From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.90_1)
	id 1jBk54-00056M-Ap
	for mharc-grub-devel@gnu.org; Tue, 10 Mar 2020 14:58:18 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:55463)
 by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <ps@pks.im>)
 id 1jBk51-00050O-F8
 for grub-devel@gnu.org; Tue, 10 Mar 2020 14:58:16 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ps@pks.im>) id 1jBk50-0006st-6p
 for grub-devel@gnu.org; Tue, 10 Mar 2020 14:58:15 -0400
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:36993)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <ps@pks.im>) id 1jBk50-0006qh-2B
 for grub-devel@gnu.org; Tue, 10 Mar 2020 14:58:14 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.nyi.internal (Postfix) with ESMTP id 8AF5922205;
 Tue, 10 Mar 2020 14:58:13 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute3.internal (MEProxy); Tue, 10 Mar 2020 14:58:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=from
 :to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding; s=fm3; bh=W3cB9/cBHudwV
 iJivNWW14BdSkPKFzXfaFJGsCeoP70=; b=pwHBxQK2SrizopuqxECayqV7PXo6g
 jRm0j6SGQ51L6SfNu2irUVZuE5kPp8+QHtk6lfiFYHP/uR3cATycLhzOx81uFu4e
 nHccdyic61vF2wbmkujPHXRD6+vifEmpslUElDHlzoCk1BiwiDv7mALgt1OIH7us
 1hWCxrpHmJ1z7DHnSgWtocUXvvHGN9lhE16c+I23L6QLI56x5B0It9IYuoySdieD
 0zzU3KaRyRjAvCjz4S/GnBZ15pMTe/i5hGPRMxbf6BR1MJkDhClDzbrwOLf2t1S9
 CybRpaq2AdJL8mtU1reQ069O1tsRjLv9LJKDU9EqkpmZpuHkaX9v1Ef8g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:date:from
 :in-reply-to:message-id:mime-version:references:subject:to
 :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm2; bh=W3cB9/cBHudwViJivNWW14BdSkPKFzXfaFJGsCeoP70=; b=R5krfmHz
 +3L1R00A0AmazH4srLK87s7ZaLSPMFXaZfdR9ApeoN9L2PkySpuGMhMpvLDAhRsU
 noJS4tyi72Rt6BpBuldMhl99TY6OTRY4nVSzEdcGLjVwUOBLh+38YVB0ghg8/R/S
 Y8ENHzQsJ4sqJmAT7zFc8CURnygynOLFrGFKP49TRgjAPO0mT354odsbnjS8a2HQ
 tk3FyFlX1pL0flfS7oguxkCAL1D/MOVxd+DrjxrwBumrIV4UdgZ3XMndqj+r+S0i
 d6WBofjLqaT6NHc/cqGrH9AQF6u5XSp3SR3TbVPBUCT22P30OAByUB22nflmAgf8
 qenkLqLijE+xsg==
X-ME-Sender: <xms:ReNnXoCB9HEphnwwMhRAudOmU2Xn6TzKBFLS-o0JEnNhK7UY6AMmww>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedruddvtddgudduudcutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
 enucfjughrpefhvffufffkofgjfhgggfestdekredtredttdenucfhrhhomheprfgrthhr
 ihgtkhcuufhtvghinhhhrghrughtuceophhssehpkhhsrdhimheqnecukfhppeekledrud
 dvrddvheegrddvheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhl
 fhhrohhmpehpshesphhkshdrihhm
X-ME-Proxy: <xmx:ReNnXqPl7hyAJ5BCfDx3tqNV-jEq8VS5u2gl0h8R20XdyEQ2_G1Tkg>
 <xmx:ReNnXnO-xGIbIgyVRdzeBdKvr2pC566tdLdQrnlAkb9iwKtRXzFW0Q>
 <xmx:ReNnXqmsMhTdnQ7dbfy00m3VyidZ0bXcoKs9jjkkskTKlQX-J5HQEw>
 <xmx:ReNnXt3gj2LmlPUw4BFCuMVLeWpl9VU5iKmkLt_AsvDkhS0EMwJ6Vw>
Received: from vm-mail (x590cfe19.dyn.telefonica.de [89.12.254.25])
 by mail.messagingengine.com (Postfix) with ESMTPA id 4423A30612AF;
 Tue, 10 Mar 2020 14:58:12 -0400 (EDT)
Received: from localhost (xps [10.192.0.12])
 by vm-mail (OpenSMTPD) with ESMTPSA id 547c56d4
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); 
 Tue, 10 Mar 2020 18:58:11 +0000 (UTC)
From: Patrick Steinhardt <ps@pks.im>
To: grub-devel@gnu.org
Cc: Patrick Steinhardt <ps@pks.im>, Daniel Kiper <dkiper@net-space.pl>,
 Leif Lindholm <leif@nuviainc.com>, agraf@csgraf.de, pjones@redhat.com,
 mjg59@google.com, phcoder@gmail.com, Milan Broz <gmazyland@gmail.com>,
 Daniel Kiper <daniel.kiper@oracle.com>
Subject: [PATCH v3 5/5] luks2: Support key derival via Argon2
Date: Tue, 10 Mar 2020 19:58:32 +0100
Message-Id: <012e3d44221f6ba55930a1d5e1be9347d0c6e265.1583866610.git.ps@pks.im>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <cover.1583866610.git.ps@pks.im>
References: <cover.1583866610.git.ps@pks.im>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-Received-From: 66.111.4.27
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 18:58:16 -0000

