From: Patrick Steinhardt <ps@pks.im>
To: grub-devel@gnu.org
Cc: Patrick Steinhardt <ps@pks.im>,
Max Tottenham <mtottenh@akamai.com>,
Daniel Kiper <dkiper@net-space.pl>
Subject: [PATCH v4 0/6] Support for LUKS2 disk encryption
Date: Mon, 18 Nov 2019 09:45:11 +0100 [thread overview]
Message-ID: <cover.1574066413.git.ps@pks.im> (raw)
In-Reply-To: <cover.1572717208.git.ps@pks.im>
Hi,
another week, another new version of this patch series. Changes
to v3 include the following:
- Renamed `err` variables to `ret`.
- Fixed formatting of multiline comments.
- Aligned struct members.
- Moved some defines around.
- Added EXPORT_FUNC() to the JSON interface.
All in all it's mostly cosmetical changes to better match GRUB's
coding style. I've attached the range-diff against v3 to this
mail.
Patrick
Patrick Steinhardt (6):
json: Import upstream jsmn-1.1.0
json: Implement wrapping interface
bootstrap: Add gnulib's base64 module
afsplitter: Move into its own module
luks: Move configuration of ciphers into cryptodisk
disk: Implement support for LUKS2
Makefile.util.def | 4 +-
bootstrap.conf | 3 +-
conf/Makefile.extra-dist | 1 +
docs/grub-dev.texi | 14 +
docs/grub.texi | 5 +-
grub-core/Makefile.core.def | 19 +-
grub-core/disk/AFSplitter.c | 3 +
grub-core/disk/cryptodisk.c | 163 ++++-
grub-core/disk/luks.c | 190 +----
grub-core/disk/luks2.c | 674 ++++++++++++++++++
grub-core/lib/gnulib-patches/fix-base64.patch | 23 +
grub-core/lib/json/jsmn.h | 468 ++++++++++++
grub-core/lib/json/json.c | 240 +++++++
grub-core/lib/json/json.h | 103 +++
include/grub/cryptodisk.h | 3 +
15 files changed, 1733 insertions(+), 180 deletions(-)
create mode 100644 grub-core/disk/luks2.c
create mode 100644 grub-core/lib/gnulib-patches/fix-base64.patch
create mode 100644 grub-core/lib/json/jsmn.h
create mode 100644 grub-core/lib/json/json.c
create mode 100644 grub-core/lib/json/json.h
Range-diff against v3:
1: 7bd619827 ! 1: 2469e96f9 json: Import upstream jsmn-1.1.0
@@ Commit message
[1]: https://github.com/zserge/jsmn
Signed-off-by: Patrick Steinhardt <ps@pks.im>
+ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
## docs/grub-dev.texi ##
@@ docs/grub-dev.texi: to update it.
2: 680b5add5 ! 2: 126fd8408 json: Implement wrapping interface
@@ grub-core/lib/json/json.c
+{
+ grub_json_t *json = NULL;
+ jsmn_parser parser;
-+ grub_err_t err;
++ grub_err_t ret = GRUB_ERR_NONE;
+ int jsmn_err;
+
++ if (!string)
++ return GRUB_ERR_BAD_ARGUMENT;
++
+ json = grub_zalloc (sizeof (*json));
+ if (!json)
+ return GRUB_ERR_OUT_OF_MEMORY;
-+ json->idx = 0;
+ json->string = string;
-+ if (!json->string)
-+ {
-+ err = GRUB_ERR_OUT_OF_MEMORY;
-+ goto out;
-+ }
+
++ /*
++ * Parse the string twice: first to determine how many tokens
++ * we need to allocate, second to fill allocated tokens.
++ */
+ jsmn_init(&parser);
+ jsmn_err = jsmn_parse (&parser, string, string_len, NULL, 0);
+ if (jsmn_err <= 0)
+ {
-+ err = GRUB_ERR_BAD_ARGUMENT;
-+ goto out;
++ ret = GRUB_ERR_BAD_ARGUMENT;
++ goto err;
+ }
+
+ json->tokens = grub_malloc (sizeof (jsmntok_t) * jsmn_err);
+ if (!json->tokens)
+ {
-+ err = GRUB_ERR_OUT_OF_MEMORY;
-+ goto out;
++ ret = GRUB_ERR_OUT_OF_MEMORY;
++ goto err;
+ }
+
-+ jsmn_init(&parser);
++ jsmn_init (&parser);
+ jsmn_err = jsmn_parse (&parser, string, string_len, json->tokens, jsmn_err);
+ if (jsmn_err <= 0)
+ {
-+ err = GRUB_ERR_BAD_ARGUMENT;
-+ goto out;
++ ret = GRUB_ERR_BAD_ARGUMENT;
++ goto err;
+ }
+
-+ err = GRUB_ERR_NONE;
+ *out = json;
-+out:
-+ if (err && json)
++
++ err:
++ if (ret && json)
+ {
+ grub_free (json->string);
+ grub_free (json->tokens);
+ grub_free (json);
+ }
-+ return err;
++ return ret;
+}
+
+void
@@ grub-core/lib/json/json.c
+grub_json_getsize (const grub_json_t *json)
+{
+ jsmntok_t *p = &((jsmntok_t *)json->tokens)[json->idx];
++
+ return p->size;
+}
+
@@ grub-core/lib/json/json.c
+grub_json_gettype (const grub_json_t *json)
+{
+ jsmntok_t *p = &((jsmntok_t *)json->tokens)[json->idx];
++
+ switch (p->type)
+ {
+ case JSMN_OBJECT:
@@ grub-core/lib/json/json.c
+ default:
+ break;
+ }
++
+ return GRUB_JSON_UNDEFINED;
+}
+
@@ grub-core/lib/json/json.c
+ jsmntok_t *p = &((jsmntok_t *)parent->tokens)[parent->idx];
+ grub_size_t offset = 1;
+
-+ if (n >= (unsigned) p->size)
++ if (n >= (grub_size_t) p->size)
+ return GRUB_ERR_BAD_ARGUMENT;
+
+ while (n--)
@@ grub-core/lib/json/json.c
+{
+ const grub_json_t *p = parent;
+ grub_json_t child;
++ grub_err_t ret;
+ jsmntok_t *tok;
+
+ if (key)
+ {
-+ grub_err_t err = grub_json_getvalue (&child, parent, key);
-+ if (err)
-+ return err;
++ ret = grub_json_getvalue (&child, parent, key);
++ if (ret)
++ return ret;
+ p = &child;
+ }
+
@@ grub-core/lib/json/json.c
+{
+ grub_json_type_t type;
+ const char *value;
-+ grub_err_t err;
++ grub_err_t ret;
+
-+ err = get_value(&type, &value, parent, key);
-+ if (err)
-+ return err;
++ ret = get_value(&type, &value, parent, key);
++ if (ret)
++ return ret;
+ if (type != GRUB_JSON_STRING)
+ return GRUB_ERR_BAD_ARGUMENT;
+
@@ grub-core/lib/json/json.c
+{
+ grub_json_type_t type;
+ const char *value;
-+ grub_err_t err;
++ grub_err_t ret;
+
-+ err = get_value(&type, &value, parent, key);
-+ if (err)
-+ return err;
++ ret = get_value(&type, &value, parent, key);
++ if (ret)
++ return ret;
+ if (type != GRUB_JSON_STRING && type != GRUB_JSON_PRIMITIVE)
+ return GRUB_ERR_BAD_ARGUMENT;
+
@@ grub-core/lib/json/json.c
+{
+ grub_json_type_t type;
+ const char *value;
-+ grub_err_t err;
++ grub_err_t ret;
+
-+ err = get_value(&type, &value, parent, key);
-+ if (err)
-+ return err;
++ ret = get_value(&type, &value, parent, key);
++ if (ret)
++ return ret;
+ if (type != GRUB_JSON_STRING && type != GRUB_JSON_PRIMITIVE)
+ return GRUB_ERR_BAD_ARGUMENT;
+
@@ grub-core/lib/json/json.h (new)
+};
+typedef struct grub_json grub_json_t;
+
-+/* Parse a JSON-encoded string. Note that the string passed to
++/*
++ * Parse a JSON-encoded string. Note that the string passed to
+ * this function will get modified on subsequent calls to
-+ * `grub_json_get*`. Returns the root object of the parsed JSON
-+ * object, which needs to be free'd via `grub_json_free`.
++ * grub_json_get*(). Returns the root object of the parsed JSON
++ * object, which needs to be free'd via grub_json_free().
+ */
-+grub_err_t
-+grub_json_parse (grub_json_t **out, char *string, grub_size_t string_len);
++extern grub_err_t EXPORT_FUNC(grub_json_parse) (grub_json_t **out,
++ char *string,
++ grub_size_t string_len);
+
-+/* Free the structure and its contents. The string passed to
-+ * `grub_json_parse` will not be free'd.
++/*
++ * Free the structure and its contents. The string passed to
++ * grub_json_parse() will not be free'd.
+ */
-+void
-+grub_json_free (grub_json_t *json);
++extern void EXPORT_FUNC(grub_json_free) (grub_json_t *json);
+
-+/* Get the child count of the given JSON token. Children are
-+ * present for arrays, objects (dicts) and keys of a dict. */
-+grub_size_t
-+grub_json_getsize (const grub_json_t *json);
++/*
++ * Get the child count of the given JSON token. Children are
++ * present for arrays, objects (dicts) and keys of a dict.
++ */
++extern grub_size_t EXPORT_FUNC(grub_json_getsize) (const grub_json_t *json);
+
+/* Get the type of the given JSON token. */
-+grub_json_type_t
-+grub_json_gettype (const grub_json_t *json);
++extern grub_json_type_t EXPORT_FUNC(grub_json_gettype) (const grub_json_t *json);
+
-+/* Get n'th child of object, array or key. Will return an error if no
-+ * such child exists. The result does not need to be free'd. */
-+grub_err_t
-+grub_json_getchild (grub_json_t *out, const grub_json_t *parent, grub_size_t n);
++/*
++ * Get n'th child of object, array or key. Will return an error if no
++ * such child exists. The result does not need to be free'd.
++ */
++extern grub_err_t EXPORT_FUNC(grub_json_getchild) (grub_json_t *out,
++ const grub_json_t *parent,
++ grub_size_t n);
+
-+/* Get value of key from a JSON object. The result does not need
-+ * to be free'd. */
-+grub_err_t
-+grub_json_getvalue (grub_json_t *out, const grub_json_t *parent, const char *key);
++/*
++ * Get value of key from a JSON object. The result does not need
++ * to be free'd.
++ */
++extern grub_err_t EXPORT_FUNC(grub_json_getvalue) (grub_json_t *out,
++ const grub_json_t *parent,
++ const char *key);
+
+/* Get the string representation of a JSON object. */
-+grub_err_t
-+grub_json_getstring (const char **out, const grub_json_t *parent, const char *key);
++extern grub_err_t EXPORT_FUNC(grub_json_getstring) (const char **out,
++ const grub_json_t *parent,
++ const char *key);
+
+/* Get the uint64 representation of a JSON object. */
-+grub_err_t
-+grub_json_getuint64 (grub_uint64_t *out, const grub_json_t *parent, const char *key);
++extern grub_err_t EXPORT_FUNC(grub_json_getuint64) (grub_uint64_t *out,
++ const grub_json_t *parent,
++ const char *key);
+
+/* Get the int64 representation of a JSON object. */
-+grub_err_t
-+grub_json_getint64 (grub_int64_t *out, const grub_json_t *parent, const char *key);
++extern grub_err_t EXPORT_FUNC(grub_json_getint64) (grub_int64_t *out,
++ const grub_json_t *parent,
++ const char *key);
+
+#endif
3: 461696fe7 = 3: e29ef98a2 bootstrap: Add gnulib's base64 module
4: 18cfacbe5 = 4: f95f7b1c2 afsplitter: Move into its own module
5: 1a185b6d8 = 5: 5a3bb8742 luks: Move configuration of ciphers into cryptodisk
6: 9d88fcbab ! 6: 9c21363ee disk: Implement support for LUKS2
@@ docs/grub.texi: is requested interactively. Option @var{device} configures speci
devices; option @option{-b} configures all geli containers that have boot flag set.
-GRUB suports devices encrypted using LUKS and geli. Note that necessary modules (@var{luks} and @var{geli}) have to be loaded manually before this command can
-+GRUB suports devices encrypted using LUKS and geli. Note that necessary modules (@var{luks}, @var{luks2} and @var{geli}) have to be loaded manually before this command can
- be used.
+-be used.
++GRUB suports devices encrypted using LUKS, LUKS2 and geli. Note that necessary
++modules (@var{luks}, @var{luks2} and @var{geli}) have to be loaded manually
++before this command can be used.
@end deffn
+
## grub-core/Makefile.core.def ##
@@ grub-core/Makefile.core.def: module = {
@@ grub-core/disk/luks2.c (new)
+#include <base64.h>
+#include <json.h>
+
-+#define MAX_PASSPHRASE 256
-+
+GRUB_MOD_LICENSE ("GPLv3+");
+
-+gcry_err_code_t AF_merge (const gcry_md_spec_t * hash, grub_uint8_t * src,
-+ grub_uint8_t * dst, grub_size_t blocksize,
-+ grub_size_t blocknumbers);
++#define LUKS_MAGIC_1ST "LUKS\xBA\xBE"
++#define LUKS_MAGIC_2ND "SKUL\xBA\xBE"
++#define MAX_PASSPHRASE 256
+
+enum grub_luks2_kdf_type
+{
@@ grub-core/disk/luks2.c (new)
+/* On disk LUKS header */
+struct grub_luks2_header
+{
-+ char magic[6];
-+#define LUKS_MAGIC_1ST "LUKS\xBA\xBE"
-+#define LUKS_MAGIC_2ND "SKUL\xBA\xBE"
++ char magic[6];
+ grub_uint16_t version;
+ grub_uint64_t hdr_size;
+ grub_uint64_t seqid;
-+ char label[48];
-+ char csum_alg[32];
-+ grub_uint8_t salt[64];
-+ char uuid[40];
-+ char subsystem[48];
-+ grub_uint64_t hdr_offset;
-+ char _padding[184];
-+ grub_uint8_t csum[64];
-+ char _padding4096[7*512];
++ char label[48];
++ char csum_alg[32];
++ grub_uint8_t salt[64];
++ char uuid[40];
++ char subsystem[48];
++ grub_uint64_t hdr_offset;
++ char _padding[184];
++ grub_uint8_t csum[64];
++ char _padding4096[7*512];
+} GRUB_PACKED;
+typedef struct grub_luks2_header grub_luks2_header_t;
+
@@ grub-core/disk/luks2.c (new)
+ grub_int64_t priority;
+ struct
+ {
-+ const char *encryption;
++ const char *encryption;
+ grub_uint64_t offset;
+ grub_uint64_t size;
