From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1kOpMw-0003V2-EB for mharc-grub-devel@gnu.org; Sat, 03 Oct 2020 17:47:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48496) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kOpMu-0003Sj-EZ for grub-devel@gnu.org; Sat, 03 Oct 2020 17:47:04 -0400 Received: from mail-ot1-x341.google.com ([2607:f8b0:4864:20::341]:45278) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kOpMr-0002Jv-Tf for grub-devel@gnu.org; Sat, 03 Oct 2020 17:47:04 -0400 Received: by mail-ot1-x341.google.com with SMTP id f37so1466743otf.12 for ; Sat, 03 Oct 2020 14:47:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=efficientek-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=jRn5bkZly0v/f/S1pWTykK08r317SQQVdBd4cD1e+mg=; b=iVltgP6bIcrCxFQKO7zGQDhss3aMd/ZcH3Vg0+77c17VrExByTCNtRamM0pbhFK7bf g4uGRR9G+wg3NEVaKg/vIKLQuED5MOyilK7MZmJk0qXWCQgpBOdaHBneHZWkU3zfmtU0 27sWm4ETxflDNjyNbuckfuZ2Hk6/B8atzNOtsN9ShgCwR2NurGUWYshIkE0h0VFnr06y wUczAa3gPar2i8mNr3QaVlBxTHVPEts3O5tLt6SfXfa/WCpPC+SrtPiImLysQNsYP1Yv 0k3gIGe6H1YpQr9qOLQFrYVlEdqiLhKiNNJnmtWlaSLcDm3gDrDrmP4mv4lUlTkw38jR rLXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=jRn5bkZly0v/f/S1pWTykK08r317SQQVdBd4cD1e+mg=; b=GD6O23YHQ59hAgODcfDlsOOJLISK4+c3A+yM6lsH/AhlCNJ75QpOl2Et6+ffnASq0d v2vk/uCF2+IVi/r7etHpWhwaklusDns1UqVBYwpAd3wTIwmGNPfRlMLRUo4IJ4U3hXCS OYbbKJUqH4v5+OtrKLZIqWE5vrATeA7SFERgLt5yyNiXtQB4B7/cbwF9gPT2TneZOu4g mKonTpDb9chYPTdsZk6ydThC3/x974Qmx1ha4lbPqCPnsBV7f4Gwk9L4Ty4B8upiPhHX GqY9K7NCt/jjmndJRjCrivlK1zukX9Idv2PNGPO8LTNvt7rhdeAZT9qzRW/uh9OhzrM4 DUag== X-Gm-Message-State: AOAM530A5ZdUMSg+2z0TfjRG/FiAPA25QkJfwMX/SSZolAYCkEKyDjiq b3j6M+fWcxOU7pCjRQ2JkPQb3BTf/2ut6w== X-Google-Smtp-Source: ABdhPJw2PKsAva5L4qokDxzQhgBRYCJzw+pK/HsuUl/v4F+3612M8nKlrDsgmWhCa2bWihIMpSWZEQ== X-Received: by 2002:a05:6830:20c9:: with SMTP id z9mr5331518otq.130.1601761619646; Sat, 03 Oct 2020 14:46:59 -0700 (PDT) Received: from crass-HP-ZBook-15-G2.lan ([136.49.44.103]) by smtp.gmail.com with ESMTPSA id f26sm1495415otq.50.2020.10.03.14.46.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 03 Oct 2020 14:46:59 -0700 (PDT) From: Glenn Washburn To: grub-devel@gnu.org Cc: Daniel Kiper , Patrick Steinhardt , Glenn Washburn Subject: [PATCH 03/10] luks2: Use more intuitive keyslot key instead of index when naming keyslot. Date: Sat, 3 Oct 2020 16:45:56 -0500 Message-Id: <00646c92f6b11860f6704a452bf123798ce32749.1601760922.git.development@efficientek.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::341; envelope-from=development@efficientek.com; helo=mail-ot1-x341.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Oct 2020 21:47:04 -0000 Use the keyslot key value in the keyslot json array rather than the index of the keyslot in the json array. This is less confusing for the end user. For example, say you have a LUKS2 device with a key in slot 1 and slot 4. When using the password for slot 4 to unlock the device, the messages using the index of the keyslot will mention keyslot 1 (its a zero-based index). Furthermore,with this change the keyslot number will align with the number used to reference the keyslot when using the --key-slot argument to cryptsetup. Signed-off-by: Glenn Washburn --- grub-core/disk/luks2.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c index c3cd63606..7917e02cd 100644 --- a/grub-core/disk/luks2.c +++ b/grub-core/disk/luks2.c @@ -255,16 +255,16 @@ luks2_parse_digest (grub_luks2_digest_t *out, const grub_json_t *digest) static grub_err_t luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_luks2_digest_t *d, grub_luks2_segment_t *s, - const grub_json_t *root, grub_size_t keyslot_idx) + grub_uint64_t *keyslot_key, const grub_json_t *root, grub_size_t keyslot_idx) { grub_json_t keyslots, keyslot, digests, digest, segments, segment; grub_size_t i, size; - grub_uint64_t keyslot_key, digest_key, segment_key; + grub_uint64_t digest_key, segment_key; /* Get nth keyslot */ if (grub_json_getvalue (&keyslots, root, "keyslots") || grub_json_getchild (&keyslot, &keyslots, keyslot_idx) || - grub_json_getuint64 (&keyslot_key, &keyslot, NULL) || + grub_json_getuint64 (keyslot_key, &keyslot, NULL) || grub_json_getchild (&keyslot, &keyslot, 0) || luks2_parse_keyslot (k, &keyslot)) return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse keyslot index %"PRIuGRUB_SIZE, keyslot_idx); @@ -281,11 +281,11 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_luks2_digest_t *d, grub_luks2_s luks2_parse_digest (d, &digest)) return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest index %"PRIuGRUB_SIZE, i); - if ((d->keyslots & (1 << keyslot_key))) + if ((d->keyslots & (1 << *keyslot_key))) break; } if (i == size) - return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot \"%"PRIuGRUB_UINT64_T"\"", keyslot_key); + return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot \"%"PRIuGRUB_UINT64_T"\"", *keyslot_key); /* Get segment that matches the digest. */ if (grub_json_getvalue (&segments, root, "segments") || @@ -593,17 +593,18 @@ luks2_recover_key (grub_disk_t disk, /* Try all keyslot */ for (i = 0; i < size; i++) { - ret = luks2_get_keyslot (&keyslot, &digest, &segment, json, i); + grub_uint64_t keyslot_key; + ret = luks2_get_keyslot (&keyslot, &digest, &segment, &keyslot_key, json, i); if (ret) goto err; if (keyslot.priority == 0) { - grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_SIZE" due to priority\n", i); + grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_SIZE" due to priority\n", keyslot_key); continue; } - grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_SIZE"\n", i); + grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_SIZE"\n", keyslot_key); /* Set up disk according to keyslot's segment. */ crypt->offset = grub_divmod64 (segment.offset, segment.sector_size, NULL); @@ -619,7 +620,7 @@ luks2_recover_key (grub_disk_t disk, if (ret) { grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE" failed: %s\n", - i, grub_errmsg); + keyslot_key, grub_errmsg); continue; } @@ -627,7 +628,7 @@ luks2_recover_key (grub_disk_t disk, if (ret) { grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE": %s\n", - i, grub_errmsg); + keyslot_key, grub_errmsg); continue; } @@ -635,7 +636,7 @@ luks2_recover_key (grub_disk_t disk, * TRANSLATORS: It's a cryptographic key slot: one element of an array * where each element is either empty or holds a key. */ - grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), i); + grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), keyslot_key); candidate_key_len = keyslot.key_size; break; -- 2.27.0