util-linux-2.12-r1 breaks cryptoapi?

Message

UnuMondo · Post by **UnuMondo** » Thu Dec 04, 2003 3:33 pm

sys-apps/util-linux-2.12-r1 broke my cryptoapi. I'm using kernel version 2.6, so one would think that 2.12-r1 would be even better because it includes a patch for improved 2.6 functionality. However, I'm getting this when I try to mount a (blowfish) encrypted filesystem:

Code: Select all

me@mysystem portage# mount /home
You must specify a key size (in bits) for use with CryptoAPI encryption.

I had to go back to util-linux-2.12 to be able to mount my filesystem.

The same problem is reported (in Russian) here: http://forums.gentoo.org/viewtopic.php? ... =utillinux.[/code]

watersb · Post by **watersb** » Thu Dec 04, 2003 11:33 pm

Please post your /etc/fstab and I can help you fix this.

There are two possibilities:

First, you may not be naming your cipher correctly.

Basically, you will need to specify the key size in the cipher name. For example, you say aes-cbc-256 instead of saying aes.

I suggest that you build the TESTING MODULE for cryptoAPI under kernel config, and then load that module, then examine your kernel dmesg -- you will see the kernel names of the various crypto ciphers.

Second possibility: you are using a partition that was used by the kerneli 2.4 cryptoAPI.

The new util-linux does NOT hash the passwords, the previous version of util-linux (under 2.4) hashed with ripem-160.

Here is my command chain for mounting a partition that was set up with the 2.4 cryptoAPI:

Code: Select all

# hashalot ripemd160 | losetup -p0 -e twofish-cbc-256 /dev/loop/1 /dev/hda3
# mount /dev/loop/1 /home

That's why hashalot is a new dependency for util-linux.

There is a way to specify this sort of pipe in /etc/fstab; read the mount(8) man page, or ask me again and I can look it up on the linux-crypto mailing list.

UnuMondo · Post by **UnuMondo** » Fri Dec 05, 2003 2:58 am

watersb wrote:Please post your /etc/fstab and I can help you fix this.

Here's the relevant line:

Code: Select all

/dev/hda3               /home           reiserfs        encryption=twofish,noatime,loop

There are two possibilities:

First, you may not be naming your cipher correctly.

Basically, you will need to specify the key size in the cipher name. For example, you say aes-cbc-256 instead of saying aes.

I no longer remember how large the keysize is, but I shall try both 128 and 256 on the next reboot.

Second possibility: you are using a partition that was used by the kerneli 2.4 cryptoAPI.

I hope not. I didn't like the whole mess with multiple implementations, such as the kerneli patch, loop-aes, etc., so I waited until the kernel 2.6 was at a decently advanced stage and then used it to prepare a new filesystem.

george · Post by **george** » Fri Dec 05, 2003 9:21 am

watersb wrote:Here is my command chain for mounting a partition that was set up with the 2.4 cryptoAPI:
Code: Select all
# hashalot ripemd160 | losetup -p0 -e twofish-cbc-256 /dev/loop/1 /dev/hda3
# mount /dev/loop/1 /home

How have you managed to get a 256 bit key? I've been driven mad over the last couple of days trying to get an up to date kernel which can read my loop file I created with 2.4. As far as I can tell, the latest international patches only give a maximum key size of 128 and I use 256

I've even been trying to work out a patch set to go onto vanilla 2.4.23 but I can't get past the 128bit limit.

TIA

volumen1 · Post by **volumen1** » Thu Feb 19, 2004 7:11 pm

I just happened upon this thread and I found the fstab format somewhere else. I thought I'd post it here as well, in case someone else finds this thread first.

To include the hashalot action, you need something like this:

Code: Select all

/dev/ida/disc0/part2   /home   ext2   defaults,noauto,loop,encryption=twofish-cbc-256,keygen=/usr/sbin/hashalot;rmd160        0 0

I read something else that said you needed /usr/sbin/hashalot;phash=rmd160, but that didn't work for me.