GRUB and libgcrypt?

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GRUB and libgcrypt?

From:	Aleksejs Popovs
Subject:	GRUB and libgcrypt?
Date:	Tue, 25 Oct 2016 18:46:17 -0400
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0

Greetings,

I hope that this is the correct mailing list for my question. I amwriting here because I would like to contribute to GRUB but need someguidance.

About a month ago I messaged help-grub@ to complain about LUKS partitionunlocking taking too long in GRUB. To quickly illustrate that there's anissue, let me just share the following benchmark:


>$ cryptsetup benchmark
># Tests are approximate using memory only (no storage IO).
>...
>PBKDF2-sha512     855282 iterations per second for 256-bit key
>$ time echo -e "hello\nhello" | grub-mkpasswd-pbkdf2 -c 85528
>...
>PBKDF2 hash of your password is grub.pbkdf2.sha512.85528.074...
>real        0m1.781s
>user        0m1.770s
>sys 0m0.007s

As you can see, cryptsetup can do 85528 iterations of SHA512 PBKDF2 in0.1s, while GRUB takes 1.8s to do that. grub-mkpasswd-pbkdf2 usesgrub_crypto_pbkdf2(), the same function used in grub-core/disk/luks.c toderive the key for actual LUKS partitions.

I have compared the implementations of PBKDF2 in cryptsetup [1] and GRUB[2], and found that they are very similar, with the main differencebeing that cryptsetup keeps one handle to the hash function context,resetting the context after every iteration, while GRUB allocates anddestroys a new context for every iteration. I can totally see how thisoverhead could be significant when dealing with ~2000000 iterations(which is what cryptsetup uses by default on my machine).

While trying to look into whether I could fix this on my own, I alsofound that GRUB contains an implementation of HMAC using primitives fromlibgcrypt [3], even though libgcrypt itself already includes animplementation of HMAC [4].

Could someone please explain the motivation behind wrapping libgcryptinstead of using it directly? What would I have to do if I wanted to fixgrub_crypto_pbkdf2() in order to reuse the same context and maybe alsoswitch to libgcrypt's implementation of HMAC?


Thank you!
Best regards,
Aleksejs Popovs

[1]https://gitlab.com/cryptsetup/cryptsetup/blob/master/lib/crypto_backend/pbkdf2_generic.c


[2] http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/lib/pbkdf2.c

[3]http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/lib/crypto.c#n301

[4]https://gnupg.org/documentation/manuals/gcrypt/Working-with-hash-algorithms.html

[Prev in Thread]

Current Thread

[Next in Thread]

GRUB and libgcrypt?, Aleksejs Popovs <=

Prev by Date: GRUB maintainers meeting - summary
Next by Date: Re: [Xen-devel] [PATCH v7 00/11] grub-xen: support booting huge pv-domains
Previous by thread: GRUB maintainers meeting - summary
Next by thread: Re: [GRUB2 PATCH v6 0/4] multiboot2: Add two extensions
Index(es):
- Date
- Thread