This is an update of v1: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01841.html
The core goal of this series was to make the pbkdf2 iteration time configurable. In doing so a number of other improvements were identified, and some updates done to match latest cryptsetup behaviour / recommendations. Changed in v2: - Switch pbkdf APIs to use uint64_t for iteration count - Fix detection of iteration count overflow (Eric) - Misc typos (Eric) - Use correct syntax for qapi 'since' annotation - Use g_new instead of g_new0 (Eric) Daniel P. Berrange (7): crypto: use uint64_t for pbkdf iteration count parameters crypto: make PBKDF iterations configurable for LUKS format crypto: clear out buffer after timing pbkdf algorithm crypto: use correct derived key size when timing pbkdf crypto: remove bogus /= 2 for pbkdf iterations crypto: increase default pbkdf2 time for luks to 2 seconds crypto: support more hash algorithms for pbkdf block/crypto.c | 6 ++++ crypto/block-luks.c | 78 +++++++++++++++++++++++++++++++++-------------- crypto/pbkdf-gcrypt.c | 21 +++++++++++-- crypto/pbkdf-nettle.c | 71 ++++++++++++++++++++++++++++++++++++------ crypto/pbkdf-stub.c | 2 +- crypto/pbkdf.c | 35 +++++++++++---------- include/crypto/pbkdf.h | 16 ++++++---- qapi/crypto.json | 6 +++- tests/test-crypto-pbkdf.c | 54 +++++++++++++++++++++++++++++++- 9 files changed, 229 insertions(+), 60 deletions(-) -- 2.7.4
