Enable to use system libargon2.

Rename --disable-argon2 to --disable-internal-argon2 option
and add --enable-libargon2 flag to allow system libarhgon2.

configure.ac

@@ -368,12 +368,24 @@ AM_CONDITIONAL(CRYPTO_BACKEND_NETTLE,  test $with_crypto_backend = nettle)
 AM_CONDITIONAL(CRYPTO_INTERNAL_PBKDF2, test $use_internal_pbkdf2 = 1)
 AC_DEFINE_UNQUOTED(USE_INTERNAL_PBKDF2, [$use_internal_pbkdf2], [Use internal PBKDF2])
 
-AC_ARG_ENABLE(argon2, AS_HELP_STRING([--disable-argon2],
-	[disable internal implementation of Argon2 PBKDF]),[], [enable_argon2=yes])
-AM_CONDITIONAL(CRYPTO_INTERNAL_ARGON2, test x$enable_argon2 = xyes)
-if test x$enable_argon2 = xyes ; then
+dnl Argon2 implementation
+AC_ARG_ENABLE(internal-argon2, AS_HELP_STRING([--disable-internal-argon2],
+	[disable internal implementation of Argon2 PBKDF]),[], [enable_internal_argon2=yes])
+
+AC_ARG_ENABLE([libargon2], AS_HELP_STRING([--enable-libargon2],
+	[enable external libargon2 (PHC) library (disables internal bundled version) ]),[], [enable_libargon2=no])
+
+if test x$enable_libargon2 = xyes ; then
+	AC_CHECK_HEADERS(argon2.h,,
+		[AC_MSG_ERROR([You need libargon2 development library installed.])])
+	PKG_CHECK_MODULES([LIBARGON2], [libargon2],,[LIBARGON2_LIBS="-largon2"])
+	enable_internal_argon2=no
+fi
+
+if test x$enable_internal_argon2 = xyes ; then
 	AC_DEFINE(USE_INTERNAL_ARGON2, 1, [Use internal Argon2])
 fi
+AM_CONDITIONAL(CRYPTO_INTERNAL_ARGON2, test x$enable_internal_argon2 = xyes)
 
 dnl Magic for cryptsetup.static build.
 if test x$enable_static_cryptsetup = xyes; then
@@ -420,6 +432,7 @@ AC_SUBST([CRYPTO_LIBS])
 AC_SUBST([CRYPTO_STATIC_LIBS])
 
 AC_SUBST([JSON_C_LIBS])
+AC_SUBST([LIBARGON2_LIBS])
 
 AC_SUBST([LIBCRYPTSETUP_VERSION])
 AC_SUBST([LIBCRYPTSETUP_VERSION_INFO])

lib/Makefile.am

@@ -43,6 +43,7 @@ libcryptsetup_la_LIBADD = \
 	@UUID_LIBS@				\
 	@DEVMAPPER_LIBS@			\
 	@CRYPTO_LIBS@				\
+	@LIBARGON2_LIBS@			\
 	@JSON_C_LIBS@				\
 	$(common_ldadd)
 

lib/crypto_backend/Makefile.am

@@ -5,7 +5,8 @@ noinst_LTLIBRARIES = libcrypto_backend.la
 libcrypto_backend_la_CFLAGS = $(AM_CFLAGS) -Wall @CRYPTO_CFLAGS@
 
 libcrypto_backend_la_SOURCES = crypto_backend.h \
-	crypto_cipher_kernel.c crypto_storage.c pbkdf_check.c crc32.c
+	crypto_cipher_kernel.c crypto_storage.c pbkdf_check.c crc32.c \
+	argon2_generic.c
 
 if CRYPTO_BACKEND_GCRYPT
 libcrypto_backend_la_SOURCES += crypto_gcrypt.c
@@ -31,7 +32,6 @@ if CRYPTO_INTERNAL_ARGON2
 SUBDIRS = argon2
 libcrypto_backend_la_DEPENDENCIES = argon2/libargon2.la
 libcrypto_backend_la_LIBADD = argon2/libargon2.la
-libcrypto_backend_la_SOURCES += argon2_generic.c
 endif
 
