[EMAIL PROTECTED] wrote: >>>The following patch adds the core functionality for the encrypted >>>suspend image. >> >>[Please inline patches, it makes it easier to comment on them.]
Aiyeeh - good ole Mozilla tends to reformat things when inlining... >>You seem to reuse same key/iv for all the blocks. I'm no crypto >>expert, but I think that is seriously wrong... You probably should use >>block number as a IV or something like that. > > > Or use a feedback loop: xor your data with the outcome of the previous > round. And for the initial block use 0x00...00 for 'previous block'- > value. I'm already using cipher block chaining, look for CRYPTO_TFM_MODE_CBC in swsusp.c. You may want to have a look at cbc_process in crypto/cipher.c. Thus using the same key is ok. The only known drawback is a watermarking "attack" but this can only used to look for the existence of specially crafted files which are not stored on disk during software suspend. I should, however, use crypto_cipher_en/decrypt instead of crypto_cipher_en/decrypt_iv as I actually wanted to use the iv in the tfm I did set up with crypto_cipher_set_iv instead of the local copy. Going to fix that. -- Andreas Steinmetz SPAMmers use [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/