| View previous topic :: View next topic |
| Author |
Message |
Klavs
Guru
Joined: 22 May 2002
Posts: 536
Location: Denmark
|
 Posted: Tue Aug 12, 2003 8:41 am Post subject: util-linux-2.12 is borked? |
 |
|
Hi guys,
I'm using Util-linux-2.11z-r1 and it works beautifully (but only with kernel-2.4).
I just tried to upgrade to util-linux-2.12, as there should some stuff meaning that I could use it with kernel-2.6-testX.
I have an aes encrypted file, that I need to loop mount and I've created it using the aes encryption in Gentoo-sources - not loop-aes.sf.net (which I've heard is a lot better - whats your say on this?).
Anyways, to the point, with util-linux-2.12 I get this message when trying to do losetup -e aes /dev/loop /path/to/encrypted/file (also it doesn't ask for the Keysize anymore. I also tried to add -E 192 - but stilll I get this message:
ioctl: LOOP_SET_STATUS: Invalid argument
Anyone know what kinda crap is up with the new util-linux version?
Also, does anyone know how best to enable encrypted loopback with both linux-2.4 and 2.6 ?
_________________
Best regards,
Klavs Klavsen
Denmark
Working with Unix is like wrestling a worthy opponent.
Working with windows is like attacking a small whining child
who is carrying a .38. |
|
| Back to top |
|
 |
Jake
Veteran
Joined: 31 Jul 2003
Posts: 1132
|
| Posted: Wed Aug 13, 2003 7:29 pm Post subject: |
|
|
| Does it work if you do everything in one step with mount? mount -o loop=/dev/loop0,encryption=aes,keysize=256... is the syntax, I think. Even if you get it working, you should know that filesystems aes encrypted with the linux international patch will still fail because the linuxi version of the algorithm is wrong. Another incompatability is the lack of a password hash option. |
|
| Back to top |
|
|
bpardy
n00b
Joined: 14 Aug 2003
Posts: 3
|
| Posted: Fri Aug 15, 2003 12:00 am Post subject: Re: util-linux-2.12 is borked? |
|
|
| Klavs wrote: | Hi guys,
I'm using Util-linux-2.11z-r1 and it works beautifully (but only with kernel-2.4).
I just tried to upgrade to util-linux-2.12, as there should some stuff meaning that I could use it with kernel-2.6-testX.
I have an aes encrypted file, that I need to loop mount and I've created it using the aes encryption in Gentoo-sources - not loop-aes.sf.net (which I've heard is a lot better - whats your say on this?).
Anyways, to the point, with util-linux-2.12 I get this message when trying to do losetup -e aes /dev/loop /path/to/encrypted/file (also it doesn't ask for the Keysize anymore. I also tried to add -E 192 - but stilll I get this message:
ioctl: LOOP_SET_STATUS: Invalid argument
Anyone know what kinda crap is up with the new util-linux version?
Also, does anyone know how best to enable encrypted loopback with both linux-2.4 and 2.6 ? |
Hi - do you have a binary of the older working losetup available? I upgraded to util-linux 2.12 unknowingly, and it has destroyed my ability to access my encrypted filesystems.
I'm only running kernel 2.4 so I can't believe they changed something so drastically to break backwards compatibility like that - I'm REALLY pissed off right now. |
|
| Back to top |
|
|
Klavs
Guru
Joined: 22 May 2002
Posts: 536
Location: Denmark
|
| Posted: Fri Aug 15, 2003 6:26 am Post subject: |
|
|
sure I have a binary for you. I ALWAYS build packages with the feature buildpkg (or the -b option for emerge) so I can roll back (hint hint 
Could you try to do what is suggested above - ie.
mount -o loop=/dev/loop0,encryption=aes,keysize=256 /path/to/encrypted/file /path/to/mountpoint
and see if it works?
_________________
Best regards,
Klavs Klavsen
Denmark
Working with Unix is like wrestling a worthy opponent.
Working with windows is like attacking a small whining child
who is carrying a .38. |
|
| Back to top |
|
|
bpardy
n00b
Joined: 14 Aug 2003
Posts: 3
|
| Posted: Fri Aug 15, 2003 12:21 pm Post subject: |
|
|
| Klavs wrote: | sure I have a binary for you. I ALWAYS build packages with the feature buildpkg (or the -b option for emerge) so I can roll back (hint hint
Could you try to do what is suggested above - ie.
mount -o loop=/dev/loop0,encryption=aes,keysize=256 /path/to/encrypted/file /path/to/mountpoint
and see if it works? |
If I could access anything other than my minimal 30MB unencrypted root filesystem, I'd be able to get to those package backups
It's actually blowfish here, so if I try:
mount -o loop=/dev/loop0,encryption=blowfish,keysize=256 /path/to/file /path/to/mnt
That just gives me
ioctl: LOOP_SET_STATUS: Invalid argument
I tried changing 'blowfish' to 'blowfish-ecb' and 'blowfish-cbc', both of which then ask me to specify the fs type, after doing which I actually *am* prompted for my loop password, but I get a "wrong fs type, bad option, bad superblock on /dev/loop0" error from mount.
