add luks2 to arch release

.SRCINFO

@@ -54,6 +54,12 @@ pkgbase = grub
 	source = 0001-00_header-add-GRUB_COLOR_-variables.patch
 	source = 0002-10_linux-detect-archlinux-initramfs.patch
 	source = 0003-support-dropins-for-default-configuration.patch
+	source = 0004-argon_1.patch
+	source = 0005-argon_2.patch
+	source = 0006-argon_3.patch
+	source = 0007-argon_4.patch
+	source = 0008-argon_5.patch
+	source = 0009-grub-install_luks2.patch
 	source = grub.default
 	source = sbat.csv
 	validpgpkeys = E53D497F3FA42AD8C9B4D1E835A93B74E82E4209
@@ -66,6 +72,12 @@ pkgbase = grub
 	sha256sums = 5dee6628c48eef79812bb9e86ee772068d85e7fcebbd2b2b8d1e19d24eda9dab
 	sha256sums = 8488aec30a93e8fe66c23ef8c23aefda39c38389530e9e73ba3fbcc8315d244d
 	sha256sums = b5d9fcd62ffb3c3950fdeb7089ec2dc2294ac52e9861980ad90a437dedbd3d47
+	sha256sums = 8df0e89bbd874cbe17e234e33a8b7bef16797ce8bbf0c5653ecec37b5f200f70
+	sha256sums = 28c242f1d3f30c1728dc4f8bf50833e897c002d2a6c3ed8d21f3abd068d641ae
+	sha256sums = 15c128a0570848a96eed8fcb021aef606ae8f6e21a041fb4ff31934e173f2b29
+	sha256sums = c0aeab4f52106bb8e12d70d0e2cc82d22d0167b70ae5c7f93d3eb274538f86f4
+	sha256sums = 609ff0a18a135662b85752b03a5e96de414f1bb64070956785de261c60643696
+	sha256sums = 078668600ffb0a560a5eb61a2dd61142b9f1bee9f503e9d1ff94ebbeff9c01df
 	sha256sums = 7df3f5cb5df7d2dfb17f4c9b5c5dedc9519ddce6f8d2c6cd43d1be17cecb65cb
 	sha256sums = f34c2b0aa2ed4ab9c7e7bcab5197470c30fedc6c2148f337839dd24bceae35fd
 

0004-argon_1.patch

@@ -0,0 +1,33 @@
+---
+ grub-core/kern/dl.c           | 3 ++-
+ util/grub-module-verifierXX.c | 3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
+index 48f8a7907..7d395096f 100644
+--- a/grub-core/kern/dl.c
++++ b/grub-core/kern/dl.c
+@@ -467,7 +467,8 @@ grub_dl_check_license (grub_dl_t mod, El
+
+   if (grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3") == 0
+       || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3+") == 0
+-      || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv2+") == 0)
++      || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv2+") == 0
++      || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=CC0") == 0)
+     return GRUB_ERR_NONE;
+
+   return grub_error (GRUB_ERR_BAD_MODULE,
+diff --git a/util/grub-module-verifierXX.c b/util/grub-module-verifierXX.c
+index ceb24309a..284f9026e 100644
+--- a/util/grub-module-verifierXX.c
++++ b/util/grub-module-verifierXX.c
+@@ -157,7 +157,8 @@ check_license (const char * const filena
+   Elf_Shdr *s = find_section (arch, e, ".module_license");
+   if (s && (strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3") == 0
+ 	    || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv3+") == 0
+-	    || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0))
++	    || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=GPLv2+") == 0
++	    || strcmp ((char *) e + grub_target_to_host(s->sh_offset), "LICENSE=CC0") == 0))
+     return;
+   grub_util_error ("%s: incompatible license", filename);
+ }

0005-argon_2.patch

@@ -0,0 +1,30 @@
+---
+ include/grub/types.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/include/grub/types.h b/include/grub/types.h
+index 0a3ff1591..13b0c46b3 100644
+--- a/include/grub/types.h
++++ b/include/grub/types.h
+@@ -153,6 +153,7 @@ typedef grub_int32_t        grub_ssize_t;
+ #define GRUB_SHRT_MAX 0x7fff
+ #define GRUB_SHRT_MIN (-GRUB_SHRT_MAX - 1)
+ #define GRUB_UINT_MAX 4294967295U
++#define GRUB_UINT32_MAX 4294967295U
+ #define GRUB_INT_MAX 0x7fffffff
+ #define GRUB_INT_MIN (-GRUB_INT_MAX - 1)
+ #define GRUB_INT32_MAX 2147483647
+@@ -174,6 +175,13 @@ typedef grub_int32_t       grub_ssize_t;
+ #define GRUB_TYPE_U_MAX(type) ((unsigned long long)((typeof (type))(~0)))
+ #define GRUB_TYPE_U_MIN(type) 0ULL
+
++# define GRUB_UINT32_C(x) x ## U
++# if GRUB_ULONG_MAX >> 31 >> 31 >> 1 == 1
++#  define GRUB_UINT64_C(x) x##UL
++# elif 1
++#  define GRUB_UINT64_C(x) x##ULL
++# endif
++
+ typedef grub_uint64_t grub_properly_aligned_t;
+
+ #define GRUB_PROPERLY_ALIGNED_ARRAY(name, size) grub_properly_aligned_t name[((size) + sizeof (grub_properly_aligned_t) - 1) / sizeof (grub_properly_aligned_t)]

