stackoom
  简体   繁体   中英

Encryption and Decryption using AES in Linux Kernel

 原文  2012-02-20 15:10:40       c/ encryption/ linux-kernel

Question

I want to encrypt files during their creation and decrypt files during their read operation using AES algorithm. I have also written code in vfs_write() and vfs_read() for encryption and decryption respectively and also it is working nicely, but the only problem now is that k whenever I pass a file to vfs_write() whose length is not multiple of 16 (AES BLOCK SIZE) den AES does padding to it to make it a multiple of 16 and bcz of this the size of the file increases but the write() function does not know about this and so it rejects

eg:- suppose i enter data as "123", here length is 4 (3 length of data + 1 '\\0' character) and so AES padds 12 bytes to it to make it 16 bytes (as AES works on 16 bytes blocks), but write() only takes original length which was 4, and so i want to know how to change the file size to 16 (in this case) and also where to do it in kernel code.

i tried this 

inode->i_size=new_length;
inode->i_op->truncate(inode);

also i tried 

if(file->f_flags & O_APPEND)
    *pos=i_size_read(inode);

but this is not working bcz kernel hangs and also i am not understanding where to do such things ie, in which function and how.

also i tried changing the count variable with new length in vfs_write() but then it gives error as "cat write error: No space left on device".

it works fine when i pass file which is a multiple of 16.

2 answers

solution1
 1  2012-02-20 16:52:51

Your current mode requires padding; and it can be hard to do padding in some cases (like what you meet). Usually, disk/filesystem encryption is done in other mode, which require no padding (and easy to do random reads/writes).

Overview of block cipher modes: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

Modes: ECB, CBC, PCBC, CFB, OFB require padding

and mode CTR (Counter) doesn't require padding.

This mode is easy and it is even easier to implement it in wrong (unsafe, easy-to-break) way.

There is an overview of Disk encryption http://en.wikipedia.org/wiki/Disk_encryption_theory with even more advanced modes (XEX, XTS). Some of them still require padding.

Even with universal cipher mode you will get a lot of problems.. Some of them are covered in "Cryptfs: A Stackable Vnode Level Encryption File System"

solution2
 1  2012-02-20 16:59:33

why dont you deliberately make it 16 bytes, encrypt it and then after decryption discard the padding. I mean instead of relying on aes alone, do it yourself. By this you wil be sure that the data you are getting is correct

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Encryption and Decryption using AES-256 AES CTR encryption and decryption AES 256 CTR Encryption/Decryption using Visual Studio and Openssl Padding error - when using AES Encryption in Java and Decryption in C AES-256 CBC Encryption/Decryption string using OpenSSL in Android AES_128_CBC Encryption/Decryption using OpenSSL AES CTR symmetric encryption and decryption AES encryption to decryption not outputting correctly AES CCM Encryption and Decryption in Libgcrypt Why does aes_128_cbc() work but not aes_128_gcm() for encryption/decryption using EVP?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM