eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Do not allow forced pbkdf parameters below minimal values.

Browse Source
This commit is contained in:
Ondrej Kozina
2018-02-01 16:23:25 +01:00
committed by Milan Broz
parent 4e5e8fd8fe
commit 169bd9db5e
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/utils_pbkdf.c
View File

@@ -86,9 +86,29 @@ int verify_pbkdf_params(struct crypt_device *cd,
log_err(cd, _("PBKDF max memory or parallel threads must not be set with pbkdf2.\n"));
return -EINVAL;
}
if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK &&
pbkdf->iterations < MIN_PBKDF2_ITERATIONS) {
log_err(cd, _("Forced iteration count is too low for %s (minimum is %u).\n"),
pbkdf_type, MIN_PBKDF2_ITERATIONS);
return -EINVAL;
}
return 0;
}
/* TODO: properly define minimal iterations and also minimal memory values */
if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK) {
if (pbkdf->iterations < 4) {
log_err(cd, _("Forced iteration count is too low for %s (minimum is %u).\n"),
pbkdf_type, 4);
r = -EINVAL;
}
if (pbkdf->max_memory_kb < 32) {
log_err(cd, _("Forced memory cost is too low for %s (minimum is %u kilobytes).\n"),
pbkdf_type, 32);
r = -EINVAL;
}
}
if (pbkdf->max_memory_kb > MAX_PBKDF_MEMORY) {
log_err(cd, _("Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes).\n"),
MAX_PBKDF_MEMORY);