use a large enough iteration count.

README.md

@@ -126,6 +126,7 @@ There are still a variety of things that need to be fixed or implemented (cf [TO
 file](TODO.md)), and some of these may explain the behavior you're seeing.  If bitc
 crashes, please collect the log file along with the core dump and open a ticket
 on github:  
+
 	https://github.com/bit-c/bitc/issues
 
 ---

src/crypt.c

@@ -6,7 +6,6 @@
 #include <openssl/aes.h>
 #include <openssl/hmac.h>
 
-
 #include "util.h"
 #include "hash.h"
 #include "crypt.h"
@@ -71,6 +70,49 @@ secure_free(struct secure_area *area)
 }
 
 
+/*
+ *---------------------------------------------------------------------
+ *
+ * crypt_determine_count --
+ *
+ *---------------------------------------------------------------------
+ */
+
+static int
+crypt_determine_count(const struct secure_area *pass,
+                      struct crypt_key         *ckey)
+{
+   int64 count;
+   int loop;
+
+   count = CRYPT_NUM_ITERATIONS_OLD;
+   loop = 3;
+
+   while (loop > 0) {
+      mtime_t ts;
+      int len;
+
+      ts = time_get();
+      len = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), ckey->salt,
+                           pass->buf, pass->len, count, ckey->key, ckey->iv);
+
+      if (len != sizeof ckey->key) {
+         OPENSSL_cleanse(ckey->key, sizeof ckey->key);
+         OPENSSL_cleanse(ckey->iv,  sizeof ckey->iv);
+         return -1;
+      }
+      ts = time_get() - ts;
+      ASSERT(ts > 0);
+      count = count * 100 * 1000 * 1.0 / ts;
+      loop--;
+   }
+
+   Log(LGPFX" %s: result= %llu\n", __FUNCTION__, count);
+
+   return MAX(CRYPT_NUM_ITERATIONS_MIN, count);
+}
+
+
 /*
  *---------------------------------------------------------------------
  *
@@ -81,20 +123,35 @@ secure_free(struct secure_area *area)
 
 bool
 crypt_set_key_from_passphrase(const struct secure_area *pass,
-                              struct crypt_key         *ckey)
+                              struct crypt_key         *ckey,
+                              int64                    *count_ptr)
 {
+   int count;
    int len;
 
+   ASSERT(count_ptr);
+
+   count = *count_ptr;
+   if (*count_ptr == 0) {
+      count = crypt_determine_count(pass, ckey);
+      if (count < 0) {
+         return 0;
+      }
+   }
+
    len = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), ckey->salt,
-                        pass->buf, pass->len, CRYPT_NUM_ITERATIONS,
-                        ckey->key, ckey->iv);
+                        pass->buf, pass->len, count, ckey->key, ckey->iv);
 
    if (len != sizeof ckey->key) {
       OPENSSL_cleanse(ckey->key, sizeof ckey->key);
       OPENSSL_cleanse(ckey->iv,  sizeof ckey->iv);
       return 0;
    }
 
+   if (*count_ptr == 0) {
+      *count_ptr = count;
+   }
+
    return 1;
 }
 
@@ -120,6 +177,7 @@ crypt_encrypt(struct crypt_key         *ckey,
    int res;
 
    Log(LGPFX" %s:%u\n", __FUNCTION__, __LINE__);
+
    *cipher = NULL;
    *cipher_len = 0;
    clen = 0;

src/crypt.h

@@ -3,10 +3,12 @@
 
 #include "basic_defs.h"
 
