• Milan Broz's avatar
    dm crypt: add TCW IV mode for old CBC TCRYPT containers · ed04d981
    Milan Broz authored
    dm-crypt can already activate TCRYPT (TrueCrypt compatible) containers
    in LRW or XTS block encryption mode.
    
    TCRYPT containers prior to version 4.1 use CBC mode with some additional
    tweaks, this patch adds support for these containers.
    
    This new mode is implemented using special IV generator named TCW
    (TrueCrypt IV with whitening).  TCW IV only supports containers that are
    encrypted with one cipher (Tested with AES, Twofish, Serpent, CAST5 and
    TripleDES).
    
    While this mode is legacy and is known to be vulnerable to some
    watermarking attacks (e.g. revealing of hidden disk existence) it can
    still be useful to activate old containers without using 3rd party
    software or for independent forensic analysis of such containers.
    
    (Both the userspace and kernel code is an independent implementation
    based on the format documentation and it completely avoids use of
    original source code.)
    
    The TCW IV generator uses two additional keys: Kw (whitening seed, size
    is always 16 bytes - TCW_WHITENING_SIZE) and Kiv (IV seed, size is
    always the IV size of the selected cipher).  These keys are concatenated
    at the end of the main encryption key provided in mapping table.
    
    While whitening is completely independent from IV, it is implemented
    inside IV generator for simplification.
    
    The whitening value is always 16 bytes long and is calculated per sector
    from provided Kw as initial seed, xored with sector number and mixed
    with CRC32 algorithm.  Resulting value is xored with ciphertext sector
    content.
    
    IV is calculated from the provided Kiv as initial IV seed and xored with
    sector number.
    
    Detailed calculation can be found in the Truecrypt documentation for
    version < 4.1 and will also be described on dm-crypt site, see:
    http://code.google.com/p/cryptsetup/wiki/DMCrypt
    
    The experimental support for activation of these containers is already
    present in git devel brach of cryptsetup.
    Signed-off-by: default avatarMilan Broz <gmazyland@gmail.com>
    Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
    ed04d981
dm-crypt.c 47.7 KB