[PATCH 3/5] disk: luks2: Add missing newline to debug message

2020-02-06 Thread Patrick Steinhardt
The debug message printed when decryption with a keyslot fails is missing its trailing newline. Add it to avoid mangling it with subsequent output. Signed-off-by: Patrick Steinhardt --- grub-core/disk/luks2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/disk/luks

[PATCH 4/5] disk: luks2: Discern Argon2i and Argon2id

2020-02-06 Thread Patrick Steinhardt
While GRUB is already able to parse both Argon2i and Argon2id parameters from the LUKS2 header, it doesn't discern both types. This commit introduces a new KDF type for Argon2id and sets up the parsed KDF's type accordingly. Signed-off-by: Patrick Steinhardt --- grub-core/disk/luks2.c | 13 +

[PATCH 0/5] Support Argon2 KDF in LUKS2

2020-02-06 Thread Patrick Steinhardt
Hi, as promised back when LUKS2 support was merged, here's the code that enables decrypting LUKS2 partitions that use Argon2 as their key derival function. Most of this is simple legwork, but I expect two things to be potentially controversial: - I've changed how EFI allocates memory. On my t

[PATCH 1/5] efi: Allocate half of available memory by default

2020-02-06 Thread Patrick Steinhardt
By default, GRUB will allocate a quarter of the pages it got available in the EFI subsystem. On many current systems, this will amount to roughly 800MB of RAM assuming an address space of 32 bits. This is plenty for most use cases, but it doesn't suffice when using full disk encryption with a key d

[PATCH 5/5] disk: luks2: Support key derival via Argon2

2020-02-06 Thread Patrick Steinhardt
One addition with LUKS2 was support of the key derival function Argon2 in addition to the previously supported PBKDF2 algortihm. In order to ease getting in initial support for LUKS2, we only reused infrastructure to support LUKS2 with PBKDF2, but left out Argon2. This commit now introduces suppor

[PATCH 2/5] argon2: Import Argon2 from cryptsetup

2020-02-06 Thread Patrick Steinhardt
In order to support the Argon2 key derival function for LUKS2, we obviously need to implement Argon2. It doesn't make a lot of sense to hand-code any crypto, which is why this commit instead imports Argon2 from the cryptsetup project. The cryptsetup project was chosen as upstream simply because it