From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1kluFi-0001vO-4F for mharc-grub-devel@gnu.org; Sun, 06 Dec 2020 08:39:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:51574) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kluFV-0001sV-2n for grub-devel@gnu.org; Sun, 06 Dec 2020 08:38:50 -0500 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:32833) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kluFP-0005vu-8q for grub-devel@gnu.org; Sun, 06 Dec 2020 08:38:48 -0500 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id D92D59C2; Sun, 6 Dec 2020 08:38:41 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Sun, 06 Dec 2020 08:38:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm2; bh=2peBHcePggq8xjIlqmpXsIZF58K CdcvB7WovoLR6dn0=; b=DkgS10enP7TcNQRBGRhjznbBzYRN8RZZsDQhWdRd/K3 JLbAWqNw6i6vyMA1N5u1lcjB1rm66Xp7RMILVQ50aozXRo9mvkuCTzFYBZi0abqs REWhR00XIY+1rHXgDRd0KWbXqnysGB8Lh/mtbjY12OvktvaJX1CjRddF+sHOhdwd 2jtgfX+FWbqB6X+PKxLwqSxOkrxrUao3hec0nSfrb2ScWJfdKbad+UHRnEeuPGry HrLY0txs7EAqN+ZTYs8onc8Ht/AfD5TtPo+D8EqOHT0HYzph5dqecllY8Ilj5T2+ WfM+ynrMbI5YZdzENd1VRs/6igNxXcVdyWmkybrcYbw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=2peBHc ePggq8xjIlqmpXsIZF58KCdcvB7WovoLR6dn0=; b=YVERctgpnolOS9DjQdCS6o 0twKqvosFGkpY/XQy/Ii+2A/J0OAprROZjLpDDjawBi/CYJ/FY864R6uFU9YCCrc ZsBmMAJ/DOycrLCmZGQMdwkYpDYT7Q844ZoWu9kLbjzhlhU3zXnFSfY94RAhJoEH OXap1tbljdR5y87BdJ6q0Hr+PzY0mUI/zjvdFiyaixekcloaphkDkYfrGN3zpCGU fx2Eq+hbzG5uXRUtJazxecK/A/Vn64+KqU/VgBuH8PNEDFSkfdfGEPARcxlESOMP T8h8XprJ32I2oQ1JEFgWbInyAhWu6+IxnSvQ2Okk0fO2DkeckpW5FZzeO03x090g == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudejvddgheehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefrrghtrhhi tghkucfuthgvihhnhhgrrhguthcuoehpshesphhkshdrihhmqeenucggtffrrghtthgvrh hnpeehgefhtdefueffheekgfffudelffejtdfhvdejkedthfehvdelgfetgfdvtedthfen ucfkphepjeejrddukeefrddujedruddutdenucevlhhushhtvghrufhiiigvpedunecurf grrhgrmhepmhgrihhlfhhrohhmpehpshesphhkshdrihhm X-ME-Proxy: Received: from vm-mail (x4db7116e.dyn.telefonica.de [77.183.17.110]) by mail.messagingengine.com (Postfix) with ESMTPA id 4B81B24005A; Sun, 6 Dec 2020 08:38:39 -0500 (EST) Received: from localhost (ncase [10.192.0.11]) by vm-mail (OpenSMTPD) with ESMTPSA id 580b5f35 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sun, 6 Dec 2020 13:38:37 +0000 (UTC) Date: Sun, 6 Dec 2020 14:38:37 +0100 From: Patrick Steinhardt To: Glenn Washburn Cc: grub-devel@gnu.org, Daniel Kiper Subject: Re: [PATCH v7 00/17] Cryptodisk fixes for v2.06 redux Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Q6qVJMQnLxQZh0Ac" Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=64.147.123.24; envelope-from=ps@pks.im; helo=wout1-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Dec 2020 13:38:57 -0000 --Q6qVJMQnLxQZh0Ac Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 04, 2020 at 10:43:29AM -0600, Glenn Washburn wrote: > This patch series is an update to reflect changes suggested in v6. Of not= e, > there are a few new patches: 01, 02, and 04. >=20 > 01: Daniel suggested to renae grub_disk_get_size to grub_disk_native_se= ctors > 02: Make ALIGN_UP and ALIGN_DOWN safer > 04: Make luks2_parse_digest() safer The patches I reviewed look good to me. I gotta jump, so I'll hopefully get to the remaining patches this evening. Also note that I accidentally posted SOBs for the first few ones. These should've been Reviewed-by's. Thanks for all your work! Patrick > Glenn >=20 > Glenn Washburn (17): > disk: Rename grub_disk_get_size to grub_disk_native_sectors > misc: Add parentheses around ALIGN_UP and ALIGN_DOWN arguments > luks2: Remove unused argument in grub_error > luks2: Make sure all fields of output argument in luks2_parse_digest() > are written to > luks2: Add json_slot_key member to struct > grub_luks2_keyslot/segment/digest > luks2: Use more intuitive slot key instead of index in user messages > luks2: Add string "index" to user strings using a json index. > cryptodisk: Add macro GRUB_TYPE_BITS() to replace some literals > cryptodisk: Add macros GRUB_TYPE_U_MAX/MIN(type) to replace literals > luks2: grub_cryptodisk_t->total_sectors is the max number of device > native sectors > cryptodisk: Properly handle non-512 byte sized sectors > luks2: Better error handling when setting up the cryptodisk > luks2: Error check segment.sector_size > whitespace: convert 8 spaces to tabs > mips: Enable __clzdi2() > misc: Add grub_log2ull macro for calculating log base 2 of 64-bit > integers > luks2: Use grub_log2ull to calculate log_sector_size and improve > readability >=20 > grub-core/disk/cryptodisk.c | 64 +++++++----- > grub-core/disk/diskfilter.c | 12 +-- > grub-core/disk/dmraid_nvidia.c | 2 +- > grub-core/disk/efi/efidisk.c | 2 +- > grub-core/disk/geli.c | 6 +- > grub-core/disk/ldm.c | 4 +- > grub-core/disk/luks.c | 7 +- > grub-core/disk/luks2.c | 160 +++++++++++++++++++++++------ > grub-core/disk/mdraid1x_linux.c | 2 +- > grub-core/disk/mdraid_linux.c | 2 +- > grub-core/fs/cbfs.c | 16 +-- > grub-core/fs/nilfs2.c | 2 +- > grub-core/fs/zfs/zfs.c | 4 +- > grub-core/kern/compiler-rt.c | 2 +- > grub-core/kern/disk.c | 2 +- > grub-core/kern/mips/arc/init.c | 2 +- > grub-core/normal/misc.c | 6 +- > grub-core/osdep/windows/platform.c | 2 +- > include/grub/compiler-rt.h | 2 +- > include/grub/cryptodisk.h | 8 +- > include/grub/disk.h | 21 +++- > include/grub/misc.h | 7 +- > include/grub/types.h | 9 ++ > util/grub-install.c | 2 +- > util/grub-probe.c | 2 +- > 25 files changed, 249 insertions(+), 99 deletions(-) >=20 > Range-diff against v6: > -: --------- > 1: 7e79d6fb1 disk: Rename grub_disk_get_size to grub_d= isk_native_sectors > -: --------- > 2: 77f9671d5 misc: Add parentheses around ALIGN_UP and= ALIGN_DOWN arguments > 3: 8527be145 ! 3: d1a36aa79 luks2: Remove unused argument in grub_err= or > @@ Metadata > ## Commit message ## > luks2: Remove unused argument in grub_error > =20 > + Reviewed-by: Daniel Kiper > + > ## grub-core/disk/luks2.c ## > @@ grub-core/disk/luks2.c: luks2_parse_segment (grub_luks2_segment_t= *out, const grub_json_t *segment) > grub_json_getstring (&out->size, segment, "size") || > -: --------- > 4: dab43e033 luks2: Make sure all fields of output arg= ument in luks2_parse_digest() are written to > 1: 6262aefe9 ! 5: 35f47644c luks2: Add slot_key member to struct grub= _luks2_keyslot/segment/digest > @@ Metadata > Author: Glenn Washburn > =20 > ## Commit message ## > - luks2: Add slot_key member to struct grub_luks2_keyslot/segment/= digest > + luks2: Add json_slot_key member to struct grub_luks2_keyslot/seg= ment/digest > =20 > This allows code using these structs to know the named key assoc= iated with > these json data structures. In the future we can use these to pr= ovide better > error messages to the user. > =20 > - Get rid of idx variable in luks2_get_keyslot which was overloade= d to be used > - for both keyslot and segment slot keys. > + Get rid of idx variable in luks2_get_keyslot() which was overloa= ded to be > + used for both keyslot and segment slot keys. > =20 > ## grub-core/disk/luks2.c ## > @@ grub-core/disk/luks2.c: typedef struct grub_luks2_header grub_luk= s2_header_t; > =20 > struct grub_luks2_keyslot > { > -+ grub_uint64_t slot_key; > ++ /* The integer key to the associative array of keyslots */ > ++ grub_uint64_t json_slot_key; > grub_int64_t key_size; > grub_int64_t priority; > struct > @@ grub-core/disk/luks2.c: typedef struct grub_luks2_keyslot grub_luk= s2_keyslot_t; > =20 > struct grub_luks2_segment > { > -+ grub_uint64_t slot_key; > ++ grub_uint64_t json_slot_key; > grub_uint64_t offset; > const char *size; > const char *encryption; > @@ grub-core/disk/luks2.c: typedef struct grub_luks2_segment grub_luk= s2_segment_t; > =20 > struct grub_luks2_digest > { > -+ grub_uint64_t slot_key; > ++ grub_uint64_t json_slot_key; > /* Both keyslots and segments are interpreted as bitfields here */ > grub_uint64_t keyslots; > grub_uint64_t segments; > @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k= , grub_luks2_d > if (grub_json_getvalue (&keyslots, root, "keyslots") || > grub_json_getchild (&keyslot, &keyslots, keyslot_idx) || > - grub_json_getuint64 (&idx, &keyslot, NULL) || > -+ grub_json_getuint64 (&k->slot_key, &keyslot, NULL) || > ++ grub_json_getuint64 (&k->json_slot_key, &keyslot, NULL) || > grub_json_getchild (&keyslot, &keyslot, 0) || > luks2_parse_keyslot (k, &keyslot)) > return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse keys= lot %"PRIuGRUB_SIZE, keyslot_idx); > @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k= , grub_luks2_d > for (i =3D 0; i < size; i++) > { > if (grub_json_getchild (&digest, &digests, i) || > -+ grub_json_getuint64 (&d->slot_key, &digest, NULL) || > ++ grub_json_getuint64 (&d->json_slot_key, &digest, NULL) || > grub_json_getchild (&digest, &digest, 0) || > luks2_parse_digest (d, &digest)) > return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest = %"PRIuGRUB_SIZE, i); > =20 > - if ((d->keyslots & (1 << idx))) > -+ if ((d->keyslots & (1 << k->slot_key))) > ++ if ((d->keyslots & (1 << k->json_slot_key))) > break; > } > if (i =3D=3D size) > @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k= , grub_luks2_d > { > if (grub_json_getchild (&segment, &segments, i) || > - grub_json_getuint64 (&idx, &segment, NULL) || > -+ grub_json_getuint64 (&s->slot_key, &segment, NULL) || > ++ grub_json_getuint64 (&s->json_slot_key, &segment, NULL) || > grub_json_getchild (&segment, &segment, 0) || > luks2_parse_segment (s, &segment)) > return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse segment= %"PRIuGRUB_SIZE, i); > =20 > - if ((d->segments & (1 << idx))) > -+ if ((d->segments & (1 << s->slot_key))) > ++ if ((d->segments & (1 << s->json_slot_key))) > break; > } > if (i =3D=3D size) > 2: 3cd52834b ! 6: e52887944 luks2: Use more intuitive slot key instea= d of index in user messages. > @@ Metadata > Author: Glenn Washburn > =20 > ## Commit message ## > - luks2: Use more intuitive slot key instead of index in user mess= ages. > + luks2: Use more intuitive slot key instead of index in user mess= ages > =20 > Use the slot key name in the json array rather than the 0 based = index in the > json array for keyslots, segments, and digests. This is less con= fusing for > @@ Commit message > messages using the index of the keyslot will mention keyslot 1 (= its a > zero-based index). Furthermore, with this change the keyslot num= ber will > align with the number used to reference the keyslot when using t= he > - --key-slot argument to cryptsetup. Error messages now distinguis= h between > - indexes and slot keys. The former include the string "index" in = the error > - string, and the later are surrounded in quotes. > + --key-slot argument to cryptsetup. > =20 > ## grub-core/disk/luks2.c ## > @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *= k, grub_luks2_digest_t *d, grub_luks2_s > - grub_json_getuint64 (&k->slot_key, &keyslot, NULL) || > - grub_json_getchild (&keyslot, &keyslot, 0) || > - luks2_parse_keyslot (k, &keyslot)) > -- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse keys= lot %"PRIuGRUB_SIZE, keyslot_idx); > -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse keys= lot index %"PRIuGRUB_SIZE, keyslot_idx); > -=20 > - /* Get digest that matches the keyslot. */ > - if (grub_json_getvalue (&digests, root, "digests") || > -@@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *= k, grub_luks2_digest_t *d, grub_luks2_s > - grub_json_getuint64 (&d->slot_key, &digest, NULL) || > + grub_json_getuint64 (&d->json_slot_key, &digest, NULL) || > grub_json_getchild (&digest, &digest, 0) || > luks2_parse_digest (d, &digest)) > - return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest = %"PRIuGRUB_SIZE, i); > + return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest = index %"PRIuGRUB_SIZE, i); > =20 > - if ((d->keyslots & (1 << k->slot_key))) > + if ((d->keyslots & (1 << k->json_slot_key))) > break; > } > if (i =3D=3D size) > @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k= , grub_luks2_d > /* Get segment that matches the digest. */ > if (grub_json_getvalue (&segments, root, "segments") || > @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *= k, grub_luks2_digest_t *d, grub_luks2_s > - grub_json_getuint64 (&s->slot_key, &segment, NULL) || > - grub_json_getchild (&segment, &segment, 0) || > - luks2_parse_segment (s, &segment)) > -- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse segment= %"PRIuGRUB_SIZE, i); > -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse segment= index %"PRIuGRUB_SIZE, i); > -=20 > - if ((d->segments & (1 << s->slot_key))) > break; > } > if (i =3D=3D size) > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > if (keyslot.priority =3D=3D 0) > { > - grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_SIZE" due to= priority\n", i); > -+ grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_UINT64_T" du= e to priority\n", keyslot.slot_key); > ++ grub_dprintf ("luks2", "Ignoring keyslot \"%"PRIuGRUB_UINT64_T"\= " due to priority\n", keyslot.slot_key); > continue; > } > =20 > - grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_SIZE"\n", i= ); > -+ grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_UINT64_T"\n= ", keyslot.slot_key); > ++ grub_dprintf ("luks2", "Trying keyslot \"%"PRIuGRUB_UINT64_T"= \"\n", keyslot.slot_key); > =20 > /* Set up disk according to keyslot's segment. */ > crypt->offset_sectors =3D grub_divmod64 (segment.offset, segm= ent.sector_size, NULL); > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > { > - grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE"= failed: %s\n", > - i, grub_errmsg); > -+ grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_UINT6= 4_T" failed: %s\n", > ++ grub_dprintf ("luks2", "Decryption with keyslot \"%"PRIuGRUB_UIN= T64_T"\" failed: %s\n", > + keyslot.slot_key, grub_errmsg); > continue; > } > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > { > - grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE":= %s\n", > - i, grub_errmsg); > -+ grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_UINT64= _T": %s\n", > ++ grub_dprintf ("luks2", "Could not open keyslot \"%"PRIuGRUB_UINT= 64_T"\": %s\n", > + keyslot.slot_key, grub_errmsg); > continue; > } > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > * where each element is either empty or holds a key. > */ > - grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), i); > -+ grub_printf_ (N_("Slot %"PRIuGRUB_UINT64_T" opened\n"), keysl= ot.slot_key); > ++ grub_printf_ (N_("Slot \"%"PRIuGRUB_UINT64_T"\" opened\n"), k= eyslot.slot_key); > =20 > candidate_key_len =3D keyslot.key_size; > break; > 4: 1a248b679 < -: --------- cryptodisk: Replace some literals with co= nstants in grub_cryptodisk_endecrypt > -: --------- > 7: 43e3b6cce luks2: Add string "index" to user strings= using a json index. > -: --------- > 8: 4aa9757e1 cryptodisk: Add macro GRUB_TYPE_BITS() to= replace some literals > -: --------- > 9: d18993a63 cryptodisk: Add macros GRUB_TYPE_U_MAX/MI= N(type) to replace literals > 5: 45f5d644f ! 10: 7e8f242d1 luks2: grub_cryptodisk_t->total_sectors i= s the max number of device native sectors > @@ Commit message > =20 > We need to convert the sectors from the size of the underlying d= evice to the > cryptodisk sector size; segment.size is in bytes which need to b= e converted > - to cryptodisk sectors as well. And counter-intuitively, grub_dis= k_get_size > - returns the total number of device native sectors. > + to cryptodisk sectors as well. > =20 > Also, removed an empty statement. > =20 > - Signed-off-by: Glenn Washburn > + Reviewed-by: Daniel Kiper > =20 > ## grub-core/disk/luks2.c ## > @@ grub-core/disk/luks2.c: luks2_decrypt_key (grub_uint8_t *out_key, > 6: 6e01cafb1 ! 11: 1fe9c38ed cryptodisk: Properly handle non-512 byte = sized sectors > @@ Commit message > 512 (ie the IV increments every 512 bytes). This made these chan= ges less > aestetically pleasing than desired. > =20 > + Reviewed-by: Daniel Kiper > + > ## grub-core/disk/cryptodisk.c ## > @@ grub-core/disk/cryptodisk.c: lrw_xor (const struct lrw_sector *se= c, > static gcry_err_code_t > @@ grub-core/disk/cryptodisk.c: grub_cryptodisk_endecrypt (struct gru= b_cryptodisk * > } > break; > case GRUB_CRYPTODISK_MODE_IV_PLAIN64: > -- iv[1] =3D grub_cpu_to_le32 (sector >> 32); > +- iv[1] =3D grub_cpu_to_le32 (sector >> GRUB_TYPE_BITS (iv[0])); > - /* FALLTHROUGH */ > case GRUB_CRYPTODISK_MODE_IV_PLAIN: > - iv[0] =3D grub_cpu_to_le32 (sector & GRUB_TYPE_U_MAX (iv[0])); > @@ grub-core/disk/luks.c: configure_ciphers (grub_disk_t disk, const = char *check_uu > newdev->source_disk =3D NULL; > - newdev->log_sector_size =3D 9; > + newdev->log_sector_size =3D GRUB_LUKS1_LOG_SECTOR_SIZE; > - newdev->total_sectors =3D grub_disk_get_size (disk) - newdev->off= set_sectors; > + newdev->total_sectors =3D grub_disk_native_sectors (disk) - newde= v->offset_sectors; > grub_memcpy (newdev->uuid, uuid, sizeof (uuid)); > newdev->modname =3D "luks"; > @@ grub-core/disk/luks.c: luks_recover_key (grub_disk_t source, > 7: d8927c6bc ! 12: c9db343e8 luks2: Better error handling when setting= up the cryptodisk > @@ Commit message > an invalid segment, and continue on to the next key. > =20 > ## grub-core/disk/luks2.c ## > +@@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *= k, grub_luks2_digest_t *d, grub_luks2_s > + break; > + } > + if (i =3D=3D size) > +- return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for ke= yslot \"%"PRIuGRUB_UINT64_T"\"", k->slot_key); > ++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for ke= yslot \"%"PRIuGRUB_UINT64_T"\"", k->json_slot_key); > +=20 > + /* Get segment that matches the digest. */ > + if (grub_json_getvalue (&segments, root, "segments") || > +@@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *= k, grub_luks2_digest_t *d, grub_luks2_s > + break; > + } > + if (i =3D=3D size) > +- return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No segment for dig= est \"%"PRIuGRUB_UINT64_T"\"", d->slot_key); > ++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No segment for dig= est \"%"PRIuGRUB_UINT64_T"\"", d->json_slot_key); > +=20 > + return GRUB_ERR_NONE; > + } > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > goto err; > } > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > =20 > if (keyslot.priority =3D=3D 0) > { > -@@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > +- grub_dprintf ("luks2", "Ignoring keyslot \"%"PRIuGRUB_UINT64_T"\= " due to priority\n", keyslot.slot_key); > ++ grub_dprintf ("luks2", "Ignoring keyslot \"%"PRIuGRUB_UINT64_T"\= " due to priority\n", keyslot.json_slot_key); > + continue; > + } > +=20 > +- grub_dprintf ("luks2", "Trying keyslot \"%"PRIuGRUB_UINT64_T"= \"\n", keyslot.slot_key); > ++ grub_dprintf ("luks2", "Trying keyslot \"%"PRIuGRUB_UINT64_T"= \"\n", keyslot.json_slot_key); > +=20 > + /* Set up disk according to keyslot's segment. */ > crypt->offset_sectors =3D grub_divmod64 (segment.offset, segm= ent.sector_size, NULL); > crypt->log_sector_size =3D sizeof (unsigned int) * 8 > - __builtin_clz ((unsigned int) segment.sector_size) - 1; > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > + " %"PRIuGRUB_UINT64_T" which is greater than" > + " source disk size %"PRIuGRUB_UINT64_T"," > + " skipping\n", > -+ segment.slot_key, crypt->offset_sectors, > ++ segment.json_slot_key, crypt->offset_sectors, > + max_crypt_sectors); > + continue; > + } > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > - crypt->total_sectors =3D grub_strtoull (segment.size, NULL, 10) >>= crypt->log_sector_size; > + { > + grub_errno =3D GRUB_ERR_NONE; > -+ crypt->total_sectors =3D grub_strtoull (segment.size, NULL, 10) = >> crypt->log_sector_size; > ++ /* Convert segment.size to sectors, rounding up to nearest secto= r */ > ++ crypt->total_sectors =3D grub_strtoull (segment.size, NULL, 10); > ++ crypt->total_sectors =3D ALIGN_UP (crypt->total_sectors, > ++ 1 << crypt->log_sector_size); > ++ crypt->total_sectors >>=3D crypt->log_sector_size; > ++ > + if (grub_errno =3D=3D GRUB_ERR_NONE) > + ; > -+ else if(grub_errno =3D=3D GRUB_ERR_BAD_NUMBER) > ++ else if (grub_errno =3D=3D GRUB_ERR_BAD_NUMBER) > + { > -+ /* TODO: Unparsable number-string, try to use the whole disk= */ > + grub_dprintf ("luks2", "Segment \"%"PRIuGRUB_UINT64_T"\" siz= e" > + " \"%s\" is not a parsable number\n", > -+ segment.slot_key, segment.size); > ++ segment.json_slot_key, segment.size); > + continue; > + } > -+ else if(grub_errno =3D=3D GRUB_ERR_OUT_OF_RANGE) > ++ else if (grub_errno =3D=3D GRUB_ERR_OUT_OF_RANGE) > + { > + /* > + * There was an overflow in parsing segment.size, so disk mu= st > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > + " %s overflowed 64-bit unsigned integer," > + " the end of the crypto device will be" > + " inaccessible\n", > -+ segment.slot_key, segment.size); > ++ segment.json_slot_key, segment.size); > + if (crypt->total_sectors > max_crypt_sectors) > + crypt->total_sectors =3D max_crypt_sectors; > + } > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > + { > + grub_dprintf ("luks2", "Segment \"%"PRIuGRUB_UINT64_T"\" has zer= o" > + " sectors, skipping\n", > -+ segment.slot_key); > ++ segment.json_slot_key); > + continue; > + } > + else if (max_crypt_sectors < (crypt->offset_sectors + crypt->= total_sectors)) > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > + " data position greater than source disk size," > + " the end of the crypto device will be" > + " inaccessible\n", > -+ segment.slot_key); > ++ segment.json_slot_key); > + /* Allow decryption up to the end of the source disk. */ > + crypt->total_sectors =3D max_crypt_sectors - crypt->offset_secto= rs; > + } > =20 > ret =3D luks2_decrypt_key (candidate_key, source, crypt, &key= slot, > (const grub_uint8_t *) passphrase, grub_strlen (passphras= e)); > + if (ret) > + { > + grub_dprintf ("luks2", "Decryption with keyslot \"%"PRIuGRUB_UIN= T64_T"\" failed: %s\n", > +- keyslot.slot_key, grub_errmsg); > ++ keyslot.json_slot_key, grub_errmsg); > + continue; > + } > +=20 > +@@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > + if (ret) > + { > + grub_dprintf ("luks2", "Could not open keyslot \"%"PRIuGRUB_UINT= 64_T"\": %s\n", > +- keyslot.slot_key, grub_errmsg); > ++ keyslot.json_slot_key, grub_errmsg); > + continue; > + } > +=20 > +@@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > + * TRANSLATORS: It's a cryptographic key slot: one element of= an array > + * where each element is either empty or holds a key. > + */ > +- grub_printf_ (N_("Slot \"%"PRIuGRUB_UINT64_T"\" opened\n"), k= eyslot.slot_key); > ++ grub_printf_ (N_("Slot \"%"PRIuGRUB_UINT64_T"\" opened\n"), k= eyslot.json_slot_key); > +=20 > + candidate_key_len =3D keyslot.key_size; > + break; > =20 > ## include/grub/disk.h ## > +@@ > + #include > + /* For NULL. */ > + #include > ++/* For ALIGN_UP. */ > ++#include > +=20 > + /* These are used to set a device id. When you add a new disk devic= e, > + you must define a new id for it here. */ > @@ include/grub/disk.h: typedef struct grub_disk_memberlist *grub_di= sk_memberlist_t; > - /* Return value of grub_disk_get_size() in case disk size is unknow= n. */ > + /* Return value of grub_disk_native_sectors() in case disk size is = unknown. */ > #define GRUB_DISK_SIZE_UNKNOWN 0xffffffffffffffffULL > =20 > +/* Convert sector number from disk sized sectors to a log-size size= d sector. */ > @@ include/grub/disk.h: typedef struct grub_disk_memberlist *grub_dis= k_memberlist_t > +{ > + if (disk->log_sector_size < log_sector_size) > + { > -+ /* Round up to the nearest log_sector_size sized sector. */ > -+ sector +=3D 1ULL << ((log_sector_size / disk->log_sector_size= ) - 1); > ++ sector =3D ALIGN_UP (sector, 1 << (log_sector_size / disk->lo= g_sector_size)); > + return sector >> (log_sector_size - disk->log_sector_size); > + } > + else > 8: fcd7aadb7 ! 13: 2fcef44b6 luks2: Error check segment.sector_size > @@ Metadata > ## Commit message ## > luks2: Error check segment.sector_size > =20 > + Reviewed-by: Daniel Kiper > + > ## grub-core/disk/luks2.c ## > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > =20 > - grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_UINT64_T"\n= ", keyslot.slot_key); > + grub_dprintf ("luks2", "Trying keyslot \"%"PRIuGRUB_UINT64_T"= \"\n", keyslot.json_slot_key); > =20 > + /* Sector size should be one of 512, 1024, 2048, or 4096. */ > + if (!(segment.sector_size =3D=3D 512 || segment.sector_size = =3D=3D 1024 || > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > + grub_dprintf ("luks2", "Segment \"%"PRIuGRUB_UINT64_T"\" sector" > + " size %"PRIuGRUB_UINT64_T" is not one of" > + " 512, 1024, 2048, or 4096\n", > -+ segment.slot_key, segment.sector_size); > ++ segment.json_slot_key, segment.sector_size); > + continue; > + } > + > 9: 61f77a1a8 ! 14: 74eed4a62 whitespace: convert 8 spaces to tabs. > @@ Metadata > Author: Glenn Washburn > =20 > ## Commit message ## > - whitespace: convert 8 spaces to tabs. > + whitespace: convert 8 spaces to tabs > + > + Reviewed-by: Daniel Kiper > =20 > ## grub-core/disk/luks2.c ## > @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *= k, grub_luks2_digest_t *d, grub_luks2_s > { > if (grub_json_getchild (&digest, &digests, i) || > - grub_json_getuint64 (&d->slot_key, &digest, NULL) || > + grub_json_getuint64 (&d->json_slot_key, &digest, NULL) || > - grub_json_getchild (&digest, &digest, 0) || > - luks2_parse_digest (d, &digest)) > + grub_json_getchild (&digest, &digest, 0) || > + luks2_parse_digest (d, &digest)) > return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest = index %"PRIuGRUB_SIZE, i); > =20 > - if ((d->keyslots & (1 << k->slot_key))) > + if ((d->keyslots & (1 << k->json_slot_key))) > @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *= k, grub_luks2_digest_t *d, grub_luks2_s > if (grub_json_getchild (&segment, &segments, i) || > - grub_json_getuint64 (&s->slot_key, &segment, NULL) || > + grub_json_getuint64 (&s->json_slot_key, &segment, NULL) || > grub_json_getchild (&segment, &segment, 0) || > - luks2_parse_segment (s, &segment)) > + luks2_parse_segment (s, &segment)) > return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse segment= index %"PRIuGRUB_SIZE, i); > =20 > - if ((d->segments & (1 << s->slot_key))) > + if ((d->segments & (1 << s->json_slot_key))) > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > { > - grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_UINT64_T" du= e to priority\n", keyslot.slot_key); > + grub_dprintf ("luks2", "Ignoring keyslot \"%"PRIuGRUB_UINT64_T"\= " due to priority\n", keyslot.json_slot_key); > continue; > - } > + } > =20 > - grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_UINT64_T"\n= ", keyslot.slot_key); > + grub_dprintf ("luks2", "Trying keyslot \"%"PRIuGRUB_UINT64_T"= \"\n", keyslot.json_slot_key); > =20 > 10: d71d26701 ! 15: 51c2e9160 mips: Enable __clzdi2() > @@ Commit message > __clzdi2()) but for MIPS target and __clzdi2 only, __clzsi2 was = already > enabled. > =20 > - Signed-off-by: Daniel Kiper > + Suggested-by: Daniel Kiper > =20 > ## grub-core/kern/compiler-rt.c ## > @@ grub-core/kern/compiler-rt.c: __clzsi2 (grub_uint32_t val) > 11: 8aa295f77 ! 16: 3b4ccda1f misc: Add grub_log2ull macro for calculat= ing log base 2 of 64-bit integers > @@ Metadata > ## Commit message ## > misc: Add grub_log2ull macro for calculating log base 2 of 64-bi= t integers > =20 > + Reviewed-by: Daniel Kiper > + > ## include/grub/misc.h ## > @@ include/grub/misc.h: void EXPORT_FUNC(grub_real_boot_time) (const= char *file, > #define grub_max(a, b) (((a) > (b)) ? (a) : (b)) > 12: 7050a4ace ! 17: 8b97e6887 luks2: Use grub_log2ull to calculate log_= sector_size and improve readability > @@ Metadata > ## Commit message ## > luks2: Use grub_log2ull to calculate log_sector_size and improve= readability > =20 > + Reviewed-by: Daniel Kiper > + > ## grub-core/disk/luks2.c ## > @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source, > =20 > --=20 > 2.27.0 >=20 --Q6qVJMQnLxQZh0Ac Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAl/M3twACgkQVbJhu7ck PpQ6ng/8DqVoKasVo37UJxBoGqafn1GykRpOywXfZbdENjwU2U7EC0zmUvgw1ekG ELcG8I13YDboOHsMeqA6vlcXG1VAXOBUmsqRClZM2vsWnL1zXMQ1KEn7pmmz4fLx 1VzzUjg9e+2d/jQ9X0D7HqYIUPdaZhEsacbxCeQHwv8uZMdYX5P36jJouXfc3jrk 582/g2ci9hgnuICNXbWE5SRi/9ZLVwSk63Q1DrBAIB+mtTjNQK2v5xx5uhk/n08L qb5OBJmRtXis3CpwE4j/0HHQ+lrVT/95i7wZQm6ZmdKIodt7t10LmXcSOueKhOsJ uTE0icSneSKj1DUvLCM5Cocc4TbimJ6L1yjM0BP//ihK48Qf3nvafxOEVDdrSq7B AD5YMulg9WN4YCHwZ4IPrPjrTGjPngpXe7sR7Ovd2Funz7thNCYCrIVK7dj+pmZt l3VPhRjzgqwOZCEUcb6eqXqq641vNj0v/Z2TKMTQWG3V1MtUIIzC5B35FrbKcp8e wnRCb9YBKU7GG99Csgdb1TNMIIw4/Ibb/WfwYRQ4dHdT7E5HRRsxudzvZX2vWZ0c 1KfgtR9hxRSpw7OVod07MffOTj51bV3AyWVtcmZx9VV7rKUZVJCIc525rkvGBiLj z/wshDCUlcEOuNIqDiVGff4L/5pqyg+PM2AZCIiKVuY33+G1EZE= =GK/U -----END PGP SIGNATURE----- --Q6qVJMQnLxQZh0Ac--