Re: [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mike Snitzer <snitzer@redhat.com>
To: Milan Broz <gmazyland@gmail.com>
Cc: dm-devel@redhat.com
Subject: Re: [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers.
Date: Mon, 28 Oct 2013 12:08:50 -0400	[thread overview]
Message-ID: <20131028160849.GB25212@redhat.com> (raw)
In-Reply-To: <1382275000-10660-2-git-send-email-gmazyland@gmail.com>

The following patch header is confusing given the mix of legacy and
new concepts.  I understand you're trying to establish context for
what's new but to this reader I'm a bit lost in the jargon.  Specifics
below (and please forgive my naive questions).

On Sun, Oct 20 2013 at  9:16am -0400,
Milan Broz <gmazyland@gmail.com> wrote:

> The dmcrypt already can activate TCRYPT (TrueCrypt compatible) containers
> in LRW or XTS block encryption mode.
> 
> TCRYPT containers prior to version 4.1 used CBC mode with some
> additional tweaks.
> 
> This patch adds support for these containers.
> 
> For now, there is no support for chained ciphers, this TCW mode support
> only containers encrypted with one cipher
> (Tested with AES, Twofish, Serpentm CAST5 and TripleDES).

What does TCW mean?  How does it relate to CBC?
- Is TCW mode: "CBC mode with some additional tweaks"?

> While TCRYPT CBC mode is legacy and is known to be vulnerable
> to some watermarking attacks (e.g. revealing of hidden disk
> existence) it can be still useful to mount old containers
> without using 3rd party software or for independent forensic
> analysis of such containers.

Now you're switching back to referring to "TCRYPT CBC mode".  What
happened to "TCW mode"?

> (Both userspace and kernel code is independent implementation
> based on format documentation and completely avoids use of original
> source code.)
> 
> Encryption uses CBC mode with special IV generated from
> additional key, xored with sector number.
> 
> There is also second key used for "whitening" of sectors.
> Whitening key is xored with sector number and mixed using
> CRC32 and resulting value is applied to whole sector.
> (Detailed calculation is in Truecrypt documentation for version < 4.1
> and will be also described on dmcrypt site.)

Can you add a pointer to the Truecrypt documentation for < 4.1?  Or a
pointer to the dmcrypt site documentation?

> IV and whitening key is concatenated with encryption key,
> so kernel receives all these keys as K|IV_key|Whitening_key
> in one string.
> Length of IV key is always the same as IV of selected cipher
> and length of whitening key is fixed to TCW_WHITENING_SIZE,
> so key string can be split properly.
> 
> The experimental support for activation of these containers
> is already present in git devel brach of cryptsetup.

Again, an example that documents a theoretical ctr line (before and
after patch?) would probably go a long way to help clarify what is new
here.

next prev parent reply	other threads:[~2013-10-28 16:08 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-20 13:16 [PATCH 1/2] dm-crypt: Properly handle extra key string in initialization Milan Broz
2013-10-20 13:16 ` [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers Milan Broz
2013-10-28 16:08   ` Mike Snitzer [this message]
2013-10-28 16:58     ` Milan Broz
2013-10-28 15:44 ` [PATCH 1/2] dm-crypt: Properly handle extra key string in initialization Mike Snitzer
2013-10-28 16:46   ` Milan Broz
2013-10-28 22:21 ` Milan Broz
2013-10-28 22:21   ` [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers Milan Broz
2013-10-30  0:50     ` Mike Snitzer
2013-10-30 18:12     ` Alasdair G Kergon
2013-11-02 21:24       ` [PATCH 3/4] dm-crypt: Fix code formatting to make agk happy Milan Broz
2013-11-02 21:24         ` [PATCH 4/4] dm-crypt: Fix sparse (different base types) warnings Milan Broz
2013-11-05 13:41           ` Alasdair G Kergon
2013-10-30  0:49   ` [PATCH 1/2] dm-crypt: Properly handle extra key string in initialization Mike Snitzer
2013-10-30  2:48   ` Alasdair G Kergon
2013-10-30 19:30     ` Milan Broz
2013-10-30  3:23   ` Alasdair G Kergon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131028160849.GB25212@redhat.com \
    --to=snitzer@redhat.com \
    --cc=dm-devel@redhat.com \
    --cc=gmazyland@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.