Re: A patch to loop.c for better cryption support

From: Marc Mutz (Marc@Mutz.com)
Date: Wed Oct 11 2000 - 10:41:41 EST

Next message: Bruce A. Locke: "Re: [PATCH] OOM killer API (was: [PATCH] VM fix for 2.4.0-test9 & OOM handler)"
Previous message: Boszormenyi Zoltan: "36 bit MTRRs, Re: test10-pre1 problems on 4-way SuperServer8050"
In reply to: Ingo Rohloff: "A patch to loop.c for better cryption support"
Next in thread: Ingo Rohloff: "Re: A patch to loop.c for better cryption support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[added cc: linux-crypto]

Ingo Rohloff wrote:
>
> Hi,
>
> First some explanation. Most cryption algorithms initialize
> the cryption process with some init values, called IV (by me :-).
> This means that two identical clear messages will give
> different encrypted messages, if different IVs are used.
>
> The loop device supports different IVs;
> the IVs are initilized with the requested block
> number.
>
> I believe a better way is to use the requested
> sector number from CURRENT->sector.
> Using this value should make the encryption and decryption
> process completely independent from the underlying device.
>

Two times no.

First: This breaks backward-compatibility.
Second: I don't know much of the block device handling
        in Linux, but what you produced seems like a quick
        shot. I can see this e.g. at the point where you
        declare 'sector' to be 'int' (7th hunk), whereas in
        include/linux/blkdev.h request.sector is declared
        _unsigned_ int.
          I don't know what request.sector is for loop
        devices (The block number of the underlying
        filesystem, if any? The hard sector number of the
        underlying blockdevice? Always the 512-byte-blocks
        number?), but if it is not the latter, i.e. always
        "position >> 9", you have just shifted the issue
        from one level (the fs block size) to another
        (whatever units sector is in).

The better solution (for 2.2. and 2.4; in 2.5 Andries Brouwer has
something more clean in his mind, IIUHC) is to add a new field to struct
loop_info to indicate the encryption chunk size and patch losetup/mount
to set this to 512 by default and to the filesystem block size if asked
to by some command line switch. This allows people to convert their
stuff.

You may want to join linux-crypto@nl.linux.org (majordomo) if you want
to work on this.

Marc

-- Marc Mutz <Marc@Mutz.com> http://EncryptionHOWTO.sourceforge.net/ University of Bielefeld, Dep. of Mathematics / Dep. of Physics

PGP-keyID's: 0xd46ce9ab (RSA), 0x7ae55b9e (DSS/DH)

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/

Next message: Bruce A. Locke: "Re: [PATCH] OOM killer API (was: [PATCH] VM fix for 2.4.0-test9 & OOM handler)"
Previous message: Boszormenyi Zoltan: "36 bit MTRRs, Re: test10-pre1 problems on 4-way SuperServer8050"
In reply to: Ingo Rohloff: "A patch to loop.c for better cryption support"
Next in thread: Ingo Rohloff: "Re: A patch to loop.c for better cryption support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Oct 15 2000 - 21:00:18 EST