[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v7 00/17] Cryptodisk fixes for v2.06 redux
From: |
Patrick Steinhardt |
Subject: |
Re: [PATCH v7 00/17] Cryptodisk fixes for v2.06 redux |
Date: |
Sun, 6 Dec 2020 14:38:37 +0100 |
On Fri, Dec 04, 2020 at 10:43:29AM -0600, Glenn Washburn wrote:
> This patch series is an update to reflect changes suggested in v6. Of note,
> there are a few new patches: 01, 02, and 04.
>
> 01: Daniel suggested to renae grub_disk_get_size to grub_disk_native_sectors
> 02: Make ALIGN_UP and ALIGN_DOWN safer
> 04: Make luks2_parse_digest() safer
The patches I reviewed look good to me. I gotta jump, so I'll hopefully
get to the remaining patches this evening.
Also note that I accidentally posted SOBs for the first few ones. These
should've been Reviewed-by's.
Thanks for all your work!
Patrick
> Glenn
>
> Glenn Washburn (17):
> disk: Rename grub_disk_get_size to grub_disk_native_sectors
> misc: Add parentheses around ALIGN_UP and ALIGN_DOWN arguments
> luks2: Remove unused argument in grub_error
> luks2: Make sure all fields of output argument in luks2_parse_digest()
> are written to
> luks2: Add json_slot_key member to struct
> grub_luks2_keyslot/segment/digest
> luks2: Use more intuitive slot key instead of index in user messages
> luks2: Add string "index" to user strings using a json index.
> cryptodisk: Add macro GRUB_TYPE_BITS() to replace some literals
> cryptodisk: Add macros GRUB_TYPE_U_MAX/MIN(type) to replace literals
> luks2: grub_cryptodisk_t->total_sectors is the max number of device
> native sectors
> cryptodisk: Properly handle non-512 byte sized sectors
> luks2: Better error handling when setting up the cryptodisk
> luks2: Error check segment.sector_size
> whitespace: convert 8 spaces to tabs
> mips: Enable __clzdi2()
> misc: Add grub_log2ull macro for calculating log base 2 of 64-bit
> integers
> luks2: Use grub_log2ull to calculate log_sector_size and improve
> readability
>
> grub-core/disk/cryptodisk.c | 64 +++++++-----
> grub-core/disk/diskfilter.c | 12 +--
> grub-core/disk/dmraid_nvidia.c | 2 +-
> grub-core/disk/efi/efidisk.c | 2 +-
> grub-core/disk/geli.c | 6 +-
> grub-core/disk/ldm.c | 4 +-
> grub-core/disk/luks.c | 7 +-
> grub-core/disk/luks2.c | 160 +++++++++++++++++++++++------
> grub-core/disk/mdraid1x_linux.c | 2 +-
> grub-core/disk/mdraid_linux.c | 2 +-
> grub-core/fs/cbfs.c | 16 +--
> grub-core/fs/nilfs2.c | 2 +-
> grub-core/fs/zfs/zfs.c | 4 +-
> grub-core/kern/compiler-rt.c | 2 +-
> grub-core/kern/disk.c | 2 +-
> grub-core/kern/mips/arc/init.c | 2 +-
> grub-core/normal/misc.c | 6 +-
> grub-core/osdep/windows/platform.c | 2 +-
> include/grub/compiler-rt.h | 2 +-
> include/grub/cryptodisk.h | 8 +-
> include/grub/disk.h | 21 +++-
> include/grub/misc.h | 7 +-
> include/grub/types.h | 9 ++
> util/grub-install.c | 2 +-
> util/grub-probe.c | 2 +-
> 25 files changed, 249 insertions(+), 99 deletions(-)
>
> Range-diff against v6:
> -: --------- > 1: 7e79d6fb1 disk: Rename grub_disk_get_size to
> grub_disk_native_sectors
> -: --------- > 2: 77f9671d5 misc: Add parentheses around ALIGN_UP and
> ALIGN_DOWN arguments
> 3: 8527be145 ! 3: d1a36aa79 luks2: Remove unused argument in grub_error
> @@ Metadata
> ## Commit message ##
> luks2: Remove unused argument in grub_error
>
> + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> +
> ## grub-core/disk/luks2.c ##
> @@ grub-core/disk/luks2.c: luks2_parse_segment (grub_luks2_segment_t
> *out, const grub_json_t *segment)
> grub_json_getstring (&out->size, segment, "size") ||
> -: --------- > 4: dab43e033 luks2: Make sure all fields of output
> argument in luks2_parse_digest() are written to
> 1: 6262aefe9 ! 5: 35f47644c luks2: Add slot_key member to struct
> grub_luks2_keyslot/segment/digest
> @@ Metadata
> Author: Glenn Washburn <development@efficientek.com>
>
> ## Commit message ##
> - luks2: Add slot_key member to struct
> grub_luks2_keyslot/segment/digest
> + luks2: Add json_slot_key member to struct
> grub_luks2_keyslot/segment/digest
>
> This allows code using these structs to know the named key
> associated with
> these json data structures. In the future we can use these to
> provide better
> error messages to the user.
