Change PBKDF interface API.

Prepare API for PBKDF that can set three costs - time (similar to iterations in PBKDF2) - memory (required memory for memory-hard function) - threads (required number of threads/CPUs). This patch also removes wrongly designed API call crypt_benchmark_kdf and replaces it with the new call crypt_benchmark_pbkdf. Two functions for PBKDF per context setting are introduced: crypt_set_pbkdf_type and crypt_get_pbkdf_type. The patch should be backward compatible when using crypt_set_iteration_time function (works only for PBKDF2). Signed-off-by: Milan Broz <gmazyland@gmail.com>
2025-12-05 16:00:05 +01:00 · 2017-08-05 20:34:50 +02:00
parent 09d14a0b6c
commit 0abf57be5d
13 changed files with 341 additions and 80 deletions
--- a/lib/utils_benchmark.c
+++ b/lib/utils_benchmark.c
@@ -231,39 +231,36 @@ out:
 	return r;
 }

-int crypt_benchmark_kdf(struct crypt_device *cd,
-	const char *kdf,
-	const char *hash,
+int crypt_benchmark_pbkdf(struct crypt_device *cd,
+	const struct crypt_pbkdf_type *pbkdf,
 	const char *password,
 	size_t password_size,
 	const char *salt,
 	size_t salt_size,
-	uint64_t *iterations_sec)
+	size_t volume_key_size,
+	uint32_t *iterations,
+	uint32_t *memory)
 {
-	int r, key_length = 0;
-
-	if (!iterations_sec)
-		return -EINVAL;
+	uint32_t iterations_sec;
+	int r;

 	r = init_crypto(cd);
 	if (r < 0)
 		return r;

-	// FIXME: this should be in KDF check API parameters later
-	if (cd)
-		key_length = crypt_get_volume_key_size(cd);
+	if (!strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)) {
+		if (!iterations || memory)
+			return -EINVAL;

-	if (key_length == 0)
-		key_length = DEFAULT_LUKS1_KEYBITS / 8;
+		r = crypt_pbkdf_check(pbkdf->type, pbkdf->hash, password, password_size,
+				      salt, salt_size, volume_key_size, &iterations_sec);

-	if (!strncmp(kdf, "pbkdf2", 6))
-		r = crypt_pbkdf_check(kdf, hash, password, password_size,
-				      salt, salt_size, key_length, iterations_sec);
-	else
+		*iterations = (uint32_t)((uint64_t)iterations_sec * (uint64_t)pbkdf->time_ms / 1000);
+		if (!r)
+			log_dbg("PBKDF2 benchmark, hash %s: %u iterations per second (%zu-bits key).",
+				pbkdf->hash, iterations_sec, volume_key_size * 8);
+	} else
 		r = -EINVAL;

-	if (!r)
-		log_dbg("KDF %s, hash %s: %" PRIu64 " iterations per second (%d-bits key).",
-			kdf, hash, *iterations_sec, key_length * 8);
 	return r;
 }