From: Milan Broz <mbroz@redhat.com>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Mechanics
Date: Wed, 02 Dec 2009 15:29:54 +0100 [thread overview]
Message-ID: <4B1679E2.7090902@redhat.com> (raw)
In-Reply-To: <0954E174030B6244A7ECC2EC68CFD97E023F8A62@EDCEXMAIL03.eu.trendnet.org>
On 12/02/2009 02:51 PM, julie_nuckey@trendmicro.co.uk wrote:
> I really want to know if it possible for the password/key to be exposed in the process
> of transferring it from user mode to kernel mode, or if it could remain in memory as
> a result, that's why I'm asking about the mechanics of what happens between cryptsetup
> (user mode) and dm-crypt (kernel mode).
- passphrase (or password) is processed only in userspace, never sent in open form
to kernel
- all communication (configuration) of dm-crypt device (the mapped keyslot is
temporary dmcrypt device also) is through dm-ioctl calls
- you must provide key (part of mapping table) in this call in text format
(see "dmsetup table --showkeys) for dm-crypt to configure requested crypto mapping
that key is basically (simplified)
1) hashed passphrase in plain mode or
2) LUKS PKBKDF2 derived key for mapping keyslot area (for temporary keyslot device) or
3) master key for real LUKS device mapping (read and un-obfuscated from keyslot area)
Just to add:
- only root can use dm-ioctl and only root can use cryptsetup for these operations
- cryptsetup locks its memory to prevent swapping sensitive data
- all sensitive data are erased before returning memory (both in kernel and userspace)
> In "plain" mode the password must be passed to the kernel,
Not exactly. It is hashed passphrase sent to kernel dm-crypt.
> but in LUKS mode, the
> password is used to decrypt the master key which is in the kernel. If cryptsetup is
> user mode only, what exactly does the kernel mode decryption of the master key? Can't
> be dm-crypt as this doesn't know anything about LUKS.
cryptsetup (userspace) creates temporary dm-crypt mapping over keyslot area with derived key
generated from passphrase (see above), then read this new dm-crypt device to get data
(and applies AF over it to get master key candidate)
Please read the LUKS documentation and source for exact description (and archive of this list)
http://code.google.com/p/cryptsetup/wiki/Specification
Milan
--
mbroz@redhat.com
next prev parent reply other threads:[~2009-12-02 14:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-02 11:20 [dm-crypt] Mechanics julie_nuckey
2009-12-02 12:20 ` Arno Wagner
2009-12-02 13:51 ` julie_nuckey
2009-12-02 14:29 ` Milan Broz [this message]
2009-12-02 15:42 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B1679E2.7090902@redhat.com \
--to=mbroz@redhat.com \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.