Re: PATCHES: argon2 key derivation for luks2

[Daniel Kiper]

Adding a few folks who were working on this...

On Tue, Oct 31, 2023 at 11:39:36AM +0000, Leah Rowe via Grub-devel wrote:
> i'm not sure if the grub devs have seen this or not. anyway, see
> attached patches. i didn't make these myself but i'm sending them here.
> it's the PHC (password hash competition) implementation of argon2,
> adapted for the grub source code. i've been using this in libreboot and
> it works very well, allows use of cryptomount on modern LUKS2 with
> argon2 key deriv, so you don't need to downgrade to luks1 or pbkdf2
> anymore. i wrote about it here: https://libreboot.org/news/argon2.html
>
> one thing to note is that though the code is free software, it's a
> permissive non-copyleft license; i still think grub should make use of
> it, regardless. grub has lacked argon2 for years now, and re-writing it
> will probably be a lot of wasted effort if the phc one works.
>
> the phc implementation was originally adapted by someone named Axel, to
> the archlinux aur for grub 2.06:
> https://aur.archlinux.org/cgit/aur.git/tree/?h=grub-improved-luks2-git&id=1c7932d90f1f62d0fd5485c5eb8ad79fa4c2f50d
>
> nicholas johnson (https://nicholasjohnson.ch/) contacted me telling me
> he'd re-adapted the code for grub 2.12, on top of the rc1 tag. i then
> started using it in libreboot's grub.
>
> it would be nice if this could make it into the grub 2.12 release! the
> patches are attached.
>
> PS: the original PHC code is here:
> https://github.com/P-H-C/phc-winner-argon2

It seems to me this is based on Patrick Steinhardt work. AFAICT Patrick
is going to repost new version of the patch set after the release. So,
I hope it will be included in the GRUB 2.14. We are not able to take this
patch set into upcoming release in this stage of development. Sorry
about that...

Daniel