libre: Add grub-crypt-git

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>

1 files changed, 285 insertions, 0 deletions

diff --git a/libre/grub-crypt-git/v6-0003-cryptodisk-enable-the-backends-to-implement-detac.patch b/libre/grub-crypt-git/v6-0003-cryptodisk-enable-the-backends-to-implement-detac.patch
new file mode 100644
index 000000000..b3b7c8950
--- /dev/null
+++ b/libre/grub-crypt-git/v6-0003-cryptodisk-enable-the-backends-to-implement-detac.patch
@@ -0,0 +1,285 @@
+From 7ebc9fc1076b2bf8dc728eca345db4a6b8ddff91 Mon Sep 17 00:00:00 2001
+From: John Lane <john@lane.uk.net>
+Date: Tue, 23 Jun 2015 11:16:30 +0100
+Subject: [PATCH v6 3/6] cryptodisk: enable the backends to implement detached
+ headers
+
+Signed-off-by: John Lane <john@lane.uk.net>
+GNUtoo@cyberdimension.org: rebase, patch split, small fixes, commit message
+Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+Reviewed-by: Patrick Steinhardt <ps@pks.im>
+---
+ grub-core/disk/cryptodisk.c | 24 ++++++++++++++++++++----
+ grub-core/disk/geli.c       | 15 +++++++++++++--
+ grub-core/disk/luks.c       | 14 +++++++++++---
+ grub-core/disk/luks2.c      | 15 ++++++++++++---
+ include/grub/cryptodisk.h   |  6 ++++--
+ include/grub/file.h         |  2 ++
+ 6 files changed, 62 insertions(+), 14 deletions(-)
+
+diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
+index 1897acc4b..6ad2e486e 100644
+--- a/grub-core/disk/cryptodisk.c
++++ b/grub-core/disk/cryptodisk.c
+@@ -41,6 +41,7 @@ static const struct grub_arg_option options[] =
+     /* TRANSLATORS: It's still restricted to cryptodisks only.  */
+     {"all", 'a', 0, N_("Mount all."), 0, 0},
+     {"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0},
++    {"header", 'H', 0, N_("Read header from file"), 0, ARG_TYPE_STRING},
+     {0, 0, 0, 0, 0, 0}
+   };
+ 
+@@ -970,6 +971,7 @@ grub_util_cryptodisk_get_uuid (grub_disk_t disk)
+ 
+ static int check_boot, have_it;
+ static char *search_uuid;
++static grub_file_t hdr;
+ 
+ static void
+ cryptodisk_close (grub_cryptodisk_t dev)
+@@ -994,13 +996,13 @@ grub_cryptodisk_scan_device_real (const char *name, grub_disk_t source)
+ 
+   FOR_CRYPTODISK_DEVS (cr)
+   {
+-    dev = cr->scan (source, search_uuid, check_boot);
++    dev = cr->scan (source, search_uuid, check_boot, hdr);
+     if (grub_errno)
+       return grub_errno;
+     if (!dev)
+       continue;
+     
+-    err = cr->recover_key (source, dev);
++    err = cr->recover_key (source, dev, hdr);
+     if (err)
+     {
+       cryptodisk_close (dev);
+@@ -1041,7 +1043,7 @@ grub_cryptodisk_cheat_mount (const char *sourcedev, const char *cheat)
+ 
+   FOR_CRYPTODISK_DEVS (cr)
+   {
+-    dev = cr->scan (source, search_uuid, check_boot);
++    dev = cr->scan (source, search_uuid, check_boot, NULL);
+     if (grub_errno)
+       return grub_errno;
+     if (!dev)
+@@ -1095,6 +1097,20 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args)
+   if (argc < 1 && !state[1].set && !state[2].set)
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, "device name required");
+ 
++  if (state[3].set) /* Detached header */
++    {
++      if (state[0].set)
++	return grub_error (GRUB_ERR_BAD_ARGUMENT,
++			   N_("Cannot use UUID lookup with detached header"));
++
++      hdr = grub_file_open (state[3].arg,
++			    GRUB_FILE_TYPE_CRYPTODISK_DETACHED_HEADER);
++      if (!hdr)
++	return grub_errno;
++    }
++  else
++    hdr = NULL;
++
+   have_it = 0;
+   if (state[0].set)
+     {
+@@ -1302,7 +1318,7 @@ GRUB_MOD_INIT (cryptodisk)
+ {
+   grub_disk_dev_register (&grub_cryptodisk_dev);
+   cmd = grub_register_extcmd ("cryptomount", grub_cmd_cryptomount, 0,
+-			      N_("SOURCE|-u UUID|-a|-b"),
++			      N_("SOURCE|-u UUID|-a|-b|-H file"),
+ 			      N_("Mount a crypto device."), options);
+   grub_procfs_register ("luks_script", &luks_script);
+ }
+diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c
+index 581631c1d..acd09d874 100644
+--- a/grub-core/disk/geli.c
++++ b/grub-core/disk/geli.c
+@@ -52,6 +52,7 @@
+ #include <grub/dl.h>
+ #include <grub/err.h>
+ #include <grub/disk.h>
++#include <grub/file.h>
+ #include <grub/crypto.h>
+ #include <grub/partition.h>
+ #include <grub/i18n.h>
+@@ -121,6 +122,7 @@ enum
+ 
+ /* FIXME: support version 0.  */
+ /* FIXME: support big-endian pre-version-4 volumes.  */
++/* FIXME: support for detached headers.  */
+ /* FIXME: support for keyfiles.  */
+ /* FIXME: support for HMAC.  */
+ const char *algorithms[] = {
+@@ -242,7 +244,8 @@ grub_util_get_geli_uuid (const char *dev)
+ #endif
+ 
+ static grub_cryptodisk_t
+-geli_scan (grub_disk_t disk, const char *check_uuid, int boot_only)
++geli_scan (grub_disk_t disk, const char *check_uuid, int boot_only,
++	   grub_file_t hdr)
+ {
+   grub_cryptodisk_t newdev;
+   struct grub_geli_phdr header;
+@@ -254,6 +257,10 @@ geli_scan (grub_disk_t disk, const char *check_uuid, int boot_only)
+   grub_disk_addr_t sector;
+   grub_err_t err;
+ 
++  /* Detached headers are not implemented yet */
++  if (hdr)
++    return NULL;
++
+   if (2 * GRUB_MD_SHA256->mdlen + 1 > GRUB_CRYPTODISK_MAX_UUID_LENGTH)
+     return NULL;
+ 
+@@ -397,7 +404,7 @@ geli_scan (grub_disk_t disk, const char *check_uuid, int boot_only)
+ }
+ 
+ static grub_err_t
+-geli_recover_key (grub_disk_t source, grub_cryptodisk_t dev)
++geli_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr)
+ {
+   grub_size_t keysize;
+   grub_uint8_t digest[GRUB_CRYPTO_MAX_MDLEN];
+@@ -413,6 +420,10 @@ geli_recover_key (grub_disk_t source, grub_cryptodisk_t dev)
+   grub_disk_addr_t sector;
+   grub_err_t err;
+ 
++  /* Detached headers are not implemented yet */
++  if (hdr)
++    return GRUB_ERR_NOT_IMPLEMENTED_YET;
++
+   if (dev->cipher->cipher->blocksize > GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE)
+     return grub_error (GRUB_ERR_BUG, "cipher block is too long");
+ 
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index b50f6fd02..685235565 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -65,7 +65,8 @@ gcry_err_code_t AF_merge (const gcry_md_spec_t * hash, grub_uint8_t * src,
+ 			  grub_size_t blocknumbers);
+ 
+ static grub_cryptodisk_t
+-luks_scan (grub_disk_t disk, const char *check_uuid, int check_boot)
++luks_scan (grub_disk_t disk, const char *check_uuid, int check_boot,
++	   grub_file_t hdr)
+ {
+   grub_cryptodisk_t newdev;
+   const char *iptr;
+@@ -77,6 +78,10 @@ luks_scan (grub_disk_t disk, const char *check_uuid, int check_boot)
+   char hashspec[sizeof (header.hashSpec) + 1];
+   grub_err_t err;
+ 
++  /* Detached headers are not implemented yet */
++  if (hdr)
++    return NULL;
++
+   if (check_boot)
+     return NULL;
