From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1mCjKK-0002oB-Go for mharc-grub-devel@gnu.org; Sun, 08 Aug 2021 09:58:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42418) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mCjKI-0002n0-TH for grub-devel@gnu.org; Sun, 08 Aug 2021 09:58:54 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:42745) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mCjKE-0004Bl-RO for grub-devel@gnu.org; Sun, 08 Aug 2021 09:58:54 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 4E7225C011C; Sun, 8 Aug 2021 09:58:47 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Sun, 08 Aug 2021 09:58:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=fm1; bh=QURuvQ+HkWE3TJ/+m51bdri/RAQ cw5lG22tqo/cwHxM=; b=adHd16atQFUrBSBCYzyyZg7yEd0tZM/NkN+20NCF1nM yLyroosKGeWiJaU/z4m45oMQ0n0GID041elkXdvEf5hfVgiROLPzpBeMZd8XXx8c 22EMKat/Y504c05kzKa6MhPNtjJ0zNohgLhF41FyL/6jlnxtzVR4F064855RwqVa w111+fEQqWU53U+OyCiepoJkc2aHf3mEU0gX8xmCyIc9Q2SYMC8EE4WOyhVMKkov SplvvjnX0teZK8+2mN5v8C/Ztx26jsC+pHckw2kPw65kQFGFUy3VttJ0wxHC4O4k +HYAdg+raJpdRclZ4SgsIeRTIam9CpzXnzqMDNAN4Nw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=QURuvQ +HkWE3TJ/+m51bdri/RAQcw5lG22tqo/cwHxM=; b=QOagIQC00ZXTBch0zMEgKo qbWlUmF7ZArGgbUP+FjKVObPmiPZnow77Fe7jbFjz9sYQadFt8BWjzM207BCxu82 h3KX5jq5Hpb/dsDJ0p1OknzS1oszvd0hKsz6HoOlPS6R5rvYnPfUXkalUDKo3Kl7 ZwfOH9VOdrKlrNtSihvty6fE2XgHLQ7ZKsTfeL2nfOWzIN1hdkTKoi1clktxswJK rtaSslPel90AmAXrOqsstNrjn+Iy4n9m3IpDEYquhhRlRxHiGGfyyffMHD+cakz8 /xuy0yT/Pq4NaEK41AU6sV1dq1lZQZNXP/xkzy4HxNAp8IY1WCDxIEDCINMj0N5g == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrjeehgdeilecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkfhggtggujgesghdtreertddtvdenucfhrhhomheprfgrthhrihgt khcuufhtvghinhhhrghrughtuceophhssehpkhhsrdhimheqnecuggftrfgrthhtvghrnh eptefhffevleeltddvfeeljedtffejueevudfghfegheeltefhuddutdduteevveeknecu ffhomhgrihhnpehpkhhsrdhimhdpghhithhhuhgsrdgtohhmpdgtrhgvrghtihhvvggtoh hmmhhonhhsrdhorhhgpdgrphgrtghhvgdrohhrghenucevlhhushhtvghrufhiiigvpedt necurfgrrhgrmhepmhgrihhlfhhrohhmpehpshesphhkshdrihhm X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 8 Aug 2021 09:58:44 -0400 (EDT) Received: from localhost (ncase [10.192.0.11]) by vm-mail.pks.im (OpenSMTPD) with ESMTPSA id 99dfad69 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sun, 8 Aug 2021 13:58:40 +0000 (UTC) Date: Sun, 8 Aug 2021 15:58:39 +0200 From: Patrick Steinhardt To: grub-devel@gnu.org Cc: Daniel Kiper , Leif Lindholm , agraf@csgraf.de, pjones@redhat.com, mjg59@google.com, phcoder@gmail.com, Milan Broz , petr.vorel@gmail.com, Dmitry Subject: [PATCH v4 0/5] Support Argon2 KDF in LUKS2 Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="nn8lcdtNdAbRssqE" Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=66.111.4.25; envelope-from=ps@pks.im; helo=out1-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Aug 2021 13:58:55 -0000 --nn8lcdtNdAbRssqE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, this is the fourth version of my patch series to implement support for the Argon2 key derival function in LUKS2. This patch series has been rebased on the current master branch, with the following changes: - This series is now based on my pathc series which implements runtime allocation of memory regions on EFI [1]. Like this, we don't need to bump any memory allocation limits, but GRUB knows to request pages from the EFI firmware as required. - I've changed the license of the Argon2 module to CC0, and added a patch on top which allows CC0-licensed modules. This license is compatible with the GPL, so having both together shouldn't be a problem. If you think this is inacceptable, then I'll reach out the authors and ask them whether it's fine to include the code as GPLv3. - We're now always using `grub_memset ()` to wipe memory. - A bunch of smallish fixes left and right. I guess these are best to be seen via below range diff. Patrick [1]: Patrick Steinhardt (5): kern: dl: Allow modules under CC0 license types.h: Add UINT-related macros needed for Argon2 argon2: Import reference implementation of Argon2 luks2: Discern Argon2i and Argon2id luks2: Support key derival via Argon2 Makefile.util.def | 6 +- docs/grub-dev.texi | 64 +++ grub-core/Makefile.core.def | 10 +- grub-core/disk/luks2.c | 26 +- grub-core/kern/dl.c | 3 +- grub-core/lib/argon2/LICENSE | 314 +++++++++++ grub-core/lib/argon2/argon2.c | 232 ++++++++ grub-core/lib/argon2/argon2.h | 264 +++++++++ grub-core/lib/argon2/blake2/blake2-impl.h | 151 ++++++ grub-core/lib/argon2/blake2/blake2.h | 89 +++ grub-core/lib/argon2/blake2/blake2b.c | 388 ++++++++++++++ .../lib/argon2/blake2/blamka-round-ref.h | 56 ++ grub-core/lib/argon2/core.c | 506 ++++++++++++++++++ grub-core/lib/argon2/core.h | 228 ++++++++ grub-core/lib/argon2/ref.c | 190 +++++++ include/grub/types.h | 8 + util/grub-module-verifierXX.c | 3 +- 17 files changed, 2527 insertions(+), 11 deletions(-) create mode 100644 grub-core/lib/argon2/LICENSE create mode 100644 grub-core/lib/argon2/argon2.c create mode 100644 grub-core/lib/argon2/argon2.h create mode 100644 grub-core/lib/argon2/blake2/blake2-impl.h create mode 100644 grub-core/lib/argon2/blake2/blake2.h create mode 100644 grub-core/lib/argon2/blake2/blake2b.c create mode 100644 grub-core/lib/argon2/blake2/blamka-round-ref.h create mode 100644 grub-core/lib/argon2/core.c create mode 100644 grub-core/lib/argon2/core.h create mode 100644 grub-core/lib/argon2/ref.c Range-diff against v3: 1: 4c123e0a2 < -: --------- efi: Always try to allocate heap size of 1.5GB -: --------- > 1: e0a474cdc kern: dl: Allow modules under CC0 license 2: 6bfb385b4 ! 2: c1c8f89ce types.h: add UINT-related macros needed for A= rgon2 @@ Metadata Author: Patrick Steinhardt =20 ## Commit message ## - types.h: add UINT-related macros needed for Argon2 + types.h: Add UINT-related macros needed for Argon2 =20 For the upcoming import of the Argon2 library, we need the macros GRUB_UINT32_MAX, GRUB_UINT32_C and GRUB_UINT64_C. Add them as a @@ include/grub/types.h: typedef grub_int32_t grub_ssize_t; #define GRUB_INT_MIN (-GRUB_INT_MAX - 1) #define GRUB_INT32_MAX 2147483647 @@ include/grub/types.h: typedef grub_int32_t grub_ssize_t; - #endif - # define GRUB_LONG_MIN (-GRUB_LONG_MAX - 1) + #define GRUB_TYPE_U_MAX(type) ((unsigned long long)((typeof (type))(~= 0))) + #define GRUB_TYPE_U_MIN(type) 0ULL =20 +# define GRUB_UINT32_C(x) x ## U +# if GRUB_ULONG_MAX >> 31 >> 31 >> 1 =3D=3D 1 3: bb6fa9cb5 ! 3: 18fa10a56 argon2: Import Argon2 from cryptsetup @@ Metadata Author: Patrick Steinhardt =20 ## Commit message ## - argon2: Import Argon2 from cryptsetup + argon2: Import reference implementation of Argon2 =20 In order to support the Argon2 key derival function for LUKS2, we obviously need to implement Argon2. It doesn't make a lot of sense= to - hand-code any crypto, which is why this commit instead imports Arg= on2 - from the cryptsetup project. This commit thus imports the code fro= m the + hand-code any crypto, which is why this commit imports Argon2 from= the official reference implementation located at [1]. The code is lice= nsed under CC0 1.0 Universal/Apache 2.0. Given that both LGPLv2.1+ and = Apache 2.0 are compatible with GPLv3, it should be fine to import that co= de. =20 The code is imported from commit 62358ba (Merge pull request #270 = =66rom bitmark-property-system/master, 2019-05-20). To make it work for G= RUB, - several adjustments were required that have beed documented in + several adjustments were required that have been documented in "grub-dev.texi". =20 [1]: https://github.com/P-H-C/phc-winner-argon2 @@ grub-core/Makefile.core.def: module =3D { name =3D afsplitter; common =3D disk/AFSplitter.c; =20 + ## grub-core/lib/argon2/LICENSE (new) ## +@@ ++Argon2 reference source code package - reference C implementations ++ ++Copyright 2015 ++Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel = Neves ++ ++You may use this work under the terms of a Creative Commons CC0 1.0= =20 ++License/Waiver or the Apache Public License 2.0, at your option. The = terms of ++these licenses can be found at: ++ ++- CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 ++- Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 ++ ++The terms of the licenses are reproduced below. ++ ++---------------------------------------------------------------------= ----------- ++ ++Creative Commons Legal Code ++ ++CC0 1.0 Universal ++ ++ CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVI= DE ++ LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ++ ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS ++ INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRAN= TIES ++ REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS ++ PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING= FROM ++ THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED ++ HEREUNDER. ++ ++Statement of Purpose ++ ++The laws of most jurisdictions throughout the world automatically con= fer ++exclusive Copyright and Related Rights (defined below) upon the creat= or ++and subsequent owner(s) (each and all, an "owner") of an original wor= k of ++authorship and/or a database (each, a "Work"). ++ ++Certain owners wish to permanently relinquish those rights to a Work = for ++the purpose of contributing to a commons of creative, cultural and ++scientific works ("Commons") that the public can reliably and without= fear ++of later claims of infringement build upon, modify, incorporate in ot= her ++works, reuse and redistribute as freely as possible in any form whats= oever ++and for any purposes, including without limitation commercial purpose= s. ++These owners may contribute to the Commons to promote the ideal of a = free ++culture and the further production of creative, cultural and scientif= ic ++works, or to gain reputation or greater distribution for their Work in ++part through the use and efforts of others. ++ ++For these and/or other purposes and motivations, and without any ++expectation of additional consideration or compensation, the person ++associating CC0 with a Work (the "Affirmer"), to the extent that he o= r she ++is an owner of Copyright and Related Rights in the Work, voluntarily ++elects to apply CC0 to the Work and publicly distribute the Work unde= r its ++terms, with knowledge of his or her Copyright and Related Rights in t= he ++Work and the meaning and intended legal effect of CC0 on those rights. ++ ++1. Copyright and Related Rights. A Work made available under CC0 may = be ++protected by copyright and related or neighboring rights ("Copyright = and ++Related Rights"). Copyright and Related Rights include, but are not ++limited to, the following: ++ ++ i. the right to reproduce, adapt, distribute, perform, display, ++ communicate, and translate a Work; ++ ii. moral rights retained by the original author(s) and/or performer= (s); ++iii. publicity and privacy rights pertaining to a person's image or ++ likeness depicted in a Work; ++ iv. rights protecting against unfair competition in regards to a Wor= k, ++ subject to the limitations in paragraph 4(a), below; ++ v. rights protecting the extraction, dissemination, use and reuse o= f data ++ in a Work; ++ vi. database rights (such as those arising under Directive 96/9/EC o= f the ++ European Parliament and of the Council of 11 March 1996 on the l= egal ++ protection of databases, and under any national implementation ++ thereof, including any amended or successor version of such ++ directive); and ++vii. other similar, equivalent or corresponding rights throughout the ++ world based on applicable law or treaty, and any national ++ implementations thereof. ++ ++2. Waiver. To the greatest extent permitted by, but not in contravent= ion ++of, applicable law, Affirmer hereby overtly, fully, permanently, ++irrevocably and unconditionally waives, abandons, and surrenders all = of ++Affirmer's Copyright and Related Rights and associated claims and cau= ses ++of action, whether now known or unknown (including existing as well as ++future claims and causes of action), in the Work (i) in all territori= es ++worldwide, (ii) for the maximum duration provided by applicable law or ++treaty (including future time extensions), (iii) in any current or fu= ture ++medium and for any number of copies, and (iv) for any purpose whatsoe= ver, ++including without limitation commercial, advertising or promotional ++purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of= each ++member of the public at large and to the detriment of Affirmer's heir= s and ++successors, fully intending that such Waiver shall not be subject to ++revocation, rescission, cancellation, termination, or any other legal= or ++equitable action to disrupt the quiet enjoyment of the Work by the pu= blic ++as contemplated by Affirmer's express Statement of Purpose. ++ ++3. Public License Fallback. Should any part of the Waiver for any rea= son ++be judged legally invalid or ineffective under applicable law, then t= he ++Waiver shall be preserved to the maximum extent permitted taking into ++account Affirmer's express Statement of Purpose. In addition, to the ++extent the Waiver is so judged Affirmer hereby grants to each affected ++person a royalty-free, non transferable, non sublicensable, non exclu= sive, ++irrevocable and unconditional license to exercise Affirmer's Copyrigh= t and ++Related Rights in the Work (i) in all territories worldwide, (ii) for= the ++maximum duration provided by applicable law or treaty (including futu= re ++time extensions), (iii) in any current or future medium and for any n= umber ++of copies, and (iv) for any purpose whatsoever, including without ++limitation commercial, advertising or promotional purposes (the ++"License"). The License shall be deemed effective as of the date CC0 = was ++applied by Affirmer to the Work. Should any part of the License for a= ny ++reason be judged legally invalid or ineffective under applicable law,= such ++partial invalidity or ineffectiveness shall not invalidate the remain= der ++of the License, and in such case Affirmer hereby affirms that he or s= he ++will not (i) exercise any of his or her remaining Copyright and Relat= ed ++Rights in the Work or (ii) assert any associated claims and causes of ++action with respect to the Work, in either case contrary to Affirmer's ++express Statement of Purpose. ++ ++4. Limitations and Disclaimers. ++ ++ a. No trademark or patent rights held by Affirmer are waived, abando= ned, ++ surrendered, licensed or otherwise affected by this document. ++ b. Affirmer offers the Work as-is and makes no representations or ++ warranties of any kind concerning the Work, express, implied, ++ statutory or otherwise, including without limitation warranties of ++ title, merchantability, fitness for a particular purpose, non ++ infringement, or the absence of latent or other defects, accuracy= , or ++ the present or absence of errors, whether or not discoverable, al= l to ++ the greatest extent permissible under applicable law. ++ c. Affirmer disclaims responsibility for clearing rights of other pe= rsons ++ that may apply to the Work or any use thereof, including without ++ limitation any person's Copyright and Related Rights in the Work. ++ Further, Affirmer disclaims responsibility for obtaining any nece= ssary ++ consents, permissions or other rights required for any use of the ++ Work. ++ d. Affirmer understands and acknowledges that Creative Commons is no= t a ++ party to this document and has no duty or obligation with respect= to ++ this CC0 or use of the Work. ++ ++---------------------------------------------------------------------= ----------- ++ ++ Apache License ++ Version 2.0, January 2004 ++ http://www.apache.org/licenses/ ++ ++ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION ++ ++ 1. Definitions. ++ ++ "License" shall mean the terms and conditions for use, reproduc= tion, ++ and distribution as defined by Sections 1 through 9 of this doc= ument. ++ ++ "Licensor" shall mean the copyright owner or entity authorized = by ++ the copyright owner that is granting the License. ++ ++ "Legal Entity" shall mean the union of the acting entity and all ++ other entities that control, are controlled by, or are under co= mmon ++ control with that entity. For the purposes of this definition, ++ "control" means (i) the power, direct or indirect, to cause the ++ direction or management of such entity, whether by contract or ++ otherwise, or (ii) ownership of fifty percent (50%) or more of = the ++ outstanding shares, or (iii) beneficial ownership of such entit= y. ++ ++ "You" (or "Your") shall mean an individual or Legal Entity ++ exercising permissions granted by this License. ++ ++ "Source" form shall mean the preferred form for making modifica= tions, ++ including but not limited to software source code, documentation ++ source, and configuration files. ++ ++ "Object" form shall mean any form resulting from mechanical ++ transformation or translation of a Source form, including but ++ not limited to compiled object code, generated documentation, ++ and conversions to other media types. ++ ++ "Work" shall mean the work of authorship, whether in Source or ++ Object form, made available under the License, as indicated by a ++ copyright notice that is included in or attached to the work ++ (an example is provided in the Appendix below). ++ ++ "Derivative Works" shall mean any work, whether in Source or Ob= ject ++ form, that is based on (or derived from) the Work and for which= the ++ editorial revisions, annotations, elaborations, or other modifi= cations ++ represent, as a whole, an original work of authorship. For the = purposes ++ of this License, Derivative Works shall not include works that = remain ++ separable from, or merely link (or bind by name) to the interfa= ces of, ++ the Work and Derivative Works thereof. ++ ++ "Contribution" shall mean any work of authorship, including ++ the original version of the Work and any modifications or addit= ions ++ to that Work or Derivative Works thereof, that is intentionally ++ submitted to Licensor for inclusion in the Work by the copyrigh= t owner ++ or by an individual or Legal Entity authorized to submit on beh= alf of ++ the copyright owner. For the purposes of this definition, "subm= itted" ++ means any form of electronic, verbal, or written communication = sent ++ to the Licensor or its representatives, including but not limit= ed to ++ communication on electronic mailing lists, source code control = systems, ++ and issue tracking systems that are managed by, or on behalf of= , the ++ Licensor for the purpose of discussing and improving the Work, = but ++ excluding communication that is conspicuously marked or otherwi= se ++ designated in writing by the copyright owner as "Not a Contribu= tion." ++ ++ "Contributor" shall mean Licensor and any individual or Legal E= ntity ++ on behalf of whom a Contribution has been received by Licensor = and ++ subsequently incorporated within the Work. ++ ++ 2. Grant of Copyright License. Subject to the terms and conditions= of ++ this License, each Contributor hereby grants to You a perpetual, ++ worldwide, non-exclusive, no-charge, royalty-free, irrevocable ++ copyright license to reproduce, prepare Derivative Works of, ++ publicly display, publicly perform, sublicense, and distribute = the ++ Work and such Derivative Works in Source or Object form. ++ ++ 3. Grant of Patent License. Subject to the terms and conditions of ++ this License, each Contributor hereby grants to You a perpetual, ++ worldwide, non-exclusive, no-charge, royalty-free, irrevocable ++ (except as stated in this section) patent license to make, have= made, ++ use, offer to sell, sell, import, and otherwise transfer the Wo= rk, ++ where such license applies only to those patent claims licensab= le ++ by such Contributor that are necessarily infringed by their ++ Contribution(s) alone or by combination of their Contribution(s) ++ with the Work to which such Contribution(s) was submitted. If Y= ou ++ institute patent litigation against any entity (including a ++ cross-claim or counterclaim in a lawsuit) alleging that the Work ++ or a Contribution incorporated within the Work constitutes dire= ct ++ or contributory patent infringement, then any patent licenses ++ granted to You under this License for that Work shall terminate ++ as of the date such litigation is filed. ++ ++ 4. Redistribution. You may reproduce and distribute copies of the ++ Work or Derivative Works thereof in any medium, with or without ++ modifications, and in Source or Object form, provided that You ++ meet the following conditions: ++ ++ (a) You must give any other recipients of the Work or ++ Derivative Works a copy of this License; and ++ ++ (b) You must cause any modified files to carry prominent notices ++ stating that You changed the files; and ++ ++ (c) You must retain, in the Source form of any Derivative Works ++ that You distribute, all copyright, patent, trademark, and ++ attribution notices from the Source form of the Work, ++ excluding those notices that do not pertain to any part of ++ the Derivative Works; and ++ ++ (d) If the Work includes a "NOTICE" text file as part of its ++ distribution, then any Derivative Works that You distribute= must ++ include a readable copy of the attribution notices contained ++ within such NOTICE file, excluding those notices that do not ++ pertain to any part of the Derivative Works, in at least one ++ of the following places: within a NOTICE text file distribu= ted ++ as part of the Derivative Works; within the Source form or ++ documentation, if provided along with the Derivative Works;= or, ++ within a display generated by the Derivative Works, if and ++ wherever such third-party notices normally appear. The cont= ents ++ of the NOTICE file are for informational purposes only and ++ do not modify the License. You may add Your own attribution ++ notices within Derivative Works that You distribute, alongs= ide ++ or as an addendum to the NOTICE text from the Work, provided ++ that such additional attribution notices cannot be construed ++ as modifying the License. ++ ++ You may add Your own copyright statement to Your modifications = and ++ may provide additional or different license terms and conditions ++ for use, reproduction, or distribution of Your modifications, or ++ for any such Derivative Works as a whole, provided Your use, ++ reproduction, and distribution of the Work otherwise complies w= ith ++ the conditions stated in this License. ++ ++ 5. Submission of Contributions. Unless You explicitly state otherw= ise, ++ any Contribution intentionally submitted for inclusion in the W= ork ++ by You to the Licensor shall be under the terms and conditions = of ++ this License, without any additional terms or conditions. ++ Notwithstanding the above, nothing herein shall supersede or mo= dify ++ the terms of any separate license agreement you may have execut= ed ++ with Licensor regarding such Contributions. ++ ++ 6. Trademarks. This License does not grant permission to use the t= rade ++ names, trademarks, service marks, or product names of the Licen= sor, ++ except as required for reasonable and customary use in describi= ng the ++ origin of the Work and reproducing the content of the NOTICE fi= le. ++ ++ 7. Disclaimer of Warranty. Unless required by applicable law or ++ agreed to in writing, Licensor provides the Work (and each ++ Contributor provides its Contributions) on an "AS IS" BASIS, ++ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or ++ implied, including, without limitation, any warranties or condi= tions ++ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A ++ PARTICULAR PURPOSE. You are solely responsible for determining = the ++ appropriateness of using or redistributing the Work and assume = any ++ risks associated with Your exercise of permissions under this L= icense. ++ ++ 8. Limitation of Liability. In no event and under no legal theory, ++ whether in tort (including negligence), contract, or otherwise, ++ unless required by applicable law (such as deliberate and gross= ly ++ negligent acts) or agreed to in writing, shall any Contributor = be ++ liable to You for damages, including any direct, indirect, spec= ial, ++ incidental, or consequential damages of any character arising a= s a ++ result of this License or out of the use or inability to use the ++ Work (including but not limited to damages for loss of goodwill, ++ work stoppage, computer failure or malfunction, or any and all ++ other commercial damages or losses), even if such Contributor ++ has been advised of the possibility of such damages. ++ ++ 9. Accepting Warranty or Additional Liability. While redistributing ++ the Work or Derivative