From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1iebmn-0007aj-1N for mharc-grub-devel@gnu.org; Tue, 10 Dec 2019 04:26:29 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:60909) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iebmj-0007YE-G3 for grub-devel@gnu.org; Tue, 10 Dec 2019 04:26:27 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iebmh-0005kG-Oo for grub-devel@gnu.org; Tue, 10 Dec 2019 04:26:25 -0500 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:39949) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iebmh-0005jQ-5A for grub-devel@gnu.org; Tue, 10 Dec 2019 04:26:23 -0500 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 5DE3910B4; Tue, 10 Dec 2019 04:26:20 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute1.internal (MEProxy); Tue, 10 Dec 2019 04:26:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm2; bh=uo6sKnYUmV2k4 q1aFdyoVAMCBXjp/JZvHbl4fPqNp00=; b=1GXxkqqC2AJME7zQdLXbQ+zyC0Yla dozMTqzsiJdnU77QJ6n3Ko6Yjs+XxqPTvYyVFy15JJrYoSllytWY96+UK6aQNcBQ OdZA3PUG1U3GVLMfVGbjukLDAmisW+5ik/sRG8ynxHkV/Phol0T4+c7Ux6XEjSXp ZY0PSmNQ0SSHfnYhvKXX1B5IpXAyZRsg1suz0QmGAfZUJmEvmf4/0vHrk5ovW28e YxmSLIO9ye9pOGa7qNj9Hs848eow9AxPpX6rbLrpazjeiC7UtzZmlc95LLQadz2G nxXEs6RTO5NejdbAKJ+TBusT5lpUoHZbzkrmE90/DcoVw5YrdYiUb1QpA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=uo6sKnYUmV2k4q1aFdyoVAMCBXjp/JZvHbl4fPqNp00=; b=XXD03aJM 5zNcDvCeVAkEvOdan7CeAsdy3QjLNL1C7cz7rqPWJ8Mva9M2mRbW9FxSDtDu1sjV Mm97D5F3i+ML6e2TMndEJiRpN7nnCijlQuPjLovM8Od26u7FSy+mX3xoDHm/6dSH wKx9RG/ntMG8NJcxul4R7W8OTw+l+s+qNBJSmTgYzzWnecWz/tBaJ8Ar4oJUOkWh ajHWHIY4iRriFhYVyEnziJHMH2FpSRLK6no6JQ+XVw3sQFAeExwxwtfEXAGAsUYR H5XAlT7dNcjpCzBSyoatTYVDm/JBcilsjH5/SAV2Bhu/RtDRNCOpnMKXoWAp4dWr A6hS7lnhlbG9Pw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrudelfedgtdegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpefrrghtrhhi tghkucfuthgvihhnhhgrrhguthcuoehpshesphhkshdrihhmqeenucfkphepkeelrdduvd drudeftddrvddtfeenucfrrghrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimhen ucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from vm-mail (x590c82cb.dyn.telefonica.de [89.12.130.203]) by mail.messagingengine.com (Postfix) with ESMTPA id F3C5A30600DB; Tue, 10 Dec 2019 04:26:18 -0500 (EST) Received: from localhost ( [10.192.0.12]) by vm-mail (OpenSMTPD) with ESMTPSA id ab6dcbe8 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Tue, 10 Dec 2019 09:26:16 +0000 (UTC) From: Patrick Steinhardt To: grub-devel@gnu.org Cc: Patrick Steinhardt , Max Tottenham , Daniel Kiper Subject: [PATCH v6 0/6] Support for LUKS2 disk encryption Date: Tue, 10 Dec 2019 10:26:15 +0100 Message-Id: X-Mailer: git-send-email 2.24.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 64.147.123.24 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Dec 2019 09:26:27 -0000 Hi, this is the 6th version of this patchset aiming to implement support for LUKS2 disk encryption. All changes relate to the JSON interface, only: - Some functions now return more specific error codes. - NULL-pointer checks for arguments have been removed in the JSON interface. Callers are expected to pass valid pointers, which has been documented accordingly in the respective function comments. - The `key` parameter was documented for grub_json_getstring(), grub_json_getuint64() and grub_json_getint64(). - Fixed a cast to `size_t` instead of `grub_size_t`. - Introduced proper error checking for grub_strtoul() and grub_strtol(). - Some stylistic fixes. As usual, you can find the range-diff relative to v5 at the end of this mail. Patrick Patrick Steinhardt (6): json: Import upstream jsmn-1.1.0 json: Implement wrapping interface bootstrap: Add gnulib's base64 module afsplitter: Move into its own module luks: Move configuration of ciphers into cryptodisk disk: Implement support for LUKS2 Makefile.util.def | 4 +- bootstrap.conf | 3 +- conf/Makefile.extra-dist | 1 + docs/grub-dev.texi | 14 + docs/grub.texi | 5 +- grub-core/Makefile.core.def | 19 +- grub-core/disk/AFSplitter.c | 3 + grub-core/disk/cryptodisk.c | 163 ++++- grub-core/disk/luks.c | 190 +---- grub-core/disk/luks2.c | 676 ++++++++++++++++++ grub-core/lib/gnulib-patches/fix-base64.patch | 23 + grub-core/lib/json/jsmn.h | 468 ++++++++++++ grub-core/lib/json/json.c | 267 +++++++ grub-core/lib/json/json.h | 122 ++++ include/grub/cryptodisk.h | 3 + 15 files changed, 1781 insertions(+), 180 deletions(-) create mode 100644 grub-core/disk/luks2.c create mode 100644 grub-core/lib/gnulib-patches/fix-base64.patch create mode 100644 grub-core/lib/json/jsmn.h create mode 100644 grub-core/lib/json/json.c create mode 100644 grub-core/lib/json/json.h Range-diff against v5: 1: 1859ff982 ! 1: 88d2b083d json: Implement wrapping interface @@ grub-core/lib/json/json.c +{ + int size; + -+ if (!json) -+ return GRUB_ERR_BAD_ARGUMENT; -+ + size = ((jsmntok_t *)json->tokens)[json->idx].size; + if (size < 0) -+ return GRUB_ERR_BAD_ARGUMENT; ++ return GRUB_ERR_OUT_OF_RANGE; + -+ *out = (size_t) size; ++ *out = (grub_size_t) size; + return GRUB_ERR_NONE; +} + +grub_err_t +grub_json_gettype (grub_json_type_t *out, const grub_json_t *json) +{ -+ if (!json) -+ return GRUB_ERR_BAD_ARGUMENT; -+ + switch (((jsmntok_t *)json->tokens)[json->idx].type) + { + case JSMN_OBJECT: @@ grub-core/lib/json/json.c + grub_size_t offset = 1, size; + jsmntok_t *p; + -+ if (grub_json_getsize(&size, parent) || n >= size) -+ return GRUB_ERR_BAD_ARGUMENT; ++ if (grub_json_getsize (&size, parent) || n >= size) ++ return GRUB_ERR_OUT_OF_RANGE; + + /* + * Skip the first n children. For each of the children, we need @@ grub-core/lib/json/json.c + grub_err_t ret; + jsmntok_t *tok; + -+ if (!parent) -+ return GRUB_ERR_BAD_ARGUMENT; -+ + if (key) + { + ret = grub_json_getvalue (&child, parent, key); @@ grub-core/lib/json/json.c +} + +grub_err_t -+grub_json_getuint64(grub_uint64_t *out, const grub_json_t *parent, const char *key) ++grub_json_getuint64 (grub_uint64_t *out, const grub_json_t *parent, const char *key) +{ + grub_json_type_t type; + const char *value; ++ char *end; + grub_err_t ret; + + ret = get_value (&type, &value, parent, key); @@ grub-core/lib/json/json.c + if (type != GRUB_JSON_STRING && type != GRUB_JSON_PRIMITIVE) + return GRUB_ERR_BAD_ARGUMENT; + -+ *out = grub_strtoul (value, NULL, 10); ++ grub_errno = GRUB_ERR_NONE; ++ *out = grub_strtoul (value, &end, 10); ++ if (grub_errno != GRUB_ERR_NONE || *end) ++ return GRUB_ERR_BAD_NUMBER; ++ + return GRUB_ERR_NONE; +} + +grub_err_t -+grub_json_getint64(grub_int64_t *out, const grub_json_t *parent, const char *key) ++grub_json_getint64 (grub_int64_t *out, const grub_json_t *parent, const char *key) +{ + grub_json_type_t type; + const char *value; ++ char *end; + grub_err_t ret; + + ret = get_value (&type, &value, parent, key); @@ grub-core/lib/json/json.c + if (type != GRUB_JSON_STRING && type != GRUB_JSON_PRIMITIVE) + return GRUB_ERR_BAD_ARGUMENT; + -+ *out = grub_strtol (value, NULL, 10); ++ grub_errno = GRUB_ERR_NONE; ++ *out = grub_strtol (value, &end, 10); ++ if (grub_errno != GRUB_ERR_NONE || *end) ++ return GRUB_ERR_BAD_NUMBER; ++ + return GRUB_ERR_NONE; +} @@ grub-core/lib/json/json.h (new) +extern void EXPORT_FUNC(grub_json_free) (grub_json_t *json); + +/* -+ * Get the child count of the given JSON token. Children are -+ * present for arrays, objects (dicts) and keys of a dict. ++ * Get the child count of a valid grub_json_t instance. Children ++ * are present for arrays, objects (dicts) and keys of a dict. + */ +extern grub_err_t EXPORT_FUNC(grub_json_getsize) (grub_size_t *out, + const grub_json_t *json); + -+/* Get the type of the given JSON token. */ ++/* Get the type of a valid grub_json_t instance. */ +extern grub_err_t EXPORT_FUNC(grub_json_gettype) (grub_json_type_t *out, + const grub_json_t *json); + +/* -+ * Get n'th child of object, array or key. Will return an error if no -+ * such child exists. The result does not need to be free'd. ++ * Get n'th child of a valid object, array or key. Will return an ++ * error if no such child exists. The result does not need to be ++ * free'd. + */ +extern grub_err_t EXPORT_FUNC(grub_json_getchild) (grub_json_t *out, + const grub_json_t *parent, + grub_size_t n); + +/* -+ * Get value of key from a JSON object. The result does not need -+ * to be free'd. ++ * Get value of key from a valid grub_json_t instance. The result ++ * does not need to be free'd. + */ +extern grub_err_t EXPORT_FUNC(grub_json_getvalue) (grub_json_t *out, + const grub_json_t *parent, + const char *key); + -+/* Get the string representation of a JSON object. */ ++/* ++ * Get the string representation of a valid grub_json_t instance. ++ * If a key is given and parent is a JSON object, this function ++ * will return the string value of a child mapping to the key. ++ * If no key is given, it will return the string value of the ++ * parent itself. ++ */ +extern grub_err_t EXPORT_FUNC(grub_json_getstring) (const char **out, + const grub_json_t *parent, + const char *key); + -+/* Get the uint64 representation of a JSON object. */ ++/* ++ * Get the uint64 representation of a valid grub_json_t instance. ++ * Returns an error if the value pointed to by `parent` cannot be ++ * converted to an uint64. See grub_json_getstring() for details ++ * on the key parameter. ++ */ +extern grub_err_t EXPORT_FUNC(grub_json_getuint64) (grub_uint64_t *out, + const grub_json_t *parent, + const char *key); + -+/* Get the int64 representation of a JSON object. */ ++/* ++ * Get the int64 representation of a valid grub_json_t instance. ++ * Returns an error if the value pointed to by `parent` cannot be ++ * converted to an int64. See grub_json_getstring() for ++ * details on the key parameter. ++ */ +extern grub_err_t EXPORT_FUNC(grub_json_getint64) (grub_int64_t *out, + const grub_json_t *parent, + const char *key); 2: e3acf44c0 = 2: 411a822b4 bootstrap: Add gnulib's base64 module 3: 11cf3594a = 3: be0859313 afsplitter: Move into its own module 4: 9aa067876 = 4: 8535bb34a luks: Move configuration of ciphers into cryptodisk 5: 593c1829b = 5: f9b578487 disk: Implement support for LUKS2 -- 2.24.0