Ideas inline.
Gesendet: Dienstag, 23. November 2021 um 11:21 Uhr Von: "Stefan Thöni" stefan.thoeni@gapfruit.com An: "users" users@lists.genode.org Betreff: CBE key encryption
Hello Genodians,
we are still working to add hardware-based encryption to CBE. To this end, we have implemented a custom trust anchor and crypto engine. Generating a key, encrypting this key on behalf of cbe_init and decrypting it again on behalf of the vfs_cbe plugin works fine.
But then the vfs_cbe requests to have a all zero key encrypted which due to the ICV added by hardware black key handling fails. We cannot seam to
Why is an all zero key invalid? In my understanding of crypto such a key should be possible as well or the implementation is insecure.
find out where the request originates or why vfs_cbe would ever encrypt any key, let alone a key of all zeros.
Any pointer or idea would by very welcome.
You can compile vfs_cbe with profiling enabled and write a custom profile function, which uses /dev/log to mark entry and exit of functions. And in the encryption you check for an all zero key and log this event to /dev/log too. Then you can trace all calls in the log which led up to this event.
I hope you can make such a implementation (of logging profile and event marks) available as library because such debugging aid will be needed more universally.
Kind regards Stefan _______________________________________________ Genode users mailing list users@lists.genode.org https://lists.genode.org/listinfo/users