[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: problems with kerneli patch?
Marc Mutz wrote:
>
> Robert Varga wrote:
> >
> <snip>
> > Could somebody summarize the known problems and wether they are being worked
> > on? If not, I could take a look at them.
> <snip>
>
> Do you mean conceptional or implementation-dependent?
>
> For the first, a starting point would be - of course - Applied
> Cryptography by B. Schneier. There is quite an extensive references
> section there, but the book is now more than six years old.
>
> For the second, here's a list of bug/inconvenients for the linux
> loopback device crypto and the cryptoapi, as far as i know and recall
> them:
>
> - 2G limit in the loopback device
> (2.2+2.4, axboe maybe has a patch for 2.4?)
> - deadlocks in the loopback device
> (2.4, axboe has a patch)
> - blowfish (and other ciphers) have endian-issues (2.2+2.4)
> This is mostly because
> a. no-one has really defined what the ciphers should
> return and accept (cryptoapi)
> b. the authors of ciphers often did not pay attention
> themselves
> c. no-one has tested the ciphers (due to a.)
> - blowfish (and others) have a problem with demand-module
> loading (2.2.18.4pre+2.4)
>
> For the third point: Alex, Gisle, should we define the input and output
> of *_{en,de}crypt functions to expect/provide an octet stream? Then all
> endian issues (except bit-endianess, which is a non-issue on platforms
> Linux runs on) go away. One then has to check (like Brian Gladman did in
> his paper on the subject he submitted to the AES comments last year) the
> papers and check the implementations in the kernel against that.
>
> Additions to this list are welcome.
There is no 2G loopback limit on Andrea Arcangeli's kernel 2.2.18aa2. See
below. The TripleDES cipher stuff is my own (no international crypto patch
applied), but it makes no difference in my opinion.
ace486:/root/tt7 # dd if=/dev/zero of=zz1 bs=1024 count=6291456
6291456+0 records in
6291456+0 records out
ace486:/root/tt7 # ls -l
total 6297612
-rw-r--r-- 1 root root 6442450944 Mar 27 09:07 zz1
ace486:/root/tt7 # losetup -e TripleDES /dev/loop3 zz1
Password:
ace486:/root/tt7 # mkfs -t ext2 /dev/loop3
mke2fs 1.18, 11-Nov-1999 for EXT2 FS 0.5b, 95/08/09
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
786432 inodes, 1572864 blocks
78643 blocks (5.00%) reserved for the super user
First data block=0
48 block groups
32768 blocks per group, 32768 fragments per group
16384 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736
Writing inode tables: done
Writing superblocks and filesystem accounting information: done
ace486:/root/tt7 # mount -t ext2 /dev/loop3 /mnt2
ace486:/root/tt7 # ls -l ../big1
-rw-r--r-- 1 root root 1385140224 Mar 25 19:58 ../big1
ace486:/root/tt7 # df /mnt2
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/loop3 6192704 20 5878112 0% /mnt2
ace486:/root/tt7 # cat ../big1 ../big1 ../big1 ../big1 >/mnt2/zz2
ace486:/root/tt7 # ls -l /mnt2
total 5416016
drwxr-xr-x 2 root root 16384 Mar 27 09:09 lost+found
-rw-r--r-- 1 root root 5540560896 Mar 27 10:19 zz2
ace486:/root/tt7 # umount /mnt2
ace486:/root/tt7 # losetup -d /dev/loop3
ace486:/root/tt7 # losetup -e TripleDES /dev/loop2 zz1
Password:
ace486:/root/tt7 # mount -t ext2 /dev/loop2 /mnt2
ace486:/root/tt7 # ls -l /mnt2
total 5416016
drwxr-xr-x 2 root root 16384 Mar 27 09:09 lost+found
-rw-r--r-- 1 root root 5540560896 Mar 27 10:19 zz2
ace486:/root/tt7 # cat /mnt2/zz2 | md5sum
2c5cc22dd03c527fe1e8136d0fa0bd89
ace486:/root/tt7 # cat ../big1 ../big1 ../big1 ../big1 | md5sum
2c5cc22dd03c527fe1e8136d0fa0bd89
ace486:/root/tt7 # df /mnt2
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/loop2 6192704 5416020 462112 92% /mnt2
ace486:/root/tt7 # uname -a
Linux ace486 2.2.18aa2 #1 Fri Feb 9 21:13:56 EET 2001 i686 unknown
Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/