* Copyright (C) 2004, Christophe Saout <christophe@saout.de>
* Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
* Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
return r;
}
+static int action_benchmark_kdf(const char *hash)
+{
+ uint64_t kdf_iters;
+ int r;
+
+ r = crypt_benchmark_kdf(NULL, "pbkdf2", hash, "foo", 3, "bar", 3,
+ &kdf_iters);
+ if (r < 0)
+ log_std("PBKDF2-%-9s N/A\n", hash);
+ else
+ log_std("PBKDF2-%-9s %7" PRIu64 " iterations per second\n",
+ hash, kdf_iters);
+ return r;
+}
+
static int action_benchmark(void)
{
static struct {
{ "twofish", "xts", 64, 16 },
{ NULL, NULL, 0, 0 }
};
- const char *header = "# Tests are approximate using memory only (no storage IO).\n"
- "# Algorithm | Key | Encryption | Decryption\n";
char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
double enc_mbr = 0, dec_mbr = 0;
int key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS);
char *c;
int i, r;
- if (opt_cipher) {
+ log_std("# Tests are approximate using memory only (no storage IO).\n");
+ if (opt_hash) {
+ r = action_benchmark_kdf(opt_hash);
+ } else if (opt_cipher) {
r = crypt_parse_name_and_mode(opt_cipher, cipher, NULL, cipher_mode);
if (r < 0) {
log_err(_("No known cipher specification pattern detected.\n"));
key_size / 8, iv_size, buffer_size,
&enc_mbr, &dec_mbr);
if (!r) {
- log_std("%s", header);
+ log_std("# Algorithm | Key | Encryption | Decryption\n");
strncat(cipher, "-", MAX_CIPHER_LEN);
strncat(cipher, cipher_mode, MAX_CIPHER_LEN);
log_std("%12s %4db %5.1f MiB/s %5.1f MiB/s\n",
} else if (r == -ENOENT)
log_err(_("Cipher %s is not available.\n"), opt_cipher);
} else {
+ action_benchmark_kdf("sha1");
+ action_benchmark_kdf("sha256");
+ action_benchmark_kdf("sha512");
+ action_benchmark_kdf("ripemd160");
+ action_benchmark_kdf("whirlpool");
for (i = 0; bciphers[i].cipher; i++) {
r = crypt_benchmark(NULL, bciphers[i].cipher, bciphers[i].mode,
bciphers[i].key_size, bciphers[i].iv_size,
if (r == -ENOENT)
skipped++;
if (i == 0)
- log_std("%s", header);
+ log_std("# Algorithm | Key | Encryption | Decryption\n");
snprintf(cipher, MAX_CIPHER_LEN, "%s-%s",
bciphers[i].cipher, bciphers[i].mode);
return r;
}
-static int _slots_full(struct crypt_device *cd)
-{
- int i;
-
- for (i = 0; i < crypt_keyslot_max(crypt_get_type(cd)); i++)
- if (crypt_keyslot_status(cd, i) == CRYPT_SLOT_INACTIVE)
- return 0;
- return 1;
-}
-
static int action_luksChangeKey(void)
{
const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL);
struct crypt_device *cd = NULL;
- char *vk = NULL, *password = NULL;
- size_t passwordLen = 0;
- size_t vk_size;
- int new_key_slot, old_key_slot, r;
+ char *password = NULL, *password_new = NULL;
+ size_t password_size = 0, password_new_size = 0;
+ int r;
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
goto out;
crypt_set_iteration_time(cd, opt_iteration_time);
r = crypt_get_key(_("Enter LUKS passphrase to be changed: "),
- &password, &passwordLen,
+ &password, &password_size,
opt_keyfile_offset, opt_keyfile_size, opt_key_file,
opt_timeout, _verify_passphrase(0), cd);
if (r < 0)
goto out;
- vk_size = crypt_get_volume_key_size(cd);
- vk = crypt_safe_alloc(vk_size);
- if (!vk) {
- r = -ENOMEM;
- goto out;
- }
-
- r = crypt_volume_key_get(cd, opt_key_slot, vk, &vk_size,
- password, passwordLen);
- if (r < 0) {
- if (opt_key_slot != CRYPT_ANY_SLOT)
- log_err(_("No key available with this passphrase.\n"));
+ /* Check password before asking for new one */
+ r = crypt_activate_by_passphrase(cd, NULL, opt_key_slot,
+ password, password_size, 0);
+ if (r < 0)
goto out;
- }
- if (opt_key_slot != CRYPT_ANY_SLOT || _slots_full(cd)) {
- log_dbg("Key slot %d is going to be overwritten (%s).",
- r, opt_key_slot != CRYPT_ANY_SLOT ?
- "explicit key slot specified" : "no free key slot");
- old_key_slot = r;
- new_key_slot = r;
- } else {
- log_dbg("Allocating new key slot.");
- old_key_slot = r;
- new_key_slot = CRYPT_ANY_SLOT;
- }
-
- crypt_safe_free(password);
- password = NULL;
- passwordLen = 0;
r = crypt_get_key(_("Enter new LUKS passphrase: "),
- &password, &passwordLen,
+ &password_new, &password_new_size,
opt_new_keyfile_offset, opt_new_keyfile_size,
opt_new_key_file,
opt_timeout, _verify_passphrase(0), cd);
if (r < 0)
goto out;
- if (new_key_slot == old_key_slot) {
- (void)crypt_keyslot_destroy(cd, old_key_slot);
- r = crypt_keyslot_add_by_volume_key(cd, new_key_slot,
- vk, vk_size,
- password, passwordLen);
- if (r >= 0)
- log_verbose(_("Key slot %d changed.\n"), r);
- } else {
- r = crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT,
- vk, vk_size,
- password, passwordLen);
- if (r >= 0) {
- log_verbose(_("Replaced with key slot %d.\n"), r);
- r = crypt_keyslot_destroy(cd, old_key_slot);
- }
- }
- if (r < 0)
- log_err(_("Failed to swap new key slot.\n"));
+ r = crypt_keyslot_change_by_passphrase(cd, opt_key_slot, opt_key_slot,
+ password, password_size, password_new, password_new_size);
out:
- crypt_safe_free(vk);
crypt_safe_free(password);
+ crypt_safe_free(password_new);
crypt_free(cd);
return r;
}