[Qemu-devel] [PULL v2 2/8] crypto: make PBKDF iterations configurable for LUKS format

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
	"Daniel P. Berrange" <berrange@redhat.com>
Subject: [Qemu-devel] [PULL v2 2/8] crypto: make PBKDF iterations configurable for LUKS format
Date: Mon, 19 Sep 2016 16:33:51 +0100	[thread overview]
Message-ID: <1474299237-1054-3-git-send-email-berrange@redhat.com> (raw)
In-Reply-To: <1474299237-1054-1-git-send-email-berrange@redhat.com>

As protection against bruteforcing passphrases, the PBKDF
algorithm is tuned by counting the number of iterations
needed to produce 1 second of running time. If the machine
that the image will be used on is much faster than the
machine where the image is created, it can be desirable
to raise the number of iterations. This change adds a new
'iter-time' property that allows the user to choose the
iteration wallclock time.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 block/crypto.c      |  6 ++++++
 crypto/block-luks.c | 24 ++++++++++++++++++++++++
 qapi/crypto.json    |  6 +++++-
 3 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/block/crypto.c b/block/crypto.c
index 7f61e12..7aa7eb5 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -33,6 +33,7 @@
 #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg"
 #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg"
 #define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
+#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
 
 typedef struct BlockCrypto BlockCrypto;
 
@@ -183,6 +184,11 @@ static QemuOptsList block_crypto_create_opts_luks = {
             .type = QEMU_OPT_STRING,
             .help = "Name of encryption hash algorithm",
         },
+        {
+            .name = BLOCK_CRYPTO_OPT_LUKS_ITER_TIME,
+            .type = QEMU_OPT_NUMBER,
+            .help = "Time to spend in PBKDF in milliseconds",
+        },
         { /* end of list */ }
     },
 };
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index bc086ac..91a4172 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -920,6 +920,9 @@ qcrypto_block_luks_create(QCryptoBlock *block,
     uint64_t iters;
 
     memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts));
+    if (!luks_opts.has_iter_time) {
+        luks_opts.iter_time = 1000;
+    }
     if (!luks_opts.has_cipher_alg) {
         luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256;
     }
@@ -1075,6 +1078,16 @@ qcrypto_block_luks_create(QCryptoBlock *block,
         goto error;
     }
 
+    if (iters > (ULLONG_MAX / luks_opts.iter_time)) {
+        error_setg_errno(errp, ERANGE,
+                         "PBKDF iterations %llu too large to scale",
+                         (unsigned long long)iters);
+        goto error;
+    }
+
+    /* iter_time was in millis, but count_iters reported for secs */
+    iters = iters * luks_opts.iter_time / 1000;
+
     /* Why /= 8 ?  That matches cryptsetup, but there's no
      * explanation why they chose /= 8... Probably so that
      * if all 8 keyslots are active we only spend 1 second
@@ -1144,6 +1157,17 @@ qcrypto_block_luks_create(QCryptoBlock *block,
         error_propagate(errp, local_err);
         goto error;
     }
+
+    if (iters > (ULLONG_MAX / luks_opts.iter_time)) {
+        error_setg_errno(errp, ERANGE,
+                         "PBKDF iterations %llu too large to scale",
+                         (unsigned long long)iters);
+        goto error;
+    }
+
+    /* iter_time was in millis, but count_iters reported for secs */
+    iters = iters * luks_opts.iter_time / 1000;
+
     /* Why /= 2 ?  That matches cryptsetup, but there's no
      * explanation why they chose /= 2... */
     iters /= 2;
diff --git a/qapi/crypto.json b/qapi/crypto.json
index 34d2583..2b6118f 100644
--- a/qapi/crypto.json
+++ b/qapi/crypto.json
@@ -185,6 +185,9 @@
 #                  Currently defaults to 'sha256'
 # @hash-alg: #optional the master key hash algorithm
 #            Currently defaults to 'sha256'
+# @iter-time: #optional number of milliseconds to spend in
+#             PBKDF passphrase processing. Currently defaults
+#             to 1000. (since 2.8)
 # Since: 2.6
 ##
 { 'struct': 'QCryptoBlockCreateOptionsLUKS',
@@ -193,7 +196,8 @@
             '*cipher-mode': 'QCryptoCipherMode',
             '*ivgen-alg': 'QCryptoIVGenAlgorithm',
             '*ivgen-hash-alg': 'QCryptoHashAlgorithm',
-            '*hash-alg': 'QCryptoHashAlgorithm'}}
+            '*hash-alg': 'QCryptoHashAlgorithm',
+            '*iter-time': 'int'}}
 
 
 ##
-- 
2.7.4

next prev parent reply	other threads:[~2016-09-19 15:34 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-09-19 15:33 [Qemu-devel] [PULL v2 0/8] Merge qcrypto 2016/09/19 Daniel P. Berrange
2016-09-19 15:33 ` [Qemu-devel] [PULL v2 1/8] crypto: use uint64_t for pbkdf iteration count parameters Daniel P. Berrange
2016-09-19 15:33 ` Daniel P. Berrange [this message]
2016-09-19 15:33 ` [Qemu-devel] [PULL v2 3/8] crypto: clear out buffer after timing pbkdf algorithm Daniel P. Berrange
2016-09-19 15:33 ` [Qemu-devel] [PULL v2 4/8] crypto: use correct derived key size when timing pbkdf Daniel P. Berrange
2016-09-19 15:33 ` [Qemu-devel] [PULL v2 5/8] crypto: remove bogus /= 2 for pbkdf iterations Daniel P. Berrange
2016-09-19 15:33 ` [Qemu-devel] [PULL v2 6/8] crypto: increase default pbkdf2 time for luks to 2 seconds Daniel P. Berrange
2016-09-19 15:33 ` [Qemu-devel] [PULL v2 7/8] crypto: support more hash algorithms for pbkdf Daniel P. Berrange
2016-09-19 15:33 ` [Qemu-devel] [PULL v2 8/8] crypto: add trace points for TLS cert verification Daniel P. Berrange
2016-09-19 15:55 ` [Qemu-devel] [PULL v2 0/8] Merge qcrypto 2016/09/19 no-reply
2016-09-19 17:06 ` Peter Maydell
2016-09-19 20:16 ` no-reply

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7f61e12 dfblob:7aa7eb5 dfblob:bc086ac dfblob:91a4172
dfblob:34d2583 dfblob:2b6118f )
 OR (
bs:"[Qemu-devel] [PULL v2 2/8] crypto: make PBKDF iterations configurable for LUKS format" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1474299237-1054-3-git-send-email-berrange@redhat.com \
    --to=berrange@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.