aboutsummaryrefslogtreecommitdiff
path: root/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch
diff options
context:
space:
mode:
Diffstat (limited to 'resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch')
-rw-r--r--resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch205
1 files changed, 0 insertions, 205 deletions
diff --git a/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch b/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch
deleted file mode 100644
index 9c33b9b0..00000000
--- a/resources/grub/patch/grub.johnlane.ie/0002-Cryptomount-support-key-files.patch
+++ /dev/null
@@ -1,205 +0,0 @@
-From 3b7ef4a5fd57b042201fbefb92a217070b944d67 Mon Sep 17 00:00:00 2001
-From: John Lane <john@lane.uk.net>
-Date: Fri, 26 Jun 2015 13:37:10 +0100
-Subject: [PATCH 03/10] Cryptomount support key files
-
----
- grub-core/disk/cryptodisk.c | 46 ++++++++++++++++++++++++++++++++++++++++++++-
- grub-core/disk/geli.c | 4 +++-
- grub-core/disk/luks.c | 44 +++++++++++++++++++++++++++++--------------
- include/grub/cryptodisk.h | 5 ++++-
- 4 files changed, 82 insertions(+), 17 deletions(-)
-
-diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
-index dd8870d..0e7ced8 100644
---- a/grub-core/disk/cryptodisk.c
-+++ b/grub-core/disk/cryptodisk.c
-@@ -42,6 +42,9 @@ static const struct grub_arg_option options[] =
- {"all", 'a', 0, N_("Mount all."), 0, 0},
- {"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0},
- {"header", 'H', 0, N_("Read LUKS header from file"), 0, ARG_TYPE_STRING},
-+ {"keyfile", 'k', 0, N_("Key file"), 0, ARG_TYPE_STRING},
-+ {"keyfile-offset", 'O', 0, N_("Key file offset (bytes)"), 0, ARG_TYPE_INT},
-+ {"keyfile-size", 'S', 0, N_("Key file data size (bytes)"), 0, ARG_TYPE_INT},
- {0, 0, 0, 0, 0, 0}
- };
-
-@@ -810,6 +813,8 @@ grub_util_cryptodisk_get_uuid (grub_disk_t disk)
- static int check_boot, have_it;
- static char *search_uuid;
- static grub_file_t hdr;
-+static grub_uint8_t *key, keyfile_buffer[GRUB_CRYPTODISK_MAX_KEYFILE_SIZE];
-+static grub_size_t keyfile_size;
-
- static void
- cryptodisk_close (grub_cryptodisk_t dev)
-@@ -840,7 +845,7 @@ grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source)
- if (!dev)
- continue;
-
-- err = cr->recover_key (source, dev, hdr);
-+ err = cr->recover_key (source, dev, hdr, key, keyfile_size);
- if (err)
- {
- cryptodisk_close (dev);
-@@ -948,6 +953,45 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
- hdr = NULL;
-
- have_it = 0;
-+ key = NULL;
-+
-+ if (state[4].set) /* Key file; fails back to passphrase entry */
-+ {
-+ grub_file_t keyfile;
-+ int keyfile_offset;
-+ grub_size_t requested_keyfile_size;
-+
-+ requested_keyfile_size = state[6].set ? grub_strtoul(state[6].arg, 0, 0) : 0;
-+
-+ if (requested_keyfile_size > GRUB_CRYPTODISK_MAX_KEYFILE_SIZE)
-+ grub_printf (N_("Key file size exceeds maximum (%llu)\n"), \
-+ (unsigned long long) GRUB_CRYPTODISK_MAX_KEYFILE_SIZE);
-+ else
-+ {
-+ keyfile_offset = state[5].set ? grub_strtoul (state[5].arg, 0, 0) : 0;
-+ keyfile_size = requested_keyfile_size ? requested_keyfile_size : \
-+ GRUB_CRYPTODISK_MAX_KEYFILE_SIZE;
-+
-+ keyfile = grub_file_open (state[4].arg);
-+ if (!keyfile)
-+ grub_printf (N_("Unable to open key file %s\n"), state[4].arg);
-+ else if (grub_file_seek (keyfile, keyfile_offset) == (grub_off_t)-1)
-+ grub_printf (N_("Unable to seek to offset %d in key file\n"), keyfile_offset);
-+ else
-+ {
-+ keyfile_size = grub_file_read (keyfile, keyfile_buffer, keyfile_size);
-+ if (keyfile_size == (grub_size_t)-1)
-+ grub_printf (N_("Error reading key file\n"));
-+ else if (requested_keyfile_size && (keyfile_size != requested_keyfile_size))
-+ grub_printf (N_("Cannot read %llu bytes for key file (read %llu bytes)\n"),
-+ (unsigned long long) requested_keyfile_size,
-+ (unsigned long long) keyfile_size);
-+ else
-+ key = keyfile_buffer;
-+ }
-+ }
-+ }
-+
