[Qemu-devel] [PATCH 3/6] crypto: use correct derived key size when timing pbkdf

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 3/6] crypto: use correct derived key size when timing pbkdf
Date: Thu,  8 Sep 2016 17:27:24 +0100	[thread overview]
Message-ID: <1473352047-908-4-git-send-email-berrange@redhat.com> (raw)
In-Reply-To: <1473352047-908-1-git-send-email-berrange@redhat.com>

Currently when timing the pbkdf algorithm a fixed key
size of 32 bytes is used. This results in inaccurate
timings for certain hashes depending on their digest
size. For example when using sha1 with aes-256, this
causes us to measure time for the master key digest
doing 2 sha1 operations per iteration, instead of 1.

Instead we should pass in the desired key size to the
timing routine that matches the key size that will be
used for real later.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 crypto/block-luks.c       |  2 ++
 crypto/pbkdf.c            | 10 +++++++---
 include/crypto/pbkdf.h    |  6 +++++-
 tests/test-crypto-pbkdf.c |  1 +
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index a5d9ebc..11047fa 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -1073,6 +1073,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
                                    masterkey, luks->header.key_bytes,
                                    luks->header.master_key_salt,
                                    QCRYPTO_BLOCK_LUKS_SALT_LEN,
+                                   QCRYPTO_BLOCK_LUKS_DIGEST_LEN,
                                    &local_err);
     if (local_err) {
         error_propagate(errp, local_err);
@@ -1144,6 +1145,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
                                    (uint8_t *)password, strlen(password),
                                    luks->header.key_slots[0].salt,
                                    QCRYPTO_BLOCK_LUKS_SALT_LEN,
+                                   luks->header.key_bytes,
                                    &local_err);
     if (local_err) {
         error_propagate(errp, local_err);
diff --git a/crypto/pbkdf.c b/crypto/pbkdf.c
index 35dccc2..0b902a8 100644
--- a/crypto/pbkdf.c
+++ b/crypto/pbkdf.c
@@ -65,13 +65,16 @@ static int qcrypto_pbkdf2_get_thread_cpu(unsigned long long *val_ms,
 int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
                                const uint8_t *key, size_t nkey,
                                const uint8_t *salt, size_t nsalt,
+                               size_t nout,
                                Error **errp)
 {
     int ret = -1;
-    uint8_t out[32];
+    uint8_t *out;
     long long int iterations = (1 << 15);
     unsigned long long delta_ms, start_ms, end_ms;
 
+    out = g_new0(uint8_t, nout);
+
     while (1) {
         if (qcrypto_pbkdf2_get_thread_cpu(&start_ms, errp) < 0) {
             goto cleanup;
@@ -80,7 +83,7 @@ int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
                            key, nkey,
                            salt, nsalt,
                            iterations,
-                           out, sizeof(out),
+                           out, nout,
                            errp) < 0) {
             goto cleanup;
         }
@@ -110,6 +113,7 @@ int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
     ret = iterations;
 
  cleanup:
-    memset(out, 0, sizeof(out));
+    memset(out, 0, nout);
+    g_free(out);
     return ret;
 }
diff --git a/include/crypto/pbkdf.h b/include/crypto/pbkdf.h
index e9e4cec..6b7c54b 100644
--- a/include/crypto/pbkdf.h
+++ b/include/crypto/pbkdf.h
@@ -133,6 +133,7 @@ int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
  * @nkey: the length of @key in bytes
  * @salt: a random salt
  * @nsalt: length of @salt in bytes
+ * @nout: size of desired derived key
  * @errp: pointer to a NULL-initialized error object
  *
  * Time the PBKDF2 algorithm to determine how many
@@ -140,13 +141,16 @@ int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
  * key from a user password provided in @key in 1
  * second of compute time. The result of this can
  * be used as a the @iterations parameter of a later
- * call to qcrypto_pbkdf2().
+ * call to qcrypto_pbkdf2(). The value of @nout should
+ * match that value that will later be provided with
+ * a call to qcrypto_pbkdf2().
  *
  * Returns: number of iterations in 1 second, -1 on error
  */
 int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
                                const uint8_t *key, size_t nkey,
                                const uint8_t *salt, size_t nsalt,
+                               size_t nout,
                                Error **errp);
 
 #endif /* QCRYPTO_PBKDF_H */
diff --git a/tests/test-crypto-pbkdf.c b/tests/test-crypto-pbkdf.c
index 8ceceb1..a651dc5 100644
--- a/tests/test-crypto-pbkdf.c
+++ b/tests/test-crypto-pbkdf.c
@@ -358,6 +358,7 @@ static void test_pbkdf_timing(void)
     iters = qcrypto_pbkdf2_count_iters(QCRYPTO_HASH_ALG_SHA256,
                                        key, sizeof(key),
                                        salt, sizeof(salt),
+                                       32,
                                        &error_abort);
 
     g_assert(iters >= (1 << 15));
-- 
2.7.4

next prev parent reply	other threads:[~2016-09-08 16:27 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-09-08 16:27 [Qemu-devel] [PATCH 0/6] crypto: misc tweaks & improvements to pbkdf code Daniel P. Berrange
2016-09-08 16:27 ` [Qemu-devel] [PATCH 1/6] crypto: make PBKDF iterations configurable for LUKS format Daniel P. Berrange
2016-09-08 17:44   ` Eric Blake
2016-09-09  9:32     ` Daniel P. Berrange
2016-09-08 16:27 ` [Qemu-devel] [PATCH 2/6] crypto: clear out buffer after timing pbkdf algorithm Daniel P. Berrange
2016-09-08 17:47   ` Eric Blake
2016-09-09  9:35     ` Daniel P. Berrange
2016-09-08 16:27 ` Daniel P. Berrange [this message]
2016-09-08 17:51   ` [Qemu-devel] [PATCH 3/6] crypto: use correct derived key size when timing pbkdf Eric Blake
2016-09-08 16:27 ` [Qemu-devel] [PATCH 4/6] crypto: remove bogus /= 2 for pbkdf iterations Daniel P. Berrange
2016-09-08 17:52   ` Eric Blake
2016-09-08 16:27 ` [Qemu-devel] [PATCH 5/6] crypto: increase default pbkdf2 time for luks to 2 seconds Daniel P. Berrange
2016-09-08 17:53   ` Eric Blake
2016-09-08 16:27 ` [Qemu-devel] [PATCH 6/6] crypto: support more hash algorithms for pbkdf Daniel P. Berrange
2016-09-08 17:57   ` Eric Blake
2016-09-09  9:31     ` Daniel P. Berrange
2016-09-08 19:48 ` [Qemu-devel] [PATCH 0/6] crypto: misc tweaks & improvements to pbkdf code no-reply

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a5d9ebc dfblob:11047fa dfblob:35dccc2 dfblob:0b902a8
dfblob:e9e4cec dfblob:6b7c54b dfblob:8ceceb1 dfblob:a651dc5 )
 OR (
bs:"[Qemu-devel] [PATCH 3/6] crypto: use correct derived key size when timing pbkdf" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1473352047-908-4-git-send-email-berrange@redhat.com \
    --to=berrange@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.