Re: iv generation from third-party code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7 May 2015 at 10:29, Arno Wagner <arno@xxxxxxxxxxx> wrote:

In that case, you should probably aim to do the whole decryption
in Ruby. Will be a lot less effort on the development side, and
who cares if it takes some hours or days to do the full decryption
once it works. (And disk-encryption can be very easily paralellized on
sector-level in addition.) This way you can do away with all the
kernel-module and driver stuff and just have to get the crypto right.

Yeah, that makes sense.
 
As to LRW-Mode, from
  http://en.wikipedia.org/wiki/Disk_encryption_theory#Liskov.2C_Rivest.2C_and_Wagner_.28LRW.29
I deduce, that indeed you get X = 0 for the first 16 byte block
and X = F for the second. From block 2 onwards, you need GF(2^128)
multiplication to get X. However, for the second nlock (index 1),
that should be E_k(Block + X) + X with "+" as addition ing GF(2^128),
so just using X as the "IV" would not be enough. (Decryption works
the same, just replace E_k by D_k).

I am not sure what LRW does with sector numbers, it may just
divide the whole device into 16 byte blocks and count them from
the start.

The math can be googled with "gf(2^128)".

Thanks for that, I'll take a closer look.
 
Easiest way on the coding side would probably be to just make an
image-file of the drive and work with that and decrypt to a second
image file. Linux has no problems with files that are a few
fundred GB large.

Yeah. I've got some limitations as to where I can keep a 400GB file, so for now I'll just work with a hundred meg or so. Once I can strings that to get what looks like a file system, I'll apply the code to the whole image. 

Just one remark: Your terminology seems to be off, as ECB does not
have an IV. I suggets using the formula from Wikipedia directly and
to forget about "IV"s.

What I meant was I was using openssl's AES in ECB mode as a building block for doing LRW myself. So I was doing something like E_k(tweak(IV, sector)) ^ tweak(IV, sector) with ECB providing E_k.

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux