[PATCH v3 0/6] Support for LUKS2 disk encryption

[Patrick Steinhardt <ps@pks.im>]

Hi,

this is the third version of this patch series. Changes include
the following:

- The JSON API will not copy the parsed string anymore, but
  instead directly modify the one passed by the caller.

- The realloc-loop was refactored in favour of letting jsmn
  figure out how many tokens there are.

- Some documentation was added to "json.h"

- "json.h" was moved to "grub-core/lib/json".

I've attached the range-diff between v2 and v3 to this email.
Thanks for your reviews!

Regards
Patrick

Patrick Steinhardt (6):
  json: Import upstream jsmn-1.1.0
  json: Implement wrapping interface
  bootstrap: Add gnulib's base64 module
  afsplitter: Move into its own module
  luks: Move configuration of ciphers into cryptodisk
  disk: Implement support for LUKS2

 Makefile.util.def                             |   4 +-
 bootstrap.conf                                |   3 +-
 conf/Makefile.extra-dist                      |   1 +
 docs/grub-dev.texi                            |  14 +
 docs/grub.texi                                |   2 +-
 grub-core/Makefile.core.def                   |  19 +-
 grub-core/disk/AFSplitter.c                   |   3 +
 grub-core/disk/cryptodisk.c                   | 163 ++++-
 grub-core/disk/luks.c                         | 190 +----
 grub-core/disk/luks2.c                        | 672 ++++++++++++++++++
 grub-core/lib/gnulib-patches/fix-base64.patch |  23 +
 grub-core/lib/json/jsmn.h                     | 468 ++++++++++++
 grub-core/lib/json/json.c                     | 235 ++++++
 grub-core/lib/json/json.h                     |  92 +++
 include/grub/cryptodisk.h                     |   3 +
 15 files changed, 1713 insertions(+), 179 deletions(-)
 create mode 100644 grub-core/disk/luks2.c
 create mode 100644 grub-core/lib/gnulib-patches/fix-base64.patch
 create mode 100644 grub-core/lib/json/jsmn.h
 create mode 100644 grub-core/lib/json/json.c
 create mode 100644 grub-core/lib/json/json.h

Range-diff against v2:
1:  7bd619827 = 1:  7bd619827 json: Import upstream jsmn-1.1.0
2:  90099e5ee ! 2:  680b5add5 json: Implement wrapping interface
    @@ grub-core/lib/json/json.c
       */
      
      #include <grub/dl.h>
    -+#include <grub/json.h>
     +#include <grub/mm.h>
      
     +#define JSMN_STATIC
      #include "jsmn.h"
    ++#include "json.h"
      
      GRUB_MOD_LICENSE ("GPLv3");
     +
     +grub_err_t
    -+grub_json_parse (grub_json_t **out, const char *string, grub_size_t string_len)
    ++grub_json_parse (grub_json_t **out, char *string, grub_size_t string_len)
     +{
    -+  grub_size_t ntokens = 128;
     +  grub_json_t *json = NULL;
     +  jsmn_parser parser;
     +  grub_err_t err;
    @@ grub-core/lib/json/json.c
     +  if (!json)
     +    return GRUB_ERR_OUT_OF_MEMORY;
     +  json->idx = 0;
    -+  json->string = grub_strndup (string, string_len);
    ++  json->string = string;
     +  if (!json->string)
     +    {
     +      err = GRUB_ERR_OUT_OF_MEMORY;
    @@ grub-core/lib/json/json.c
     +    }
     +
     +  jsmn_init(&parser);
    -+
    -+  while (1)
    ++  jsmn_err = jsmn_parse (&parser, string, string_len, NULL, 0);
    ++  if (jsmn_err <= 0)
     +    {
    -+      json->tokens = grub_realloc (json->tokens, sizeof (jsmntok_t) * ntokens);
    -+      if (!json->tokens)
    -+	{
    -+	  err = GRUB_ERR_OUT_OF_MEMORY;
    -+	  goto out;
    -+	}
    ++      err = GRUB_ERR_BAD_ARGUMENT;
    ++      goto out;
    ++    }
     +
    -+      jsmn_err = jsmn_parse (&parser, string, string_len, json->tokens, ntokens);
    -+      if (jsmn_err >= 0)
    -+	break;
    -+      if (jsmn_err != JSMN_ERROR_NOMEM)
    -+	{
    -+	  err = GRUB_ERR_BAD_ARGUMENT;
    -+	  goto out;
    -+	}
    ++  json->tokens = grub_malloc (sizeof (jsmntok_t) * jsmn_err);
    ++  if (!json->tokens)
    ++    {
    ++      err = GRUB_ERR_OUT_OF_MEMORY;
    ++      goto out;
    ++    }
     +
    -+      ntokens <<= 1;
    ++  jsmn_init(&parser);
    ++  jsmn_err = jsmn_parse (&parser, string, string_len, json->tokens, jsmn_err);
    ++  if (jsmn_err <= 0)
    ++    {
    ++      err = GRUB_ERR_BAD_ARGUMENT;
    ++      goto out;
     +    }
     +
     +  err = GRUB_ERR_NONE;
    @@ grub-core/lib/json/json.c
     +{
     +  if (json)
     +    {
    -+      grub_free (json->string);
     +      grub_free (json->tokens);
     +      grub_free (json);
     +    }
    @@ grub-core/lib/json/json.c
     +          grub_strcmp (s, key) != 0)
     +	continue;
     +
    -+      out->string = child.string;
    -+      out->tokens = child.tokens;
    -+      out->idx = child.idx + 1;
    -+
    -+      return GRUB_ERR_NONE;
    ++      return grub_json_getchild (out, &child, 0);
     +    }
     +
     +  return GRUB_ERR_FILE_NOT_FOUND;
    @@ grub-core/lib/json/json.c
     +  return GRUB_ERR_NONE;
     +}
     
    - ## include/grub/json.h (new) ##
    + ## grub-core/lib/json/json.h (new) ##
     @@
     +/*
     + *  GRUB  --  GRand Unified Bootloader
    @@ include/grub/json.h (new)
     +
     +enum grub_json_type
     +{
    ++  /* Unordered collection of key-value pairs. */
     +  GRUB_JSON_OBJECT,
    ++  /* Ordered list of zero or more values. */
     +  GRUB_JSON_ARRAY,
    ++  /* Zero or more Unicode characters. */
     +  GRUB_JSON_STRING,
    ++  /* Number, boolean or empty value. */
     +  GRUB_JSON_PRIMITIVE,
    ++  /* Invalid token. */
     +  GRUB_JSON_UNDEFINED,
     +};
     +typedef enum grub_json_type grub_json_type_t;
    @@ include/grub/json.h (new)
     +};
     +typedef struct grub_json grub_json_t;
     +
    ++/* Parse a JSON-encoded string. Note that the string passed to
    ++ * this function will get modified on subsequent calls to
    ++ * `grub_json_get*`. Returns the root object of the parsed JSON
    ++ * object, which needs to be free'd via `grub_json_free`.
    ++ */
     +grub_err_t
    -+grub_json_parse (grub_json_t **out, const char *string, grub_size_t string_len);
    ++grub_json_parse (grub_json_t **out, char *string, grub_size_t string_len);
     +
    ++/* Free the structure and its contents. The string passed to
    ++ * `grub_json_parse` will not be free'd.
    ++ */
     +void
     +grub_json_free (grub_json_t *json);
     +
    ++/* Get the child count of the given JSON token. Children are
    ++ * present for arrays, objects (dicts) and keys of a dict. */
     +grub_size_t
     +grub_json_getsize (const grub_json_t *json);
     +
    ++/* Get the type of the given JSON token. */
     +grub_json_type_t
     +grub_json_gettype (const grub_json_t *json);
     +
    ++/* Get n'th child of object, array or key. Will return an error if no
    ++ * such child exists. The result does not need to be free'd. */
     +grub_err_t
     +grub_json_getchild (grub_json_t *out, const grub_json_t *parent, grub_size_t n);
     +
    ++/* Get value of key from a JSON object. The result does not need
    ++ * to be free'd. */
     +grub_err_t
     +grub_json_getvalue (grub_json_t *out, const grub_json_t *parent, const char *key);
     +
    ++/* Get the string representation of a JSON object. */
     +grub_err_t
     +grub_json_getstring (const char **out, const grub_json_t *parent, const char *key);
     +
    ++/* Get the uint64 representation of a JSON object. */
     +grub_err_t
     +grub_json_getuint64 (grub_uint64_t *out, const grub_json_t *parent, const char *key);
     +
    ++/* Get the int64 representation of a JSON object. */
     +grub_err_t
     +grub_json_getint64 (grub_int64_t *out, const grub_json_t *parent, const char *key);
     +
3:  fad8325da ! 3:  461696fe7 bootstrap: Add gnulib's base64 module
    @@ Commit message
         This is fixed by adding an include of <config-util.h>.
     
         Signed-off-by: Patrick Steinhardt <ps@pks.im>
    +    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
     
      ## bootstrap.conf ##
     @@ bootstrap.conf: GNULIB_REVISION=d271f868a8df9bbec29049d01e056481b7a1a263
4:  b147f9e08 ! 4:  18cfacbe5 afsplitter: Move into its own module
    @@ Commit message
         module "afsplitter" as a preparatory step.
     
         Signed-off-by: Patrick Steinhardt <ps@pks.im>
    +    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
     
      ## grub-core/Makefile.core.def ##
     @@ grub-core/Makefile.core.def: module = {
5:  ca7c0334e ! 5:  1a185b6d8 luks: Move configuration of ciphers into cryptodisk
    @@ Commit message
         up its own internal ciphers instead of hosting that code in the luks
         module.
     
    +    Except for necessary adjustments around error handling, this commit does
    +    an exact move of the cipher configuration logic from "luks.c" to
    +    "cryptodisk.c". Any behavior changes are unintentional.
    +
         Signed-off-by: Patrick Steinhardt <ps@pks.im>
    +    Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
     
      ## grub-core/disk/cryptodisk.c ##
     @@
6:  9deac48bc ! 6:  9d88fcbab disk: Implement support for LUKS2
    @@ Commit message
         Signed-off-by: Patrick Steinhardt <ps@pks.im>
     
      ## Makefile.util.def ##
    +@@ Makefile.util.def: AutoGen definitions Makefile.tpl;
    + library = {
    +   name = libgrubkern.a;
    +   cflags = '$(CFLAGS_GNULIB)';
    +-  cppflags = '$(CPPFLAGS_GNULIB)';
    ++  cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json';
    + 
    +   common = util/misc.c;
    +   common = grub-core/kern/command.c;
     @@ Makefile.util.def: library = {
        common = grub-core/kern/misc.c;
        common = grub-core/kern/partition.c;
    @@ grub-core/Makefile.core.def: module = {
     +  common = disk/luks2.c;
     +  common = lib/gnulib/base64.c;
     +  cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)';
    -+  cppflags = '-I$(srcdir)/lib/posix_wrap $(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB)';
    ++  cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json';
     +};
     +
      module = {
    @@ grub-core/disk/luks2.c (new)
     +#include <grub/crypto.h>
     +#include <grub/partition.h>
     +#include <grub/i18n.h>
    -+#include <grub/json.h>
     +
     +#include <base64.h>
    ++#include <json.h>
     +
     +#define MAX_PASSPHRASE 256
     +
-- 
2.24.0