argon2 to generate 64-byte hash from password in initrd

bkauler · Apr 29, 2023 · 306859c · 306859c
1 parent 2462913
commit 306859c
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 2 deletions.
diff --git a/easyos/easy-arch/amd64/target/boot/initrd-tree/bin/argon2 b/easyos/easy-arch/amd64/target/boot/initrd-tree/bin/argon2
diff --git a/easyos/easy-arch/amd64/target/boot/reserve/argon2 b/easyos/easy-arch/amd64/target/boot/reserve/argon2
diff --git a/easyos/easy-code/3buildeasydistro b/easyos/easy-code/3buildeasydistro
@@ -295,6 +295,7 @@
 #20230416 pre-populate initrd sfs .png and .specs files.
 #20230423 trying to fix norwegian.
 #20230429 no need to substitute variable values in initrd.
+#20230429 copy fscryptctl from initrd to rootfs-complete. 20230430 and argon2
 
 export LANG=C #faster.
 
@@ -5318,6 +5319,14 @@ done
 #20230220 /sbin/ask-language in initrd wants this...
 cp -a -f ../../build-choices ./
 
+#20230429
+if [ -e bin/fscryptctl ];then
+ cp -a -f bin/fscryptctl ../../sandbox3/rootfs-complete/sbin/
+fi
+if [ -e bin/argon2 ];then #20230430
+ cp -a -f bin/argon2 ../../sandbox3/rootfs-complete/sbin/
+fi
+
 #20230416 pre-populate sfs .png and .specs files...
 SFSSPATH=''
 if [ -f ../../PROJECTPATH ];then

diff --git a/easyos/easy-code/boot/initrd-tree/init b/easyos/easy-code/boot/initrd-tree/init
@@ -158,6 +158,7 @@
 #20230425 maybe compressed 'gpg' 'mksquashfs'
 #20230429 fix workingdir when mount overlay fs. /build-choices has EOS_ variables.
 #20230429 /build-choices has EOS_FSCRYPT_VER value 1 or 2
+#20230430 64 byte hash generated from password.
 
 #20230429
 . /build-choices #3buildeasydistro copies it here.
@@ -1200,7 +1201,7 @@ ${S133}\\033[0;39m" #red.
     echo "${S145}" #'Sorry, the folders in the working partition cannot be encrypted. The password will only be set for root login.'
    fi
   else #20230429 v2
-   PASSPHRASE="$(printf %64s ${PW} | tr ' ' 'X')" #password padded to 64 bytes.
+   PASSPHRASE="$(echo -n ${PW}xxxx | argon2 ${SALT} -l 32 -r)" #20230430 64 byte hash generated from password.
    echo -n "$PASSPHRASE" > /PASSPHRASE
    fscryptctl add_key /mnt/${WKG_DEV} < /PASSPHRASE > /FSKEYID
    if [ $? -eq 0 ];then
@@ -1265,7 +1266,7 @@ else
       break
      fi
     else #v2
-     PASSPHRASE="$(printf %64s ${PW} | tr ' ' 'X')" #password padded to 64 bytes.
+     PASSPHRASE="$(echo -n ${PW}xxxx | argon2 ${SALT} -l 32 -r)" #20230430 64 byte hash generated from password.
      echo -n "$PASSPHRASE" > /PASSPHRASE
      fscryptctl add_key /mnt/${WKG_DEV} < /PASSPHRASE > /FSKEYID
      if [  -d /mnt/${WKG_DEV}/${WKG_DIR}files/downloads ];then