Don't mount the same LUKS volume twice

This commit is contained in:
Vladimir 'phcoder' Serbinenko 2011-04-21 11:38:51 +02:00
parent 5709ed126d
commit a89c3dd3f7

View file

@ -47,7 +47,7 @@ struct grub_luks_phdr
grub_uint8_t mkDigest[20]; grub_uint8_t mkDigest[20];
grub_uint8_t mkDigestSalt[32]; grub_uint8_t mkDigestSalt[32];
grub_uint32_t mkDigestIterations; grub_uint32_t mkDigestIterations;
grub_uint8_t uuid[40]; char uuid[40];
struct struct
{ {
grub_uint32_t active; grub_uint32_t active;
@ -65,8 +65,7 @@ typedef enum
GRUB_LUKS_MODE_ECB, GRUB_LUKS_MODE_ECB,
GRUB_LUKS_MODE_CBC_PLAIN, GRUB_LUKS_MODE_CBC_PLAIN,
GRUB_LUKS_MODE_CBC_ESSIV GRUB_LUKS_MODE_CBC_ESSIV
} } luks_mode_t;
luks_mode_t;
struct grub_luks struct grub_luks
{ {
@ -77,7 +76,9 @@ struct grub_luks
grub_crypto_cipher_handle_t cipher; grub_crypto_cipher_handle_t cipher;
grub_crypto_cipher_handle_t essiv_cipher; grub_crypto_cipher_handle_t essiv_cipher;
luks_mode_t mode; luks_mode_t mode;
int id; unsigned long id, source_id;
enum grub_disk_dev_id source_dev_id;
char uuid[sizeof (((struct grub_luks_phdr *) 0)->uuid)];
struct grub_luks *next; struct grub_luks *next;
}; };
typedef struct grub_luks *grub_luks_t; typedef struct grub_luks *grub_luks_t;
@ -154,11 +155,9 @@ static int check_uuid, have_it;
static char *uuid; static char *uuid;
static grub_err_t static grub_err_t
grub_luks_scan_device_real (const char *name) grub_luks_scan_device_real (const char *name, grub_disk_t source)
{ {
grub_disk_t source;
grub_err_t err; grub_err_t err;
grub_luks_t newdev;
struct grub_luks_phdr header; struct grub_luks_phdr header;
grub_crypto_cipher_handle_t cipher = NULL, essiv_cipher = NULL; grub_crypto_cipher_handle_t cipher = NULL, essiv_cipher = NULL;
const gcry_md_spec_t *hash = NULL, *essiv_hash = NULL; const gcry_md_spec_t *hash = NULL, *essiv_hash = NULL;
@ -174,73 +173,38 @@ grub_luks_scan_device_real (const char *name)
char passphrase[MAX_PASSPHRASE] = ""; char passphrase[MAX_PASSPHRASE] = "";
grub_uint8_t candidate_digest[sizeof (header.mkDigest)]; grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
/* Try to open disk. */
source = grub_disk_open (name);
if (!source)
return grub_errno;
/* Read the LUKS header. */ /* Read the LUKS header. */
err = grub_disk_read (source, 0, 0, sizeof (header), &header); err = grub_disk_read (source, 0, 0, sizeof (header), &header);
if (err) if (err)
{
grub_disk_close (source);
return err; return err;
}
/* Look for LUKS magic sequence. */ /* Look for LUKS magic sequence. */
if (grub_memcmp (header.magic, LUKS_MAGIC, sizeof (header.magic)) if (grub_memcmp (header.magic, LUKS_MAGIC, sizeof (header.magic))
|| grub_be_to_cpu16 (header.version) != 1) || grub_be_to_cpu16 (header.version) != 1)
{
grub_disk_close (source);
return GRUB_ERR_NONE; return GRUB_ERR_NONE;
}
if (check_uuid && grub_memcmp (header.uuid, uuid,
sizeof (header.uuid)) != 0)
return 0;
newdev = grub_zalloc (sizeof (struct grub_luks));
if (!newdev)
{
grub_disk_close (source);
return grub_errno;
}
newdev->id = n;
newdev->devname = grub_xasprintf ("luks%d", n);
newdev->source = grub_strdup (name);
n++;
/* Make sure that strings are null terminated. */ /* Make sure that strings are null terminated. */
header.cipherName[sizeof (header.cipherName) - 1] = 0; header.cipherName[sizeof (header.cipherName) - 1] = 0;
header.cipherMode[sizeof (header.cipherMode) - 1] = 0; header.cipherMode[sizeof (header.cipherMode) - 1] = 0;
header.hashSpec[sizeof (header.hashSpec) - 1] = 0; header.hashSpec[sizeof (header.hashSpec) - 1] = 0;
header.uuid[sizeof (header.uuid) - 1] = 0;
if (check_uuid && grub_strcmp (header.uuid, uuid) != 0)
return 0;
ciph = grub_crypto_lookup_cipher_by_name (header.cipherName); ciph = grub_crypto_lookup_cipher_by_name (header.cipherName);
if (!ciph) if (!ciph)
{
grub_disk_close (source);
return grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher %s isn't available", return grub_error (GRUB_ERR_FILE_NOT_FOUND, "Cipher %s isn't available",
header.cipherName); header.cipherName);
}
/* Configure the cipher used for the bulk data. */ /* Configure the cipher used for the bulk data. */
cipher = grub_crypto_cipher_open (ciph); cipher = grub_crypto_cipher_open (ciph);
if (!cipher) if (!cipher)
{
grub_disk_close (source);
grub_free (newdev);
return grub_errno; return grub_errno;
}
keysize = grub_be_to_cpu32 (header.keyBytes); keysize = grub_be_to_cpu32 (header.keyBytes);
if (keysize > 1024) if (keysize > 1024)
{ return grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid keysize %d", keysize);
grub_disk_close (source);
grub_free (newdev);
return grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid keysize %d",
keysize);
}
/* Configure the cipher mode. */ /* Configure the cipher mode. */
if (grub_strncmp (header.cipherMode, "ecb", 3) == 0) if (grub_strncmp (header.cipherMode, "ecb", 3) == 0)
@ -258,8 +222,6 @@ grub_luks_scan_device_real (const char *name)
if (!essiv_hash) if (!essiv_hash)
{ {
grub_crypto_cipher_close (cipher); grub_crypto_cipher_close (cipher);
grub_disk_close (source);
grub_free (newdev);
return grub_error (GRUB_ERR_FILE_NOT_FOUND, return grub_error (GRUB_ERR_FILE_NOT_FOUND,
"Couldn't load %s hash", hash_str); "Couldn't load %s hash", hash_str);
} }
@ -267,8 +229,6 @@ grub_luks_scan_device_real (const char *name)
if (!cipher) if (!cipher)
{ {
grub_crypto_cipher_close (cipher); grub_crypto_cipher_close (cipher);
grub_disk_close (source);
grub_free (newdev);
return grub_errno; return grub_errno;
} }
@ -278,16 +238,12 @@ grub_luks_scan_device_real (const char *name)
{ {
grub_crypto_cipher_close (cipher); grub_crypto_cipher_close (cipher);
grub_crypto_cipher_close (essiv_cipher); grub_crypto_cipher_close (essiv_cipher);
grub_disk_close (source);
grub_free (newdev);
return grub_errno; return grub_errno;
} }
} }
else else
{ {
grub_crypto_cipher_close (cipher); grub_crypto_cipher_close (cipher);
grub_disk_close (source);
grub_free (newdev);
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown cipher mode: %s", return grub_error (GRUB_ERR_BAD_ARGUMENT, "Unknown cipher mode: %s",
header.cipherMode); header.cipherMode);
} }
@ -299,8 +255,6 @@ grub_luks_scan_device_real (const char *name)
grub_crypto_cipher_close (cipher); grub_crypto_cipher_close (cipher);
grub_crypto_cipher_close (essiv_cipher); grub_crypto_cipher_close (essiv_cipher);
grub_free (hashed_key); grub_free (hashed_key);
grub_disk_close (source);
grub_free (newdev);
return grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash", return grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
header.hashSpec); header.hashSpec);
} }
@ -316,8 +270,6 @@ grub_luks_scan_device_real (const char *name)
