Improve PBKDF self-tuning

Make the tune interval a build-time configurable instead of hardcoding it in each source file. Also use binary search in RFC4880_encode_count instead of linear search. Fix a bug in Timer
author: Jack Lloyd <[email protected]> 2018-12-29 09:17:48 -0500
committer: Jack Lloyd <[email protected]> 2018-12-29 09:18:24 -0500
commit: 2d9b4aaa8bc80dd2bbefabebd52826caac532f82 (patch)
tree: 2e5c4dfeb55d1d10036543056a96d7d62ec62c90 /src/lib/pbkdf/pbkdf2
parent: cf6127e3de2e5106dcda932a9c360a9791678e86 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/pbkdf/pbkdf2/pbkdf2.cpp b/src/lib/pbkdf/pbkdf2/pbkdf2.cpp
index 9d0be3a58..6b036f6e0 100644
--- a/src/lib/pbkdf/pbkdf2/pbkdf2.cpp
+++ b/src/lib/pbkdf/pbkdf2/pbkdf2.cpp
@@ -64,19 +64,19 @@ size_t tune_pbkdf2(MessageAuthenticationCode& prf,
    BOTAN_ASSERT_NOMSG(prf_sz > 0);
    secure_vector<uint8_t> U(prf_sz);
 
-   const size_t trial_iterations = 10000;
+   const size_t trial_iterations = 2000;
 
    // Short output ensures we only need a single PBKDF2 block
 
    Timer timer("PBKDF2");
 
-   const std::chrono::milliseconds tune_msec(30);
+   const auto tune_time = BOTAN_PBKDF_TUNING_TIME;
 
    prf.set_key(nullptr, 0);
 
-   timer.run_until_elapsed(tune_msec, [&]() {
-      uint8_t out[16] = { 0 };
-      uint8_t salt[16] = { 0 };
+   timer.run_until_elapsed(tune_time, [&]() {
+      uint8_t out[12] = { 0 };
+      uint8_t salt[12] = { 0 };
       pbkdf2(prf, out, sizeof(out), salt, sizeof(salt), trial_iterations);
       });
author	Jack Lloyd <[email protected]>	2018-12-29 09:17:48 -0500
committer	Jack Lloyd <[email protected]>	2018-12-29 09:18:24 -0500
commit	2d9b4aaa8bc80dd2bbefabebd52826caac532f82 (patch)
tree	2e5c4dfeb55d1d10036543056a96d7d62ec62c90 /src/lib/pbkdf/pbkdf2
parent	cf6127e3de2e5106dcda932a9c360a9791678e86 (diff)