0007-argon_4.patch

@@ -0,0 +1,49 @@
+---
+ grub-core/disk/luks2.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
+index 371a53b83..02822c777 100644
+--- a/grub-core/disk/luks2.c
++++ b/grub-core/disk/luks2.c
+@@ -40,6 +40,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ enum grub_luks2_kdf_type
+ {
+   LUKS2_KDF_TYPE_ARGON2I,
++  LUKS2_KDF_TYPE_ARGON2ID,
+   LUKS2_KDF_TYPE_PBKDF2
+ };
+ typedef enum grub_luks2_kdf_type grub_luks2_kdf_type_t;
+@@ -92,7 +93,7 @@ struct grub_luks2_keyslot
+ 	grub_int64_t time;
+ 	grub_int64_t memory;
+ 	grub_int64_t cpus;
+-      } argon2i;
++      } argon2;
+       struct
+       {
+ 	const char   *hash;
+@@ -162,10 +163,11 @@ luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot)
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing or invalid KDF");
+   else if (!grub_strcmp (type, "argon2i") || !grub_strcmp (type, "argon2id"))
+     {
+-      out->kdf.type = LUKS2_KDF_TYPE_ARGON2I;
+-      if (grub_json_getint64 (&out->kdf.u.argon2i.time, &kdf, "time") ||
+-	  grub_json_getint64 (&out->kdf.u.argon2i.memory, &kdf, "memory") ||
+-	  grub_json_getint64 (&out->kdf.u.argon2i.cpus, &kdf, "cpus"))
++      out->kdf.type = !grub_strcmp (type, "argon2i")
++		      ? LUKS2_KDF_TYPE_ARGON2I : LUKS2_KDF_TYPE_ARGON2ID;
++      if (grub_json_getint64 (&out->kdf.u.argon2.time, &kdf, "time") ||
++	  grub_json_getint64 (&out->kdf.u.argon2.memory, &kdf, "memory") ||
++	  grub_json_getint64 (&out->kdf.u.argon2.cpus, &kdf, "cpus"))
+ 	return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing Argon2i parameters");
+     }
+   else if (!grub_strcmp (type, "pbkdf2"))
+@@ -445,6 +447,7 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+   switch (k->kdf.type)
+     {
+       case LUKS2_KDF_TYPE_ARGON2I:
++      case LUKS2_KDF_TYPE_ARGON2ID:
+ 	ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
+ 	goto err;
+       case LUKS2_KDF_TYPE_PBKDF2:

0008-argon_5.patch

@@ -0,0 +1,74 @@
+---
+ Makefile.util.def           |  6 +++++-
+ grub-core/Makefile.core.def |  2 +-
+ grub-core/disk/luks2.c      | 13 +++++++++++--
+ 3 files changed, 17 insertions(+), 4 deletions(-)
+
+diff --git a/Makefile.util.def b/Makefile.util.def
+index f8b356cc1..39fe9cb7c 100644
+--- a/Makefile.util.def
++++ b/Makefile.util.def
+@@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl;
+ library = {
+   name = libgrubkern.a;
+   cflags = '$(CFLAGS_GNULIB)';
+-  cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json';
++  cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json -I$(srcdir)/grub-core/lib/argon2';
+
+   common = util/misc.c;
+   common = grub-core/kern/command.c;
+@@ -36,6 +36,10 @@ library = {
+   common = grub-core/kern/misc.c;
+   common = grub-core/kern/partition.c;
+   common = grub-core/lib/crypto.c;
++  common = grub-core/lib/argon2/argon2.c;
++  common = grub-core/lib/argon2/core.c;
++  common = grub-core/lib/argon2/ref.c;
++  common = grub-core/lib/argon2/blake2/blake2b.c;
+   common = grub-core/lib/json/json.c;
+   common = grub-core/disk/luks.c;
+   common = grub-core/disk/luks2.c;
+diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
+index 3a004e88c..e5e5b216b 100644
+--- a/grub-core/Makefile.core.def
++++ b/grub-core/Makefile.core.def
+@@ -1197,7 +1197,7 @@ module = {
+   common = disk/luks2.c;
+   common = lib/gnulib/base64.c;
+   cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)';
+-  cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json';
++  cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json -I$(srcdir)/lib/argon2';
+ };
+
+ module = {
+diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
+index 02822c777..2ec0d4116 100644
+--- a/grub-core/disk/luks2.c
++++ b/grub-core/disk/luks2.c
+@@ -27,6 +27,7 @@
+ #include <grub/partition.h>
+ #include <grub/i18n.h>
+
++#include <argon2.h>
+ #include <base64.h>
+ #include <json.h>
+
+@@ -448,8 +449,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+     {
+       case LUKS2_KDF_TYPE_ARGON2I:
+       case LUKS2_KDF_TYPE_ARGON2ID:
+-	ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
+-	goto err;
++	ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory, k->kdf.u.argon2.cpus,
++			   passphrase, passphraselen, salt, saltlen, area_key, k->area.key_size,
++			   k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i : Argon2_id,
++			   ARGON2_VERSION_NUMBER);
++        if (ret)
++	  {
++	    grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message (ret));
++	    goto err;
++	  }
++        break;
+       case LUKS2_KDF_TYPE_PBKDF2:
+ 	hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash);
+ 	if (!hash)

