diff options
Diffstat (limited to 'resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch')
| -rw-r--r-- | resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch | 205 |
1 files changed, 0 insertions, 205 deletions
diff --git a/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch b/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch deleted file mode 100644 index 9c33b9b0..00000000 --- a/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch +++ /dev/null @@ -1,205 +0,0 @@ -From 3b7ef4a5fd57b042201fbefb92a217070b944d67 Mon Sep 17 00:00:00 2001 -From: John Lane <john@lane.uk.net> -Date: Fri, 26 Jun 2015 13:37:10 +0100 -Subject: [PATCH 03/10] Cryptomount support key files - ---- - grub-core/disk/cryptodisk.c | 46 ++++++++++++++++++++++++++++++++++++++++++++- - grub-core/disk/geli.c | 4 +++- - grub-core/disk/luks.c | 44 +++++++++++++++++++++++++++++-------------- - include/grub/cryptodisk.h | 5 ++++- - 4 files changed, 82 insertions(+), 17 deletions(-) - -diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c -index dd8870d..0e7ced8 100644 ---- a/grub-core/disk/cryptodisk.c -+++ b/grub-core/disk/cryptodisk.c -@@ -42,6 +42,9 @@ static const struct grub_arg_option options[] = - {"all", 'a', 0, N_("Mount all."), 0, 0}, - {"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0}, - {"header", 'H', 0, N_("Read LUKS header from file"), 0, ARG_TYPE_STRING}, -+ {"keyfile", 'k', 0, N_("Key file"), 0, ARG_TYPE_STRING}, -+ {"keyfile-offset", 'O', 0, N_("Key file offset (bytes)"), 0, ARG_TYPE_INT}, -+ {"keyfile-size", 'S', 0, N_("Key file data size (bytes)"), 0, ARG_TYPE_INT}, - {0, 0, 0, 0, 0, 0} - }; - -@@ -810,6 +813,8 @@ grub_util_cryptodisk_get_uuid (grub_disk_t disk) - static int check_boot, have_it; - static char *search_uuid; - static grub_file_t hdr; -+static grub_uint8_t *key, keyfile_buffer[GRUB_CRYPTODISK_MAX_KEYFILE_SIZE]; -+static grub_size_t keyfile_size; - - static void - cryptodisk_close (grub_cryptodisk_t dev) -@@ -840,7 +845,7 @@ grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source) - if (!dev) - continue; - -- err = cr->recover_key (source, dev, hdr); -+ err = cr->recover_key (source, dev, hdr, key, keyfile_size); - if (err) - { - cryptodisk_close (dev); -@@ -948,6 +953,45 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) - hdr = NULL; - - have_it = 0; -+ key = NULL; -+ -+ if (state[4].set) /* Key file; fails back to passphrase entry */ -+ { -+ grub_file_t keyfile; -+ int keyfile_offset; -+ grub_size_t requested_keyfile_size; -+ -+ requested_keyfile_size = state[6].set ? grub_strtoul(state[6].arg, 0, 0) : 0; -+ -+ if (requested_keyfile_size > GRUB_CRYPTODISK_MAX_KEYFILE_SIZE) -+ grub_printf (N_("Key file size exceeds maximum (%llu)\n"), \ -+ (unsigned long long) GRUB_CRYPTODISK_MAX_KEYFILE_SIZE); -+ else -+ { -+ keyfile_offset = state[5].set ? grub_strtoul (state[5].arg, 0, 0) : 0; -+ keyfile_size = requested_keyfile_size ? requested_keyfile_size : \ -+ GRUB_CRYPTODISK_MAX_KEYFILE_SIZE; -+ -+ keyfile = grub_file_open (state[4].arg); -+ if (!keyfile) -+ grub_printf (N_("Unable to open key file %s\n"), state[4].arg); -+ else if (grub_file_seek (keyfile, keyfile_offset) == (grub_off_t)-1) -+ grub_printf (N_("Unable to seek to offset %d in key file\n"), keyfile_offset); -+ else -+ { -+ keyfile_size = grub_file_read (keyfile, keyfile_buffer, keyfile_size); -+ if (keyfile_size == (grub_size_t)-1) -+ grub_printf (N_("Error reading key file\n")); -+ else if (requested_keyfile_size && (keyfile_size != requested_keyfile_size)) -+ grub_printf (N_("Cannot read %llu bytes for key file (read %llu bytes)\n"), -+ (unsigned long long) requested_keyfile_size, -+ (unsigned long long) keyfile_size); -+ else -+ key = keyfile_buffer; -+ } -+ } -+ } -+ - if (state[0].set) - { - grub_cryptodisk_t dev; -diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c -index f4394eb..da6aa6a 100644 ---- a/grub-core/disk/geli.c -+++ b/grub-core/disk/geli.c -@@ -401,7 +401,9 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - - static grub_err_t - recover_key (grub_disk_t source, grub_cryptodisk_t dev, -- grub_file_t hdr __attribute__ ((unused)) ) -+ grub_file_t hdr __attribute__ ((unused)), -+ grub_uint8_t *key __attribute__ ((unused)), -+ grub_size_t keyfile_size __attribute__ ((unused)) ) - { - grub_size_t keysize; - grub_uint8_t digest[GRUB_CRYPTO_MAX_MDLEN]; -diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c -index 66e64c0..5882368 100644 ---- a/grub-core/disk/luks.c -+++ b/grub-core/disk/luks.c -@@ -322,12 +322,16 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid, - static grub_err_t - luks_recover_key (grub_disk_t source, - grub_cryptodisk_t dev, -- grub_file_t hdr) -+ grub_file_t hdr, -+ grub_uint8_t *keyfile_bytes, -+ grub_size_t keyfile_bytes_size) - { - struct grub_luks_phdr header; - grub_size_t keysize; - grub_uint8_t *split_key = NULL; -- char passphrase[MAX_PASSPHRASE] = ""; -+ char interactive_passphrase[MAX_PASSPHRASE] = ""; -+ grub_uint8_t *passphrase; -+ grub_size_t passphrase_length; - grub_uint8_t candidate_digest[sizeof (header.mkDigest)]; - unsigned i; - grub_size_t length; -@@ -364,18 +368,30 @@ luks_recover_key (grub_disk_t source, - if (!split_key) - return grub_errno; - -- /* Get the passphrase from the user. */ -- tmp = NULL; -- if (source->partition) -- tmp = grub_partition_get_name (source->partition); -- grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, -- source->partition ? "," : "", tmp ? : "", -- dev->uuid); -- grub_free (tmp); -- if (!grub_password_get (passphrase, MAX_PASSPHRASE)) -+ if (keyfile_bytes) - { -- grub_free (split_key); -- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); -+ /* Use bytestring from key file as passphrase */ -+ passphrase = keyfile_bytes; -+ passphrase_length = keyfile_bytes_size; -+ } -+ else -+ { -+ /* Get the passphrase from the user. */ -+ tmp = NULL; -+ if (source->partition) -+ tmp = grub_partition_get_name (source->partition); -+ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, -+ source->partition ? "," : "", tmp ? : "", dev->uuid); -+ grub_free (tmp); -+ if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE)) -+ { -+ grub_free (split_key); -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); -+ } -+ -+ passphrase = (grub_uint8_t *)interactive_passphrase; -+ passphrase_length = grub_strlen (interactive_passphrase); -+ - } - - /* Try to recover master key from each active keyslot. */ -@@ -393,7 +409,7 @@ luks_recover_key (grub_disk_t source, - - /* Calculate the PBKDF2 of the user supplied passphrase. */ - gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase, -- grub_strlen (passphrase), -+ passphrase_length, - header.keyblock[i].passwordSalt, - sizeof (header.keyblock[i].passwordSalt), - grub_be_to_cpu32 (header.keyblock[i]. -diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h -index 4e6e89a..67f6b0b 100644 ---- a/include/grub/cryptodisk.h -+++ b/include/grub/cryptodisk.h -@@ -55,6 +55,8 @@ typedef enum - #define GRUB_CRYPTODISK_GF_BYTES (1U << GRUB_CRYPTODISK_GF_LOG_BYTES) - #define GRUB_CRYPTODISK_MAX_KEYLEN 128 - -+#define GRUB_CRYPTODISK_MAX_KEYFILE_SIZE 8192 -+ - struct grub_cryptodisk; - - typedef gcry_err_code_t -@@ -109,7 +111,8 @@ struct grub_cryptodisk_dev - - grub_cryptodisk_t (*scan) (grub_disk_t disk, const char *check_uuid, - int boot_only, grub_file_t hdr); -- grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev, grub_file_t hdr); -+ grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev, -+ grub_file_t hdr, grub_uint8_t *key, grub_size_t keyfile_size); - }; - typedef struct grub_cryptodisk_dev *grub_cryptodisk_dev_t; - --- -1.9.1 - |