Add max iteration macro and inline static method

lastpass · Jul 23, 2024 · 3c81524 · 3c81524
1 parent 2c4f5d6
commit 3c81524
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 19 deletions.
diff --git a/kdf.c b/kdf.c
@@ -59,6 +59,10 @@ static void pbkdf2_hash(const char *username, size_t username_len, const char *p
 }
 #endif
 
+static inline void fail_invalid_iteration_count() {
+	die("Action required: Your current iteration count does not meet the minimum number of %d iterations . Increase the iteration count on another client that supports iteration number setting.", MINIMUM_ITERATIONS);
+}
+
 void kdf_login_key(const char *username, const char *password, int iterations, char hex[KDF_HEX_LEN])
 {
 	unsigned char hash[KDF_HASH_LEN];
@@ -67,15 +71,11 @@ void kdf_login_key(const char *username, const char *password, int iterations, c
 
 	password_len = strlen(password);
 
-	if (iterations < 1)
-		iterations = 1;
-
-	if (iterations == 1) {
+	if (iterations < MINIMUM_ITERATIONS)
 		fail_invalid_iteration_count();
-	} else {
-		pbkdf2_hash(user_lower, strlen(user_lower), password, password_len, iterations, hash);
-		pbkdf2_hash(password, password_len, (char *)hash, KDF_HASH_LEN, 1, hash);
-	}
+
+	pbkdf2_hash(user_lower, strlen(user_lower), password, password_len, iterations, hash);
+	pbkdf2_hash(password, password_len, (char *)hash, KDF_HASH_LEN, 1, hash);
 
 	bytes_to_hex(hash, &hex, KDF_HASH_LEN);
 	mlock(hex, KDF_HEX_LEN);
@@ -85,16 +85,9 @@ void kdf_decryption_key(const char *username, const char *password, int iteratio
 {
 	_cleanup_free_ char *user_lower = xstrlower(username);
 
-	if (iterations < 1)
-		iterations = 1;
-
-	if (iterations == 1)
+	if (iterations < MINIMUM_ITERATIONS)
 		fail_invalid_iteration_count();
-	else
-		pbkdf2_hash(user_lower, strlen(user_lower), password, strlen(password), iterations, hash);
+
+	pbkdf2_hash(user_lower, strlen(user_lower), password, strlen(password), iterations, hash);
 	mlock(hash, KDF_HASH_LEN);
 }
-
-void fail_invalid_iteration_count() {
-	die("Action required: increase the iterations count through another client that supports iteration number setting.");
-}
diff --git a/kdf.h b/kdf.h
@@ -6,8 +6,9 @@
 
 #define KDF_HASH_LEN SHA256_DIGEST_LENGTH
 #define KDF_HEX_LEN (KDF_HASH_LEN * 2 + 1)
+#define MINIMUM_ITERATIONS 600000
+
 void kdf_login_key(const char *username, const char *password, int iterations, char hex[KDF_HEX_LEN]);
 void kdf_decryption_key(const char *username, const char *password, int iterations, unsigned char hash[KDF_HASH_LEN]);
-void fail_invalid_iteration_count();
 
 #endif