From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1nk3XR-0006gK-UD for mharc-grub-devel@gnu.org; Thu, 28 Apr 2022 08:46:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34268) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nk3XJ-0006dS-Ni for grub-devel@gnu.org; Thu, 28 Apr 2022 08:46:27 -0400 Received: from dibed.net-space.pl ([84.10.22.86]:36995) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_3DES_EDE_CBC_SHA1:192) (Exim 4.90_1) (envelope-from ) id 1nk3XH-0000Ha-2u for grub-devel@gnu.org; Thu, 28 Apr 2022 08:46:20 -0400 Received: from router-fw.i.net-space.pl ([192.168.52.1]:44766 "EHLO tomti.i.net-space.pl") by router-fw-old.i.net-space.pl with ESMTP id S2133827AbiD1MqO (ORCPT ); Thu, 28 Apr 2022 14:46:14 +0200 X-Comment: RFC 2476 MSA function at dibed.net-space.pl logged sender identity as: dkiper Date: Thu, 28 Apr 2022 14:46:11 +0200 From: Daniel Kiper To: Glenn Washburn Cc: grub-devel@gnu.org, Denis 'GNUtoo' Carikli , Patrick Steinhardt , John Lane Subject: Re: [PATCH v9 4/7] cryptodisk: Add support for LUKS1 detached headers Message-ID: <20220428124611.v7detdgffsoudnae@tomti.i.net-space.pl> References: <05c7ca844cf3a1703fa8e7633e116c331919e59d.1649658484.git.development@efficientek.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <05c7ca844cf3a1703fa8e7633e116c331919e59d.1649658484.git.development@efficientek.com> User-Agent: NeoMutt/20170113 (1.7.2) Received-SPF: pass client-ip=84.10.22.86; envelope-from=dkiper@net-space.pl; helo=dibed.net-space.pl X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Apr 2022 12:46:28 -0000 On Mon, Apr 11, 2022 at 06:40:25AM +0000, Glenn Washburn wrote: > From: John Lane > > cryptsetup supports having a detached header through the --header command > line argument for both LUKS1 and LUKS2. Allow the LUKS1 backend to use a > given file as the LUKS1 header (aka detached header) instead of looking for > the header on the disk. > > Signed-off-by: John Lane > GNUtoo@cyberdimension.org: rebase, small fixes, commit message > Signed-off-by: Denis 'GNUtoo' Carikli > development@efficientek.com: rebase, improve commit message > Signed-off-by: Glenn Washburn > --- > grub-core/disk/luks.c | 48 ++++++++++++++++++++++++++++++------------- > 1 file changed, 34 insertions(+), 14 deletions(-) > > diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c > index fe1655c3c2..195c4bb8da 100644 > --- a/grub-core/disk/luks.c > +++ b/grub-core/disk/luks.c > @@ -23,6 +23,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -73,17 +74,23 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > char ciphername[sizeof (header.cipherName) + 1]; > char ciphermode[sizeof (header.cipherMode) + 1]; > char hashspec[sizeof (header.hashSpec) + 1]; > - grub_err_t err; > - > - /* Detached headers are not implemented yet */ > - if (cargs->hdr_file) > - return NULL; > + grub_err_t err = GRUB_ERR_NONE; > > if (cargs->check_boot) > return NULL; > > /* Read the LUKS header. */ > - err = grub_disk_read (disk, 0, 0, sizeof (header), &header); > + if (cargs->hdr_file) I would prefer if you do "if (cargs->hdr_file != NULL)". Please fix this in other places/patches too. > + { > + if (grub_file_seek (cargs->hdr_file, 0) == (grub_off_t) -1) > + return NULL; > + > + if (grub_file_read (cargs->hdr_file, &header, sizeof (header)) != sizeof (header)) > + return NULL; > + } > + else > + err = grub_disk_read (disk, 0, 0, sizeof (header), &header); > + > if (err) > { > if (err == GRUB_ERR_OUT_OF_RANGE) > @@ -162,17 +169,24 @@ luks_recover_key (grub_disk_t source, > grub_uint8_t candidate_digest[sizeof (header.mkDigest)]; > unsigned i; > grub_size_t length; > - grub_err_t err; > + grub_err_t err = GRUB_ERR_NONE; > grub_size_t max_stripes = 1; > + grub_uint32_t sector; > > if (cargs->key_data == NULL || cargs->key_len == 0) > return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data"); > > - /* Detached headers are not implemented yet */ > if (cargs->hdr_file) > - return GRUB_ERR_NOT_IMPLEMENTED_YET; > + { > + if (grub_file_seek (cargs->hdr_file, 0) == (grub_off_t) -1) > + return grub_errno; > + > + if (grub_file_read (cargs->hdr_file, &header, sizeof (header)) != sizeof (header)) > + return grub_errno; > + } > + else > + err = grub_disk_read (source, 0, 0, sizeof (header), &header); > > - err = grub_disk_read (source, 0, 0, sizeof (header), &header); > if (err) > return err; > > @@ -227,13 +241,19 @@ luks_recover_key (grub_disk_t source, > return grub_crypto_gcry_error (gcry_err); > } > > + sector = grub_be_to_cpu32 (header.keyblock[i].keyMaterialOffset); > length = (keysize * grub_be_to_cpu32 (header.keyblock[i].stripes)); > > /* Read and decrypt the key material from the disk. */ > - err = grub_disk_read (source, > - grub_be_to_cpu32 (header.keyblock > - [i].keyMaterialOffset), 0, > - length, split_key); > + if (cargs->hdr_file) > + { > + if (grub_file_seek (cargs->hdr_file, sector * 512) == (grub_off_t) -1) s/512/1 << GRUB_LUKS1_LOG_SECTOR_SIZE/? Otherwise Reviewed-by: Daniel Kiper Daniel