Re: [PATCH] loop: fixing cryptoloop troubles.

From: Fruhwirth Clemens
Date: Mon Aug 11 2003 - 08:16:06 EST

Next message: Pavel Machek: "Re: [PATCH] lirc for 2.5/2.6 kernels - 20030802"
Previous message: Flameeyes: "Re: [PATCH] lirc for 2.5/2.6 kernels - 20030802"
In reply to: Christophe Saout: "Re: [PATCH] loop: fixing cryptoloop troubles."
Next in thread: Christophe Saout: "Re: [PATCH] loop: fixing cryptoloop troubles."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 11, 2003 at 12:07:16AM +0200, Christophe Saout wrote:

> The main problem with CBC is that you can't really do it. It only works
> when you have a constant stream of data because you always need the
> result from the previous encryption which you don't have when doing
> something in the middle of the block device.

That's partially correct. As most block cipher operate on blocks of 16 bytes
size it perfectly makes sence to use CBC on a 512 byte block.

> Warning: A long analysis of obvious things is following. I think most of
> you know everything I'm writing here, I'm just looking through the code
> myself and trying to explain what's happening. On the end I'll find the
> bug you fixed. I think that was the only bug regarding IV handling.

*knockonwood* :)

> The cryptoloop code is doing things correctly. In ecb mode, every bio
> could get converted at once, or every bvec.

ECB mode is broken in 2.6.0-test[12]. See

http://marc.theaimsgroup.com/?l=linux-kernel&m=106043148921893&w=2

It's a quite conservative patch. ECB processing can be optimized.

> ========== analysis end ========== ;)

Thanks :)

> Yes, I think putting this into loop.c adds unnecessary complexity.
> Especially the IV handling is ugly. Sometimes the IV is calculated in
> loop.c (three times) and sometimes it gets incremented in cryptoloop.c.
> Wow. Error prone and ugly.

Definitly. loop.c is anyway ugly :). It would be nice to rip out the
block-backend stuff of loop.c and recommend to use device mapper instead.
loop.c will benefit from that for sure since it doesn't have to handle two
different case in such a schizophrenic manner.

> And you can still use dm over loop device if you want to encrypt a file.

I like that idea.

> > If you can't get attention for your patch, try to convince someone "more
> > important". DM maintainer is a good place to start :)
>
> Yes, the DM maintainer helped me write the patch and would like to see
> it merged. Convincing some more important persons would be easier if I
> would get any reaction from them. ;)

I'll give it a try, promised :)

Regards, Clemens

Attachment: pgp00003.pgp
Description: PGP signature

Next message: Pavel Machek: "Re: [PATCH] lirc for 2.5/2.6 kernels - 20030802"
Previous message: Flameeyes: "Re: [PATCH] lirc for 2.5/2.6 kernels - 20030802"
In reply to: Christophe Saout: "Re: [PATCH] loop: fixing cryptoloop troubles."
Next in thread: Christophe Saout: "Re: [PATCH] loop: fixing cryptoloop troubles."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]