Implementing Encryption and Decryption in Raid Device Driver.

Implementing Encryption and Decryption in Raid Device Driver.

[vinnakota chaitanya]

Hello Friends,
 
I'am working on a "RAID 5 Controller" device to which
4 SATA hard drives are connected each of size 80GB.
 
My requirement is implementing encryption &
decrpyption for the device. As we don't have any
filesystem on the target, we are falling on raid
device driver . The first thing I want to ask is 
 
 1. Whether this approach is recommendable or not.
  
2. If recommendable then, what are the hooks wherein  
    we can implement encryption and decryption.
 
    We are considering  to implement encryption in 
   "raid5_make_request" and decrytpion in 
   "raid5_end_read_request" in raid5.c 
 
 
  Are we going the right way.   PLEASE SUGGEST US.
 
  
 Thanks & Regards
  Chaitanya.
 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: Implementing Encryption and Decryption in Raid Device Driver.

[Luca Berra]

On Tue, Sep 13, 2005 at 10:14:47PM -0700, vinnakota chaitanya wrote:
>Hello Friends,
> 
>I'am working on a "RAID 5 Controller" device to which
>4 SATA hard drives are connected each of size 80GB.
> 
>My requirement is implementing encryption &
>decrpyption for the device. As we don't have any
>filesystem on the target, we are falling on raid
>device driver . The first thing I want to ask is 
> 
> 1. Whether this approach is recommendable or not.

why do you want to implement encryption in the raid engine,
we already have more than one implementation that plugs nicely over the
raid (dm-crypt or loop-AES), imho we don't need anither one, and it does
not belong in the raid driver anyway, it is better to stack multiple
components that do their job well, instead 

-- 
Luca Berra -- bluca@comedia.it
        Communication Media & Services S.r.l.
 /"\
 \ /     ASCII RIBBON CAMPAIGN
  X        AGAINST HTML MAIL
 / \

Re: Implementing Encryption and Decryption in Raid Device Driver.

[vinnakota chaitanya]

Hello Everybody,

Actually I forgot to mention the kernel I'am working
on, it is Montavista Kernel 2.4.19. In 2.4.19 there is
not support for dm_crypt i.e CONFIG_DM_CRYPT.

Hence for encryption/decryption , the hooks
raid5_make_request and raid5_end_read_request are
suggestable or not.

Please  suggest an approach.

Thanks & Regards
Chaitanya.

--- Luca Berra <bluca@comedia.it> wrote:

> On Tue, Sep 13, 2005 at 10:14:47PM -0700, vinnakota
> chaitanya wrote:
> >Hello Friends,
> > 
> >I'am working on a "RAID 5 Controller" device to
> which
> >4 SATA hard drives are connected each of size 80GB.
> > 
> >My requirement is implementing encryption &
> >decrpyption for the device. As we don't have any
> >filesystem on the target, we are falling on raid
> >device driver . The first thing I want to ask is 
> > 
> > 1. Whether this approach is recommendable or not.
> 
> why do you want to implement encryption in the raid
> engine,
> we already have more than one implementation that
> plugs nicely over the
> raid (dm-crypt or loop-AES), imho we don't need
> anither one, and it does
> not belong in the raid driver anyway, it is better
> to stack multiple
> components that do their job well, instead 
> 
> -- 
> Luca Berra -- bluca@comedia.it
>         Communication Media & Services S.r.l.
>  /"\
>  \ /     ASCII RIBBON CAMPAIGN
>   X        AGAINST HTML MAIL
>  / \
> -
> To unsubscribe from this list: send the line
> "unsubscribe linux-raid" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at 
> http://vger.kernel.org/majordomo-info.html
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: Implementing Encryption and Decryption in Raid Device Driver.

[Molle Bestefich]

vinnakota chaitanya wrote:
> Actually I forgot to mention the kernel I'am working
> on, it is Montavista Kernel 2.4.19. In 2.4.19 there is
> not support for dm_crypt i.e CONFIG_DM_CRYPT.

Use loop-aes, it's absolutely fabulous.

It works great with 2.4 as well as 2.6.

Instructions here.
http://loop-aes.sourceforge.net/loop-AES.README

Re: Implementing Encryption and Decryption in Raid Device Driver.

[vinnakota chaitanya]

--- Molle Bestefich <molle.bestefich@gmail.com> wrote:

> Use loop-aes, it's absolutely fabulous.
> 
> It works great with 2.4 as well as 2.6.
> 
> Instructions here.
> http://loop-aes.sourceforge.net/loop-AES.README
> 

Thanks for the suggestion. 
Now I've the following two issues:

1. The target device is fat filesystem formatted. The
target kernel image do not contain the fat filesystem
module. The target device [ i.e. /dev/md0 ]   is
mounted by the host through USB interface. Hence, in
this case the host's fat filesystem code is used.
	Will loop-aes work in this situation.

2. We were asked to use blow_fish algorithm instead.
So, how to go about it, are there any modules like
loop-aes or should I  consider the hooks
 raid5_make_request and raid5_end_read_request 
for encryption and decryption

Please suggest a solution.

Regards
Chaitanya..



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: Implementing Encryption and Decryption in Raid Device Driver.

[Molle Bestefich]

vinnakota chaitanya wrote:
> Molle Bestefich wrote:
> > Use loop-aes, it's absolutely fabulous.
> > 
> > It works great with 2.4 as well as 2.6.
> > 
> > Instructions here.
> > http://loop-aes.sourceforge.net/loop-AES.README
> 
> Thanks for the suggestion. 
> Now I've the following two issues:
> 
> 1. The target device is fat filesystem formatted. The
> target kernel image do not contain the fat filesystem
> module. The target device [ i.e. /dev/md0 ]   is
> mounted by the host through USB interface. Hence, in
> this case the host's fat filesystem code is used.
> 	Will loop-aes work in this situation.

Loop-aes functions as a loop device.  It reads and writes encrypted
data to/from either a file or a block device such as /dev/md0 in your
case.  In the other end it gives you a block device, we'll call it
/dev/loop0, from which you can read/write your unencrypted data.

Loop-aes does not care which filesystems you stick on /dev/loop0, and
it does not care whether your kernel happens to be able to understand
and mount those filesystems.

I'm curious.  How does your "target device" export the /dev/loop0 to
the "host device" through USB?


> 2. We were asked to use blow_fish algorithm instead.
> So, how to go about it, are there any modules like
> loop-aes or should I  consider the hooks
>  raid5_make_request and raid5_end_read_request 
> for encryption and decryption

I would without a doubt spare myself the trouble and just use
loop-aes.  As I've said, it's great.

But feel free to implement your own solution.  I can't give any
recommendations on how.  You might want to check out twofish, in which
Mr. Schneier et al has fixed "a security problem" of some sort.  Not
sure which.  Presumably Wikipedia or Google knows.

Re: Implementing Encryption and Decryption in Raid Device Driver.

[Molle Bestefich]

vinnakota chaitanya wrote:
> 2. We were asked to use blow_fish algorithm instead.
> So, how to go about it, are there any modules like
> loop-aes or should I  consider the hooks
>  raid5_make_request and raid5_end_read_request
> for encryption and decryption

There's a "ciphers" package in the loop-aes directory on sourceforge
which adds Blowfish, Twofish and Serpent capability.  So hooking RAID5
for that purpose doesn't seem worthwhile.