The encrypt and decrypt functions expect a grub_size_t. So, we need to
ensure that the constant bit shift is using grub_size_t rather than
unsigned int when it is performing the shift.
Fixes: CID 307788
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
By default, dm-crypt internally uses an IV that corresponds to 512-byte
sectors, even when a larger sector size is specified. What this means is
that when using a larger sector size, the IV is incremented every sector.
However, the amount the IV is incremented is the number of 512 byte blocks
in a sector (i.e. 8 for 4K sectors). Confusingly the IV does not correspond
to the number of, for example, 4K sectors. So each 512 byte cipher block in
a sector will be encrypted with the same IV and the IV will be incremented
afterwards by the number of 512 byte cipher blocks in the sector.
There are some encryption utilities which do it the intuitive way and have
the IV equal to the sector number regardless of sector size (ie. the fifth
sector would have an IV of 4 for each cipher block). And this is supported
by dm-crypt with the iv_large_sectors option and also cryptsetup as of 2.3.3
with the --iv-large-sectors, though not with LUKS headers (only with --type
plain). However, support for this has not been included as grub does not
support plain devices right now.
One gotcha here is that the encrypted split keys are encrypted with a hard-
coded 512-byte sector size. So even if your data is encrypted with 4K sector
sizes, the split key encrypted area must be decrypted with a block size of
512 (ie the IV increments every 512 bytes). This made these changes less
aesthetically pleasing than desired.
Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Add GRUB_TYPE_U_MAX/MIN(type) macros to get the max/min values for an
unsigned number with size of type.
Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The new macro GRUB_TYPE_BITS(type) returns the number of bits
allocated for type.
Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This makes it clear that the offset represents sectors, not bytes, in
order to improve readability.
Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Patrick Steinhardt <ps@pks.im>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This creates an alignment with grub_disk_t naming of the same field and is
more intuitive as to how it should be used.
Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Patrick Steinhardt <ps@pks.im>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
When setting cipher IV mode, detection is done by prefix matching the
cipher IV mode part of the cipher mode string. Since "plain" matches
"plain64", we must check for "plain64" first. Otherwise, "plain64" will
be detected as "plain".
Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Patrick Steinhardt <ps@pks.im>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Here dev is a grub_cryptodisk_t and dev->offset is offset in sectors of size
native to the cryptodisk device. The sector is correctly transformed into
native grub sector size, but then added to dev->offset which is not
transformed. It would be nice if the type system would help us with this.
Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Patrick Steinhardt <ps@pks.im>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The luks module contains quite a lot of logic to parse cipher and
cipher-mode strings like aes-xts-plain64 into constants to apply them
to the grub_cryptodisk_t structure. This code will be required by the
upcoming luks2 module, as well, which is why this commit moves it into
its own function grub_cryptodisk_setcipher in the cryptodisk module.
While the strings are probably rather specific to the LUKS modules, it
certainly does make sense that the cryptodisk module houses code to set
up its own internal ciphers instead of hosting that code in the luks
module.
Except for necessary adjustments around error handling, this commit does
an exact move of the cipher configuration logic from luks.c to
cryptodisk.c. Any behavior changes are unintentional.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
In util/getroot and efidisk slightly modify exitsing comment to mostly
retain it but still make GCC7 compliant with respect to fall through
annotation.
In grub-core/lib/xzembed/xz_dec_lzma2.c it adds same comments as
upstream.
In grub-core/tests/setjmp_tets.c declare functions as "noreturn" to
suppress GCC7 warning.
In grub-core/gnulib/regexec.c use new __attribute__, because existing
annotation is not recognized by GCC7 parser (which requires that comment
immediately precedes case statement).
Otherwise add FALLTHROUGH comment.
Closes: 50598
It is not possible to configure encrypted containers on multiple partitions of
the same disk; after the first one all subsequent fail with
disk/cryptodisk.c:978: already mounted as crypto0
Store partition offset in cryptomount descriptor to distinguish between them.
All current ciphers have blocks which are power of 2 and it's
unlikely to change. Other block length would be tricky to handle anyway.
This restriction allows avoiding extra divisions.
Commit 588744d0dc caused grub-mkconfig
no longer to be forgiving of trailing spaces on grub-probe output
lines, which among other things means that util/grub.d/10_linux.in
no longer detects LVM. To fix this, make grub-probe's output
delimiting more consistent. As a bonus, this improves the coverage
of the -0 option.
Fixes Debian bug #735935.
* grub-core/disk/cryptodisk.c
(grub_util_cryptodisk_get_abstraction): Add a user-data argument.
* grub-core/disk/diskfilter.c (grub_diskfilter_get_partmap):
Likewise.
* include/grub/cryptodisk.h (grub_util_cryptodisk_get_abstraction):
Update prototype.
* include/grub/diskfilter.h (grub_diskfilter_get_partmap): Likewise.
* util/grub-install.c (push_partmap_module, push_cryptodisk_module,
probe_mods): Adjust for extra user-data arguments.
* util/grub-probe.c (do_print, probe_partmap, probe_cryptodisk_uuid,
probe_abstraction): Use configured delimiter. Update callers.
* grub-core/disk/cryptodisk.c (cryptodisk_cleanup): Disable for
now to avoid double free.
* grub-core/kern/emu/hostdisk.c (grub_util_biosdisk_dev): Rename to
hostdisk.
* include/grub/disk.h (grub_disk_dev_id): New id HOSTDISK.
* util/grub-probe.c (escape_of_path): Always return a new copy.
(print_full_name): Escape path.
(probe): Don't call grub_util_devname_to_ofpath on NULL.
Fix hints on abstractions.
* grub-core/disk/cryptodisk.c (grub_crypto_pcbc_encrypt): New function.
(grub_cryptodisk_decrypt): Moved logic to ...
(grub_cryptodisk_endecrypt): ...this. New argument "encrypt".
(grub_cryptodisk_write): Implement.
* grub-core/kern/emu/hostdisk.c (nwrite): Rename to ...
(grub_util_fd_write): ... this. Make global.
* include/grub/emu/hostdisk.h (grub_util_fd_write): New proto.
