# cryptoapi losetup & kernel 2.6

## Mr. Chauv

Hi,

I read a lot about problems with cryptoloop/losetup combined with kernel 2.6, but didn't find anything exact. So I would like to find answers to the following questions:

1. Does crypto/losetup currently work on kernel 2.6 (& util-linux 2.12)?

2. Are the crypto-modules in kernel 2.6 meant to be compatible with those from kernel 2.4 and patch-int?

3.a If 'yes', then how does this work?

3.b If 'no', then how long will this 'version' of encryption last? Will we have to create all crypted partitions from scratch again on change to kernel 2.8? Or is there a possibility to make 2.6 compatible to 2.4 without the need to recreate all encrypted volumes?

4. IMHO the passphrase gets hashed and the hash is used as key in modules of patch-int for kernel 2.4. Is the passphrase still hashed before use in kernel 2.6?

I would like to know the answers, because I switched from kernel 2.4.21 to 2.6.0-test5-bk8 yesterday and since then, I cannot access my encrypted devices anymore. losetup has no options for keysize a.s.o anymore (despite I compiled cryptoloop as module and loaded it).

Hope someone can help me.   :Shocked: 

cya

     Mr. Chauv

----------

## ViCToR:

I'm on the same situation now that I switched to the 2.6.1 kernel ... when I try to emerge the cryptoapi package in order to obtain the ciphers modules i get:

```
gmake: *** No rule to make target `/usr/src/linux-2.6.1-gentoo/arch/x86/Makefile'.  Stop.

/var/tmp/portage/cryptoapi-2.4.7.0/work/cryptoapi-2.4.7.0/conftest.make:405: /usr/src/linux-2.6.1-gentoo/arch/x86/Makefile: No such file or directory

gmake: *** No rule to make target `/usr/src/linux-2.6.1-gentoo/arch/x86/Makefile'.  Stop.

configure: warning: not found - using default flags

checking for architecture... i386

checking for kernel version... 2.6.1-gentoo

configure: error: Unsupported kernel version 2.6.1-gentoo
```

It seems this kernel is not yet supported  :Sad: 

And now I cannot switch back to the 2.4.22 since I also had to switch to lvm2 ... Anyone has a workaround?

Thank you.

----------

## RoYzter

@victor: afaik cryptoapi is already included in 2.6.x kernels, so you just need to enable the desired options for kernelcompile.

@topic: i have the same problem with an encrypted file i created with kernel 2.4.20 (i don't remember the version of util-linux) which i am not able to decrypt anymore running 2.6.0 or 2.6.1_rc2-love1 (util-linux 2.12-r4). i think i saw somebody writing something about different routines to read the passphrase, making problems if it contains whitespace (which unfortunately is the case). so if anyone manages to get it working, i'd definately appreciate any help.

thx in advance

----------

## ViCToR:

 *RoYzter wrote:*   

> @victor: afaik cryptoapi is already included in 2.6.x kernels, so you just need to enable the desired options for kernelcompile.

 

I know, actually I have the module loaded. But losetup does not find a valid cipher (aes also loaded as a module), so in 2.4.22 I just had to emerge cryptoapi and it'd compile the cipher modules which later loaded ok.

Look:

```
root # lsmod

Module                  Size  Used by

aes                    37056  0

ipv6                  278016  10

cryptoloop              7808  0

loop                   21768  1 cryptoloop

via_rhine              24200  0

mii                     9472  1 via_rhine

crc32                   8576  1 via_rhine

root # losetup -e aes /dev/loop0 /dev/hda5

The cipher does not exist, or a cipher module needs to be loaded into the kernel

ioctl: LOOP_SET_STATUS: Invalid argument
```

----------

## RoYzter

had the same problem, you need to upgrade util-linux (2.12-rc4 works for me)... if i setup a new encrypted file/partition, i have no problems so far. but i can't access the old one (cipher, keysize and passphrase are 100% right)

if you get another error after upgrading util-linux saying that you have to specify the keysize to use aes, simply use this (as losetup doesn't understand the -k option anymore):

```

losetup -e aes-256 /dev/loop0 /dev/hda5

```

instead of 256 you also can use 192 or 128 bits.

----------

## ViCToR:

 *RoYzter wrote:*   

> had the same problem, you need to upgrade util-linux (2.12-rc4 works for me)... if i setup a new encrypted file/partition, i have no problems so far. but i can't access the old one (cipher, keysize and passphrase are 100% right)
> 
> if you get another error after upgrading util-linux saying that you have to specify the keysize to use aes, simply use this (as losetup doesn't understand the -k option anymore):
> 
> ```
> ...

 

Great! That worked  :Smile:  Although it wouldnt' recognize my previous encrypted partition I could backup it from a 2.4.22 kernel and now create a new filesystem that mounts correctly. Now I can use an encrypted partition on my 2.6.1 system.

Thanks!

----------

## kenphi

I needed a while to figure out what to add to /etc/fstab to allow a simple 'mount /my/secure/fs/mountpoint' to get my secure data.

I'm using kernel 2.6.1 currently.

This mounts my old (kernel 2.4.20) encrypted image:

/usr/sbin/hashalot rmd160 | losetup -p0 -e <cipher>-<bits> /dev/loop0 /my_secure_image.img

mount /dev/loop0 /sec/mountpoint

In /etc/fstab I added:

/my_secure_image.img /sec/mountpoint ext2 loop,encryption=<cipher>-<bits>,noauto,user,keygen=/usr/sbin/hashalot;phash=rmd160 0 0

Note the ';' before the 'phash=rmd160'.

----------

