aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/device-mapper/dm-crypt.txt
diff options
context:
space:
mode:
authorMilan Broz <gmazyland@gmail.com>2013-10-28 18:21:04 -0400
committerMike Snitzer <snitzer@redhat.com>2013-11-09 18:20:20 -0500
commited04d98169f1c33ebc79f510c855eed83924d97f (patch)
tree0f1ebef7bef74d467c850ef676514847d6006d0b /Documentation/device-mapper/dm-crypt.txt
parentda31a0787a2ac92dd219ce0d33322160b66d6a01 (diff)
dm crypt: add TCW IV mode for old CBC TCRYPT containers
dm-crypt can already activate TCRYPT (TrueCrypt compatible) containers in LRW or XTS block encryption mode. TCRYPT containers prior to version 4.1 use CBC mode with some additional tweaks, this patch adds support for these containers. This new mode is implemented using special IV generator named TCW (TrueCrypt IV with whitening). TCW IV only supports containers that are encrypted with one cipher (Tested with AES, Twofish, Serpent, CAST5 and TripleDES). While this mode is legacy and is known to be vulnerable to some watermarking attacks (e.g. revealing of hidden disk existence) it can still be useful to activate old containers without using 3rd party software or for independent forensic analysis of such containers. (Both the userspace and kernel code is an independent implementation based on the format documentation and it completely avoids use of original source code.) The TCW IV generator uses two additional keys: Kw (whitening seed, size is always 16 bytes - TCW_WHITENING_SIZE) and Kiv (IV seed, size is always the IV size of the selected cipher). These keys are concatenated at the end of the main encryption key provided in mapping table. While whitening is completely independent from IV, it is implemented inside IV generator for simplification. The whitening value is always 16 bytes long and is calculated per sector from provided Kw as initial seed, xored with sector number and mixed with CRC32 algorithm. Resulting value is xored with ciphertext sector content. IV is calculated from the provided Kiv as initial IV seed and xored with sector number. Detailed calculation can be found in the Truecrypt documentation for version < 4.1 and will also be described on dm-crypt site, see: http://code.google.com/p/cryptsetup/wiki/DMCrypt The experimental support for activation of these containers is already present in git devel brach of cryptsetup. Signed-off-by: Milan Broz <gmazyland@gmail.com> Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Diffstat (limited to 'Documentation/device-mapper/dm-crypt.txt')
-rw-r--r--Documentation/device-mapper/dm-crypt.txt11
1 files changed, 9 insertions, 2 deletions
diff --git a/Documentation/device-mapper/dm-crypt.txt b/Documentation/device-mapper/dm-crypt.txt
index 2c656ae43ba7..c81839b52c4d 100644
--- a/Documentation/device-mapper/dm-crypt.txt
+++ b/Documentation/device-mapper/dm-crypt.txt
@@ -4,12 +4,15 @@ dm-crypt
4Device-Mapper's "crypt" target provides transparent encryption of block devices 4Device-Mapper's "crypt" target provides transparent encryption of block devices
5using the kernel crypto API. 5using the kernel crypto API.
6 6
7For a more detailed description of supported parameters see:
8http://code.google.com/p/cryptsetup/wiki/DMCrypt
9
7Parameters: <cipher> <key> <iv_offset> <device path> \ 10Parameters: <cipher> <key> <iv_offset> <device path> \
8 <offset> [<#opt_params> <opt_params>] 11 <offset> [<#opt_params> <opt_params>]
9 12
10<cipher> 13<cipher>
11 Encryption cipher and an optional IV generation mode. 14 Encryption cipher and an optional IV generation mode.
12 (In format cipher[:keycount]-chainmode-ivopts:ivmode). 15 (In format cipher[:keycount]-chainmode-ivmode[:ivopts]).
13 Examples: 16 Examples:
14 des 17 des
15 aes-cbc-essiv:sha256 18 aes-cbc-essiv:sha256
@@ -19,7 +22,11 @@ Parameters: <cipher> <key> <iv_offset> <device path> \
19 22
20<key> 23<key>
21 Key used for encryption. It is encoded as a hexadecimal number. 24 Key used for encryption. It is encoded as a hexadecimal number.
22 You can only use key sizes that are valid for the selected cipher. 25 You can only use key sizes that are valid for the selected cipher
26 in combination with the selected iv mode.
27 Note that for some iv modes the key string can contain additional
28 keys (for example IV seed) so the key contains more parts concatenated
29 into a single string.
23 30
24<keycount> 31<keycount>
25 Multi-key compatibility mode. You can define <keycount> keys and 32 Multi-key compatibility mode. You can define <keycount> keys and