Debug output should show argon backend
Wouldn't it make sense for --debug
or --help
output to show where the argon implementation comes from (libcrypto, libgcrypt, internal libargon, system libargon, etc)?
We pass --enable-libargon2
for the Debian builds, but with openssl 3.2 in experimental I'd like to use its implementation instead. Given there is no --enable-openssl-argon2
, I'd to add an autopkgtest for this (to be sure we're not using the bundled libargon2), but have been unable to reliably determine the backend post-build.
2.7.0~rc0 build with --enable-libargon2
and OpenSSL 3.2:
~# ldd /sbin/cryptsetup | grep -e{argon,crypto}
libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 (0x00007f6e7fc78000)
libargon2.so.1 => /lib/x86_64-linux-gnu/libargon2.so.1 (0x00007f6e7fc6e000)
~# ldd /lib/x86_64-linux-gnu/libcryptsetup.so.12 | grep -e{argon,crypto}
libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 (0x00007f5f5ffc4000)
libargon2.so.1 => /lib/x86_64-linux-gnu/libargon2.so.1 (0x00007f5f5ffba000)
~# cryptsetup --help 2>&1 | grep -i argon
--pbkdf=STRING PBKDF algorithm (for LUKS2): argon2i,
argon2id, pbkdf2
Default PBKDF for LUKS2: argon2id
~# cryptsetup luksFormat --debug /tmp/test.img <<<test 2>&1 | grep -i argon
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# Running argon2id() benchmark.
# Benchmark returns argon2id() 5 iterations, 1048576 memory, 4 threads (for 512-bits key).
2.7.0~rc0 build without --*-libargon2
and OpenSSL 3.1:
~# ldd /sbin/cryptsetup | grep -e{argon,crypto}
libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 (0x00007f9367995000)
~# ldd /lib/x86_64-linux-gnu/libcryptsetup.so.12 | grep -e{argon,crypto}
libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 (0x00007f1f8dd2f000)
~# cryptsetup --help 2>&1 | grep -i argon
--pbkdf=STRING PBKDF algorithm (for LUKS2): argon2i,
argon2id, pbkdf2
Default PBKDF for LUKS2: argon2id
~# cryptsetup luksFormat --debug /tmp/test.img <<<test 2>&1 | grep -i argon
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# Running argon2id() benchmark.
# Benchmark returns argon2id() 6 iterations, 1048576 memory, 4 threads (for 512-bits key).
2.7.0~rc0 build without --*-libargon2
and OpenSSL 3.2 (same output as for bundled libargon):
~# ldd /sbin/cryptsetup | grep -e{argon,crypto}
libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 (0x00007f5c93a4e000)
~# ldd /lib/x86_64-linux-gnu/libcryptsetup.so.12 | grep -e{argon,crypto}
libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 (0x00007fdc46fbb000)
~# cryptsetup --help 2>&1 | grep -i argon
--pbkdf=STRING PBKDF algorithm (for LUKS2): argon2i,
argon2id, pbkdf2
Default PBKDF for LUKS2: argon2id
~# cryptsetup luksFormat --debug /tmp/test.img <<<test 2>&1 | grep -i argon
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# Running argon2id() benchmark.
# Benchmark returns argon2id() 5 iterations, 1048576 memory, 4 threads (for 512-bits key).
I can see the latter libcryptsetup requires symbols from OPENSSL_3.2 so I guess it uses libcrypto's own argon2 implementation, but ideally the information would be available in --debug
. Might also be handy for user bug reports :-)