LOOP_MULTI_KEY_SETUP_V3 Errors Fixed
PagCal
Hello,
This mini-project adds LOOP_MULTI_KEY_SETUP_V3 functionality
to SUSE 10.1.
It's basically a glom between loop_fish2.c and loop-AES.
The reason it was done is that loop-AES requires you to replace loop.c, and this was unacceptable.
If you successfully patch this in, you will end up with a loadable module - loop_aes.ko, that will add the missing (and desired) functionality.
How to obtain the kit
---------------------
This source kit is available from:
http://loop-AES.ajept.com/loop-AES.tar.gz
What else you will need:
------------------------
Get a copy of loop-AES-v3.1e.tar.bz2 from Sourceforge, at http://www.sourceforge.net/project=loop-AES
Get a copy of util-linux-2.12r.tar.bz2, at http://www.kernel.org/pub/linux/utils/util-linux/
Steps to install
----------------
Any file with a '.patched' at the end should replace a kernel source file of that name. You can either just copy over, or for the tin hat crowd, merge in from these files.
1. Install SUSE 10.1 on your box, and be sure to include the linux kernel source kit. You should end up with the following directories in /usr/src:
linux
linux-2.6.16.21-0.25
linux-2.6.16.21-0.25-obj
linux-obj
packages
2. To be sure all is ok at this point, build the kernel as follows:
cd /usr/src/linux
make oldconfig
make
Don't leave out the 'make oldconfig' step, or misery will follow you for the rest of your life if you do.
When all is said and done, it should complete without errors.
3. For convenience, create the 'loop-AES' directory in /usr/src/linux/drivers/block/loop-AES, and copy this kit in there.
- or do -
cd /usr/src/linux/drivers/block
tar -xvf loop-AES.tar.gz
4. Then, replace the following kernel files:
Kconfig.patched => /usr/src/linux/drivers/block/Kconfig
loop.h => /usr/src/linux/include/linux/loop.h, /usr/include/linux/loop.h
Makefile.patched => /usr/src/linux/drivers/block/Makefile
5. Copy the following files into /usr/src/linux/drivers/block
aes.c
aes.h
loop_aes.c
md5.c
md5.h
6. Once patched, you've got to tell the linux configuration system to build your new loadable driver, loopaes.ko. So so by:
cd /usr/src/linux
make menuconfig
and, under block devices, select loop_aes as a type 'M', a loadable device.
Exit menuconfig and be sure to save your configuration.
7. Rebuild the kernel
cd /usr/src/linux
make
I don't recommend a 'make install' as you don't have to. Just remember the location of loopaes.ko.
Contratulations! You've done it. You end up with loopaes.ko, a loadable driver that supports LOOP_MULTI_KEY_SETUP_V3.
8. utils need upgrade
Before you can get it to work, you've got to build a copy of losetup that knows about loop-AES. Do so by
applying patch loop-AES-v3.1e/util-linux-2.12r.diff to util-linux-2.12r/
- or do -
cd util-linux-2.12r
patch -p1 < loop-AES-v3.1e/util-linux-2.12r.diff
make
I don't recommend installing this package, as I have no idea what the patch does. None the less, you
do end up with one executable, util-linux-2.12r/mount/losetup. I'd rather just rename this to
losetupaes and remember its location.
Using your new driver
---------------------
Just load loopaes.ko before use. You can do so as follows:
cd /usr/src/linux/drivers/block
insmod ./loopaes.ko
Voilla! LOOP_MULTI_KEY_SETUP_V3 should now work with losetupaes.
For further information in doing so, please refer to the excellent doc at loop-AES-v3.1e/README
Discussion
----------
I don't claim to have QA'd this package. I did load the module and used LOOP_MULTI_KEY_SETUP_V3 to
initialize, mount, and dismount a loop disk - which is, in reality, only one five minute test.
Things I haven't done:
A. Try to mount a previously encrypted disk from some other software base.
B. Run it for more than 5 minutes.
C. Verify that loop-AES-v3.1e/loop.h changes any of the structures.
D. Do any sort of code review of any of the code.
E. Verify that the encryption scheme actually provide any sort of security
Furthermore, the api changed for transfer_aes, to:
int transfer_aes(struct loop_device *lo, int cmd,
struct page *raw_page, unsigned raw_off,
struct page *loop_page, unsigned loop_off,
int size, sector_t devSect)
{
char *raw_buf = kmap_atomic(raw_page, KM_USER0) + raw_off;
char *loop_buf = kmap_atomic(loop_page, KM_USER1) + loop_off;
...
}
What's kmap_atomic? Why did the api change? Who changed it? Where is the architect? How
can I contact the architect? Is this correct? Why is the sky blue? What is the
meaning of life?
So, I make no claims about usability what-so-ever.
Contacting the author
---------------------
Feel free to email me for any reason at:
mailto:// pagcal @ runbox.com
and be sure to include 'loop-AES' in the subject or my email system will junk the message.
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
Jari Ruusu
> from http://loop-aes.ajept.com/Readme.txt
[snip]
> How to obtain the kit
> ---------------------
>
> This source kit is available from:
>
> http://loop-AES.ajept.com/loop-AES.tar.gz
Please call your project something else than loop-AES.
That name is already taken.
> Furthermore, the api changed for transfer_aes, to:
>
> int transfer_aes(struct loop_device *lo, int cmd,
> struct page *raw_page, unsigned raw_off,
> struct page *loop_page, unsigned loop_off,
> int size, sector_t devSect)
> {
> char *raw_buf = kmap_atomic(raw_page, KM_USER0) + raw_off;
> char *loop_buf = kmap_atomic(loop_page, KM_USER1) + loop_off;
> ...
> }
>
> What's kmap_atomic? Why did the api change?
Mainline linux folks wanted to kmap/kunmap multiple times per page instead
of once per page as is done in loop-AES version of loop. That is why I
prefer to call mainline loop as 'sabotaged'.
--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD