C、OpenSSL 和 AES 256 CTR,然后是 mkfs
C, OpenSSL and AES 256 CTR, then mkfs
我在 ctr 模式下使用 OpenSSL 1.0.2(无法更新)和 AES-256(使用扇区号作为 IV)加密 XFS 文件系统。我一次只加密 512B 块。
起初我使用 EVP_aes_256_ecb() ECB 模式进行测试,en/decrypt 工作正常。
使用相同的代码,我也将获得点击率 (EVP_aes_256_ctr()):
encrypt(...) {
EVP_CIPHER_CTX *ctx;
int len;
int ciphertext_len;
if (!(ctx = EVP_CIPHER_CTX_new()))
handleErrors();
if (EVP_EncryptInit_ex(ctx, evp_cipher, NULL, key, iv) != 1)
handleErrors();
if (EVP_CIPHER_CTX_set_padding(ctx, 0) != 1)
handleErrors();
if (EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len) != 1)
handleErrors();
ciphertext_len = len;
if (EVP_EncryptFinal_ex(ctx, ciphertext + len, &len) != 1)
handleErrors();
ciphertext_len += len;
if (tag && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag) != 1)
handleErrors();
EVP_CIPHER_CTX_free(ctx);
return ciphertext_len;
}
int decrypt(...) {
EVP_CIPHER_CTX *ctx;
int len;
int plaintext_len;
if (!(ctx = EVP_CIPHER_CTX_new()))
handleErrors();
if (EVP_DecryptInit_ex(ctx, evp_cipher, NULL, key, iv) != 1)
handleErrors();
if (EVP_CIPHER_CTX_set_padding(ctx, 0) != 1)
handleErrors();
if (EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len) != 1)
handleErrors();
plaintext_len = len;
if (tag && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
handleErrors();
if (EVP_DecryptFinal_ex(ctx, plaintext + len, &len) != 1) {
if (tag) {
printf("Tag verify failed.\n");
return 0;
}
handleErrors();
}
plaintext_len += len;
EVP_CIPHER_CTX_free(ctx);
return plaintext_len;
}
仅在 mkfs.xfs 之后的这种情况下,我得到:
specified blocksize 4096 is less than device physical sector size 4194304
switching to logical sector size 512
meta-data=/dev/sdb isize=512 agcount=4, agsize=2097152 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=8388608, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=4096, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
bad magic number
bad magic number
Metadata corruption detected at xfs_sb block 0x0/0x200
libxfs_writebufr: write verifer failed on xfs_sb bno 0x0/0x200
releasing dirty buffer (bulk) to free list!
这不是很好。我的做法有问题吗?
虽然我还没有找到原因,但我的代码受到了启发:https://raw.githubusercontent.com/saju/misc/master/misc/openssl_aes.c 现在它正在运行。此 link 中的代码似乎与 OpenSSL 1.0.2 兼容。
我在 ctr 模式下使用 OpenSSL 1.0.2(无法更新)和 AES-256(使用扇区号作为 IV)加密 XFS 文件系统。我一次只加密 512B 块。
起初我使用 EVP_aes_256_ecb() ECB 模式进行测试,en/decrypt 工作正常。
使用相同的代码,我也将获得点击率 (EVP_aes_256_ctr()):
encrypt(...) {
EVP_CIPHER_CTX *ctx;
int len;
int ciphertext_len;
if (!(ctx = EVP_CIPHER_CTX_new()))
handleErrors();
if (EVP_EncryptInit_ex(ctx, evp_cipher, NULL, key, iv) != 1)
handleErrors();
if (EVP_CIPHER_CTX_set_padding(ctx, 0) != 1)
handleErrors();
if (EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len) != 1)
handleErrors();
ciphertext_len = len;
if (EVP_EncryptFinal_ex(ctx, ciphertext + len, &len) != 1)
handleErrors();
ciphertext_len += len;
if (tag && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag) != 1)
handleErrors();
EVP_CIPHER_CTX_free(ctx);
return ciphertext_len;
}
int decrypt(...) {
EVP_CIPHER_CTX *ctx;
int len;
int plaintext_len;
if (!(ctx = EVP_CIPHER_CTX_new()))
handleErrors();
if (EVP_DecryptInit_ex(ctx, evp_cipher, NULL, key, iv) != 1)
handleErrors();
if (EVP_CIPHER_CTX_set_padding(ctx, 0) != 1)
handleErrors();
if (EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len) != 1)
handleErrors();
plaintext_len = len;
if (tag && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag))
handleErrors();
if (EVP_DecryptFinal_ex(ctx, plaintext + len, &len) != 1) {
if (tag) {
printf("Tag verify failed.\n");
return 0;
}
handleErrors();
}
plaintext_len += len;
EVP_CIPHER_CTX_free(ctx);
return plaintext_len;
}
仅在 mkfs.xfs 之后的这种情况下,我得到:
specified blocksize 4096 is less than device physical sector size 4194304
switching to logical sector size 512
meta-data=/dev/sdb isize=512 agcount=4, agsize=2097152 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=8388608, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=4096, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
bad magic number
bad magic number
Metadata corruption detected at xfs_sb block 0x0/0x200
libxfs_writebufr: write verifer failed on xfs_sb bno 0x0/0x200
releasing dirty buffer (bulk) to free list!
这不是很好。我的做法有问题吗?
虽然我还没有找到原因,但我的代码受到了启发:https://raw.githubusercontent.com/saju/misc/master/misc/openssl_aes.c 现在它正在运行。此 link 中的代码似乎与 OpenSSL 1.0.2 兼容。