diff options
| author | Daniel P. Berrange | 2016-09-07 13:43:29 +0200 |
|---|---|---|
| committer | Daniel P. Berrange | 2016-09-19 17:30:45 +0200 |
| commit | e74aabcffb74e6c15de05255480d43771ec63d8b (patch) | |
| tree | afe834d8b8f613b933bcc20e2c2f88e712d58564 /crypto/block-luks.c | |
| parent | crypto: clear out buffer after timing pbkdf algorithm (diff) | |
| download | qemu-e74aabcffb74e6c15de05255480d43771ec63d8b.tar.gz qemu-e74aabcffb74e6c15de05255480d43771ec63d8b.tar.xz qemu-e74aabcffb74e6c15de05255480d43771ec63d8b.zip | |
crypto: use correct derived key size when timing pbkdf
Currently when timing the pbkdf algorithm a fixed key
size of 32 bytes is used. This results in inaccurate
timings for certain hashes depending on their digest
size. For example when using sha1 with aes-256, this
causes us to measure time for the master key digest
doing 2 sha1 operations per iteration, instead of 1.
Instead we should pass in the desired key size to the
timing routine that matches the key size that will be
used for real later.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'crypto/block-luks.c')
| -rw-r--r-- | crypto/block-luks.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 91a4172287..9269aaf488 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -1072,6 +1072,7 @@ qcrypto_block_luks_create(QCryptoBlock *block, masterkey, luks->header.key_bytes, luks->header.master_key_salt, QCRYPTO_BLOCK_LUKS_SALT_LEN, + QCRYPTO_BLOCK_LUKS_DIGEST_LEN, &local_err); if (local_err) { error_propagate(errp, local_err); @@ -1152,6 +1153,7 @@ qcrypto_block_luks_create(QCryptoBlock *block, (uint8_t *)password, strlen(password), luks->header.key_slots[0].salt, QCRYPTO_BLOCK_LUKS_SALT_LEN, + luks->header.key_bytes, &local_err); if (local_err) { error_propagate(errp, local_err); |