From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1jBk51-00050K-Gf for mharc-grub-devel@gnu.org; Tue, 10 Mar 2020 14:58:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55368) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jBk4x-0004xb-LL for grub-devel@gnu.org; Tue, 10 Mar 2020 14:58:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1jBk4w-0006Gr-7b for grub-devel@gnu.org; Tue, 10 Mar 2020 14:58:11 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:39935) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1jBk4v-0005v2-Tg for grub-devel@gnu.org; Tue, 10 Mar 2020 14:58:10 -0400 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 22444221E9; Tue, 10 Mar 2020 14:58:08 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Tue, 10 Mar 2020 14:58:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=from :to:cc:subject:date:message-id:mime-version :content-transfer-encoding; s=fm3; bh=jZ9TvC4WgjAaKQDTVImnUWL1a1 Kk2L7NrlTnncF/m0o=; b=euxpkcCoga1lfb2m76NuPhpHMfzUZLolj0y+o4KASw DLmmXDsvE+slp4WMEnCm+D033YnITJaVARq2YQj+Y2bvRt0pMYaPGQSt8YIWZ9s0 +CzlETJKeoTxQIIUjujIUG7zBcY8epoL3jhVAtvvYuPbAmIUsoRc8cZXWumi1lAs JAUj+n7CBqH8/WZE4HbYf7wePW4IgPS6OJ2t+H18dQS9pnKP6eYTs7FYiVOXdigs j3wvlMtz9oRZ2Ozm7CcxkrzM6Xg0LrZ0Ggq8QkYgDO3DjR8Ga39CUF9k7nwozD++ ZwTRjBc59njUsKlLUWE1A+8ZYk450qgSB1LjzX+sQclw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :message-id:mime-version:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=jZ9TvC4WgjAaKQDTV ImnUWL1a1Kk2L7NrlTnncF/m0o=; b=BNf+LDkNGZTYYKImIi2NwmkNAGaUehFOC QdHBEX5KtiARPH3u1/K7lgnvSFzvnALVsnPoZAVawBvGonkMyVvkbJkV8gRnN937 UUvE4idDyMBF64bVeph/AfTj4yTc55xmiq2niNgY4Ac/wiLPuanqmEX44jLT/YBe dt+lbn8EXPNXU04o/CiFmefmAKYi50jCoCXeWwPjBXkDKl9LlXMPuQX/AG5vaZrf MnUx6C6RYGPUfeefJwBR4RZgRvB9DnjPC0ujMOPzD3/yzLBFtxEPUR2eZqOmfhUn lpSpYqC0AZm4bZDNUjmg7dafushRlg21Pv9MvQZatBjIS/a40snig== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedruddvtddgudduudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvffufffkofgggfestdekredtredttdenucfhrhhomheprfgrthhrihgt khcuufhtvghinhhhrghrughtuceophhssehpkhhsrdhimheqnecukfhppeekledruddvrd dvheegrddvheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhr ohhmpehpshesphhkshdrihhm X-ME-Proxy: Received: from vm-mail (x590cfe19.dyn.telefonica.de [89.12.254.25]) by mail.messagingengine.com (Postfix) with ESMTPA id 0DCC83061363; Tue, 10 Mar 2020 14:58:05 -0400 (EDT) Received: from localhost (xps [10.192.0.12]) by vm-mail (OpenSMTPD) with ESMTPSA id 68ecfd10 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Tue, 10 Mar 2020 18:58:02 +0000 (UTC) From: Patrick Steinhardt To: grub-devel@gnu.org Cc: Patrick Steinhardt , Daniel Kiper , Leif Lindholm , agraf@csgraf.de, pjones@redhat.com, mjg59@google.com, phcoder@gmail.com, Milan Broz Subject: [PATCH v3 0/5] Support Argon2 KDF in LUKS2 Date: Tue, 10 Mar 2020 19:58:27 +0100 Message-Id: X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.111.4.27 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Mar 2020 18:58:13 -0000 Hi, this is the third version of my patchset to support the Argon2 KDF in LUKS2. The following things have changed in comparison to v2: - Improved the GRUB_UINT_C macros to not use `elif 1` and fixed indentation. - Dropped the upstreamed patch to fix a missing newline. - Reworked how we allocate memory on