Re: [dm-crypt] newbie qs on dm-crypt

From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] newbie qs on dm-crypt
Date: Tue, 11 Sep 2012 20:31:48 +0200	[thread overview]
Message-ID: <20120911183148.GA9317@tansi.org> (raw)
In-Reply-To: <1347380237.80031.YahooMailNeo@web160804.mail.bf1.yahoo.com>

Simple: You need to get it into the kernel. dm-crypt does
not supply the run-time encryption, it just does the
kernel cm-crypt module setup, i.e. it establishes the
"mapping". After that, all encryption is done by the kernel.

If your stuff is non-GPL, then I suspect you will need to maintain
your own kernel patch-set. Basically that will be a waste of time,
and has zero engineering or security justification. It can be
necessary for political reasons, I can see that. But expect it to
be a huge pain and effort for zero technological advantage and
you cannot distribute it legally.

Note on GPL: As long as you do not distribute this kernel, or the
patch-set, you can do whathever you like. As soon as you distribute, 
even only to specific customers or as part of a "blackbox" product,  
you are screwed and need to GPL the module. There is no freew lunch 
here. If you want your own non-GPL crypto in a Linux-like kernel, 
then you need to re-implement that Linux-like kernel yourself, 
possibly spending a few billions on it. You may want to look at the 
xBDSs. They have more permissive licenses. 

Arno

On Tue, Sep 11, 2012 at 09:17:17AM -0700, Anil wrote:
> Suppose I have a library of various crypto algorithms. It is proprietary.
> I build it as a module and want the user to run dm-crypt specifying my module to be run.
> For example,
> crypt FooCryptoLibrary-aes-xts
> I read that if your module is not GPL, then one cannot access core functions.
> Will there be a problem here?
> 
> 
> ________________________________
>  From: Arno Wagner <arno@wagner.name>
> To: dm-crypt@saout.de 
> Sent: Wednesday, September 5, 2012 7:41 AM
> Subject: Re: [dm-crypt] newbie qs on dm-crypt
>  
> On Tue, Sep 04, 2012 at 02:14:09PM -0700, Anil wrote:
> > Thanks for replying.
> > You said,
> > "Ciphers and modes are the job of the kernel, not dm-crypt."
> 
> > 
> > I am trying to understand if?proprietary software can be used with
> > dm-crypt.
> >
> 
> That depends.
> 
> > I read it is in GPL mode. Which version? GPL v2, v3, LGPL...?
> >
> > For example, there is some in-house proprietary developed code for
> > AES-XTS.
> > 
> > If I understood your reply correctly, then dm-crypt will call these
> > functions loaded into the kernel and there will not be any problem as the
> > GPL code (dm-crypt) will not be linked with the proprietary code.? Is that
> > so??
> 
> No. Kernels are different. If you do not distribute, it does not
> matter anyways. If you distribute, and want your stuff to stay 
> closed, you should probably talk to an IP lawyer. 
> 
> I have to say though that there is pobably no point, as AES-XTS is
> open and the kernel implementation is probably better than yours 
> anyways.
> 
> Arno
> 
> 
> 
> > 
> > 
> > 
> > ________________________________
> >? From: Arno Wagner <arno@wagner.name>
> > To: dm-crypt@saout.de 
> > Sent: Monday, September 3, 2012 8:29 PM
> > Subject: Re: [dm-crypt] (no subject)
> >? 
> > On Mon, Sep 03, 2012 at 06:20:35PM -0700, Anil wrote:
> > > Newbie here. I need to use dm-crypt with aes-xts. How is dm-crypt called? 
> > 
> > Refer to the man-page and the FAQ. 
> > 
> > > Is it possible to encrypt data while being saved on the fly?
> > 
> > That is its job. It is not possible to do it in any other way.
> > 
> > > Will there be file filters to encrypt/decrypt while saving 
> > > and opening the file?
> > 
> > No.
> > 
> > > Is aes-xts provided elsewhere as a plugin? or is it part of dmcrypt?
> > 
> > Ciphers and modes are the job of the kernel, not dm-crypt.
> > It just uses them. 
> > 
> > Arno
> > -- 
> > Arno Wagner,? ? Dr. sc. techn., Dipl. Inform.,?? Email: arno@wagner.name 
> > GnuPG:? ID: 1E25338F? FP: 0C30 5782 9D93 F785 E79C? 0296 797F 6B50 1E25 338F
> > ----
> > One of the painful things about our time is that those who feel certainty 
> > are stupid, and those with any imagination and understanding are filled 
> > with doubt and indecision. -- Bertrand Russell 
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> 
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> 
> 
> -- 
> Arno Wagner,? ? Dr. sc. techn., Dipl. Inform.,?  Email: arno@wagner.name 
> GnuPG:? ID: 1E25338F? FP: 0C30 5782 9D93 F785 E79C? 0296 797F 6B50 1E25 338F
> ----
> One of the painful things about our time is that those who feel certainty 
> are stupid, and those with any imagination and understanding are filled 
> with doubt and indecision. -- Bertrand Russell 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 