LinuxLists.cc - [PATCH 3/3] dm-crypt: Add support for stream ciphers using blkcipher interface

2007-11-21 21:38:13

Subject: [PATCH 3/3] dm-crypt: Add support for stream ciphers using blkcipher interface

Current implementation of dm-crypt supports block ciphers of the form
"template(cipher)", e.g. "cbc(aes)". It does not support stream
ciphers of the form "cipher", e.g. "salsa20", that uses the blkcipher
interface directly.

This patch adds support for stream ciphers using the blkcipher
interface directly. It uses a special chainmode called "stream".
Example of usage:
cryptsetup luksFormat -c salsa20-stream-plain /dev/loop0

Due to the way ESSIV uses the cipher interface directly, it is not
possible to use something like "salsa20-stream-essiv:md5". However
this is probably not an issue since ESSIV was created to prevent
watermarking attacks and for stream ciphers it is always possible,
i.e. flip the bits in the plaintext and the ciphertext will flip
accordingly. In other words, plain IV generation should be sufficient.

WARNING: Using stream ciphers with dm-crypt must be exercised with
care. If used on a read-write filesystem, it is trivial to extract the
keystream by over-writing files with 0x00s and thus recovering the
original plaintext of the overwritten files. Stream ciphers are
probably more useful for encrypting large amount of data on read-only
filesystem (e.g. media files on DVD-ROMs).

Signed-off-by: Tan Swee Heng <[email protected]>

Attachments:

(No filename) (1.24 kB)
patch3-dm_crypt.txt (951.00 B)
Download all attachments

2007-11-23 12:22:59

by Herbert Xu

[permalink] [raw]

Subject: Re: [PATCH 3/3] dm-crypt: Add support for stream ciphers using blkcipher interface

On Thu, Nov 22, 2007 at 05:38:12AM +0800, Tan Swee Heng wrote:
> Current implementation of dm-crypt supports block ciphers of the form
> "template(cipher)", e.g. "cbc(aes)". It does not support stream
> ciphers of the form "cipher", e.g. "salsa20", that uses the blkcipher
> interface directly.
>
> This patch adds support for stream ciphers using the blkcipher
> interface directly. It uses a special chainmode called "stream".
> Example of usage:
> cryptsetup luksFormat -c salsa20-stream-plain /dev/loop0

I'd really like to have a new format altogether that does not
involve dashes as a separator. The reason is that dash is used
as a part of the name of certain algorithms.

Once dm-crypt starts using the givcrypt interface instead of its
own IV generators, we can get away with just a single algorithm
string, of the form

geniv(mode(block-cipher))

Obviously stream ciphers would just be

geniv(stream-cipher)

So when that happens we can just use the format "-string" as
that's an invalid specification in the current format.

Of course we'd continue to support the current format as well
which can coexist with the new format forever.

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt