summaryrefslogtreecommitdiff
path: root/resources/grub/patches/0007-Compile-with-Argon2id-support.patch
diff options
context:
space:
mode:
authorLeah Rowe <leah@libreboot.org>2023-08-20 12:20:20 +0100
committerLeah Rowe <leah@libreboot.org>2023-08-20 12:24:49 +0100
commitfd6025321c4ae35e69a75b45d21bfbfb4eb2b3a0 (patch)
treebce4172a3bb5d7173a836b0104069d0ea4e9a083 /resources/grub/patches/0007-Compile-with-Argon2id-support.patch
parent2c0c521e2f15776fd604f8da3bc924dec95e1fd1 (diff)
grub: import phc argon2 implementation (for luks2)
Patches pulled from: https://git.nicholasjohnson.ch/grub This is the author of the rebased patches: https://nicholasjohnson.ch/ (Nicholas Johnson <nick@nicholasjohnson.ch>) However, this is a *rebase* performed by Nicholas, based on these patches: https://aur.archlinux.org/cgit/aur.git/tree/?h=grub-improved-luks2-git ...at revision: 1c7932d90f1f62d0fd5485c5eb8ad79fa4c2f50d The AUR patches were based on GRUB 2.06, whereas Nicholas's rebase is upon grub 2.12, which Libreboot currently uses. These patches import the PHC implementation of argon2i/id key derivation functions, seen here: https://github.com/P-H-C/phc-winner-argon2 GRUB (upstream) does not merge these patches and probably won't, because even though they're libre, they're not copylefted or otherwise under GPL terms that GRUB can accept. Therefore, we in Libreboot must maintain these from now on, for our version of GRUB. The upshot? LUKSv2 decryption should now work, perfectly, in GRUB! Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'resources/grub/patches/0007-Compile-with-Argon2id-support.patch')
-rw-r--r--resources/grub/patches/0007-Compile-with-Argon2id-support.patch83
1 files changed, 83 insertions, 0 deletions
diff --git a/resources/grub/patches/0007-Compile-with-Argon2id-support.patch b/resources/grub/patches/0007-Compile-with-Argon2id-support.patch
new file mode 100644
index 00000000..f2e26fd4
--- /dev/null
+++ b/resources/grub/patches/0007-Compile-with-Argon2id-support.patch
@@ -0,0 +1,83 @@
+From 0a21695c55f76f1c958bb633481d55b3168562f7 Mon Sep 17 00:00:00 2001
+From: Ax333l <main@axelen.xyz>
+Date: Thu, 17 Aug 2023 00:00:00 +0000
+Subject: [PATCH 5/6] Compile with Argon2id support
+
+Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
+---
+ Makefile.util.def | 6 +++++-
+ grub-core/Makefile.core.def | 2 +-
+ grub-core/disk/luks2.c | 13 +++++++++++--
+ 3 files changed, 17 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile.util.def b/Makefile.util.def
+index 1e9a13d3e..a167825c3 100644
+--- a/Makefile.util.def
++++ b/Makefile.util.def
+@@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl;
+ library = {
+ name = libgrubkern.a;
+ cflags = '$(CFLAGS_GNULIB)';
+- cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json';
++ cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json -I$(srcdir)/grub-core/lib/argon2';
+
+ common = util/misc.c;
+ common = grub-core/kern/command.c;
+@@ -36,6 +36,10 @@ library = {
+ common = grub-core/kern/misc.c;
+ common = grub-core/kern/partition.c;
+ common = grub-core/lib/crypto.c;
++ common = grub-core/lib/argon2/argon2.c;
++ common = grub-core/lib/argon2/core.c;
++ common = grub-core/lib/argon2/ref.c;
++ common = grub-core/lib/argon2/blake2/blake2b.c;
+ common = grub-core/lib/json/json.c;
+ common = grub-core/disk/luks.c;
+ common = grub-core/disk/luks2.c;
+diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
+index 4a06789e5..e939dcc99 100644
+--- a/grub-core/Makefile.core.def
++++ b/grub-core/Makefile.core.def
+@@ -1238,7 +1238,7 @@ module = {
+ common = disk/luks2.c;
+ common = lib/gnulib/base64.c;
+ cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)';
+- cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json';
++ cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json -I$(srcdir)/lib/argon2';
+ };
+
+ module = {
+diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
+index bc818ea69..5b9eaa599 100644
+--- a/grub-core/disk/luks2.c
++++ b/grub-core/disk/luks2.c
+@@ -27,6 +27,7 @@
+ #include <grub/partition.h>
+ #include <grub/i18n.h>
+
++#include <argon2.h>
+ #include <base64.h>
+ #include <json.h>
+
+@@ -462,8 +463,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+ {
+ case LUKS2_KDF_TYPE_ARGON2I:
+ case LUKS2_KDF_TYPE_ARGON2ID:
+- ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
+- goto err;
++ ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory, k->kdf.u.argon2.cpus,
++ passphrase, passphraselen, salt, saltlen, area_key, k->area.key_size,
++ k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i : Argon2_id,
++ ARGON2_VERSION_NUMBER);
++ if (ret)
++ {
++ grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message (ret));
++ goto err;
++ }
++ break;
+ case LUKS2_KDF_TYPE_PBKDF2:
+ hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash);
+ if (!hash)
+--
+2.39.2
+