One addition with LUKS2 was support of the key derival function Argon2
in addition to the previously supported PBKDF2 algortihm. In order to
ease getting in initial support for LUKS2, we only reused infrastructure
to support LUKS2 with PBKDF2, but left out Argon2.

This commit now introduces support for Argon2 to enable decryption of
LUKS2 partitions using this key derival function. As the code for Argon2
has been added in a previous commit in this series, adding support is
now trivial.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 Makefile.util.def           |  6 +++++-
 grub-core/Makefile.core.def |  2 +-
 grub-core/disk/luks2.c      | 13 +++++++++++--
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/Makefile.util.def b/Makefile.util.def
index 1e0799a68..f07cf9deb 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl;
 library = {
   name = libgrubkern.a;
   cflags = '$(CFLAGS_GNULIB)';
-  cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json';
+  cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json -I$(srcdir)/grub-core/lib/argon2';
 
   common = util/misc.c;
   common = grub-core/kern/command.c;
@@ -36,6 +36,10 @@ library = {
   common = grub-core/kern/misc.c;
   common = grub-core/kern/partition.c;
   common = grub-core/lib/crypto.c;
+  common = grub-core/lib/argon2/argon2.c;
+  common = grub-core/lib/argon2/core.c;
+  common = grub-core/lib/argon2/ref.c;
+  common = grub-core/lib/argon2/blake2/blake2b.c;
   common = grub-core/lib/json/json.c;
   common = grub-core/disk/luks.c;
   common = grub-core/disk/luks2.c;
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 30147a899..9e4c89791 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -1204,7 +1204,7 @@ module = {
   common = disk/luks2.c;
   common = lib/gnulib/base64.c;
   cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)';
-  cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json';
+  cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json -I$(srcdir)/lib/argon2';
 };
 
 module = {
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index 767631198..3c79f14aa 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -27,6 +27,7 @@
 #include <grub/partition.h>
 #include <grub/i18n.h>
 
+#include <argon2.h>
 #include <base64.h>
 #include <json.h>
 
@@ -435,8 +436,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
     {
       case LUKS2_KDF_TYPE_ARGON2I:
       case LUKS2_KDF_TYPE_ARGON2ID:
-	ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
-	goto err;
+	ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory, k->kdf.u.argon2.cpus,
+			   passphrase, passphraselen, salt, saltlen, area_key, k->area.key_size,
+			   k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i : Argon2_id,
+			   ARGON2_VERSION_NUMBER);
+        if (ret)
+	  {
+	    grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message (ret));
+	    goto err;
+	  }
+        break;
       case LUKS2_KDF_TYPE_PBKDF2:
 	hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash);
 	if (!hash)
-- 
2.25.1