[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 03/10] luks2: Use more intuitive keyslot key instead of index
|
From: |
Glenn Washburn |
|
Subject: |
[PATCH v2 03/10] luks2: Use more intuitive keyslot key instead of index when naming keyslot. |
|
Date: |
Sat, 3 Oct 2020 17:55:27 -0500 |
Use the keyslot key value in the keyslot json array rather than the index of
the keyslot in the json array. This is less confusing for the end user. For
example, say you have a LUKS2 device with a key in slot 1 and slot 4. When
using the password for slot 4 to unlock the device, the messages using the
index of the keyslot will mention keyslot 1 (its a zero-based index).
Furthermore,with this change the keyslot number will align with the number
used to reference the keyslot when using the --key-slot argument to
cryptsetup.
Signed-off-by: Glenn Washburn <development@efficientek.com>
---
grub-core/disk/luks2.c | 27 ++++++++++++++-------------
1 file changed, 14 insertions(+), 13 deletions(-)
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index c3cd63606..db251cce0 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -255,16 +255,16 @@ luks2_parse_digest (grub_luks2_digest_t *out, const
grub_json_t *digest)
static grub_err_t
luks2_get_keyslot (grub_luks2_keyslot_t *k, grub_luks2_digest_t *d,
grub_luks2_segment_t *s,
- const grub_json_t *root, grub_size_t keyslot_idx)
+ grub_uint64_t *keyslot_key, const grub_json_t *root,
grub_size_t keyslot_idx)
{
grub_json_t keyslots, keyslot, digests, digest, segments, segment;
grub_size_t i, size;
- grub_uint64_t keyslot_key, digest_key, segment_key;
+ grub_uint64_t digest_key, segment_key;
/* Get nth keyslot */
if (grub_json_getvalue (&keyslots, root, "keyslots") ||
grub_json_getchild (&keyslot, &keyslots, keyslot_idx) ||
- grub_json_getuint64 (&keyslot_key, &keyslot, NULL) ||
+ grub_json_getuint64 (keyslot_key, &keyslot, NULL) ||
grub_json_getchild (&keyslot, &keyslot, 0) ||
luks2_parse_keyslot (k, &keyslot))
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse keyslot index
%"PRIuGRUB_SIZE, keyslot_idx);
@@ -281,11 +281,11 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k,
grub_luks2_digest_t *d, grub_luks2_s
luks2_parse_digest (d, &digest))
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest index
%"PRIuGRUB_SIZE, i);
- if ((d->keyslots & (1 << keyslot_key)))
+ if ((d->keyslots & (1 << *keyslot_key)))
break;
}
if (i == size)
- return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot
\"%"PRIuGRUB_UINT64_T"\"", keyslot_key);
+ return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot
\"%"PRIuGRUB_UINT64_T"\"", *keyslot_key);
/* Get segment that matches the digest. */
if (grub_json_getvalue (&segments, root, "segments") ||
@@ -593,17 +593,18 @@ luks2_recover_key (grub_disk_t disk,
/* Try all keyslot */
for (i = 0; i < size; i++)
{
- ret = luks2_get_keyslot (&keyslot, &digest, &segment, json, i);
+ grub_uint64_t keyslot_key;
+ ret = luks2_get_keyslot (&keyslot, &digest, &segment, &keyslot_key,
json, i);
if (ret)
goto err;
if (keyslot.priority == 0)
{
- grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_SIZE" due to
priority\n", i);
+ grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_UINT64_T" due to
priority\n", keyslot_key);
continue;
}
- grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_SIZE"\n", i);
+ grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_UINT64_T"\n",
keyslot_key);
/* Set up disk according to keyslot's segment. */
crypt->offset = grub_divmod64 (segment.offset, segment.sector_size,
NULL);
@@ -618,16 +619,16 @@ luks2_recover_key (grub_disk_t disk,
(const grub_uint8_t *) passphrase, grub_strlen
(passphrase));
if (ret)
{
- grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE"
failed: %s\n",
- i, grub_errmsg);
+ grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_UINT64_T"
failed: %s\n",
+ keyslot_key, grub_errmsg);
continue;
}
ret = luks2_verify_key (&digest, candidate_key, keyslot.key_size);
if (ret)
{
- grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE":
%s\n",
- i, grub_errmsg);
+ grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_UINT64_T":
%s\n",
+ keyslot_key, grub_errmsg);
continue;
}
@@ -635,7 +636,7 @@ luks2_recover_key (grub_disk_t disk,
* TRANSLATORS: It's a cryptographic key slot: one element of an array
* where each element is either empty or holds a key.
*/
- grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), i);
+ grub_printf_ (N_("Slot %"PRIuGRUB_UINT64_T" opened\n"), keyslot_key);
candidate_key_len = keyslot.key_size;
break;
--
2.27.0
- [PATCH 04/10] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors, (continued)
- [PATCH 04/10] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors, Glenn Washburn, 2020/10/03
- [PATCH 06/10] cryptodisk: Properly handle non-512 byte sized sectors., Glenn Washburn, 2020/10/03
- [PATCH 08/10] cryptodisk: Rename total_length field in grub_cryptodisk_t to total_sectors., Glenn Washburn, 2020/10/03
- [PATCH 07/10] cryptodisk: Replace some literals with constants in grub_cryptodisk_endecrypt., Glenn Washburn, 2020/10/03
- [PATCH 09/10] cryptodisk: Rename offset in grub_cryptodisk_t to offset_sectors., Glenn Washburn, 2020/10/03
- [PATCH 10/10] luks2: Rename source disk variabled named 'disk' to 'source' as in luks.c., Glenn Washburn, 2020/10/03
- [PATCH v2 00/10] Cryptodisk fixes for v2.06 redux, Glenn Washburn, 2020/10/03
- [PATCH v2 05/10] cryptodisk: Fix cipher IV mode 'plain64' always being set as 'plain'., Glenn Washburn, 2020/10/03
- [PATCH v2 04/10] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors, Glenn Washburn, 2020/10/03
- [PATCH v2 06/10] cryptodisk: Properly handle non-512 byte sized sectors., Glenn Washburn, 2020/10/03
- [PATCH v2 08/10] cryptodisk: Rename total_length field in grub_cryptodisk_t to total_sectors., Glenn Washburn, 2020/10/03