Any TrueCrypt (tcplay) or dm-crypt (cryptsetup) users?
Michael Neumann
mneumann at ntecs.de
Wed Dec 11 06:57:44 PST 2024
Hi,
Anyone using one of the following with a DragonFly system?
* TrueCrypt (via tcplay)
* dm-crypt / dm_target_crypt (via cryptsetup)
* /dev/crypto (cryptodev)
tcplay seems to be broken and considered unsafe, so I'd like to remove
it completely.
As for dm-crypt, I am working on a simplification and would love to get
rid of a couple of unused crypto algorithms and only keep AES, which
also has hardware support. So if you are using dm_target_crypt (via
cryptsetup), please let me know which algorithms you are using.
Removing unused crypto algorithms mainly makes it easier to test for me.
I'd like to keep:
* null
* aes-cbc
* aes-xts
I am also in the progress of removing cryptodev and the whole opencrypto
framework. dm-crypt and tcplay were the only users, and the API is too
complex and 95% of it's functionality is really not used. OpenBSD had
remove cryptodev already (but kept the in-kernel API), and both OpenBSD
and FreeBSD made the opencrypto API synchronous.
Instead of maintaining the complex opencrypto API, I have added a very
simple, non-allocating API:
// Find cipher by name
struct crypto_cipher *cipher = crypto_cipher_find("aes", "cbc", 256);
if (!cipher)
goto error;
// Initialize key
struct crypto_cipher_context ctx;
error = cipher->setkey(&ctx, "****", 4);
// Encrypt
struct crypto_cipher_iv iv; // TODO: properly initialize before
error = cipher->encrypt(&ctx, buffer, sizeof(buffer), &iv);
// Decrypt
error = cipher->decrypt(&ctx, buffer, sizeof(buffer), &iv);
I might make `cipher` an opaque pointer and add crypto_cipher_setkey(),
crypto_cipher_encrypt(), crypto_cipher_decrypt() functions respectivly.
Open for suggestions :)
Note that the dm_crypt_target becomes significantly simpler due to the
synchronous crypto API.
Best regards,
Michael
--
Michael Neumann
NTECS Consulting
www.ntecs.de
More information about the Users
mailing list