[PATCH v6 0/6] Support for LUKS2 disk encryption

From: Patrick Steinhardt <ps@pks.im>
To: grub-devel@gnu.org
Cc: Patrick Steinhardt <ps@pks.im>,
	Max Tottenham <mtottenh@akamai.com>,
	Daniel Kiper <dkiper@net-space.pl>
Subject: [PATCH v6 0/6] Support for LUKS2 disk encryption
Date: Tue, 10 Dec 2019 10:26:15 +0100	[thread overview]
Message-ID: <cover.1575969933.git.ps@pks.im> (raw)
In-Reply-To: <cover.1572717208.git.ps@pks.im>

Hi,

this is the 6th version of this patchset aiming to implement
support for LUKS2 disk encryption. All changes relate to the JSON
interface, only:

    - Some functions now return more specific error codes.

    - NULL-pointer checks for arguments have been removed in the
      JSON interface. Callers are expected to pass valid
      pointers, which has been documented accordingly in the
      respective function comments.

    - The `key` parameter was documented for
      grub_json_getstring(), grub_json_getuint64() and
      grub_json_getint64().

    - Fixed a cast to `size_t` instead of `grub_size_t`.

    - Introduced proper error checking for grub_strtoul() and
      grub_strtol().

    - Some stylistic fixes.

As usual, you can find the range-diff relative to v5 at the end
of this mail.

Patrick

Patrick Steinhardt (6):
  json: Import upstream jsmn-1.1.0
  json: Implement wrapping interface
  bootstrap: Add gnulib's base64 module
  afsplitter: Move into its own module
  luks: Move configuration of ciphers into cryptodisk
  disk: Implement support for LUKS2

 Makefile.util.def                             |   4 +-
 bootstrap.conf                                |   3 +-
 conf/Makefile.extra-dist                      |   1 +
 docs/grub-dev.texi                            |  14 +
 docs/grub.texi                                |   5 +-
 grub-core/Makefile.core.def                   |  19 +-
 grub-core/disk/AFSplitter.c                   |   3 +
 grub-core/disk/cryptodisk.c                   | 163 ++++-
 grub-core/disk/luks.c                         | 190 +----
 grub-core/disk/luks2.c                        | 676 ++++++++++++++++++
 grub-core/lib/gnulib-patches/fix-base64.patch |  23 +
 grub-core/lib/json/jsmn.h                     | 468 ++++++++++++
 grub-core/lib/json/json.c                     | 267 +++++++
 grub-core/lib/json/json.h                     | 122 ++++
 include/grub/cryptodisk.h                     |   3 +
 15 files changed, 1781 insertions(+), 180 deletions(-)
 create mode 100644 grub-core/disk/luks2.c
 create mode 100644 grub-core/lib/gnulib-patches/fix-base64.patch
 create mode 100644 grub-core/lib/json/jsmn.h
 create mode 100644 grub-core/lib/json/json.c
 create mode 100644 grub-core/lib/json/json.h

Range-diff against v5:
1:  1859ff982 ! 1:  88d2b083d json: Implement wrapping interface
    @@ grub-core/lib/json/json.c
     +{
     +  int size;
     +
    -+  if (!json)
    -+    return GRUB_ERR_BAD_ARGUMENT;
    -+
     +  size = ((jsmntok_t *)json->tokens)[json->idx].size;
     +  if (size < 0)
    -+    return GRUB_ERR_BAD_ARGUMENT;
    ++    return GRUB_ERR_OUT_OF_RANGE;
     +
    -+  *out = (size_t) size;
    ++  *out = (grub_size_t) size;
     +  return GRUB_ERR_NONE;
     +}
     +
     +grub_err_t
     +grub_json_gettype (grub_json_type_t *out, const grub_json_t *json)
     +{
    -+  if (!json)
    -+    return GRUB_ERR_BAD_ARGUMENT;
    -+
     +  switch (((jsmntok_t *)json->tokens)[json->idx].type)
     +    {
     +    case JSMN_OBJECT:
    @@ grub-core/lib/json/json.c
     +  grub_size_t offset = 1, size;
     +  jsmntok_t *p;
     +
    -+  if (grub_json_getsize(&size, parent) || n >= size)
    -+    return GRUB_ERR_BAD_ARGUMENT;
    ++  if (grub_json_getsize (&size, parent) || n >= size)
    ++    return GRUB_ERR_OUT_OF_RANGE;
     +
     +  /*
     +   * Skip the first n children. For each of the children, we need
    @@ grub-core/lib/json/json.c
     +  grub_err_t ret;
     +  jsmntok_t *tok;
     +
    -+  if (!parent)
    -+    return GRUB_ERR_BAD_ARGUMENT;
    -+
     +  if (key)
     +    {
     +      ret = grub_json_getvalue (&child, parent, key);
    @@ grub-core/lib/json/json.c
     +}
     +
     +grub_err_t
    -+grub_json_getuint64(grub_uint64_t *out, const grub_json_t *parent, const char *key)
    ++grub_json_getuint64 (grub_uint64_t *out, const grub_json_t *parent, const char *key)
     +{
     +  grub_json_type_t type;
     +  const char *value;
    ++  char *end;
     +  grub_err_t ret;
     +
     +  ret = get_value (&type, &value, parent, key);
    @@ grub-core/lib/json/json.c
     +  if (type != GRUB_JSON_STRING && type != GRUB_JSON_PRIMITIVE)
     +    return GRUB_ERR_BAD_ARGUMENT;
     +
    -+  *out = grub_strtoul (value, NULL, 10);
    ++  grub_errno = GRUB_ERR_NONE;
    ++  *out = grub_strtoul (value, &end, 10);
    ++  if (grub_errno != GRUB_ERR_NONE || *end)
    ++    return GRUB_ERR_BAD_NUMBER;
    ++
     +  return GRUB_ERR_NONE;
     +}
     +
     +grub_err_t
    -+grub_json_getint64(grub_int64_t *out, const grub_json_t *parent, const char *key)
    ++grub_json_getint64 (grub_int64_t *out, const grub_json_t *parent, const char *key)
     +{
     +  grub_json_type_t type;
     +  const char *value;
    ++  char *end;
     +  grub_err_t ret;
     +
     +  ret = get_value (&type, &value, parent, key);
    @@ grub-core/lib/json/json.c
     +  if (type != GRUB_JSON_STRING && type != GRUB_JSON_PRIMITIVE)
     +    return GRUB_ERR_BAD_ARGUMENT;
     +
    -+  *out = grub_strtol (value, NULL, 10);
    ++  grub_errno = GRUB_ERR_NONE;
    ++  *out = grub_strtol (value, &end, 10);
    ++  if (grub_errno != GRUB_ERR_NONE || *end)
    ++    return GRUB_ERR_BAD_NUMBER;
    ++
     +  return GRUB_ERR_NONE;
     +}

