From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39995) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1biIB5-0001oe-A0 for qemu-devel@nongnu.org; Fri, 09 Sep 2016 05:32:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1biIB0-0005RK-9g for qemu-devel@nongnu.org; Fri, 09 Sep 2016 05:32:54 -0400 Received: from mx1.redhat.com ([209.132.183.28]:52360) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1biIB0-0005R7-3v for qemu-devel@nongnu.org; Fri, 09 Sep 2016 05:32:50 -0400 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B87B22DD2E4 for ; Fri, 9 Sep 2016 09:32:49 +0000 (UTC) Date: Fri, 9 Sep 2016 10:32:46 +0100 From: "Daniel P. Berrange" Message-ID: <20160909093246.GD25802@redhat.com> Reply-To: "Daniel P. Berrange" References: <1473352047-908-1-git-send-email-berrange@redhat.com> <1473352047-908-2-git-send-email-berrange@redhat.com> <598cc8e9-ea94-b469-bb89-17a1af71a3dd@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <598cc8e9-ea94-b469-bb89-17a1af71a3dd@redhat.com> Subject: Re: [Qemu-devel] [PATCH 1/6] crypto: make PBKDF iterations configurable for LUKS format List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eric Blake Cc: qemu-devel@nongnu.org, =?utf-8?Q?Marc-Andr=C3=A9?= Lureau On Thu, Sep 08, 2016 at 12:44:55PM -0500, Eric Blake wrote: > On 09/08/2016 11:27 AM, Daniel P. Berrange wrote: > > As protection against bruteforcing passphrases, the PBKDF > > algorithm is tuned by counting the number of iterations > > needed to produce 1 second of running time. If the machine > > that the image will be used on is much faster than the > > machine where the image is created, it can be desirable > > to raise the number of limits. This adds a new 'iter-time' > > s/limits/iterations/ ? > > > property that allows the user to choose the iteration > > wallclock time. > > > > Signed-off-by: Daniel P. Berrange > > --- > > block/crypto.c | 6 ++++++ > > crypto/block-luks.c | 32 +++++++++++++++++++++++--------- > > qapi/crypto.json | 6 +++++- > > 3 files changed, 34 insertions(+), 10 deletions(-) > > > > > +++ b/crypto/block-luks.c > > @@ -917,8 +917,12 @@ qcrypto_block_luks_create(QCryptoBlock *block, > > const char *hash_alg; > > char *cipher_mode_spec = NULL; > > QCryptoCipherAlgorithm ivcipheralg = 0; > > + uint64_t iters; > > > > memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts)); > > + if (!luks_opts.has_iter_time) { > > + luks_opts.iter_time = 1000; > > + } > > if (!luks_opts.has_cipher_alg) { > > luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256; > > } > > @@ -1064,7 +1068,7 @@ qcrypto_block_luks_create(QCryptoBlock *block, > > /* Determine how many iterations we need to hash the master > > * key, in order to have 1 second of compute time used > > */ > > - luks->header.master_key_iterations = > > + iters = luks_opts.iter_time * > > qcrypto_pbkdf2_count_iters(luks_opts.hash_alg, > > luks_opts.iter_time is a user-provided 64-bit value, so this > multiplication can overflow... Oh doh, there I was thinkig it was just a 32bit int... Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|