From: Patrick Steinhardt <ps@pks.im>
To: Milan Broz <gmazyland@gmail.com>
Cc: The development of GNU GRUB <grub-devel@gnu.org>,
Daniel Kiper <daniel.kiper@oracle.com>
Subject: Re: [PATCH 2/5] argon2: Import Argon2 from cryptsetup
Date: Sat, 8 Feb 2020 23:25:03 +0100 [thread overview]
Message-ID: <20200208222503.GA33796@xps> (raw)
In-Reply-To: <ea1aef3b-832d-619d-0d33-883643af27f5@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2187 bytes --]
On Sat, Feb 08, 2020 at 12:30:54PM +0100, Milan Broz wrote:
> On 06/02/2020 15:27, Patrick Steinhardt wrote:
> > In order to support the Argon2 key derival function for LUKS2, we
> > obviously need to implement Argon2. It doesn't make a lot of sense to
> > hand-code any crypto, which is why this commit instead imports Argon2
> > from the cryptsetup project. The cryptsetup project was chosen as
> > upstream simply because it is the de-facto home of LUKS2, making us
> > bug-to-bug compatible with their Argon2 implementation.
> >
> > As the cryptsetup project imported the code themselves from the
> > repository hosted at https://github.com/P-H-C/phc-winner-argon2, it is
> > licensed under a mixture of LGPLv2.1+ and CC0 1.0 Universal/Apache 2.0.
> > Given that both LGPLv2.1+ and Apache 2.0 are compatible with GPLv3, it
> > should be fine to import that code.
>
> Well, it was a temporary solution as we (cryptsetup developers) are trying
> to include Argon2 in OpenSSL (default crypto backend for cryptsetup) - and
> perhaps in gcrypt later.
>
> So if gcrypt includes Argon2 implementation in future, what is your plan?
> Switch to it or keep this embedded copy still in place? Just asking :)
> ...
GRUB already uses libgcrypt for some stuff, so switching to an
implementation provided by it would most likely be the way to go as soon
as it got support for it.
> > diff --git a/grub-core/lib/argon2/argon2.c b/grub-core/lib/argon2/argon2.c
> > new file mode 100644
> > index 000000000..1b8b092ae
> > --- /dev/null
> > +++ b/grub-core/lib/argon2/argon2.c
> > @@ -0,0 +1,614 @@
> > +/*
> > + * Argon2 PBKDF2 library wrapper
> > + *
> > + * Copyright (C) 2016-2020 Red Hat, Inc. All rights reserved.
> > + * Copyright (C) 2016-2020 Milan Broz
>
> You are missing copyright of the original Argon2 authors here.
> (This is apparently not the original wrapper code only but internal argon2 implementation.)
Oops, definitely, forgot to merge them in while collapsing files into
one. Thanks for the hint.
> Anyway, this is interesting addition to GRUB2 (and people often asks
> cryptsetup upstream about this). Thanks!
>
> Milan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2020-02-08 22:24 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-06 14:27 [PATCH 0/5] Support Argon2 KDF in LUKS2 Patrick Steinhardt
2020-02-06 14:27 ` [PATCH 1/5] efi: Allocate half of available memory by default Patrick Steinhardt
2020-02-13 11:47 ` Leif Lindholm
2020-02-20 19:29 ` Patrick Steinhardt
2020-02-06 14:27 ` [PATCH 2/5] argon2: Import Argon2 from cryptsetup Patrick Steinhardt
2020-02-08 11:30 ` Milan Broz
2020-02-08 22:25 ` Patrick Steinhardt [this message]
2020-02-06 14:27 ` [PATCH 3/5] disk: luks2: Add missing newline to debug message Patrick Steinhardt
2020-02-11 21:36 ` Daniel Kiper
2020-02-12 7:48 ` Patrick Steinhardt
2020-02-06 14:27 ` [PATCH 4/5] disk: luks2: Discern Argon2i and Argon2id Patrick Steinhardt
2020-02-06 14:27 ` [PATCH 5/5] disk: luks2: Support key derival via Argon2 Patrick Steinhardt
2020-02-11 21:53 ` [PATCH 0/5] Support Argon2 KDF in LUKS2 Daniel Kiper
2020-02-12 7:18 ` Milan Broz
2020-02-20 19:34 ` Patrick Steinhardt
2020-02-12 7:47 ` Patrick Steinhardt
2020-02-13 11:42 ` Daniel Kiper
2020-02-20 14:50 ` Patrick Steinhardt
2020-02-20 18:00 ` [PATCH v2 0/6] " Patrick Steinhardt
2020-02-20 18:00 ` [PATCH v2 1/6] efi: Allocate half of available memory by default Patrick Steinhardt
2020-02-20 18:00 ` [PATCH v2 2/6] types.h: add UINT-related macros needed for Argon2 Patrick Steinhardt
2020-02-21 12:34 ` Daniel Kiper
2020-02-20 18:00 ` [PATCH v2 3/6] argon2: Import Argon2 from cryptsetup Patrick Steinhardt
2020-02-21 12:39 ` Daniel Kiper
2020-02-20 18:00 ` [PATCH v2 4/6] luks2: Add missing newline to debug message Patrick Steinhardt
2020-02-20 18:00 ` [PATCH v2 5/6] luks2: Discern Argon2i and Argon2id Patrick Steinhardt
2020-02-21 12:54 ` Daniel Kiper
2020-02-20 18:00 ` [PATCH v2 6/6] luks2: Support key derival via Argon2 Patrick Steinhardt
2020-02-21 13:03 ` Daniel Kiper
2020-02-20 18:38 ` [PATCH v2 0/6] Support Argon2 KDF in LUKS2 Leif Lindholm
2020-02-21 12:26 ` Daniel Kiper
2020-02-21 14:29 ` Patrick Steinhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200208222503.GA33796@xps \
--to=ps@pks.im \
--cc=daniel.kiper@oracle.com \
--cc=gmazyland@gmail.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.