Library: file encryption/decryption support#163
Draft
an4tur0r wants to merge 1 commit intoDarkFlippers:devfrom
Draft
Library: file encryption/decryption support#163an4tur0r wants to merge 1 commit intoDarkFlippers:devfrom
an4tur0r wants to merge 1 commit intoDarkFlippers:devfrom
Conversation
an4tur0r
commented
Nov 11, 2022
|
|
||
| const char* enc_filepath = strcat((char*)path, ENCRYPTION_EXT); | ||
|
|
||
| if(file_stream_open(stream_from, path, FSAM_READ, FSOM_OPEN_EXISTING) && |
Contributor
Author
There was a problem hiding this comment.
Unit test hangs here, I suspect something with Storage* instance.
an4tur0r
force-pushed
the
feature/storage_file_encryption
branch
from
3f2892b to
ea0a922
Compare
Fasjeit
reviewed
Jan 14, 2023
| // create new random initialization vector | ||
| uint8_t iv[ENCRYPTION_IV_SIZE]; | ||
| srand(DWT->CYCCNT); | ||
| furi_hal_random_fill_buf(iv, ENCRYPTION_IV_SIZE); |
Contributor
There was a problem hiding this comment.
IV is generated here using srand PRNG + CYCCNT (i.e. cycle counter) as seed,
- Only 32 bits of "entropy" for CYCCNT link
- Predicted (CYCCNT is just incrementing counter), making predicted IV attacks possible (like complete plaintext recovery for low entropy plaintexts) as the resulted encryption is no longer CPA secure
- srand is not a secure PRG (even with better seed as it has only 31 bit inner state)
Original flipper firmware already implemented much better random generation using sts32 hardware random generator. See furi_hal_random.c rand() function which can be used instead of srand.
|
Any updates to this? |
baretta881
approved these changes
Jun 13, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What's new
This PR adds functions to encrypt and decrypt file content using AES algorithm.
Verification
Checklist (For Reviewer)