Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add PIN support to KeyData #289

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

add PIN support to KeyData #289

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
eb5f4e7
pbkdf2: ensure thatthe time cost is correct in tests
chrisccoulson Nov 15, 2024
1d0d689
[WIP] add PIN support to KeyData
chrisccoulson Mar 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions argon2.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ type Argon2Options struct {
Parallel uint8
}

func (o *Argon2Options) kdfParams(keyLen uint32) (*kdfParams, error) {
func (o *Argon2Options) kdfParams(defaultTargetDuration time.Duration, keyLen uint32) (*kdfParams, error) {
switch o.Mode {
case Argon2Default, Argon2i, Argon2id:
// ok
Expand Down Expand Up @@ -159,7 +159,7 @@ func (o *Argon2Options) kdfParams(keyLen uint32) (*kdfParams, error) {
default:
benchmarkParams := &argon2.BenchmarkParams{
MaxMemoryCostKiB: 1 * 1024 * 1024, // the default maximum memory cost is 1GiB.
TargetDuration: 2 * time.Second, // the default target duration is 2s.
TargetDuration: defaultTargetDuration,
}

if o.MemoryKiB != 0 {
Expand Down Expand Up @@ -187,7 +187,7 @@ func (o *Argon2Options) kdfParams(keyLen uint32) (*kdfParams, error) {
MemoryKiB: params.MemoryKiB,
ForceIterations: params.Time,
Parallel: params.Threads}
return o.kdfParams(keyLen)
return o.kdfParams(defaultTargetDuration, keyLen)
}
}

Expand Down
38 changes: 26 additions & 12 deletions argon2_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ var _ = Suite(&argon2Suite{})

func (s *argon2Suite) TestKDFParamsDefault(c *C) {
var opts Argon2Options
params, err := opts.KdfParams(0)
params, err := opts.KdfParams(2*time.Second, 0)
c.Assert(err, IsNil)
c.Check(s.kdf.BenchmarkMode, Equals, Argon2id)

Expand All @@ -85,10 +85,24 @@ func (s *argon2Suite) TestKDFParamsDefault(c *C) {
})
}

func (s *argon2Suite) TestKDFParamsDefaultWithDifferentTargetDuration(c *C) {
var opts Argon2Options
params, err := opts.KdfParams(200*time.Millisecond, 32)
c.Assert(err, IsNil)
c.Check(s.kdf.BenchmarkMode, Equals, Argon2id)

c.Check(params, DeepEquals, &KdfParams{
Type: "argon2id",
Time: 4,
Memory: 102406,
CPUs: s.cpusAuto,
})
}

func (s *argon2Suite) TestKDFParamsExplicitMode(c *C) {
var opts Argon2Options
opts.Mode = Argon2i
params, err := opts.KdfParams(0)
params, err := opts.KdfParams(2*time.Second, 0)
c.Assert(err, IsNil)
c.Check(s.kdf.BenchmarkMode, Equals, Argon2i)

Expand All @@ -103,7 +117,7 @@ func (s *argon2Suite) TestKDFParamsExplicitMode(c *C) {
func (s *argon2Suite) TestKDFParamsTargetDuration(c *C) {
var opts Argon2Options
opts.TargetDuration = 1 * time.Second
params, err := opts.KdfParams(32)
params, err := opts.KdfParams(2*time.Second, 32)
c.Assert(err, IsNil)
c.Check(s.kdf.BenchmarkMode, Equals, Argon2id)

Expand All @@ -118,7 +132,7 @@ func (s *argon2Suite) TestKDFParamsTargetDuration(c *C) {
func (s *argon2Suite) TestKDFParamsMemoryLimit(c *C) {
var opts Argon2Options
opts.MemoryKiB = 32 * 1024
params, err := opts.KdfParams(0)
params, err := opts.KdfParams(2*time.Second, 0)
c.Assert(err, IsNil)
c.Check(s.kdf.BenchmarkMode, Equals, Argon2id)

Expand All @@ -133,7 +147,7 @@ func (s *argon2Suite) TestKDFParamsMemoryLimit(c *C) {
func (s *argon2Suite) TestKDFParamsForceBenchmarkedThreads(c *C) {
var opts Argon2Options
opts.Parallel = 1
params, err := opts.KdfParams(0)
params, err := opts.KdfParams(2*time.Second, 0)
c.Assert(err, IsNil)
c.Check(s.kdf.BenchmarkMode, Equals, Argon2id)

Expand All @@ -151,7 +165,7 @@ func (s *argon2Suite) TestKDFParamsForceIterations(c *C) {

var opts Argon2Options
opts.ForceIterations = 3
params, err := opts.KdfParams(0)
params, err := opts.KdfParams(2*time.Second, 0)
c.Assert(err, IsNil)
c.Check(s.kdf.BenchmarkMode, Equals, Argon2Default)

Expand All @@ -170,7 +184,7 @@ func (s *argon2Suite) TestKDFParamsForceMemory(c *C) {
var opts Argon2Options
opts.ForceIterations = 3
opts.MemoryKiB = 32 * 1024
params, err := opts.KdfParams(0)
params, err := opts.KdfParams(2*time.Second, 0)
c.Assert(err, IsNil)
c.Check(s.kdf.BenchmarkMode, Equals, Argon2Default)

Expand All @@ -188,7 +202,7 @@ func (s *argon2Suite) TestKDFParamsForceIterationsDifferentCPUNum(c *C) {

var opts Argon2Options
opts.ForceIterations = 3
params, err := opts.KdfParams(0)
params, err := opts.KdfParams(2*time.Second, 0)
c.Assert(err, IsNil)
c.Check(s.kdf.BenchmarkMode, Equals, Argon2Default)

Expand All @@ -207,7 +221,7 @@ func (s *argon2Suite) TestKDFParamsForceThreads(c *C) {
var opts Argon2Options
opts.ForceIterations = 3
opts.Parallel = 1
params, err := opts.KdfParams(9)
params, err := opts.KdfParams(2*time.Second, 0)
c.Assert(err, IsNil)
c.Check(s.kdf.BenchmarkMode, Equals, Argon2Default)

Expand All @@ -226,7 +240,7 @@ func (s *argon2Suite) TestKDFParamsForceThreadsGreatherThanCPUNum(c *C) {
var opts Argon2Options
opts.ForceIterations = 3
opts.Parallel = 8
params, err := opts.KdfParams(0)
params, err := opts.KdfParams(2*time.Second, 0)
c.Assert(err, IsNil)
c.Check(s.kdf.BenchmarkMode, Equals, Argon2Default)

Expand All @@ -241,15 +255,15 @@ func (s *argon2Suite) TestKDFParamsForceThreadsGreatherThanCPUNum(c *C) {
func (s *argon2Suite) TestKDFParamsInvalidForceIterations(c *C) {
var opts Argon2Options
opts.ForceIterations = math.MaxUint32
_, err := opts.KdfParams(0)
_, err := opts.KdfParams(2*time.Second, 0)
c.Check(err, ErrorMatches, `invalid iterations count 4294967295`)
}

func (s *argon2Suite) TestKDFParamsInvalidMemoryKiB(c *C) {
var opts Argon2Options
opts.ForceIterations = 4
opts.MemoryKiB = math.MaxUint32
_, err := opts.KdfParams(0)
_, err := opts.KdfParams(2*time.Second, 0)
c.Check(err, ErrorMatches, `invalid memory cost 4294967295KiB`)
}

Expand Down
12 changes: 6 additions & 6 deletions export_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,16 +42,16 @@ type (
ProtectedKeys = protectedKeys
)

func KDFOptionsKdfParams(o KDFOptions, keyLen uint32) (*KdfParams, error) {
return o.kdfParams(keyLen)
func KDFOptionsKdfParams(opts KDFOptions, defaultTargetDuration time.Duration, keyLen uint32) (*KdfParams, error) {
return opts.kdfParams(defaultTargetDuration, keyLen)
}

func (o *Argon2Options) KdfParams(keyLen uint32) (*KdfParams, error) {
return o.kdfParams(keyLen)
func (o *Argon2Options) KdfParams(defaultTargetDuration time.Duration, keyLen uint32) (*KdfParams, error) {
return o.kdfParams(defaultTargetDuration, keyLen)
}

func (o *PBKDF2Options) KdfParams(keyLen uint32) (*KdfParams, error) {
return o.kdfParams(keyLen)
func (o *PBKDF2Options) KdfParams(defaultTargetDuration time.Duration, keyLen uint32) (*KdfParams, error) {
return o.kdfParams(defaultTargetDuration, keyLen)
}

func MockLUKS2Activate(fn func(string, string, []byte, int) error) (restore func()) {
Expand Down
4 changes: 3 additions & 1 deletion kdf.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,10 @@

package secboot

import "time"

// KDFOptions is an interface for supplying options for different
// key derivation functions
type KDFOptions interface {
kdfParams(keyLen uint32) (*kdfParams, error)
kdfParams(defaultTargetDuration time.Duration, keyLen uint32) (*kdfParams, error)
}
Loading
Loading