eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-12 03:10:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use min memory limit from PBKDF struct in Argon benchmark.

Browse Source
This commit is contained in:
Milan Broz
2019-01-31 10:53:51 +01:00
parent ae90497762
commit a68f3939cf
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/crypto_backend/pbkdf_check.c
View File

@@ -202,7 +202,7 @@ static int next_argon2_params(uint32_t *t_cost, uint32_t *m_cost,
static int crypt_argon2_check(const char *kdf, const char *password, static int crypt_argon2_check(const char *kdf, const char *password,
size_t password_length, const char *salt, size_t password_length, const char *salt,
size_t salt_length, size_t key_length, size_t salt_length, size_t key_length,
uint32_t min_t_cost, uint32_t max_m_cost, uint32_t min_t_cost, uint32_t min_m_cost, uint32_t max_m_cost,
uint32_t parallel, uint32_t target_ms, uint32_t parallel, uint32_t target_ms,
uint32_t *out_t_cost, uint32_t *out_m_cost, uint32_t *out_t_cost, uint32_t *out_m_cost,
int (*progress)(uint32_t time_ms, void *usrptr), int (*progress)(uint32_t time_ms, void *usrptr),
@@ -210,7 +210,7 @@ static int crypt_argon2_check(const char *kdf, const char *password,
{ {
int r = 0; int r = 0;
char *key = NULL; char *key = NULL;
uint32_t t_cost, m_cost, min_m_cost = 8 * parallel; uint32_t t_cost, m_cost;
long ms; long ms;
long ms_atleast = (long)target_ms * BENCH_PERCENT_ATLEAST / 100; long ms_atleast = (long)target_ms * BENCH_PERCENT_ATLEAST / 100;
long ms_atmost = (long)target_ms * BENCH_PERCENT_ATMOST / 100; long ms_atmost = (long)target_ms * BENCH_PERCENT_ATMOST / 100;
@@ -218,6 +218,9 @@ static int crypt_argon2_check(const char *kdf, const char *password,
if (key_length <= 0 || target_ms <= 0) if (key_length <= 0 || target_ms <= 0)
return -EINVAL; return -EINVAL;
if (min_m_cost < (parallel * 8))
min_m_cost = parallel * 8;
if (max_m_cost < min_m_cost) if (max_m_cost < min_m_cost)
return -EINVAL; return -EINVAL;
@@ -403,6 +406,7 @@ int crypt_pbkdf_perf(const char *kdf, const char *hash,
if (!kdf || !iterations_out || !memory_out) if (!kdf || !iterations_out || !memory_out)
return -EINVAL; return -EINVAL;
/* FIXME: whole limits propagation should be more clear here */
r = crypt_pbkdf_get_limits(kdf, &pbkdf_limits); r = crypt_pbkdf_get_limits(kdf, &pbkdf_limits);
if (r < 0) if (r < 0)
return r; return r;
@@ -418,7 +422,9 @@ int crypt_pbkdf_perf(const char *kdf, const char *hash,
else if (!strncmp(kdf, "argon2", 6)) else if (!strncmp(kdf, "argon2", 6))
r = crypt_argon2_check(kdf, password, password_size, r = crypt_argon2_check(kdf, password, password_size,
salt, salt_size, volume_key_size, salt, salt_size, volume_key_size,
pbkdf_limits.min_iterations, max_memory_kb, pbkdf_limits.min_iterations,
pbkdf_limits.min_memory,
max_memory_kb,
parallel_threads, time_ms, iterations_out, parallel_threads, time_ms, iterations_out,
memory_out, progress, usrptr); memory_out, progress, usrptr);
return r; return r;