Commit 8dc35a79 authored by Milan Broz's avatar Milan Broz

Enable to use system libargon2.

Rename --disable-argon2 to --disable-internal-argon2 option
and add --enable-libargon2 flag to allow system libarhgon2.
parent 7e53c87f
......@@ -368,13 +368,25 @@ AM_CONDITIONAL(CRYPTO_BACKEND_NETTLE, test $with_crypto_backend = nettle)
AM_CONDITIONAL(CRYPTO_INTERNAL_PBKDF2, test $use_internal_pbkdf2 = 1)
AC_DEFINE_UNQUOTED(USE_INTERNAL_PBKDF2, [$use_internal_pbkdf2], [Use internal PBKDF2])
AC_ARG_ENABLE(argon2, AS_HELP_STRING([--disable-argon2],
[disable internal implementation of Argon2 PBKDF]),[], [enable_argon2=yes])
AM_CONDITIONAL(CRYPTO_INTERNAL_ARGON2, test x$enable_argon2 = xyes)
if test x$enable_argon2 = xyes ; then
AC_DEFINE(USE_INTERNAL_ARGON2, 1, [Use internal Argon2])
dnl Argon2 implementation
AC_ARG_ENABLE(internal-argon2, AS_HELP_STRING([--disable-internal-argon2],
[disable internal implementation of Argon2 PBKDF]),[], [enable_internal_argon2=yes])
AC_ARG_ENABLE([libargon2], AS_HELP_STRING([--enable-libargon2],
[enable external libargon2 (PHC) library (disables internal bundled version) ]),[], [enable_libargon2=no])
if test x$enable_libargon2 = xyes ; then
AC_CHECK_HEADERS(argon2.h,,
[AC_MSG_ERROR([You need libargon2 development library installed.])])
PKG_CHECK_MODULES([LIBARGON2], [libargon2],,[LIBARGON2_LIBS="-largon2"])
enable_internal_argon2=no
fi
if test x$enable_internal_argon2 = xyes ; then
AC_DEFINE(USE_INTERNAL_ARGON2, 1, [Use internal Argon2])
fi
AM_CONDITIONAL(CRYPTO_INTERNAL_ARGON2, test x$enable_internal_argon2 = xyes)
dnl Magic for cryptsetup.static build.
if test x$enable_static_cryptsetup = xyes; then
saved_PKG_CONFIG=$PKG_CONFIG
......@@ -420,6 +432,7 @@ AC_SUBST([CRYPTO_LIBS])
AC_SUBST([CRYPTO_STATIC_LIBS])
AC_SUBST([JSON_C_LIBS])
AC_SUBST([LIBARGON2_LIBS])
AC_SUBST([LIBCRYPTSETUP_VERSION])
AC_SUBST([LIBCRYPTSETUP_VERSION_INFO])
......
......@@ -43,6 +43,7 @@ libcryptsetup_la_LIBADD = \
@UUID_LIBS@ \
@DEVMAPPER_LIBS@ \
@CRYPTO_LIBS@ \
@LIBARGON2_LIBS@ \
@JSON_C_LIBS@ \
$(common_ldadd)
......
