aboutsummaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
authorDaniel P. Berrange <berrange@redhat.com>2016-09-06 18:43:00 +0100
committerDaniel P. Berrange <berrange@redhat.com>2016-09-19 16:30:45 +0100
commit3bd18890cab82735ae2565fa50aa122e1b4a0ef0 (patch)
tree1fd465fd7a0b3cbf686ad01c6bf53934e59895e5 /crypto
parent59b060be184aff59cfa101c937c8139e66f452f2 (diff)
downloadqemu-3bd18890cab82735ae2565fa50aa122e1b4a0ef0.zip
qemu-3bd18890cab82735ae2565fa50aa122e1b4a0ef0.tar.gz
qemu-3bd18890cab82735ae2565fa50aa122e1b4a0ef0.tar.bz2
crypto: make PBKDF iterations configurable for LUKS format
As protection against bruteforcing passphrases, the PBKDF algorithm is tuned by counting the number of iterations needed to produce 1 second of running time. If the machine that the image will be used on is much faster than the machine where the image is created, it can be desirable to raise the number of iterations. This change adds a new 'iter-time' property that allows the user to choose the iteration wallclock time. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/block-luks.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index bc086ac..91a4172 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -920,6 +920,9 @@ qcrypto_block_luks_create(QCryptoBlock *block,
uint64_t iters;
memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts));
+ if (!luks_opts.has_iter_time) {
+ luks_opts.iter_time = 1000;
+ }
if (!luks_opts.has_cipher_alg) {
luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256;
}
@@ -1075,6 +1078,16 @@ qcrypto_block_luks_create(QCryptoBlock *block,
goto error;
}
+ if (iters > (ULLONG_MAX / luks_opts.iter_time)) {
+ error_setg_errno(errp, ERANGE,
+ "PBKDF iterations %llu too large to scale",
+ (unsigned long long)iters);
+ goto error;
+ }
+
+ /* iter_time was in millis, but count_iters reported for secs */
+ iters = iters * luks_opts.iter_time / 1000;
+
/* Why /= 8 ? That matches cryptsetup, but there's no
* explanation why they chose /= 8... Probably so that
* if all 8 keyslots are active we only spend 1 second
@@ -1144,6 +1157,17 @@ qcrypto_block_luks_create(QCryptoBlock *block,
error_propagate(errp, local_err);
goto error;
}
+
+ if (iters > (ULLONG_MAX / luks_opts.iter_time)) {
+ error_setg_errno(errp, ERANGE,
+ "PBKDF iterations %llu too large to scale",
+ (unsigned long long)iters);
+ goto error;
+ }
+
+ /* iter_time was in millis, but count_iters reported for secs */
+ iters = iters * luks_opts.iter_time / 1000;
+
/* Why /= 2 ? That matches cryptsetup, but there's no
* explanation why they chose /= 2... */
iters /= 2;