>
> - Get rid of idx variable in luks2_get_keyslot which was overloaded to
> be used
> - for both keyslot and segment slot keys.
> + Get rid of idx variable in luks2_get_keyslot() which was overloaded
> to be
> + used for both keyslot and segment slot keys.
>
> ## grub-core/disk/luks2.c ##
> @@ grub-core/disk/luks2.c: typedef struct grub_luks2_header
> grub_luks2_header_t;
>
> struct grub_luks2_keyslot
> {
> -+ grub_uint64_t slot_key;
> ++ /* The integer key to the associative array of keyslots */
> ++ grub_uint64_t json_slot_key;
> grub_int64_t key_size;
> grub_int64_t priority;
> struct
> @@ grub-core/disk/luks2.c: typedef struct grub_luks2_keyslot
> grub_luks2_keyslot_t;
>
> struct grub_luks2_segment
> {
> -+ grub_uint64_t slot_key;
> ++ grub_uint64_t json_slot_key;
> grub_uint64_t offset;
> const char *size;
> const char *encryption;
> @@ grub-core/disk/luks2.c: typedef struct grub_luks2_segment
> grub_luks2_segment_t;
>
> struct grub_luks2_digest
> {
> -+ grub_uint64_t slot_key;
> ++ grub_uint64_t json_slot_key;
> /* Both keyslots and segments are interpreted as bitfields here */
> grub_uint64_t keyslots;
> grub_uint64_t segments;
> @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k,
> grub_luks2_d
> if (grub_json_getvalue (&keyslots, root, "keyslots") ||
> grub_json_getchild (&keyslot, &keyslots, keyslot_idx) ||
> - grub_json_getuint64 (&idx, &keyslot, NULL) ||
> -+ grub_json_getuint64 (&k->slot_key, &keyslot, NULL) ||
> ++ grub_json_getuint64 (&k->json_slot_key, &keyslot, NULL) ||
> grub_json_getchild (&keyslot, &keyslot, 0) ||
> luks2_parse_keyslot (k, &keyslot))
> return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse keyslot
> %"PRIuGRUB_SIZE, keyslot_idx);
> @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k,
> grub_luks2_d
> for (i = 0; i < size; i++)
> {
> if (grub_json_getchild (&digest, &digests, i) ||
> -+ grub_json_getuint64 (&d->slot_key, &digest, NULL) ||
> ++ grub_json_getuint64 (&d->json_slot_key, &digest, NULL) ||
> grub_json_getchild (&digest, &digest, 0) ||
> luks2_parse_digest (d, &digest))
> return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse
> digest %"PRIuGRUB_SIZE, i);
>
> - if ((d->keyslots & (1 << idx)))
> -+ if ((d->keyslots & (1 << k->slot_key)))
> ++ if ((d->keyslots & (1 << k->json_slot_key)))
> break;
> }
> if (i == size)
> @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k,
> grub_luks2_d
> {
> if (grub_json_getchild (&segment, &segments, i) ||
> - grub_json_getuint64 (&idx, &segment, NULL) ||
> -+ grub_json_getuint64 (&s->slot_key, &segment, NULL) ||
> ++ grub_json_getuint64 (&s->json_slot_key, &segment, NULL) ||
> grub_json_getchild (&segment, &segment, 0) ||
> luks2_parse_segment (s, &segment))
> return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse
> segment %"PRIuGRUB_SIZE, i);
>
> - if ((d->segments & (1 << idx)))
> -+ if ((d->segments & (1 << s->slot_key)))
> ++ if ((d->segments & (1 << s->json_slot_key)))
> break;
> }
> if (i == size)
> 2: 3cd52834b ! 6: e52887944 luks2: Use more intuitive slot key instead of
> index in user messages.
> @@ Metadata
> Author: Glenn Washburn <development@efficientek.com>
>
> ## Commit message ##
> - luks2: Use more intuitive slot key instead of index in user messages.
> + luks2: Use more intuitive slot key instead of index in user messages
>
> Use the slot key name in the json array rather than the 0 based
> index in the
> json array for keyslots, segments, and digests. This is less
> confusing for
> @@ Commit message
> messages using the index of the keyslot will mention keyslot 1 (its a
> zero-based index). Furthermore, with this change the keyslot number
> will
> align with the number used to reference the keyslot when using the
> - --key-slot argument to cryptsetup. Error messages now distinguish
> between
> - indexes and slot keys. The former include the string "index" in the
> error
> - string, and the later are surrounded in quotes.
> + --key-slot argument to cryptsetup.
>
> ## grub-core/disk/luks2.c ##
> @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k,
> grub_luks2_digest_t *d, grub_luks2_s
> - grub_json_getuint64 (&k->slot_key, &keyslot, NULL) ||
> - grub_json_getchild (&keyslot, &keyslot, 0) ||
> - luks2_parse_keyslot (k, &keyslot))
> -- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse keyslot
> %"PRIuGRUB_SIZE, keyslot_idx);
> -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse keyslot
> index %"PRIuGRUB_SIZE, keyslot_idx);
> -
> - /* Get digest that matches the keyslot. */
> - if (grub_json_getvalue (&digests, root, "digests") ||
> -@@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k,
> grub_luks2_digest_t *d, grub_luks2_s
> - grub_json_getuint64 (&d->slot_key, &digest, NULL) ||
> + grub_json_getuint64 (&d->json_slot_key, &digest, NULL) ||
> grub_json_getchild (&digest, &digest, 0) ||
> luks2_parse_digest (d, &digest))
> - return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse
> digest %"PRIuGRUB_SIZE, i);
> + return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse
> digest index %"PRIuGRUB_SIZE, i);
>
> - if ((d->keyslots & (1 << k->slot_key)))
> + if ((d->keyslots & (1 << k->json_slot_key)))
> break;
> }
> if (i == size)
> @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k,
> grub_luks2_d
> /* Get segment that matches the digest. */
> if (grub_json_getvalue (&segments, root, "segments") ||
> @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k,
> grub_luks2_digest_t *d, grub_luks2_s
> - grub_json_getuint64 (&s->slot_key, &segment, NULL) ||
> - grub_json_getchild (&segment, &segment, 0) ||
> - luks2_parse_segment (s, &segment))
> -- return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse
> segment %"PRIuGRUB_SIZE, i);
> -+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse
> segment index %"PRIuGRUB_SIZE, i);
> -
> - if ((d->segments & (1 << s->slot_key)))
> break;
> }
> if (i == size)
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> if (keyslot.priority == 0)
> {
> - grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_SIZE" due
> to priority\n", i);
> -+ grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_UINT64_T"
> due to priority\n", keyslot.slot_key);
> ++ grub_dprintf ("luks2", "Ignoring keyslot
> \"%"PRIuGRUB_UINT64_T"\" due to priority\n", keyslot.slot_key);
> continue;
> }
>
> - grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_SIZE"\n", i);
> -+ grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_UINT64_T"\n",
> keyslot.slot_key);
> ++ grub_dprintf ("luks2", "Trying keyslot
> \"%"PRIuGRUB_UINT64_T"\"\n", keyslot.slot_key);
>
> /* Set up disk according to keyslot's segment. */
> crypt->offset_sectors = grub_divmod64 (segment.offset,
> segment.sector_size, NULL);
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> {
> - grub_dprintf ("luks2", "Decryption with keyslot
> %"PRIuGRUB_SIZE" failed: %s\n",
> - i, grub_errmsg);
> -+ grub_dprintf ("luks2", "Decryption with keyslot
> %"PRIuGRUB_UINT64_T" failed: %s\n",
> ++ grub_dprintf ("luks2", "Decryption with keyslot
> \"%"PRIuGRUB_UINT64_T"\" failed: %s\n",
> + keyslot.slot_key, grub_errmsg);
> continue;
> }
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> {
> - grub_dprintf ("luks2", "Could not open keyslot
> %"PRIuGRUB_SIZE": %s\n",
> - i, grub_errmsg);
> -+ grub_dprintf ("luks2", "Could not open keyslot
> %"PRIuGRUB_UINT64_T": %s\n",
> ++ grub_dprintf ("luks2", "Could not open keyslot
> \"%"PRIuGRUB_UINT64_T"\": %s\n",
> + keyslot.slot_key, grub_errmsg);
> continue;
> }
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> * where each element is either empty or holds a key.
