Re: [PATCH 5/5] Cryptomount support for hyphens in UUID

grub-devel.gnu.org archive mirror
 help / color / mirror / Atom feed

From: Andrei Borzenkov <arvidjaar@gmail.com>
To: John Lane <grub@jelmail.com>
Cc: grub-devel@gnu.org, John Lane <john@lane.uk.net>
Subject: Re: [PATCH 5/5] Cryptomount support for hyphens in UUID
Date: Wed, 29 Jul 2015 06:08:23 +0300	[thread overview]
Message-ID: <20150729060823.136d182a@opensuse.site> (raw)
In-Reply-To: <1435588260-29456-6-git-send-email-grub@jelmail.com>


I still believe that generally ignoring hyphens for every future crypto
implementation is wrong. In future we simply should avoid mangling
UUID. So this should be restricted to LUKS only, where the problem
exists.

В Mon, 29 Jun 2015 15:31:00 +0100
John Lane <grub@jelmail.com> пишет:

> From: John Lane <john@lane.uk.net>
> 
> ---
>  grub-core/disk/cryptodisk.c | 20 +++++++++++++++++---
>  grub-core/disk/luks.c       | 26 ++++++++------------------
>  include/grub/cryptodisk.h   |  2 ++
>  3 files changed, 27 insertions(+), 21 deletions(-)
> 
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index cd5cfc9..d36d16b 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -113,6 +113,20 @@ gf_mul_be (grub_uint8_t *o, const grub_uint8_t *a, const grub_uint8_t *b)
>      }
>  }
>  
> +int
> +grub_cryptodisk_uuidcmp(char *uuid_a, char *uuid_b)
> +{
> +  while ((*uuid_a != '\0') && (*uuid_b != '\0'))
> +    {
> +      while (*uuid_a == '-') uuid_a++;
> +      while (*uuid_b == '-') uuid_b++;
> +      if (grub_toupper(*uuid_a) != grub_toupper(*uuid_b)) break;
> +      uuid_a++;
> +      uuid_b++;
> +    }
> +  return (*uuid_a == '\0') && (*uuid_b == '\0');
> +}
> +
>  static gcry_err_code_t
>  grub_crypto_pcbc_decrypt (grub_crypto_cipher_handle_t cipher,
>  			 void *out, void *in, grub_size_t size,
> @@ -507,8 +521,8 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk)
>    if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) == 0)
>      {
>        for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
> -	if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 0)
> -	  break;
> +        if (grub_cryptodisk_uuidcmp(name + sizeof ("cryptouuid/") - 1, dev->uuid))
> +          break;
>      }
>    else
>      {
> @@ -739,7 +753,7 @@ grub_cryptodisk_get_by_uuid (const char *uuid)
>  {
>    grub_cryptodisk_t dev;
>    for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
> -    if (grub_strcasecmp (dev->uuid, uuid) == 0)
> +    if (grub_cryptodisk_uuidcmp(dev->uuid, uuid))
>        return dev;
>    return NULL;
>  }
> diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
> index 4ebe21b..80a7606 100644
> --- a/grub-core/disk/luks.c
> +++ b/grub-core/disk/luks.c
> @@ -68,9 +68,7 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
>  		   int check_boot, grub_file_t hdr)
>  {
>    grub_cryptodisk_t newdev;
> -  const char *iptr;
>    struct grub_luks_phdr header;
> -  char *optr;
>    char uuid[sizeof (header.uuid) + 1];
>    char ciphername[sizeof (header.cipherName) + 1];
>    char ciphermode[sizeof (header.cipherMode) + 1];
> @@ -104,22 +102,6 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
>        || grub_be_to_cpu16 (header.version) != 1)
>      return NULL;
>  
> -  optr = uuid;
> -  for (iptr = header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid)];
> -       iptr++)
> -    {
> -      if (*iptr != '-')
> -        *optr++ = *iptr;
> -    }
> -  *optr = 0;
> -
> -  if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0)
> -    {
> -      grub_dprintf ("luks", "%s != %s\n", uuid, check_uuid);
> -      return NULL;
> -    }
> -
> -
>    /* Make sure that strings are null terminated.  */
>    grub_memcpy (ciphername, header.cipherName, sizeof (header.cipherName));
>    ciphername[sizeof (header.cipherName)] = 0;
> @@ -127,6 +109,14 @@ configure_ciphers (grub_disk_t disk, const char *check_uuid,
>    ciphermode[sizeof (header.cipherMode)] = 0;
>    grub_memcpy (hashspec, header.hashSpec, sizeof (header.hashSpec));
>    hashspec[sizeof (header.hashSpec)] = 0;
> +  grub_memcpy (uuid, header.uuid, sizeof (header.uuid));
> +  uuid[sizeof (header.uuid)] = 0;
> +
> +  if ( check_uuid && ! grub_cryptodisk_uuidcmp(check_uuid, uuid))
> +    {
> +      grub_dprintf ("luks", "%s != %s\n", uuid, check_uuid);
> +      return NULL;
> +    }
>  
>    newdev = grub_cryptodisk_create (disk, uuid, ciphername, ciphermode, hashspec);
>  
> diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
> index 4076412..a564f2c 100644
> --- a/include/grub/cryptodisk.h
> +++ b/include/grub/cryptodisk.h
> @@ -167,4 +167,6 @@ grub_cryptodisk_t grub_cryptodisk_get_by_source_disk (grub_disk_t disk);
>  grub_cryptodisk_t grub_cryptodisk_create (grub_disk_t disk, char *uuid,
>  				   char *ciphername, char *ciphermode, char *digest);
>  
> +int
> +grub_cryptodisk_uuidcmp(char *uuid_a, char *uuid_b);
>  #endif

next prev parent reply	other threads:[~2015-07-29  3:08 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-29 14:30 Cryptomount enhancements - revised John Lane
2015-06-29 14:30 ` [PATCH 1/5] Cryptomount support LUKS detached header John Lane
2015-06-29 14:30 ` [PATCH 2/5] Cryptomount support key files John Lane
2015-06-29 14:30 ` [PATCH 3/5] cryptomount luks allow multiple passphrase attempts John Lane
2015-06-29 14:56   ` John Lane
2015-06-29 14:30 ` [PATCH 4/5] Cryptomount support plain dm-crypt John Lane
2016-02-12 15:19   ` Vladimir 'φ-coder/phcoder' Serbinenko
2015-06-29 14:31 ` [PATCH 5/5] Cryptomount support for hyphens in UUID John Lane
2015-06-29 14:52   ` John Lane
2015-07-29  3:08   ` Andrei Borzenkov [this message]
2015-07-29  6:51     ` John Lane
2015-07-29 16:51       ` Andrei Borzenkov
2015-07-29 18:53         ` John Lane
2015-07-28 18:51 ` Cryptomount enhancements - revised John Lane
2015-07-28 21:38   ` Vladimir 'phcoder' Serbinenko
2015-07-29  6:48     ` John Lane
2015-07-29 17:21       ` Andrei Borzenkov
2015-08-01 16:22         ` John Lane

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150729060823.136d182a@opensuse.site \
    --to=arvidjaar@gmail.com \
    --cc=grub-devel@gnu.org \
    --cc=grub@jelmail.com \
    --cc=john@lane.uk.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).