Re: PATCHES: argon2 key derivation for luks2

[Patrick Steinhardt <ps@pks.im>]

[-- Attachment #1.1: Type: text/plain, Size: 3384 bytes --]

On Sun, Nov 05, 2023 at 01:40:57AM -0500, Oskari Pirhonen wrote:
> On Tue, Oct 31, 2023 at 14:57:58 +0100, Daniel Kiper wrote:
> > Adding a few folks who were working on this...
> > 
> > On Tue, Oct 31, 2023 at 11:39:36AM +0000, Leah Rowe via Grub-devel wrote:
> > > i'm not sure if the grub devs have seen this or not. anyway, see
> > > attached patches. i didn't make these myself but i'm sending them here.
> > > it's the PHC (password hash competition) implementation of argon2,
> > > adapted for the grub source code. i've been using this in libreboot and
> > > it works very well, allows use of cryptomount on modern LUKS2 with
> > > argon2 key deriv, so you don't need to downgrade to luks1 or pbkdf2
> > > anymore. i wrote about it here: https://libreboot.org/news/argon2.html
> > >
> > > one thing to note is that though the code is free software, it's a
> > > permissive non-copyleft license; i still think grub should make use of
> > > it, regardless. grub has lacked argon2 for years now, and re-writing it
> > > will probably be a lot of wasted effort if the phc one works.
> > >
> > > the phc implementation was originally adapted by someone named Axel, to
> > > the archlinux aur for grub 2.06:
> > > https://aur.archlinux.org/cgit/aur.git/tree/?h=grub-improved-luks2-git&id=1c7932d90f1f62d0fd5485c5eb8ad79fa4c2f50d
> > >
> > > nicholas johnson (https://nicholasjohnson.ch/) contacted me telling me
> > > he'd re-adapted the code for grub 2.12, on top of the rc1 tag. i then
> > > started using it in libreboot's grub.
> > >
> > > it would be nice if this could make it into the grub 2.12 release! the
> > > patches are attached.
> > >
> > > PS: the original PHC code is here:
> > > https://github.com/P-H-C/phc-winner-argon2
> > 
> > It seems to me this is based on Patrick Steinhardt work. AFAICT Patrick
> > is going to repost new version of the patch set after the release. So,
> > I hope it will be included in the GRUB 2.14. We are not able to take this
> > patch set into upcoming release in this stage of development. Sorry
> > about that...
> > 
> 
> Patrick also mentioned that he'd prefer it if the bundled gcrypt was
> updated to a version with Argon2 support rather than adapting the
> reference implementation, but that it is "a _major_ effort". [1]
> 
> - Oskari
> 
> [1]: https://lore.kernel.org/grub-devel/Y3xs82f11kZSSi5I@ncase/

Indeed. I had several tries at updating the vendored libgcrypt, but
doing this is quite a frustrating experience to say the least. Every
time I started I eventually gave up.

So in the end I'm of two minds: yes, it would be great to pull in Argon2
via an updated libgcrypt instead of using the reference implementation.
But to be frank, I do not feel like I have the time or the motivation to
do the update myself given that it is such a huge task. So in the end,
we may just be pragmatic and use the reference implementation for the
time being until somebody steps up and does the update of libgcrypt.

I also wouldn't mind if somebody else wants to step up and build on top
of the work that I already did, but in that case I'd appreciate a
"Based-on-patch-by:" trailer in the commits. But if nobody does, and if
Daniel thinks that the reference implementation is okay for now, then I
will resubmit the patches once GRUB 2.12 is out of the door.

Patrick

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[-- Attachment #2: Type: text/plain, Size: 141 bytes --]

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel