From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1ZKHjP-00005x-13
	for mharc-grub-devel@gnu.org; Tue, 28 Jul 2015 23:08:35 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56309)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arvidjaar@gmail.com>) id 1ZKHjL-0008VH-P9
	for grub-devel@gnu.org; Tue, 28 Jul 2015 23:08:32 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <arvidjaar@gmail.com>) id 1ZKHjG-0005a6-PN
	for grub-devel@gnu.org; Tue, 28 Jul 2015 23:08:31 -0400
Received: from mail-lb0-x235.google.com ([2a00:1450:4010:c04::235]:34109)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arvidjaar@gmail.com>) id 1ZKHjG-0005ZS-Co
	for grub-devel@gnu.org; Tue, 28 Jul 2015 23:08:26 -0400
Received: by lbbzr7 with SMTP id zr7so87002600lbb.1
	for <grub-devel@gnu.org>; Tue, 28 Jul 2015 20:08:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=date:from:to:cc:subject:message-id:in-reply-to:references
	:mime-version:content-type:content-transfer-encoding;
	bh=X2FFYOfZXSUMfaJwrnq9FP1lWbyGN++MyYLmbAqCmH4=;
	b=Iv5jueQSRjNaqAW540AXDlC2sJcTjfm2D3APY6RVVT0kqPeYWQYoDTW4dGZeeDLRnn
	AdMsiT6F5K9SckZS9ItN6vvfpZBgv3ww+PI6w0CXCQcOGpEV222TDFOfa9twkWt+fPBY
	ZeMp+luUIen8y8ujf53k/DVULQ4Zxzkw1SBs5JpoQaIcz9iVOqTMt6POjqP7xgB20bFP
	BM+NegNxO7nL7/biMmcEHAUzIh95s5fqu71Q3+S/wD997b2RgawFM5WNSv6HXnw4qMxI
	c+vr5bFIGUE576AeQ9FV8o6PupXoAzMv1aKh072Ps6Z8swPSTzSSossC9ndyF8oa4zCu
	pCTQ==
X-Received: by 10.112.151.178 with SMTP id ur18mr36774678lbb.59.1438139305651; 
	Tue, 28 Jul 2015 20:08:25 -0700 (PDT)
Received: from opensuse.site (ppp91-76-6-204.pppoe.mtu-net.ru. [91.76.6.204])
	by smtp.gmail.com with ESMTPSA id
	rl1sm4982725lac.14.2015.07.28.20.08.24
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 28 Jul 2015 20:08:24 -0700 (PDT)
Date: Wed, 29 Jul 2015 06:08:23 +0300
From: Andrei Borzenkov <arvidjaar@gmail.com>
To: John Lane <grub@jelmail.com>
Subject: Re: [PATCH 5/5] Cryptomount support for hyphens in UUID
Message-ID: <20150729060823.136d182a@opensuse.site>
In-Reply-To: <1435588260-29456-6-git-send-email-grub@jelmail.com>
References: <1435588260-29456-1-git-send-email-grub@jelmail.com>
	<1435588260-29456-6-git-send-email-grub@jelmail.com>
X-Mailer: Claws Mail 3.11.0 (GTK+ 2.24.28; x86_64-suse-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a00:1450:4010:c04::235
Cc: grub-devel@gnu.org, John Lane <john@lane.uk.net>
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2015 03:08:32 -0000


I still believe that generally ignoring hyphens for every future crypto
implementation is wrong. In future we simply should avoid mangling
UUID. So this should be restricted to LUKS only, where the problem
exists.

=D0=92 Mon, 29 Jun 2015 15:31:00 +0100
John Lane <grub@jelmail.com> =D0=BF=D0=B8=D1=88=D0=B5=D1=82:

> From: John Lane <john@lane.uk.net>
>=20
> ---
>  grub-core/disk/cryptodisk.c | 20 +++++++++++++++++---
>  grub-core/disk/luks.c       | 26 ++++++++------------------
>  include/grub/cryptodisk.h   |  2 ++
>  3 files changed, 27 insertions(+), 21 deletions(-)
>=20
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index cd5cfc9..d36d16b 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -113,6 +113,20 @@ gf_mul_be (grub_uint8_t *o, const grub_uint8_t *a, c=
onst grub_uint8_t *b)
>      }
>  }
> =20
> +int
> +grub_cryptodisk_uuidcmp(char *uuid_a, char *uuid_b)
> +{
> +  while ((*uuid_a !=3D '\0') && (*uuid_b !=3D '\0'))
> +    {
> +      while (*uuid_a =3D=3D '-') uuid_a++;
> +      while (*uuid_b =3D=3D '-') uuid_b++;
> +      if (grub_toupper(*uuid_a) !=3D grub_toupper(*uuid_b)) break;
> +      uuid_a++;
> +      uuid_b++;
> +    }
> +  return (*uuid_a =3D=3D '\0') && (*uuid_b =3D=3D '\0');
> +}
> +
>  static gcry_err_code_t
>  grub_crypto_pcbc_decrypt (grub_crypto_cipher_handle_t cipher,
>  			 void *out, void *in, grub_size_t size,
> @@ -507,8 +521,8 @@ grub_cryptodisk_open (const char *name, grub_disk_t d=
isk)
>    if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) =3D=
=3D 0)
>      {
>        for (dev =3D cryptodisk_list; dev !=3D NULL; dev =3D dev->next)
> -	if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) =3D=
=3D 0)
> -	  break;
> +        if (grub_cryptodisk_uuidcmp(name + sizeof ("cryptouuid/") - 1, d=
ev->uuid))
> +          break;
>      }
>    else
>      {
> @@ -739,7 +753,7 @@ grub_cryptodisk_get_by_uuid (const char *uuid)
>  {
>    grub_cryptodisk_t dev;
>    for (dev =3D cryptodisk_list; dev !=3D NULL; dev =3D dev->next)
> -    if (grub_strcasecmp (dev->uuid, uuid) =3D=3D 0)
> +    if (grub_cryptodisk_uuidcmp(dev->uuid, uuid))
>        return dev;
>    return NULL;
>  }
> diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
> index 4ebe21b..80a7606 100644
> --- a/grub-core/disk/luks.c
> +++ b/grub-core/disk/luks.c
> @@ -68,9 +68,7 @@ configure_ciphers (grub_disk_t disk, const char *check_=
uuid,
>  		   int check_boot, grub_file_t hdr)
>  {
>    grub_cryptodisk_t newdev;
> -  const char *iptr;
>    struct grub_luks_phdr header;
> -  char *optr;
>    char uuid[sizeof (header.uuid) + 1];
>    char ciphername[sizeof (header.cipherName) + 1];
>    char ciphermode[sizeof (header.cipherMode) + 1];
> @@ -104,22 +102,6 @@ configure_ciphers (grub_disk_t disk, const char *che=
ck_uuid,
>        || grub_be_to_cpu16 (header.version) !=3D 1)
>      return NULL;
> =20
> -  optr =3D uuid;
> -  for (iptr =3D header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid=
)];
> -       iptr++)
> -    {
> -      if (*iptr !=3D '-')
> -        *optr++ =3D *iptr;
> -    }
> -  *optr =3D 0;
> -
> -  if (check_uuid && grub_strcasecmp (check_uuid, uuid) !=3D 0)
> -    {
> -      grub_dprintf ("luks", "%s !=3D %s\n", uuid, check_uuid);
> -      return NULL;
> -    }
> -
> -
>    /* Make sure that strings are null terminated.  */
>    grub_memcpy (ciphername, header.cipherName, sizeof (header.cipherName)=
);
>    ciphername[sizeof (header.cipherName)] =3D 0;
> @@ -127,6 +109,14 @@ configure_ciphers (grub_disk_t disk, const char *che=
ck_uuid,
>    ciphermode[sizeof (header.cipherMode)] =3D 0;
>    grub_memcpy (hashspec, header.hashSpec, sizeof (header.hashSpec));
>    hashspec[sizeof (header.hashSpec)] =3D 0;
> +  grub_memcpy (uuid, header.uuid, sizeof (header.uuid));
> +  uuid[sizeof (header.uuid)] =3D 0;
> +
> +  if ( check_uuid && ! grub_cryptodisk_uuidcmp(check_uuid, uuid))
> +    {
> +      grub_dprintf ("luks", "%s !=3D %s\n", uuid, check_uuid);
> +      return NULL;
> +    }
> =20
>    newdev =3D grub_cryptodisk_create (disk, uuid, ciphername, ciphermode,=
 hashspec);
> =20
> diff --git a/include/grub/cryptodisk.h b/include/grub/cryptodisk.h
> index 4076412..a564f2c 100644
> --- a/include/grub/cryptodisk.h
> +++ b/include/grub/cryptodisk.h
> @@ -167,4 +167,6 @@ grub_cryptodisk_t grub_cryptodisk_get_by_source_disk =
(grub_disk_t disk);
>  grub_cryptodisk_t grub_cryptodisk_create (grub_disk_t disk, char *uuid,
>  				   char *ciphername, char *ciphermode, char *digest);
> =20
> +int
> +grub_cryptodisk_uuidcmp(char *uuid_a, char *uuid_b);
>  #endif