aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--crypto/block-luks.c2
-rw-r--r--crypto/pbkdf.c10
-rw-r--r--include/crypto/pbkdf.h6
-rw-r--r--tests/test-crypto-pbkdf.c1
4 files changed, 15 insertions, 4 deletions
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 91a4172287..9269aaf488 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -1072,6 +1072,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
masterkey, luks->header.key_bytes,
luks->header.master_key_salt,
QCRYPTO_BLOCK_LUKS_SALT_LEN,
+ QCRYPTO_BLOCK_LUKS_DIGEST_LEN,
&local_err);
if (local_err) {
error_propagate(errp, local_err);
@@ -1152,6 +1153,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
(uint8_t *)password, strlen(password),
luks->header.key_slots[0].salt,
QCRYPTO_BLOCK_LUKS_SALT_LEN,
+ luks->header.key_bytes,
&local_err);
if (local_err) {
error_propagate(errp, local_err);
diff --git a/crypto/pbkdf.c b/crypto/pbkdf.c
index e3915058fb..f22e71d183 100644
--- a/crypto/pbkdf.c
+++ b/crypto/pbkdf.c
@@ -65,13 +65,16 @@ static int qcrypto_pbkdf2_get_thread_cpu(unsigned long long *val_ms,
uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
const uint8_t *key, size_t nkey,
const uint8_t *salt, size_t nsalt,
+ size_t nout,
Error **errp)
{
uint64_t ret = -1;
- uint8_t out[32];
+ uint8_t *out;
uint64_t iterations = (1 << 15);
unsigned long long delta_ms, start_ms, end_ms;
+ out = g_new(uint8_t, nout);
+
while (1) {
if (qcrypto_pbkdf2_get_thread_cpu(&start_ms, errp) < 0) {
goto cleanup;
@@ -80,7 +83,7 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
key, nkey,
salt, nsalt,
iterations,
- out, sizeof(out),
+ out, nout,
errp) < 0) {
goto cleanup;
}
@@ -104,6 +107,7 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
ret = iterations;
cleanup:
- memset(out, 0, sizeof(out));
+ memset(out, 0, nout);
+ g_free(out);
return ret;
}
diff --git a/include/crypto/pbkdf.h b/include/crypto/pbkdf.h
index 6f4ac85b5c..ef209b3e03 100644
--- a/include/crypto/pbkdf.h
+++ b/include/crypto/pbkdf.h
@@ -133,6 +133,7 @@ int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
* @nkey: the length of @key in bytes
* @salt: a random salt
* @nsalt: length of @salt in bytes
+ * @nout: size of desired derived key
* @errp: pointer to a NULL-initialized error object
*
* Time the PBKDF2 algorithm to determine how many
@@ -140,13 +141,16 @@ int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
* key from a user password provided in @key in 1
* second of compute time. The result of this can
* be used as a the @iterations parameter of a later
- * call to qcrypto_pbkdf2().
+ * call to qcrypto_pbkdf2(). The value of @nout should
+ * match that value that will later be provided with
+ * a call to qcrypto_pbkdf2().
*
* Returns: number of iterations in 1 second, -1 on error
*/
uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
const uint8_t *key, size_t nkey,
const uint8_t *salt, size_t nsalt,
+ size_t nout,
Error **errp);
#endif /* QCRYPTO_PBKDF_H */
diff --git a/tests/test-crypto-pbkdf.c b/tests/test-crypto-pbkdf.c
index 8ceceb1827..a651dc50a3 100644
--- a/tests/test-crypto-pbkdf.c
+++ b/tests/test-crypto-pbkdf.c
@@ -358,6 +358,7 @@ static void test_pbkdf_timing(void)
iters = qcrypto_pbkdf2_count_iters(QCRYPTO_HASH_ALG_SHA256,
key, sizeof(key),
salt, sizeof(salt),
+ 32,
&error_abort);
g_assert(iters >= (1 << 15));