At Mon, 10 Sep 2007 18:52:39 +0100, Darren J Moffat <darrenm@xxxxxxxxxxxxxxx> wrote: > > Clemens Fruhwirth wrote: > > Nevermind. > > > > But unless you have very specific interest in the design principals of > > LUKS, I personally would go for another route to port LUKS over to OpenSolaris. > > That might work but there could also be some license problems with that. > I'll need to better understand where all the components of LUKS > actually lives to see if this will work - it may well be the best solution. LUKS is entirely user space, LUKS = Linux Unified Key Setup, implying that it's only used for setting up an encryption device. It doesn't play a part in serving read/write requests to the encrypted device. > > You surely have a some kind of kernel interface that you talk to by > > some means. A vage sketch would be > > > > * create a virtual mapping X of device Y using encryption setting K (cipher, cipher mode, key) > > * query the parameters of an existing mapping > > * remove that mapping > > See http://opensolaris.org/os/project/loficc/ for what we have just now. Looking at lofiadm/main.c, it seems that you've got all that's needed for a cryptsetup-luks backend implementations. add_mapping takes mapping name as devicename, underlying device as filename, cipher, key, key size and offset. I presume the cipher mode is somehow mangled into the cipher parameter, right? Regarding cipher modus: The webpage stats CBC is there (we just have to make sure it's compatible in IV generation). ESSIV is an IV generation mechanism design as an ad-hoc solution to the CBC watermark problem. It is not that hard to support, but requires an additional hash to generate the IV key. But this IV key generation could be done in user land too. (I think ESSIV is the most widely deployed CBC IV strategy at the moment, as cryptsetup-luks picks this as default, so I guess you want to support it). But we can't mix lofiadm/ with cryptsetup-luks. CDDL is not GPL compatible. cryptsetup is GPL. -- Fruhwirth Clemens - http://clemens.endorphin.org --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
