Skip site navigation (1)Skip section navigation (2)
Date:      22 Nov 1997 13:50:23 -0000
From:      Julian Assange <proff@iq.org>
To:        freebsd-security@freebsd.org, freebsd-hackers@freebsd.org
Subject:   cryptographic filing system alpha
Message-ID:  <19971122135023.3909.qmail@iq.org>

next in thread | raw e-mail | index | archive | help

A few people have been pestering me for an alpha snapshot, so
without futher ado:

	http://underground.org/book/marutukku.tgz


This is fully functional, but the build system and documentation is
still in state of transition. It has only been tested so far on
FreeBSD2.2.2. It is *NOT* user-friendly at this stage. And should
*NOT* be distributed. This is not beta software. This is alpha
software. Caveat Emptor

It comes with rc16, cast-128, idea and blowfish, but will pull in DES,
tripple DES, rc4, rc2 and faster versions of the internal ciphers if
you have SSLeay installed (which you can find in /usr/ports/security).


Compile under freebsd:

	$ make depend
	$ make

# modload mkernel/maru_mod.o
$ cd msetkey
# ./mcreate
# ./mnewiv
# ./maset
# newfs /dev/maru0
# mkdir /maru
# mount /dev/maru0 /maru 
$ cd /maru
$ ls -la ; whatever
$ cd /
# umount /maru
# cd (wherever)/msetkey
# ./mdetach
# modunload -n maru_mod 

man pages (quite brief ones at the moment) are in doc/
you can view these with:

	make pagename.less

I've included two man pages below, which will give you some idea
of what is involved.

--
Prof. Julian Assange  |"Don't worry about people stealing your ideas. If your
		      | Ideas are any good, you'll have to ram them down
proff@iq.org          | people's throats." -- Stolen quote from Howard Aiken
proff@gnu.ai.mit.edu  |                           http://underground.org/book



mnewiv(1)                                               mnewiv(1)


NAME
       mnewiv -- Create a new Rubberhose ciphertext descriptor

SYNOPSIS
       mnewiv   [-1   key_cipher]    [-2   lattice_cipher]    [-3
       block_cipher]  [-b fs_blocksize]  [-D  depth]   [-f]   [-d
       debug_lvl]  [maru.iv]

DESCRIPTION
       Create  a  new maru.iv file. When complete, this file con-
       tains

          o  Major and minor version numbers, for chronologically
             shifted compatibility

          o  Cipher  description numbers for the Key, Lattice and
             Block ciphers

          o  Master Key agitation count

          o  File system blocksize (-b)

          o  Depth of the block key generator lattice (-D)

          o  Header checksum before decryption

          o  Master Key agitation checksum

          o  MAX_PASSPHRASE bytes of passphrase salt

          o  MAX_KEY bytes of Master Key salt

          o  Salt for the left and right lattice keys

          o  Initialisation vectors for the lattice

          o  Initialisation vectors for each cryptographic  block
             within the file-system block

OPTIONS
       -1 key_cipher
                 Cipher  used  for pass-phrase `hashing', master-
                 key decryption and lattice key/table generation.
                 Defaults to rc16

       -2 lattice_cipher
                 Cipher  used  for  generating  file-system block
                 keys from the lattice. Defaults to CAST-128

       -3 block_cipher
                 Cipher used for the encryption and decryption of
                 disk blocks. Defaults to CAST-128





                                                                1





mnewiv(1)                                               mnewiv(1)


       -b fs_blocksize
                 Sets  the  file-system  block size. Ideally this
                 value should exactly equal the  bdevsw  strategy
                 read/write  size  as  passed in from the calling
                 filesystem. A  reasonable  value  is  chosen  by
                 default (2048 under FreeBSD), and should be only
                 changed with care.

       -D depth  Specify the depth of the subkey-generation  lat-
                 tice.  File system block keys are generated from
                 the lattice, such that a lattice of depth n  can
                 produce  2^n blockeys. Lattice depth defaults to
                 n = 32, which is acceptable for  cipher  extents
                 upto 4294967296 file system blocks in size.

       -d debug_lvl
                 Set  the debug level. Level 0 produces no status
                 information ("quiet"), level 1 produces  minimal
                 status  informatio.  Level  2  and above produce
                 additional debugging information.  At  debugging
                 levels two or greater, the anti-core-dumping and
                 memory-wiping-on-exit features of rubberhose are
                 disabled in other to facilitate post crash anal-
                 ysis.

       -f        Force contiuation on error (where possible,  e.g
                 over-write  pre-existing files instead of abort-
                 ing).

