The previous PBKDF2 implementation used grub_crypto_hmac_buffer() which
allocates and frees an HMAC handle on every call. This approach caused
significant performance overhead slowing down the boot process considerably.
This commit refactors the PBKDF2 code to use the new HMAC functions
allowing the HMAC handle and its buffers to be allocated once and reused
across multiple operations. This change significantly reduces disk
unlocking time.
In a QEMU/OVMF test environment this patch reduced the time to unlock
a LUKS2 (*) partition from approximately 15 seconds to 4 seconds.
(*) PBKDF2 SHA256 with 3454944 iterations.
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
a122e02623