diff options
Diffstat (limited to 'libre/grub-crypt-git/v6-0006-cryptodisk-Add-support-for-LUKS1-key-files.patch')
| -rw-r--r-- | libre/grub-crypt-git/v6-0006-cryptodisk-Add-support-for-LUKS1-key-files.patch | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/libre/grub-crypt-git/v6-0006-cryptodisk-Add-support-for-LUKS1-key-files.patch b/libre/grub-crypt-git/v6-0006-cryptodisk-Add-support-for-LUKS1-key-files.patch new file mode 100644 index 000000000..7b544316f --- /dev/null +++ b/libre/grub-crypt-git/v6-0006-cryptodisk-Add-support-for-LUKS1-key-files.patch @@ -0,0 +1,97 @@ +From 6251a7f5223b61605a9b4ba11bb18ed607c05f50 Mon Sep 17 00:00:00 2001 +From: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> +Date: Tue, 17 Mar 2020 08:02:10 +0100 +Subject: [PATCH v6 6/6] cryptodisk: Add support for LUKS1 key files + +cryptsetup supports key files thourh the --key-file +--header command line argument for both LUKS1 and LUKS2. + +This adds support for LUKS1 key files. + +Signed-off-by: John Lane <john@lane.uk.net> +GNUtoo@cyberdimension.org: rebase, fixes, commit message +Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> +Reviewed-by: Patrick Steinhardt <ps@pks.im> +--- + grub-core/disk/luks.c | 43 ++++++++++++++++++++++++++----------------- + 1 file changed, 26 insertions(+), 17 deletions(-) + +diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c +index 0dd33b2af..125a21902 100644 +--- a/grub-core/disk/luks.c ++++ b/grub-core/disk/luks.c +@@ -167,7 +167,9 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr, + struct grub_luks_phdr header; + grub_size_t keysize; + grub_uint8_t *split_key = NULL; +- char passphrase[MAX_PASSPHRASE] = ""; ++ char interactive_passphrase[MAX_PASSPHRASE] = ""; ++ grub_uint8_t *passphrase; ++ grub_size_t passphrase_length; + grub_uint8_t candidate_digest[sizeof (header.mkDigest)]; + unsigned i; + grub_size_t length; +@@ -176,10 +178,6 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr, + char *tmp; + grub_uint32_t sector; + +- /* Keyfiles are not implemented yet */ +- if (keyfile_bytes || keyfile_bytes_size) +- return GRUB_ERR_NOT_IMPLEMENTED_YET; +- + if (hdr) + { + if (grub_file_seek (hdr, 0) == (grub_off_t) -1) +@@ -208,18 +206,29 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr, + if (!split_key) + return grub_errno; + +- /* Get the passphrase from the user. */ +- tmp = NULL; +- if (source->partition) +- tmp = grub_partition_get_name (source->partition); +- grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, +- source->partition ? "," : "", tmp ? : "", +- dev->uuid); +- grub_free (tmp); +- if (!grub_password_get (passphrase, MAX_PASSPHRASE)) ++ if (keyfile_bytes) + { +- grub_free (split_key); +- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); ++ /* Use bytestring from key file as passphrase */ ++ passphrase = keyfile_bytes; ++ passphrase_length = keyfile_bytes_size; ++ } ++ else ++ { ++ /* Get the passphrase from the user. */ ++ tmp = NULL; ++ if (source->partition) ++ tmp = grub_partition_get_name (source->partition); ++ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name, ++ source->partition ? "," : "", tmp ? : "", dev->uuid); ++ grub_free (tmp); ++ if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE)) ++ { ++ grub_free (split_key); ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); ++ } ++ ++ passphrase = (grub_uint8_t *)interactive_passphrase; ++ passphrase_length = grub_strlen (interactive_passphrase); + } + + /* Try to recover master key from each active keyslot. */ +@@ -237,7 +246,7 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr, + + /* Calculate the PBKDF2 of the user supplied passphrase. */ + gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase, +- grub_strlen (passphrase), ++ passphrase_length, + header.keyblock[i].passwordSalt, + sizeof (header.keyblock[i].passwordSalt), + grub_be_to_cpu32 (header.keyblock[i]. +-- +2.28.0 + |