From: Forest <forestix@nom.one>
To: grub-devel@gnu.org
Cc: Daniel Kiper <daniel.kiper@oracle.com>,
Glenn Washburn <development@efficientek.com>
Subject: [PATCH v5] cryptodisk: allow user to retry failed passphrase
Date: Mon, 06 May 2024 17:07:30 -0700 [thread overview]
Message-ID: <lnri3jlf7o577f0p3kug5idnjeoiqqpvp9@sonic.net> (raw)
Give the user a chance to re-enter their cryptodisk passphrase after a typo,
rather than immediately failing (and likely dumping them into a grub shell).
By default, we allow 3 tries before giving up. A value in the
cryptodisk_passphrase_tries environment variable will override this default.
The user can give up early by entering an empty passphrase, just as they
could before this patch.
Signed-off-by: Forest <forestix@nom.one>
---
Changes since v4:
Default to 3 tries (don't fail) if cryptodisk_passphrase_tries is invalid.
Move temporary vars into the block where they are used.
---
docs/grub.texi | 9 +++++
grub-core/disk/cryptodisk.c | 70 ++++++++++++++++++++++++++++---------
2 files changed, 63 insertions(+), 16 deletions(-)
diff --git a/docs/grub.texi b/docs/grub.texi
index a225f9a88..d32266f69 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -3277,6 +3277,7 @@ These variables have special meaning to GRUB.
* color_normal::
* config_directory::
* config_file::
+* cryptodisk_passphrase_tries::
* debug::
* default::
* fallback::
@@ -3441,6 +3442,14 @@ processed by commands @command{configfile} (@pxref{configfile}) or @command{norm
(@pxref{normal}). It is restored to the previous value when command completes.
+@node cryptodisk_passphrase_tries
+@subsection cryptodisk_passphrase_tries
+
+When prompting the user for a cryptodisk passphrase, allow this many attempts
+before giving up. Defaults to @samp{3} if unset or set to an invalid value.
+(The user can give up early by entering an empty passphrase.)
+
+
@node debug
@subsection debug
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
index 2246af51b..d7a918479 100644
--- a/grub-core/disk/cryptodisk.c
+++ b/grub-core/disk/cryptodisk.c
@@ -17,6 +17,7 @@
*/
#include <grub/cryptodisk.h>
+#include <grub/env.h>
#include <grub/mm.h>
#include <grub/misc.h>
#include <grub/dl.h>
@@ -1114,32 +1115,69 @@ grub_cryptodisk_scan_device_real (const char *name,
if (!dev)
continue;
- if (!cargs->key_len)
+ if (cargs->key_len)
+ {
+ ret = cr->recover_key (source, dev, cargs);
+ if (ret != GRUB_ERR_NONE)
+ goto error;
+ }
+ else
{
/* Get the passphrase from the user, if no key data. */
- askpass = 1;
- part = grub_partition_get_name (source->partition);
- grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
- source->partition != NULL ? "," : "",
- part != NULL ? part : N_("UNKNOWN"),
- dev->uuid);
- grub_free (part);
+ unsigned long tries = 3;
+ const char *tries_env;
+ askpass = 1;
cargs->key_data = grub_malloc (GRUB_CRYPTODISK_MAX_PASSPHRASE);
if (cargs->key_data == NULL)
goto error_no_close;
- if (!grub_password_get ((char *) cargs->key_data, GRUB_CRYPTODISK_MAX_PASSPHRASE))
+ tries_env = grub_env_get ("cryptodisk_passphrase_tries");
+ if (tries_env != NULL && tries_env[0] != '\0')
{
- grub_error (GRUB_ERR_BAD_ARGUMENT, "passphrase not supplied");
- goto error;
+ unsigned long tries_env_val;
+ const char *p;
+ tries_env_val = grub_strtoul (tries_env, &p, 0);
+ if (*p == '\0' && tries_env_val != ~0UL)
+ tries = tries_env_val;
+ else
+ grub_printf_ (N_("Invalid cryptodisk_passphrase_tries value `%s'. Defaulting to %lu.\n"),
+ tries_env,
+ tries);
}
- cargs->key_len = grub_strlen ((char *) cargs->key_data);
- }
- ret = cr->recover_key (source, dev, cargs);
- if (ret != GRUB_ERR_NONE)
- goto error;
+ for (; tries > 0; tries--)
+ {
+ part = grub_partition_get_name (source->partition);
+ grub_printf_ (N_("Enter passphrase for %s%s%s (%s): "), source->name,
+ source->partition != NULL ? "," : "",
+ part != NULL ? part : N_("UNKNOWN"),
+ dev->uuid);
+ grub_free (part);
+
+ if (!grub_password_get ((char *) cargs->key_data, GRUB_CRYPTODISK_MAX_PASSPHRASE))
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "passphrase not supplied");
+ goto error;
+ }
+ cargs->key_len = grub_strlen ((char *) cargs->key_data);
+
+ ret = cr->recover_key (source, dev, cargs);
+ if (ret == GRUB_ERR_NONE)
+ break;
+ if (ret != GRUB_ERR_ACCESS_DENIED || tries == 1)
+ goto error;
+ grub_puts_ (N_("Invalid passphrase."));
+
+ /*
+ * Since recover_key() calls a function that returns grub_errno,
+ * a leftover error value from a previously rejected passphrase
+ * will trigger a phantom failure. We therefore clear it before
+ * trying a new passphrase.
+ */
+ grub_errno = GRUB_ERR_NONE;
+ }
+ }
ret = grub_cryptodisk_insert (dev, name, source);
if (ret != GRUB_ERR_NONE)
--
2.39.2
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
next reply other threads:[~2024-05-07 0:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-07 0:07 Forest [this message]
2024-05-08 15:07 ` [PATCH v5] cryptodisk: allow user to retry failed passphrase Daniel Kiper via Grub-devel
2024-05-10 7:42 ` Forest
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=lnri3jlf7o577f0p3kug5idnjeoiqqpvp9@sonic.net \
--to=forestix@nom.one \
--cc=daniel.kiper@oracle.com \
--cc=development@efficientek.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).