-+ grub_int64_t key_size;
++ grub_int64_t key_size;
+ } area;
+ struct
+ {
-+ const char *hash;
++ const char *hash;
+ grub_int64_t stripes;
+ } af;
+ struct
+ {
+ grub_luks2_kdf_type_t type;
-+ const char *salt;
++ const char *salt;
+ union
+ {
+ struct
@@ grub-core/disk/luks2.c (new)
+ } argon2i;
+ struct
+ {
-+ const char *hash;
++ const char *hash;
+ grub_int64_t iterations;
+ } pbkdf2;
+ } u;
@@ grub-core/disk/luks2.c (new)
+struct grub_luks2_segment
+{
+ grub_uint64_t offset;
-+ const char *size;
-+ const char *encryption;
-+ grub_int64_t sector_size;
++ const char *size;
++ const char *encryption;
++ grub_int64_t sector_size;
+};
+typedef struct grub_luks2_segment grub_luks2_segment_t;
+
+struct grub_luks2_digest
+{
+ /* Both keyslots and segments are interpreted as bitfields here */
-+ grub_uint64_t keyslots;
-+ grub_uint64_t segments;
-+ const char *salt;
-+ const char *digest;
-+ const char *hash;
-+ grub_int64_t iterations;
++ grub_uint64_t keyslots;
++ grub_uint64_t segments;
++ const char *salt;
++ const char *digest;
++ const char *hash;
++ grub_int64_t iterations;
+};
+typedef struct grub_luks2_digest grub_luks2_digest_t;
+
++gcry_err_code_t AF_merge (const gcry_md_spec_t * hash, grub_uint8_t * src,
++ grub_uint8_t * dst, grub_size_t blocksize,
++ grub_size_t blocknumbers);
++
+static grub_err_t
+luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot)
+{
@@ grub-core/disk/luks2.c (new)
+luks2_read_header (grub_disk_t disk, grub_luks2_header_t *outhdr)
+{
+ grub_luks2_header_t primary, secondary, *header = &primary;
-+ grub_err_t err;
++ grub_err_t ret;
+
+ /* Read the primary LUKS header. */
-+ err = grub_disk_read (disk, 0, 0, sizeof (primary), &primary);
-+ if (err)
-+ return err;
++ ret = grub_disk_read (disk, 0, 0, sizeof (primary), &primary);
++ if (ret)
++ return ret;
+
+ /* Look for LUKS magic sequence. */
-+ if (grub_memcmp (primary.magic, LUKS_MAGIC_1ST, sizeof (primary.magic))
-+ || grub_be_to_cpu16 (primary.version) != 2)
++ if (grub_memcmp (primary.magic, LUKS_MAGIC_1ST, sizeof (primary.magic)) ||
++ grub_be_to_cpu16 (primary.version) != 2)
+ return GRUB_ERR_BAD_SIGNATURE;
+
+ /* Read the secondary header. */
-+ err = grub_disk_read (disk, 0, grub_be_to_cpu64 (primary.hdr_size), sizeof (secondary), &secondary);
-+ if (err)
-+ return err;
++ ret = grub_disk_read (disk, 0, grub_be_to_cpu64 (primary.hdr_size), sizeof (secondary), &secondary);
++ if (ret)
++ return ret;
+
+ /* Look for LUKS magic sequence. */
-+ if (grub_memcmp (secondary.magic, LUKS_MAGIC_2ND, sizeof (secondary.magic))
-+ || grub_be_to_cpu16 (secondary.version) != 2)
++ if (grub_memcmp (secondary.magic, LUKS_MAGIC_2ND, sizeof (secondary.magic)) ||
++ grub_be_to_cpu16 (secondary.version) != 2)
+ return GRUB_ERR_BAD_SIGNATURE;
+
+ if (grub_be_to_cpu64 (primary.seqid) < grub_be_to_cpu64 (secondary.seqid))
@@ grub-core/disk/luks2.c (new)
+{
+ grub_cryptodisk_t cryptodisk;
+ grub_luks2_header_t header;
-+ grub_err_t err;
+
+ if (check_boot)
+ return NULL;
+
-+ err = luks2_read_header (disk, &header);
-+ if (err)
++ if (luks2_read_header (disk, &header))
+ {
+ grub_errno = GRUB_ERR_NONE;
+ return NULL;
@@ grub-core/disk/luks2.c (new)
+ cryptodisk = grub_zalloc (sizeof (*cryptodisk));
+ if (!cryptodisk)
+ return NULL;
++
+ COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (header.uuid));
++
+ grub_memcpy (cryptodisk->uuid, header.uuid, sizeof (header.uuid));
+ cryptodisk->modname = "luks2";
+ return cryptodisk;
@@ grub-core/disk/luks2.c (new)
+ grub_uint8_t digest[GRUB_CRYPTODISK_MAX_KEYLEN], salt[GRUB_CRYPTODISK_MAX_KEYLEN];
+ grub_size_t saltlen = sizeof (salt), digestlen = sizeof (digest);
+ const gcry_md_spec_t *hash;
-+ gcry_err_code_t gcry_err;
++ gcry_err_code_t gcry_ret;
+
-+ /* Decdoe both digest and salt */
++ /* Decode both digest and salt */
