[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v4 0/6] Support for LUKS2 disk encryption
From: |
Patrick Steinhardt |
Subject: |
[PATCH v4 0/6] Support for LUKS2 disk encryption |
Date: |
Mon, 18 Nov 2019 09:45:11 +0100 |
Hi,
another week, another new version of this patch series. Changes
to v3 include the following:
- Renamed `err` variables to `ret`.
- Fixed formatting of multiline comments.
- Aligned struct members.
- Moved some defines around.
- Added EXPORT_FUNC() to the JSON interface.
All in all it's mostly cosmetical changes to better match GRUB's
coding style. I've attached the range-diff against v3 to this
mail.
Patrick
Patrick Steinhardt (6):
json: Import upstream jsmn-1.1.0
json: Implement wrapping interface
bootstrap: Add gnulib's base64 module
afsplitter: Move into its own module
luks: Move configuration of ciphers into cryptodisk
disk: Implement support for LUKS2
Makefile.util.def | 4 +-
bootstrap.conf | 3 +-
conf/Makefile.extra-dist | 1 +
docs/grub-dev.texi | 14 +
docs/grub.texi | 5 +-
grub-core/Makefile.core.def | 19 +-
grub-core/disk/AFSplitter.c | 3 +
grub-core/disk/cryptodisk.c | 163 ++++-
grub-core/disk/luks.c | 190 +----
grub-core/disk/luks2.c | 674 ++++++++++++++++++
grub-core/lib/gnulib-patches/fix-base64.patch | 23 +
grub-core/lib/json/jsmn.h | 468 ++++++++++++
grub-core/lib/json/json.c | 240 +++++++
grub-core/lib/json/json.h | 103 +++
include/grub/cryptodisk.h | 3 +
15 files changed, 1733 insertions(+), 180 deletions(-)
create mode 100644 grub-core/disk/luks2.c
create mode 100644 grub-core/lib/gnulib-patches/fix-base64.patch
create mode 100644 grub-core/lib/json/jsmn.h
create mode 100644 grub-core/lib/json/json.c
create mode 100644 grub-core/lib/json/json.h
Range-diff against v3:
1: 7bd619827 ! 1: 2469e96f9 json: Import upstream jsmn-1.1.0
@@ Commit message
[1]: https://github.com/zserge/jsmn
Signed-off-by: Patrick Steinhardt <address@hidden>
+ Reviewed-by: Daniel Kiper <address@hidden>
## docs/grub-dev.texi ##
@@ docs/grub-dev.texi: to update it.
2: 680b5add5 ! 2: 126fd8408 json: Implement wrapping interface
@@ grub-core/lib/json/json.c
+{
+ grub_json_t *json = NULL;
+ jsmn_parser parser;
-+ grub_err_t err;
++ grub_err_t ret = GRUB_ERR_NONE;
+ int jsmn_err;
+
++ if (!string)
++ return GRUB_ERR_BAD_ARGUMENT;
++
+ json = grub_zalloc (sizeof (*json));
+ if (!json)
+ return GRUB_ERR_OUT_OF_MEMORY;
-+ json->idx = 0;
+ json->string = string;
-+ if (!json->string)
-+ {
-+ err = GRUB_ERR_OUT_OF_MEMORY;
-+ goto out;
-+ }
+
++ /*
++ * Parse the string twice: first to determine how many tokens
++ * we need to allocate, second to fill allocated tokens.
