* [PATCH v6 0/2] cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner
@ 2022-08-19 23:06 Glenn Washburn
2022-08-19 23:06 ` [PATCH v6 1/2] misc: Add cast in grub_strncasecmp() to drop sign when calling grub_tolower() Glenn Washburn
2022-08-19 23:06 ` [PATCH v6 2/2] cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner Glenn Washburn
0 siblings, 2 replies; 7+ messages in thread
From: Glenn Washburn @ 2022-08-19 23:06 UTC (permalink / raw)
To: grub-devel, Daniel Kiper; +Cc: Patrick Steinhardt, Glenn Washburn
Updates since v5:
* Add better documentation of n parameter to grub_strncasecmp() at Patrick's
suggestion.
Glenn
Glenn Washburn (2):
misc: Add cast in grub_strncasecmp() to drop sign when calling
grub_tolower()
cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner
grub-core/disk/cryptodisk.c | 4 ++--
grub-core/disk/geli.c | 2 +-
grub-core/disk/luks.c | 21 ++++-----------------
grub-core/disk/luks2.c | 15 ++++-----------
include/grub/misc.h | 35 ++++++++++++++++++++++++++++++++++-
5 files changed, 45 insertions(+), 32 deletions(-)
--
2.34.1
^ permalink raw reply [flat|nested] 7+ messages in thread* [PATCH v6 1/2] misc: Add cast in grub_strncasecmp() to drop sign when calling grub_tolower() 2022-08-19 23:06 [PATCH v6 0/2] cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner Glenn Washburn @ 2022-08-19 23:06 ` Glenn Washburn 2022-08-19 23:06 ` [PATCH v6 2/2] cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner Glenn Washburn 1 sibling, 0 replies; 7+ messages in thread From: Glenn Washburn @ 2022-08-19 23:06 UTC (permalink / raw) To: grub-devel, Daniel Kiper; +Cc: Patrick Steinhardt, Glenn Washburn, Daniel Kiper Note this cast was fixed in grub_strcasecmp() in commit ce41ab7aab (* grub-core/kern/misc.c (grub_strcmp): Use unsigned comparison as per common usage and preffered in several parts of code.), but this commit omitted fixing it in grub_strncasecmp(). Signed-off-by: Glenn Washburn <development@efficientek.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> --- include/grub/misc.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/grub/misc.h b/include/grub/misc.h index 776dbf8af..1c25c1767 100644 --- a/include/grub/misc.h +++ b/include/grub/misc.h @@ -232,7 +232,8 @@ grub_strncasecmp (const char *s1, const char *s2, grub_size_t n) while (*s1 && *s2 && --n) { - if (grub_tolower (*s1) != grub_tolower (*s2)) + if (grub_tolower ((grub_uint8_t) *s1) + != grub_tolower ((grub_uint8_t) *s2)) break; s1++; -- 2.34.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH v6 2/2] cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner 2022-08-19 23:06 [PATCH v6 0/2] cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner Glenn Washburn 2022-08-19 23:06 ` [PATCH v6 1/2] misc: Add cast in grub_strncasecmp() to drop sign when calling grub_tolower() Glenn Washburn @ 2022-08-19 23:06 ` Glenn Washburn 2022-08-29 5:38 ` Patrick Steinhardt 1 sibling, 1 reply; 7+ messages in thread From: Glenn Washburn @ 2022-08-19 23:06 UTC (permalink / raw) To: grub-devel, Daniel Kiper; +Cc: Patrick Steinhardt, Glenn Washburn A user can now specify UUID strings with dashes, instead of having to remove dashes. This is backwards-compatability preserving and also fixes a source of user confusion over the inconsistency with how UUIDs are specified between file system UUIDs and cryptomount UUIDs. Since cryptsetup, the reference implementation for LUKS, displays and generates UUIDs with dashes there has been additional confusion when using the UUID strings from cryptsetup as exact input into GRUB does not find the expected cryptodisk. A new function grub_uuidcasecmp is added that is general enough to be used other places where UUIDs are being compared. Signed-off-by: Glenn Washburn <development@efficientek.com> --- grub-core/disk/cryptodisk.c | 4 ++-- grub-core/disk/geli.c | 2 +- grub-core/disk/luks.c | 21 ++++----------------- grub-core/disk/luks2.c | 15 ++++----------- include/grub/misc.h | 32 ++++++++++++++++++++++++++++++++ 5 files changed, 43 insertions(+), 31 deletions(-) diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c index e89430812..a4cd8445f 100644 --- a/grub-core/disk/cryptodisk.c +++ b/grub-core/disk/cryptodisk.c @@ -702,7 +702,7 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk) if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) == 0) { for (dev = cryptodisk_list; dev != NULL; dev = dev->next) - if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 0) + if (grub_uuidcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid, sizeof (dev->uuid)) == 0) break; } else @@ -929,7 +929,7 @@ grub_cryptodisk_get_by_uuid (const char *uuid) { grub_cryptodisk_t dev; for (dev = cryptodisk_list; dev != NULL; dev = dev->next) - if (grub_strcasecmp (dev->uuid, uuid) == 0) + if (grub_uuidcasecmp (dev->uuid, uuid, sizeof (dev->uuid)) == 0) return dev; return NULL; } diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c index e190066f9..722910d64 100644 --- a/grub-core/disk/geli.c +++ b/grub-core/disk/geli.c @@ -305,7 +305,7 @@ geli_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) return NULL; } - if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) + if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, uuid, sizeof (uuid)) != 0) { grub_dprintf ("geli", "%s != %s\n", uuid, cargs->search_uuid); return NULL; diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c index 7f837d52c..9e1e6a5d9 100644 --- a/grub-core/disk/luks.c +++ b/grub-core/disk/luks.c @@ -66,10 +66,7 @@ static grub_cryptodisk_t luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) { grub_cryptodisk_t newdev; - const char *iptr; struct grub_luks_phdr header; - char *optr; - char uuid[sizeof (header.uuid) + 