Commit 2300c692 authored by Milan Broz's avatar Milan Broz

Check hash value in pbkdf setting early.

parent da6dbbd4
......@@ -48,7 +48,7 @@ int crypt_pbkdf_get_limits(const char *kdf, struct crypt_pbkdf_limits *limits)
limits->min_parallel = 0; /* N/A */
limits->max_parallel = 0; /* N/A */
return 0;
} else if (!strncmp(kdf, "argon2", 6)) {
} else if (!strcmp(kdf, "argon2i") || !strcmp(kdf, "argon2id")) {
limits->min_iterations = 4;
limits->max_iterations = UINT32_MAX;
limits->min_memory = 32;
......
......@@ -63,7 +63,11 @@ int verify_pbkdf_params(struct crypt_device *cd,
{
struct crypt_pbkdf_limits pbkdf_limits;
const char *pbkdf_type;
int r = 0;
int r;
r = init_crypto(cd);
if (r < 0)
return r;
if (!pbkdf->type ||
(!pbkdf->hash && !strcmp(pbkdf->type, "pbkdf2")))
......@@ -74,13 +78,17 @@ int verify_pbkdf_params(struct crypt_device *cd,
return -EINVAL;
}
/* TODO: initialise crypto and check the hash and pbkdf are both available */
r = crypt_parse_pbkdf(pbkdf->type, &pbkdf_type);
if (r < 0) {
log_err(cd, _("Unknown PBKDF type %s."), pbkdf->type);
return r;
}
if (pbkdf->hash && crypt_hash_size(pbkdf->hash) < 0) {
log_err(cd, _("Requested hash %s is not supported."), pbkdf->hash);
return -EINVAL;
}
r = crypt_pbkdf_get_limits(pbkdf->type, &pbkdf_limits);
if (r < 0)
return r;
......@@ -161,11 +169,6 @@ int init_pbkdf_type(struct crypt_device *cd,
if (r < 0)
return r;
/*
* Crypto backend may be not initialized here,
* cannot check if algorithms are really available.
* It will fail later anyway :-)
*/
type = strdup(pbkdf->type);
hash = pbkdf->hash ? strdup(pbkdf->hash) : NULL;
......
......@@ -2269,9 +2269,8 @@ static void Pbkdf(void)
bad.type = NULL;
bad.hash = DEFAULT_LUKS1_HASH;
FAIL_(crypt_set_pbkdf_type(cd, &bad), "Pbkdf type member is empty");
// following test fails atm
// bad.hash = "hamster_hash";
// FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member");
bad.hash = "hamster_hash";
FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member");
crypt_free(cd);
// test whether crypt_get_pbkdf_type() behaves accordingly after second crypt_load() call
OK_(crypt_init(&cd, DEVICE_1));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment