[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v4 10/15] luks2: Use more intuitive keyslot key instead of index
|
From: |
Glenn Washburn |
|
Subject: |
[PATCH v4 10/15] luks2: Use more intuitive keyslot key instead of index when naming keyslot. |
|
Date: |
Fri, 6 Nov 2020 22:44:30 -0600 |
Use the keyslot key value in the keyslot json array rather than the index of
the keyslot in the json array. This is less confusing for the end user. For
example, say you have a LUKS2 device with a key in slot 1 and slot 4. When
using the password for slot 4 to unlock the device, the messages using the
index of the keyslot will mention keyslot 1 (its a zero-based index).
Furthermore, with this change the keyslot number will align with the number
used to reference the keyslot when using the --key-slot argument to
cryptsetup.
Signed-off-by: Glenn Washburn <development@efficientek.com>
---
grub-core/disk/luks2.c | 27 ++++++++++++++++-----------
1 file changed, 16 insertions(+), 11 deletions(-)
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index 9b171bf9d..ca830d73b 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -65,6 +65,7 @@ typedef struct grub_luks2_header grub_luks2_header_t;
struct grub_luks2_keyslot
{
+ grub_uint64_t slot_key;
grub_int64_t key_size;
grub_int64_t priority;
struct
@@ -103,6 +104,7 @@ typedef struct grub_luks2_keyslot grub_luks2_keyslot_t;
struct grub_luks2_segment
{
+ grub_uint64_t slot_key;
grub_uint64_t offset;
const char *size;
const char *encryption;
@@ -112,6 +114,7 @@ typedef struct grub_luks2_segment grub_luks2_segment_t;
struct grub_luks2_digest
{
+ grub_uint64_t slot_key;
/* Both keyslots and segments are interpreted as bitfields here */
grub_uint64_t keyslots;
grub_uint64_t segments;
@@ -259,12 +262,12 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k,
grub_luks2_digest_t *d, grub_luks2_s
{
grub_json_t keyslots, keyslot, digests, digest, segments, segment;
grub_size_t i, size;
- grub_uint64_t keyslot_key, digest_key, segment_key;
+ grub_uint64_t digest_key, segment_key;
/* Get nth keyslot */
if (grub_json_getvalue (&keyslots, root, "keyslots") ||
grub_json_getchild (&keyslot, &keyslots, keyslot_idx) ||
- grub_json_getuint64 (&keyslot_key, &keyslot, NULL) ||
+ grub_json_getuint64 (&k->slot_key, &keyslot, NULL) ||
grub_json_getchild (&keyslot, &keyslot, 0) ||
luks2_parse_keyslot (k, &keyslot))
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse keyslot index
%"PRIuGRUB_SIZE, keyslot_idx);
@@ -281,11 +284,12 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k,
grub_luks2_digest_t *d, grub_luks2_s
luks2_parse_digest (d, &digest))
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse digest index
%"PRIuGRUB_SIZE, i);
- if ((d->keyslots & (1 << keyslot_key)))
+ d->slot_key = digest_key;
+ if ((d->keyslots & (1 << k->slot_key)))
break;
}
if (i == size)
- return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot
\"%"PRIuGRUB_UINT64_T"\"", keyslot_key);
+ return grub_error (GRUB_ERR_FILE_NOT_FOUND, "No digest for keyslot
\"%"PRIuGRUB_UINT64_T"\"", k->slot_key);
/* Get segment that matches the digest. */
if (grub_json_getvalue (&segments, root, "segments") ||
@@ -299,6 +303,7 @@ luks2_get_keyslot (grub_luks2_keyslot_t *k,
grub_luks2_digest_t *d, grub_luks2_s
luks2_parse_segment (s, &segment))
return grub_error (GRUB_ERR_BAD_ARGUMENT, "Could not parse segment
index %"PRIuGRUB_SIZE, i);
+ s->slot_key = segment_key;
if ((d->segments & (1 << segment_key)))
break;
}
@@ -599,11 +604,11 @@ luks2_recover_key (grub_disk_t source,
if (keyslot.priority == 0)
{
- grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_SIZE" due to
priority\n", i);
+ grub_dprintf ("luks2", "Ignoring keyslot %"PRIuGRUB_UINT64_T" due to
priority\n", keyslot.slot_key);
continue;
}
- grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_SIZE"\n", i);
+ grub_dprintf ("luks2", "Trying keyslot %"PRIuGRUB_UINT64_T"\n",
keyslot.slot_key);
/* Set up disk according to keyslot's segment. */
crypt->offset_sectors = grub_divmod64 (segment.offset,
segment.sector_size, NULL);
@@ -618,16 +623,16 @@ luks2_recover_key (grub_disk_t source,
(const grub_uint8_t *) passphrase, grub_strlen
(passphrase));
if (ret)
{
- grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_SIZE"
failed: %s\n",
- i, grub_errmsg);
+ grub_dprintf ("luks2", "Decryption with keyslot %"PRIuGRUB_UINT64_T"
failed: %s\n",
+ keyslot.slot_key, grub_errmsg);
continue;
}
ret = luks2_verify_key (&digest, candidate_key, keyslot.key_size);
if (ret)
{
- grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_SIZE":
%s\n",
- i, grub_errmsg);
+ grub_dprintf ("luks2", "Could not open keyslot %"PRIuGRUB_UINT64_T":
%s\n",
+ keyslot.slot_key, grub_errmsg);
continue;
}
@@ -635,7 +640,7 @@ luks2_recover_key (grub_disk_t source,
* TRANSLATORS: It's a cryptographic key slot: one element of an array
* where each element is either empty or holds a key.
*/
- grub_printf_ (N_("Slot %"PRIuGRUB_SIZE" opened\n"), i);
+ grub_printf_ (N_("Slot %"PRIuGRUB_UINT64_T" opened\n"),
keyslot.slot_key);
candidate_key_len = keyslot.key_size;
break;
--
2.27.0
- Re: [PATCH v4 08/15] luks2: Split idx into three variables: keyslot_key, digest_key, segment_key., (continued)
- [PATCH v4 05/15] luks2: Use correct index variable when looping in luks2_get_keyslot., Glenn Washburn, 2020/11/06
- [PATCH v4 07/15] luks2: Rename index variable j to i., Glenn Washburn, 2020/11/06
- [PATCH v4 09/15] luks2: Improve error messages in luks2_get_keyslot., Glenn Washburn, 2020/11/06
- [PATCH v4 10/15] luks2: Use more intuitive keyslot key instead of index when naming keyslot.,
Glenn Washburn <=
- [PATCH v4 11/15] cryptodisk: Replace some literals with constants in grub_cryptodisk_endecrypt., Glenn Washburn, 2020/11/06
- [PATCH v4 12/15] luks2: grub_cryptodisk_t->total_length is the max number of device native sectors, Glenn Washburn, 2020/11/06
- [PATCH v4 13/15] cryptodisk: Properly handle non-512 byte sized sectors., Glenn Washburn, 2020/11/06