[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PULL v3 02/13] crypto: add support for PBKDF2 algorith
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [PULL v3 02/13] crypto: add support for PBKDF2 algorithm |
Date: |
Tue, 29 Mar 2016 15:50:53 +0100 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Thu, Mar 24, 2016 at 11:06:21AM +0800, Wen Congyang wrote:
> On 03/18/2016 12:53 AM, Daniel P. Berrange wrote:
> > The LUKS data format includes use of PBKDF2 (Password-Based
> > Key Derivation Function). The Nettle library can provide
> > an implementation of this, but we don't want code directly
> > depending on a specific crypto library backend. Introduce
> > a new include/crypto/pbkdf.h header which defines a QEMU
> > API for invoking PBKDK2. The initial implementations are
> > backed by nettle & gcrypt, which are commonly available
> > with distros shipping GNUTLS.
> >
> > The test suite data is taken from the cryptsetup codebase
> > under the LGPLv2.1+ license. This merely aims to verify
> > that whatever backend we provide for this function in QEMU
> > will comply with the spec.
> >
> > Reviewed-by: Fam Zheng <address@hidden>
> > Reviewed-by: Eric Blake <address@hidden>
> > Signed-off-by: Daniel P. Berrange <address@hidden>
> > diff --git a/crypto/pbkdf-nettle.c b/crypto/pbkdf-nettle.c
> > new file mode 100644
> > index 0000000..1aa7395
> > --- /dev/null
> > +++ b/crypto/pbkdf-nettle.c
> > @@ -0,0 +1,65 @@
> > +/*
> > + * QEMU Crypto PBKDF support (Password-Based Key Derivation Function)
> > + *
> > + * Copyright (c) 2015-2016 Red Hat, Inc.
> > + *
> > + * This library is free software; you can redistribute it and/or
> > + * modify it under the terms of the GNU Lesser General Public
> > + * License as published by the Free Software Foundation; either
> > + * version 2 of the License, or (at your option) any later version.
> > + *
> > + * This library is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > + * Lesser General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU Lesser General Public
> > + * License along with this library; if not, see
> > <http://www.gnu.org/licenses/>.
> > + *
> > + */
> > +
> > +#include "qemu/osdep.h"
> > +#include "crypto/pbkdf.h"
> > +#include "nettle/pbkdf2.h"
>
> I get the following building error:
>
> CC crypto/pbkdf.o
> CC crypto/pbkdf-nettle.o
> CC crypto/ivgen.o
> crypto/pbkdf-nettle.c:23:27: error: nettle/pbkdf2.h: No such file or directory
> crypto/pbkdf-nettle.c: In function ‘qcrypto_pbkdf2’:
> crypto/pbkdf-nettle.c:46: warning: implicit declaration of function
> ‘pbkdf2_hmac_sha1’
> crypto/pbkdf-nettle.c:46: warning: nested extern declaration of
> ‘pbkdf2_hmac_sha1’
> crypto/pbkdf-nettle.c:53: warning: implicit declaration of function
> ‘pbkdf2_hmac_sha256’
> crypto/pbkdf-nettle.c:53: warning: nested extern declaration of
> ‘pbkdf2_hmac_sha256’
> make: *** [crypto/pbkdf-nettle.o] Error 1
> make: *** Waiting for unfinished jobs....
>
> rpm -qf /usr/include/nettle/
> libnettle-devel-2.4-8.1.2
>
> The nettle version is very old......
> The OS is SUSE 11 SP3.
I copied you on a patch that should fix this. Can you test it and report
back whether it worked.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
- [Qemu-devel] [PULL v3 00/13] Merge crypto code for LUKS encryption, Daniel P. Berrange, 2016/03/17
- [Qemu-devel] [PULL v3 05/13] crypto: skip testing of unsupported cipher algorithms, Daniel P. Berrange, 2016/03/17
- [Qemu-devel] [PULL v3 01/13] crypto: add cryptographic random byte source, Daniel P. Berrange, 2016/03/17
- [Qemu-devel] [PULL v3 04/13] crypto: add support for anti-forensic split algorithm, Daniel P. Berrange, 2016/03/17
- [Qemu-devel] [PULL v3 08/13] crypto: add support for the twofish cipher algorithm, Daniel P. Berrange, 2016/03/17
- [Qemu-devel] [PULL v3 06/13] crypto: add support for the cast5-128 cipher algorithm, Daniel P. Berrange, 2016/03/17
- [Qemu-devel] [PULL v3 03/13] crypto: add support for generating initialization vectors, Daniel P. Berrange, 2016/03/17
- [Qemu-devel] [PULL v3 02/13] crypto: add support for PBKDF2 algorithm, Daniel P. Berrange, 2016/03/17
- [Qemu-devel] [PULL v3 09/13] crypto: import an implementation of the XTS cipher mode, Daniel P. Berrange, 2016/03/17
- [Qemu-devel] [PULL v3 07/13] crypto: add support for the serpent cipher algorithm, Daniel P. Berrange, 2016/03/17
- [Qemu-devel] [PULL v3 11/13] crypto: wire up XTS mode for cipher APIs, Daniel P. Berrange, 2016/03/17
- [Qemu-devel] [PULL v3 10/13] crypto: refactor code for dealing with AES cipher, Daniel P. Berrange, 2016/03/17
- [Qemu-devel] [PULL v3 12/13] crypto: add block encryption framework, Daniel P. Berrange, 2016/03/17
- [Qemu-devel] [PULL v3 13/13] crypto: implement the LUKS block encryption format, Daniel P. Berrange, 2016/03/17
- Re: [Qemu-devel] [PULL v3 00/13] Merge crypto code for LUKS encryption, Peter Maydell, 2016/03/17