diff options
62 files changed, 228 insertions, 8727 deletions
diff --git a/config/coreboot/default/patches/0046-mb-dell-optiplex_780-use-legacy-HDA-verb-table.patch b/config/coreboot/default/patches/0046-mb-dell-optiplex_780-use-legacy-HDA-verb-table.patch new file mode 100644 index 00000000..a3258943 --- /dev/null +++ b/config/coreboot/default/patches/0046-mb-dell-optiplex_780-use-legacy-HDA-verb-table.patch @@ -0,0 +1,51 @@ +From 22076426d1de6d2e49b8728b3cf206bfcfc6742d Mon Sep 17 00:00:00 2001 +From: Leah Rowe <leah@libreboot.org> +Date: Tue, 23 Dec 2025 18:41:27 +0100 +Subject: [PATCH 1/2] mb/dell/optiplex_780: use legacy HDA verb table + +See: + +commit 31fc5b06a6be62b30739d33eeabe6c2727679bb1 +Author: Nicholas Sudsgaard <devel+coreboot@nsudsgaard.com> +Date: Thu Aug 7 08:31:24 2025 +0900 + + device: Introduce reworked azalia verb table + +and: + +commit 50a59d4464917503847eeeb2df4320c35cf2f6cc +Author: Nicholas Sudsgaard <devel+coreboot@nsudsgaard.com> +Date: Mon Sep 15 16:25:21 2025 +0900 + + device: Add Kconfig to prepare for reworked verb table implementation + +Without this change, lbmk gets the following error +when building for Dell OptiPlex 780: + +i386-elf-ld.bfd: build/ramstage/device/azalia_device.o: in function `azalia_codecs_init': +/path/to/corebootclone/src/device/azalia_device.c:318:(.text.azalia_codecs_init+0xa): undefined reference to `mainboard_azalia_codecs' + +This is a temporary fix. Upstream will require that the code +be fully adapted at a future date. Therefore, one could consider +the current functionality to be "deprecated". + +Signed-off-by: Leah Rowe <leah@libreboot.org> +--- + src/mainboard/dell/optiplex_780/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/mainboard/dell/optiplex_780/Kconfig b/src/mainboard/dell/optiplex_780/Kconfig +index fc649e35d5..172bb2fa87 100644 +--- a/src/mainboard/dell/optiplex_780/Kconfig ++++ b/src/mainboard/dell/optiplex_780/Kconfig +@@ -2,6 +2,7 @@ + + config BOARD_DELL_OPTIPLEX_780_COMMON + def_bool n ++ select AZALIA_USE_LEGACY_VERB_TABLE + select BOARD_ROMSIZE_KB_8192 + select CPU_INTEL_SOCKET_LGA775 + select DRIVERS_I2C_CK505 +-- +2.47.3 + diff --git a/config/coreboot/default/patches/0047-hp8300cmt-use-legacy-verb-table.patch b/config/coreboot/default/patches/0047-hp8300cmt-use-legacy-verb-table.patch new file mode 100644 index 00000000..c7161fc6 --- /dev/null +++ b/config/coreboot/default/patches/0047-hp8300cmt-use-legacy-verb-table.patch @@ -0,0 +1,30 @@ +From 6cea443cf12eb94b3eafcbba4ce6370b31f716cc Mon Sep 17 00:00:00 2001 +From: Leah Rowe <leah@libreboot.org> +Date: Tue, 23 Dec 2025 18:46:45 +0100 +Subject: [PATCH 2/2] hp8300cmt: use legacy verb table + +same as for the 780 optiplex patch + +coreboot is making some changes to the way verbs are +handled. for now, this change is being made to adapt. + +Signed-off-by: Leah Rowe <leah@libreboot.org> +--- + src/mainboard/hp/compaq_elite_8300_cmt/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/mainboard/hp/compaq_elite_8300_cmt/Kconfig b/src/mainboard/hp/compaq_elite_8300_cmt/Kconfig +index d2bfd35dc4..30be7fb3fe 100644 +--- a/src/mainboard/hp/compaq_elite_8300_cmt/Kconfig ++++ b/src/mainboard/hp/compaq_elite_8300_cmt/Kconfig +@@ -2,6 +2,7 @@ if BOARD_HP_COMPAQ_ELITE_8300_CMT + + config BOARD_SPECIFIC_OPTIONS + def_bool y ++ select AZALIA_USE_LEGACY_VERB_TABLE + select BOARD_ROMSIZE_KB_16384 + select HAVE_ACPI_RESUME + select HAVE_ACPI_TABLES +-- +2.47.3 + diff --git a/config/coreboot/dell3050micro_vfsp_16mb/config/libgfxinit_corebootfb b/config/coreboot/dell3050micro_vfsp_16mb/config/libgfxinit_corebootfb index 5c010d8d..aa6b1fc8 100644 --- a/config/coreboot/dell3050micro_vfsp_16mb/config/libgfxinit_corebootfb +++ b/config/coreboot/dell3050micro_vfsp_16mb/config/libgfxinit_corebootfb @@ -145,7 +145,7 @@ CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xe0000000 CONFIG_ECAM_MMCONF_BUS_NUMBER=256 CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld" # CONFIG_FATAL_ASSERTS is not set -CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/($MAINBOARDDIR)/variants/$(CONFIG_VARIANT_DIR)/data.vbt" +CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/variants/$(CONFIG_VARIANT_DIR)/data.vbt" # CONFIG_DISABLE_HECI1_AT_PRE_BOOT is not set CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00 CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="OptiPlex 3050 Micro" diff --git a/config/coreboot/dell3050micro_vfsp_16mb/config/libgfxinit_txtmode b/config/coreboot/dell3050micro_vfsp_16mb/config/libgfxinit_txtmode index f33f5ca5..565cc19c 100644 --- a/config/coreboot/dell3050micro_vfsp_16mb/config/libgfxinit_txtmode +++ b/config/coreboot/dell3050micro_vfsp_16mb/config/libgfxinit_txtmode @@ -143,7 +143,7 @@ CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xe0000000 CONFIG_ECAM_MMCONF_BUS_NUMBER=256 CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld" # CONFIG_FATAL_ASSERTS is not set -CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/($MAINBOARDDIR)/variants/$(CONFIG_VARIANT_DIR)/data.vbt" +CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/variants/$(CONFIG_VARIANT_DIR)/data.vbt" # CONFIG_DISABLE_HECI1_AT_PRE_BOOT is not set CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00 CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="OptiPlex 3050 Micro" diff --git a/config/grub/default/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch b/config/grub/default/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch index c41f2d4d..f3ec1935 100644 --- a/config/grub/default/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch +++ b/config/grub/default/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch @@ -1,7 +1,7 @@ -From dae0cfdbb484eb3576300ad9c4d2c362f4e8fa64 Mon Sep 17 00:00:00 2001 +From 3334727192bca5c64e9e1321da23c4b1e745deb2 Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sun, 31 Oct 2021 03:47:05 +0000 -Subject: [PATCH 01/14] mitigate grub's missing characters for borders/arrow +Subject: [PATCH 1/8] mitigate grub's missing characters for borders/arrow characters This cleans up the display on the main screen in GRUB. @@ -86,5 +86,5 @@ index 9c383e64a..8ec1dd1e8 100644 grub_term_highlight_color = old_color_highlight; geo->timeout_y = geo->first_entry_y + geo->num_entries -- -2.39.5 +2.47.3 diff --git a/config/grub/default/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch b/config/grub/default/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch index e30f1386..a833d0f9 100644 --- a/config/grub/default/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch +++ b/config/grub/default/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch @@ -1,17 +1,17 @@ -From 25ae072be49c23abffff657085c16ac3780b8cda Mon Sep 17 00:00:00 2001 +From cc6d74da1a6a77935e094601f4f212cd410f5b53 Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sat, 19 Nov 2022 16:30:24 +0000 -Subject: [PATCH 02/14] say the name libreboot, in the grub menu +Subject: [PATCH 2/8] say the name libreboot, in the grub menu --- grub-core/normal/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 96abfda2f..d806db9c4 100644 +index de9a3f961..1fabb9c86 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c -@@ -209,7 +209,7 @@ grub_normal_init_page (struct grub_term_output *term, +@@ -215,7 +215,7 @@ grub_normal_init_page (struct grub_term_output *term, grub_term_cls (term); @@ -21,5 +21,5 @@ index 96abfda2f..d806db9c4 100644 return; -- -2.39.5 +2.47.3 diff --git a/config/grub/default/patches/0003-Add-CC0-license.patch b/config/grub/default/patches/0003-Add-CC0-license.patch deleted file mode 100644 index 09b70f1c..00000000 --- a/config/grub/default/patches/0003-Add-CC0-license.patch +++ /dev/null @@ -1,42 +0,0 @@ -From e9969b4ee38e3d9fda1fdff02e127830d7fdf2ec Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 03/14] Add CC0 license - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - grub-core/kern/dl.c | 3 ++- - util/grub-module-verifierXX.c | 3 ++- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index de8c3aa8d..4a3be8568 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -495,7 +495,8 @@ grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e) - - if (grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3") == 0 - || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3+") == 0 -- || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv2+") == 0) -+ || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv2+") == 0 -+ || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=CC0") == 0) - return GRUB_ERR_NONE; - - return grub_error (GRUB_ERR_BAD_MODULE, -diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c -index a42c20bd1..7157a30aa 100644 ---- a/util/grub-module-verifierXX.c -+++ b/util/grub-module-verifierXX.c -@@ -236,7 +236,8 @@ check_license (const char * const filename, - Elf_Shdr *s = find_section (arch, e, ".module_license", module_size); - if (s && (strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3") == 0 - || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3+") == 0 -- || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0)) -+ || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0 -+ || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=CC0") == 0)) - return; - grub_util_error ("%s: incompatible license", filename); - } --- -2.39.5 - diff --git a/config/grub/nvme/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch b/config/grub/default/patches/0003-at_keyboard-coreboot-force-scancodes2-translate.patch index 3a8591d1..6ba279b9 100644 --- a/config/grub/nvme/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch +++ b/config/grub/default/patches/0003-at_keyboard-coreboot-force-scancodes2-translate.patch @@ -1,7 +1,7 @@ -From a90a11f02d5bfc8b9f9e1253a67906fde9102a14 Mon Sep 17 00:00:00 2001 +From d5aead07155d6eeb36971c0a2e5ee1392a025f91 Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Mon, 30 Oct 2023 22:19:21 +0000 -Subject: [PATCH 09/15] at_keyboard coreboot: force scancodes2+translate +Subject: [PATCH 3/8] at_keyboard coreboot: force scancodes2+translate Scan code set 2 with translation should be assumed in every case, as the default starting position. @@ -103,5 +103,5 @@ index f8a129eb7..8207225c2 100644 grub_dprintf ("atkeyb", "returned set %d\n", ps2_state.current_set); if (ps2_state.current_set == 2) -- -2.39.5 +2.47.3 diff --git a/config/grub/default/patches/0004-Define-GRUB_UINT32_MAX.patch b/config/grub/default/patches/0004-Define-GRUB_UINT32_MAX.patch deleted file mode 100644 index 6d413bae..00000000 --- a/config/grub/default/patches/0004-Define-GRUB_UINT32_MAX.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 421a44b2f8211fa46ea523fc0feeaba9940af0e7 Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 04/14] Define GRUB_UINT32_MAX - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - include/grub/types.h | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/include/grub/types.h b/include/grub/types.h -index 45079bf65..8c0b30395 100644 ---- a/include/grub/types.h -+++ b/include/grub/types.h -@@ -156,6 +156,7 @@ typedef grub_int32_t grub_ssize_t; - #define GRUB_SHRT_MAX 0x7fff - #define GRUB_SHRT_MIN (-GRUB_SHRT_MAX - 1) - #define GRUB_UINT_MAX 4294967295U -+#define GRUB_UINT32_MAX 4294967295U - #define GRUB_INT_MAX 0x7fffffff - #define GRUB_INT_MIN (-GRUB_INT_MAX - 1) - #define GRUB_INT32_MAX 2147483647 -@@ -177,6 +178,13 @@ typedef grub_int32_t grub_ssize_t; - #define GRUB_TYPE_U_MAX(type) ((unsigned long long)((typeof (type))(~0))) - #define GRUB_TYPE_U_MIN(type) 0ULL - -+# define GRUB_UINT32_C(x) x ## U -+# if GRUB_ULONG_MAX >> 31 >> 31 >> 1 == 1 -+# define GRUB_UINT64_C(x) x##UL -+# elif 1 -+# define GRUB_UINT64_C(x) x##ULL -+# endif -+ - typedef grub_uint64_t grub_properly_aligned_t; - - #define GRUB_PROPERLY_ALIGNED_ARRAY(name, size) grub_properly_aligned_t name[((size) + sizeof (grub_properly_aligned_t) - 1) / sizeof (grub_properly_aligned_t)] --- -2.39.5 - diff --git a/config/grub/nvme/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch b/config/grub/default/patches/0004-keylayouts-don-t-print-Unknown-key-message.patch index 8cc2f1b6..b25fbd33 100644 --- a/config/grub/nvme/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch +++ b/config/grub/default/patches/0004-keylayouts-don-t-print-Unknown-key-message.patch @@ -1,7 +1,7 @@ -From 86d06a8075d87cdaece0c5495f7505ff01f1e752 Mon Sep 17 00:00:00 2001 +From 22a0e4608428f7f0131789b6bc0e0203b994163f Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Tue, 31 Oct 2023 10:33:28 +0000 -Subject: [PATCH 10/15] keylayouts: don't print "Unknown key" message +Subject: [PATCH 4/8] keylayouts: don't print "Unknown key" message on keyboards with stuck keys, this results in GRUB just spewing it repeatedly, preventing use of GRUB. @@ -34,5 +34,5 @@ index aa3ba34f2..445fa0601 100644 } -- -2.39.5 +2.47.3 diff --git a/config/grub/default/patches/0005-Add-Argon2-algorithm.patch b/config/grub/default/patches/0005-Add-Argon2-algorithm.patch deleted file mode 100644 index 26a150b7..00000000 --- a/config/grub/default/patches/0005-Add-Argon2-algorithm.patch +++ /dev/null @@ -1,2612 +0,0 @@ -From a31496a4fb9dc85dfbfc3442898aca4b64716986 Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 05/14] Add Argon2 algorithm - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - docs/grub-dev.texi | 64 +++ - grub-core/Makefile.core.def | 8 + - grub-core/lib/argon2/LICENSE | 314 +++++++++++ - grub-core/lib/argon2/argon2.c | 232 ++++++++ - grub-core/lib/argon2/argon2.h | 264 +++++++++ - grub-core/lib/argon2/blake2/blake2-impl.h | 151 ++++++ - grub-core/lib/argon2/blake2/blake2.h | 89 +++ - grub-core/lib/argon2/blake2/blake2b.c | 388 ++++++++++++++ - .../lib/argon2/blake2/blamka-round-ref.h | 56 ++ - grub-core/lib/argon2/core.c | 506 ++++++++++++++++++ - grub-core/lib/argon2/core.h | 228 ++++++++ - grub-core/lib/argon2/ref.c | 190 +++++++ - 12 files changed, 2490 insertions(+) - create mode 100644 grub-core/lib/argon2/LICENSE - create mode 100644 grub-core/lib/argon2/argon2.c - create mode 100644 grub-core/lib/argon2/argon2.h - create mode 100644 grub-core/lib/argon2/blake2/blake2-impl.h - create mode 100644 grub-core/lib/argon2/blake2/blake2.h - create mode 100644 grub-core/lib/argon2/blake2/blake2b.c - create mode 100644 grub-core/lib/argon2/blake2/blamka-round-ref.h - create mode 100644 grub-core/lib/argon2/core.c - create mode 100644 grub-core/lib/argon2/core.h - create mode 100644 grub-core/lib/argon2/ref.c - -diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi -index f4367f895..9d96cedf9 100644 ---- a/docs/grub-dev.texi -+++ b/docs/grub-dev.texi -@@ -503,12 +503,76 @@ GRUB includes some code from other projects, and it is sometimes necessary - to update it. - - @menu -+* Argon2:: - * Gnulib:: - * jsmn:: - * minilzo:: - * libtasn1:: - @end menu - -+@node Argon2 -+@section Argon2 -+ -+Argon2 is a key derivation function used by LUKS2 in order to derive encryption -+keys from a user-provided password. GRUB imports the official reference -+implementation of Argon2 from @url{https://github.com/P-H-C/phc-winner-argon2}. -+In order to make the library usable for GRUB, we need to perform various -+conversions. This is mainly due to the fact that the imported code makes use of -+types and functions defined in the C standard library, which isn't available. -+Furthermore, using the POSIX wrapper library is not possible as the code needs -+to be part of the kernel. -+ -+Updating the code can thus be performed like following: -+ -+@example -+$ git clone https://github.com/P-H-C/phc-winner-argon2 argon2 -+$ cp argon2/include/argon2.h argon2/src/@{argon2.c,core.c,core.h,ref.c@} \ -+ grub-core/lib/argon2/ -+$ cp argon2/src/blake2/@{blake2-impl.h,blake2.h,blake2b.c,blamka-round-ref.h@} \ -+ grub-core/lib/argon2/blake2/ -+$ sed -e 's/UINT32_C/GRUB_UINT32_C/g' \ -+ -e 's/UINT64_C/GRUB_UINT64_C/g' \ -+ -e 's/UINT32_MAX/GRUB_UINT32_MAX/g' \ -+ -e 's/CHAR_BIT/GRUB_CHAR_BIT/g' \ -+ -e 's/UINT_MAX/GRUB_UINT_MAX/g' \ -+ -e 's/uintptr_t/grub_addr_t/g' \ -+ -e 's/size_t/grub_size_t/g' \ -+ -e 's/uint32_t/grub_uint32_t/g' \ -+ -e 's/uint64_t/grub_uint64_t/g' \ -+ -e 's/uint8_t/grub_uint8_t/g' \ -+ -e 's/memset/grub_memset/g' \ -+ -e 's/memcpy/grub_memcpy/g' \ -+ -e 's/malloc/grub_malloc/g' \ -+ -e 's/free/grub_free/g' \ -+ -e 's/#elif _MSC_VER/#elif defined(_MSC_VER)/' \ -+ grub-core/lib/argon2/@{*,blake2/*@}.@{c,h@} -i -+@end example -+ -+Afterwards, you need to perform the following manual steps: -+ -+@enumerate -+@item Remove all includes of standard library headers, "encoding.h" and -+ "thread.h". -+@item Add includes <grub/mm.h> and <grub/misc.h> to "argon2.h". -+@item Add include <grub/dl.h> and module license declaration to "argon2.c". -+@item Remove the following declarations and functions from "argon2.h" and -+ "argon2.c": argon2_type2string, argon2i_hash_encoded, argon2i_hash_raw, -+ argon2d_hash_encoded, argon2d_hash_raw, argon2id_hash_encoded, -+ argon2id_hash_raw, argon2_compare, argon2_verify, argon2i_verify, -+ argon2d_verify, argon2id_verify, argon2d_ctx, argon2i_ctx, argon2id_ctx, -+ argon2_verify_ctx, argon2d_verify_ctx, argon2i_verify_ctx, -+ argon2id_verify_ctx, argon2_encodedlen. -+@item Move the declaration of `clear_internal_memory()` in "blake2-impl.h" to -+ "blake2b.c". -+@item Remove code guarded by the ARGON2_NO_THREADS macro. -+@item Remove parameters `encoded` and `encodedlen` from `argon2_hash` and remove -+ the encoding block in that function. -+@item Remove parameter verifications in `validate_inputs()` for -+ ARGON2_MIN_PWD_LENGTH, ARGON2_MIN_SECRET, ARGON2_MIN_AD_LENGTH and -+ ARGON2_MAX_MEMORY to fix compiler warnings. -+@item Mark the function argon2_ctx as static. -+@end enumerate -+ - @node Gnulib - @section Gnulib - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 24e8c8437..0ee65d54d 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -1219,6 +1219,14 @@ module = { - common = lib/json/json.c; - }; - -+module = { -+ name = argon2; -+ common = lib/argon2/argon2.c; -+ common = lib/argon2/core.c; -+ common = lib/argon2/ref.c; -+ common = lib/argon2/blake2/blake2b.c; -+}; -+ - module = { - name = afsplitter; - common = disk/AFSplitter.c; -diff --git a/grub-core/lib/argon2/LICENSE b/grub-core/lib/argon2/LICENSE -new file mode 100644 -index 000000000..97aae2925 ---- /dev/null -+++ b/grub-core/lib/argon2/LICENSE -@@ -0,0 +1,314 @@ -+Argon2 reference source code package - reference C implementations -+ -+Copyright 2015 -+Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ -+You may use this work under the terms of a Creative Commons CC0 1.0 -+License/Waiver or the Apache Public License 2.0, at your option. The terms of -+these licenses can be found at: -+ -+- CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+- Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ -+The terms of the licenses are reproduced below. -+ -+-------------------------------------------------------------------------------- -+ -+Creative Commons Legal Code -+ -+CC0 1.0 Universal -+ -+ CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE -+ LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN -+ ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS -+ INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES -+ REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS -+ PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM -+ THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED -+ HEREUNDER. -+ -+Statement of Purpose -+ -+The laws of most jurisdictions throughout the world automatically confer -+exclusive Copyright and Related Rights (defined below) upon the creator -+and subsequent owner(s) (each and all, an "owner") of an original work of -+authorship and/or a database (each, a "Work"). -+ -+Certain owners wish to permanently relinquish those rights to a Work for -+the purpose of contributing to a commons of creative, cultural and -+scientific works ("Commons") that the public can reliably and without fear -+of later claims of infringement build upon, modify, incorporate in other -+works, reuse and redistribute as freely as possible in any form whatsoever -+and for any purposes, including without limitation commercial purposes. -+These owners may contribute to the Commons to promote the ideal of a free -+culture and the further production of creative, cultural and scientific -+works, or to gain reputation or greater distribution for their Work in -+part through the use and efforts of others. -+ -+For these and/or other purposes and motivations, and without any -+expectation of additional consideration or compensation, the person -+associating CC0 with a Work (the "Affirmer"), to the extent that he or she -+is an owner of Copyright and Related Rights in the Work, voluntarily -+elects to apply CC0 to the Work and publicly distribute the Work under its -+terms, with knowledge of his or her Copyright and Related Rights in the -+Work and the meaning and intended legal effect of CC0 on those rights. -+ -+1. Copyright and Related Rights. A Work made available under CC0 may be -+protected by copyright and related or neighboring rights ("Copyright and -+Related Rights"). Copyright and Related Rights include, but are not -+limited to, the following: -+ -+ i. the right to reproduce, adapt, distribute, perform, display, -+ communicate, and translate a Work; -+ ii. moral rights retained by the original author(s) and/or performer(s); -+iii. publicity and privacy rights pertaining to a person's image or -+ likeness depicted in a Work; -+ iv. rights protecting against unfair competition in regards to a Work, -+ subject to the limitations in paragraph 4(a), below; -+ v. rights protecting the extraction, dissemination, use and reuse of data -+ in a Work; -+ vi. database rights (such as those arising under Directive 96/9/EC of the -+ European Parliament and of the Council of 11 March 1996 on the legal -+ protection of databases, and under any national implementation -+ thereof, including any amended or successor version of such -+ directive); and -+vii. other similar, equivalent or corresponding rights throughout the -+ world based on applicable law or treaty, and any national -+ implementations thereof. -+ -+2. Waiver. To the greatest extent permitted by, but not in contravention -+of, applicable law, Affirmer hereby overtly, fully, permanently, -+irrevocably and unconditionally waives, abandons, and surrenders all of -+Affirmer's Copyright and Related Rights and associated claims and causes -+of action, whether now known or unknown (including existing as well as -+future claims and causes of action), in the Work (i) in all territories -+worldwide, (ii) for the maximum duration provided by applicable law or -+treaty (including future time extensions), (iii) in any current or future -+medium and for any number of copies, and (iv) for any purpose whatsoever, -+including without limitation commercial, advertising or promotional -+purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each -+member of the public at large and to the detriment of Affirmer's heirs and -+successors, fully intending that such Waiver shall not be subject to -+revocation, rescission, cancellation, termination, or any other legal or -+equitable action to disrupt the quiet enjoyment of the Work by the public -+as contemplated by Affirmer's express Statement of Purpose. -+ -+3. Public License Fallback. Should any part of the Waiver for any reason -+be judged legally invalid or ineffective under applicable law, then the -+Waiver shall be preserved to the maximum extent permitted taking into -+account Affirmer's express Statement of Purpose. In addition, to the -+extent the Waiver is so judged Affirmer hereby grants to each affected -+person a royalty-free, non transferable, non sublicensable, non exclusive, -+irrevocable and unconditional license to exercise Affirmer's Copyright and -+Related Rights in the Work (i) in all territories worldwide, (ii) for the -+maximum duration provided by applicable law or treaty (including future -+time extensions), (iii) in any current or future medium and for any number -+of copies, and (iv) for any purpose whatsoever, including without -+limitation commercial, advertising or promotional purposes (the -+"License"). The License shall be deemed effective as of the date CC0 was -+applied by Affirmer to the Work. Should any part of the License for any -+reason be judged legally invalid or ineffective under applicable law, such -+partial invalidity or ineffectiveness shall not invalidate the remainder -+of the License, and in such case Affirmer hereby affirms that he or she -+will not (i) exercise any of his or her remaining Copyright and Related -+Rights in the Work or (ii) assert any associated claims and causes of -+action with respect to the Work, in either case contrary to Affirmer's -+express Statement of Purpose. -+ -+4. Limitations and Disclaimers. -+ -+ a. No trademark or patent rights held by Affirmer are waived, abandoned, -+ surrendered, licensed or otherwise affected by this document. -+ b. Affirmer offers the Work as-is and makes no representations or -+ warranties of any kind concerning the Work, express, implied, -+ statutory or otherwise, including without limitation warranties of -+ title, merchantability, fitness for a particular purpose, non -+ infringement, or the absence of latent or other defects, accuracy, or -+ the present or absence of errors, whether or not discoverable, all to -+ the greatest extent permissible under applicable law. -+ c. Affirmer disclaims responsibility for clearing rights of other persons -+ that may apply to the Work or any use thereof, including without -+ limitation any person's Copyright and Related Rights in the Work. -+ Further, Affirmer disclaims responsibility for obtaining any necessary -+ consents, permissions or other rights required for any use of the -+ Work. -+ d. Affirmer understands and acknowledges that Creative Commons is not a -+ party to this document and has no duty or obligation with respect to -+ this CC0 or use of the Work. -+ -+-------------------------------------------------------------------------------- -+ -+ Apache License -+ Version 2.0, January 2004 -+ http://www.apache.org/licenses/ -+ -+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION -+ -+ 1. Definitions. -+ -+ "License" shall mean the terms and conditions for use, reproduction, -+ and distribution as defined by Sections 1 through 9 of this document. -+ -+ "Licensor" shall mean the copyright owner or entity authorized by -+ the copyright owner that is granting the License. -+ -+ "Legal Entity" shall mean the union of the acting entity and all -+ other entities that control, are controlled by, or are under common -+ control with that entity. For the purposes of this definition, -+ "control" means (i) the power, direct or indirect, to cause the -+ direction or management of such entity, whether by contract or -+ otherwise, or (ii) ownership of fifty percent (50%) or more of the -+ outstanding shares, or (iii) beneficial ownership of such entity. -+ -+ "You" (or "Your") shall mean an individual or Legal Entity -+ exercising permissions granted by this License. -+ -+ "Source" form shall mean the preferred form for making modifications, -+ including but not limited to software source code, documentation -+ source, and configuration files. -+ -+ "Object" form shall mean any form resulting from mechanical -+ transformation or translation of a Source form, including but -+ not limited to compiled object code, generated documentation, -+ and conversions to other media types. -+ -+ "Work" shall mean the work of authorship, whether in Source or -+ Object form, made available under the License, as indicated by a -+ copyright notice that is included in or attached to the work -+ (an example is provided in the Appendix below). -+ -+ "Derivative Works" shall mean any work, whether in Source or Object -+ form, that is based on (or derived from) the Work and for which the -+ editorial revisions, annotations, elaborations, or other modifications -+ represent, as a whole, an original work of authorship. For the purposes -+ of this License, Derivative Works shall not include works that remain -+ separable from, or merely link (or bind by name) to the interfaces of, -+ the Work and Derivative Works thereof. -+ -+ "Contribution" shall mean any work of authorship, including -+ the original version of the Work and any modifications or additions -+ to that Work or Derivative Works thereof, that is intentionally -+ submitted to Licensor for inclusion in the Work by the copyright owner -+ or by an individual or Legal Entity authorized to submit on behalf of -+ the copyright owner. For the purposes of this definition, "submitted" -+ means any form of electronic, verbal, or written communication sent -+ to the Licensor or its representatives, including but not limited to -+ communication on electronic mailing lists, source code control systems, -+ and issue tracking systems that are managed by, or on behalf of, the -+ Licensor for the purpose of discussing and improving the Work, but -+ excluding communication that is conspicuously marked or otherwise -+ designated in writing by the copyright owner as "Not a Contribution." -+ -+ "Contributor" shall mean Licensor and any individual or Legal Entity -+ on behalf of whom a Contribution has been received by Licensor and -+ subsequently incorporated within the Work. -+ -+ 2. Grant of Copyright License. Subject to the terms and conditions of -+ this License, each Contributor hereby grants to You a perpetual, -+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable -+ copyright license to reproduce, prepare Derivative Works of, -+ publicly display, publicly perform, sublicense, and distribute the -+ Work and such Derivative Works in Source or Object form. -+ -+ 3. Grant of Patent License. Subject to the terms and conditions of -+ this License, each Contributor hereby grants to You a perpetual, -+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable -+ (except as stated in this section) patent license to make, have made, -+ use, offer to sell, sell, import, and otherwise transfer the Work, -+ where such license applies only to those patent claims licensable -+ by such Contributor that are necessarily infringed by their -+ Contribution(s) alone or by combination of their Contribution(s) -+ with the Work to which such Contribution(s) was submitted. If You -+ institute patent litigation against any entity (including a -+ cross-claim or counterclaim in a lawsuit) alleging that the Work -+ or a Contribution incorporated within the Work constitutes direct -+ or contributory patent infringement, then any patent licenses -+ granted to You under this License for that Work shall terminate -+ as of the date such litigation is filed. -+ -+ 4. Redistribution. You may reproduce and distribute copies of the -+ Work or Derivative Works thereof in any medium, with or without -+ modifications, and in Source or Object form, provided that You -+ meet the following conditions: -+ -+ (a) You must give any other recipients of the Work or -+ Derivative Works a copy of this License; and -+ -+ (b) You must cause any modified files to carry prominent notices -+ stating that You changed the files; and -+ -+ (c) You must retain, in the Source form of any Derivative Works -+ that You distribute, all copyright, patent, trademark, and -+ attribution notices from the Source form of the Work, -+ excluding those notices that do not pertain to any part of -+ the Derivative Works; and -+ -+ (d) If the Work includes a "NOTICE" text file as part of its -+ distribution, then any Derivative Works that You distribute must -+ include a readable copy of the attribution notices contained -+ within such NOTICE file, excluding those notices that do not -+ pertain to any part of the Derivative Works, in at least one -+ of the following places: within a NOTICE text file distributed -+ as part of the Derivative Works; within the Source form or -+ documentation, if provided along with the Derivative Works; or, -+ within a display generated by the Derivative Works, if and -+ wherever such third-party notices normally appear. The contents -+ of the NOTICE file are for informational purposes only and -+ do not modify the License. You may add Your own attribution -+ notices within Derivative Works that You distribute, alongside -+ or as an addendum to the NOTICE text from the Work, provided -+ that such additional attribution notices cannot be construed -+ as modifying the License. -+ -+ You may add Your own copyright statement to Your modifications and -+ may provide additional or different license terms and conditions -+ for use, reproduction, or distribution of Your modifications, or -+ for any such Derivative Works as a whole, provided Your use, -+ reproduction, and distribution of the Work otherwise complies with -+ the conditions stated in this License. -+ -+ 5. Submission of Contributions. Unless You explicitly state otherwise, -+ any Contribution intentionally submitted for inclusion in the Work -+ by You to the Licensor shall be under the terms and conditions of -+ this License, without any additional terms or conditions. -+ Notwithstanding the above, nothing herein shall supersede or modify -+ the terms of any separate license agreement you may have executed -+ with Licensor regarding such Contributions. -+ -+ 6. Trademarks. This License does not grant permission to use the trade -+ names, trademarks, service marks, or product names of the Licensor, -+ except as required for reasonable and customary use in describing the -+ origin of the Work and reproducing the content of the NOTICE file. -+ -+ 7. Disclaimer of Warranty. Unless required by applicable law or -+ agreed to in writing, Licensor provides the Work (and each -+ Contributor provides its Contributions) on an "AS IS" BASIS, -+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -+ implied, including, without limitation, any warranties or conditions -+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A -+ PARTICULAR PURPOSE. You are solely responsible for determining the -+ appropriateness of using or redistributing the Work and assume any -+ risks associated with Your exercise of permissions under this License. -+ -+ 8. Limitation of Liability. In no event and under no legal theory, -+ whether in tort (including negligence), contract, or otherwise, -+ unless required by applicable law (such as deliberate and grossly -+ negligent acts) or agreed to in writing, shall any Contributor be -+ liable to You for damages, including any direct, indirect, special, -+ incidental, or consequential damages of any character arising as a -+ result of this License or out of the use or inability to use the -+ Work (including but not limited to damages for loss of goodwill, -+ work stoppage, computer failure or malfunction, or any and all -+ other commercial damages or losses), even if such Contributor -+ has been advised of the possibility of such damages. -+ -+ 9. Accepting Warranty or Additional Liability. While redistributing -+ the Work or Derivative Works thereof, You may choose to offer, -+ and charge a fee for, acceptance of support, warranty, indemnity, -+ or other liability obligations and/or rights consistent with this -+ License. However, in accepting such obligations, You may act only -+ on Your own behalf and on Your sole responsibility, not on behalf -+ of any other Contributor, and only if You agree to indemnify, -+ defend, and hold each Contributor harmless for any liability -+ incurred by, or claims asserted against, such Contributor by reason -+ of your accepting any such warranty or additional liability. -diff --git a/grub-core/lib/argon2/argon2.c b/grub-core/lib/argon2/argon2.c -new file mode 100644 -index 000000000..49532fe80 ---- /dev/null -+++ b/grub-core/lib/argon2/argon2.c -@@ -0,0 +1,232 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#include <grub/dl.h> -+ -+#include "argon2.h" -+#include "core.h" -+ -+GRUB_MOD_LICENSE ("CC0"); -+ -+static int argon2_ctx(argon2_context *context, argon2_type type) { -+ /* 1. Validate all inputs */ -+ int result = validate_inputs(context); -+ grub_uint32_t memory_blocks, segment_length; -+ argon2_instance_t instance; -+ -+ if (ARGON2_OK != result) { -+ return result; -+ } -+ -+ if (Argon2_d != type && Argon2_i != type && Argon2_id != type) { -+ return ARGON2_INCORRECT_TYPE; -+ } -+ -+ /* 2. Align memory size */ -+ /* Minimum memory_blocks = 8L blocks, where L is the number of lanes */ -+ memory_blocks = context->m_cost; -+ -+ if (memory_blocks < 2 * ARGON2_SYNC_POINTS * context->lanes) { -+ memory_blocks = 2 * ARGON2_SYNC_POINTS * context->lanes; -+ } -+ -+ segment_length = memory_blocks / (context->lanes * ARGON2_SYNC_POINTS); -+ /* Ensure that all segments have equal length */ -+ memory_blocks = segment_length * (context->lanes * ARGON2_SYNC_POINTS); -+ -+ instance.version = context->version; -+ instance.memory = NULL; -+ instance.passes = context->t_cost; -+ instance.memory_blocks = memory_blocks; -+ instance.segment_length = segment_length; -+ instance.lane_length = segment_length * ARGON2_SYNC_POINTS; -+ instance.lanes = context->lanes; -+ instance.threads = context->threads; -+ instance.type = type; -+ -+ if (instance.threads > instance.lanes) { -+ instance.threads = instance.lanes; -+ } -+ -+ /* 3. Initialization: Hashing inputs, allocating memory, filling first -+ * blocks -+ */ -+ result = initialize(&instance, context); -+ -+ if (ARGON2_OK != result) { -+ return result; -+ } -+ -+ /* 4. Filling memory */ -+ result = fill_memory_blocks(&instance); -+ -+ if (ARGON2_OK != result) { -+ return result; -+ } -+ /* 5. Finalization */ -+ finalize(context, &instance); -+ -+ return ARGON2_OK; -+} -+ -+int argon2_hash(const grub_uint32_t t_cost, const grub_uint32_t m_cost, -+ const grub_uint32_t parallelism, const void *pwd, -+ const grub_size_t pwdlen, const void *salt, const grub_size_t saltlen, -+ void *hash, const grub_size_t hashlen, argon2_type type, -+ const grub_uint32_t version){ -+ -+ argon2_context context; -+ int result; -+ grub_uint8_t *out; -+ -+ if (pwdlen > ARGON2_MAX_PWD_LENGTH) { -+ return ARGON2_PWD_TOO_LONG; -+ } -+ -+ if (saltlen > ARGON2_MAX_SALT_LENGTH) { -+ return ARGON2_SALT_TOO_LONG; -+ } -+ -+ if (hashlen > ARGON2_MAX_OUTLEN) { -+ return ARGON2_OUTPUT_TOO_LONG; -+ } -+ -+ if (hashlen < ARGON2_MIN_OUTLEN) { -+ return ARGON2_OUTPUT_TOO_SHORT; -+ } -+ -+ out = grub_malloc(hashlen); -+ if (!out) { -+ return ARGON2_MEMORY_ALLOCATION_ERROR; -+ } -+ -+ context.out = (grub_uint8_t *)out; -+ context.outlen = (grub_uint32_t)hashlen; -+ context.pwd = CONST_CAST(grub_uint8_t *)pwd; -+ context.pwdlen = (grub_uint32_t)pwdlen; -+ context.salt = CONST_CAST(grub_uint8_t *)salt; -+ context.saltlen = (grub_uint32_t)saltlen; -+ context.secret = NULL; -+ context.secretlen = 0; -+ context.ad = NULL; -+ context.adlen = 0; -+ context.t_cost = t_cost; -+ context.m_cost = m_cost; -+ context.lanes = parallelism; -+ context.threads = parallelism; -+ context.allocate_cbk = NULL; -+ context.grub_free_cbk = NULL; -+ context.flags = ARGON2_DEFAULT_FLAGS; -+ context.version = version; -+ -+ result = argon2_ctx(&context, type); -+ -+ if (result != ARGON2_OK) { -+ clear_internal_memory(out, hashlen); -+ grub_free(out); -+ return result; -+ } -+ -+ /* if raw hash requested, write it */ -+ if (hash) { -+ grub_memcpy(hash, out, hashlen); -+ } -+ -+ clear_internal_memory(out, hashlen); -+ grub_free(out); -+ -+ return ARGON2_OK; -+} -+ -+const char *argon2_error_message(int error_code) { -+ switch (error_code) { -+ case ARGON2_OK: -+ return "OK"; -+ case ARGON2_OUTPUT_PTR_NULL: -+ return "Output pointer is NULL"; -+ case ARGON2_OUTPUT_TOO_SHORT: -+ return "Output is too short"; -+ case ARGON2_OUTPUT_TOO_LONG: -+ return "Output is too long"; -+ case ARGON2_PWD_TOO_SHORT: -+ return "Password is too short"; -+ case ARGON2_PWD_TOO_LONG: -+ return "Password is too long"; -+ case ARGON2_SALT_TOO_SHORT: -+ return "Salt is too short"; -+ case ARGON2_SALT_TOO_LONG: -+ return "Salt is too long"; -+ case ARGON2_AD_TOO_SHORT: -+ return "Associated data is too short"; -+ case ARGON2_AD_TOO_LONG: -+ return "Associated data is too long"; -+ case ARGON2_SECRET_TOO_SHORT: -+ return "Secret is too short"; -+ case ARGON2_SECRET_TOO_LONG: -+ return "Secret is too long"; -+ case ARGON2_TIME_TOO_SMALL: -+ return "Time cost is too small"; -+ case ARGON2_TIME_TOO_LARGE: -+ return "Time cost is too large"; -+ case ARGON2_MEMORY_TOO_LITTLE: -+ return "Memory cost is too small"; -+ case ARGON2_MEMORY_TOO_MUCH: -+ return "Memory cost is too large"; -+ case ARGON2_LANES_TOO_FEW: -+ return "Too few lanes"; -+ case ARGON2_LANES_TOO_MANY: -+ return "Too many lanes"; -+ case ARGON2_PWD_PTR_MISMATCH: -+ return "Password pointer is NULL, but password length is not 0"; -+ case ARGON2_SALT_PTR_MISMATCH: -+ return "Salt pointer is NULL, but salt length is not 0"; -+ case ARGON2_SECRET_PTR_MISMATCH: -+ return "Secret pointer is NULL, but secret length is not 0"; -+ case ARGON2_AD_PTR_MISMATCH: -+ return "Associated data pointer is NULL, but ad length is not 0"; -+ case ARGON2_MEMORY_ALLOCATION_ERROR: -+ return "Memory allocation error"; -+ case ARGON2_FREE_MEMORY_CBK_NULL: -+ return "The grub_free memory callback is NULL"; -+ case ARGON2_ALLOCATE_MEMORY_CBK_NULL: -+ return "The allocate memory callback is NULL"; -+ case ARGON2_INCORRECT_PARAMETER: -+ return "Argon2_Context context is NULL"; -+ case ARGON2_INCORRECT_TYPE: -+ return "There is no such version of Argon2"; -+ case ARGON2_OUT_PTR_MISMATCH: -+ return "Output pointer mismatch"; -+ case ARGON2_THREADS_TOO_FEW: -+ return "Not enough threads"; -+ case ARGON2_THREADS_TOO_MANY: -+ return "Too many threads"; -+ case ARGON2_MISSING_ARGS: -+ return "Missing arguments"; -+ case ARGON2_ENCODING_FAIL: -+ return "Encoding failed"; -+ case ARGON2_DECODING_FAIL: -+ return "Decoding failed"; -+ case ARGON2_THREAD_FAIL: -+ return "Threading failure"; -+ case ARGON2_DECODING_LENGTH_FAIL: -+ return "Some of encoded parameters are too long or too short"; -+ case ARGON2_VERIFY_MISMATCH: -+ return "The password does not match the supplied hash"; -+ default: -+ return "Unknown error code"; -+ } -+} -diff --git a/grub-core/lib/argon2/argon2.h b/grub-core/lib/argon2/argon2.h -new file mode 100644 -index 000000000..129f7efbd ---- /dev/null -+++ b/grub-core/lib/argon2/argon2.h -@@ -0,0 +1,264 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef ARGON2_H -+#define ARGON2_H -+ -+#include <grub/misc.h> -+#include <grub/mm.h> -+ -+#if defined(__cplusplus) -+extern "C" { -+#endif -+ -+/* Symbols visibility control */ -+#ifdef A2_VISCTL -+#define ARGON2_PUBLIC __attribute__((visibility("default"))) -+#define ARGON2_LOCAL __attribute__ ((visibility ("hidden"))) -+#elif defined(_MSC_VER) -+#define ARGON2_PUBLIC __declspec(dllexport) -+#define ARGON2_LOCAL -+#else -+#define ARGON2_PUBLIC -+#define ARGON2_LOCAL -+#endif -+ -+/* -+ * Argon2 input parameter restrictions -+ */ -+ -+/* Minimum and maximum number of lanes (degree of parallelism) */ -+#define ARGON2_MIN_LANES GRUB_UINT32_C(1) -+#define ARGON2_MAX_LANES GRUB_UINT32_C(0xFFFFFF) -+ -+/* Minimum and maximum number of threads */ -+#define ARGON2_MIN_THREADS GRUB_UINT32_C(1) -+#define ARGON2_MAX_THREADS GRUB_UINT32_C(0xFFFFFF) -+ -+/* Number of synchronization points between lanes per pass */ -+#define ARGON2_SYNC_POINTS GRUB_UINT32_C(4) -+ -+/* Minimum and maximum digest size in bytes */ -+#define ARGON2_MIN_OUTLEN GRUB_UINT32_C(4) -+#define ARGON2_MAX_OUTLEN GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum number of memory blocks (each of BLOCK_SIZE bytes) */ -+#define ARGON2_MIN_MEMORY (2 * ARGON2_SYNC_POINTS) /* 2 blocks per slice */ -+ -+#define ARGON2_MIN(a, b) ((a) < (b) ? (a) : (b)) -+/* Max memory size is addressing-space/2, topping at 2^32 blocks (4 TB) */ -+#define ARGON2_MAX_MEMORY_BITS \ -+ ARGON2_MIN(GRUB_UINT32_C(32), (sizeof(void *) * GRUB_CHAR_BIT - 10 - 1)) -+#define ARGON2_MAX_MEMORY \ -+ ARGON2_MIN(GRUB_UINT32_C(0xFFFFFFFF), GRUB_UINT64_C(1) << ARGON2_MAX_MEMORY_BITS) -+ -+/* Minimum and maximum number of passes */ -+#define ARGON2_MIN_TIME GRUB_UINT32_C(1) -+#define ARGON2_MAX_TIME GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum password length in bytes */ -+#define ARGON2_MIN_PWD_LENGTH GRUB_UINT32_C(0) -+#define ARGON2_MAX_PWD_LENGTH GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum associated data length in bytes */ -+#define ARGON2_MIN_AD_LENGTH GRUB_UINT32_C(0) -+#define ARGON2_MAX_AD_LENGTH GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum salt length in bytes */ -+#define ARGON2_MIN_SALT_LENGTH GRUB_UINT32_C(8) -+#define ARGON2_MAX_SALT_LENGTH GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum key length in bytes */ -+#define ARGON2_MIN_SECRET GRUB_UINT32_C(0) -+#define ARGON2_MAX_SECRET GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Flags to determine which fields are securely wiped (default = no wipe). */ -+#define ARGON2_DEFAULT_FLAGS GRUB_UINT32_C(0) -+#define ARGON2_FLAG_CLEAR_PASSWORD (GRUB_UINT32_C(1) << 0) -+#define ARGON2_FLAG_CLEAR_SECRET (GRUB_UINT32_C(1) << 1) -+ -+/* Global flag to determine if we are wiping internal memory buffers. This flag -+ * is defined in core.c and defaults to 1 (wipe internal memory). */ -+extern int FLAG_clear_internal_memory; -+ -+/* Error codes */ -+typedef enum Argon2_ErrorCodes { -+ ARGON2_OK = 0, -+ -+ ARGON2_OUTPUT_PTR_NULL = -1, -+ -+ ARGON2_OUTPUT_TOO_SHORT = -2, -+ ARGON2_OUTPUT_TOO_LONG = -3, -+ -+ ARGON2_PWD_TOO_SHORT = -4, -+ ARGON2_PWD_TOO_LONG = -5, -+ -+ ARGON2_SALT_TOO_SHORT = -6, -+ ARGON2_SALT_TOO_LONG = -7, -+ -+ ARGON2_AD_TOO_SHORT = -8, -+ ARGON2_AD_TOO_LONG = -9, -+ -+ ARGON2_SECRET_TOO_SHORT = -10, -+ ARGON2_SECRET_TOO_LONG = -11, -+ -+ ARGON2_TIME_TOO_SMALL = -12, -+ ARGON2_TIME_TOO_LARGE = -13, -+ -+ ARGON2_MEMORY_TOO_LITTLE = -14, -+ ARGON2_MEMORY_TOO_MUCH = -15, -+ -+ ARGON2_LANES_TOO_FEW = -16, -+ ARGON2_LANES_TOO_MANY = -17, -+ -+ ARGON2_PWD_PTR_MISMATCH = -18, /* NULL ptr with non-zero length */ -+ ARGON2_SALT_PTR_MISMATCH = -19, /* NULL ptr with non-zero length */ -+ ARGON2_SECRET_PTR_MISMATCH = -20, /* NULL ptr with non-zero length */ -+ ARGON2_AD_PTR_MISMATCH = -21, /* NULL ptr with non-zero length */ -+ -+ ARGON2_MEMORY_ALLOCATION_ERROR = -22, -+ -+ ARGON2_FREE_MEMORY_CBK_NULL = -23, -+ ARGON2_ALLOCATE_MEMORY_CBK_NULL = -24, -+ -+ ARGON2_INCORRECT_PARAMETER = -25, -+ ARGON2_INCORRECT_TYPE = -26, -+ -+ ARGON2_OUT_PTR_MISMATCH = -27, -+ -+ ARGON2_THREADS_TOO_FEW = -28, -+ ARGON2_THREADS_TOO_MANY = -29, -+ -+ ARGON2_MISSING_ARGS = -30, -+ -+ ARGON2_ENCODING_FAIL = -31, -+ -+ ARGON2_DECODING_FAIL = -32, -+ -+ ARGON2_THREAD_FAIL = -33, -+ -+ ARGON2_DECODING_LENGTH_FAIL = -34, -+ -+ ARGON2_VERIFY_MISMATCH = -35 -+} argon2_error_codes; -+ -+/* Memory allocator types --- for external allocation */ -+typedef int (*allocate_fptr)(grub_uint8_t **memory, grub_size_t bytes_to_allocate); -+typedef void (*deallocate_fptr)(grub_uint8_t *memory, grub_size_t bytes_to_allocate); -+ -+/* Argon2 external data structures */ -+ -+/* -+ ***** -+ * Context: structure to hold Argon2 inputs: -+ * output array and its length, -+ * password and its length, -+ * salt and its length, -+ * secret and its length, -+ * associated data and its length, -+ * number of passes, amount of used memory (in KBytes, can be rounded up a bit) -+ * number of parallel threads that will be run. -+ * All the parameters above affect the output hash value. -+ * Additionally, two function pointers can be provided to allocate and -+ * deallocate the memory (if NULL, memory will be allocated internally). -+ * Also, three flags indicate whether to erase password, secret as soon as they -+ * are pre-hashed (and thus not needed anymore), and the entire memory -+ ***** -+ * Simplest situation: you have output array out[8], password is stored in -+ * pwd[32], salt is stored in salt[16], you do not have keys nor associated -+ * data. You need to spend 1 GB of RAM and you run 5 passes of Argon2d with -+ * 4 parallel lanes. -+ * You want to erase the password, but you're OK with last pass not being -+ * erased. You want to use the default memory allocator. -+ * Then you initialize: -+ Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false) -+ */ -+typedef struct Argon2_Context { -+ grub_uint8_t *out; /* output array */ -+ grub_uint32_t outlen; /* digest length */ -+ -+ grub_uint8_t *pwd; /* password array */ -+ grub_uint32_t pwdlen; /* password length */ -+ -+ grub_uint8_t *salt; /* salt array */ -+ grub_uint32_t saltlen; /* salt length */ -+ -+ grub_uint8_t *secret; /* key array */ -+ grub_uint32_t secretlen; /* key length */ -+ -+ grub_uint8_t *ad; /* associated data array */ -+ grub_uint32_t adlen; /* associated data length */ -+ -+ grub_uint32_t t_cost; /* number of passes */ -+ grub_uint32_t m_cost; /* amount of memory requested (KB) */ -+ grub_uint32_t lanes; /* number of lanes */ -+ grub_uint32_t threads; /* maximum number of threads */ -+ -+ grub_uint32_t version; /* version number */ -+ -+ allocate_fptr allocate_cbk; /* pointer to memory allocator */ -+ deallocate_fptr grub_free_cbk; /* pointer to memory deallocator */ -+ -+ grub_uint32_t flags; /* array of bool options */ -+} argon2_context; -+ -+/* Argon2 primitive type */ -+typedef enum Argon2_type { -+ Argon2_d = 0, -+ Argon2_i = 1, -+ Argon2_id = 2 -+} argon2_type; -+ -+/* Version of the algorithm */ -+typedef enum Argon2_version { -+ ARGON2_VERSION_10 = 0x10, -+ ARGON2_VERSION_13 = 0x13, -+ ARGON2_VERSION_NUMBER = ARGON2_VERSION_13 -+} argon2_version; -+ -+/** -+ * Hashes a password with Argon2, producing a raw hash at @hash -+ * @param t_cost Number of iterations -+ * @param m_cost Sets memory usage to m_cost kibibytes -+ * @param parallelism Number of threads and compute lanes -+ * @param pwd Pointer to password -+ * @param pwdlen Password size in bytes -+ * @param salt Pointer to salt -+ * @param saltlen Salt size in bytes -+ * @param hash Buffer where to write the raw hash - updated by the function -+ * @param hashlen Desired length of the hash in bytes -+ * @pre Different parallelism levels will give different results -+ * @pre Returns ARGON2_OK if successful -+ */ -+ARGON2_PUBLIC int argon2_hash(const grub_uint32_t t_cost, const grub_uint32_t m_cost, -+ const grub_uint32_t parallelism, const void *pwd, -+ const grub_size_t pwdlen, const void *salt, -+ const grub_size_t saltlen, void *hash, -+ const grub_size_t hashlen, argon2_type type, -+ const grub_uint32_t version); -+ -+/** -+ * Get the associated error message for given error code -+ * @return The error message associated with the given error code -+ */ -+ARGON2_PUBLIC const char *argon2_error_message(int error_code); -+ -+#if defined(__cplusplus) -+} -+#endif -+ -+#endif -diff --git a/grub-core/lib/argon2/blake2/blake2-impl.h b/grub-core/lib/argon2/blake2/blake2-impl.h -new file mode 100644 -index 000000000..3a795680b ---- /dev/null -+++ b/grub-core/lib/argon2/blake2/blake2-impl.h -@@ -0,0 +1,151 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef PORTABLE_BLAKE2_IMPL_H -+#define PORTABLE_BLAKE2_IMPL_H -+ -+#if defined(_MSC_VER) -+#define BLAKE2_INLINE __inline -+#elif defined(__GNUC__) || defined(__clang__) -+#define BLAKE2_INLINE __inline__ -+#else -+#define BLAKE2_INLINE -+#endif -+ -+/* Argon2 Team - Begin Code */ -+/* -+ Not an exhaustive list, but should cover the majority of modern platforms -+ Additionally, the code will always be correct---this is only a performance -+ tweak. -+*/ -+#if (defined(__BYTE_ORDER__) && \ -+ (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) || \ -+ defined(__LITTLE_ENDIAN__) || defined(__ARMEL__) || defined(__MIPSEL__) || \ -+ defined(__AARCH64EL__) || defined(__amd64__) || defined(__i386__) || \ -+ defined(_M_IX86) || defined(_M_X64) || defined(_M_AMD64) || \ -+ defined(_M_ARM) -+#define NATIVE_LITTLE_ENDIAN -+#endif -+/* Argon2 Team - End Code */ -+ -+static BLAKE2_INLINE grub_uint32_t load32(const void *src) { -+#if defined(NATIVE_LITTLE_ENDIAN) -+ grub_uint32_t w; -+ grub_memcpy(&w, src, sizeof w); -+ return w; -+#else -+ const grub_uint8_t *p = (const grub_uint8_t *)src; -+ grub_uint32_t w = *p++; -+ w |= (grub_uint32_t)(*p++) << 8; -+ w |= (grub_uint32_t)(*p++) << 16; -+ w |= (grub_uint32_t)(*p++) << 24; -+ return w; -+#endif -+} -+ -+static BLAKE2_INLINE grub_uint64_t load64(const void *src) { -+#if defined(NATIVE_LITTLE_ENDIAN) -+ grub_uint64_t w; -+ grub_memcpy(&w, src, sizeof w); -+ return w; -+#else -+ const grub_uint8_t *p = (const grub_uint8_t *)src; -+ grub_uint64_t w = *p++; -+ w |= (grub_uint64_t)(*p++) << 8; -+ w |= (grub_uint64_t)(*p++) << 16; -+ w |= (grub_uint64_t)(*p++) << 24; -+ w |= (grub_uint64_t)(*p++) << 32; -+ w |= (grub_uint64_t)(*p++) << 40; -+ w |= (grub_uint64_t)(*p++) << 48; -+ w |= (grub_uint64_t)(*p++) << 56; -+ return w; -+#endif -+} -+ -+static BLAKE2_INLINE void store32(void *dst, grub_uint32_t w) { -+#if defined(NATIVE_LITTLE_ENDIAN) -+ grub_memcpy(dst, &w, sizeof w); -+#else -+ grub_uint8_t *p = (grub_uint8_t *)dst; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+#endif -+} -+ -+static BLAKE2_INLINE void store64(void *dst, grub_uint64_t w) { -+#if defined(NATIVE_LITTLE_ENDIAN) -+ grub_memcpy(dst, &w, sizeof w); -+#else -+ grub_uint8_t *p = (grub_uint8_t *)dst; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+#endif -+} -+ -+static BLAKE2_INLINE grub_uint64_t load48(const void *src) { -+ const grub_uint8_t *p = (const grub_uint8_t *)src; -+ grub_uint64_t w = *p++; -+ w |= (grub_uint64_t)(*p++) << 8; -+ w |= (grub_uint64_t)(*p++) << 16; -+ w |= (grub_uint64_t)(*p++) << 24; -+ w |= (grub_uint64_t)(*p++) << 32; -+ w |= (grub_uint64_t)(*p++) << 40; -+ return w; -+} -+ -+static BLAKE2_INLINE void store48(void *dst, grub_uint64_t w) { -+ grub_uint8_t *p = (grub_uint8_t *)dst; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+} -+ -+static BLAKE2_INLINE grub_uint32_t rotr32(const grub_uint32_t w, const unsigned c) { -+ return (w >> c) | (w << (32 - c)); -+} -+ -+static BLAKE2_INLINE grub_uint64_t rotr64(const grub_uint64_t w, const unsigned c) { -+ return (w >> c) | (w << (64 - c)); -+} -+ -+#endif -diff --git a/grub-core/lib/argon2/blake2/blake2.h b/grub-core/lib/argon2/blake2/blake2.h -new file mode 100644 -index 000000000..4e8efeb22 ---- /dev/null -+++ b/grub-core/lib/argon2/blake2/blake2.h -@@ -0,0 +1,89 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef PORTABLE_BLAKE2_H -+#define PORTABLE_BLAKE2_H -+ -+#include "../argon2.h" -+ -+#if defined(__cplusplus) -+extern "C" { -+#endif -+ -+enum blake2b_constant { -+ BLAKE2B_BLOCKBYTES = 128, -+ BLAKE2B_OUTBYTES = 64, -+ BLAKE2B_KEYBYTES = 64, -+ BLAKE2B_SALTBYTES = 16, -+ BLAKE2B_PERSONALBYTES = 16 -+}; -+ -+#pragma pack(push, 1) -+typedef struct __blake2b_param { -+ grub_uint8_t digest_length; /* 1 */ -+ grub_uint8_t key_length; /* 2 */ -+ grub_uint8_t fanout; /* 3 */ -+ grub_uint8_t depth; /* 4 */ -+ grub_uint32_t leaf_length; /* 8 */ -+ grub_uint64_t node_offset; /* 16 */ -+ grub_uint8_t node_depth; /* 17 */ -+ grub_uint8_t inner_length; /* 18 */ -+ grub_uint8_t reserved[14]; /* 32 */ -+ grub_uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ -+ grub_uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ -+} blake2b_param; -+#pragma pack(pop) -+ -+typedef struct __blake2b_state { -+ grub_uint64_t h[8]; -+ grub_uint64_t t[2]; -+ grub_uint64_t f[2]; -+ grub_uint8_t buf[BLAKE2B_BLOCKBYTES]; -+ unsigned buflen; -+ unsigned outlen; -+ grub_uint8_t last_node; -+} blake2b_state; -+ -+/* Ensure param structs have not been wrongly padded */ -+/* Poor man's static_assert */ -+enum { -+ blake2_size_check_0 = 1 / !!(GRUB_CHAR_BIT == 8), -+ blake2_size_check_2 = -+ 1 / !!(sizeof(blake2b_param) == sizeof(grub_uint64_t) * GRUB_CHAR_BIT) -+}; -+ -+/* Streaming API */ -+ARGON2_LOCAL int blake2b_init(blake2b_state *S, grub_size_t outlen); -+ARGON2_LOCAL int blake2b_init_key(blake2b_state *S, grub_size_t outlen, const void *key, -+ grub_size_t keylen); -+ARGON2_LOCAL int blake2b_init_param(blake2b_state *S, const blake2b_param *P); -+ARGON2_LOCAL int blake2b_update(blake2b_state *S, const void *in, grub_size_t inlen); -+ARGON2_LOCAL int blake2b_final(blake2b_state *S, void *out, grub_size_t outlen); -+ -+/* Simple API */ -+ARGON2_LOCAL int blake2b(void *out, grub_size_t outlen, const void *in, grub_size_t inlen, -+ const void *key, grub_size_t keylen); -+ -+/* Argon2 Team - Begin Code */ -+ARGON2_LOCAL int blake2b_long(void *out, grub_size_t outlen, const void *in, grub_size_t inlen); -+/* Argon2 Team - End Code */ -+ -+#if defined(__cplusplus) -+} -+#endif -+ -+#endif -diff --git a/grub-core/lib/argon2/blake2/blake2b.c b/grub-core/lib/argon2/blake2/blake2b.c -new file mode 100644 -index 000000000..53abd7bef ---- /dev/null -+++ b/grub-core/lib/argon2/blake2/blake2b.c -@@ -0,0 +1,388 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#include "blake2.h" -+#include "blake2-impl.h" -+ -+static const grub_uint64_t blake2b_IV[8] = { -+ GRUB_UINT64_C(0x6a09e667f3bcc908), GRUB_UINT64_C(0xbb67ae8584caa73b), -+ GRUB_UINT64_C(0x3c6ef372fe94f82b), GRUB_UINT64_C(0xa54ff53a5f1d36f1), -+ GRUB_UINT64_C(0x510e527fade682d1), GRUB_UINT64_C(0x9b05688c2b3e6c1f), -+ GRUB_UINT64_C(0x1f83d9abfb41bd6b), GRUB_UINT64_C(0x5be0cd19137e2179)}; -+ -+static const unsigned int blake2b_sigma[12][16] = { -+ {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, -+ {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, -+ {11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4}, -+ {7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8}, -+ {9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13}, -+ {2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9}, -+ {12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11}, -+ {13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10}, -+ {6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5}, -+ {10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0}, -+ {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, -+ {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, -+}; -+ -+void clear_internal_memory(void *v, grub_size_t n); -+ -+static BLAKE2_INLINE void blake2b_set_lastnode(blake2b_state *S) { -+ S->f[1] = (grub_uint64_t)-1; -+} -+ -+static BLAKE2_INLINE void blake2b_set_lastblock(blake2b_state *S) { -+ if (S->last_node) { -+ blake2b_set_lastnode(S); -+ } -+ S->f[0] = (grub_uint64_t)-1; -+} -+ -+static BLAKE2_INLINE void blake2b_increment_counter(blake2b_state *S, -+ grub_uint64_t inc) { -+ S->t[0] += inc; -+ S->t[1] += (S->t[0] < inc); -+} -+ -+static BLAKE2_INLINE void blake2b_invalidate_state(blake2b_state *S) { -+ clear_internal_memory(S, sizeof(*S)); /* wipe */ -+ blake2b_set_lastblock(S); /* invalidate for further use */ -+} -+ -+static BLAKE2_INLINE void blake2b_init0(blake2b_state *S) { -+ grub_memset(S, 0, sizeof(*S)); -+ grub_memcpy(S->h, blake2b_IV, sizeof(S->h)); -+} -+ -+int blake2b_init_param(blake2b_state *S, const blake2b_param *P) { -+ const unsigned char *p = (const unsigned char *)P; -+ unsigned int i; -+ -+ if (NULL == P || NULL == S) { -+ return -1; -+ } -+ -+ blake2b_init0(S); -+ /* IV XOR Parameter Block */ -+ for (i = 0; i < 8; ++i) { -+ S->h[i] ^= load64(&p[i * sizeof(S->h[i])]); -+ } -+ S->outlen = P->digest_length; -+ return 0; -+} -+ -+/* Sequential blake2b initialization */ -+int blake2b_init(blake2b_state *S, grub_size_t outlen) { -+ blake2b_param P; -+ -+ if (S == NULL) { -+ return -1; -+ } -+ -+ if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { -+ blake2b_invalidate_state(S); -+ return -1; -+ } -+ -+ /* Setup Parameter Block for unkeyed BLAKE2 */ -+ P.digest_length = (grub_uint8_t)outlen; -+ P.key_length = 0; -+ P.fanout = 1; -+ P.depth = 1; -+ P.leaf_length = 0; -+ P.node_offset = 0; -+ P.node_depth = 0; -+ P.inner_length = 0; -+ grub_memset(P.reserved, 0, sizeof(P.reserved)); -+ grub_memset(P.salt, 0, sizeof(P.salt)); -+ grub_memset(P.personal, 0, sizeof(P.personal)); -+ -+ return blake2b_init_param(S, &P); -+} -+ -+int blake2b_init_key(blake2b_state *S, grub_size_t outlen, const void *key, -+ grub_size_t keylen) { -+ blake2b_param P; -+ -+ if (S == NULL) { -+ return -1; -+ } -+ -+ if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { -+ blake2b_invalidate_state(S); -+ return -1; -+ } -+ -+ if ((key == 0) || (keylen == 0) || (keylen > BLAKE2B_KEYBYTES)) { -+ blake2b_invalidate_state(S); -+ return -1; -+ } -+ -+ /* Setup Parameter Block for keyed BLAKE2 */ -+ P.digest_length = (grub_uint8_t)outlen; -+ P.key_length = (grub_uint8_t)keylen; -+ P.fanout = 1; -+ P.depth = 1; -+ P.leaf_length = 0; -+ P.node_offset = 0; -+ P.node_depth = 0; -+ P.inner_length = 0; -+ grub_memset(P.reserved, 0, sizeof(P.reserved)); -+ grub_memset(P.salt, 0, sizeof(P.salt)); -+ grub_memset(P.personal, 0, sizeof(P.personal)); -+ -+ if (blake2b_init_param(S, &P) < 0) { -+ blake2b_invalidate_state(S); -+ return -1; -+ } -+ -+ { -+ grub_uint8_t block[BLAKE2B_BLOCKBYTES]; -+ grub_memset(block, 0, BLAKE2B_BLOCKBYTES); -+ grub_memcpy(block, key, keylen); -+ blake2b_update(S, block, BLAKE2B_BLOCKBYTES); -+ /* Burn the key from stack */ -+ clear_internal_memory(block, BLAKE2B_BLOCKBYTES); -+ } -+ return 0; -+} -+ -+static void blake2b_compress(blake2b_state *S, const grub_uint8_t *block) { -+ grub_uint64_t m[16]; -+ grub_uint64_t v[16]; -+ unsigned int i, r; -+ -+ for (i = 0; i < 16; ++i) { -+ m[i] = load64(block + i * sizeof(m[i])); -+ } -+ -+ for (i = 0; i < 8; ++i) { -+ v[i] = S->h[i]; -+ } -+ -+ v[8] = blake2b_IV[0]; -+ v[9] = blake2b_IV[1]; -+ v[10] = blake2b_IV[2]; -+ v[11] = blake2b_IV[3]; -+ v[12] = blake2b_IV[4] ^ S->t[0]; -+ v[13] = blake2b_IV[5] ^ S->t[1]; -+ v[14] = blake2b_IV[6] ^ S->f[0]; -+ v[15] = blake2b_IV[7] ^ S->f[1]; -+ -+#define G(r, i, a, b, c, d) \ -+ do { \ -+ a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \ -+ d = rotr64(d ^ a, 32); \ -+ c = c + d; \ -+ b = rotr64(b ^ c, 24); \ -+ a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \ -+ d = rotr64(d ^ a, 16); \ -+ c = c + d; \ -+ b = rotr64(b ^ c, 63); \ -+ } while ((void)0, 0) -+ -+#define ROUND(r) \ -+ do { \ -+ G(r, 0, v[0], v[4], v[8], v[12]); \ -+ G(r, 1, v[1], v[5], v[9], v[13]); \ -+ G(r, 2, v[2], v[6], v[10], v[14]); \ -+ G(r, 3, v[3], v[7], v[11], v[15]); \ -+ G(r, 4, v[0], v[5], v[10], v[15]); \ -+ G(r, 5, v[1], v[6], v[11], v[12]); \ -+ G(r, 6, v[2], v[7], v[8], v[13]); \ -+ G(r, 7, v[3], v[4], v[9], v[14]); \ -+ } while ((void)0, 0) -+ -+ for (r = 0; r < 12; ++r) { -+ ROUND(r); -+ } -+ -+ for (i = 0; i < 8; ++i) { -+ S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; -+ } -+ -+#undef G -+#undef ROUND -+} -+ -+int blake2b_update(blake2b_state *S, const void *in, grub_size_t inlen) { -+ const grub_uint8_t *pin = (const grub_uint8_t *)in; -+ -+ if (inlen == 0) { -+ return 0; -+ } -+ -+ /* Sanity check */ -+ if (S == NULL || in == NULL) { -+ return -1; -+ } -+ -+ /* Is this a reused state? */ -+ if (S->f[0] != 0) { -+ return -1; -+ } -+ -+ if (S->buflen + inlen > BLAKE2B_BLOCKBYTES) { -+ /* Complete current block */ -+ grub_size_t left = S->buflen; -+ grub_size_t fill = BLAKE2B_BLOCKBYTES - left; -+ grub_memcpy(&S->buf[left], pin, fill); -+ blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); -+ blake2b_compress(S, S->buf); -+ S->buflen = 0; -+ inlen -= fill; -+ pin += fill; -+ /* Avoid buffer copies when possible */ -+ while (inlen > BLAKE2B_BLOCKBYTES) { -+ blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); -+ blake2b_compress(S, pin); -+ inlen -= BLAKE2B_BLOCKBYTES; -+ pin += BLAKE2B_BLOCKBYTES; -+ } -+ } -+ grub_memcpy(&S->buf[S->buflen], pin, inlen); -+ S->buflen += (unsigned int)inlen; -+ return 0; -+} -+ -+int blake2b_final(blake2b_state *S, void *out, grub_size_t outlen) { -+ grub_uint8_t buffer[BLAKE2B_OUTBYTES] = {0}; -+ unsigned int i; -+ -+ /* Sanity checks */ -+ if (S == NULL || out == NULL || outlen < S->outlen) { -+ return -1; -+ } -+ -+ /* Is this a reused state? */ -+ if (S->f[0] != 0) { -+ return -1; -+ } -+ -+ blake2b_increment_counter(S, S->buflen); -+ blake2b_set_lastblock(S); -+ grub_memset(&S->buf[S->buflen], 0, BLAKE2B_BLOCKBYTES - S->buflen); /* Padding */ -+ blake2b_compress(S, S->buf); -+ -+ for (i = 0; i < 8; ++i) { /* Output full hash to temp buffer */ -+ store64(buffer + sizeof(S->h[i]) * i, S->h[i]); -+ } -+ -+ grub_memcpy(out, buffer, S->outlen); -+ clear_internal_memory(buffer, sizeof(buffer)); -+ clear_internal_memory(S->buf, sizeof(S->buf)); -+ clear_internal_memory(S->h, sizeof(S->h)); -+ return 0; -+} -+ -+int blake2b(void *out, grub_size_t outlen, const void *in, grub_size_t inlen, -+ const void *key, grub_size_t keylen) { -+ blake2b_state S; -+ int ret = -1; -+ -+ /* Verify parameters */ -+ if (NULL == in && inlen > 0) { -+ goto fail; -+ } -+ -+ if (NULL == out || outlen == 0 || outlen > BLAKE2B_OUTBYTES) { -+ goto fail; -+ } -+ -+ if ((NULL == key && keylen > 0) || keylen > BLAKE2B_KEYBYTES) { -+ goto fail; -+ } -+ -+ if (keylen > 0) { -+ if (blake2b_init_key(&S, outlen, key, keylen) < 0) { -+ goto fail; -+ } -+ } else { -+ if (blake2b_init(&S, outlen) < 0) { -+ goto fail; -+ } -+ } -+ -+ if (blake2b_update(&S, in, inlen) < 0) { -+ goto fail; -+ } -+ ret = blake2b_final(&S, out, outlen); -+ -+fail: -+ clear_internal_memory(&S, sizeof(S)); -+ return ret; -+} -+ -+/* Argon2 Team - Begin Code */ -+int blake2b_long(void *pout, grub_size_t outlen, const void *in, grub_size_t inlen) { -+ grub_uint8_t *out = (grub_uint8_t *)pout; -+ blake2b_state blake_state; -+ grub_uint8_t outlen_bytes[sizeof(grub_uint32_t)] = {0}; -+ int ret = -1; -+ -+ if (outlen > GRUB_UINT32_MAX) { -+ goto fail; -+ } -+ -+ /* Ensure little-endian byte order! */ -+ store32(outlen_bytes, (grub_uint32_t)outlen); -+ -+#define TRY(statement) \ -+ do { \ -+ ret = statement; \ -+ if (ret < 0) { \ -+ goto fail; \ -+ } \ -+ } while ((void)0, 0) -+ -+ if (outlen <= BLAKE2B_OUTBYTES) { -+ TRY(blake2b_init(&blake_state, outlen)); -+ TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); -+ TRY(blake2b_update(&blake_state, in, inlen)); -+ TRY(blake2b_final(&blake_state, out, outlen)); -+ } else { -+ grub_uint32_t toproduce; -+ grub_uint8_t out_buffer[BLAKE2B_OUTBYTES]; -+ grub_uint8_t in_buffer[BLAKE2B_OUTBYTES]; -+ TRY(blake2b_init(&blake_state, BLAKE2B_OUTBYTES)); -+ TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); -+ TRY(blake2b_update(&blake_state, in, inlen)); -+ TRY(blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES)); -+ grub_memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); -+ out += BLAKE2B_OUTBYTES / 2; -+ toproduce = (grub_uint32_t)outlen - BLAKE2B_OUTBYTES / 2; -+ -+ while (toproduce > BLAKE2B_OUTBYTES) { -+ grub_memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); -+ TRY(blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer, -+ BLAKE2B_OUTBYTES, NULL, 0)); -+ grub_memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); -+ out += BLAKE2B_OUTBYTES / 2; -+ toproduce -= BLAKE2B_OUTBYTES / 2; -+ } -+ -+ grub_memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); -+ TRY(blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL, -+ 0)); -+ grub_memcpy(out, out_buffer, toproduce); -+ } -+fail: -+ clear_internal_memory(&blake_state, sizeof(blake_state)); -+ return ret; -+#undef TRY -+} -+/* Argon2 Team - End Code */ -diff --git a/grub-core/lib/argon2/blake2/blamka-round-ref.h b/grub-core/lib/argon2/blake2/blamka-round-ref.h -new file mode 100644 -index 000000000..7f0071ada ---- /dev/null -+++ b/grub-core/lib/argon2/blake2/blamka-round-ref.h -@@ -0,0 +1,56 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef BLAKE_ROUND_MKA_H -+#define BLAKE_ROUND_MKA_H -+ -+#include "blake2.h" -+#include "blake2-impl.h" -+ -+/* designed by the Lyra PHC team */ -+static BLAKE2_INLINE grub_uint64_t fBlaMka(grub_uint64_t x, grub_uint64_t y) { -+ const grub_uint64_t m = GRUB_UINT64_C(0xFFFFFFFF); -+ const grub_uint64_t xy = (x & m) * (y & m); -+ return x + y + 2 * xy; -+} -+ -+#define G(a, b, c, d) \ -+ do { \ -+ a = fBlaMka(a, b); \ -+ d = rotr64(d ^ a, 32); \ -+ c = fBlaMka(c, d); \ -+ b = rotr64(b ^ c, 24); \ -+ a = fBlaMka(a, b); \ -+ d = rotr64(d ^ a, 16); \ -+ c = fBlaMka(c, d); \ -+ b = rotr64(b ^ c, 63); \ -+ } while ((void)0, 0) -+ -+#define BLAKE2_ROUND_NOMSG(v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, \ -+ v12, v13, v14, v15) \ -+ do { \ -+ G(v0, v4, v8, v12); \ -+ G(v1, v5, v9, v13); \ -+ G(v2, v6, v10, v14); \ -+ G(v3, v7, v11, v15); \ -+ G(v0, v5, v10, v15); \ -+ G(v1, v6, v11, v12); \ -+ G(v2, v7, v8, v13); \ -+ G(v3, v4, v9, v14); \ -+ } while ((void)0, 0) -+ -+#endif -diff --git a/grub-core/lib/argon2/core.c b/grub-core/lib/argon2/core.c -new file mode 100644 -index 000000000..0fe5b74cb ---- /dev/null -+++ b/grub-core/lib/argon2/core.c -@@ -0,0 +1,506 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+/*For memory wiping*/ -+#ifdef _MSC_VER -+#include <windows.h> -+#include <winbase.h> /* For SecureZeroMemory */ -+#endif -+#if defined __STDC_LIB_EXT1__ -+#define __STDC_WANT_LIB_EXT1__ 1 -+#endif -+#define VC_GE_2005(version) (version >= 1400) -+ -+#include "core.h" -+#include "blake2/blake2.h" -+#include "blake2/blake2-impl.h" -+ -+#ifdef GENKAT -+#include "genkat.h" -+#endif -+ -+#if defined(__clang__) -+#if __has_attribute(optnone) -+#define NOT_OPTIMIZED __attribute__((optnone)) -+#endif -+#elif defined(__GNUC__) -+#define GCC_VERSION \ -+ (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) -+#if GCC_VERSION >= 40400 -+#define NOT_OPTIMIZED __attribute__((optimize("O0"))) -+#endif -+#endif -+#ifndef NOT_OPTIMIZED -+#define NOT_OPTIMIZED -+#endif -+ -+/***************Instance and Position constructors**********/ -+void init_block_value(block *b, grub_uint8_t in) { grub_memset(b->v, in, sizeof(b->v)); } -+ -+void copy_block(block *dst, const block *src) { -+ grub_memcpy(dst->v, src->v, sizeof(grub_uint64_t) * ARGON2_QWORDS_IN_BLOCK); -+} -+ -+void xor_block(block *dst, const block *src) { -+ int i; -+ for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { -+ dst->v[i] ^= src->v[i]; -+ } -+} -+ -+static void load_block(block *dst, const void *input) { -+ unsigned i; -+ for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { -+ dst->v[i] = load64((const grub_uint8_t *)input + i * sizeof(dst->v[i])); -+ } -+} -+ -+static void store_block(void *output, const block *src) { -+ unsigned i; -+ for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { -+ store64((grub_uint8_t *)output + i * sizeof(src->v[i]), src->v[i]); -+ } -+} -+ -+/***************Memory functions*****************/ -+ -+int allocate_memory(const argon2_context *context, grub_uint8_t **memory, -+ grub_size_t num, grub_size_t size) { -+ grub_size_t memory_size = num*size; -+ if (memory == NULL) { -+ return ARGON2_MEMORY_ALLOCATION_ERROR; -+ } -+ -+ /* 1. Check for multiplication overflow */ -+ if (size != 0 && memory_size / size != num) { -+ return ARGON2_MEMORY_ALLOCATION_ERROR; -+ } -+ -+ /* 2. Try to allocate with appropriate allocator */ -+ if (context->allocate_cbk) { -+ (context->allocate_cbk)(memory, memory_size); -+ } else { -+ *memory = grub_malloc(memory_size); -+ } -+ -+ if (*memory == NULL) { -+ return ARGON2_MEMORY_ALLOCATION_ERROR; -+ } -+ -+ return ARGON2_OK; -+} -+ -+void grub_free_memory(const argon2_context *context, grub_uint8_t *memory, -+ grub_size_t num, grub_size_t size) { -+ grub_size_t memory_size = num*size; -+ clear_internal_memory(memory, memory_size); -+ if (context->grub_free_cbk) { -+ (context->grub_free_cbk)(memory, memory_size); -+ } else { -+ grub_free(memory); -+ } -+} -+ -+void NOT_OPTIMIZED secure_wipe_memory(void *v, grub_size_t n) { -+ static void *(*const volatile grub_memset_sec)(void *, int, grub_size_t) = &grub_memset; -+ grub_memset_sec(v, 0, n); -+} -+ -+/* Memory clear flag defaults to true. */ -+int FLAG_clear_internal_memory = 1; -+void clear_internal_memory(void *v, grub_size_t n) { -+ if (FLAG_clear_internal_memory && v) { -+ secure_wipe_memory(v, n); -+ } -+} -+ -+void finalize(const argon2_context *context, argon2_instance_t *instance) { -+ if (context != NULL && instance != NULL) { -+ block blockhash; -+ grub_uint32_t l; -+ -+ copy_block(&blockhash, instance->memory + instance->lane_length - 1); -+ -+ /* XOR the last blocks */ -+ for (l = 1; l < instance->lanes; ++l) { -+ grub_uint32_t last_block_in_lane = -+ l * instance->lane_length + (instance->lane_length - 1); -+ xor_block(&blockhash, instance->memory + last_block_in_lane); -+ } -+ -+ /* Hash the result */ -+ { -+ grub_uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; -+ store_block(blockhash_bytes, &blockhash); -+ blake2b_long(context->out, context->outlen, blockhash_bytes, -+ ARGON2_BLOCK_SIZE); -+ /* clear blockhash and blockhash_bytes */ -+ clear_internal_memory(blockhash.v, ARGON2_BLOCK_SIZE); -+ clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); -+ } -+ -+#ifdef GENKAT -+ print_tag(context->out, context->outlen); -+#endif -+ -+ grub_free_memory(context, (grub_uint8_t *)instance->memory, -+ instance->memory_blocks, sizeof(block)); -+ } -+} -+ -+grub_uint32_t index_alpha(const argon2_instance_t *instance, -+ const argon2_position_t *position, grub_uint32_t pseudo_rand, -+ int same_lane) { -+ /* -+ * Pass 0: -+ * This lane : all already finished segments plus already constructed -+ * blocks in this segment -+ * Other lanes : all already finished segments -+ * Pass 1+: -+ * This lane : (SYNC_POINTS - 1) last segments plus already constructed -+ * blocks in this segment -+ * Other lanes : (SYNC_POINTS - 1) last segments -+ */ -+ grub_uint32_t reference_area_size; -+ grub_uint64_t relative_position; -+ grub_uint64_t start_position, absolute_position; -+ -+ if (0 == position->pass) { -+ /* First pass */ -+ if (0 == position->slice) { -+ /* First slice */ -+ reference_area_size = -+ position->index - 1; /* all but the previous */ -+ } else { -+ if (same_lane) { -+ /* The same lane => add current segment */ -+ reference_area_size = -+ position->slice * instance->segment_length + -+ position->index - 1; -+ } else { -+ reference_area_size = -+ position->slice * instance->segment_length + -+ ((position->index == 0) ? (-1) : 0); -+ } -+ } -+ } else { -+ /* Second pass */ -+ if (same_lane) { -+ reference_area_size = instance->lane_length - -+ instance->segment_length + position->index - -+ 1; -+ } else { -+ reference_area_size = instance->lane_length - -+ instance->segment_length + -+ ((position->index == 0) ? (-1) : 0); -+ } -+ } -+ -+ /* 1.2.4. Mapping pseudo_rand to 0..<reference_area_size-1> and produce -+ * relative position */ -+ relative_position = pseudo_rand; -+ relative_position = relative_position * relative_position >> 32; -+ relative_position = reference_area_size - 1 - -+ (reference_area_size * relative_position >> 32); -+ -+ /* 1.2.5 Computing starting position */ -+ start_position = 0; -+ -+ if (0 != position->pass) { -+ start_position = (position->slice == ARGON2_SYNC_POINTS - 1) -+ ? 0 -+ : (position->slice + 1) * instance->segment_length; -+ } -+ -+ /* 1.2.6. Computing absolute position */ -+ grub_divmod64 (start_position + relative_position, instance->lane_length, -+ &absolute_position); /* absolute position */ -+ return absolute_position; -+} -+ -+/* Single-threaded version for p=1 case */ -+static int fill_memory_blocks_st(argon2_instance_t *instance) { -+ grub_uint32_t r, s, l; -+ -+ for (r = 0; r < instance->passes; ++r) { -+ for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { -+ for (l = 0; l < instance->lanes; ++l) { -+ argon2_position_t position = {r, l, (grub_uint8_t)s, 0}; -+ fill_segment(instance, position); -+ } -+ } -+#ifdef GENKAT -+ internal_kat(instance, r); /* Print all memory blocks */ -+#endif -+ } -+ return ARGON2_OK; -+} -+ -+int fill_memory_blocks(argon2_instance_t *instance) { -+ if (instance == NULL || instance->lanes == 0) { -+ return ARGON2_INCORRECT_PARAMETER; -+ } -+ return fill_memory_blocks_st(instance); -+} -+ -+int validate_inputs(const argon2_context *context) { -+ if (NULL == context) { -+ return ARGON2_INCORRECT_PARAMETER; -+ } -+ -+ if (NULL == context->out) { -+ return ARGON2_OUTPUT_PTR_NULL; -+ } -+ -+ /* Validate output length */ -+ if (ARGON2_MIN_OUTLEN > context->outlen) { -+ return ARGON2_OUTPUT_TOO_SHORT; -+ } -+ -+ if (ARGON2_MAX_OUTLEN < context->outlen) { -+ return ARGON2_OUTPUT_TOO_LONG; -+ } -+ -+ /* Validate password (required param) */ -+ if (NULL == context->pwd) { -+ if (0 != context->pwdlen) { -+ return ARGON2_PWD_PTR_MISMATCH; -+ } -+ } -+ -+ if (ARGON2_MAX_PWD_LENGTH < context->pwdlen) { -+ return ARGON2_PWD_TOO_LONG; -+ } -+ -+ /* Validate salt (required param) */ -+ if (NULL == context->salt) { -+ if (0 != context->saltlen) { -+ return ARGON2_SALT_PTR_MISMATCH; -+ } -+ } -+ -+ if (ARGON2_MIN_SALT_LENGTH > context->saltlen) { -+ return ARGON2_SALT_TOO_SHORT; -+ } -+ -+ if (ARGON2_MAX_SALT_LENGTH < context->saltlen) { -+ return ARGON2_SALT_TOO_LONG; -+ } -+ -+ /* Validate secret (optional param) */ -+ if (NULL == context->secret) { -+ if (0 != context->secretlen) { -+ return ARGON2_SECRET_PTR_MISMATCH; -+ } -+ } else { -+ if (ARGON2_MAX_SECRET < context->secretlen) { -+ return ARGON2_SECRET_TOO_LONG; -+ } -+ } -+ -+ /* Validate associated data (optional param) */ -+ if (NULL == context->ad) { -+ if (0 != context->adlen) { -+ return ARGON2_AD_PTR_MISMATCH; -+ } -+ } else { -+ if (ARGON2_MAX_AD_LENGTH < context->adlen) { -+ return ARGON2_AD_TOO_LONG; -+ } -+ } -+ -+ /* Validate memory cost */ -+ if (ARGON2_MIN_MEMORY > context->m_cost) { -+ return ARGON2_MEMORY_TOO_LITTLE; -+ } -+ -+ if (context->m_cost < 8 * context->lanes) { -+ return ARGON2_MEMORY_TOO_LITTLE; -+ } -+ -+ /* Validate time cost */ -+ if (ARGON2_MIN_TIME > context->t_cost) { -+ return ARGON2_TIME_TOO_SMALL; -+ } -+ -+ if (ARGON2_MAX_TIME < context->t_cost) { -+ return ARGON2_TIME_TOO_LARGE; -+ } -+ -+ /* Validate lanes */ -+ if (ARGON2_MIN_LANES > context->lanes) { -+ return ARGON2_LANES_TOO_FEW; -+ } -+ -+ if (ARGON2_MAX_LANES < context->lanes) { -+ return ARGON2_LANES_TOO_MANY; -+ } -+ -+ /* Validate threads */ -+ if (ARGON2_MIN_THREADS > context->threads) { -+ return ARGON2_THREADS_TOO_FEW; -+ } -+ -+ if (ARGON2_MAX_THREADS < context->threads) { -+ return ARGON2_THREADS_TOO_MANY; -+ } -+ -+ if (NULL != context->allocate_cbk && NULL == context->grub_free_cbk) { -+ return ARGON2_FREE_MEMORY_CBK_NULL; -+ } -+ -+ if (NULL == context->allocate_cbk && NULL != context->grub_free_cbk) { -+ return ARGON2_ALLOCATE_MEMORY_CBK_NULL; -+ } -+ -+ return ARGON2_OK; -+} -+ -+void fill_first_blocks(grub_uint8_t *blockhash, const argon2_instance_t *instance) { -+ grub_uint32_t l; -+ /* Make the first and second block in each lane as G(H0||0||i) or -+ G(H0||1||i) */ -+ grub_uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; -+ for (l = 0; l < instance->lanes; ++l) { -+ -+ store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 0); -+ store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH + 4, l); -+ blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, -+ ARGON2_PREHASH_SEED_LENGTH); -+ load_block(&instance->memory[l * instance->lane_length + 0], -+ blockhash_bytes); -+ -+ store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 1); -+ blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, -+ ARGON2_PREHASH_SEED_LENGTH); -+ load_block(&instance->memory[l * instance->lane_length + 1], -+ blockhash_bytes); -+ } -+ clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); -+} -+ -+void initial_hash(grub_uint8_t *blockhash, argon2_context *context, -+ argon2_type type) { -+ blake2b_state BlakeHash; -+ grub_uint8_t value[sizeof(grub_uint32_t)]; -+ -+ if (NULL == context || NULL == blockhash) { -+ return; -+ } -+ -+ blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH); -+ -+ store32(&value, context->lanes); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->outlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->m_cost); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->t_cost); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->version); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, (grub_uint32_t)type); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->pwdlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ if (context->pwd != NULL) { -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)context->pwd, -+ context->pwdlen); -+ -+ if (context->flags & ARGON2_FLAG_CLEAR_PASSWORD) { -+ secure_wipe_memory(context->pwd, context->pwdlen); -+ context->pwdlen = 0; -+ } -+ } -+ -+ store32(&value, context->saltlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ if (context->salt != NULL) { -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)context->salt, -+ context->saltlen); -+ } -+ -+ store32(&value, context->secretlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ if (context->secret != NULL) { -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)context->secret, -+ context->secretlen); -+ -+ if (context->flags & ARGON2_FLAG_CLEAR_SECRET) { -+ secure_wipe_memory(context->secret, context->secretlen); -+ context->secretlen = 0; -+ } -+ } -+ -+ store32(&value, context->adlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ if (context->ad != NULL) { -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)context->ad, -+ context->adlen); -+ } -+ -+ blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH); -+} -+ -+int initialize(argon2_instance_t *instance, argon2_context *context) { -+ grub_uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; -+ int result = ARGON2_OK; -+ -+ if (instance == NULL || context == NULL) -+ return ARGON2_INCORRECT_PARAMETER; -+ instance->context_ptr = context; -+ -+ /* 1. Memory allocation */ -+ result = allocate_memory(context, (grub_uint8_t **)&(instance->memory), -+ instance->memory_blocks, sizeof(block)); -+ if (result != ARGON2_OK) { -+ return result; -+ } -+ -+ /* 2. Initial hashing */ -+ /* H_0 + 8 extra bytes to produce the first blocks */ -+ /* grub_uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; */ -+ /* Hashing all inputs */ -+ initial_hash(blockhash, context, instance->type); -+ /* Zeroing 8 extra bytes */ -+ clear_internal_memory(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, -+ ARGON2_PREHASH_SEED_LENGTH - -+ ARGON2_PREHASH_DIGEST_LENGTH); -+ -+#ifdef GENKAT -+ initial_kat(blockhash, context, instance->type); -+#endif -+ -+ /* 3. Creating first blocks, we always have at least two blocks in a slice -+ */ -+ fill_first_blocks(blockhash, instance); -+ /* Clearing the hash */ -+ clear_internal_memory(blockhash, ARGON2_PREHASH_SEED_LENGTH); -+ -+ return ARGON2_OK; -+} -diff --git a/grub-core/lib/argon2/core.h b/grub-core/lib/argon2/core.h -new file mode 100644 -index 000000000..bbcd56998 ---- /dev/null -+++ b/grub-core/lib/argon2/core.h -@@ -0,0 +1,228 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef ARGON2_CORE_H -+#define ARGON2_CORE_H -+ -+#include "argon2.h" -+ -+#define CONST_CAST(x) (x)(grub_addr_t) -+ -+/**********************Argon2 internal constants*******************************/ -+ -+enum argon2_core_constants { -+ /* Memory block size in bytes */ -+ ARGON2_BLOCK_SIZE = 1024, -+ ARGON2_QWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 8, -+ ARGON2_OWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 16, -+ ARGON2_HWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 32, -+ ARGON2_512BIT_WORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 64, -+ -+ /* Number of pseudo-random values generated by one call to Blake in Argon2i -+ to -+ generate reference block positions */ -+ ARGON2_ADDRESSES_IN_BLOCK = 128, -+ -+ /* Pre-hashing digest length and its extension*/ -+ ARGON2_PREHASH_DIGEST_LENGTH = 64, -+ ARGON2_PREHASH_SEED_LENGTH = 72 -+}; -+ -+/*************************Argon2 internal data types***********************/ -+ -+/* -+ * Structure for the (1KB) memory block implemented as 128 64-bit words. -+ * Memory blocks can be copied, XORed. Internal words can be accessed by [] (no -+ * bounds checking). -+ */ -+typedef struct block_ { grub_uint64_t v[ARGON2_QWORDS_IN_BLOCK]; } block; -+ -+/*****************Functions that work with the block******************/ -+ -+/* Initialize each byte of the block with @in */ -+void init_block_value(block *b, grub_uint8_t in); -+ -+/* Copy block @src to block @dst */ -+void copy_block(block *dst, const block *src); -+ -+/* XOR @src onto @dst bytewise */ -+void xor_block(block *dst, const block *src); -+ -+/* -+ * Argon2 instance: memory pointer, number of passes, amount of memory, type, -+ * and derived values. -+ * Used to evaluate the number and location of blocks to construct in each -+ * thread -+ */ -+typedef struct Argon2_instance_t { -+ block *memory; /* Memory pointer */ -+ grub_uint32_t version; -+ grub_uint32_t passes; /* Number of passes */ -+ grub_uint32_t memory_blocks; /* Number of blocks in memory */ -+ grub_uint32_t segment_length; -+ grub_uint32_t lane_length; -+ grub_uint32_t lanes; -+ grub_uint32_t threads; -+ argon2_type type; -+ int print_internals; /* whether to print the memory blocks */ -+ argon2_context *context_ptr; /* points back to original context */ -+} argon2_instance_t; -+ -+/* -+ * Argon2 position: where we construct the block right now. Used to distribute -+ * work between threads. -+ */ -+typedef struct Argon2_position_t { -+ grub_uint32_t pass; -+ grub_uint32_t lane; -+ grub_uint8_t slice; -+ grub_uint32_t index; -+} argon2_position_t; -+ -+/*Struct that holds the inputs for thread handling FillSegment*/ -+typedef struct Argon2_thread_data { -+ argon2_instance_t *instance_ptr; -+ argon2_position_t pos; -+} argon2_thread_data; -+ -+/*************************Argon2 core functions********************************/ -+ -+/* Allocates memory to the given pointer, uses the appropriate allocator as -+ * specified in the context. Total allocated memory is num*size. -+ * @param context argon2_context which specifies the allocator -+ * @param memory pointer to the pointer to the memory -+ * @param size the size in bytes for each element to be allocated -+ * @param num the number of elements to be allocated -+ * @return ARGON2_OK if @memory is a valid pointer and memory is allocated -+ */ -+int allocate_memory(const argon2_context *context, grub_uint8_t **memory, -+ grub_size_t num, grub_size_t size); -+ -+/* -+ * Frees memory at the given pointer, uses the appropriate deallocator as -+ * specified in the context. Also cleans the memory using clear_internal_memory. -+ * @param context argon2_context which specifies the deallocator -+ * @param memory pointer to buffer to be grub_freed -+ * @param size the size in bytes for each element to be deallocated -+ * @param num the number of elements to be deallocated -+ */ -+void grub_free_memory(const argon2_context *context, grub_uint8_t *memory, -+ grub_size_t num, grub_size_t size); -+ -+/* Function that securely cleans the memory. This ignores any flags set -+ * regarding clearing memory. Usually one just calls clear_internal_memory. -+ * @param mem Pointer to the memory -+ * @param s Memory size in bytes -+ */ -+void secure_wipe_memory(void *v, grub_size_t n); -+ -+/* Function that securely clears the memory if FLAG_clear_internal_memory is -+ * set. If the flag isn't set, this function does nothing. -+ * @param mem Pointer to the memory -+ * @param s Memory size in bytes -+ */ -+void clear_internal_memory(void *v, grub_size_t n); -+ -+/* -+ * Computes absolute position of reference block in the lane following a skewed -+ * distribution and using a pseudo-random value as input -+ * @param instance Pointer to the current instance -+ * @param position Pointer to the current position -+ * @param pseudo_rand 32-bit pseudo-random value used to determine the position -+ * @param same_lane Indicates if the block will be taken from the current lane. -+ * If so we can reference the current segment -+ * @pre All pointers must be valid -+ */ -+grub_uint32_t index_alpha(const argon2_instance_t *instance, -+ const argon2_position_t *position, grub_uint32_t pseudo_rand, -+ int same_lane); -+ -+/* -+ * Function that validates all inputs against predefined restrictions and return -+ * an error code -+ * @param context Pointer to current Argon2 context -+ * @return ARGON2_OK if everything is all right, otherwise one of error codes -+ * (all defined in <argon2.h> -+ */ -+int validate_inputs(const argon2_context *context); -+ -+/* -+ * Hashes all the inputs into @a blockhash[PREHASH_DIGEST_LENGTH], clears -+ * password and secret if needed -+ * @param context Pointer to the Argon2 internal structure containing memory -+ * pointer, and parameters for time and space requirements. -+ * @param blockhash Buffer for pre-hashing digest -+ * @param type Argon2 type -+ * @pre @a blockhash must have at least @a PREHASH_DIGEST_LENGTH bytes -+ * allocated -+ */ -+void initial_hash(grub_uint8_t *blockhash, argon2_context *context, -+ argon2_type type); -+ -+/* -+ * Function creates first 2 blocks per lane -+ * @param instance Pointer to the current instance -+ * @param blockhash Pointer to the pre-hashing digest -+ * @pre blockhash must point to @a PREHASH_SEED_LENGTH allocated values -+ */ -+void fill_first_blocks(grub_uint8_t *blockhash, const argon2_instance_t *instance); -+ -+/* -+ * Function allocates memory, hashes the inputs with Blake, and creates first -+ * two blocks. Returns the pointer to the main memory with 2 blocks per lane -+ * initialized -+ * @param context Pointer to the Argon2 internal structure containing memory -+ * pointer, and parameters for time and space requirements. -+ * @param instance Current Argon2 instance -+ * @return Zero if successful, -1 if memory failed to allocate. @context->state -+ * will be modified if successful. -+ */ -+int initialize(argon2_instance_t *instance, argon2_context *context); -+ -+/* -+ * XORing the last block of each lane, hashing it, making the tag. Deallocates -+ * the memory. -+ * @param context Pointer to current Argon2 context (use only the out parameters -+ * from it) -+ * @param instance Pointer to current instance of Argon2 -+ * @pre instance->state must point to necessary amount of memory -+ * @pre context->out must point to outlen bytes of memory -+ * @pre if context->grub_free_cbk is not NULL, it should point to a function that -+ * deallocates memory -+ */ -+void finalize(const argon2_context *context, argon2_instance_t *instance); -+ -+/* -+ * Function that fills the segment using previous segments also from other -+ * threads -+ * @param context current context -+ * @param instance Pointer to the current instance -+ * @param position Current position -+ * @pre all block pointers must be valid -+ */ -+void fill_segment(const argon2_instance_t *instance, -+ argon2_position_t position); -+ -+/* -+ * Function that fills the entire memory t_cost times based on the first two -+ * blocks in each lane -+ * @param instance Pointer to the current instance -+ * @return ARGON2_OK if successful, @context->state -+ */ -+int fill_memory_blocks(argon2_instance_t *instance); -+ -+#endif -diff --git a/grub-core/lib/argon2/ref.c b/grub-core/lib/argon2/ref.c -new file mode 100644 -index 000000000..c933df80d ---- /dev/null -+++ b/grub-core/lib/argon2/ref.c -@@ -0,0 +1,190 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#include "argon2.h" -+#include "core.h" -+ -+#include "blake2/blamka-round-ref.h" -+#include "blake2/blake2-impl.h" -+#include "blake2/blake2.h" -+ -+ -+/* -+ * Function fills a new memory block and optionally XORs the old block over the new one. -+ * @next_block must be initialized. -+ * @param prev_block Pointer to the previous block -+ * @param ref_block Pointer to the reference block -+ * @param next_block Pointer to the block to be constructed -+ * @param with_xor Whether to XOR into the new block (1) or just overwrite (0) -+ * @pre all block pointers must be valid -+ */ -+static void fill_block(const block *prev_block, const block *ref_block, -+ block *next_block, int with_xor) { -+ block blockR, block_tmp; -+ unsigned i; -+ -+ copy_block(&blockR, ref_block); -+ xor_block(&blockR, prev_block); -+ copy_block(&block_tmp, &blockR); -+ /* Now blockR = ref_block + prev_block and block_tmp = ref_block + prev_block */ -+ if (with_xor) { -+ /* Saving the next block contents for XOR over: */ -+ xor_block(&block_tmp, next_block); -+ /* Now blockR = ref_block + prev_block and -+ block_tmp = ref_block + prev_block + next_block */ -+ } -+ -+ /* Apply Blake2 on columns of 64-bit words: (0,1,...,15) , then -+ (16,17,..31)... finally (112,113,...127) */ -+ for (i = 0; i < 8; ++i) { -+ BLAKE2_ROUND_NOMSG( -+ blockR.v[16 * i], blockR.v[16 * i + 1], blockR.v[16 * i + 2], -+ blockR.v[16 * i + 3], blockR.v[16 * i + 4], blockR.v[16 * i + 5], -+ blockR.v[16 * i + 6], blockR.v[16 * i + 7], blockR.v[16 * i + 8], -+ blockR.v[16 * i + 9], blockR.v[16 * i + 10], blockR.v[16 * i + 11], -+ blockR.v[16 * i + 12], blockR.v[16 * i + 13], blockR.v[16 * i + 14], -+ blockR.v[16 * i + 15]); -+ } -+ -+ /* Apply Blake2 on rows of 64-bit words: (0,1,16,17,...112,113), then -+ (2,3,18,19,...,114,115).. finally (14,15,30,31,...,126,127) */ -+ for (i = 0; i < 8; i++) { -+ BLAKE2_ROUND_NOMSG( -+ blockR.v[2 * i], blockR.v[2 * i + 1], blockR.v[2 * i + 16], -+ blockR.v[2 * i + 17], blockR.v[2 * i + 32], blockR.v[2 * i + 33], -+ blockR.v[2 * i + 48], blockR.v[2 * i + 49], blockR.v[2 * i + 64], -+ blockR.v[2 * i + 65], blockR.v[2 * i + 80], blockR.v[2 * i + 81], -+ blockR.v[2 * i + 96], blockR.v[2 * i + 97], blockR.v[2 * i + 112], -+ blockR.v[2 * i + 113]); -+ } -+ -+ copy_block(next_block, &block_tmp); -+ xor_block(next_block, &blockR); -+} -+ -+static void next_addresses(block *address_block, block *input_block, -+ const block *zero_block) { -+ input_block->v[6]++; -+ fill_block(zero_block, input_block, address_block, 0); -+ fill_block(zero_block, address_block, address_block, 0); -+} -+ -+void fill_segment(const argon2_instance_t *instance, -+ argon2_position_t position) { -+ block *ref_block = NULL, *curr_block = NULL; -+ block address_block, input_block, zero_block; -+ grub_uint64_t pseudo_rand, ref_index, ref_lane; -+ grub_uint32_t prev_offset, curr_offset; -+ grub_uint32_t starting_index; -+ grub_uint32_t i; -+ int data_independent_addressing; -+ -+ if (instance == NULL) { -+ return; -+ } -+ -+ data_independent_addressing = -+ (instance->type == Argon2_i) || -+ (instance->type == Argon2_id && (position.pass == 0) && -+ (position.slice < ARGON2_SYNC_POINTS / 2)); -+ -+ if (data_independent_addressing) { -+ init_block_value(&zero_block, 0); -+ init_block_value(&input_block, 0); -+ -+ input_block.v[0] = position.pass; -+ input_block.v[1] = position.lane; -+ input_block.v[2] = position.slice; -+ input_block.v[3] = instance->memory_blocks; -+ input_block.v[4] = instance->passes; -+ input_block.v[5] = instance->type; -+ } -+ -+ starting_index = 0; -+ -+ if ((0 == position.pass) && (0 == position.slice)) { -+ starting_index = 2; /* we have already generated the first two blocks */ -+ -+ /* Don't forget to generate the first block of addresses: */ -+ if (data_independent_addressing) { -+ next_addresses(&address_block, &input_block, &zero_block); -+ } -+ } -+ -+ /* Offset of the current block */ -+ curr_offset = position.lane * instance->lane_length + -+ position.slice * instance->segment_length + starting_index; -+ -+ if (0 == curr_offset % instance->lane_length) { -+ /* Last block in this lane */ -+ prev_offset = curr_offset + instance->lane_length - 1; -+ } else { -+ /* Previous block */ -+ prev_offset = curr_offset - 1; -+ } -+ -+ for (i = starting_index; i < instance->segment_length; -+ ++i, ++curr_offset, ++prev_offset) { -+ /*1.1 Rotating prev_offset if needed */ -+ if (curr_offset % instance->lane_length == 1) { -+ prev_offset = curr_offset - 1; -+ } -+ -+ /* 1.2 Computing the index of the reference block */ -+ /* 1.2.1 Taking pseudo-random value from the previous block */ -+ if (data_independent_addressing) { -+ if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) { -+ next_addresses(&address_block, &input_block, &zero_block); -+ } -+ pseudo_rand = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK]; -+ } else { -+ pseudo_rand = instance->memory[prev_offset].v[0]; -+ } -+ -+ /* 1.2.2 Computing the lane of the reference block */ -+ grub_divmod64 (pseudo_rand >> 32, instance->lanes, &ref_lane); -+ -+ if ((position.pass == 0) && (position.slice == 0)) { -+ /* Can not reference other lanes yet */ -+ ref_lane = position.lane; -+ } -+ -+ /* 1.2.3 Computing the number of possible reference block within the -+ * lane. -+ */ -+ position.index = i; -+ ref_index = index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF, -+ ref_lane == position.lane); -+ -+ /* 2 Creating a new block */ -+ ref_block = -+ instance->memory + instance->lane_length * ref_lane + ref_index; -+ curr_block = instance->memory + curr_offset; -+ if (ARGON2_VERSION_10 == instance->version) { -+ /* version 1.2.1 and earlier: overwrite, not XOR */ -+ fill_block(instance->memory + prev_offset, ref_block, curr_block, 0); -+ } else { -+ if(0 == position.pass) { -+ fill_block(instance->memory + prev_offset, ref_block, -+ curr_block, 0); -+ } else { -+ fill_block(instance->memory + prev_offset, ref_block, -+ curr_block, 1); -+ } -+ } -+ } -+} --- -2.39.5 - diff --git a/config/grub/nvme/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch b/config/grub/default/patches/0005-don-t-print-missing-prefix-errors-on-the-screen.patch index 4f7014d8..68191318 100644 --- a/config/grub/nvme/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch +++ b/config/grub/default/patches/0005-don-t-print-missing-prefix-errors-on-the-screen.patch @@ -1,7 +1,7 @@ -From 92aab8e78e0a9dc400376f31fdd7eee980aa33aa Mon Sep 17 00:00:00 2001 +From d04a862006aaf754af4d0ec8efee33e9a59c7d0c Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sun, 5 Nov 2023 16:14:58 +0000 -Subject: [PATCH 11/15] don't print missing prefix errors on the screen +Subject: [PATCH 5/8] don't print missing prefix errors on the screen we do actually set the prefix. this patch modifies grub to still set grub_errno and return accordingly, @@ -85,10 +85,10 @@ index 18de52562..2a0fea6c8 100644 } file = try_open_from_prefix (prefix, filename); diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 4a3be8568..6ae3d73f8 100644 +index de8c3aa8d..eac3ea48d 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c -@@ -881,7 +881,7 @@ grub_dl_load (const char *name) +@@ -880,7 +880,7 @@ grub_dl_load (const char *name) return 0; if (! grub_dl_dir) { @@ -98,5 +98,5 @@ index 4a3be8568..6ae3d73f8 100644 } -- -2.39.5 +2.47.3 diff --git a/config/grub/default/patches/0006-Error-on-missing-Argon2id-parameters.patch b/config/grub/default/patches/0006-Error-on-missing-Argon2id-parameters.patch deleted file mode 100644 index 1531d60c..00000000 --- a/config/grub/default/patches/0006-Error-on-missing-Argon2id-parameters.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 594a7011d551af530bbbdf5e39b941811a0b7811 Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 06/14] Error on missing Argon2id parameters - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - grub-core/disk/luks2.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c -index b17cd2115..bbd8f5579 100644 ---- a/grub-core/disk/luks2.c -+++ b/grub-core/disk/luks2.c -@@ -39,6 +39,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - enum grub_luks2_kdf_type - { - LUKS2_KDF_TYPE_ARGON2I, -+ LUKS2_KDF_TYPE_ARGON2ID, - LUKS2_KDF_TYPE_PBKDF2 - }; - typedef enum grub_luks2_kdf_type grub_luks2_kdf_type_t; -@@ -91,7 +92,7 @@ struct grub_luks2_keyslot - grub_int64_t time; - grub_int64_t memory; - grub_int64_t cpus; -- } argon2i; -+ } argon2; - struct - { - const char *hash; -@@ -161,10 +162,11 @@ luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot) - return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing or invalid KDF"); - else if (!grub_strcmp (type, "argon2i") || !grub_strcmp (type, "argon2id")) - { -- out->kdf.type = LUKS2_KDF_TYPE_ARGON2I; -- if (grub_json_getint64 (&out->kdf.u.argon2i.time, &kdf, "time") || -- grub_json_getint64 (&out->kdf.u.argon2i.memory, &kdf, "memory") || -- grub_json_getint64 (&out->kdf.u.argon2i.cpus, &kdf, "cpus")) -+ out->kdf.type = !grub_strcmp (type, "argon2i") -+ ? LUKS2_KDF_TYPE_ARGON2I : LUKS2_KDF_TYPE_ARGON2ID; -+ if (grub_json_getint64 (&out->kdf.u.argon2.time, &kdf, "time") || -+ grub_json_getint64 (&out->kdf.u.argon2.memory, &kdf, "memory") || -+ grub_json_getint64 (&out->kdf.u.argon2.cpus, &kdf, "cpus")) - return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing Argon2i parameters"); - } - else if (!grub_strcmp (type, "pbkdf2")) -@@ -460,6 +462,7 @@ luks2_decrypt_key (grub_uint8_t *out_key, - switch (k->kdf.type) - { - case LUKS2_KDF_TYPE_ARGON2I: -+ case LUKS2_KDF_TYPE_ARGON2ID: - ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported"); - goto err; - case LUKS2_KDF_TYPE_PBKDF2: --- -2.39.5 - diff --git a/config/grub/nvme/patches/0012-don-t-print-error-if-module-not-found.patch b/config/grub/default/patches/0006-don-t-print-error-if-module-not-found.patch index fb4c836a..ef805b48 100644 --- a/config/grub/nvme/patches/0012-don-t-print-error-if-module-not-found.patch +++ b/config/grub/default/patches/0006-don-t-print-error-if-module-not-found.patch @@ -1,7 +1,7 @@ -From 62f4bd17485c3d65649de2cef398ec708f35ea9d Mon Sep 17 00:00:00 2001 +From 1d72be25322037c703c5fa95ee29b8ee7b7d7106 Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sun, 5 Nov 2023 16:36:22 +0000 -Subject: [PATCH 12/15] don't print error if module not found +Subject: [PATCH 6/8] don't print error if module not found still set grub_errno accordingly, and otherwise behave the same. in libreboot, we remove a lot of @@ -17,10 +17,10 @@ Signed-off-by: Leah Rowe <leah@libreboot.org> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 6ae3d73f8..4c15027fe 100644 +index eac3ea48d..6d67ba54f 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c -@@ -511,7 +511,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e) +@@ -510,7 +510,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e) s = grub_dl_find_section (e, ".modname"); if (!s) @@ -30,5 +30,5 @@ index 6ae3d73f8..4c15027fe 100644 mod->name = grub_strdup ((char *) e + s->sh_offset); if (! mod->name) -- -2.39.5 +2.47.3 diff --git a/config/grub/default/patches/0007-Compile-with-Argon2id-support.patch b/config/grub/default/patches/0007-Compile-with-Argon2id-support.patch deleted file mode 100644 index 344dfb1d..00000000 --- a/config/grub/default/patches/0007-Compile-with-Argon2id-support.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 6a757a3cdf22e840162bb222a87446a32d9b94a2 Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 07/14] Compile with Argon2id support - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - Makefile.util.def | 6 +++++- - grub-core/Makefile.core.def | 2 +- - grub-core/disk/luks2.c | 13 +++++++++++-- - 3 files changed, 17 insertions(+), 4 deletions(-) - -diff --git a/Makefile.util.def b/Makefile.util.def -index 038253b37..2f19569c9 100644 ---- a/Makefile.util.def -+++ b/Makefile.util.def -@@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl; - library = { - name = libgrubkern.a; - cflags = '$(CFLAGS_GNULIB)'; -- cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json'; -+ cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json -I$(srcdir)/grub-core/lib/argon2'; - - common = util/misc.c; - common = grub-core/kern/command.c; -@@ -36,6 +36,10 @@ library = { - common = grub-core/kern/misc.c; - common = grub-core/kern/partition.c; - common = grub-core/lib/crypto.c; -+ common = grub-core/lib/argon2/argon2.c; -+ common = grub-core/lib/argon2/core.c; -+ common = grub-core/lib/argon2/ref.c; -+ common = grub-core/lib/argon2/blake2/blake2b.c; - common = grub-core/lib/json/json.c; - common = grub-core/disk/luks.c; - common = grub-core/disk/luks2.c; -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 0ee65d54d..cd29a9df8 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -1242,7 +1242,7 @@ module = { - common = disk/luks2.c; - common = lib/gnulib/base64.c; - cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)'; -- cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json'; -+ cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json -I$(srcdir)/lib/argon2'; - }; - - module = { -diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c -index bbd8f5579..02cd615d9 100644 ---- a/grub-core/disk/luks2.c -+++ b/grub-core/disk/luks2.c -@@ -28,6 +28,7 @@ - #include <grub/i18n.h> - #include <grub/safemath.h> - -+#include <argon2.h> - #include <base64.h> - #include <json.h> - -@@ -463,8 +464,16 @@ luks2_decrypt_key (grub_uint8_t *out_key, - { - case LUKS2_KDF_TYPE_ARGON2I: - case LUKS2_KDF_TYPE_ARGON2ID: -- ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported"); -- goto err; -+ ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory, k->kdf.u.argon2.cpus, -+ passphrase, passphraselen, salt, saltlen, area_key, k->area.key_size, -+ k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i : Argon2_id, -+ ARGON2_VERSION_NUMBER); -+ if (ret) -+ { -+ grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message (ret)); -+ goto err; -+ } -+ break; - case LUKS2_KDF_TYPE_PBKDF2: - hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash); - if (!hash) --- -2.39.5 - diff --git a/config/grub/xhci_nvme/patches/0013-don-t-print-empty-error-messages.patch b/config/grub/default/patches/0007-don-t-print-empty-error-messages.patch index 4bf96b50..5dfdb676 100644 --- a/config/grub/xhci_nvme/patches/0013-don-t-print-empty-error-messages.patch +++ b/config/grub/default/patches/0007-don-t-print-empty-error-messages.patch @@ -1,7 +1,7 @@ -From 272c5f5724c0790aff48b0d6ba75928de2275b33 Mon Sep 17 00:00:00 2001 +From a0e49c6ae97114afa386286f6005dd9b3a896797 Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sun, 5 Nov 2023 17:25:20 +0000 -Subject: [PATCH 13/26] don't print empty error messages +Subject: [PATCH 7/8] don't print empty error messages this is part two of the quest to kill the prefix error message. after i disabled prefix-related @@ -13,10 +13,10 @@ Signed-off-by: Leah Rowe <leah@libreboot.org> 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/grub-core/kern/err.c b/grub-core/kern/err.c -index 53c734de7..7cac53983 100644 +index ba04b57fb..dab62646d 100644 --- a/grub-core/kern/err.c +++ b/grub-core/kern/err.c -@@ -107,7 +107,8 @@ grub_print_error (void) +@@ -116,7 +116,8 @@ grub_print_error (void) { if (grub_errno != GRUB_ERR_NONE) { @@ -27,5 +27,5 @@ index 53c734de7..7cac53983 100644 } } -- -2.39.5 +2.47.3 diff --git a/config/grub/default/patches/0008-Make-grub-install-work-with-Argon2.patch b/config/grub/default/patches/0008-Make-grub-install-work-with-Argon2.patch deleted file mode 100644 index b7ea852a..00000000 --- a/config/grub/default/patches/0008-Make-grub-install-work-with-Argon2.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 4e4ded3f127f5567bdb41de7b671bd9b2a478125 Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 08/14] Make grub-install work with Argon2 - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - util/grub-install.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/util/grub-install.c b/util/grub-install.c -index 060246589..059036d3c 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -448,6 +448,8 @@ probe_mods (grub_disk_t disk) - { - grub_util_cryptodisk_get_abstraction (disk, - push_cryptodisk_module, NULL); -+ /* HACK: always push argon2 */ -+ grub_install_push_module ("argon2"); - have_abstractions = 1; - have_cryptodisk = 1; - } --- -2.39.5 - diff --git a/config/grub/default/patches/0014-kern-coreboot-mmap-Map-to-reserved.patch b/config/grub/default/patches/0008-kern-coreboot-mmap-Map-to-reserved.patch index 78e4eafc..a14e118b 100644 --- a/config/grub/default/patches/0014-kern-coreboot-mmap-Map-to-reserved.patch +++ b/config/grub/default/patches/0008-kern-coreboot-mmap-Map-to-reserved.patch @@ -1,7 +1,7 @@ -From 818f1b19f32e355cc2a0ebe29eee2a2bac7bcb3f Mon Sep 17 00:00:00 2001 +From b6f5e33972320c171d0fe44ac2afe4eac0b4b3eb Mon Sep 17 00:00:00 2001 From: Paul Menzel <pmenzel@molgen.mpg.de> Date: Mon, 17 May 2021 10:24:36 +0200 -Subject: [PATCH 14/14] kern/coreboot/mmap: Map to reserved +Subject: [PATCH 8/8] kern/coreboot/mmap: Map to reserved https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6de9ee86bf9ae50967413e6a73b5dfd13e5ffb50 @@ -33,5 +33,5 @@ index caf8f7cef..2fc316e8d 100644 return 1; } -- -2.39.5 +2.47.3 diff --git a/config/grub/default/target.cfg b/config/grub/default/target.cfg index 6a13a189..2319d1a2 100644 --- a/config/grub/default/target.cfg +++ b/config/grub/default/target.cfg @@ -1,4 +1,4 @@ # SPDX-License-Identifier: GPL-3.0-or-later tree="default" -rev="a68a7dece464c35b1c8d20b98502b6881b103911" +rev="280715ec63a3424f5cf1289302cb4ab4e98768f4" diff --git a/config/grub/nvme/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch b/config/grub/nvme/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch index 1c55b85a..3fd43739 100644 --- a/config/grub/nvme/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch +++ b/config/grub/nvme/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch @@ -1,7 +1,7 @@ -From 759a673b3c4601a32837f2b26661d2998f6cb8d6 Mon Sep 17 00:00:00 2001 +From 248018d7623fa1dc0e1b4ef3a430eac04cbe51bf Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sun, 31 Oct 2021 03:47:05 +0000 -Subject: [PATCH 01/15] mitigate grub's missing characters for borders/arrow +Subject: [PATCH 1/9] mitigate grub's missing characters for borders/arrow characters This cleans up the display on the main screen in GRUB. @@ -86,5 +86,5 @@ index 9c383e64a..8ec1dd1e8 100644 grub_term_highlight_color = old_color_highlight; geo->timeout_y = geo->first_entry_y + geo->num_entries -- -2.39.5 +2.47.3 diff --git a/config/grub/nvme/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch b/config/grub/nvme/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch index 8515f2a8..d3b273ce 100644 --- a/config/grub/nvme/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch +++ b/config/grub/nvme/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch @@ -1,17 +1,17 @@ -From 88007c24f8bceb97d0aecf31545c3b49b380b1a6 Mon Sep 17 00:00:00 2001 +From d029792781fe280b8dac1bed457ef78b2af84ee2 Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sat, 19 Nov 2022 16:30:24 +0000 -Subject: [PATCH 02/15] say the name libreboot, in the grub menu +Subject: [PATCH 2/9] say the name libreboot, in the grub menu --- grub-core/normal/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 96abfda2f..d806db9c4 100644 +index de9a3f961..1fabb9c86 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c -@@ -209,7 +209,7 @@ grub_normal_init_page (struct grub_term_output *term, +@@ -215,7 +215,7 @@ grub_normal_init_page (struct grub_term_output *term, grub_term_cls (term); @@ -21,5 +21,5 @@ index 96abfda2f..d806db9c4 100644 return; -- -2.39.5 +2.47.3 diff --git a/config/grub/nvme/patches/0003-Add-CC0-license.patch b/config/grub/nvme/patches/0003-Add-CC0-license.patch deleted file mode 100644 index 5b09922b..00000000 --- a/config/grub/nvme/patches/0003-Add-CC0-license.patch +++ /dev/null @@ -1,42 +0,0 @@ -From d1925aadf848c269b35a3004c104e014df582536 Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 03/15] Add CC0 license - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - grub-core/kern/dl.c | 3 ++- - util/grub-module-verifierXX.c | 3 ++- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index de8c3aa8d..4a3be8568 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -495,7 +495,8 @@ grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e) - - if (grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3") == 0 - || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3+") == 0 -- || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv2+") == 0) -+ || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv2+") == 0 -+ || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=CC0") == 0) - return GRUB_ERR_NONE; - - return grub_error (GRUB_ERR_BAD_MODULE, -diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c -index a42c20bd1..7157a30aa 100644 ---- a/util/grub-module-verifierXX.c -+++ b/util/grub-module-verifierXX.c -@@ -236,7 +236,8 @@ check_license (const char * const filename, - Elf_Shdr *s = find_section (arch, e, ".module_license", module_size); - if (s && (strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3") == 0 - || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3+") == 0 -- || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0)) -+ || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0 -+ || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=CC0") == 0)) - return; - grub_util_error ("%s: incompatible license", filename); - } --- -2.39.5 - diff --git a/config/grub/default/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch b/config/grub/nvme/patches/0003-at_keyboard-coreboot-force-scancodes2-translate.patch index 12f6f111..8397b689 100644 --- a/config/grub/default/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch +++ b/config/grub/nvme/patches/0003-at_keyboard-coreboot-force-scancodes2-translate.patch @@ -1,7 +1,7 @@ -From fc815438e70cbb13166ab6711b6f6460521b1fd4 Mon Sep 17 00:00:00 2001 +From b42452eca17efb562e1ffe809ff8d3bdbbda3728 Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Mon, 30 Oct 2023 22:19:21 +0000 -Subject: [PATCH 09/14] at_keyboard coreboot: force scancodes2+translate +Subject: [PATCH 3/9] at_keyboard coreboot: force scancodes2+translate Scan code set 2 with translation should be assumed in every case, as the default starting position. @@ -103,5 +103,5 @@ index f8a129eb7..8207225c2 100644 grub_dprintf ("atkeyb", "returned set %d\n", ps2_state.current_set); if (ps2_state.current_set == 2) -- -2.39.5 +2.47.3 diff --git a/config/grub/nvme/patches/0004-Define-GRUB_UINT32_MAX.patch b/config/grub/nvme/patches/0004-Define-GRUB_UINT32_MAX.patch deleted file mode 100644 index be0e6b13..00000000 --- a/config/grub/nvme/patches/0004-Define-GRUB_UINT32_MAX.patch +++ /dev/null @@ -1,39 +0,0 @@ -From b0adafee9fcd820dd9d1c03a9619953cb3407854 Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 04/15] Define GRUB_UINT32_MAX - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - include/grub/types.h | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/include/grub/types.h b/include/grub/types.h -index 45079bf65..8c0b30395 100644 ---- a/include/grub/types.h -+++ b/include/grub/types.h -@@ -156,6 +156,7 @@ typedef grub_int32_t grub_ssize_t; - #define GRUB_SHRT_MAX 0x7fff - #define GRUB_SHRT_MIN (-GRUB_SHRT_MAX - 1) - #define GRUB_UINT_MAX 4294967295U -+#define GRUB_UINT32_MAX 4294967295U - #define GRUB_INT_MAX 0x7fffffff - #define GRUB_INT_MIN (-GRUB_INT_MAX - 1) - #define GRUB_INT32_MAX 2147483647 -@@ -177,6 +178,13 @@ typedef grub_int32_t grub_ssize_t; - #define GRUB_TYPE_U_MAX(type) ((unsigned long long)((typeof (type))(~0))) - #define GRUB_TYPE_U_MIN(type) 0ULL - -+# define GRUB_UINT32_C(x) x ## U -+# if GRUB_ULONG_MAX >> 31 >> 31 >> 1 == 1 -+# define GRUB_UINT64_C(x) x##UL -+# elif 1 -+# define GRUB_UINT64_C(x) x##ULL -+# endif -+ - typedef grub_uint64_t grub_properly_aligned_t; - - #define GRUB_PROPERLY_ALIGNED_ARRAY(name, size) grub_properly_aligned_t name[((size) + sizeof (grub_properly_aligned_t) - 1) / sizeof (grub_properly_aligned_t)] --- -2.39.5 - diff --git a/config/grub/default/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch b/config/grub/nvme/patches/0004-keylayouts-don-t-print-Unknown-key-message.patch index 8c0a5054..c6a9ee64 100644 --- a/config/grub/default/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch +++ b/config/grub/nvme/patches/0004-keylayouts-don-t-print-Unknown-key-message.patch @@ -1,7 +1,7 @@ -From defb7ad35579c321d32b81af7ddd6fecf34cb618 Mon Sep 17 00:00:00 2001 +From 831d6824c79032db08a68acbbea6ea374399dba4 Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Tue, 31 Oct 2023 10:33:28 +0000 -Subject: [PATCH 10/14] keylayouts: don't print "Unknown key" message +Subject: [PATCH 4/9] keylayouts: don't print "Unknown key" message on keyboards with stuck keys, this results in GRUB just spewing it repeatedly, preventing use of GRUB. @@ -34,5 +34,5 @@ index aa3ba34f2..445fa0601 100644 } -- -2.39.5 +2.47.3 diff --git a/config/grub/nvme/patches/0005-Add-Argon2-algorithm.patch b/config/grub/nvme/patches/0005-Add-Argon2-algorithm.patch deleted file mode 100644 index 772a05d9..00000000 --- a/config/grub/nvme/patches/0005-Add-Argon2-algorithm.patch +++ /dev/null @@ -1,2612 +0,0 @@ -From c42e09330674005d8b2d74f75fca387af87e5465 Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 05/15] Add Argon2 algorithm - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - docs/grub-dev.texi | 64 +++ - grub-core/Makefile.core.def | 8 + - grub-core/lib/argon2/LICENSE | 314 +++++++++++ - grub-core/lib/argon2/argon2.c | 232 ++++++++ - grub-core/lib/argon2/argon2.h | 264 +++++++++ - grub-core/lib/argon2/blake2/blake2-impl.h | 151 ++++++ - grub-core/lib/argon2/blake2/blake2.h | 89 +++ - grub-core/lib/argon2/blake2/blake2b.c | 388 ++++++++++++++ - .../lib/argon2/blake2/blamka-round-ref.h | 56 ++ - grub-core/lib/argon2/core.c | 506 ++++++++++++++++++ - grub-core/lib/argon2/core.h | 228 ++++++++ - grub-core/lib/argon2/ref.c | 190 +++++++ - 12 files changed, 2490 insertions(+) - create mode 100644 grub-core/lib/argon2/LICENSE - create mode 100644 grub-core/lib/argon2/argon2.c - create mode 100644 grub-core/lib/argon2/argon2.h - create mode 100644 grub-core/lib/argon2/blake2/blake2-impl.h - create mode 100644 grub-core/lib/argon2/blake2/blake2.h - create mode 100644 grub-core/lib/argon2/blake2/blake2b.c - create mode 100644 grub-core/lib/argon2/blake2/blamka-round-ref.h - create mode 100644 grub-core/lib/argon2/core.c - create mode 100644 grub-core/lib/argon2/core.h - create mode 100644 grub-core/lib/argon2/ref.c - -diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi -index f4367f895..9d96cedf9 100644 ---- a/docs/grub-dev.texi -+++ b/docs/grub-dev.texi -@@ -503,12 +503,76 @@ GRUB includes some code from other projects, and it is sometimes necessary - to update it. - - @menu -+* Argon2:: - * Gnulib:: - * jsmn:: - * minilzo:: - * libtasn1:: - @end menu - -+@node Argon2 -+@section Argon2 -+ -+Argon2 is a key derivation function used by LUKS2 in order to derive encryption -+keys from a user-provided password. GRUB imports the official reference -+implementation of Argon2 from @url{https://github.com/P-H-C/phc-winner-argon2}. -+In order to make the library usable for GRUB, we need to perform various -+conversions. This is mainly due to the fact that the imported code makes use of -+types and functions defined in the C standard library, which isn't available. -+Furthermore, using the POSIX wrapper library is not possible as the code needs -+to be part of the kernel. -+ -+Updating the code can thus be performed like following: -+ -+@example -+$ git clone https://github.com/P-H-C/phc-winner-argon2 argon2 -+$ cp argon2/include/argon2.h argon2/src/@{argon2.c,core.c,core.h,ref.c@} \ -+ grub-core/lib/argon2/ -+$ cp argon2/src/blake2/@{blake2-impl.h,blake2.h,blake2b.c,blamka-round-ref.h@} \ -+ grub-core/lib/argon2/blake2/ -+$ sed -e 's/UINT32_C/GRUB_UINT32_C/g' \ -+ -e 's/UINT64_C/GRUB_UINT64_C/g' \ -+ -e 's/UINT32_MAX/GRUB_UINT32_MAX/g' \ -+ -e 's/CHAR_BIT/GRUB_CHAR_BIT/g' \ -+ -e 's/UINT_MAX/GRUB_UINT_MAX/g' \ -+ -e 's/uintptr_t/grub_addr_t/g' \ -+ -e 's/size_t/grub_size_t/g' \ -+ -e 's/uint32_t/grub_uint32_t/g' \ -+ -e 's/uint64_t/grub_uint64_t/g' \ -+ -e 's/uint8_t/grub_uint8_t/g' \ -+ -e 's/memset/grub_memset/g' \ -+ -e 's/memcpy/grub_memcpy/g' \ -+ -e 's/malloc/grub_malloc/g' \ -+ -e 's/free/grub_free/g' \ -+ -e 's/#elif _MSC_VER/#elif defined(_MSC_VER)/' \ -+ grub-core/lib/argon2/@{*,blake2/*@}.@{c,h@} -i -+@end example -+ -+Afterwards, you need to perform the following manual steps: -+ -+@enumerate -+@item Remove all includes of standard library headers, "encoding.h" and -+ "thread.h". -+@item Add includes <grub/mm.h> and <grub/misc.h> to "argon2.h". -+@item Add include <grub/dl.h> and module license declaration to "argon2.c". -+@item Remove the following declarations and functions from "argon2.h" and -+ "argon2.c": argon2_type2string, argon2i_hash_encoded, argon2i_hash_raw, -+ argon2d_hash_encoded, argon2d_hash_raw, argon2id_hash_encoded, -+ argon2id_hash_raw, argon2_compare, argon2_verify, argon2i_verify, -+ argon2d_verify, argon2id_verify, argon2d_ctx, argon2i_ctx, argon2id_ctx, -+ argon2_verify_ctx, argon2d_verify_ctx, argon2i_verify_ctx, -+ argon2id_verify_ctx, argon2_encodedlen. -+@item Move the declaration of `clear_internal_memory()` in "blake2-impl.h" to -+ "blake2b.c". -+@item Remove code guarded by the ARGON2_NO_THREADS macro. -+@item Remove parameters `encoded` and `encodedlen` from `argon2_hash` and remove -+ the encoding block in that function. -+@item Remove parameter verifications in `validate_inputs()` for -+ ARGON2_MIN_PWD_LENGTH, ARGON2_MIN_SECRET, ARGON2_MIN_AD_LENGTH and -+ ARGON2_MAX_MEMORY to fix compiler warnings. -+@item Mark the function argon2_ctx as static. -+@end enumerate -+ - @node Gnulib - @section Gnulib - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 24e8c8437..0ee65d54d 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -1219,6 +1219,14 @@ module = { - common = lib/json/json.c; - }; - -+module = { -+ name = argon2; -+ common = lib/argon2/argon2.c; -+ common = lib/argon2/core.c; -+ common = lib/argon2/ref.c; -+ common = lib/argon2/blake2/blake2b.c; -+}; -+ - module = { - name = afsplitter; - common = disk/AFSplitter.c; -diff --git a/grub-core/lib/argon2/LICENSE b/grub-core/lib/argon2/LICENSE -new file mode 100644 -index 000000000..97aae2925 ---- /dev/null -+++ b/grub-core/lib/argon2/LICENSE -@@ -0,0 +1,314 @@ -+Argon2 reference source code package - reference C implementations -+ -+Copyright 2015 -+Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ -+You may use this work under the terms of a Creative Commons CC0 1.0 -+License/Waiver or the Apache Public License 2.0, at your option. The terms of -+these licenses can be found at: -+ -+- CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+- Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ -+The terms of the licenses are reproduced below. -+ -+-------------------------------------------------------------------------------- -+ -+Creative Commons Legal Code -+ -+CC0 1.0 Universal -+ -+ CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE -+ LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN -+ ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS -+ INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES -+ REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS -+ PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM -+ THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED -+ HEREUNDER. -+ -+Statement of Purpose -+ -+The laws of most jurisdictions throughout the world automatically confer -+exclusive Copyright and Related Rights (defined below) upon the creator -+and subsequent owner(s) (each and all, an "owner") of an original work of -+authorship and/or a database (each, a "Work"). -+ -+Certain owners wish to permanently relinquish those rights to a Work for -+the purpose of contributing to a commons of creative, cultural and -+scientific works ("Commons") that the public can reliably and without fear -+of later claims of infringement build upon, modify, incorporate in other -+works, reuse and redistribute as freely as possible in any form whatsoever -+and for any purposes, including without limitation commercial purposes. -+These owners may contribute to the Commons to promote the ideal of a free -+culture and the further production of creative, cultural and scientific -+works, or to gain reputation or greater distribution for their Work in -+part through the use and efforts of others. -+ -+For these and/or other purposes and motivations, and without any -+expectation of additional consideration or compensation, the person -+associating CC0 with a Work (the "Affirmer"), to the extent that he or she -+is an owner of Copyright and Related Rights in the Work, voluntarily -+elects to apply CC0 to the Work and publicly distribute the Work under its -+terms, with knowledge of his or her Copyright and Related Rights in the -+Work and the meaning and intended legal effect of CC0 on those rights. -+ -+1. Copyright and Related Rights. A Work made available under CC0 may be -+protected by copyright and related or neighboring rights ("Copyright and -+Related Rights"). Copyright and Related Rights include, but are not -+limited to, the following: -+ -+ i. the right to reproduce, adapt, distribute, perform, display, -+ communicate, and translate a Work; -+ ii. moral rights retained by the original author(s) and/or performer(s); -+iii. publicity and privacy rights pertaining to a person's image or -+ likeness depicted in a Work; -+ iv. rights protecting against unfair competition in regards to a Work, -+ subject to the limitations in paragraph 4(a), below; -+ v. rights protecting the extraction, dissemination, use and reuse of data -+ in a Work; -+ vi. database rights (such as those arising under Directive 96/9/EC of the -+ European Parliament and of the Council of 11 March 1996 on the legal -+ protection of databases, and under any national implementation -+ thereof, including any amended or successor version of such -+ directive); and -+vii. other similar, equivalent or corresponding rights throughout the -+ world based on applicable law or treaty, and any national -+ implementations thereof. -+ -+2. Waiver. To the greatest extent permitted by, but not in contravention -+of, applicable law, Affirmer hereby overtly, fully, permanently, -+irrevocably and unconditionally waives, abandons, and surrenders all of -+Affirmer's Copyright and Related Rights and associated claims and causes -+of action, whether now known or unknown (including existing as well as -+future claims and causes of action), in the Work (i) in all territories -+worldwide, (ii) for the maximum duration provided by applicable law or -+treaty (including future time extensions), (iii) in any current or future -+medium and for any number of copies, and (iv) for any purpose whatsoever, -+including without limitation commercial, advertising or promotional -+purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each -+member of the public at large and to the detriment of Affirmer's heirs and -+successors, fully intending that such Waiver shall not be subject to -+revocation, rescission, cancellation, termination, or any other legal or -+equitable action to disrupt the quiet enjoyment of the Work by the public -+as contemplated by Affirmer's express Statement of Purpose. -+ -+3. Public License Fallback. Should any part of the Waiver for any reason -+be judged legally invalid or ineffective under applicable law, then the -+Waiver shall be preserved to the maximum extent permitted taking into -+account Affirmer's express Statement of Purpose. In addition, to the -+extent the Waiver is so judged Affirmer hereby grants to each affected -+person a royalty-free, non transferable, non sublicensable, non exclusive, -+irrevocable and unconditional license to exercise Affirmer's Copyright and -+Related Rights in the Work (i) in all territories worldwide, (ii) for the -+maximum duration provided by applicable law or treaty (including future -+time extensions), (iii) in any current or future medium and for any number -+of copies, and (iv) for any purpose whatsoever, including without -+limitation commercial, advertising or promotional purposes (the -+"License"). The License shall be deemed effective as of the date CC0 was -+applied by Affirmer to the Work. Should any part of the License for any -+reason be judged legally invalid or ineffective under applicable law, such -+partial invalidity or ineffectiveness shall not invalidate the remainder -+of the License, and in such case Affirmer hereby affirms that he or she -+will not (i) exercise any of his or her remaining Copyright and Related -+Rights in the Work or (ii) assert any associated claims and causes of -+action with respect to the Work, in either case contrary to Affirmer's -+express Statement of Purpose. -+ -+4. Limitations and Disclaimers. -+ -+ a. No trademark or patent rights held by Affirmer are waived, abandoned, -+ surrendered, licensed or otherwise affected by this document. -+ b. Affirmer offers the Work as-is and makes no representations or -+ warranties of any kind concerning the Work, express, implied, -+ statutory or otherwise, including without limitation warranties of -+ title, merchantability, fitness for a particular purpose, non -+ infringement, or the absence of latent or other defects, accuracy, or -+ the present or absence of errors, whether or not discoverable, all to -+ the greatest extent permissible under applicable law. -+ c. Affirmer disclaims responsibility for clearing rights of other persons -+ that may apply to the Work or any use thereof, including without -+ limitation any person's Copyright and Related Rights in the Work. -+ Further, Affirmer disclaims responsibility for obtaining any necessary -+ consents, permissions or other rights required for any use of the -+ Work. -+ d. Affirmer understands and acknowledges that Creative Commons is not a -+ party to this document and has no duty or obligation with respect to -+ this CC0 or use of the Work. -+ -+-------------------------------------------------------------------------------- -+ -+ Apache License -+ Version 2.0, January 2004 -+ http://www.apache.org/licenses/ -+ -+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION -+ -+ 1. Definitions. -+ -+ "License" shall mean the terms and conditions for use, reproduction, -+ and distribution as defined by Sections 1 through 9 of this document. -+ -+ "Licensor" shall mean the copyright owner or entity authorized by -+ the copyright owner that is granting the License. -+ -+ "Legal Entity" shall mean the union of the acting entity and all -+ other entities that control, are controlled by, or are under common -+ control with that entity. For the purposes of this definition, -+ "control" means (i) the power, direct or indirect, to cause the -+ direction or management of such entity, whether by contract or -+ otherwise, or (ii) ownership of fifty percent (50%) or more of the -+ outstanding shares, or (iii) beneficial ownership of such entity. -+ -+ "You" (or "Your") shall mean an individual or Legal Entity -+ exercising permissions granted by this License. -+ -+ "Source" form shall mean the preferred form for making modifications, -+ including but not limited to software source code, documentation -+ source, and configuration files. -+ -+ "Object" form shall mean any form resulting from mechanical -+ transformation or translation of a Source form, including but -+ not limited to compiled object code, generated documentation, -+ and conversions to other media types. -+ -+ "Work" shall mean the work of authorship, whether in Source or -+ Object form, made available under the License, as indicated by a -+ copyright notice that is included in or attached to the work -+ (an example is provided in the Appendix below). -+ -+ "Derivative Works" shall mean any work, whether in Source or Object -+ form, that is based on (or derived from) the Work and for which the -+ editorial revisions, annotations, elaborations, or other modifications -+ represent, as a whole, an original work of authorship. For the purposes -+ of this License, Derivative Works shall not include works that remain -+ separable from, or merely link (or bind by name) to the interfaces of, -+ the Work and Derivative Works thereof. -+ -+ "Contribution" shall mean any work of authorship, including -+ the original version of the Work and any modifications or additions -+ to that Work or Derivative Works thereof, that is intentionally -+ submitted to Licensor for inclusion in the Work by the copyright owner -+ or by an individual or Legal Entity authorized to submit on behalf of -+ the copyright owner. For the purposes of this definition, "submitted" -+ means any form of electronic, verbal, or written communication sent -+ to the Licensor or its representatives, including but not limited to -+ communication on electronic mailing lists, source code control systems, -+ and issue tracking systems that are managed by, or on behalf of, the -+ Licensor for the purpose of discussing and improving the Work, but -+ excluding communication that is conspicuously marked or otherwise -+ designated in writing by the copyright owner as "Not a Contribution." -+ -+ "Contributor" shall mean Licensor and any individual or Legal Entity -+ on behalf of whom a Contribution has been received by Licensor and -+ subsequently incorporated within the Work. -+ -+ 2. Grant of Copyright License. Subject to the terms and conditions of -+ this License, each Contributor hereby grants to You a perpetual, -+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable -+ copyright license to reproduce, prepare Derivative Works of, -+ publicly display, publicly perform, sublicense, and distribute the -+ Work and such Derivative Works in Source or Object form. -+ -+ 3. Grant of Patent License. Subject to the terms and conditions of -+ this License, each Contributor hereby grants to You a perpetual, -+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable -+ (except as stated in this section) patent license to make, have made, -+ use, offer to sell, sell, import, and otherwise transfer the Work, -+ where such license applies only to those patent claims licensable -+ by such Contributor that are necessarily infringed by their -+ Contribution(s) alone or by combination of their Contribution(s) -+ with the Work to which such Contribution(s) was submitted. If You -+ institute patent litigation against any entity (including a -+ cross-claim or counterclaim in a lawsuit) alleging that the Work -+ or a Contribution incorporated within the Work constitutes direct -+ or contributory patent infringement, then any patent licenses -+ granted to You under this License for that Work shall terminate -+ as of the date such litigation is filed. -+ -+ 4. Redistribution. You may reproduce and distribute copies of the -+ Work or Derivative Works thereof in any medium, with or without -+ modifications, and in Source or Object form, provided that You -+ meet the following conditions: -+ -+ (a) You must give any other recipients of the Work or -+ Derivative Works a copy of this License; and -+ -+ (b) You must cause any modified files to carry prominent notices -+ stating that You changed the files; and -+ -+ (c) You must retain, in the Source form of any Derivative Works -+ that You distribute, all copyright, patent, trademark, and -+ attribution notices from the Source form of the Work, -+ excluding those notices that do not pertain to any part of -+ the Derivative Works; and -+ -+ (d) If the Work includes a "NOTICE" text file as part of its -+ distribution, then any Derivative Works that You distribute must -+ include a readable copy of the attribution notices contained -+ within such NOTICE file, excluding those notices that do not -+ pertain to any part of the Derivative Works, in at least one -+ of the following places: within a NOTICE text file distributed -+ as part of the Derivative Works; within the Source form or -+ documentation, if provided along with the Derivative Works; or, -+ within a display generated by the Derivative Works, if and -+ wherever such third-party notices normally appear. The contents -+ of the NOTICE file are for informational purposes only and -+ do not modify the License. You may add Your own attribution -+ notices within Derivative Works that You distribute, alongside -+ or as an addendum to the NOTICE text from the Work, provided -+ that such additional attribution notices cannot be construed -+ as modifying the License. -+ -+ You may add Your own copyright statement to Your modifications and -+ may provide additional or different license terms and conditions -+ for use, reproduction, or distribution of Your modifications, or -+ for any such Derivative Works as a whole, provided Your use, -+ reproduction, and distribution of the Work otherwise complies with -+ the conditions stated in this License. -+ -+ 5. Submission of Contributions. Unless You explicitly state otherwise, -+ any Contribution intentionally submitted for inclusion in the Work -+ by You to the Licensor shall be under the terms and conditions of -+ this License, without any additional terms or conditions. -+ Notwithstanding the above, nothing herein shall supersede or modify -+ the terms of any separate license agreement you may have executed -+ with Licensor regarding such Contributions. -+ -+ 6. Trademarks. This License does not grant permission to use the trade -+ names, trademarks, service marks, or product names of the Licensor, -+ except as required for reasonable and customary use in describing the -+ origin of the Work and reproducing the content of the NOTICE file. -+ -+ 7. Disclaimer of Warranty. Unless required by applicable law or -+ agreed to in writing, Licensor provides the Work (and each -+ Contributor provides its Contributions) on an "AS IS" BASIS, -+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -+ implied, including, without limitation, any warranties or conditions -+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A -+ PARTICULAR PURPOSE. You are solely responsible for determining the -+ appropriateness of using or redistributing the Work and assume any -+ risks associated with Your exercise of permissions under this License. -+ -+ 8. Limitation of Liability. In no event and under no legal theory, -+ whether in tort (including negligence), contract, or otherwise, -+ unless required by applicable law (such as deliberate and grossly -+ negligent acts) or agreed to in writing, shall any Contributor be -+ liable to You for damages, including any direct, indirect, special, -+ incidental, or consequential damages of any character arising as a -+ result of this License or out of the use or inability to use the -+ Work (including but not limited to damages for loss of goodwill, -+ work stoppage, computer failure or malfunction, or any and all -+ other commercial damages or losses), even if such Contributor -+ has been advised of the possibility of such damages. -+ -+ 9. Accepting Warranty or Additional Liability. While redistributing -+ the Work or Derivative Works thereof, You may choose to offer, -+ and charge a fee for, acceptance of support, warranty, indemnity, -+ or other liability obligations and/or rights consistent with this -+ License. However, in accepting such obligations, You may act only -+ on Your own behalf and on Your sole responsibility, not on behalf -+ of any other Contributor, and only if You agree to indemnify, -+ defend, and hold each Contributor harmless for any liability -+ incurred by, or claims asserted against, such Contributor by reason -+ of your accepting any such warranty or additional liability. -diff --git a/grub-core/lib/argon2/argon2.c b/grub-core/lib/argon2/argon2.c -new file mode 100644 -index 000000000..49532fe80 ---- /dev/null -+++ b/grub-core/lib/argon2/argon2.c -@@ -0,0 +1,232 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#include <grub/dl.h> -+ -+#include "argon2.h" -+#include "core.h" -+ -+GRUB_MOD_LICENSE ("CC0"); -+ -+static int argon2_ctx(argon2_context *context, argon2_type type) { -+ /* 1. Validate all inputs */ -+ int result = validate_inputs(context); -+ grub_uint32_t memory_blocks, segment_length; -+ argon2_instance_t instance; -+ -+ if (ARGON2_OK != result) { -+ return result; -+ } -+ -+ if (Argon2_d != type && Argon2_i != type && Argon2_id != type) { -+ return ARGON2_INCORRECT_TYPE; -+ } -+ -+ /* 2. Align memory size */ -+ /* Minimum memory_blocks = 8L blocks, where L is the number of lanes */ -+ memory_blocks = context->m_cost; -+ -+ if (memory_blocks < 2 * ARGON2_SYNC_POINTS * context->lanes) { -+ memory_blocks = 2 * ARGON2_SYNC_POINTS * context->lanes; -+ } -+ -+ segment_length = memory_blocks / (context->lanes * ARGON2_SYNC_POINTS); -+ /* Ensure that all segments have equal length */ -+ memory_blocks = segment_length * (context->lanes * ARGON2_SYNC_POINTS); -+ -+ instance.version = context->version; -+ instance.memory = NULL; -+ instance.passes = context->t_cost; -+ instance.memory_blocks = memory_blocks; -+ instance.segment_length = segment_length; -+ instance.lane_length = segment_length * ARGON2_SYNC_POINTS; -+ instance.lanes = context->lanes; -+ instance.threads = context->threads; -+ instance.type = type; -+ -+ if (instance.threads > instance.lanes) { -+ instance.threads = instance.lanes; -+ } -+ -+ /* 3. Initialization: Hashing inputs, allocating memory, filling first -+ * blocks -+ */ -+ result = initialize(&instance, context); -+ -+ if (ARGON2_OK != result) { -+ return result; -+ } -+ -+ /* 4. Filling memory */ -+ result = fill_memory_blocks(&instance); -+ -+ if (ARGON2_OK != result) { -+ return result; -+ } -+ /* 5. Finalization */ -+ finalize(context, &instance); -+ -+ return ARGON2_OK; -+} -+ -+int argon2_hash(const grub_uint32_t t_cost, const grub_uint32_t m_cost, -+ const grub_uint32_t parallelism, const void *pwd, -+ const grub_size_t pwdlen, const void *salt, const grub_size_t saltlen, -+ void *hash, const grub_size_t hashlen, argon2_type type, -+ const grub_uint32_t version){ -+ -+ argon2_context context; -+ int result; -+ grub_uint8_t *out; -+ -+ if (pwdlen > ARGON2_MAX_PWD_LENGTH) { -+ return ARGON2_PWD_TOO_LONG; -+ } -+ -+ if (saltlen > ARGON2_MAX_SALT_LENGTH) { -+ return ARGON2_SALT_TOO_LONG; -+ } -+ -+ if (hashlen > ARGON2_MAX_OUTLEN) { -+ return ARGON2_OUTPUT_TOO_LONG; -+ } -+ -+ if (hashlen < ARGON2_MIN_OUTLEN) { -+ return ARGON2_OUTPUT_TOO_SHORT; -+ } -+ -+ out = grub_malloc(hashlen); -+ if (!out) { -+ return ARGON2_MEMORY_ALLOCATION_ERROR; -+ } -+ -+ context.out = (grub_uint8_t *)out; -+ context.outlen = (grub_uint32_t)hashlen; -+ context.pwd = CONST_CAST(grub_uint8_t *)pwd; -+ context.pwdlen = (grub_uint32_t)pwdlen; -+ context.salt = CONST_CAST(grub_uint8_t *)salt; -+ context.saltlen = (grub_uint32_t)saltlen; -+ context.secret = NULL; -+ context.secretlen = 0; -+ context.ad = NULL; -+ context.adlen = 0; -+ context.t_cost = t_cost; -+ context.m_cost = m_cost; -+ context.lanes = parallelism; -+ context.threads = parallelism; -+ context.allocate_cbk = NULL; -+ context.grub_free_cbk = NULL; -+ context.flags = ARGON2_DEFAULT_FLAGS; -+ context.version = version; -+ -+ result = argon2_ctx(&context, type); -+ -+ if (result != ARGON2_OK) { -+ clear_internal_memory(out, hashlen); -+ grub_free(out); -+ return result; -+ } -+ -+ /* if raw hash requested, write it */ -+ if (hash) { -+ grub_memcpy(hash, out, hashlen); -+ } -+ -+ clear_internal_memory(out, hashlen); -+ grub_free(out); -+ -+ return ARGON2_OK; -+} -+ -+const char *argon2_error_message(int error_code) { -+ switch (error_code) { -+ case ARGON2_OK: -+ return "OK"; -+ case ARGON2_OUTPUT_PTR_NULL: -+ return "Output pointer is NULL"; -+ case ARGON2_OUTPUT_TOO_SHORT: -+ return "Output is too short"; -+ case ARGON2_OUTPUT_TOO_LONG: -+ return "Output is too long"; -+ case ARGON2_PWD_TOO_SHORT: -+ return "Password is too short"; -+ case ARGON2_PWD_TOO_LONG: -+ return "Password is too long"; -+ case ARGON2_SALT_TOO_SHORT: -+ return "Salt is too short"; -+ case ARGON2_SALT_TOO_LONG: -+ return "Salt is too long"; -+ case ARGON2_AD_TOO_SHORT: -+ return "Associated data is too short"; -+ case ARGON2_AD_TOO_LONG: -+ return "Associated data is too long"; -+ case ARGON2_SECRET_TOO_SHORT: -+ return "Secret is too short"; -+ case ARGON2_SECRET_TOO_LONG: -+ return "Secret is too long"; -+ case ARGON2_TIME_TOO_SMALL: -+ return "Time cost is too small"; -+ case ARGON2_TIME_TOO_LARGE: -+ return "Time cost is too large"; -+ case ARGON2_MEMORY_TOO_LITTLE: -+ return "Memory cost is too small"; -+ case ARGON2_MEMORY_TOO_MUCH: -+ return "Memory cost is too large"; -+ case ARGON2_LANES_TOO_FEW: -+ return "Too few lanes"; -+ case ARGON2_LANES_TOO_MANY: -+ return "Too many lanes"; -+ case ARGON2_PWD_PTR_MISMATCH: -+ return "Password pointer is NULL, but password length is not 0"; -+ case ARGON2_SALT_PTR_MISMATCH: -+ return "Salt pointer is NULL, but salt length is not 0"; -+ case ARGON2_SECRET_PTR_MISMATCH: -+ return "Secret pointer is NULL, but secret length is not 0"; -+ case ARGON2_AD_PTR_MISMATCH: -+ return "Associated data pointer is NULL, but ad length is not 0"; -+ case ARGON2_MEMORY_ALLOCATION_ERROR: -+ return "Memory allocation error"; -+ case ARGON2_FREE_MEMORY_CBK_NULL: -+ return "The grub_free memory callback is NULL"; -+ case ARGON2_ALLOCATE_MEMORY_CBK_NULL: -+ return "The allocate memory callback is NULL"; -+ case ARGON2_INCORRECT_PARAMETER: -+ return "Argon2_Context context is NULL"; -+ case ARGON2_INCORRECT_TYPE: -+ return "There is no such version of Argon2"; -+ case ARGON2_OUT_PTR_MISMATCH: -+ return "Output pointer mismatch"; -+ case ARGON2_THREADS_TOO_FEW: -+ return "Not enough threads"; -+ case ARGON2_THREADS_TOO_MANY: -+ return "Too many threads"; -+ case ARGON2_MISSING_ARGS: -+ return "Missing arguments"; -+ case ARGON2_ENCODING_FAIL: -+ return "Encoding failed"; -+ case ARGON2_DECODING_FAIL: -+ return "Decoding failed"; -+ case ARGON2_THREAD_FAIL: -+ return "Threading failure"; -+ case ARGON2_DECODING_LENGTH_FAIL: -+ return "Some of encoded parameters are too long or too short"; -+ case ARGON2_VERIFY_MISMATCH: -+ return "The password does not match the supplied hash"; -+ default: -+ return "Unknown error code"; -+ } -+} -diff --git a/grub-core/lib/argon2/argon2.h b/grub-core/lib/argon2/argon2.h -new file mode 100644 -index 000000000..129f7efbd ---- /dev/null -+++ b/grub-core/lib/argon2/argon2.h -@@ -0,0 +1,264 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef ARGON2_H -+#define ARGON2_H -+ -+#include <grub/misc.h> -+#include <grub/mm.h> -+ -+#if defined(__cplusplus) -+extern "C" { -+#endif -+ -+/* Symbols visibility control */ -+#ifdef A2_VISCTL -+#define ARGON2_PUBLIC __attribute__((visibility("default"))) -+#define ARGON2_LOCAL __attribute__ ((visibility ("hidden"))) -+#elif defined(_MSC_VER) -+#define ARGON2_PUBLIC __declspec(dllexport) -+#define ARGON2_LOCAL -+#else -+#define ARGON2_PUBLIC -+#define ARGON2_LOCAL -+#endif -+ -+/* -+ * Argon2 input parameter restrictions -+ */ -+ -+/* Minimum and maximum number of lanes (degree of parallelism) */ -+#define ARGON2_MIN_LANES GRUB_UINT32_C(1) -+#define ARGON2_MAX_LANES GRUB_UINT32_C(0xFFFFFF) -+ -+/* Minimum and maximum number of threads */ -+#define ARGON2_MIN_THREADS GRUB_UINT32_C(1) -+#define ARGON2_MAX_THREADS GRUB_UINT32_C(0xFFFFFF) -+ -+/* Number of synchronization points between lanes per pass */ -+#define ARGON2_SYNC_POINTS GRUB_UINT32_C(4) -+ -+/* Minimum and maximum digest size in bytes */ -+#define ARGON2_MIN_OUTLEN GRUB_UINT32_C(4) -+#define ARGON2_MAX_OUTLEN GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum number of memory blocks (each of BLOCK_SIZE bytes) */ -+#define ARGON2_MIN_MEMORY (2 * ARGON2_SYNC_POINTS) /* 2 blocks per slice */ -+ -+#define ARGON2_MIN(a, b) ((a) < (b) ? (a) : (b)) -+/* Max memory size is addressing-space/2, topping at 2^32 blocks (4 TB) */ -+#define ARGON2_MAX_MEMORY_BITS \ -+ ARGON2_MIN(GRUB_UINT32_C(32), (sizeof(void *) * GRUB_CHAR_BIT - 10 - 1)) -+#define ARGON2_MAX_MEMORY \ -+ ARGON2_MIN(GRUB_UINT32_C(0xFFFFFFFF), GRUB_UINT64_C(1) << ARGON2_MAX_MEMORY_BITS) -+ -+/* Minimum and maximum number of passes */ -+#define ARGON2_MIN_TIME GRUB_UINT32_C(1) -+#define ARGON2_MAX_TIME GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum password length in bytes */ -+#define ARGON2_MIN_PWD_LENGTH GRUB_UINT32_C(0) -+#define ARGON2_MAX_PWD_LENGTH GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum associated data length in bytes */ -+#define ARGON2_MIN_AD_LENGTH GRUB_UINT32_C(0) -+#define ARGON2_MAX_AD_LENGTH GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum salt length in bytes */ -+#define ARGON2_MIN_SALT_LENGTH GRUB_UINT32_C(8) -+#define ARGON2_MAX_SALT_LENGTH GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum key length in bytes */ -+#define ARGON2_MIN_SECRET GRUB_UINT32_C(0) -+#define ARGON2_MAX_SECRET GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Flags to determine which fields are securely wiped (default = no wipe). */ -+#define ARGON2_DEFAULT_FLAGS GRUB_UINT32_C(0) -+#define ARGON2_FLAG_CLEAR_PASSWORD (GRUB_UINT32_C(1) << 0) -+#define ARGON2_FLAG_CLEAR_SECRET (GRUB_UINT32_C(1) << 1) -+ -+/* Global flag to determine if we are wiping internal memory buffers. This flag -+ * is defined in core.c and defaults to 1 (wipe internal memory). */ -+extern int FLAG_clear_internal_memory; -+ -+/* Error codes */ -+typedef enum Argon2_ErrorCodes { -+ ARGON2_OK = 0, -+ -+ ARGON2_OUTPUT_PTR_NULL = -1, -+ -+ ARGON2_OUTPUT_TOO_SHORT = -2, -+ ARGON2_OUTPUT_TOO_LONG = -3, -+ -+ ARGON2_PWD_TOO_SHORT = -4, -+ ARGON2_PWD_TOO_LONG = -5, -+ -+ ARGON2_SALT_TOO_SHORT = -6, -+ ARGON2_SALT_TOO_LONG = -7, -+ -+ ARGON2_AD_TOO_SHORT = -8, -+ ARGON2_AD_TOO_LONG = -9, -+ -+ ARGON2_SECRET_TOO_SHORT = -10, -+ ARGON2_SECRET_TOO_LONG = -11, -+ -+ ARGON2_TIME_TOO_SMALL = -12, -+ ARGON2_TIME_TOO_LARGE = -13, -+ -+ ARGON2_MEMORY_TOO_LITTLE = -14, -+ ARGON2_MEMORY_TOO_MUCH = -15, -+ -+ ARGON2_LANES_TOO_FEW = -16, -+ ARGON2_LANES_TOO_MANY = -17, -+ -+ ARGON2_PWD_PTR_MISMATCH = -18, /* NULL ptr with non-zero length */ -+ ARGON2_SALT_PTR_MISMATCH = -19, /* NULL ptr with non-zero length */ -+ ARGON2_SECRET_PTR_MISMATCH = -20, /* NULL ptr with non-zero length */ -+ ARGON2_AD_PTR_MISMATCH = -21, /* NULL ptr with non-zero length */ -+ -+ ARGON2_MEMORY_ALLOCATION_ERROR = -22, -+ -+ ARGON2_FREE_MEMORY_CBK_NULL = -23, -+ ARGON2_ALLOCATE_MEMORY_CBK_NULL = -24, -+ -+ ARGON2_INCORRECT_PARAMETER = -25, -+ ARGON2_INCORRECT_TYPE = -26, -+ -+ ARGON2_OUT_PTR_MISMATCH = -27, -+ -+ ARGON2_THREADS_TOO_FEW = -28, -+ ARGON2_THREADS_TOO_MANY = -29, -+ -+ ARGON2_MISSING_ARGS = -30, -+ -+ ARGON2_ENCODING_FAIL = -31, -+ -+ ARGON2_DECODING_FAIL = -32, -+ -+ ARGON2_THREAD_FAIL = -33, -+ -+ ARGON2_DECODING_LENGTH_FAIL = -34, -+ -+ ARGON2_VERIFY_MISMATCH = -35 -+} argon2_error_codes; -+ -+/* Memory allocator types --- for external allocation */ -+typedef int (*allocate_fptr)(grub_uint8_t **memory, grub_size_t bytes_to_allocate); -+typedef void (*deallocate_fptr)(grub_uint8_t *memory, grub_size_t bytes_to_allocate); -+ -+/* Argon2 external data structures */ -+ -+/* -+ ***** -+ * Context: structure to hold Argon2 inputs: -+ * output array and its length, -+ * password and its length, -+ * salt and its length, -+ * secret and its length, -+ * associated data and its length, -+ * number of passes, amount of used memory (in KBytes, can be rounded up a bit) -+ * number of parallel threads that will be run. -+ * All the parameters above affect the output hash value. -+ * Additionally, two function pointers can be provided to allocate and -+ * deallocate the memory (if NULL, memory will be allocated internally). -+ * Also, three flags indicate whether to erase password, secret as soon as they -+ * are pre-hashed (and thus not needed anymore), and the entire memory -+ ***** -+ * Simplest situation: you have output array out[8], password is stored in -+ * pwd[32], salt is stored in salt[16], you do not have keys nor associated -+ * data. You need to spend 1 GB of RAM and you run 5 passes of Argon2d with -+ * 4 parallel lanes. -+ * You want to erase the password, but you're OK with last pass not being -+ * erased. You want to use the default memory allocator. -+ * Then you initialize: -+ Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false) -+ */ -+typedef struct Argon2_Context { -+ grub_uint8_t *out; /* output array */ -+ grub_uint32_t outlen; /* digest length */ -+ -+ grub_uint8_t *pwd; /* password array */ -+ grub_uint32_t pwdlen; /* password length */ -+ -+ grub_uint8_t *salt; /* salt array */ -+ grub_uint32_t saltlen; /* salt length */ -+ -+ grub_uint8_t *secret; /* key array */ -+ grub_uint32_t secretlen; /* key length */ -+ -+ grub_uint8_t *ad; /* associated data array */ -+ grub_uint32_t adlen; /* associated data length */ -+ -+ grub_uint32_t t_cost; /* number of passes */ -+ grub_uint32_t m_cost; /* amount of memory requested (KB) */ -+ grub_uint32_t lanes; /* number of lanes */ -+ grub_uint32_t threads; /* maximum number of threads */ -+ -+ grub_uint32_t version; /* version number */ -+ -+ allocate_fptr allocate_cbk; /* pointer to memory allocator */ -+ deallocate_fptr grub_free_cbk; /* pointer to memory deallocator */ -+ -+ grub_uint32_t flags; /* array of bool options */ -+} argon2_context; -+ -+/* Argon2 primitive type */ -+typedef enum Argon2_type { -+ Argon2_d = 0, -+ Argon2_i = 1, -+ Argon2_id = 2 -+} argon2_type; -+ -+/* Version of the algorithm */ -+typedef enum Argon2_version { -+ ARGON2_VERSION_10 = 0x10, -+ ARGON2_VERSION_13 = 0x13, -+ ARGON2_VERSION_NUMBER = ARGON2_VERSION_13 -+} argon2_version; -+ -+/** -+ * Hashes a password with Argon2, producing a raw hash at @hash -+ * @param t_cost Number of iterations -+ * @param m_cost Sets memory usage to m_cost kibibytes -+ * @param parallelism Number of threads and compute lanes -+ * @param pwd Pointer to password -+ * @param pwdlen Password size in bytes -+ * @param salt Pointer to salt -+ * @param saltlen Salt size in bytes -+ * @param hash Buffer where to write the raw hash - updated by the function -+ * @param hashlen Desired length of the hash in bytes -+ * @pre Different parallelism levels will give different results -+ * @pre Returns ARGON2_OK if successful -+ */ -+ARGON2_PUBLIC int argon2_hash(const grub_uint32_t t_cost, const grub_uint32_t m_cost, -+ const grub_uint32_t parallelism, const void *pwd, -+ const grub_size_t pwdlen, const void *salt, -+ const grub_size_t saltlen, void *hash, -+ const grub_size_t hashlen, argon2_type type, -+ const grub_uint32_t version); -+ -+/** -+ * Get the associated error message for given error code -+ * @return The error message associated with the given error code -+ */ -+ARGON2_PUBLIC const char *argon2_error_message(int error_code); -+ -+#if defined(__cplusplus) -+} -+#endif -+ -+#endif -diff --git a/grub-core/lib/argon2/blake2/blake2-impl.h b/grub-core/lib/argon2/blake2/blake2-impl.h -new file mode 100644 -index 000000000..3a795680b ---- /dev/null -+++ b/grub-core/lib/argon2/blake2/blake2-impl.h -@@ -0,0 +1,151 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef PORTABLE_BLAKE2_IMPL_H -+#define PORTABLE_BLAKE2_IMPL_H -+ -+#if defined(_MSC_VER) -+#define BLAKE2_INLINE __inline -+#elif defined(__GNUC__) || defined(__clang__) -+#define BLAKE2_INLINE __inline__ -+#else -+#define BLAKE2_INLINE -+#endif -+ -+/* Argon2 Team - Begin Code */ -+/* -+ Not an exhaustive list, but should cover the majority of modern platforms -+ Additionally, the code will always be correct---this is only a performance -+ tweak. -+*/ -+#if (defined(__BYTE_ORDER__) && \ -+ (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) || \ -+ defined(__LITTLE_ENDIAN__) || defined(__ARMEL__) || defined(__MIPSEL__) || \ -+ defined(__AARCH64EL__) || defined(__amd64__) || defined(__i386__) || \ -+ defined(_M_IX86) || defined(_M_X64) || defined(_M_AMD64) || \ -+ defined(_M_ARM) -+#define NATIVE_LITTLE_ENDIAN -+#endif -+/* Argon2 Team - End Code */ -+ -+static BLAKE2_INLINE grub_uint32_t load32(const void *src) { -+#if defined(NATIVE_LITTLE_ENDIAN) -+ grub_uint32_t w; -+ grub_memcpy(&w, src, sizeof w); -+ return w; -+#else -+ const grub_uint8_t *p = (const grub_uint8_t *)src; -+ grub_uint32_t w = *p++; -+ w |= (grub_uint32_t)(*p++) << 8; -+ w |= (grub_uint32_t)(*p++) << 16; -+ w |= (grub_uint32_t)(*p++) << 24; -+ return w; -+#endif -+} -+ -+static BLAKE2_INLINE grub_uint64_t load64(const void *src) { -+#if defined(NATIVE_LITTLE_ENDIAN) -+ grub_uint64_t w; -+ grub_memcpy(&w, src, sizeof w); -+ return w; -+#else -+ const grub_uint8_t *p = (const grub_uint8_t *)src; -+ grub_uint64_t w = *p++; -+ w |= (grub_uint64_t)(*p++) << 8; -+ w |= (grub_uint64_t)(*p++) << 16; -+ w |= (grub_uint64_t)(*p++) << 24; -+ w |= (grub_uint64_t)(*p++) << 32; -+ w |= (grub_uint64_t)(*p++) << 40; -+ w |= (grub_uint64_t)(*p++) << 48; -+ w |= (grub_uint64_t)(*p++) << 56; -+ return w; -+#endif -+} -+ -+static BLAKE2_INLINE void store32(void *dst, grub_uint32_t w) { -+#if defined(NATIVE_LITTLE_ENDIAN) -+ grub_memcpy(dst, &w, sizeof w); -+#else -+ grub_uint8_t *p = (grub_uint8_t *)dst; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+#endif -+} -+ -+static BLAKE2_INLINE void store64(void *dst, grub_uint64_t w) { -+#if defined(NATIVE_LITTLE_ENDIAN) -+ grub_memcpy(dst, &w, sizeof w); -+#else -+ grub_uint8_t *p = (grub_uint8_t *)dst; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+#endif -+} -+ -+static BLAKE2_INLINE grub_uint64_t load48(const void *src) { -+ const grub_uint8_t *p = (const grub_uint8_t *)src; -+ grub_uint64_t w = *p++; -+ w |= (grub_uint64_t)(*p++) << 8; -+ w |= (grub_uint64_t)(*p++) << 16; -+ w |= (grub_uint64_t)(*p++) << 24; -+ w |= (grub_uint64_t)(*p++) << 32; -+ w |= (grub_uint64_t)(*p++) << 40; -+ return w; -+} -+ -+static BLAKE2_INLINE void store48(void *dst, grub_uint64_t w) { -+ grub_uint8_t *p = (grub_uint8_t *)dst; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+} -+ -+static BLAKE2_INLINE grub_uint32_t rotr32(const grub_uint32_t w, const unsigned c) { -+ return (w >> c) | (w << (32 - c)); -+} -+ -+static BLAKE2_INLINE grub_uint64_t rotr64(const grub_uint64_t w, const unsigned c) { -+ return (w >> c) | (w << (64 - c)); -+} -+ -+#endif -diff --git a/grub-core/lib/argon2/blake2/blake2.h b/grub-core/lib/argon2/blake2/blake2.h -new file mode 100644 -index 000000000..4e8efeb22 ---- /dev/null -+++ b/grub-core/lib/argon2/blake2/blake2.h -@@ -0,0 +1,89 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef PORTABLE_BLAKE2_H -+#define PORTABLE_BLAKE2_H -+ -+#include "../argon2.h" -+ -+#if defined(__cplusplus) -+extern "C" { -+#endif -+ -+enum blake2b_constant { -+ BLAKE2B_BLOCKBYTES = 128, -+ BLAKE2B_OUTBYTES = 64, -+ BLAKE2B_KEYBYTES = 64, -+ BLAKE2B_SALTBYTES = 16, -+ BLAKE2B_PERSONALBYTES = 16 -+}; -+ -+#pragma pack(push, 1) -+typedef struct __blake2b_param { -+ grub_uint8_t digest_length; /* 1 */ -+ grub_uint8_t key_length; /* 2 */ -+ grub_uint8_t fanout; /* 3 */ -+ grub_uint8_t depth; /* 4 */ -+ grub_uint32_t leaf_length; /* 8 */ -+ grub_uint64_t node_offset; /* 16 */ -+ grub_uint8_t node_depth; /* 17 */ -+ grub_uint8_t inner_length; /* 18 */ -+ grub_uint8_t reserved[14]; /* 32 */ -+ grub_uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ -+ grub_uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ -+} blake2b_param; -+#pragma pack(pop) -+ -+typedef struct __blake2b_state { -+ grub_uint64_t h[8]; -+ grub_uint64_t t[2]; -+ grub_uint64_t f[2]; -+ grub_uint8_t buf[BLAKE2B_BLOCKBYTES]; -+ unsigned buflen; -+ unsigned outlen; -+ grub_uint8_t last_node; -+} blake2b_state; -+ -+/* Ensure param structs have not been wrongly padded */ -+/* Poor man's static_assert */ -+enum { -+ blake2_size_check_0 = 1 / !!(GRUB_CHAR_BIT == 8), -+ blake2_size_check_2 = -+ 1 / !!