crypto: use correct derived key size when timing pbkdf

Currently when timing the pbkdf algorithm a fixed key size of 32 bytes is used. This results in inaccurate timings for certain hashes depending on their digest size. For example when using sha1 with aes-256, this causes us to measure time for the master key digest doing 2 sha1 operations per iteration, instead of 1. Instead we should pass in the desired key size to the timing routine that matches the key size that will be used for real later. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
author: Daniel P. Berrange <berrange@redhat.com> 2016-09-07 12:43:29 +0100
committer: Daniel P. Berrange <berrange@redhat.com> 2016-09-19 16:30:45 +0100
commit: e74aabcffb74e6c15de05255480d43771ec63d8b (patch)
tree: afe834d8b8f613b933bcc20e2c2f88e712d58564 /crypto
parent: 8813800b7d995d8b54ef0a1e16d41fc13d8b5f3a (diff)
2 files changed, 9 insertions, 3 deletions
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 91a4172287..9269aaf488 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -1072,6 +1072,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
                                        masterkey, luks->header.key_bytes,
                                        luks->header.master_key_salt,
                                        QCRYPTO_BLOCK_LUKS_SALT_LEN,
+                                       QCRYPTO_BLOCK_LUKS_DIGEST_LEN,
                                        &local_err);
     if (local_err) {
         error_propagate(errp, local_err);
@@ -1152,6 +1153,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
                                        (uint8_t *)password, strlen(password),
                                        luks->header.key_slots[0].salt,
                                        QCRYPTO_BLOCK_LUKS_SALT_LEN,
+                                       luks->header.key_bytes,
                                        &local_err);
     if (local_err) {
         error_propagate(errp, local_err);
diff --git a/crypto/pbkdf.c b/crypto/pbkdf.c
index e3915058fb..f22e71d183 100644
--- a/crypto/pbkdf.c
+++ b/crypto/pbkdf.c
@@ -65,13 +65,16 @@ static int qcrypto_pbkdf2_get_thread_cpu(unsigned long long *val_ms,
 uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
                                     const uint8_t *key, size_t nkey,
                                     const uint8_t *salt, size_t nsalt,
+                                    size_t nout,
                                     Error **errp)
 {
     uint64_t ret = -1;
-    uint8_t out[32];
+    uint8_t *out;
     uint64_t iterations = (1 << 15);
     unsigned long long delta_ms, start_ms, end_ms;
 
+    out = g_new(uint8_t, nout);
+
     while (1) {
         if (qcrypto_pbkdf2_get_thread_cpu(&start_ms, errp) < 0) {
             goto cleanup;
@@ -80,7 +83,7 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
                            key, nkey,
                            salt, nsalt,
                            iterations,
-                           out, sizeof(out),
+                           out, nout,
                            errp) < 0) {
             goto cleanup;
         }
@@ -104,6 +107,7 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
     ret = iterations;
 
  cleanup:
-    memset(out, 0, sizeof(out));
+    memset(out, 0, nout);
+    g_free(out);
     return ret;
 }
author	Daniel P. Berrange <berrange@redhat.com>	2016-09-07 12:43:29 +0100
committer	Daniel P. Berrange <berrange@redhat.com>	2016-09-19 16:30:45 +0100
commit	e74aabcffb74e6c15de05255480d43771ec63d8b (patch)
tree	afe834d8b8f613b933bcc20e2c2f88e712d58564 /crypto
parent	8813800b7d995d8b54ef0a1e16d41fc13d8b5f3a (diff)