0

Hi I am working on a stackable filesystem WrapFS and trying to implement AES-GCM cipher on it to encrypt the data stored in the underlying file system. I am having major troubles in handling the GCM mode for AES at kernel level. However I was successful in implementing AES in CTR mode and the code for the same is attached below. Can someone point me in the right direction as to how to modify it to AES-GCM ?

I looked at this link, but that didn't help much. I am looking for two things: 1.) How to store authentication tags alongside encrypted data in files written and 2.) How to handle IV of AES-GCM by sending to and receiving from lower filesystem.

Thanks

int decrypt_encrypt_page(struct page *src_page,
                     struct page *dst_page,
                     char *key,
                     int key_len,
                     int encrypt)
{
    int ret = 0;
    struct scatterlist src_sg, dst_sg;
    struct crypto_blkcipher *tfm;
    struct blkcipher_desc desc;

    sg_init_table(&src_sg, 1);
    sg_init_table(&dst_sg, 1);

    sg_set_page(&src_sg, src_page, PAGE_SIZE, 0);
    sg_set_page(&dst_sg, dst_page, PAGE_SIZE, 0);

    tfm = crypto_alloc_blkcipher(default_algo, 0, 0);

    if (IS_ERR(tfm)) {
        printk(KERN_ERR "failed to load transform for %s: %ld\n",
               default_algo,
               PTR_ERR(tfm));
        ret = IS_ERR(tfm);
        goto out;
    }
    desc.tfm = tfm;
    desc.flags = 0;

    ret = crypto_blkcipher_setkey(tfm, key, key_len);
    if (ret) {
        printk(KERN_ERR "setkey() failed flags=%x\n",
               crypto_blkcipher_get_flags(tfm));
        goto out;
    }
    if (encrypt)
        ret = crypto_blkcipher_encrypt(&desc, &dst_sg, &src_sg, PAGE_SIZE);
    else
        ret = crypto_blkcipher_decrypt(&desc, &dst_sg, &src_sg, PAGE_SIZE);
    if (ret)
        printk(KERN_INFO "Some error occured while encrypting.\n");

out:
    crypto_free_blkcipher(tfm);
    return ret;
}
bawejakunal
  • 1,678
  • 2
  • 25
  • 54
  • You may want to look into this thread: http://stackoverflow.com/questions/13284986/ccm-aes-from-linux-kernel – askb Jan 11 '15 at 12:20
  • @askb I did look into that, afterall that is the first google result but you see the problem in my case is different because i have to implement it over a stackable filesystem, so how do I handle the IV and authentication tags in that case ? How to store them alongside encrypted data and use later for decryption. In the given link that part is not handled. – bawejakunal Jan 11 '15 at 14:21
  • IV/SV should be randomly generated. GCM authentication tag can be stored with the cipher-text in clear and does not contain any sensitive information itself. Refer: http://crypto.stackexchange.com/questions/9478/does-the-gcm-authentication-tag-need-to-be-protected – askb Jan 11 '15 at 14:44
  • @askb Please have a look at my current code, here I am encrypting memory pages, so the encryption tag generated with that encryption certainly can't be stored within the same page as that would lead to data inconsistency, moreover I do know that IV can be randomly generated but that wasn't my question at all, I am asking how to retain/store that IV so that it can be used at a later point of time to decrypt the memory page, since the implementation is to be done for a filesystem, the time of decryption can be anything in future – bawejakunal Jan 11 '15 at 15:36
  • I am not familiar with wrapfs, but as a pass-thru stackable FS you may want understand how the data/blocks are mapped to the pages. In most cases, the blocks on-disk are encrypted, additionally using features like extended-attributes, in the underlying fs (ex:ext4) to store, additional info for every page such as auth-tags, HMAC, etc, If you plan to encrypt the page (in-core) how would your app read/write to these pages ? – askb Jan 11 '15 at 16:26

0 Answers0