- if (state[0].set)
- {
- grub_cryptodisk_t dev;
-diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c
-index f4394eb..da6aa6a 100644
---- a/grub-core/disk/geli.c
-+++ b/grub-core/disk/geli.c
-@@ -401,7 +401,9 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
-
- static grub_err_t
- recover_key (grub_disk_t source, grub_cryptodisk_t dev,
-- grub_file_t hdr __attribute__ ((unused)) )
-+ grub_file_t hdr __attribute__ ((unused)),
-+ grub_uint8_t *key __attribute__ ((unused)),
-+ grub_size_t keyfile_size __attribute__ ((unused)) )
- {
- grub_size_t keysize;
- grub_uint8_t digest[GRUB_CRYPTO_MAX_MDLEN];
-diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
-index 66e64c0..5882368 100644
---- a/grub-core/disk/luks.c
-+++ b/grub-core/disk/luks.c
-@@ -322,12 +322,16 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
- static grub_err_t
- luks_recover_key (grub_disk_t source,
- grub_cryptodisk_t dev,
-- grub_file_t hdr)
-+ grub_file_t hdr,
-+ grub_uint8_t *keyfile_bytes,
-+ grub_size_t keyfile_bytes_size)
- {
- struct grub_luks_phdr header;
- grub_size_t keysize;
- grub_uint8_t *split_key = NULL;
-- char passphrase[MAX_PASSPHRASE] = "";
-+ char interactive_passphrase[MAX_PASSPHRASE] = "";
-+ grub_uint8_t *passphrase;
-+ grub_size_t passphrase_length;
- grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
- unsigned i;
- grub_size_t length;
-@@ -364,18 +368,30 @@ luks_recover_key (grub_disk_t source,
- if (!split_key)
- return grub_errno;
-
-- /* Get the passphrase from the user. */
-- tmp = NULL;
-- if (source->partition)
-- tmp = grub_partition_get_name (source->partition);
-- grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
-- source->partition ? "," : "", tmp ? : "",
-- dev->uuid);
-- grub_free (tmp);
-- if (!grub_password_get (passphrase, MAX_PASSPHRASE))
-+ if (keyfile_bytes)
- {
-- grub_free (split_key);
-- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
-+ /* Use bytestring from key file as passphrase */
-+ passphrase = keyfile_bytes;
-+ passphrase_length = keyfile_bytes_size;
-+ }
-+ else
-+ {
-+ /* Get the passphrase from the user. */
-+ tmp = NULL;
-+ if (source->partition)
-+ tmp = grub_partition_get_name (source->partition);
-+ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
-+ source->partition ? "," : "", tmp ? : "", dev->uuid);
-+ grub_free (tmp);
-+ if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE))
-+ {
-+ grub_free (split_key);
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
-+ }
-+
-+ passphrase = (grub_uint8_t *)interactive_passphrase;
-+ passphrase_length = grub_strlen (interactive_passphrase);
-+
- }
-
- /* Try to recover master key from each active keyslot. */
-@@ -393,7 +409,7 @@ luks_recover_key (grub_disk_t source,
-
- /* Calculate the PBKDF2 of the user supplied passphrase. */
- gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase,
-- grub_strlen (passphrase),
-+ passphrase_length,
- header.keyblock[i].passwordSalt,
- sizeof (header.keyblock[i].passwordSalt),
- grub_be_to_cpu32 (header.keyblock[i].
-diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
-index 4e6e89a..67f6b0b 100644
---- a/include/grub/cryptodisk.h
-+++ b/include/grub/cryptodisk.h
-@@ -55,6 +55,8 @@ typedef enum
- #define GRUB_CRYPTODISK_GF_BYTES (1U << GRUB_CRYPTODISK_GF_LOG_BYTES)
- #define GRUB_CRYPTODISK_MAX_KEYLEN 128
-
-+#define GRUB_CRYPTODISK_MAX_KEYFILE_SIZE 8192
-+
- struct grub_cryptodisk;
-
- typedef gcry_err_code_t
-@@ -109,7 +111,8 @@ struct grub_cryptodisk_dev
-
- grub_cryptodisk_t (*scan) (grub_disk_t disk, const char *check_uuid,
- int boot_only, grub_file_t hdr);
-- grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev, grub_file_t hdr);
-+ grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev,
-+ grub_file_t hdr, grub_uint8_t *key, grub_size_t keyfile_size);
- };
- typedef struct grub_cryptodisk_dev *grub_cryptodisk_dev_t;
-
---
-1.9.1
-