From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1iUsbw-0003WL-FO for mharc-grub-devel@gnu.org; Wed, 13 Nov 2019 08:23:04 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:43231) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iUsbr-0003Rb-RG for grub-devel@gnu.org; Wed, 13 Nov 2019 08:23:01 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iUsbq-0003m8-4e for grub-devel@gnu.org; Wed, 13 Nov 2019 08:22:59 -0500 Received: from wout5-smtp.messagingengine.com ([64.147.123.21]:33107) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iUsbp-0003ky-FG for grub-devel@gnu.org; Wed, 13 Nov 2019 08:22:58 -0500 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id ACA3353F; Wed, 13 Nov 2019 08:22:54 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Wed, 13 Nov 2019 08:22:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=from :to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm2; bh=QpfjW2U+0sHvb CIjaSbH3yOw1eXm4dZfHONpWF0fH6o=; b=xyEcS6UGRZ8eS4Oaer4s2iRLNEtOy Cg+haiczKd2o7TYrKtbTMmsMU3nQEaqol5CfE29dKqT7qfEvjXElqoUYVGQ+8n2+ 2LuIAvZx2DtN76adeOWF3SNCECCx4hLFuMoyw9LluT12kU3sy0jx8bF9aazEhfX1 K2I24jVfpxy9LmZShZdTaXrEPLj2MVbSM5J0QG78sN/xchTHWWDe+ugE4zXfh2K2 5Q0zFPaSzfVFlZol3BxsPafXMoHdAcTloO4OCR1fzPjW53IcdBL53fQwguSmvFxl /ZwL4gljF2yeaDJVku5iu8zJQ9R2j2gg5JxyDYeewQq6YClzbl+V9b/WA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=QpfjW2U+0sHvbCIjaSbH3yOw1eXm4dZfHONpWF0fH6o=; b=TVVmUnrZ DZ+Jpxto+dER7jH7SVlq9A+gfGiWUwUHTmV+kYYucxprHu5osCGswZf9hZKalXXl dTWWmnn9NLU5UhJUC5rcHKo20eF3XvIiJvd/gJHJyquS9thuO52BL8z6KJGH4XAo i6JZmZ1q7nWexLSsU+psTC+StMkD6MBNvTSFFHG7sVD5q0sDxoRgS43CpALaO9NO pvr5R8G3savkC+tbfsdR9V13EJZnNiZ1qFpH+1Te/D/5eu4ZUeeWJYxXJ0zR+zDr nZzEr2bNYusZQoKQkdQYPR1bgQuSeT3zCc56ExYOyHqUbZBxcdxrxuKPJAYwLn1g t58teXcR5ZNtbw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrudefuddgheefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpefrrghtrhhi tghkucfuthgvihhnhhgrrhguthcuoehpshesphhkshdrihhmqeenucfkphepjeejrddufe drvdehtddrudegheenucfrrghrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimhen ucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from NSJAIL (x4d0dfa91.dyn.telefonica.de [77.13.250.145]) by mail.messagingengine.com (Postfix) with ESMTPA id 3836980060; Wed, 13 Nov 2019 08:22:53 -0500 (EST) Received: from localhost ( [10.192.0.11]) by NSJAIL (OpenSMTPD) with ESMTPSA id 7c856bac (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Wed, 13 Nov 2019 13:22:50 +0000 (UTC) From: Patrick Steinhardt To: grub-devel@gnu.org Cc: Patrick Steinhardt , Max Tottenham , Daniel Kiper Subject: [PATCH v3 0/6] Support for LUKS2 disk encryption Date: Wed, 13 Nov 2019 14:22:32 +0100 Message-Id: X-Mailer: git-send-email 2.24.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 64.147.123.21 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Nov 2019 13:23:02 -0000 Hi, this is the third version of this patch series. Changes include the following: - The JSON API will not copy the parsed string anymore, but instead directly modify the one passed by the caller. - The realloc-loop was refactored in favour of letting jsmn figure out how many tokens there are. - Some documentation was added to "json.h" - "json.h" was moved to "grub-core/lib/json". I've attached the range-diff between v2 and v3 to this email. Thanks for your reviews! Regards Patrick Patrick Steinhardt (6): json: Import upstream jsmn-1.1.0 json: Implement wrapping interface bootstrap: Add gnulib's base64 module afsplitter: Move into its own module luks: Move configuration of ciphers into cryptodisk disk: Implement support for LUKS2 Makefile.util.def | 4 +- bootstrap.conf | 3 +- conf/Makefile.extra-dist | 1 + docs/grub-dev.texi | 14 + docs/grub.texi | 2 +- grub-core/Makefile.core.def | 19 +- grub-core/disk/AFSplitter.c | 3 + grub-core/disk/cryptodisk.c | 163 ++++- grub-core/disk/luks.c | 190 +---- grub-core/disk/luks2.c | 672 ++++++++++++++++++ grub-core/lib/gnulib-patches/fix-base64.patch | 23 + grub-core/lib/json/jsmn.h | 468 ++++++++++++ grub-core/lib/json/json.c | 235 ++++++ grub-core/lib/json/json.h | 92 +++ include/grub/cryptodisk.h | 3 + 15 files changed, 1713 insertions(+), 179 deletions(-) create mode 100644 grub-core/disk/luks2.c create mode 100644 grub-core/lib/gnulib-patches/fix-base64.patch create mode 100644 grub-core/lib/json/jsmn.h create mode 100644 grub-core/lib/json/json.c create mode 100644 grub-core/lib/json/json.h Range-diff against v2: 1: 7bd619827 = 1: 7bd619827 json: Import upstream jsmn-1.1.0 2: 90099e5ee ! 2: 680b5add5 json: Implement wrapping interface @@ grub-core/lib/json/json.c */ #include -+#include +#include +#define JSMN_STATIC #include "jsmn.h" ++#include "json.h" GRUB_MOD_LICENSE ("GPLv3"); + +grub_err_t -+grub_json_parse (grub_json_t **out, const char *string, grub_size_t string_len) ++grub_json_parse (grub_json_t **out, char *string, grub_size_t string_len) +{ -+ grub_size_t ntokens = 128; + grub_json_t *json = NULL; + jsmn_parser parser; + grub_err_t err; @@ grub-core/lib/json/json.c + if (!json) + return GRUB_ERR_OUT_OF_MEMORY; + json->idx = 0; -+ json->string = grub_strndup (string, string_len); ++ json->string = string; + if (!json->string) + { + err = GRUB_ERR_OUT_OF_MEMORY; @@ grub-core/lib/json/json.c + } + + jsmn_init(&parser); -+ -+ while (1) ++ jsmn_err = jsmn_parse (&parser, string, string_len, NULL, 0); ++ if (jsmn_err <= 0) + { -+ json->tokens = grub_realloc (json->tokens, sizeof (jsmntok_t) * ntokens); -+ if (!json->tokens) -+ { -+ err = GRUB_ERR_OUT_OF_MEMORY; -+ goto out; -+ } ++ err = GRUB_ERR_BAD_ARGUMENT; ++ goto out; ++ } + -+ jsmn_err = jsmn_parse (&parser, string, string_len, json->tokens, ntokens); -+ if (jsmn_err >= 0) -+ break; -+ if (jsmn_err != JSMN_ERROR_NOMEM) -+ { -+ err = GRUB_ERR_BAD_ARGUMENT; -+ goto out; -+ } ++ json->tokens = grub_malloc (sizeof (jsmntok_t) * jsmn_err); ++ if (!json->tokens) ++ { ++ err = GRUB_ERR_OUT_OF_MEMORY; ++ goto out; ++ } + -+ ntokens <<= 1; ++ jsmn_init(&parser); ++ jsmn_err = jsmn_parse (&parser, string, string_len, json->tokens, jsmn_err); ++ if (jsmn_err <= 0) ++ { ++ err = GRUB_ERR_BAD_ARGUMENT; ++ goto out; + } + + err = GRUB_ERR_NONE; @@ grub-core/lib/json/json.c +{ + if (json) + { -+ grub_free (json->string); + grub_free (json->tokens); + grub_free (json); + } @@ grub-core/lib/json/json.c + grub_strcmp (s, key) != 0) + continue; + -+ out->string = child.string; -+ out->tokens = child.tokens; -+ out->idx = child.idx + 1; -+ -+ return GRUB_ERR_NONE; ++ return grub_json_getchild (out, &child, 0); + } + + return GRUB_ERR_FILE_NOT_FOUND; @@ grub-core/lib/json/json.c + return GRUB_ERR_NONE; +} - ## include/grub/json.h (new) ## + ## grub-core/lib/json/json.h (new) ## @@ +/* + * GRUB -- GRand Unified Bootloader @@ include/grub/json.h (new) + +enum grub_json_type +{ ++ /* Unordered collection of key-value pairs. */ + GRUB_JSON_OBJECT, ++ /* Ordered list of zero or more values. */ + GRUB_JSON_ARRAY, ++ /* Zero or more Unicode characters. */ + GRUB_JSON_STRING, ++ /* Number, boolean or empty value. */ + GRUB_JSON_PRIMITIVE, ++ /* Invalid token. */ + GRUB_JSON_UNDEFINED, +}; +typedef enum grub_json_type grub_json_type_t; @@ include/grub/json.h (new) +}; +typedef struct grub_json grub_json_t; + ++/* Parse a JSON-encoded string. Note that the string passed to ++ * this function will get modified on subsequent calls to ++ * `grub_json_get*`. Returns