Page MenuHomePhabricator
Files F7713573

crypto_api.txt
No OneTemporary
Actions

Size
1 KB
Referenced Files
None
Subscribers
None

crypto_api.txt
View Options

# This file is a work of a US government employee and as such is in the Public domain.
# Simson L. Garfinkel, March 12, 2012
IMPLEMENTATION
==============
AFFLIB encryption will continue to use the cryptographic primitives
provided by the OpenSSL library.
The AFFILE Structure will be modified to include these additional fields:
AES_KEY ekey - The OpenSSL AES256 encryption key
AES_KEY dkey - The OpenSSL AES256 decryption key
Reading:
Getting pages is currently implemented with a chain of functions:
af_get_page() - gets the page and decompresses it if necessary.
af_get_page_raw() - gets raw pages (without compression)
af_get_seg() - gets the actual segment
Proposed modification:
If af_get_seg(s1) fails AND if a symmetric encryption key has been
set, the function will then look for s1/aes. If this is found the
segment will be decrypted and returned.
Writing:
Currently pages are written with these functions:
af_update_page(af,pagenum,data,datalen)
af_update_seg()
Procedure for writing encrypted pages:
- Modify af_update_page() to call a new function,
af_update_page_raw(), which does the encryption.
Other work that needs to be done:
- Make sure that pages are only written with this function. In
particular, check out afconvert, aimage, and atest
================================================================
Performance Notes:
When reading encrypted AFF files, specify read buffers that are at
least 16 bytes larger than you expect. This gives the internal
routines space to do the decryption in place. Otherwise additional
memory needs to be allocated and data needs to be copied.
================================================================

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 22, 12:17 AM (19 h, 35 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1361700
Default Alt Text
crypto_api.txt (1 KB)

Event Timeline