* [RFC 0/3] Enable GCM support
@ 2014-01-18 19:26 Will Morrison
0 siblings, 0 replies; only message in thread
From: Will Morrison @ 2014-01-18 19:26 UTC (permalink / raw)
To: Tyler Hicks; +Cc: ecryptfs
[-- Attachment #1: Type: text/plain, Size: 1186 bytes --]
This set of patches is the work we've done so far on adding integrity
protection. We've been using a modified version of the test suite,
available at
https://code.launchpad.net/~zmanji/ecryptfs/1270455/+merge/202197 to
test GCM using the existing tests. This is done by passing -o
"ecryptfs_cipher_mode=gcm" to the test script along with other flags.
When GCM mode is used, most of the test suite passes, but several tests
involving truncating a file to a larger size fail. We believe this to be
a result of calling read_mapping_page at mmap.c:49, which sometimes
calls ecryptfs_readpage with a fresh page. This new page does not have a
valid auth tag, so E_BADMSG is returned. We think this was fine before,
as whatever was in the page would get overwritten and ignored,
but now we're doing integrity checks, so we run into issues.
We'd like to know if there is an alternative to read_mapping_page that
preserves the necessary semantics, or if there is some field in the page
that gets passed to ecryptfs_readpage that would allow us to distinguish
between pages we have never written to before and pages that were just
fetched from the cache or disk.
-Will
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-01-18 19:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-01-18 19:26 [RFC 0/3] Enable GCM support Will Morrison
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).