[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL v1 4/8] crypto: use correct derived key size when tim
|
From: |
Daniel P. Berrange |
|
Subject: |
[Qemu-devel] [PULL v1 4/8] crypto: use correct derived key size when timing pbkdf |
|
Date: |
Mon, 19 Sep 2016 12:44:08 +0100 |
Currently when timing the pbkdf algorithm a fixed key
size of 32 bytes is used. This results in inaccurate
timings for certain hashes depending on their digest
size. For example when using sha1 with aes-256, this
causes us to measure time for the master key digest
doing 2 sha1 operations per iteration, instead of 1.
Instead we should pass in the desired key size to the
timing routine that matches the key size that will be
used for real later.
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
---
crypto/block-luks.c | 2 ++
crypto/pbkdf.c | 10 +++++++---
include/crypto/pbkdf.h | 6 +++++-
tests/test-crypto-pbkdf.c | 1 +
4 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 91a4172..9269aaf 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -1072,6 +1072,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
masterkey, luks->header.key_bytes,
luks->header.master_key_salt,
QCRYPTO_BLOCK_LUKS_SALT_LEN,
+ QCRYPTO_BLOCK_LUKS_DIGEST_LEN,
&local_err);
if (local_err) {
error_propagate(errp, local_err);
@@ -1152,6 +1153,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
(uint8_t *)password, strlen(password),
luks->header.key_slots[0].salt,
QCRYPTO_BLOCK_LUKS_SALT_LEN,
+ luks->header.key_bytes,
&local_err);
if (local_err) {
error_propagate(errp, local_err);
diff --git a/crypto/pbkdf.c b/crypto/pbkdf.c
index e391505..f22e71d 100644
--- a/crypto/pbkdf.c
+++ b/crypto/pbkdf.c
@@ -65,13 +65,16 @@ static int qcrypto_pbkdf2_get_thread_cpu(unsigned long long
*val_ms,
uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
const uint8_t *key, size_t nkey,
const uint8_t *salt, size_t nsalt,
+ size_t nout,
Error **errp)
{
uint64_t ret = -1;
- uint8_t out[32];
+ uint8_t *out;
uint64_t iterations = (1 << 15);
unsigned long long delta_ms, start_ms, end_ms;
+ out = g_new(uint8_t, nout);
+
while (1) {
if (qcrypto_pbkdf2_get_thread_cpu(&start_ms, errp) < 0) {
goto cleanup;
@@ -80,7 +83,7 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
key, nkey,
salt, nsalt,
iterations,
- out, sizeof(out),
+ out, nout,
errp) < 0) {
goto cleanup;
}
@@ -104,6 +107,7 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm
hash,
ret = iterations;
cleanup:
- memset(out, 0, sizeof(out));
+ memset(out, 0, nout);
+ g_free(out);
return ret;
}
diff --git a/include/crypto/pbkdf.h b/include/crypto/pbkdf.h
index 6f4ac85..ef209b3 100644
--- a/include/crypto/pbkdf.h
+++ b/include/crypto/pbkdf.h
@@ -133,6 +133,7 @@ int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
* @nkey: the length of @key in bytes
* @salt: a random salt
* @nsalt: length of @salt in bytes
+ * @nout: size of desired derived key
* @errp: pointer to a NULL-initialized error object
*
* Time the PBKDF2 algorithm to determine how many
@@ -140,13 +141,16 @@ int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
* key from a user password provided in @key in 1
* second of compute time. The result of this can
* be used as a the @iterations parameter of a later
- * call to qcrypto_pbkdf2().
+ * call to qcrypto_pbkdf2(). The value of @nout should
+ * match that value that will later be provided with
+ * a call to qcrypto_pbkdf2().
*
* Returns: number of iterations in 1 second, -1 on error
*/
uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
const uint8_t *key, size_t nkey,
const uint8_t *salt, size_t nsalt,
+ size_t nout,
Error **errp);
#endif /* QCRYPTO_PBKDF_H */
diff --git a/tests/test-crypto-pbkdf.c b/tests/test-crypto-pbkdf.c
index 8ceceb1..a651dc5 100644
--- a/tests/test-crypto-pbkdf.c
+++ b/tests/test-crypto-pbkdf.c
@@ -358,6 +358,7 @@ static void test_pbkdf_timing(void)
iters = qcrypto_pbkdf2_count_iters(QCRYPTO_HASH_ALG_SHA256,
key, sizeof(key),
salt, sizeof(salt),
+ 32,
&error_abort);
g_assert(iters >= (1 << 15));
--
2.7.4
- [Qemu-devel] [PULL v1 0/8] Merge qcrypto 2016/09/19, Daniel P. Berrange, 2016/09/19
- [Qemu-devel] [PULL v1 2/8] crypto: make PBKDF iterations configurable for LUKS format, Daniel P. Berrange, 2016/09/19
- [Qemu-devel] [PULL v1 3/8] crypto: clear out buffer after timing pbkdf algorithm, Daniel P. Berrange, 2016/09/19
- [Qemu-devel] [PULL v1 1/8] crypto: use uint64_t for pbkdf iteration count parameters, Daniel P. Berrange, 2016/09/19
- [Qemu-devel] [PULL v1 5/8] crypto: remove bogus /= 2 for pbkdf iterations, Daniel P. Berrange, 2016/09/19
- [Qemu-devel] [PULL v1 4/8] crypto: use correct derived key size when timing pbkdf,
Daniel P. Berrange <=
- [Qemu-devel] [PULL v1 7/8] crypto: support more hash algorithms for pbkdf, Daniel P. Berrange, 2016/09/19
- [Qemu-devel] [PULL v1 8/8] crypto: add trace points for TLS cert verification, Daniel P. Berrange, 2016/09/19
- [Qemu-devel] [PULL v1 6/8] crypto: increase default pbkdf2 time for luks to 2 seconds, Daniel P. Berrange, 2016/09/19
- Re: [Qemu-devel] [PULL v1 0/8] Merge qcrypto 2016/09/19, no-reply, 2016/09/19
Re: [Qemu-devel] [PULL v1 0/8] Merge qcrypto 2016/09/19, Peter Maydell, 2016/09/19