Re: [PATCH encrypted swsusp 1/3] core functionality

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[email protected] wrote:
>>>The following patch adds the core functionality for the encrypted
>>>suspend image.
>>
>>[Please inline patches, it makes it easier to comment on them.]

Aiyeeh - good ole Mozilla tends to reformat things when inlining...

>>You seem to reuse same key/iv for all the blocks. I'm no crypto
>>expert, but I think that is seriously wrong... You probably should use
>>block number as a IV or something like that.
> 
> 
> Or use a feedback loop: xor your data with the outcome of the previous
> round. And for the initial block use 0x00...00 for 'previous block'-
> value.

I'm already using cipher block chaining, look for CRYPTO_TFM_MODE_CBC in
swsusp.c. You may want to have a look at cbc_process in crypto/cipher.c.
Thus using the same key is ok. The only known drawback is a watermarking
"attack" but this can only used to look for the existence of specially
crafted files which are not stored on disk during software suspend.

I should, however, use crypto_cipher_en/decrypt instead of
crypto_cipher_en/decrypt_iv as I actually wanted to use the iv in the
tfm I did set up with crypto_cipher_set_iv instead of the local copy.

Going to fix that.
-- 
Andreas Steinmetz                       SPAMmers use [email protected]
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux