Re: [CRYPTO-LUKS v1 08/19] cryptodisk, luks: Allow special processing fo

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [CRYPTO-LUKS v1 08/19] cryptodisk, luks: Allow special processing fo

From:	Patrick Steinhardt
Subject:	Re: [CRYPTO-LUKS v1 08/19] cryptodisk, luks: Allow special processing for comparing UUIDs.
Date:	Fri, 31 Jul 2020 17:34:18 +0200

On Fri, Jul 31, 2020 at 07:01:49AM -0500, Glenn Washburn wrote:
> Create grub_uuidcasecmp to compare UUIDs in a case-insensitive manner and
> that ignores '-' characters. This is backwards compatible with the old LUKS1
> code that stored and compared against UUIDs without dashes. However, the new
> LUKS2 code stores and compares UUIDs that contain dashes. Really, the UUID
> comparison shouldn't care about the dashes, as this change implements. Now
> your old scripts will continue to work with UUIDs without dashes, but you
> may choose to use UUIDs with dashes now too for both LUKS1 and LUKS2.
> 
> Signed-off-by: Glenn Washburn <development@efficientek.com>
> ---
>  grub-core/disk/cryptodisk.c |  4 ++--
>  grub-core/disk/luks.c       | 20 ++++----------------
>  grub-core/disk/luks2.c      |  2 +-
>  include/grub/misc.h         | 21 +++++++++++++++++++++
>  4 files changed, 28 insertions(+), 19 deletions(-)
> 
> diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
> index 847337072..e7a4b8082 100644
> --- a/grub-core/disk/cryptodisk.c
> +++ b/grub-core/disk/cryptodisk.c
> @@ -660,7 +660,7 @@ grub_cryptodisk_open (const char *name, grub_disk_t disk)
>    if (grub_memcmp (name, "cryptouuid/", sizeof ("cryptouuid/") - 1) == 0)
>      {
>        for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
> -     if (grub_strcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 0)
> +     if (grub_uuidcasecmp (name + sizeof ("cryptouuid/") - 1, dev->uuid) == 
> 0)
>         break;
>      }
>    else
> @@ -897,7 +897,7 @@ grub_cryptodisk_get_by_uuid (const char *uuid)
>  {
>    grub_cryptodisk_t dev;
>    for (dev = cryptodisk_list; dev != NULL; dev = dev->next)
> -    if (grub_strcasecmp (dev->uuid, uuid) == 0)
> +    if (grub_uuidcasecmp (dev->uuid, uuid) == 0)
>        return dev;
>    return NULL;
>  }
> diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c
> index 6ae162601..ea54a9d10 100644
> --- a/grub-core/disk/luks.c
> +++ b/grub-core/disk/luks.c
> @@ -69,10 +69,7 @@ configure_ciphers (grub_disk_t disk, const char 
> *check_uuid,
>                  int check_boot)
>  {
>    grub_cryptodisk_t newdev;
> -  const char *iptr;
>    struct grub_luks_phdr header;
> -  char *optr;
> -  char uuid[sizeof (header.uuid) + 1];
>    char ciphername[sizeof (header.cipherName) + 1];
>    char ciphermode[sizeof (header.cipherMode) + 1];
>    char hashspec[sizeof (header.hashSpec) + 1];
> @@ -95,18 +92,9 @@ configure_ciphers (grub_disk_t disk, const char 
> *check_uuid,
>        || grub_be_to_cpu16 (header.version) != 1)
>      return NULL;
>  
> -  optr = uuid;
> -  for (iptr = header.uuid; iptr < &header.uuid[ARRAY_SIZE (header.uuid)];
> -       iptr++)
> +  if (check_uuid && grub_uuidcasecmp (check_uuid, header.uuid) != 0)

I don't think the header's UUID is NUL-terminated. So if
`strlen(check_uuid) > sizeof(header.uuid)`, we'll overflow the header.
We should probably add a size parameter to `grub_uuidcasecmp` to fix
this.

