All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] dm-crypt: disable block encryption with arc4
@ 2010-01-25 18:29 Mikulas Patocka
  2010-01-25 18:39 ` Milan Broz
  2010-01-25 18:39 ` Mikulas Patocka
  0 siblings, 2 replies; 31+ messages in thread
From: Mikulas Patocka @ 2010-01-25 18:29 UTC (permalink / raw)
  To: dm-devel; +Cc: Milan Broz, Alasdair G Kergon, linux-crypto

Hi

When using arc4 to encrypt a block device, the resulting device is 
unreliable. It reads garbage. That's because arc4 is a stream cipher, if 
you write something, it advances its state and if you attempt to decrypt 
the same sector, it uses new state that is different.

This patch disables the use of arc4 on block devices.

A question to crypto maintainers: Is there some general method how to 
determine that the cipher is a stream cipher, changes its state as it 
progresses and thus is unusable for block devices? I haven't found any 
flag for that.

Mikulas

---

Disable arc4 for encrypting block device

Arc4 is a stream cipher, it's once initialized with a key, it outputs a stream
of bytes (that are xored with the data to be encrypted) and changes it's
internal state.

Because the cipher changes it's internal state, it is not useable for encrypting
block devices --- once someone encrypts a sector of data, the internal state
changes --- and further attempts to decrypt the same block of data use the new
internal state. Thus, the encrypted device returns garbage.

This patch disables the use of arc4 for dm-crypt.

If we wanted to use arc4, we would have to setup the key before encrypting each
sector. That is slow. Because arc4 works by xoring the bitstream with the data,
it is not suitable for encrypting block devices anyway: if the attacker obtains
two images of the same block device at two different times, he can xor them with
each other, eliminating the cipher and getting two xored plaintexts.

Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>

---
 drivers/md/dm-crypt.c |    5 +++++
 1 file changed, 5 insertions(+)

Index: linux-2.6.32-devel/drivers/md/dm-crypt.c
===================================================================
--- linux-2.6.32-devel.orig/drivers/md/dm-crypt.c	2010-01-25 18:55:14.000000000 +0100
+++ linux-2.6.32-devel/drivers/md/dm-crypt.c	2010-01-25 18:57:02.000000000 +0100
@@ -1035,6 +1035,11 @@ static int crypt_ctr(struct dm_target *t
 		goto bad_cipher;
 	}
 
+	if (!strcmp(cc->cipher, "arc4")) {
+		ti->error = "Stream cipher arc4 not supported";
+		goto bad_cipher;
+	}
+
 	if (snprintf(cc->cipher, CRYPTO_MAX_ALG_NAME, "%s(%s)",
 		     chainmode, cipher) >= CRYPTO_MAX_ALG_NAME) {
 		ti->error = "Chain mode + cipher name is too long";

^ permalink raw reply	[flat|nested] 31+ messages in thread

end of thread, other threads:[~2010-03-14  9:06 UTC | newest]

Thread overview: 31+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-01-25 18:29 [PATCH] dm-crypt: disable block encryption with arc4 Mikulas Patocka
2010-01-25 18:39 ` Milan Broz
2010-01-26  9:22   ` Sebastian Andrzej Siewior
2010-01-26 10:48     ` Milan Broz
2010-01-26 12:27       ` Mikulas Patocka
2010-01-26 13:34         ` Sebastian Andrzej Siewior
2010-01-26 17:11           ` Mikulas Patocka
2010-02-09  7:37         ` Herbert Xu
2010-02-09 14:02           ` Mikulas Patocka
2010-02-09 20:42             ` Herbert Xu
2010-02-09 14:57           ` Sebastian Andrzej Siewior
2010-02-09 20:45             ` Herbert Xu
2010-02-09 21:12               ` Sebastian Andrzej Siewior
2010-02-09 21:45                 ` Herbert Xu
2010-02-12  8:42                   ` [PATCH] crypto/arc4: convert this stream cipher into a block cipher Sebastian Andrzej Siewior
2010-02-12  9:34                     ` Adrian-Ken Rueegsegger
2010-02-12  9:57                       ` Sebastian Andrzej Siewior
2010-02-14 20:42                     ` Sebastian Andrzej Siewior
2010-02-15  0:10                       ` Herbert Xu
2010-02-15  8:49                         ` Sebastian Andrzej Siewior
2010-02-16 12:51                     ` Herbert Xu
2010-02-21 20:01                       ` Sebastian Andrzej Siewior
2010-02-22  0:45                         ` Herbert Xu
2010-02-22  0:52                           ` Herbert Xu
2010-02-22 22:08                             ` Sebastian Andrzej Siewior
2010-02-23  0:32                               ` Herbert Xu
2010-03-14  8:24                                 ` Sebastian Andrzej Siewior
2010-03-14  9:06                                   ` Herbert Xu
     [not found]                       ` <Pine.LNX.4.64.1002221400090.31819@hs20-bc2-1.build.redhat.com>
2010-02-23  0:15                         ` Herbert Xu
2010-01-26 12:59   ` [dm-devel] [PATCH] dm-crypt: disable block encryption with arc4 Alasdair G Kergon
2010-01-25 18:39 ` Mikulas Patocka

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.