Re: [Qemu-devel] [PULL v3 02/13] crypto: add support for PBKDF2 algorithm

[Daniel P. Berrange]

On Thu, Mar 24, 2016 at 11:06:21AM +0800, Wen Congyang wrote:
> On 03/18/2016 12:53 AM, Daniel P. Berrange wrote:
> > The LUKS data format includes use of PBKDF2 (Password-Based
> > Key Derivation Function). The Nettle library can provide
> > an implementation of this, but we don't want code directly
> > depending on a specific crypto library backend. Introduce
> > a new include/crypto/pbkdf.h header which defines a QEMU
> > API for invoking PBKDK2. The initial implementations are
> > backed by nettle & gcrypt, which are commonly available
> > with distros shipping GNUTLS.
> > 
> > The test suite data is taken from the cryptsetup codebase
> > under the LGPLv2.1+ license. This merely aims to verify
> > that whatever backend we provide for this function in QEMU
> > will comply with the spec.
> > 
> > Reviewed-by: Fam Zheng <address@hidden>
> > Reviewed-by: Eric Blake <address@hidden>
> > Signed-off-by: Daniel P. Berrange <address@hidden>


> > diff --git a/crypto/pbkdf-nettle.c b/crypto/pbkdf-nettle.c
> > new file mode 100644
> > index 0000000..1aa7395
> > --- /dev/null
> > +++ b/crypto/pbkdf-nettle.c
> > @@ -0,0 +1,65 @@
> > +/*
> > + * QEMU Crypto PBKDF support (Password-Based Key Derivation Function)
> > + *
> > + * Copyright (c) 2015-2016 Red Hat, Inc.
> > + *
> > + * This library is free software; you can redistribute it and/or
> > + * modify it under the terms of the GNU Lesser General Public
> > + * License as published by the Free Software Foundation; either
> > + * version 2 of the License, or (at your option) any later version.
> > + *
> > + * This library is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> > + * Lesser General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU Lesser General Public
> > + * License along with this library; if not, see 
> > <http://www.gnu.org/licenses/>.
> > + *
> > + */
> > +
> > +#include "qemu/osdep.h"
> > +#include "crypto/pbkdf.h"
> > +#include "nettle/pbkdf2.h"
> 
> I get the following building error:
> 
>   CC    crypto/pbkdf.o
>   CC    crypto/pbkdf-nettle.o
>   CC    crypto/ivgen.o
> crypto/pbkdf-nettle.c:23:27: error: nettle/pbkdf2.h: No such file or directory
> crypto/pbkdf-nettle.c: In function ‘qcrypto_pbkdf2’:
> crypto/pbkdf-nettle.c:46: warning: implicit declaration of function 
> ‘pbkdf2_hmac_sha1’
> crypto/pbkdf-nettle.c:46: warning: nested extern declaration of 
> ‘pbkdf2_hmac_sha1’
> crypto/pbkdf-nettle.c:53: warning: implicit declaration of function 
> ‘pbkdf2_hmac_sha256’
> crypto/pbkdf-nettle.c:53: warning: nested extern declaration of 
> ‘pbkdf2_hmac_sha256’
> make: *** [crypto/pbkdf-nettle.o] Error 1
> make: *** Waiting for unfinished jobs....
> 
> rpm -qf /usr/include/nettle/
> libnettle-devel-2.4-8.1.2
> 
> The nettle version is very old......
> The OS is SUSE 11 SP3.

I copied you on a patch that should fix this. Can you test it and report
back whether it worked.


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|