the root object of the parsed JSON ++ * object, which needs to be free'd via `grub_json_free`. ++ */ +grub_err_t -+grub_json_parse (grub_json_t **out, const char *string, grub_size_t string_len); ++grub_json_parse (grub_json_t **out, char *string, grub_size_t string_len); + ++/* Free the structure and its contents. The string passed to ++ * `grub_json_parse` will not be free'd. ++ */ +void +grub_json_free (grub_json_t *json); + ++/* Get the child count of the given JSON token. Children are ++ * present for arrays, objects (dicts) and keys of a dict. */ +grub_size_t +grub_json_getsize (const grub_json_t *json); + ++/* Get the type of the given JSON token. */ +grub_json_type_t +grub_json_gettype (const grub_json_t *json); + ++/* Get n'th child of object, array or key. Will return an error if no ++ * such child exists. The result does not need to be free'd. */ +grub_err_t +grub_json_getchild (grub_json_t *out, const grub_json_t *parent, grub_size_t n); + ++/* Get value of key from a JSON object. The result does not need ++ * to be free'd. */ +grub_err_t +grub_json_getvalue (grub_json_t *out, const grub_json_t *parent, const char *key); + ++/* Get the string representation of a JSON object. */ +grub_err_t +grub_json_getstring (const char **out, const grub_json_t *parent, const char *key); + ++/* Get the uint64 representation of a JSON object. */ +grub_err_t +grub_json_getuint64 (grub_uint64_t *out, const grub_json_t *parent, const char *key); + ++/* Get the int64 representation of a JSON object. */ +grub_err_t +grub_json_getint64 (grub_int64_t *out, const grub_json_t *parent, const char *key); + 3: fad8325da ! 3: 461696fe7 bootstrap: Add gnulib's base64 module @@ Commit message This is fixed by adding an include of . Signed-off-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper ## bootstrap.conf ## @@ bootstrap.conf: GNULIB_REVISION=d271f868a8df9bbec29049d01e056481b7a1a263 4: b147f9e08 ! 4: 18cfacbe5 afsplitter: Move into its own module @@ Commit message module "afsplitter" as a preparatory step. Signed-off-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper ## grub-core/Makefile.core.def ## @@ grub-core/Makefile.core.def: module = { 5: ca7c0334e ! 5: 1a185b6d8 luks: Move configuration of ciphers into cryptodisk @@ Commit message up its own internal ciphers instead of hosting that code in the luks module. + Except for necessary adjustments around error handling, this commit does + an exact move of the cipher configuration logic from "luks.c" to + "cryptodisk.c". Any behavior changes are unintentional. + Signed-off-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper ## grub-core/disk/cryptodisk.c ## @@ 6: 9deac48bc ! 6: 9d88fcbab disk: Implement support for LUKS2 @@ Commit message Signed-off-by: Patrick Steinhardt ## Makefile.util.def ## +@@ Makefile.util.def: AutoGen definitions Makefile.tpl; + library = { + name = libgrubkern.a; + cflags = '$(CFLAGS_GNULIB)'; +- cppflags = '$(CPPFLAGS_GNULIB)'; ++ cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json'; + + common = util/misc.c; + common = grub-core/kern/command.c; @@ Makefile.util.def: library = { common = grub-core/kern/misc.c; common = grub-core/kern/partition.c; @@ grub-core/Makefile.core.def: module = { + common = disk/luks2.c; + common = lib/gnulib/base64.c; + cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)'; -+ cppflags = '-I$(srcdir)/lib/posix_wrap $(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB)'; ++ cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json'; +}; + module = { @@ grub-core/disk/luks2.c (new) +#include +#include +#include -+#include + +#include ++#include + +#define MAX_PASSPHRASE 256 + -- 2.24.0