From: Milan Broz <gmazyland@gmail.com>
To: "EXTERNAL D Sharmila (Iwave,
RBEI/PAC-PF)" <external.Sharmila.D@in.bosch.com>,
"dm-crypt@saout.de" <dm-crypt@saout.de>
Subject: Re: [dm-crypt] IV generation for dm-crypt
Date: Wed, 29 Jan 2020 10:48:23 +0100 [thread overview]
Message-ID: <90067aa3-111f-f144-389a-574007fd4e6b@gmail.com> (raw)
In-Reply-To: <c5b4597d1f486e0d11f4c5ef83a5a6b0691a5fc9.camel@bosch.com>
Dear Sharmila,
when I sent you to the list, because the issue tracker is not a support forum
and our time is extremely limited, I expected you will AT LEAST read the link
to the documentation I provided.
Please do not expect from the community any support for questions you just
copy&paste without even trying to study documentation yourself.
Anyway.
First, really think about using integritysetup/cryptsetup. Using dmsetup
is super fragile (it is the lowest tool, basically just wrapper through IOCTL).
On 29/01/2020 09:18, EXTERNAL D Sharmila (Iwave, RBEI/PAC-PF) wrote:
> Query:
> Whether Random number generator used to generate IV, generates
> same IV repeatedly or unique IV will be generated ? How the IV
> generation handled in dm-crypt ?
https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMCrypt#iv-generators
So, if you use "random" IV it is regenerated on every write (can be used onlt for
authenticated encryption).
For other IVs it is either fixed (null) or derived from sector offset.
I would strongly suggest to use aes-xts-plain64 these days for length preserving
encryption in dm-crypt.
> The commands I used to create dm-integrity and dm-crypt is as below
>
> dmsetup create test-integrity --table '0 14240 integrity /dev/mmcblk0p5
> 0 32 J 1
> internal_hash:hmac(sha256):30313233343536373839414243444546303132333435
> 36373839414243444546'
>
> dmsetup create test-integrity-crypt --table '0 14240 crypt aes-cbc-
> essiv:sha256 :32:user:test-key 0 /dev/mapper/test-integrity 0'
So here you use integrity protected device with keyded MAC, and over
it length preserving encryption using aes-cbc-essiv.
So IV in dmcrypt is fixed, but unpredictable (derived from encryption key).
Again, read the documentation.
https://gitlab.com/cryptsetup/cryptsetup/-/wikis/DMIntegrity
Namely that key specification for internal_hash is in hexa.
Your "random" HMAC key above is very suspicious in this regard, for example.
m.
next prev parent reply other threads:[~2020-01-29 9:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-29 8:18 [dm-crypt] IV generation for dm-crypt EXTERNAL D Sharmila (Iwave, RBEI/PAC-PF)
2020-01-29 9:48 ` Milan Broz [this message]
2020-01-29 10:28 ` EXTERNAL D Sharmila (Iwave, RBEI/PAC-PF)
2020-01-29 10:39 ` Milan Broz
2020-01-29 10:36 ` [dm-crypt] Data corruption of encrypted partition EXTERNAL D Sharmila (Iwave, RBEI/PAC-PF)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=90067aa3-111f-f144-389a-574007fd4e6b@gmail.com \
--to=gmazyland@gmail.com \
--cc=dm-crypt@saout.de \
--cc=external.Sharmila.D@in.bosch.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox