diff options
Diffstat (limited to '0001-Cryptomount-support-LUKS-detached-header.patch')
| -rw-r--r-- | 0001-Cryptomount-support-LUKS-detached-header.patch | 247 |
1 files changed, 247 insertions, 0 deletions
diff --git a/0001-Cryptomount-support-LUKS-detached-header.patch b/0001-Cryptomount-support-LUKS-detached-header.patch new file mode 100644 index 000000000000..65943f41b8c8 --- /dev/null +++ b/0001-Cryptomount-support-LUKS-detached-header.patch @@ -0,0 +1,247 @@ +From 2008e08c0a511da5d454664363f452a9e26c734f Mon Sep 17 00:00:00 2001 +From: John Lane <john@lane.uk.net> +Date: Tue, 23 Jun 2015 11:16:30 +0100 +Subject: [PATCH 1/7] Cryptomount support LUKS detached header + +--- + grub-core/disk/cryptodisk.c | 22 ++++++++++++++++++---- + grub-core/disk/geli.c | 7 +++++-- + grub-core/disk/luks.c | 45 +++++++++++++++++++++++++++++++++++++-------- + include/grub/cryptodisk.h | 5 +++-- + 4 files changed, 63 insertions(+), 16 deletions(-) + +diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c +index bd60a66b3..5230a5a9a 100644 +--- a/grub-core/disk/cryptodisk.c ++++ b/grub-core/disk/cryptodisk.c +@@ -41,6 +41,7 @@ static const struct grub_arg_option options[] = + /* TRANSLATORS: It's still restricted to cryptodisks only. */ + {"all", 'a', 0, N_("Mount all."), 0, 0}, + {"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0}, ++ {"header", 'H', 0, N_("Read LUKS header from file"), 0, ARG_TYPE_STRING}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -809,6 +810,7 @@ grub_util_cryptodisk_get_uuid (grub_disk_t disk) + + static int check_boot, have_it; + static char *search_uuid; ++static grub_file_t hdr; + + static void + cryptodisk_close (grub_cryptodisk_t dev) +@@ -833,13 +835,13 @@ grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source) + + FOR_CRYPTODISK_DEVS (cr) + { +- dev = cr->scan (source, search_uuid, check_boot); ++ dev = cr->scan (source, search_uuid, check_boot, hdr); + if (grub_errno) + return grub_errno; + if (!dev) + continue; + +- err = cr->recover_key (source, dev); ++ err = cr->recover_key (source, dev, hdr); + if (err) + { + cryptodisk_close (dev); +@@ -880,7 +882,7 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat) + + FOR_CRYPTODISK_DEVS (cr) + { +- dev = cr->scan (source, search_uuid, check_boot); ++ dev = cr->scan (source, search_uuid, check_boot,0); + if (grub_errno) + return grub_errno; + if (!dev) +@@ -934,6 +936,18 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) + if (argc < 1 && !state[1].set && !state[2].set) + return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required"); + ++ if (state[3].set) /* LUKS detached header */ ++ { ++ if (state[0].set) /* Cannot use UUID lookup with detached header */ ++ return GRUB_ERR_BAD_ARGUMENT; ++ ++ hdr = grub_file_open (state[3].arg, GRUB_FILE_TYPE_NONE); ++ if (!hdr) ++ return grub_errno; ++ } ++ else ++ hdr = NULL; ++ + have_it = 0; + if (state[0].set) + { +@@ -1141,7 +1155,7 @@ GRUB_MOD_INIT (cryptodisk) + { + grub_disk_dev_register (&grub_cryptodisk_dev); + cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0, +- N_("SOURCE|-u UUID|-a|-b"), ++ N_("SOURCE|-u UUID|-a|-b|-H file"), + N_("Mount a crypto device."), options); + grub_procfs_register ("luks_script", &luks_script); + } +diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c +index e9d23299a..f4394eb42 100644 +--- a/grub-core/disk/geli.c ++++ b/grub-core/disk/geli.c +@@ -52,6 +52,7 @@ + #include <grub/dl.h> + #include <grub/err.h> + #include <grub/disk.h> ++#include <grub/file.h> + #include <grub/crypto.h> + #include <grub/partition.h> + #include <grub/i18n.h> +@@ -243,7 +244,8 @@ grub_util_get_geli_uuid (const char *dev) + + static grub_cryptodisk_t + configure_ciphers (grub_disk_t disk, const char *check_uuid, +- int boot_only) ++ int boot_only, ++ grub_file_t hdr __attribute__ ((unused)) ) + { + grub_cryptodisk_t newdev; + struct grub_geli_phdr header; +@@ -398,7 +400,8 