Gisle Sælensminde wrote: > A first step could be to describe loop-aes and cryptoloop, like done for > the random-device in the paper I linked to. [short version for loop-AES-v3] Userland mount/losetup key setup: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 65 lines of random text are encrypted using gpg, once only. gpg symmetric key passphrase or private keyring passphrase is typed to mount/losetup programs when they ask for it. mount/losetup programs use gpg program to decrypt the key file. Each text line is hashed using SHA-256 (or SHA-384 or SHA-512). Array of hash outputs is then passed to kernel driver as key_table[65] using an ioctl(). That key_table[65] array contains "bulk" encryption keys that are used to encrypt loop data. Userland encrypted swap and random key (file system) setup: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 40 KB of old encrypted data is read from disk, and hashed with SHA-512. That same 40 KB of old encrypted data is then overwritten 20 times using random data generated from computed hash and time stamp. 32 bytes of common random data is read from /dev/urandom. For each 65 keys, 16 bytes of per key random data is read from /dev/urandom. Each of 65 random keys is generated by hashing "40 KB of old encrypted data" and 32 bytes of common random data and 16 bytes of per key random data using SHA-512. Array of hash outputs is then passed to kernel driver as key_table[65] using an ioctl(). That key_table[65] array contains "bulk" encryption keys that are used to encrypt loop data. Kernel driver part: ~~~~~~~~~~~~~~~~~~~ Following uses '|' to indicate concatenation. Arrays are 0-based. Each 512 byte sector is encrypted as: K = key_table[sector_number & 63] IV = MD5(key_table[64] | plaintext_bytes[16...511] | sector_number) ciphertext_bytes[0...511] = CBC_ENCRYPT(K, IV, plaintext_bytes[0...511]) Each 512 byte sector is decrypted as: K = key_table[sector_number & 63] IV = ciphertext_bytes[0...15] plaintext_bytes[16...511] = CBC_DECRYPT(K, IV, ciphertext_bytes[16...511]) IV = MD5(key_table[64] | plaintext_bytes[16...511] | sector_number) plaintext_bytes[0...15] = CBC_DECRYPT(K, IV, ciphertext_bytes[0...15]) -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