grub_crypto_cipher_close (cipher); grub_crypto_cipher_close (cipher);
grub_crypto_cipher_close (essiv_cipher); grub_crypto_cipher_close (essiv_cipher);
grub_free (hashed_key); grub_free (hashed_key);
grub_disk_close (source);
grub_free (newdev);
return grub_errno; return grub_errno;
} }
@ -329,8 +281,6 @@ grub_luks_scan_device_real (const char *name)
grub_crypto_cipher_close (essiv_cipher); grub_crypto_cipher_close (essiv_cipher);
grub_free (hashed_key); grub_free (hashed_key);
grub_free (split_key); grub_free (split_key);
grub_disk_close (source);
grub_free (newdev);
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied"); return grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
} }
@ -361,8 +311,6 @@ grub_luks_scan_device_real (const char *name)
grub_crypto_cipher_close (essiv_cipher); grub_crypto_cipher_close (essiv_cipher);
grub_free (hashed_key); grub_free (hashed_key);
grub_free (split_key); grub_free (split_key);
grub_disk_close (source);
grub_free (newdev);
return grub_crypto_gcry_error (gcry_err); return grub_crypto_gcry_error (gcry_err);
} }
@ -376,8 +324,6 @@ grub_luks_scan_device_real (const char *name)
grub_crypto_cipher_close (essiv_cipher); grub_crypto_cipher_close (essiv_cipher);
grub_free (hashed_key); grub_free (hashed_key);
grub_free (split_key); grub_free (split_key);
grub_disk_close (source);
grub_free (newdev);
return grub_crypto_gcry_error (gcry_err); return grub_crypto_gcry_error (gcry_err);
} }
@ -404,8 +350,6 @@ grub_luks_scan_device_real (const char *name)
grub_crypto_cipher_close (essiv_cipher); grub_crypto_cipher_close (essiv_cipher);
grub_free (hashed_key); grub_free (hashed_key);
grub_free (split_key); grub_free (split_key);
grub_disk_close (source);
grub_free (newdev);
return err; return err;
} }
@ -417,8 +361,6 @@ grub_luks_scan_device_real (const char *name)
grub_crypto_cipher_close (essiv_cipher); grub_crypto_cipher_close (essiv_cipher);
grub_free (hashed_key); grub_free (hashed_key);
grub_free (split_key); grub_free (split_key);
grub_disk_close (source);
grub_free (newdev);
return grub_crypto_gcry_error (gcry_err); return grub_crypto_gcry_error (gcry_err);
} }
@ -431,8 +373,6 @@ grub_luks_scan_device_real (const char *name)
grub_crypto_cipher_close (essiv_cipher); grub_crypto_cipher_close (essiv_cipher);
grub_free (hashed_key); grub_free (hashed_key);
grub_free (split_key); grub_free (split_key);
grub_disk_close (source);
grub_free (newdev);
return grub_crypto_gcry_error (gcry_err); return grub_crypto_gcry_error (gcry_err);
} }
@ -453,8 +393,6 @@ grub_luks_scan_device_real (const char *name)
grub_crypto_cipher_close (essiv_cipher); grub_crypto_cipher_close (essiv_cipher);
grub_free (hashed_key); grub_free (hashed_key);
grub_free (split_key); grub_free (split_key);
grub_disk_close (source);
grub_free (newdev);
return grub_crypto_gcry_error (gcry_err); return grub_crypto_gcry_error (gcry_err);
} }
@ -464,8 +402,6 @@ grub_luks_scan_device_real (const char *name)
sizeof (header.mkDigest)) != 0) sizeof (header.mkDigest)) != 0)
continue; continue;
grub_disk_close (source);
grub_printf ("Slot %d opened\n", i); grub_printf ("Slot %d opened\n", i);
/* Set the master key. */ /* Set the master key. */
@ -476,12 +412,9 @@ grub_luks_scan_device_real (const char *name)
grub_crypto_cipher_close (essiv_cipher); grub_crypto_cipher_close (essiv_cipher);
grub_free (hashed_key); grub_free (hashed_key);