1]; char ciphername[sizeof (header.cipherName) + 1]; char ciphermode[sizeof (header.cipherMode) + 1]; char hashspec[sizeof (header.hashSpec) + 1]; @@ -92,19 +89,9 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) || grub_be_to_cpu16 (header.version) != 1) return NULL; - grub_memset (uuid, 0, sizeof (uuid)); - optr = uuid; - for (iptr = header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid)]; - iptr++) + if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, header.uuid, sizeof (header.uuid)) != 0) { - if (*iptr != '-') - *optr++ = *iptr; - } - *optr = 0; - - if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) - { - grub_dprintf ("luks", "%s != %s\n", uuid, cargs->search_uuid); + grub_dprintf ("luks", "%s != %s\n", header.uuid, cargs->search_uuid); return NULL; } @@ -123,7 +110,7 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) newdev->source_disk = NULL; newdev->log_sector_size = GRUB_LUKS1_LOG_SECTOR_SIZE; newdev->total_sectors = grub_disk_native_sectors (disk) - newdev->offset_sectors; - grub_memcpy (newdev->uuid, uuid, sizeof (uuid)); + grub_memcpy (newdev->uuid, header.uuid, sizeof (header.uuid)); newdev->modname = "luks"; /* Configure the hash used for the AF splitter and HMAC. */ @@ -143,7 +130,7 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) return NULL; } - COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid)); + COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (header.uuid)); return newdev; } diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c index 5b3b36c8a..1174c4c2b 100644 --- a/grub-core/disk/luks2.c +++ b/grub-core/disk/luks2.c @@ -350,8 +350,6 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) { grub_cryptodisk_t cryptodisk; grub_luks2_header_t header; - char uuid[sizeof (header.uuid) + 1]; - grub_size_t i, j; if (cargs->check_boot) return NULL; @@ -362,14 +360,9 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) return NULL; } - for (i = 0, j = 0; i < sizeof (header.uuid); i++) - if (header.uuid[i] != '-') - uuid[j++] = header.uuid[i]; - uuid[j] = '\0'; - - if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) + if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, header.uuid, sizeof (header.uuid)) != 0) { - grub_dprintf ("luks2", "%s != %s\n", uuid, cargs->search_uuid); + grub_dprintf ("luks2", "%s != %s\n", header.uuid, cargs->search_uuid); return NULL; } @@ -377,8 +370,8 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) if (!cryptodisk) return NULL; - COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (uuid)); - grub_memcpy (cryptodisk->uuid, uuid, sizeof (uuid)); + COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (header.uuid)); + grub_memcpy (cryptodisk->uuid, header.uuid, sizeof (header.uuid)); cryptodisk->modname = "luks2"; return cryptodisk; diff --git a/include/grub/misc.h b/include/grub/misc.h index 1c25c1767..76c5c7992 100644 --- a/include/grub/misc.h +++ b/include/grub/misc.h @@ -244,6 +244,38 @@ grub_strncasecmp (const char *s1, const char *s2, grub_size_t n) - (int) grub_tolower ((grub_uint8_t) *s2); } +/* + * Do a case insensitive compare of two UUID strings by ignoring all dashes. + * Note that the parameter n, is the number of significant characters to + * compare, where significant characters are any except the dash. + */ +static inline int +grub_uuidcasecmp (const char *uuid1, const char *uuid2, grub_size_t n) +{ + if (n == 0) + return 0; + + while (*uuid1 && *uuid2 && --n) + { + /* Skip forward to non-dash on both UUIDs. */ + while ('-' == *uuid1) + ++uuid1; + + while ('-' == *uuid2) + ++uuid2; + + if (grub_tolower ((grub_uint8_t) *uuid1) + != grub_tolower ((grub_uint8_t) *uuid2)) + break; + + uuid1++; + uuid2++; + } + + return (int) grub_tolower ((grub_uint8_t) *uuid1) + - (int) grub_tolower ((grub_uint8_t) *uuid2); +} + /* * Note that these differ from the C standard's definitions of strtol, * strtoul(), and strtoull() by the addition of two const qualifiers on the end -- 2.34.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v6 2/2] cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner 2022-08-19 23:06 ` [PATCH v6 2/2] cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner Glenn Washburn @ 2022-08-29 5:38 ` Patrick Steinhardt 2022-08-30 20:12 ` Glenn Washburn 0 siblings, 1 reply; 7+ messages in thread From: Patrick Steinhardt @ 2022-08-29 5:38 UTC (permalink / raw) To: Glenn Washburn; +Cc: grub-devel, Daniel Kiper [-- Attachment #1: Type: text/plain, Size: 8741 bytes --] On Fri, Aug 19, 2022 at 06:06:15PM -0500, Glenn Washburn wrote: > A user can now specify UUID strings with dashes, instead of having to remove > dashes. This is backwards-compatability preserving and also fixes a source > of user confusion over the inconsistency with how UUIDs are specified > between file system UUIDs and cryptomount UUIDs. Since cryptsetup, the > reference implementation for LUKS, displays and generates UUIDs with dashes > there has been additional confusion when using the UUID strings from > cryptsetup as exact input into GRUB does not find the expected cryptodisk. > > A new function grub_uuidcasecmp is added that is general enough to be used > other places where UUIDs are being compared. > > Signed-off-by: Glenn Washburn <development@efficientek.com> > --- > grub-core/disk/cryptodisk.c | 4 ++-- > grub-core/disk/geli.c | 2 +- > grub-core/disk/luks.c | 21 ++++----------------- > grub-core/disk/luks2.c | 15 ++++----------- > include/grub/misc.h | 32 ++++++++++++++++++++++++++++++++ > 5 files changed, 43 insertions(+), 31 deletions(-) > > diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c > index e89430812..a4cd8445f 100644 > --- a/grub-core/disk/cryptodisk.c > +++ b/grub-core/disk/cryptodisk.c > @@ -702,7 +702,7 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk) > if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) == 0) > { > for (dev = cryptodisk_list; dev != NULL; dev = dev->next) > - if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 0) > + if (grub_uuidcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid, sizeof (dev->uuid)) == 0) > break; > } > else > @@ -929,7 +929,7 @@ grub_cryptodisk_get_by_uuid (const char *uuid) > { > grub_cryptodisk_t dev; > for (dev = cryptodisk_list; dev != NULL; dev = dev->next) > - if (grub_strcasecmp (dev->uuid, uuid) == 0) > + if (grub_uuidcasecmp (dev->uuid, uuid, sizeof (dev->uuid)) == 0) > return dev; > return NULL; > } > diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c > index e190066f9..722910d64 100644 > --- a/grub-core/disk/geli.c > +++ b/grub-core/disk/geli.c > @@ -305,7 +305,7 @@ geli_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > return NULL; > } > > - if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) > + if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, uuid, sizeof (uuid)) != 0) > { > grub_dprintf ("geli", "%s != %s\n", uuid, cargs->search_uuid); > return NULL; > diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c > index 7f837d52c..9e1e6a5d9 100644 > --- a/grub-core/disk/luks.c > +++ b/grub-core/disk/luks.c > @@ -66,10 +66,7 @@ static grub_cryptodisk_t > luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > { > grub_cryptodisk_t newdev; > - const char *iptr; > struct grub_luks_phdr header; > - char *optr; > - char uuid[sizeof (header.uuid) + 1]; > char ciphername[sizeof (header.cipherName) + 1]; > char ciphermode[sizeof (header.cipherMode) + 1]; > char hashspec[sizeof (header.hashSpec) + 1]; > @@ -92,19 +89,9 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > || grub_be_to_cpu16 (header.version) != 1) > return NULL; > > - grub_memset (uuid, 0, sizeof (uuid)); > - optr = uuid; > - for (iptr = header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid)]; > - iptr++) > + if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, header.uuid, sizeof (header.uuid)) != 0) > { > - if (*iptr != '-') > - *optr++ = *iptr; > - } > - *optr = 0; > - > - if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) > - { > - grub_dprintf ("luks", "%s != %s\n", uuid, cargs->search_uuid); > + grub_dprintf ("luks", "%s != %s\n", header.uuid, cargs->search_uuid); > return NULL; > } I haven't noticed this in my previous review round, but I think this is wrong because `header.uuid` is never NUL-terminated. It is explicitly 40 characters long and read directly from disk, so there wouldn't be any room for it to be NUL-terminated. So we'd rather have to: grub_dprintf ("luks2", "%.*s != %s\n", header.uuid, sizeof (header.uuid), cargs->search_uuid); Sorry for not catching this in my first round. > > @@ -123,7 +110,7 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > newdev->source_disk = NULL; > newdev->log_sector_size = GRUB_LUKS1_LOG_SECTOR_SIZE; > newdev->total_sectors = grub_disk_native_sectors (disk) - newdev->offset_sectors; > - grub_memcpy (newdev->uuid, uuid, sizeof (uuid)); > + grub_memcpy (newdev->uuid, header.uuid, sizeof (header.uuid)); > newdev->modname = "luks"; This should be fine though because `newdev->uuid` is initialized to all-zeroes. > /* Configure the hash used for the AF splitter and HMAC. */ > @@ -143,7 +130,7 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > return NULL; > } > > - COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid)); > + COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (header.uuid)); > return newdev; > } This has an off-by-one bug now though: `sizeof(uuid)` is not the same as `sizeof(header.uuid)`, but instead it was `sizeof(header.uuid)+1` to account for the trailing NUL-byte. So we have to make this: COMPILE_TIME_ASSERT (sizeof (newdev->uuid) > sizeof (header.uuid)); > diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c > index 5b3b36c8a..1174c4c2b 100644 > --- a/grub-core/disk/luks2.c > +++ b/grub-core/disk/luks2.c > @@ -350,8 +350,6 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > { > grub_cryptodisk_t cryptodisk; > grub_luks2_header_t header; > - char uuid[sizeof (header.uuid) + 1]; > - grub_size_t i, j; > > if (cargs->check_boot) > return NULL; > @@ -362,14 +360,9 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > return NULL; > } > > - for (i = 0, j = 0; i < sizeof (header.uuid); i++) > - if (header.uuid[i] != '-') > - uuid[j++] = header.uuid[i]; > - uuid[j] = '\0'; > - > - if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) > + if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, header.uuid, sizeof (header.uuid)) != 0) > { > - grub_dprintf ("luks2", "%s != %s\n", uuid, cargs->search_uuid); > + grub_dprintf ("luks2", "%s != %s\n", header.uuid, cargs->search_uuid); > return NULL; > } Same here. > @@ -377,8 +370,8 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > if (!cryptodisk) > return NULL; > > - COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (uuid)); > - grub_memcpy (cryptodisk->uuid, uuid, sizeof (uuid)); > + COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (header.uuid)); > + grub_memcpy (cryptodisk->uuid, header.uuid, sizeof (header.uuid)); And here. Patrick > cryptodisk->modname = "luks2"; > return cryptodisk; > diff --git a/include/grub/misc.h b/include/grub/misc.h > index 1c25c1767..76c5c7992 100644 > --- a/include/grub/misc.h > +++ b/include/grub/misc.h > @@ -244,6 +244,38 @@ grub_strncasecmp (const char *s1, const char *s2, grub_size_t n) > - (int) grub_tolower ((grub_uint8_t) *s2); > } > > +/* > + * Do a case insensitive compare of two UUID strings by ignoring