From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1nmtbl-00050d-IN for mharc-grub-devel@gnu.org; Fri, 06 May 2022 04:46:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59302) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nmtbj-00050H-KM for grub-devel@gnu.org; Fri, 06 May 2022 04:46:39 -0400 Received: from mail-vs1-xe30.google.com ([2607:f8b0:4864:20::e30]:41831) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nmtbh-0003wg-Jl for grub-devel@gnu.org; Fri, 06 May 2022 04:46:39 -0400 Received: by mail-vs1-xe30.google.com with SMTP id w124so6528463vsb.8 for ; Fri, 06 May 2022 01:46:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficientek-com.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=16tz1ZW4fIizzw4VVyJdDQnFq+DWAh+yZw3a1PaEBKs=; b=4pdc2h2+2ez+7nq0QduDjmtfQ+SWykRZRpV4WSQnHIqYC1rGaeUukuSAxCPGpAAvR4 BOKIkA5Yufql+vijt8VPNQLVY7kMm16whV5LLtEC/O4lOCVLl7PTOG61vSgJalq1ZrPa b0YW+pT96808n3Toddh1sJN//tetSKp3MANiHFxLHFGfB9SxTT880xKbIXRnnGRzFXHG LGI0v4rSE6SXn6/6eC1n5vtqte3T9cMLK2TvrDhUC5Ti7AATe/Lt/fSo1hcuy9q5A9OK tDSoVMWLjYYwej505h4xp1Q0LAQ6ZREL1DLGafJP/y8aYgToPpLhquqVoqtkui5wrAqT vSPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=16tz1ZW4fIizzw4VVyJdDQnFq+DWAh+yZw3a1PaEBKs=; b=aBW8uxBoxAirxkMAF2jAbzeH9VdXX7OBdIrzrdHnC3Dzd9C4XTR3ZaQvUVNwhGi0n4 TCnnwY2k/FNxIIHxd/lzSIvx583IKuqKCmmtzwHZe42YQUMhOwmB/mVRmoTK+fC4Pgdo Mw22DSpIHfCMtOpknimuHTFeAA4zwS+ouGsjFtPjsXnTrZfO9+01YtEEY/oZ32eGGxDa 5HC1myW2uzkhDMiyvFJ+gLj03d8OJg9gFf6OShDEj0/kqIkAkYVVyVxnaxYycxIvZuGq RYvJK/qgzoPR2lISCMDHw3L0P7KOPT6sbRCsbUmBoyVOv8uKLwfNJLdnyLrVhyuTLX2s gSLw== X-Gm-Message-State: AOAM532Zsk5a7wSJuS7Y2bJ5IG6VECo7A5iwmD9X7rSzoeEvoM2YlJ5U H58PaoCTdegPx6vRmYOXo5nt4DP5/HgtGzej X-Google-Smtp-Source: ABdhPJyEnbmAU7FqdR5xm4HwO1FUhcpD9M0gAIXIp96qQHajQgYkhSdnAz9AVMLLhSGqcVgE6bIPiQ== X-Received: by 2002:a05:6102:3111:b0:32c:ffc8:939c with SMTP id e17-20020a056102311100b0032cffc8939cmr654693vsh.56.1651826796306; Fri, 06 May 2022 01:46:36 -0700 (PDT) Received: from localhost.localdomain ([37.218.244.249]) by smtp.gmail.com with ESMTPSA id t19-20020ab06993000000b00362c5d5a021sm657136uaq.32.2022.05.06.01.46.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 May 2022 01:46:35 -0700 (PDT) From: Glenn Washburn To: grub-devel@gnu.org, Daniel Kiper Cc: Denis 'GNUtoo' Carikli , Patrick Steinhardt , John Lane , Glenn Washburn Subject: [PATCH 0/4] Cryptomount keyfile support Date: Fri, 6 May 2022 03:45:56 -0500 Message-Id: X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::e30; envelope-from=development@efficientek.com; helo=mail-vs1-xe30.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 May 2022 08:46:39 -0000 I'm breaking the keyfile and detached header patch series into two series. I think that the detached header patches can be improved and I don't want to hold up the more trivial keyfile support patches. This series is patches #1, #2, #5, and a split of #7, the documentation patch. The first two patches are unchanged. The third contains changes addressing comments by Daniel on the v9 keyfile and detached header patch series. And