Conceiveably, there may exist an algorithm which can tell if a sequence of bytes

are the output of AES/128/CBC or ARC4RANDOM. Encrypt the random data with which we wipe when we get a BIO_DELETE to make such an algorithm useful. Sponsored by: DARPA & NAI Labs Approved by: re (blanket)
svn path=/head/; revision=107451
2002-12-01 15:50:48 +00:00 · 2002-12-01 15:50:48 +00:00 · 19c61e97fb · 2020-12-20 02:59:44 +00:00
commit 19c61e97fb
parent 3a4c5955ce
1 changed files with 7 additions and 0 deletions
--- a/sys/geom/bde/g_bde_crypt.c
+++ b/sys/geom/bde/g_bde_crypt.c
@ -191,9 +191,13 @@ g_bde_crypt_delete(struct g_bde_work *wp)
 	struct g_bde_softc *sc;
 	u_char *d;
 	off_t o;
+	u_char skey[G_BDE_SKEYLEN];
+	keyInstance ki;
+	cipherInstance ci;

 	sc = wp->softc;
 	d = wp->sp->data;
+	AES_init(&ci);
 	/*
 	 * Do not unroll this loop!
 	 * Our zone may be significantly wider than the amount of random
@ -202,6 +206,9 @@ g_bde_crypt_delete(struct g_bde_work *wp)
 	 */
 	for (o = 0; o < wp->length; o += sc->sectorsize) {
 		arc4rand(d, sc->sectorsize, 0);
+		arc4rand(&skey, sizeof skey, 0);
+		AES_makekey(&ki, DIR_ENCRYPT, G_BDE_SKEYBITS, skey);
+		AES_encrypt(&ci, &ki, d, d, sc->sectorsize);
 		d += sc->sectorsize;
 	}
 	/*