TCFS Dynamic Encryption Module
The dynamic encryption module feature of TCFS allows a user to specify
the encryption engine of his/her choiche to be used by TCFS.
So you are not forced anymore to use what us (the developer) consider
the best (i.e., more secure and efficient) encryption algorithm.
The encryption engine must be given in the form of a Linux module
and must conform to (the very simple) TCFS API for encryption module.
Essentially, it must specify four functions:
- An initialization function that is called
by TCFS when the user pushes her key into TCFS.
Typically the initialization function takes as input
the key and returns a pointer to a struct containing a
the result of a preprocessing of the key to be used for
the encryption and the decryption.
For the specific case of DES the initialization function
computes the 16 48-bit subkeys, one for each round of DES.
- An encryption function which takes
a block of data, the length of the block in bytes and
the result of the initialization function and
encrypts the data.
- A decryption function which takes
a block of data, the length of the block in bytes and
the result of the initialization function and
decrypts the data.
The encryption and the decryption functions are called
each time TCFS needs to read/write a block of data.
- A cleanup function which performs whatever operation
is needed before the key removed by TCFS.
The following directory contains sources and Makefile
needed to build the NULL encryption module. That is the encryption
algorithm that does not do anything. This can be used as starting
point to develop your own encryption module.
In the future, TCFS will be able to handle different encryption modules
at the same time. Currently, once the module has been built it has
to be copied in the module directory (this is
usually the directory /lib/modules/current-version) and has to be
named tcfs_default_cipher.o.