Parabola
/
abslibre
镜像来自 https://git.parabola.nu/abslibre.git


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798
							From 6251a7f5223b61605a9b4ba11bb18ed607c05f50 Mon Sep 17 00:00:00 2001
From: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Date: Tue, 17 Mar 2020 08:02:10 +0100
Subject: [PATCH v6 6/6] cryptodisk: Add support for LUKS1 key files

cryptsetup supports key files thourh the --key-file
--header command line argument for both LUKS1 and LUKS2.

This adds support for LUKS1 key files.

Signed-off-by: John Lane <john@lane.uk.net>
GNUtoo@cyberdimension.org: rebase, fixes, commit message
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Reviewed-by: Patrick Steinhardt <ps@pks.im>
---
 grub-core/disk/luks.c | 43 ++++++++++++++++++++++++++-----------------
 1 file changed, 26 insertions(+), 17 deletions(-)

diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
index 0dd33b2af..125a21902 100644
--- a/grub-core/disk/luks.c
+++ b/grub-core/disk/luks.c
@@ -167,7 +167,9 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr,
   struct grub_luks_phdr header;
   grub_size_t keysize;
   grub_uint8_t *split_key = NULL;
-  char passphrase[MAX_PASSPHRASE] = "";
+  char interactive_passphrase[MAX_PASSPHRASE] = "";
+  grub_uint8_t *passphrase;
+  grub_size_t passphrase_length;
   grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
   unsigned i;
   grub_size_t length;
@@ -176,10 +178,6 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr,
   char *tmp;
   grub_uint32_t sector;
 
-  /* Keyfiles are not implemented yet */
-  if (keyfile_bytes || keyfile_bytes_size)
-     return GRUB_ERR_NOT_IMPLEMENTED_YET;
-
   if (hdr)
     {
       if (grub_file_seek (hdr, 0) == (grub_off_t) -1)
@@ -208,18 +206,29 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr,
   if (!split_key)
     return grub_errno;
 
-  /* Get the passphrase from the user.  */
-  tmp = NULL;
-  if (source->partition)
-    tmp = grub_partition_get_name (source->partition);
-  grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
-	       source->partition ? "," : "", tmp ? : "",
-	       dev->uuid);
-  grub_free (tmp);
-  if (!grub_password_get (passphrase, MAX_PASSPHRASE))
+  if (keyfile_bytes)
     {
-      grub_free (split_key);
-      return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
+      /* Use bytestring from key file as passphrase */
+      passphrase = keyfile_bytes;
+      passphrase_length = keyfile_bytes_size;
+    }
+  else
+    {
+      /* Get the passphrase from the user.  */
+      tmp = NULL;
+      if (source->partition)
+        tmp = grub_partition_get_name (source->partition);
+      grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
+		    source->partition ? "," : "", tmp ? : "", dev->uuid);
+      grub_free (tmp);
+      if (!grub_password_get (interactive_passphrase, MAX_PASSPHRASE))
+        {
+          grub_free (split_key);
+          return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
+        }
+
+      passphrase = (grub_uint8_t *)interactive_passphrase;
+      passphrase_length = grub_strlen (interactive_passphrase);
     }
 
   /* Try to recover master key from each active keyslot.  */
@@ -237,7 +246,7 @@ luks_recover_key (grub_disk_t source, grub_cryptodisk_t dev, grub_file_t hdr,
 
       /* Calculate the PBKDF2 of the user supplied passphrase.  */
       gcry_err = grub_crypto_pbkdf2 (dev->hash, (grub_uint8_t *) passphrase,
-				     grub_strlen (passphrase),
+				     passphrase_length,
 				     header.keyblock[i].passwordSalt,
 				     sizeof (header.keyblock[i].passwordSalt),
 				     grub_be_to_cpu32 (header.keyblock[i].
-- 
2.28.0