Opal: limit PSID keyfile read if not set otherwise

PSID length is de-facto always 32 alphanumeric characters. Limit the read of PSID from keyfile to this limit (if not set by explicit size option). This eliminates mistakes when the keyfile contains EOL characters. Also, some OPAL drives accepts PSID with any suffix, this patch unifies processing (it works everywhere the same).
2025-12-17 13:50:06 +01:00 · 2025-04-22 13:57:51 +02:00
parent b166747fee
commit e936d4395b
2 changed files with 12 additions and 2 deletions
--- a/lib/libcryptsetup_macros.h
+++ b/lib/libcryptsetup_macros.h
@@ -55,4 +55,6 @@
 #define DM_UUID_PREFIX		"CRYPT-"
 #define DM_UUID_PREFIX_LEN	6

+#define OPAL_PSID_LEN		32
+
 #endif /* _LIBCRYPTSETUP_MACROS_H */
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -2963,12 +2963,20 @@ out:

 static int opal_erase(struct crypt_device *cd, bool factory_reset) {
 	char *password = NULL;
-	size_t password_size = 0;
+	size_t password_size = 0, keyfile_size_max;
 	int r;

+	/* limit PSID keyfile read if not set otherwise */
+	if (!factory_reset || ARG_SET(OPT_KEYFILE_SIZE_ID))
+		keyfile_size_max = ARG_UINT32(OPT_KEYFILE_SIZE_ID);
+	else {
+		log_dbg("Limiting PSID keyfile size to %d characters.", OPAL_PSID_LEN);
+		keyfile_size_max = OPAL_PSID_LEN;
+	}
+
 	r = tools_get_key(factory_reset ? _("Enter OPAL PSID: ") : _("Enter OPAL Admin password: "),
 				&password, &password_size, ARG_UINT64(OPT_KEYFILE_OFFSET_ID),
-				ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID),
+				keyfile_size_max, ARG_STR(OPT_KEY_FILE_ID),
 				ARG_UINT32(OPT_TIMEOUT_ID), verify_passphrase(0), 0, cd);
 	if (r < 0)
 		return r;