Branch: refs/heads/master Home: https://github.com/qemu/qemu Commit: 59b060be184aff59cfa101c937c8139e66f452f2 https://github.com/qemu/qemu/commit/59b060be184aff59cfa101c937c8139e66f452f2 Author: Daniel P. Berrange <berra...@redhat.com> Date: 2016-09-19 (Mon, 19 Sep 2016)
Changed paths: M crypto/block-luks.c M crypto/pbkdf-gcrypt.c M crypto/pbkdf-nettle.c M crypto/pbkdf-stub.c M crypto/pbkdf.c M include/crypto/pbkdf.h Log Message: ----------- crypto: use uint64_t for pbkdf iteration count parameters The qcrypto_pbkdf_count_iters method uses a 64 bit int but then checks its value against INT32_MAX before returning it. This bounds check is premature, because the calling code may well scale the iteration count by some value. It is thus better to return a 64-bit integer and let the caller do range checking. For consistency the qcrypto_pbkdf method is also changed to accept a 64bit int, though this is somewhat academic since nettle is limited to taking an 'int' while gcrypt is limited to taking a 'long int'. Reviewed-by: Eric Blake <ebl...@redhat.com> Signed-off-by: Daniel P. Berrange <berra...@redhat.com> Commit: 3bd18890cab82735ae2565fa50aa122e1b4a0ef0 https://github.com/qemu/qemu/commit/3bd18890cab82735ae2565fa50aa122e1b4a0ef0 Author: Daniel P. Berrange <berra...@redhat.com> Date: 2016-09-19 (Mon, 19 Sep 2016) Changed paths: M block/crypto.c M crypto/block-luks.c M qapi/crypto.json Log Message: ----------- crypto: make PBKDF iterations configurable for LUKS format As protection against bruteforcing passphrases, the PBKDF algorithm is tuned by counting the number of iterations needed to produce 1 second of running time. If the machine that the image will be used on is much faster than the machine where the image is created, it can be desirable to raise the number of iterations. This change adds a new 'iter-time' property that allows the user to choose the iteration wallclock time. Reviewed-by: Eric Blake <ebl...@redhat.com> Signed-off-by: Daniel P. Berrange <berra...@redhat.com> Commit: 8813800b7d995d8b54ef0a1e16d41fc13d8b5f3a https://github.com/qemu/qemu/commit/8813800b7d995d8b54ef0a1e16d41fc13d8b5f3a Author: Daniel P. Berrange <berra...@redhat.com> Date: 2016-09-19 (Mon, 19 Sep 2016) Changed paths: M crypto/pbkdf.c Log Message: ----------- crypto: clear out buffer after timing pbkdf algorithm The 'out' buffer will hold a key derived from master password, so it is best practice to clear this buffer when no longer required. At this time, the code isn't worrying about locking buffers into RAM to prevent swapping sensitive data to disk. Reviewed-by: Eric Blake <ebl...@redhat.com> Signed-off-by: Daniel P. Berrange <berra...@redhat.com> Commit: e74aabcffb74e6c15de05255480d43771ec63d8b https://github.com/qemu/qemu/commit/e74aabcffb74e6c15de05255480d43771ec63d8b Author: Daniel P. Berrange <berra...@redhat.com> Date: 2016-09-19 (Mon, 19 Sep 2016) Changed paths: M crypto/block-luks.c M crypto/pbkdf.c M include/crypto/pbkdf.h M tests/test-crypto-pbkdf.c Log Message: ----------- crypto: use correct derived key size when timing pbkdf Currently when timing the pbkdf algorithm a fixed key size of 32 bytes is used. This results in inaccurate timings for certain hashes depending on their digest size. For example when using sha1 with aes-256, this causes us to measure time for the master key digest doing 2 sha1 operations per iteration, instead of 1. Instead we should pass in the desired key size to the timing routine that matches the key size that will be used for real later. Reviewed-by: Eric Blake <ebl...@redhat.com> Signed-off-by: Daniel P. Berrange <berra...@redhat.com> Commit: acd0dfd0c252a06ec6f2146fea01b66b7bc68cfc https://github.com/qemu/qemu/commit/acd0dfd0c252a06ec6f2146fea01b66b7bc68cfc Author: Daniel P. Berrange <berra...@redhat.com> Date: 2016-09-19 (Mon, 19 Sep 2016) Changed paths: M crypto/block-luks.c Log Message: ----------- crypto: remove bogus /= 2 for pbkdf iterations When calculating iterations for pbkdf of the key slot data, we had a /= 2, which was copied from identical code in cryptsetup. It was always unclear & undocumented why cryptsetup had this division and it was recently removed there, too. Reviewed-by: Eric Blake <ebl...@redhat.com> Signed-off-by: Daniel P. Berrange <berra...@redhat.com> Commit: 2ab66cd577d6d0ec3c44b14cc823e76ea5a4397c https://github.com/qemu/qemu/commit/2ab66cd577d6d0ec3c44b14cc823e76ea5a4397c Author: Daniel P. Berrange <berra...@redhat.com> Date: 2016-09-19 (Mon, 19 Sep 2016) Changed paths: M crypto/block-luks.c M qapi/crypto.json Log Message: ----------- crypto: increase default pbkdf2 time for luks to 2 seconds cryptsetup recently increased the default pbkdf2 time to 2 seconds to partially mitigate improvements in hardware performance wrt brute-forcing the pbkdf algorithm. This updates QEMU defaults to match. Reviewed-by: Eric Blake <ebl...@redhat.com> Signed-off-by: Daniel P. Berrange <berra...@redhat.com> Commit: 533008f4f382490f817a0c313f2d32f6173c08c7 https://github.com/qemu/qemu/commit/533008f4f382490f817a0c313f2d32f6173c08c7 Author: Daniel P. Berrange <berra...@redhat.com> Date: 2016-09-19 (Mon, 19 Sep 2016) Changed paths: M crypto/pbkdf-gcrypt.c M crypto/pbkdf-nettle.c M tests/test-crypto-pbkdf.c Log Message: ----------- crypto: support more hash algorithms for pbkdf Currently pbkdf is only supported with SHA1 and SHA256. Expand this to support all algorithms known to QEMU. Reviewed-by: Eric Blake <ebl...@redhat.com> Signed-off-by: Daniel P. Berrange <berra...@redhat.com> Commit: b57482d7a0fe669aeb6f0c3c3503d143b9db89dd https://github.com/qemu/qemu/commit/b57482d7a0fe669aeb6f0c3c3503d143b9db89dd Author: Daniel P. Berrange <berra...@redhat.com> Date: 2016-09-19 (Mon, 19 Sep 2016) Changed paths: M crypto/tlssession.c M crypto/trace-events Log Message: ----------- crypto: add trace points for TLS cert verification It is very useful to know about TLS cert verification status when debugging, so add a trace point for it. Signed-off-by: Daniel P. Berrange <berra...@redhat.com> Commit: 3d47a1390bd80b7b974185827a340012d21ad1e3 https://github.com/qemu/qemu/commit/3d47a1390bd80b7b974185827a340012d21ad1e3 Author: Peter Maydell <peter.mayd...@linaro.org> Date: 2016-09-19 (Mon, 19 Sep 2016) Changed paths: M block/crypto.c M crypto/block-luks.c M crypto/pbkdf-gcrypt.c M crypto/pbkdf-nettle.c M crypto/pbkdf-stub.c M crypto/pbkdf.c M crypto/tlssession.c M crypto/trace-events M include/crypto/pbkdf.h M qapi/crypto.json M tests/test-crypto-pbkdf.c Log Message: ----------- Merge remote-tracking branch 'remotes/berrange/tags/pull-qcrypto-2016-09-19-2' into staging Merge qcrypto 2016/09/19 v2 # gpg: Signature made Mon 19 Sep 2016 16:30:52 BST # gpg: using RSA key 0xBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <d...@berrange.com>" # gpg: aka "Daniel P. Berrange <berra...@redhat.com>" # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/pull-qcrypto-2016-09-19-2: crypto: add trace points for TLS cert verification crypto: support more hash algorithms for pbkdf crypto: increase default pbkdf2 time for luks to 2 seconds crypto: remove bogus /= 2 for pbkdf iterations crypto: use correct derived key size when timing pbkdf crypto: clear out buffer after timing pbkdf algorithm crypto: make PBKDF iterations configurable for LUKS format crypto: use uint64_t for pbkdf iteration count parameters Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Compare: https://github.com/qemu/qemu/compare/55b90fc76603...3d47a1390bd8