From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1YDGzS-0000iV-Q4 for mharc-grub-devel@gnu.org; Mon, 19 Jan 2015 13:23:54 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38011) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YDGzQ-0000dI-4y for grub-devel@gnu.org; Mon, 19 Jan 2015 13:23:53 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YDGzM-0008Jk-4C for grub-devel@gnu.org; Mon, 19 Jan 2015 13:23:52 -0500 Received: from mail.ixsystems.com ([69.198.165.135]:53175 helo=barracuda.ixsystems.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YDGzL-0008Jf-Rr for grub-devel@gnu.org; Mon, 19 Jan 2015 13:23:48 -0500 X-ASG-Debug-ID: 1421691824-08ca0411b201510002-Td4drV Received: from [192.168.0.51] (75-130-56-30.static.kgpt.tn.charter.com [75.130.56.30]) by barracuda.ixsystems.com with ESMTP id PVEUsazmGcKbQkJS (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Mon, 19 Jan 2015 10:23:45 -0800 (PST) X-Barracuda-Envelope-From: kris@pcbsd.org X-Barracuda-AUTH-User: kris@pcbsd.org X-Barracuda-Apparent-Source-IP: 75.130.56.30 Message-ID: <54BD4BB0.9050108@pcbsd.org> Date: Mon, 19 Jan 2015 13:23:44 -0500 From: Kris Moore User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: grub-devel@gnu.org Subject: Patch for GELI v7 support Content-Type: multipart/mixed; boundary="------------000700090507040105040903" X-ASG-Orig-Subj: Patch for GELI v7 support X-Barracuda-Connect: 75-130-56-30.static.kgpt.tn.charter.com[75.130.56.30] X-Barracuda-Start-Time: 1421691825 X-Barracuda-Encrypted: ECDHE-RSA-AES128-GCM-SHA256 X-Barracuda-URL: https://10.2.0.41:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at ixsystems.com X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=8.0 tests= X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.14430 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 69.198.165.135 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jan 2015 18:23:53 -0000 This is a multi-part message in MIME format. --------------000700090507040105040903 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit GRUB's GELI support currently only supports up to v5, but FreeBSD has updated to v7. The following patch updates GELI in GRUB to support v7, along with the legacy v6 and below. By the way, I've sent in a number of these patches now. Is there a better place / way to submit patches? -- Kris Moore PC-BSD Software iXsystems --------------000700090507040105040903 Content-Type: text/x-csrc; name="patch-grub-core_disk_geli.c" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="patch-grub-core_disk_geli.c" --- grub-core/disk/geli.c.orig 2014-12-30 11:08:32.000000000 -0500 +++ grub-core/disk/geli.c 2015-01-13 13:42:46.758595608 -0500 @@ -225,7 +225,7 @@ /* Look for GELI magic sequence. */ if (grub_memcmp (header->magic, GELI_MAGIC, sizeof (GELI_MAGIC)) - || grub_le_to_cpu32 (header->version) > 5 + || grub_le_to_cpu32 (header->version) > 7 || grub_le_to_cpu32 (header->version) < 1) grub_util_error ("%s", _("wrong ELI magic or version")); @@ -265,7 +265,7 @@ /* Look for GELI magic sequence. */ if (grub_memcmp (header.magic, GELI_MAGIC, sizeof (GELI_MAGIC)) - || grub_le_to_cpu32 (header.version) > 5 + || grub_le_to_cpu32 (header.version) > 7 || grub_le_to_cpu32 (header.version) < 1) { grub_dprintf ("geli", "wrong magic %02x\n", header.magic[0]); @@ -401,6 +401,7 @@ grub_uint8_t geomkey[GRUB_CRYPTO_MAX_MDLEN]; grub_uint8_t verify_key[GRUB_CRYPTO_MAX_MDLEN]; grub_uint8_t zero[GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE]; + grub_uint8_t geli_cipher_key[64]; char passphrase[MAX_PASSPHRASE] = ""; unsigned i; gcry_err_code_t gcry_err; @@ -524,6 +528,19 @@ continue; grub_printf_ (N_("Slot %d opened\n"), i); + if (grub_le_to_cpu32 (header.version) >= 7) + { + /* GELI >=7 uses the cipher_key */ + grub_memcpy (geli_cipher_key, candidate_key.cipher_key, + sizeof (candidate_key.cipher_key)); + } + else + { + /* GELI <=6 uses the iv_key */ + grub_memcpy (geli_cipher_key, candidate_key.iv_key, + sizeof (candidate_key.iv_key)); + } + /* Set the master key. */ if (!dev->rekey) { @@ -540,13 +557,13 @@ grub_size_t real_keysize = keysize; if (grub_le_to_cpu16 (header.alg) == 0x16) real_keysize *= 2; - /* For a reason I don't know, the IV key is used in rekeying. */ - grub_memcpy (dev->rekey_key, candidate_key.iv_key, - sizeof (candidate_key.iv_key)); + + grub_memcpy (dev->rekey_key, geli_cipher_key, + sizeof (geli_cipher_key)); dev->rekey_derived_size = real_keysize; dev->last_rekey = -1; COMPILE_TIME_ASSERT (sizeof (dev->rekey_key) - >= sizeof (candidate_key.iv_key)); + >= sizeof (geli_cipher_key)); } dev->iv_prefix_len = sizeof (candidate_key.iv_key); --------------000700090507040105040903--