From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1oNcOV-0006TS-4m for mharc-grub-devel@gnu.org; Mon, 15 Aug 2022 11:52:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54510) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oNcOQ-0006Ru-IX for grub-devel@gnu.org; Mon, 15 Aug 2022 11:52:42 -0400 Received: from wout2-smtp.messagingengine.com ([64.147.123.25]:57129) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oNcOO-00017p-FP for grub-devel@gnu.org; Mon, 15 Aug 2022 11:52:42 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 81C0E320090A; Mon, 15 Aug 2022 11:52:38 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Mon, 15 Aug 2022 11:52:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-type:date:date:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to; s=fm1; t= 1660578758; x=1660665158; bh=JZ2IZot2YIcNxL0GqCy4jg7giPW302vC+z7 DlnOe8j0=; b=hxg//vIlHinUCyYoF6Xcsa6K+gHh00ssTwn2658FYdX7/w1SR++ EsyTRg49FDg62U3pVAY02gWxI/NG+Qo09/VDWczAaezFxtYGNmQXxOyx3mLkUXqi f4Vw7nCx7MXN5nVds4IsxqvuRK17qmJ7Wbw53p29BZBvcdvz03L+RQxorufLQJid aHjObH6ty8sLRPFqJHaN8QJCKK/zjwlKhUu7RKT7b5qoS2erUtbv/hkAxxiOWuKT VwmYevQYjslf80jyCwwPdeWrqvdwdoAwT7nMIGS7Icm440VRJvF3mSYKv9HCW9oI z4lNX7dZf+FUJJHu4CxWLBsL6mCwNGI2jzg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:message-id:mime-version :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1660578758; x= 1660665158; bh=JZ2IZot2YIcNxL0GqCy4jg7giPW302vC+z7DlnOe8j0=; b=X F7Acf4YnuGr6zJw2ugu7Xv6WQ+z5qfdrNNV3msv2Bd1j5yNK5YzTHu8wDuhJGx3X 85d+FaZW+uRVDDYALsBNkJyYUEU7k4ujmF0jGhbuweMnwBNvbTeHr73aHwxF/keJ DHZgL8dfCApr1Tmtx7aqjYL+WPJrDlrg72dQScciYukO3I7g2JNzbTThJW2MiNkr 4KWyuXg0xgl+LaCHiaNcrBabmMbZb/vDGp0nBbreWq7tdcSAxZcfewpNTDTVasLk cfY3A+XDwcOxY9/adVtQjylUtBdg2eAri5vvjt0sYK93FNPp3viVJvZKkkizY3Jq HJKqAXq/PfHjSJN1tqmFw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdehvddgleehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkgggtugesghdtreertddtvdenucfhrhhomheprfgrthhrihgt khcuufhtvghinhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvghrnh epuefguedtueeiheetleevgedujeekjeehleejjefhhffghfevgfekueekjedtieejnecu vehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphhssehpkh hsrdhimh X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 15 Aug 2022 11:52:36 -0400 (EDT) Received: from localhost (xps [10.192.0.12]) by vm-mail.pks.im (OpenSMTPD) with ESMTPSA id 75f9cccc (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 15 Aug 2022 15:52:35 +0000 (UTC) Date: Mon, 15 Aug 2022 17:52:45 +0200 From: Patrick Steinhardt To: grub-devel@gnu.org Cc: Daniel Kiper , Glenn Washburn , Nicholas Vinson Subject: [PATCH v6 0/2] luks2: Fix decoding of digests and salts with escaped chars Message-ID: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="8PRgIX42Mysd0/wv" Content-Disposition: inline Received-SPF: pass client-ip=64.147.123.25; envelope-from=ps@pks.im; helo=wout2-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Aug 2022 15:52:42 -0000 --8PRgIX42Mysd0/wv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, this is the sixth version of my patch series which fixes decoding of digests and salts in LUKS2 headers in case they happen to contain