+ if (!base64_decode(d->digest, grub_strlen (d->digest), (char *)digest, &digestlen))
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid digest");
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid digest");
+ if (!base64_decode(d->salt, grub_strlen (d->salt), (char *)salt, &saltlen))
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid digest salt");
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid digest salt");
+
+ /* Configure the hash used for the digest. */
+ hash = grub_crypto_lookup_md_by_name (d->hash);
+ if (!hash)
-+ return grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash", d->hash);
++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash", d->hash);
+
+ /* Calculate the candidate key's digest */
-+ gcry_err = grub_crypto_pbkdf2 (hash,
++ gcry_ret = grub_crypto_pbkdf2 (hash,
+ candidate_key, candidate_key_len,
+ salt, saltlen,
+ d->iterations,
+ candidate_digest, digestlen);
-+ if (gcry_err)
-+ return grub_crypto_gcry_error (gcry_err);
++ if (gcry_ret)
++ return grub_crypto_gcry_error (gcry_ret);
+
+ if (grub_memcmp (candidate_digest, digest, digestlen) != 0)
-+ return grub_error (GRUB_ERR_ACCESS_DENIED, "Mismatching digests");
++ return grub_error (GRUB_ERR_ACCESS_DENIED, "Mismatching digests");
+
+ return GRUB_ERR_NONE;
+}
@@ grub-core/disk/luks2.c (new)
+ grub_size_t saltlen = sizeof (salt);
+ char cipher[32], *p;;
+ const gcry_md_spec_t *hash;
-+ gcry_err_code_t gcry_err;
-+ grub_err_t err;
++ gcry_err_code_t gcry_ret;
++ grub_err_t ret;
+
+ if (!base64_decode(k->kdf.salt, grub_strlen (k->kdf.salt),
+ (char *)salt, &saltlen))
+ {
-+ err = grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid keyslot salt");
++ ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid keyslot salt");
+ goto err;
+ }
+
@@ grub-core/disk/luks2.c (new)
+ switch (k->kdf.type)
+ {
+ case LUKS2_KDF_TYPE_ARGON2I:
-+ err = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
++ ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
+ goto err;
+ case LUKS2_KDF_TYPE_PBKDF2:
+ hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash);
+ if (!hash)
+ {
-+ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
++ ret = grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
+ k->kdf.u.pbkdf2.hash);
+ goto err;
+ }
+
-+ gcry_err = grub_crypto_pbkdf2 (hash, (grub_uint8_t *) passphrase,
++ gcry_ret = grub_crypto_pbkdf2 (hash, (grub_uint8_t *) passphrase,
+ passphraselen,
+ salt, saltlen,
+ k->kdf.u.pbkdf2.iterations,
+ area_key, k->area.key_size);
-+ if (gcry_err)
++ if (gcry_ret)
+ {
-+ err = grub_crypto_gcry_error (gcry_err);
++ ret = grub_crypto_gcry_error (gcry_ret);
+ goto err;
+ }
+
@@ grub-core/disk/luks2.c (new)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid encryption");
+ *p = '\0';
+
-+ err = grub_cryptodisk_setcipher (crypt, cipher, p + 1);
-+ if (err)
-+ return err;
++ ret = grub_cryptodisk_setcipher (crypt, cipher, p + 1);
++ if (ret)
++ return ret;
+
-+ gcry_err = grub_cryptodisk_setkey (crypt, area_key, k->area.key_size);
-+ if (gcry_err)
++ gcry_ret = grub_cryptodisk_setkey (crypt, area_key, k->area.key_size);
++ if (gcry_ret)
+ {
-+ err = grub_crypto_gcry_error (gcry_err);
++ ret = grub_crypto_gcry_error (gcry_ret);
+ goto err;
+ }
+
@@ grub-core/disk/luks2.c (new)
+ split_key = grub_malloc (k->area.size);
+ if (!split_key)
+ {
-+ err = grub_errno;
++ ret = grub_errno;
+ goto err;
+ }
+
+ grub_errno = GRUB_ERR_NONE;
-+ err = grub_disk_read (disk, 0, k->area.offset, k->area.size, split_key);
-+ if (err)
++ ret = grub_disk_read (disk, 0, k->area.offset, k->area.size, split_key);
++ if (ret)
+ {
+ grub_dprintf ("luks2", "Read error: %s\n", grub_errmsg);
+ goto err;
+ }
+
-+ gcry_err = grub_cryptodisk_decrypt (crypt, split_key, k->area.size, 0);
-+ if (gcry_err)
++ gcry_ret = grub_cryptodisk_decrypt (crypt, split_key, k->area.size, 0);
++ if (gcry_ret)
+ {
-+ err = grub_crypto_gcry_error (gcry_err);