EFI. Previously, we always targeted to acquire 1/4 of available memory. Now we're always trying to allocate MAX_HEAP_SIZE (1.6GB) but clamp it to at most 1/2 of available memory and at least MIN_HEAP_SIZE (100MB). So especially the last part is the interesting one. I _think_ that it's roughly what Leif had in mind, but please do correct me if I'm wrong. Regards Patrick Patrick Steinhardt (5): efi: Always try to allocate heap size of 1.6GB types.h: add UINT-related macros needed for Argon2 argon2: Import Argon2 from cryptsetup luks2: Discern Argon2i and Argon2id luks2: Support key derival via Argon2 Makefile.util.def | 6 +- docs/grub-dev.texi | 64 +++ grub-core/Makefile.core.def | 10 +- grub-core/disk/luks2.c | 26 +- grub-core/kern/efi/mm.c | 21 +- grub-core/lib/argon2/argon2.c | 232 ++++++++ grub-core/lib/argon2/argon2.h | 264 +++++++++ grub-core/lib/argon2/blake2/blake2-impl.h | 151 +++++ grub-core/lib/argon2/blake2/blake2.h | 89 +++ grub-core/lib/argon2/blake2/blake2b.c | 388 +++++++++++++ .../lib/argon2/blake2/blamka-round-ref.h | 56 ++ grub-core/lib/argon2/core.c | 525 ++++++++++++++++++ grub-core/lib/argon2/core.h | 228 ++++++++ grub-core/lib/argon2/ref.c | 190 +++++++ include/grub/types.h | 8 + 15 files changed, 2239 insertions(+), 19 deletions(-) create mode 100644 grub-core/lib/argon2/argon2.c create mode 100644 grub-core/lib/argon2/argon2.h create mode 100644 grub-core/lib/argon2/blake2/blake2-impl.h create mode 100644 grub-core/lib/argon2/blake2/blake2.h create mode 100644 grub-core/lib/argon2/blake2/blake2b.c create mode 100644 grub-core/lib/argon2/blake2/blamka-round-ref.h create mode 100644 grub-core/lib/argon2/core.c create mode 100644 grub-core/lib/argon2/core.h create mode 100644 grub-core/lib/argon2/ref.c Range-diff against v2: 1: 15bdf830e < -: --------- efi: Allocate half of available memory by default -: --------- > 1: c783f34d7 efi: Always try to allocate heap size of 1.6GB 2: e81db7d95 ! 2: 724713a8b types.h: add UINT-related macros needed for Argon2 @@ include/grub/types.h: typedef grub_int32_t grub_ssize_t; #endif # define GRUB_LONG_MIN (-GRUB_LONG_MAX - 1) -+# define GRUB_UINT32_C(x) x ## U -+# if GRUB_ULONG_MAX >> 31 >> 31 >> 1 == 1 -+# define GRUB_UINT64_C(x) x##UL -+# elif 1 -+# define GRUB_UINT64_C(x) x##ULL -+# endif ++#define GRUB_UINT32_C(x) x ## U ++#if GRUB_ULONG_MAX >> 31 >> 31 >> 1 == 1 ++# define GRUB_UINT64_C(x) x##UL ++#else ++# define GRUB_UINT64_C(x) x##ULL ++#endif + typedef grub_uint64_t grub_properly_aligned_t; 3: 50aff9670 ! 3: eadc4bcd8 argon2: Import Argon2 from cryptsetup @@ docs/grub-dev.texi: GRUB includes some code from other projects, and it is somet +* Argon2:: * Gnulib:: * jsmn:: + * minilzo:: @end menu +@node Argon2 4: af3f85665 < -: --------- luks2: Add missing newline to debug message 5: 89abe827b ! 4: 61bc6c0e5 luks2: Discern Argon2i and Argon2id @@ Commit message accordingly. Signed-off-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper ## grub-core/disk/luks2.c ## @@ grub-core/disk/luks2.c: GRUB_MOD_LICENSE ("GPLv3+"); 6: 70a354e0b ! 5: 012e3d442 luks2: Support key derival via Argon2 @@ Commit message now trivial. Signed-off-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper ## Makefile.util.def ## @@ Makefile.util.def: AutoGen definitions Makefile.tpl; -- 2.25.1