grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/5] argon2: Import Argon2 from cryptsetup


From: Patrick Steinhardt
Subject: Re: [PATCH 2/5] argon2: Import Argon2 from cryptsetup
Date: Sat, 8 Feb 2020 23:25:03 +0100

On Sat, Feb 08, 2020 at 12:30:54PM +0100, Milan Broz wrote:
> On 06/02/2020 15:27, Patrick Steinhardt wrote:
> > In order to support the Argon2 key derival function for LUKS2, we
> > obviously need to implement Argon2. It doesn't make a lot of sense to
> > hand-code any crypto, which is why this commit instead imports Argon2
> > from the cryptsetup project. The cryptsetup project was chosen as
> > upstream simply because it is the de-facto home of LUKS2, making us
> > bug-to-bug compatible with their Argon2 implementation.
> > 
> > As the cryptsetup project imported the code themselves from the
> > repository hosted at https://github.com/P-H-C/phc-winner-argon2, it is
> > licensed under a mixture of LGPLv2.1+ and CC0 1.0 Universal/Apache 2.0.
> > Given that both LGPLv2.1+ and Apache 2.0 are compatible with GPLv3, it
> > should be fine to import that code.
> 
> Well, it was a temporary solution as we (cryptsetup developers) are trying
> to include Argon2 in OpenSSL (default crypto backend for cryptsetup) - and
> perhaps in gcrypt later.
> 
> So if gcrypt includes Argon2 implementation in future, what is your plan?
> Switch to it or keep this embedded copy still in place? Just asking :)
> ...

GRUB already uses libgcrypt for some stuff, so switching to an
implementation provided by it would most likely be the way to go as soon
as it got support for it.

> > diff --git a/grub-core/lib/argon2/argon2.c b/grub-core/lib/argon2/argon2.c
> > new file mode 100644
> > index 000000000..1b8b092ae
> > --- /dev/null
> > +++ b/grub-core/lib/argon2/argon2.c
> > @@ -0,0 +1,614 @@
> > +/*
> > + * Argon2 PBKDF2 library wrapper
> > + *
> > + * Copyright (C) 2016-2020 Red Hat, Inc. All rights reserved.
> > + * Copyright (C) 2016-2020 Milan Broz
> 
> You are missing copyright of the original Argon2 authors here.
> (This is apparently not the original wrapper code only but internal argon2 
> implementation.)

Oops, definitely, forgot to merge them in while collapsing files into
one. Thanks for the hint.

> Anyway, this is interesting addition to GRUB2 (and people often asks
> cryptsetup upstream about this). Thanks!
> 
> Milan

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]