qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v4 04/26] crypto: add support for anti-forensic

From: Daniel P. Berrange
Subject: Re: [Qemu-devel] [PATCH v4 04/26] crypto: add support for anti-forensic split algorithm
Date: Fri, 11 Mar 2016 16:55:12 +0000
User-agent: Mutt/1.5.24 (2015-08-30) 
On Mon, Mar 07, 2016 at 01:51:40PM +0800, Fam Zheng wrote:
> On Mon, 02/29 12:00, Daniel P. Berrange wrote:
> > The LUKS format specifies an anti-forensic split algorithm which
> > is used to artificially expand the size of the key material on
> > disk. This is an implementation of that algorithm.
> > 
> > Signed-off-by: Daniel P. Berrange <address@hidden>
> > ---
> >  crypto/Makefile.objs        |   1 +
> >  crypto/afsplit.c            | 158 ++++++++++++++++++++++++++++++++++++
> >  include/crypto/afsplit.h    | 135 +++++++++++++++++++++++++++++++
> >  tests/.gitignore            |   1 +
> >  tests/Makefile              |   2 +
> >  tests/test-crypto-afsplit.c | 190 
> > ++++++++++++++++++++++++++++++++++++++++++++
> >  6 files changed, 487 insertions(+)
> >  create mode 100644 crypto/afsplit.c
> >  create mode 100644 include/crypto/afsplit.h
> >  create mode 100644 tests/test-crypto-afsplit.c
> > 

> > +static int qcrypto_afsplit_hash(QCryptoHashAlgorithm hash,
> > +                                size_t blocklen,
> > +                                uint8_t *block,
> > +                                Error **errp)
> > +{
> > +    size_t digestlen = qcrypto_hash_digest_len(hash);
> > +
> > +    size_t hashcount = blocklen / digestlen;
> 
> Do you want to use DIV_ROUND_UP? Because if blocklen < digestlen, hashcount is
> 0, and your for loop below will be skipped.

It is not needed actually - look a couple of lines
further where we do  'if (finallen) { hashcount ++ }'.
This achieves the same end result.

> 
> Fam
> 
> > +    size_t finallen = blocklen % digestlen;
> > +    uint32_t i;
> > +
> > +    if (finallen) {
> > +        hashcount++;
> > +    } else {
> > +        finallen = digestlen;
> > +    }
> > +
> > +    for (i = 0; i < hashcount; i++) {
> > +        uint8_t *out = NULL;
> > +        size_t outlen = 0;
> > +        uint32_t iv = cpu_to_be32(i);
> > +        struct iovec in[] = {
> > +            { .iov_base = &iv,
> > +              .iov_len = sizeof(iv) },
> > +            { .iov_base = block + (i * digestlen),
> > +              .iov_len = (i == (hashcount - 1)) ? finallen : digestlen },
> > +        };
> > +
> > +        if (qcrypto_hash_bytesv(hash,
> > +                                in,
> > +                                G_N_ELEMENTS(in),
> > +                                &out, &outlen,
> > +                                errp) < 0) {
> > +            return -1;
> > +        }
> > +
> > +        assert(outlen == digestlen);
> > +        memcpy(block + (i * digestlen), out,
> > +               (i == (hashcount - 1)) ? finallen : digestlen);
> > +        g_free(out);
> > +    }
> > +
> > +    return 0;
> > +}

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|
reply via email to
[Prev in Thread] Current Thread [Next in Thread]