++ */
+ jsmn_init(&parser);
+ jsmn_err = jsmn_parse (&parser, string, string_len, NULL, 0);
+ if (jsmn_err <= 0)
+ {
-+ err = GRUB_ERR_BAD_ARGUMENT;
-+ goto out;
++ ret = GRUB_ERR_BAD_ARGUMENT;
++ goto err;
+ }
+
+ json->tokens = grub_malloc (sizeof (jsmntok_t) * jsmn_err);
+ if (!json->tokens)
+ {
-+ err = GRUB_ERR_OUT_OF_MEMORY;
-+ goto out;
++ ret = GRUB_ERR_OUT_OF_MEMORY;
++ goto err;
+ }
+
-+ jsmn_init(&parser);
++ jsmn_init (&parser);
+ jsmn_err = jsmn_parse (&parser, string, string_len, json->tokens,
jsmn_err);
+ if (jsmn_err <= 0)
+ {
-+ err = GRUB_ERR_BAD_ARGUMENT;
-+ goto out;
++ ret = GRUB_ERR_BAD_ARGUMENT;
++ goto err;
+ }
+
-+ err = GRUB_ERR_NONE;
+ *out = json;
-+out:
-+ if (err && json)
++
++ err:
++ if (ret && json)
+ {
+ grub_free (json->string);
+ grub_free (json->tokens);
+ grub_free (json);
+ }
-+ return err;
++ return ret;
+}
+
+void
@@ grub-core/lib/json/json.c
+grub_json_getsize (const grub_json_t *json)
+{
+ jsmntok_t *p = &((jsmntok_t *)json->tokens)[json->idx];
++
+ return p->size;
+}
+
@@ grub-core/lib/json/json.c
+grub_json_gettype (const grub_json_t *json)
+{
+ jsmntok_t *p = &((jsmntok_t *)json->tokens)[json->idx];
++
+ switch (p->type)
+ {
+ case JSMN_OBJECT:
@@ grub-core/lib/json/json.c
+ default:
+ break;
+ }
++
+ return GRUB_JSON_UNDEFINED;
+}
+
@@ grub-core/lib/json/json.c
+ jsmntok_t *p = &((jsmntok_t *)parent->tokens)[parent->idx];
+ grub_size_t offset = 1;
+
-+ if (n >= (unsigned) p->size)
++ if (n >= (grub_size_t) p->size)
+ return GRUB_ERR_BAD_ARGUMENT;
+
+ while (n--)
@@ grub-core/lib/json/json.c
+{
+ const grub_json_t *p = parent;
+ grub_json_t child;
++ grub_err_t ret;
+ jsmntok_t *tok;
+
+ if (key)
+ {
-+ grub_err_t err = grub_json_getvalue (&child, parent, key);
-+ if (err)
-+ return err;
++ ret = grub_json_getvalue (&child, parent, key);
++ if (ret)
++ return ret;
+ p = &child;
+ }
+
@@ grub-core/lib/json/json.c
+{
+ grub_json_type_t type;
+ const char *value;
-+ grub_err_t err;
++ grub_err_t ret;
+
-+ err = get_value(&type, &value, parent, key);
-+ if (err)
-+ return err;
++ ret = get_value(&type, &value, parent, key);
++ if (ret)
++ return ret;
+ if (type != GRUB_JSON_STRING)
+ return GRUB_ERR_BAD_ARGUMENT;
+
@@ grub-core/lib/json/json.c
+{
+ grub_json_type_t type;
+ const char *value;
-+ grub_err_t err;
++ grub_err_t ret;
+
-+ err = get_value(&type, &value, parent, key);
-+ if (err)
-+ return err;
++ ret = get_value(&type, &value, parent, key);
++ if (ret)
++ return ret;
+ if (type != GRUB_JSON_STRING && type != GRUB_JSON_PRIMITIVE)
+ return GRUB_ERR_BAD_ARGUMENT;
+
@@ grub-core/lib/json/json.c
+{
+ grub_json_type_t type;
+ const char *value;
-+ grub_err_t err;
++ grub_err_t ret;
+
-+ err = get_value(&type, &value, parent, key);
-+ if (err)
-+ return err;
++ ret = get_value(&type, &value, parent, key);
++ if (ret)
++ return ret;
+ if (type != GRUB_JSON_STRING && type != GRUB_JSON_PRIMITIVE)
+ return GRUB_ERR_BAD_ARGUMENT;
+
@@ grub-core/lib/json/json.h (new)
+};
+typedef struct grub_json grub_json_t;
+
-+/* Parse a JSON-encoded string. Note that the string passed to
++/*
++ * Parse a JSON-encoded string. Note that the string passed to
+ * this function will get modified on subsequent calls to
-+ * `grub_json_get*`. Returns the root object of the parsed JSON
-+ * object, which needs to be free'd via `grub_json_free`.
