From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1kQowm-00041R-6I for mharc-grub-devel@gnu.org; Fri, 09 Oct 2020 05:44:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35698) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kQowk-000406-Sd for grub-devel@gnu.org; Fri, 09 Oct 2020 05:44:18 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:47723) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kQowh-0005wE-UT for grub-devel@gnu.org; Fri, 09 Oct 2020 05:44:18 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id C9EB15C010D; Fri, 9 Oct 2020 05:44:13 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Fri, 09 Oct 2020 05:44:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm2; bh=SKnsXyom5opCXHmDZHek+R6VcUI MaECAfDNMSnTpdec=; b=aPGhGXeDjXrUFrRwKqUfWBOAouVkknXKccbyWXZ/Xzs 2hObpPOPOgBXF9fdx8LPXaQ91iKnx/tzsxYeoc20zjKO4/sHrZ4gRb1+bovYv/rL 2BtoGwx15HrBgl5kDJgagFYikL643iklS7c0Dq94kKmMWd0wXboNZmCTVIsarord aI+hE4I5eLdJCwe9VkOP+hYNd9TQSLrld8uIKMxfoRZB0LMYJakEVFDdieqnc/oT k/J7x11enXac5H6mNee9xgb9y3nlBVuZGYy/V4g2OrQhosZAx1kM1s8Kffj5Lr66 pyC5DUH6AU1OePQjpkN/MY2gb55E3mQTp8Md6EAsFLw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=SKnsXy om5opCXHmDZHek+R6VcUIMaECAfDNMSnTpdec=; b=MeYVhgK7tlY9y2BiDvoV7p Nx/L0O+s7rLelD8OUSw2gJMDelA1D/ij1grNdMXPn1s6cx7y3CS9K1Wdqk7zHrCW RDdN3iLZX+BZXn1xniRzSfHu2vsormD9rLzjc8TwWM5W8ZInfIEPEfOOPIsOWKUF ZOYeEkMiEp57+tQhIcbMV90CriGg9sG5eB4Hx4gkv3k96G5C37/2d6GXqyOVgHaD KfrB+P1j7fJrW27ayxCSBRdNlwBJAaeKpiICu86mIGN0EDcS4UtN3cx9bMqgb5Rs sJAWMDBEVdwOxOmRKBb53QzswFUgafXmLduDF+Pj4uLsWtWxeO36uclDilCkBB2w == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrhedugddvtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkfhggtggujgesghdtreertddtvdenucfhrhhomheprfgrthhrihgt khcuufhtvghinhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvghrnh epheeghfdtfeeuffehkefgffduleffjedthfdvjeektdfhhedvlefgtefgvdettdfhnecu kfhppeejkedrheegrdefvddrudefgeenucevlhhushhtvghrufhiiigvpedtnecurfgrrh grmhepmhgrihhlfhhrohhmpehpshesphhkshdrihhm X-ME-Proxy: Received: from vm-mail.pks.im (dynamic-078-054-032-134.78.54.pool.telefonica.de [78.54.32.134]) by mail.messagingengine.com (Postfix) with ESMTPA id 905563280064; Fri, 9 Oct 2020 05:44:12 -0400 (EDT) Received: from localhost (tanuki [10.192.0.23]) by vm-mail.pks.im (OpenSMTPD) with ESMTPSA id cb17a11f (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 9 Oct 2020 09:44:11 +0000 (UTC) Date: Fri, 9 Oct 2020 11:44:15 +0200 From: Patrick Steinhardt To: Glenn Washburn Cc: grub-devel@gnu.org, Daniel Kiper Subject: Re: [PATCH v2 03/10] luks2: Use more intuitive keyslot key instead of index when naming keyslot. Message-ID: <20201009094415.GB2088@tanuki> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="7ZAtKRhVyVSsbBD2" Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=66.111.4.26; envelope-from=ps@pks.im; helo=out2-smtp.messagingengine.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/09 05:22:33 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2020 09:44:19 -0000 --7ZAtKRhVyVSsbBD2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Oct 03, 2020 at 05:55:27PM -0500, Glenn Washburn wrote: > Use the keyslot key value in the keyslot json array rather than the index= of > the keyslot in the json array. This is less confusing for the end user. F= or > example, say you have a LUKS2 device with a key in slot 1 and slot 4. When > using the password for slot 4 to unlock the device, the messages using the > index of the keyslot will mention keyslot 1 (its a zero-based index). > Furthermore,with this change the keyslot number will align with the number > used to reference the keyslot when using the --key-slot argument to > cryptsetup. The rationale does make sense to me, but I'm not sure I like cramming this information into another out-parameter. The result feels a bit hard to read to me and is not immediately obvious. How about we instead add another member "index" or similar to `struct grub_luks2_keyslot`? Patrick > Signed-off-by: Glenn Washburn > --- > grub-core/disk/luks2.c | 27 ++++++++++++++------------- > 1 file changed, 14 insertions(+), 13 deletions(-) >=20 > diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c > index c3cd63606..db251cce0 100644 > --- a/grub-core/disk/luks2.c > +++ b/grub-core/disk/luks2.c > @@ -255,16 +255,16 @@ luks2_parse_digest (grub_luks2_digest_t *out, const= grub_json_t *digest) > =20 > static grub_err_t > luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_luks2_digest_t *d, grub= _luks2_segment_t *s, > - const grub_json_t *root, grub_size_t keyslot_idx) > + grub_uint64_t *keyslot_key, const grub_json_t *root, grub_size_t ke= yslot_idx) > { > grub_json_t keyslots, keyslot, digests, digest, segments, segment; > grub_size_t i, size; > - grub_uint64_t keyslot_key, digest_key, segment_key; > + grub_uint64_t digest_key, segment_key; > =20 > /* Get nth keyslot */ > if (grub_json_getvalue (&keyslots, root, "keyslots") || > grub_json_getchild (&keyslot, &keyslots, keyslot_idx) || > - grub_json_getuint64 (&keyslot_key, &keyslot, NULL) || > + grub_json_getuint64 (keyslot_key, &keyslot, NULL) || > grub_json_getchild (&keyslot, &keyslot, 0) || > luks2_parse_keyslot (k, &keyslot)) > return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse keyslot i= ndex %"PRIuGRUB_SIZE, keyslot_idx); > @@ -281,11 +281,11 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_lu= ks2_digest_t *d, grub_luks2_s > luks2_parse_digest (d, &digest)) > return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest index= %"PRIuGRUB_SIZE, i); > =20 > - if ((d->keyslots & (1 << keyslot_key))) > + if ((d->keyslots & (1 << *keyslot_key))) > break; > } > if (i =3D=3D size) > - return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot= \"%"PRIuGRUB_UINT64_T"\"", keyslot_key); > + return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot= \"%"PRIuGRUB_UINT64_T"\"", *keyslot_key); > =20 > /* Get segment that matches the digest. */ > if (grub_json_getvalue (&segments, root, "segments") || > @@ -593,17 +593,18 @@ luks2_recover_key (grub_disk_t disk, > /* Try all keyslot */ > for (i =3D 0; i < size; i++) > { > - ret =3D luks2_get_keyslot (&keyslot, &digest, &segment, json, i); > + grub_uint64_t keyslot_key; > + ret =3D luks2_get_keyslot (&keyslot, &digest, &segment, &keyslot_k= ey, json, i); > if (ret) > goto err; > =20 > if (keyslot.priority =3D=3D 0) > { > - grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_SIZE" due to prio= rity\n", i); > + grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_UINT64_T" due to = priority\n", keyslot_key); > continue; > } > =20 > - grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_SIZE"\n", i); > + grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_UINT64_T"\n", ke= yslot_key); > =20 > /* Set up disk according to keyslot's segment. */ > crypt->offset =3D grub_divmod64 (segment.offset, segment.sector_si= ze, NULL); > @@ -618,16 +619,16 @@ luks2_recover_key (grub_disk_t disk, > (const grub_uint8_t *) passphrase, grub_strlen (passphrase)); > if (ret) > { > - grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE" fail= ed: %s\n", > - i, grub_errmsg); > + grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_UINT64_T" = failed: %s\n", > + keyslot_key, grub_errmsg); > continue; > } > =20 > ret =3D luks2_verify_key (&digest, candidate_key, keyslot.key_size= ); > if (ret) > { > - grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE": %s\n= ", > - i, grub_errmsg); > + grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_UINT64_T": = %s\n", > + keyslot_key, grub_errmsg); > continue; > } > =20 > @@ -635,7 +636,7 @@ luks2_recover_key (grub_disk_t disk, > * TRANSLATORS: It's a cryptographic key slot: one element of an a= rray > * where each element is either empty or holds a key. > */ > - grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), i); > + grub_printf_ (N_("Slot %"PRIuGRUB_UINT64_T" opened\n"), keyslot_ke= y); > =20 > candidate_key_len =3D keyslot.key_size; > break; > --=20 > 2.27.0 >=20 --7ZAtKRhVyVSsbBD2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAl+AMO4ACgkQVbJhu7ck PpTLWQ//TR054P1vdCiyAvlzsdf5guITOZgiBpl5FDoSaC9j9IuKz3EXFJ3P9oPX jHR300TjMd1TSzSUxY0CL8ak5ccaKoYHUKAL4bAFoW1S8kDZrNHcQp9PMB9Fyu8g dtFQ7mWRDHG2B82sQGyDmodPboPVW7+lpSQL5tCATxizEGWxai4YA1Bc9vtYuXpk oQb32f0SlKC7rx5HNcxasTSYNAtAzN/F4L4nxsCb69kLuX4yDr5ikGtm6t/loN8A pD35N9WIs8u9MHSHQk8a/bQHBQBPiIVFDeMt7paBMS5hyzHPhh8QJuVf/If/hWyl 6qL122lntVmnpfrdSUA1jmvGxSOurrgNNUlY4GsdeXRxOIaEfjmqUKGIhRyK0DE1 u8AeUjR8mvuQf8KipCxh0l4PHyDJgf+qhdyWz++0GqgSs8RdG3VjU/+nFUMKUjCA dwHuI7P+hd1ZrQ6bjuEfi6vs09aaktJzFebqxDAMp7hRQ/fMPTixrx/A79P+ks+m cFdmI6feZu0pscvczIF1G4y5j0A3flhKNj/O7xoTtC28FwJlkkQQeCO7/l4tlo7d OHGkRjWVc1BRSm0qnYRKYrtJKRAXrivxFaqXDUtyBtQ+fW8Q95u3N/lmIGh/PhI4 InnQODRzJjkDleR+y48MZjrRTBAMuqnbVwXKwpA0o/nFnfk8ZLQ= =KiU8 -----END PGP SIGNATURE----- --7ZAtKRhVyVSsbBD2--