> */
> - grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), i);
> -+ grub_printf_ (N_("Slot %"PRIuGRUB_UINT64_T" opened\n"),
> keyslot.slot_key);
> ++ grub_printf_ (N_("Slot \"%"PRIuGRUB_UINT64_T"\" opened\n"),
> keyslot.slot_key);
>
> candidate_key_len = keyslot.key_size;
> break;
> 4: 1a248b679 < -: --------- cryptodisk: Replace some literals with
> constants in grub_cryptodisk_endecrypt
> -: --------- > 7: 43e3b6cce luks2: Add string "index" to user strings
> using a json index.
> -: --------- > 8: 4aa9757e1 cryptodisk: Add macro GRUB_TYPE_BITS() to
> replace some literals
> -: --------- > 9: d18993a63 cryptodisk: Add macros
> GRUB_TYPE_U_MAX/MIN(type) to replace literals
> 5: 45f5d644f ! 10: 7e8f242d1 luks2: grub_cryptodisk_t->total_sectors is
> the max number of device native sectors
> @@ Commit message
>
> We need to convert the sectors from the size of the underlying
> device to the
> cryptodisk sector size; segment.size is in bytes which need to be
> converted
> - to cryptodisk sectors as well. And counter-intuitively,
> grub_disk_get_size
> - returns the total number of device native sectors.
> + to cryptodisk sectors as well.
>
> Also, removed an empty statement.
>
> - Signed-off-by: Glenn Washburn <development@efficientek.com>
> + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
>
> ## grub-core/disk/luks2.c ##
> @@ grub-core/disk/luks2.c: luks2_decrypt_key (grub_uint8_t *out_key,
> 6: 6e01cafb1 ! 11: 1fe9c38ed cryptodisk: Properly handle non-512 byte
> sized sectors
> @@ Commit message
> 512 (ie the IV increments every 512 bytes). This made these changes
> less
> aestetically pleasing than desired.
>
> + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> +
> ## grub-core/disk/cryptodisk.c ##
> @@ grub-core/disk/cryptodisk.c: lrw_xor (const struct lrw_sector *sec,
> static gcry_err_code_t
> @@ grub-core/disk/cryptodisk.c: grub_cryptodisk_endecrypt (struct
> grub_cryptodisk *
> }
> break;
> case GRUB_CRYPTODISK_MODE_IV_PLAIN64:
> -- iv[1] = grub_cpu_to_le32 (sector >> 32);
> +- iv[1] = grub_cpu_to_le32 (sector >> GRUB_TYPE_BITS (iv[0]));
> - /* FALLTHROUGH */
> case GRUB_CRYPTODISK_MODE_IV_PLAIN:
> - iv[0] = grub_cpu_to_le32 (sector & GRUB_TYPE_U_MAX (iv[0]));
> @@ grub-core/disk/luks.c: configure_ciphers (grub_disk_t disk, const char
> *check_uu
> newdev->source_disk = NULL;
> - newdev->log_sector_size = 9;
> + newdev->log_sector_size = GRUB_LUKS1_LOG_SECTOR_SIZE;
> - newdev->total_sectors = grub_disk_get_size (disk) -
> newdev->offset_sectors;
> + newdev->total_sectors = grub_disk_native_sectors (disk) -
> newdev->offset_sectors;
> grub_memcpy (newdev->uuid, uuid, sizeof (uuid));
> newdev->modname = "luks";
> @@ grub-core/disk/luks.c: luks_recover_key (grub_disk_t source,
> 7: d8927c6bc ! 12: c9db343e8 luks2: Better error handling when setting up
> the cryptodisk
> @@ Commit message
> an invalid segment, and continue on to the next key.