-#define CRYPT_KEY_LEN        32
-#define CRYPT_IV_LEN         32
-#define CRYPT_SALT_LEN       8
-#define CRYPT_NUM_ITERATIONS 1337
+#define CRYPT_KEY_LEN            32
+#define CRYPT_IV_LEN             32
+#define CRYPT_SALT_LEN           8
+
+#define CRYPT_NUM_ITERATIONS_OLD 1337
+#define CRYPT_NUM_ITERATIONS_MIN 25000
 
 struct secure_area {
    size_t alloc_len;
@@ -36,7 +38,8 @@ crypt_decrypt(struct crypt_key *ckey,
 
 bool
 crypt_set_key_from_passphrase(const struct secure_area *pass,
-                              struct crypt_key *ckey);
+                              struct crypt_key *ckey,
+                              int64 *count_ptr);
 
 void
 crypt_hmac_sha256(const void *text, size_t text_len,

src/test.c

@@ -127,6 +127,7 @@ bitc_crypt_test(void)
    struct secure_area *sec;
    struct secure_area *dec;
    struct secure_area *pass;
+   int64 count = 0;
 
    pass = secure_alloc(strlen(password) + 1);
    memcpy(pass->buf, password, strlen(password) + 1);
@@ -136,9 +137,12 @@ bitc_crypt_test(void)
    sec = secure_alloc(strlen(cleartext) + 1);
    memcpy(sec->buf, cleartext, strlen(cleartext) + 1);
 
-   s = crypt_set_key_from_passphrase(pass, &k);
+
+   s = crypt_set_key_from_passphrase(pass, &k, &count);
    ASSERT(s);
 
+   printf("num_iterations = %lld\n", count);
+
    s = crypt_encrypt(&k, sec, &cipher, &clen);
    ASSERT(s);
 

src/wallet.c

@@ -475,14 +475,17 @@ wallet_save_keys(struct wallet *wallet)
 
    if (wallet->pass) {
       char saltStr[80];
+      int64 count = 0;
       bool s;
 
       RAND_bytes(wallet->ckey->salt, sizeof wallet->ckey->salt);
       str_snprintf_bytes(saltStr, sizeof saltStr, NULL,
                          wallet->ckey->salt, sizeof wallet->ckey->salt);
       config_setstring(cfg, saltStr, "encryption.salt");
-      s = crypt_set_key_from_passphrase(wallet->pass, wallet->ckey);
+      s = crypt_set_key_from_passphrase(wallet->pass, wallet->ckey, &count);
       ASSERT(s);
+      ASSERT(count >= CRYPT_NUM_ITERATIONS_OLD);
+      config_setint64(cfg, count, "encryption.numIterations");
    }
 
    hashtable_for_each(wallet->hash_keys, wallet_save_key_cb, cfg);
@@ -519,8 +522,10 @@ wallet_save_keys(struct wallet *wallet)
 
 static void
 wallet_crypt_init(struct wallet *wallet,
-                  const char    *saltStr)
+                  const char    *saltStr,
+                  int64          count)
 {
+   int64 count0 = count;
    uint8 *salt;
    size_t len;
    bool s;
@@ -540,8 +545,10 @@ wallet_crypt_init(struct wallet *wallet,
    memcpy(wallet->ckey->salt, salt, len);
    free(salt);
 
-   s = crypt_set_key_from_passphrase(wallet->pass, wallet->ckey);
+   s = crypt_set_key_from_passphrase(wallet->pass, wallet->ckey, &count0);
+
    ASSERT(s);
+   ASSERT(count == count0);
 }
 
 
@@ -560,19 +567,22 @@ wallet_load_keys(struct wallet     *wallet,
                  enum wallet_state *wallet_state)
 {
    char *saltStr;
+   int64 count;
    int n;
    int i;
 
    n = config_getint64(cfg, 0, "numKeys");
    saltStr = config_getstring(cfg, NULL, "encryption.salt");
+   count = config_getint64(cfg, CRYPT_NUM_ITERATIONS_OLD,
+                           "encryption.numIterations");
 
    if (saltStr == NULL) {
       *wallet_state = WALLET_PLAIN;
    } else {
       *wallet_state = WALLET_ENCRYPTED_LOCKED;
    }
 
-   wallet_crypt_init(wallet, saltStr);
+   wallet_crypt_init(wallet, saltStr, count);
    free(saltStr);
 
    Log(LGPFX" %s wallet: %u key%s in file '%s'.\n",