So about those binaries.... |
|
| Back to top |
|
|
lu_zero
Developer
Joined: 05 Sep 2002
Posts: 49
|
| Posted: Fri Sep 05, 2003 1:28 pm Post subject: |
|
|
| modprobe cryptoloop before losetup/mount that and you'll be fine |
|
| Back to top |
|
|
Klavs
Guru
Joined: 22 May 2002
Posts: 536
Location: Denmark
|
| Posted: Fri Sep 05, 2003 1:52 pm Post subject: |
|
|
I did modprobe cryptoloop before running losetup - I do now and my encrypted partition works just fine. If I run util-linux-2.12 does as described - even though cryptoloop is loaded.
_________________
Best regards,
Klavs Klavsen
Denmark
Working with Unix is like wrestling a worthy opponent.
Working with windows is like attacking a small whining child
who is carrying a .38. |
|
| Back to top |
|
|
lu_zero
Developer
Joined: 05 Sep 2002
Posts: 49
|
| Posted: Fri Sep 05, 2003 8:39 pm Post subject: |
|
|
it seems to work (just created a new loopback now) with 2.6.0test4-mm3
which kernels are you using? |
|
| Back to top |
|
|
mmealman
Guru
Joined: 02 Nov 2002
Posts: 348
Location: Florida
|
| Posted: Fri Sep 05, 2003 11:30 pm Post subject: |
|
|
Any chance you could you go through the steps of creating a new blank encrypted file, making the fs, setting the passphrase, etc and then mounting it to a dir all under 2.6?
Rather than try to mount my old 2.4 crypted files I'd like to be able to do a blank one from scratch to see where I'm messing up and/or just maybe copy the stuff out into new crypts. |
|
| Back to top |
|
|
Klavs
Guru
Joined: 22 May 2002
Posts: 536
Location: Denmark
|
| Posted: Sat Sep 06, 2003 5:34 am Post subject: |
|
|
Only one problem - it's a 50gb partition (filled at the moment) on an 80gb disk...
And If I'm going to do that (which is going to take some time, 50gb's of encrypted datatransfer takes a bit of time, on a 900mhz duron  , I'd prefer doing it to something that actually will work for both 2.4 and 2.6.
As I've heard so far, the only thing that really works on both kernels with the same utils, is loop-aes - or am I just plain wrong on that one? I've also heard that loop-aes should be better and more stable code (can't find the link - think it was Alan Cox that had some negative things to say about cryptoloop).
_________________
Best regards,
Klavs Klavsen
Denmark
Working with Unix is like wrestling a worthy opponent.
Working with windows is like attacking a small whining child
who is carrying a .38. |
|
| Back to top |
|
|
Klavs
Guru
Joined: 22 May 2002
Posts: 536
Location: Denmark
|
| Posted: Sat Sep 06, 2003 5:51 am Post subject: |
|
|
Only one problem - it's a 50gb partition (filled at the moment) on an 80gb disk...
And If I'm going to do that (which is going to take some time, 50gb's of encrypted datatransfer takes a bit of time, on a 900mhz duron , I'd prefer doing it to something that actually will work for both 2.4 and 2.6.
As I've heard so far, the only thing that really works on both kernels with the same utils, is loop-aes - or am I just plain wrong on that one? I've also heard that loop-aes should be better and more stable code (can't find the link - think it was Alan Cox that had some negative things to say about cryptoloop).
_________________
Best regards,
Klavs Klavsen
Denmark
Working with Unix is like wrestling a worthy opponent.
Working with windows is like attacking a small whining child
who is carrying a .38. |
|
| Back to top |
|
|
watersb
Apprentice
Joined: 04 Sep 2002
Posts: 297
Location: take a left turn in Tesuque
|
| Posted: Thu Sep 11, 2003 11:30 pm Post subject: |
|
|
| Klavs wrote: | I'd prefer doing it to something that actually will work for both 2.4 and 2.6.
As I've heard so far, the only thing that really works on both kernels with the same utils, is loop-aes - or am I just plain wrong on that one? |
I had the same problems with loop-AES-patched util-linux 2.12.
However, I have been able to get CryptoAPI to work against 2.6 as well as 2.4 -- although not against the same exact partitions.