......@@ -5,7 +5,8 @@ noinst_LTLIBRARIES = libcrypto_backend.la
libcrypto_backend_la_CFLAGS = $(AM_CFLAGS) -Wall @CRYPTO_CFLAGS@
libcrypto_backend_la_SOURCES = crypto_backend.h \
crypto_cipher_kernel.c crypto_storage.c pbkdf_check.c crc32.c
crypto_cipher_kernel.c crypto_storage.c pbkdf_check.c crc32.c \
argon2_generic.c
if CRYPTO_BACKEND_GCRYPT
libcrypto_backend_la_SOURCES += crypto_gcrypt.c
......@@ -31,7 +32,6 @@ if CRYPTO_INTERNAL_ARGON2
SUBDIRS = argon2
libcrypto_backend_la_DEPENDENCIES = argon2/libargon2.la
libcrypto_backend_la_LIBADD = argon2/libargon2.la
libcrypto_backend_la_SOURCES += argon2_generic.c
endif
AM_CPPFLAGS = -include config.h -I$(top_srcdir)/lib
......@@ -21,7 +21,11 @@
#include <errno.h>
#include "crypto_backend.h"
#if HAVE_ARGON2_H
#include <argon2.h>
#else
#include "argon2/argon2.h"
#endif
#define CONST_CAST(x) (x)(uintptr_t)
......@@ -30,6 +34,9 @@ int argon2(const char *type, const char *password, size_t password_length,
char *key, size_t key_length,
uint32_t iterations, uint32_t memory, uint32_t parallel)
{
#if !USE_INTERNAL_ARGON2 && !HAVE_ARGON2_H
return -EINVAL;
#else
argon2_type atype;
argon2_context context = {
.flags = ARGON2_DEFAULT_FLAGS,
......@@ -68,6 +75,7 @@ int argon2(const char *type, const char *password, size_t password_length,
}
return r;
#endif
}
#if 0
......
......@@ -81,13 +81,11 @@ int pkcs5_pbkdf2(const char *hash,
unsigned int hash_block_size);
#endif
#if USE_INTERNAL_ARGON2
/* internal Argon2 implementation */
/* Argon2 implementation wrapper */
int argon2(const char *type, const char *password, size_t password_length,
const char *salt, size_t salt_length,
char *key, size_t key_length,
uint32_t iterations, uint32_t memory, uint32_t parallel);
#endif
/* CRC32 */
uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len);
......
......@@ -363,10 +363,8 @@ int crypt_pbkdf(const char *kdf, const char *hash,
if (!strcmp(kdf, "pbkdf2"))
return pbkdf2(hash, password, password_length, salt, salt_length,
key, key_length, iterations);
#if USE_INTERNAL_ARGON2
else if (!strncmp(kdf, "argon2", 6))
return argon2(kdf, password, password_length, salt, salt_length,
key, key_length, iterations, memory, parallel);
#endif
return -EINVAL;
}
......@@ -328,11 +328,9 @@ int crypt_pbkdf(const char *kdf, const char *hash,
return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
iterations, key_length, key, ha->block_length);
#if USE_INTERNAL_ARGON2
} else if (!strncmp(kdf, "argon2", 6)) {
return argon2(kdf, password, password_length, salt, salt_length,
key, key_length, iterations, memory, parallel);
#endif
}
return -EINVAL;
......
......@@ -307,11 +307,9 @@ int crypt_pbkdf(const char *kdf, const char *hash,
(uint8_t *)key);
crypt_hmac_destroy(h);
return 0;
#if USE_INTERNAL_ARGON2
} else if (!strncmp(kdf, "argon2", 6)) {
return argon2(kdf, password, password_length, salt, salt_length,
key, key_length, iterations, memory, parallel);
#endif
}
return -EINVAL;
......
......@@ -326,11 +326,9 @@ int crypt_pbkdf(const char *kdf, const char *hash,
return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
iterations, key_length, key, ha->block_length);
#if USE_INTERNAL_ARGON2
} else if (!strncmp(kdf, "argon2", 6)) {
return argon2(kdf, password, password_length, salt, salt_length,
key, key_length, iterations, memory, parallel);
#endif
}
return -EINVAL;
......
......@@ -331,11 +331,9 @@ int crypt_pbkdf(const char *kdf, const char *hash,
(int)iterations, hash_id, (int)key_length, (unsigned char *)key))
return -EINVAL;
return 0;
#if USE_INTERNAL_ARGON2
} else if (!strncmp(kdf, "argon2", 6)) {
return argon2(kdf, password, password_length, salt, salt_length,
key, key_length, iterations, memory, parallel);
#endif
}
return -EINVAL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment