From 4760384d53cd1efacc462ec133d497084141f922 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 8 Dec 2020 14:46:31 +0100 Subject: [PATCH] cryptsetup-util: add helper for setting minimal PBKDF --- src/shared/cryptsetup-util.c | 26 ++++++++++++++++++++++++++ src/shared/cryptsetup-util.h | 3 +++ 2 files changed, 29 insertions(+) diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c index 850c79ed12..a793b9ac5b 100644 --- a/src/shared/cryptsetup-util.c +++ b/src/shared/cryptsetup-util.c @@ -27,6 +27,7 @@ int (*sym_crypt_resize)(struct crypt_device *cd, const char *name, uint64_t new_ int (*sym_crypt_set_data_device)(struct crypt_device *cd, const char *device); void (*sym_crypt_set_debug_level)(int level); void (*sym_crypt_set_log_callback)(struct crypt_device *cd, void (*log)(int level, const char *msg, void *usrptr), void *usrptr); +int (*sym_crypt_set_pbkdf_type)(struct crypt_device *cd, const struct crypt_pbkdf_type *pbkdf) = NULL; int (*sym_crypt_token_json_get)(struct crypt_device *cd, int token, const char **json) = NULL; int (*sym_crypt_token_json_set)(struct crypt_device *cd, int token, const char *json) = NULL; int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size); @@ -64,6 +65,7 @@ int dlopen_cryptsetup(void) { DLSYM_ARG(crypt_set_data_device), DLSYM_ARG(crypt_set_debug_level), DLSYM_ARG(crypt_set_log_callback), + DLSYM_ARG(crypt_set_pbkdf_type), DLSYM_ARG(crypt_token_json_get), DLSYM_ARG(crypt_token_json_set), DLSYM_ARG(crypt_volume_key_get), @@ -113,6 +115,30 @@ void cryptsetup_enable_logging(struct crypt_device *cd) { sym_crypt_set_debug_level(DEBUG_LOGGING ? CRYPT_DEBUG_ALL : CRYPT_DEBUG_NONE); } +int cryptsetup_set_minimal_pbkdf(struct crypt_device *cd) { + + static const struct crypt_pbkdf_type minimal_pbkdf = { + .hash = "sha512", + .type = CRYPT_KDF_PBKDF2, + .iterations = 1, + .time_ms = 1, + }; + + int r; + + /* Sets a minimal PKBDF in case we already have a high entropy key. */ + + r = dlopen_cryptsetup(); + if (r < 0) + return r; + + r = sym_crypt_set_pbkdf_type(cd, &minimal_pbkdf); + if (r < 0) + return r; + + return 0; +} + int cryptsetup_get_token_as_json( struct crypt_device *cd, int idx, diff --git a/src/shared/cryptsetup-util.h b/src/shared/cryptsetup-util.h index c6c56d6801..26f5dd3c89 100644 --- a/src/shared/cryptsetup-util.h +++ b/src/shared/cryptsetup-util.h @@ -25,6 +25,7 @@ extern int (*sym_crypt_resize)(struct crypt_device *cd, const char *name, uint64 extern int (*sym_crypt_set_data_device)(struct crypt_device *cd, const char *device); extern void (*sym_crypt_set_debug_level)(int level); extern void (*sym_crypt_set_log_callback)(struct crypt_device *cd, void (*log)(int level, const char *msg, void *usrptr), void *usrptr); +extern int (*sym_crypt_set_pbkdf_type)(struct crypt_device *cd, const struct crypt_pbkdf_type *pbkdf); extern int (*sym_crypt_token_json_get)(struct crypt_device *cd, int token, const char **json); extern int (*sym_crypt_token_json_set)(struct crypt_device *cd, int token, const char *json); extern int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size); @@ -36,6 +37,8 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(struct crypt_device *, sym_crypt_free); void cryptsetup_enable_logging(struct crypt_device *cd); +int cryptsetup_set_minimal_pbkdf(struct crypt_device *cd); + int cryptsetup_get_token_as_json(struct crypt_device *cd, int idx, const char *verify_type, JsonVariant **ret); int cryptsetup_get_keyslot_from_token(JsonVariant *v); int cryptsetup_add_token_json(struct crypt_device *cd, JsonVariant *v);