Hi Zhao,
On Thu, Jun 28, 2018 at 9:29 AM, shijun zhao zqyzsj@gmail.com wrote:
Hi, everyone,
I find that pager uses AES-GCM to protect data sections. I see that the initialization vectors (IVs) used in AES-GCM for every page is initialized to be zero. However, according to the NIST 800 specification [1]: IV should not repeat, otherwise AES-GCM may be vulnerable to the forgery attacks [2]. So I suggest concatenating the physical address of each page (DRAM address) and the IV, then the concatenated IVs will be different for each page.
That's already done, only slightly different at: https://github.com/OP-TEE/optee_os/blob/e7dc41caf2eeb3f4997f6dbb37922c5d4d48...
Note that each physical page has its own rwp assigned to it, so the address of rwp is unique for a particular physical page.
I also see that pager is removed from many devices, such as i.mx and Hikey. Doesn't OP-TEE support pager any more?
OP-TEE supports pager, it's just that for many platforms it doesn't make sense to enable it.
Thanks, Jens
Best Regards, Shijun Zhao
- Dworkin M. NIST special publication 800-38B[J]. NIST special
publication, 2005, 800(38B): 38B. 2. A. Joux, Authentication Failures in NIST version of GCM, Natl. Inst. Stand. Technol. [Web page], http://www.csrc.nist.gov/groups/ST/toolkit/BCM/documents/comments/800-38_Ser.... _______________________________________________ Tee-dev mailing list Tee-dev@lists.linaro.org https://lists.linaro.org/mailman/listinfo/tee-dev