Re: [PATCH 2/5] argon2: Import Argon2 from cryptsetup

[Milan Broz]

Hi,

On 06/02/2020 15:27, Patrick Steinhardt wrote:
> In order to support the Argon2 key derival function for LUKS2, we
> obviously need to implement Argon2. It doesn't make a lot of sense to
> hand-code any crypto, which is why this commit instead imports Argon2
> from the cryptsetup project. The cryptsetup project was chosen as
> upstream simply because it is the de-facto home of LUKS2, making us
> bug-to-bug compatible with their Argon2 implementation.
> 
> As the cryptsetup project imported the code themselves from the
> repository hosted at https://github.com/P-H-C/phc-winner-argon2, it is
> licensed under a mixture of LGPLv2.1+ and CC0 1.0 Universal/Apache 2.0.
> Given that both LGPLv2.1+ and Apache 2.0 are compatible with GPLv3, it
> should be fine to import that code.

Well, it was a temporary solution as we (cryptsetup developers) are trying
to include Argon2 in OpenSSL (default crypto backend for cryptsetup) - and
perhaps in gcrypt later.

So if gcrypt includes Argon2 implementation in future, what is your plan?
Switch to it or keep this embedded copy still in place? Just asking :)
...

> diff --git a/grub-core/lib/argon2/argon2.c b/grub-core/lib/argon2/argon2.c
> new file mode 100644
> index 000000000..1b8b092ae
> --- /dev/null
> +++ b/grub-core/lib/argon2/argon2.c
> @@ -0,0 +1,614 @@
> +/*
> + * Argon2 PBKDF2 library wrapper
> + *
> + * Copyright (C) 2016-2020 Red Hat, Inc. All rights reserved.
> + * Copyright (C) 2016-2020 Milan Broz

You are missing copyright of the original Argon2 authors here.
(This is apparently not the original wrapper code only but internal argon2 
implementation.)

Anyway, this is interesting addition to GRUB2 (and people often asks
cryptsetup upstream about this). Thanks!

Milan