From 4ec4a067769e85e05d46b1373d48980de8571d7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juhani=20Krekel=C3=A4?= Date: Fri, 9 Apr 2021 20:16:54 +0300 Subject: [PATCH] Have a shared work buffer and derive the number of KDF round from size of buffer --- puer.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/puer.c b/puer.c index f2b3f21..5b1845a 100644 --- a/puer.c +++ b/puer.c @@ -268,9 +268,9 @@ void hmac(unsigned char output[32], unsigned char key[], size_t keylen, unsigned finalize_hash(&state, output); } -// KDF_ROUNDS must be at least 2 -#define KDF_ROUNDS 100000 -unsigned char kdf_buf[KDF_ROUNDS * 32]; +unsigned char workbuf[8 * 1024 * 1024]; +#define KDF_ROUNDS (sizeof(workbuf) / 32) + void kdf(unsigned char key[16], unsigned char salt[32], unsigned char passphrase[], size_t passphraselen) { // This is based on the design of PBKDF2 but aims to be memory hard // This is achieved by storing all the hashes in a buffer and the @@ -288,20 +288,20 @@ void kdf(unsigned char key[16], unsigned char salt[32], unsigned char passphrase // include the counter i from PBKDF2 since we will ever only // produce one block of output size_t index = KDF_ROUNDS*32 - 32; - hmac(&kdf_buf[index], passphrase, passphraselen, salt, 32); + hmac(&workbuf[index], passphrase, passphraselen, salt, 32); index -= 32; // Walk back along the buffer, at each step hashing the previous // hashes while (index > 0) { - hmac(&kdf_buf[index], passphrase, passphraselen, &kdf_buf[index+32], 32); + hmac(&workbuf[index], passphrase, passphraselen, &workbuf[index+32], 32); index -= 32; } - hmac(kdf_buf, passphrase, passphraselen, &kdf_buf[32], 32); + hmac(workbuf, passphrase, passphraselen, &workbuf[32], 32); // Perform the final hash unsigned char final_hash[32]; - hmac(final_hash, passphrase, passphraselen, kdf_buf, KDF_ROUNDS * 32); + hmac(final_hash, passphrase, passphraselen, workbuf, KDF_ROUNDS * 32); // Use first 128 bits of final hash as the key memcpy(key, final_hash, 16);