++ * grub_json_get*(). Returns the root object of the parsed JSON
++ * object, which needs to be free'd via grub_json_free().
+ */
-+grub_err_t
-+grub_json_parse (grub_json_t **out, char *string, grub_size_t string_len);
++extern grub_err_t EXPORT_FUNC(grub_json_parse) (grub_json_t **out,
++ char *string,
++ grub_size_t string_len);
+
-+/* Free the structure and its contents. The string passed to
-+ * `grub_json_parse` will not be free'd.
++/*
++ * Free the structure and its contents. The string passed to
++ * grub_json_parse() will not be free'd.
+ */
-+void
-+grub_json_free (grub_json_t *json);
++extern void EXPORT_FUNC(grub_json_free) (grub_json_t *json);
+
-+/* Get the child count of the given JSON token. Children are
-+ * present for arrays, objects (dicts) and keys of a dict. */
-+grub_size_t
-+grub_json_getsize (const grub_json_t *json);
++/*
++ * Get the child count of the given JSON token. Children are
++ * present for arrays, objects (dicts) and keys of a dict.
++ */
++extern grub_size_t EXPORT_FUNC(grub_json_getsize) (const grub_json_t
*json);
+
+/* Get the type of the given JSON token. */
-+grub_json_type_t
-+grub_json_gettype (const grub_json_t *json);
++extern grub_json_type_t EXPORT_FUNC(grub_json_gettype) (const grub_json_t
*json);
+
-+/* Get n'th child of object, array or key. Will return an error if no
-+ * such child exists. The result does not need to be free'd. */
-+grub_err_t
-+grub_json_getchild (grub_json_t *out, const grub_json_t *parent,
grub_size_t n);
++/*
++ * Get n'th child of object, array or key. Will return an error if no
++ * such child exists. The result does not need to be free'd.
++ */
++extern grub_err_t EXPORT_FUNC(grub_json_getchild) (grub_json_t *out,
++ const grub_json_t *parent,
++ grub_size_t n);
+
-+/* Get value of key from a JSON object. The result does not need
-+ * to be free'd. */
-+grub_err_t
-+grub_json_getvalue (grub_json_t *out, const grub_json_t *parent, const
char *key);
++/*
++ * Get value of key from a JSON object. The result does not need
++ * to be free'd.
++ */
++extern grub_err_t EXPORT_FUNC(grub_json_getvalue) (grub_json_t *out,
++ const grub_json_t *parent,
++ const char *key);
+
+/* Get the string representation of a JSON object. */
-+grub_err_t
-+grub_json_getstring (const char **out, const grub_json_t *parent, const
char *key);
++extern grub_err_t EXPORT_FUNC(grub_json_getstring) (const char **out,
++ const grub_json_t *parent,
++ const char *key);
+
+/* Get the uint64 representation of a JSON object. */
-+grub_err_t
-+grub_json_getuint64 (grub_uint64_t *out, const grub_json_t *parent, const
char *key);
++extern grub_err_t EXPORT_FUNC(grub_json_getuint64) (grub_uint64_t *out,
++ const grub_json_t *parent,
++ const char *key);
+
+/* Get the int64 representation of a JSON object. */
-+grub_err_t
-+grub_json_getint64 (grub_int64_t *out, const grub_json_t *parent, const
char *key);
++extern grub_err_t EXPORT_FUNC(grub_json_getint64) (grub_int64_t *out,
++ const grub_json_t *parent,
++ const char *key);
+
+#endif
3: 461696fe7 = 3: e29ef98a2 bootstrap: Add gnulib's base64 module
4: 18cfacbe5 = 4: f95f7b1c2 afsplitter: Move into its own module
5: 1a185b6d8 = 5: 5a3bb8742 luks: Move configuration of ciphers into
cryptodisk
6: 9d88fcbab ! 6: 9c21363ee disk: Implement support for LUKS2
@@ docs/grub.texi: is requested interactively. Option @var{device}
configures speci
devices; option @option{-b} configures all geli containers that have boot
flag set.
