Re: [PATCH v4 10/15] luks2: Use more intuitive keyslot key instead of in

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 10/15] luks2: Use more intuitive keyslot key instead of in

From:	Glenn Washburn
Subject:	Re: [PATCH v4 10/15] luks2: Use more intuitive keyslot key instead of index when naming keyslot.
Date:	Fri, 20 Nov 2020 02:40:14 -0600

On Sun, 15 Nov 2020 10:55:21 +0100
Patrick Steinhardt <ps@pks.im> wrote:

> On Fri, Nov 06, 2020 at 10:44:30PM -0600, Glenn Washburn wrote:
> > Use the keyslot key value in the keyslot json array rather than the
> > index of the keyslot in the json array. This is less confusing for
> > the end user. For example, say you have a LUKS2 device with a key
> > in slot 1 and slot 4. When using the password for slot 4 to unlock
> > the device, the messages using the index of the keyslot will
> > mention keyslot 1 (its a zero-based index). Furthermore, with this
> > change the keyslot number will align with the number used to
> > reference the keyslot when using the --key-slot argument to
> > cryptsetup.
> > 
> > Signed-off-by: Glenn Washburn <development@efficientek.com>
> > ---
> >  grub-core/disk/luks2.c | 27 ++++++++++++++++-----------
> >  1 file changed, 16 insertions(+), 11 deletions(-)
> > 
> > diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
> > index 9b171bf9d..ca830d73b 100644
> > --- a/grub-core/disk/luks2.c
> > +++ b/grub-core/disk/luks2.c
> > @@ -65,6 +65,7 @@ typedef struct grub_luks2_header
> > grub_luks2_header_t; 
> >  struct grub_luks2_keyslot
> >  {
> > +  grub_uint64_t slot_key;
> >    grub_int64_t key_size;
> >    grub_int64_t priority;
> >    struct
> > @@ -103,6 +104,7 @@ typedef struct grub_luks2_keyslot
> > grub_luks2_keyslot_t; 
> >  struct grub_luks2_segment
> >  {
> > +  grub_uint64_t slot_key;
> >    grub_uint64_t offset;
> >    const char       *size;
> >    const char       *encryption;
> > @@ -112,6 +114,7 @@ typedef struct grub_luks2_segment
> > grub_luks2_segment_t; 
> >  struct grub_luks2_digest
> >  {
> > +  grub_uint64_t slot_key;
> >    /* Both keyslots and segments are interpreted as bitfields here
> > */ grub_uint64_t    keyslots;
> >    grub_uint64_t    segments;
> > @@ -259,12 +262,12 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k,
> > grub_luks2_digest_t *d, grub_luks2_s {
> >    grub_json_t keyslots, keyslot, digests, digest, segments,
> > segment; grub_size_t i, size;
> > -  grub_uint64_t keyslot_key, digest_key, segment_key;
> > +  grub_uint64_t digest_key, segment_key;
> >  
> >    /* Get nth keyslot */
> >    if (grub_json_getvalue (&keyslots, root, "keyslots") ||
> >        grub_json_getchild (&keyslot, &keyslots, keyslot_idx) ||
> > -      grub_json_getuint64 (&keyslot_key, &keyslot, NULL) ||
> > +      grub_json_getuint64 (&k->slot_key, &keyslot, NULL) ||
> >        grub_json_getchild (&keyslot, &keyslot, 0) ||
> >        luks2_parse_keyslot (k, &keyslot))
> >      return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse
> > keyslot index %"PRIuGRUB_SIZE, keyslot_idx); @@ -281,11 +284,12 @@
> > luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_luks2_digest_t *d,
> > grub_luks2_s luks2_parse_digest (d, &digest)) return grub_error
> > (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest index
> > %"PRIuGRUB_SIZE, i); 
> > -      if ((d->keyslots & (1 << keyslot_key)))
> > +      d->slot_key = digest_key;
> > +      if ((d->keyslots & (1 << k->slot_key)))
> 
> For my own understanding: why don't you directly parse the digest key
> into the structure as you do for the keyslot? That'd also allow us to
> get rid of the `digest_key` and `segment_key` variables.
> 
> Patrick

Thanks for pointing that out.  I was only thinking about the keyslot
key because that's what was needed in luks2_recover_key.  I'll fix that.

