1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
---
Makefile.util.def | 6 +++++-
grub-core/Makefile.core.def | 2 +-
grub-core/disk/luks2.c | 13 +++++++++++--
3 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/Makefile.util.def b/Makefile.util.def
index f8b356cc1..39fe9cb7c 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl;
library = {
name = libgrubkern.a;
cflags = '$(CFLAGS_GNULIB)';
- cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json';
+ cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json -I$(srcdir)/grub-core/lib/argon2';
common = util/misc.c;
common = grub-core/kern/command.c;
@@ -36,6 +36,10 @@ library = {
common = grub-core/kern/misc.c;
common = grub-core/kern/partition.c;
common = grub-core/lib/crypto.c;
+ common = grub-core/lib/argon2/argon2.c;
+ common = grub-core/lib/argon2/core.c;
+ common = grub-core/lib/argon2/ref.c;
+ common = grub-core/lib/argon2/blake2/blake2b.c;
common = grub-core/lib/json/json.c;
common = grub-core/disk/luks.c;
common = grub-core/disk/luks2.c;
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 3a004e88c..e5e5b216b 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -1197,7 +1197,7 @@ module = {
common = disk/luks2.c;
common = lib/gnulib/base64.c;
cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)';
- cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json';
+ cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json -I$(srcdir)/lib/argon2';
};
module = {
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index 02822c777..2ec0d4116 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -27,6 +27,7 @@
#include <grub/partition.h>
#include <grub/i18n.h>
+#include <argon2.h>
#include <base64.h>
#include <json.h>
@@ -448,8 +449,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
{
case LUKS2_KDF_TYPE_ARGON2I:
case LUKS2_KDF_TYPE_ARGON2ID:
- ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
- goto err;
+ ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory, k->kdf.u.argon2.cpus,
+ passphrase, passphraselen, salt, saltlen, area_key, k->area.key_size,
+ k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i : Argon2_id,
+ ARGON2_VERSION_NUMBER);
+ if (ret)
+ {
+ grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message (ret));
+ goto err;
+ }
+ break;
case LUKS2_KDF_TYPE_PBKDF2:
hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash);
if (!hash)
--
2.32.0
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAmEP4yQACgkQVbJhu7ck
PpSm3g//WJHea428olgraKZcMWFBq4CpJJUYtaDq/Sxdy/VubY42Or3s90mKTFPw
xiu3/r/WQXnzR5QnwhsVsk7eQNz2oxR5Bpw8XvNBFhMvMrCc8T+RhUeytsCFSjCg
koW7Bub3TLhUnzPH/qHaXtK8inKk3G49fUi+iUFhj6YcMZFIKbiKX5B/SseswUwm
9hJeA2aqgflOQT2ucEKxNJ7VQoqdn7QE0dxWd/7wUPoirBvePa3NcYcp/+QJ+gfr
77N8Sb4hPhU63apnTbzkq72jLyng4h1LTnQMFvcfs1ktUPHWOKHnDxYgLAVEAMKR
nKpfDyEGaAXtO1s2outPHykBnNzQYFiz06vFMoLfXr986m2/5I6XSBIKhEC3XUbO
ZO2Kbys5u/T+O5j9KNlTKX2/9+XhCQwGZP+UXtz2KxTUQm1ZKKjJvNa7LLe6qm0c
ps3YV20jXp5bI7Nsw0MN6+Vu67UXHcr0reCwhI4A/oUrNAVG3DYqaxQAbpKDcIlk
FtVrmwAC3gOw2vjT6Z5T5CGD3jwLX1zN50G8GiSIMzYN7o0S8fU1AEdNpkfZAG8h
+CgCuSBwBY0wfDX1SKWczhVcodJ+E6hoPaXNhk4f31cvNFYuq0IUPKJ4WxNU3NJI
56TdrKzrS322Pb16CC3GX7MgSlTvv3LcbX3Akv2SOpeOxsyc3OI=
=Vrqy
-----END PGP SIGNATURE-----
|