From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:33701)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1akuyx-00074F-8J
	for qemu-devel@nongnu.org; Tue, 29 Mar 2016 10:51:01 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1akuyv-0000RS-KY
	for qemu-devel@nongnu.org; Tue, 29 Mar 2016 10:50:59 -0400
Received: from mx1.redhat.com ([209.132.183.28]:45236)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1akuyv-0000RO-CT
	for qemu-devel@nongnu.org; Tue, 29 Mar 2016 10:50:57 -0400
Date: Tue, 29 Mar 2016 15:50:53 +0100
From: "Daniel P. Berrange" <berrange@redhat.com>
Message-ID: <20160329145053.GI32133@redhat.com>
References: <1458233634-27709-1-git-send-email-berrange@redhat.com>
	<1458233634-27709-3-git-send-email-berrange@redhat.com>
	<56F359AD.8090502@cn.fujitsu.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <56F359AD.8090502@cn.fujitsu.com>
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PULL v3 02/13] crypto: add support for PBKDF2
 algorithm
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Wen Congyang <wency@cn.fujitsu.com>
Cc: Peter Maydell <peter.maydell@linaro.org>, qemu-devel@nongnu.org

On Thu, Mar 24, 2016 at 11:06:21AM +0800, Wen Congyang wrote:
> On 03/18/2016 12:53 AM, Daniel P. Berrange wrote:
> > The LUKS data format includes use of PBKDF2 (Password-Based
> > Key Derivation Function). The Nettle library can provide
> > an implementation of this, but we don't want code directly
> > depending on a specific crypto library backend. Introduce
> > a new include/crypto/pbkdf.h header which defines a QEMU
> > API for invoking PBKDK2. The initial implementations are
> > backed by nettle & gcrypt, which are commonly available
> > with distros shipping GNUTLS.
> >=20
> > The test suite data is taken from the cryptsetup codebase
> > under the LGPLv2.1+ license. This merely aims to verify
> > that whatever backend we provide for this function in QEMU
> > will comply with the spec.
> >=20
> > Reviewed-by: Fam Zheng <famz@redhat.com>
> > Reviewed-by: Eric Blake <eblake@redhat.com>
> > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>


> > diff --git a/crypto/pbkdf-nettle.c b/crypto/pbkdf-nettle.c
> > new file mode 100644
> > index 0000000..1aa7395
> > --- /dev/null
> > +++ b/crypto/pbkdf-nettle.c
> > @@ -0,0 +1,65 @@
> > +/*
> > + * QEMU Crypto PBKDF support (Password-Based Key Derivation Function=
)
> > + *
> > + * Copyright (c) 2015-2016 Red Hat, Inc.
> > + *
> > + * This library is free software; you can redistribute it and/or
> > + * modify it under the terms of the GNU Lesser General Public
> > + * License as published by the Free Software Foundation; either
> > + * version 2 of the License, or (at your option) any later version.
> > + *
> > + * This library is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> > + * Lesser General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU Lesser General Public
> > + * License along with this library; if not, see <http://www.gnu.org/=
licenses/>.
> > + *
> > + */
> > +
> > +#include "qemu/osdep.h"
> > +#include "crypto/pbkdf.h"
> > +#include "nettle/pbkdf2.h"
>=20
> I get the following building error:
>=20
>   CC    crypto/pbkdf.o
>   CC    crypto/pbkdf-nettle.o
>   CC    crypto/ivgen.o
> crypto/pbkdf-nettle.c:23:27: error: nettle/pbkdf2.h: No such file or di=
rectory
> crypto/pbkdf-nettle.c: In function =E2=80=98qcrypto_pbkdf2=E2=80=99:
> crypto/pbkdf-nettle.c:46: warning: implicit declaration of function =E2=
=80=98pbkdf2_hmac_sha1=E2=80=99
> crypto/pbkdf-nettle.c:46: warning: nested extern declaration of =E2=80=98=
pbkdf2_hmac_sha1=E2=80=99
> crypto/pbkdf-nettle.c:53: warning: implicit declaration of function =E2=
=80=98pbkdf2_hmac_sha256=E2=80=99
> crypto/pbkdf-nettle.c:53: warning: nested extern declaration of =E2=80=98=
pbkdf2_hmac_sha256=E2=80=99
> make: *** [crypto/pbkdf-nettle.o] Error 1
> make: *** Waiting for unfinished jobs....
>=20
> rpm -qf /usr/include/nettle/
> libnettle-devel-2.4-8.1.2
>=20
> The nettle version is very old......
> The OS is SUSE 11 SP3.

I copied you on a patch that should fix this. Can you test it and report
back whether it worked.


Regards,
Daniel
--=20
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange=
/ :|
|: http://libvirt.org              -o-             http://virt-manager.or=
g :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr=
/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vn=
c :|