OpenSolaris "disk" encryption in snv_105
By Darrenmoffat-Oracle on Dec 17, 2008
The encryption part of the OpenSolaris lofi compression & encryption project integrated into snv_105. I initially started this as a proof of concept several years ago but it never became high enough priority for such a long time. Casper Dik made a working version of it that was "distributed" internally for quite a few years as part of frkit. Now Dina has finished it off and got it integrated.
Finishing it off took much longer than we originally projected due to interactions with the compression code that was added to lofi and some very hard to track down bugs where lofi is used by xVM (the Xen based hypervisor) - particularly the interations with dom0 and domU lofi use.
So what can you do with it ? It is similar to what has been available for many many years on Linux using the cryptoloop system. It isn't perfect but it is better than the nothing we had before.
Creating an encrypted UFS filesystem with lofi
# mkfile 128m /export/lofi-backing-file # lofiadm -a /export/lofi-backing-file -c aes-256-cbc Enter passphrase: Re-enter passphrase: /dev/lofi/1 # newfs /dev/rlofi/1 newfs: construct a new file system /dev/rlofi/1: (y/n)? y /dev/rlofi/1: 262036 sectors in 436 cylinders of 1 tracks, 601 sectors 127.9MB in 28 cyl groups (16 c/g, 4.70MB/g, 2240 i/g) super-block backups (for fsck -F ufs -o b=#) at: 32, 9648, 19264, 28880, 38496, 48112, 57728, 67344, 76960, 86576, 173120, 182736, 192352, 201968, 211584, 221200, 230816, 240432, 250048, 259664 # mount /dev/lofi/1 /mnt
Nice and simple. We can also store the key in a file, key generation can be done with pktool(1). Or we can store it in any PKCS#11 accessible keystore:
# pktool genkey keystore=pkcs11 keytype=aes keylen=256 label=mylofikey Enter PIN for Sun Software PKCS#11 softtoken : # lofiadm -a /export/lofi-backing-file -c aes-256-cbc -T :::mylofikey Enter PIN for Sun Software PKCS#11 softtoken : /dev/lofi/1
Issues with the lofi encryption
- For lofi compression and encryption are mutually exclusive, compression is readonly lofi anyway. If you need both wait for the integration of encryption support in ZFS.
- No integrity check. Currently the lofi encryption use CBC mode because we needed a non expanding cipher. Once the OpenSolaris crypto framework has support for XTS (or similar) mode we will likely update the lofi crypto to use that instead.
- Lofi performance isn't great - this isn't a crypto issue, lofi performance in general just isn't great and adding crypto into the mix doesn't help much.
- No way to detect the wrong key. We have a reserved area where we could add meta-data to determine if the correct key and algorithm params have been supplied but this hasn't been implemented yet.