++ ret = grub_crypto_gcry_error (gcry_ret);
+ goto err;
+ }
+
@@ grub-core/disk/luks2.c (new)
+ hash = grub_crypto_lookup_md_by_name (k->af.hash);
+ if (!hash)
+ {
-+ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
++ ret = grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
+ k->af.hash);
+ goto err;
+ }
+
+ /* Merge the decrypted key material to get the candidate master key. */
-+ gcry_err = AF_merge (hash, split_key, out_key, k->key_size, k->af.stripes);
-+ if (gcry_err)
++ gcry_ret = AF_merge (hash, split_key, out_key, k->key_size, k->af.stripes);
++ if (gcry_ret)
+ {
-+ err = grub_crypto_gcry_error (gcry_err);
++ ret = grub_crypto_gcry_error (gcry_ret);
+ goto err;
+ }
+
+ grub_dprintf ("luks2", "Candidate key recovered\n");
+
-+err:
++ err:
+ grub_free (split_key);
-+ return err;
++ return ret;
+}
+
+static grub_err_t
@@ grub-core/disk/luks2.c (new)
+ grub_luks2_keyslot_t keyslot;
+ grub_luks2_digest_t digest;
+ grub_luks2_segment_t segment;
-+ gcry_err_code_t gcry_err;
++ gcry_err_code_t gcry_ret;
+ grub_json_t *json = NULL, keyslots;
-+ grub_err_t err;
++ grub_err_t ret;
+
-+ err = luks2_read_header (disk, &header);
-+ if (err)
-+ return err;
++ ret = luks2_read_header (disk, &header);
++ if (ret)
++ return ret;
+
+ json_header = grub_zalloc (grub_be_to_cpu64 (header.hdr_size) - sizeof (header));
+ if (!json_header)
+ return GRUB_ERR_OUT_OF_MEMORY;
+
+ /* Read the JSON area. */
-+ err = grub_disk_read (disk, 0, grub_be_to_cpu64 (header.hdr_offset) + sizeof (header),
++ ret = grub_disk_read (disk, 0, grub_be_to_cpu64 (header.hdr_offset) + sizeof (header),
+ grub_be_to_cpu64 (header.hdr_size) - sizeof (header), json_header);
-+ if (err)
++ if (ret)
+ goto err;
+
+ ptr = grub_memchr(json_header, 0, grub_be_to_cpu64 (header.hdr_size) - sizeof (header));
+ if (!ptr)
+ goto err;
+
-+ err = grub_json_parse (&json, json_header, grub_be_to_cpu64 (header.hdr_size));
-+ if (err)
++ ret = grub_json_parse (&json, json_header, grub_be_to_cpu64 (header.hdr_size));
++ if (ret)
+ {
-+ err = grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid LUKS2 JSON header");
++ ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid LUKS2 JSON header");
+ goto err;
+ }
+
@@ grub-core/disk/luks2.c (new)
+ crypt->uuid);
+ if (!grub_password_get (passphrase, MAX_PASSPHRASE))
+ {
-+ err = grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
++ ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
+ goto err;
+ }
+
-+ err = grub_json_getvalue (&keyslots, json, "keyslots");
-+ if (err)
++ ret = grub_json_getvalue (&keyslots, json, "keyslots");
++ if (ret)
+ goto err;
+
+ /* Try all keyslot */
+ for (i = 0; i < grub_json_getsize (&keyslots); i++)
+ {
-+ err = luks2_get_keyslot (&keyslot, &digest, &segment, json, i);
-+ if (err)
++ ret = luks2_get_keyslot (&keyslot, &digest, &segment, json, i);
++ if (ret)
+ goto err;
+
+ if (keyslot.priority == 0)
@@ grub-core/disk/luks2.c (new)
+ else
+ crypt->total_length = grub_strtoull(segment.size, NULL, 10);
+
-+ err = luks2_decrypt_key (candidate_key, disk, crypt, &keyslot,
++ ret = luks2_decrypt_key (candidate_key, disk, crypt, &keyslot,
+ (const grub_uint8_t *) passphrase, grub_strlen (passphrase));
-+ if (err)
++ if (ret)
+ {
+ grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE" failed", i);
+ continue;
+ }
+
-+ err = luks2_verify_key (&digest, candidate_key, keyslot.key_size);
-+ if (err)
++ ret = luks2_verify_key (&digest, candidate_key, keyslot.key_size);
++ if (ret)
+ {
+ grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE"\n", i);
+ continue;
+ }
+
-+ /* TRANSLATORS: It's a cryptographic key slot: one element of an array
-+ where each element is either empty or holds a key. */
++ /*
++ * TRANSLATORS: It's a cryptographic key slot: one element of an array
++ * where each element is either empty or holds a key.
