grub: import phc argon2 implementation (for luks2)

Patches pulled from:
https://git.nicholasjohnson.ch/grub
This is the author of the rebased patches:
https://nicholasjohnson.ch/
(Nicholas Johnson <nick@nicholasjohnson.ch>)

However, this is a *rebase* performed by Nicholas,
based on these patches:

https://aur.archlinux.org/cgit/aur.git/tree/?h=grub-improved-luks2-git
...at revision: 1c7932d90f1f62d0fd5485c5eb8ad79fa4c2f50d

The AUR patches were based on GRUB 2.06, whereas Nicholas's
rebase is upon grub 2.12, which Libreboot currently uses.

These patches import the PHC implementation of argon2i/id
key derivation functions, seen here:
https://github.com/P-H-C/phc-winner-argon2

GRUB (upstream) does not merge these patches and probably won't,
because even though they're libre, they're not copylefted or
otherwise under GPL terms that GRUB can accept.

Therefore, we in Libreboot must maintain these from now on,
for our version of GRUB. The upshot? LUKSv2 decryption should
now work, perfectly, in GRUB!

Signed-off-by: Leah Rowe <leah@libreboot.org>

1 files changed, 58 insertions, 0 deletions

diff --git a/resources/grub/patches/0006-Error-on-missing-Argon2id-parameters.patch b/resources/grub/patches/0006-Error-on-missing-Argon2id-parameters.patch
new file mode 100644
index 00000000..5d56bd61
--- /dev/null
+++ b/resources/grub/patches/0006-Error-on-missing-Argon2id-parameters.patch
@@ -0,0 +1,58 @@
+From 0044d32121bf52c4547c6b3c78f12d7305f57e6b Mon Sep 17 00:00:00 2001
+From: Ax333l <main@axelen.xyz>
+Date: Thu, 17 Aug 2023 00:00:00 +0000
+Subject: [PATCH 4/6] Error on missing Argon2id parameters
+
+Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
+---
+ grub-core/disk/luks2.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
+index d5106402f..bc818ea69 100644
+--- a/grub-core/disk/luks2.c
++++ b/grub-core/disk/luks2.c
+@@ -38,6 +38,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ enum grub_luks2_kdf_type
+ {
+   LUKS2_KDF_TYPE_ARGON2I,
++  LUKS2_KDF_TYPE_ARGON2ID,
+   LUKS2_KDF_TYPE_PBKDF2
+ };
+ typedef enum grub_luks2_kdf_type grub_luks2_kdf_type_t;
+@@ -90,7 +91,7 @@ struct grub_luks2_keyslot
+ 	grub_int64_t time;
+ 	grub_int64_t memory;
+ 	grub_int64_t cpus;
+-      } argon2i;
++      } argon2;
+       struct
+       {
+ 	const char   *hash;
+@@ -160,10 +161,11 @@ luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot)
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing or invalid KDF");
+   else if (!grub_strcmp (type, "argon2i") || !grub_strcmp (type, "argon2id"))
+     {
+-      out->kdf.type = LUKS2_KDF_TYPE_ARGON2I;
+-      if (grub_json_getint64 (&out->kdf.u.argon2i.time, &kdf, "time") ||
+-	  grub_json_getint64 (&out->kdf.u.argon2i.memory, &kdf, "memory") ||
+-	  grub_json_getint64 (&out->kdf.u.argon2i.cpus, &kdf, "cpus"))
++      out->kdf.type = !grub_strcmp (type, "argon2i")
++		      ? LUKS2_KDF_TYPE_ARGON2I : LUKS2_KDF_TYPE_ARGON2ID;
++      if (grub_json_getint64 (&out->kdf.u.argon2.time, &kdf, "time") ||
++	  grub_json_getint64 (&out->kdf.u.argon2.memory, &kdf, "memory") ||
++	  grub_json_getint64 (&out->kdf.u.argon2.cpus, &kdf, "cpus"))
+ 	return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing Argon2i parameters");
+     }
+   else if (!grub_strcmp (type, "pbkdf2"))
+@@ -459,6 +461,7 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+   switch (k->kdf.type)
+     {
+       case LUKS2_KDF_TYPE_ARGON2I:
++      case LUKS2_KDF_TYPE_ARGON2ID:
+ 	ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
+ 	goto err;
+       case LUKS2_KDF_TYPE_PBKDF2:
+-- 
+2.39.2
+