From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1kW1I5-00043W-7M for mharc-grub-devel@gnu.org; Fri, 23 Oct 2020 13:55:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40420) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW1I3-00043J-R2 for grub-devel@gnu.org; Fri, 23 Oct 2020 13:55:48 -0400 Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:60249) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kW1I1-0004AG-OA for grub-devel@gnu.org; Fri, 23 Oct 2020 13:55:47 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 0D1A0B0A; Fri, 23 Oct 2020 13:55:43 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Fri, 23 Oct 2020 13:55:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm2; bh=UBAD+hhGgbXHkqK3LF7ul1ZLvyu CpOOT+pvttZc3J6w=; b=QYwrHErLY1SjvnH6yRLne4qWPSHUEqQI+Csp9PS5kD4 zca2Cv7BHaVWzASKLzpJKASZWpI8tHCBGv037qR4URRy6aLRUdGv04G8dro+QGGx DmydgTYDGbkBRZOiF8SEpg376ZS5k/nFPBDTDPUDDTNsBsSKPDIObaWcj3D1P90p /h7bwT0K4nmj6ZEM/hh4KVKut2xNaTolPzw9fHguYFX/Tucg6v6iK70NiRlpzUwb S7/Nux4TO/wYwzGP08hu/PhiygmZ0WwcwwR6QBVJdKwO9A2vEZWOZoNPIVvZnh+5 zzspsCNULvte6BHrxCqjGiqYXJfDXgjqrIlMwVQ/wTw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=UBAD+h hGgbXHkqK3LF7ul1ZLvyuCpOOT+pvttZc3J6w=; b=Y6lnLUMbc+fBpM4kV6vJ9w Oi5bIHbcFig7b20xHCfnSQtqYatkWPya0E7kKR1CiTXVPdZ3JmF0fye+icICQJYW owPgPmCJ7YkEtnS3F/sJKlgEUBDsW2lwKJrYqznpFJR+whOauqsphttJwfUPVL4K t0yTldeVxkPo/7F5ffyfkSv/fnzdEOou6j4W2DN2nrG6ZUY636N0tJMnKP525qTy hSlt5tAWqkxUtBXR2ZnydQJLtACoebt6+8zNKuXkEynbB9/S0ugdqYX5q0i/weO5 xvbZvRLj+qJ4xKF0gTxxE1yeqs6DYUvai4+LK6h5dOJsr728C9ig6W/8x/lsuCJg == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrkedtgdduvddtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefrrghtrhhi tghkucfuthgvihhnhhgrrhguthcuoehpshesphhkshdrihhmqeenucggtffrrghtthgvrh hnpeehgefhtdefueffheekgfffudelffejtdfhvdejkedthfehvdelgfetgfdvtedthfen ucfkphepkeelrddugedrgeeirddvtddtnecuvehluhhsthgvrhfuihiivgeptdenucfrrg hrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimh X-ME-Proxy: Received: from vm-mail.pks.im (dynamic-089-014-046-200.89.14.pool.telefonica.de [89.14.46.200]) by mail.messagingengine.com (Postfix) with ESMTPA id 8EDE53280066; Fri, 23 Oct 2020 13:55:42 -0400 (EDT) Received: from localhost (tanuki [10.192.0.23]) by vm-mail.pks.im (OpenSMTPD) with ESMTPSA id 2e70b945 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Fri, 23 Oct 2020 17:55:41 +0000 (UTC) Date: Fri, 23 Oct 2020 19:55:47 +0200 From: Patrick Steinhardt To: Glenn Washburn Cc: grub-devel@gnu.org, Daniel Kiper Subject: Re: [PATCH v3 03/10] luks2: Use more intuitive keyslot key instead of index when naming keyslot. Message-ID: <20201023175547.GC810@tanuki> References: <20201009100122.GH2088@tanuki> <1f65a04e05b52b01d8816efbcdc84a3b9b2f5a2d.1603148099.git.development@efficientek.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="pAwQNkOnpTn9IO2O" Content-Disposition: inline In-Reply-To: <1f65a04e05b52b01d8816efbcdc84a3b9b2f5a2d.1603148099.git.development@efficientek.com> Received-SPF: pass client-ip=64.147.123.20; envelope-from=ps@pks.im; helo=wout4-smtp.messagingengine.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/23 13:46:38 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2020 17:55:48 -0000 --pAwQNkOnpTn9IO2O Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Oct 19, 2020 at 06:09:51PM -0500, Glenn Washburn wrote: > Use the keyslot key value in the keyslot json array rather than the index= of > the keyslot in the json array. This is less confusing for the end user. F= or > example, say you have a LUKS2 device with a key in slot 1 and slot 4. When > using the password for slot 4 to unlock the device, the messages using the > index of the keyslot will mention keyslot 1 (its a zero-based index). > Furthermore,with this change the keyslot number will align with the number > used to reference the keyslot when using the --key-slot argument to > cryptsetup. >=20 > Signed-off-by: Glenn Washburn Reviewed-by: Patrick Steinhardt Patrick > --- > grub-core/disk/luks2.c | 23 ++++++++++++----------- > 1 file changed, 12 insertions(+), 11 deletions(-) >=20 > diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c > index c3cd63606..4e1e47161 100644 > --- a/grub-core/disk/luks2.c > +++ b/grub-core/disk/luks2.c > @@ -65,6 +65,7 @@ typedef struct grub_luks2_header grub_luks2_header_t; > =20 > struct grub_luks2_keyslot > { > + grub_uint64_t slot_key; > grub_int64_t key_size; > grub_int64_t priority; > struct > @@ -259,12 +260,12 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_lu= ks2_digest_t *d, grub_luks2_s > { > grub_json_t keyslots, keyslot, digests, digest, segments, segment; > grub_size_t i, size; > - grub_uint64_t keyslot_key, digest_key, segment_key; > + grub_uint64_t digest_key, segment_key; > =20 > /* Get nth keyslot */ > if (grub_json_getvalue (&keyslots, root, "keyslots") || > grub_json_getchild (&keyslot, &keyslots, keyslot_idx) || > - grub_json_getuint64 (&keyslot_key, &keyslot, NULL) || > + grub_json_getuint64 (&k->slot_key, &keyslot, NULL) || > grub_json_getchild (&keyslot, &keyslot, 0) || > luks2_parse_keyslot (k, &keyslot)) > return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse keyslot i= ndex %"PRIuGRUB_SIZE, keyslot_idx); > @@ -281,11 +282,11 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_lu= ks2_digest_t *d, grub_luks2_s > luks2_parse_digest (d, &digest)) > return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest index= %"PRIuGRUB_SIZE, i); > =20 > - if ((d->keyslots & (1 << keyslot_key))) > + if ((d->keyslots & (1 << k->slot_key))) > break; > } > if (i =3D=3D size) > - return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot= \"%"PRIuGRUB_UINT64_T"\"", keyslot_key); > + return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot= \"%"PRIuGRUB_UINT64_T"\"", k->slot_key); > =20 > /* Get segment that matches the digest. */ > if (grub_json_getvalue (&segments, root, "segments") || > @@ -599,11 +600,11 @@ luks2_recover_key (grub_disk_t disk, > =20 > if (keyslot.priority =3D=3D 0) > { > - grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_SIZE" due to prio= rity\n", i); > + grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_UINT64_T" due to = priority\n", keyslot.slot_key); > continue; > } > =20 > - grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_SIZE"\n", i); > + grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_UINT64_T"\n", ke= yslot.slot_key); > =20 > /* Set up disk according to keyslot's segment. */ > crypt->offset =3D grub_divmod64 (segment.offset, segment.sector_si= ze, NULL); > @@ -618,16 +619,16 @@ luks2_recover_key (grub_disk_t disk, > (const grub_uint8_t *) passphrase, grub_strlen (passphrase)); > if (ret) > { > - grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE" fail= ed: %s\n", > - i, grub_errmsg); > + grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_UINT64_T" = failed: %s\n", > + keyslot.slot_key, grub_errmsg); > continue; > } > =20 > ret =3D luks2_verify_key (&digest, candidate_key, keyslot.key_size= ); > if (ret) > { > - grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE": %s\n= ", > - i, grub_errmsg); > + grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_UINT64_T": = %s\n", > + keyslot.slot_key, grub_errmsg); > continue; > } > =20 > @@ -635,7 +636,7 @@ luks2_recover_key (grub_disk_t disk, > * TRANSLATORS: It's a cryptographic key slot: one element of an a= rray > * where each element is either empty or holds a key. > */ > - grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), i); > + grub_printf_ (N_("Slot %"PRIuGRUB_UINT64_T" opened\n"), keyslot.sl= ot_key); > =20 > candidate_key_len =3D keyslot.key_size; > break; > --=20 > 2.27.0 --pAwQNkOnpTn9IO2O Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAl+TGSIACgkQVbJhu7ck PpQHrw/+NzYT7O2nbzFFkWlMMaJhpDQJ8AndgjEs2kJsRK9OPYaU99ARqstLwUJ+ wYlqLyVlkDmgkY+920tSL3qRlXgaTS5b/4mU46Z9cuPNnK2JT3aGQHf5f+CIuRto r085QAhPPsrlo0XsQ1P3dUlGh+t8T4rCz9gDjIXuVdtwCDZia5pShgSjX8+elRRE uMVUqRAij5VrWQbHau6I4DwCUpCGxyrBclytdg4o2mte5sDYBdVvQbbvl/Hcoi/6 e5TBeSzOvoxchIZt4CqB1p9YxLUNlPaMDd2Uw85cDgiOPFlG5BvPdvZHCyG5Jm+b JE65pfkwj0ApJOItEgGnPfXU2WkIVPiwU5owHg6OFagUMvlYamXEJQjdS1dgIWxS jFsvMORjaGYXZRJbUs8aI33DxlDdOZtc7VLx78XraEXT+3RD/9ztQBioPCsX/K7G ixAJ4RXxdPlrA7H8O+SgdlJc9MZ9Eu2dJTChTy4MuAubXIkWZyRfDf3T1T24H7nz +r7vrBn8Y5WY5sZ6QRtoYfXy5Y6JCyZKs5RyaAdkUOGSSaODcV83yeulvX9Xbp+m 9WPfweL/Y5Z3XcLwzTWAYV51sqlceEHnPA27DKDiVLIWTGKsVo54HTXC7dRNcAvj vPsBPuO/E/4wg6eSbUlDuR14xfQHeqmkWxlFm5STO6935upaP4g= =2ndN -----END PGP SIGNATURE----- --pAwQNkOnpTn9IO2O--