From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1keEkq-0004Ro-UV for mharc-grub-devel@gnu.org; Sun, 15 Nov 2020 04:55:28 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:40468) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1keEkp-0004Rh-Sp for grub-devel@gnu.org; Sun, 15 Nov 2020 04:55:27 -0500 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:58715) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1keEko-00068v-2P for grub-devel@gnu.org; Sun, 15 Nov 2020 04:55:27 -0500 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 4BB845C00FF; Sun, 15 Nov 2020 04:55:25 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Sun, 15 Nov 2020 04:55:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm2; bh=eM14ynyCI4O62SBjNqlAOHhjuRV QRgDjdexY5PaKic8=; b=lbZn6/54y/h7FWRuMBMvVLW8JqeZ1ZhwnFK86rWvqDV HnLJkYuq8x6lNu4OKHakD2XKMIwbb3+aTkU5uJzlarFvnuxipFL/OZB+A0QRsyS9 DEkQQ+BBex1cFMMQX82c5kIt21GcfKlTJtL7ppVXptGezwgyNY9HdRkGU2rpkQ7w +rfh6BbXSgSgHIkp5uQqCMWiTf0xlN13TOLjvmnMzQBqjI76zVS7A9zHYu6TG5mL y63cRUePukZsBAf1rS5YDbol/W+uxLTIxfUDyY1fqAD/gOLNWtZQZhAzimpuvpaS VVIuxUYla9o2EG+sK8Kqk/59qihBHSeVb81EQmZ2/uA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=eM14yn yCI4O62SBjNqlAOHhjuRVQRgDjdexY5PaKic8=; b=NUaU3BDTOLlw2mvXYjfj1b vzN7NtyFE9BS3rEJh0p3n00ihCWadkF7ReJ2FM+C0a0FjYz2ze02Hlx0RlIdmxoT 3cEw1Wz83onWxUxjT6jSKS3C3AhSfPUyLxLs5ufviCTcAnY9pQvDKtWqVHcDo1ij ZurLlZ7DhH82Ugp5EoDxgmJ+bzT/470p2YY+AhFnFgzPiPHHHIKvbvuQKTPJAxKG Nva5nia5udbEeuSUFAovqWJwSJKVHrDsm6TozPJS3iF3leyVRxhA4dPZMxmZpCdE En51R7OxT09ImADSFYPCq05HLSR89PAZrhzVxP0kfCs++hu7qEsN9c4SFzhKj4pw == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedruddvledguddtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefrrghtrhhi tghkucfuthgvihhnhhgrrhguthcuoehpshesphhkshdrihhmqeenucggtffrrghtthgvrh hnpeehgefhtdefueffheekgfffudelffejtdfhvdejkedthfehvdelgfetgfdvtedthfen ucfkphepjeekrdehgedrvddurddvtdeinecuvehluhhsthgvrhfuihiivgepudenucfrrg hrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimh X-ME-Proxy: Received: from vm-mail.pks.im (dynamic-078-054-021-206.78.54.pool.telefonica.de [78.54.21.206]) by mail.messagingengine.com (Postfix) with ESMTPA id 3E3DE3280059; Sun, 15 Nov 2020 04:55:24 -0500 (EST) Received: from localhost (ncase [10.192.0.11]) by vm-mail.pks.im (OpenSMTPD) with ESMTPSA id 929c1a4a (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sun, 15 Nov 2020 09:55:22 +0000 (UTC) Date: Sun, 15 Nov 2020 10:55:21 +0100 From: Patrick Steinhardt To: Glenn Washburn Cc: grub-devel@gnu.org, Daniel Kiper Subject: Re: [PATCH v4 10/15] luks2: Use more intuitive keyslot key instead of index when naming keyslot. Message-ID: References: <31b9f0b832994d1128fffc4614d332fc34c44d8a.1604723348.git.development@efficientek.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ZKXIp0khK2H9PU7F" Content-Disposition: inline In-Reply-To: <31b9f0b832994d1128fffc4614d332fc34c44d8a.1604723348.git.development@efficientek.com> Received-SPF: pass client-ip=66.111.4.27; envelope-from=ps@pks.im; helo=out3-smtp.messagingengine.