[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 6/6] luks2: Support key derival via Argon2
From: |
Patrick Steinhardt |
Subject: |
[PATCH v2 6/6] luks2: Support key derival via Argon2 |
Date: |
Thu, 20 Feb 2020 19:00:54 +0100 |
One addition with LUKS2 was support of the key derival function Argon2
in addition to the previously supported PBKDF2 algortihm. In order to
ease getting in initial support for LUKS2, we only reused infrastructure
to support LUKS2 with PBKDF2, but left out Argon2.
This commit now introduces support for Argon2 to enable decryption of
LUKS2 partitions using this key derival function. As the code for Argon2
has been added in a previous commit in this series, adding support is
now trivial.
Signed-off-by: Patrick Steinhardt <address@hidden>
---
Makefile.util.def | 6 +++++-
grub-core/Makefile.core.def | 2 +-
grub-core/disk/luks2.c | 13 +++++++++++--
3 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/Makefile.util.def b/Makefile.util.def
index 94336392b..a50effce4 100644
--- a/Makefile.util.def
+++ b/Makefile.util.def
@@ -3,7 +3,7 @@ AutoGen definitions Makefile.tpl;
library = {
name = libgrubkern.a;
cflags = '$(CFLAGS_GNULIB)';
- cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json';
+ cppflags = '$(CPPFLAGS_GNULIB) -I$(srcdir)/grub-core/lib/json
-I$(srcdir)/grub-core/lib/argon2';
common = util/misc.c;
common = grub-core/kern/command.c;
@@ -36,6 +36,10 @@ library = {
common = grub-core/kern/misc.c;
common = grub-core/kern/partition.c;
common = grub-core/lib/crypto.c;
+ common = grub-core/lib/argon2/argon2.c;
+ common = grub-core/lib/argon2/core.c;
+ common = grub-core/lib/argon2/ref.c;
+ common = grub-core/lib/argon2/blake2/blake2b.c;
common = grub-core/lib/json/json.c;
common = grub-core/disk/luks.c;
common = grub-core/disk/luks2.c;
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 7e96cb1ce..7ffd26528 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -1204,7 +1204,7 @@ module = {
common = disk/luks2.c;
common = lib/gnulib/base64.c;
cflags = '$(CFLAGS_POSIX) $(CFLAGS_GNULIB)';
- cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json';
+ cppflags = '$(CPPFLAGS_POSIX) $(CPPFLAGS_GNULIB) -I$(srcdir)/lib/json
-I$(srcdir)/lib/argon2';
};
module = {
diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
index 767631198..3c79f14aa 100644
--- a/grub-core/disk/luks2.c
+++ b/grub-core/disk/luks2.c
@@ -27,6 +27,7 @@
#include <grub/partition.h>
#include <grub/i18n.h>
+#include <argon2.h>
#include <base64.h>
#include <json.h>
@@ -435,8 +436,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
{
case LUKS2_KDF_TYPE_ARGON2I:
case LUKS2_KDF_TYPE_ARGON2ID:
- ret = grub_error (GRUB_ERR_BAD_ARGUMENT, "Argon2 not supported");
- goto err;
+ ret = argon2_hash (k->kdf.u.argon2.time, k->kdf.u.argon2.memory,
k->kdf.u.argon2.cpus,
+ passphrase, passphraselen, salt, saltlen, area_key,
k->area.key_size,
+ k->kdf.type == LUKS2_KDF_TYPE_ARGON2I ? Argon2_i :
Argon2_id,
+ ARGON2_VERSION_NUMBER);
+ if (ret)
+ {
+ grub_dprintf ("luks2", "Argon2 failed: %s\n", argon2_error_message
(ret));
+ goto err;
+ }
+ break;
case LUKS2_KDF_TYPE_PBKDF2:
hash = grub_crypto_lookup_md_by_name (k->kdf.u.pbkdf2.hash);
if (!hash)
--
2.25.1
- Re: [PATCH 0/5] Support Argon2 KDF in LUKS2, (continued)
- [PATCH v2 0/6] Support Argon2 KDF in LUKS2, Patrick Steinhardt, 2020/02/20
- [PATCH v2 2/6] types.h: add UINT-related macros needed for Argon2, Patrick Steinhardt, 2020/02/20
- [PATCH v2 1/6] efi: Allocate half of available memory by default, Patrick Steinhardt, 2020/02/20
- [PATCH v2 4/6] luks2: Add missing newline to debug message, Patrick Steinhardt, 2020/02/20
- [PATCH v2 5/6] luks2: Discern Argon2i and Argon2id, Patrick Steinhardt, 2020/02/20
- [PATCH v2 3/6] argon2: Import Argon2 from cryptsetup, Patrick Steinhardt, 2020/02/20
- [PATCH v2 6/6] luks2: Support key derival via Argon2,
Patrick Steinhardt <=
- Re: [PATCH v2 0/6] Support Argon2 KDF in LUKS2, Leif Lindholm, 2020/02/20
- Re: [PATCH v2 0/6] Support Argon2 KDF in LUKS2, Daniel Kiper, 2020/02/21