0009-grub-install_luks2.patch

@@ -0,0 +1,13 @@
+diff --git a/util/grub-install.c b/util/grub-install.c
+index 53b464804..2bf02a3b6 100644
+--- a/util/grub-install.c
++++ b/util/grub-install.c
+@@ -446,6 +446,8 @@ probe_mods (grub_disk_t disk)
+     {
+       grub_util_cryptodisk_get_abstraction (disk,
+ 					    push_cryptodisk_module, NULL);
++      /* HACK: always push argon2 */
++      grub_install_push_module ("argon2");
+       have_abstractions = 1;
+       have_cryptodisk = 1;
+     }

PKGBUILD

@@ -1,5 +1,6 @@
-# Maintainer : Christian Hesse <mail@eworm.de>
-# Maintainer : Tobias Powalowski <tpowa@archlinux.org>
+# Maintainer : Alexander Bocken <alexander@bocken.org>
+# Contributor: Christian Hesse <mail@eworm.de>
+# Contributor: Tobias Powalowski <tpowa@archlinux.org>
 # Contributor: Ronald van Haren <ronald.archlinux.org>
 # Contributor: Keshav Amburay <(the ddoott ridikulus ddoott rat) (aatt) (gemmaeiil) (ddoott) (ccoomm)>
 
@@ -63,6 +64,12 @@ source=("git+https://git.savannah.gnu.org/git/grub.git#tag=${_tag}?signed"
         '0001-00_header-add-GRUB_COLOR_-variables.patch'
         '0002-10_linux-detect-archlinux-initramfs.patch'
         '0003-support-dropins-for-default-configuration.patch'
+	'0004-argon_1.patch'
+	'0005-argon_2.patch'
+	'0006-argon_3.patch'
+	'0007-argon_4.patch'
+	'0008-argon_5.patch'
+	'0009-grub-install_luks2.patch'
         'grub.default'
         'sbat.csv')
 
@@ -73,6 +80,12 @@ sha256sums=('SKIP'
             '5dee6628c48eef79812bb9e86ee772068d85e7fcebbd2b2b8d1e19d24eda9dab'
             '8488aec30a93e8fe66c23ef8c23aefda39c38389530e9e73ba3fbcc8315d244d'
             'b5d9fcd62ffb3c3950fdeb7089ec2dc2294ac52e9861980ad90a437dedbd3d47'
+            '8df0e89bbd874cbe17e234e33a8b7bef16797ce8bbf0c5653ecec37b5f200f70'
+            '28c242f1d3f30c1728dc4f8bf50833e897c002d2a6c3ed8d21f3abd068d641ae'
+            '15c128a0570848a96eed8fcb021aef606ae8f6e21a041fb4ff31934e173f2b29'
+            'c0aeab4f52106bb8e12d70d0e2cc82d22d0167b70ae5c7f93d3eb274538f86f4'
+            '609ff0a18a135662b85752b03a5e96de414f1bb64070956785de261c60643696'
+            '078668600ffb0a560a5eb61a2dd61142b9f1bee9f503e9d1ff94ebbeff9c01df'
             '7df3f5cb5df7d2dfb17f4c9b5c5dedc9519ddce6f8d2c6cd43d1be17cecb65cb'
             'f34c2b0aa2ed4ab9c7e7bcab5197470c30fedc6c2148f337839dd24bceae35fd')
 
@@ -129,6 +142,16 @@ prepare() {
 	echo "Patch to detect of Arch Linux initramfs images by grub-mkconfig..."
 	patch -Np1 -i "${srcdir}/0002-10_linux-detect-archlinux-initramfs.patch"
 
+	echo "Patch to support argon2..."
+    	patch -Np1 -i "$srcdir"/0004-argon_1.patch
+    	patch -Np1 -i "$srcdir"/0005-argon_2.patch
+    	patch -Np1 -i "$srcdir"/0006-argon_3.patch
+    	patch -Np1 -i "$srcdir"/0007-argon_4.patch
+    	patch -Np1 -i "$srcdir"/0008-argon_5.patch
+
+	echo "Patch to support luks2 in grub-install..."
+    	patch -Np1 -i "$srcdir"/0009-grub-install_luks2.patch
+
 	echo "Patch to support dropins for default configuration..."
 	patch -Np1 -i "${srcdir}/0003-support-dropins-for-default-configuration.patch"