all dashes. > + * Note that the parameter n, is the number of significant characters to > + * compare, where significant characters are any except the dash. > + */ > +static inline int > +grub_uuidcasecmp (const char *uuid1, const char *uuid2, grub_size_t n) > +{ > + if (n == 0) > + return 0; > + > + while (*uuid1 && *uuid2 && --n) > + { > + /* Skip forward to non-dash on both UUIDs. */ > + while ('-' == *uuid1) > + ++uuid1; > + > + while ('-' == *uuid2) > + ++uuid2; > + > + if (grub_tolower ((grub_uint8_t) *uuid1) > + != grub_tolower ((grub_uint8_t) *uuid2)) > + break; > + > + uuid1++; > + uuid2++; > + } > + > + return (int) grub_tolower ((grub_uint8_t) *uuid1) > + - (int) grub_tolower ((grub_uint8_t) *uuid2); > +} > + > /* > * Note that these differ from the C standard's definitions of strtol, > * strtoul(), and strtoull() by the addition of two const qualifiers on the end > -- > 2.34.1 > [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v6 2/2] cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner 2022-08-29 5:38 ` Patrick Steinhardt @ 2022-08-30 20:12 ` Glenn Washburn 2022-09-06 15:28 ` Patrick Steinhardt 0 siblings, 1 reply; 7+ messages in thread From: Glenn Washburn @ 2022-08-30 20:12 UTC (permalink / raw) To: Patrick Steinhardt; +Cc: grub-devel, Daniel Kiper On Mon, 29 Aug 2022 07:38:24 +0200 Patrick Steinhardt <ps@pks.im> wrote: > On Fri, Aug 19, 2022 at 06:06:15PM -0500, Glenn Washburn wrote: > > A user can now specify UUID strings with dashes, instead of having to remove > > dashes. This is backwards-compatability preserving and also fixes a source > > of user confusion over the inconsistency with how UUIDs are specified > > between file system UUIDs and cryptomount UUIDs. Since cryptsetup, the > > reference implementation for LUKS, displays and generates UUIDs with dashes > > there has been additional confusion when using the UUID strings from > > cryptsetup as exact input into GRUB does not find the expected cryptodisk. > > > > A new function grub_uuidcasecmp is added that is general enough to be used > > other places where UUIDs are being compared. > > > > Signed-off-by: Glenn Washburn <development@efficientek.com> > > --- > > grub-core/disk/cryptodisk.c | 4 ++-- > > grub-core/disk/geli.c | 2 +- > > grub-core/disk/luks.c | 21 ++++----------------- > > grub-core/disk/luks2.c | 15 ++++----------- > > include/grub/misc.h | 32 ++++++++++++++++++++++++++++++++ > > 5 files changed, 43 insertions(+), 31 deletions(-) > > > > diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c > > index e89430812..a4cd8445f 100644 > > --- a/grub-core/disk/cryptodisk.c > > +++ b/grub-core/disk/cryptodisk.c > > @@ -702,7 +702,7 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk) > > if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) == 0) > > { > > for (dev = cryptodisk_list; dev != NULL; dev = dev->next) > > - if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 0) > > + if (grub_uuidcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid, sizeof (dev->uuid)) == 0) > > break; > > } > > else > > @@ -929,7 +929,7 @@ grub_cryptodisk_get_by_uuid (const char *uuid) > > { > > grub_cryptodisk_t dev; > > for (dev = cryptodisk_list; dev != NULL; dev = dev->next) > > - if (grub_strcasecmp (dev->uuid, uuid) == 0) > > + if (grub_uuidcasecmp (dev->uuid, uuid, sizeof (dev->uuid)) == 0) > > return dev; > > return NULL; > > } > > diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c > > index e190066f9..722910d64 100644 > > --- a/grub-core/disk/geli.c > > +++ b/grub-core/disk/geli.c > > @@ -305,7 +305,7 @@ geli_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > return NULL; > > } > > > > - if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) > > + if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, uuid, sizeof (uuid)) != 0) > > { > > grub_dprintf ("geli", "%s != %s\n", uuid, cargs->search_uuid); > > return NULL; > > diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c > > index 7f837d52c..9e1e6a5d9 100644 > > --- a/grub-core/disk/luks.c > > +++ b/grub-core/disk/luks.c > > @@ -66,10 +66,7 @@ static grub_cryptodisk_t > > luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > { > > grub_cryptodisk_t newdev; > > - const char *iptr; > > struct grub_luks_phdr header; > > - char *optr; > > - char uuid[sizeof (header.uuid) + 1]; > > char ciphername[sizeof (header.cipherName) + 1]; > > char ciphermode[sizeof (header.cipherMode) + 1]; > > char hashspec[sizeof (header.hashSpec) + 1]; > > @@ -92,19 +89,9 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > || grub_be_to_cpu16 (header.version) != 1) > > return NULL; > > > > - grub_memset (uuid, 0, sizeof (uuid)); > > - optr = uuid; > > - for (iptr = header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid)]; > > - iptr++) > > + if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, header.uuid, sizeof (header.uuid)) != 0) > > { > > - if (*iptr != '-') > > - *optr++ = *iptr; > > - } > > - *optr = 0; > > - > > - if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) > > - { > > - grub_dprintf ("luks", "%s != %s\n", uuid, cargs->search_uuid); > > + grub_dprintf ("luks", "%s != %s\n", header.uuid, cargs->search_uuid); > > return NULL; > > } > > I haven't noticed this in my previous review round, but I think this is > wrong because `header.uuid` is never NUL-terminated. It is explicitly 40 > characters long and read directly from disk, so there wouldn't be any > room for it to be NUL-terminated. Why not? UUIDs are 32 hex characters with typically 4 dashes, that makes 37 bytes needed including the NULL byte. In fact, I believe that cryptsetup always creates the uuid field NULL terminated. Also, the LUKS1 spec, and by extension LUKS2 spec, mandates NULL termination. The uuid field is specified as "char[]" and "char[], a string stored as null terminated sequence of 8-bit characters7". > > So we'd rather have to: > > grub_dprintf ("luks2", "%.