From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6EBEFC47073 for ; Mon, 1 Jan 2024 19:49:05 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rKOH3-0006Zv-N8; Mon, 01 Jan 2024 14:48:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rKOH2-0006Zi-Oj for grub-devel@gnu.org; Mon, 01 Jan 2024 14:48:32 -0500 Received: from out5-smtp.messagingengine.com ([66.111.4.29]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rKOH0-0005eo-Fy for grub-devel@gnu.org; Mon, 01 Jan 2024 14:48:32 -0500 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 3A0805C0152; Mon, 1 Jan 2024 14:48:27 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Mon, 01 Jan 2024 14:48:27 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pks.im; h=cc:cc :content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1704138507; x=1704224907; bh=Ic+AnMtPoe uhB3pNYwF4FDrtmP8WAjirPeuImTNlbgo=; b=F48AoUTFlx50hHx97bcONGUScA jPUi5r1pb7oOb/a+Xm0zJcR0PUzcqXA3XtJonAJIbD8LFXOyWOsBk5gJL4xKM5Lu lXWKmP7wg5qrsYd1TW0xbipJH7+ru2EY3ZrscQIKtSMXPWIcmnY7Gfjsqm0e+cRy JY58Te0f9i9OCe2YRdRbNGHhEjaTiud+hc0fBhkEvLAB3JOh7Ea7bBOFhcrReajh 4XHFCvp9mRn+PKv3K1ov+kwQx0wxBOzL26O5xDEVxDtbPpw9VgoZyIrUY0YFRMwL ajuwVJ+pcFwLPQ8kzM19KubbAN8UuaoK9OucKnLH0PkB/iO6lynxPsQQkxQg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1704138507; x=1704224907; bh=Ic+AnMtPoeuhB3pNYwF4FDrtmP8W AjirPeuImTNlbgo=; b=cqjEJp6Ow9Vw0Lgdg58XzCOuQJkb7cQxg61/hKHouHd0 1PSxoJgujzy8xQ+tHAJHWXmKp7IPxcRgycsauZz2BWqUFvv6NRlD/uyle7gCQPFx d3JuQy9p0SgK/SnZbqx2785ilG5oxd5nd+95+yTTnDNHZZIlLMidq1ii+bedHeEP 9+nIEB9n5KlhxNx3U2BqewWEOjqVfc70LJDXvbwsCGiV78I14Dhd3UNW6DoLGEDz l2a2yTDGSIRB+9dpGZLMdlEqdf3/oAMvimw3Tje4FD/BrmOGI831wGaZs+BjMEbJ l4XDHrI/dl7zvuVHN9cFGQ5VmE8h+LYVAgaBVE8TcA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdegtddguddvlecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvvefukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefrrght rhhitghkucfuthgvihhnhhgrrhguthcuoehpshesphhkshdrihhmqeenucggtffrrghtth gvrhhnpeefveefudelffffudffleetffejtddvjeduueeftdegteeukeevffdtffduffff ieenucffohhmrghinhepghhnuhdrohhrghdpphhkshdrihhmnecuvehluhhsthgvrhfuih iivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphhssehpkhhsrdhimh X-ME-Proxy: Feedback-ID: i197146af:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 1 Jan 2024 14:48:25 -0500 (EST) Received: by vm-mail (OpenSMTPD) with ESMTPSA id b6ccb598 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Mon, 1 Jan 2024 19:46:00 +0000 (UTC) Date: Mon, 1 Jan 2024 20:48:21 +0100 From: Patrick Steinhardt To: Nikolaos Chatzikonstantinou , grub-devel@gnu.org Cc: Daniel Kiper Subject: Re: State of Argon2 support Message-ID: References: MIME-Version: 1.0 In-Reply-To: Received-SPF: pass client-ip=66.111.4.29; envelope-from=ps@pks.im; helo=out5-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The development of GNU GRUB Content-Type: multipart/mixed; boundary="===============8049520708598229957==" Errors-To: grub-devel-bounces+grub-devel=archiver.kernel.org@gnu.org Sender: grub-devel-bounces+grub-devel=archiver.kernel.org@gnu.org --===============8049520708598229957== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="mUdGEKX/7PUmNWIb" Content-Disposition: inline --mUdGEKX/7PUmNWIb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 22, 2023 at 09:43:35PM -0600, Oskari Pirhonen wrote: > On Fri, Dec 22, 2023 at 12:29:22 -0500, Nikolaos Chatzikonstantinou wrote: > > 2. libgcrypt does not