Klemens Nanni <k...@openbsd.org> wrote: > @@ -1117,13 +1117,6 @@ bio_changepass(char *dev) > > /* Current passphrase. */ > bio_kdf_derive(&kdfinfo1, &kdfhint, "Old passphrase: ", 0); > - > - /* > - * Unless otherwise specified, keep the previous number of rounds as > - * long as we're using the same KDF. > - */ > - if (kdfhint.generic.type == SR_CRYPTOKDFT_BCRYPT_PBKDF && !rflag) > - rflag = kdfhint.rounds; > > /* New passphrase. */ > bio_kdf_generate(&kdfinfo2);
This will potentially downgrade the amount of rounds on password change if `-r` is omitted, which is not ideal imo. What about the following to keep the previous amount of rounds if its bigger than the automatic estimate? -Lucas diff refs/heads/master 758422c5a8c4e618082a6dc3dc0f268ed05e9cd9 commit - d4b9d4747036fa562b886f23a67e486ba94b3dc6 commit + 758422c5a8c4e618082a6dc3dc0f268ed05e9cd9 blob - d6617b14595e278f687a9f114767438f5fe51326 blob + 951df4da4db2e69c058a2bcb0d460543b602cc7a --- sbin/bioctl/bioctl.8 +++ sbin/bioctl/bioctl.8 @@ -282,11 +282,12 @@ If passphrase of an existing encrypted volume. A larger number of iterations takes more time, but offers increased resistance against passphrase guessing attacks. -If +By default, or if .Ar rounds -is specified as "auto", the number of rounds will be automatically determined -based on system performance. -Otherwise the minimum is 4 rounds and the default is 16. +is specified as +.Cm auto , +the number of rounds will automatically be based on system performance. +The minimum is 16 rounds. .It Fl s Read the passphrase for the selected crypto volume from .Pa /dev/stdin blob - 2928cfba3d52f5f3a4c6589d4e363e09f6da30d4 blob + ba4a15bab4d8d1ac1211aec9a6c315bfb6f29bb6 --- sbin/bioctl/bioctl.c +++ sbin/bioctl/bioctl.c @@ -66,7 +66,7 @@ void bio_kdf_generate(struct sr_crypto_kdfinfo *); int bio_parse_devlist(char *, dev_t *); void bio_kdf_derive(struct sr_crypto_kdfinfo *, struct sr_crypto_pbkdf *, char *, int); -void bio_kdf_generate(struct sr_crypto_kdfinfo *); +void bio_kdf_generate(struct sr_crypto_kdfinfo *, int); int bcrypt_pbkdf_autorounds(void); void derive_key(u_int32_t, int, u_int8_t *, size_t, u_int8_t *, size_t, char *, int); @@ -89,7 +89,7 @@ int rflag = 0; int human; int verbose; u_int32_t cflags = 0; -int rflag = 0; +int rflag = -1; /* auto */ char *password; void *bio_cookie; @@ -182,7 +182,7 @@ main(int argc, char *argv[]) rflag = -1; break; } - rflag = strtonum(optarg, 4, 1<<30, &errstr); + rflag = strtonum(optarg, 16, 1<<30, &errstr); if (errstr != NULL) errx(1, "number of KDF rounds is %s: %s", errstr, optarg); @@ -902,7 +902,7 @@ bio_createraid(u_int16_t level, char *dev_list, char * bio_kdf_derive(&kdfinfo, &kdfhint, "Passphrase: ", 0); memset(&kdfhint, 0, sizeof(kdfhint)); } else { - bio_kdf_generate(&kdfinfo); + bio_kdf_generate(&kdfinfo, -1); } create.bc_opaque = &kdfinfo; @@ -968,17 +968,20 @@ bio_kdf_generate(struct sr_crypto_kdfinfo *kdfinfo) } void -bio_kdf_generate(struct sr_crypto_kdfinfo *kdfinfo) +bio_kdf_generate(struct sr_crypto_kdfinfo *kdfinfo, int hint_rounds) { if (!kdfinfo) errx(1, "invalid KDF info"); - if (rflag == -1) + if (rflag == -1) { rflag = bcrypt_pbkdf_autorounds(); + if (rflag < hint_rounds) + rflag = hint_rounds; + } kdfinfo->pbkdf.generic.len = sizeof(kdfinfo->pbkdf); kdfinfo->pbkdf.generic.type = SR_CRYPTOKDFT_BCRYPT_PBKDF; - kdfinfo->pbkdf.rounds = rflag ? rflag : 16; + kdfinfo->pbkdf.rounds = rflag; kdfinfo->flags = SR_CRYPTOKDF_KEY | SR_CRYPTOKDF_HINT; kdfinfo->len = sizeof(*kdfinfo); @@ -1097,7 +1100,7 @@ bio_changepass(char *dev) struct sr_crypto_kdfpair kdfpair; struct sr_crypto_kdfinfo kdfinfo1, kdfinfo2; struct sr_crypto_pbkdf kdfhint; - int rv; + int rv, hint_rounds = -1; memset(&bd, 0, sizeof(bd)); memset(&kdfhint, 0, sizeof(kdfhint)); @@ -1119,14 +1122,14 @@ bio_changepass(char *dev) bio_kdf_derive(&kdfinfo1, &kdfhint, "Old passphrase: ", 0); /* - * Unless otherwise specified, keep the previous number of rounds as - * long as we're using the same KDF. + * Broadcast the previous number of rounds as long as we're using the + * same KDF. */ - if (kdfhint.generic.type == SR_CRYPTOKDFT_BCRYPT_PBKDF && !rflag) - rflag = kdfhint.rounds; + if (kdfhint.generic.type == SR_CRYPTOKDFT_BCRYPT_PBKDF) + hint_rounds = kdfhint.rounds; /* New passphrase. */ - bio_kdf_generate(&kdfinfo2); + bio_kdf_generate(&kdfinfo2, hint_rounds); kdfpair.kdfinfo1 = &kdfinfo1; kdfpair.kdfsize1 = sizeof(kdfinfo1);