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, + } + + static grub_err_t +-recover_key (grub_disk_t source, grub_cryptodisk_t dev) ++recover_key (grub_disk_t source, grub_cryptodisk_t dev, ++ grub_file_t hdr __attribute__ ((unused)) ) + { + grub_size_t keysize; + grub_uint8_t digest[GRUB_CRYPTO_MAX_MDLEN]; +diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c +index 86c50c612..66e64c0e0 100644 +--- a/grub-core/disk/luks.c ++++ b/grub-core/disk/luks.c +@@ -23,6 +23,7 @@ + #include <grub/dl.h> + #include <grub/err.h> + #include <grub/disk.h> ++#include <grub/file.h> + #include <grub/crypto.h> + #include <grub/partition.h> + #include <grub/i18n.h> +@@ -66,7 +67,7 @@ gcry_err_code_t AF_merge (const gcry_md_spec_t * hash, grub_uint8_t * src, + + static grub_cryptodisk_t + configure_ciphers (grub_disk_t disk, const char *check_uuid, +- int check_boot) ++ int check_boot, grub_file_t hdr) + { + grub_cryptodisk_t newdev; + const char *iptr; +@@ -86,11 +87,21 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, + int benbi_log = 0; + grub_err_t err; + ++ err = GRUB_ERR_NONE; ++ + if (check_boot) + return NULL; + + /* Read the LUKS header. */ +- err = grub_disk_read (disk, 0, 0, sizeof (header), &header); ++ if (hdr) ++ { ++ grub_file_seek (hdr, 0); ++ if (grub_file_read (hdr, &header, sizeof (header)) != sizeof (header)) ++ err = GRUB_ERR_READ_ERROR; ++ } ++ else ++ err = grub_disk_read (disk, 0, 0, sizeof (header), &header); ++ + if (err) + { + if (err == GRUB_ERR_OUT_OF_RANGE) +@@ -304,12 +315,14 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, + grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid)); + newdev->modname = "luks"; + COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid)); ++ + return newdev; + } + + static grub_err_t + luks_recover_key (grub_disk_t source, +- grub_cryptodisk_t dev) ++ grub_cryptodisk_t dev, ++ grub_file_t hdr) + { + struct grub_luks_phdr header; + grub_size_t keysize; +@@ -321,8 +334,19 @@ luks_recover_key (grub_disk_t source, + grub_err_t err; + grub_size_t max_stripes = 1; + char *tmp; ++ grub_uint32_t sector; ++ ++ err = GRUB_ERR_NONE; ++ ++ if (hdr) ++ { ++ grub_file_seek (hdr, 0); ++ if (grub_file_read (hdr, &header, sizeof (header)) != sizeof (header)) ++ err = GRUB_ERR_READ_ERROR; ++ } ++ else ++ err = grub_disk_read (source, 0, 0, sizeof (header), &header); + +- err = grub_disk_read (source, 0, 0, sizeof (header), &header); + if (err) + return err; + +@@ -391,13 +415,18 @@ luks_recover_key (grub_disk_t source, + return grub_crypto_gcry_error (gcry_err); + } + ++ sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset); + length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes)); + + /* Read and decrypt the key material from the disk. */ +- err = grub_disk_read (source, +- grub_be_to_cpu32 (header.keyblock +- [i].keyMaterialOffset), 0, +- length, split_key); ++ if (hdr) ++ { ++ grub_file_seek (hdr, sector * 512); ++ if (grub_file_read (hdr, split_key, length) != (grub_ssize_t)length) ++ err = GRUB_ERR_READ_ERROR; ++ } ++ else ++ err = grub_disk_read (source, sector, 0, length, split_key); + if (err) + { + grub_free (split_key); +diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h +index 32f564ae0..4e6e89a93 100644 +--- a/include/grub/cryptodisk.h ++++ b/include/grub/cryptodisk.h +@@ -20,6 +20,7 @@ + #define GRUB_CRYPTODISK_HEADER 1 + + #include <grub/disk.h> ++#include <grub/file.h> + #include <grub/crypto.h> + #include <grub/list.h> + #ifdef GRUB_UTIL +@@ -107,8 +108,8 @@ struct grub_cryptodisk_dev + struct grub_cryptodisk_dev **prev; + + grub_cryptodisk_t (*scan) (grub_disk_t disk, const char *check_uuid, +- int boot_only); +- grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev); ++ int boot_only, grub_file_t hdr); ++ grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev, grub_file_t hdr); + }; + typedef struct grub_cryptodisk_dev *grub_cryptodisk_dev_t; + +-- +2.16.2 + |