(sizeof(blake2b_param) == sizeof(grub_uint64_t) * GRUB_CHAR_BIT) -+}; -+ -+/* Streaming API */ -+ARGON2_LOCAL int blake2b_init(blake2b_state *S, grub_size_t outlen); -+ARGON2_LOCAL int blake2b_init_key(blake2b_state *S, grub_size_t outlen, const void *key, -+ grub_size_t keylen); -+ARGON2_LOCAL int blake2b_init_param(blake2b_state *S, const blake2b_param *P); -+ARGON2_LOCAL int blake2b_update(blake2b_state *S, const void *in, grub_size_t inlen); -+ARGON2_LOCAL int blake2b_final(blake2b_state *S, void *out, grub_size_t outlen); -+ -+/* Simple API */ -+ARGON2_LOCAL int blake2b(void *out, grub_size_t outlen, const void *in, grub_size_t inlen, -+ const void *key, grub_size_t keylen); -+ -+/* Argon2 Team - Begin Code */ -+ARGON2_LOCAL int blake2b_long(void *out, grub_size_t outlen, const void *in, grub_size_t inlen); -+/* Argon2 Team - End Code */ -+ -+#if defined(__cplusplus) -+} -+#endif -+ -+#endif -diff --git a/grub-core/lib/argon2/blake2/blake2b.c b/grub-core/lib/argon2/blake2/blake2b.c -new file mode 100644 -index 000000000..53abd7bef ---- /dev/null -+++ b/grub-core/lib/argon2/blake2/blake2b.c -@@ -0,0 +1,388 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#include "blake2.h" -+#include "blake2-impl.h" -+ -+static const grub_uint64_t blake2b_IV[8] = { -+ GRUB_UINT64_C(0x6a09e667f3bcc908), GRUB_UINT64_C(0xbb67ae8584caa73b), -+ GRUB_UINT64_C(0x3c6ef372fe94f82b), GRUB_UINT64_C(0xa54ff53a5f1d36f1), -+ GRUB_UINT64_C(0x510e527fade682d1), GRUB_UINT64_C(0x9b05688c2b3e6c1f), -+ GRUB_UINT64_C(0x1f83d9abfb41bd6b), GRUB_UINT64_C(0x5be0cd19137e2179)}; -+ -+static const unsigned int blake2b_sigma[12][16] = { -+ {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, -+ {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, -+ {11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4}, -+ {7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8}, -+ {9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13}, -+ {2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9}, -+ {12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11}, -+ {13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10}, -+ {6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5}, -+ {10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0}, -+ {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, -+ {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, -+}; -+ -+void clear_internal_memory(void *v, grub_size_t n); -+ -+static BLAKE2_INLINE void blake2b_set_lastnode(blake2b_state *S) { -+ S->f[1] = (grub_uint64_t)-1; -+} -+ -+static BLAKE2_INLINE void blake2b_set_lastblock(blake2b_state *S) { -+ if (S->last_node) { -+ blake2b_set_lastnode(S); -+ } -+ S->f[0] = (grub_uint64_t)-1; -+} -+ -+static BLAKE2_INLINE void blake2b_increment_counter(blake2b_state *S, -+ grub_uint64_t inc) { -+ S->t[0] += inc; -+ S->t[1] += (S->t[0] < inc); -+} -+ -+static BLAKE2_INLINE void blake2b_invalidate_state(blake2b_state *S) { -+ clear_internal_memory(S, sizeof(*S)); /* wipe */ -+ blake2b_set_lastblock(S); /* invalidate for further use */ -+} -+ -+static BLAKE2_INLINE void blake2b_init0(blake2b_state *S) { -+ grub_memset(S, 0, sizeof(*S)); -+ grub_memcpy(S->h, blake2b_IV, sizeof(S->h)); -+} -+ -+int blake2b_init_param(blake2b_state *S, const blake2b_param *P) { -+ const unsigned char *p = (const unsigned char *)P; -+ unsigned int i; -+ -+ if (NULL == P || NULL == S) { -+ return -1; -+ } -+ -+ blake2b_init0(S); -+ /* IV XOR Parameter Block */ -+ for (i = 0; i < 8; ++i) { -+ S->h[i] ^= load64(&p[i * sizeof(S->h[i])]); -+ } -+ S->outlen = P->digest_length; -+ return 0; -+} -+ -+/* Sequential blake2b initialization */ -+int blake2b_init(blake2b_state *S, grub_size_t outlen) { -+ blake2b_param P; -+ -+ if (S == NULL) { -+ return -1; -+ } -+ -+ if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { -+ blake2b_invalidate_state(S); -+ return -1; -+ } -+ -+ /* Setup Parameter Block for unkeyed BLAKE2 */ -+ P.digest_length = (grub_uint8_t)outlen; -+ P.key_length = 0; -+ P.fanout = 1; -+ P.depth = 1; -+ P.leaf_length = 0; -+ P.node_offset = 0; -+ P.node_depth = 0; -+ P.inner_length = 0; -+ grub_memset(P.reserved, 0, sizeof(P.reserved)); -+ grub_memset(P.salt, 0, sizeof(P.salt)); -+ grub_memset(P.personal, 0, sizeof(P.personal)); -+ -+ return blake2b_init_param(S, &P); -+} -+ -+int blake2b_init_key(blake2b_state *S, grub_size_t outlen, const void *key, -+ grub_size_t keylen) { -+ blake2b_param P; -+ -+ if (S == NULL) { -+ return -1; -+ } -+ -+ if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { -+ blake2b_invalidate_state(S); -+ return -1; -+ } -+ -+ if ((key == 0) || (keylen == 0) || (keylen > BLAKE2B_KEYBYTES)) { -+ blake2b_invalidate_state(S); -+ return -1; -+ } -+ -+ /* Setup Parameter Block for keyed BLAKE2 */ -+ P.digest_length = (grub_uint8_t)outlen; -+ P.key_length = (grub_uint8_t)keylen; -+ P.fanout = 1; -+ P.depth = 1; -+ P.leaf_length = 0; -+ P.node_offset = 0; -+ P.node_depth = 0; -+ P.inner_length = 0; -+ grub_memset(P.reserved, 0, sizeof(P.reserved)); -+ grub_memset(P.salt, 0, sizeof(P.salt)); -+ grub_memset(P.personal, 0, sizeof(P.personal)); -+ -+ if (blake2b_init_param(S, &P) < 0) { -+ blake2b_invalidate_state(S); -+ return -1; -+ } -+ -+ { -+ grub_uint8_t block[BLAKE2B_BLOCKBYTES]; -+ grub_memset(block, 0, BLAKE2B_BLOCKBYTES); -+ grub_memcpy(block, key, keylen); -+ blake2b_update(S, block, BLAKE2B_BLOCKBYTES); -+ /* Burn the key from stack */ -+ clear_internal_memory(block, BLAKE2B_BLOCKBYTES); -+ } -+ return 0; -+} -+ -+static void blake2b_compress(blake2b_state *S, const grub_uint8_t *block) { -+ grub_uint64_t m[16]; -+ grub_uint64_t v[16]; -+ unsigned int i, r; -+ -+ for (i = 0; i < 16; ++i) { -+ m[i] = load64(block + i * sizeof(m[i])); -+ } -+ -+ for (i = 0; i < 8; ++i) { -+ v[i] = S->h[i]; -+ } -+ -+ v[8] = blake2b_IV[0]; -+ v[9] = blake2b_IV[1]; -+ v[10] = blake2b_IV[2]; -+ v[11] = blake2b_IV[3]; -+ v[12] = blake2b_IV[4] ^ S->t[0]; -+ v[13] = blake2b_IV[5] ^ S->t[1]; -+ v[14] = blake2b_IV[6] ^ S->f[0]; -+ v[15] = blake2b_IV[7] ^ S->f[1]; -+ -+#define G(r, i, a, b, c, d) \ -+ do { \ -+ a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \ -+ d = rotr64(d ^ a, 32); \ -+ c = c + d; \ -+ b = rotr64(b ^ c, 24); \ -+ a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \ -+ d = rotr64(d ^ a, 16); \ -+ c = c + d; \ -+ b = rotr64(b ^ c, 63); \ -+ } while ((void)0, 0) -+ -+#define ROUND(r) \ -+ do { \ -+ G(r, 0, v[0], v[4], v[8], v[12]); \ -+ G(r, 1, v[1], v[5], v[9], v[13]); \ -+ G(r, 2, v[2], v[6], v[10], v[14]); \ -+ G(r, 3, v[3], v[7], v[11], v[15]); \ -+ G(r, 4, v[0], v[5], v[10], v[15]); \ -+ G(r, 5, v[1], v[6], v[11], v[12]); \ -+ G(r, 6, v[2], v[7], v[8], v[13]); \ -+ G(r, 7, v[3], v[4], v[9], v[14]); \ -+ } while ((void)0, 0) -+ -+ for (r = 0; r < 12; ++r) { -+ ROUND(r); -+ } -+ -+ for (i = 0; i < 8; ++i) { -+ S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; -+ } -+ -+#undef G -+#undef ROUND -+} -+ -+int blake2b_update(blake2b_state *S, const void *in, grub_size_t inlen) { -+ const grub_uint8_t *pin = (const grub_uint8_t *)in; -+ -+ if (inlen == 0) { -+ return 0; -+ } -+ -+ /* Sanity check */ -+ if (S == NULL || in == NULL) { -+ return -1; -+ } -+ -+ /* Is this a reused state? */ -+ if (S->f[0] != 0) { -+ return -1; -+ } -+ -+ if (S->buflen + inlen > BLAKE2B_BLOCKBYTES) { -+ /* Complete current block */ -+ grub_size_t left = S->buflen; -+ grub_size_t fill = BLAKE2B_BLOCKBYTES - left; -+ grub_memcpy(&S->buf[left], pin, fill); -+ blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); -+ blake2b_compress(S, S->buf); -+ S->buflen = 0; -+ inlen -= fill; -+ pin += fill; -+ /* Avoid buffer copies when possible */ -+ while (inlen > BLAKE2B_BLOCKBYTES) { -+ blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); -+ blake2b_compress(S, pin); -+ inlen -= BLAKE2B_BLOCKBYTES; -+ pin += BLAKE2B_BLOCKBYTES; -+ } -+ } -+ grub_memcpy(&S->buf[S->buflen], pin, inlen); -+ S->buflen += (unsigned int)inlen; -+ return 0; -+} -+ -+int blake2b_final(blake2b_state *S, void *out, grub_size_t outlen) { -+ grub_uint8_t buffer[BLAKE2B_OUTBYTES] = {0}; -+ unsigned int i; -+ -+ /* Sanity checks */ -+ if (S == NULL || out == NULL || outlen < S->outlen) { -+ return -1; -+ } -+ -+ /* Is this a reused state? */ -+ if (S->f[0] != 0) { -+ return -1; -+ } -+ -+ blake2b_increment_counter(S, S->buflen); -+ blake2b_set_lastblock(S); -+ grub_memset(&S->buf[S->buflen], 0, BLAKE2B_BLOCKBYTES - S->buflen); /* Padding */ -+ blake2b_compress(S, S->buf); -+ -+ for (i = 0; i < 8; ++i) { /* Output full hash to temp buffer */ -+ store64(buffer + sizeof(S->h[i]) * i, S->h[i]); -+ } -+ -+ grub_memcpy(out, buffer, S->outlen); -+ clear_internal_memory(buffer, sizeof(buffer)); -+ clear_internal_memory(S->buf, sizeof(S->buf)); -+ clear_internal_memory(S->h, sizeof(S->h)); -+ return 0; -+} -+ -+int blake2b(void *out, grub_size_t outlen, const void *in, grub_size_t inlen, -+ const void *key, grub_size_t keylen) { -+ blake2b_state S; -+ int ret = -1; -+ -+ /* Verify parameters */ -+ if (NULL == in && inlen > 0) { -+ goto fail; -+ } -+ -+ if (NULL == out || outlen == 0 || outlen > BLAKE2B_OUTBYTES) { -+ goto fail; -+ } -+ -+ if ((NULL == key && keylen > 0) || keylen > BLAKE2B_KEYBYTES) { -+ goto fail; -+ } -+ -+ if (keylen > 0) { -+ if (blake2b_init_key(&S, outlen, key, keylen) < 0) { -+ goto fail; -+ } -+ } else { -+ if (blake2b_init(&S, outlen) < 0) { -+ goto fail; -+ } -+ } -+ -+ if (blake2b_update(&S, in, inlen) < 0) { -+ goto fail; -+ } -+ ret = blake2b_final(&S, out, outlen); -+ -+fail: -+ clear_internal_memory(&S, sizeof(S)); -+ return ret; -+} -+ -+/* Argon2 Team - Begin Code */ -+int blake2b_long(void *pout, grub_size_t outlen, const void *in, grub_size_t inlen) { -+ grub_uint8_t *out = (grub_uint8_t *)pout; -+ blake2b_state blake_state; -+ grub_uint8_t outlen_bytes[sizeof(grub_uint32_t)] = {0}; -+ int ret = -1; -+ -+ if (outlen > GRUB_UINT32_MAX) { -+ goto fail; -+ } -+ -+ /* Ensure little-endian byte order! */ -+ store32(outlen_bytes, (grub_uint32_t)outlen); -+ -+#define TRY(statement) \ -+ do { \ -+ ret = statement; \ -+ if (ret < 0) { \ -+ goto fail; \ -+ } \ -+ } while ((void)0, 0) -+ -+ if (outlen <= BLAKE2B_OUTBYTES) { -+ TRY(blake2b_init(&blake_state, outlen)); -+ TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); -+ TRY(blake2b_update(&blake_state, in, inlen)); -+ TRY(blake2b_final(&blake_state, out, outlen)); -+ } else { -+ grub_uint32_t toproduce; -+ grub_uint8_t out_buffer[BLAKE2B_OUTBYTES]; -+ grub_uint8_t in_buffer[BLAKE2B_OUTBYTES]; -+ TRY(blake2b_init(&blake_state, BLAKE2B_OUTBYTES)); -+ TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); -+ TRY(blake2b_update(&blake_state, in, inlen)); -+ TRY(blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES)); -+ grub_memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); -+ out += BLAKE2B_OUTBYTES / 2; -+ toproduce = (grub_uint32_t)outlen - BLAKE2B_OUTBYTES / 2; -+ -+ while (toproduce > BLAKE2B_OUTBYTES) { -+ grub_memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); -+ TRY(blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer, -+ BLAKE2B_OUTBYTES, NULL, 0)); -+ grub_memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); -+ out += BLAKE2B_OUTBYTES / 2; -+ toproduce -= BLAKE2B_OUTBYTES / 2; -+ } -+ -+ grub_memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); -+ TRY(blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL, -+ 0)); -+ grub_memcpy(out, out_buffer, toproduce); -+ } -+fail: -+ clear_internal_memory(&blake_state, sizeof(blake_state)); -+ return ret; -+#undef TRY -+} -+/* Argon2 Team - End Code */ -diff --git a/grub-core/lib/argon2/blake2/blamka-round-ref.h b/grub-core/lib/argon2/blake2/blamka-round-ref.h -new file mode 100644 -index 000000000..7f0071ada ---- /dev/null -+++ b/grub-core/lib/argon2/blake2/blamka-round-ref.h -@@ -0,0 +1,56 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef BLAKE_ROUND_MKA_H -+#define BLAKE_ROUND_MKA_H -+ -+#include "blake2.h" -+#include "blake2-impl.h" -+ -+/* designed by the Lyra PHC team */ -+static BLAKE2_INLINE grub_uint64_t fBlaMka(grub_uint64_t x, grub_uint64_t y) { -+ const grub_uint64_t m = GRUB_UINT64_C(0xFFFFFFFF); -+ const grub_uint64_t xy = (x & m) * (y & m); -+ return x + y + 2 * xy; -+} -+ -+#define G(a, b, c, d) \ -+ do { \ -+ a = fBlaMka(a, b); \ -+ d = rotr64(d ^ a, 32); \ -+ c = fBlaMka(c, d); \ -+ b = rotr64(b ^ c, 24); \ -+ a = fBlaMka(a, b); \ -+ d = rotr64(d ^ a, 16); \ -+ c = fBlaMka(c, d); \ -+ b = rotr64(b ^ c, 63); \ -+ } while ((void)0, 0) -+ -+#define BLAKE2_ROUND_NOMSG(v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, \ -+ v12, v13, v14, v15) \ -+ do { \ -+ G(v0, v4, v8, v12); \ -+ G(v1, v5, v9, v13); \ -+ G(v2, v6, v10, v14); \ -+ G(v3, v7, v11, v15); \ -+ G(v0, v5, v10, v15); \ -+ G(v1, v6, v11, v12); \ -+ G(v2, v7, v8, v13); \ -+ G(v3, v4, v9, v14); \ -+ } while ((void)0, 0) -+ -+#endif -diff --git a/grub-core/lib/argon2/core.c b/grub-core/lib/argon2/core.c -new file mode 100644 -index 000000000..0fe5b74cb ---- /dev/null -+++ b/grub-core/lib/argon2/core.c -@@ -0,0 +1,506 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+/*For memory wiping*/ -+#ifdef _MSC_VER -+#include <windows.h> -+#include <winbase.h> /* For SecureZeroMemory */ -+#endif -+#if defined __STDC_LIB_EXT1__ -+#define __STDC_WANT_LIB_EXT1__ 1 -+#endif -+#define VC_GE_2005(version) (version >= 1400) -+ -+#include "core.h" -+#include "blake2/blake2.h" -+#include "blake2/blake2-impl.h" -+ -+#ifdef GENKAT -+#include "genkat.h" -+#endif -+ -+#if defined(__clang__) -+#if __has_attribute(optnone) -+#define NOT_OPTIMIZED __attribute__((optnone)) -+#endif -+#elif defined(__GNUC__) -+#define GCC_VERSION \ -+ (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) -+#if GCC_VERSION >= 40400 -+#define NOT_OPTIMIZED __attribute__((optimize("O0"))) -+#endif -+#endif -+#ifndef NOT_OPTIMIZED -+#define NOT_OPTIMIZED -+#endif -+ -+/***************Instance and Position constructors**********/ -+void init_block_value(block *b, grub_uint8_t in) { grub_memset(b->v, in, sizeof(b->v)); } -+ -+void copy_block(block *dst, const block *src) { -+ grub_memcpy(dst->v, src->v, sizeof(grub_uint64_t) * ARGON2_QWORDS_IN_BLOCK); -+} -+ -+void xor_block(block *dst, const block *src) { -+ int i; -+ for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { -+ dst->v[i] ^= src->v[i]; -+ } -+} -+ -+static void load_block(block *dst, const void *input) { -+ unsigned i; -+ for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { -+ dst->v[i] = load64((const grub_uint8_t *)input + i * sizeof(dst->v[i])); -+ } -+} -+ -+static void store_block(void *output, const block *src) { -+ unsigned i; -+ for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { -+ store64((grub_uint8_t *)output + i * sizeof(src->v[i]), src->v[i]); -+ } -+} -+ -+/***************Memory functions*****************/ -+ -+int allocate_memory(const argon2_context *context, grub_uint8_t **memory, -+ grub_size_t num, grub_size_t size) { -+ grub_size_t memory_size = num*size; -+ if (memory == NULL) { -+ return ARGON2_MEMORY_ALLOCATION_ERROR; -+ } -+ -+ /* 1. Check for multiplication overflow */ -+ if (size != 0 && memory_size / size != num) { -+ return ARGON2_MEMORY_ALLOCATION_ERROR; -+ } -+ -+ /* 2. Try to allocate with appropriate allocator */ -+ if (context->allocate_cbk) { -+ (context->allocate_cbk)(memory, memory_size); -+ } else { -+ *memory = grub_malloc(memory_size); -+ } -+ -+ if (*memory == NULL) { -+ return ARGON2_MEMORY_ALLOCATION_ERROR; -+ } -+ -+ return ARGON2_OK; -+} -+ -+void grub_free_memory(const argon2_context *context, grub_uint8_t *memory, -+ grub_size_t num, grub_size_t size) { -+ grub_size_t memory_size = num*size; -+ clear_internal_memory(memory, memory_size); -+ if (context->grub_free_cbk) { -+ (context->grub_free_cbk)(memory, memory_size); -+ } else { -+ grub_free(memory); -+ } -+} -+ -+void NOT_OPTIMIZED secure_wipe_memory(void *v, grub_size_t n) { -+ static void *(*const volatile grub_memset_sec)(void *, int, grub_size_t) = &grub_memset; -+ grub_memset_sec(v, 0, n); -+} -+ -+/* Memory clear flag defaults to true. */ -+int FLAG_clear_internal_memory = 1; -+void clear_internal_memory(void *v, grub_size_t n) { -+ if (FLAG_clear_internal_memory && v) { -+ secure_wipe_memory(v, n); -+ } -+} -+ -+void finalize(const argon2_context *context, argon2_instance_t *instance) { -+ if (context != NULL && instance != NULL) { -+ block blockhash; -+ grub_uint32_t l; -+ -+ copy_block(&blockhash, instance->memory + instance->lane_length - 1); -+ -+ /* XOR the last blocks */ -+ for (l = 1; l < instance->lanes; ++l) { -+ grub_uint32_t last_block_in_lane = -+ l * instance->lane_length + (instance->lane_length - 1); -+ xor_block(&blockhash, instance->memory + last_block_in_lane); -+ } -+ -+ /* Hash the result */ -+ { -+ grub_uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; -+ store_block(blockhash_bytes, &blockhash); -+ blake2b_long(context->out, context->outlen, blockhash_bytes, -+ ARGON2_BLOCK_SIZE); -+ /* clear blockhash and blockhash_bytes */ -+ clear_internal_memory(blockhash.v, ARGON2_BLOCK_SIZE); -+ clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); -+ } -+ -+#ifdef GENKAT -+ print_tag(context->out, context->outlen); -+#endif -+ -+ grub_free_memory(context, (grub_uint8_t *)instance->memory, -+ instance->memory_blocks, sizeof(block)); -+ } -+} -+ -+grub_uint32_t index_alpha(const argon2_instance_t *instance, -+ const argon2_position_t *position, grub_uint32_t pseudo_rand, -+ int same_lane) { -+ /* -+ * Pass 0: -+ * This lane : all already finished segments plus already constructed -+ * blocks in this segment -+ * Other lanes : all already finished segments -+ * Pass 1+: -+ * This lane : (SYNC_POINTS - 1) last segments plus already constructed -+ * blocks in this segment -+ * Other lanes : (SYNC_POINTS - 1) last segments -+ */ -+ grub_uint32_t reference_area_size; -+ grub_uint64_t relative_position; -+ grub_uint64_t start_position, absolute_position; -+ -+ if (0 == position->pass) { -+ /* First pass */ -+ if (0 == position->slice) { -+ /* First slice */ -+ reference_area_size = -+ position->index - 1; /* all but the previous */ -+ } else { -+ if (same_lane) { -+ /* The same lane => add current segment */ -+ reference_area_size = -+ position->slice * instance->segment_length + -+ position->index - 1; -+ } else { -+ reference_area_size = -+ position->slice * instance->segment_length + -+ ((position->index == 0) ? (-1) : 0); -+ } -+ } -+ } else { -+ /* Second pass */ -+ if (same_lane) { -+ reference_area_size = instance->lane_length - -+ instance->segment_length + position->index - -+ 1; -+ } else { -+ reference_area_size = instance->lane_length - -+ instance->segment_length + -+ ((position->index == 0) ? (-1) : 0); -+ } -+ } -+ -+ /* 1.2.4. Mapping pseudo_rand to 0..<reference_area_size-1> and produce -+ * relative position */ -+ relative_position = pseudo_rand; -+ relative_position = relative_position * relative_position >> 32; -+ relative_position = reference_area_size - 1 - -+ (reference_area_size * relative_position >> 32); -+ -+ /* 1.2.5 Computing starting position */ -+ start_position = 0; -+ -+ if (0 != position->pass) { -+ start_position = (position->slice == ARGON2_SYNC_POINTS - 1) -+ ? 0 -+ : (position->slice + 1) * instance->segment_length; -+ } -+ -+ /* 1.2.6. Computing absolute position */ -+ grub_divmod64 (start_position + relative_position, instance->lane_length, -+ &absolute_position); /* absolute position */ -+ return absolute_position; -+} -+ -+/* Single-threaded version for p=1 case */ -+static int fill_memory_blocks_st(argon2_instance_t *instance) { -+ grub_uint32_t r, s, l; -+ -+ for (r = 0; r < instance->passes; ++r) { -+ for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { -+ for (l = 0; l < instance->lanes; ++l) { -+ argon2_position_t position = {r, l, (grub_uint8_t)s, 0}; -+ fill_segment(instance, position); -+ } -+ } -+#ifdef GENKAT -+ internal_kat(instance, r); /* Print all memory blocks */ -+#endif -+ } -+ return ARGON2_OK; -+} -+ -+int fill_memory_blocks(argon2_instance_t *instance) { -+ if (instance == NULL || instance->lanes == 0) { -+ return ARGON2_INCORRECT_PARAMETER; -+ } -+ return fill_memory_blocks_st(instance); -+} -+ -+int validate_inputs(const argon2_context *context) { -+ if (NULL == context) { -+ return ARGON2_INCORRECT_PARAMETER; -+ } -+ -+ if (NULL == context->out) { -+ return ARGON2_OUTPUT_PTR_NULL; -+ } -+ -+ /* Validate output length */ -+ if (ARGON2_MIN_OUTLEN > context->outlen) { -+ return ARGON2_OUTPUT_TOO_SHORT; -+ } -+ -+ if (ARGON2_MAX_OUTLEN < context->outlen) { -+ return ARGON2_OUTPUT_TOO_LONG; -+ } -+ -+ /* Validate password (required param) */ -+ if (NULL == context->pwd) { -+ if (0 != context->pwdlen) { -+ return ARGON2_PWD_PTR_MISMATCH; -+ } -+ } -+ -+ if (ARGON2_MAX_PWD_LENGTH < context->pwdlen) { -+ return ARGON2_PWD_TOO_LONG; -+ } -+ -+ /* Validate salt (required param) */ -+ if (NULL == context->salt) { -+ if (0 != context->saltlen) { -+ return ARGON2_SALT_PTR_MISMATCH; -+ } -+ } -+ -+ if (ARGON2_MIN_SALT_LENGTH > context->saltlen) { -+ return ARGON2_SALT_TOO_SHORT; -+ } -+ -+ if (ARGON2_MAX_SALT_LENGTH < context->saltlen) { -+ return ARGON2_SALT_TOO_LONG; -+ } -+ -+ /* Validate secret (optional param) */ -+ if (NULL == context->secret) { -+ if (0 != context->secretlen) { -+ return ARGON2_SECRET_PTR_MISMATCH; -+ } -+ } else { -+ if (ARGON2_MAX_SECRET < context->secretlen) { -+ return ARGON2_SECRET_TOO_LONG; -+ } -+ } -+ -+ /* Validate associated data (optional param) */ -+ if (NULL == context->ad) { -+ if (0 != context->adlen) { -+ return ARGON2_AD_PTR_MISMATCH; -+ } -+ } else { -+ if (ARGON2_MAX_AD_LENGTH < context->adlen) { -+ return ARGON2_AD_TOO_LONG; -+ } -+ } -+ -+ /* Validate memory cost */ -+ if (ARGON2_MIN_MEMORY > context->m_cost) { -+ return ARGON2_MEMORY_TOO_LITTLE; -+ } -+ -+ if (context->m_cost < 8 * context->lanes) { -+ return ARGON2_MEMORY_TOO_LITTLE; -+ } -+ -+ /* Validate time cost */ -+ if (ARGON2_MIN_TIME > context->t_cost) { -+ return ARGON2_TIME_TOO_SMALL; -+ } -+ -+ if (ARGON2_MAX_TIME < context->t_cost) { -+ return ARGON2_TIME_TOO_LARGE; -+ } -+ -+ /* Validate lanes */ -+ if (ARGON2_MIN_LANES > context->lanes) { -+ return ARGON2_LANES_TOO_FEW; -+ } -+ -+ if (ARGON2_MAX_LANES < context->lanes) { -+ return ARGON2_LANES_TOO_MANY; -+ } -+ -+ /* Validate threads */ -+ if (ARGON2_MIN_THREADS > context->threads) { -+ return ARGON2_THREADS_TOO_FEW; -+ } -+ -+ if (ARGON2_MAX_THREADS < context->threads) { -+ return ARGON2_THREADS_TOO_MANY; -+ } -+ -+ if (NULL != context->allocate_cbk && NULL == context->grub_free_cbk) { -+ return ARGON2_FREE_MEMORY_CBK_NULL; -+ } -+ -+ if (NULL == context->allocate_cbk && NULL != context->grub_free_cbk) { -+ return ARGON2_ALLOCATE_MEMORY_CBK_NULL; -+ } -+ -+ return ARGON2_OK; -+} -+ -+void fill_first_blocks(grub_uint8_t *blockhash, const argon2_instance_t *instance) { -+ grub_uint32_t l; -+ /* Make the first and second block in each lane as G(H0||0||i) or -+ G(H0||1||i) */ -+ grub_uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; -+ for (l = 0; l < instance->lanes; ++l) { -+ -+ store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 0); -+ store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH + 4, l); -+ blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, -+ ARGON2_PREHASH_SEED_LENGTH); -+ load_block(&instance->memory[l * instance->lane_length + 0], -+ blockhash_bytes); -+ -+ store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 1); -+ blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, -+ ARGON2_PREHASH_SEED_LENGTH); -+ load_block(&instance->memory[l * instance->lane_length + 1], -+ blockhash_bytes); -+ } -+ clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); -+} -+ -+void initial_hash(grub_uint8_t *blockhash, argon2_context *context, -+ argon2_type type) { -+ blake2b_state BlakeHash; -+ grub_uint8_t value[sizeof(grub_uint32_t)]; -+ -+ if (NULL == context || NULL == blockhash) { -+ return; -+ } -+ -+ blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH); -+ -+ store32(&value, context->lanes); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->outlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->m_cost); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->t_cost); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->version); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, (grub_uint32_t)type); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->pwdlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ if (context->pwd != NULL) { -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)context->pwd, -+ context->pwdlen); -+ -+ if (context->flags & ARGON2_FLAG_CLEAR_PASSWORD) { -+ secure_wipe_memory(context->pwd, context->pwdlen); -+ context->pwdlen = 0; -+ } -+ } -+ -+ store32(&value, context->saltlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ if (context->salt != NULL) { -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)context->salt, -+ context->saltlen); -+ } -+ -+ store32(&value, context->secretlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ if (context->secret != NULL) { -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)context->secret, -+ context->secretlen); -+ -+ if (context->flags & ARGON2_FLAG_CLEAR_SECRET) { -+ secure_wipe_memory(context->secret, context->secretlen); -+ context->secretlen = 0; -+ } -+ } -+ -+ store32(&value, context->adlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ if (context->ad != NULL) { -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)context->ad, -+ context->adlen); -+ } -+ -+ blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH); -+} -+ -+int initialize(argon2_instance_t *instance, argon2_context *context) { -+ grub_uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; -+ int result = ARGON2_OK; -+ -+ if (instance == NULL || context == NULL) -+ return ARGON2_INCORRECT_PARAMETER; -+ instance->context_ptr = context; -+ -+ /* 1. Memory allocation */ -+ result = allocate_memory(context, (grub_uint8_t **)&(instance->memory), -+ instance->memory_blocks, sizeof(block)); -+ if (result != ARGON2_OK) { -+ return result; -+ } -+ -+ /* 2. Initial hashing */ -+ /* H_0 + 8 extra bytes to produce the first blocks */ -+ /* grub_uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; */ -+ /* Hashing all inputs */ -+ initial_hash(blockhash, context, instance->type); -+ /* Zeroing 8 extra bytes */ -+ clear_internal_memory(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, -+ ARGON2_PREHASH_SEED_LENGTH - -+ ARGON2_PREHASH_DIGEST_LENGTH); -+ -+#ifdef GENKAT -+ initial_kat(blockhash, context, instance->type); -+#endif -+ -+ /* 3. Creating first blocks, we always have at least two blocks in a slice -+ */ -+ fill_first_blocks(blockhash, instance); -+ /* Clearing the hash */ -+ clear_internal_memory(blockhash, ARGON2_PREHASH_SEED_LENGTH); -+ -+ return ARGON2_OK; -+} -diff --git a/grub-core/lib/argon2/core.h b/grub-core/lib/argon2/core.h -new file mode 100644 -index 000000000..bbcd56998 ---- /dev/null -+++ b/grub-core/lib/argon2/core.h -@@ -0,0 +1,228 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef ARGON2_CORE_H -+#define ARGON2_CORE_H -+ -+#include "argon2.h" -+ -+#define CONST_CAST(x) (x)(grub_addr_t) -+ -+/**********************Argon2 internal constants*******************************/ -+ -+enum argon2_core_constants { -+ /* Memory block size in bytes */ -+ ARGON2_BLOCK_SIZE = 1024, -+ ARGON2_QWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 8, -+ ARGON2_OWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 16, -+ ARGON2_HWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 32, -+ ARGON2_512BIT_WORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 64, -+ -+ /* Number of pseudo-random values generated by one call to Blake in Argon2i -+ to -+ generate reference block positions */ -+ ARGON2_ADDRESSES_IN_BLOCK = 128, -+ -+ /* Pre-hashing digest length and its extension*/ -+ ARGON2_PREHASH_DIGEST_LENGTH = 64, -+ ARGON2_PREHASH_SEED_LENGTH = 72 -+}; -+ -+/*************************Argon2 internal data types***********************/ -+ -+/* -+ * Structure for the (1KB) memory block implemented as 128 64-bit words. -+ * Memory blocks can be copied, XORed. Internal words can be accessed by [] (no -+ * bounds checking). -+ */ -+typedef struct block_ { grub_uint64_t v[ARGON2_QWORDS_IN_BLOCK]; } block; -+ -+/*****************Functions that work with the block******************/ -+ -+/* Initialize each byte of the block with @in */ -+void init_block_value(block *b, grub_uint8_t in); -+ -+/* Copy block @src to block @dst */ -+void copy_block(block *dst, const block *src); -+ -+/* XOR @src onto @dst bytewise */ -+void xor_block(block *dst, const block *src); -+ -+/* -+ * Argon2 instance: memory pointer, number of passes, amount of memory, type, -+ * and derived values. -+ * Used to evaluate the number and location of blocks to construct in each -+ * thread -+ */ -+typedef struct Argon2_instance_t { -+ block *memory; /* Memory pointer */ -+ grub_uint32_t version; -+ grub_uint32_t passes; /* Number of passes */ -+ grub_uint32_t memory_blocks; /* Number of blocks in memory */ -+ grub_uint32_t segment_length; -+ grub_uint32_t lane_length; -+ grub_uint32_t lanes; -+ grub_uint32_t threads; -+ argon2_type type; -+ int print_internals; /* whether to print the memory blocks */ -+ argon2_context *context_ptr; /* points back to original context */ -+} argon2_instance_t; -+ -+/* -+ * Argon2 position: where we construct the block right now. Used to distribute -+ * work between threads. -+ */ -+typedef struct Argon2_position_t { -+ grub_uint32_t pass; -+ grub_uint32_t lane; -+ grub_uint8_t slice; -+ grub_uint32_t index; -+} argon2_position_t; -+ -+/*Struct that holds the inputs for thread handling FillSegment*/ -+typedef struct Argon2_thread_data { -+ argon2_instance_t *instance_ptr; -+ argon2_position_t pos; -+} argon2_thread_data; -+ -+/*************************Argon2 core functions********************************/ -+ -+/* Allocates memory to the given pointer, uses the appropriate allocator as -+ * specified in the context. Total allocated memory is num*size. -+ * @param context argon2_context which specifies the allocator -+ * @param memory pointer to the pointer to the memory -+ * @param size the size in bytes for each element to be allocated -+ * @param num the number of elements to be allocated -+ * @return ARGON2_OK if @memory is a valid pointer and memory is allocated -+ */ -+int allocate_memory(const argon2_context *context, grub_uint8_t **memory, -+ grub_size_t num, grub_size_t size); -+ -+/* -+ * Frees memory at the given pointer, uses the appropriate deallocator as -+ * specified in the context. Also cleans the memory using clear_internal_memory. -+ * @param context argon2_context which specifies the deallocator -+ * @param memory pointer to buffer to be grub_freed -+ * @param size the size in bytes for each element to be deallocated -+ * @param num the number of elements to be deallocated -+ */ -+void grub_free_memory(const argon2_context *context, grub_uint8_t *memory, -+ grub_size_t num, grub_size_t size); -+ -+/* Function that securely cleans the memory. This ignores any flags set -+ * regarding clearing memory. Usually one just calls clear_internal_memory. -+ * @param mem Pointer to the memory -+ * @param s Memory size in bytes -+ */ -+void secure_wipe_memory(void *v, grub_size_t n); -+ -+/* Function that securely clears the memory if FLAG_clear_internal_memory is -+ * set. If the flag isn't set, this function does nothing. -+ * @param mem Pointer to the memory -+ * @param s Memory size in bytes -+ */ -+void clear_internal_memory(void *v, grub_size_t n); -+ -+/* -+ * Computes absolute position of reference block in the lane following a skewed -+ * distribution and using a pseudo-random value as input -+ * @param instance Pointer to the current instance -+ * @param position Pointer to the current position -+ * @param pseudo_rand 32-bit pseudo-random value used to determine the position -+ * @param same_lane Indicates if the block will be taken from the current lane. -+ * If so we can reference the current segment -+ * @pre All pointers must be valid -+ */ -+grub_uint32_t index_alpha(const argon2_instance_t *instance, -+ const argon2_position_t *position, grub_uint32_t pseudo_rand, -+ int same_lane); -+ -+/* -+ * Function that validates all inputs against predefined restrictions and return -+ * an error code -+ * @param context Pointer to current Argon2 context -+ * @return ARGON2_OK if everything is all right, otherwise one of error codes -+ * (all defined in <argon2.h> -+ */ -+int validate_inputs(const argon2_context *context); -+ -+/* -+ * Hashes all the inputs into @a blockhash[PREHASH_DIGEST_LENGTH], clears -+ * password and secret if needed -+ * @param context Pointer to the Argon2 internal structure containing memory -+ * pointer, and parameters for time and space requirements. -+ * @param blockhash Buffer for pre-hashing digest -+ * @param type Argon2 type -+ * @pre @a blockhash must have at least @a PREHASH_DIGEST_LENGTH bytes -+ * allocated -+ */ -+void initial_hash(grub_uint8_t *blockhash, argon2_context *context, -+ argon2_type type); -+ -+/* -+ * Function creates first 2 blocks per lane -+ * @param instance Pointer to the current instance -+ * @param blockhash Pointer to the pre-hashing digest -+ * @pre blockhash must point to @a PREHASH_SEED_LENGTH allocated values -+ */ -+void fill_first_blocks(grub_uint8_t *blockhash, const argon2_instance_t *instance); -+ -+/* -+ * Function allocates memory, hashes the inputs with Blake, and creates first -+ * two blocks. Returns the pointer to the main memory with 2 blocks per lane -+ * initialized -+ * @param context Pointer to the Argon2 internal structure containing memory -+ * pointer, and parameters for time and space requirements. -+ * @param instance Current Argon2 instance -+ * @return Zero if successful, -1 if memory failed to allocate. @context->state -+ * will be modified if successful. -+ */ -+int initialize(argon2_instance_t *instance, argon2_context *context); -+ -+/* -+ * XORing the last block of each lane, hashing it, making the tag. Deallocates -+ * the memory. -+ * @param context Pointer to current Argon2 context (use only the out parameters -+ * from it) -+ * @param instance Pointer to current instance of Argon2 -+ * @pre instance->state must point to necessary amount of memory -+ * @pre context->out must point to outlen bytes of memory -+ * @pre if context->grub_free_cbk is not NULL, it should point to a function that -+ * deallocates memory -+ */ -+void finalize(const argon2_context *context, argon2_instance_t *instance); -+ -+/* -+ * Function that fills the segment using previous segments also from other -+ * threads -+ * @param context current context -+ * @param instance Pointer to the current instance -+ * @param position Current position -+ * @pre all block pointers must be valid -+ */ -+void fill_segment(const argon2_instance_t *instance, -+ argon2_position_t position); -+ -+/* -+ * Function that fills the entire memory t_cost times based on the first two -+ * blocks in each lane -+ * @param instance Pointer to the current instance -+ * @return ARGON2_OK if successful, @context->state -+ */ -+int fill_memory_blocks(argon2_instance_t *instance); -+ -+#endif -diff --git a/grub-core/lib/argon2/ref.c b/grub-core/lib/argon2/ref.c -new file mode 100644 -index 000000000..c933df80d ---- /dev/null -+++ b/grub-core/lib/argon2/ref.c -@@ -0,0 +1,190 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#include "argon2.h" -+#include "core.h" -+ -+#include "blake2/blamka-round-ref.h" -+#include "blake2/blake2-impl.h" -+#include "blake2/blake2.h" -+ -+ -+/* -+ * Function fills a new memory block and optionally XORs the old block over the new one. -+ * @next_block must be initialized. -+ * @param prev_block Pointer to the previous block -+ * @param ref_block Pointer to the reference block -+ * @param next_block Pointer to the block to be constructed -+ * @param with_xor Whether to XOR into the new block (1) or just overwrite (0) -+ * @pre all block pointers must be valid -+ */ -+static void fill_block(const block *prev_block, const block *ref_block, -+ block *next_block, int with_xor) { -+ block blockR, block_tmp; -+ unsigned i; -+ -+ copy_block(&blockR, ref_block); -+ xor_block(&blockR, prev_block); -+ copy_block(&block_tmp, &blockR); -+ /* Now blockR = ref_block + prev_block and block_tmp = ref_block + prev_block */ -+ if (with_xor) { -+ /* Saving the next block contents for XOR over: */ -+ xor_block(&block_tmp, next_block); -+ /* Now blockR = ref_block + prev_block and -+ block_tmp = ref_block + prev_block + next_block */ -+ } -+ -+ /* Apply Blake2 on columns of 64-bit words: (0,1,...,15) , then -+ (16,17,..31)... finally (112,113,...127) */ -+ for (i = 0; i < 8; ++i) { -+ BLAKE2_ROUND_NOMSG( -+ blockR.v[16 * i], blockR.v[16 * i + 1], blockR.v[16 * i + 2], -+ blockR.v[16 * i + 3], blockR.v[16 * i + 4], blockR.v[16 * i + 5], -+ blockR.v[16 * i + 6], blockR.v[16 * i + 7], blockR.v[16 * i + 8], -+ blockR.v[16 * i + 9], blockR.v[16 * i + 10], blockR.v[16 * i + 11], -+ blockR.v[16 * i + 12], blockR.v[16 * i + 13], blockR.v[16 * i + 14], -+ blockR.v[16 * i + 15]); -+ } -+ -+ /* Apply Blake2 on rows of 64-bit words: (0,1,16,17,...112,113), then -+ (2,3,18,19,...,114,115).. finally (14,15,30,31,...,126,127) */ -+ for (i = 0; i < 8; i++) { -+ BLAKE2_ROUND_NOMSG( -+ blockR.v[2 * i], blockR.v[2 * i + 1], blockR.v[2 * i + 16], -+ blockR.v[2 * i + 17], blockR.v[2 * i + 32], blockR.v[2 * i + 33], -+ blockR.v[2 * i + 48], blockR.v[2 * i + 49], blockR.v[2 * i + 64], -+ blockR.v[2 * i + 65], blockR.v[2 * i + 80], blockR.v[2 * i + 81], -+ blockR.v[2 * i + 96], blockR.v[2 * i + 97], blockR.v[2 * i + 112], -+ blockR.v[2 * i + 113]); -+ } -+ -+ copy_block(next_block, &block_tmp); -+ xor_block(next_block, &blockR); -+} -+ -+static void next_addresses(block *address_block, block *input_block, -+ const block *zero_block) { -+ input_block->v[6]++; -+ fill_block(zero_block, input_block, address_block, 0); -+ fill_block(zero_block, address_block, address_block, 0); -+} -+ -+void fill_segment(const argon2_instance_t *instance, -+ argon2_position_t position) { -+ block *ref_block = NULL, *curr_block = NULL; -+ block address_block, input_block, zero_block; -+ grub_uint64_t pseudo_rand, ref_index, ref_lane; -+ grub_uint32_t prev_offset, curr_offset; -+ grub_uint32_t starting_index; -+ grub_uint32_t i; -+ int data_independent_addressing; -+ -+ if (instance == NULL) { -+ return; -+ } -+ -+ data_independent_addressing = -+ (instance->type == Argon2_i) || -+ (instance->type == Argon2_id && (position.pass == 0) && -+ (position.slice < ARGON2_SYNC_POINTS / 2)); -+ -+ if (data_independent_addressing) { -+ init_block_value(&zero_block, 0); -+ init_block_value(&input_block, 0); -+ -+ input_block.v[0] = position.pass; -+ input_block.v[1] = position.lane; -+ input_block.v[2] = position.slice; -+ input_block.v[3] = instance->memory_blocks; -+ input_block.v[4] = instance->passes; -+ input_block.v[5] = instance->type; -+ } -+ -+ starting_index = 0; -+ -+ if ((0 == position.pass) && (0 == position.slice)) { -+ starting_index = 2; /* we have already generated the first two blocks */ -+ -+ /* Don't forget to generate the first block of addresses: */ -+ if (data_independent_addressing) { -+ next_addresses(&address_block, &input_block, &zero_block); -+ } -+ } -+ -+ /* Offset of the current block */ -+ curr_offset = position.lane * instance->lane_length + -+ position.slice * instance->segment_length + starting_index; -+ -+ if (0 == curr_offset % instance->lane_length) { -+ /* Last block in this lane */ -+ prev_offset = curr_offset + instance->lane_length - 1; -+ } else { -+ /* Previous block */ -+ prev_offset = curr_offset - 1; -+ } -+ -+ for (i = starting_index; i < instance->segment_length; -+ ++i, ++curr_offset, ++prev_offset) { -+ /*1.1 Rotating prev_offset if needed */ -+ if (curr_offset % instance->lane_length == 1) { -+ prev_offset = curr_offset - 1; -+ } -+ -+ /* 1.2 Computing the index of the reference block */ -+ /* 1.2.1 Taking pseudo-random value from the previous block */ -+ if (data_independent_addressing) { -+ if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) { -+ next_addresses(&address_block, &input_block, &zero_block); -+ } -+ pseudo_rand = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK]; -+ } else { -+ pseudo_rand = instance->memory[prev_offset].v[0]; -+ } -+ -+ /* 1.2.2 Computing the lane of the reference block */ -+ grub_divmod64 (pseudo_rand >> 32, instance->lanes, &ref_lane); -+ -+ if ((position.pass == 0) && (position.slice == 0)) { -+ /* Can not reference other lanes yet */ -+ ref_lane = position.lane; -+ } -+ -+ /* 1.2.3 Computing the number of possible reference block within the -+ * lane. -+ */ -+ position.index = i; -+ ref_index = index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF, -+ ref_lane == position.lane); -+ -+ /* 2 Creating a new block */ -+ ref_block = -+ instance->memory + instance->lane_length * ref_lane + ref_index; -+ curr_block = instance->memory + curr_offset; -+ if (ARGON2_VERSION_10 == instance->version) { -+ /* version 1.2.1 and earlier: overwrite, not XOR */ -+ fill_block(instance->memory + prev_offset, ref_block, curr_block, 0); -+ } else { -+ if(0 == position.pass) { -+ fill_block(instance->memory + prev_offset, ref_block, -+ curr_block, 0); -+ } else { -+ fill_block(instance->memory + prev_offset, ref_block, -+ curr_block, 1); -+ } -+ } -+ } -+} --- -2.39.5 - diff --git a/config/grub/default/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch b/config/grub/nvme/patches/0005-don-t-print-missing-prefix-errors-on-the-screen.patch index cef7a273..abdd93ff 100644 --- a/config/grub/default/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch +++ b/config/grub/nvme/patches/0005-don-t-print-missing-prefix-errors-on-the-screen.patch @@ -1,7 +1,7 @@ -From d0345db429be8089145e0c072db9ac8db0b644bd Mon Sep 17 00:00:00 2001 +From 095ecdc8ad06ac2581a06e4dacbf4091aba8ec6a Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sun, 5 Nov 2023 16:14:58 +0000 -Subject: [PATCH 11/14] don't print missing prefix errors on the screen +Subject: [PATCH 5/9] don't print missing prefix errors on the screen we do actually set the prefix. this patch modifies grub to still set grub_errno and return accordingly, @@ -85,10 +85,10 @@ index 18de52562..2a0fea6c8 100644 } file = try_open_from_prefix (prefix, filename); diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 4a3be8568..6ae3d73f8 100644 +index de8c3aa8d..eac3ea48d 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c -@@ -881,7 +881,7 @@ grub_dl_load (const char *name) +@@ -880,7 +880,7 @@ grub_dl_load (const char *name) return 0; if (! grub_dl_dir) { @@ -98,5 +98,5 @@ index 4a3be8568..6ae3d73f8 100644 } -- -2.39.5 +2.47.3 diff --git a/config/grub/nvme/patches/0006-Error-on-missing-Argon2id-parameters.patch b/config/grub/nvme/patches/0006-Error-on-missing-Argon2id-parameters.patch deleted file mode 100644 index 508fd740..00000000 --- a/config/grub/nvme/patches/0006-Error-on-missing-Argon2id-parameters.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 6c74f4ff91f741e74dca1accc6c173c277f4ca5b Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 06/15] Error on missing Argon2id parameters - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - grub-core/disk/luks2.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c -index b17cd2115..bbd8f5579 100644 ---- a/grub-core/disk/luks2.c -+++ b/grub-core/disk/luks2.c -@@ -39,6 +39,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - enum grub_luks2_kdf_type - { - LUKS2_KDF_TYPE_ARGON2I, -+ LUKS2_KDF_TYPE_ARGON2ID, - LUKS2_KDF_TYPE_PBKDF2 - }; - typedef enum grub_luks2_kdf_type grub_luks2_kdf_type_t; -@@ -91,7 +92,7 @@ struct grub_luks2_keyslot - grub_int64_t time; - grub_int64_t memory; - grub_int64_t cpus; -- } argon2i; -+ } argon2; - struct - { - const char *hash; -@@ -161,10 +162,11 @@ luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot) - return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing or invalid KDF"); - else if (!grub_strcmp (type, "argon2i") || !grub_strcmp (type, "argon2id")) - { -- out->kdf.type = LUKS2_KDF_TYPE_ARGON2I; -- if (grub_json_getint64 (&out->kdf.u.argon2i.time, &kdf, "time") || -- grub_json_getint64 (&out->kdf.u.argon2i.memory, &kdf, "memory") || -- grub_json_getint64 (&out->kdf.u.argon2i.cpus, &kdf, "cpus")) -+ out->kdf.type = !grub_strcmp (type, "argon2i") -+ ? LUKS2_KDF_TYPE_ARGON2I : LUKS2_KDF_TYPE_ARGON2ID; -+ if (grub_json_getint64 (&out->kdf.u.argon2.time, &kdf, "time") || -+ grub_json_getint64 (&out->kdf.u.argon2.memory, &kdf, "memory") || -+ grub_json_getint64 (&out->kdf.u.argon2.cpus, &kdf, "cpus")) - return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing Argon2i parameters"); - } - else if (!grub_strcmp (type, "pbkdf2")) -@@ -460,6 +462,7 @@ luks2_decrypt_key (grub_uint8_t *out_key, - switch (k->kdf.type) - { - case LUKS2_KDF_TYPE_ARGON2I: -+ case LUKS2_KDF_TYPE_ARGON2ID: - ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported"); - goto err; - case LUKS2_KDF_TYPE_PBKDF2: --- -2.39.5 - diff --git a/config/grub/xhci_nvme/patches/0012-don-t-print-error-if-module-not-found.patch b/config/grub/nvme/patches/0006-don-t-print-error-if-module-not-found.patch index e817ca85..339160d6 100644 --- a/config/grub/xhci_nvme/patches/0012-don-t-print-error-if-module-not-found.patch +++ b/config/grub/nvme/patches/0006-don-t-print-error-if-module-not-found.patch @@ -1,7 +1,7 @@ -From 06f9480a670d374e1599bf9871f6cd26656418a7 Mon Sep 17 00:00:00 2001 +From 198cb517f44ada4eb561e3182e61b1598535c51b Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sun, 5 Nov 2023 16:36:22 +0000 -Subject: [PATCH 12/26] don't print error if module not found +Subject: [PATCH 6/9] don't print error if module not found still set grub_errno accordingly, and otherwise behave the same. in libreboot, we remove a lot of @@ -17,10 +17,10 @@ Signed-off-by: Leah Rowe <leah@libreboot.org> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 6ae3d73f8..4c15027fe 100644 +index eac3ea48d..6d67ba54f 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c -@@ -511,7 +511,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e) +@@ -510,7 +510,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e) s = grub_dl_find_section (e, ".modname"); if (!s) @@ -30,5 +30,5 @@ index 6ae3d73f8..4c15027fe 100644 mod->name = grub_strdup ((char *) e + s->sh_offset); if (! mod->name) -- -2.39.5 +2.47.3 diff --git a/config/grub/nvme/patches/0007-Compile-with-Argon2id-support.patch b/config/grub/nvme/patches/0007-Compile-with-Argon2id-support.patch deleted file mode 100644 index 1cfe1ab7..00000000 --- a/config/grub/nvme/patches/0007-Compile-with-Argon2id-support.