+ 
+@@ -149,8 +154,7 @@ luks_scan (grub_disk_t disk, const char *check_uuid, int check_boot)
+ }
+ 
+ static grub_err_t
+-luks_recover_key (grub_disk_t source,
+-		  grub_cryptodisk_t dev)
++luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr)
+ {
+   struct grub_luks_phdr header;
+   grub_size_t keysize;
+@@ -163,6 +167,10 @@ luks_recover_key (grub_disk_t source,
+   grub_size_t max_stripes = 1;
+   char *tmp;
+ 
++  /* Detached headers are not implemented yet */
++  if (hdr)
++    return GRUB_ERR_NOT_IMPLEMENTED_YET;
++
+   err = grub_disk_read (source, 0, 0, sizeof (header), &header);
+   if (err)
+     return err;
+diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
+index e3ff7c83d..bc00e8bbc 100644
+--- a/grub-core/disk/luks2.c
++++ b/grub-core/disk/luks2.c
+@@ -342,11 +342,16 @@ luks2_read_header (grub_disk_t disk, grub_luks2_header_t *outhdr)
+ }
+ 
+ static grub_cryptodisk_t
+-luks2_scan (grub_disk_t disk, const char *check_uuid, int check_boot)
++luks2_scan (grub_disk_t disk, const char *check_uuid, int check_boot,
++	    grub_file_t hdr_file)
+ {
+   grub_cryptodisk_t cryptodisk;
+   grub_luks2_header_t header;
+ 
++  /* Detached headers are not implemented yet */
++  if (hdr_file)
++    return NULL;
++
+   if (check_boot)
+     return NULL;
+ 
+@@ -523,8 +528,8 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+ }
+ 
+ static grub_err_t
+-luks2_recover_key (grub_disk_t disk,
+-		   grub_cryptodisk_t crypt)
++luks2_recover_key (grub_disk_t disk, grub_cryptodisk_t crypt,
++		   grub_file_t hdr_file)
+ {
+   grub_uint8_t candidate_key[GRUB_CRYPTODISK_MAX_KEYLEN];
+   char passphrase[MAX_PASSPHRASE], cipher[32];
+@@ -538,6 +543,10 @@ luks2_recover_key (grub_disk_t disk,
+   grub_json_t *json = NULL, keyslots;
+   grub_err_t ret;
+ 
++  /* Detached headers are not implemented yet */
++  if (hdr_file)
++    return GRUB_ERR_NOT_IMPLEMENTED_YET;
++
+   ret = luks2_read_header (disk, &header);
+   if (ret)
+     return ret;
+diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
+index e1b21e785..e24b1b8cb 100644
+--- a/include/grub/cryptodisk.h
++++ b/include/grub/cryptodisk.h
+@@ -20,6 +20,7 @@
+ #define GRUB_CRYPTODISK_HEADER	1
+ 
+ #include <grub/disk.h>
++#include <grub/file.h>
+ #include <grub/crypto.h>
+ #include <grub/list.h>
+ #ifdef GRUB_UTIL
+@@ -107,8 +108,9 @@ struct grub_cryptodisk_dev
+   struct grub_cryptodisk_dev **prev;
+ 
+   grub_cryptodisk_t (*scan) (grub_disk_t disk, const char *check_uuid,
+-			     int boot_only);
+-  grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev);
++			     int boot_only, grub_file_t hdr);
++  grub_err_t (*recover_key) (grub_disk_t disk, grub_cryptodisk_t dev,
++			     grub_file_t hdr);
+ };
+ typedef struct grub_cryptodisk_dev *grub_cryptodisk_dev_t;
+ 
+diff --git a/include/grub/file.h b/include/grub/file.h
+index 31567483c..a7d7be853 100644
+--- a/include/grub/file.h
++++ b/include/grub/file.h
+@@ -90,6 +90,8 @@ enum grub_file_type
+     GRUB_FILE_TYPE_FONT,
+     /* File holding encryption key for encrypted ZFS.  */
+     GRUB_FILE_TYPE_ZFS_ENCRYPTION_KEY,
++    /* File holiding the encryption metadata header */
++    GRUB_FILE_TYPE_CRYPTODISK_DETACHED_HEADER,
+     /* File we open n grub-fstest.  */
+     GRUB_FILE_TYPE_FSTEST,
+     /* File we open n grub-mount.  */
+-- 
+2.28.0
+