[dm-crypt] iv generation from third-party code

Fraser Scott fraser.scott at gmail.com
Thu May 7 11:36:49 CEST 2015


On 7 May 2015 at 10:29, Arno Wagner <arno at wagner.name> wrote:

In that case, you should probably aim to do the whole decryption
> in Ruby. Will be a lot less effort on the development side, and
> who cares if it takes some hours or days to do the full decryption
> once it works. (And disk-encryption can be very easily paralellized on
> sector-level in addition.) This way you can do away with all the
> kernel-module and driver stuff and just have to get the crypto right.
>

Yeah, that makes sense.


> As to LRW-Mode, from
>
> http://en.wikipedia.org/wiki/Disk_encryption_theory#Liskov.2C_Rivest.2C_and_Wagner_.28LRW.29
> I deduce, that indeed you get X = 0 for the first 16 byte block
> and X = F for the second. From block 2 onwards, you need GF(2^128)
> multiplication to get X. However, for the second nlock (index 1),
> that should be E_k(Block + X) + X with "+" as addition ing GF(2^128),
> so just using X as the "IV" would not be enough. (Decryption works
> the same, just replace E_k by D_k).
>
> I am not sure what LRW does with sector numbers, it may just
> divide the whole device into 16 byte blocks and count them from
> the start.
>
> The math can be googled with "gf(2^128)".
>

Thanks for that, I'll take a closer look.


> Easiest way on the coding side would probably be to just make an
> image-file of the drive and work with that and decrypt to a second
> image file. Linux has no problems with files that are a few
> fundred GB large.
>

Yeah. I've got some limitations as to where I can keep a 400GB file, so for
now I'll just work with a hundred meg or so. Once I can strings that to get
what looks like a file system, I'll apply the code to the whole image.

Just one remark: Your terminology seems to be off, as ECB does not
> have an IV. I suggets using the formula from Wikipedia directly and
> to forget about "IV"s.
>

What I meant was I was using openssl's AES in ECB mode as a building block
for doing LRW myself. So I was doing something like E_k(tweak(IV, sector))
^ tweak(IV, sector) with ECB providing E_k.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20150507/a5de56ad/attachment-0001.html>


More information about the dm-crypt mailing list