From fa5deb59606422773ba8e77f3ab56226a10b116b Mon Sep 17 00:00:00 2001 From: Ax333l <main@axelen.xyz> Date: Thu, 17 Aug 2023 00:00:00 +0000 Subject: [PATCH 07/14] Compile with Argon2id support Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch> --- Makefile.util.def | 6 +++++- grub-core/Makefile.core.def | 2 +- grub-core/disk/luks2.c | 13 +++++++++++-- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/Makefile.util.def b/Makefile.util.def index 0f74a1680..5a15e5637 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl; library = { name = libgrubkern.a; cflags = '$(CFLAGS_GNULIB)'; - cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json'; + cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json -I$(srcdir)/grub-core/lib/argon2'; common = util/misc.c; common = grub-core/kern/command.c; @@ -36,6 +36,10 @@ library = { common = grub-core/kern/misc.c; common = grub-core/kern/partition.c; common = grub-core/lib/crypto.c; + common = grub-core/lib/argon2/argon2.c; + common = grub-core/lib/argon2/core.c; + common = grub-core/lib/argon2/ref.c; + common = grub-core/lib/argon2/blake2/blake2b.c; common = grub-core/lib/json/json.c; common = grub-core/disk/luks.c; common = grub-core/disk/luks2.c; diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def index 452f11b20..5c1af8682 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -1242,7 +1242,7 @@ module = { common = disk/luks2.c; common = lib/gnulib/base64.c; cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)'; - cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json'; + cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json -I$(srcdir)/lib/argon2'; }; module = { diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c index bc818ea69..5b9eaa599 100644 --- a/grub-core/disk/luks2.c +++ b/grub-core/disk/luks2.c @@ -27,6 +27,7 @@ #include <grub/partition.h> #include <grub/i18n.h> +#include <argon2.h> #include <base64.h> #include <json.h> @@ -462,8 +463,16 @@ luks2_decrypt_key (grub_uint8_t *out_key, { case LUKS2_KDF_TYPE_ARGON2I: case LUKS2_KDF_TYPE_ARGON2ID: - ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported"); - goto err; + ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory, k->kdf.u.argon2.cpus, + passphrase, passphraselen, salt, saltlen, area_key, k->area.key_size, + k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i : Argon2_id, + ARGON2_VERSION_NUMBER); + if (ret) + { + grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message (ret)); + goto err; + } + break; case LUKS2_KDF_TYPE_PBKDF2: hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash); if (!hash) -- 2.39.2