| View previous topic :: View next topic |
| Author |
Message |
bisho
n00b
Joined: 02 May 2003
Posts: 69
Location: Madrid (Spain)
|
 Posted: Tue Sep 02, 2003 10:16 am Post subject: kernel 2.6 crypto loop problem |
 |
|
I have been using AES encryption for the /home partition with kernel 2.4
With the new 2.6.0-test4 kernel, I get this error when trying to mount the partition:
| Code: | The cipher does not exist, or a cipher module needs to be loaded into the kernel
ioctl: LOOP_SET_STATUS: Invalid argument |
The configuration in the fstab is:
| Code: | | /dev/hda6 /home reiserfs loop,keybits=256,phash=sha512,encryption=aes,noauto,noatime 0 0 |
Of course I have the AES and related SHA compiled. I have tried both in modules and built-in with no sucess. I have currently all the crypto modules loaded into the kernel.
| Code: | Module Size Used by
twofish 41984 -
sha1 8096 -
serpent 12544 -
md5 3616 -
md4 3232 -
des 11232 -
deflate 3616 -
zlib_deflate 21400 -
crypto_null 1792 -
cast6 20768 -
cast5 15584 -
blowfish 9312 -
sha256 9920 -
sha512 9600 -
aes 32672 -
sg 32364 -
sr_mod 14880 -
sd_mod 13504 -
scsi_mod 107668 -
|
Anybody know how to solve this? I'm unable to use 2.6 till this is solved.  ((
_________________
-=[ bisho [=- |
|
| Back to top |
|
 |
bisho
n00b
Joined: 02 May 2003
Posts: 69
Location: Madrid (Spain)
|
| Posted: Tue Sep 02, 2003 12:23 pm Post subject: |
|
|
Ok, I have partially solved the problem.
Re-emerge util-linux makes the mount command detect correctly the available cryto algorithms. The /proc file where check the installed cryptos have changed, and recompiling under the new kernel makes that work.
Anyway, I'm still having dificulties, because mount doesn't seem to set up the loop device correctly. I get:
| Code: | mount: wrong fs type, bad option, bad superblock on /dev/loop0,
or too many mounted file systems
(could this be the IDE device where you in fact use
ide-scsi so that sr0 or sda or so is needed?)
|
And looking the strace of the mount it never setups the loop0. Anybody know how to correct this???
_________________
-=[ bisho [=- |
|
| Back to top |
|
|
mmealman
Guru
Joined: 02 Nov 2002
Posts: 348
Location: Florida
|
| Posted: Tue Sep 02, 2003 10:35 pm Post subject: |
|
|
I guess I sort of have the same problem, though I'm not 100% sure if I'm even trying to mount the stuff correctly 
Under Linux 2.4 and util-linux-2.11 I used to use:
| Code: |
/sbin/losetup -e aes -k 128 /dev/loop0 /home/mmealman/cryptfile
/bin/mount -t reiserfs /dev/loop0 /home/mmealman/mountpoint
|
Under Linux 2.6 and util-linux-2.12 I'm trying either of the below:
| Code: |
mount -t reiserfs /home/mmealman/cryptfile /home/mmealman/mountpoint -o loop=/dev/loop0,encryption=aes,keybits=128
mount -t reiserfs /home/mmealman/cryptfile /home/mmealman/mountpoint -o loop=/dev/loop0,encryption=AES128,phash=sha512
|
Neither work.
What's the proper way to do this? Or is something just borked? |
|
| Back to top |
|
|
bisho
n00b
Joined: 02 May 2003
Posts: 69
Location: Madrid (Spain)
|
| Posted: Tue Sep 02, 2003 11:02 pm Post subject: |
|
|
| mmealman wrote: | I guess I sort of have the same problem, though I'm not 100% sure if I'm even trying to mount the stuff correctly
Under Linux 2.4 and util-linux-2.11 I used to use:
| Code: |
/sbin/losetup -e aes -k 128 /dev/loop0 /home/mmealman/cryptfile
/bin/mount -t reiserfs /dev/loop0 /home/mmealman/mountpoint
|
|
Under 2.4 (gentoo sources) I used:
| Code: |
losetup -e aes -k 256 -p sha512 /dev/loop0 /dev/hdX
|
With this I arrange /dev/loop0 as a 256 bit AES with a SHA512 as the password. Format /dev/loop0 and detach it with losetup -d /dev/loop0
In the fstab put a line like:
| Code: |
/dev/hdaX /home reiserfs loop,keybits=256,phash=sha512,encryption=aes,noauto,noatime 0 0
|
And when you try to mount /home it will ask you the password. I put it as noauto, because I have a rc script yo launch de mount command. I don't know if with auto will ask the password and wait for the input or it will fail.
On 2.6 I haven't managed to get it working yet ((... Maybe is a problem of having crypto-loop built-in into the kernel and not as module, I'm not sure. If you discover anything let me know.
PD: If is a big partition could be interesting to fill the device with random data before using it, to make imposible to know where is data and where is empty on the disk.
_________________
-=[ bisho [=- |
|
| Back to top |
|
|
bisho
n00b
Joined: 02 May 2003
Posts: 69
Location: Madrid (Spain)
|
| Posted: Tue Sep 02, 2003 11:11 pm Post subject: |
|
|
One more thing. If you are using a file instead of a partition to have a crypted filesystem, you have to create the file first, and fill it with something (I recomend you to fill it with data from /dev/urandom)
For example:
| Code: | | dd if=/dev/urandom bs=1024k count=100 > crypto.fs # 100 Mb |
_________________
-=[ bisho [=- |
|
| Back to top |
|
|
mmealman
Guru
Joined: 02 Nov 2002
Posts: 348
Location: Florida
|
| Posted: Tue Sep 02, 2003 11:29 pm Post subject: |
|
|
| bisho wrote: | One more thing. If you are using a file instead of a partition to have a crypted filesystem, you have to create the file first, and fill it with something (I recomend you to fill it with data from /dev/urandom)
For example:
| Code: | | dd if=/dev/urandom bs=1024k count=100 > crypto.fs # 100 Mb |
|
Yeah, that's how I created my 2.4 crypt files. Then I'd mount them via losetup onto the loop device, run mkfs the first time and mount that.
How would you take the above crypto.fs file though and initialize it and mkfs it for mounting under a 2.6 kernel?
I'd be more than willing to boot back into 2.4, copy out my files, boot into 2.6 and move them into crypted directories. |
|
| Back to top |
|
|
bisho
n00b
Joined: 02 May 2003
Posts: 69
Location: Madrid (Spain)
|
| Posted: Wed Sep 03, 2003 12:16 am Post subject: |
|
|
| mmealman wrote: | Yeah, that's how I created my 2.4 crypt files. Then I'd mount them via losetup onto the loop device, run mkfs the first time and mount that.
How would you take the above crypto.fs file though and initialize it and mkfs it for mounting under a 2.6 kernel?
I'd be more than willing to boot back into 2.4, copy out my files, boot into 2.6 and move them into crypted directories. |
You think that crypto device changes between 2.4 and 2.6??? they are not compatible??? I have been trying to mount the /home under 2.6 with no sucess, maybe with a newly created loop device under 2.6 it works, I haven't test it, but it would be a pitty to have non compatible cryto fs between 2.4 and 2.6.
_________________
-=[ bisho [=- |
|
| Back to top |
|
|
mmealman
Guru
Joined: 02 Nov 2002
Posts: 348
Location: Florida
|
| Posted: Wed Sep 03, 2003 2:38 am Post subject: |
|
|
I think they're compatible, but I think it'd be easier to figure it out if I knew for sure what I was doing under 2.6. It's like one of those things where sometimes you need to step back and simplify things.
And knowing how to build a crypt mount from scratch purely under 2.6 would make it a little easier to tell at what point the 2.4 -> 2.6 usage is breaking.
Oh well, as more people move to 2.6 I'm sure this will get better documented. |
|
| Back to top |
|
|
|
Networking & Security
