Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 195f89cd06b03af91cd80b59896a2e2f5291dc76
commit195f89cd06b03af91cd80b59896a2e2f5291dc76[log] [tgz]
authorShikha Panwar <shikhapanwar@google.com>Wed Nov 23 16:20:34 2022 +0000
committerShikha Panwar <shikhapanwar@google.com>Mon Nov 28 19:31:05 2022 +0000
tree3af3974314bd0f6b2bcd2f6a4929d8c2f53463cd
parent2ce2057d214d9f8179a31bf73a5de14e17fd4d95 [diff]
Change block cipher mode from XTS -> HCTR2

We will be using aes-hctr2-plain64 cipher for  encryptedstore.

Reason: With XTS, an attacker can tamper or replay at 16-byte
granularity. A bit flip in the encrypted text diffuses randomly in
plaintext, but only within an aligned 16-byte range. But with HCTR2 this
diffusion will be at crypto sector size.

For IV we use the 64 bytes' sector number referred to as "plain64".

Bug: 259253336
Test: Run a vm with --storage & --storage-size flag
Change-Id: I1ecd98072d6cb552d93fbc4053a3e6f004e0854e
3 files changed
tree: 3af3974314bd0f6b2bcd2f6a4929d8c2f53463cd
  1. apex/
  2. apkdmverity/
  3. authfs/
  4. avmd/
  5. compos/
  6. demo/
  7. docs/
  8. encryptedstore/
  9. javalib/
  10. launcher/
  11. libs/
  12. microdroid/
  13. microdroid_manager/
  14. pvmfw/
  15. rialto/
  16. tests/
  17. virtualizationservice/
  18. vm/
  19. vm_payload/
  20. vmbase/
  21. vmclient/
  22. zipfuse/
  23. rustfmt.toml ⇨ ../../../build/soong/scripts/rustfmt.toml
  24. .clang-format
  25. .gitignore
  26. Android.bp
  27. OWNERS
  28. PREUPLOAD.cfg
  29. README.md
  30. TEST_MAPPING
README.md

Virtualization

This repository contains userspace services related to running virtual machines on Android, especially protected virtual machines. See the getting started documentation and Microdroid README for more information.