[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v4 04/26] crypto: add support for anti-forensic
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [PATCH v4 04/26] crypto: add support for anti-forensic split algorithm |
Date: |
Fri, 11 Mar 2016 16:55:12 +0000 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Mon, Mar 07, 2016 at 01:51:40PM +0800, Fam Zheng wrote:
> On Mon, 02/29 12:00, Daniel P. Berrange wrote:
> > The LUKS format specifies an anti-forensic split algorithm which
> > is used to artificially expand the size of the key material on
> > disk. This is an implementation of that algorithm.
> >
> > Signed-off-by: Daniel P. Berrange <address@hidden>
> > ---
> > crypto/Makefile.objs | 1 +
> > crypto/afsplit.c | 158 ++++++++++++++++++++++++++++++++++++
> > include/crypto/afsplit.h | 135 +++++++++++++++++++++++++++++++
> > tests/.gitignore | 1 +
> > tests/Makefile | 2 +
> > tests/test-crypto-afsplit.c | 190
> > ++++++++++++++++++++++++++++++++++++++++++++
> > 6 files changed, 487 insertions(+)
> > create mode 100644 crypto/afsplit.c
> > create mode 100644 include/crypto/afsplit.h
> > create mode 100644 tests/test-crypto-afsplit.c
> >
> > +static int qcrypto_afsplit_hash(QCryptoHashAlgorithm hash,
> > + size_t blocklen,
> > + uint8_t *block,
> > + Error **errp)
> > +{
> > + size_t digestlen = qcrypto_hash_digest_len(hash);
> > +
> > + size_t hashcount = blocklen / digestlen;
>
> Do you want to use DIV_ROUND_UP? Because if blocklen < digestlen, hashcount is
> 0, and your for loop below will be skipped.
It is not needed actually - look a couple of lines
further where we do 'if (finallen) { hashcount ++ }'.
This achieves the same end result.
>
> Fam
>
> > + size_t finallen = blocklen % digestlen;
> > + uint32_t i;
> > +
> > + if (finallen) {
> > + hashcount++;
> > + } else {
> > + finallen = digestlen;
> > + }
> > +
> > + for (i = 0; i < hashcount; i++) {
> > + uint8_t *out = NULL;
> > + size_t outlen = 0;
> > + uint32_t iv = cpu_to_be32(i);
> > + struct iovec in[] = {
> > + { .iov_base = &iv,
> > + .iov_len = sizeof(iv) },
> > + { .iov_base = block + (i * digestlen),
> > + .iov_len = (i == (hashcount - 1)) ? finallen : digestlen },
> > + };
> > +
> > + if (qcrypto_hash_bytesv(hash,
> > + in,
> > + G_N_ELEMENTS(in),
> > + &out, &outlen,
> > + errp) < 0) {
> > + return -1;
> > + }
> > +
> > + assert(outlen == digestlen);
> > + memcpy(block + (i * digestlen), out,
> > + (i == (hashcount - 1)) ? finallen : digestlen);
> > + g_free(out);
> > + }
> > +
> > + return 0;
> > +}
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|