grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: State of Argon2 support

From: Nikolaos Chatzikonstantinou
Subject: Re: State of Argon2 support
Date: Sun, 11 Feb 2024 16:01:49 -0500 
On Fri, Feb 2, 2024 at 9:10 AM Daniel Kiper <dkiper@net-space.pl> wrote:
>
> On Tue, Jan 30, 2024 at 10:18:20AM -0500, Nikolaos Chatzikonstantinou wrote:
> > I want to share a small update:
> >
> > I'm reading the GRUB source code for the memory manager to get a bit
> > acclimated.  I was surprised to see libgcrypt depend on <stdio.h>.
>
> Hmmm...
>
> > Asking around, the monocypher library was brought to my attention,
> > <https://monocypher.org/>. No external dependencies, the license is
> > compatible, just two files monocypher.c and .h that can be bundled,
> > supports argon2, and it's already used by some bootloaders/firmware
> > (ArduPilot Project, Joulescope). It is however written in pure C99; it
> > seems to me that it supports architectures that a C99 compiler can
> > target.
> >
> > While the goal of upgrading libgcrypt is noble, it is a bit scary as
> > libgcrypt seems difficult to navigate for me, the import_gcry.py
> > script also being hard to read. So I have the following questions:
> >
> > 1) What are the cryptographic requirements of GRUB? I.e. which
> > features and algorithms does GRUB require right now?
> > 2) Can we include monocypher just for the purpose of unlocking
> > argon2-configured luks2 partitions?
> > 3) Is it of interest to replace libgcrypt entirely (if possible, with
> > monocypher e.g.?)
>
> If this change will not break (much) currently existing features and
> simplify the code I am OK with doing this experiment.
>
> > If the best plan to go ahead with is to upgrade libgcrypt, as I've
> > said before, it would be good to know the version currently bundled
> > with GRUB  (I'm just reiterating this point.) But from my viewpoint,
>
> Let me poke Vladimir once again...
>
> > libgcrypt is a userland library with a wide range of features; perhaps
> > not the most appropriate for a bootloader. I'm wondering if the
> > reasons that led to choosing libgcrypt in the past for GRUB can be
> > reevaluated now that there are more options for cryptographic
> > libraries.
>
> As I said above, I am OK with reevaluating current libgcrypt approach.

Ping on this; Vladimir if you are busy that is ok, just give me a
later date and I can ping you later. You said something about the end
of the week, so I keep thinking about this... But for me it's not
urgent. If you want to respond in 2 months, that's fine too, but just
let me know so that I can put it past me for now.

Regards,
Nikolaos Chatzikonstantinou
reply via email to
[Prev in Thread] Current Thread [Next in Thread]