-GRUB suports devices encrypted using LUKS and geli. Note that necessary
modules (@var{luks} and @var{geli}) have to be loaded manually before this
command can
-+GRUB suports devices encrypted using LUKS and geli. Note that necessary
modules (@var{luks}, @var{luks2} and @var{geli}) have to be loaded manually
before this command can
- be used.
+-be used.
++GRUB suports devices encrypted using LUKS, LUKS2 and geli. Note that
necessary
++modules (@var{luks}, @var{luks2} and @var{geli}) have to be loaded
manually
++before this command can be used.
@end deffn
+
## grub-core/Makefile.core.def ##
@@ grub-core/Makefile.core.def: module = {
@@ grub-core/disk/luks2.c (new)
+#include <base64.h>
+#include <json.h>
+
-+#define MAX_PASSPHRASE 256
-+
+GRUB_MOD_LICENSE ("GPLv3+");
+
-+gcry_err_code_t AF_merge (const gcry_md_spec_t * hash, grub_uint8_t * src,
-+ grub_uint8_t * dst, grub_size_t blocksize,
-+ grub_size_t blocknumbers);
++#define LUKS_MAGIC_1ST "LUKS\xBA\xBE"
++#define LUKS_MAGIC_2ND "SKUL\xBA\xBE"
++#define MAX_PASSPHRASE 256
+
+enum grub_luks2_kdf_type
+{
@@ grub-core/disk/luks2.c (new)
+/* On disk LUKS header */
+struct grub_luks2_header
+{
-+ char magic[6];
-+#define LUKS_MAGIC_1ST "LUKS\xBA\xBE"
-+#define LUKS_MAGIC_2ND "SKUL\xBA\xBE"
++ char magic[6];
+ grub_uint16_t version;
+ grub_uint64_t hdr_size;
+ grub_uint64_t seqid;
-+ char label[48];
-+ char csum_alg[32];
-+ grub_uint8_t salt[64];
-+ char uuid[40];
-+ char subsystem[48];
-+ grub_uint64_t hdr_offset;
-+ char _padding[184];
-+ grub_uint8_t csum[64];
-+ char _padding4096[7*512];
++ char label[48];
++ char csum_alg[32];
++ grub_uint8_t salt[64];
++ char uuid[40];
++ char subsystem[48];
++ grub_uint64_t hdr_offset;
++ char _padding[184];
++ grub_uint8_t csum[64];
++ char _padding4096[7*512];
+} GRUB_PACKED;
+typedef struct grub_luks2_header grub_luks2_header_t;
+
@@ grub-core/disk/luks2.c (new)
+ grub_int64_t priority;
+ struct
+ {
-+ const char *encryption;
++ const char *encryption;
+ grub_uint64_t offset;
+ grub_uint64_t size;
-+ grub_int64_t key_size;
++ grub_int64_t key_size;
+ } area;
+ struct
+ {
-+ const char *hash;
++ const char *hash;
+ grub_int64_t stripes;
+ } af;
+ struct
+ {
+ grub_luks2_kdf_type_t type;
-+ const char *salt;
++ const char *salt;
+ union
+ {
+ struct
@@ grub-core/disk/luks2.c (new)
+ } argon2i;
+ struct
+ {
-+ const char *hash;
++ const char *hash;
+ grub_int64_t iterations;
+ } pbkdf2;
+ } u;
@@ grub-core/disk/luks2.c (new)
+struct grub_luks2_segment
+{
+ grub_uint64_t offset;
-+ const char *size;
-+ const char *encryption;
-+ grub_int64_t sector_size;
++ const char *size;
++ const char *encryption;
++ grub_int64_t sector_size;
+};
+typedef struct grub_luks2_segment grub_luks2_segment_t;
+
+struct grub_luks2_digest
+{
+ /* Both keyslots and segments are interpreted as bitfields here */
-+ grub_uint64_t keyslots;
-+ grub_uint64_t segments;
-+ const char *salt;
-+ const char *digest;
-+ const char *hash;
-+ grub_int64_t iterations;
++ grub_uint64_t keyslots;
++ grub_uint64_t segments;
++ const char *salt;
++ const char *digest;
++ const char *hash;
