From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58325) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aeQLR-0003aW-Il for qemu-devel@nongnu.org; Fri, 11 Mar 2016 11:55:22 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aeQLQ-0002md-Ih for qemu-devel@nongnu.org; Fri, 11 Mar 2016 11:55:21 -0500 Date: Fri, 11 Mar 2016 16:55:12 +0000 From: "Daniel P. Berrange" Message-ID: <20160311165512.GF30098@redhat.com> References: <1456747261-22032-1-git-send-email-berrange@redhat.com> <1456747261-22032-5-git-send-email-berrange@redhat.com> <20160307055140.GC21446@ad.usersys.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20160307055140.GC21446@ad.usersys.redhat.com> Subject: Re: [Qemu-devel] [PATCH v4 04/26] crypto: add support for anti-forensic split algorithm Reply-To: "Daniel P. Berrange" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Fam Zheng Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org On Mon, Mar 07, 2016 at 01:51:40PM +0800, Fam Zheng wrote: > On Mon, 02/29 12:00, Daniel P. Berrange wrote: > > The LUKS format specifies an anti-forensic split algorithm which > > is used to artificially expand the size of the key material on > > disk. This is an implementation of that algorithm. > > > > Signed-off-by: Daniel P. Berrange > > --- > > crypto/Makefile.objs | 1 + > > crypto/afsplit.c | 158 ++++++++++++++++++++++++++++++++++++ > > include/crypto/afsplit.h | 135 +++++++++++++++++++++++++++++++ > > tests/.gitignore | 1 + > > tests/Makefile | 2 + > > tests/test-crypto-afsplit.c | 190 ++++++++++++++++++++++++++++++++++++++++++++ > > 6 files changed, 487 insertions(+) > > create mode 100644 crypto/afsplit.c > > create mode 100644 include/crypto/afsplit.h > > create mode 100644 tests/test-crypto-afsplit.c > > > > +static int qcrypto_afsplit_hash(QCryptoHashAlgorithm hash, > > + size_t blocklen, > > + uint8_t *block, > > + Error **errp) > > +{ > > + size_t digestlen = qcrypto_hash_digest_len(hash); > > + > > + size_t hashcount = blocklen / digestlen; > > Do you want to use DIV_ROUND_UP? Because if blocklen < digestlen, hashcount is > 0, and your for loop below will be skipped. It is not needed actually - look a couple of lines further where we do 'if (finallen) { hashcount ++ }'. This achieves the same end result. > > Fam > > > + size_t finallen = blocklen % digestlen; > > + uint32_t i; > > + > > + if (finallen) { > > + hashcount++; > > + } else { > > + finallen = digestlen; > > + } > > + > > + for (i = 0; i < hashcount; i++) { > > + uint8_t *out = NULL; > > + size_t outlen = 0; > > + uint32_t iv = cpu_to_be32(i); > > + struct iovec in[] = { > > + { .iov_base = &iv, > > + .iov_len = sizeof(iv) }, > > + { .iov_base = block + (i * digestlen), > > + .iov_len = (i == (hashcount - 1)) ? finallen : digestlen }, > > + }; > > + > > + if (qcrypto_hash_bytesv(hash, > > + in, > > + G_N_ELEMENTS(in), > > + &out, &outlen, > > + errp) < 0) { > > + return -1; > > + } > > + > > + assert(outlen == digestlen); > > + memcpy(block + (i * digestlen), out, > > + (i == (hashcount - 1)) ? finallen : digestlen); > > + g_free(out); > > + } > > + > > + return 0; > > +} Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|