Re: [Qemu-devel] QCOW2 cryptography and secure key handling

[Laszlo Ersek]

On 07/31/13 19:52, Laszlo Ersek wrote:

> You'll end up with two identical sectors in the encrypted image.

Apologies for following up on my own message...

If you want to store an arbitrary N bit long bit-string (a watermark)
that is visible in the encrypted image, then you need:
- a good guess at "sector_num" (like before),
- B1 (like before),
- to compute B_n from B(n-1), like before,
- two different trailing plaintext portions (each containing 496 bytes),
let's call them S0 and S1,
- (N+1) consecutive sectors in total.

You'd write the subject bitstring like this:

void compute_next_B(uint64_t B[2], uint64_t *sector_num)
{
    B[0] ^= (*sector_num ^ (*sector_num + 1));
    ++*sector_num;
}

void write_string(const char unsigned *subject_string, size_t N,
                  uint64_t sector_num)
{
    const char unsigned S[2][496] = {
        /* constant originally drawn from a good pseudo-random source */
    };
    uint64_t B[2] = { /* ditto */ };
    int i = 0;
    size_t n;

    write_sector(sector_num, B, S[i]);
    for (n = 0; n < N; ++n) {
        i ^= is_bit_set(subject_string, n);
        compute_next_B(B, &sector_num);
        write_sector(sector_num, B, S[i]);
    }
}

Just speculating...
Laszlo