113920 – loop-aes multi-key setup failure

Bug 113920 - loop-aes multi-key setup failure

Summary: loop-aes multi-key setup failure

Status:	RESOLVED INVALID

Alias:	None

Product:	SUSE LINUX 10.0
Classification:	openSUSE
Component:	Kernel (show other bugs)
Version:	Beta 3
Hardware:	PC All

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Mads Martin Joergensen
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-08-29 16:36 UTC by David North
Modified:	2005-09-01 13:24 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Beta-Customer
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description David North 2005-08-29 16:36:07 UTC

losetup fails with
  ioctl: LOOP_MULTI_KEY_SETUP: Invalid argument
when invoked with:
  losetup -e AES128 -K testkey.gpg /dev/loop0 ./fodder.dsk

testkey.gpg was created:
head -c 2880 /dev/urandom | uuencode -m - | head -n 64 | tail -n 64 | gpg
--symmetric -a > testkey.gpg

An issue identical to this was in SuSE Desktop 9.3 professional, and it looked
to me like the loop-aes patch that allows multi-key encryption was applied to
the losetup tool, but the corresponding kernel changes didn't seem to be in there.

Versions:
  Kernel 2.6.13-rc6-git13-4-default running under vmware.
  losetup from util-linux-2.12q-21

Prerequisites
  load uuencode if you need to build a key file
  modprobe aes_i586
  modprobe cryptoloop

Comment 1 David North 2005-08-29 19:30:12 UTC

Of course I can't seem to get it typed in exactly right..... the corrected line
reads as below:

head -c 2880 /dev/urandom | uuencode -m - | head -n 65 | tail -n 64 | gpg
--symmetric -a > testkey.gpg

Comment 3 Hendrik Vogelsang 2005-09-01 10:40:21 UTC

David can you please check if the 

loop_fish2

module is loaded?

lsmod | grep fish

Comment 4 Jens Axboe 2005-09-01 10:49:10 UTC

michaelg also suggests trying losetup -e aes-128.

Comment 5 Hendrik Vogelsang 2005-09-01 11:22:21 UTC

ok let me explain:

We have 3 different crypto systems here

loop_fish2
cryptoloop + cipher
dm-crypt + cipher

if loop_fish2 is loaded everything goes over that one (which is a bug #74441)

if you want to use cryptoloop you have to load the modules cryptoloop and the
cipher module you want to use. Like in this case
modprobe cryptoloop; modprobe aes-i586

if you want to use dm-crypt you have to load dm-crypt and the cypher you want to
use.

So the question is:

is loop_fish2 loaded? if yes you see bug #74441

is cryptoloop loaded? if not you have to load it.

is aes-i586 loaed? if not you have to load it.

if cryptoloop and aes-i586 are loaded, something is wrong with losetup

Comment 6 David North 2005-09-01 13:18:08 UTC

Thank you for looking at this....

  loop_fish2 is not loaded
  dm-crypt is not loaded

  cryptoloop is loaded
  aes_i586 is loaded

I am trying to use the multikey feature of loop-aes - see
loop-aes.sourceforge.net which appears to be the homepage for this feature.

I think 10.0 may have inherited a partial implementation of the loop-aes patch
from 9.3 if my understanding is right.

In package util-linux-2.12, there is a file:
  loop-aes.loop-AES-v3.0a-util-linux-2.12p.diff
which contains the loop-aes patches for losetup. However, at least
/usr/src/{kernelsource}/drivers/block/loop.c does not seem to contain the
corresponding handler code for the ioctl(..LOOP_MULTI_KEY_SETUP_V3...).
Therefore, if this is really the case, that would result in "ioctl:
LOOP_MULTI_KEY_SETUP: Invalid argument".

Comment 7 Hendrik Vogelsang 2005-09-01 13:24:32 UTC

now i get you. in this case read

/usr/share/doc/packages/util-linux/README.loop-AES-v2.2d.SuSE