++ grub_int64_t iterations;
+};
+typedef struct grub_luks2_digest grub_luks2_digest_t;
+
++gcry_err_code_t AF_merge (const gcry_md_spec_t * hash, grub_uint8_t * src,
++ grub_uint8_t * dst, grub_size_t blocksize,
++ grub_size_t blocknumbers);
++
+static grub_err_t
+luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t
*keyslot)
+{
@@ grub-core/disk/luks2.c (new)
+luks2_read_header (grub_disk_t disk, grub_luks2_header_t *outhdr)
+{
+ grub_luks2_header_t primary, secondary, *header = &primary;
-+ grub_err_t err;
++ grub_err_t ret;
+
+ /* Read the primary LUKS header. */
-+ err = grub_disk_read (disk, 0, 0, sizeof (primary), &primary);
-+ if (err)
-+ return err;
++ ret = grub_disk_read (disk, 0, 0, sizeof (primary), &primary);
++ if (ret)
++ return ret;
+
+ /* Look for LUKS magic sequence. */
-+ if (grub_memcmp (primary.magic, LUKS_MAGIC_1ST, sizeof (primary.magic))
-+ || grub_be_to_cpu16 (primary.version) != 2)
++ if (grub_memcmp (primary.magic, LUKS_MAGIC_1ST, sizeof (primary.magic))
||
++ grub_be_to_cpu16 (primary.version) != 2)
+ return GRUB_ERR_BAD_SIGNATURE;
+
+ /* Read the secondary header. */
-+ err = grub_disk_read (disk, 0, grub_be_to_cpu64 (primary.hdr_size),
sizeof (secondary), &secondary);
-+ if (err)
-+ return err;
++ ret = grub_disk_read (disk, 0, grub_be_to_cpu64 (primary.hdr_size),
sizeof (secondary), &secondary);
++ if (ret)
++ return ret;
+
+ /* Look for LUKS magic sequence. */
-+ if (grub_memcmp (secondary.magic, LUKS_MAGIC_2ND, sizeof
(secondary.magic))
-+ || grub_be_to_cpu16 (secondary.version) != 2)
++ if (grub_memcmp (secondary.magic, LUKS_MAGIC_2ND, sizeof
(secondary.magic)) ||
++ grub_be_to_cpu16 (secondary.version) != 2)
+ return GRUB_ERR_BAD_SIGNATURE;
+
+ if (grub_be_to_cpu64 (primary.seqid) < grub_be_to_cpu64
(secondary.seqid))
@@ grub-core/disk/luks2.c (new)
+{
+ grub_cryptodisk_t cryptodisk;
+ grub_luks2_header_t header;
-+ grub_err_t err;
+
+ if (check_boot)
+ return NULL;
+
-+ err = luks2_read_header (disk, &header);
-+ if (err)
++ if (luks2_read_header (disk, &header))
+ {
+ grub_errno = GRUB_ERR_NONE;
+ return NULL;
@@ grub-core/disk/luks2.c (new)
+ cryptodisk = grub_zalloc (sizeof (*cryptodisk));
+ if (!cryptodisk)
+ return NULL;
++
+ COMPILE_TIME_ASSERT (sizeof (cryptodisk->uuid) >= sizeof (header.uuid));
++
+ grub_memcpy (cryptodisk->uuid, header.uuid, sizeof (header.uuid));
+ cryptodisk->modname = "luks2";
+ return cryptodisk;
@@ grub-core/disk/luks2.c (new)
+ grub_uint8_t digest[GRUB_CRYPTODISK_MAX_KEYLEN],
salt[GRUB_CRYPTODISK_MAX_KEYLEN];
+ grub_size_t saltlen = sizeof (salt), digestlen = sizeof (digest);
+ const gcry_md_spec_t *hash;
-+ gcry_err_code_t gcry_err;
++ gcry_err_code_t gcry_ret;
+
-+ /* Decdoe both digest and salt */
++ /* Decode both digest and salt */
+ if (!base64_decode(d->digest, grub_strlen (d->digest), (char *)digest,
&digestlen))
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid digest");
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid digest");
+ if (!base64_decode(d->salt, grub_strlen (d->salt), (char *)salt,
&saltlen))
-+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid digest salt");