>
> ## grub-core/disk/luks2.c ##
> +@@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k,
> grub_luks2_digest_t *d, grub_luks2_s
> + break;
> + }
> + if (i == size)
> +- return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for
> keyslot \"%"PRIuGRUB_UINT64_T"\"", k->slot_key);
> ++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for
> keyslot \"%"PRIuGRUB_UINT64_T"\"", k->json_slot_key);
> +
> + /* Get segment that matches the digest. */
> + if (grub_json_getvalue (&segments, root, "segments") ||
> +@@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k,
> grub_luks2_digest_t *d, grub_luks2_s
> + break;
> + }
> + if (i == size)
> +- return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No segment for digest
> \"%"PRIuGRUB_UINT64_T"\"", d->slot_key);
> ++ return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No segment for digest
> \"%"PRIuGRUB_UINT64_T"\"", d->json_slot_key);
> +
> + return GRUB_ERR_NONE;
> + }
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> goto err;
> }
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
>
> if (keyslot.priority == 0)
> {
> -@@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> +- grub_dprintf ("luks2", "Ignoring keyslot
> \"%"PRIuGRUB_UINT64_T"\" due to priority\n", keyslot.slot_key);
> ++ grub_dprintf ("luks2", "Ignoring keyslot
> \"%"PRIuGRUB_UINT64_T"\" due to priority\n", keyslot.json_slot_key);
> + continue;
> + }
> +
> +- grub_dprintf ("luks2", "Trying keyslot
> \"%"PRIuGRUB_UINT64_T"\"\n", keyslot.slot_key);
> ++ grub_dprintf ("luks2", "Trying keyslot
> \"%"PRIuGRUB_UINT64_T"\"\n", keyslot.json_slot_key);
> +
> + /* Set up disk according to keyslot's segment. */
> crypt->offset_sectors = grub_divmod64 (segment.offset,
> segment.sector_size, NULL);
> crypt->log_sector_size = sizeof (unsigned int) * 8
> - __builtin_clz ((unsigned int) segment.sector_size) -
> 1;
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> + " %"PRIuGRUB_UINT64_T" which is
> greater than"
> + " source disk size
> %"PRIuGRUB_UINT64_T","
> + " skipping\n",
> -+ segment.slot_key,
> crypt->offset_sectors,
> ++ segment.json_slot_key,
> crypt->offset_sectors,
> + max_crypt_sectors);
> + continue;
> + }
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> - crypt->total_sectors = grub_strtoull (segment.size, NULL, 10)
> >> crypt->log_sector_size;
> + {
> + grub_errno = GRUB_ERR_NONE;
> -+ crypt->total_sectors = grub_strtoull (segment.size, NULL, 10)
> >> crypt->log_sector_size;
> ++ /* Convert segment.size to sectors, rounding up to nearest
> sector */
> ++ crypt->total_sectors = grub_strtoull (segment.size, NULL, 10);
> ++ crypt->total_sectors = ALIGN_UP (crypt->total_sectors,
> ++ 1 << crypt->log_sector_size);
> ++ crypt->total_sectors >>= crypt->log_sector_size;
> ++
> + if (grub_errno == GRUB_ERR_NONE)
> + ;
> -+ else if(grub_errno == GRUB_ERR_BAD_NUMBER)
> ++ else if (grub_errno == GRUB_ERR_BAD_NUMBER)
> + {
> -+ /* TODO: Unparsable number-string, try to use the whole
> disk */
> + grub_dprintf ("luks2", "Segment \"%"PRIuGRUB_UINT64_T"\"
> size"
> + " \"%s\" is not a parsable
> number\n",
> -+ segment.slot_key, segment.size);
> ++ segment.json_slot_key,
> segment.size);
> + continue;
> + }
> -+ else if(grub_errno == GRUB_ERR_OUT_OF_RANGE)
> ++ else if (grub_errno == GRUB_ERR_OUT_OF_RANGE)
> + {
> + /*
> + * There was an overflow in parsing segment.size, so disk
> must
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> + " %s overflowed 64-bit unsigned
> integer,"
> + " the end of the crypto device
> will be"
> + " inaccessible\n",
> -+ segment.slot_key, segment.size);
> ++ segment.json_slot_key,
> segment.size);
> + if (crypt->total_sectors > max_crypt_sectors)
> + crypt->total_sectors = max_crypt_sectors;
> + }
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> + {
