diff options
| author | Aidan Dang <dang@aidan.gg> | 2022-12-03 16:26:13 +0100 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2022-12-06 15:56:11 +0100 |
| commit | b04ff66b426c6cffa3b27d0448e633ebf6aba147 (patch) | |
| tree | f378478e40376f647ed2f554b245e1180c349116 /src/shared/user-record.c | |
| parent | Merge pull request #25559 from intelfx/work/systemd-importd-quotas (diff) | |
| download | systemd-b04ff66b426c6cffa3b27d0448e633ebf6aba147.tar.xz systemd-b04ff66b426c6cffa3b27d0448e633ebf6aba147.zip | |
Implement --luks-pbkdf-force-iterations for homed
Diffstat (limited to 'src/shared/user-record.c')
| -rw-r--r-- | src/shared/user-record.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/shared/user-record.c b/src/shared/user-record.c index 84cbdb1d30..06bc699572 100644 --- a/src/shared/user-record.c +++ b/src/shared/user-record.c @@ -55,6 +55,7 @@ UserRecord* user_record_new(void) { .luks_discard = -1, .luks_offline_discard = -1, .luks_volume_key_size = UINT64_MAX, + .luks_pbkdf_force_iterations = UINT64_MAX, .luks_pbkdf_time_cost_usec = UINT64_MAX, .luks_pbkdf_memory_cost = UINT64_MAX, .luks_pbkdf_parallel_threads = UINT64_MAX, @@ -1213,6 +1214,7 @@ static int dispatch_per_machine(const char *name, JsonVariant *variant, JsonDisp { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 }, { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE }, { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE }, + { "luksPbkdfForceIterations", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_force_iterations), 0 }, { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 }, { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 }, { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 }, @@ -1566,6 +1568,7 @@ int user_record_load(UserRecord *h, JsonVariant *v, UserRecordLoadFlags load_fla { "luksVolumeKeySize", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_volume_key_size), 0 }, { "luksPbkdfHashAlgorithm", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_hash_algorithm), JSON_SAFE }, { "luksPbkdfType", JSON_VARIANT_STRING, json_dispatch_string, offsetof(UserRecord, luks_pbkdf_type), JSON_SAFE }, + { "luksPbkdfForceIterations", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_force_iterations), 0 }, { "luksPbkdfTimeCostUSec", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_time_cost_usec), 0 }, { "luksPbkdfMemoryCost", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_memory_cost), 0 }, { "luksPbkdfParallelThreads", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(UserRecord, luks_pbkdf_parallel_threads), 0 }, @@ -1842,6 +1845,17 @@ const char* user_record_luks_pbkdf_type(UserRecord *h) { return h->luks_pbkdf_type ?: "argon2id"; } +uint64_t user_record_luks_pbkdf_force_iterations(UserRecord *h) { + assert(h); + + /* propagate default "benchmark" mode as itself */ + if (h->luks_pbkdf_force_iterations == UINT64_MAX) + return UINT64_MAX; + + /* clamp everything else to actually accepted number of iterations of libcryptsetup */ + return CLAMP(h->luks_pbkdf_force_iterations, 1U, UINT32_MAX); +} + uint64_t user_record_luks_pbkdf_time_cost_usec(UserRecord *h) { assert(h); |