75 lines
2.6 KiB
Diff
75 lines
2.6 KiB
Diff
---
|
|
Makefile.util.def | 6 +++++-
|
|
grub-core/Makefile.core.def | 2 +-
|
|
grub-core/disk/luks2.c | 13 +++++++++++--
|
|
3 files changed, 17 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/Makefile.util.def b/Makefile.util.def
|
|
index f8b356cc1..39fe9cb7c 100644
|
|
--- a/Makefile.util.def
|
|
+++ b/Makefile.util.def
|
|
@@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl;
|
|
library = {
|
|
name = libgrubkern.a;
|
|
cflags = '$(CFLAGS_GNULIB)';
|
|
- cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json';
|
|
+ cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json -I$(srcdir)/grub-core/lib/argon2';
|
|
|
|
common = util/misc.c;
|
|
common = grub-core/kern/command.c;
|
|
@@ -36,6 +36,10 @@ library = {
|
|
common = grub-core/kern/misc.c;
|
|
common = grub-core/kern/partition.c;
|
|
common = grub-core/lib/crypto.c;
|
|
+ common = grub-core/lib/argon2/argon2.c;
|
|
+ common = grub-core/lib/argon2/core.c;
|
|
+ common = grub-core/lib/argon2/ref.c;
|
|
+ common = grub-core/lib/argon2/blake2/blake2b.c;
|
|
common = grub-core/lib/json/json.c;
|
|
common = grub-core/disk/luks.c;
|
|
common = grub-core/disk/luks2.c;
|
|
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
|
|
index 3a004e88c..e5e5b216b 100644
|
|
--- a/grub-core/Makefile.core.def
|
|
+++ b/grub-core/Makefile.core.def
|
|
@@ -1197,7 +1197,7 @@ module = {
|
|
common = disk/luks2.c;
|
|
common = lib/gnulib/base64.c;
|
|
cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)';
|
|
- cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json';
|
|
+ cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json -I$(srcdir)/lib/argon2';
|
|
};
|
|
|
|
module = {
|
|
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
|
|
index 02822c777..2ec0d4116 100644
|
|
--- a/grub-core/disk/luks2.c
|
|
+++ b/grub-core/disk/luks2.c
|
|
@@ -27,6 +27,7 @@
|
|
#include <grub/partition.h>
|
|
#include <grub/i18n.h>
|
|
|
|
+#include <argon2.h>
|
|
#include <base64.h>
|
|
#include <json.h>
|
|
|
|
@@ -448,8 +449,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
|
|
{
|
|
case LUKS2_KDF_TYPE_ARGON2I:
|
|
case LUKS2_KDF_TYPE_ARGON2ID:
|
|
- ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
|
|
- goto err;
|
|
+ ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory, k->kdf.u.argon2.cpus,
|
|
+ passphrase, passphraselen, salt, saltlen, area_key, k->area.key_size,
|
|
+ k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i : Argon2_id,
|
|
+ ARGON2_VERSION_NUMBER);
|
|
+ if (ret)
|
|
+ {
|
|
+ grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message (ret));
|
|
+ goto err;
|
|
+ }
|
|
+ break;
|
|
case LUKS2_KDF_TYPE_PBKDF2:
|
|
hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash);
|
|
if (!hash)
|