diff options
author | Maxim Fomin | 2021-06-14 13:15:19 +0100 |
---|---|---|
committer | Maxim Fomin | 2021-06-14 13:15:19 +0100 |
commit | ef4d3eb503cc3721b9d32457b2bde7ec3d1ecd89 (patch) | |
tree | 067bfcd5478988365034ff5d8af430337d29edbb /0004-Cryptomount-support-plain-dm-crypt.patch | |
parent | 1798aecbe2a573e8bf465145a4f5a0f14216dd95 (diff) | |
download | aur-grub-luks-keyfile.tar.gz |
Update to 2.06.
Diffstat (limited to '0004-Cryptomount-support-plain-dm-crypt.patch')
-rw-r--r-- | 0004-Cryptomount-support-plain-dm-crypt.patch | 245 |
1 files changed, 4 insertions, 241 deletions
diff --git a/0004-Cryptomount-support-plain-dm-crypt.patch b/0004-Cryptomount-support-plain-dm-crypt.patch index 34c10d7216bb..1ea3232b9b5e 100644 --- a/0004-Cryptomount-support-plain-dm-crypt.patch +++ b/0004-Cryptomount-support-plain-dm-crypt.patch @@ -111,8 +111,8 @@ index 5261af547..7f656f75c 100644 + + dev = grub_cryptodisk_create (disk, NULL, cipher, mode, digest); + -+ dev->offset = offset; -+ if (size) dev->total_length = size; ++ dev->offset_sectors = offset; ++ if (size) dev->total_sectors = size; + + if (key) + { @@ -325,7 +325,7 @@ index 5261af547..7f656f75c 100644 + return NULL; + } + newdev->cipher = cipher; -+ newdev->offset = 0; ++ newdev->offset_sectors = 0; + newdev->source_disk = NULL; + newdev->benbi_log = benbi_log; + newdev->mode = mode; @@ -335,7 +335,7 @@ index 5261af547..7f656f75c 100644 + newdev->essiv_hash = essiv_hash; + newdev->hash = hash; + newdev->log_sector_size = 9; -+ newdev->total_length = grub_disk_get_size (disk) - newdev->offset; ++ newdev->total_sectors = grub_disk_native_sectors (disk) - newdev->offset_sectors; + grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid)); + COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid)); + @@ -357,234 +357,6 @@ diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c index 11e437edb..4ebe21b4e 100644 --- a/grub-core/disk/luks.c +++ b/grub-core/disk/luks.c -@@ -30,8 +30,6 @@ - - GRUB_MOD_LICENSE ("GPLv3+"); - --#define MAX_PASSPHRASE 256 -- - #define LUKS_KEY_ENABLED 0x00AC71F3 - - /* On disk LUKS header */ -@@ -76,15 +74,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - char uuid[sizeof (header.uuid) + 1]; - char ciphername[sizeof (header.cipherName) + 1]; - char ciphermode[sizeof (header.cipherMode) + 1]; -- char *cipheriv = NULL; - char hashspec[sizeof (header.hashSpec) + 1]; -- grub_crypto_cipher_handle_t cipher = NULL, secondary_cipher = NULL; -- grub_crypto_cipher_handle_t essiv_cipher = NULL; -- const gcry_md_spec_t *hash = NULL, *essiv_hash = NULL; -- const struct gcry_cipher_spec *ciph; -- grub_cryptodisk_mode_t mode; -- grub_cryptodisk_mode_iv_t mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64; -- int benbi_log = 0; - grub_err_t err; - - err = GRUB_ERR_NONE; -@@ -119,7 +109,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - iptr++) - { - if (*iptr != '-') -- *optr++ = *iptr; -+ *optr++ = *iptr; - } - *optr = 0; - -@@ -129,6 +119,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - return NULL; - } - -+ - /* Make sure that strings are null terminated. */ - grub_memcpy (ciphername, header.cipherName, sizeof (header.cipherName)); - ciphername[sizeof (header.cipherName)] = 0; -@@ -137,184 +128,10 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - grub_memcpy (hashspec, header.hashSpec, sizeof (header.hashSpec)); - hashspec[sizeof (header.hashSpec)] = 0; - -- ciph = grub_crypto_lookup_cipher_by_name (ciphername); -- if (!ciph) -- { -- grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher %s isn't available", -- ciphername); -- return NULL; -- } -- -- /* Configure the cipher used for the bulk data. */ -- cipher = grub_crypto_cipher_open (ciph); -- if (!cipher) -- return NULL; -- -- if (grub_be_to_cpu32 (header.keyBytes) > 1024) -- { -- grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid keysize %d", -- grub_be_to_cpu32 (header.keyBytes)); -- grub_crypto_cipher_close (cipher); -- return NULL; -- } -- -- /* Configure the cipher mode. */ -- if (grub_strcmp (ciphermode, "ecb") == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_ECB; -- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN; -- cipheriv = NULL; -- } -- else if (grub_strcmp (ciphermode, "plain") == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_CBC; -- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN; -- cipheriv = NULL; -- } -- else if (grub_memcmp (ciphermode, "cbc-", sizeof ("cbc-") - 1) == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_CBC; -- cipheriv = ciphermode + sizeof ("cbc-") - 1; -- } -- else if (grub_memcmp (ciphermode, "pcbc-", sizeof ("pcbc-") - 1) == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_PCBC; -- cipheriv = ciphermode + sizeof ("pcbc-") - 1; -- } -- else if (grub_memcmp (ciphermode, "xts-", sizeof ("xts-") - 1) == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_XTS; -- cipheriv = ciphermode + sizeof ("xts-") - 1; -- secondary_cipher = grub_crypto_cipher_open (ciph); -- if (!secondary_cipher) -- { -- grub_crypto_cipher_close (cipher); -- return NULL; -- } -- if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES) -- { -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d", -- cipher->cipher->blocksize); -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (secondary_cipher); -- return NULL; -- } -- if (secondary_cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES) -- { -- grub_crypto_cipher_close (cipher); -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported XTS block size: %d", -- secondary_cipher->cipher->blocksize); -- grub_crypto_cipher_close (secondary_cipher); -- return NULL; -- } -- } -- else if (grub_memcmp (ciphermode, "lrw-", sizeof ("lrw-") - 1) == 0) -- { -- mode = GRUB_CRYPTODISK_MODE_LRW; -- cipheriv = ciphermode + sizeof ("lrw-") - 1; -- if (cipher->cipher->blocksize != GRUB_CRYPTODISK_GF_BYTES) -- { -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported LRW block size: %d", -- cipher->cipher->blocksize); -- grub_crypto_cipher_close (cipher); -- return NULL; -- } -- } -- else -- { -- grub_crypto_cipher_close (cipher); -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown cipher mode: %s", -- ciphermode); -- return NULL; -- } -- -- if (cipheriv == NULL); -- else if (grub_memcmp (cipheriv, "plain", sizeof ("plain") - 1) == 0) -- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN; -- else if (grub_memcmp (cipheriv, "plain64", sizeof ("plain64") - 1) == 0) -- mode_iv = GRUB_CRYPTODISK_MODE_IV_PLAIN64; -- else if (grub_memcmp (cipheriv, "benbi", sizeof ("benbi") - 1) == 0) -- { -- if (cipher->cipher->blocksize & (cipher->cipher->blocksize - 1) -- || cipher->cipher->blocksize == 0) -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unsupported benbi blocksize: %d", -- cipher->cipher->blocksize); -- /* FIXME should we return an error here? */ -- for (benbi_log = 0; -- (cipher->cipher->blocksize << benbi_log) < GRUB_DISK_SECTOR_SIZE; -- benbi_log++); -- mode_iv = GRUB_CRYPTODISK_MODE_IV_BENBI; -- } -- else if (grub_memcmp (cipheriv, "null", sizeof ("null") - 1) == 0) -- mode_iv = GRUB_CRYPTODISK_MODE_IV_NULL; -- else if (grub_memcmp (cipheriv, "essiv:", sizeof ("essiv:") - 1) == 0) -- { -- char *hash_str = cipheriv + 6; -- -- mode_iv = GRUB_CRYPTODISK_MODE_IV_ESSIV; -- -- /* Configure the hash and cipher used for ESSIV. */ -- essiv_hash = grub_crypto_lookup_md_by_name (hash_str); -- if (!essiv_hash) -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (secondary_cipher); -- grub_error (GRUB_ERR_FILE_NOT_FOUND, -- "Couldn't load %s hash", hash_str); -- return NULL; -- } -- essiv_cipher = grub_crypto_cipher_open (ciph); -- if (!essiv_cipher) -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (secondary_cipher); -- return NULL; -- } -- } -- else -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (secondary_cipher); -- grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown IV mode: %s", -- cipheriv); -- return NULL; -- } -- -- /* Configure the hash used for the AF splitter and HMAC. */ -- hash = grub_crypto_lookup_md_by_name (hashspec); -- if (!hash) -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (essiv_cipher); -- grub_crypto_cipher_close (secondary_cipher); -- grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash", -- hashspec); -- return NULL; -- } -+ newdev = grub_cryptodisk_create (disk, uuid, ciphername, ciphermode, hashspec); - -- newdev = grub_zalloc (sizeof (struct grub_cryptodisk)); -- if (!newdev) -- { -- grub_crypto_cipher_close (cipher); -- grub_crypto_cipher_close (essiv_cipher); -- grub_crypto_cipher_close (secondary_cipher); -- return NULL; -- } -- newdev->cipher = cipher; - newdev->offset = grub_be_to_cpu32 (header.payloadOffset); -- newdev->source_disk = NULL; -- newdev->benbi_log = benbi_log; -- newdev->mode = mode; -- newdev->mode_iv = mode_iv; -- newdev->secondary_cipher = secondary_cipher; -- newdev->essiv_cipher = essiv_cipher; -- newdev->essiv_hash = essiv_hash; -- newdev->hash = hash; -- newdev->log_sector_size = 9; -- newdev->total_length = grub_disk_get_size (disk) - newdev->offset; -- grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid)); - newdev->modname = "luks"; -- COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid)); - - return newdev; - } @@ -329,7 +146,7 @@ luks_recover_key (grub_disk_t source, struct grub_luks_phdr header; grub_size_t keysize; @@ -594,15 +366,6 @@ index 11e437edb..4ebe21b4e 100644 grub_uint8_t *passphrase; grub_size_t passphrase_length; grub_uint8_t candidate_digest[sizeof (header.mkDigest)]; -@@ -376,7 +193,7 @@ luks_recover_key (grub_disk_t source, - /* Use bytestring from key file as passphrase */ - passphrase = keyfile_bytes; - passphrase_length = keyfile_bytes_size; -- keyfile_bytes = NULL; /* use it only once */ -+ keyfile_bytes = NULL; /* use it only once */ - } - else - { @@ -387,7 +204,7 @@ luks_recover_key (grub_disk_t source, grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, source->partition ? "," : "", tmp ? : "", dev->uuid); |