Bug 113920

Summary: loop-aes multi-key setup failure
Product: [openSUSE] SUSE LINUX 10.0 Reporter: David North <d_north>
Component: KernelAssignee: Mads Martin Joergensen <mmj>
Status: RESOLVED INVALID QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: d_north, hvogel
Version: Beta 3   
Target Milestone: ---   
Hardware: PC   
OS: All   
Whiteboard:
Found By: Beta-Customer Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description David North 2005-08-29 16:36:07 UTC 
losetup fails with
  ioctl: LOOP_MULTI_KEY_SETUP: Invalid argument
when invoked with:
  losetup -e AES128 -K testkey.gpg /dev/loop0 ./fodder.dsk

testkey.gpg was created:
head -c 2880 /dev/urandom | uuencode -m - | head -n 64 | tail -n 64 | gpg
--symmetric -a > testkey.gpg

An issue identical to this was in SuSE Desktop 9.3 professional, and it looked
to me like the loop-aes patch that allows multi-key encryption was applied to
the losetup tool, but the corresponding kernel changes didn't seem to be in there.

Versions:
  Kernel 2.6.13-rc6-git13-4-default running under vmware.
  losetup from util-linux-2.12q-21

Prerequisites
  load uuencode if you need to build a key file
  modprobe aes_i586
  modprobe cryptoloop
Comment 1 David North 2005-08-29 19:30:12 UTC 
Of course I can't seem to get it typed in exactly right..... the corrected line
reads as below:

head -c 2880 /dev/urandom | uuencode -m - | head -n 65 | tail -n 64 | gpg
--symmetric -a > testkey.gpg
Comment 3 Hendrik Vogelsang 2005-09-01 10:40:21 UTC 
David can you please check if the 

loop_fish2

module is loaded?

lsmod | grep fish
Comment 4 Jens Axboe 2005-09-01 10:49:10 UTC 
michaelg also suggests trying losetup -e aes-128.
Comment 5 Hendrik Vogelsang 2005-09-01 11:22:21 UTC 
ok let me explain:

We have 3 different crypto systems here

loop_fish2
cryptoloop + cipher
dm-crypt + cipher

if loop_fish2 is loaded everything goes over that one (which is a bug #74441)

if you want to use cryptoloop you have to load the modules cryptoloop and the
cipher module you want to use. Like in this case
modprobe cryptoloop; modprobe aes-i586

if you want to use dm-crypt you have to load dm-crypt and the cypher you want to
use.

So the question is:

is loop_fish2 loaded? if yes you see bug #74441

is cryptoloop loaded? if not you have to load it.

is aes-i586 loaed? if not you have to load it.

if cryptoloop and aes-i586 are loaded, something is wrong with losetup
Comment 6 David North 2005-09-01 13:18:08 UTC 
Thank you for looking at this....

  loop_fish2 is not loaded
  dm-crypt is not loaded

  cryptoloop is loaded
  aes_i586 is loaded

I am trying to use the multikey feature of loop-aes - see
loop-aes.sourceforge.net which appears to be the homepage for this feature.

I think 10.0 may have inherited a partial implementation of the loop-aes patch
from 9.3 if my understanding is right.

In package util-linux-2.12, there is a file:
  loop-aes.loop-AES-v3.0a-util-linux-2.12p.diff
which contains the loop-aes patches for losetup. However, at least
/usr/src/{kernelsource}/drivers/block/loop.c does not seem to contain the
corresponding handler code for the ioctl(..LOOP_MULTI_KEY_SETUP_V3...).
Therefore, if this is really the case, that would result in "ioctl:
LOOP_MULTI_KEY_SETUP: Invalid argument".
Comment 7 Hendrik Vogelsang 2005-09-01 13:24:32 UTC 
now i get you. in this case read

/usr/share/doc/packages/util-linux/README.loop-AES-v2.2d.SuSE