[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] QCOW2 cryptography and secure key handling
From: |
Benoît Canet |
Subject: |
Re: [Qemu-devel] QCOW2 cryptography and secure key handling |
Date: |
Wed, 31 Jul 2013 17:27:14 +0200 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
> For example, current qcow2 encryption is vulnerable to a watermarking
> attack.
> http://en.wikipedia.org/wiki/Disk_encryption_theory#Cipher-block_chaining_.28CBC.29
void qcow2_encrypt_sectors(BDRVQcowState *s, int64_t sector_num,
uint8_t *out_buf, const uint8_t *in_buf,
int nb_sectors, int enc,
const AES_KEY *key)
{
union {
uint64_t ll[2];
uint8_t b[16];
} ivec;
int i;
for(i = 0; i < nb_sectors; i++) {
ivec.ll[0] = cpu_to_le64(sector_num);
ivec.ll[1] = 0;
AES_cbc_encrypt(in_buf, out_buf, 512, key,
ivec.b, enc);
sector_num++;
in_buf += 512;
out_buf += 512;
}
}
CBC mode would imply that each sector would be crypted by combining the
plaintext with the previous sector.
It's does not look to be the case as the IV is reset to sector_num for each
sector.
It look like CTR mode.
Best regards
Benoît
>
> dm-crypt or other disk encryption programs use more complicated schemes,
> do we need to go there?
>
> Paolo
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, (continued)
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Benoît Canet, 2013/07/24
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Paolo Bonzini, 2013/07/24
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Daniel P. Berrange, 2013/07/24
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Paolo Bonzini, 2013/07/24
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Daniel P. Berrange, 2013/07/24
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Markus Armbruster, 2013/07/29
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Kevin Wolf, 2013/07/29
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Daniel P. Berrange, 2013/07/29
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Benoît Canet, 2013/07/29
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Benoît Canet, 2013/07/31
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling,
Benoît Canet <=
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Laszlo Ersek, 2013/07/31
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Laszlo Ersek, 2013/07/31
- Re: [Qemu-devel] QCOW2 cryptography and secure key handling, Daniel P. Berrange, 2013/07/23