escaped characters. While modern cryptsetup versions in fact don't escape any characters part of the Base64 alphabet, old versions of cryptsetup did this until v2.0.2. There's only a single change compared to v5, which is a removed type cast that was not in fact needed. I didn't include the feedback from Nicholas to make the JSON string parsing more lenient. While sensible, it's rather a theoretical concern right now as theer was only a single version of cryptsetup that ever wrote escaped characters, and even then of the Base64 alphabet only the backslash may have been escaped. So I think we should rather defer any improvements until there we discover real-world problems or until there are more usecases for this function. Patrick Patrick Steinhardt (2): json: Add function to unescape JSON-encoded strings luks2: Fix decoding of digests and salts with escaped chars grub-core/disk/luks2.c | 28 +++++++-- grub-core/lib/json/json.c | 118 ++++++++++++++++++++++++++++++++++++++ grub-core/lib/json/json.h | 12 ++++ 3 files changed, 154 insertions(+), 4 deletions(-) Range-diff against v5: 1: ebab6b092 ! 1: c44675566 json: Add function to unescape JSON-encoded s= trings @@ Commit message Add a new function `grub_json_unescape ()` that takes a potentially escaped JSON string as input and returns a new unescaped string. =20 + Reviewed-by: Daniel Kiper Signed-off-by: Patrick Steinhardt =20 ## grub-core/lib/json/json.c ## 2: 60ccd669d ! 2: 16ae4ef05 luks2: Fix decoding of digests and salts with= escaped chars @@ Commit message that handles unescaping for us. =20 Reported-by: Afdal + Reviewed-by: Daniel Kiper Signed-off-by: Patrick Steinhardt =20 ## grub-core/disk/luks2.c ## @@ grub-core/disk/luks2.c: luks2_scan (grub_disk_t disk, grub_cryptomou= nt_args_t ca + if (grub_json_unescape (&unescaped, &unescaped_len, in, inlen) !=3D= GRUB_ERR_NONE) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("could not unescape = Base64 string")); + -+ successful =3D base64_decode (unescaped, (grub_size_t) unescaped_le= n, (char *) decoded, decodedlen); ++ successful =3D base64_decode (unescaped, unescaped_len, (char *) de= coded, decodedlen); + grub_free (unescaped); + if (!successful) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("could not decode Ba= se64 string")); --=20 2.37.1 --8PRgIX42Mysd0/wv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAmL6a80ACgkQVbJhu7ck PpRR2g/8D9qYQIy9kWg2CBScV/gk6mWTjCE28E3qpePTdjy6voKVgs+krR/sXX5W H7BCz5/wUIMFDUEScBEMdBe3U/FL6KF2BQz8tT3HJzeErwUzKAWA4DUss+GYAc9B pNvq1T/XH0nWP3Y3n2f66yLYaZTUqHLG2phbIZTEGUwRDm2/4T4577cqvBJM3D/M zsNXA4VMgk0lEXG5PnZffC+JwJvA2Erd4bwzna47oGRiwXSGDr27wiixGff419L1 q91GsYXupTRG7nwgo8QoRTMTSOy6g+GnOiwcc4JDkG+3oGv57QJb4fFeLokI6zpY LjKXtIgqc3DoS74RFg2kmPjvdqqNSI8kxJkCwQ+Gv/ovIWrWj4wk4glPMoXoQLyu 75hPi1h5iVFcTPoggBPyGnk2PrKdXlkSEGBZ6riP1ynHRaD7O55sk5IrCGybLAhu 0+/OgwiVlT8RaPU31ngFuZACE9CbdwDjU6RcVLqqpcU4AO2avCBuDo+7G3uA1ka8 raBXVUhD6Nd9l2wokhd6bO1aNKV1ZCTWPpiU7UmIhR5CfiaVahUGUuiNVZ2A1ZnJ 16K2u5WGI4bDF1pAbN62FIhZ3CzJOJEI5YS2bpA8MUuEnUgMSy3xspGMDr6LORUz 1JHiBzRUQI8+/QeZbIMHxzfw8GnzkaTJFcuRvAvPDnymEN0XWLo= =tXyM -----END PGP SIGNATURE----- --8PRgIX42Mysd0/wv--