[Bug 332095] New: Legacy encryption support does not work at all
https://bugzilla.novell.com/show_bug.cgi?id=332095 Summary: Legacy encryption support does not work at all Product: openSUSE 10.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Blocker Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: opensuse@dstoecker.de QAContact: qa@suse.de Found By: --- I have a system with following entries in fstab: /dev/private1 /media/hd1 reiserfs sync,noauto,users,exec,loop,encryption=twofish256 0 0 /dev/private2 /media/hd2 reiserfs sync,noauto,users,exec,loop,encryption=twofish 0 0 /dev/private3 /media/hd3 reiserfs sync,noauto,users,exec,loop,encryption=twofish256 0 0 /dev/private4 /media/hd4 reiserfs sync,noauto,users,exec,loop,encryption=twofish256 0 0 /home/user/SData /media/sdata ext3 sync,noauto,users,exec,loop,encryption=twofish256 0 0 With nothing I try, I can access these partition under 10.3. a) Normal mount (previous method used on 10.2) does not work: - causing segfault (yes, mount segfaults) - does nothing after password request - cannot find file system (modules loop_fish2, cryptoloop and twofish_common loaded before). b) cryptosetup does not work: Test: losetup /dev/loop0 /home/user/SData cryptsetup create /dev/loop0 /media/sdata --cipher twofish-cbc-plain -s 256 -h sha512 Command failed: dm_task_set_name: Device /dev/loop0 not found Doing the same for the direct harddisk and non-loop files results in equal error messages like /dev/sdd not found or /dev/private4 not found. (/dev/privateX are links to either /dev/sdXY automatically generated by udev-rules). All methods I tried failed and I get out of options. According to docs all the methods I tried should work, but none does so. It's not very fine to have a new set of encryption problems in every new release. This bug blocks openSUSE 10.3 at all our work machines, as they use encrypted partitions as well as encrypted backup disks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332095#c1
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=332095#c2
--- Comment #2 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=332095#c3
--- Comment #3 from Dirk Stoecker
https://bugzilla.novell.com/show_bug.cgi?id=332095#c4
--- Comment #4 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=332095#c5
--- Comment #5 from Dirk Stoecker
https://bugzilla.novell.com/show_bug.cgi?id=332095#c6
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=332095#c7
Dirk Stoecker
https://bugzilla.novell.com/show_bug.cgi?id=332095#c8
Dale Peters II
Well, you are free to not believe me and make your own experience. The problem is not the decryption itself but the IV generation method. Choosing the wrong one results in subtle changes.
Old images really do work, this one is from 8.1: # losetup /dev/loop0 oldimg # cryptsetup --hash ripemd160:20 --cipher twofish-cbc-null --key-size 192 create fff /dev/loop0 Enter passphrase: # mount /dev/mapper/fff /mnt/ # cat /mnt/motd Have a lot of fun...
Doing this would only address part of the problem: mounting an image that has already been created. However, doing these steps doesn't exactly address my issue (and the reason why I initially reported--and reopened--this bug). I was trying to initialize an encrypted, loopback filesytem via the following steps: dd if=~/linux-2.6.22.5-31.tbz of=~/rb bs=1k skip=321 count=2k losetup -e aes -k 2048 `losetup -f` ~/rb losetup -a mkfs -t ext3 `losetup -a | cut -d ":" -f 1` My issue is the second command fails (which the fourth one demonstrates), and this prevents me from being able to format the encrypted, loopback filesystem. So, we know that something isn't functioning correctly with losetup. Yet, until a few minutes ago, I hadn't tested to see if loopback filesystem support worked for non-encrypted filesystems. Here are the steps for my second test: sshfs root@172.16.0.6:/mnt/sdc1 /mnt/tmp mount -o loop,ro /mnt/tmp/stage2.img /mnt/jaz ls /mnt/jaz This worked just fine. Now let's see what happens if I try to create a non-encrypted, loopback filesystem via the following steps: dd if=/dev/zero of=~/rb bs=1k count=2k losetup `losetup -f` ~/rb losetup -a mkfs -t ext3 `losetup -a | cut -d ":" -f 1` mount `losetup -a | cut -d ":" -f 1` /mnt/tmp ls /mnt/tmp This worked just fine too. So, it's definitely an issue with the crypto-code portion of the losetup codebase. If losetup is considered legacy, then what else should we use for creating (and mounting [which I believe invokes the losetup code]) loopback filesystems? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=332095#c9
Ludwig Nussel
participants (1)
-
bugzilla_noreply@novell.com