From: John Lane <j...@lane.uk.net>
cryptsetup supports having a detached header through the
--header command line argument for both LUKS1 and LUKS2.
This adds support for LUKS1 detached headers.
Signed-off-by: John Lane <j...@lane.uk.net>
gnu...@cyberdimension.org: rebase, small fixes, commit message
Signed-off-by: Denis 'GNUtoo' Carikli <gnu...@cyberdimension.org>
---
grub-core/disk/luks.c | 49 +++++++++++++++++++++++++++++++++----------
1 file changed, 38 insertions(+), 11 deletions(-)
diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
index e07a2fef1..0b20908ac 100644
--- a/grub-core/disk/luks.c
+++ b/grub-core/disk/luks.c
@@ -23,6 +23,7 @@
#include <grub/dl.h>
#include <grub/err.h>
#include <grub/disk.h>
+#include <grub/file.h>
#include <grub/crypto.h>
#include <grub/partition.h>
#include <grub/i18n.h>
@@ -66,7 +67,7 @@ gcry_err_code_t AF_merge (const gcry_md_spec_t * hash,
grub_uint8_t * src,
static grub_cryptodisk_t
luks_scan (grub_disk_t disk, const char *check_uuid, int check_boot,
- grub_file_t hdr __attribute__((__unused__)))
+ grub_file_t hdr)
{
grub_cryptodisk_t newdev;
const char *iptr;
@@ -76,13 +77,23 @@ luks_scan (grub_disk_t disk, const char *check_uuid, int
check_boot,
char ciphername[sizeof (header.cipherName) + 1];
char ciphermode[sizeof (header.cipherMode) + 1];
char hashspec[sizeof (header.hashSpec) + 1];
- grub_err_t err;
+ grub_err_t err = GRUB_ERR_NONE;
if (check_boot)
return NULL;
/* Read the LUKS header. */
- err = grub_disk_read (disk, 0, 0, sizeof (header), &header);
+ if (hdr)
+ {
+ if (grub_file_seek (hdr, 0) == (grub_off_t) -1)
+ return NULL;
+
+ if (grub_file_read (hdr, &header, sizeof (header)) != sizeof (header))
+ return NULL;
+ }
+ else
+ err = grub_disk_read (disk, 0, 0, sizeof (header), &header);
+
if (err)
{
if (err == GRUB_ERR_OUT_OF_RANGE)
@@ -150,8 +161,7 @@ luks_scan (grub_disk_t disk, const char *check_uuid, int
check_boot,
}
static grub_err_t
-luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev,
- grub_file_t hdr __attribute__ ((unused)))
+luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr)
{
struct grub_luks_phdr header;
grub_size_t keysize;
@@ -160,11 +170,22 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t
dev,
grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
unsigned i;
grub_size_t length;
- grub_err_t err;
+ grub_err_t err = GRUB_ERR_NONE;
grub_size_t max_stripes = 1;
char *tmp;
+ grub_uint32_t sector;
+
+ if (hdr)
+ {
+ if (grub_file_seek (hdr, 0) == (grub_off_t) -1)
+ return grub_errno;
+
+ if (grub_file_read (hdr, &header, sizeof (header)) != sizeof (header))
+ return grub_errno;
+ }
+ else
+ err = grub_disk_read (source, 0, 0, sizeof (header), &header);
- err = grub_disk_read (source, 0, 0, sizeof (header), &header);
if (err)
return err;
@@ -233,13 +254,19 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t
dev,
return grub_crypto_gcry_error (gcry_err);
}
+ sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset);
length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes));
/* Read and decrypt the key material from the disk. */
- err = grub_disk_read (source,
- grub_be_to_cpu32 (header.keyblock
- [i].keyMaterialOffset), 0,
- length, split_key);
+ if (hdr)
+ {
+ if (grub_file_seek (hdr, sector * 512))
+ return grub_errno;
+ if (grub_file_read (hdr, split_key, length) != (grub_ssize_t)length)
+ return grub_errno;
+ }
+ else
+ err = grub_disk_read (source, sector, 0, length, split_key);
if (err)
{
grub_free (split_key);
--
2.25.1
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
