![]() |
FreeOTFE |
Critical data block:
|
Color key:
Color |
Encryption used |
---|---|
|
Red items are not encrypted |
|
Blue items are encrypted with the user's chosen cypher together with a "critical data key" generated using PKCS#5 PBKDF2 (with HMAC PRF) together with the user's password, salt, and chosen hash algorithm |
Seem intimidating? Read on, and all will become clear... When broken down into its component parts,
the CDB structure is reasonably straightforward to understand.
Note: Throughout this document, the following definitions apply:
Variable |
Definition |
---|---|
CDL |
Critical Data Length (in bits) This is defined as 4096 bits. |
MML |
Maximum MAC Length (in bits) This is defined as 512 bits. |
sl |
Salt length (in bits) This is the user specified salt length, as specified by the user when the CDB is created |
cbs |
Cypher Block Size (in bits) The block size of the cypher used to encrypt the volume |
cks |
Cypher Key Size (in bits) The key size of the cypher used to encrypt the volume. If the cypher accepts variable length keysizes, this is set to a user-specified value up to a maximum of 512. |
ml |
MAC length (in bits) This is the length of MAC generated |
Password salt | Encrypted block | Random padding #1 |
Item name | Size (in bits) | Description |
---|---|---|
Password salt | sl (User specified to a max 512) |
This data is used together with the user's password to derive the "critical data key". This key is then used to encrypt/decrypt the "Encrypted block". |
Encrypted block | If cbs>8 then: ((CDL - sl) div cbs) * cbs If cbs<=8 then: (CDL - sl) This size is referred to as "leb" |
This block contains the actual key which is used to encrypt/decrypt
the encrypted partition image.
See below for further breakdown. |
Random padding #1 |
((CDL- sl) - leb) |
Random "padding" data. Required to pad out any remaining, unused, bits in the "critical data block" |
Total size: | CDL |
Check MAC | Random padding #3 |
Volume details block |
As described above, this entire block is encrypted using the user's
password, salt, and chosen hash and cypher algorithms.
As this block is encrypted, it's length (in bits) must be a multiple of the cypher's blocksize.
Item name | Size (in bits) | Description |
---|---|---|
Check MAC | ml Up to a maximum of MML bits |
This is the MAC of the plaintext version of the "Volume details block". If hk is zero or undefined, then this hash will be either truncated to MML bits, or right-padded with 0 bits up to a maximum of MML bits |
Random padding #3 |
MML - ml |
Random "padding" data. Required to pad out the check MAC to a predetermined number of bits. |
Volume details | leb - MML | This stores the details of how to encrypt/decrypt the encrypted partition. |
Total size: | leb |
|
CDB format ID |
Volume flags | Encrypted partition image length | Master key length | Master key | Requested drive letter | Volume IV length |
Volume IV |
Sector IV generation method | Random padding #2 |
Finally, we reach the details that the critical data block was designed
to protect. All of the items within this block have bit order: MSB first.
Item name | Size (in bits) | Description |
---|---|---|
CDB format ID | 8 | This is a version ID which identifies the layout of the remainder of
the volume details block
When this layout format is used, this will always be set to 3. Later volume file layouts may have different items in this section, or the layout may change; in which case a different version ID will be used here. |
Volume flags |
32 |
Bitmap flagging various items. Bit - Description 0 - (unused) 1 - Sector ID zero is at the start of the file 0 = Sector ID zero is at the start of the encrypted data 1 = Sector ID zero is at the start of the host volume file/partition 2 - (unused) 3 - (unused) |
Encrypted partition image length | 64 | This stores the length of the encrypted partition image in bytes. |
Master key length | 32 | This will be set to the length of the master key in bits. |
Master key | cks |
This is set to the random data generated when the volume was created; and is the en/decryption key used to encrypt the encrypted partition image |
Requested drive letter | 8 |
The drive letter the volume should be normally be mounted as. Set to 0x00 if there is no particular drive letter the volume should be mounted as (i.e. mount using the first available drive letter). |
Volume IV length | 32 |
This will be set to the length of the Volume IV in bits. If the cypher's blocksize is >= 0, this will be set to the cypher's blocksize. Otherwise, this will be set to 0. |
Volume IV | If (cbs > 0), then: cbs If (cbs <= 0), then 0 |
This is set to the random data
generated when the volume was created. When each sector of the
encrypted partition is encrypted/decrypted, this value will be XORd
with any (hashed or unhashed) sector ID before being used as the sector
IV. This guarantees that every sector within the encrypted partition has a non-predictable IVs. |
Sector IV generation method |
8 |
This is set to indicate the
method of generating sector IVs. Note that if a volume IV is present,
then it will be XORd with the IV generated using this method, before it
is used for encryption/decryption. In all cases, the sector IV
generated will be right-padded/truncated to the cypher's blocksize. If the cypher's blocksize is <= 0, then this must be set to 0. 0 - No sector IVs (Null sector IV) 1 - Sector IV is the 32 bit sector ID (LSB first) 2 - Sector IV is the 64 bit sector ID (LSB first) 3 - Hash of the 32 bit sector ID (sector ID is LSB first) 4 - Hash of the 64 bit sector ID (sector ID is LSB first) 5 - ESSIV The "Volume flags" item is used to determine the location of sector zero (start of encrypted data, or start of host file/partition) |
Random padding #2 | Random "padding" data. Required to pad out the encrypted block to a multiple of bs, and to increase the size of this block to the maximum length that can fit within the "critical data block". | |
Total size: | (leb - MML) |
|