mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-12 13:55:32 +00:00
Code Issues Releases Wiki Activity
linux-stable/Documentation/device-mapper
History
Milan Broz ef43aa3806 dm crypt: add cryptographic data integrity protection (authenticated encryption) 
Allow the use of per-sector metadata, provided by the dm-integrity
module, for integrity protection and persistently stored per-sector
Initialization Vector (IV).  The underlying device must support the
"DM-DIF-EXT-TAG" dm-integrity profile.

The per-bio integrity metadata is allocated by dm-crypt for every bio.

Example of low-level mapping table for various types of use:
 DEV=/dev/sdb
 SIZE=417792

 # Additional HMAC with CBC-ESSIV, key is concatenated encryption key + HMAC key
 SIZE_INT=389952
 dmsetup create x --table "0 $SIZE_INT integrity $DEV 0 32 J 0"
 dmsetup create y --table "0 $SIZE_INT crypt aes-cbc-essiv:sha256 \
 11ff33c6fb942655efb3e30cf4c0fd95f5ef483afca72166c530ae26151dd83b \
 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff \
 0 /dev/mapper/x 0 1 integrity:32:hmac(sha256)"

 # AEAD (Authenticated Encryption with Additional Data) - GCM with random IVs
 # GCM in kernel uses 96bits IV and we store 128bits auth tag (so 28 bytes metadata space)
 SIZE_INT=393024
 dmsetup create x --table "0 $SIZE_INT integrity $DEV 0 28 J 0"
 dmsetup create y --table "0 $SIZE_INT crypt aes-gcm-random \
 11ff33c6fb942655efb3e30cf4c0fd95f5ef483afca72166c530ae26151dd83b \
 0 /dev/mapper/x 0 1 integrity:28:aead"

 # Random IV only for XTS mode (no integrity protection but provides atomic random sector change)
 SIZE_INT=401272
 dmsetup create x --table "0 $SIZE_INT integrity $DEV 0 16 J 0"
 dmsetup create y --table "0 $SIZE_INT crypt aes-xts-random \
 11ff33c6fb942655efb3e30cf4c0fd95f5ef483afca72166c530ae26151dd83b \
 0 /dev/mapper/x 0 1 integrity:16:none"

 # Random IV with XTS + HMAC integrity protection
 SIZE_INT=377656
 dmsetup create x --table "0 $SIZE_INT integrity $DEV 0 48 J 0"
 dmsetup create y --table "0 $SIZE_INT crypt aes-xts-random \
 11ff33c6fb942655efb3e30cf4c0fd95f5ef483afca72166c530ae26151dd83b \
 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff \
 0 /dev/mapper/x 0 1 integrity:48:hmac(sha256)"

Both AEAD and HMAC protection authenticates not only data but also
sector metadata.

HMAC protection is implemented through autenc wrapper (so it is
processed the same way as an authenticated mode).

In HMAC mode there are two keys (concatenated in dm-crypt mapping
table).  First is the encryption key and the second is the key for
authentication (HMAC).  (It is userspace decision if these keys are
independent or somehow derived.)

The sector request for AEAD/HMAC authenticated encryption looks like this:
 |----- AAD -------|------ DATA -------|-- AUTH TAG --|
 | (authenticated) | (auth+encryption) |              |
 | sector_LE |  IV |  sector in/out    |  tag in/out  |

For writes, the integrity fields are calculated during AEAD encryption
of every sector and stored in bio integrity fields and sent to
underlying dm-integrity target for storage.

For reads, the integrity metadata is verified during AEAD decryption of
every sector (they are filled in by dm-integrity, but the integrity
fields are pre-allocated in dm-crypt).

There is also an experimental support in cryptsetup utility for more
friendly configuration (part of LUKS2 format).

Because the integrity fields are not valid on initial creation, the
device must be "formatted".  This can be done by direct-io writes to the
device (e.g. dd in direct-io mode).  For now, there is available trivial
tool to do this, see: https://github.com/mbroz/dm_int_tools

Signed-off-by: Milan Broz <gmazyland@gmail.com>
Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: Vashek Matyas <matyas@fi.muni.cz>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
2017-03-24 15:49:41 -04:00
..
cache-policies.txt dm cache: update cache-policies.txt now that mq is an alias for smq 2016-05-05 15:25:53 -04:00
cache.txt dm cache metadata: add "metadata2" feature 2017-02-16 13:12:47 -05:00
delay.txt Documentation/device-mapper: s/getsize/getsz/ 2016-12-14 10:54:27 +01:00
dm-crypt.txt dm crypt: add cryptographic data integrity protection (authenticated encryption) 2017-03-24 15:49:41 -04:00
dm-flakey.txt block: rename bio bi_rw to bi_opf 2016-08-07 14:41:02 -06:00
dm-integrity.txt dm: add integrity target 2017-03-24 15:49:07 -04:00
dm-io.txt
dm-log.txt dm log userspace: fix comment hyphens 2011-10-31 20:21:22 +00:00
dm-queue-length.txt
dm-raid.txt scripts/spelling.txt: add "explictely" pattern and fix typo instances 2017-02-27 18:43:47 -08:00
dm-service-time.txt
dm-uevent.txt
era.txt dm: add era target 2014-03-27 16:56:23 -04:00
kcopyd.txt
linear.txt Documentation/device-mapper: s/getsize/getsz/ 2016-12-14 10:54:27 +01:00
log-writes.txt block, drivers, fs: rename REQ_FLUSH to REQ_PREFLUSH 2016-06-07 13:41:38 -06:00
persistent-data.txt Documentation: Fix multiple typo in Documentation 2012-03-07 16:08:24 +01:00
snapshot.txt dm snapshot: add new persistent store option to support overflow 2015-10-09 16:57:03 -04:00
statistics.txt dm stats: fix spelling mistake in Documentation 2016-05-05 15:25:54 -04:00
striped.txt Documentation/device-mapper: s/getsize/getsz/ 2016-12-14 10:54:27 +01:00
switch.txt Documentation/device-mapper: s/getsize/getsz/ 2016-12-14 10:54:27 +01:00
thin-provisioning.txt dm thin: display 'needs_check' in status if it is set 2015-07-16 10:23:50 -04:00
verity.txt dm verity: add ignore_zero_blocks feature 2015-12-10 10:39:03 -05:00
zero.txt