diff options
author | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2020-08-07 12:56:45 +0200 |
---|---|---|
committer | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2020-08-07 12:57:44 +0200 |
commit | b17a8a19e232caaffe62f369269ec9614e00ba4c (patch) | |
tree | d9e01918a68c628c61913e8023c966cdb0273b53 /libre/grub-crypt-git/v6-0004-cryptodisk-add-support-for-LUKS1-detached-headers.patch | |
parent | 00c6386a735ce2dab702599322b1d7842de76f63 (diff) | |
download | abslibre-b17a8a19e232caaffe62f369269ec9614e00ba4c.tar.gz abslibre-b17a8a19e232caaffe62f369269ec9614e00ba4c.tar.bz2 abslibre-b17a8a19e232caaffe62f369269ec9614e00ba4c.zip |
libre: Add grub-crypt-git
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Diffstat (limited to 'libre/grub-crypt-git/v6-0004-cryptodisk-add-support-for-LUKS1-detached-headers.patch')
-rw-r--r-- | libre/grub-crypt-git/v6-0004-cryptodisk-add-support-for-LUKS1-detached-headers.patch | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/libre/grub-crypt-git/v6-0004-cryptodisk-add-support-for-LUKS1-detached-headers.patch b/libre/grub-crypt-git/v6-0004-cryptodisk-add-support-for-LUKS1-detached-headers.patch new file mode 100644 index 000000000..64dd90d9c --- /dev/null +++ b/libre/grub-crypt-git/v6-0004-cryptodisk-add-support-for-LUKS1-detached-headers.patch @@ -0,0 +1,114 @@ +From 53ad601c16ca9e718c459141b70e417634d0a76b Mon Sep 17 00:00:00 2001 +From: John Lane <john@lane.uk.net> +Date: Tue, 23 Jun 2015 11:16:30 +0100 +Subject: [PATCH v6 4/6] cryptodisk: add support for LUKS1 detached headers + +cryptsetup supports having a detached header through the +--header command line argument for both LUKS1 and LUKS2. + +This adds support for LUKS1 detached headers. + +Signed-off-by: John Lane <john@lane.uk.net> +GNUtoo@cyberdimension.org: rebase, small fixes, commit message +Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> +Reviewed-by: Patrick Steinhardt <ps@pks.im> +--- + grub-core/disk/luks.c | 48 ++++++++++++++++++++++++++++++------------- + 1 file changed, 34 insertions(+), 14 deletions(-) + +diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c +index 685235565..6286302e7 100644 +--- a/grub-core/disk/luks.c ++++ b/grub-core/disk/luks.c +@@ -23,6 +23,7 @@ + #include <grub/dl.h> + #include <grub/err.h> + #include <grub/disk.h> ++#include <grub/file.h> + #include <grub/crypto.h> + #include <grub/partition.h> + #include <grub/i18n.h> +@@ -76,17 +77,23 @@ luks_scan (grub_disk_t disk, const char *check_uuid, int check_boot, + char ciphername[sizeof (header.cipherName) + 1]; + char ciphermode[sizeof (header.cipherMode) + 1]; + char hashspec[sizeof (header.hashSpec) + 1]; +- grub_err_t err; +- +- /* Detached headers are not implemented yet */ +- if (hdr) +- return NULL; ++ grub_err_t err = GRUB_ERR_NONE; + + if (check_boot) + return NULL; + + /* Read the LUKS header. */ +- err = grub_disk_read (disk, 0, 0, sizeof (header), &header); ++ if (hdr) ++ { ++ if (grub_file_seek (hdr, 0) == (grub_off_t) -1) ++ return NULL; ++ ++ if (grub_file_read (hdr, &header, sizeof (header)) != sizeof (header)) ++ return NULL; ++ } ++ else ++ err = grub_disk_read (disk, 0, 0, sizeof (header), &header); ++ + if (err) + { + if (err == GRUB_ERR_OUT_OF_RANGE) +@@ -163,15 +170,22 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr) + grub_uint8_t candidate_digest[sizeof (header.mkDigest)]; + unsigned i; + grub_size_t length; +- grub_err_t err; ++ grub_err_t err = GRUB_ERR_NONE; + grub_size_t max_stripes = 1; + char *tmp; ++ grub_uint32_t sector; + +- /* Detached headers are not implemented yet */ + if (hdr) +- return GRUB_ERR_NOT_IMPLEMENTED_YET; ++ { ++ if (grub_file_seek (hdr, 0) == (grub_off_t) -1) ++ return grub_errno; ++ ++ if (grub_file_read (hdr, &header, sizeof (header)) != sizeof (header)) ++ return grub_errno; ++ } ++ else ++ err = grub_disk_read (source, 0, 0, sizeof (header), &header); + +- err = grub_disk_read (source, 0, 0, sizeof (header), &header); + if (err) + return err; + +@@ -240,13 +254,19 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr) + return grub_crypto_gcry_error (gcry_err); + } + ++ sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset); + length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes)); + + /* Read and decrypt the key material from the disk. */ +- err = grub_disk_read (source, +- grub_be_to_cpu32 (header.keyblock +- [i].keyMaterialOffset), 0, +- length, split_key); ++ if (hdr) ++ { ++ if (grub_file_seek (hdr, sector * 512) == (grub_off_t) -1) ++ return grub_errno; ++ if (grub_file_read (hdr, split_key, length) != (grub_ssize_t)length) ++ return grub_errno; ++ } ++ else ++ err = grub_disk_read (source, sector, 0, length, split_key); + if (err) + { + grub_free (split_key); +-- +2.28.0 + |