*s != %s\n", header.uuid, sizeof (header.uuid), > cargs->search_uuid); > > Sorry for not catching this in my first round. This seems reasonable for what should be a very uncommon and non-spec compliant case of having a uuid field with no NULL byte. I originally had a patch before this that explicitly put a NULL byte at the end of header.uuid so this problem didn't exist. I dropped it because it was generally redundant as pointed out by Daniel, but I didn't take this case into account. Perhaps its worth merging that with this one for clarity. > > > > > @@ -123,7 +110,7 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > newdev->source_disk = NULL; > > newdev->log_sector_size = GRUB_LUKS1_LOG_SECTOR_SIZE; > > newdev->total_sectors = grub_disk_native_sectors (disk) - newdev->offset_sectors; > > - grub_memcpy (newdev->uuid, uuid, sizeof (uuid)); > > + grub_memcpy (newdev->uuid, header.uuid, sizeof (header.uuid)); > > newdev->modname = "luks"; > > This should be fine though because `newdev->uuid` is initialized to > all-zeroes. > > > /* Configure the hash used for the AF splitter and HMAC. */ > > @@ -143,7 +130,7 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > return NULL; > > } > > > > - COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid)); > > + COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (header.uuid)); > > return newdev; > > } > > This has an off-by-one bug now though: `sizeof(uuid)` is not the same as > `sizeof(header.uuid)`, but instead it was `sizeof(header.uuid)+1` to > account for the trailing NUL-byte. So we have to make this: > > COMPILE_TIME_ASSERT (sizeof (newdev->uuid) > sizeof (header.uuid)); I don't think this is needed per above. Please let me know if I've missed something and thanks for being cautious. Glenn > > > diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c > > index 5b3b36c8a..1174c4c2b 100644 > > --- a/grub-core/disk/luks2.c > > +++ b/grub-core/disk/luks2.c > > @@ -350,8 +350,6 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > { > > grub_cryptodisk_t cryptodisk; > > grub_luks2_header_t header; > > - char uuid[sizeof (header.uuid) + 1]; > > - grub_size_t i, j; > > > > if (cargs->check_boot) > > return NULL; > > @@ -362,14 +360,9 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > return NULL; > > } > > > > - for (i = 0, j = 0; i < sizeof (header.uuid); i++) > > - if (header.uuid[i] != '-') > > - uuid[j++] = header.uuid[i]; > > - uuid[j] = '\0'; > > - > > - if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) > > + if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, header.uuid, sizeof (header.uuid)) != 0) > > { > > - grub_dprintf ("luks2", "%s != %s\n", uuid, cargs->search_uuid); > > + grub_dprintf ("luks2", "%s != %s\n", header.uuid, cargs->search_uuid); > > return NULL; > > } > > Same here. > > > @@ -377,8 +370,8 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > if (!cryptodisk) > > return NULL; > > > > - COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (uuid)); > > - grub_memcpy (cryptodisk->uuid, uuid, sizeof (uuid)); > > + COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (header.uuid)); > > + grub_memcpy (cryptodisk->uuid, header.uuid, sizeof (header.uuid)); > > And here. > > Patrick > > > cryptodisk->modname = "luks2"; > > return cryptodisk; > > diff --git a/include/grub/misc.h b/include/grub/misc.h > > index 1c25c1767..76c5c7992 100644 > > --- a/include/grub/misc.h > > +++ b/include/grub/misc.h > > @@ -244,6 +244,38 @@ grub_strncasecmp (const char *s1, const char *s2, grub_size_t n) > > - (int) grub_tolower ((grub_uint8_t) *s2); > > } > > > > +/* > > + * Do a case insensitive compare of two UUID strings by ignoring all dashes. > > + * Note that the parameter n, is the number of significant characters to > > + * compare, where significant characters are any except the dash. > > + */ > > +static inline int > > +grub_uuidcasecmp (const char *uuid1, const char *uuid2, grub_size_t n) > > +{ > > + if (n == 0) > > + return 0; > > + > > + while (*uuid1 && *uuid2 && --n) > > + { > > + /* Skip forward to non-dash on both UUIDs. */ > > + while ('-' == *uuid1) > > + ++uuid1; > > + > > + while ('-' == *uuid2) > > + ++uuid2; > > + > > + if (grub_tolower ((grub_uint8_t) *uuid1) > > + != grub_tolower ((grub_uint8_t) *uuid2)) > > + break; > > + > > + uuid1++; > > + uuid2++; > > + } > > + > > + return (int) grub_tolower ((grub_uint8_t) *uuid1) > > + - (int) grub_tolower ((grub_uint8_t) *uuid2); > > +} > > + > > /* > > * Note that these differ from the C standard's definitions of strtol, > > * strtoul(), and strtoull() by the addition of two const qualifiers on the end > > -- > > 2.34.1 > > ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v6 2/2] cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner 2022-08-30 20:12 ` Glenn Washburn @ 2022-09-06 15:28 ` Patrick Steinhardt 2022-10-06 13:38 ` Daniel Kiper 0 siblings, 1 reply; 7+ messages in thread From: Patrick Steinhardt @ 2022-09-06 15:28 UTC (permalink / raw) To: Glenn Washburn; +Cc: grub-devel, Daniel Kiper [-- Attachment #1: Type: text/plain, Size: 11200 bytes --] On Tue, Aug 30, 2022 at 03:12:36PM -0500, Glenn Washburn wrote: > On Mon, 29 Aug 2022 07:38:24 +0200 > Patrick Steinhardt <ps@pks.im> wrote: > > > On Fri, Aug 19, 2022 at 06:06:15PM -0500, Glenn Washburn wrote: > > > A user can now specify UUID strings with dashes, instead of having to remove > > > dashes. This is backwards-compatability preserving and also fixes a source > > > of user