From: Kris Moore <kris@pcbsd.org>
To: grub-devel@gnu.org
Subject: Patch for GELI v7 support
Date: Mon, 19 Jan 2015 13:23:44 -0500 [thread overview]
Message-ID: <54BD4BB0.9050108@pcbsd.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 327 bytes --]
GRUB's GELI support currently only supports up to v5, but FreeBSD has
updated to v7. The following patch updates GELI in GRUB to support v7,
along with the legacy v6 and below.
By the way, I've sent in a number of these patches now. Is there a
better place / way to submit patches?
--
Kris Moore
PC-BSD Software
iXsystems
[-- Attachment #2: patch-grub-core_disk_geli.c --]
[-- Type: text/x-csrc, Size: 2311 bytes --]
--- grub-core/disk/geli.c.orig 2014-12-30 11:08:32.000000000 -0500
+++ grub-core/disk/geli.c 2015-01-13 13:42:46.758595608 -0500
@@ -225,7 +225,7 @@
/* Look for GELI magic sequence. */
if (grub_memcmp (header->magic, GELI_MAGIC, sizeof (GELI_MAGIC))
- || grub_le_to_cpu32 (header->version) > 5
+ || grub_le_to_cpu32 (header->version) > 7
|| grub_le_to_cpu32 (header->version) < 1)
grub_util_error ("%s", _("wrong ELI magic or version"));
@@ -265,7 +265,7 @@
/* Look for GELI magic sequence. */
if (grub_memcmp (header.magic, GELI_MAGIC, sizeof (GELI_MAGIC))
- || grub_le_to_cpu32 (header.version) > 5
+ || grub_le_to_cpu32 (header.version) > 7
|| grub_le_to_cpu32 (header.version) < 1)
{
grub_dprintf ("geli", "wrong magic %02x\n", header.magic[0]);
@@ -401,6 +401,7 @@
grub_uint8_t geomkey[GRUB_CRYPTO_MAX_MDLEN];
grub_uint8_t verify_key[GRUB_CRYPTO_MAX_MDLEN];
grub_uint8_t zero[GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE];
+ grub_uint8_t geli_cipher_key[64];
char passphrase[MAX_PASSPHRASE] = "";
unsigned i;
gcry_err_code_t gcry_err;
@@ -524,6 +528,19 @@
continue;
grub_printf_ (N_("Slot %d opened\n"), i);
+ if (grub_le_to_cpu32 (header.version) >= 7)
+ {
+ /* GELI >=7 uses the cipher_key */
+ grub_memcpy (geli_cipher_key, candidate_key.cipher_key,
+ sizeof (candidate_key.cipher_key));
+ }
+ else
+ {
+ /* GELI <=6 uses the iv_key */
+ grub_memcpy (geli_cipher_key, candidate_key.iv_key,
+ sizeof (candidate_key.iv_key));
+ }
+
/* Set the master key. */
if (!dev->rekey)
{
@@ -540,13 +557,13 @@
grub_size_t real_keysize = keysize;
if (grub_le_to_cpu16 (header.alg) == 0x16)
real_keysize *= 2;
- /* For a reason I don't know, the IV key is used in rekeying. */
- grub_memcpy (dev->rekey_key, candidate_key.iv_key,
- sizeof (candidate_key.iv_key));
+
+ grub_memcpy (dev->rekey_key, geli_cipher_key,
+ sizeof (geli_cipher_key));
dev->rekey_derived_size = real_keysize;
dev->last_rekey = -1;
COMPILE_TIME_ASSERT (sizeof (dev->rekey_key)
- >= sizeof (candidate_key.iv_key));
+ >= sizeof (geli_cipher_key));
}
dev->iv_prefix_len = sizeof (candidate_key.iv_key);
next reply other threads:[~2015-01-19 18:23 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-19 18:23 Kris Moore [this message]
2015-01-19 18:59 ` Patch for GELI v7 support Andrei Borzenkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54BD4BB0.9050108@pcbsd.org \
--to=kris@pcbsd.org \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.