diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h index f779ab2c..98cdd33c 100644 --- a/lib/libcryptsetup.h +++ b/lib/libcryptsetup.h @@ -247,7 +247,18 @@ int crypt_set_pbkdf_type(struct crypt_device *cd, const struct crypt_pbkdf_type *pbkdf); /** - * Get current default PBKDF (Password-Based Key Derivation Algorithm) for keyslots. + * Get default PBKDF (Password-Based Key Derivation Algorithm) settings for keyslots. + * Works only with LUKS device handles (both versions). + * + * @param type type of device (see @link crypt-type @endlink) + * + * @return struct on success or NULL value otherwise. + * + */ +const struct crypt_pbkdf_type *crypt_get_pbkdf_default(const char *type); + +/** + * Get current PBKDF (Password-Based Key Derivation Algorithm) settings for keyslots. * Works only with LUKS device handles (both versions). * * @param cd crypt device handle diff --git a/lib/libcryptsetup.sym b/lib/libcryptsetup.sym index 68796c62..b4fd083d 100644 --- a/lib/libcryptsetup.sym +++ b/lib/libcryptsetup.sym @@ -84,6 +84,7 @@ CRYPTSETUP_2.0 { crypt_get_rng_type; crypt_set_pbkdf_type; crypt_get_pbkdf_type; + crypt_get_pbkdf_default; crypt_keyslot_max; crypt_keyslot_area; diff --git a/lib/utils_pbkdf.c b/lib/utils_pbkdf.c index bcc77d2f..a46abf3c 100644 --- a/lib/utils_pbkdf.c +++ b/lib/utils_pbkdf.c @@ -251,6 +251,19 @@ const struct crypt_pbkdf_type *crypt_get_pbkdf_type(struct crypt_device *cd) return crypt_get_pbkdf(cd)->type ? crypt_get_pbkdf(cd) : NULL; } +const struct crypt_pbkdf_type *crypt_get_pbkdf_default(const char *type) +{ + if (!type) + return NULL; + + if (!strcmp(type, CRYPT_LUKS1)) + return &default_luks1; + else if (!strcmp(type, CRYPT_LUKS2)) + return &default_luks2; + + return NULL; +} + void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_ms) { struct crypt_pbkdf_type *pbkdf; diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 5c2b610c..9b166aed 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -1969,6 +1969,7 @@ static void help(poptContext popt_context, { if (key->shortName == '?') { struct action_type *action; + const struct crypt_pbkdf_type *pbkdf_luks1, *pbkdf_luks2; log_std("%s\n",PACKAGE_STRING); @@ -1991,15 +1992,18 @@ static void help(poptContext popt_context, " optional key file for the new key for luksAddKey action\n"), crypt_get_dir()); + pbkdf_luks1 = crypt_get_pbkdf_default(CRYPT_LUKS1); + pbkdf_luks2 = crypt_get_pbkdf_default(CRYPT_LUKS2); log_std(_("\nDefault compiled-in key and passphrase parameters:\n" "\tMaximum keyfile size: %dkB, " "Maximum interactive passphrase length %d (characters)\n" - "Default PBKDF2 iteration time for LUKS: %d (ms)\n" + "Default PBKDF for LUKS1: %s, iteration time: %d (ms)\n" "Default PBKDF for LUKS2: %s\n" "\tIteration time: %d, Memory required: %dkB, Parallel threads: %d\n"), DEFAULT_KEYFILE_SIZE_MAXKB, DEFAULT_PASSPHRASE_SIZE_MAX, - DEFAULT_LUKS1_ITER_TIME, DEFAULT_LUKS2_PBKDF, DEFAULT_LUKS2_ITER_TIME, - DEFAULT_LUKS2_MEMORY_KB, DEFAULT_LUKS2_PARALLEL_THREADS); + pbkdf_luks1->type, pbkdf_luks1->time_ms, + pbkdf_luks2->type, pbkdf_luks2->time_ms, pbkdf_luks2->max_memory_kb, + pbkdf_luks2->parallel_threads); log_std(_("\nDefault compiled-in device cipher parameters:\n" "\tloop-AES: %s, Key %d bits\n" diff --git a/tests/api-test-2.c b/tests/api-test-2.c index 000b24c4..639c0a94 100644 --- a/tests/api-test-2.c +++ b/tests/api-test-2.c @@ -2280,6 +2280,22 @@ static void Pbkdf(void) EQ_(pbkdf->flags, CRYPT_PBKDF_NO_BENCHMARK); crypt_free(cd); + + NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS1)); + OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)); + EQ_(pbkdf->time_ms, DEFAULT_LUKS1_ITER_TIME); + OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); + EQ_(pbkdf->max_memory_kb, 0); + EQ_(pbkdf->parallel_threads, 0); + + NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS2)); + OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF)); + EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME); + OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH)); + EQ_(pbkdf->max_memory_kb, DEFAULT_LUKS2_MEMORY_KB); + EQ_(pbkdf->parallel_threads, DEFAULT_LUKS2_PARALLEL_THREADS); + + NULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_PLAIN)); } static void Luks2KeyslotAdd(void)