Report Argon2 crypto backend version in debug output

For Argon2 native code (gcrypt, OpenSSL) a flag in debug output is printed.

If libargon is used, then [cryptsetup libargon2] is printed
(embedded code) or [external libargon2] for dynamic external library.

 # Crypto backend (OpenSSL 3.0.11 19 Sep 2023 [default][legacy] [external libargon2])
or
 # Crypto backend (OpenSSL 3.0.11 19 Sep 2023 [default][legacy] [cryptsetup libargon2])

Fixes: #851

lib/crypto_backend/argon2_generic.c

@@ -52,6 +52,9 @@ int argon2(const char *type, const char *password, size_t password_length,
 	};
 	int r;
 
+	/* This code must not be run if crypt backend library natively supports Argon2 */
+	assert(!(crypt_backend_flags() & CRYPT_BACKEND_ARGON2));
+
 	if (!strcmp(type, "argon2i"))
 		atype = Argon2_i;
 	else if(!strcmp(type, "argon2id"))
@@ -87,3 +90,19 @@ int argon2(const char *type, const char *password, size_t password_length,
 }
 
 #endif
+
+/* Additional string for crypt backend version */
+const char *crypt_argon2_version(void)
+{
+	const char *version = "";
+
+	if (crypt_backend_flags() & CRYPT_BACKEND_ARGON2)
+		return version;
+
+#if HAVE_ARGON2_H /* this has priority over internal argon2 */
+	version = " [external libargon2]";
+#elif USE_INTERNAL_ARGON2
+	version = " [cryptsetup libargon2]";
+#endif
+	return version;
+}

lib/crypto_backend/crypto_backend.h

@@ -43,9 +43,11 @@ void crypt_backend_destroy(void);
 
 #define CRYPT_BACKEND_KERNEL     (1 << 0) /* Crypto uses kernel part, for benchmark */
 #define CRYPT_BACKEND_PBKDF2_INT (1 << 1) /* Iteration in PBKDF2 is signed int and can overflow */
+#define CRYPT_BACKEND_ARGON2     (1 << 2) /* Backend provides native Argon2 implementation */
 
 uint32_t crypt_backend_flags(void);
 const char *crypt_backend_version(void);
+const char *crypt_argon2_version(void);
 
 /* HASH */
 int crypt_hash_size(const char *name);

lib/crypto_backend/crypto_gcrypt.c

@@ -127,10 +127,11 @@ int crypt_backend_init(bool fips __attribute__((unused)))
 	crypto_backend_initialised = 1;
 	crypt_hash_test_whirlpool_bug();
 
-	r = snprintf(version, sizeof(version), "gcrypt %s%s%s",
+	r = snprintf(version, sizeof(version), "gcrypt %s%s%s%s",
 		 gcry_check_version(NULL),
 		 crypto_backend_secmem ? "" : ", secmem disabled",
-		 crypto_backend_whirlpool_bug > 0 ? ", flawed whirlpool" : "");
+		 crypto_backend_whirlpool_bug > 0 ? ", flawed whirlpool" : "",
+		 crypt_backend_flags() & CRYPT_BACKEND_ARGON2 ? ", argon2" : "");
 	if (r < 0 || (size_t)r >= sizeof(version))
 		return -EINVAL;
 
@@ -152,7 +153,11 @@ const char *crypt_backend_version(void)
 
 uint32_t crypt_backend_flags(void)
 {
-	return 0;
+	uint32_t flags = 0;
+#if HAVE_DECL_GCRY_KDF_ARGON2 && !USE_INTERNAL_ARGON2
+	flags |= CRYPT_BACKEND_ARGON2;
+#endif
+	return flags;
 }
 
 static const char *crypt_hash_compat_name(const char *name, unsigned int *flags)

lib/crypto_backend/crypto_openssl.c

@@ -197,12 +197,13 @@ static int openssl_backend_init(bool fips)
 	    OSSL_get_max_threads(ossl_ctx) == MAX_THREADS)
 		ossl_threads = true;
 
-	r = snprintf(backend_version, sizeof(backend_version), "%s%s%s%s%s",
+	r = snprintf(backend_version, sizeof(backend_version), "%s %s%s%s%s%s",
 		OpenSSL_version(OPENSSL_VERSION),
 		ossl_default ? "[default]" : "",
 		ossl_legacy  ? "[legacy]" : "",
 		fips  ? "[fips]" : "",
-		ossl_threads ? "[threads]" : "");
+		ossl_threads ? "[threads]" : "",
+		crypt_backend_flags() & CRYPT_BACKEND_ARGON2 ? "[argon2]" : "");
 
 	if (r < 0 || (size_t)r >= sizeof(backend_version)) {
 		openssl_backend_exit();
@@ -251,11 +252,14 @@ void crypt_backend_destroy(void)
 
 uint32_t crypt_backend_flags(void)
 {
-#if OPENSSL_VERSION_MAJOR >= 3
-	return 0;
-#else
-	return CRYPT_BACKEND_PBKDF2_INT;
+	uint32_t flags = 0;
+#if OPENSSL_VERSION_MAJOR < 3
+	flags |= CRYPT_BACKEND_PBKDF2_INT;
 #endif
+#if HAVE_DECL_OSSL_KDF_PARAM_ARGON2_VERSION
+	flags |= CRYPT_BACKEND_ARGON2;
+#endif
+	return flags;
 }
 
 const char *crypt_backend_version(void)