From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.90_1)
	id 1n3rwD-0001G9-2v
	for mharc-grub-devel@gnu.org; Sat, 01 Jan 2022 22:53:41 -0500
Received: from eggs.gnu.org ([209.51.188.92]:40232)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <development@efficientek.com>)
 id 1n3rwB-0001AW-OH
 for grub-devel@gnu.org; Sat, 01 Jan 2022 22:53:39 -0500
Received: from [2607:f8b0:4864:20::f2d] (port=37746
 helo=mail-qv1-xf2d.google.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <development@efficientek.com>)
 id 1n3rw9-0007Hm-Rs
 for grub-devel@gnu.org; Sat, 01 Jan 2022 22:53:39 -0500
Received: by mail-qv1-xf2d.google.com with SMTP id fo11so28004095qvb.4
 for <grub-devel@gnu.org>; Sat, 01 Jan 2022 19:53:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=efficientek-com.20210112.gappssmtp.com; s=20210112;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=f1SK7kil+9lA81N5NTpHRn4U0GwPwyEDejNzV5ZLzss=;
 b=LTvHWV8lEMrC82dpVQIQiNlS1HVgWiDsScfJHtmlbGJ4cy3O97s+ILUezkuB3ZmPcd
 apQMgyebRrfX1boF0L/PSWjx2jPLkyCrFxL3LKZU2DrP6hHZ8uXs1muAYXFg8W41sOlD
 jFEiUlHJSsfx+5p9WwS7gEj56QcX3nAh8AMSQB6q/iw8zbz6FDS/h+E9e3z+LXQvXa6g
 UR8/XpaQkdDfYMPXhmZDw6z+fh46JQVfURXDOckFxlaV32AmFNciHbv5SIEJ0QGjjwRg
 nguS7Vnz+iMY0+N2fKiHO8DChC36c1ZOkNUfw3lre0d5oL3W9Jnf7O0iU4To2nRwgmzm
 s4eg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=f1SK7kil+9lA81N5NTpHRn4U0GwPwyEDejNzV5ZLzss=;
 b=D5RpLlMdEOq22qQiXAkx5IN4iqt/IYgnqUn7QaXIA8Lbyk6D5f5P0AH60vdGZK15iJ
 7Dr3iKUsEVW/SH4yJWP+qCiExlII4DHa4+gCNWC8kUwacBUST8wb5im3yFI1nG/p/nz5
 Lj6mZSBVwcAOesxgG+O6pqdngIUW9X4f7aKHkslD6C1pahT3HOPOytiDICIFRxwM1EWW
 f7lt+yVH2yExJyqQLqrIhwFp0qtyPxsepSzSoTLr+nISZljEmV+uZaqjAj6QiudQ4bQS
 BYgZ/enzCkXCuT9Q7NEdYCRHD6hUWmlcly8WBnqQ/XILHJz94DjZy08Fg8Ss8+xB61a8
 abGA==
X-Gm-Message-State: AOAM530JN/ou/ZoYTdjWSPDo3TUtPWDFcmTPcG3rPML0chfoGr1ndWfB
 0L0DcQgh9msykSPfvGt/T3ZRi/hXZ1Zw2A==
X-Google-Smtp-Source: ABdhPJxRmGSwvPs5hyB3QtxHbfzHW+zCCG69bBsilFqKChm5a5KW14WaWcXnDm70EUf1QRb7pkuI/Q==
X-Received: by 2002:ad4:5aad:: with SMTP id u13mr37743262qvg.46.1641095617122; 
 Sat, 01 Jan 2022 19:53:37 -0800 (PST)
Received: from localhost.localdomain ([37.218.244.251])
 by smtp.gmail.com with ESMTPSA id bm25sm25187775qkb.4.2022.01.01.19.53.34
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 01 Jan 2022 19:53:36 -0800 (PST)
From: Glenn Washburn <development@efficientek.com>
To: Daniel Kiper <dkiper@net-space.pl>,
	grub-devel@gnu.org
Cc: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>,
 Patrick Steinhardt <ps@pks.im>, John Lane <john@lane.uk.net>,
 Glenn Washburn <development@efficientek.com>
Subject: [PATCH v8 7/7] luks2: Add detached header support
Date: Sat,  1 Jan 2022 21:53:00 -0600
Message-Id: <117658d72d94eb978bf6e3e9b30915c7ab404f87.1641092534.git.development@efficientek.com>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <cover.1641092534.git.development@efficientek.com>
References: <cover.1641092534.git.development@efficientek.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Host-Lookup-Failed: Reverse DNS lookup failed for 2607:f8b0:4864:20::f2d
 (failed)
Received-SPF: pass client-ip=2607:f8b0:4864:20::f2d;
 envelope-from=development@efficientek.com; helo=mail-qv1-xf2d.google.com
X-Spam_score_int: 8
X-Spam_score: 0.8
X-Spam_bar: /
X-Spam_report: (0.8 / 5.0 requ) DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Jan 2022 03:53:40 -0000

Signed-off-by: Glenn Washburn <development@efficientek.com>
---
 grub-core/disk/luks2.c | 67 ++++++++++++++++++++++++++++++------------
 1 file changed, 49 insertions(+), 18 deletions(-)

diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index 567368f11..e92c28d45 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -313,13 +313,22 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_luks2_digest_t *d, grub_luks2_s
 
 /* Determine whether to use primary or secondary header */
 static grub_err_t
-luks2_read_header (grub_disk_t disk, grub_luks2_header_t *outhdr)
+luks2_read_header (grub_disk_t disk, grub_file_t hdr_file, grub_luks2_header_t *outhdr)
 {
   grub_luks2_header_t primary, secondary, *header = &primary;
-  grub_err_t ret;
+  grub_err_t ret = GRUB_ERR_NONE;
 