>      {
> -      if (*iptr != '-')
> -     *optr++ = *iptr;
> -    }
> -  *optr = 0;
> -
> -  if (check_uuid && grub_strcasecmp (check_uuid, uuid) != 0)
> -    {
> -      grub_dprintf ("luks", "%s != %s\n", uuid, check_uuid);
> +      grub_dprintf ("luks", "%s != %s\n", header.uuid, check_uuid);
>        return NULL;
>      }
>  
> @@ -125,7 +113,7 @@ configure_ciphers (grub_disk_t disk, const char 
> *check_uuid,
>    newdev->source_disk = NULL;
>    newdev->log_sector_size = 9;
>    newdev->total_length = grub_disk_get_size (disk) - newdev->offset;
> -  grub_memcpy (newdev->uuid, uuid, sizeof (newdev->uuid));
> +  grub_memcpy (newdev->uuid, header.uuid, sizeof (newdev->uuid));
>    newdev->modname = "luks";
>  
>    /* Configure the hash used for the AF splitter and HMAC.  */
> @@ -145,7 +133,7 @@ configure_ciphers (grub_disk_t disk, const char 
> *check_uuid,
>        return NULL;
>      }
>  
> -  COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (uuid));
> +  COMPILE_TIME_ASSERT (sizeof (newdev->uuid) >= sizeof (header.uuid));
>    return newdev;
>  }
>  
> diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
> index 41329f745..7f5deb469 100644
> --- a/grub-core/disk/luks2.c
> +++ b/grub-core/disk/luks2.c
> @@ -356,7 +356,7 @@ luks2_scan (grub_disk_t disk, const char *check_uuid, int 
> check_boot)
>        return NULL;
>      }
>  
> -  if (check_uuid && grub_strcasecmp (check_uuid, header.uuid) != 0)
> +  if (check_uuid && grub_uuidcasecmp (check_uuid, header.uuid) != 0)
>      return NULL;

Same over here.

Patrick

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[CRYPTO-LUKS v1 00/19] Fixes and improvements for cryptodisks+luks2 and a few other things., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 01/19] configure: Add Ubuntu dejavu font path., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 02/19] cryptodisk: Fix cipher IV mode 'plain64' always being set as 'plain'., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 03/19] cryptodisk: Incorrect calculation of start sector for grub_disk_read in grub_cryptodisk_read., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 04/19] cryptodisk: Add more verbosity when reading/writing cryptodisks., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 05/19] luks2: Add support for LUKS2 in (proc)/luks_script, Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 06/19] luks2: Rename source disk variabled named 'disk' to 'source' as in luks.c., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 07/19] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 08/19] cryptodisk, luks: Allow special processing for comparing UUIDs., Glenn Washburn, 2020/07/31
  - Re: [CRYPTO-LUKS v1 08/19] cryptodisk, luks: Allow special processing for comparing UUIDs., Patrick Steinhardt <=
- [CRYPTO-LUKS v1 09/19] cryptodisk: Unregister cryptomount command when removing module., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 10/19] fs: Fix block lists not being able to address to end of disk sometimes., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 11/19] cryptodisk: Properly handle non-512 byte sized sectors., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 12/19] cryptodisk: Rename total_length field in grub_cryptodisk_t to total_sectors., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 13/19] fs: Allow number of blocks in block list to be optional, where length will be defaulted to the length of the device., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 14/19] loopback: Add procfs entry 'loopbacks' to output configured loopback devices., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 15/19] cryptodisk, luks2: Add header line to procfs entry and crypto and source device names., Glenn Washburn, 2020/07/31
  - Re: [CRYPTO-LUKS v1 15/19] cryptodisk,luks2: Add header line to procfs entry and crypto and source device names., Patrick Steinhardt, 2020/07/31
    - Re: [CRYPTO-LUKS v1 15/19] cryptodisk,luks2: Add header line to procfs entry and crypto and source device names., Glenn Washburn, 2020/07/31
- [CRYPTO-LUKS v1 16/19] cryptodisk: Add a couple comments noting the usage of a couple fields in grub_cryptodisk_t as is done for grub_disk_t., Glenn Washburn, 2020/07/31

Prev by Date: [PATCH] crypto: Remove GPG_ERROR_CFLAGS from gpg_err_code_t enum.
Next by Date: Re: [CRYPTO-LUKS v1 15/19] cryptodisk,luks2: Add header line to procfs entry and crypto and source device names.
Previous by thread: [CRYPTO-LUKS v1 08/19] cryptodisk, luks: Allow special processing for comparing UUIDs.
Next by thread: [CRYPTO-LUKS v1 09/19] cryptodisk: Unregister cryptomount command when removing module.
Index(es):
- Date
- Thread