 AM_CPPFLAGS = -include config.h -I$(top_srcdir)/lib

lib/crypto_backend/argon2_generic.c

@@ -21,7 +21,11 @@
 
 #include <errno.h>
 #include "crypto_backend.h"
+#if HAVE_ARGON2_H
+#include <argon2.h>
+#else
 #include "argon2/argon2.h"
+#endif
 
 #define CONST_CAST(x) (x)(uintptr_t)
 
@@ -30,6 +34,9 @@ int argon2(const char *type, const char *password, size_t password_length,
 	   char *key, size_t key_length,
 	   uint32_t iterations, uint32_t memory, uint32_t parallel)
 {
+#if !USE_INTERNAL_ARGON2 && !HAVE_ARGON2_H
+	return -EINVAL;
+#else
 	argon2_type atype;
 	argon2_context context = {
 		.flags = ARGON2_DEFAULT_FLAGS,
@@ -68,6 +75,7 @@ int argon2(const char *type, const char *password, size_t password_length,
 	}
 
 	return r;
+#endif
 }
 
 #if 0

lib/crypto_backend/crypto_backend.h

@@ -81,13 +81,11 @@ int pkcs5_pbkdf2(const char *hash,
 		 unsigned int hash_block_size);
 #endif
 
-#if USE_INTERNAL_ARGON2
-/* internal Argon2 implementation */
+/* Argon2 implementation wrapper */
 int argon2(const char *type, const char *password, size_t password_length,
 	   const char *salt, size_t salt_length,
 	   char *key, size_t key_length,
 	   uint32_t iterations, uint32_t memory, uint32_t parallel);
-#endif
 
 /* CRC32 */
 uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len);

lib/crypto_backend/crypto_gcrypt.c

@@ -363,10 +363,8 @@ int crypt_pbkdf(const char *kdf, const char *hash,
 	if (!strcmp(kdf, "pbkdf2"))
 		return pbkdf2(hash, password, password_length, salt, salt_length,
 			      key, key_length, iterations);
-#if USE_INTERNAL_ARGON2
 	else if (!strncmp(kdf, "argon2", 6))
 		return argon2(kdf, password, password_length, salt, salt_length,
 			      key, key_length, iterations, memory, parallel);
-#endif
 	return -EINVAL;
 }

lib/crypto_backend/crypto_kernel.c

@@ -328,11 +328,9 @@ int crypt_pbkdf(const char *kdf, const char *hash,
 
 		return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
 				    iterations, key_length, key, ha->block_length);
-#if USE_INTERNAL_ARGON2
 	} else if (!strncmp(kdf, "argon2", 6)) {
 		return argon2(kdf, password, password_length, salt, salt_length,
 			      key, key_length, iterations, memory, parallel);
-#endif
 	}
 
 	return -EINVAL;

lib/crypto_backend/crypto_nettle.c

@@ -307,11 +307,9 @@ int crypt_pbkdf(const char *kdf, const char *hash,
 			      (uint8_t *)key);
 		crypt_hmac_destroy(h);
 		return 0;
-#if USE_INTERNAL_ARGON2
 	} else if (!strncmp(kdf, "argon2", 6)) {
 		return argon2(kdf, password, password_length, salt, salt_length,
 			      key, key_length, iterations, memory, parallel);
-#endif
 	}
 
 	return -EINVAL;

lib/crypto_backend/crypto_nss.c

@@ -326,11 +326,9 @@ int crypt_pbkdf(const char *kdf, const char *hash,
 
 		return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
 				    iterations, key_length, key, ha->block_length);
-#if USE_INTERNAL_ARGON2
 	} else if (!strncmp(kdf, "argon2", 6)) {
 		return argon2(kdf, password, password_length, salt, salt_length,
 			      key, key_length, iterations, memory, parallel);
-#endif
 	}
 
 	return -EINVAL;

lib/crypto_backend/crypto_openssl.c

@@ -331,11 +331,9 @@ int crypt_pbkdf(const char *kdf, const char *hash,
 	            (int)iterations, hash_id, (int)key_length, (unsigned char *)key))
 			return -EINVAL;
 		return 0;
-#if USE_INTERNAL_ARGON2
 	} else if (!strncmp(kdf, "argon2", 6)) {
 		return argon2(kdf, password, password_length, salt, salt_length,
 			      key, key_length, iterations, memory, parallel);
-#endif
 	}
 
 	return -EINVAL;