++ */
+ grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), i);
+
+ candidate_key_len = keyslot.key_size;
@@ grub-core/disk/luks2.c (new)
+ }
+ if (candidate_key_len == 0)
+ {
-+ err = grub_error (GRUB_ERR_ACCESS_DENIED, "Invalid passphrase");
++ ret = grub_error (GRUB_ERR_ACCESS_DENIED, "Invalid passphrase");
+ goto err;
+ }
+
@@ grub-core/disk/luks2.c (new)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid encryption");
+ *ptr = '\0';
+
-+ err = grub_cryptodisk_setcipher (crypt, cipher, ptr + 1);
-+ if (err)
++ ret = grub_cryptodisk_setcipher (crypt, cipher, ptr + 1);
++ if (ret)
+ goto err;
+
+ /* Set the master key. */
-+ gcry_err = grub_cryptodisk_setkey (crypt, candidate_key, candidate_key_len);
-+ if (gcry_err)
++ gcry_ret = grub_cryptodisk_setkey (crypt, candidate_key, candidate_key_len);
++ if (gcry_ret)
+ {
-+ err = grub_crypto_gcry_error (gcry_err);
++ ret = grub_crypto_gcry_error (gcry_ret);
+ goto err;
+ }
+
-+err:
++ err:
+ grub_free (part);
+ grub_free (json_header);
+ grub_json_free (json);
-+ return err;
++ return ret;
+}
+
+static struct grub_cryptodisk_dev luks2_crypto = {
--
2.24.0
next prev parent reply other threads:[~2019-11-18 8:45 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-02 18:06 [PATCH 0/6] Support for LUKS2 disc encryption Patrick Steinhardt
2019-11-02 18:06 ` [PATCH 1/6] jsmn: Add JSON parser Patrick Steinhardt
2019-11-02 18:06 ` [PATCH 2/6] jsmn: Add convenience functions Patrick Steinhardt
2019-11-04 10:26 ` Max Tottenham
2019-11-04 11:00 ` Patrick Steinhardt
2019-11-04 17:42 ` Daniel Kiper
2019-11-04 18:56 ` Patrick Steinhardt
2019-11-06 11:44 ` Daniel Kiper
2019-11-06 13:08 ` Patrick Steinhardt
2019-11-13 11:16 ` Daniel Kiper
2019-11-02 18:06 ` [PATCH 3/6] bootstrap: Add gnulib's base64 module Patrick Steinhardt
2019-11-04 10:30 ` Max Tottenham
2019-11-04 11:02 ` Patrick Steinhardt
2019-11-02 18:06 ` [PATCH 4/6] afsplitter: Move into its own module Patrick Steinhardt
2019-11-02 18:06 ` [PATCH 5/6] luks: Move configuration of ciphers into cryptodisk Patrick Steinhardt
2019-11-02 18:06 ` [PATCH 6/6] disk: Implement support for LUKS2 Patrick Steinhardt
2019-11-05 6:58 ` [PATCH v2 0/6] Support for LUKS2 disk encryption Patrick Steinhardt
2019-11-05 6:58 ` [PATCH v2 1/6] json: Import upstream jsmn-1.1.0 Patrick Steinhardt
2019-11-05 6:58 ` [PATCH v2 2/6] json: Implement wrapping interface Patrick Steinhardt
2019-11-05 9:54 ` Max Tottenham
2019-11-05 6:58 ` [PATCH v2 3/6] bootstrap: Add gnulib's base64 module Patrick Steinhardt
2019-11-06 12:04 ` Daniel Kiper
2019-11-05 6:58 ` [PATCH v2 4/6] afsplitter: Move into its own module Patrick Steinhardt
2019-11-06 12:06 ` Daniel Kiper
2019-11-05 6:58 ` [PATCH v2 5/6] luks: Move configuration of ciphers into cryptodisk Patrick Steinhardt
2019-11-06 12:22 ` Daniel Kiper
2019-11-05 6:58 ` [PATCH v2 6/6] disk: Implement support for LUKS2 Patrick Steinhardt
2019-11-13 13:22 ` [PATCH v3 0/6] Support for LUKS2 disk encryption Patrick Steinhardt
2019-11-13 13:22 ` [PATCH v3 1/6] json: Import upstream jsmn-1.1.0 Patrick Steinhardt
2019-11-14 10:15 ` Daniel Kiper
2019-11-13 13:22 ` [PATCH v3 2/6] json: Implement wrapping interface Patrick Steinhardt
2019-11-14 12:37 ` Daniel Kiper
2019-11-14 13:12 ` Patrick Steinhardt
2019-11-15 11:56 ` Daniel Kiper
2019-11-15 12:36 ` Patrick Steinhardt
2019-11-18 14:45 ` Daniel Kiper
2019-11-26 6:22 ` Patrick Steinhardt
2019-11-13 13:22 ` [PATCH v3 3/6] bootstrap: Add gnulib's base64 module Patrick Steinhardt
2019-11-13 13:22 ` [PATCH v3 4/6] afsplitter: Move into its own module Patrick Steinhardt