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/11/15 04:37:28 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Nov 2020 09:55:28 -0000 --ZKXIp0khK2H9PU7F Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Nov 06, 2020 at 10:44:30PM -0600, Glenn Washburn wrote: > Use the keyslot key value in the keyslot json array rather than the index= of > the keyslot in the json array. This is less confusing for the end user. F= or > example, say you have a LUKS2 device with a key in slot 1 and slot 4. When > using the password for slot 4 to unlock the device, the messages using the > index of the keyslot will mention keyslot 1 (its a zero-based index). > Furthermore, with this change the keyslot number will align with the numb= er > used to reference the keyslot when using the --key-slot argument to > cryptsetup. >=20 > Signed-off-by: Glenn Washburn > --- > grub-core/disk/luks2.c | 27 ++++++++++++++++----------- > 1 file changed, 16 insertions(+), 11 deletions(-) >=20 > diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c > index 9b171bf9d..ca830d73b 100644 > --- a/grub-core/disk/luks2.c > +++ b/grub-core/disk/luks2.c > @@ -65,6 +65,7 @@ typedef struct grub_luks2_header grub_luks2_header_t; > =20 > struct grub_luks2_keyslot > { > + grub_uint64_t slot_key; > grub_int64_t key_size; > grub_int64_t priority; > struct > @@ -103,6 +104,7 @@ typedef struct grub_luks2_keyslot grub_luks2_keyslot_= t; > =20 > struct grub_luks2_segment > { > + grub_uint64_t slot_key; > grub_uint64_t offset; > const char *size; > const char *encryption; > @@ -112,6 +114,7 @@ typedef struct grub_luks2_segment grub_luks2_segment_= t; > =20 > struct grub_luks2_digest > { > + grub_uint64_t slot_key; > /* Both keyslots and segments are interpreted as bitfields here */ > grub_uint64_t keyslots; > grub_uint64_t segments; > @@ -259,12 +262,12 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_lu= ks2_digest_t *d, grub_luks2_s > { > grub_json_t keyslots, keyslot, digests, digest, segments, segment; > grub_size_t i, size; > - grub_uint64_t keyslot_key, digest_key, segment_key; > + grub_uint64_t digest_key, segment_key; > =20 > /* Get nth keyslot */ > if (grub_json_getvalue (&keyslots, root, "keyslots") || > grub_json_getchild (&keyslot, &keyslots, keyslot_idx) || > - grub_json_getuint64 (&keyslot_key, &keyslot, NULL) || > + grub_json_getuint64 (&k->slot_key, &keyslot, NULL) || > grub_json_getchild (&keyslot, &keyslot, 0) || > luks2_parse_keyslot (k, &keyslot)) > return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse keyslot i= ndex %"PRIuGRUB_SIZE, keyslot_idx); > @@ -281,11 +284,12 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_lu= ks2_digest_t *d, grub_luks2_s > luks2_parse_digest (d, &digest)) > return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest index= %"PRIuGRUB_SIZE, i); > =20 > - if ((d->keyslots & (1 << keyslot_key))) > + d->slot_key =3D digest_key; > + if ((d->keyslots & (1 << k->slot_key))) For my own understanding: why don't you directly parse the digest key into the structure as you do for the keyslot? That'd also allow us to get rid of the `digest_key` and `segment_key` variables. Patrick > break; > } > if (i =3D=3D size) > - return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot= \"%"PRIuGRUB_UINT64_T"\"", keyslot_key); > + return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot= \"%"PRIuGRUB_UINT64_T"\"", k->slot_key); > =20 > /* Get segment that matches the digest. */ > if (grub_json_getvalue (&segments, root, "segments") || > @@ -299,6 +303,7 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_luks= 2_digest_t *d, grub_luks2_s > luks2_parse_segment (s, &segment)) > return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse segment inde= x %"PRIuGRUB_SIZE, i); > =20 > + s->slot_key =3D segment_key; > if ((d->segments & (1 << segment_key))) > break; > } > @@ -599,11 +604,11 @@ luks2_recover_key (grub_disk_t source, > =20 > if (keyslot.priority =3D=3D 0) > { > - grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_SIZE" due to prio= rity\n", i); > + grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_UINT64_T" due to = priority\n", keyslot.slot_key); > continue; > } > =20 > - grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_SIZE"\n", i); > + grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_UINT64_T"\n", ke= yslot.slot_key); > =20 > /* Set up disk according to keyslot's segment. */ > crypt->offset_sectors =3D grub_divmod64 (segment.offset, segment.s= ector_size, NULL); > @@ -618,16 +623,16 @@ luks2_recover_key (grub_disk_t source, > (const grub_uint8_t *) passphrase, grub_strlen (passphrase)); > if (ret) > { > - grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE" fail= ed: %s\n", > - i, grub_errmsg); > + grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_UINT64_T" = failed: %s\n", > + keyslot.slot_key, grub_errmsg); > continue; > } > =20 > ret =3D luks2_verify_key (&digest, candidate_key, keyslot.key_size= ); > if (ret) > { > - grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE": %s\n= ", > - i, grub_errmsg); > + grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_UINT64_T": = %s\n", > + keyslot.slot_key, grub_errmsg); > continue; > } > =20 > @@ -635,7 +640,7 @@ luks2_recover_key (grub_disk_t source, > * TRANSLATORS: It's a cryptographic key slot: one element of an a= rray > * where each element is either empty or holds a key. > */ > - grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), i); > + grub_printf_ (N_("Slot %"PRIuGRUB_UINT64_T" opened\n"), keyslot.sl= ot_key); > =20 > candidate_key_len =3D keyslot.key_size; > break; > --=20 > 2.27.0 >=20 --ZKXIp0khK2H9PU7F Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAl+w+wgACgkQVbJhu7ck PpSWtg//dDc4bn89/bnV8wwa5gZ3ZVqVqoraDb/PdSqHoDDhgi12VNnMH56NhYX2 wNIeavcg+bWJrSv3Bs5CRSod1LxVnEF/2sQASRniA4BBIj/tz2S3syxObBmY8VIF 4VUj4zt128+HqPzNlLnxAKfarU/gaO0hq4HGoVDA8J85RmRZQu+QZ18FzV8Y9gZ5 /Z6YpgRIHWfvEJV+ZMosub6mdfiMhyAqA6rjTLz5eyYYJAQQbrUiKAssSH2hp3o8 aHsgOlbreD6Z+dDbK66CCZ3mM5xQfyCBIMIbDx5FYIYYc28PLKGXuSZorUKu9fkz gglX7mIvO+EABrK/gCZJRMieylv9izFWyOH1HIE9T1W3Klv1+ucMysGs7maW7cT3 KIGwxSmnJyrA/1cBuybd4eSaHbehlEhaL00iFXDZFfb7EOebt6CPPXNXR4frFQXa NteuS/dNcFJkZPNLVvPlGZQx77KqKYjcFJp0t/nTb6mUB9o1LbrpYPUJ6skkGYEW TjuifsEl0+tK37ablrH/xSVKAxPDGjZl+6mZ9/dveQCxTl1PzLrt6nsgzbXK/lYu JRY32UlWkPX0s3prXu6DWd372ttmcBZkVifcDv2V7p9ntLdWZkoMIzaquT+ihNuC 3Qf0UWE7wNxGf41FTdWeBsxm0uSKF1QxfqdBqvdZK3o7wLo0Pis= =YrDV -----END PGP SIGNATURE----- --ZKXIp0khK2H9PU7F--