From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1k9njI-00006Z-JP for mharc-grub-devel@gnu.org; Sun, 23 Aug 2020 07:00:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41578) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k9njH-000065-0k for grub-devel@gnu.org; Sun, 23 Aug 2020 07:00:03 -0400 Received: from new2-smtp.messagingengine.com ([66.111.4.224]:53939) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k9njD-00084D-It for grub-devel@gnu.org; Sun, 23 Aug 2020 07:00:02 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailnew.nyi.internal (Postfix) with ESMTP id 6090C58032F; Sun, 23 Aug 2020 06:59:58 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Sun, 23 Aug 2020 06:59:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=date :from:to:cc:subject:message-id:mime-version:content-type; s=fm1; bh=6Tou6Cnz8hnJK3CAt58T8ZXXCEOu/yNWy3pjCWWLdBI=; b=il3isd4kP/Oo UrTOjC0nCbVEHZuaPC3UfgFU7lVkKItUAx2mBBVCkFPoFRPgLcj/lp3vFjVHKo96 OMQGhhUxT+T1yXf04g6+rZDF30z1BVJa04PK5HWPS6k5ig4K9XQggIpdzSuUxQvV SG/sIui08fS5oEw2AlO/Ngasn1SJqae2xBMFUWIfKRXbIbNhbxZ0bjpsLq8W9JKF UaHMPI47Yk81KOxciaY+hKAi/tXaiy/ZCFUNJDJ8Q93MB31gbzgKECcybYyghbTx o6jz4ROsd5UcvXu1TypUQeTCgXpeZYVF8ZiJLdKKVSjyRcLeqznQvRm6c03n6Ps6 AkmVln24zA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=6Tou6Cnz8hnJK3CAt58T8ZXXCEOu/ yNWy3pjCWWLdBI=; b=Daq9JtQ6y7RAgSC3RdoYStQvM7tE2g/bfrdJPn0nMacH7 xSgZiEG1kV0R2PGX8AQna+VtWG2DjVGl8ghaF6A42pxmYXYl3eXKdiFul8XVkY6r fMOMafOG9gp1aAMwfRsXORYJ2+3YGhYg4Xq0UahaDtgWfsf/tD6XeL6SC9f7M5LS wFXpaG70S13Wr2lrzDCMv+OIfzUx48wYLdX18rApnHnqsxt0W0xukubYWWnX2ttz f5WEQkSyBkCTScS33CCC8cqhRIU3FcfVuP8mzFGZaxHrs6itNAgpo2eejA/FhCcT dPlQD8ySLDMeSy3VfvNDKyUW4RqhDW/tUb7Cks5Tw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudduiedgfeeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfggtggusehgtderredttddvnecuhfhrohhmpefrrghtrhhitghk ucfuthgvihhnhhgrrhguthcuoehpshesphhkshdrihhmqeenucggtffrrghtthgvrhhnpe ejieefvdeuleffgfejudffvdeghfeigfejgfdvvdefudevffefveffhffgkeeiffenucfk phepjeejrddukeefrdehkedrudelheenucevlhhushhtvghrufhiiigvpedtnecurfgrrh grmhepmhgrihhlfhhrohhmpehpshesphhkshdrihhm X-ME-Proxy: Received: from vm-mail.pks.im (x4db73ac3.dyn.telefonica.de [77.183.58.195]) by mail.messagingengine.com (Postfix) with ESMTPA id 512073280059; Sun, 23 Aug 2020 06:59:47 -0400 (EDT) Received: from localhost (ncase [10.192.0.11]) by vm-mail.pks.im (OpenSMTPD) with ESMTPSA id 745880fb (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sun, 23 Aug 2020 10:59:45 +0000 (UTC) Date: Sun, 23 Aug 2020 12:59:47 +0200 From: Patrick Steinhardt To: grub-devel@gnu.org Cc: Denis 'GNUtoo' Carikli , Glenn Washburn , Daniel Kiper Subject: [PATCH 0/9] Cryptodisk fixes for v2.06 Message-ID: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="T4sUOijqQbZv57TR" Content-Disposition: inline Received-SPF: pass client-ip=66.111.4.224; envelope-from=ps@pks.im; helo=new2-smtp.messagingengine.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/23 06:59:58 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Aug 2020 11:00:03 -0000 --T4sUOijqQbZv57TR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I've sifted through the mailing list contents of the last few months to cherry-pick cryptodisk bugfixes which I think should be included in the v2.06 release. I've found the following 9 patches from Glenn and me which should probably be included, separated them out from their respective patch series and made them play nice with each other. This patch series shouldn't be applied as-is, but my intention is instead to bundle all fixes which apply to v2.06 in a single thread to make discussion easier and help us keep track of what needs to be done. I've got some comments which I've sent to the original threads already and added notes below. - luks2: grub_cryptodisk_t->total_length is the max number of device native sectors I'm not sure if this fix is correct, mostly because I think that `grub_disk_get_size` is buggy already: it returns sectors for partitions and the total size for disks. So I do think we need another patch to fix that function, too. - cryptodisk: Incorrect calculation of start sector for grub_disk_read in grub_cryptodisk_read The patch looks correct to me and matches what both LUKS and LUKS2 on-disk format say. But I'm surprised our code ever worked correctly without this fix, which does make me feel uncomfortable. - cryptodisk: Properly handle non-512 byte sized sectors Should we pick this for v2.06? It definitely fixes things, but also feels a bit like feature-enablement. I've added my Reviewed-by to those patches which look obviously correct to me. Glenn, please let me know if this somehow interferes with your work or if you'd like to handle upstreaming of those fixes yourself. Patrick Glenn Washburn (6): luks2: Fix use of incorrect index and some error messages luks2: grub_cryptodisk_t->total_length is the max number of device native sectors cryptodisk: Unregister cryptomount command when removing module cryptodisk: Incorrect calculation of start sector for grub_disk_read in grub_cryptodisk_read cryptodisk: Fix cipher IV mode 'plain64' always being set as 'plain' cryptodisk: Properly handle non-512 byte sized sectors Patrick Steinhardt (3): json: Remove invalid typedef redefinition luks: Fix out-of-bounds copy of UUID luks2: Improve error reporting when decrypting/verifying key grub-core/disk/cryptodisk.c | 56 +++++++++++++++++++++---------------- grub-core/disk/luks.c | 7 +++-- grub-core/disk/luks2.c | 33 +++++++++++++--------- grub-core/lib/json/json.h | 9 +++--- include/grub/cryptodisk.h | 2 +- 5 files changed, 62 insertions(+), 45 deletions(-) --=20 2.28.0 --T4sUOijqQbZv57TR Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAl9CTCMACgkQVbJhu7ck PpTUHg/+P5PfrV3T/Zh6zLqpxilvMl83DAYKtXd7u/+exGVC+TsA2oTgVJykdJ/i /AnRdD+B3wQupLAYuISCaLoUSxe49/Ts+cB9i5lcz5niTl3/jViGVZGEvH1bId2A ZsCmnuPejM4zDITkilFopP6e2JsrFo/qW1j3LqwPfv1VqRkbz4c2dfH9D8r1whm5 s3j6SBvxRHiXI/4GyqQctF0R+Jc7I0WQOrNhJiunXa/N2AeEYMwtYYCvET0r8lNB Q9yP+zukhXVwhhra1CjbHEKKl4gmnZz7tYaF5OSQBkJapEkubOme16TW8XI/Ex/P 0AohMY4hKtYa54HfEAIVrOo/6ar3s5U59zasELsgwRbZIin5E8TA51eLSP/T6+m0 LO1CLDPhZwHr8xDM03P3tNtoXQzgEtB6VNBHzyQACrmqVEnaE6S3YvO02DLpNVwu TgjRIZ1hCFkl7PaHpUBe+H3tvnr74TuEaQUESe7cn4Xtz1UV2IZ2QBFH5Npb52Ij LMiweFvHrHE4iBOGZmSzxYmFf+oQkdFNaVS3h5VQ0dnbPTIhlv5dK1cjAhiTLkv1 G6aC46FU6lOBhyNNyBPeA9OHPTqAEdCnesTkGlr9UJ2rsAzsOQTilo2TQ5ScAIvk oe75c0D7gwB/xEPebT04ORmxwdJHPinxdKeaWK2L+txbfJzSk1s= =i0e4 -----END PGP SIGNATURE----- --T4sUOijqQbZv57TR--