the last patch is the same #7 except removing reference to the detached header option. Glenn Denis 'GNUtoo' Carikli (2): cryptodisk: luks: Unify grub_cryptodisk_dev function names cryptodisk: geli: Unify grub_cryptodisk_dev function names Glenn Washburn (1): docs: Add documentation on keyfile option to cryptomount John Lane (1): cryptodisk: Add options to cryptomount to support keyfiles docs/grub.texi | 14 +++--- grub-core/disk/cryptodisk.c | 86 ++++++++++++++++++++++++++++++++++++- grub-core/disk/geli.c | 8 ++-- grub-core/disk/luks.c | 4 +- include/grub/cryptodisk.h | 2 + include/grub/file.h | 2 + 6 files changed, 104 insertions(+), 12 deletions(-) Interdiff: diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c index 45f6d7231..19af4fa49 100644 --- a/grub-core/disk/cryptodisk.c +++ b/grub-core/disk/cryptodisk.c @@ -1179,33 +1179,29 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) { const char *p = NULL; grub_file_t keyfile; - int keyfile_offset; - grub_size_t keyfile_size = 0; - + unsigned long long keyfile_offset = 0, keyfile_size = 0; if (state[5].set) /* keyfile-offset */ { - keyfile_offset = grub_strtoul (state[5].arg, &p, 0); + keyfile_offset = grub_strtoull (state[5].arg, &p, 0); if (grub_errno != GRUB_ERR_NONE) return grub_errno; - if (*p != '\0') + if (state[5].arg[0] == '\0' || *p != '\0') return grub_error (GRUB_ERR_BAD_ARGUMENT, - N_("unrecognized number")); - } - else - { - keyfile_offset = 0; + N_("non-numeric or invalid keyfile offset `%s'"), + state[5].arg); } if (state[6].set) /* keyfile-size */ { keyfile_size = grub_strtoul (state[6].arg, &p, 0); - if (*p != '\0') + if (state[6].arg[0] == '\0' || *p != '\0') return grub_error (GRUB_ERR_BAD_ARGUMENT, - N_("unrecognized number")); + N_("non-numeric or invalid keyfile size `%s'"), + state[6].arg); if (grub_errno != GRUB_ERR_NONE) return grub_errno; @@ -1224,16 +1220,23 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) if (keyfile == NULL) return grub_errno; - if (grub_file_seek (keyfile, keyfile_offset) == (grub_off_t)-1) + if (keyfile_offset > keyfile->size) + { + keyfile_offset = keyfile->size; + grub_dprintf ("cryptodisk","Keyfile offset, %llu, is greater than" + "keyfile size, %" PRIuGRUB_UINT64_T "\n", + keyfile_offset, keyfile->size); + } + + if (grub_file_seek (keyfile, (grub_off_t) keyfile_offset) == (grub_off_t) -1) return grub_errno; if (keyfile_size > 0) { if (keyfile_size > (keyfile->size - keyfile_offset)) return grub_error (GRUB_ERR_FILE_READ_ERROR, - N_("keyfile is too small: " - "requested %" PRIuGRUB_SIZE " bytes, " - "but the file only has %" PRIuGRUB_UINT64_T + N_("keyfile is too small: requested %llu bytes," + " but the file only has %" PRIuGRUB_UINT64_T " bytes"), keyfile_size, keyfile->size); @@ -1241,9 +1244,7 @@ grub_cmd_cryptomount (grub_extcmd_context_t ctxt, int argc, char **args) cargs.key_len = keyfile_size; } else - { - cargs.key_len = keyfile->size - keyfile_offset; - } + cargs.key_len = keyfile->size - keyfile_offset; cargs.key_data = grub_malloc (cargs.key_len); if (cargs.key_data == NULL) -- 2.34.1