On Fri, 9 Oct 2020 11:44:15 +0200
Patrick Steinhardt <p...@pks.im> wrote:
> On Sat, Oct 03, 2020 at 05:55:27PM -0500, Glenn Washburn wrote:
> > Use the keyslot key value in the keyslot json array rather than the
> > index of the keyslot in the json array. This is less confusing for
> > the end user. For example, say you have a LUKS2 device with a key
> > in slot 1 and slot 4. When using the password for slot 4 to unlock
> > the device, the messages using the index of the keyslot will
> > mention keyslot 1 (its a zero-based index). Furthermore,with this
> > change the keyslot number will align with the number used to
> > reference the keyslot when using the --key-slot argument to
> > cryptsetup.
>
> The rationale does make sense to me, but I'm not sure I like cramming
> this information into another out-parameter. The result feels a bit
> hard to read to me and is not immediately obvious. How about we
> instead add another member "index" or similar to `struct
> grub_luks2_keyslot`?
>
> Patrick
That's a great idea. I'll add it in the next version of the patch.
> > Signed-off-by: Glenn Washburn <developm...@efficientek.com>
> > ---
> > grub-core/disk/luks2.c | 27 ++++++++++++++-------------
> > 1 file changed, 14 insertions(+), 13 deletions(-)
> >
> > diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
> > index c3cd63606..db251cce0 100644
> > --- a/grub-core/disk/luks2.c
> > +++ b/grub-core/disk/luks2.c
> > @@ -255,16 +255,16 @@ luks2_parse_digest (grub_luks2_digest_t *out,
> > const grub_json_t *digest)
> > static grub_err_t
> > luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_luks2_digest_t
> > *d, grub_luks2_segment_t *s,
> > - const grub_json_t *root, grub_size_t
> > keyslot_idx)
> > + grub_uint64_t *keyslot_key, const grub_json_t
> > *root, grub_size_t keyslot_idx) {
> > grub_json_t keyslots, keyslot, digests, digest, segments,
> > segment; grub_size_t i, size;
> > - grub_uint64_t keyslot_key, digest_key, segment_key;
> > + grub_uint64_t digest_key, segment_key;
> >
> > /* Get nth keyslot */
> > if (grub_json_getvalue (&keyslots, root, "keyslots") ||
> > grub_json_getchild (&keyslot, &keyslots, keyslot_idx) ||
> > - grub_json_getuint64 (&keyslot_key, &keyslot, NULL) ||
> > + grub_json_getuint64 (keyslot_key, &keyslot, NULL) ||
> > grub_json_getchild (&keyslot, &keyslot, 0) ||
> > luks2_parse_keyslot (k, &keyslot))
> > return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse
> > keyslot index %"PRIuGRUB_SIZE, keyslot_idx); @@ -281,11 +281,11 @@
> > luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_luks2_digest_t *d,
> > grub_luks2_s luks2_parse_digest (d, &digest)) return grub_error
> > (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest index
> > %"PRIuGRUB_SIZE, i);
> > - if ((d->keyslots & (1 << keyslot_key)))
> > + if ((d->keyslots & (1 << *keyslot_key)))
> > break;
> > }
> > if (i == size)
> > - return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for
> > keyslot \"%"PRIuGRUB_UINT64_T"\"", keyslot_key);
> > + return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for
> > keyslot \"%"PRIuGRUB_UINT64_T"\"", *keyslot_key);
> > /* Get segment that matches the digest. */
> > if (grub_json_getvalue (&segments, root, "segments") ||
> > @@ -593,17 +593,18 @@ luks2_recover_key (grub_disk_t disk,
> > /* Try all keyslot */
> > for (i = 0; i < size; i++)
> > {
> > - ret = luks2_get_keyslot (&keyslot, &digest, &segment, json,
> > i);
> > + grub_uint64_t keyslot_key;
> > + ret = luks2_get_keyslot (&keyslot, &digest, &segment,
> > &keyslot_key, json, i); if (ret)
> > goto err;
> >
> > if (keyslot.priority == 0)
> > {
> > - grub_dprintf ("luks2", "Ignoring keyslot
> > %"PRIuGRUB_SIZE" due to priority\n", i);
> > + grub_dprintf ("luks2", "Ignoring keyslot
> > %"PRIuGRUB_UINT64_T" due to priority\n", keyslot_key); continue;
> > }
> >
> > - grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_SIZE"\n",
> > i);
> > + grub_dprintf ("luks2", "Trying keyslot
> > %"PRIuGRUB_UINT64_T"\n", keyslot_key);
> > /* Set up disk according to keyslot's segment. */
> > crypt->offset = grub_divmod64 (segment.offset,
> > segment.sector_size, NULL); @@ -618,16 +619,16 @@ luks2_recover_key
> > (grub_disk_t disk, (const grub_uint8_t *) passphrase, grub_strlen
> > (passphrase)); if (ret)
> > {
> > - grub_dprintf ("luks2", "Decryption with keyslot
> > %"PRIuGRUB_SIZE" failed: %s\n",
> > - i, grub_errmsg);
> > + grub_dprintf ("luks2", "Decryption with keyslot
> > %"PRIuGRUB_UINT64_T" failed: %s\n",
> > + keyslot_key, grub_errmsg);
> > continue;
> > }
> >
> > ret = luks2_verify_key (&digest, candidate_key,
> > keyslot.key_size); if (ret)
> > {
> > - grub_dprintf ("luks2", "Could not open keyslot
> > %"PRIuGRUB_SIZE": %s\n",
> > - i, grub_errmsg);
> > + grub_dprintf ("luks2", "Could not open keyslot
> > %"PRIuGRUB_UINT64_T": %s\n",
> > + keyslot_key, grub_errmsg);
> > continue;
> > }
> >
> > @@ -635,7 +636,7 @@ luks2_recover_key (grub_disk_t disk,
> > * TRANSLATORS: It's a cryptographic key slot: one element
> > of an array
> > * where each element is either empty or holds a key.
> > */
> > - grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), i);
> > + grub_printf_ (N_("Slot %"PRIuGRUB_UINT64_T" opened\n"),
> > keyslot_key);
> > candidate_key_len = keyslot.key_size;
> > break;
> > --
> > 2.27.0
> >
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
