From d1d68f6f43a251de41f45e3022c8840a33eed350 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sat, 9 Nov 2024 11:32:36 +0100 Subject: Windows: define a new formula for Argon2 parameters derivation from PIM value --- src/Common/Pkcs5.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 76 insertions(+), 11 deletions(-) diff --git a/src/Common/Pkcs5.c b/src/Common/Pkcs5.c index 3f237a66..25c65886 100644 --- a/src/Common/Pkcs5.c +++ b/src/Common/Pkcs5.c @@ -1364,21 +1364,86 @@ void derive_key_argon2(char *pwd, int pwd_len, char *salt, int salt_len, uint32 memset(dk, 0, dklen); } +/** + * get_argon2_params + * + * This function calculates the memory cost (in KiB) and time cost (iterations) for + * the Argon2id key derivation function based on the Personal Iteration Multiplier (PIM) value. + * + * Parameters: + * - pim: The Personal Iteration Multiplier (PIM), which controls the memory and time costs. + * If pim < 0, it is clamped to 0. + * If pim == 0, the default value of 12 is used. + * - pIterations: Pointer to an integer where the calculated time cost (iterations) will be stored. + * - pMemcost: Pointer to an integer where the calculated memory cost (in KiB) will be stored. + * + * Formulas: + * - Memory Cost (m_cost) in MiB: + * m_cost(pim) = min(64 MiB + (pim - 1) * 32 MiB, 1024 MiB) + * This formula increases the memory cost by 32 MiB for each increment of PIM, starting from 64 MiB. + * The memory cost is capped at 1024 MiB when PIM reaches 31 or higher. + * The result is converted to KiB before being stored in *pMemcost: + * *pMemcost = m_cost(pim) * 1024 + * + * - Time Cost (t_cost) in iterations: + * If PIM <= 31: + * t_cost(pim) = 3 + floor((pim - 1) / 3) + * If PIM > 31: + * t_cost(pim) = 13 + (pim - 31) + * This formula increases the time cost by 1 iteration for every 3 increments of PIM when PIM <= 31. + * For PIM > 31, the time cost increases by 1 iteration for each increment in PIM. + * The calculated time cost is stored in *pIterations. + * + * Example: + * - For PIM = 12: + * Memory Cost = 64 + (12 - 1) * 32 = 416 MiB (425,984 KiB) + * Time Cost = 3 + floor((12 - 1) / 3) = 6 iterations + * + * - For PIM = 31: + * Memory Cost = 64 + (31 - 1) * 32 = 1024 MiB (capped) + * Time Cost = 3 + floor((31 - 1) / 3) = 13 iterations + * + * - For PIM = 32: + * Memory Cost = 1024 MiB (capped) + * Time Cost = 13 + (32 - 31) = 14 iterations + * + */ void get_argon2_params(int pim, int* pIterations, int* pMemcost) { - int memcost = 16 * 1024 + pim * 512; - int iterations; - - if (memcost <= 64 * 1024) { - // For memory costs up to 64 MB - iterations = 100 - (pim * 85) / 96; - } else { - // For memory costs above 64 MB - iterations = 15 - ((pim - 96) * 10) / 192; + // Ensure PIM is at least 0 + if (pim < 0) + { + pim = 0; + } + + // Default PIM value is 12 + // which leads to 416 MiB memory cost and 6 iterations + if (pim == 0) + { + pim = 12; } - *pIterations = iterations; - *pMemcost = memcost; + // Compute the memory cost (m_cost) in MiB + int m_cost_mib = 64 + (pim - 1) * 32; + + // Cap the memory cost at 1024 MiB + if (m_cost_mib > 1024) + { + m_cost_mib = 1024; + } + + // Convert memory cost to KiB for Argon2 + *pMemcost = m_cost_mib * 1024; // m_cost in KiB + + // Compute the time cost (t_cost) + if (pim <= 31) + { + *pIterations = 3 + ((pim - 1) / 3); + } + else + { + *pIterations = 13 + (pim - 31); + } } #endif //!TC_WINDOWS_BOOT -- cgit v1.2.3