From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36268)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1aRdOO-00055i-My
	for qemu-devel@nongnu.org; Fri, 05 Feb 2016 05:13:33 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1aRdON-00026B-M3
	for qemu-devel@nongnu.org; Fri, 05 Feb 2016 05:13:32 -0500
Date: Fri, 5 Feb 2016 10:13:22 +0000
From: "Daniel P. Berrange" <berrange@redhat.com>
Message-ID: <20160205101322.GB13989@redhat.com>
References: <1453311539-1193-1-git-send-email-berrange@redhat.com>
	<1453311539-1193-4-git-send-email-berrange@redhat.com>
	<56B3CD32.7080307@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <56B3CD32.7080307@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v2 03/17] crypto: add support for PBKDF2
	algorithm
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Eric Blake <eblake@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>, Fam Zheng <famz@redhat.com>, qemu-devel@nongnu.org, qemu-block@nongnu.org

On Thu, Feb 04, 2016 at 03:14:10PM -0700, Eric Blake wrote:
> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
> > The LUKS data format includes use of PBKDF2 (Password-Based
> > Key Derivation Function). The Nettle library can provide
> > an implementation of this, but we don't want code directly
> > depending on a specific crypto library backend. Introduce
> > a include/crypto/pbkdf.h header which defines a QEMU
> 
> 'an include/...', or maybe 'a new include/...'?
> 
> > API for invoking PBKDK2. The initial implementations are
> > backed by nettle & gcrypt, which are commonly available
> > with distros shipping GNUTLS.
> > 
> > The test suite data is taken from the cryptsetup codebase
> > under the LGPLv2.1+ license. This merely aims to verify
> > that whatever backend we provide for this function in QEMU
> > will comply with the spec.
> > 
> > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> > ---
> 
> In addition to Fam's review,
> 
> > +++ b/crypto/pbkdf-gcrypt.c
> 
> > +int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
> > +                   const uint8_t *key, size_t nkey,
> > +                   const uint8_t *salt, size_t nsalt,
> > +                   unsigned int iterations,
> > +                   uint8_t *out, size_t nout,
> > +                   Error **errp)
> > +{
> > +    static const int hash_map[QCRYPTO_HASH_ALG__MAX] = {
> > +        [QCRYPTO_HASH_ALG_MD5] = GCRY_MD_MD5,
> > +        [QCRYPTO_HASH_ALG_SHA1] = GCRY_MD_SHA1,
> > +        [QCRYPTO_HASH_ALG_SHA256] = GCRY_MD_SHA256,
> > +    };
> 
> If QCRYPTO_HASH_ gains future enum values, those elements of the array
> will be 0-initialized.
> 
> > +    int ret;
> > +
> > +    if (hash > G_N_ELEMENTS(hash_map)) {
> > +        error_setg(errp, "Unexpected hash algorithm %d", hash);
> > +        return -1;
> > +    }
> 
> This checks for beyond the bounds of the array, but not for an element
> that was 0-initialized.  Is that a problem we need to worry about?

I'll add  '||  hash_map[hash] == GCRY_MD_NONE' to this condition


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|