Re: [PATCH v2 03/10] luks2: Use more intuitive keyslot key instead of index when naming keyslot.

Fri, 09 Oct 2020 02:44:31 -0700 

On Sat, Oct 03, 2020 at 05:55:27PM -0500, Glenn Washburn wrote:
> Use the keyslot key value in the keyslot json array rather than the index of
> the keyslot in the json array. This is less confusing for the end user. For
> example, say you have a LUKS2 device with a key in slot 1 and slot 4. When
> using the password for slot 4 to unlock the device, the messages using the
> index of the keyslot will mention keyslot 1 (its a zero-based index).
> Furthermore,with this change the keyslot number will align with the number
> used to reference the keyslot when using the --key-slot argument to
> cryptsetup.

The rationale does make sense to me, but I'm not sure I like cramming
this information into another out-parameter. The result feels a bit hard
to read to me and is not immediately obvious. How about we instead add
another member "index" or similar to `struct grub_luks2_keyslot`?

Patrick

> Signed-off-by: Glenn Washburn <developm...@efficientek.com>
> ---
>  grub-core/disk/luks2.c | 27 ++++++++++++++-------------
>  1 file changed, 14 insertions(+), 13 deletions(-)
> 
> diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
> index c3cd63606..db251cce0 100644
> --- a/grub-core/disk/luks2.c
> +++ b/grub-core/disk/luks2.c
> @@ -255,16 +255,16 @@ luks2_parse_digest (grub_luks2_digest_t *out, const 
> grub_json_t *digest)
>  
>  static grub_err_t
>  luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_luks2_digest_t *d, 
> grub_luks2_segment_t *s,
> -                const grub_json_t *root, grub_size_t keyslot_idx)
> +                grub_uint64_t *keyslot_key, const grub_json_t *root, 
> grub_size_t keyslot_idx)
>  {
>    grub_json_t keyslots, keyslot, digests, digest, segments, segment;
>    grub_size_t i, size;
> -  grub_uint64_t keyslot_key, digest_key, segment_key;
> +  grub_uint64_t digest_key, segment_key;
>  
>    /* Get nth keyslot */
>    if (grub_json_getvalue (&keyslots, root, "keyslots") ||
>        grub_json_getchild (&keyslot, &keyslots, keyslot_idx) ||
> -      grub_json_getuint64 (&keyslot_key, &keyslot, NULL) ||
> +      grub_json_getuint64 (keyslot_key, &keyslot, NULL) ||
>        grub_json_getchild (&keyslot, &keyslot, 0) ||
>        luks2_parse_keyslot (k, &keyslot))
>      return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse keyslot index 
> %"PRIuGRUB_SIZE, keyslot_idx);
> @@ -281,11 +281,11 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k, 
> grub_luks2_digest_t *d, grub_luks2_s
>            luks2_parse_digest (d, &digest))
>       return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest index 
> %"PRIuGRUB_SIZE, i);
>  
> -      if ((d->keyslots & (1 << keyslot_key)))
> +      if ((d->keyslots & (1 << *keyslot_key)))
>       break;
>      }
>    if (i == size)
> -      return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot 
> \"%"PRIuGRUB_UINT64_T"\"", keyslot_key);
> +      return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot 
> \"%"PRIuGRUB_UINT64_T"\"", *keyslot_key);
>  
>    /* Get segment that matches the digest. */
>    if (grub_json_getvalue (&segments, root, "segments") ||
> @@ -593,17 +593,18 @@ luks2_recover_key (grub_disk_t disk,
>    /* Try all keyslot */
>    for (i = 0; i < size; i++)
>      {
> -      ret = luks2_get_keyslot (&keyslot, &digest, &segment, json, i);
> +      grub_uint64_t keyslot_key;
> +      ret = luks2_get_keyslot (&keyslot, &digest, &segment, &keyslot_key, 
> json, i);
>        if (ret)
>       goto err;
>  
>        if (keyslot.priority == 0)
>       {
> -       grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_SIZE" due to 
> priority\n", i);
> +       grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_UINT64_T" due to 
> priority\n", keyslot_key);
>         continue;
>          }
>  
> -      grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_SIZE"\n", i);
> +      grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_UINT64_T"\n", 
> keyslot_key);
>  
>        /* Set up disk according to keyslot's segment. */
>        crypt->offset = grub_divmod64 (segment.offset, segment.sector_size, 
> NULL);
> @@ -618,16 +619,16 @@ luks2_recover_key (grub_disk_t disk,
>                              (const grub_uint8_t *) passphrase, grub_strlen 
> (passphrase));
>        if (ret)
>       {
> -       grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE" 
> failed: %s\n",
> -                     i, grub_errmsg);
> +       grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_UINT64_T" 
> failed: %s\n",
> +                     keyslot_key, grub_errmsg);
>         continue;
>       }
>  
>        ret = luks2_verify_key (&digest, candidate_key, keyslot.key_size);
>        if (ret)
>       {
> -       grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE": 
> %s\n",
> -                     i, grub_errmsg);
> +       grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_UINT64_T": 
> %s\n",
> +                     keyslot_key, grub_errmsg);
>         continue;
>       }
>  
> @@ -635,7 +636,7 @@ luks2_recover_key (grub_disk_t disk,
>         * TRANSLATORS: It's a cryptographic key slot: one element of an array
>         * where each element is either empty or holds a key.
>         */
> -      grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), i);
> +      grub_printf_ (N_("Slot %"PRIuGRUB_UINT64_T" opened\n"), keyslot_key);
>  
>        candidate_key_len = keyslot.key_size;
>        break;
> -- 
> 2.27.0
>

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to