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 50157401f90366e5b7c8f80ae7bc59c2276f7c35 Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 07/15] Compile with Argon2id support - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - Makefile.util.def | 6 +++++- - grub-core/Makefile.core.def | 2 +- - grub-core/disk/luks2.c | 13 +++++++++++-- - 3 files changed, 17 insertions(+), 4 deletions(-) - -diff --git a/Makefile.util.def b/Makefile.util.def -index 038253b37..2f19569c9 100644 ---- a/Makefile.util.def -+++ b/Makefile.util.def -@@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl; - library = { - name = libgrubkern.a; - cflags = '$(CFLAGS_GNULIB)'; -- cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json'; -+ cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json -I$(srcdir)/grub-core/lib/argon2'; - - common = util/misc.c; - common = grub-core/kern/command.c; -@@ -36,6 +36,10 @@ library = { - common = grub-core/kern/misc.c; - common = grub-core/kern/partition.c; - common = grub-core/lib/crypto.c; -+ common = grub-core/lib/argon2/argon2.c; -+ common = grub-core/lib/argon2/core.c; -+ common = grub-core/lib/argon2/ref.c; -+ common = grub-core/lib/argon2/blake2/blake2b.c; - common = grub-core/lib/json/json.c; - common = grub-core/disk/luks.c; - common = grub-core/disk/luks2.c; -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 0ee65d54d..cd29a9df8 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -1242,7 +1242,7 @@ module = { - common = disk/luks2.c; - common = lib/gnulib/base64.c; - cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)'; -- cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json'; -+ cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json -I$(srcdir)/lib/argon2'; - }; - - module = { -diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c -index bbd8f5579..02cd615d9 100644 ---- a/grub-core/disk/luks2.c -+++ b/grub-core/disk/luks2.c -@@ -28,6 +28,7 @@ - #include <grub/i18n.h> - #include <grub/safemath.h> - -+#include <argon2.h> - #include <base64.h> - #include <json.h> - -@@ -463,8 +464,16 @@ luks2_decrypt_key (grub_uint8_t *out_key, - { - case LUKS2_KDF_TYPE_ARGON2I: - case LUKS2_KDF_TYPE_ARGON2ID: -- ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported"); -- goto err; -+ ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory, k->kdf.u.argon2.cpus, -+ passphrase, passphraselen, salt, saltlen, area_key, k->area.key_size, -+ k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i : Argon2_id, -+ ARGON2_VERSION_NUMBER); -+ if (ret) -+ { -+ grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message (ret)); -+ goto err; -+ } -+ break; - case LUKS2_KDF_TYPE_PBKDF2: - hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash); - if (!hash) --- -2.39.5 - diff --git a/config/grub/default/patches/0013-don-t-print-empty-error-messages.patch b/config/grub/nvme/patches/0007-don-t-print-empty-error-messages.patch index 0cdadbe9..9bec9774 100644 --- a/config/grub/default/patches/0013-don-t-print-empty-error-messages.patch +++ b/config/grub/nvme/patches/0007-don-t-print-empty-error-messages.patch @@ -1,7 +1,7 @@ -From 5a1dd3c19307859aac7d1a22a7a0c0c7ffb09ddb Mon Sep 17 00:00:00 2001 +From e344c1bb1bc0bc4df4cf9c049e1e4ba2daf8c2af Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sun, 5 Nov 2023 17:25:20 +0000 -Subject: [PATCH 13/14] don't print empty error messages +Subject: [PATCH 7/9] don't print empty error messages this is part two of the quest to kill the prefix error message. after i disabled prefix-related @@ -13,10 +13,10 @@ Signed-off-by: Leah Rowe <leah@libreboot.org> 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/grub-core/kern/err.c b/grub-core/kern/err.c -index 53c734de7..7cac53983 100644 +index ba04b57fb..dab62646d 100644 --- a/grub-core/kern/err.c +++ b/grub-core/kern/err.c -@@ -107,7 +107,8 @@ grub_print_error (void) +@@ -116,7 +116,8 @@ grub_print_error (void) { if (grub_errno != GRUB_ERR_NONE) { @@ -27,5 +27,5 @@ index 53c734de7..7cac53983 100644 } } -- -2.39.5 +2.47.3 diff --git a/config/grub/nvme/patches/0014-Add-native-NVMe-driver-based-on-SeaBIOS.patch b/config/grub/nvme/patches/0008-Add-native-NVMe-driver-based-on-SeaBIOS.patch index a181ddc9..e3007b05 100644 --- a/config/grub/nvme/patches/0014-Add-native-NVMe-driver-based-on-SeaBIOS.patch +++ b/config/grub/nvme/patches/0008-Add-native-NVMe-driver-based-on-SeaBIOS.patch @@ -1,7 +1,7 @@ -From c8d5481586133d7738a9e2d27b5554470bef719d Mon Sep 17 00:00:00 2001 +From e390ed303e135f6509889ff1ef3f5e3bcb28e89f Mon Sep 17 00:00:00 2001 From: Mate Kukri <km@mkukri.xyz> Date: Mon, 20 May 2024 11:43:35 +0100 -Subject: [PATCH 14/15] Add native NVMe driver based on SeaBIOS +Subject: [PATCH 8/9] Add native NVMe driver based on SeaBIOS Tested to successfully boot Debian on QEMU and OptiPlex 3050. @@ -31,10 +31,10 @@ index 43635d5ff..2c86dbbf6 100644 endif diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index cd29a9df8..0034f8c61 100644 +index fa4bc54aa..c608d0450 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -2682,3 +2682,9 @@ module = { +@@ -2768,3 +2768,9 @@ module = { cflags = '-Wno-uninitialized'; cppflags = '-I$(srcdir)/lib/libtasn1-grub -I$(srcdir)/tests/asn1/'; }; @@ -1070,5 +1070,5 @@ index fbf23df7f..186e76f0b 100644 struct grub_disk; -- -2.39.5 +2.47.3 diff --git a/config/grub/nvme/patches/0008-Make-grub-install-work-with-Argon2.patch b/config/grub/nvme/patches/0008-Make-grub-install-work-with-Argon2.patch deleted file mode 100644 index bdf9343e..00000000 --- a/config/grub/nvme/patches/0008-Make-grub-install-work-with-Argon2.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 2f7814e55cbae04cb2b307fee559f40cdc70609c Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 08/15] Make grub-install work with Argon2 - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - util/grub-install.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/util/grub-install.c b/util/grub-install.c -index 060246589..059036d3c 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -448,6 +448,8 @@ probe_mods (grub_disk_t disk) - { - grub_util_cryptodisk_get_abstraction (disk, - push_cryptodisk_module, NULL); -+ /* HACK: always push argon2 */ -+ grub_install_push_module ("argon2"); - have_abstractions = 1; - have_cryptodisk = 1; - } --- -2.39.5 - diff --git a/config/grub/xhci_nvme/patches/0026-kern-coreboot-mmap-Map-to-reserved.patch b/config/grub/nvme/patches/0009-kern-coreboot-mmap-Map-to-reserved.patch index 712d2218..f85bbb66 100644 --- a/config/grub/xhci_nvme/patches/0026-kern-coreboot-mmap-Map-to-reserved.patch +++ b/config/grub/nvme/patches/0009-kern-coreboot-mmap-Map-to-reserved.patch @@ -1,7 +1,7 @@ -From d73ca74ef879bf602274bee6eb24f0080a45d235 Mon Sep 17 00:00:00 2001 +From 53e9097777bfc3830b9d986e9fd2ff00f40b2aa8 Mon Sep 17 00:00:00 2001 From: Paul Menzel <pmenzel@molgen.mpg.de> Date: Mon, 17 May 2021 10:24:36 +0200 -Subject: [PATCH 26/26] kern/coreboot/mmap: Map to reserved +Subject: [PATCH 9/9] kern/coreboot/mmap: Map to reserved https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6de9ee86bf9ae50967413e6a73b5dfd13e5ffb50 @@ -33,5 +33,5 @@ index caf8f7cef..2fc316e8d 100644 return 1; } -- -2.39.5 +2.47.3 diff --git a/config/grub/nvme/target.cfg b/config/grub/nvme/target.cfg index 0aff1315..887b9bf7 100644 --- a/config/grub/nvme/target.cfg +++ b/config/grub/nvme/target.cfg @@ -1,4 +1,4 @@ # SPDX-License-Identifier: GPL-3.0-or-later tree="nvme" -rev="a68a7dece464c35b1c8d20b98502b6881b103911" +rev="280715ec63a3424f5cf1289302cb4ab4e98768f4" diff --git a/config/grub/xhci_nvme/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch b/config/grub/xhci_nvme/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch index d480d60a..46e5059f 100644 --- a/config/grub/xhci_nvme/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch +++ b/config/grub/xhci_nvme/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch @@ -1,7 +1,7 @@ -From 6a04ceb244366ddab75ce229afd19687ce35d15a Mon Sep 17 00:00:00 2001 +From 5e70ef9fa3a6474ec827c15329d13c9c984f147a Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sun, 31 Oct 2021 03:47:05 +0000 -Subject: [PATCH 01/26] mitigate grub's missing characters for borders/arrow +Subject: [PATCH 01/20] mitigate grub's missing characters for borders/arrow characters This cleans up the display on the main screen in GRUB. @@ -86,5 +86,5 @@ index 9c383e64a..8ec1dd1e8 100644 grub_term_highlight_color = old_color_highlight; geo->timeout_y = geo->first_entry_y + geo->num_entries -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch b/config/grub/xhci_nvme/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch index e50e6c6a..ace80aa7 100644 --- a/config/grub/xhci_nvme/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch +++ b/config/grub/xhci_nvme/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch @@ -1,17 +1,17 @@ -From c18175417d4fa4501dac21ef26b9c30f67ece0fd Mon Sep 17 00:00:00 2001 +From f87a74e198cea4ee79051fc789a06ad3695ad1db Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sat, 19 Nov 2022 16:30:24 +0000 -Subject: [PATCH 02/26] say the name libreboot, in the grub menu +Subject: [PATCH 02/20] say the name libreboot, in the grub menu --- grub-core/normal/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 96abfda2f..d806db9c4 100644 +index de9a3f961..1fabb9c86 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c -@@ -209,7 +209,7 @@ grub_normal_init_page (struct grub_term_output *term, +@@ -215,7 +215,7 @@ grub_normal_init_page (struct grub_term_output *term, grub_term_cls (term); @@ -21,5 +21,5 @@ index 96abfda2f..d806db9c4 100644 return; -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0003-Add-CC0-license.patch b/config/grub/xhci_nvme/patches/0003-Add-CC0-license.patch deleted file mode 100644 index c2fd1c01..00000000 --- a/config/grub/xhci_nvme/patches/0003-Add-CC0-license.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 72b0b0f76b3cc7f03e42322b77400b89c3ccf766 Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 03/26] Add CC0 license - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - grub-core/kern/dl.c | 3 ++- - util/grub-module-verifierXX.c | 3 ++- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index de8c3aa8d..4a3be8568 100644 ---- a/grub-core/kern/dl.c -+++ b/grub-core/kern/dl.c -@@ -495,7 +495,8 @@ grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e) - - if (grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3") == 0 - || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3+") == 0 -- || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv2+") == 0) -+ || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv2+") == 0 -+ || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=CC0") == 0) - return GRUB_ERR_NONE; - - return grub_error (GRUB_ERR_BAD_MODULE, -diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c -index a42c20bd1..7157a30aa 100644 ---- a/util/grub-module-verifierXX.c -+++ b/util/grub-module-verifierXX.c -@@ -236,7 +236,8 @@ check_license (const char * const filename, - Elf_Shdr *s = find_section (arch, e, ".module_license", module_size); - if (s && (strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3") == 0 - || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3+") == 0 -- || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0)) -+ || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0 -+ || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=CC0") == 0)) - return; - grub_util_error ("%s: incompatible license", filename); - } --- -2.39.5 - diff --git a/config/grub/xhci_nvme/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch b/config/grub/xhci_nvme/patches/0003-at_keyboard-coreboot-force-scancodes2-translate.patch index 87164461..d3547d11 100644 --- a/config/grub/xhci_nvme/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch +++ b/config/grub/xhci_nvme/patches/0003-at_keyboard-coreboot-force-scancodes2-translate.patch @@ -1,7 +1,7 @@ -From dfbfe525d6f138e3db1e683096302045c064096f Mon Sep 17 00:00:00 2001 +From e647f6b06788022a746e8f38ed2b092013d1d570 Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Mon, 30 Oct 2023 22:19:21 +0000 -Subject: [PATCH 09/26] at_keyboard coreboot: force scancodes2+translate +Subject: [PATCH 03/20] at_keyboard coreboot: force scancodes2+translate Scan code set 2 with translation should be assumed in every case, as the default starting position. @@ -103,5 +103,5 @@ index f8a129eb7..8207225c2 100644 grub_dprintf ("atkeyb", "returned set %d\n", ps2_state.current_set); if (ps2_state.current_set == 2) -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0004-Define-GRUB_UINT32_MAX.patch b/config/grub/xhci_nvme/patches/0004-Define-GRUB_UINT32_MAX.patch deleted file mode 100644 index d41c802e..00000000 --- a/config/grub/xhci_nvme/patches/0004-Define-GRUB_UINT32_MAX.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 451ca97719aa9178f3202554c74ab636baece616 Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 04/26] Define GRUB_UINT32_MAX - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - include/grub/types.h | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/include/grub/types.h b/include/grub/types.h -index 45079bf65..8c0b30395 100644 ---- a/include/grub/types.h -+++ b/include/grub/types.h -@@ -156,6 +156,7 @@ typedef grub_int32_t grub_ssize_t; - #define GRUB_SHRT_MAX 0x7fff - #define GRUB_SHRT_MIN (-GRUB_SHRT_MAX - 1) - #define GRUB_UINT_MAX 4294967295U -+#define GRUB_UINT32_MAX 4294967295U - #define GRUB_INT_MAX 0x7fffffff - #define GRUB_INT_MIN (-GRUB_INT_MAX - 1) - #define GRUB_INT32_MAX 2147483647 -@@ -177,6 +178,13 @@ typedef grub_int32_t grub_ssize_t; - #define GRUB_TYPE_U_MAX(type) ((unsigned long long)((typeof (type))(~0))) - #define GRUB_TYPE_U_MIN(type) 0ULL - -+# define GRUB_UINT32_C(x) x ## U -+# if GRUB_ULONG_MAX >> 31 >> 31 >> 1 == 1 -+# define GRUB_UINT64_C(x) x##UL -+# elif 1 -+# define GRUB_UINT64_C(x) x##ULL -+# endif -+ - typedef grub_uint64_t grub_properly_aligned_t; - - #define GRUB_PROPERLY_ALIGNED_ARRAY(name, size) grub_properly_aligned_t name[((size) + sizeof (grub_properly_aligned_t) - 1) / sizeof (grub_properly_aligned_t)] --- -2.39.5 - diff --git a/config/grub/xhci_nvme/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch b/config/grub/xhci_nvme/patches/0004-keylayouts-don-t-print-Unknown-key-message.patch index 607f3541..b3fd8956 100644 --- a/config/grub/xhci_nvme/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch +++ b/config/grub/xhci_nvme/patches/0004-keylayouts-don-t-print-Unknown-key-message.patch @@ -1,7 +1,7 @@ -From 18f88785a46e6657e1404e1914638f4768d65008 Mon Sep 17 00:00:00 2001 +From 1f0c3362178d1ad44998a98782bcb1e412af9d79 Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Tue, 31 Oct 2023 10:33:28 +0000 -Subject: [PATCH 10/26] keylayouts: don't print "Unknown key" message +Subject: [PATCH 04/20] keylayouts: don't print "Unknown key" message on keyboards with stuck keys, this results in GRUB just spewing it repeatedly, preventing use of GRUB. @@ -34,5 +34,5 @@ index aa3ba34f2..445fa0601 100644 } -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0005-Add-Argon2-algorithm.patch b/config/grub/xhci_nvme/patches/0005-Add-Argon2-algorithm.patch deleted file mode 100644 index d2d202db..00000000 --- a/config/grub/xhci_nvme/patches/0005-Add-Argon2-algorithm.patch +++ /dev/null @@ -1,2612 +0,0 @@ -From 93404ba667dae9a5da9953f7a17245adfe529c78 Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 05/26] Add Argon2 algorithm - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - docs/grub-dev.texi | 64 +++ - grub-core/Makefile.core.def | 8 + - grub-core/lib/argon2/LICENSE | 314 +++++++++++ - grub-core/lib/argon2/argon2.c | 232 ++++++++ - grub-core/lib/argon2/argon2.h | 264 +++++++++ - grub-core/lib/argon2/blake2/blake2-impl.h | 151 ++++++ - grub-core/lib/argon2/blake2/blake2.h | 89 +++ - grub-core/lib/argon2/blake2/blake2b.c | 388 ++++++++++++++ - .../lib/argon2/blake2/blamka-round-ref.h | 56 ++ - grub-core/lib/argon2/core.c | 506 ++++++++++++++++++ - grub-core/lib/argon2/core.h | 228 ++++++++ - grub-core/lib/argon2/ref.c | 190 +++++++ - 12 files changed, 2490 insertions(+) - create mode 100644 grub-core/lib/argon2/LICENSE - create mode 100644 grub-core/lib/argon2/argon2.c - create mode 100644 grub-core/lib/argon2/argon2.h - create mode 100644 grub-core/lib/argon2/blake2/blake2-impl.h - create mode 100644 grub-core/lib/argon2/blake2/blake2.h - create mode 100644 grub-core/lib/argon2/blake2/blake2b.c - create mode 100644 grub-core/lib/argon2/blake2/blamka-round-ref.h - create mode 100644 grub-core/lib/argon2/core.c - create mode 100644 grub-core/lib/argon2/core.h - create mode 100644 grub-core/lib/argon2/ref.c - -diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi -index f4367f895..9d96cedf9 100644 ---- a/docs/grub-dev.texi -+++ b/docs/grub-dev.texi -@@ -503,12 +503,76 @@ GRUB includes some code from other projects, and it is sometimes necessary - to update it. - - @menu -+* Argon2:: - * Gnulib:: - * jsmn:: - * minilzo:: - * libtasn1:: - @end menu - -+@node Argon2 -+@section Argon2 -+ -+Argon2 is a key derivation function used by LUKS2 in order to derive encryption -+keys from a user-provided password. GRUB imports the official reference -+implementation of Argon2 from @url{https://github.com/P-H-C/phc-winner-argon2}. -+In order to make the library usable for GRUB, we need to perform various -+conversions. This is mainly due to the fact that the imported code makes use of -+types and functions defined in the C standard library, which isn't available. -+Furthermore, using the POSIX wrapper library is not possible as the code needs -+to be part of the kernel. -+ -+Updating the code can thus be performed like following: -+ -+@example -+$ git clone https://github.com/P-H-C/phc-winner-argon2 argon2 -+$ cp argon2/include/argon2.h argon2/src/@{argon2.c,core.c,core.h,ref.c@} \ -+ grub-core/lib/argon2/ -+$ cp argon2/src/blake2/@{blake2-impl.h,blake2.h,blake2b.c,blamka-round-ref.h@} \ -+ grub-core/lib/argon2/blake2/ -+$ sed -e 's/UINT32_C/GRUB_UINT32_C/g' \ -+ -e 's/UINT64_C/GRUB_UINT64_C/g' \ -+ -e 's/UINT32_MAX/GRUB_UINT32_MAX/g' \ -+ -e 's/CHAR_BIT/GRUB_CHAR_BIT/g' \ -+ -e 's/UINT_MAX/GRUB_UINT_MAX/g' \ -+ -e 's/uintptr_t/grub_addr_t/g' \ -+ -e 's/size_t/grub_size_t/g' \ -+ -e 's/uint32_t/grub_uint32_t/g' \ -+ -e 's/uint64_t/grub_uint64_t/g' \ -+ -e 's/uint8_t/grub_uint8_t/g' \ -+ -e 's/memset/grub_memset/g' \ -+ -e 's/memcpy/grub_memcpy/g' \ -+ -e 's/malloc/grub_malloc/g' \ -+ -e 's/free/grub_free/g' \ -+ -e 's/#elif _MSC_VER/#elif defined(_MSC_VER)/' \ -+ grub-core/lib/argon2/@{*,blake2/*@}.@{c,h@} -i -+@end example -+ -+Afterwards, you need to perform the following manual steps: -+ -+@enumerate -+@item Remove all includes of standard library headers, "encoding.h" and -+ "thread.h". -+@item Add includes <grub/mm.h> and <grub/misc.h> to "argon2.h". -+@item Add include <grub/dl.h> and module license declaration to "argon2.c". -+@item Remove the following declarations and functions from "argon2.h" and -+ "argon2.c": argon2_type2string, argon2i_hash_encoded, argon2i_hash_raw, -+ argon2d_hash_encoded, argon2d_hash_raw, argon2id_hash_encoded, -+ argon2id_hash_raw, argon2_compare, argon2_verify, argon2i_verify, -+ argon2d_verify, argon2id_verify, argon2d_ctx, argon2i_ctx, argon2id_ctx, -+ argon2_verify_ctx, argon2d_verify_ctx, argon2i_verify_ctx, -+ argon2id_verify_ctx, argon2_encodedlen. -+@item Move the declaration of `clear_internal_memory()` in "blake2-impl.h" to -+ "blake2b.c". -+@item Remove code guarded by the ARGON2_NO_THREADS macro. -+@item Remove parameters `encoded` and `encodedlen` from `argon2_hash` and remove -+ the encoding block in that function. -+@item Remove parameter verifications in `validate_inputs()` for -+ ARGON2_MIN_PWD_LENGTH, ARGON2_MIN_SECRET, ARGON2_MIN_AD_LENGTH and -+ ARGON2_MAX_MEMORY to fix compiler warnings. -+@item Mark the function argon2_ctx as static. -+@end enumerate -+ - @node Gnulib - @section Gnulib - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 24e8c8437..0ee65d54d 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -1219,6 +1219,14 @@ module = { - common = lib/json/json.c; - }; - -+module = { -+ name = argon2; -+ common = lib/argon2/argon2.c; -+ common = lib/argon2/core.c; -+ common = lib/argon2/ref.c; -+ common = lib/argon2/blake2/blake2b.c; -+}; -+ - module = { - name = afsplitter; - common = disk/AFSplitter.c; -diff --git a/grub-core/lib/argon2/LICENSE b/grub-core/lib/argon2/LICENSE -new file mode 100644 -index 000000000..97aae2925 ---- /dev/null -+++ b/grub-core/lib/argon2/LICENSE -@@ -0,0 +1,314 @@ -+Argon2 reference source code package - reference C implementations -+ -+Copyright 2015 -+Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ -+You may use this work under the terms of a Creative Commons CC0 1.0 -+License/Waiver or the Apache Public License 2.0, at your option. The terms of -+these licenses can be found at: -+ -+- CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+- Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ -+The terms of the licenses are reproduced below. -+ -+-------------------------------------------------------------------------------- -+ -+Creative Commons Legal Code -+ -+CC0 1.0 Universal -+ -+ CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE -+ LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN -+ ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS -+ INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES -+ REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS -+ PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM -+ THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED -+ HEREUNDER. -+ -+Statement of Purpose -+ -+The laws of most jurisdictions throughout the world automatically confer -+exclusive Copyright and Related Rights (defined below) upon the creator -+and subsequent owner(s) (each and all, an "owner") of an original work of -+authorship and/or a database (each, a "Work"). -+ -+Certain owners wish to permanently relinquish those rights to a Work for -+the purpose of contributing to a commons of creative, cultural and -+scientific works ("Commons") that the public can reliably and without fear -+of later claims of infringement build upon, modify, incorporate in other -+works, reuse and redistribute as freely as possible in any form whatsoever -+and for any purposes, including without limitation commercial purposes. -+These owners may contribute to the Commons to promote the ideal of a free -+culture and the further production of creative, cultural and scientific -+works, or to gain reputation or greater distribution for their Work in -+part through the use and efforts of others. -+ -+For these and/or other purposes and motivations, and without any -+expectation of additional consideration or compensation, the person -+associating CC0 with a Work (the "Affirmer"), to the extent that he or she -+is an owner of Copyright and Related Rights in the Work, voluntarily -+elects to apply CC0 to the Work and publicly distribute the Work under its -+terms, with knowledge of his or her Copyright and Related Rights in the -+Work and the meaning and intended legal effect of CC0 on those rights. -+ -+1. Copyright and Related Rights. A Work made available under CC0 may be -+protected by copyright and related or neighboring rights ("Copyright and -+Related Rights"). Copyright and Related Rights include, but are not -+limited to, the following: -+ -+ i. the right to reproduce, adapt, distribute, perform, display, -+ communicate, and translate a Work; -+ ii. moral rights retained by the original author(s) and/or performer(s); -+iii. publicity and privacy rights pertaining to a person's image or -+ likeness depicted in a Work; -+ iv. rights protecting against unfair competition in regards to a Work, -+ subject to the limitations in paragraph 4(a), below; -+ v. rights protecting the extraction, dissemination, use and reuse of data -+ in a Work; -+ vi. database rights (such as those arising under Directive 96/9/EC of the -+ European Parliament and of the Council of 11 March 1996 on the legal -+ protection of databases, and under any national implementation -+ thereof, including any amended or successor version of such -+ directive); and -+vii. other similar, equivalent or corresponding rights throughout the -+ world based on applicable law or treaty, and any national -+ implementations thereof. -+ -+2. Waiver. To the greatest extent permitted by, but not in contravention -+of, applicable law, Affirmer hereby overtly, fully, permanently, -+irrevocably and unconditionally waives, abandons, and surrenders all of -+Affirmer's Copyright and Related Rights and associated claims and causes -+of action, whether now known or unknown (including existing as well as -+future claims and causes of action), in the Work (i) in all territories -+worldwide, (ii) for the maximum duration provided by applicable law or -+treaty (including future time extensions), (iii) in any current or future -+medium and for any number of copies, and (iv) for any purpose whatsoever, -+including without limitation commercial, advertising or promotional -+purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each -+member of the public at large and to the detriment of Affirmer's heirs and -+successors, fully intending that such Waiver shall not be subject to -+revocation, rescission, cancellation, termination, or any other legal or -+equitable action to disrupt the quiet enjoyment of the Work by the public -+as contemplated by Affirmer's express Statement of Purpose. -+ -+3. Public License Fallback. Should any part of the Waiver for any reason -+be judged legally invalid or ineffective under applicable law, then the -+Waiver shall be preserved to the maximum extent permitted taking into -+account Affirmer's express Statement of Purpose. In addition, to the -+extent the Waiver is so judged Affirmer hereby grants to each affected -+person a royalty-free, non transferable, non sublicensable, non exclusive, -+irrevocable and unconditional license to exercise Affirmer's Copyright and -+Related Rights in the Work (i) in all territories worldwide, (ii) for the -+maximum duration provided by applicable law or treaty (including future -+time extensions), (iii) in any current or future medium and for any number -+of copies, and (iv) for any purpose whatsoever, including without -+limitation commercial, advertising or promotional purposes (the -+"License"). The License shall be deemed effective as of the date CC0 was -+applied by Affirmer to the Work. Should any part of the License for any -+reason be judged legally invalid or ineffective under applicable law, such -+partial invalidity or ineffectiveness shall not invalidate the remainder -+of the License, and in such case Affirmer hereby affirms that he or she -+will not (i) exercise any of his or her remaining Copyright and Related -+Rights in the Work or (ii) assert any associated claims and causes of -+action with respect to the Work, in either case contrary to Affirmer's -+express Statement of Purpose. -+ -+4. Limitations and Disclaimers. -+ -+ a. No trademark or patent rights held by Affirmer are waived, abandoned, -+ surrendered, licensed or otherwise affected by this document. -+ b. Affirmer offers the Work as-is and makes no representations or -+ warranties of any kind concerning the Work, express, implied, -+ statutory or otherwise, including without limitation warranties of -+ title, merchantability, fitness for a particular purpose, non -+ infringement, or the absence of latent or other defects, accuracy, or -+ the present or absence of errors, whether or not discoverable, all to -+ the greatest extent permissible under applicable law. -+ c. Affirmer disclaims responsibility for clearing rights of other persons -+ that may apply to the Work or any use thereof, including without -+ limitation any person's Copyright and Related Rights in the Work. -+ Further, Affirmer disclaims responsibility for obtaining any necessary -+ consents, permissions or other rights required for any use of the -+ Work. -+ d. Affirmer understands and acknowledges that Creative Commons is not a -+ party to this document and has no duty or obligation with respect to -+ this CC0 or use of the Work. -+ -+-------------------------------------------------------------------------------- -+ -+ Apache License -+ Version 2.0, January 2004 -+ http://www.apache.org/licenses/ -+ -+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION -+ -+ 1. Definitions. -+ -+ "License" shall mean the terms and conditions for use, reproduction, -+ and distribution as defined by Sections 1 through 9 of this document. -+ -+ "Licensor" shall mean the copyright owner or entity authorized by -+ the copyright owner that is granting the License. -+ -+ "Legal Entity" shall mean the union of the acting entity and all -+ other entities that control, are controlled by, or are under common -+ control with that entity. For the purposes of this definition, -+ "control" means (i) the power, direct or indirect, to cause the -+ direction or management of such entity, whether by contract or -+ otherwise, or (ii) ownership of fifty percent (50%) or more of the -+ outstanding shares, or (iii) beneficial ownership of such entity. -+ -+ "You" (or "Your") shall mean an individual or Legal Entity -+ exercising permissions granted by this License. -+ -+ "Source" form shall mean the preferred form for making modifications, -+ including but not limited to software source code, documentation -+ source, and configuration files. -+ -+ "Object" form shall mean any form resulting from mechanical -+ transformation or translation of a Source form, including but -+ not limited to compiled object code, generated documentation, -+ and conversions to other media types. -+ -+ "Work" shall mean the work of authorship, whether in Source or -+ Object form, made available under the License, as indicated by a -+ copyright notice that is included in or attached to the work -+ (an example is provided in the Appendix below). -+ -+ "Derivative Works" shall mean any work, whether in Source or Object -+ form, that is based on (or derived from) the Work and for which the -+ editorial revisions, annotations, elaborations, or other modifications -+ represent, as a whole, an original work of authorship. For the purposes -+ of this License, Derivative Works shall not include works that remain -+ separable from, or merely link (or bind by name) to the interfaces of, -+ the Work and Derivative Works thereof. -+ -+ "Contribution" shall mean any work of authorship, including -+ the original version of the Work and any modifications or additions -+ to that Work or Derivative Works thereof, that is intentionally -+ submitted to Licensor for inclusion in the Work by the copyright owner -+ or by an individual or Legal Entity authorized to submit on behalf of -+ the copyright owner. For the purposes of this definition, "submitted" -+ means any form of electronic, verbal, or written communication sent -+ to the Licensor or its representatives, including but not limited to -+ communication on electronic mailing lists, source code control systems, -+ and issue tracking systems that are managed by, or on behalf of, the -+ Licensor for the purpose of discussing and improving the Work, but -+ excluding communication that is conspicuously marked or otherwise -+ designated in writing by the copyright owner as "Not a Contribution." -+ -+ "Contributor" shall mean Licensor and any individual or Legal Entity -+ on behalf of whom a Contribution has been received by Licensor and -+ subsequently incorporated within the Work. -+ -+ 2. Grant of Copyright License. Subject to the terms and conditions of -+ this License, each Contributor hereby grants to You a perpetual, -+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable -+ copyright license to reproduce, prepare Derivative Works of, -+ publicly display, publicly perform, sublicense, and distribute the -+ Work and such Derivative Works in Source or Object form. -+ -+ 3. Grant of Patent License. Subject to the terms and conditions of -+ this License, each Contributor hereby grants to You a perpetual, -+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable -+ (except as stated in this section) patent license to make, have made, -+ use, offer to sell, sell, import, and otherwise transfer the Work, -+ where such license applies only to those patent claims licensable -+ by such Contributor that are necessarily infringed by their -+ Contribution(s) alone or by combination of their Contribution(s) -+ with the Work to which such Contribution(s) was submitted. If You -+ institute patent litigation against any entity (including a -+ cross-claim or counterclaim in a lawsuit) alleging that the Work -+ or a Contribution incorporated within the Work constitutes direct -+ or contributory patent infringement, then any patent licenses -+ granted to You under this License for that Work shall terminate -+ as of the date such litigation is filed. -+ -+ 4. Redistribution. You may reproduce and distribute copies of the -+ Work or Derivative Works thereof in any medium, with or without -+ modifications, and in Source or Object form, provided that You -+ meet the following conditions: -+ -+ (a) You must give any other recipients of the Work or -+ Derivative Works a copy of this License; and -+ -+ (b) You must cause any modified files to carry prominent notices -+ stating that You changed the files; and -+ -+ (c) You must retain, in the Source form of any Derivative Works -+ that You distribute, all copyright, patent, trademark, and -+ attribution notices from the Source form of the Work, -+ excluding those notices that do not pertain to any part of -+ the Derivative Works; and -+ -+ (d) If the Work includes a "NOTICE" text file as part of its -+ distribution, then any Derivative Works that You distribute must -+ include a readable copy of the attribution notices contained -+ within such NOTICE file, excluding those notices that do not -+ pertain to any part of the Derivative Works, in at least one -+ of the following places: within a NOTICE text file distributed -+ as part of the Derivative Works; within the Source form or -+ documentation, if provided along with the Derivative Works; or, -+ within a display generated by the Derivative Works, if and -+ wherever such third-party notices normally appear. The contents -+ of the NOTICE file are for informational purposes only and -+ do not modify the License. You may add Your own attribution -+ notices within Derivative Works that You distribute, alongside -+ or as an addendum to the NOTICE text from the Work, provided -+ that such additional attribution notices cannot be construed -+ as modifying the License. -+ -+ You may add Your own copyright statement to Your modifications and -+ may provide additional or different license terms and conditions -+ for use, reproduction, or distribution of Your modifications, or -+ for any such Derivative Works as a whole, provided Your use, -+ reproduction, and distribution of the Work otherwise complies with -+ the conditions stated in this License. -+ -+ 5. Submission of Contributions. Unless You explicitly state otherwise, -+ any Contribution intentionally submitted for inclusion in the Work -+ by You to the Licensor shall be under the terms and conditions of -+ this License, without any additional terms or conditions. -+ Notwithstanding the above, nothing herein shall supersede or modify -+ the terms of any separate license agreement you may have executed -+ with Licensor regarding such Contributions. -+ -+ 6. Trademarks. This License does not grant permission to use the trade -+ names, trademarks, service marks, or product names of the Licensor, -+ except as required for reasonable and customary use in describing the -+ origin of the Work and reproducing the content of the NOTICE file. -+ -+ 7. Disclaimer of Warranty. Unless required by applicable law or -+ agreed to in writing, Licensor provides the Work (and each -+ Contributor provides its Contributions) on an "AS IS" BASIS, -+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -+ implied, including, without limitation, any warranties or conditions -+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A -+ PARTICULAR PURPOSE. You are solely responsible for determining the -+ appropriateness of using or redistributing the Work and assume any -+ risks associated with Your exercise of permissions under this License. -+ -+ 8. Limitation of Liability. In no event and under no legal theory, -+ whether in tort (including negligence), contract, or otherwise, -+ unless required by applicable law (such as deliberate and grossly -+ negligent acts) or agreed to in writing, shall any Contributor be -+ liable to You for damages, including any direct, indirect, special, -+ incidental, or consequential damages of any character arising as a -+ result of this License or out of the use or inability to use the -+ Work (including but not limited to damages for loss of goodwill, -+ work stoppage, computer failure or malfunction, or any and all -+ other commercial damages or losses), even if such Contributor -+ has been advised of the possibility of such damages. -+ -+ 9. Accepting Warranty or Additional Liability. While redistributing -+ the Work or Derivative Works thereof, You may choose to offer, -+ and charge a fee for, acceptance of support, warranty, indemnity, -+ or other liability obligations and/or rights consistent with this -+ License. However, in accepting such obligations, You may act only -+ on Your own behalf and on Your sole responsibility, not on behalf -+ of any other Contributor, and only if You agree to indemnify, -+ defend, and hold each Contributor harmless for any liability -+ incurred by, or claims asserted against, such Contributor by reason -+ of your accepting any such warranty or additional liability. -diff --git a/grub-core/lib/argon2/argon2.c b/grub-core/lib/argon2/argon2.c -new file mode 100644 -index 000000000..49532fe80 ---- /dev/null -+++ b/grub-core/lib/argon2/argon2.c -@@ -0,0 +1,232 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#include <grub/dl.h> -+ -+#include "argon2.h" -+#include "core.h" -+ -+GRUB_MOD_LICENSE ("CC0"); -+ -+static int argon2_ctx(argon2_context *context, argon2_type type) { -+ /* 1. Validate all inputs */ -+ int result = validate_inputs(context); -+ grub_uint32_t memory_blocks, segment_length; -+ argon2_instance_t instance; -+ -+ if (ARGON2_OK != result) { -+ return result; -+ } -+ -+ if (Argon2_d != type && Argon2_i != type && Argon2_id != type) { -+ return ARGON2_INCORRECT_TYPE; -+ } -+ -+ /* 2. Align memory size */ -+ /* Minimum memory_blocks = 8L blocks, where L is the number of lanes */ -+ memory_blocks = context->m_cost; -+ -+ if (memory_blocks < 2 * ARGON2_SYNC_POINTS * context->lanes) { -+ memory_blocks = 2 * ARGON2_SYNC_POINTS * context->lanes; -+ } -+ -+ segment_length = memory_blocks / (context->lanes * ARGON2_SYNC_POINTS); -+ /* Ensure that all segments have equal length */ -+ memory_blocks = segment_length * (context->lanes * ARGON2_SYNC_POINTS); -+ -+ instance.version = context->version; -+ instance.memory = NULL; -+ instance.passes = context->t_cost; -+ instance.memory_blocks = memory_blocks; -+ instance.segment_length = segment_length; -+ instance.lane_length = segment_length * ARGON2_SYNC_POINTS; -+ instance.lanes = context->lanes; -+ instance.threads = context->threads; -+ instance.type = type; -+ -+ if (instance.threads > instance.lanes) { -+ instance.threads = instance.lanes; -+ } -+ -+ /* 3. Initialization: Hashing inputs, allocating memory, filling first -+ * blocks -+ */ -+ result = initialize(&instance, context); -+ -+ if (ARGON2_OK != result) { -+ return result; -+ } -+ -+ /* 4. Filling memory */ -+ result = fill_memory_blocks(&instance); -+ -+ if (ARGON2_OK != result) { -+ return result; -+ } -+ /* 5. Finalization */ -+ finalize(context, &instance); -+ -+ return ARGON2_OK; -+} -+ -+int argon2_hash(const grub_uint32_t t_cost, const grub_uint32_t m_cost, -+ const grub_uint32_t parallelism, const void *pwd, -+ const grub_size_t pwdlen, const void *salt, const grub_size_t saltlen, -+ void *hash, const grub_size_t hashlen, argon2_type type, -+ const grub_uint32_t version){ -+ -+ argon2_context context; -+ int result; -+ grub_uint8_t *out; -+ -+ if (pwdlen > ARGON2_MAX_PWD_LENGTH) { -+ return ARGON2_PWD_TOO_LONG; -+ } -+ -+ if (saltlen > ARGON2_MAX_SALT_LENGTH) { -+ return ARGON2_SALT_TOO_LONG; -+ } -+ -+ if (hashlen > ARGON2_MAX_OUTLEN) { -+ return ARGON2_OUTPUT_TOO_LONG; -+ } -+ -+ if (hashlen < ARGON2_MIN_OUTLEN) { -+ return ARGON2_OUTPUT_TOO_SHORT; -+ } -+ -+ out = grub_malloc(hashlen); -+ if (!out) { -+ return ARGON2_MEMORY_ALLOCATION_ERROR; -+ } -+ -+ context.out = (grub_uint8_t *)out; -+ context.outlen = (grub_uint32_t)hashlen; -+ context.pwd = CONST_CAST(grub_uint8_t *)pwd; -+ context.pwdlen = (grub_uint32_t)pwdlen; -+ context.salt = CONST_CAST(grub_uint8_t *)salt; -+ context.saltlen = (grub_uint32_t)saltlen; -+ context.secret = NULL; -+ context.secretlen = 0; -+ context.ad = NULL; -+ context.adlen = 0; -+ context.t_cost = t_cost; -+ context.m_cost = m_cost; -+ context.lanes = parallelism; -+ context.threads = parallelism; -+ context.allocate_cbk = NULL; -+ context.grub_free_cbk = NULL; -+ context.flags = ARGON2_DEFAULT_FLAGS; -+ context.version = version; -+ -+ result = argon2_ctx(&context, type); -+ -+ if (result != ARGON2_OK) { -+ clear_internal_memory(out, hashlen); -+ grub_free(out); -+ return result; -+ } -+ -+ /* if raw hash requested, write it */ -+ if (hash) { -+ grub_memcpy(hash, out, hashlen); -+ } -+ -+ clear_internal_memory(out, hashlen); -+ grub_free(out); -+ -+ return ARGON2_OK; -+} -+ -+const char *argon2_error_message(int error_code) { -+ switch (error_code) { -+ case ARGON2_OK: -+ return "OK"; -+ case ARGON2_OUTPUT_PTR_NULL: -+ return "Output pointer is NULL"; -+ case ARGON2_OUTPUT_TOO_SHORT: -+ return "Output is too short"; -+ case ARGON2_OUTPUT_TOO_LONG: -+ return "Output is too long"; -+ case ARGON2_PWD_TOO_SHORT: -+ return "Password is too short"; -+ case ARGON2_PWD_TOO_LONG: -+ return "Password is too long"; -+ case ARGON2_SALT_TOO_SHORT: -+ return "Salt is too short"; -+ case ARGON2_SALT_TOO_LONG: -+ return "Salt is too long"; -+ case ARGON2_AD_TOO_SHORT: -+ return "Associated data is too short"; -+ case ARGON2_AD_TOO_LONG: -+ return "Associated data is too long"; -+ case ARGON2_SECRET_TOO_SHORT: -+ return "Secret is too short"; -+ case ARGON2_SECRET_TOO_LONG: -+ return "Secret is too long"; -+ case ARGON2_TIME_TOO_SMALL: -+ return "Time cost is too small"; -+ case ARGON2_TIME_TOO_LARGE: -+ return "Time cost is too large"; -+ case ARGON2_MEMORY_TOO_LITTLE: -+ return "Memory cost is too small"; -+ case ARGON2_MEMORY_TOO_MUCH: -+ return "Memory cost is too large"; -+ case ARGON2_LANES_TOO_FEW: -+ return "Too few lanes"; -+ case ARGON2_LANES_TOO_MANY: -+ return "Too many lanes"; -+ case ARGON2_PWD_PTR_MISMATCH: -+ return "Password pointer is NULL, but password length is not 0"; -+ case ARGON2_SALT_PTR_MISMATCH: -+ return "Salt pointer is NULL, but salt length is not 0"; -+ case ARGON2_SECRET_PTR_MISMATCH: -+ return "Secret pointer is NULL, but secret length is not 0"; -+ case ARGON2_AD_PTR_MISMATCH: -+ return "Associated data pointer is NULL, but ad length is not 0"; -+ case ARGON2_MEMORY_ALLOCATION_ERROR: -+ return "Memory allocation error"; -+ case ARGON2_FREE_MEMORY_CBK_NULL: -+ return "The grub_free memory callback is NULL"; -+ case ARGON2_ALLOCATE_MEMORY_CBK_NULL: -+ return "The allocate memory callback is NULL"; -+ case ARGON2_INCORRECT_PARAMETER: -+ return "Argon2_Context context is NULL"; -+ case ARGON2_INCORRECT_TYPE: -+ return "There is no such version of Argon2"; -+ case ARGON2_OUT_PTR_MISMATCH: -+ return "Output pointer mismatch"; -+ case ARGON2_THREADS_TOO_FEW: -+ return "Not enough threads"; -+ case ARGON2_THREADS_TOO_MANY: -+ return "Too many threads"; -+ case ARGON2_MISSING_ARGS: -+ return "Missing arguments"; -+ case ARGON2_ENCODING_FAIL: -+ return "Encoding failed"; -+ case ARGON2_DECODING_FAIL: -+ return "Decoding failed"; -+ case ARGON2_THREAD_FAIL: -+ return "Threading failure"; -+ case ARGON2_DECODING_LENGTH_FAIL: -+ return "Some of encoded parameters are too long or too short"; -+ case ARGON2_VERIFY_MISMATCH: -+ return "The password does not match the supplied hash"; -+ default: -+ return "Unknown error code"; -+ } -+} -diff --git a/grub-core/lib/argon2/argon2.h b/grub-core/lib/argon2/argon2.h -new file mode 100644 -index 000000000..129f7efbd ---- /dev/null -+++ b/grub-core/lib/argon2/argon2.h -@@ -0,0 +1,264 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef ARGON2_H -+#define ARGON2_H -+ -+#include <grub/misc.h> -+#include <grub/mm.h> -+ -+#if defined(__cplusplus) -+extern "C" { -+#endif -+ -+/* Symbols visibility control */ -+#ifdef A2_VISCTL -+#define ARGON2_PUBLIC __attribute__((visibility("default"))) -+#define ARGON2_LOCAL __attribute__ ((visibility ("hidden"))) -+#elif defined(_MSC_VER) -+#define ARGON2_PUBLIC __declspec(dllexport) -+#define ARGON2_LOCAL -+#else -+#define ARGON2_PUBLIC -+#define ARGON2_LOCAL -+#endif -+ -+/* -+ * Argon2 input parameter restrictions -+ */ -+ -+/* Minimum and maximum number of lanes (degree of parallelism) */ -+#define ARGON2_MIN_LANES GRUB_UINT32_C(1) -+#define ARGON2_MAX_LANES GRUB_UINT32_C(0xFFFFFF) -+ -+/* Minimum and maximum number of threads */ -+#define ARGON2_MIN_THREADS GRUB_UINT32_C(1) -+#define ARGON2_MAX_THREADS GRUB_UINT32_C(0xFFFFFF) -+ -+/* Number of synchronization points between lanes per pass */ -+#define ARGON2_SYNC_POINTS GRUB_UINT32_C(4) -+ -+/* Minimum and maximum digest size in bytes */ -+#define ARGON2_MIN_OUTLEN GRUB_UINT32_C(4) -+#define ARGON2_MAX_OUTLEN GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum number of memory blocks (each of BLOCK_SIZE bytes) */ -+#define ARGON2_MIN_MEMORY (2 * ARGON2_SYNC_POINTS) /* 2 blocks per slice */ -+ -+#define ARGON2_MIN(a, b) ((a) < (b) ? (a) : (b)) -+/* Max memory size is addressing-space/2, topping at 2^32 blocks (4 TB) */ -+#define ARGON2_MAX_MEMORY_BITS \ -+ ARGON2_MIN(GRUB_UINT32_C(32), (sizeof(void *) * GRUB_CHAR_BIT - 10 - 1)) -+#define ARGON2_MAX_MEMORY \ -+ ARGON2_MIN(GRUB_UINT32_C(0xFFFFFFFF), GRUB_UINT64_C(1) << ARGON2_MAX_MEMORY_BITS) -+ -+/* Minimum and maximum number of passes */ -+#define ARGON2_MIN_TIME GRUB_UINT32_C(1) -+#define ARGON2_MAX_TIME GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum password length in bytes */ -+#define ARGON2_MIN_PWD_LENGTH GRUB_UINT32_C(0) -+#define ARGON2_MAX_PWD_LENGTH GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum associated data length in bytes */ -+#define ARGON2_MIN_AD_LENGTH GRUB_UINT32_C(0) -+#define ARGON2_MAX_AD_LENGTH GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum salt length in bytes */ -+#define ARGON2_MIN_SALT_LENGTH GRUB_UINT32_C(8) -+#define ARGON2_MAX_SALT_LENGTH GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Minimum and maximum key length in bytes */ -+#define ARGON2_MIN_SECRET GRUB_UINT32_C(0) -+#define ARGON2_MAX_SECRET GRUB_UINT32_C(0xFFFFFFFF) -+ -+/* Flags to determine which fields are securely wiped (default = no wipe). */ -+#define ARGON2_DEFAULT_FLAGS GRUB_UINT32_C(0) -+#define ARGON2_FLAG_CLEAR_PASSWORD (GRUB_UINT32_C(1) << 0) -+#define ARGON2_FLAG_CLEAR_SECRET (GRUB_UINT32_C(1) << 1) -+ -+/* Global flag to determine if we are wiping internal memory buffers. This flag -+ * is defined in core.c and defaults to 1 (wipe internal memory). */ -+extern int FLAG_clear_internal_memory; -+ -+/* Error codes */ -+typedef enum Argon2_ErrorCodes { -+ ARGON2_OK = 0, -+ -+ ARGON2_OUTPUT_PTR_NULL = -1, -+ -+ ARGON2_OUTPUT_TOO_SHORT = -2, -+ ARGON2_OUTPUT_TOO_LONG = -3, -+ -+ ARGON2_PWD_TOO_SHORT = -4, -+ ARGON2_PWD_TOO_LONG = -5, -+ -+ ARGON2_SALT_TOO_SHORT = -6, -+ ARGON2_SALT_TOO_LONG = -7, -+ -+ ARGON2_AD_TOO_SHORT = -8, -+ ARGON2_AD_TOO_LONG = -9, -+ -+ ARGON2_SECRET_TOO_SHORT = -10, -+ ARGON2_SECRET_TOO_LONG = -11, -+ -+ ARGON2_TIME_TOO_SMALL = -12, -+ ARGON2_TIME_TOO_LARGE = -13, -+ -+ ARGON2_MEMORY_TOO_LITTLE = -14, -+ ARGON2_MEMORY_TOO_MUCH = -15, -+ -+ ARGON2_LANES_TOO_FEW = -16, -+ ARGON2_LANES_TOO_MANY = -17, -+ -+ ARGON2_PWD_PTR_MISMATCH = -18, /* NULL ptr with non-zero length */ -+ ARGON2_SALT_PTR_MISMATCH = -19, /* NULL ptr with non-zero length */ -+ ARGON2_SECRET_PTR_MISMATCH = -20, /* NULL ptr with non-zero length */ -+ ARGON2_AD_PTR_MISMATCH = -21, /* NULL ptr with non-zero length */ -+ -+ ARGON2_MEMORY_ALLOCATION_ERROR = -22, -+ -+ ARGON2_FREE_MEMORY_CBK_NULL = -23, -+ ARGON2_ALLOCATE_MEMORY_CBK_NULL = -24, -+ -+ ARGON2_INCORRECT_PARAMETER = -25, -+ ARGON2_INCORRECT_TYPE = -26, -+ -+ ARGON2_OUT_PTR_MISMATCH = -27, -+ -+ ARGON2_THREADS_TOO_FEW = -28, -+ ARGON2_THREADS_TOO_MANY = -29, -+ -+ ARGON2_MISSING_ARGS = -30, -+ -+ ARGON2_ENCODING_FAIL = -31, -+ -+ ARGON2_DECODING_FAIL = -32, -+ -+ ARGON2_THREAD_FAIL = -33, -+ -+ ARGON2_DECODING_LENGTH_FAIL = -34, -+ -+ ARGON2_VERIFY_MISMATCH = -35 -+} argon2_error_codes; -+ -+/* Memory allocator types --- for external allocation */ -+typedef int (*allocate_fptr)(grub_uint8_t **memory, grub_size_t bytes_to_allocate); -+typedef void (*deallocate_fptr)(grub_uint8_t *memory, grub_size_t bytes_to_allocate); -+ -+/* Argon2 external data structures */ -+ -+/* -+ ***** -+ * Context: structure to hold Argon2 inputs: -+ * output array and its length, -+ * password and its length, -+ * salt and its length, -+ * secret and its length, -+ * associated data and its length, -+ * number of passes, amount of used memory (in KBytes, can be rounded up a bit) -+ * number of parallel threads that will be run. -+ * All the parameters above affect the output hash value. -+ * Additionally, two function pointers can be provided to allocate and -+ * deallocate the memory (if NULL, memory will be allocated internally). -+ * Also, three flags indicate whether to erase password, secret as soon as they -+ * are pre-hashed (and thus not needed anymore), and the entire memory -+ ***** -+ * Simplest situation: you have output array out[8], password is stored in -+ * pwd[32], salt is stored in salt[16], you do not have keys nor associated -+ * data. You need to spend 1 GB of RAM and you run 5 passes of Argon2d with -+ * 4 parallel lanes. -+ * You want to erase the password, but you're OK with last pass not being -+ * erased. You want to use the default memory allocator. -+ * Then you initialize: -+ Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false) -+ */ -+typedef struct Argon2_Context { -+ grub_uint8_t *out; /* output array */ -+ grub_uint32_t outlen; /* digest length */ -+ -+ grub_uint8_t *pwd; /* password array */ -+ grub_uint32_t pwdlen; /* password length */ -+ -+ grub_uint8_t *salt; /* salt array */ -+ grub_uint32_t saltlen; /* salt length */ -+ -+ grub_uint8_t *secret; /* key array */ -+ grub_uint32_t secretlen; /* key length */ -+ -+ grub_uint8_t *ad; /* associated data array */ -+ grub_uint32_t adlen; /* associated data length */ -+ -+ grub_uint32_t t_cost; /* number of passes */ -+ grub_uint32_t m_cost; /* amount of memory requested (KB) */ -+ grub_uint32_t lanes; /* number of lanes */ -+ grub_uint32_t threads; /* maximum number of threads */ -+ -+ grub_uint32_t version; /* version number */ -+ -+ allocate_fptr allocate_cbk; /* pointer to memory allocator */ -+ deallocate_fptr grub_free_cbk; /* pointer to memory deallocator */ -+ -+ grub_uint32_t flags; /* array of bool options */ -+} argon2_context; -+ -+/* Argon2 primitive type */ -+typedef enum Argon2_type { -+ Argon2_d = 0, -+ Argon2_i = 1, -+ Argon2_id = 2 -+} argon2_type; -+ -+/* Version of the algorithm */ -+typedef enum Argon2_version { -+ ARGON2_VERSION_10 = 0x10, -+ ARGON2_VERSION_13 = 0x13, -+ ARGON2_VERSION_NUMBER = ARGON2_VERSION_13 -+} argon2_version; -+ -+/** -+ * Hashes a password with Argon2, producing a raw hash at @hash -+ * @param t_cost Number of iterations -+ * @param m_cost Sets memory usage to m_cost kibibytes -+ * @param parallelism Number of threads and compute lanes -+ * @param pwd Pointer to password -+ * @param pwdlen Password size in bytes -+ * @param salt Pointer to salt -+ * @param saltlen Salt size in bytes -+ * @param hash Buffer where to write the raw hash - updated by the function -+ * @param hashlen Desired length of the hash in bytes -+ * @pre Different parallelism levels will give different results -+ * @pre Returns ARGON2_OK if successful -+ */ -+ARGON2_PUBLIC int argon2_hash(const grub_uint32_t t_cost, const grub_uint32_t m_cost, -+ const grub_uint32_t parallelism, const void *pwd, -+ const grub_size_t pwdlen, const void *salt, -+ const grub_size_t saltlen, void *hash, -+ const grub_size_t hashlen, argon2_type type, -+ const grub_uint32_t version); -+ -+/** -+ * Get the associated error message for given error code -+ * @return The error message associated with the given error code -+ */ -+ARGON2_PUBLIC const char *argon2_error_message(int error_code); -+ -+#if defined(__cplusplus) -+} -+#endif -+ -+#endif -diff --git a/grub-core/lib/argon2/blake2/blake2-impl.h b/grub-core/lib/argon2/blake2/blake2-impl.h -new file mode 100644 -index 000000000..3a795680b ---- /dev/null -+++ b/grub-core/lib/argon2/blake2/blake2-impl.h -@@ -0,0 +1,151 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef PORTABLE_BLAKE2_IMPL_H -+#define PORTABLE_BLAKE2_IMPL_H -+ -+#if defined(_MSC_VER) -+#define BLAKE2_INLINE __inline -+#elif defined(__GNUC__) || defined(__clang__) -+#define BLAKE2_INLINE __inline__ -+#else -+#define BLAKE2_INLINE -+#endif -+ -+/* Argon2 Team - Begin Code */ -+/* -+ Not an exhaustive list, but should cover the majority of modern platforms -+ Additionally, the code will always be correct---this is only a performance -+ tweak. -+*/ -+#if (defined(__BYTE_ORDER__) && \ -+ (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) || \ -+ defined(__LITTLE_ENDIAN__) || defined(__ARMEL__) || defined(__MIPSEL__) || \ -+ defined(__AARCH64EL__) || defined(__amd64__) || defined(__i386__) || \ -+ defined(_M_IX86) || defined(_M_X64) || defined(_M_AMD64) || \ -+ defined(_M_ARM) -+#define NATIVE_LITTLE_ENDIAN -+#endif -+/* Argon2 Team - End Code */ -+ -+static BLAKE2_INLINE grub_uint32_t load32(const void *src) { -+#if defined(NATIVE_LITTLE_ENDIAN) -+ grub_uint32_t w; -+ grub_memcpy(&w, src, sizeof w); -+ return w; -+#else -+ const grub_uint8_t *p = (const grub_uint8_t *)src; -+ grub_uint32_t w = *p++; -+ w |= (grub_uint32_t)(*p++) << 8; -+ w |= (grub_uint32_t)(*p++) << 16; -+ w |= (grub_uint32_t)(*p++) << 24; -+ return w; -+#endif -+} -+ -+static BLAKE2_INLINE grub_uint64_t load64(const void *src) { -+#if defined(NATIVE_LITTLE_ENDIAN) -+ grub_uint64_t w; -+ grub_memcpy(&w, src, sizeof w); -+ return w; -+#else -+ const grub_uint8_t *p = (const grub_uint8_t *)src; -+ grub_uint64_t w = *p++; -+ w |= (grub_uint64_t)(*p++) << 8; -+ w |= (grub_uint64_t)(*p++) << 16; -+ w |= (grub_uint64_t)(*p++) << 24; -+ w |= (grub_uint64_t)(*p++) << 32; -+ w |= (grub_uint64_t)(*p++) << 40; -+ w |= (grub_uint64_t)(*p++) << 48; -+ w |= (grub_uint64_t)(*p++) << 56; -+ return w; -+#endif -+} -+ -+static BLAKE2_INLINE void store32(void *dst, grub_uint32_t w) { -+#if defined(NATIVE_LITTLE_ENDIAN) -+ grub_memcpy(dst, &w, sizeof w); -+#else -+ grub_uint8_t *p = (grub_uint8_t *)dst; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+#endif -+} -+ -+static BLAKE2_INLINE void store64(void *dst, grub_uint64_t w) { -+#if defined(NATIVE_LITTLE_ENDIAN) -+ grub_memcpy(dst, &w, sizeof w); -+#else -+ grub_uint8_t *p = (grub_uint8_t *)dst; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+#endif -+} -+ -+static BLAKE2_INLINE grub_uint64_t load48(const void *src) { -+ const grub_uint8_t *p = (const grub_uint8_t *)src; -+ grub_uint64_t w = *p++; -+ w |= (grub_uint64_t)(*p++) << 8; -+ w |= (grub_uint64_t)(*p++) << 16; -+ w |= (grub_uint64_t)(*p++) << 24; -+ w |= (grub_uint64_t)(*p++) << 32; -+ w |= (grub_uint64_t)(*p++) << 40; -+ return w; -+} -+ -+static BLAKE2_INLINE void store48(void *dst, grub_uint64_t w) { -+ grub_uint8_t *p = (grub_uint8_t *)dst; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+ w >>= 8; -+ *p++ = (grub_uint8_t)w; -+} -+ -+static BLAKE2_INLINE grub_uint32_t rotr32(const grub_uint32_t w, const unsigned c) { -+ return (w >> c) | (w << (32 - c)); -+} -+ -+static BLAKE2_INLINE grub_uint64_t rotr64(const grub_uint64_t w, const unsigned c) { -+ return (w >> c) | (w << (64 - c)); -+} -+ -+#endif -diff --git a/grub-core/lib/argon2/blake2/blake2.h b/grub-core/lib/argon2/blake2/blake2.h -new file mode 100644 -index 000000000..4e8efeb22 ---- /dev/null -+++ b/grub-core/lib/argon2/blake2/blake2.h -@@ -0,0 +1,89 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef PORTABLE_BLAKE2_H -+#define PORTABLE_BLAKE2_H -+ -+#include "../argon2.h" -+ -+#if defined(__cplusplus) -+extern "C" { -+#endif -+ -+enum blake2b_constant { -+ BLAKE2B_BLOCKBYTES = 128, -+ BLAKE2B_OUTBYTES = 64, -+ BLAKE2B_KEYBYTES = 64, -+ BLAKE2B_SALTBYTES = 16, -+ BLAKE2B_PERSONALBYTES = 16 -+}; -+ -+#pragma pack(push, 1) -+typedef struct __blake2b_param { -+ grub_uint8_t digest_length; /* 1 */ -+ grub_uint8_t key_length; /* 2 */ -+ grub_uint8_t fanout; /* 3 */ -+ grub_uint8_t depth; /* 4 */ -+ grub_uint32_t leaf_length; /* 8 */ -+ grub_uint64_t node_offset; /* 16 */ -+ grub_uint8_t node_depth; /* 17 */ -+ grub_uint8_t inner_length; /* 18 */ -+ grub_uint8_t reserved[14]; /* 32 */ -+ grub_uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ -+ grub_uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ -+} blake2b_param; -+#pragma pack(pop) -+ -+typedef struct __blake2b_state { -+ grub_uint64_t h[8]; -+ grub_uint64_t t[2]; -+ grub_uint64_t f[2]; -+ grub_uint8_t buf[BLAKE2B_BLOCKBYTES]; -+ unsigned buflen; -+ unsigned outlen; -+ grub_uint8_t last_node; -+} blake2b_state; -+ -+/* Ensure param structs have not been wrongly padded */ -+/* Poor man's static_assert */ -+enum { -+ blake2_size_check_0 = 1 / !!(GRUB_CHAR_BIT == 8), -+ blake2_size_check_2 = -+ 1 / !!(sizeof(blake2b_param) == sizeof(grub_uint64_t) * GRUB_CHAR_BIT) -+}; -+ -+/* Streaming API */ -+ARGON2_LOCAL int blake2b_init(blake2b_state *S, grub_size_t outlen); -+ARGON2_LOCAL int blake2b_init_key(blake2b_state *S, grub_size_t outlen, const void *key, -+ grub_size_t keylen); -+ARGON2_LOCAL int blake2b_init_param(blake2b_state *S, const blake2b_param *P); -+ARGON2_LOCAL int blake2b_update(blake2b_state *S, const void *in, grub_size_t inlen); -+ARGON2_LOCAL int blake2b_final(blake2b_state *S, void *out, grub_size_t outlen); -+ -+/* Simple API */ -+ARGON2_LOCAL int blake2b(void *out, grub_size_t outlen, const void *in, grub_size_t inlen, -+ const void *key, grub_size_t keylen); -+ -+/* Argon2 Team - Begin Code */ -+ARGON2_LOCAL int blake2b_long(void *out, grub_size_t outlen, const void *in, grub_size_t inlen); -+/* Argon2 Team - End Code */ -+ -+#if defined(__cplusplus) -+} -+#endif -+ -+#endif -diff --git a/grub-core/lib/argon2/blake2/blake2b.c b/grub-core/lib/argon2/blake2/blake2b.c -new file mode 100644 -index 000000000..53abd7bef ---- /dev/null -+++ b/grub-core/lib/argon2/blake2/blake2b.c -@@ -0,0 +1,388 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#include "blake2.h" -+#include "blake2-impl.h" -+ -+static const grub_uint64_t blake2b_IV[8] = { -+ GRUB_UINT64_C(0x6a09e667f3bcc908), GRUB_UINT64_C(0xbb67ae8584caa73b), -+ GRUB_UINT64_C(0x3c6ef372fe94f82b), GRUB_UINT64_C(0xa54ff53a5f1d36f1), -+ GRUB_UINT64_C(0x510e527fade682d1), GRUB_UINT64_C(0x9b05688c2b3e6c1f), -+ GRUB_UINT64_C(0x1f83d9abfb41bd6b), GRUB_UINT64_C(0x5be0cd19137e2179)}; -+ -+static const unsigned int blake2b_sigma[12][16] = { -+ {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, -+ {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, -+ {11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4}, -+ {7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8}, -+ {9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13}, -+ {2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9}, -+ {12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11}, -+ {13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10}, -+ {6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5}, -+ {10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0}, -+ {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, -+ {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, -+}; -+ -+void clear_internal_memory(void *v, grub_size_t n); -+ -+static BLAKE2_INLINE void blake2b_set_lastnode(blake2b_state *S) { -+ S->f[1] = (grub_uint64_t)-1; -+} -+ -+static BLAKE2_INLINE void blake2b_set_lastblock(blake2b_state *S) { -+ if (S->last_node) { -+ blake2b_set_lastnode(S); -+ } -+ S->f[0] = (grub_uint64_t)-1; -+} -+ -+static BLAKE2_INLINE void blake2b_increment_counter(blake2b_state *S, -+ grub_uint64_t inc) { -+ S->t[0] += inc; -+ S->t[1] += (S->t[0] < inc); -+} -+ -+static BLAKE2_INLINE void blake2b_invalidate_state(blake2b_state *S) { -+ clear_internal_memory(S, sizeof(*S)); /* wipe */ -+ blake2b_set_lastblock(S); /* invalidate for further use */ -+} -+ -+static BLAKE2_INLINE void blake2b_init0(blake2b_state *S) { -+ grub_memset(S, 0, sizeof(*S)); -+ grub_memcpy(S->h, blake2b_IV, sizeof(S->h)); -+} -+ -+int blake2b_init_param(blake2b_state *S, const blake2b_param *P) { -+ const unsigned char *p = (const unsigned char *)P; -+ unsigned int i; -+ -+ if (NULL == P || NULL == S) { -+ return -1; -+ } -+ -+ blake2b_init0(S); -+ /* IV XOR Parameter Block */ -+ for (i = 0; i < 8; ++i) { -+ S->h[i] ^= load64(&p[i * sizeof(S->h[i])]); -+ } -+ S->outlen = P->digest_length; -+ return 0; -+} -+ -+/* Sequential blake2b initialization */ -+int blake2b_init(blake2b_state *S, grub_size_t outlen) { -+ blake2b_param P; -+ -+ if (S == NULL) { -+ return -1; -+ } -+ -+ if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { -+ blake2b_invalidate_state(S); -+ return -1; -+ } -+ -+ /* Setup Parameter Block for unkeyed BLAKE2 */ -+ P.digest_length = (grub_uint8_t)outlen; -+ P.key_length = 0; -+ P.fanout = 1; -+ P.depth = 1; -+ P.leaf_length = 0; -+ P.node_offset = 0; -+ P.node_depth = 0; -+ P.inner_length = 0; -+ grub_memset(P.reserved, 0, sizeof(P.reserved)); -+ grub_memset(P.salt, 0, sizeof(P.salt)); -+ grub_memset(P.personal, 0, sizeof(P.personal)); -+ -+ return blake2b_init_param(S, &P); -+} -+ -+int blake2b_init_key(blake2b_state *S, grub_size_t outlen, const void *key, -+ grub_size_t keylen) { -+ blake2b_param P; -+ -+ if (S == NULL) { -+ return -1; -+ } -+ -+ if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { -+ blake2b_invalidate_state(S); -+ return -1; -+ } -+ -+ if ((key == 0) || (keylen == 0) || (keylen > BLAKE2B_KEYBYTES)) { -+ blake2b_invalidate_state(S); -+ return -1; -+ } -+ -+ /* Setup Parameter Block for keyed BLAKE2 */ -+ P.digest_length = (grub_uint8_t)outlen; -+ P.key_length = (grub_uint8_t)keylen; -+ P.fanout = 1; -+ P.depth = 1; -+ P.leaf_length = 0; -+ P.node_offset = 0; -+ P.node_depth = 0; -+ P.inner_length = 0; -+ grub_memset(P.reserved, 0, sizeof(P.reserved)); -+ grub_memset(P.salt, 0, sizeof(P.salt)); -+ grub_memset(P.personal, 0, sizeof(P.personal)); -+ -+ if (blake2b_init_param(S, &P) < 0) { -+ blake2b_invalidate_state(S); -+ return -1; -+ } -+ -+ { -+ grub_uint8_t block[BLAKE2B_BLOCKBYTES]; -+ grub_memset(block, 0, BLAKE2B_BLOCKBYTES); -+ grub_memcpy(block, key, keylen); -+ blake2b_update(S, block, BLAKE2B_BLOCKBYTES); -+ /* Burn the key from stack */ -+ clear_internal_memory(block, BLAKE2B_BLOCKBYTES); -+ } -+ return 0; -+} -+ -+static void blake2b_compress(blake2b_state *S, const grub_uint8_t *block) { -+ grub_uint64_t m[16]; -+ grub_uint64_t v[16]; -+ unsigned int i, r; -+ -+ for (i = 0; i < 16; ++i) { -+ m[i] = load64(block + i * sizeof(m[i])); -+ } -+ -+ for (i = 0; i < 8; ++i) { -+ v[i] = S->h[i]; -+ } -+ -+ v[8] = blake2b_IV[0]; -+ v[9] = blake2b_IV[1]; -+ v[10] = blake2b_IV[2]; -+ v[11] = blake2b_IV[3]; -+ v[12] = blake2b_IV[4] ^ S->t[0]; -+ v[13] = blake2b_IV[5] ^ S->t[1]; -+ v[14] = blake2b_IV[6] ^ S->f[0]; -+ v[15] = blake2b_IV[7] ^ S->f[1]; -+ -+#define G(r, i, a, b, c, d) \ -+ do { \ -+ a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \ -+ d = rotr64(d ^ a, 32); \ -+ c = c + d; \ -+ b = rotr64(b ^ c, 24); \ -+ a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \ -+ d = rotr64(d ^ a, 16); \ -+ c = c + d; \ -+ b = rotr64(b ^ c, 63); \ -+ } while ((void)0, 0) -+ -+#define ROUND(r) \ -+ do { \ -+ G(r, 0, v[0], v[4], v[8], v[12]); \ -+ G(r, 1, v[1], v[5], v[9], v[13]); \ -+ G(r, 2, v[2], v[6], v[10], v[14]); \ -+ G(r, 3, v[3], v[7], v[11], v[15]); \ -+ G(r, 4, v[0], v[5], v[10], v[15]); \ -+ G(r, 5, v[1], v[6], v[11], v[12]); \ -+ G(r, 6, v[2], v[7], v[8], v[13]); \ -+ G(r, 7, v[3], v[4], v[9], v[14]); \ -+ } while ((void)0, 0) -+ -+ for (r = 0; r < 12; ++r) { -+ ROUND(r); -+ } -+ -+ for (i = 0; i < 8; ++i) { -+ S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; -+ } -+ -+#undef G -+#undef ROUND -+} -+ -+int blake2b_update(blake2b_state *S, const void *in, grub_size_t inlen) { -+ const grub_uint8_t *pin = (const grub_uint8_t *)in; -+ -+ if (inlen == 0) { -+ return 0; -+ } -+ -+ /* Sanity check */ -+ if (S == NULL || in == NULL) { -+ return -1; -+ } -+ -+ /* Is this a reused state? */ -+ if (S->f[0] != 0) { -+ return -1; -+ } -+ -+ if (S->buflen + inlen > BLAKE2B_BLOCKBYTES) { -+ /* Complete current block */ -+ grub_size_t left = S->buflen; -+ grub_size_t fill = BLAKE2B_BLOCKBYTES - left; -+ grub_memcpy(&S->buf[left], pin, fill); -+ blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); -+ blake2b_compress(S, S->buf); -+ S->buflen = 0; -+ inlen -= fill; -+ pin += fill; -+ /* Avoid buffer copies when possible */ -+ while (inlen > BLAKE2B_BLOCKBYTES) { -+ blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); -+ blake2b_compress(S, pin); -+ inlen -= BLAKE2B_BLOCKBYTES; -+ pin += BLAKE2B_BLOCKBYTES; -+ } -+ } -+ grub_memcpy(&S->buf[S->buflen], pin, inlen); -+ S->buflen += (unsigned int)inlen; -+ return 0; -+} -+ -+int blake2b_final(blake2b_state *S, void *out, grub_size_t outlen) { -+ grub_uint8_t buffer[BLAKE2B_OUTBYTES] = {0}; -+ unsigned int i; -+ -+ /* Sanity checks */ -+ if (S == NULL || out == NULL || outlen < S->outlen) { -+ return -1; -+ } -+ -+ /* Is this a reused state? */ -+ if (S->f[0] != 0) { -+ return -1; -+ } -+ -+ blake2b_increment_counter(S, S->buflen); -+ blake2b_set_lastblock(S); -+ grub_memset(&S->buf[S->buflen], 0, BLAKE2B_BLOCKBYTES - S->buflen); /* Padding */ -+ blake2b_compress(S, S->buf); -+ -+ for (i = 0; i < 8; ++i) { /* Output full hash to temp buffer */ -+ store64(buffer + sizeof(S->h[i]) * i, S->h[i]); -+ } -+ -+ grub_memcpy(out, buffer, S->outlen); -+ clear_internal_memory(buffer, sizeof(buffer)); -+ clear_internal_memory(S->buf, sizeof(S->buf)); -+ clear_internal_memory(S->h, sizeof(S->h)); -+ return 0; -+} -+ -+int blake2b(void *out, grub_size_t outlen, const void *in, grub_size_t inlen, -+ const void *key, grub_size_t keylen) { -+ blake2b_state S; -+ int ret = -1; -+ -+ /* Verify parameters */ -+ if (NULL == in && inlen > 0) { -+ goto fail; -+ } -+ -+ if (NULL == out || outlen == 0 || outlen > BLAKE2B_OUTBYTES) { -+ goto fail; -+ } -+ -+ if ((NULL == key && keylen > 0) || keylen > BLAKE2B_KEYBYTES) { -+ goto fail; -+ } -+ -+ if (keylen > 0) { -+ if (blake2b_init_key(&S, outlen, key, keylen) < 0) { -+ goto fail; -+ } -+ } else { -+ if (blake2b_init(&S, outlen) < 0) { -+ goto fail; -+ } -+ } -+ -+ if (blake2b_update(&S, in, inlen) < 0) { -+ goto fail; -+ } -+ ret = blake2b_final(&S, out, outlen); -+ -+fail: -+ clear_internal_memory(&S, sizeof(S)); -+ return ret; -+} -+ -+/* Argon2 Team - Begin Code */ -+int blake2b_long(void *pout, grub_size_t outlen, const void *in, grub_size_t inlen) { -+ grub_uint8_t *out = (grub_uint8_t *)pout; -+ blake2b_state blake_state; -+ grub_uint8_t outlen_bytes[sizeof(grub_uint32_t)] = {0}; -+ int ret = -1; -+ -+ if (outlen > GRUB_UINT32_MAX) { -+ goto fail; -+ } -+ -+ /* Ensure little-endian byte order! */ -+ store32(outlen_bytes, (grub_uint32_t)outlen); -+ -+#define TRY(statement) \ -+ do { \ -+ ret = statement; \ -+ if (ret < 0) { \ -+ goto fail; \ -+ } \ -+ } while ((void)0, 0) -+ -+ if (outlen <= BLAKE2B_OUTBYTES) { -+ TRY(blake2b_init(&blake_state, outlen)); -+ TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); -+ TRY(blake2b_update(&blake_state, in, inlen)); -+ TRY(blake2b_final(&blake_state, out, outlen)); -+ } else { -+ grub_uint32_t toproduce; -+ grub_uint8_t out_buffer[BLAKE2B_OUTBYTES]; -+ grub_uint8_t in_buffer[BLAKE2B_OUTBYTES]; -+ TRY(blake2b_init(&blake_state, BLAKE2B_OUTBYTES)); -+ TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); -+ TRY(blake2b_update(&blake_state, in, inlen)); -+ TRY(blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES)); -+ grub_memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); -+ out += BLAKE2B_OUTBYTES / 2; -+ toproduce = (grub_uint32_t)outlen - BLAKE2B_OUTBYTES / 2; -+ -+ while (toproduce > BLAKE2B_OUTBYTES) { -+ grub_memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); -+ TRY(blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer, -+ BLAKE2B_OUTBYTES, NULL, 0)); -+ grub_memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); -+ out += BLAKE2B_OUTBYTES / 2; -+ toproduce -= BLAKE2B_OUTBYTES / 2; -+ } -+ -+ grub_memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); -+ TRY(blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL, -+ 0)); -+ grub_memcpy(out, out_buffer, toproduce); -+ } -+fail: -+ clear_internal_memory(&blake_state, sizeof(blake_state)); -+ return ret; -+#undef TRY -+} -+/* Argon2 Team - End Code */ -diff --git a/grub-core/lib/argon2/blake2/blamka-round-ref.h b/grub-core/lib/argon2/blake2/blamka-round-ref.h -new file mode 100644 -index 000000000..7f0071ada ---- /dev/null -+++ b/grub-core/lib/argon2/blake2/blamka-round-ref.h -@@ -0,0 +1,56 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef BLAKE_ROUND_MKA_H -+#define BLAKE_ROUND_MKA_H -+ -+#include "blake2.h" -+#include "blake2-impl.h" -+ -+/* designed by the Lyra PHC team */ -+static BLAKE2_INLINE grub_uint64_t fBlaMka(grub_uint64_t x, grub_uint64_t y) { -+ const grub_uint64_t m = GRUB_UINT64_C(0xFFFFFFFF); -+ const grub_uint64_t xy = (x & m) * (y & m); -+ return x + y + 2 * xy; -+} -+ -+#define G(a, b, c, d) \ -+ do { \ -+ a = fBlaMka(a, b); \ -+ d = rotr64(d ^ a, 32); \ -+ c = fBlaMka(c, d); \ -+ b = rotr64(b ^ c, 24); \ -+ a = fBlaMka(a, b); \ -+ d = rotr64(d ^ a, 16); \ -+ c = fBlaMka(c, d); \ -+ b = rotr64(b ^ c, 63); \ -+ } while ((void)0, 0) -+ -+#define BLAKE2_ROUND_NOMSG(v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, \ -+ v12, v13, v14, v15) \ -+ do { \ -+ G(v0, v4, v8, v12); \ -+ G(v1, v5, v9, v13); \ -+ G(v2, v6, v10, v14); \ -+ G(v3, v7, v11, v15); \ -+ G(v0, v5, v10, v15); \ -+ G(v1, v6, v11, v12); \ -+ G(v2, v7, v8, v13); \ -+ G(v3, v4, v9, v14); \ -+ } while ((void)0, 0) -+ -+#endif -diff --git a/grub-core/lib/argon2/core.c b/grub-core/lib/argon2/core.c -new file mode 100644 -index 000000000..0fe5b74cb ---- /dev/null -+++ b/grub-core/lib/argon2/core.c -@@ -0,0 +1,506 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+/*For memory wiping*/ -+#ifdef _MSC_VER -+#include <windows.h> -+#include <winbase.h> /* For SecureZeroMemory */ -+#endif -+#if defined __STDC_LIB_EXT1__ -+#define __STDC_WANT_LIB_EXT1__ 1 -+#endif -+#define VC_GE_2005(version) (version >= 1400) -+ -+#include "core.h" -+#include "blake2/blake2.h" -+#include "blake2/blake2-impl.h" -+ -+#ifdef GENKAT -+#include "genkat.h" -+#endif -+ -+#if defined(__clang__) -+#if __has_attribute(optnone) -+#define NOT_OPTIMIZED __attribute__((optnone)) -+#endif -+#elif defined(__GNUC__) -+#define GCC_VERSION \ -+ (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) -+#if GCC_VERSION >= 40400 -+#define NOT_OPTIMIZED __attribute__((optimize("O0"))) -+#endif -+#endif -+#ifndef NOT_OPTIMIZED -+#define NOT_OPTIMIZED -+#endif -+ -+/***************Instance and Position constructors**********/ -+void init_block_value(block *b, grub_uint8_t in) { grub_memset(b->v, in, sizeof(b->v)); } -+ -+void copy_block(block *dst, const block *src) { -+ grub_memcpy(dst->v, src->v, sizeof(grub_uint64_t) * ARGON2_QWORDS_IN_BLOCK); -+} -+ -+void xor_block(block *dst, const block *src) { -+ int i; -+ for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { -+ dst->v[i] ^= src->v[i]; -+ } -+} -+ -+static void load_block(block *dst, const void *input) { -+ unsigned i; -+ for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { -+ dst->v[i] = load64((const grub_uint8_t *)input + i * sizeof(dst->v[i])); -+ } -+} -+ -+static void store_block(void *output, const block *src) { -+ unsigned i; -+ for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { -+ store64((grub_uint8_t *)output + i * sizeof(src->v[i]), src->v[i]); -+ } -+} -+ -+/***************Memory functions*****************/ -+ -+int allocate_memory(const argon2_context *context, grub_uint8_t **memory, -+ grub_size_t num, grub_size_t size) { -+ grub_size_t memory_size = num*size; -+ if (memory == NULL) { -+ return ARGON2_MEMORY_ALLOCATION_ERROR; -+ } -+ -+ /* 1. Check for multiplication overflow */ -+ if (size != 0 && memory_size / size != num) { -+ return ARGON2_MEMORY_ALLOCATION_ERROR; -+ } -+ -+ /* 2. Try to allocate with appropriate allocator */ -+ if (context->allocate_cbk) { -+ (context->allocate_cbk)(memory, memory_size); -+ } else { -+ *memory = grub_malloc(memory_size); -+ } -+ -+ if (*memory == NULL) { -+ return ARGON2_MEMORY_ALLOCATION_ERROR; -+ } -+ -+ return ARGON2_OK; -+} -+ -+void grub_free_memory(const argon2_context *context, grub_uint8_t *memory, -+ grub_size_t num, grub_size_t size) { -+ grub_size_t memory_size = num*size; -+ clear_internal_memory(memory, memory_size); -+ if (context->grub_free_cbk) { -+ (context->grub_free_cbk)(memory, memory_size); -+ } else { -+ grub_free(memory); -+ } -+} -+ -+void NOT_OPTIMIZED secure_wipe_memory(void *v, grub_size_t n) { -+ static void *(*const volatile grub_memset_sec)(void *, int, grub_size_t) = &grub_memset; -+ grub_memset_sec(v, 0, n); -+} -+ -+/* Memory clear flag defaults to true. */ -+int FLAG_clear_internal_memory = 1; -+void clear_internal_memory(void *v, grub_size_t n) { -+ if (FLAG_clear_internal_memory && v) { -+ secure_wipe_memory(v, n); -+ } -+} -+ -+void finalize(const argon2_context *context, argon2_instance_t *instance) { -+ if (context != NULL && instance != NULL) { -+ block blockhash; -+ grub_uint32_t l; -+ -+ copy_block(&blockhash, instance->memory + instance->lane_length - 1); -+ -+ /* XOR the last blocks */ -+ for (l = 1; l < instance->lanes; ++l) { -+ grub_uint32_t last_block_in_lane = -+ l * instance->lane_length + (instance->lane_length - 1); -+ xor_block(&blockhash, instance->memory + last_block_in_lane); -+ } -+ -+ /* Hash the result */ -+ { -+ grub_uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; -+ store_block(blockhash_bytes, &blockhash); -+ blake2b_long(context->out, context->outlen, blockhash_bytes, -+ ARGON2_BLOCK_SIZE); -+ /* clear blockhash and blockhash_bytes */ -+ clear_internal_memory(blockhash.v, ARGON2_BLOCK_SIZE); -+ clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); -+ } -+ -+#ifdef GENKAT -+ print_tag(context->out, context->outlen); -+#endif -+ -+ grub_free_memory(context, (grub_uint8_t *)instance->memory, -+ instance->memory_blocks, sizeof(block)); -+ } -+} -+ -+grub_uint32_t index_alpha(const argon2_instance_t *instance, -+ const argon2_position_t *position, grub_uint32_t pseudo_rand, -+ int same_lane) { -+ /* -+ * Pass 0: -+ * This lane : all already finished segments plus already constructed -+ * blocks in this segment -+ * Other lanes : all already finished segments -+ * Pass 1+: -+ * This lane : (SYNC_POINTS - 1) last segments plus already constructed -+ * blocks in this segment -+ * Other lanes : (SYNC_POINTS - 1) last segments -+ */ -+ grub_uint32_t reference_area_size; -+ grub_uint64_t relative_position; -+ grub_uint64_t start_position, absolute_position; -+ -+ if (0 == position->pass) { -+ /* First pass */ -+ if (0 == position->slice) { -+ /* First slice */ -+ reference_area_size = -+ position->index - 1; /* all but the previous */ -+ } else { -+ if (same_lane) { -+ /* The same lane => add current segment */ -+ reference_area_size = -+ position->slice * instance->segment_length + -+ position->index - 1; -+ } else { -+ reference_area_size = -+ position->slice * instance->segment_length + -+ ((position->index == 0) ? (-1) : 0); -+ } -+ } -+ } else { -+ /* Second pass */ -+ if (same_lane) { -+ reference_area_size = instance->lane_length - -+ instance->segment_length + position->index - -+ 1; -+ } else { -+ reference_area_size = instance->lane_length - -+ instance->segment_length + -+ ((position->index == 0) ? (-1) : 0); -+ } -+ } -+ -+ /* 1.2.4. Mapping pseudo_rand to 0..<reference_area_size-1> and produce -+ * relative position */ -+ relative_position = pseudo_rand; -+ relative_position = relative_position * relative_position >> 32; -+ relative_position = reference_area_size - 1 - -+ (reference_area_size * relative_position >> 32); -+ -+ /* 1.2.5 Computing starting position */ -+ start_position = 0; -+ -+ if (0 != position->pass) { -+ start_position = (position->slice == ARGON2_SYNC_POINTS - 1) -+ ? 