1 files changed, 30 insertions, 0 deletions

diff --git a/kernel/seppl.c b/kernel/seppl.c
index ddb6bba..b15afbe 100644
--- a/kernel/seppl.c
+++ b/kernel/seppl.c
@@ -168,6 +168,8 @@ int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) {
 
         key->key = key->iv = NULL;
         key->tfm = NULL;
+        key->key_ecb = NULL;
+        key->tfm_ecb = NULL;
         
         atomic_set(&key->usage, 0);
         spin_lock_init(&key->iv_spinlock);
@@ -201,6 +203,26 @@ int seppl_add_key(u8 algorithm, const char *name, const u8 *key_data) {
         key->blocksize = crypto_tfm_alg_blocksize(key->tfm);
 
         proc_file->size += 8 + key->keysize;
+
+	/* Set up a random ecb key for making good IVs */
+        if (!(key->tfm_ecb = crypto_alloc_tfm("aes", CRYPTO_TFM_MODE_ECB))) {
+            printk(KERN_ERR "SEPPL: Failed to load ecb cipher.\n");
+            goto cleanup;
+        }
+
+	if ( !(key->key_ecb = kmalloc( 128/8, GFP_KERNEL ))) {
+	    r = -ENOMEM;
+	    printk( KERN_ERR "SEPPL: kmalloc() failed #2a\n" );
+	    goto cleanup;
+	}
+
+	get_random_bytes(key->key_ecb, 128/8);
+
+        if (crypto_cipher_setkey(key->tfm_ecb, key->key_ecb, 128/8)) {
+            printk(KERN_ERR "SEPPL: Failed to set ecb cipher key.\n");
+	    goto cleanup;
+        }
+
         atomic_set(&key->ready, 1);
         
         printk(KERN_INFO "SEPPL: Added key sucessfully.\n");
@@ -229,6 +251,7 @@ cleanup:
 
         spin_unlock(&keyring_lock);
 
+        /* Free the data transform */
         if (key->tfm)
             crypto_free_tfm(key->tfm);
         
@@ -238,6 +261,13 @@ cleanup:
         if (key->iv)
             kfree(key->iv);
 
+        /* Free the IV transform */
+ 	if (key->tfm_ecb)
+ 	    crypto_free_tfm(key->tfm_ecb);
+ 
+ 	if (key->key_ecb)
+ 	    kfree(key->key_ecb);
+        
         kfree(key);
     }