eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-15 12:50:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

Switch to fetching default PBKDF values from library.

Browse Source
This commit is contained in:
Milan Broz
2019-01-23 14:15:23 +01:00
parent 388afa07f4
commit 715b0c9b6c
2 changed files with 25 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/cryptsetup.c
View File

@@ -922,24 +922,20 @@ static int action_benchmark(void)
static int set_pbkdf_params(struct crypt_device *cd, const char *dev_type)
{
const struct crypt_pbkdf_type *pbkdf_default;
struct crypt_pbkdf_type pbkdf = {};
if (!strcmp(dev_type, CRYPT_LUKS1)) {
if (opt_pbkdf && strcmp(opt_pbkdf, CRYPT_KDF_PBKDF2))
pbkdf_default = crypt_get_pbkdf_default(dev_type);
if (!pbkdf_default)
return -EINVAL;
pbkdf.type = CRYPT_KDF_PBKDF2;
pbkdf.hash = opt_hash ?: DEFAULT_LUKS1_HASH;
pbkdf.time_ms = opt_iteration_time ?: DEFAULT_LUKS1_ITER_TIME;
} else if (!strcmp(dev_type, CRYPT_LUKS2)) {
pbkdf.type = opt_pbkdf ?: DEFAULT_LUKS2_PBKDF;
pbkdf.hash = opt_hash ?: DEFAULT_LUKS1_HASH;
pbkdf.time_ms = opt_iteration_time ?: DEFAULT_LUKS2_ITER_TIME;
pbkdf.type = opt_pbkdf ?: pbkdf_default->type;
pbkdf.hash = opt_hash ?: pbkdf_default->hash;
pbkdf.time_ms = opt_iteration_time ?: pbkdf_default->time_ms;
if (strcmp(pbkdf.type, CRYPT_KDF_PBKDF2)) {
pbkdf.max_memory_kb = opt_pbkdf_memory;
pbkdf.parallel_threads = opt_pbkdf_parallel;
pbkdf.max_memory_kb = opt_pbkdf_memory ?: pbkdf_default->max_memory_kb;
pbkdf.parallel_threads = opt_pbkdf_parallel ?: pbkdf_default->parallel_threads;
}
} else
return 0;
if (opt_pbkdf_iterations) {
pbkdf.iterations = opt_pbkdf_iterations;

34
src/cryptsetup_reencrypt.c
View File

@@ -511,24 +511,20 @@ out:
static int set_pbkdf_params(struct crypt_device *cd, const char *dev_type)
{
const struct crypt_pbkdf_type *pbkdf_default;
struct crypt_pbkdf_type pbkdf = {};
if (!strcmp(dev_type, CRYPT_LUKS1)) {
if (opt_pbkdf && strcmp(opt_pbkdf, CRYPT_KDF_PBKDF2))
pbkdf_default = crypt_get_pbkdf_default(dev_type);
if (!pbkdf_default)
return -EINVAL;
pbkdf.type = CRYPT_KDF_PBKDF2;
pbkdf.hash = opt_hash ?: DEFAULT_LUKS1_HASH;
pbkdf.time_ms = opt_iteration_time ?: DEFAULT_LUKS1_ITER_TIME;
} else if (!strcmp(dev_type, CRYPT_LUKS2)) {
pbkdf.type = opt_pbkdf ?: DEFAULT_LUKS2_PBKDF;
pbkdf.hash = opt_hash ?: DEFAULT_LUKS1_HASH;
pbkdf.time_ms = opt_iteration_time ?: DEFAULT_LUKS2_ITER_TIME;
pbkdf.type = opt_pbkdf ?: pbkdf_default->type;
pbkdf.hash = opt_hash ?: pbkdf_default->hash;
pbkdf.time_ms = opt_iteration_time ?: pbkdf_default->time_ms;
if (strcmp(pbkdf.type, CRYPT_KDF_PBKDF2)) {
pbkdf.max_memory_kb = opt_pbkdf_memory;
pbkdf.parallel_threads = opt_pbkdf_parallel;
pbkdf.max_memory_kb = opt_pbkdf_memory ?: pbkdf_default->max_memory_kb;
pbkdf.parallel_threads = opt_pbkdf_parallel ?: pbkdf_default->parallel_threads;
}
} else
return -EINVAL;
if (opt_pbkdf_iterations) {
pbkdf.iterations = opt_pbkdf_iterations;
@@ -799,16 +795,7 @@ static int backup_fake_header(struct reenc_ctx *rc)
{
struct crypt_device *cd_new = NULL;
struct crypt_params_luks1 params = {0};
const struct crypt_pbkdf_type luks2_pbkdf = {
.type = DEFAULT_LUKS2_PBKDF,
.hash = opt_hash ?: DEFAULT_LUKS1_HASH,
.time_ms = DEFAULT_LUKS2_ITER_TIME,
.max_memory_kb = DEFAULT_LUKS2_MEMORY_KB,
.parallel_threads = DEFAULT_LUKS2_PARALLEL_THREADS
};
struct crypt_params_luks2 params2 = {
.pbkdf = &luks2_pbkdf
};
struct crypt_params_luks2 params2 = {0};
char cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
const char *header_file_fake;
int r;
@@ -837,6 +824,7 @@ static int backup_fake_header(struct reenc_ctx *rc)
params2.data_alignment = params.data_alignment = 0;
params2.data_device = params.data_device = rc->device;
params2.sector_size = crypt_get_sector_size(NULL);
params2.pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS2);
r = crypt_init(&cd_new, header_file_fake);
if (r < 0)