have support for Argon2. Possible solution is to > > use the reference implementation, licensed under CC0. This is bringing > > up issues (that I don't fully understand), would be preferable if the > > authors released under GPLv3. Has there been a follow-up on this? > > > >=20 >=20 > Libgcrypt supports Argon2 as of 1.10 (March 2022). The version of > libgcrypt that is bundled with GRUB is older than that. >=20 > - Oskari Indeed. There are two different ways to implement Argon2 support in GRUB: - Use the reference implementation of Argon2. - Update libgcrypt to a newer version. I have sent patches that bundles the reference implementation in [1] quite a while ago. Back then there was the problem that we couldn't allocate required memory on UEFI-based systems, but we improved the memory allocator with GRUB 2.12 to support this usecase now. Still, I consider it to be the inferior option. Back when I posted the patches (February 2020 originally) there was no Argon2 support in libgcrypt yet, so it was the obvious choice. But now that libgcrypt does have support it's a no-brainer to use its version of libgcrypt instead. Problem is that upgrading the bundled libgcrypt library is not trivial at all. I've tried multiple times, and every single time I quickly gave up. There's simply too many things that have changed, and GRUB does have quite a lot of patches on top of the current bundled version of the library. Regardless of that it would be the right thing to do, because in the long run we do want an up-to-date version of libgrcypt regardless of Argon2 support anyway. That being said, I do not see myself updating it given that it's such a huge and frustrating endeavour to update it. If anybody else wants to take up this task I'd be more than happy and would definitely want to rebase my own patches on top of this work. But until somebody steps up to handle this task it's not going to happen. The alternative would be to just live with the current state of my patch series, where we use the reference implementation until libgcrypt gets updated. But I'm not sure whether Daniel would consider pulling this version (Cc'd him so that he can post his opinion). If he would then I'd be happy to re-send a rebased version of my patch series. Patrick [1]: --mUdGEKX/7PUmNWIb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEF9hrgiFbCdvenl/rVbJhu7ckPpQFAmWTFwAACgkQVbJhu7ck PpTOTw/+L+xmVPv1elYGB2zN9pC9ZP7nyzIvfaM2D7PutqqnepYH9Y/CTGWJRsDy etmi3KrCNiURb8bAX0f0unShpbT9vPvCmsAo2OyD6oITKsjDwl+1FT7ZqAv9HOU8 K9BIk6fNH4YPgzyZw7xxPrned2UooBo+ttQbGZUP2Ee3iYl6CkVgpEZ4QBwWfEy9 6q2xuBSJ5i8JCp6XUWBZLIDIAMqb+vRBhxs68WAqh2WFG9aadLcJe+La+TiH3P5q aEmfQaQmqvtMeRYuwqT11blkd+jBVESzS1KjTIbZjIZ4wFIdZ6r1NZb9RvBlI47Z 7yBla0x33dhtkVFNgWvKR7WpLOAxgoBJf5xVeJtcN+QiC8+Q6Ui553kOyRxlWufK qH22wX80Qu9A9N3GRFUC03cHAL9g5Dtf/2RduSE6Xl3b9TTy1WHT3WfxzcsiDt/E 6Hcba56oZvnMudHq4VAWEIjGvEVzzOja3fv23NJOa9Mp3m9FGihJsZ18gqeQgNNc IDoSFK+ZglhRudTpLdp1hQhQHA+q50OlDXpUIXLMoXGtBybUsrikNvLm6j1nHhj1 j0z0vFXxFybfiIaoUh4K/u1ggLWcAt963hSKcvOrQ4QiZwXMEvPDpbLhJaxFtUkh HwWS7rUsugu3DNHkRNxEaCGAZRAMiu8vN0FYkYvv9VpsRLjkxAo= =wDVc -----END PGP SIGNATURE----- --mUdGEKX/7PUmNWIb-- --===============8049520708598229957== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KR3J1Yi1kZXZl bCBtYWlsaW5nIGxpc3QKR3J1Yi1kZXZlbEBnbnUub3JnCmh0dHBzOi8vbGlzdHMuZ251Lm9yZy9t YWlsbWFuL2xpc3RpbmZvL2dydWItZGV2ZWwK --===============8049520708598229957==--