From: Patrick Steinhardt <ps@pks.im>
To: development@efficientek.com
Cc: grub-devel@gnu.org, Daniel Kiper <daniel.kiper@oracle.com>
Subject: Re: [PATCH 06/17] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors.
Date: Thu, 30 Jul 2020 17:21:16 +0200 [thread overview]
Message-ID: <20200730152116.GB39309@tanuki.pks.im> (raw)
In-Reply-To: <1435ab49fdbac61ad4c189982724f8ef25c533a2.1596056714.git.development@efficientek.com>
[-- Attachment #1: Type: text/plain, Size: 2326 bytes --]
On Wed, Jul 29, 2020 at 04:50:11PM -0500, development@efficientek.com wrote:
> From: Glenn Washburn <development@efficientek.com>
>
> The total_length field is named confusingly because length usually refers to
> bytes, whereas in this case its really the total number of sectors on the
> device. Also counter-intuitively, grub_disk_get_size returns the total
> number of device native sectors sectors. We need to convert the sectors from
> the size of the underlying device to the cryptodisk sector size. And
> segment.size is in bytes which need to be converted to cryptodisk sectors.
>
> Signed-off-by: Glenn Washburn <development@efficientek.com>
> ---
> grub-core/disk/luks2.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
> index e3ff7c83d..632309e3c 100644
> --- a/grub-core/disk/luks2.c
> +++ b/grub-core/disk/luks2.c
> @@ -416,7 +416,7 @@ luks2_decrypt_key (grub_uint8_t *out_key,
> grub_uint8_t salt[GRUB_CRYPTODISK_MAX_KEYLEN];
> grub_uint8_t *split_key = NULL;
> grub_size_t saltlen = sizeof (salt);
> - char cipher[32], *p;;
> + char cipher[32], *p;
> const gcry_md_spec_t *hash;
> gcry_err_code_t gcry_ret;
> grub_err_t ret;
> @@ -602,9 +602,10 @@ luks2_recover_key (grub_disk_t disk,
> crypt->log_sector_size = sizeof (unsigned int) * 8
> - __builtin_clz ((unsigned int) segment.sector_size) - 1;
> if (grub_strcmp (segment.size, "dynamic") == 0)
> - crypt->total_length = grub_disk_get_size (disk) - crypt->offset;
> + crypt->total_length = (grub_disk_get_size (disk) >> (crypt->log_sector_size - disk->log_sector_size))
> + - crypt->offset;
Oops, thanks for catching this. Could you maybe add a comment wrt to the
magic going on with `(crypt->log_sector_size - disk->log_sector_size)`?
I didn't think too hard about it and am in a hurry, but the conversion
isn't that obvious to me.
> else
> - crypt->total_length = grub_strtoull (segment.size, NULL, 10);
> + crypt->total_length = grub_strtoull (segment.size, NULL, 10) >> crypt->log_sector_size;
>
> ret = luks2_decrypt_key (candidate_key, disk, crypt, &keyslot,
> (const grub_uint8_t *) passphrase, grub_strlen (passphrase));
> --
> 2.25.1
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2020-07-30 15:21 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-29 21:50 [PATCH 00/17] Fixes and improvements for cryptodisks+luks2 and a few other things development
2020-07-29 21:50 ` [PATCH 01/17] configure: Add Ubuntu dejavu font path development
2020-07-29 22:08 ` David Michael
2020-07-30 21:14 ` Mike Gilbert
2020-07-29 21:50 ` [PATCH 02/17] cryptodisk: Fix cipher IV mode 'plain64' always being set as 'plain' development
2020-07-29 21:50 ` [PATCH 03/17] cryptodisk: Incorrect calculation of start sector for grub_disk_read in grub_cryptodisk_read development
2020-07-29 21:50 ` [PATCH 04/17] cryptodisk: Add more verbosity when reading/writing cryptodisks development
2020-07-29 21:50 ` [PATCH 05/17] luks: Add support for LUKS2 in (proc)/luks_script development
2020-07-30 15:14 ` Patrick Steinhardt
2020-07-30 20:38 ` Glenn Washburn
2020-07-29 21:50 ` [PATCH 06/17] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors development
2020-07-30 15:21 ` Patrick Steinhardt [this message]
2020-07-30 21:03 ` Glenn Washburn
2020-07-29 21:50 ` [PATCH 07/17] cryptodisk, luks: Allow special processing for comparing UUIDs development
2020-07-30 15:24 ` [PATCH 07/17] cryptodisk,luks: " Patrick Steinhardt
2020-07-30 21:29 ` Glenn Washburn
2020-07-29 21:50 ` [PATCH 08/17] cryptodisk: Unregister cryptomount command when removing module development
2020-07-29 21:50 ` [PATCH 09/17] fs: When checking if a block list goes past the end of the disk, make sure the total size of the disk is in grub native sector sizes, otherwise there will be blocks at the end of the disk unaccessible by block lists development
2020-07-30 15:26 ` Patrick Steinhardt
2020-07-29 21:50 ` [PATCH 10/17] cryptodisk: Properly handle non-512 byte sized sectors development
2020-07-29 21:50 ` [PATCH 11/17] cryptodisk: Rename total_length field in grub_cryptodisk_t to total_sectors development
2020-07-30 15:29 ` Patrick Steinhardt
2020-07-30 21:58 ` Glenn Washburn
2020-07-29 21:50 ` [PATCH 12/17] fs: Allow number of blocks in block list to be optional, where length will be defaulted to the length of the device development
2020-07-29 21:50 ` [PATCH 13/17] loopback: Add procfs entry 'loopbacks' to output configured loopback devices development
2020-07-29 21:50 ` [PATCH 14/17] cryptodisk: Add header line to procfs entry and crypto and source device names development
2020-07-29 21:50 ` [PATCH 15/17] cryptodisk: Add a couple comments noting the usage of a couple fields in grub_cryptodisk_t as is done for grub_disk_t development
2020-07-29 21:50 ` [PATCH 16/17] luks2: Ensure that bit fields of grub_luks2_digest_t in luks2_parse_digest are initialized before returning development
2020-07-29 21:50 ` [PATCH 17/17] luks2: Fix use of incorrect index and some error messages development
2020-07-30 20:22 ` Patrick Steinhardt
2020-07-30 22:04 ` Glenn Washburn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200730152116.GB39309@tanuki.pks.im \
--to=ps@pks.im \
--cc=daniel.kiper@oracle.com \
--cc=development@efficientek.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.