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid digest salt");
+
+ /* Configure the hash used for the digest. */
+ hash = grub_crypto_lookup_md_by_name (d->hash);
+ if (!hash)
-+ return grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s
hash", d->hash);
++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
d->hash);
+
+ /* Calculate the candidate key's digest */
-+ gcry_err = grub_crypto_pbkdf2 (hash,
++ gcry_ret = grub_crypto_pbkdf2 (hash,
+ candidate_key, candidate_key_len,
+ salt, saltlen,
+ d->iterations,
+ candidate_digest, digestlen);
-+ if (gcry_err)
-+ return grub_crypto_gcry_error (gcry_err);
++ if (gcry_ret)
++ return grub_crypto_gcry_error (gcry_ret);
+
+ if (grub_memcmp (candidate_digest, digest, digestlen) != 0)
-+ return grub_error (GRUB_ERR_ACCESS_DENIED, "Mismatching digests");
++ return grub_error (GRUB_ERR_ACCESS_DENIED, "Mismatching digests");
+
+ return GRUB_ERR_NONE;
+}
@@ grub-core/disk/luks2.c (new)
+ grub_size_t saltlen = sizeof (salt);
+ char cipher[32], *p;;
+ const gcry_md_spec_t *hash;
-+ gcry_err_code_t gcry_err;
-+ grub_err_t err;
++ gcry_err_code_t gcry_ret;
++ grub_err_t ret;
+
+ if (!base64_decode(k->kdf.salt, grub_strlen (k->kdf.salt),
+ (char *)salt, &saltlen))
+ {
-+ err = grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid keyslot salt");
++ ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid keyslot salt");
+ goto err;
+ }
+
@@ grub-core/disk/luks2.c (new)
+ switch (k->kdf.type)
+ {
+ case LUKS2_KDF_TYPE_ARGON2I:
-+ err = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
++ ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
+ goto err;
+ case LUKS2_KDF_TYPE_PBKDF2:
+ hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash);
+ if (!hash)
+ {
-+ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
++ ret = grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
+ k->kdf.u.pbkdf2.hash);
+ goto err;
+ }
+
-+ gcry_err = grub_crypto_pbkdf2 (hash, (grub_uint8_t *) passphrase,
++ gcry_ret = grub_crypto_pbkdf2 (hash, (grub_uint8_t *) passphrase,
+ passphraselen,
+ salt, saltlen,
+ k->kdf.u.pbkdf2.iterations,
+ area_key, k->area.key_size);
-+ if (gcry_err)
++ if (gcry_ret)
+ {
-+ err = grub_crypto_gcry_error (gcry_err);
++ ret = grub_crypto_gcry_error (gcry_ret);
+ goto err;
+ }
+
@@ grub-core/disk/luks2.c (new)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid encryption");
+ *p = '\0';
+
-+ err = grub_cryptodisk_setcipher (crypt, cipher, p + 1);
-+ if (err)
-+ return err;
++ ret = grub_cryptodisk_setcipher (crypt, cipher, p + 1);
++ if (ret)
++ return ret;
+
-+ gcry_err = grub_cryptodisk_setkey (crypt, area_key, k->area.key_size);
-+ if (gcry_err)
++ gcry_ret = grub_cryptodisk_setkey (crypt, area_key, k->area.key_size);
++ if (gcry_ret)
+ {
-+ err = grub_crypto_gcry_error (gcry_err);
++ ret = grub_crypto_gcry_error (gcry_ret);
+ goto err;
+ }
+
@@ grub-core/disk/luks2.c (new)
+ split_key = grub_malloc (k->area.size);
+ if (!split_key)
+ {
-+ err = grub_errno;
++ ret = grub_errno;
+ goto err;
+ }
+
+ grub_errno = GRUB_ERR_NONE;