0 -+ : (position->slice + 1) * instance->segment_length; -+ } -+ -+ /* 1.2.6. Computing absolute position */ -+ grub_divmod64 (start_position + relative_position, instance->lane_length, -+ &absolute_position); /* absolute position */ -+ return absolute_position; -+} -+ -+/* Single-threaded version for p=1 case */ -+static int fill_memory_blocks_st(argon2_instance_t *instance) { -+ grub_uint32_t r, s, l; -+ -+ for (r = 0; r < instance->passes; ++r) { -+ for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { -+ for (l = 0; l < instance->lanes; ++l) { -+ argon2_position_t position = {r, l, (grub_uint8_t)s, 0}; -+ fill_segment(instance, position); -+ } -+ } -+#ifdef GENKAT -+ internal_kat(instance, r); /* Print all memory blocks */ -+#endif -+ } -+ return ARGON2_OK; -+} -+ -+int fill_memory_blocks(argon2_instance_t *instance) { -+ if (instance == NULL || instance->lanes == 0) { -+ return ARGON2_INCORRECT_PARAMETER; -+ } -+ return fill_memory_blocks_st(instance); -+} -+ -+int validate_inputs(const argon2_context *context) { -+ if (NULL == context) { -+ return ARGON2_INCORRECT_PARAMETER; -+ } -+ -+ if (NULL == context->out) { -+ return ARGON2_OUTPUT_PTR_NULL; -+ } -+ -+ /* Validate output length */ -+ if (ARGON2_MIN_OUTLEN > context->outlen) { -+ return ARGON2_OUTPUT_TOO_SHORT; -+ } -+ -+ if (ARGON2_MAX_OUTLEN < context->outlen) { -+ return ARGON2_OUTPUT_TOO_LONG; -+ } -+ -+ /* Validate password (required param) */ -+ if (NULL == context->pwd) { -+ if (0 != context->pwdlen) { -+ return ARGON2_PWD_PTR_MISMATCH; -+ } -+ } -+ -+ if (ARGON2_MAX_PWD_LENGTH < context->pwdlen) { -+ return ARGON2_PWD_TOO_LONG; -+ } -+ -+ /* Validate salt (required param) */ -+ if (NULL == context->salt) { -+ if (0 != context->saltlen) { -+ return ARGON2_SALT_PTR_MISMATCH; -+ } -+ } -+ -+ if (ARGON2_MIN_SALT_LENGTH > context->saltlen) { -+ return ARGON2_SALT_TOO_SHORT; -+ } -+ -+ if (ARGON2_MAX_SALT_LENGTH < context->saltlen) { -+ return ARGON2_SALT_TOO_LONG; -+ } -+ -+ /* Validate secret (optional param) */ -+ if (NULL == context->secret) { -+ if (0 != context->secretlen) { -+ return ARGON2_SECRET_PTR_MISMATCH; -+ } -+ } else { -+ if (ARGON2_MAX_SECRET < context->secretlen) { -+ return ARGON2_SECRET_TOO_LONG; -+ } -+ } -+ -+ /* Validate associated data (optional param) */ -+ if (NULL == context->ad) { -+ if (0 != context->adlen) { -+ return ARGON2_AD_PTR_MISMATCH; -+ } -+ } else { -+ if (ARGON2_MAX_AD_LENGTH < context->adlen) { -+ return ARGON2_AD_TOO_LONG; -+ } -+ } -+ -+ /* Validate memory cost */ -+ if (ARGON2_MIN_MEMORY > context->m_cost) { -+ return ARGON2_MEMORY_TOO_LITTLE; -+ } -+ -+ if (context->m_cost < 8 * context->lanes) { -+ return ARGON2_MEMORY_TOO_LITTLE; -+ } -+ -+ /* Validate time cost */ -+ if (ARGON2_MIN_TIME > context->t_cost) { -+ return ARGON2_TIME_TOO_SMALL; -+ } -+ -+ if (ARGON2_MAX_TIME < context->t_cost) { -+ return ARGON2_TIME_TOO_LARGE; -+ } -+ -+ /* Validate lanes */ -+ if (ARGON2_MIN_LANES > context->lanes) { -+ return ARGON2_LANES_TOO_FEW; -+ } -+ -+ if (ARGON2_MAX_LANES < context->lanes) { -+ return ARGON2_LANES_TOO_MANY; -+ } -+ -+ /* Validate threads */ -+ if (ARGON2_MIN_THREADS > context->threads) { -+ return ARGON2_THREADS_TOO_FEW; -+ } -+ -+ if (ARGON2_MAX_THREADS < context->threads) { -+ return ARGON2_THREADS_TOO_MANY; -+ } -+ -+ if (NULL != context->allocate_cbk && NULL == context->grub_free_cbk) { -+ return ARGON2_FREE_MEMORY_CBK_NULL; -+ } -+ -+ if (NULL == context->allocate_cbk && NULL != context->grub_free_cbk) { -+ return ARGON2_ALLOCATE_MEMORY_CBK_NULL; -+ } -+ -+ return ARGON2_OK; -+} -+ -+void fill_first_blocks(grub_uint8_t *blockhash, const argon2_instance_t *instance) { -+ grub_uint32_t l; -+ /* Make the first and second block in each lane as G(H0||0||i) or -+ G(H0||1||i) */ -+ grub_uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; -+ for (l = 0; l < instance->lanes; ++l) { -+ -+ store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 0); -+ store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH + 4, l); -+ blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, -+ ARGON2_PREHASH_SEED_LENGTH); -+ load_block(&instance->memory[l * instance->lane_length + 0], -+ blockhash_bytes); -+ -+ store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 1); -+ blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, -+ ARGON2_PREHASH_SEED_LENGTH); -+ load_block(&instance->memory[l * instance->lane_length + 1], -+ blockhash_bytes); -+ } -+ clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); -+} -+ -+void initial_hash(grub_uint8_t *blockhash, argon2_context *context, -+ argon2_type type) { -+ blake2b_state BlakeHash; -+ grub_uint8_t value[sizeof(grub_uint32_t)]; -+ -+ if (NULL == context || NULL == blockhash) { -+ return; -+ } -+ -+ blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH); -+ -+ store32(&value, context->lanes); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->outlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->m_cost); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->t_cost); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->version); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, (grub_uint32_t)type); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ store32(&value, context->pwdlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ if (context->pwd != NULL) { -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)context->pwd, -+ context->pwdlen); -+ -+ if (context->flags & ARGON2_FLAG_CLEAR_PASSWORD) { -+ secure_wipe_memory(context->pwd, context->pwdlen); -+ context->pwdlen = 0; -+ } -+ } -+ -+ store32(&value, context->saltlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ if (context->salt != NULL) { -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)context->salt, -+ context->saltlen); -+ } -+ -+ store32(&value, context->secretlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ if (context->secret != NULL) { -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)context->secret, -+ context->secretlen); -+ -+ if (context->flags & ARGON2_FLAG_CLEAR_SECRET) { -+ secure_wipe_memory(context->secret, context->secretlen); -+ context->secretlen = 0; -+ } -+ } -+ -+ store32(&value, context->adlen); -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)&value, sizeof(value)); -+ -+ if (context->ad != NULL) { -+ blake2b_update(&BlakeHash, (const grub_uint8_t *)context->ad, -+ context->adlen); -+ } -+ -+ blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH); -+} -+ -+int initialize(argon2_instance_t *instance, argon2_context *context) { -+ grub_uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; -+ int result = ARGON2_OK; -+ -+ if (instance == NULL || context == NULL) -+ return ARGON2_INCORRECT_PARAMETER; -+ instance->context_ptr = context; -+ -+ /* 1. Memory allocation */ -+ result = allocate_memory(context, (grub_uint8_t **)&(instance->memory), -+ instance->memory_blocks, sizeof(block)); -+ if (result != ARGON2_OK) { -+ return result; -+ } -+ -+ /* 2. Initial hashing */ -+ /* H_0 + 8 extra bytes to produce the first blocks */ -+ /* grub_uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; */ -+ /* Hashing all inputs */ -+ initial_hash(blockhash, context, instance->type); -+ /* Zeroing 8 extra bytes */ -+ clear_internal_memory(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, -+ ARGON2_PREHASH_SEED_LENGTH - -+ ARGON2_PREHASH_DIGEST_LENGTH); -+ -+#ifdef GENKAT -+ initial_kat(blockhash, context, instance->type); -+#endif -+ -+ /* 3. Creating first blocks, we always have at least two blocks in a slice -+ */ -+ fill_first_blocks(blockhash, instance); -+ /* Clearing the hash */ -+ clear_internal_memory(blockhash, ARGON2_PREHASH_SEED_LENGTH); -+ -+ return ARGON2_OK; -+} -diff --git a/grub-core/lib/argon2/core.h b/grub-core/lib/argon2/core.h -new file mode 100644 -index 000000000..bbcd56998 ---- /dev/null -+++ b/grub-core/lib/argon2/core.h -@@ -0,0 +1,228 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#ifndef ARGON2_CORE_H -+#define ARGON2_CORE_H -+ -+#include "argon2.h" -+ -+#define CONST_CAST(x) (x)(grub_addr_t) -+ -+/**********************Argon2 internal constants*******************************/ -+ -+enum argon2_core_constants { -+ /* Memory block size in bytes */ -+ ARGON2_BLOCK_SIZE = 1024, -+ ARGON2_QWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 8, -+ ARGON2_OWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 16, -+ ARGON2_HWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 32, -+ ARGON2_512BIT_WORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 64, -+ -+ /* Number of pseudo-random values generated by one call to Blake in Argon2i -+ to -+ generate reference block positions */ -+ ARGON2_ADDRESSES_IN_BLOCK = 128, -+ -+ /* Pre-hashing digest length and its extension*/ -+ ARGON2_PREHASH_DIGEST_LENGTH = 64, -+ ARGON2_PREHASH_SEED_LENGTH = 72 -+}; -+ -+/*************************Argon2 internal data types***********************/ -+ -+/* -+ * Structure for the (1KB) memory block implemented as 128 64-bit words. -+ * Memory blocks can be copied, XORed. Internal words can be accessed by [] (no -+ * bounds checking). -+ */ -+typedef struct block_ { grub_uint64_t v[ARGON2_QWORDS_IN_BLOCK]; } block; -+ -+/*****************Functions that work with the block******************/ -+ -+/* Initialize each byte of the block with @in */ -+void init_block_value(block *b, grub_uint8_t in); -+ -+/* Copy block @src to block @dst */ -+void copy_block(block *dst, const block *src); -+ -+/* XOR @src onto @dst bytewise */ -+void xor_block(block *dst, const block *src); -+ -+/* -+ * Argon2 instance: memory pointer, number of passes, amount of memory, type, -+ * and derived values. -+ * Used to evaluate the number and location of blocks to construct in each -+ * thread -+ */ -+typedef struct Argon2_instance_t { -+ block *memory; /* Memory pointer */ -+ grub_uint32_t version; -+ grub_uint32_t passes; /* Number of passes */ -+ grub_uint32_t memory_blocks; /* Number of blocks in memory */ -+ grub_uint32_t segment_length; -+ grub_uint32_t lane_length; -+ grub_uint32_t lanes; -+ grub_uint32_t threads; -+ argon2_type type; -+ int print_internals; /* whether to print the memory blocks */ -+ argon2_context *context_ptr; /* points back to original context */ -+} argon2_instance_t; -+ -+/* -+ * Argon2 position: where we construct the block right now. Used to distribute -+ * work between threads. -+ */ -+typedef struct Argon2_position_t { -+ grub_uint32_t pass; -+ grub_uint32_t lane; -+ grub_uint8_t slice; -+ grub_uint32_t index; -+} argon2_position_t; -+ -+/*Struct that holds the inputs for thread handling FillSegment*/ -+typedef struct Argon2_thread_data { -+ argon2_instance_t *instance_ptr; -+ argon2_position_t pos; -+} argon2_thread_data; -+ -+/*************************Argon2 core functions********************************/ -+ -+/* Allocates memory to the given pointer, uses the appropriate allocator as -+ * specified in the context. Total allocated memory is num*size. -+ * @param context argon2_context which specifies the allocator -+ * @param memory pointer to the pointer to the memory -+ * @param size the size in bytes for each element to be allocated -+ * @param num the number of elements to be allocated -+ * @return ARGON2_OK if @memory is a valid pointer and memory is allocated -+ */ -+int allocate_memory(const argon2_context *context, grub_uint8_t **memory, -+ grub_size_t num, grub_size_t size); -+ -+/* -+ * Frees memory at the given pointer, uses the appropriate deallocator as -+ * specified in the context. Also cleans the memory using clear_internal_memory. -+ * @param context argon2_context which specifies the deallocator -+ * @param memory pointer to buffer to be grub_freed -+ * @param size the size in bytes for each element to be deallocated -+ * @param num the number of elements to be deallocated -+ */ -+void grub_free_memory(const argon2_context *context, grub_uint8_t *memory, -+ grub_size_t num, grub_size_t size); -+ -+/* Function that securely cleans the memory. This ignores any flags set -+ * regarding clearing memory. Usually one just calls clear_internal_memory. -+ * @param mem Pointer to the memory -+ * @param s Memory size in bytes -+ */ -+void secure_wipe_memory(void *v, grub_size_t n); -+ -+/* Function that securely clears the memory if FLAG_clear_internal_memory is -+ * set. If the flag isn't set, this function does nothing. -+ * @param mem Pointer to the memory -+ * @param s Memory size in bytes -+ */ -+void clear_internal_memory(void *v, grub_size_t n); -+ -+/* -+ * Computes absolute position of reference block in the lane following a skewed -+ * distribution and using a pseudo-random value as input -+ * @param instance Pointer to the current instance -+ * @param position Pointer to the current position -+ * @param pseudo_rand 32-bit pseudo-random value used to determine the position -+ * @param same_lane Indicates if the block will be taken from the current lane. -+ * If so we can reference the current segment -+ * @pre All pointers must be valid -+ */ -+grub_uint32_t index_alpha(const argon2_instance_t *instance, -+ const argon2_position_t *position, grub_uint32_t pseudo_rand, -+ int same_lane); -+ -+/* -+ * Function that validates all inputs against predefined restrictions and return -+ * an error code -+ * @param context Pointer to current Argon2 context -+ * @return ARGON2_OK if everything is all right, otherwise one of error codes -+ * (all defined in <argon2.h> -+ */ -+int validate_inputs(const argon2_context *context); -+ -+/* -+ * Hashes all the inputs into @a blockhash[PREHASH_DIGEST_LENGTH], clears -+ * password and secret if needed -+ * @param context Pointer to the Argon2 internal structure containing memory -+ * pointer, and parameters for time and space requirements. -+ * @param blockhash Buffer for pre-hashing digest -+ * @param type Argon2 type -+ * @pre @a blockhash must have at least @a PREHASH_DIGEST_LENGTH bytes -+ * allocated -+ */ -+void initial_hash(grub_uint8_t *blockhash, argon2_context *context, -+ argon2_type type); -+ -+/* -+ * Function creates first 2 blocks per lane -+ * @param instance Pointer to the current instance -+ * @param blockhash Pointer to the pre-hashing digest -+ * @pre blockhash must point to @a PREHASH_SEED_LENGTH allocated values -+ */ -+void fill_first_blocks(grub_uint8_t *blockhash, const argon2_instance_t *instance); -+ -+/* -+ * Function allocates memory, hashes the inputs with Blake, and creates first -+ * two blocks. Returns the pointer to the main memory with 2 blocks per lane -+ * initialized -+ * @param context Pointer to the Argon2 internal structure containing memory -+ * pointer, and parameters for time and space requirements. -+ * @param instance Current Argon2 instance -+ * @return Zero if successful, -1 if memory failed to allocate. @context->state -+ * will be modified if successful. -+ */ -+int initialize(argon2_instance_t *instance, argon2_context *context); -+ -+/* -+ * XORing the last block of each lane, hashing it, making the tag. Deallocates -+ * the memory. -+ * @param context Pointer to current Argon2 context (use only the out parameters -+ * from it) -+ * @param instance Pointer to current instance of Argon2 -+ * @pre instance->state must point to necessary amount of memory -+ * @pre context->out must point to outlen bytes of memory -+ * @pre if context->grub_free_cbk is not NULL, it should point to a function that -+ * deallocates memory -+ */ -+void finalize(const argon2_context *context, argon2_instance_t *instance); -+ -+/* -+ * Function that fills the segment using previous segments also from other -+ * threads -+ * @param context current context -+ * @param instance Pointer to the current instance -+ * @param position Current position -+ * @pre all block pointers must be valid -+ */ -+void fill_segment(const argon2_instance_t *instance, -+ argon2_position_t position); -+ -+/* -+ * Function that fills the entire memory t_cost times based on the first two -+ * blocks in each lane -+ * @param instance Pointer to the current instance -+ * @return ARGON2_OK if successful, @context->state -+ */ -+int fill_memory_blocks(argon2_instance_t *instance); -+ -+#endif -diff --git a/grub-core/lib/argon2/ref.c b/grub-core/lib/argon2/ref.c -new file mode 100644 -index 000000000..c933df80d ---- /dev/null -+++ b/grub-core/lib/argon2/ref.c -@@ -0,0 +1,190 @@ -+/* -+ * Argon2 reference source code package - reference C implementations -+ * -+ * Copyright 2015 -+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves -+ * -+ * You may use this work under the terms of a Creative Commons CC0 1.0 -+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of -+ * these licenses can be found at: -+ * -+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 -+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 -+ * -+ * You should have received a copy of both of these licenses along with this -+ * software. If not, they may be obtained at the above URLs. -+ */ -+ -+#include "argon2.h" -+#include "core.h" -+ -+#include "blake2/blamka-round-ref.h" -+#include "blake2/blake2-impl.h" -+#include "blake2/blake2.h" -+ -+ -+/* -+ * Function fills a new memory block and optionally XORs the old block over the new one. -+ * @next_block must be initialized. -+ * @param prev_block Pointer to the previous block -+ * @param ref_block Pointer to the reference block -+ * @param next_block Pointer to the block to be constructed -+ * @param with_xor Whether to XOR into the new block (1) or just overwrite (0) -+ * @pre all block pointers must be valid -+ */ -+static void fill_block(const block *prev_block, const block *ref_block, -+ block *next_block, int with_xor) { -+ block blockR, block_tmp; -+ unsigned i; -+ -+ copy_block(&blockR, ref_block); -+ xor_block(&blockR, prev_block); -+ copy_block(&block_tmp, &blockR); -+ /* Now blockR = ref_block + prev_block and block_tmp = ref_block + prev_block */ -+ if (with_xor) { -+ /* Saving the next block contents for XOR over: */ -+ xor_block(&block_tmp, next_block); -+ /* Now blockR = ref_block + prev_block and -+ block_tmp = ref_block + prev_block + next_block */ -+ } -+ -+ /* Apply Blake2 on columns of 64-bit words: (0,1,...,15) , then -+ (16,17,..31)... finally (112,113,...127) */ -+ for (i = 0; i < 8; ++i) { -+ BLAKE2_ROUND_NOMSG( -+ blockR.v[16 * i], blockR.v[16 * i + 1], blockR.v[16 * i + 2], -+ blockR.v[16 * i + 3], blockR.v[16 * i + 4], blockR.v[16 * i + 5], -+ blockR.v[16 * i + 6], blockR.v[16 * i + 7], blockR.v[16 * i + 8], -+ blockR.v[16 * i + 9], blockR.v[16 * i + 10], blockR.v[16 * i + 11], -+ blockR.v[16 * i + 12], blockR.v[16 * i + 13], blockR.v[16 * i + 14], -+ blockR.v[16 * i + 15]); -+ } -+ -+ /* Apply Blake2 on rows of 64-bit words: (0,1,16,17,...112,113), then -+ (2,3,18,19,...,114,115).. finally (14,15,30,31,...,126,127) */ -+ for (i = 0; i < 8; i++) { -+ BLAKE2_ROUND_NOMSG( -+ blockR.v[2 * i], blockR.v[2 * i + 1], blockR.v[2 * i + 16], -+ blockR.v[2 * i + 17], blockR.v[2 * i + 32], blockR.v[2 * i + 33], -+ blockR.v[2 * i + 48], blockR.v[2 * i + 49], blockR.v[2 * i + 64], -+ blockR.v[2 * i + 65], blockR.v[2 * i + 80], blockR.v[2 * i + 81], -+ blockR.v[2 * i + 96], blockR.v[2 * i + 97], blockR.v[2 * i + 112], -+ blockR.v[2 * i + 113]); -+ } -+ -+ copy_block(next_block, &block_tmp); -+ xor_block(next_block, &blockR); -+} -+ -+static void next_addresses(block *address_block, block *input_block, -+ const block *zero_block) { -+ input_block->v[6]++; -+ fill_block(zero_block, input_block, address_block, 0); -+ fill_block(zero_block, address_block, address_block, 0); -+} -+ -+void fill_segment(const argon2_instance_t *instance, -+ argon2_position_t position) { -+ block *ref_block = NULL, *curr_block = NULL; -+ block address_block, input_block, zero_block; -+ grub_uint64_t pseudo_rand, ref_index, ref_lane; -+ grub_uint32_t prev_offset, curr_offset; -+ grub_uint32_t starting_index; -+ grub_uint32_t i; -+ int data_independent_addressing; -+ -+ if (instance == NULL) { -+ return; -+ } -+ -+ data_independent_addressing = -+ (instance->type == Argon2_i) || -+ (instance->type == Argon2_id && (position.pass == 0) && -+ (position.slice < ARGON2_SYNC_POINTS / 2)); -+ -+ if (data_independent_addressing) { -+ init_block_value(&zero_block, 0); -+ init_block_value(&input_block, 0); -+ -+ input_block.v[0] = position.pass; -+ input_block.v[1] = position.lane; -+ input_block.v[2] = position.slice; -+ input_block.v[3] = instance->memory_blocks; -+ input_block.v[4] = instance->passes; -+ input_block.v[5] = instance->type; -+ } -+ -+ starting_index = 0; -+ -+ if ((0 == position.pass) && (0 == position.slice)) { -+ starting_index = 2; /* we have already generated the first two blocks */ -+ -+ /* Don't forget to generate the first block of addresses: */ -+ if (data_independent_addressing) { -+ next_addresses(&address_block, &input_block, &zero_block); -+ } -+ } -+ -+ /* Offset of the current block */ -+ curr_offset = position.lane * instance->lane_length + -+ position.slice * instance->segment_length + starting_index; -+ -+ if (0 == curr_offset % instance->lane_length) { -+ /* Last block in this lane */ -+ prev_offset = curr_offset + instance->lane_length - 1; -+ } else { -+ /* Previous block */ -+ prev_offset = curr_offset - 1; -+ } -+ -+ for (i = starting_index; i < instance->segment_length; -+ ++i, ++curr_offset, ++prev_offset) { -+ /*1.1 Rotating prev_offset if needed */ -+ if (curr_offset % instance->lane_length == 1) { -+ prev_offset = curr_offset - 1; -+ } -+ -+ /* 1.2 Computing the index of the reference block */ -+ /* 1.2.1 Taking pseudo-random value from the previous block */ -+ if (data_independent_addressing) { -+ if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) { -+ next_addresses(&address_block, &input_block, &zero_block); -+ } -+ pseudo_rand = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK]; -+ } else { -+ pseudo_rand = instance->memory[prev_offset].v[0]; -+ } -+ -+ /* 1.2.2 Computing the lane of the reference block */ -+ grub_divmod64 (pseudo_rand >> 32, instance->lanes, &ref_lane); -+ -+ if ((position.pass == 0) && (position.slice == 0)) { -+ /* Can not reference other lanes yet */ -+ ref_lane = position.lane; -+ } -+ -+ /* 1.2.3 Computing the number of possible reference block within the -+ * lane. -+ */ -+ position.index = i; -+ ref_index = index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF, -+ ref_lane == position.lane); -+ -+ /* 2 Creating a new block */ -+ ref_block = -+ instance->memory + instance->lane_length * ref_lane + ref_index; -+ curr_block = instance->memory + curr_offset; -+ if (ARGON2_VERSION_10 == instance->version) { -+ /* version 1.2.1 and earlier: overwrite, not XOR */ -+ fill_block(instance->memory + prev_offset, ref_block, curr_block, 0); -+ } else { -+ if(0 == position.pass) { -+ fill_block(instance->memory + prev_offset, ref_block, -+ curr_block, 0); -+ } else { -+ fill_block(instance->memory + prev_offset, ref_block, -+ curr_block, 1); -+ } -+ } -+ } -+} --- -2.39.5 - diff --git a/config/grub/xhci_nvme/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch b/config/grub/xhci_nvme/patches/0005-don-t-print-missing-prefix-errors-on-the-screen.patch index 4f03515e..0d49f993 100644 --- a/config/grub/xhci_nvme/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch +++ b/config/grub/xhci_nvme/patches/0005-don-t-print-missing-prefix-errors-on-the-screen.patch @@ -1,7 +1,7 @@ -From afd68d1e132970e4fa8e26e9ca0ccb7efb69dc37 Mon Sep 17 00:00:00 2001 +From b902f68dacba764fe4d4200cae000cf23385df8e Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sun, 5 Nov 2023 16:14:58 +0000 -Subject: [PATCH 11/26] don't print missing prefix errors on the screen +Subject: [PATCH 05/20] don't print missing prefix errors on the screen we do actually set the prefix. this patch modifies grub to still set grub_errno and return accordingly, @@ -85,10 +85,10 @@ index 18de52562..2a0fea6c8 100644 } file = try_open_from_prefix (prefix, filename); diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 4a3be8568..6ae3d73f8 100644 +index de8c3aa8d..eac3ea48d 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c -@@ -881,7 +881,7 @@ grub_dl_load (const char *name) +@@ -880,7 +880,7 @@ grub_dl_load (const char *name) return 0; if (! grub_dl_dir) { @@ -98,5 +98,5 @@ index 4a3be8568..6ae3d73f8 100644 } -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0006-Error-on-missing-Argon2id-parameters.patch b/config/grub/xhci_nvme/patches/0006-Error-on-missing-Argon2id-parameters.patch deleted file mode 100644 index 3fc6d3dc..00000000 --- a/config/grub/xhci_nvme/patches/0006-Error-on-missing-Argon2id-parameters.patch +++ /dev/null @@ -1,58 +0,0 @@ -From c75424efa3a6357d4785c7a66721809a642b3968 Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 06/26] Error on missing Argon2id parameters - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - grub-core/disk/luks2.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c -index b17cd2115..bbd8f5579 100644 ---- a/grub-core/disk/luks2.c -+++ b/grub-core/disk/luks2.c -@@ -39,6 +39,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - enum grub_luks2_kdf_type - { - LUKS2_KDF_TYPE_ARGON2I, -+ LUKS2_KDF_TYPE_ARGON2ID, - LUKS2_KDF_TYPE_PBKDF2 - }; - typedef enum grub_luks2_kdf_type grub_luks2_kdf_type_t; -@@ -91,7 +92,7 @@ struct grub_luks2_keyslot - grub_int64_t time; - grub_int64_t memory; - grub_int64_t cpus; -- } argon2i; -+ } argon2; - struct - { - const char *hash; -@@ -161,10 +162,11 @@ luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot) - return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing or invalid KDF"); - else if (!grub_strcmp (type, "argon2i") || !grub_strcmp (type, "argon2id")) - { -- out->kdf.type = LUKS2_KDF_TYPE_ARGON2I; -- if (grub_json_getint64 (&out->kdf.u.argon2i.time, &kdf, "time") || -- grub_json_getint64 (&out->kdf.u.argon2i.memory, &kdf, "memory") || -- grub_json_getint64 (&out->kdf.u.argon2i.cpus, &kdf, "cpus")) -+ out->kdf.type = !grub_strcmp (type, "argon2i") -+ ? LUKS2_KDF_TYPE_ARGON2I : LUKS2_KDF_TYPE_ARGON2ID; -+ if (grub_json_getint64 (&out->kdf.u.argon2.time, &kdf, "time") || -+ grub_json_getint64 (&out->kdf.u.argon2.memory, &kdf, "memory") || -+ grub_json_getint64 (&out->kdf.u.argon2.cpus, &kdf, "cpus")) - return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing Argon2i parameters"); - } - else if (!grub_strcmp (type, "pbkdf2")) -@@ -460,6 +462,7 @@ luks2_decrypt_key (grub_uint8_t *out_key, - switch (k->kdf.type) - { - case LUKS2_KDF_TYPE_ARGON2I: -+ case LUKS2_KDF_TYPE_ARGON2ID: - ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported"); - goto err; - case LUKS2_KDF_TYPE_PBKDF2: --- -2.39.5 - diff --git a/config/grub/default/patches/0012-don-t-print-error-if-module-not-found.patch b/config/grub/xhci_nvme/patches/0006-don-t-print-error-if-module-not-found.patch index e30c3f9a..07c5713f 100644 --- a/config/grub/default/patches/0012-don-t-print-error-if-module-not-found.patch +++ b/config/grub/xhci_nvme/patches/0006-don-t-print-error-if-module-not-found.patch @@ -1,7 +1,7 @@ -From 2fe963570ac19e3390a792ca2c195112d4efdc24 Mon Sep 17 00:00:00 2001 +From 2da7fd383afee0a91c1eeb5120a46e165b9386c3 Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sun, 5 Nov 2023 16:36:22 +0000 -Subject: [PATCH 12/14] don't print error if module not found +Subject: [PATCH 06/20] don't print error if module not found still set grub_errno accordingly, and otherwise behave the same. in libreboot, we remove a lot of @@ -17,10 +17,10 @@ Signed-off-by: Leah Rowe <leah@libreboot.org> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 6ae3d73f8..4c15027fe 100644 +index eac3ea48d..6d67ba54f 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c -@@ -511,7 +511,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e) +@@ -510,7 +510,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e) s = grub_dl_find_section (e, ".modname"); if (!s) @@ -30,5 +30,5 @@ index 6ae3d73f8..4c15027fe 100644 mod->name = grub_strdup ((char *) e + s->sh_offset); if (! mod->name) -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0007-Compile-with-Argon2id-support.patch b/config/grub/xhci_nvme/patches/0007-Compile-with-Argon2id-support.patch deleted file mode 100644 index 0f9d92ee..00000000 --- a/config/grub/xhci_nvme/patches/0007-Compile-with-Argon2id-support.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 801aa8b85d8f3b999f4660cc299a3517e811f0bb Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 07/26] Compile with Argon2id support - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - Makefile.util.def | 6 +++++- - grub-core/Makefile.core.def | 2 +- - grub-core/disk/luks2.c | 13 +++++++++++-- - 3 files changed, 17 insertions(+), 4 deletions(-) - -diff --git a/Makefile.util.def b/Makefile.util.def -index 038253b37..2f19569c9 100644 ---- a/Makefile.util.def -+++ b/Makefile.util.def -@@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl; - library = { - name = libgrubkern.a; - cflags = '$(CFLAGS_GNULIB)'; -- cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json'; -+ cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json -I$(srcdir)/grub-core/lib/argon2'; - - common = util/misc.c; - common = grub-core/kern/command.c; -@@ -36,6 +36,10 @@ library = { - common = grub-core/kern/misc.c; - common = grub-core/kern/partition.c; - common = grub-core/lib/crypto.c; -+ common = grub-core/lib/argon2/argon2.c; -+ common = grub-core/lib/argon2/core.c; -+ common = grub-core/lib/argon2/ref.c; -+ common = grub-core/lib/argon2/blake2/blake2b.c; - common = grub-core/lib/json/json.c; - common = grub-core/disk/luks.c; - common = grub-core/disk/luks2.c; -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 0ee65d54d..cd29a9df8 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -1242,7 +1242,7 @@ module = { - common = disk/luks2.c; - common = lib/gnulib/base64.c; - cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)'; -- cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json'; -+ cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json -I$(srcdir)/lib/argon2'; - }; - - module = { -diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c -index bbd8f5579..02cd615d9 100644 ---- a/grub-core/disk/luks2.c -+++ b/grub-core/disk/luks2.c -@@ -28,6 +28,7 @@ - #include <grub/i18n.h> - #include <grub/safemath.h> - -+#include <argon2.h> - #include <base64.h> - #include <json.h> - -@@ -463,8 +464,16 @@ luks2_decrypt_key (grub_uint8_t *out_key, - { - case LUKS2_KDF_TYPE_ARGON2I: - case LUKS2_KDF_TYPE_ARGON2ID: -- ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported"); -- goto err; -+ ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory, k->kdf.u.argon2.cpus, -+ passphrase, passphraselen, salt, saltlen, area_key, k->area.key_size, -+ k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i : Argon2_id, -+ ARGON2_VERSION_NUMBER); -+ if (ret) -+ { -+ grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message (ret)); -+ goto err; -+ } -+ break; - case LUKS2_KDF_TYPE_PBKDF2: - hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash); - if (!hash) --- -2.39.5 - diff --git a/config/grub/nvme/patches/0013-don-t-print-empty-error-messages.patch b/config/grub/xhci_nvme/patches/0007-don-t-print-empty-error-messages.patch index 90aefde6..108f4b5f 100644 --- a/config/grub/nvme/patches/0013-don-t-print-empty-error-messages.patch +++ b/config/grub/xhci_nvme/patches/0007-don-t-print-empty-error-messages.patch @@ -1,7 +1,7 @@ -From 97381d8c85c0934ca500f07339d89f9f6245b079 Mon Sep 17 00:00:00 2001 +From 5c26d4bb0cc69cb9f4b9e4f6de794f309d5210f4 Mon Sep 17 00:00:00 2001 From: Leah Rowe <leah@libreboot.org> Date: Sun, 5 Nov 2023 17:25:20 +0000 -Subject: [PATCH 13/15] don't print empty error messages +Subject: [PATCH 07/20] don't print empty error messages this is part two of the quest to kill the prefix error message. after i disabled prefix-related @@ -13,10 +13,10 @@ Signed-off-by: Leah Rowe <leah@libreboot.org> 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/grub-core/kern/err.c b/grub-core/kern/err.c -index 53c734de7..7cac53983 100644 +index ba04b57fb..dab62646d 100644 --- a/grub-core/kern/err.c +++ b/grub-core/kern/err.c -@@ -107,7 +107,8 @@ grub_print_error (void) +@@ -116,7 +116,8 @@ grub_print_error (void) { if (grub_errno != GRUB_ERR_NONE) { @@ -27,5 +27,5 @@ index 53c734de7..7cac53983 100644 } } -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0008-Make-grub-install-work-with-Argon2.patch b/config/grub/xhci_nvme/patches/0008-Make-grub-install-work-with-Argon2.patch deleted file mode 100644 index 21ad8855..00000000 --- a/config/grub/xhci_nvme/patches/0008-Make-grub-install-work-with-Argon2.patch +++ /dev/null @@ -1,26 +0,0 @@ -From c114684bb103af427296e40b78adc0d036a9b237 Mon Sep 17 00:00:00 2001 -From: Ax333l <main@axelen.xyz> -Date: Thu, 17 Aug 2023 00:00:00 +0000 -Subject: [PATCH 08/26] Make grub-install work with Argon2 - -Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> ---- - util/grub-install.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/util/grub-install.c b/util/grub-install.c -index 060246589..059036d3c 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -448,6 +448,8 @@ probe_mods (grub_disk_t disk) - { - grub_util_cryptodisk_get_abstraction (disk, - push_cryptodisk_module, NULL); -+ /* HACK: always push argon2 */ -+ grub_install_push_module ("argon2"); - have_abstractions = 1; - have_cryptodisk = 1; - } --- -2.39.5 - diff --git a/config/grub/xhci_nvme/patches/0014-grub-core-bus-usb-Parse-SuperSpeed-companion-descrip.patch b/config/grub/xhci_nvme/patches/0008-grub-core-bus-usb-Parse-SuperSpeed-companion-descrip.patch index c04e138e..6144f1e0 100644 --- a/config/grub/xhci_nvme/patches/0014-grub-core-bus-usb-Parse-SuperSpeed-companion-descrip.patch +++ b/config/grub/xhci_nvme/patches/0008-grub-core-bus-usb-Parse-SuperSpeed-companion-descrip.patch @@ -1,7 +1,7 @@ -From 1c5716f42deb27b1111839b9782fd06b077eaa90 Mon Sep 17 00:00:00 2001 +From b47687966ebad85b16d58469237b048c10f86610 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph <patrick.rudolph@9elements.com> Date: Sun, 15 Nov 2020 19:00:27 +0100 -Subject: [PATCH 14/26] grub-core/bus/usb: Parse SuperSpeed companion +Subject: [PATCH 08/20] grub-core/bus/usb: Parse SuperSpeed companion descriptors Parse the SS_ENDPOINT_COMPANION descriptor, which is only present on USB 3.0 @@ -161,7 +161,7 @@ index f5608e330..2ae29cba1 100644 if ((endp->endp_addr & 128) && grub_usb_get_ep_type(endp) == GRUB_USB_EP_INTERRUPT) diff --git a/grub-core/commands/usbtest.c b/grub-core/commands/usbtest.c -index 2c6d93fe6..55a657635 100644 +index 3184ac9af..7d128449d 100644 --- a/grub-core/commands/usbtest.c +++ b/grub-core/commands/usbtest.c @@ -185,7 +185,7 @@ usb_iterate (grub_usb_device_t dev, void *data __attribute__ ((unused))) @@ -242,5 +242,5 @@ index aac5ab05a..bb2ab2e27 100644 { grub_uint8_t length; -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0015-usb-Add-enum-for-xHCI.patch b/config/grub/xhci_nvme/patches/0009-usb-Add-enum-for-xHCI.patch index 4de9d894..4f88de35 100644 --- a/config/grub/xhci_nvme/patches/0015-usb-Add-enum-for-xHCI.patch +++ b/config/grub/xhci_nvme/patches/0009-usb-Add-enum-for-xHCI.patch @@ -1,7 +1,7 @@ -From 260f27e1ea1dbcdeb63d4411dbdddb97ebb39668 Mon Sep 17 00:00:00 2001 +From 05b2607120d0ccfb826bc83d4f4d2741f4f0a6a1 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph <patrick.rudolph@9elements.com> Date: Mon, 7 Dec 2020 08:41:22 +0100 -Subject: [PATCH 15/26] usb: Add enum for xHCI +Subject: [PATCH 09/20] usb: Add enum for xHCI Will be used in future patches. @@ -25,5 +25,5 @@ index 688c11f6d..ea6ee8c2c 100644 typedef int (*grub_usb_iterate_hook_t) (grub_usb_device_t dev, void *data); -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0016-usbtrans-Set-default-maximum-packet-size.patch b/config/grub/xhci_nvme/patches/0010-usbtrans-Set-default-maximum-packet-size.patch index 908c3adb..938b2266 100644 --- a/config/grub/xhci_nvme/patches/0016-usbtrans-Set-default-maximum-packet-size.patch +++ b/config/grub/xhci_nvme/patches/0010-usbtrans-Set-default-maximum-packet-size.patch @@ -1,7 +1,7 @@ -From 97f71a34c011ad9d37b96c02eb7483fe253c6025 Mon Sep 17 00:00:00 2001 +From 8de1eafa067bfaae5d58ca0c5616e159356dc6c8 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph <patrick.rudolph@9elements.com> Date: Mon, 7 Dec 2020 08:41:23 +0100 -Subject: [PATCH 16/26] usbtrans: Set default maximum packet size +Subject: [PATCH 10/20] usbtrans: Set default maximum packet size Set the maximum packet size to 512 for SuperSpeed devices. @@ -29,5 +29,5 @@ index c5680b33a..c1080bb33 100644 max = 64; -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0017-grub-core-bus-usb-Add-function-pointer-for-attach-de.patch b/config/grub/xhci_nvme/patches/0011-grub-core-bus-usb-Add-function-pointer-for-attach-de.patch index e4798a8d..41f5c1e3 100644 --- a/config/grub/xhci_nvme/patches/0017-grub-core-bus-usb-Add-function-pointer-for-attach-de.patch +++ b/config/grub/xhci_nvme/patches/0011-grub-core-bus-usb-Add-function-pointer-for-attach-de.patch @@ -1,7 +1,7 @@ -From ea5081844c3112b582f52360cfb14ef95b56f5e1 Mon Sep 17 00:00:00 2001 +From 4cda4c986931067b1442c165d6d207d6948529b8 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph <patrick.rudolph@9elements.com> Date: Sun, 15 Nov 2020 19:51:42 +0100 -Subject: [PATCH 17/26] grub-core/bus/usb: Add function pointer for +Subject: [PATCH 11/20] grub-core/bus/usb: Add function pointer for attach/detach events The xHCI code needs to be called for attaching or detaching a device. @@ -117,5 +117,5 @@ index ea6ee8c2c..4dd179db2 100644 grub_uint64_t pending_reset; -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0018-grub-core-bus-usb-usbhub-Add-new-private-fields-for-.patch b/config/grub/xhci_nvme/patches/0012-grub-core-bus-usb-usbhub-Add-new-private-fields-for-.patch index d2067637..9e947020 100644 --- a/config/grub/xhci_nvme/patches/0018-grub-core-bus-usb-usbhub-Add-new-private-fields-for-.patch +++ b/config/grub/xhci_nvme/patches/0012-grub-core-bus-usb-usbhub-Add-new-private-fields-for-.patch @@ -1,7 +1,7 @@ -From 7db1cdd1cdbb79a8da04648dcbf7318d200f72a4 Mon Sep 17 00:00:00 2001 +From e29dd6f6ccc73f2e4c04261c0367e1c6a0dbbce6 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph <patrick.rudolph@9elements.com> Date: Mon, 7 Dec 2020 08:41:25 +0100 -Subject: [PATCH 18/26] grub-core/bus/usb/usbhub: Add new private fields for +Subject: [PATCH 12/20] grub-core/bus/usb/usbhub: Add new private fields for xHCI controller Store the root port number, the route, consisting out of the port ID @@ -73,5 +73,5 @@ index 4dd179db2..609faf7d0 100644 -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0019-grub-core-bus-usb-Add-xhci-support.patch b/config/grub/xhci_nvme/patches/0013-grub-core-bus-usb-Add-xhci-support.patch index b4d6e956..9661a425 100644 --- a/config/grub/xhci_nvme/patches/0019-grub-core-bus-usb-Add-xhci-support.patch +++ b/config/grub/xhci_nvme/patches/0013-grub-core-bus-usb-Add-xhci-support.patch @@ -1,7 +1,7 @@ -From 6b34ac2449362da5139e702e484a432d828a505d Mon Sep 17 00:00:00 2001 +From aa09b16597347353c561f55a32eb27f662b41053 Mon Sep 17 00:00:00 2001 From: Patrick Rudolph <patrick.rudolph@9elements.com> Date: Mon, 7 Dec 2020 08:41:26 +0100 -Subject: [PATCH 19/26] grub-core/bus/usb: Add xhci support +Subject: [PATCH 13/20] grub-core/bus/usb: Add xhci support Add support for xHCI USB controllers. The code is based on seabios implementation, but has been heavily @@ -67,10 +67,10 @@ index 43635d5ff..65016f856 100644 endif diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index cd29a9df8..d3947739f 100644 +index fa4bc54aa..208badbdf 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -667,6 +667,13 @@ module = { +@@ -675,6 +675,13 @@ module = { enable = arm_coreboot; }; @@ -2803,5 +2803,5 @@ index 609faf7d0..eb71fa1c7 100644 #endif /* GRUB_USB_H */ -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0020-grub-core-bus-usb-usbhub-Add-xHCI-non-root-hub-suppo.patch b/config/grub/xhci_nvme/patches/0014-grub-core-bus-usb-usbhub-Add-xHCI-non-root-hub-suppo.patch index 31e831ec..98f38569 100644 --- a/config/grub/xhci_nvme/patches/0020-grub-core-bus-usb-usbhub-Add-xHCI-non-root-hub-suppo.patch +++ b/config/grub/xhci_nvme/patches/0014-grub-core-bus-usb-usbhub-Add-xHCI-non-root-hub-suppo.patch @@ -1,7 +1,7 @@ -From d84ac94dc55baad9a2297980b2017cd22e4ecb3c Mon Sep 17 00:00:00 2001 +From 861b218be772b8abf090647fc24eb7c7ccc1d2db Mon Sep 17 00:00:00 2001 From: Patrick Rudolph <patrick.rudolph@9elements.com> Date: Mon, 7 Dec 2020 08:41:27 +0100 -Subject: [PATCH 20/26] grub-core/bus/usb/usbhub: Add xHCI non root hub support +Subject: [PATCH 14/20] grub-core/bus/usb/usbhub: Add xHCI non root hub support Tested on Intel PCH C246, the USB3 hub can be configured by grub. @@ -123,5 +123,5 @@ index 039ebed65..d6c3f71dc 100644 #define GRUB_USB_FEATURE_ENDP_HALT 0x00 #define GRUB_USB_FEATURE_DEV_REMOTE_WU 0x01 -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0021-xHCI-also-accept-SBRN-0x31-and-0x32.patch b/config/grub/xhci_nvme/patches/0015-xHCI-also-accept-SBRN-0x31-and-0x32.patch index f6e0f366..69d0e653 100644 --- a/config/grub/xhci_nvme/patches/0021-xHCI-also-accept-SBRN-0x31-and-0x32.patch +++ b/config/grub/xhci_nvme/patches/0015-xHCI-also-accept-SBRN-0x31-and-0x32.patch @@ -1,7 +1,7 @@ -From 0433c5bb1e40fba93205e1c9fd6b1b397d31ae5a Mon Sep 17 00:00:00 2001 +From 0a1a2f3a2f4b3908f094133c86fda0e882dabda5 Mon Sep 17 00:00:00 2001 From: Sven Anderson <sven@anderson.de> Date: Sat, 28 May 2022 21:39:23 +0200 -Subject: [PATCH 21/26] xHCI: also accept SBRN 0x31 and 0x32 +Subject: [PATCH 15/20] xHCI: also accept SBRN 0x31 and 0x32 Signed-off-by: Sven Anderson <sven@anderson.de> --- @@ -22,5 +22,5 @@ index a5bd3c97d..cde21f57a 100644 grub_dprintf ("xhci", "XHCI grub_xhci_pci_iter: Wrong SBRN: %0x\n", release); -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0022-xhci-fix-port-indexing.patch b/config/grub/xhci_nvme/patches/0016-xhci-fix-port-indexing.patch index edfcca2c..bdbaf417 100644 --- a/config/grub/xhci_nvme/patches/0022-xhci-fix-port-indexing.patch +++ b/config/grub/xhci_nvme/patches/0016-xhci-fix-port-indexing.patch @@ -1,7 +1,7 @@ -From d300f12cb624998f3d5ab5948c3fc64d6d7baf4f Mon Sep 17 00:00:00 2001 +From 9343cdda106d47561f25ce1e39a86d62cb0bfd08 Mon Sep 17 00:00:00 2001 From: Sven Anderson <sven@anderson.de> Date: Mon, 13 Jan 2025 19:51:41 +0100 -Subject: [PATCH 22/26] xhci: fix port indexing +Subject: [PATCH 16/20] xhci: fix port indexing --- grub-core/bus/usb/xhci.c | 10 +++++----- @@ -39,5 +39,5 @@ index f4591ffb5..dc89b9619 100644 } -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0023-xhci-configure-TT-for-non-root-hubs.patch b/config/grub/xhci_nvme/patches/0017-xhci-configure-TT-for-non-root-hubs.patch index b41db45f..83410e2e 100644 --- a/config/grub/xhci_nvme/patches/0023-xhci-configure-TT-for-non-root-hubs.patch +++ b/config/grub/xhci_nvme/patches/0017-xhci-configure-TT-for-non-root-hubs.patch @@ -1,7 +1,7 @@ -From 0a669ef9815267de4fb14f3c329431ac531755c9 Mon Sep 17 00:00:00 2001 +From 41e966e3054862e1921e14bd2ecec3bfb20cba8f Mon Sep 17 00:00:00 2001 From: Sven Anderson <sven@anderson.de> Date: Mon, 13 Jan 2025 20:26:32 +0100 -Subject: [PATCH 23/26] xhci: configure TT for non-root-hubs +Subject: [PATCH 17/20] xhci: configure TT for non-root-hubs --- grub-core/bus/usb/usbhub.c | 6 +++++ @@ -94,5 +94,5 @@ index eb71fa1c7..df97a60cc 100644 grub_usb_err_t grub_usb_get_descriptor (grub_usb_device_t dev, -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0024-Fix-compilation-on-x86_64.patch b/config/grub/xhci_nvme/patches/0018-Fix-compilation-on-x86_64.patch index cdc692d6..405cfeb9 100644 --- a/config/grub/xhci_nvme/patches/0024-Fix-compilation-on-x86_64.patch +++ b/config/grub/xhci_nvme/patches/0018-Fix-compilation-on-x86_64.patch @@ -1,7 +1,7 @@ -From 625fdcf42f2cf11a4bfe644412450c9e4f551d25 Mon Sep 17 00:00:00 2001 +From 114346473d1e5d3660ea0dae4ed9f4c8ad98bbeb Mon Sep 17 00:00:00 2001 From: Patrick Rudolph <patrick.rudolph@9elements.com> Date: Wed, 24 Feb 2021 08:25:41 +0100 -Subject: [PATCH 24/26] Fix compilation on x86_64 +Subject: [PATCH 18/20] Fix compilation on x86_64 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com> --- @@ -86,5 +86,5 @@ index 88c9ac57f..9b9bae6e5 100644 } else -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/patches/0025-Add-native-NVMe-driver-based-on-SeaBIOS.patch b/config/grub/xhci_nvme/patches/0019-Add-native-NVMe-driver-based-on-SeaBIOS.patch index e9dc54b5..57762843 100644 --- a/config/grub/xhci_nvme/patches/0025-Add-native-NVMe-driver-based-on-SeaBIOS.patch +++ b/config/grub/xhci_nvme/patches/0019-Add-native-NVMe-driver-based-on-SeaBIOS.patch @@ -1,7 +1,7 @@ -From 1ede42b39a87ccb2cc43d919f3ee4803d6551102 Mon Sep 17 00:00:00 2001 +From 2b255ee97a48f280a20acd807386bec52ea447c8 Mon Sep 17 00:00:00 2001 From: Mate Kukri <km@mkukri.xyz> Date: Mon, 20 May 2024 11:43:35 +0100 -Subject: [PATCH 25/26] Add native NVMe driver based on SeaBIOS +Subject: [PATCH 19/20] Add native NVMe driver based on SeaBIOS Tested to successfully boot Debian on QEMU and OptiPlex 3050. @@ -31,10 +31,10 @@ index 65016f856..7bc0866ba 100644 endif diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index d3947739f..fb9f24c0f 100644 +index 208badbdf..219282524 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -2689,3 +2689,9 @@ module = { +@@ -2775,3 +2775,9 @@ module = { cflags = '-Wno-uninitialized'; cppflags = '-I$(srcdir)/lib/libtasn1-grub -I$(srcdir)/tests/asn1/'; }; @@ -1070,5 +1070,5 @@ index fbf23df7f..186e76f0b 100644 struct grub_disk; -- -2.39.5 +2.47.3 diff --git a/config/grub/nvme/patches/0015-kern-coreboot-mmap-Map-to-reserved.patch b/config/grub/xhci_nvme/patches/0020-kern-coreboot-mmap-Map-to-reserved.patch index 06ebc37c..9cf94a25 100644 --- a/config/grub/nvme/patches/0015-kern-coreboot-mmap-Map-to-reserved.patch +++ b/config/grub/xhci_nvme/patches/0020-kern-coreboot-mmap-Map-to-reserved.patch @@ -1,7 +1,7 @@ -From 9228fa35d5af64e67a33372231baa3862f6fad67 Mon Sep 17 00:00:00 2001 +From 4ece79a5e4708b96c2fd06a80b1aac0b6e232675 Mon Sep 17 00:00:00 2001 From: Paul Menzel <pmenzel@molgen.mpg.de> Date: Mon, 17 May 2021 10:24:36 +0200 -Subject: [PATCH 15/15] kern/coreboot/mmap: Map to reserved +Subject: [PATCH 20/20] kern/coreboot/mmap: Map to reserved https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6de9ee86bf9ae50967413e6a73b5dfd13e5ffb50 @@ -33,5 +33,5 @@ index caf8f7cef..2fc316e8d 100644 return 1; } -- -2.39.5 +2.47.3 diff --git a/config/grub/xhci_nvme/target.cfg b/config/grub/xhci_nvme/target.cfg index c3c8127d..618d15a4 100644 --- a/config/grub/xhci_nvme/target.cfg +++ b/config/grub/xhci_nvme/target.cfg @@ -1,4 +1,4 @@ # SPDX-License-Identifier: GPL-3.0-or-later tree="xhci_nvme" -rev="a68a7dece464c35b1c8d20b98502b6881b103911" +rev="280715ec63a3424f5cf1289302cb4ab4e98768f4" |