> + grub_dprintf ("luks2", "Segment \"%"PRIuGRUB_UINT64_T"\" has
> zero"
> + " sectors, skipping\n",
> -+ segment.slot_key);
> ++ segment.json_slot_key);
> + continue;
> + }
> + else if (max_crypt_sectors < (crypt->offset_sectors +
> crypt->total_sectors))
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> + " data position greater than source
> disk size,"
> + " the end of the crypto device will be"
> + " inaccessible\n",
> -+ segment.slot_key);
> ++ segment.json_slot_key);
> + /* Allow decryption up to the end of the source disk. */
> + crypt->total_sectors = max_crypt_sectors -
> crypt->offset_sectors;
> + }
>
> ret = luks2_decrypt_key (candidate_key, source, crypt, &keyslot,
> (const grub_uint8_t *) passphrase,
> grub_strlen (passphrase));
> + if (ret)
> + {
> + grub_dprintf ("luks2", "Decryption with keyslot
> \"%"PRIuGRUB_UINT64_T"\" failed: %s\n",
> +- keyslot.slot_key, grub_errmsg);
> ++ keyslot.json_slot_key, grub_errmsg);
> + continue;
> + }
> +
> +@@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> + if (ret)
> + {
> + grub_dprintf ("luks2", "Could not open keyslot
> \"%"PRIuGRUB_UINT64_T"\": %s\n",
> +- keyslot.slot_key, grub_errmsg);
> ++ keyslot.json_slot_key, grub_errmsg);
> + continue;
> + }
> +
> +@@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> + * TRANSLATORS: It's a cryptographic key slot: one element of an
> array
> + * where each element is either empty or holds a key.
> + */
> +- grub_printf_ (N_("Slot \"%"PRIuGRUB_UINT64_T"\" opened\n"),
> keyslot.slot_key);
> ++ grub_printf_ (N_("Slot \"%"PRIuGRUB_UINT64_T"\" opened\n"),
> keyslot.json_slot_key);
> +
> + candidate_key_len = keyslot.key_size;
> + break;
>
> ## include/grub/disk.h ##
> +@@
> + #include <grub/device.h>
> + /* For NULL. */
> + #include <grub/mm.h>
> ++/* For ALIGN_UP. */
> ++#include <grub/misc.h>
> +
> + /* These are used to set a device id. When you add a new disk device,
> + you must define a new id for it here. */
> @@ include/grub/disk.h: typedef struct grub_disk_memberlist
> *grub_disk_memberlist_t;
> - /* Return value of grub_disk_get_size() in case disk size is unknown. */
> + /* Return value of grub_disk_native_sectors() in case disk size is
> unknown. */
> #define GRUB_DISK_SIZE_UNKNOWN 0xffffffffffffffffULL
>
> +/* Convert sector number from disk sized sectors to a log-size sized
> sector. */
> @@ include/grub/disk.h: typedef struct grub_disk_memberlist
> *grub_disk_memberlist_t
> +{
> + if (disk->log_sector_size < log_sector_size)
> + {
> -+ /* Round up to the nearest log_sector_size sized sector. */
> -+ sector += 1ULL << ((log_sector_size / disk->log_sector_size) - 1);
> ++ sector = ALIGN_UP (sector, 1 << (log_sector_size /
> disk->log_sector_size));
> + return sector >> (log_sector_size - disk->log_sector_size);
> + }
> + else
> 8: fcd7aadb7 ! 13: 2fcef44b6 luks2: Error check segment.sector_size
> @@ Metadata
> ## Commit message ##
> luks2: Error check segment.sector_size
>
> + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> +
> ## grub-core/disk/luks2.c ##
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
>
> - grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_UINT64_T"\n",
> keyslot.slot_key);
> + grub_dprintf ("luks2", "Trying keyslot
> \"%"PRIuGRUB_UINT64_T"\"\n", keyslot.json_slot_key);
>
> + /* Sector size should be one of 512, 1024, 2048, or 4096. */
> + if (!(segment.sector_size == 512 || segment.sector_size == 1024 ||
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> + grub_dprintf ("luks2", "Segment \"%"PRIuGRUB_UINT64_T"\"
> sector"
> + " size %"PRIuGRUB_UINT64_T" is not one
> of"
> + " 512, 1024, 2048, or 4096\n",
> -+ segment.slot_key, segment.sector_size);
> ++ segment.json_slot_key,
> segment.sector_size);
> + continue;
> + }
> +
> 9: 61f77a1a8 ! 14: 74eed4a62 whitespace: convert 8 spaces to tabs.
