From e936d4395bc300ce7cf15a3183a7d5d98fd174f7 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Tue, 22 Apr 2025 13:57:51 +0200
Subject: [PATCH] Opal: limit PSID keyfile read if not set otherwise

PSID length is de-facto always 32 alphanumeric characters.

Limit the read of PSID from keyfile to this limit
(if not set by explicit size option).

This eliminates mistakes when the keyfile contains EOL characters.

Also, some OPAL drives accepts PSID with any suffix, this patch
unifies processing (it works everywhere the same).
---
 lib/libcryptsetup_macros.h |  2 ++
 src/cryptsetup.c           | 12 ++++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib/libcryptsetup_macros.h b/lib/libcryptsetup_macros.h
index 4c94acb8..6d8678dc 100644
--- a/lib/libcryptsetup_macros.h
+++ b/lib/libcryptsetup_macros.h
@@ -55,4 +55,6 @@
 #define DM_UUID_PREFIX		"CRYPT-"
 #define DM_UUID_PREFIX_LEN	6
 
+#define OPAL_PSID_LEN		32
+
 #endif /* _LIBCRYPTSETUP_MACROS_H */
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 05b91211..097c24cb 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -2963,12 +2963,20 @@ out:
 
 static int opal_erase(struct crypt_device *cd, bool factory_reset) {
 	char *password = NULL;
-	size_t password_size = 0;
+	size_t password_size = 0, keyfile_size_max;
 	int r;
 
+	/* limit PSID keyfile read if not set otherwise */
+	if (!factory_reset || ARG_SET(OPT_KEYFILE_SIZE_ID))
+		keyfile_size_max = ARG_UINT32(OPT_KEYFILE_SIZE_ID);
+	else {
+		log_dbg("Limiting PSID keyfile size to %d characters.", OPAL_PSID_LEN);
+		keyfile_size_max = OPAL_PSID_LEN;
+	}
+
 	r = tools_get_key(factory_reset ? _("Enter OPAL PSID: ") : _("Enter OPAL Admin password: "),
 				&password, &password_size, ARG_UINT64(OPT_KEYFILE_OFFSET_ID),
-				ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+				keyfile_size_max, ARG_STR(OPT_KEY_FILE_ID),
 				ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, cd);
 	if (r < 0)
 		return r;