Works thereof, You may choose to offer, ++ and charge a fee for, acceptance of support, warranty, indemnit= y, ++ or other liability obligations and/or rights consistent with th= is ++ License. However, in accepting such obligations, You may act on= ly ++ on Your own behalf and on Your sole responsibility, not on beha= lf ++ of any other Contributor, and only if You agree to indemnify, ++ defend, and hold each Contributor harmless for any liability ++ incurred by, or claims asserted against, such Contributor by re= ason ++ of your accepting any such warranty or additional liability. + ## grub-core/lib/argon2/argon2.c (new) ## @@ +/* @@ grub-core/lib/argon2/argon2.c (new) +#include "argon2.h" +#include "core.h" + -+GRUB_MOD_LICENSE ("GPLv3"); ++GRUB_MOD_LICENSE ("CC0"); + +static int argon2_ctx(argon2_context *context, argon2_type type) { + /* 1. Validate all inputs */ @@ grub-core/lib/argon2/core.c (new) +#endif +#define VC_GE_2005(version) (version >=3D 1400) + -+/* for explicit_bzero() on glibc */ -+#define _DEFAULT_SOURCE -+ +#include "core.h" +#include "blake2/blake2.h" +#include "blake2/blake2-impl.h" @@ grub-core/lib/argon2/core.c (new) + } +} + -+#if defined(__OpenBSD__) -+#define HAVE_EXPLICIT_BZERO 1 -+#elif defined(__GLIBC__) && defined(__GLIBC_PREREQ) -+#if __GLIBC_PREREQ(2,25) -+#define HAVE_EXPLICIT_BZERO 1 -+#endif -+#endif -+ +void NOT_OPTIMIZED secure_wipe_memory(void *v, grub_size_t n) { -+#if defined(_MSC_VER) && VC_GE_2005(_MSC_VER) -+ SecureZeroMemory(v, n); -+#elif defined grub_memset_s -+ grub_memset_s(v, n, 0, n); -+#elif defined(HAVE_EXPLICIT_BZERO) -+ explicit_bzero(v, n); -+#else + static void *(*const volatile grub_memset_sec)(void *, int, grub_= size_t) =3D &grub_memset; + grub_memset_sec(v, 0, n); -+#endif +} + +/* Memory clear flag defaults to true. */ @@ grub-core/lib/argon2/core.c (new) + */ + grub_uint32_t reference_area_size; + grub_uint64_t relative_position; -+ grub_uint32_t start_position, absolute_position; ++ grub_uint64_t start_position, absolute_position; + + if (0 =3D=3D position->pass) { + /* First pass */ @@ grub-core/lib/argon2/core.c (new) + } + + /* 1.2.6. Computing absolute position */ -+ absolute_position =3D (start_position + relative_position) % -+ instance->lane_length; /* absolute position */ ++ grub_divmod64 (start_position + relative_position, instance->lane= _length, ++ &absolute_position); /* absolute position */ + return absolute_position; +} + @@ grub-core/lib/argon2/ref.c (new) + } + + /* 1.2.2 Computing the lane of the reference block */ -+ ref_lane =3D ((pseudo_rand >> 32)) % instance->lanes; ++ grub_divmod64 (pseudo_rand >> 32, instance->lanes, &ref_lane); + + if ((position.pass =3D=3D 0) && (position.slice =3D=3D 0)) { + /* Can not reference other lanes yet */ 4: 81c347d62 ! 4: e40635878 luks2: Discern Argon2i and Argon2id @@ Commit message accordingly. =20 Signed-off-by: Patrick Steinhardt - Reviewed-by: Daniel Kiper =20 ## grub-core/disk/luks2.c ## @@ grub-core/disk/luks2.c: GRUB_MOD_LICENSE ("GPLv3+"); 5: 11c2a26a8 ! 5: f733e61bd luks2: Support key derival via Argon2 @@ Commit message now trivial. =20 Signed-off-by: Patrick Steinhardt - Reviewed-by: Daniel Kiper =20 ## Makefile.util.def ## @@ Makefile.util.def: AutoGen definitions Makefile.tpl; --=20 2.32.0 --nn8lcdtNdAbRssqE Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAmEP4w4ACgkQVbJhu7ck PpT90w/6AlY0JbziBko4ezmox9rFEM9wLewQZU2PjHcWnN+BTtE9aZqlaChUWqpD 9k65kbNp7ZbwA8pTFASURGqPapiElnFY4qnjO/+tbtep2np7D2xQ5dkpLXtNqg+W 3OGobZsOH83JW7GC9pNz6L3Ci+96lHs/THJ040b9LpX3B2sHR6wyH1DXZk9fmq+T +wfL3KSUj6b0OSAgAdA4vPsnpyagwHRnmcOCbwPe5p599u/4/6rA2toB2GWDtiot clOgbrDaJd/g08J3+ZGynyf0et1QXF3mj75R2D75oDQrvkxGi9yQ7hpqPUjlTV18 9Jzluo2QyLk2wRcqV30vaHH+9WbQKIWXd1II/BAp6CTbQY8SfYPp7x3k4pN0hC+L qxgrfKcHc6t2qzmbMW1+OnyZ4vH2YLsdkoa8etZ9kLDrVj29fEIjw5vRf8DY6ngE Q5d2Myz2CwIX71vaxZB4jrzmURtbigMUzJbTaVyJcecyjKYz8FO9Xp8HnPd902oE duTfdnKqlnrBzrP1bUnCW664NV69IAhH1CpMQ3Pm5USupLnEiWDy23qGmn+adzj5 KUHLkmVYmzPVrOwbuqIuW3eH8oG7KevDghqrx6QwVlT0K5/Z0yW0tm3OjPdPi4JE jmq+Dnc2PK5q3MwSr4tKeAiYedr7+aGmtH+pvPdgZqOSXqCRi3Q= =wHRA -----END PGP SIGNATURE----- --nn8lcdtNdAbRssqE--