[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 7/7] Add support for using a whole device as a keyfile
From: |
John Lane |
Subject: |
[PATCH 7/7] Add support for using a whole device as a keyfile |
Date: |
Wed, 14 Mar 2018 09:45:04 +0000 |
From: Paul Gideon Dann <address@hidden>
---
grub-core/disk/cryptodisk.c | 86 +++++++++++++++++++++++++++++++++++----------
1 file changed, 68 insertions(+), 18 deletions(-)
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 6fc2c23aa..a8937e5e3 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -1032,26 +1032,76 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int
argc, char **args)
else
{
keyfile_offset = state[5].set ? grub_strtoul (state[5].arg, 0, 0) :
0;
- keyfile_size = requested_keyfile_size ? requested_keyfile_size : \
- GRUB_CRYPTODISK_MAX_KEYFILE_SIZE;
-
- keyfile = grub_file_open (state[4].arg);
- if (!keyfile)
- grub_printf (N_("Unable to open key file %s\n"), state[4].arg);
- else if (grub_file_seek (keyfile, keyfile_offset) == (grub_off_t)-1)
- grub_printf (N_("Unable to seek to offset %d in key file\n"),
keyfile_offset);
- else
+
+ if (grub_strchr (state[4].arg, '/'))
{
- keyfile_size = grub_file_read (keyfile, keyfile_buffer,
keyfile_size);
- if (keyfile_size == (grub_size_t)-1)
- grub_printf (N_("Error reading key file\n"));
- else if (requested_keyfile_size && (keyfile_size !=
requested_keyfile_size))
- grub_printf (N_("Cannot read %llu bytes for key file (read
%llu bytes)\n"),
- (unsigned long long)
requested_keyfile_size,
- (unsigned long long)
keyfile_size);
+ keyfile_size = requested_keyfile_size ? requested_keyfile_size :
\
+
GRUB_CRYPTODISK_MAX_KEYFILE_SIZE;
+ keyfile = grub_file_open (state[4].arg);
+ if (!keyfile)
+ grub_printf (N_("Unable to open key file %s\n"), state[4].arg);
+ else if (grub_file_seek (keyfile, keyfile_offset) ==
(grub_off_t)-1)
+ grub_printf (N_("Unable to seek to offset %d in key file\n"),
keyfile_offset);
else
- key = keyfile_buffer;
- }
+ {
+ keyfile_size = grub_file_read (keyfile, keyfile_buffer,
keyfile_size);
+ if (keyfile_size == (grub_size_t)-1)
+ grub_printf (N_("Error reading key file\n"));
+ else if (requested_keyfile_size && (keyfile_size !=
requested_keyfile_size))
+ grub_printf (N_("Cannot read %llu bytes for key file
(read %llu bytes)\n"),
+ (unsigned long long)
requested_keyfile_size,
+ (unsigned long long)
keyfile_size);
+ else
+ key = keyfile_buffer;
+ }
+ }
+ else
+ {
+ grub_disk_t keydisk;
+ char* keydisk_name;
+ grub_err_t err;
+ grub_uint64_t total_sectors;
+
+ keydisk_name = grub_file_get_device_name(state[4].arg);
+ keydisk = grub_disk_open (keydisk_name);
+ if (!keydisk)
+ {
+ grub_printf (N_("Unable to open disk %s\n"), keydisk_name);
+ goto cleanup_keydisk_name;
+ }
+
+ total_sectors = grub_disk_get_size (keydisk);
+ if (total_sectors == GRUB_DISK_SIZE_UNKNOWN)
+ {
+ grub_printf (N_("Unable to determine size of disk %s\n"),
keydisk_name);
+ goto cleanup_keydisk;
+ }
+
+ keyfile_size = (total_sectors << GRUB_DISK_SECTOR_BITS);
+ if (requested_keyfile_size > 0 && requested_keyfile_size <
keyfile_size)
+ keyfile_size = requested_keyfile_size;
+ if (keyfile_size > GRUB_CRYPTODISK_MAX_KEYFILE_SIZE)
+ {
+ grub_printf (N_("Key file size exceeds maximum (%llu)\n"), \
+ (unsigned long long)
GRUB_CRYPTODISK_MAX_KEYFILE_SIZE);
+ goto cleanup_keydisk;
+ }
+
+ err = grub_disk_read (keydisk, 0, keyfile_offset, keyfile_size,
keyfile_buffer);
+ if (err != GRUB_ERR_NONE)
+ {
+ grub_printf (N_("Failed to read from disk %s\n"),
keydisk_name);
+ keyfile_size = 0;
+ goto cleanup_keydisk;
+ }
+
+ key = keyfile_buffer;
+
+ cleanup_keydisk:
+ grub_disk_close (keydisk);
+ cleanup_keydisk_name:
+ grub_free (keydisk_name);
+ }
}
}
--
2.16.2
- [PATCH 1/7] Cryptomount support LUKS detached header, John Lane, 2018/03/14
- [PATCH 5/7] Cryptomount support for hyphens in UUID, John Lane, 2018/03/14
- [PATCH 4/7] Cryptomount support plain dm-crypt, John Lane, 2018/03/14
- [PATCH 2/7] Cryptomount support key files, John Lane, 2018/03/14
- [PATCH 3/7] cryptomount luks allow multiple passphrase attempts, John Lane, 2018/03/14
- [PATCH 7/7] Add support for using a whole device as a keyfile,
John Lane <=
- [PATCH 6/7] Retain constness of parameters., John Lane, 2018/03/14
- Re: [PATCH 1/7] Cryptomount support LUKS detached header, Daniel Kiper, 2018/03/14
- Re: [PATCH 1/7] Cryptomount support LUKS detached header, John Lane, 2018/03/14
- Re: [PATCH 1/7] Cryptomount support LUKS detached header, Paul Menzel, 2018/03/21
- Re: [PATCH 1/7] Cryptomount support LUKS detached header, Daniel Kiper, 2018/03/22
- Re: [PATCH 1/7] Cryptomount support LUKS detached header, TJ, 2018/03/22
- Re: [PATCH 1/7] Cryptomount support LUKS detached header, John Lane, 2018/03/26
- Re: [PATCH 1/7] Cryptomount support LUKS detached header, Daniel Kiper, 2018/03/26
Re: [PATCH 1/7] Cryptomount support LUKS detached header, TJ, 2018/03/17