Support GELI v6 and v7

This commit is contained in:
Kris Moore 2015-01-19 21:56:41 +03:00 committed by Andrei Borzenkov
parent bac5d1a64a
commit ba3031f996
2 changed files with 24 additions and 6 deletions

View File

@ -1,3 +1,7 @@
2015-01-19 Kris Moore <kris@pcbsd.org>
* grub-core/disk/geli.c: Support GELI v6 and v7.
2014-12-09 Andrei Borzenkov <arvidjaar@gmail.com>
* grub-core/term/serial.c (grub_cmd_serial): Fix --rtscts

View File

@ -225,7 +225,7 @@ grub_util_get_geli_uuid (const char *dev)
/* Look for GELI magic sequence. */
if (grub_memcmp (header->magic, GELI_MAGIC, sizeof (GELI_MAGIC))
|| grub_le_to_cpu32 (header->version) > 5
|| grub_le_to_cpu32 (header->version) > 7
|| grub_le_to_cpu32 (header->version) < 1)
grub_util_error ("%s", _("wrong ELI magic or version"));
@ -265,7 +265,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
/* Look for GELI magic sequence. */
if (grub_memcmp (header.magic, GELI_MAGIC, sizeof (GELI_MAGIC))
|| grub_le_to_cpu32 (header.version) > 5
|| grub_le_to_cpu32 (header.version) > 7
|| grub_le_to_cpu32 (header.version) < 1)
{
grub_dprintf ("geli", "wrong magic %02x\n", header.magic[0]);
@ -401,6 +401,7 @@ recover_key (grub_disk_t source, grub_cryptodisk_t dev)
grub_uint8_t geomkey[GRUB_CRYPTO_MAX_MDLEN];
grub_uint8_t verify_key[GRUB_CRYPTO_MAX_MDLEN];
grub_uint8_t zero[GRUB_CRYPTO_MAX_CIPHER_BLOCKSIZE];
grub_uint8_t geli_cipher_key[64];
char passphrase[MAX_PASSPHRASE] = "";
unsigned i;
gcry_err_code_t gcry_err;
@ -524,6 +525,19 @@ recover_key (grub_disk_t source, grub_cryptodisk_t dev)
continue;
grub_printf_ (N_("Slot %d opened\n"), i);
if (grub_le_to_cpu32 (header.version) >= 7)
{
/* GELI >=7 uses the cipher_key */
grub_memcpy (geli_cipher_key, candidate_key.cipher_key,
sizeof (candidate_key.cipher_key));
}
else
{
/* GELI <=6 uses the iv_key */
grub_memcpy (geli_cipher_key, candidate_key.iv_key,
sizeof (candidate_key.iv_key));
}
/* Set the master key. */
if (!dev->rekey)
{
@ -540,13 +554,13 @@ recover_key (grub_disk_t source, grub_cryptodisk_t dev)
grub_size_t real_keysize = keysize;
if (grub_le_to_cpu16 (header.alg) == 0x16)
real_keysize *= 2;
/* For a reason I don't know, the IV key is used in rekeying. */
grub_memcpy (dev->rekey_key, candidate_key.iv_key,
sizeof (candidate_key.iv_key));
grub_memcpy (dev->rekey_key, geli_cipher_key,
sizeof (geli_cipher_key));
dev->rekey_derived_size = real_keysize;
dev->last_rekey = -1;
COMPILE_TIME_ASSERT (sizeof (dev->rekey_key)
>= sizeof (candidate_key.iv_key));
>= sizeof (geli_cipher_key));
}
dev->iv_prefix_len = sizeof (candidate_key.iv_key);