libre: Add grub-crypt-git

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
author: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> 2020-08-07 12:56:45 +0200
committer: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> 2020-08-07 12:57:44 +0200
commit: b17a8a19e232caaffe62f369269ec9614e00ba4c (patch)
tree: d9e01918a68c628c61913e8023c966cdb0273b53 /libre/grub-crypt-git/v6-0004-cryptodisk-add-support-for-LUKS1-detached-headers.patch
parent: 00c6386a735ce2dab702599322b1d7842de76f63 (diff)
download: abslibre-b17a8a19e232caaffe62f369269ec9614e00ba4c.tar.gz
abslibre-b17a8a19e232caaffe62f369269ec9614e00ba4c.tar.bz2
abslibre-b17a8a19e232caaffe62f369269ec9614e00ba4c.zip
1 files changed, 114 insertions, 0 deletions
diff --git a/libre/grub-crypt-git/v6-0004-cryptodisk-add-support-for-LUKS1-detached-headers.patch b/libre/grub-crypt-git/v6-0004-cryptodisk-add-support-for-LUKS1-detached-headers.patch
new file mode 100644
index 000000000..64dd90d9c
--- /dev/null
+++ b/libre/grub-crypt-git/v6-0004-cryptodisk-add-support-for-LUKS1-detached-headers.patch
@@ -0,0 +1,114 @@
+From 53ad601c16ca9e718c459141b70e417634d0a76b Mon Sep 17 00:00:00 2001
+From: John Lane <john@lane.uk.net>
+Date: Tue, 23 Jun 2015 11:16:30 +0100
+Subject: [PATCH v6 4/6] cryptodisk: add support for LUKS1 detached headers
+
+cryptsetup supports having a detached header through the
+--header command line argument for both LUKS1 and LUKS2.
+
+This adds support for LUKS1 detached headers.
+
+Signed-off-by: John Lane <john@lane.uk.net>
+GNUtoo@cyberdimension.org: rebase, small fixes, commit message
+Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+Reviewed-by: Patrick Steinhardt <ps@pks.im>
+---
+ grub-core/disk/luks.c | 48 ++++++++++++++++++++++++++++++-------------
+ 1 file changed, 34 insertions(+), 14 deletions(-)
+
+diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
+index 685235565..6286302e7 100644
+--- a/grub-core/disk/luks.c
++++ b/grub-core/disk/luks.c
+@@ -23,6 +23,7 @@
+ #include <grub/dl.h>
+ #include <grub/err.h>
+ #include <grub/disk.h>
++#include <grub/file.h>
+ #include <grub/crypto.h>
+ #include <grub/partition.h>
+ #include <grub/i18n.h>
+@@ -76,17 +77,23 @@ luks_scan (grub_disk_t disk, const char *check_uuid, int check_boot,
+   char ciphername[sizeof (header.cipherName) + 1];
+   char ciphermode[sizeof (header.cipherMode) + 1];
+   char hashspec[sizeof (header.hashSpec) + 1];
+-  grub_err_t err;
+-
+-  /* Detached headers are not implemented yet */
+-  if (hdr)
+-    return NULL;
++  grub_err_t err = GRUB_ERR_NONE;
+ 
+   if (check_boot)
+     return NULL;
+ 
+   /* Read the LUKS header.  */
+-  err = grub_disk_read (disk, 0, 0, sizeof (header), &header);
++  if (hdr)
++    {
++      if (grub_file_seek (hdr, 0) == (grub_off_t) -1)
++	return NULL;
++
++      if (grub_file_read (hdr, &header, sizeof (header)) != sizeof (header))
++	return NULL;
++    }
++  else
++    err = grub_disk_read (disk, 0, 0, sizeof (header), &header);
++
+   if (err)
+     {
+       if (err == GRUB_ERR_OUT_OF_RANGE)
+@@ -163,15 +170,22 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr)
+   grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
+   unsigned i;
+   grub_size_t length;
+-  grub_err_t err;
++  grub_err_t err = GRUB_ERR_NONE;
+   grub_size_t max_stripes = 1;
+   char *tmp;
++  grub_uint32_t sector;
+ 
+-  /* Detached headers are not implemented yet */
+   if (hdr)
+-    return GRUB_ERR_NOT_IMPLEMENTED_YET;
++    {
++      if (grub_file_seek (hdr, 0) == (grub_off_t) -1)
++	return grub_errno;
++
++      if (grub_file_read (hdr, &header, sizeof (header)) != sizeof (header))
++	return grub_errno;
++    }
++  else
++    err = grub_disk_read (source, 0, 0, sizeof (header), &header);
+ 
+-  err = grub_disk_read (source, 0, 0, sizeof (header), &header);
+   if (err)
+     return err;
+ 
+@@ -240,13 +254,19 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr)
+ 	  return grub_crypto_gcry_error (gcry_err);
+ 	}
+ 
++      sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset);
+       length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes));
+ 
+       /* Read and decrypt the key material from the disk.  */
+-      err = grub_disk_read (source,
+-			    grub_be_to_cpu32 (header.keyblock
+-					      [i].keyMaterialOffset), 0,
+-			    length, split_key);
++      if (hdr)
++      {
++        if (grub_file_seek (hdr, sector * 512) == (grub_off_t) -1)
++          return grub_errno;
++        if (grub_file_read (hdr, split_key, length) != (grub_ssize_t)length)
++          return grub_errno;
++      }
++      else
++        err = grub_disk_read (source, sector, 0, length, split_key);
+       if (err)
+ 	{
+ 	  grub_free (split_key);
+-- 
+2.28.0
+
author	Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>	2020-08-07 12:56:45 +0200
committer	Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>	2020-08-07 12:57:44 +0200
commit	b17a8a19e232caaffe62f369269ec9614e00ba4c (patch)
tree	d9e01918a68c628c61913e8023c966cdb0273b53 /libre/grub-crypt-git/v6-0004-cryptodisk-add-support-for-LUKS1-detached-headers.patch
parent	00c6386a735ce2dab702599322b1d7842de76f63 (diff)
download	abslibre-b17a8a19e232caaffe62f369269ec9614e00ba4c.tar.gz abslibre-b17a8a19e232caaffe62f369269ec9614e00ba4c.tar.bz2 abslibre-b17a8a19e232caaffe62f369269ec9614e00ba4c.zip