confusion over the inconsistency with how UUIDs are specified > > > between file system UUIDs and cryptomount UUIDs. Since cryptsetup, the > > > reference implementation for LUKS, displays and generates UUIDs with dashes > > > there has been additional confusion when using the UUID strings from > > > cryptsetup as exact input into GRUB does not find the expected cryptodisk. > > > > > > A new function grub_uuidcasecmp is added that is general enough to be used > > > other places where UUIDs are being compared. > > > > > > Signed-off-by: Glenn Washburn <development@efficientek.com> > > > --- > > > grub-core/disk/cryptodisk.c | 4 ++-- > > > grub-core/disk/geli.c | 2 +- > > > grub-core/disk/luks.c | 21 ++++----------------- > > > grub-core/disk/luks2.c | 15 ++++----------- > > > include/grub/misc.h | 32 ++++++++++++++++++++++++++++++++ > > > 5 files changed, 43 insertions(+), 31 deletions(-) > > > > > > diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c > > > index e89430812..a4cd8445f 100644 > > > --- a/grub-core/disk/cryptodisk.c > > > +++ b/grub-core/disk/cryptodisk.c > > > @@ -702,7 +702,7 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk) > > > if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) == 0) > > > { > > > for (dev = cryptodisk_list; dev != NULL; dev = dev->next) > > > - if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 0) > > > + if (grub_uuidcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid, sizeof (dev->uuid)) == 0) > > > break; > > > } > > > else > > > @@ -929,7 +929,7 @@ grub_cryptodisk_get_by_uuid (const char *uuid) > > > { > > > grub_cryptodisk_t dev; > > > for (dev = cryptodisk_list; dev != NULL; dev = dev->next) > > > - if (grub_strcasecmp (dev->uuid, uuid) == 0) > > > + if (grub_uuidcasecmp (dev->uuid, uuid, sizeof (dev->uuid)) == 0) > > > return dev; > > > return NULL; > > > } > > > diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c > > > index e190066f9..722910d64 100644 > > > --- a/grub-core/disk/geli.c > > > +++ b/grub-core/disk/geli.c > > > @@ -305,7 +305,7 @@ geli_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > > return NULL; > > > } > > > > > > - if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) > > > + if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, uuid, sizeof (uuid)) != 0) > > > { > > > grub_dprintf ("geli", "%s != %s\n", uuid, cargs->search_uuid); > > > return NULL; > > > diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c > > > index 7f837d52c..9e1e6a5d9 100644 > > > --- a/grub-core/disk/luks.c > > > +++ b/grub-core/disk/luks.c > > > @@ -66,10 +66,7 @@ static grub_cryptodisk_t > > > luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > > { > > > grub_cryptodisk_t newdev; > > > - const char *iptr; > > > struct grub_luks_phdr header; > > > - char *optr; > > > - char uuid[sizeof (header.uuid) + 1]; > > > char ciphername[sizeof (header.cipherName) + 1]; > > > char ciphermode[sizeof (header.cipherMode) + 1]; > > > char hashspec[sizeof (header.hashSpec) + 1]; > > > @@ -92,19 +89,9 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > > || grub_be_to_cpu16 (header.version) != 1) > > > return NULL; > > > > > > - grub_memset (uuid, 0, sizeof (uuid)); > > > - optr = uuid; > > > - for (iptr = header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid)]; > > > - iptr++) > > > + if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, header.uuid, sizeof (header.uuid)) != 0) > > > { > > > - if (*iptr != '-') > > > - *optr++ = *iptr; > > > - } > > > - *optr = 0; > > > - > > > - if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) > > > - { > > > - grub_dprintf ("luks", "%s != %s\n", uuid, cargs->search_uuid); > > > + grub_dprintf ("luks", "%s != %s\n", header.uuid, cargs->search_uuid); > > > return NULL; > > > } > > > > I haven't noticed this in my previous review round, but I think this is > > wrong because `header.uuid` is never NUL-terminated. It is explicitly 40 > > characters long and read directly from disk, so there wouldn't be any > > room for it to be NUL-terminated. > > Why not? UUIDs are 32 hex characters with typically 4 dashes, that > makes 37 bytes needed including the NULL byte. In fact, I believe that > cryptsetup always creates the uuid field NULL terminated. Also, the > LUKS1 spec, and by extension LUKS2 spec, mandates NULL termination. The > uuid field is specified as "char[]" and "char[], a string stored as null > terminated sequence of 8-bit characters7". Indeed, you're right. I've read through the spec again and it matches your explanation. That also makes my remaining points moot. > > > > So we'd rather have to: > > > > grub_dprintf ("luks2", "%.*s != %s\n", header.uuid, sizeof (header.uuid), > > cargs->search_uuid); > > > > Sorry for not catching this in my first round. > > This seems reasonable for what should be a very uncommon and non-spec > compliant case of having a uuid field with no NULL byte. I originally > had a patch before this that explicitly put a NULL byte at the end of > header.uuid so this problem didn't exist. I dropped it because it was > generally redundant as pointed out by Daniel, but I didn't take this > case into account. Perhaps its worth merging that with this one for > clarity. This is not as important anymore given that my initial point was moot. But it may still be sensible as defennse against corrupted headers. Anyway, with or without that change: Reviewed-by: Patrick Steinhardt <ps@pks.im> Thanks! Patrick > > > > > > > > @@ -123,7 +110,7 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > > newdev->source_disk = NULL; > > > newdev->log_sector_size = GRUB_LUKS1_LOG_SECTOR_SIZE; > > > newdev->total_sectors = grub_disk_native_sectors (disk) - newdev->offset_sectors; > > > - grub_memcpy (newdev->uuid, uuid, sizeof (uuid)); > > > + grub_memcpy (newdev->uuid, header.uuid, sizeof (header.uuid)); > > > newdev->modname = "luks"; > > > > This should be fine though because `newdev->uuid` is initialized to > > all-zeroes. > > > > > /* Configure the hash used for the AF splitter and HMAC. */ > > > @@ -143,7 +130,7 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > > return NULL; > > > } > > > > > > - COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid)); > > > + COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (header.uuid)); > > > return newdev; > > > } > > > > This has an off-by-one bug now though: `sizeof(uuid)` is not the same as > > `sizeof(header.uuid)`, but instead it was `sizeof(header.uuid)+1` to > > account for the trailing NUL-byte. So we have to make this: > > > > COMPILE_TIME_ASSERT (sizeof (newdev->uuid) > sizeof (header.uuid)); > > I don't think this is needed per above. > > Please let me know if I've missed something and thanks for being > cautious. > > Glenn > > > > > > diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c > > > index 5b3b36c8a..1174c4c2b 100644 > > > --- a/grub-core/disk/luks2.c > > > +++ b/grub-core/disk/luks2.c > > > @@ -350,8 +350,6 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > > { > > > grub_cryptodisk_t cryptodisk; > > > grub_luks2_header_t header; > > > - char uuid[sizeof (header.uuid) + 1]; > > > - grub_size_t i, j; > > > > > > if (cargs->check_boot) > > > return NULL; > > > @@ -362,14 +360,9 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > > return NULL; > > > } > > > > > > - for (i = 0, j = 0; i < sizeof (header.uuid); i++) > > > - if (header.uuid[i] != '-') > > > - uuid[j++] = header.uuid[i]; > > > - uuid[j] = '\0'; > > > - > > > - if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) > > > + if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, header.uuid, sizeof (header.uuid)) != 0) > > > { > > > - grub_dprintf ("luks2", "%s != %s\n", uuid, cargs->search_uuid); > > > + grub_dprintf ("luks2", "%s != %s\n", header.uuid, cargs->search_uuid); > > > return NULL; > > > } > > > > Same here. > > > > > @@ -377,8 +370,8 @@ luks2_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > > if (!cryptodisk) > > > return NULL; > > > > > > - COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (uuid)); > > > - grub_memcpy (cryptodisk->uuid, uuid, sizeof (uuid)); > > > + COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (header.uuid)); > > > + grub_memcpy (cryptodisk->uuid, header.uuid, sizeof (header.uuid)); > > > > And here. > > > > Patrick > > > > > cryptodisk->modname = "luks2"; > > > return cryptodisk; > > > diff --git a/include/grub/misc.h b/include/grub/misc.h > > > index 1c25c1767..76c5c7992 100644 > > > --- a/include/grub/misc.h > > > +++ b/include/grub/misc.h > > > @@ -244,6 +244,38 @@ grub_strncasecmp (const char *s1, const char *s2, grub_size_t n) > > > - (int) grub_tolower ((grub_uint8_t) *s2); > > > } > > > > > > +/* > > > + * Do a case insensitive compare of two UUID strings by ignoring all dashes. > > > + * Note that the parameter n, is the number of significant characters to > > > + * compare, where significant characters are any except the dash. > > > + */ > > > +static inline int > > > +grub_uuidcasecmp (const char *uuid1, const char *uuid2, grub_size_t n) > > > +{ > > > + if (n == 0) > > > + return 0; > > > + > > > + while (*uuid1 && *uuid2 && --n) > > > + { > > > + /* Skip forward to non-dash on both UUIDs. */ > > > + while ('-' == *uuid1) > > > + ++uuid1; > > > + > > > + while ('-' == *uuid2) > > > + ++uuid2; > > > + > > > + if (grub_tolower ((grub_uint8_t) *uuid1) > > > + != grub_tolower ((grub_uint8_t) *uuid2)) > > > + break; > > > + > > > + uuid1++; > > > + uuid2++; > > > + } > > > + > > > + return (int) grub_tolower ((grub_uint8_t) *uuid1) > > > + - (int) grub_tolower ((grub_uint8_t) *uuid2); > > > +} > > > + > > > /* > > > * Note that these differ from the C standard's definitions of strtol, > > > * strtoul(), and strtoull() by the addition of two const qualifiers on the end > > > -- > > > 2.34.1 > > > [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v6 2/2] cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner 2022-09-06 15:28 ` Patrick Steinhardt @ 2022-10-06 13:38 ` Daniel Kiper 0 siblings, 0 replies; 7+ messages in thread From: Daniel Kiper @ 2022-10-06 13:38 UTC (permalink / raw) To: Patrick Steinhardt; +Cc: Glenn Washburn, grub-devel On Tue, Sep 06, 2022 at 05:28:40PM +0200, Patrick Steinhardt wrote: > On Tue, Aug 30, 2022 at 03:12:36PM -0500, Glenn Washburn wrote: > > On Mon, 29 Aug 2022 07:38:24 +0200 > > Patrick Steinhardt <ps@pks.im> wrote: > > > > > On Fri, Aug 19, 2022 at 06:06:15PM -0500, Glenn Washburn wrote: > > > > A user can now specify UUID strings with dashes, instead of having to remove > > > > dashes. This is backwards-compatability preserving and also fixes a source > > > > of user confusion over the inconsistency with how UUIDs are specified > > > > between file system UUIDs and cryptomount UUIDs. Since cryptsetup, the > > > > reference implementation for LUKS, displays and generates UUIDs with dashes > > > > there has been additional confusion when using the UUID strings from > > > > cryptsetup as exact input into GRUB does not find the expected cryptodisk. > > > > > > > > A new function grub_uuidcasecmp is added that is general enough to be used > > > > other places where UUIDs are being compared. > > > > > > > > Signed-off-by: Glenn Washburn <development@efficientek.com> > > > > --- > > > > grub-core/disk/cryptodisk.c | 4 ++-- > > > > grub-core/disk/geli.c | 2 +- > > > > grub-core/disk/luks.c | 21 ++++----------------- > > > > grub-core/disk/luks2.c | 15 ++++----------- > > > > include/grub/misc.h | 32 ++++++++++++++++++++++++++++++++ > > > > 5 files changed, 43 insertions(+), 31 deletions(-) > > > > > > > > diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c > > > > index e89430812..a4cd8445f 100644 > > > > --- a/grub-core/disk/cryptodisk.c > > > > +++ b/grub-core/disk/cryptodisk.c > > > > @@ -702,7 +702,7 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk) > > > > if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) == 0) > > > > { > > > > for (dev = cryptodisk_list; dev != NULL; dev = dev->next) > > > > - if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 0) > > > > + if (grub_uuidcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid, sizeof (dev->uuid)) == 0) > > > > break; > > > > } > > > > else > > > > @@ -929,7 +929,7 @@ grub_cryptodisk_get_by_uuid (const char *uuid) > > > > { > > > > grub_cryptodisk_t dev; > > > > for (dev = cryptodisk_list; dev != NULL; dev = dev->next) > > > > - if (grub_strcasecmp (dev->uuid, uuid) == 0) > > > > + if (grub_uuidcasecmp (dev->uuid, uuid, sizeof (dev->uuid)) == 0) > > > > return dev; > > > > return NULL; > > > > } > > > > diff --git a/grub-core/disk/geli.c b/grub-core/disk/geli.c > > > > index e190066f9..722910d64 100644 > > > > --- a/grub-core/disk/geli.c > > > > +++ b/grub-core/disk/geli.c > > > > @@ -305,7 +305,7 @@ geli_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > > > return NULL; > > > > } > > > > > > > > - if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) > > > > + if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, uuid, sizeof (uuid)) != 0) > > > > { > > > > grub_dprintf ("geli", "%s != %s\n", uuid, cargs->search_uuid); > > > > return NULL; > > > > diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c > > > > index 7f837d52c..9e1e6a5d9 100644 > > > > --- a/grub-core/disk/luks.c > > > > +++ b/grub-core/disk/luks.c > > > > @@ -66,10 +66,7 @@ static grub_cryptodisk_t > > > > luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > > > { > > > > grub_cryptodisk_t newdev; > > > > - const char *iptr; > > > > struct grub_luks_phdr header; > > > > - char *optr; > > > > - char uuid[sizeof (header.uuid) + 1]; > > > > char ciphername[sizeof (header.cipherName) + 1]; > > > > char ciphermode[sizeof (header.cipherMode) + 1]; > > > > char hashspec[sizeof (header.hashSpec) + 1]; > > > > @@ -92,19 +89,9 @@ luks_scan (grub_disk_t disk, grub_cryptomount_args_t cargs) > > > > || grub_be_to_cpu16 (header.version) != 1) > > > > return NULL; > > > > > > > > - grub_memset (uuid, 0, sizeof (uuid)); > > > > - optr = uuid; > > > > - for (iptr = header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid)]; > > > > - iptr++) > > > > + if (cargs->search_uuid != NULL && grub_uuidcasecmp (cargs->search_uuid, header.uuid, sizeof (header.uuid)) != 0) > > > > { > > > > - if (*iptr != '-') > > > > - *optr++ = *iptr; > > > > - } > > > > - *optr = 0; > > > > - > > > > - if (cargs->search_uuid != NULL && grub_strcasecmp (cargs->search_uuid, uuid) != 0) > > > > - { > > > > - grub_dprintf ("luks", "%s != %s\n", uuid, cargs->search_uuid); > > > > + grub_dprintf ("luks", "%s != %s\n", header.uuid, cargs->search_uuid); > > > > return NULL; > > > > } > > > > > > I haven't noticed this in my previous review round, but I think this is > > > wrong because `header.uuid` is never NUL-terminated. It is explicitly 40 > > > characters long and read directly from disk, so there wouldn't be any > > > room for it to be NUL-terminated. > > > > Why not? UUIDs are 32 hex characters with typically 4 dashes, that > > makes 37 bytes needed including the NULL byte. In fact, I believe that > > cryptsetup always creates the uuid field NULL terminated. Also, the > > LUKS1 spec, and by extension LUKS2 spec, mandates NULL termination. The > > uuid field is specified as "char[]" and "char[], a string stored as null > > terminated sequence of 8-bit characters7". > > Indeed, you're right. I've read through the spec again and it matches > your explanation. That also makes my remaining points moot. > > > > > > > So we'd rather have to: > > > > > > grub_dprintf ("luks2", "%.*s != %s\n", header.uuid, sizeof (header.uuid), > > > cargs->search_uuid); > > > > > > Sorry for not catching this in my first round. > > > > This seems reasonable for what should be a very uncommon and non-spec > > compliant case of having a uuid field with no NULL byte. I originally > > had a patch before this that explicitly put a NULL byte at the end of > > header.uuid so this problem didn't exist. I dropped it because it was > > generally redundant as pointed out by Daniel, but I didn't take this > > case into account. Perhaps its worth merging that with this one for > > clarity. > > This is not as important anymore given that my initial point was moot. > But it may still be sensible as defennse against corrupted headers. > > Anyway, with or without that change: > > Reviewed-by: Patrick Steinhardt <ps@pks.im> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> Daniel ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-10-06 13:38 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-08-19 23:06 [PATCH v6 0/2] cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner Glenn Washburn 2022-08-19 23:06 ` [PATCH v6 1/2] misc: Add cast in grub_strncasecmp() to drop sign when calling grub_tolower() Glenn Washburn 2022-08-19 23:06 ` [PATCH v6 2/2] cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner Glenn Washburn 2022-08-29 5:38 ` Patrick Steinhardt 2022-08-30 20:12 ` Glenn Washburn 2022-09-06 15:28 ` Patrick Steinhardt 2022-10-06 13:38 ` Daniel Kiper
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.