grub-luks2-improved-stable/0008-argon_5.patch

---
 Makefile.util.def           |  6 +++++-
 grub-core/Makefile.core.def |  2 +-
 grub-core/disk/luks2.c      | 13 +++++++++++--
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/Makefile.util.def b/Makefile.util.def
index f8b356cc1..39fe9cb7c 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl;
 library = {
   name = libgrubkern.a;
   cflags = '$(CFLAGS_GNULIB)';
-  cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json';
+  cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json -I$(srcdir)/grub-core/lib/argon2';

   common = util/misc.c;
   common = grub-core/kern/command.c;
@@ -36,6 +36,10 @@ library = {
   common = grub-core/kern/misc.c;
   common = grub-core/kern/partition.c;
   common = grub-core/lib/crypto.c;
+  common = grub-core/lib/argon2/argon2.c;
+  common = grub-core/lib/argon2/core.c;
+  common = grub-core/lib/argon2/ref.c;
+  common = grub-core/lib/argon2/blake2/blake2b.c;
   common = grub-core/lib/json/json.c;
   common = grub-core/disk/luks.c;
   common = grub-core/disk/luks2.c;
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 3a004e88c..e5e5b216b 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -1197,7 +1197,7 @@ module = {
   common = disk/luks2.c;
   common = lib/gnulib/base64.c;
   cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)';
-  cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json';
+  cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json -I$(srcdir)/lib/argon2';
 };

 module = {
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index 02822c777..2ec0d4116 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -27,6 +27,7 @@
 #include <grub/partition.h>
 #include <grub/i18n.h>

+#include <argon2.h>
 #include <base64.h>
 #include <json.h>

@@ -448,8 +449,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
     {
       case LUKS2_KDF_TYPE_ARGON2I:
       case LUKS2_KDF_TYPE_ARGON2ID:
-	ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
-	goto err;
+	ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory, k->kdf.u.argon2.cpus,
+			   passphrase, passphraselen, salt, saltlen, area_key, k->area.key_size,
+			   k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i : Argon2_id,
+			   ARGON2_VERSION_NUMBER);
+        if (ret)
+	  {
+	    grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message (ret));
+	    goto err;
+	  }
+        break;
       case LUKS2_KDF_TYPE_PBKDF2:
 	hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash);
 	if (!hash)
add luks2 to arch release 2023-12-23 11:08:24 +01:00			`---`
			`Makefile.util.def \| 6 +++++-`
			`grub-core/Makefile.core.def \| 2 +-`
			`grub-core/disk/luks2.c \| 13 +++++++++++--`
			`3 files changed, 17 insertions(+), 4 deletions(-)`

			`diff --git a/Makefile.util.def b/Makefile.util.def`
			`index f8b356cc1..39fe9cb7c 100644`
			`--- a/Makefile.util.def`
			`+++ b/Makefile.util.def`
			`@@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl;`
			`library = {`
			`name = libgrubkern.a;`
			`cflags = '$(CFLAGS_GNULIB)';`
			`- cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json';`
			`+ cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json -I$(srcdir)/grub-core/lib/argon2';`

			`common = util/misc.c;`
			`common = grub-core/kern/command.c;`
			`@@ -36,6 +36,10 @@ library = {`
			`common = grub-core/kern/misc.c;`
			`common = grub-core/kern/partition.c;`
			`common = grub-core/lib/crypto.c;`
			`+ common = grub-core/lib/argon2/argon2.c;`
			`+ common = grub-core/lib/argon2/core.c;`
			`+ common = grub-core/lib/argon2/ref.c;`
			`+ common = grub-core/lib/argon2/blake2/blake2b.c;`
			`common = grub-core/lib/json/json.c;`
			`common = grub-core/disk/luks.c;`
			`common = grub-core/disk/luks2.c;`
			`diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def`
			`index 3a004e88c..e5e5b216b 100644`
			`--- a/grub-core/Makefile.core.def`
			`+++ b/grub-core/Makefile.core.def`
			`@@ -1197,7 +1197,7 @@ module = {`
			`common = disk/luks2.c;`
			`common = lib/gnulib/base64.c;`
			`cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)';`
			`- cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json';`
			`+ cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json -I$(srcdir)/lib/argon2';`
			`};`

			`module = {`
			`diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c`
			`index 02822c777..2ec0d4116 100644`
			`--- a/grub-core/disk/luks2.c`
			`+++ b/grub-core/disk/luks2.c`
			`@@ -27,6 +27,7 @@`
			`#include <grub/partition.h>`
			`#include <grub/i18n.h>`

			`+#include <argon2.h>`
			`#include <base64.h>`
			`#include <json.h>`

			`@@ -448,8 +449,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,`
			`{`
			`case LUKS2_KDF_TYPE_ARGON2I:`
			`case LUKS2_KDF_TYPE_ARGON2ID:`
			`- ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");`
			`- goto err;`
			`+ ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory, k->kdf.u.argon2.cpus,`
			`+ passphrase, passphraselen, salt, saltlen, area_key, k->area.key_size,`
			`+ k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i : Argon2_id,`
			`+ ARGON2_VERSION_NUMBER);`
			`+ if (ret)`
			`+ {`
			`+ grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message (ret));`
			`+ goto err;`
			`+ }`
			`+ break;`
			`case LUKS2_KDF_TYPE_PBKDF2:`
			`hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash);`
			`if (!hash)`