Ccrypt - cheap Ethernet cryptography

Description

Ccrypt is a very nice project for encrypting layer 2 (Ethernet) traffic without expanding Ethernet frames. It is clean, simple and well written. It uses Linux cryptographic API so it can use many ciphers, key lengths and change settings in the fly.

Development

Ccrypt is a project contained in my linux kernel repository.

Discussion about ccrypt on lkml

http://lwn.net/Articles/204435/
http://www.mail-archive.com/netdev@vger.kernel.org/msg24388.html

In work

Below you can see how a ccrypt-encrypted ARP and ping requests from 192.168.111.2 to 192.168.111.3 look like in tcpdump (copy from Lintrack advantages page)

19:38:12.585727 truncated-arp
       0x0000:  bc75 eb25 8af0 1e9a 01dd feed 81f6 174d  .u.%...........M
       0x0010:  fcaf 1d2c e784 d353 e155 92f8 91c6 fab8  ...,...S.U......
       0x0020:  148c c80d 282b f5db 351e 921c 059c       ....(+..5.....
       0x0000:  ffff ffff ffff 5254 0012 7ff5 0806 bc75  ......RT.......u
       0x0010:  eb25 8af0 1e9a 01dd feed 81f6 174d fcaf  .%...........M..
       0x0020:  1d2c e784 d353 e155 92f8 91c6 fab8 148c  .,...S.U........
       0x0030:  c80d 282b f5db 351e 921c 059c            ..(+..5.....
19:38:12.587365 truncated-arp
       0x0000:  3d4e 6726 e37c 475d 4fca 3a81 4c6f f9b7  =Ng&.|G]O.:.Lo..
       0x0010:  f08c a89b 1922 3ce6 40ca b73e 9cc4 7427  ....."<.@..>..t'
       0x0020:  6d46 dbf0 f9fb 55dd 814a ab36 033b       mF....U..J.6.;
       0x0000:  5254 0012 7ff5 5254 0012 ddd7 0806 3d4e  RT....RT......=N
       0x0010:  6726 e37c 475d 4fca 3a81 4c6f f9b7 f08c  g&.|G]O.:.Lo....
       0x0020:  a89b 1922 3ce6 40ca b73e 9cc4 7427 6d46  ..."<.@..>..t'mF
       0x0030:  dbf0 f9fb 55dd 814a ab36 033b            ....U..J.6.;
19:38:12.609685 IP13 truncated-ip - 39385 bytes missing! 205.84.36.69 > 90.22.168.137: ip-proto-33
       0x0000:  5254 0012 ddd7 5254 0012 7ff5 0800 dc41  RT....RT.......A
       0x0010:  9a2d a83d 554d 0821 d325 cd54 2445 5a16  .-.=UM.!.%.T$EZ.
       0x0020:  a889 5989 d83a fac3 4600 bd89 afb1 31c4  ..Y..:..F.....1.
       0x0030:  b582 7a8c 25ac 1702 5dc3 0ce3 b2d9 2a95  ..z.%...].....*.
       0x0040:  4dfb eb44 d57d 0c5c 0441 782c 6886 91a6  M..D.}.\.Ax,h...
       0x0050:  17c3 d588 45f1 dfdd 5342 1e2a b4a4 435b  ....E...SB.*..C[
19:38:12.612029 IP14 bad-hlen 12
       0x0000:  5254 0012 7ff5 5254 0012 ddd7 0800 e32d  RT....RT.......-
       0x0010:  60bd 0ecd 0ef0 afae f636 085b af32 a45a  `........6.[.2.Z
       0x0020:  239d 862c 09c0 75ad 7462 a9b1 e896 ce80  #..,..u.tb......
       0x0030:  af24 5410 b5d2 91c9 be37 e8d5 deb1 7dd8  .$T......7....}.
       0x0040:  b620 93de a30b ba5b e0ef 51ba b348 bdb2  .......[..Q..H..
       0x0050:  cb57 5a73 0173 8c8f 0785 d0e4 9139 3173  .WZs.s.......91s

It needs update

I'm looking for time (or help) to update it it to newest kernel changes in cryptography infrastructure. It was developed for 2.6.16 and probably works well with 2.6.17, but will not apply onto newer kernel versions.

I've managed to get code to compile with 2.6.24rc3 kernel and it should work with some previous releases too. After some investigation it looks that changes are simpler than I thought so basically I was just renaming things here and there, but I still haven't found a time to test the changes (even briefly)! As soon as I set up some testing envivorment I will test if everything is OK.

Documentation

ccrypt.txt

Downloads

ccrypt-2.6.16-20060901.diff.bz2
ccrypt-2.6.24rc3-20071124-not-tested.diff.bz2

Download from Lintrack project

http://dev.lintrack.org/browser/trunk/pkg/linux/patches/old-2.6.17

Feel free to comment

Add a new comment
Page tags: ccrypt kernel lintrack linux
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License