diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2016-09-19 17:10:06 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2016-09-19 17:10:06 +0100 |
| commit | 3d47a1390bd80b7b974185827a340012d21ad1e3 (patch) | |
| tree | efc8ae3427853eff1299f759ab86c5db746d0a7f /include | |
| parent | 55b90fc7660399d6c7ff0bddc509e4f622a80d0a (diff) | |
| parent | b57482d7a0fe669aeb6f0c3c3503d143b9db89dd (diff) | |
Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2016-09-19-2' into staging
Merge qcrypto 2016/09/19 v2
# gpg: Signature made Mon 19 Sep 2016 16:30:52 BST
# gpg: using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/pull-qcrypto-2016-09-19-2:
crypto: add trace points for TLS cert verification
crypto: support more hash algorithms for pbkdf
crypto: increase default pbkdf2 time for luks to 2 seconds
crypto: remove bogus /= 2 for pbkdf iterations
crypto: use correct derived key size when timing pbkdf
crypto: clear out buffer after timing pbkdf algorithm
crypto: make PBKDF iterations configurable for LUKS format
crypto: use uint64_t for pbkdf iteration count parameters
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/crypto/pbkdf.h | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/include/crypto/pbkdf.h b/include/crypto/pbkdf.h index e9e4ceca83..ef209b3e03 100644 --- a/include/crypto/pbkdf.h +++ b/include/crypto/pbkdf.h @@ -122,7 +122,7 @@ bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash); int qcrypto_pbkdf2(QCryptoHashAlgorithm hash, const uint8_t *key, size_t nkey, const uint8_t *salt, size_t nsalt, - unsigned int iterations, + uint64_t iterations, uint8_t *out, size_t nout, Error **errp); @@ -133,6 +133,7 @@ int qcrypto_pbkdf2(QCryptoHashAlgorithm hash, * @nkey: the length of @key in bytes * @salt: a random salt * @nsalt: length of @salt in bytes + * @nout: size of desired derived key * @errp: pointer to a NULL-initialized error object * * Time the PBKDF2 algorithm to determine how many @@ -140,13 +141,16 @@ int qcrypto_pbkdf2(QCryptoHashAlgorithm hash, * key from a user password provided in @key in 1 * second of compute time. The result of this can * be used as a the @iterations parameter of a later - * call to qcrypto_pbkdf2(). + * call to qcrypto_pbkdf2(). The value of @nout should + * match that value that will later be provided with + * a call to qcrypto_pbkdf2(). * * Returns: number of iterations in 1 second, -1 on error */ -int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash, - const uint8_t *key, size_t nkey, - const uint8_t *salt, size_t nsalt, - Error **errp); +uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash, + const uint8_t *key, size_t nkey, + const uint8_t *salt, size_t nsalt, + size_t nout, + Error **errp); #endif /* QCRYPTO_PBKDF_H */ |