Re: State of Argon2 support

[Daniel Kiper]

On Tue, Jan 30, 2024 at 10:18:20AM -0500, Nikolaos Chatzikonstantinou wrote:
> I want to share a small update:
>
> I'm reading the GRUB source code for the memory manager to get a bit
> acclimated.  I was surprised to see libgcrypt depend on <stdio.h>.

Hmmm...

> Asking around, the monocypher library was brought to my attention,
> <https://monocypher.org/>. No external dependencies, the license is
> compatible, just two files monocypher.c and .h that can be bundled,
> supports argon2, and it's already used by some bootloaders/firmware
> (ArduPilot Project, Joulescope). It is however written in pure C99; it
> seems to me that it supports architectures that a C99 compiler can
> target.
>
> While the goal of upgrading libgcrypt is noble, it is a bit scary as
> libgcrypt seems difficult to navigate for me, the import_gcry.py
> script also being hard to read. So I have the following questions:
>
> 1) What are the cryptographic requirements of GRUB? I.e. which
> features and algorithms does GRUB require right now?
> 2) Can we include monocypher just for the purpose of unlocking
> argon2-configured luks2 partitions?
> 3) Is it of interest to replace libgcrypt entirely (if possible, with
> monocypher e.g.?)

If this change will not break (much) currently existing features and
simplify the code I am OK with doing this experiment.

> If the best plan to go ahead with is to upgrade libgcrypt, as I've
> said before, it would be good to know the version currently bundled
> with GRUB  (I'm just reiterating this point.) But from my viewpoint,

Let me poke Vladimir once again...

> libgcrypt is a userland library with a wide range of features; perhaps
> not the most appropriate for a bootloader. I'm wondering if the
> reasons that led to choosing libgcrypt in the past for GRUB can be
> reevaluated now that there are more options for cryptographic
> libraries.

As I said above, I am OK with reevaluating current libgcrypt approach.

Daniel