Linux内核中使用AES的加密和解密
[英]Encryption and Decryption using AES in Linux Kernel
问题描述
I want to encrypt files during their creation and decrypt files during their read operation using AES algorithm. 
我希望在创建文件时加密文件,并在读取操作期间使用AES算法解密文件。 I have also written code in vfs_write() and vfs_read() for encryption and decryption respectively and also it is working nicely, but the only problem now is that k whenever I pass a file to vfs_write() whose length is not multiple of 16 (AES BLOCK SIZE) den AES does padding to it to make it a multiple of 16 and bcz of this the size of the file increases but the write() function does not know about this and so it rejects 我还分别在vfs_write()和vfs_read()编写了用于加密和解密的代码,并且它运行良好,但现在唯一的问题是k每当我将文件传递给长度不是16的倍数的vfs_write() ( AES BLOCK SIZE)den AES对它进行填充以使其成为16的倍数,并且bcz这个文件的大小增加但write()函数不知道这个,所以它拒绝
eg:- suppose i enter data as "123", here length is 4 (3 length of data + 1 '\\0' character) and so AES padds 12 bytes to it to make it 16 bytes (as AES works on 16 bytes blocks), but write() only takes original length which was 4, and so i want to know how to change the file size to 16 (in this case) and also where to do it in kernel code. 例如: - 假设我输入数据为“123”,这里length为4(3个数据长度+ 1个'0'字符),因此AES填充12个字节使其成为16个字节(因为AES适用于16个字节块) ),但write()只采用4的原始长度,所以我想知道如何将文件大小更改为16(在这种情况下)以及在内核代码中的位置。
i tried this 我试过这个
inode->i_size=new_length;
inode->i_op->truncate(inode);
also i tried 我也试过了
if(file->f_flags & O_APPEND)
*pos=i_size_read(inode);
but this is not working bcz kernel hangs and also i am not understanding where to do such things ie, in which function and how. 但这不是工作bcz内核挂起,我也不知道在哪里做这样的事情,即在哪个功能和如何。
also i tried changing the count variable with new length in vfs_write() but then it gives error as "cat write error: No space left on device". 我也尝试在vfs_write()使用新长度更改count变量,但随后它会出现错误,因为“cat write error:设备上没有剩余空间”。
it works fine when i pass file which is a multiple of 16. 当我传递16的倍数的文件时,它工作正常。
2 个解决方案
解决方案1
1 2012-02-20 16:52:51
Your current mode requires padding; 您当前的模式需要填充; and it can be hard to do padding in some cases (like what you meet). 在某些情况下(例如你遇到的情况),很难做填充。 Usually, disk/filesystem encryption is done in other mode, which require no padding (and easy to do random reads/writes). 通常,磁盘/文件系统加密是在其他模式下完成的,它不需要填充(并且易于进行随机读/写)。
Overview of block cipher modes: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation 分组密码模式概述: http : //en.wikipedia.org/wiki/Block_cipher_modes_of_operation
Modes: ECB, CBC, PCBC, CFB, OFB require padding 模式:ECB,CBC,PCBC,CFB,OFB需要填充
and mode CTR (Counter) doesn't require padding. 和模式CTR(计数器)不需要填充。
This mode is easy and it is even easier to implement it in wrong (unsafe, easy-to-break) way. 这种模式很简单,以错误的(不安全,易于破解)方式实现它更容易。
There is an overview of Disk encryption http://en.wikipedia.org/wiki/Disk_encryption_theory with even more advanced modes (XEX, XTS). 磁盘加密http://en.wikipedia.org/wiki/Disk_encryption_theory概述了更高级的模式(XEX,XTS)。 Some of them still require padding. 其中一些仍然需要填充。
Even with universal cipher mode you will get a lot of problems.. Some of them are covered in "Cryptfs: A Stackable Vnode Level Encryption File System" 即使使用通用密码模式,您也会遇到很多问题。其中一些内容包含在“Cryptfs:可堆叠的Vnode级加密文件系统”中
解决方案2
1 2012-02-20 16:59:33
why dont you deliberately make it 16 bytes, encrypt it and then after decryption discard the padding. 为什么你不刻意使它16字节,加密它然后在解密后丢弃填充。 I mean instead of relying on aes alone, do it yourself. 我的意思是不是单靠依靠aes,而是自己动手。 By this you wil be sure that the data you are getting is correct 通过这种方式,您可以确保获得的数据是正确的
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.