Re: [Qemu-block] [PATCH v2 05/17] crypto: add support for anti-forensic split algorithm

[Fam Zheng]

On Wed, 01/20 17:38, Daniel P. Berrange wrote:
> diff --git a/crypto/afsplit.c b/crypto/afsplit.c
> new file mode 100644
> index 0000000..42529e7
> --- /dev/null
> +++ b/crypto/afsplit.c
> @@ -0,0 +1,162 @@
> +/*
> + * QEMU Crypto anti forensic information splitter
> + *
> + * Copyright (c) 2015-2016 Red Hat, Inc.
> + *
> + * Derived from cryptsetup package lib/lusk1/af.c

s/lusk1/luks1/

> + *
> + * Copyright (C) 2004, Clemens Fruhwirth <address@hidden>
> + * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License
> + * as published by the Free Software Foundation; either version 2
> + * of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see 
> <http://www.gnu.org/licenses/>.
> + *
> + */
> +

<snip>

> +
> +/**
> + * qcrypto_afsplit_encode:
> + * @hash: the hash algorithm to use for data expansion
> + * @blocklen: the size of @in in bytes
> + * @stripes: the number of times to expand @in in size
> + * @in: the master key to be expanded in size
> + * @out: preallocted buffer to hold the split key
> + * @errp: pointer to a NULL-initialized error object
> + *
> + * Split the data in @in, which is @blocklen bytes in
> + * size, to form a larger piece of data @out, which is
> + * @blocklen * @stripes bytes in size.
> + *
> + * Returns: 0 on success, -1 on error;
> + */
> +int qcrypto_afsplit_encode(QCryptoHashAlgorithm hash,
> +                           size_t blocklen,
> +                           uint32_t stripes,
> +                           const uint8_t *in,
> +                           uint8_t *out,
> +                           Error **errp);
> +
> +/**
> + * qcrypto_afsplit_decode:
> + * @hash: the hash algorithm to use for data compression
> + * @blocklen: the size of @out in bytes
> + * @stripes: the number of times to decrease @in in size
> + * @in: the master key to be expanded in size
> + * @out: preallocted buffer to hold the split key

I think the descriptions for @in and @out are wrong.

> + * @errp: pointer to a NULL-initialized error object
> + *
> + * Join the data in @in, which is @blocklen * @stripes
> + * bytes in size, to form the original small piece o

piece of

> + * data @out, which is @blocklen bytes in size.
> + *
> + * Returns: 0 on success, -1 on error;
> + */
> +int qcrypto_afsplit_decode(QCryptoHashAlgorithm hash,
> +                           size_t blocklen,
> +                           uint32_t stripes,
> +                           const uint8_t *in,
> +                           uint8_t *out,
> +                           Error **errp);
> +
> +#endif /* QCRYPTO_AFSPLIT_H__ */

Fam