> @@ Metadata
> Author: Glenn Washburn <development@efficientek.com>
>
> ## Commit message ##
> - whitespace: convert 8 spaces to tabs.
> + whitespace: convert 8 spaces to tabs
> +
> + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
>
> ## grub-core/disk/luks2.c ##
> @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k,
> grub_luks2_digest_t *d, grub_luks2_s
> {
> if (grub_json_getchild (&digest, &digests, i) ||
> - grub_json_getuint64 (&d->slot_key, &digest, NULL) ||
> + grub_json_getuint64 (&d->json_slot_key, &digest, NULL) ||
> - grub_json_getchild (&digest, &digest, 0) ||
> - luks2_parse_digest (d, &digest))
> + grub_json_getchild (&digest, &digest, 0) ||
> + luks2_parse_digest (d, &digest))
> return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse
> digest index %"PRIuGRUB_SIZE, i);
>
> - if ((d->keyslots & (1 << k->slot_key)))
> + if ((d->keyslots & (1 << k->json_slot_key)))
> @@ grub-core/disk/luks2.c: luks2_get_keyslot (grub_luks2_keyslot_t *k,
> grub_luks2_digest_t *d, grub_luks2_s
> if (grub_json_getchild (&segment, &segments, i) ||
> - grub_json_getuint64 (&s->slot_key, &segment, NULL) ||
> + grub_json_getuint64 (&s->json_slot_key, &segment, NULL) ||
> grub_json_getchild (&segment, &segment, 0) ||
> - luks2_parse_segment (s, &segment))
> + luks2_parse_segment (s, &segment))
> return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse
> segment index %"PRIuGRUB_SIZE, i);
>
> - if ((d->segments & (1 << s->slot_key)))
> + if ((d->segments & (1 << s->json_slot_key)))
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
> {
> - grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_UINT64_T"
> due to priority\n", keyslot.slot_key);
> + grub_dprintf ("luks2", "Ignoring keyslot
> \"%"PRIuGRUB_UINT64_T"\" due to priority\n", keyslot.json_slot_key);
> continue;
> - }
> + }
>
> - grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_UINT64_T"\n",
> keyslot.slot_key);
> + grub_dprintf ("luks2", "Trying keyslot
> \"%"PRIuGRUB_UINT64_T"\"\n", keyslot.json_slot_key);
>
> 10: d71d26701 ! 15: 51c2e9160 mips: Enable __clzdi2()
> @@ Commit message
> __clzdi2()) but for MIPS target and __clzdi2 only, __clzsi2 was
> already
> enabled.
>
> - Signed-off-by: Daniel Kiper <dkiper@net-space.pl>
> + Suggested-by: Daniel Kiper <dkiper@net-space.pl>
>
> ## grub-core/kern/compiler-rt.c ##
> @@ grub-core/kern/compiler-rt.c: __clzsi2 (grub_uint32_t val)
> 11: 8aa295f77 ! 16: 3b4ccda1f misc: Add grub_log2ull macro for calculating
> log base 2 of 64-bit integers
> @@ Metadata
> ## Commit message ##
> misc: Add grub_log2ull macro for calculating log base 2 of 64-bit
> integers
>
> + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> +
> ## include/grub/misc.h ##
> @@ include/grub/misc.h: void EXPORT_FUNC(grub_real_boot_time) (const
> char *file,
> #define grub_max(a, b) (((a) > (b)) ? (a) : (b))
> 12: 7050a4ace ! 17: 8b97e6887 luks2: Use grub_log2ull to calculate
> log_sector_size and improve readability
> @@ Metadata
> ## Commit message ##
> luks2: Use grub_log2ull to calculate log_sector_size and improve
> readability
>
> + Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
> +
> ## grub-core/disk/luks2.c ##
> @@ grub-core/disk/luks2.c: luks2_recover_key (grub_disk_t source,
>
> --
> 2.27.0
>
signature.asc
Description: PGP signature
- Re: [PATCH v7 02/17] misc: Add parentheses around ALIGN_UP and ALIGN_DOWN arguments, (continued)
[PATCH v7 14/17] whitespace: convert 8 spaces to tabs, Glenn Washburn, 2020/12/04
Re: [PATCH v7 00/17] Cryptodisk fixes for v2.06 redux,
Patrick Steinhardt <=