From patchwork Thu Sep 8 16:27:24 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 9321965 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0112C607D3 for ; Thu, 8 Sep 2016 19:29:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E7661298C2 for ; Thu, 8 Sep 2016 19:29:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DC0FB299CA; Thu, 8 Sep 2016 19:29:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 5C900298C2 for ; Thu, 8 Sep 2016 19:29:29 +0000 (UTC) Received: from localhost ([::1]:53288 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bi50q-0005ql-3A for patchwork-qemu-devel@patchwork.kernel.org; Thu, 08 Sep 2016 15:29:28 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34271) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bi2As-00010s-52 for qemu-devel@nongnu.org; Thu, 08 Sep 2016 12:27:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bi2Aq-00076P-2B for qemu-devel@nongnu.org; Thu, 08 Sep 2016 12:27:37 -0400 Received: from mx1.redhat.com ([209.132.183.28]:36148) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bi2Ap-00076L-Pj for qemu-devel@nongnu.org; Thu, 08 Sep 2016 12:27:35 -0400 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 705FE81F07 for ; Thu, 8 Sep 2016 16:27:35 +0000 (UTC) Received: from t530wlan.home.berrange.com.com (vpn1-7-226.ams2.redhat.com [10.36.7.226]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u88GRUvi005412; Thu, 8 Sep 2016 12:27:34 -0400 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Thu, 8 Sep 2016 17:27:24 +0100 Message-Id: <1473352047-908-4-git-send-email-berrange@redhat.com> In-Reply-To: <1473352047-908-1-git-send-email-berrange@redhat.com> References: <1473352047-908-1-git-send-email-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Thu, 08 Sep 2016 16:27:35 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 3/6] crypto: use correct derived key size when timing pbkdf X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Currently when timing the pbkdf algorithm a fixed key size of 32 bytes is used. This results in inaccurate timings for certain hashes depending on their digest size. For example when using sha1 with aes-256, this causes us to measure time for the master key digest doing 2 sha1 operations per iteration, instead of 1. Instead we should pass in the desired key size to the timing routine that matches the key size that will be used for real later. Signed-off-by: Daniel P. Berrange --- crypto/block-luks.c | 2 ++ crypto/pbkdf.c | 10 +++++++--- include/crypto/pbkdf.h | 6 +++++- tests/test-crypto-pbkdf.c | 1 + 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/crypto/block-luks.c b/crypto/block-luks.c index a5d9ebc..11047fa 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -1073,6 +1073,7 @@ qcrypto_block_luks_create(QCryptoBlock *block, masterkey, luks->header.key_bytes, luks->header.master_key_salt, QCRYPTO_BLOCK_LUKS_SALT_LEN, + QCRYPTO_BLOCK_LUKS_DIGEST_LEN, &local_err); if (local_err) { error_propagate(errp, local_err); @@ -1144,6 +1145,7 @@ qcrypto_block_luks_create(QCryptoBlock *block, (uint8_t *)password, strlen(password), luks->header.key_slots[0].salt, QCRYPTO_BLOCK_LUKS_SALT_LEN, + luks->header.key_bytes, &local_err); if (local_err) { error_propagate(errp, local_err); diff --git a/crypto/pbkdf.c b/crypto/pbkdf.c index 35dccc2..0b902a8 100644 --- a/crypto/pbkdf.c +++ b/crypto/pbkdf.c @@ -65,13 +65,16 @@ static int qcrypto_pbkdf2_get_thread_cpu(unsigned long long *val_ms, int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash, const uint8_t *key, size_t nkey, const uint8_t *salt, size_t nsalt, + size_t nout, Error **errp) { int ret = -1; - uint8_t out[32]; + uint8_t *out; long long int iterations = (1 << 15); unsigned long long delta_ms, start_ms, end_ms; + out = g_new0(uint8_t, nout); + while (1) { if (qcrypto_pbkdf2_get_thread_cpu(&start_ms, errp) < 0) { goto cleanup; @@ -80,7 +83,7 @@ int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash, key, nkey, salt, nsalt, iterations, - out, sizeof(out), + out, nout, errp) < 0) { goto cleanup; } @@ -110,6 +113,7 @@ int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash, ret = iterations; cleanup: - memset(out, 0, sizeof(out)); + memset(out, 0, nout); + g_free(out); return ret; } diff --git a/include/crypto/pbkdf.h b/include/crypto/pbkdf.h index e9e4cec..6b7c54b 100644 --- a/include/crypto/pbkdf.h +++ b/include/crypto/pbkdf.h @@ -133,6 +133,7 @@ int qcrypto_pbkdf2(QCryptoHashAlgorithm hash, * @nkey: the length of @key in bytes * @salt: a random salt * @nsalt: length of @salt in bytes + * @nout: size of desired derived key * @errp: pointer to a NULL-initialized error object * * Time the PBKDF2 algorithm to determine how many @@ -140,13 +141,16 @@ int qcrypto_pbkdf2(QCryptoHashAlgorithm hash, * key from a user password provided in @key in 1 * second of compute time. The result of this can * be used as a the @iterations parameter of a later - * call to qcrypto_pbkdf2(). + * call to qcrypto_pbkdf2(). The value of @nout should + * match that value that will later be provided with + * a call to qcrypto_pbkdf2(). * * Returns: number of iterations in 1 second, -1 on error */ int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash, const uint8_t *key, size_t nkey, const uint8_t *salt, size_t nsalt, + size_t nout, Error **errp); #endif /* QCRYPTO_PBKDF_H */ diff --git a/tests/test-crypto-pbkdf.c b/tests/test-crypto-pbkdf.c index 8ceceb1..a651dc5 100644 --- a/tests/test-crypto-pbkdf.c +++ b/tests/test-crypto-pbkdf.c @@ -358,6 +358,7 @@ static void test_pbkdf_timing(void) iters = qcrypto_pbkdf2_count_iters(QCRYPTO_HASH_ALG_SHA256, key, sizeof(key), salt, sizeof(salt), + 32, &error_abort); g_assert(iters >= (1 << 15));