It was believed that the CAAM was able to create blobs from files of up to
1 MiB, because in some cases, encrypting and decrypting a large file would
result in a file identical to the original one. In reality, the CAAM's job
descriptors use 16 bits to store input/output sizes, so any size that takes up
more than 16 bits either causes the operation to fail or makes the CAAM
continue with the operation, but truncating the size to its 16 least
significant bits.
Encryption and decryption cycles that seem to work with large files are
actually encrypting and decrypting part of the original file and storing the
output in the memory address where the original file was stored, making it seem
like the process was successful when it really isn't. It's also possible that,
even if both operations work fine, the final decrypted file will differ from the
original one because it contains the decrypted truncated blob plus whatever
comes after it in memory.
Fix the size limit, dynamically alter it during runtime depending on the
operation and exit if the limit is surpassed to avoid including unrelated
memory contents in the output.
https://jira.digi.com/browse/DEL-7378
Signed-off-by: Gabriel Valcazar <gabriel.valcazar@digi.com>
- The <stropts.h> header is no longer available.
- The <sys/ioctl.h> is required.
Reported-by: Paolo Chiarlone <paolo.chiarlone@digi.com>
Signed-off-by: Hector Palacios <hector.palacios@digi.com>
https://jira.digi.com/browse/DEL-7207
CAAM blobs can be used to secure data with the OTPMK. More information
is available in the online documentation.
Signed-off-by: Jose Diaz de Grenu <Jose.DiazdeGrenu@digi.com>
Gabriel Valcazar
Hector Palacios
Jose Diaz de Grenu