2019-11-13 13:22 ` [PATCH v3 5/6] luks: Move configuration of ciphers into cryptodisk Patrick Steinhardt
2019-11-13 13:22 ` [PATCH v3 6/6] disk: Implement support for LUKS2 Patrick Steinhardt
2019-11-15 12:31 ` Daniel Kiper
2019-11-15 12:55 ` Patrick Steinhardt
2019-11-18 8:45 ` Patrick Steinhardt [this message]
2019-11-18 8:45 ` [PATCH v4 1/6] json: Import upstream jsmn-1.1.0 Patrick Steinhardt
2019-11-18 8:45 ` [PATCH v4 2/6] json: Implement wrapping interface Patrick Steinhardt
2019-11-18 14:14 ` Daniel Kiper
2019-11-18 15:46 ` Patrick Steinhardt
2019-11-18 16:29 ` Daniel Kiper
2019-11-18 8:45 ` [PATCH v4 3/6] bootstrap: Add gnulib's base64 module Patrick Steinhardt
2019-11-18 8:45 ` [PATCH v4 4/6] afsplitter: Move into its own module Patrick Steinhardt
2019-11-18 8:45 ` [PATCH v4 5/6] luks: Move configuration of ciphers into cryptodisk Patrick Steinhardt
2019-11-18 8:45 ` [PATCH v4 6/6] disk: Implement support for LUKS2 Patrick Steinhardt
2019-11-18 14:33 ` Daniel Kiper
2019-11-29 6:51 ` [PATCH v5 0/6] Support for LUKS2 disk encryption Patrick Steinhardt
2019-11-29 6:51 ` [PATCH v5 1/6] json: Import upstream jsmn-1.1.0 Patrick Steinhardt
2019-11-29 6:51 ` [PATCH v5 2/6] json: Implement wrapping interface Patrick Steinhardt
2019-11-29 15:34 ` Daniel Kiper
2019-12-06 17:24 ` Patrick Steinhardt
2019-12-08 22:49 ` Daniel Kiper
2019-11-29 6:51 ` [PATCH v5 3/6] bootstrap: Add gnulib's base64 module Patrick Steinhardt
2019-11-29 6:51 ` [PATCH v5 4/6] afsplitter: Move into its own module Patrick Steinhardt
2019-11-29 6:51 ` [PATCH v5 5/6] luks: Move configuration of ciphers into cryptodisk Patrick Steinhardt
2019-11-29 6:51 ` [PATCH v5 6/6] disk: Implement support for LUKS2 Patrick Steinhardt
2019-12-10 9:26 ` [PATCH v6 0/6] Support for LUKS2 disk encryption Patrick Steinhardt
2019-12-10 9:26 ` [PATCH v6 1/6] json: Import upstream jsmn-1.1.0 Patrick Steinhardt
2019-12-10 9:26 ` [PATCH v6 2/6] json: Implement wrapping interface Patrick Steinhardt
2019-12-13 18:56 ` Daniel Kiper
2019-12-10 9:26 ` [PATCH v6 3/6] bootstrap: Add gnulib's base64 module Patrick Steinhardt
2019-12-10 9:26 ` [PATCH v6 4/6] afsplitter: Move into its own module Patrick Steinhardt
2019-12-10 9:26 ` [PATCH v6 5/6] luks: Move configuration of ciphers into cryptodisk Patrick Steinhardt
2019-12-10 9:26 ` [PATCH v6 6/6] disk: Implement support for LUKS2 Patrick Steinhardt
2019-12-16 12:25 ` Daniel Kiper
2019-12-16 12:37 ` Patrick Steinhardt
2019-12-16 13:05 ` Daniel Kiper
2019-12-16 13:10 ` Patrick Steinhardt
2019-12-16 13:15 ` Daniel Kiper
2019-12-20 19:33 ` [PATCH v6 0/6] Support for LUKS2 disk encryption Daniel Kiper
2019-12-27 15:08 ` Patrick Steinhardt
2019-12-27 15:18 ` [PATCH v7 " Patrick Steinhardt
2019-12-27 15:18 ` [PATCH v7 1/6] json: Import upstream jsmn-1.1.0 Patrick Steinhardt
2019-12-27 15:18 ` [PATCH v7 2/6] json: Implement wrapping interface Patrick Steinhardt
2019-12-27 15:18 ` [PATCH v7 3/6] bootstrap: Add gnulib's base64 module Patrick Steinhardt
2019-12-27 15:18 ` [PATCH v7 4/6] afsplitter: Move into its own module Patrick Steinhardt
2019-12-27 15:18 ` [PATCH v7 5/6] luks: Move configuration of ciphers into cryptodisk Patrick Steinhardt
2019-12-27 15:18 ` [PATCH v7 6/6] disk: Implement support for LUKS2 Patrick Steinhardt
2020-01-10 14:23 ` [PATCH v7 0/6] Support for LUKS2 disk encryption Daniel Kiper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1574066413.git.ps@pks.im \
--to=ps@pks.im \
--cc=dkiper@net-space.pl \
--cc=grub-devel@gnu.org \
--cc=mtottenh@akamai.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.