[RFC] mtd: ubi: UBI Encryption
Richard Weinberger
richard.weinberger at gmail.com
Mon Aug 10 23:22:57 PDT 2015
On Tue, Aug 11, 2015 at 7:38 AM, Timo Ketola <Timo.Ketola at exertus.fi> wrote:
> Hi,
>
> I have been lurking in this list for a long time and this is my first
> post here. I decided to write because I think I have yet another idea
> for this one:
>
> On 10.08.2015 22:56, Andrew Murray wrote:
>> ...
>> - My work around for this erased flash issue was to conditionally
>> encrypt/decrypt only when the input data is not 'all bits set'. This had
>> minimal impact on UBI/UBIFS/etc but it is possible (though very unlikely)
>> that the output of an encryption algorithm is 'all bits set' - Thus when you
>> later attempt to decrypt the 'all bits set' cipher text we incorrectly treat
>> it as erased flash so return it verbatim and thus cause corruption. I've not
>> seen this issue occur despite reading and writing more than 50GB of data.
>> ...
>
> Why not postprocess the data so that the encrypted FF becomes FF again
> like this:
>
> Lets say clear text data is I, encrypted data is O, encryption function
> is e() and decryption function is d(). Then, what is normally done, is
> of course:
>
> Write: O = e(I)
> Read: I = d(O)
>
> Calculate F = ~e(FF), where F is encrypted and inverted version of 'all
> bits set' (FF) data, and modify writing and reading:
>
> Write: O = e(I) ^ F
> Read: I = d(O ^ F)
>
> Now encrypting FF input results in FF output and vice versa.
>
> Just wanted to introduce an idea.
But wouldn't that only work for ECB cipher mode?
--
Thanks,
//richard
More information about the linux-mtd
mailing list