   /* Read the primary LUKS header. */
-  ret = grub_disk_read (disk, 0, 0, sizeof (primary), &primary);
+  if (hdr_file)
+    {
+      if (grub_file_seek (hdr_file, 0) == (grub_off_t) -1)
+	ret = grub_errno;
+
+      else if (grub_file_read (hdr_file, &primary, sizeof (primary)) != sizeof (primary))
+	ret = grub_errno;
+    }
+  else
+    ret = grub_disk_read (disk, 0, 0, sizeof (primary), &primary);
   if (ret)
     return ret;
 
@@ -329,7 +338,16 @@ luks2_read_header (grub_disk_t disk, grub_luks2_header_t *outhdr)
     return GRUB_ERR_BAD_SIGNATURE;
 
   /* Read the secondary header. */
-  ret = grub_disk_read (disk, 0, grub_be_to_cpu64 (primary.hdr_size), sizeof (secondary), &secondary);
+  if (hdr_file)
+    {
+      if (grub_file_seek (hdr_file, grub_be_to_cpu64 (primary.hdr_size)) == (grub_off_t) -1)
+	ret = grub_errno;
+
+      else if (grub_file_read (hdr_file, &secondary, sizeof (secondary)) != sizeof (secondary))
+	ret = grub_errno;
+    }
+  else
+    ret = grub_disk_read (disk, 0, grub_be_to_cpu64 (primary.hdr_size), sizeof (secondary), &secondary);
   if (ret)
     return ret;
 
@@ -353,14 +371,10 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs)
   char uuid[sizeof (header.uuid) + 1];
   grub_size_t i, j;
 
-  /* Detached headers are not implemented yet */
-  if (cargs->hdr_file)
-    return NULL;
-
   if (cargs->check_boot)
     return NULL;
 
-  if (luks2_read_header (disk, &header))
+  if (luks2_read_header (disk, cargs->hdr_file, &header))
     {
       grub_errno = GRUB_ERR_NONE;
       return NULL;
@@ -427,6 +441,7 @@ luks2_verify_key (grub_luks2_digest_t *d, grub_uint8_t *candidate_key,
 static grub_err_t
 luks2_decrypt_key (grub_uint8_t *out_key,
 		   grub_disk_t source, grub_cryptodisk_t crypt,
+		   grub_cryptomount_args_t cargs,
 		   grub_luks2_keyslot_t *k,
 		   const grub_uint8_t *passphrase, grub_size_t passphraselen)
 {
@@ -502,7 +517,17 @@ luks2_decrypt_key (grub_uint8_t *out_key,
     }
 
   grub_errno = GRUB_ERR_NONE;
-  ret = grub_disk_read (source, 0, k->area.offset, k->area.size, split_key);
+  if (cargs->hdr_file)
+    {
+      if (grub_file_seek (cargs->hdr_file, k->area.offset) == (grub_off_t) -1)
+	ret = grub_errno;
+
+      else if (grub_file_read (cargs->hdr_file, split_key, k->area.size) != k->area.size)
+	ret = grub_errno;
+    }
+  else
+    ret = grub_disk_read (source, 0, k->area.offset, k->area.size, split_key);
+
   if (ret)
     {
       grub_error (GRUB_ERR_IO, "Read error: %s\n", grub_errmsg);
@@ -564,11 +589,7 @@ luks2_recover_key (grub_disk_t source,
   if (cargs->key_data == NULL || cargs->key_len == 0)
     return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data");
 
-  /* Detached headers are not implemented yet */
-  if (cargs->hdr_file)
-     return GRUB_ERR_NOT_IMPLEMENTED_YET;
-
-  ret = luks2_read_header (source, &header);
+  ret = luks2_read_header (source, cargs->hdr_file, &header);
   if (ret)
     return ret;
 
@@ -577,8 +598,18 @@ luks2_recover_key (grub_disk_t source,
       return GRUB_ERR_OUT_OF_MEMORY;
 
   /* Read the JSON area. */
-  ret = grub_disk_read (source, 0, grub_be_to_cpu64 (header.hdr_offset) + sizeof (header),
-			grub_be_to_cpu64 (header.hdr_size) - sizeof (header), json_header);
+  if (cargs->hdr_file)
+    {
+      if (grub_file_seek (cargs->hdr_file, grub_be_to_cpu64 (header.hdr_offset) + sizeof (header)) == (grub_off_t) -1)
+	ret = grub_errno;
+
+      else if (grub_file_read (cargs->hdr_file, json_header, grub_be_to_cpu64 (header.hdr_size) - sizeof (header)) != (grub_be_to_cpu64 (header.hdr_size) - sizeof (header)))
+	ret = grub_errno;
+    }
+  else
+    ret = grub_disk_read (source, 0, grub_be_to_cpu64 (header.hdr_offset) + sizeof (header),
+			  grub_be_to_cpu64 (header.hdr_size) - sizeof (header), json_header);
+
   if (ret)
       goto err;
 
@@ -716,7 +747,7 @@ luks2_recover_key (grub_disk_t source,
 	  crypt->total_sectors = max_crypt_sectors - crypt->offset_sectors;
 	}
 
-      ret = luks2_decrypt_key (candidate_key, source, crypt, &keyslot,
+      ret = luks2_decrypt_key (candidate_key, source, crypt, cargs, &keyslot,
 			       cargs->key_data, cargs->key_len);
       if (ret)
 	{
-- 
2.27.0