Re: [dm-crypt] iv generation from third-party code

[Arno Wagner <arno@wagner.name>]

Hi,

On Wed, May 06, 2015 at 22:28:20 CEST, Fraser Scott wrote:
> Hi all,
> 
> I had a Western Digital My Book World Edition which died a few years ago.
> My wife now wants the photos that were on it :)
> 
> The good news is, the hard disk is fine. The bad news is that I used the
> hardware assisted encryption on the data partition.

So the hardware assist sits in some USB bridge or the like?

> WD make the source code available, so I've been poking around. Thanks to
> help from the peeps on ##crypto (freenode), it seems clear that the custom
> device mapper module isn't using any keys store on a chip etc, it is just
> using hardware for speed. It looks like it is using AES in LRW mode but
> uses some sort of custom IV tweaking.

If you can, get the datasheet and hope it describes what it does...
 
> What are my chance of "porting" the IV stuff from the module to a clean
> dm-crypt.c so that I can do the AES decryption in software? Given that I
> don't know much C, or know much about kernel development or dm-crypt? ;) In
> the meantime I am trying to source some replacement hardware.

Depends on how much time you want to invest. Afterwards you will
know quite a bit about C programming. The dm-crypt/kernel part is 
less of a problem as you can use the module you have, you just 
need to replace all hardware crypto with equivalent software
crypto. That may be anything from vwey easy to very hard. It gets
harder, the less you know about the hardware crypto engine.

The thing you probably need to replace is 

   ox800_aeslrw_decrypt()

As far as I can see, the source for that is missing. 
Probably in a driver for the "OX800 DPE core". Do you have 
that driver and its sources? Because it does not seem to 
be a part of the standard kernel. At least in 3.14.29, I
find nothing. Of course you can try to replace it with
a standard aes-lrw implementation and hope that it has
that semantics and does nto require anything special and
non-standard with its parameters.

Anyways, expect to invest at least a few weeks.

Gr"usse,
Arno


> The module was called as follows:
> 
> # echo 0 $(cat /sys/block/md4/size)  ox-crypt hexkey hexiv 0 /dev/md4 0 |
> dmsetup create dmmd4
> 
> (I have the key and IV)
> 
> and can be viewed here:
> 
> https://gist.github.com/zeroXten/be5322ee4a1000c0c7fc
> 
> My attempt so far can be seen here:
> 
> https://gist.github.com/zeroXten/0ba59291f05aa5a0f513
> 
> Many thanks!
> -Fraser

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier