diff options
| author | Daniel P. Berrange <berrange@redhat.com> | 2015-10-14 13:14:04 +0100 |
|---|---|---|
| committer | Daniel P. Berrange <berrange@redhat.com> | 2016-03-17 14:41:07 +0000 |
| commit | 37788f253a4a9ad5f27dae68aee261c784e1fa17 (patch) | |
| tree | 24b95c924f88bf059300342bbb2a9e172478f607 /configure | |
| parent | b917da4cbd13dae4cda3852d5bdf3725202103ab (diff) | |
crypto: add support for PBKDF2 algorithm
The LUKS data format includes use of PBKDF2 (Password-Based
Key Derivation Function). The Nettle library can provide
an implementation of this, but we don't want code directly
depending on a specific crypto library backend. Introduce
a new include/crypto/pbkdf.h header which defines a QEMU
API for invoking PBKDK2. The initial implementations are
backed by nettle & gcrypt, which are commonly available
with distros shipping GNUTLS.
The test suite data is taken from the cryptsetup codebase
under the LGPLv2.1+ license. This merely aims to verify
that whatever backend we provide for this function in QEMU
will comply with the spec.
Reviewed-by: Fam Zheng <famz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'configure')
| -rwxr-xr-x | configure | 18 |
1 files changed, 18 insertions, 0 deletions
@@ -309,6 +309,7 @@ gnutls_hash="" gnutls_rnd="" nettle="" gcrypt="" +gcrypt_kdf="no" vte="" virglrenderer="" tpm="yes" @@ -2302,6 +2303,19 @@ if test "$gcrypt" != "no"; then if test -z "$nettle"; then nettle="no" fi + + cat > $TMPC << EOF +#include <gcrypt.h> +int main(void) { + gcry_kdf_derive(NULL, 0, GCRY_KDF_PBKDF2, + GCRY_MD_SHA256, + NULL, 0, 0, 0, NULL); + return 0; +} +EOF + if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then + gcrypt_kdf=yes + fi else if test "$gcrypt" = "yes"; then feature_not_found "gcrypt" "Install gcrypt devel" @@ -4726,6 +4740,7 @@ echo "GNUTLS support $gnutls" echo "GNUTLS hash $gnutls_hash" echo "GNUTLS rnd $gnutls_rnd" echo "libgcrypt $gcrypt" +echo "libgcrypt kdf $gcrypt_kdf" if test "$nettle" = "yes"; then echo "nettle $nettle ($nettle_version)" else @@ -5108,6 +5123,9 @@ if test "$gnutls_rnd" = "yes" ; then fi if test "$gcrypt" = "yes" ; then echo "CONFIG_GCRYPT=y" >> $config_host_mak + if test "$gcrypt_kdf" = "yes" ; then + echo "CONFIG_GCRYPT_KDF=y" >> $config_host_mak + fi fi if test "$nettle" = "yes" ; then echo "CONFIG_NETTLE=y" >> $config_host_mak |