Re: [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mike Snitzer <snitzer@redhat.com>
To: Milan Broz <gmazyland@gmail.com>
Cc: dm-devel@redhat.com
Subject: Re: [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers.
Date: Tue, 29 Oct 2013 20:50:38 -0400	[thread overview]
Message-ID: <20131030005037.GB3537@redhat.com> (raw)
In-Reply-To: <1382998864-10380-2-git-send-email-gmazyland@gmail.com>

On Mon, Oct 28 2013 at  6:21pm -0400,
Milan Broz <gmazyland@gmail.com> wrote:

> The dmcrypt already can activate TCRYPT (TrueCrypt compatible)
> containers in LRW or XTS block encryption mode.
> 
> TCRYPT containers prior to version 4.1 used CBC mode with some
> additional tweaks.
> 
> This patch adds support for these containers.
> 
> The mode is implemented using special IV generator named TCW
> (TrueCrypt IV with whitening).
> 
> TCW IV supports only containers encrypted with one cipher
> (Tested with AES, Twofish, Serpent, CAST5 and TripleDES).
> 
> While this mode is legacy and is known to be vulnerable
> to some watermarking attacks (e.g. revealing of hidden disk
> existence) it can be still useful to mount old containers
> without using 3rd party software or for independent forensic
> analysis of such containers.
> 
> (Both userspace and kernel code is independent implementation
> based on format documentation and completely avoids use of original
> source code.)
> 
> The TCW IV generator uses two additional keys, Kw (whitening
> seed, size is always 16 bytes - TCW_WHITENING_SIZE) and
> Kiv (IV seed, size is always of the IV size of selected cipher).
> These keys are concatenated to main encryption key in mapping table.
> 
> While whitening is completely independent from IV, it is
> implemented inside IV generator for simplification.
> 
> Whitening value is always 16 bytes long and is calculated
> per sector from provided Kw as initial seed, xored with
> sector number and mixed with CRC32 algorithm.
> Resulting value is xored with ciphertext sector content.
> 
> IV is calculated from provided Kiv as initial seed and
> xored with sector number.
> 
> Detailed calculation is in Truecrypt documentation for version < 4.1
> and will be also described on dmcrypt site
> http://code.google.com/p/cryptsetup/wiki/DMCrypt
> 
> The experimental support for activation of these containers
> is already present in git devel brach of cryptsetup.
> 
> Signed-off-by: Milan Broz <gmazyland@gmail.com>

I pushed this to linux-next (for v3.13), see:
https://git.kernel.org/cgit/linux/kernel/git/device-mapper/linux-dm.git/commit/?h=for-next&id=8a478f032b40a28a66559a91095d0e0733194389

Tweaked the header and text in dm-crypt.txt and maybe a few other
comments.

next prev parent reply	other threads:[~2013-10-30  0:50 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-20 13:16 [PATCH 1/2] dm-crypt: Properly handle extra key string in initialization Milan Broz
2013-10-20 13:16 ` [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers Milan Broz
2013-10-28 16:08   ` Mike Snitzer
2013-10-28 16:58     ` Milan Broz
2013-10-28 15:44 ` [PATCH 1/2] dm-crypt: Properly handle extra key string in initialization Mike Snitzer
2013-10-28 16:46   ` Milan Broz
2013-10-28 22:21 ` Milan Broz
2013-10-28 22:21   ` [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers Milan Broz
2013-10-30  0:50     ` Mike Snitzer [this message]
2013-10-30 18:12     ` Alasdair G Kergon
2013-11-02 21:24       ` [PATCH 3/4] dm-crypt: Fix code formatting to make agk happy Milan Broz
2013-11-02 21:24         ` [PATCH 4/4] dm-crypt: Fix sparse (different base types) warnings Milan Broz
2013-11-05 13:41           ` Alasdair G Kergon
2013-10-30  0:49   ` [PATCH 1/2] dm-crypt: Properly handle extra key string in initialization Mike Snitzer
2013-10-30  2:48   ` Alasdair G Kergon
2013-10-30 19:30     ` Milan Broz
2013-10-30  3:23   ` Alasdair G Kergon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131030005037.GB3537@redhat.com \
    --to=snitzer@redhat.com \
    --cc=dm-devel@redhat.com \
    --cc=gmazyland@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.