-+ err = grub_disk_read (disk, 0, k->area.offset, k->area.size, split_key);
-+ if (err)
++ ret = grub_disk_read (disk, 0, k->area.offset, k->area.size, split_key);
++ if (ret)
+ {
+ grub_dprintf ("luks2", "Read error: %s\n", grub_errmsg);
+ goto err;
+ }
+
-+ gcry_err = grub_cryptodisk_decrypt (crypt, split_key, k->area.size, 0);
-+ if (gcry_err)
++ gcry_ret = grub_cryptodisk_decrypt (crypt, split_key, k->area.size, 0);
++ if (gcry_ret)
+ {
-+ err = grub_crypto_gcry_error (gcry_err);
++ ret = grub_crypto_gcry_error (gcry_ret);
+ goto err;
+ }
+
@@ grub-core/disk/luks2.c (new)
+ hash = grub_crypto_lookup_md_by_name (k->af.hash);
+ if (!hash)
+ {
-+ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
++ ret = grub_error (GRUB_ERR_FILE_NOT_FOUND, "Couldn't load %s hash",
+ k->af.hash);
+ goto err;
+ }
+
+ /* Merge the decrypted key material to get the candidate master key. */
-+ gcry_err = AF_merge (hash, split_key, out_key, k->key_size,
k->af.stripes);
-+ if (gcry_err)
++ gcry_ret = AF_merge (hash, split_key, out_key, k->key_size,
k->af.stripes);
++ if (gcry_ret)
+ {
-+ err = grub_crypto_gcry_error (gcry_err);
++ ret = grub_crypto_gcry_error (gcry_ret);
+ goto err;
+ }
+
+ grub_dprintf ("luks2", "Candidate key recovered\n");
+
-+err:
++ err:
+ grub_free (split_key);
-+ return err;
++ return ret;
+}
+
+static grub_err_t
@@ grub-core/disk/luks2.c (new)
+ grub_luks2_keyslot_t keyslot;
+ grub_luks2_digest_t digest;
+ grub_luks2_segment_t segment;
-+ gcry_err_code_t gcry_err;
++ gcry_err_code_t gcry_ret;
+ grub_json_t *json = NULL, keyslots;
-+ grub_err_t err;
++ grub_err_t ret;
+
-+ err = luks2_read_header (disk, &header);
-+ if (err)
-+ return err;
++ ret = luks2_read_header (disk, &header);
++ if (ret)
++ return ret;
+
+ json_header = grub_zalloc (grub_be_to_cpu64 (header.hdr_size) - sizeof
(header));
+ if (!json_header)
+ return GRUB_ERR_OUT_OF_MEMORY;
+
+ /* Read the JSON area. */
-+ err = grub_disk_read (disk, 0, grub_be_to_cpu64 (header.hdr_offset) +
sizeof (header),
++ ret = grub_disk_read (disk, 0, grub_be_to_cpu64 (header.hdr_offset) +
sizeof (header),
+ grub_be_to_cpu64 (header.hdr_size) - sizeof (header),
json_header);
-+ if (err)
++ if (ret)
+ goto err;
+
+ ptr = grub_memchr(json_header, 0, grub_be_to_cpu64 (header.hdr_size) -
sizeof (header));
+ if (!ptr)
+ goto err;
+
-+ err = grub_json_parse (&json, json_header, grub_be_to_cpu64
(header.hdr_size));
-+ if (err)
++ ret = grub_json_parse (&json, json_header, grub_be_to_cpu64
(header.hdr_size));
++ if (ret)
+ {
-+ err = grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid LUKS2 JSON
header");
++ ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid LUKS2 JSON
header");
+ goto err;
+ }
+
@@ grub-core/disk/luks2.c (new)
+ crypt->uuid);
+ if (!grub_password_get (passphrase, MAX_PASSPHRASE))
+ {
-+ err = grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
++ ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Passphrase not supplied");
+ goto err;
+ }
+
-+ err = grub_json_getvalue (&keyslots, json, "keyslots");
-+ if (err)
++ ret = grub_json_getvalue (&keyslots, json, "keyslots");
++ if (ret)
+ goto err;