EXAMPLE
       Example mnewiv

       $ mnewiv -1 rc16 -2 ssl-des-ede3-cbc -3 ssl-des-ede3-cbc mysexy.iv
       rubberhose (0.5) (c) 1997 Julian Assange <proff@iq.org>
       MARUTUKKU truly is the refuge of his land, city, and people.
       Unto him shall the people give praise forever.
       Enter new passphrase (128 significant characters):
       Confirm passphrase:
       Confirm passphrase (again):
       Generating 128 pseudo cryptographically random bytes for passphrase salt
       Generating 256 cryptographically random bytes for maru master key
       Agitating rc16 key generator state for 5 seconds...
       32405 rc16 agitations (6481 per second)
       Generating 32 pseudo cryptographically random bytes for primary lattice key salt's
       Generating 512 pseudo cryptographically random bytes for subkey lattice IV's
       Generating 2048 pseudo cryptographically random bytes for master block IV array
       Clearing key artifacts
       Maru IV extent header generation complete.
       Saving Maru SALT/IV extent header as "mysexy.iv"
       * MAKE AT LEAST TWO BACKUPS of this file. If a single bit sells out to the dark
         forces of entropy, your entire maru ciphertext extent will follow suit

ENVIROMENT




                                                                2





mnewiv(1)                                               mnewiv(1)


       MARU_PASSPHRASE
                 Use the contents of  this  variable  instead  of
                 prompting for a pass-phrase.

COPYRIGHT
               Copyright  1997        Julian Assange , All rights
       reserved.

AUTHOR
              Julian Assange    <proff@iq.org>.

SEE ALSO
            hose(1),            mnewiv(1),            mcreate(1),
            mwipe(1),            mattach(1),            maset(1),
            msetkey(1),         mclearkey(1),         mdetach(1),
            mdecrypt(1),          mgetopt(1),         msetopt(1),
            mstats(1),      minfo(1),      mlist(1).


mlist(1)                                                 mlist(1)


NAME
       mlist -- List available ciphers

SYNOPSIS
       mlist [-d debug_lvl]  [-f]

DESCRIPTION
       List available ciphers

OPTIONS
       -d debug_lvl
                 Set  the debug level. Level 0 produces no status
                 information ("quiet"), level 1 produces  minimal
                 status  informatio.  Level  2  and above produce
                 additional debugging information.  At  debugging
                 levels two or greater, the anti-core-dumping and
                 memory-wiping-on-exit features of rubberhose are
                 disabled in other to facilitate post crash anal-
                 ysis.

       -f        Force contiuation on error (where possible,  e.g
                 over-write  pre-existing files instead of abort-
                 ing).

EXAMPLE
       Example mlist

       $ mlist
       rubberhose (0.5) (c) 1997 Julian Assange <proff@iq.org>
       Remember - it's called ``Rubber-hose'', but it's pronounced ``Maru-tuk-ku''.
               name xor
                 cipher_num    13
                 key_size      128 bits
                 block_size    64 bits
                 state/ksch    4 bytes
               name idea-cbc
                 cipher_num    2
                 key_size      128 bits
                 block_size    64 bits
                 state/ksch    432 bytes
               name cast-cbc
                 cipher_num    1
                 key_size      128 bits
                 block_size    64 bits
                 state/ksch    132 bytes
               name ssl-rc2-cbc
                 cipher_num    11
                 key_size      128 bits
                 block_size    64 bits
                 state/ksch    8196 bytes
               name ssl-blowfish-cbc
                 cipher_num    5
                 key_size      448 bits
                 block_size    64 bits



                                                                1





mlist(1)                                                 mlist(1)


                 state/ksch    8196 bytes
               name ssl-rc4
                 cipher_num    12
                 key_size      2048 bits
                 block_size    0 bits (stream cipher)
                 state/ksch    8196 bytes
               name ssl-idea-cbc
                 cipher_num    10
                 key_size      128 bits
                 block_size    64 bits
                 state/ksch    8196 bytes
               name ssl-des-cbc
                 cipher_num    6
                 key_size      64 bits (56 bits real)
                 block_size    64 bits
                 state/ksch    8196 bytes
               name ssl-des-ede-cbc
                 cipher_num    7
                 key_size      128 bits (112 bits real)
                 block_size    64 bits
                 state/ksch    8196 bytes
               name ssl-des-ede3-cbc
                 cipher_num    8
                 key_size      192 bits (168 bits real)
                 block_size    64 bits
                 state/ksch    8196 bytes
               name ssl-desx-cbc
                 cipher_num    9
                 key_size      192 bits (168 bits real)
                 block_size    64 bits
                 state/ksch    8196 bytes
               name rc16
                 cipher_num    3
                 key_size      2048 bits
                 block_size    0 bits (stream cipher)
                 state/ksch    131080 bytes

ENVIROMENT
       MARU_PASSPHRASE
                 Use the contents of  this  variable  instead  of
                 prompting for a pass-phrase.

COPYRIGHT
               Copyright  1997        Julian Assange , All rights
       reserved.

AUTHOR
              Julian Assange    <proff@iq.org>.

SEE ALSO
            hose(1),            mnewiv(1),            mcreate(1),
            mwipe(1),            mattach(1),            maset(1),
            msetkey(1),         mclearkey(1),         mdetach(1),
            mdecrypt(1),          mgetopt(1),         msetopt(1),



                                                                2





mlist(1)                                                 mlist(1)


            mstats(1),      minfo(1),      mlist(1).



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971122135023.3909.qmail>