At Mon, 10 Sep 2007 14:18:42 +0100, Darren J Moffat <darrenm@xxxxxxxxxxxxxxx> wrote: > > Clemens Fruhwirth wrote: > > At Mon, 10 Sep 2007 11:19:00 +0100, > > Darren J Moffat <darrenm@xxxxxxxxxxxxxxx> wrote: > >> I'd like to consider supporting LUKS on OpenSolaris. We have an > >> OpenSolaris project to add crypto support to the lofi(7D) block device > >> driver (similar to the loop driver on Linux) nearing completion of its > >> first phase and for a later phase I'd like to consider adding support > >> for LUKS. > >> > >> In order for me to look at this I need to know what license the LUKS > >> specification (not source code) is distributed under. > > > > You already asked that question. > > > > http://thread.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/2045 > > Sorry about that, but I didn't remember actually seeing the reply that > it was http://creativecommons.org/licenses/by-nc-nd/2.5/. Nevermind. But unless you have very specific interest in the design principals of LUKS, I personally would go for another route to port LUKS over to OpenSolaris. You surely have a some kind of kernel interface that you talk to by some means. A vage sketch would be * create a virtual mapping X of device Y using encryption setting K (cipher, cipher mode, key) * query the parameters of an existing mapping * remove that mapping Backends are sufficently abstracted in cryptsetup-luks (thanks to the foresight of Christophe), so you could just write a new backend for OpenSolaris' lofi. Please have a look at lib/libdevmapper.c, which implements the backend for dm-crypt devices under Linux for an example. The ops such a a lofi backend would have to support are struct setup_backend setup_lofi_backend = { .name = "lofi", .init = <some function that is called on backend initializion>, .exit = <called on cryptsetup exit>, .create = <create mapping>, .status = <query existing mapping>, .remove = <remove mapping>, .dir = <get dir, where virtual mappings are created> }; cryptsetup assumes that you are free to choose the name of your mapping. That might not apply to OpenSolaris (under Linux you just get loop1..loopN too). I'm sure cryptsetup's assumption with respect to this can be changed quite quickly. Btw: again, you don't need to obey the CC license for a full independent implementation of LUKS. LUKS is not patented, as it's mostly a combination of existing techniques -- except the anti-forensic stuff, but that's basically my insight that information splitting techniques can transformed into a tool to make disk forensics very hard. (Chapter 5 of ''New Methods in Hard Disk Encryption'' http://clemens.endorphin.org/cryptography) So if you want to got for the porting way, I'm happy to assist you writing the backend. -- Fruhwirth Clemens - http://clemens.endorphin.org --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
