On Thu, Mar 24, 2016 at 11:06:21AM +0800, Wen Congyang wrote: > On 03/18/2016 12:53 AM, Daniel P. Berrange wrote: > > The LUKS data format includes use of PBKDF2 (Password-Based > > Key Derivation Function). The Nettle library can provide > > an implementation of this, but we don't want code directly > > depending on a specific crypto library backend. Introduce > > a new include/crypto/pbkdf.h header which defines a QEMU > > API for invoking PBKDK2. The initial implementations are > > backed by nettle & gcrypt, which are commonly available > > with distros shipping GNUTLS. > > > > The test suite data is taken from the cryptsetup codebase > > under the LGPLv2.1+ license. This merely aims to verify > > that whatever backend we provide for this function in QEMU > > will comply with the spec. > > > > Reviewed-by: Fam Zheng <f...@redhat.com> > > Reviewed-by: Eric Blake <ebl...@redhat.com> > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
> > diff --git a/crypto/pbkdf-nettle.c b/crypto/pbkdf-nettle.c > > new file mode 100644 > > index 0000000..1aa7395 > > --- /dev/null > > +++ b/crypto/pbkdf-nettle.c > > @@ -0,0 +1,65 @@ > > +/* > > + * QEMU Crypto PBKDF support (Password-Based Key Derivation Function) > > + * > > + * Copyright (c) 2015-2016 Red Hat, Inc. > > + * > > + * This library is free software; you can redistribute it and/or > > + * modify it under the terms of the GNU Lesser General Public > > + * License as published by the Free Software Foundation; either > > + * version 2 of the License, or (at your option) any later version. > > + * > > + * This library is distributed in the hope that it will be useful, > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > > + * Lesser General Public License for more details. > > + * > > + * You should have received a copy of the GNU Lesser General Public > > + * License along with this library; if not, see > > <http://www.gnu.org/licenses/>. > > + * > > + */ > > + > > +#include "qemu/osdep.h" > > +#include "crypto/pbkdf.h" > > +#include "nettle/pbkdf2.h" > > I get the following building error: > > CC crypto/pbkdf.o > CC crypto/pbkdf-nettle.o > CC crypto/ivgen.o > crypto/pbkdf-nettle.c:23:27: error: nettle/pbkdf2.h: No such file or directory > crypto/pbkdf-nettle.c: In function ‘qcrypto_pbkdf2’: > crypto/pbkdf-nettle.c:46: warning: implicit declaration of function > ‘pbkdf2_hmac_sha1’ > crypto/pbkdf-nettle.c:46: warning: nested extern declaration of > ‘pbkdf2_hmac_sha1’ > crypto/pbkdf-nettle.c:53: warning: implicit declaration of function > ‘pbkdf2_hmac_sha256’ > crypto/pbkdf-nettle.c:53: warning: nested extern declaration of > ‘pbkdf2_hmac_sha256’ > make: *** [crypto/pbkdf-nettle.o] Error 1 > make: *** Waiting for unfinished jobs.... > > rpm -qf /usr/include/nettle/ > libnettle-devel-2.4-8.1.2 > > The nettle version is very old...... > The OS is SUSE 11 SP3. I copied you on a patch that should fix this. Can you test it and report back whether it worked. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
