Overview

File 0001-disk-cryptodisk-Allow-user-to-retry-failed-passphras.patch of Package grub2

From 386b59ddb42fa3f86ddfe557113b25c8fa16f88c Mon Sep 17 00:00:00 2001
From: Forest <forestix@nom.one>
Date: Mon, 6 May 2024 17:07:30 -0700
Subject: [PATCH] disk/cryptodisk: Allow user to retry failed passphrase

Give the user a chance to re-enter their cryptodisk passphrase after a typo,
rather than immediately failing (and likely dumping them into a GRUB shell).

By default, we allow 3 tries before giving up. A value in the
cryptodisk_passphrase_tries environment variable will override this default.

The user can give up early by entering an empty passphrase, just as they
could before this patch.

Signed-off-by: Forest <forestix@nom.one>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 docs/grub.texi              |  9 +++++
 grub-core/disk/cryptodisk.c | 71 ++++++++++++++++++++++++++++---------
 2 files changed, 64 insertions(+), 16 deletions(-)

Index: grub-2.12/docs/grub.texi
===================================================================
--- grub-2.12.orig/docs/grub.texi
+++ grub-2.12/docs/grub.texi
@@ -3278,6 +3278,7 @@ These variables have special meaning to
 * color_normal::
 * config_directory::
 * config_file::
+* cryptodisk_passphrase_tries::
 * debug::
 * default::
 * fallback::
@@ -3450,6 +3451,14 @@ processed by commands @command{configfil
 (@pxref{normal}).  It is restored to the previous value when command completes.
 
 
+@node cryptodisk_passphrase_tries
+@subsection cryptodisk_passphrase_tries
+
+When prompting the user for a cryptodisk passphrase, allow this many attempts
+before giving up. Defaults to @samp{3} if unset or set to an invalid value.
+(The user can give up early by entering an empty passphrase.)
+
+
 @node debug
 @subsection debug
 
Index: grub-2.12/grub-core/disk/cryptodisk.c
===================================================================
--- grub-2.12.orig/grub-core/disk/cryptodisk.c
+++ grub-2.12/grub-core/disk/cryptodisk.c
@@ -17,6 +17,7 @@
  */
 
 #include <grub/cryptodisk.h>
+#include <grub/env.h>
 #include <grub/mm.h>
 #include <grub/misc.h>
 #include <grub/dl.h>
@@ -1202,37 +1203,76 @@ grub_cryptodisk_scan_device_real (const
       grub_free (part);
     }
 
-  if (!cargs->key_len)
+  if (cargs->key_len)
     {
+      ret = cr->recover_key (source, dev, cargs);
+      if (ret != GRUB_ERR_NONE)
+	goto error;
+    }
+  else
+    {
+      /* Get the passphrase from the user, if no key data. */
+      unsigned long tries = 3;
+      const char *tries_env;
+
       if (grub_errno)
 	{
 	  grub_print_error ();
 	  grub_errno = GRUB_ERR_NONE;
 	}
 
-      /* Get the passphrase from the user, if no key data. */
       askpass = 1;
-      part = grub_partition_get_name (source->partition);
-      grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
-		    source->partition != NULL ? "," : "",
-		    part != NULL ? part : N_("UNKNOWN"), dev->uuid);
-      grub_free (part);
-
       cargs->key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE);
       if (cargs->key_data == NULL)
 	goto error;
 
-      if (!grub_password_get ((char *) cargs->key_data, GRUB_CRYPTODISK_MAX_PASSPHRASE))
+      tries_env = grub_env_get ("cryptodisk_passphrase_tries");
+      if (tries_env != NULL && tries_env[0] != '\0')
 	{
-	  grub_error (GRUB_ERR_BAD_ARGUMENT, "passphrase not supplied");
-	  goto error;
+	  unsigned long tries_env_val;
+	  const char *p;
+
+	  tries_env_val = grub_strtoul (tries_env, &p, 0);
+	  if (*p == '\0' && tries_env_val != ~0UL)
+	    tries = tries_env_val;
+	  else
+	    grub_printf_ (N_("Invalid cryptodisk_passphrase_tries value `%s'. Defaulting to %lu.\n"),
+			  tries_env,
+			  tries);
 	}
-      cargs->key_len = grub_strlen ((char *) cargs->key_data);
-    }
 
-  ret = cr->recover_key (source, dev, cargs);
-  if (ret != GRUB_ERR_NONE)
-    goto error;
+      for (; tries > 0; tries--)
+	{
+	  part = grub_partition_get_name (source->partition);
+	  grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
+			source->partition != NULL ? "," : "",
+			part != NULL ? part : N_("UNKNOWN"),
+			dev->uuid);
+	  grub_free (part);
+
+	  if (!grub_password_get ((char *) cargs->key_data, GRUB_CRYPTODISK_MAX_PASSPHRASE))
+	    {
+	      grub_error (GRUB_ERR_BAD_ARGUMENT, "passphrase not supplied");
+	      goto error;
+	    }
+	  cargs->key_len = grub_strlen ((char *) cargs->key_data);
+
+	  ret = cr->recover_key (source, dev, cargs);
+	  if (ret == GRUB_ERR_NONE)
+	    break;
+	  if (ret != GRUB_ERR_ACCESS_DENIED || tries == 1)
+	    goto error;
+	  grub_puts_ (N_("Invalid passphrase."));
+
+	  /*
+	   * Since recover_key() calls a function that returns grub_errno,
+	   * a leftover error value from a previously rejected passphrase
+	   * will trigger a phantom failure. We therefore clear it before
+	   * trying a new passphrase.
+	   */
+	  grub_errno = GRUB_ERR_NONE;
+	}
+    }
 
   ret = grub_cryptodisk_insert (dev, name, source);
   if (ret != GRUB_ERR_NONE)
openSUSE Build Service is sponsored by
Places