[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 03/10] luks2: Use more intuitive keyslot key instead of in
From: |
Patrick Steinhardt |
Subject: |
Re: [PATCH v3 03/10] luks2: Use more intuitive keyslot key instead of index when naming keyslot. |
Date: |
Fri, 23 Oct 2020 19:55:47 +0200 |
On Mon, Oct 19, 2020 at 06:09:51PM -0500, Glenn Washburn wrote:
> Use the keyslot key value in the keyslot json array rather than the index of
> the keyslot in the json array. This is less confusing for the end user. For
> example, say you have a LUKS2 device with a key in slot 1 and slot 4. When
> using the password for slot 4 to unlock the device, the messages using the
> index of the keyslot will mention keyslot 1 (its a zero-based index).
> Furthermore,with this change the keyslot number will align with the number
> used to reference the keyslot when using the --key-slot argument to
> cryptsetup.
>
> Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Patrick Steinhardt <ps@pks.im>
Patrick
> ---
> grub-core/disk/luks2.c | 23 ++++++++++++-----------
> 1 file changed, 12 insertions(+), 11 deletions(-)
>
> diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
> index c3cd63606..4e1e47161 100644
> --- a/grub-core/disk/luks2.c
> +++ b/grub-core/disk/luks2.c
> @@ -65,6 +65,7 @@ typedef struct grub_luks2_header grub_luks2_header_t;
>
> struct grub_luks2_keyslot
> {
> + grub_uint64_t slot_key;
> grub_int64_t key_size;
> grub_int64_t priority;
> struct
> @@ -259,12 +260,12 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k,
> grub_luks2_digest_t *d, grub_luks2_s
> {
> grub_json_t keyslots, keyslot, digests, digest, segments, segment;
> grub_size_t i, size;
> - grub_uint64_t keyslot_key, digest_key, segment_key;
> + grub_uint64_t digest_key, segment_key;
>
> /* Get nth keyslot */
> if (grub_json_getvalue (&keyslots, root, "keyslots") ||
> grub_json_getchild (&keyslot, &keyslots, keyslot_idx) ||
> - grub_json_getuint64 (&keyslot_key, &keyslot, NULL) ||
> + grub_json_getuint64 (&k->slot_key, &keyslot, NULL) ||
> grub_json_getchild (&keyslot, &keyslot, 0) ||
> luks2_parse_keyslot (k, &keyslot))
> return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse keyslot index
> %"PRIuGRUB_SIZE, keyslot_idx);
> @@ -281,11 +282,11 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k,
> grub_luks2_digest_t *d, grub_luks2_s
> luks2_parse_digest (d, &digest))
> return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest index
> %"PRIuGRUB_SIZE, i);
>
> - if ((d->keyslots & (1 << keyslot_key)))
> + if ((d->keyslots & (1 << k->slot_key)))
> break;
> }
> if (i == size)
> - return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot
> \"%"PRIuGRUB_UINT64_T"\"", keyslot_key);
> + return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot
> \"%"PRIuGRUB_UINT64_T"\"", k->slot_key);
>
> /* Get segment that matches the digest. */
> if (grub_json_getvalue (&segments, root, "segments") ||
> @@ -599,11 +600,11 @@ luks2_recover_key (grub_disk_t disk,
>
> if (keyslot.priority == 0)
> {
> - grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_SIZE" due to
> priority\n", i);
> + grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_UINT64_T" due to
> priority\n", keyslot.slot_key);
> continue;
> }
>
> - grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_SIZE"\n", i);
> + grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_UINT64_T"\n",
> keyslot.slot_key);
>
> /* Set up disk according to keyslot's segment. */
> crypt->offset = grub_divmod64 (segment.offset, segment.sector_size,
> NULL);
> @@ -618,16 +619,16 @@ luks2_recover_key (grub_disk_t disk,
> (const grub_uint8_t *) passphrase, grub_strlen
> (passphrase));
> if (ret)
> {
> - grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE"
> failed: %s\n",
> - i, grub_errmsg);
> + grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_UINT64_T"
> failed: %s\n",
> + keyslot.slot_key, grub_errmsg);
> continue;
> }
>
> ret = luks2_verify_key (&digest, candidate_key, keyslot.key_size);
> if (ret)
> {
> - grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE":
> %s\n",
> - i, grub_errmsg);
> + grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_UINT64_T":
> %s\n",
> + keyslot.slot_key, grub_errmsg);
> continue;
> }
>
> @@ -635,7 +636,7 @@ luks2_recover_key (grub_disk_t disk,
> * TRANSLATORS: It's a cryptographic key slot: one element of an array
> * where each element is either empty or holds a key.
> */
> - grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), i);
> + grub_printf_ (N_("Slot %"PRIuGRUB_UINT64_T" opened\n"),
> keyslot.slot_key);
>
> candidate_key_len = keyslot.key_size;
> break;
> --
> 2.27.0
signature.asc
Description: PGP signature
- Re: [PATCH v2 10/10] luks2: Rename source disk variabled named 'disk' to 'source' as in luks.c., (continued)
Re: [PATCH v2 00/10] Cryptodisk fixes for v2.06 redux, Patrick Steinhardt, 2020/10/09
- [PATCH v3 00/10] Cryptodisk fixes for v2.06 redux, Glenn Washburn, 2020/10/19
- [PATCH v3 02/10] luks2: Improve readability in luks2_get_keyslot., Glenn Washburn, 2020/10/19
- Re: [PATCH v3 02/10] luks2: Improve readability in luks2_get_keyslot., Daniel Kiper, 2020/10/23
- Re: [PATCH v3 02/10] luks2: Improve readability in luks2_get_keyslot., Glenn Washburn, 2020/10/29
- Re: [PATCH v3 02/10] luks2: Improve readability in luks2_get_keyslot., Daniel Kiper, 2020/10/30
[PATCH v3 03/10] luks2: Use more intuitive keyslot key instead of index when naming keyslot., Glenn Washburn, 2020/10/19
Re: [PATCH v3 03/10] luks2: Use more intuitive keyslot key instead of index when naming keyslot.,
Patrick Steinhardt <=
[PATCH v3 01/10] luks2: Fix use of incorrect index and some grub_error() messages., Glenn Washburn, 2020/10/19
Re: [PATCH v3 01/10] luks2: Fix use of incorrect index and some grub_error() messages., Daniel Kiper, 2020/10/23
Re: [PATCH v3 01/10] luks2: Fix use of incorrect index and some grub_error() messages., Patrick Steinhardt, 2020/10/23
[PATCH v3 07/10] cryptodisk: Replace some literals with constants in grub_cryptodisk_endecrypt., Glenn Washburn, 2020/10/19
Re: [PATCH v3 07/10] cryptodisk: Replace some literals with constants in grub_cryptodisk_endecrypt., Patrick Steinhardt, 2020/10/23
Re: [PATCH v3 07/10] cryptodisk: Replace some literals with constants in grub_cryptodisk_endecrypt., Glenn Washburn, 2020/10/26
Re: [PATCH v3 07/10] cryptodisk: Replace some literals with constants in grub_cryptodisk_endecrypt., Patrick Steinhardt, 2020/10/28
Re: [PATCH v3 07/10] cryptodisk: Replace some literals with constants in grub_cryptodisk_endecrypt., Daniel Kiper, 2020/10/27
Re: [PATCH v3 07/10] cryptodisk: Replace some literals with constants in grub_cryptodisk_endecrypt., Glenn Washburn, 2020/10/29
Re: [PATCH v3 07/10] cryptodisk: Replace some literals with constants in grub_cryptodisk_endecrypt., Daniel Kiper, 2020/10/30