"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/crypto_backend/pbkdf_check.c" between
cryptsetup-2.3.6.tar.xz and cryptsetup-2.4.0.tar.xz

About: cryptsetup is a utility used to conveniently setup disk encryption based on the dm-crypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt compatible format.

pbkdf_check.c  (cryptsetup-2.3.6.tar.xz):pbkdf_check.c  (cryptsetup-2.4.0.tar.xz)
skipping to change at line 51 skipping to change at line 51
/* These PBKDF2 limits must be never violated */ /* These PBKDF2 limits must be never violated */
int crypt_pbkdf_get_limits(const char *kdf, struct crypt_pbkdf_limits *limits) int crypt_pbkdf_get_limits(const char *kdf, struct crypt_pbkdf_limits *limits)
{ {
if (!kdf || !limits) if (!kdf || !limits)
return -EINVAL; return -EINVAL;
if (!strcmp(kdf, "pbkdf2")) { if (!strcmp(kdf, "pbkdf2")) {
limits->min_iterations = 1000; /* recommendation in NIST SP 800-1 32 */ limits->min_iterations = 1000; /* recommendation in NIST SP 800-1 32 */
limits->max_iterations = UINT32_MAX; limits->max_iterations = UINT32_MAX;
limits->min_memory = 0; /* N/A */ limits->min_memory = 0; /* N/A */
limits->min_bench_memory=0; /* N/A */
limits->max_memory = 0; /* N/A */ limits->max_memory = 0; /* N/A */
limits->min_parallel = 0; /* N/A */ limits->min_parallel = 0; /* N/A */
limits->max_parallel = 0; /* N/A */ limits->max_parallel = 0; /* N/A */
return 0; return 0;
} else if (!strcmp(kdf, "argon2i") || !strcmp(kdf, "argon2id")) { } else if (!strcmp(kdf, "argon2i") || !strcmp(kdf, "argon2id")) {
limits->min_iterations = 4; limits->min_iterations = 4;
limits->max_iterations = UINT32_MAX; limits->max_iterations = UINT32_MAX;
limits->min_memory = 32; limits->min_memory = 32; /* hard limit */
limits->min_bench_memory=64*1024; /* 64 MiB minimum for benchmark
*/
limits->max_memory = 4*1024*1024; /* 4GiB */ limits->max_memory = 4*1024*1024; /* 4GiB */
limits->min_parallel = 1; limits->min_parallel = 1;
limits->max_parallel = 4; limits->max_parallel = 4;
return 0; return 0;
} }
return -EINVAL; return -EINVAL;
} }
static long time_ms(struct rusage *start, struct rusage *end) static long time_ms(struct rusage *start, struct rusage *end)
{ {
int count_kernel_time = 0; int count_kernel_time = 0;
long ms; long ms;
if (crypt_backend_flags() & CRYPT_BACKEND_KERNEL) if (crypt_backend_flags() & CRYPT_BACKEND_KERNEL)
count_kernel_time = 1; count_kernel_time = 1;
/* /*
* FIXME: if there is no self usage info, count system time. * If there is no self usage info, count system time.
* This seem like getrusage() bug in some hypervisors... * This seem like getrusage() bug in some hypervisors...
*/ */
if (!end->ru_utime.tv_sec && !start->ru_utime.tv_sec && if (!end->ru_utime.tv_sec && !start->ru_utime.tv_sec &&
!end->ru_utime.tv_usec && !start->ru_utime.tv_usec) !end->ru_utime.tv_usec && !start->ru_utime.tv_usec)
count_kernel_time = 1; count_kernel_time = 1;
ms = (end->ru_utime.tv_sec - start->ru_utime.tv_sec) * 1000; ms = (end->ru_utime.tv_sec - start->ru_utime.tv_sec) * 1000;
ms += (end->ru_utime.tv_usec - start->ru_utime.tv_usec) / 1000; ms += (end->ru_utime.tv_usec - start->ru_utime.tv_usec) / 1000;
if (count_kernel_time) { if (count_kernel_time) {
skipping to change at line 411 skipping to change at line 413
int crypt_pbkdf_perf(const char *kdf, const char *hash, int crypt_pbkdf_perf(const char *kdf, const char *hash,
const char *password, size_t password_size, const char *password, size_t password_size,
const char *salt, size_t salt_size, const char *salt, size_t salt_size,
size_t volume_key_size, uint32_t time_ms, size_t volume_key_size, uint32_t time_ms,
uint32_t max_memory_kb, uint32_t parallel_threads, uint32_t max_memory_kb, uint32_t parallel_threads,
uint32_t *iterations_out, uint32_t *memory_out, uint32_t *iterations_out, uint32_t *memory_out,
int (*progress)(uint32_t time_ms, void *usrptr), void *usrptr) int (*progress)(uint32_t time_ms, void *usrptr), void *usrptr)
{ {
struct crypt_pbkdf_limits pbkdf_limits; struct crypt_pbkdf_limits pbkdf_limits;
int r = -EINVAL; int r = -EINVAL;
uint32_t min_memory;
if (!kdf || !iterations_out || !memory_out) if (!kdf || !iterations_out || !memory_out)
return -EINVAL; return -EINVAL;
/* FIXME: whole limits propagation should be more clear here */
r = crypt_pbkdf_get_limits(kdf, &pbkdf_limits); r = crypt_pbkdf_get_limits(kdf, &pbkdf_limits);
if (r < 0) if (r < 0)
return r; return r;
min_memory = pbkdf_limits.min_bench_memory;
if (min_memory > max_memory_kb)
min_memory = max_memory_kb;
*memory_out = 0; *memory_out = 0;
*iterations_out = 0; *iterations_out = 0;
if (!strcmp(kdf, "pbkdf2")) if (!strcmp(kdf, "pbkdf2"))
r = crypt_pbkdf_check(kdf, hash, password, password_size, r = crypt_pbkdf_check(kdf, hash, password, password_size,
salt, salt_size, volume_key_size, salt, salt_size, volume_key_size,
iterations_out, time_ms, progress, usrptr); iterations_out, time_ms, progress, usrptr);
else if (!strncmp(kdf, "argon2", 6)) else if (!strncmp(kdf, "argon2", 6))
r = crypt_argon2_check(kdf, password, password_size, r = crypt_argon2_check(kdf, password, password_size,
salt, salt_size, volume_key_size, salt, salt_size, volume_key_size,
pbkdf_limits.min_iterations, pbkdf_limits.min_iterations,
pbkdf_limits.min_memory, min_memory,
max_memory_kb, max_memory_kb,
parallel_threads, time_ms, iterations_out, parallel_threads, time_ms, iterations_out,
memory_out, progress, usrptr); memory_out, progress, usrptr);
return r; return r;
} }
 End of changes. 7 change blocks. 
4 lines changed or deleted 11 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)