File 0002-cryptodisk-improve-luks_recover_key-attemp... of Package grub2

Overview Repositories Revisions Requests Users Attributes Meta

File 0002-cryptodisk-improve-luks_recover_key-attempts-option.patch of Package grub2

Index: grub-2.06/grub-core/disk/luks.c
===================================================================
--- grub-2.06.orig/grub-core/disk/luks.c
+++ grub-2.06/grub-core/disk/luks.c
@@ -31,8 +31,6 @@ GRUB_MOD_LICENSE ("GPLv3+");
 
 #define LUKS_KEY_ENABLED  0x00AC71F3
 
-extern unsigned long max_attempts;
-
 /* On disk LUKS header */
 struct grub_luks_phdr
 {
@@ -150,11 +148,11 @@ configure_ciphers (grub_disk_t disk, gru
 }
 
 static grub_err_t
-luks_recover_key_attempt (grub_disk_t source,
+luks_recover_key (grub_disk_t source,
 		  grub_cryptodisk_t dev,
-		  grub_cryptomount_args_t cargs,
-		  struct grub_luks_phdr header)
+		  grub_cryptomount_args_t cargs)
 {
+  struct grub_luks_phdr header;
   grub_size_t keysize;
   grub_uint8_t *split_key = NULL;
   grub_uint8_t candidate_digest[sizeof (header.mkDigest)];
@@ -166,6 +164,10 @@ luks_recover_key_attempt (grub_disk_t so
   if (cargs->key_data == NULL || cargs->key_len == 0)
     return grub_error (GRUB_ERR_BAD_ARGUMENT, "no key data");
 
+  err = grub_disk_read (source, 0, 0, sizeof (header), &header);
+  if (err)
+    return err;
+
   grub_puts_ (N_("Attempting to decrypt master key..."));
   keysize = grub_be_to_cpu32 (header.keyBytes);
   if (keysize > GRUB_CRYPTODISK_MAX_KEYLEN)
@@ -294,35 +296,6 @@ luks_recover_key_attempt (grub_disk_t so
   return GRUB_ACCESS_DENIED;
 }
 
-static grub_err_t
-luks_recover_key (grub_disk_t source,
-                  grub_cryptodisk_t dev,
-		  grub_cryptomount_args_t cargs
-		  )
-{
-    grub_err_t err;
-    struct grub_luks_phdr header;
-    unsigned long i;
-
-    err = grub_disk_read (source, 0, 0, sizeof (header), &header);
-    if (err)
-        return err;
-
-    max_attempts = max_attempts ? max_attempts : 1;
-    for (i = 0; i < max_attempts; i++)
-      {
-        /* When i > 0, the previous failed attempt will have
-         * a grub_errno == GRUB_ERR_ACCESS_DENIED
-         */
-        grub_errno = GRUB_ERR_NONE;
-        err = luks_recover_key_attempt(source, dev, cargs, header);
-        /* Anything other than GRUB_ERR_ACCESS_DENIED is success, or unrecoverable. */
-        if (err != GRUB_ERR_ACCESS_DENIED && err != GRUB_ERR_BAD_ARGUMENT)
-            return err;
-      }
-    return err;
-}
-
 struct grub_cryptodisk_dev luks_crypto = {
   .scan = configure_ciphers,
   .recover_key = luks_recover_key
Index: grub-2.06/util/grub-mkconfig_lib.in
===================================================================
--- grub-2.06.orig/util/grub-mkconfig_lib.in
+++ grub-2.06/util/grub-mkconfig_lib.in
@@ -150,9 +150,17 @@ prepare_grub_to_access_device ()
   done
 
   if [ x$GRUB_ENABLE_CRYPTODISK = xy ]; then
-      for uuid in `"${grub_probe}" --device $@ --target=cryptodisk_uuid`; do
-	  echo "cryptomount -u $uuid"
-      done
+      re='^[0-9]+$'
+      if [[ $GRUB_CRYPTODISK_ATTEMPTS =~ $re ]]; then
+          for uuid in `"${grub_probe}" --device $@ --target=cryptodisk_uuid`; do
+              echo "cryptomount -u $uuid -t $GRUB_CRYPTODISK_ATTEMPTS"
+          done
+      else
+          grub_warn "GRUB_CRYPTODISK_ATTEMPTS=$GRUB_CRYPTODISK_ATTEMPTS is not a valid number. Ignoring!"
+          for uuid in `"${grub_probe}" --device $@ --target=cryptodisk_uuid`; do
+              echo "cryptomount -u $uuid"
+          done
+      fi
   fi
 
   # If there's a filesystem UUID that GRUB is capable of identifying, use it;

Places

File 0002-cryptodisk-improve-luks_recover_key-attempts-option.patch of Package grub2

Places