Home
last modified time | relevance | path

Searched hist:"9 e84c17ecf4d7781944dc7d359db9c49d13c23ff" (Results 1 – 4 of 4) sorted by relevance

/optee_os/core/include/tee/
H A Dtee_fs_key_manager.h9e84c17ecf4d7781944dc7d359db9c49d13c23ff Thu Jan 21 09:21:53 UTC 2016 Jerome Forissier <jerome.forissier@linaro.org> RPMB: add file encryption

Adds support for CFG_ENC_FS=y when CFG_RPMB_FS=y.

The files stored on an RPMB partition are encrypted with AES in Cipher
Block Chaining (CBC) mode with Encrypted Salt/Sector Initialization
Vector (ESSIV).
Each file has it own 128-bit File Encryption Key (FEK), randomly chosen
when the file is created. The FEK is added to the FAT entry for the
file, it is always decrypted with the Secure Storage Key (SSK) before
use. The file path is reduced accordingly, so that a FAT entry is still
256 bytes.
Each 256-byte block in the file is encrypted as follows:

k = 128 bits of SHA256(FEK);
IV = AES_Encrypt(k, block number);
encrypted_block = AES_CBC(IV, FEK, block_data);

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
/optee_os/core/tee/
H A Dtee_fs_key_manager.c9e84c17ecf4d7781944dc7d359db9c49d13c23ff Thu Jan 21 09:21:53 UTC 2016 Jerome Forissier <jerome.forissier@linaro.org> RPMB: add file encryption

Adds support for CFG_ENC_FS=y when CFG_RPMB_FS=y.

The files stored on an RPMB partition are encrypted with AES in Cipher
Block Chaining (CBC) mode with Encrypted Salt/Sector Initialization
Vector (ESSIV).
Each file has it own 128-bit File Encryption Key (FEK), randomly chosen
when the file is created. The FEK is added to the FAT entry for the
file, it is always decrypted with the Secure Storage Key (SSK) before
use. The file path is reduced accordingly, so that a FAT entry is still
256 bytes.
Each 256-byte block in the file is encrypted as follows:

k = 128 bits of SHA256(FEK);
IV = AES_Encrypt(k, block number);
encrypted_block = AES_CBC(IV, FEK, block_data);

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
H A Dsub.mk9e84c17ecf4d7781944dc7d359db9c49d13c23ff Thu Jan 21 09:21:53 UTC 2016 Jerome Forissier <jerome.forissier@linaro.org> RPMB: add file encryption

Adds support for CFG_ENC_FS=y when CFG_RPMB_FS=y.

The files stored on an RPMB partition are encrypted with AES in Cipher
Block Chaining (CBC) mode with Encrypted Salt/Sector Initialization
Vector (ESSIV).
Each file has it own 128-bit File Encryption Key (FEK), randomly chosen
when the file is created. The FEK is added to the FAT entry for the
file, it is always decrypted with the Secure Storage Key (SSK) before
use. The file path is reduced accordingly, so that a FAT entry is still
256 bytes.
Each 256-byte block in the file is encrypted as follows:

k = 128 bits of SHA256(FEK);
IV = AES_Encrypt(k, block number);
encrypted_block = AES_CBC(IV, FEK, block_data);

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
H A Dtee_rpmb_fs.c9e84c17ecf4d7781944dc7d359db9c49d13c23ff Thu Jan 21 09:21:53 UTC 2016 Jerome Forissier <jerome.forissier@linaro.org> RPMB: add file encryption

Adds support for CFG_ENC_FS=y when CFG_RPMB_FS=y.

The files stored on an RPMB partition are encrypted with AES in Cipher
Block Chaining (CBC) mode with Encrypted Salt/Sector Initialization
Vector (ESSIV).
Each file has it own 128-bit File Encryption Key (FEK), randomly chosen
when the file is created. The FEK is added to the FAT entry for the
file, it is always decrypted with the Secure Storage Key (SSK) before
use. The file path is reduced accordingly, so that a FAT entry is still
256 bytes.
Each 256-byte block in the file is encrypted as follows:

k = 128 bits of SHA256(FEK);
IV = AES_Encrypt(k, block number);
encrypted_block = AES_CBC(IV, FEK, block_data);

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>