 2022/04/11
- [PATCH v9 1/7] cryptodisk: luks: Unify grub_cryptodisk_dev function names, Glenn Washburn, 2022/04/11
- [PATCH v9 7/7] docs: Add documentation on keyfile and detached header options to cryptomount, Glenn Washburn, 2022/04/11
- [PATCH v9 2/7] cryptodisk: geli: Unify grub_cryptodisk_dev function names, Glenn Washburn, 2022/04/11
- [PATCH v9 3/7] cryptodisk: Add --header option to cryptomount and fail to implement it in the backends, Glenn Washburn, 2022/04/11
- [PATCH v9 4/7] cryptodisk: Add support for LUKS1 detached headers,
Glenn Washburn <=
- [PATCH v9 5/7] cryptodisk: Add options to cryptomount to support keyfiles, Glenn Washburn, 2022/04/11
- [PATCH v9 6/7] luks2: Add detached header support, Glenn Washburn, 2022/04/11