diff options
| author | Aidan Dang <dang@aidan.gg> | 2022-12-04 02:26:13 +1100 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2022-12-06 15:56:11 +0100 |
| commit | b04ff66b426c6cffa3b27d0448e633ebf6aba147 (patch) | |
| tree | f378478e40376f647ed2f554b245e1180c349116 /src/home | |
| parent | 64e7a14146cd1f66a8b0865adf7c3495c1b5c4e9 (diff) | |
| download | systemd-b04ff66b426c6cffa3b27d0448e633ebf6aba147.tar.gz | |
Implement --luks-pbkdf-force-iterations for homed
Diffstat (limited to 'src/home')
| -rw-r--r-- | src/home/homectl.c | 4 | ||||
| -rw-r--r-- | src/home/homework-luks.c | 6 |
2 files changed, 9 insertions, 1 deletions
diff --git a/src/home/homectl.c b/src/home/homectl.c index 3e846e370a..a6d25c84fc 100644 --- a/src/home/homectl.c +++ b/src/home/homectl.c @@ -2392,6 +2392,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_IO_WEIGHT, ARG_LUKS_PBKDF_TYPE, ARG_LUKS_PBKDF_HASH_ALGORITHM, + ARG_LUKS_PBKDF_FORCE_ITERATIONS, ARG_LUKS_PBKDF_TIME_COST, ARG_LUKS_PBKDF_MEMORY_COST, ARG_LUKS_PBKDF_PARALLEL_THREADS, @@ -2473,6 +2474,7 @@ static int parse_argv(int argc, char *argv[]) { { "luks-volume-key-size", required_argument, NULL, ARG_LUKS_VOLUME_KEY_SIZE }, { "luks-pbkdf-type", required_argument, NULL, ARG_LUKS_PBKDF_TYPE }, { "luks-pbkdf-hash-algorithm", required_argument, NULL, ARG_LUKS_PBKDF_HASH_ALGORITHM }, + { "luks-pbkdf-force-iterations", required_argument, NULL, ARG_LUKS_PBKDF_FORCE_ITERATIONS }, { "luks-pbkdf-time-cost", required_argument, NULL, ARG_LUKS_PBKDF_TIME_COST }, { "luks-pbkdf-memory-cost", required_argument, NULL, ARG_LUKS_PBKDF_MEMORY_COST }, { "luks-pbkdf-parallel-threads", required_argument, NULL, ARG_LUKS_PBKDF_PARALLEL_THREADS }, @@ -3093,10 +3095,12 @@ static int parse_argv(int argc, char *argv[]) { break; case ARG_LUKS_VOLUME_KEY_SIZE: + case ARG_LUKS_PBKDF_FORCE_ITERATIONS: case ARG_LUKS_PBKDF_PARALLEL_THREADS: case ARG_RATE_LIMIT_BURST: { const char *field = c == ARG_LUKS_VOLUME_KEY_SIZE ? "luksVolumeKeySize" : + c == ARG_LUKS_PBKDF_FORCE_ITERATIONS ? "luksPbkdfForceIterations" : c == ARG_LUKS_PBKDF_PARALLEL_THREADS ? "luksPbkdfParallelThreads" : c == ARG_RATE_LIMIT_BURST ? "rateLimitBurst" : NULL; unsigned n; diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c index 39ad56808d..4d04359740 100644 --- a/src/home/homework-luks.c +++ b/src/home/homework-luks.c @@ -1670,12 +1670,16 @@ static struct crypt_pbkdf_type* build_good_pbkdf(struct crypt_pbkdf_type *buffer assert(buffer); assert(hr); + bool benchmark = user_record_luks_pbkdf_force_iterations(hr) == UINT64_MAX; + *buffer = (struct crypt_pbkdf_type) { .hash = user_record_luks_pbkdf_hash_algorithm(hr), .type = user_record_luks_pbkdf_type(hr), - .time_ms = user_record_luks_pbkdf_time_cost_usec(hr) / USEC_PER_MSEC, + .time_ms = benchmark ? user_record_luks_pbkdf_time_cost_usec(hr) / USEC_PER_MSEC : 0, + .iterations = benchmark ? 0 : user_record_luks_pbkdf_force_iterations(hr), .max_memory_kb = user_record_luks_pbkdf_memory_cost(hr) / 1024, .parallel_threads = user_record_luks_pbkdf_parallel_threads(hr), + .flags = benchmark ? 0 : CRYPT_PBKDF_NO_BENCHMARK, }; return buffer; |