On Tue, Mar 17, 2020 at 08:57:39AM +0100, Denis 'GNUtoo' Carikli wrote:
> From: John Lane <j...@lane.uk.net>
>
> Signed-off-by: John Lane <j...@lane.uk.net>
> gnu...@cyberdimension.org: rebase, patch split, small fixes, commit message
> Signed-off-by: Denis 'GNUtoo' Carikli <gnu...@cyberdimension.org>
> ---
> grub-core/disk/cryptodisk.c | 71 ++++++++++++++++++++++++++++++++++++-
> grub-core/disk/geli.c | 4 ++-
> grub-core/disk/luks.c | 4 ++-
> grub-core/disk/luks2.c | 4 ++-
> include/grub/cryptodisk.h | 5 ++-
> include/grub/file.h | 2 ++
> 6 files changed, 85 insertions(+), 5 deletions(-)
>
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index fa342fe44..2adb224d0 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -42,6 +42,9 @@ static const struct grub_arg_option options[] =
> {"all", 'a', 0, N_("Mount all."), 0, 0},
> {"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0},
> {"header", 'H', 0, N_("Read header from file"), 0, ARG_TYPE_STRING},
> + {"keyfile", 'k', 0, N_("Key file"), 0, ARG_TYPE_STRING},
> + {"keyfile-offset", 'O', 0, N_("Key file offset (bytes)"), 0,
> ARG_TYPE_INT},
> + {"keyfile-size", 'S', 0, N_("Key file data size (bytes)"), 0,
> ARG_TYPE_INT},
> {0, 0, 0, 0, 0, 0}
> };
>
> @@ -972,6 +975,8 @@ grub_util_cryptodisk_get_uuid (grub_disk_t disk)
> static int check_boot, have_it;
> static char *search_uuid;
> static grub_file_t hdr;
> +static grub_uint8_t *key, keyfile_buffer[GRUB_CRYPTODISK_MAX_KEYFILE_SIZE];
> +static grub_ssize_t key_size;
>
> static void
> cryptodisk_close (grub_cryptodisk_t dev)
> @@ -1002,7 +1007,7 @@ grub_cryptodisk_scan_device_real (const char *name,
> grub_disk_t source)
> if (!dev)
> continue;
>
> - err = cr->recover_key (source, dev, hdr);
> + err = cr->recover_key (source, dev, hdr, key, key_size);
> if (err)
> {
> cryptodisk_close (dev);
> @@ -1112,6 +1117,70 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int
> argc, char **args)
> hdr = NULL;
>
> have_it = 0;
> + key = NULL;
> +
> + if (state[4].set) /* keyfile */
> + {
> + grub_file_t keyfile;
> + int keyfile_offset;
> + grub_size_t requested_keyfile_size = 0;
> +
> + if (state[5].set) /* keyfile-offset */
> + {
> + keyfile_offset = grub_strtoul (state[5].arg, 0, 0);
We should pass in an `endptr` argument here to check that the argument
didn't have any trailing gargabe. Otherwise we might accept parameters
like "1234foobar".
> +
> + if (grub_errno != GRUB_ERR_NONE)
> + return grub_errno;
> + }
> + else
> + {
> + keyfile_offset = 0;
> + }
> +
> + if (state[6].set) /* keyfile-size */
> + {
> + requested_keyfile_size = grub_strtoul(state[6].arg, 0, 0);
The same applies here.
> + if (grub_errno != GRUB_ERR_NONE)
> + return grub_errno;
> +
> + if (requested_keyfile_size > GRUB_CRYPTODISK_MAX_KEYFILE_SIZE)
> + return grub_error(GRUB_ERR_OUT_OF_RANGE,
> + N_("Key file size exceeds maximum (%llu)\n"), \
> + (unsigned long long)
> GRUB_CRYPTODISK_MAX_KEYFILE_SIZE);
> + }
Should we return an error in case `requested_keyfile_size == 0`?
> + keyfile = grub_file_open (state[4].arg,
> + GRUB_FILE_TYPE_CRYPTODISK_ENCRYPTION_KEY);
> + if (!keyfile)
> + return grub_errno;
> +
> + if (grub_file_seek (keyfile, keyfile_offset) == (grub_off_t)-1)
> + return grub_errno;
> +
> +
> + if (state[6].set) /* keyfile-size */
> + {
> + if (requested_keyfile_size > (keyfile->size - keyfile_offset))
> + return grub_error (GRUB_ERR_FILE_READ_ERROR,
> + N_("Cannot read %llu bytes for key file (read
> %llu bytes)\n"),
> + (unsigned long long) requested_keyfile_size,
> + (unsigned long long) keyfile->size);
> +
> + key_size = requested_keyfile_size;
> + }
Instead of checking `state[6].set` we could use `requested_keyfile_size`
here, which might be a bit easier to read. I also think the error
message could be improved a bit as we didn't yet try to read, but it
sounds like we did. How about "Keyfile is too small (requested %llu
bytes, but the file only has %llu bytes)".
> + else
> + {
> + key_size = keyfile->size - keyfile_offset;
> + }
> +
> + if (grub_file_read (keyfile, keyfile_buffer, key_size) != key_size)
> + return grub_error (GRUB_ERR_FILE_READ_ERROR,
> + (N_("Error reading key file\n")));
> + key = keyfile_buffer;
> + }
> +
> if (state[0].set)
> {
> grub_cryptodisk_t dev;
> diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c
> index bec0bb877..7b3f3e721 100644
> --- a/grub-core/disk/geli.c
> +++ b/grub-core/disk/geli.c
> @@ -401,7 +401,9 @@ geli_scan (grub_disk_t disk, const char *check_uuid, int
> boot_only,
>
> static grub_err_t
> recover_key (grub_disk_t source, grub_cryptodisk_t dev,
> - grub_file_t hdr __attribute__ ((unused)))
> + grub_file_t hdr __attribute__ ((unused)),
> + grub_uint8_t *key __attribute__ ((unused)),
> + grub_size_t keyfile_size __attribute__ ((unused)))
> {
The same thought applies here as for the `hdr` attribute: in case a key
or keyfile size was passed but the backend doesn't support it, I think
we should return an error.
Patrick
signature.asc
Description: PGP signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
