OpenSolaris

1. Project: lofi compression & cryptography support
   1. Announcements
   2. Events
   3. News
   4. Blogs
   5. Discussions
   6. Leaders
   7. Observers
   8. Files

OpenSolaris Project: lofi compression & cryptography support

View the leaders for this project
Project Observers

Endorsing communities

Installation and Packaging
OS/Net (ON)
Security
Storage

Intro to lofi(7d)

Taken from the man page lofi(7d):

The lofi file driver exports a file as a block device. Reads and writes to the block device are translated to reads and writes on the underlying file. This is useful when the file contains a file system image. Exporting it as a block device through the lofi file driver allows normal system utilities to operate on the image through the block device (like fstyp(1M), fsck(1M), and mount(1M). This is useful for accessing CD-ROM and FAT floppy images. See lofiadm(1M) for examples.

loficc project scope

This project plans to add support for compression and encryption to the lofi(7d) driver. Similar to what has been done for other systems.

• Compression support in lofi(7d) driver
• Crypto support in the lofi(7d) driver
• Changes to lofiadm(1m) to set/show compression & encryption support
• Database for storing persistent mappings of mount point to lofi file/user. Need to consider if this should be in the nameservice or just local.
• Maybe a PAM module for mounting the devices.
• Support for wrapped keys on PKCS#11 devices such as smartcards.

Status

• lofi compression support has been integrated into Nevada build 80. A webrev of the integrated changes can be found here
• PSARC case for lofi compression can be found here
• A mercurial repository exists with the current prototype of the crypto part. $ hg clone ssh://anon at hg dot opensolaris dot org/hg/loficc/crypto
• Draft PSARC case
• Prototype crypto code integration into Nevada in progress
• Nevada prototype code for crypto part has been completed, a copy of it is posted here
• Userland API created to find out what kernel crypto algoritms are available along with their supported key lengths
• Next steps are to successfully complete the PSARC case and integrate the code into Nevada

Dependencies

The Cryptographic Framework API will be used as the way to do the crypto in the kernel. This allows us to get access to hardware crypto for free when it is available. The APIs in kernel exist today.

• We intend to use AES in XEX mode, this isn't yet integrated into the OpenSolaris code base but will be coming soon. For just now we have a prototype that uses AES in CBC mode.

• We need an API in userland to find out what crypto algorithms, and their supported key lengths, are available to the kernel. The PKCS#11 APIs can't be used for this since they tell us what is available to user land. The cryptoadm(1m) command has a private implementation of this that uses the ioctl interface of /dev/cryptoadm. We need to make this a function based interface and put it into libcryptoutil. The CR for this API is 6236948.

Project Team

Casper Dik, Moinak Ghosh, Darren Moffat, Dina Nimeh, Joep Vesseur, Alok Aggarwal

Links to similar technologies

Microsoft Vista BitLocker Apple MacOS X FileVault

Announcements

11 Aug 2007	Code review posted
11 Aug 2007	Code review posted