Fix PBKDF2 iteration benchmark for longer key sizes.

The previous PBKDF2 benchmark code did not take into account output key length. For SHA1 (with 160-bits output) and 256-bit keys (and longer) it means that the final value was higher than it should be. For other hash algorithms (like SHA256 or SHA512) it caused that iteration count was smaller (in comparison to SHA1) than expected for the requested time period. This patch fixes the code to use key size for the formatted device (or default LUKS key size if running in informational benchmark mode). Thanks to A.Visconti, S.Bossi, A.Calo and H.Ragab (http://www.club.di.unimi.it/) for point this out. (Based on "What users should know about Full Disk Encryption based on LUKS" paper to be presented on CANS2015).
2025-12-05 16:00:05 +01:00 · 2015-10-29 11:52:18 +01:00
parent 9e90d91446
commit 4609fd87d7
5 changed files with 47 additions and 24 deletions
--- a/lib/utils_benchmark.c
+++ b/lib/utils_benchmark.c
@@ -240,7 +240,7 @@ int crypt_benchmark_kdf(struct crypt_device *cd,
 	size_t salt_size,
 	uint64_t *iterations_sec)
 {
-	int r;
+	int r, key_length = 0;

 	if (!iterations_sec)
 		return -EINVAL;
@@ -249,14 +249,21 @@ int crypt_benchmark_kdf(struct crypt_device *cd,
 	if (r < 0)
 		return r;

+	// FIXME: this should be in KDF check API parameters later
+	if (cd)
+		key_length = crypt_get_volume_key_size(cd);
+
+	if (key_length == 0)
+		key_length = DEFAULT_LUKS1_KEYBITS / 8;
+
 	if (!strncmp(kdf, "pbkdf2", 6))
 		r = crypt_pbkdf_check(kdf, hash, password, password_size,
-				      salt, salt_size, iterations_sec);
+				      salt, salt_size, key_length, iterations_sec);
 	else
 		r = -EINVAL;

 	if (!r)
-		log_dbg("KDF %s, hash %s: %" PRIu64 " iterations per second.",
-			kdf, hash, *iterations_sec);
+		log_dbg("KDF %s, hash %s: %" PRIu64 " iterations per second (%d-bits key).",
+			kdf, hash, *iterations_sec, key_length * 8);
 	return r;
 }