grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Patchv3][ 5/6] cryptodisk: enable the backends to implement key fil


From: Patrick Steinhardt
Subject: Re: [Patchv3][ 5/6] cryptodisk: enable the backends to implement key files
Date: Sat, 23 May 2020 22:52:46 +0200

On Fri, May 08, 2020 at 01:19:42AM +0200, Denis 'GNUtoo' Carikli wrote:
> From: John Lane <address@hidden>
> 
> Signed-off-by: John Lane <address@hidden>
> address@hidden: rebase, patch split, small fixes, commit message
> Signed-off-by: Denis 'GNUtoo' Carikli <address@hidden>
> ---
> ChangeLog:
> In addition to the requested changes (if any), the following was
> changed:
> - Changed a bit the error message "Keyfile is too small"
>   from the one suggested in the review.
> ---
>  grub-core/disk/cryptodisk.c | 87 ++++++++++++++++++++++++++++++++++++-
>  grub-core/disk/geli.c       |  7 +--
>  grub-core/disk/luks.c       |  7 ++-
>  grub-core/disk/luks2.c      |  7 +--
>  include/grub/cryptodisk.h   |  5 ++-
>  include/grub/file.h         |  2 +
>  6 files changed, 106 insertions(+), 9 deletions(-)
> 
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index 6ad2e486e..ab4a62b7f 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -42,6 +42,9 @@ static const struct grub_arg_option options[] =
>      {"all", 'a', 0, N_("Mount all."), 0, 0},
>      {"boot", 'b', 0, N_("Mount all volumes with `boot' flag set."), 0, 0},
>      {"header", 'H', 0, N_("Read header from file"), 0, ARG_TYPE_STRING},
> +    {"keyfile", 'k', 0, N_("Key file"), 0, ARG_TYPE_STRING},
> +    {"keyfile-offset", 'O', 0, N_("Key file offset (bytes)"), 0, 
> ARG_TYPE_INT},
> +    {"keyfile-size", 'S', 0, N_("Key file data size (bytes)"), 0, 
> ARG_TYPE_INT},
>      {0, 0, 0, 0, 0, 0}
>    };
>  
> @@ -972,6 +975,8 @@ grub_util_cryptodisk_get_uuid (grub_disk_t disk)
>  static int check_boot, have_it;
>  static char *search_uuid;
>  static grub_file_t hdr;
> +static grub_uint8_t *key, keyfile_buffer[GRUB_CRYPTODISK_MAX_KEYFILE_SIZE];
> +static grub_ssize_t key_size;
>  
>  static void
>  cryptodisk_close (grub_cryptodisk_t dev)
> @@ -1002,7 +1007,7 @@ grub_cryptodisk_scan_device_real (const char *name, 
> grub_disk_t source)
>      if (!dev)
>        continue;
>      
> -    err = cr->recover_key (source, dev, hdr);
> +    err = cr->recover_key (source, dev, hdr, key, key_size);
>      if (err)
>      {
>        cryptodisk_close (dev);
> @@ -1112,6 +1117,86 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int 
> argc, char **args)
>      hdr = NULL;
>  
>    have_it = 0;
> +  key = NULL;
> +
> +  if (state[4].set) /* keyfile */
> +    {
> +      const char *p = NULL;
> +      grub_file_t keyfile;
> +      int keyfile_offset;
> +      grub_size_t requested_keyfile_size = 0;
> +
> +
> +      if (state[5].set) /* keyfile-offset */
> +     {
> +       keyfile_offset = grub_strtoul (state[5].arg, &p, 0);
> +
> +       if (grub_errno != GRUB_ERR_NONE)
> +         return grub_errno;
> +
> +       if (*p != '\0')
> +         return grub_error (GRUB_ERR_BAD_ARGUMENT,
> +                            N_("unrecognized number"));
> +     }
> +      else
> +     {
> +       keyfile_offset = 0;
> +     }
> +
> +      if (state[6].set) /* keyfile-size */
> +     {
> +       requested_keyfile_size = grub_strtoul(state[6].arg, &p, 0);
> +
> +       if (*p != '\0')
> +         return grub_error (GRUB_ERR_BAD_ARGUMENT,
> +                            N_("unrecognized number"));
> +
> +       if (grub_errno != GRUB_ERR_NONE)
> +         return grub_errno;
> +
> +       if (requested_keyfile_size > GRUB_CRYPTODISK_MAX_KEYFILE_SIZE)
> +         return grub_error(GRUB_ERR_OUT_OF_RANGE,
> +                           N_("Key file size exceeds maximum (%llu)\n"), \
> +                           (unsigned long long) 
> GRUB_CRYPTODISK_MAX_KEYFILE_SIZE);
> +
> +       if (requested_keyfile_size == 0)
> +         return grub_error(GRUB_ERR_OUT_OF_RANGE,
> +                           N_("Key file size is 0\n"));
> +     }
> +
> +
> +      keyfile = grub_file_open (state[4].arg,
> +                             GRUB_FILE_TYPE_CRYPTODISK_ENCRYPTION_KEY);
> +      if (!keyfile)
> +     return grub_errno;
> +
> +      if (grub_file_seek (keyfile, keyfile_offset) == (grub_off_t)-1)
> +     return grub_errno;
> +
> +
> +      if (requested_keyfile_size)
> +     {
> +       if (requested_keyfile_size > (keyfile->size - keyfile_offset))
> +         return grub_error (GRUB_ERR_FILE_READ_ERROR,
> +                            N_("Keyfile is too small: "
> +                               "requested %llu bytes, "
> +                               "but the file only has %llu bytes.\n"),
> +                            (unsigned long long) requested_keyfile_size,
> +                            (unsigned long long) keyfile->size);

Instead of casting these, you may also just use `PRIuGRUB_SIZE` as
formatter.

Execept for this minor nit the patches all look good to me. Not sure if
it's worth much, but you may add my Reviewed-by tag if you want to.

Patrick

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]