Please see https://forums.gentoo.org/viewtopic.php?t=31363&start=251 |
|
| Back to top |
|
|
Klavs
Guru
Joined: 22 May 2002
Posts: 536
Location: Denmark
|
| Posted: Fri Sep 12, 2003 5:40 am Post subject: |
|
|
it's IMHO pretty ridiculous, that you can't have an encrypted disk that works for kernel-2.4 and 2.6. I'm hoping Linux will grow up on this issue at some point and make it a bit easier.
_________________
Best regards,
Klavs Klavsen
Denmark
Working with Unix is like wrestling a worthy opponent.
Working with windows is like attacking a small whining child
who is carrying a .38. |
|
| Back to top |
|
|
slick
Bodhisattva
Joined: 20 Apr 2003
Posts: 3495
|
| Posted: Tue Sep 16, 2003 8:39 am Post subject: |
|
|
| I testing cryptoloop with gentoo-sources and current util-linux-2.11 from portagetree (Useflag crypt must set to add the patch automatic). Locks good at this time... |
|
| Back to top |
|
|
bl00mie
Tux's lil' helper
Joined: 05 Apr 2003
Posts: 82
Location: washington, dc
|
| Posted: Mon Dec 15, 2003 11:40 pm Post subject: aes-loop |
|
|
i was having trouble with the afore-mentioned ideas.
originally, i tried putting the following line into my fstab, and then just mounting the appropriate drive:
| Code: | | /dev/hda3 /opt/crypt ext2 defaults,noauto,loop=/dev/loop5,encryption=AES256 0 0 |
but that never worked. i always got the loop_set_status: invalid argument message.
i also tried the mount one-liner, but again, i got the same message. i'm using kernel 2.6.0-test11, so maybe that was the problem.
anyway, i tried that stuff after already knowing i could mount hda3 using loop-aes by hand. i just didn't like doing it. so i just wrote a couple scripts to do it for me for now:
| Code: | #!/bin/bash
losetup -e AES256 /dev/loop5 /dev/hda3
mount /dev/loop5 /opt/crypt |
as expected, it asks me for a password. when i type it, my crypt is unlocked!
and
| Code: | #!/bin/bash
umount /opt/crypt
losetup -d /dev/loop5 |
i know it's not the most 1337 way to do things. if i were good at this stuff, i'd just get it to work the right way.
--chad |
|
| Back to top |
|
|
slick
Bodhisattva
Joined: 20 Apr 2003
Posts: 3495
|
| Posted: Tue Dec 16, 2003 9:43 pm Post subject: |
|
|
i dont use the fstab. i use my own initscript. the cipher and the cryptoloop must there in the kernel (not as modules). my kernel is 2.4.20-gentoo-r8.
in this case i use a encrypted /var, /data and an encrypted swap...
the password for swap is generated by (simple) random at start for better security
this script mount the devices before localmount otherwise a lot of errors will there because the /var is not mounted
i dont know if it the right way, but works great.
# /etc/init.d/cryptomount
| Code: |
depend() {
need checkroot modules
before localmount
}
start() {
ebegin "Starting crypto loop devices"
ebegin " load encrypted partition(s)"
/sbin/swapoff -a >& /dev/null
until [ "$passwd" = "$passwd2" -a -n "$passwd" ]; do
# the bash read buitlin has to support the -s option.
# Don't use read without -s!!
read -s -p "Enter Passphrase: " passwd; echo
read -s -p "Re-enter Passphrase: " passwd2; echo
done
echo $passwd | losetup -e twofish -k 256 -P sha256 -p 0 /dev/loop1 /dev/hda6
fsck /dev/loop1
if [ "$?" == "0" ] ; then
mount /dev/loop1 /var
else
eerror "failure (dev/loop1 - var) can't mount"
fi
echo $passwd | losetup -e twofish -k 256 -P sha256 -p 0 /dev/loop2 /dev/hda7
fsck /dev/loop2
if [ "$?" == "0" ] ; then
mount /dev/loop2 /data
else
eerror "failure (/dev/loop2 - data) can't mount"
fi
unset $passwd
ebegin " encrypting Swap"
swapoff /dev/hda1 >& /dev/null
echo "`/bin/date | /bin/sed 's/[^a-z,A-Z,0-9]//g'`$RANDOM$RANDOM$RANDOM" | /sbin/losetup -e twofish -k 128 -P sha256 -p 0 /dev/loop0 /dev/hda1
/sbin/mkswap /dev/loop0 &> /dev/null
/sbin/swapon /dev/loop0
/sbin/swapon -a >& /dev/null
return 0
}
|
|
|
| Back to top |
|
|
|
Networking & Security