> 
> >     break;
> >      }
> >    if (i == size)
> > -      return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for
> > keyslot \"%"PRIuGRUB_UINT64_T"\"", keyslot_key);
> > +      return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for
> > keyslot \"%"PRIuGRUB_UINT64_T"\"", k->slot_key); 
> >    /* Get segment that matches the digest. */
> >    if (grub_json_getvalue (&segments, root, "segments") ||
> > @@ -299,6 +303,7 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k,
> > grub_luks2_digest_t *d, grub_luks2_s luks2_parse_segment (s,
> > &segment)) return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not
> > parse segment index %"PRIuGRUB_SIZE, i); 
> > +      s->slot_key = segment_key;
> >        if ((d->segments & (1 << segment_key)))
> >     break;
> >      }
> > @@ -599,11 +604,11 @@ luks2_recover_key (grub_disk_t source,
> >  
> >        if (keyslot.priority == 0)
> >     {
> > -     grub_dprintf ("luks2", "Ignoring keyslot
> > %"PRIuGRUB_SIZE" due to priority\n", i);
> > +     grub_dprintf ("luks2", "Ignoring keyslot
> > %"PRIuGRUB_UINT64_T" due to priority\n", keyslot.slot_key);
> > continue; }
> >  
> > -      grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_SIZE"\n",
> > i);
> > +      grub_dprintf ("luks2", "Trying keyslot
> > %"PRIuGRUB_UINT64_T"\n", keyslot.slot_key); 
> >        /* Set up disk according to keyslot's segment. */
> >        crypt->offset_sectors = grub_divmod64 (segment.offset,
> > segment.sector_size, NULL); @@ -618,16 +623,16 @@ luks2_recover_key
> > (grub_disk_t source, (const grub_uint8_t *) passphrase, grub_strlen
> > (passphrase)); if (ret)
> >     {
> > -     grub_dprintf ("luks2", "Decryption with keyslot
> > %"PRIuGRUB_SIZE" failed: %s\n",
> > -                   i, grub_errmsg);
> > +     grub_dprintf ("luks2", "Decryption with keyslot
> > %"PRIuGRUB_UINT64_T" failed: %s\n",
> > +                   keyslot.slot_key, grub_errmsg);
> >       continue;
> >     }
> >  
> >        ret = luks2_verify_key (&digest, candidate_key,
> > keyslot.key_size); if (ret)
> >     {
> > -     grub_dprintf ("luks2", "Could not open keyslot
> > %"PRIuGRUB_SIZE": %s\n",
> > -                   i, grub_errmsg);
> > +     grub_dprintf ("luks2", "Could not open keyslot
> > %"PRIuGRUB_UINT64_T": %s\n",
> > +                   keyslot.slot_key, grub_errmsg);
> >       continue;
> >     }
> >  
> > @@ -635,7 +640,7 @@ luks2_recover_key (grub_disk_t source,
> >         * TRANSLATORS: It's a cryptographic key slot: one element
> > of an array
> >         * where each element is either empty or holds a key.
> >         */
> > -      grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), i);
> > +      grub_printf_ (N_("Slot %"PRIuGRUB_UINT64_T" opened\n"),
> > keyslot.slot_key); 
> >        candidate_key_len = keyslot.key_size;
> >        break;
> > -- 
> > 2.27.0
> >

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v4 05/15] luks2: Use correct index variable when looping in luks2_get_keyslot., (continued)
- [PATCH v4 07/15] luks2: Rename index variable j to i., Glenn Washburn, 2020/11/06
  - Re: [PATCH v4 07/15] luks2: Rename index variable j to i., Patrick Steinhardt, 2020/11/15
    - Re: [PATCH v4 07/15] luks2: Rename index variable j to i., Daniel Kiper, 2020/11/16
- [PATCH v4 09/15] luks2: Improve error messages in luks2_get_keyslot., Glenn Washburn, 2020/11/06
  - Re: [PATCH v4 09/15] luks2: Improve error messages in luks2_get_keyslot., Patrick Steinhardt, 2020/11/15
    - Re: [PATCH v4 09/15] luks2: Improve error messages in luks2_get_keyslot., Daniel Kiper, 2020/11/17
- [PATCH v4 10/15] luks2: Use more intuitive keyslot key instead of index when naming keyslot., Glenn Washburn, 2020/11/06
  - Re: [PATCH v4 10/15] luks2: Use more intuitive keyslot key instead of index when naming keyslot., Patrick Steinhardt, 2020/11/15
    - Re: [PATCH v4 10/15] luks2: Use more intuitive keyslot key instead of index when naming keyslot., Glenn Washburn <=
- [PATCH v4 11/15] cryptodisk: Replace some literals with constants in grub_cryptodisk_endecrypt., Glenn Washburn, 2020/11/06
  - Re: [PATCH v4 11/15] cryptodisk: Replace some literals with constants in grub_cryptodisk_endecrypt., Patrick Steinhardt, 2020/11/15
    - Re: [PATCH v4 11/15] cryptodisk: Replace some literals with constants in grub_cryptodisk_endecrypt., Glenn Washburn, 2020/11/20
- [PATCH v4 12/15] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors, Glenn Washburn, 2020/11/06
  - Re: [PATCH v4 12/15] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors, Patrick Steinhardt, 2020/11/15
  - Re: [PATCH v4 12/15] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors, Daniel Kiper, 2020/11/17
    - Re: [PATCH v4 12/15] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors, Glenn Washburn, 2020/11/20
- [PATCH v4 13/15] cryptodisk: Properly handle non-512 byte sized sectors., Glenn Washburn, 2020/11/06
  - Re: [PATCH v4 13/15] cryptodisk: Properly handle non-512 byte sized sectors., Patrick Steinhardt, 2020/11/15
    - Re: [PATCH v4 13/15] cryptodisk: Properly handle non-512 byte sized sectors., Glenn Washburn, 2020/11/20

Prev by Date: Re: [PATCH v4 08/15] luks2: Split idx into three variables: keyslot_key, digest_key, segment_key.
Next by Date: Re: [PATCH v4 11/15] cryptodisk: Replace some literals with constants in grub_cryptodisk_endecrypt.
Previous by thread: Re: [PATCH v4 10/15] luks2: Use more intuitive keyslot key instead of index when naming keyslot.
Next by thread: [PATCH v4 11/15] cryptodisk: Replace some literals with constants in grub_cryptodisk_endecrypt.
Index(es):
- Date
- Thread