+
+ /* Try all keyslot */
+ for (i = 0; i < grub_json_getsize (&keyslots); i++)
+ {
-+ err = luks2_get_keyslot (&keyslot, &digest, &segment, json, i);
-+ if (err)
++ ret = luks2_get_keyslot (&keyslot, &digest, &segment, json, i);
++ if (ret)
+ goto err;
+
+ if (keyslot.priority == 0)
@@ grub-core/disk/luks2.c (new)
+ else
+ crypt->total_length = grub_strtoull(segment.size, NULL, 10);
+
-+ err = luks2_decrypt_key (candidate_key, disk, crypt, &keyslot,
++ ret = luks2_decrypt_key (candidate_key, disk, crypt, &keyslot,
+ (const grub_uint8_t *) passphrase, grub_strlen
(passphrase));
-+ if (err)
++ if (ret)
+ {
+ grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE"
failed", i);
+ continue;
+ }
+
-+ err = luks2_verify_key (&digest, candidate_key, keyslot.key_size);
-+ if (err)
++ ret = luks2_verify_key (&digest, candidate_key, keyslot.key_size);
++ if (ret)
+ {
+ grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE"\n",
i);
+ continue;
+ }
+
-+ /* TRANSLATORS: It's a cryptographic key slot: one element of an
array
-+ where each element is either empty or holds a key. */
++ /*
++ * TRANSLATORS: It's a cryptographic key slot: one element of an
array
++ * where each element is either empty or holds a key.
++ */
+ grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), i);
+
+ candidate_key_len = keyslot.key_size;
@@ grub-core/disk/luks2.c (new)
+ }
+ if (candidate_key_len == 0)
+ {
-+ err = grub_error (GRUB_ERR_ACCESS_DENIED, "Invalid passphrase");
++ ret = grub_error (GRUB_ERR_ACCESS_DENIED, "Invalid passphrase");
+ goto err;
+ }
+
@@ grub-core/disk/luks2.c (new)
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid encryption");
+ *ptr = '\0';
+
-+ err = grub_cryptodisk_setcipher (crypt, cipher, ptr + 1);
-+ if (err)
++ ret = grub_cryptodisk_setcipher (crypt, cipher, ptr + 1);
++ if (ret)
+ goto err;
+
+ /* Set the master key. */
-+ gcry_err = grub_cryptodisk_setkey (crypt, candidate_key,
candidate_key_len);
-+ if (gcry_err)
++ gcry_ret = grub_cryptodisk_setkey (crypt, candidate_key,
candidate_key_len);
++ if (gcry_ret)
+ {
-+ err = grub_crypto_gcry_error (gcry_err);
++ ret = grub_crypto_gcry_error (gcry_ret);
+ goto err;
+ }
+
-+err:
++ err:
+ grub_free (part);
+ grub_free (json_header);
+ grub_json_free (json);
-+ return err;
++ return ret;
+}
+
+static struct grub_cryptodisk_dev luks2_crypto = {
--
2.24.0
- Re: [PATCH v3 2/6] json: Implement wrapping interface, (continued)
[PATCH v3 4/6] afsplitter: Move into its own module, Patrick Steinhardt, 2019/11/13
[PATCH v3 1/6] json: Import upstream jsmn-1.1.0, Patrick Steinhardt, 2019/11/13
[PATCH v3 5/6] luks: Move configuration of ciphers into cryptodisk, Patrick Steinhardt, 2019/11/13
[PATCH v3 6/6] disk: Implement support for LUKS2, Patrick Steinhardt, 2019/11/13
[PATCH v4 0/6] Support for LUKS2 disk encryption,
Patrick Steinhardt <=
[PATCH v4 1/6] json: Import upstream jsmn-1.1.0, Patrick Steinhardt, 2019/11/18
[PATCH v4 5/6] luks: Move configuration of ciphers into cryptodisk, Patrick Steinhardt, 2019/11/18
[PATCH v4 6/6] disk: Implement support for LUKS2, Patrick Steinhardt, 2019/11/18