From: Simon Glass <simon.glass@canonical.com> Add a Kconfig optiion to enable this library and add it to the lib/ Makefile, being careful to avoid a conflict with the existing blake2b implementation. Co-developed-by: Claude <noreply@anthropic.com> Signed-off-by: Simon Glass <simon.glass@canonical.com> --- drivers/misc/Kconfig | 2 +- fs/btrfs/Kconfig | 2 +- lib/Kconfig | 14 +++++++++++++- lib/Makefile | 4 ++++ 4 files changed, 19 insertions(+), 3 deletions(-) diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig index a352fa5fee0..7a217ad055d 100644 --- a/drivers/misc/Kconfig +++ b/drivers/misc/Kconfig @@ -37,7 +37,7 @@ config TKEY bool "TKey security token support" depends on DM default y if SANDBOX - select BLAKE2 + select BLAKE2 if !ARGON2 help Enable driver model support for Tillitis TKey security tokens. This provides a common interface for TKey operations including diff --git a/fs/btrfs/Kconfig b/fs/btrfs/Kconfig index e31afe595f3..c6430f83452 100644 --- a/fs/btrfs/Kconfig +++ b/fs/btrfs/Kconfig @@ -6,7 +6,7 @@ config FS_BTRFS select ZSTD select RBTREE select SHA256 - select BLAKE2 + select BLAKE2 if !ARGON2 help This provides a single-device read-only BTRFS support. BTRFS is a next-generation Linux file system based on the copy-on-write diff --git a/lib/Kconfig b/lib/Kconfig index c8bf4b4b049..662b1a44d45 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -542,11 +542,12 @@ menu "Hashing Support" config BLAKE2 bool "Enable BLAKE2 support" + depends on !ARGON2 help This option enables support of hashing using BLAKE2B algorithm. The hash is calculated in software. The BLAKE2 algorithm produces a hash value (digest) between 1 and - 64 bytes. + 64 bytes. Note: ARGON2 includes its own BLAKE2 implementation. config SHA1 bool "Enable SHA1 support" @@ -983,6 +984,17 @@ config JSON printing functions. JSON is used for structured data representation, such as LUKS2 metadata. +config ARGON2 + bool "Enable Argon2 password hashing" + help + This enables the Argon2 password hashing algorithm, winner of the + Password Hashing Competition (PHC). Argon2 is used for key derivation + in LUKS2 encrypted volumes. It provides better resistance to GPU + cracking attacks compared to PBKDF2. + + Note: This option includes its own BLAKE2 implementation and is + mutually exclusive with CONFIG_BLAKE2. + config OF_LIBFDT bool "Enable the FDT library" default y if OF_CONTROL diff --git a/lib/Makefile b/lib/Makefile index 71c9c0d1766..5cbf3071f96 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -80,7 +80,10 @@ obj-$(CONFIG_$(PHASE_)ACPI) += acpi/ obj-$(CONFIG_ECDSA) += ecdsa/ obj-$(CONFIG_$(PHASE_)RSA) += rsa/ obj-$(CONFIG_HASH) += hash-checksum.o + +# argon2 provides its own blake2b; just build blake2s when ARGON2 is enabled obj-$(CONFIG_BLAKE2) += blake2/blake2b.o blake2/blake2s.o +obj-$(CONFIG_ARGON2) += blake2/blake2s.o obj-$(CONFIG_$(PHASE_)MD5_LEGACY) += md5.o obj-$(CONFIG_$(PHASE_)SHA1_LEGACY) += sha1.o @@ -89,6 +92,7 @@ obj-$(CONFIG_$(PHASE_)SHA256_LEGACY) += sha256.o obj-$(CONFIG_$(PHASE_)SHA512_LEGACY) += sha512.o obj-$(CONFIG_CRYPT_PW) += crypt/ +obj-$(CONFIG_ARGON2) += argon2/ obj-$(CONFIG_$(PHASE_)ASN1_DECODER_LEGACY) += asn1_decoder.o obj-$(CONFIG_$(PHASE_)ZLIB) += zlib/ -- 2.43.0