aboutsummaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
authorDaniel P. Berrange <berrange@redhat.com>2015-10-23 16:14:25 +0100
committerDaniel P. Berrange <berrange@redhat.com>2016-03-17 14:41:14 +0000
commit5a95e0fccdad951d8779fca459c20649c8b0cbb4 (patch)
treefcd700502387cce6fbaba2ad6489f18a74eaf7e9 /crypto
parentcb730894ae284965e03a40eabbf623b87206777b (diff)
crypto: add support for anti-forensic split algorithm
The LUKS format specifies an anti-forensic split algorithm which is used to artificially expand the size of the key material on disk. This is an implementation of that algorithm. Reviewed-by: Fam Zheng <famz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/Makefile.objs1
-rw-r--r--crypto/afsplit.c158
2 files changed, 159 insertions, 0 deletions
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index f28b00e549..454f9dba39 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -17,6 +17,7 @@ crypto-obj-y += ivgen.o
crypto-obj-y += ivgen-essiv.o
crypto-obj-y += ivgen-plain.o
crypto-obj-y += ivgen-plain64.o
+crypto-obj-y += afsplit.o
# Let the userspace emulators avoid linking gnutls/etc
crypto-aes-obj-y = aes.o
diff --git a/crypto/afsplit.c b/crypto/afsplit.c
new file mode 100644
index 0000000000..8074913cdd
--- /dev/null
+++ b/crypto/afsplit.c
@@ -0,0 +1,158 @@
+/*
+ * QEMU Crypto anti forensic information splitter
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * Derived from cryptsetup package lib/luks1/af.c
+ *
+ * Copyright (C) 2004, Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/afsplit.h"
+#include "crypto/random.h"
+
+
+static void qcrypto_afsplit_xor(size_t blocklen,
+ const uint8_t *in1,
+ const uint8_t *in2,
+ uint8_t *out)
+{
+ size_t i;
+ for (i = 0; i < blocklen; i++) {
+ out[i] = in1[i] ^ in2[i];
+ }
+}
+
+
+static int qcrypto_afsplit_hash(QCryptoHashAlgorithm hash,
+ size_t blocklen,
+ uint8_t *block,
+ Error **errp)
+{
+ size_t digestlen = qcrypto_hash_digest_len(hash);
+
+ size_t hashcount = blocklen / digestlen;
+ size_t finallen = blocklen % digestlen;
+ uint32_t i;
+
+ if (finallen) {
+ hashcount++;
+ } else {
+ finallen = digestlen;
+ }
+
+ for (i = 0; i < hashcount; i++) {
+ uint8_t *out = NULL;
+ size_t outlen = 0;
+ uint32_t iv = cpu_to_be32(i);
+ struct iovec in[] = {
+ { .iov_base = &iv,
+ .iov_len = sizeof(iv) },
+ { .iov_base = block + (i * digestlen),
+ .iov_len = (i == (hashcount - 1)) ? finallen : digestlen },
+ };
+
+ if (qcrypto_hash_bytesv(hash,
+ in,
+ G_N_ELEMENTS(in),
+ &out, &outlen,
+ errp) < 0) {
+ return -1;
+ }
+
+ assert(outlen == digestlen);
+ memcpy(block + (i * digestlen), out,
+ (i == (hashcount - 1)) ? finallen : digestlen);
+ g_free(out);
+ }
+
+ return 0;
+}
+
+
+int qcrypto_afsplit_encode(QCryptoHashAlgorithm hash,
+ size_t blocklen,
+ uint32_t stripes,
+ const uint8_t *in,
+ uint8_t *out,
+ Error **errp)
+{
+ uint8_t *block = g_new0(uint8_t, blocklen);
+ size_t i;
+ int ret = -1;
+
+ for (i = 0; i < (stripes - 1); i++) {
+ if (qcrypto_random_bytes(out + (i * blocklen), blocklen, errp) < 0) {
+ goto cleanup;
+ }
+
+ qcrypto_afsplit_xor(blocklen,
+ out + (i * blocklen),
+ block,
+ block);
+ if (qcrypto_afsplit_hash(hash, blocklen, block,
+ errp) < 0) {
+ goto cleanup;
+ }
+ }
+ qcrypto_afsplit_xor(blocklen,
+ in,
+ block,
+ out + (i * blocklen));
+ ret = 0;
+
+ cleanup:
+ g_free(block);
+ return ret;
+}
+
+
+int qcrypto_afsplit_decode(QCryptoHashAlgorithm hash,
+ size_t blocklen,
+ uint32_t stripes,
+ const uint8_t *in,
+ uint8_t *out,
+ Error **errp)
+{
+ uint8_t *block = g_new0(uint8_t, blocklen);
+ size_t i;
+ int ret = -1;
+
+ for (i = 0; i < (stripes - 1); i++) {
+ qcrypto_afsplit_xor(blocklen,
+ in + (i * blocklen),
+ block,
+ block);
+ if (qcrypto_afsplit_hash(hash, blocklen, block,
+ errp) < 0) {
+ goto cleanup;
+ }
+ }
+
+ qcrypto_afsplit_xor(blocklen,
+ in + (i * blocklen),
+ block,
+ out);
+
+ ret = 0;
+
+ cleanup:
+ g_free(block);
+ return ret;
+}