    @@ grub-core/lib/json/json.h (new)
     +extern void EXPORT_FUNC(grub_json_free) (grub_json_t *json);
     +
     +/*
    -+ * Get the child count of the given JSON token. Children are
    -+ * present for arrays, objects (dicts) and keys of a dict.
    ++ * Get the child count of a valid grub_json_t instance. Children
    ++ * are present for arrays, objects (dicts) and keys of a dict.
     + */
     +extern grub_err_t EXPORT_FUNC(grub_json_getsize) (grub_size_t *out,
     +						  const grub_json_t *json);
     +
    -+/* Get the type of the given JSON token. */
    ++/* Get the type of a valid grub_json_t instance. */
     +extern grub_err_t EXPORT_FUNC(grub_json_gettype) (grub_json_type_t *out,
     +						  const grub_json_t *json);
     +
     +/*
    -+ * Get n'th child of object, array or key. Will return an error if no
    -+ * such child exists. The result does not need to be free'd.
    ++ * Get n'th child of a valid object, array or key. Will return an
    ++ * error if no such child exists. The result does not need to be
    ++ * free'd.
     + */
     +extern grub_err_t EXPORT_FUNC(grub_json_getchild) (grub_json_t *out,
     +						   const grub_json_t *parent,
     +						   grub_size_t n);
     +
     +/*
    -+ * Get value of key from a JSON object. The result does not need
    -+ * to be free'd.
    ++ * Get value of key from a valid grub_json_t instance. The result
    ++ * does not need to be free'd.
     + */
     +extern grub_err_t EXPORT_FUNC(grub_json_getvalue) (grub_json_t *out,
     +						   const grub_json_t *parent,
     +						   const char *key);
     +
    -+/* Get the string representation of a JSON object. */
    ++/*
    ++ * Get the string representation of a valid grub_json_t instance.
    ++ * If a key is given and parent is a JSON object, this function
    ++ * will return the string value of a child mapping to the key.
    ++ * If no key is given, it will return the string value of the
    ++ * parent itself.
    ++ */
     +extern grub_err_t EXPORT_FUNC(grub_json_getstring) (const char **out,
     +						    const grub_json_t *parent,
     +						    const char *key);
     +
    -+/* Get the uint64 representation of a JSON object. */
    ++/*
    ++ * Get the uint64 representation of a valid grub_json_t instance.
    ++ * Returns an error if the value pointed to by `parent` cannot be
    ++ * converted to an uint64. See grub_json_getstring() for details
    ++ * on the key parameter.
    ++ */
     +extern grub_err_t EXPORT_FUNC(grub_json_getuint64) (grub_uint64_t *out,
     +						    const grub_json_t *parent,
     +						    const char *key);
     +
    -+/* Get the int64 representation of a JSON object. */
    ++/*
    ++ * Get the int64 representation of a valid grub_json_t instance.
    ++ * Returns an error if the value pointed to by `parent` cannot be
    ++ * converted to an int64. See grub_json_getstring() for
    ++ * details on the key parameter.
    ++ */
     +extern grub_err_t EXPORT_FUNC(grub_json_getint64) (grub_int64_t *out,
     +						   const grub_json_t *parent,
     +						   const char *key);
2:  e3acf44c0 = 2:  411a822b4 bootstrap: Add gnulib's base64 module
3:  11cf3594a = 3:  be0859313 afsplitter: Move into its own module
4:  9aa067876 = 4:  8535bb34a luks: Move configuration of ciphers into cryptodisk
5:  593c1829b = 5:  f9b578487 disk: Implement support for LUKS2
-- 
2.24.0