[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] QCOW2 cryptography and secure key handling

From: Benoît Canet
Subject: Re: [Qemu-devel] QCOW2 cryptography and secure key handling
Date: Wed, 31 Jul 2013 17:27:14 +0200
User-agent: Mutt/1.5.21 (2010-09-15)

> For example, current qcow2 encryption is vulnerable to a watermarking
> attack.
> http://en.wikipedia.org/wiki/Disk_encryption_theory#Cipher-block_chaining_.28CBC.29

void qcow2_encrypt_sectors(BDRVQcowState *s, int64_t sector_num,
                           uint8_t *out_buf, const uint8_t *in_buf,
                           int nb_sectors, int enc,
                           const AES_KEY *key)
    union {
        uint64_t ll[2];
        uint8_t b[16];
    } ivec;
    int i;

    for(i = 0; i < nb_sectors; i++) {
        ivec.ll[0] = cpu_to_le64(sector_num);
        ivec.ll[1] = 0;
        AES_cbc_encrypt(in_buf, out_buf, 512, key,
                        ivec.b, enc);
        in_buf += 512;
        out_buf += 512;

CBC mode would imply that each sector would be crypted by combining the
plaintext with the previous sector.
It's does not look to be the case as the IV is reset to sector_num for each
It look like CTR mode.

Best regards


> dm-crypt or other disk encryption programs use more complicated schemes,
> do we need to go there?
> Paolo

reply via email to

[Prev in Thread] Current Thread [Next in Thread]