grub_free (split_key); grub_free (split_key);
grub_free (newdev);
return grub_crypto_gcry_error (gcry_err); return grub_crypto_gcry_error (gcry_err);
} }
newdev->cipher = cipher;
/* Configure ESSIV if necessary. */ /* Configure ESSIV if necessary. */
if (mode == GRUB_LUKS_MODE_CBC_ESSIV) if (mode == GRUB_LUKS_MODE_CBC_ESSIV)
{ {
@ -495,24 +428,33 @@ grub_luks_scan_device_real (const char *name)
grub_crypto_cipher_close (essiv_cipher); grub_crypto_cipher_close (essiv_cipher);
grub_free (hashed_key); grub_free (hashed_key);
grub_free (split_key); grub_free (split_key);
grub_free (newdev);
return grub_crypto_gcry_error (gcry_err); return grub_crypto_gcry_error (gcry_err);
} }
newdev->essiv_cipher = essiv_cipher;
}
else
{
newdev->essiv_cipher = NULL;
} }
{
grub_luks_t newdev;
newdev = grub_zalloc (sizeof (struct grub_luks));
if (!newdev)
return grub_errno;
newdev->id = n;
newdev->devname = grub_xasprintf ("luks%d", n);
newdev->source = grub_strdup (name);
newdev->source_id = source->id;
newdev->source_dev_id = source->dev->id;
newdev->cipher = cipher;
newdev->offset = grub_be_to_cpu32 (header.payloadOffset); newdev->offset = grub_be_to_cpu32 (header.payloadOffset);
newdev->source_disk = NULL; newdev->source_disk = NULL;
newdev->mode = mode; newdev->mode = mode;
newdev->essiv_cipher = essiv_cipher;
grub_memcpy (newdev->uuid, header.uuid, sizeof (newdev->uuid));
newdev->next = luks_list;
luks_list = newdev;
n++;
}
grub_free (split_key); grub_free (split_key);
grub_free (hashed_key); grub_free (hashed_key);
newdev->next = luks_list;
luks_list = newdev;
have_it = 1; have_it = 1;
@ -526,7 +468,17 @@ static int
grub_luks_scan_device (const char *name) grub_luks_scan_device (const char *name)
{ {
grub_err_t err; grub_err_t err;
err = grub_luks_scan_device_real (name); grub_disk_t source;
/* Try to open disk. */
source = grub_disk_open (name);
if (!source)
return grub_errno;
err = grub_luks_scan_device_real (name, source);
grub_disk_close (source);
if (err) if (err)
grub_print_error (); grub_print_error ();
return have_it && check_uuid ? 0 : 1; return have_it && check_uuid ? 0 : 1;
@ -651,6 +603,15 @@ grub_cmd_luksmount (grub_extcmd_context_t ctxt, int argc, char **args)
have_it = 0; have_it = 0;
if (state[0].set) if (state[0].set)
{ {
grub_luks_t dev;
for (dev = luks_list; dev != NULL; dev = dev->next)
if (grub_strcmp (dev->uuid, args[0]) == 0)
{
grub_dprintf ("luks", "already mounted as %s\n", dev->devname);
return GRUB_ERR_NONE;
}
check_uuid = 1; check_uuid = 1;
uuid = args[0]; uuid = args[0];
grub_device_iterate (&grub_luks_scan_device); grub_device_iterate (&grub_luks_scan_device);
@ -659,9 +620,27 @@ grub_cmd_luksmount (grub_extcmd_context_t ctxt, int argc, char **args)
else else
{ {
grub_err_t err; grub_err_t err;
grub_disk_t disk;
grub_luks_t dev;
check_uuid = 0; check_uuid = 0;
uuid = NULL; uuid = NULL;
err = grub_luks_scan_device_real (args[0]); disk = grub_disk_open (args[0]);
if (!disk)
return grub_errno;
for (dev = luks_list; dev != NULL; dev = dev->next)
if (dev->source_id == disk->id && dev->source_dev_id == disk->dev->id)
{
grub_dprintf ("luks", "already mounted as %s\n", dev->devname);
grub_disk_close (disk);
return GRUB_ERR_NONE;
}
err = grub_luks_scan_device_real (args[0], disk);
grub_disk_close (disk);
return err; return err;
} }
if (!have_it) if (!have_it)