Re: [PATCH encrypted swsusp 1/3] core functionality

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andreas Steinmetz <ast@domdv.de>
To: folkert@vanheusden.com
Cc: Pavel Machek <pavel@ucw.cz>,
	Linux Kernel Mailinglist <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH encrypted swsusp 1/3] core functionality
Date: Mon, 11 Apr 2005 15:08:29 +0200	[thread overview]
Message-ID: <425A76CD.5030905@domdv.de> (raw)
In-Reply-To: <20050411103608.GA5610@vanheusden.com>

folkert@vanheusden.com wrote:
>>>The following patch adds the core functionality for the encrypted
>>>suspend image.
>>
>>[Please inline patches, it makes it easier to comment on them.]

Aiyeeh - good ole Mozilla tends to reformat things when inlining...

>>You seem to reuse same key/iv for all the blocks. I'm no crypto
>>expert, but I think that is seriously wrong... You probably should use
>>block number as a IV or something like that.
> 
> 
> Or use a feedback loop: xor your data with the outcome of the previous
> round. And for the initial block use 0x00...00 for 'previous block'-
> value.

I'm already using cipher block chaining, look for CRYPTO_TFM_MODE_CBC in
swsusp.c. You may want to have a look at cbc_process in crypto/cipher.c.
Thus using the same key is ok. The only known drawback is a watermarking
"attack" but this can only used to look for the existence of specially
crafted files which are not stored on disk during software suspend.

I should, however, use crypto_cipher_en/decrypt instead of
crypto_cipher_en/decrypt_iv as I actually wanted to use the iv in the
tfm I did set up with crypto_cipher_set_iv instead of the local copy.

Going to fix that.
-- 
Andreas Steinmetz                       SPAMmers use robotrap@domdv.de

next prev parent reply	other threads:[~2005-04-11 13:08 UTC|newest]

Thread overview: 51+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-10 23:19 [PATCH encrypted swsusp 1/3] core functionality Andreas Steinmetz
2005-04-11 10:25 ` Pavel Machek
2005-04-11 10:36   ` folkert
2005-04-11 11:01     ` Pavel Machek
2005-04-11 11:38       ` folkert
2005-04-11 16:28       ` Andreas Steinmetz
2005-04-11 16:36         ` Pavel Machek
2005-04-11 13:08     ` Andreas Steinmetz [this message]
2005-04-11 11:08 ` Pavel Machek
2005-04-11 13:11   ` Andreas Steinmetz
2005-04-11 16:11   ` Andreas Steinmetz
2005-04-11 20:57     ` Rafael J. Wysocki
2005-04-11 21:08       ` Pavel Machek
2005-04-11 21:35         ` Rafael J. Wysocki
2005-04-12 10:07           ` Andreas Steinmetz
2005-04-12 10:52       ` Andreas Steinmetz
2005-04-12 13:17       ` Andreas Steinmetz
2005-04-13 11:59         ` Herbert Xu
2005-04-13 12:59           ` Andreas Steinmetz
2005-04-13 21:27             ` Herbert Xu
2005-04-13 22:29               ` Andreas Steinmetz
2005-04-13 23:10                 ` Herbert Xu
2005-04-13 23:24                   ` Pavel Machek
2005-04-13 23:39                     ` Herbert Xu
2005-04-13 23:46                       ` Pavel Machek
2005-04-14  0:35                         ` Matt Mackall
2005-04-14  6:51                           ` Pavel Machek
2005-04-14  8:08                             ` Herbert Xu
2005-04-14  9:04                               ` Rafael J. Wysocki
2005-04-14 17:11                                 ` Matt Mackall
2005-04-14 19:27                                   ` Stefan Seyfried
2005-04-14 19:53                                     ` Matt Mackall
2005-04-14 20:18                                       ` Pavel Machek
2005-04-14 22:27                                         ` Matt Mackall
2005-04-14 22:11                                       ` Andy Isaacson
2005-04-14 22:48                                         ` Matt Mackall
2005-04-15  9:44                                           ` Andreas Steinmetz
2005-04-15  9:44                                       ` Andreas Steinmetz
2005-04-15 17:00                                         ` Matt Mackall
2005-04-14 20:13                                   ` Pavel Machek
2005-04-14  9:05                               ` Pavel Machek
2005-04-15  9:44                             ` Andreas Steinmetz
2005-04-15  9:47                               ` Pavel Machek
2005-04-14  1:13                       ` Bernd Eckenfels
2005-04-14  8:27                         ` Pavel Machek
2005-04-14  8:31                       ` encrypted swap (was Re: [PATCH encrypted swsusp 1/3] core functionality) Andy Isaacson
2005-04-14  8:38                         ` Herbert Xu
2005-04-14  8:49                           ` Arjan van de Ven
2005-04-14  1:11                   ` [PATCH encrypted swsusp 1/3] core functionality Bernd Eckenfels
2005-04-13 13:22         ` Pavel Machek
2005-04-13 14:45           ` Andreas Steinmetz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=425A76CD.5030905@domdv.de \
    --to=ast@domdv.de \
    --cc=folkert@vanheusden.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pavel@ucw.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.