From linux-crypto-bounce@nl.linux.org Thu Jan 3 01:33:40 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:18327 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 3 Jan 2002 01:33:32 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 03 Jan 2002 01:32:32 +0100 (CET) Received: from CPE00E02915899A.cpe.net.cable.rogers.com ([IPv6:::ffff:24.112.88.234]:29095 "EHLO mokona.furryterror.org") by humbolt.nl.linux.org with ESMTP id ; Fri, 28 Dec 2001 19:48:31 +0100 Received: from mngexecu by mokona.furryterror.org with local (Exim 3.33 #1 (Debian)) id 16K23P-0001R9-00; Fri, 28 Dec 2001 13:48:27 -0500 From: umsfalfb@umail.furryterror.org (Zygo Blaxell) Subject: Re: Crypto on root filesystem Date: 28 Dec 2001 13:47:27 -0500 Organization: A Debian GNU/Linux InterNetNews laptop Message-ID: References: <20011226223715.GA32767@feedme.hungrycats.org> <20011226223715.GA32767@feedme.hungrycats.org> <1009407732.13013.4.camel@janus.txd.hvrlab.org> NNTP-Posting-Host: 10.215.3.77 X-Header-Mangling: Original "From:" was To: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: umsfalfb@umail.furryterror.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org In article <1009407732.13013.4.camel@janus.txd.hvrlab.org>, Herbert Valerio Riedel wrote: >haven't tried myself, but at least with 2.4 kernels, there's the >pivot_root() system call, which should swap the root and making it >possible to unmount the ramdisk... When you do 'losetup ... /dev/loop /dev/bar' then mount something on /dev/loop, you cannot umount the filesystem containing /dev/loop until after you 'losetup -d /dev/loop'. If /dev/loop is mounted as root, you can't 'losetup -d /dev/loop' until after you're close to being finished running the kernel. Another problem with this initrd-can-do-everything theory is that in practice the damn thing breaks on every second kernel release. I've lost count of how many times I've encountered fatal kernel oopses when trying to initrd or pivot_root with a root RAMdisk that must be writable and cannot be freed when /linuxrc exits. A number of the 2.2.x kernels have made it out the door with initrd and RAMdisk memory management support sufficiently broken that the system crashes soon after boot, or can't even losetup at all. Strangely enough, initrd always works just well enough for Red Hat to load their SCSI driver modules. Hmmm... Sometimes when I'm running my laptop on a battery, miles from home, rebuilding my laptop's initrd with the help of a bootable rescue CD, I wonder if I'm the only person on the planet who actually _uses_ this crypto stuff. :-/ >I'd recommend taking a look at redhat's mkinitrd package, which contains >'nash', some kind of self-contained mini-shell, which includes the few >necessary commads usually used on initrd's... and add support to it for >getting a passphrase (+ hash it) and other encryption paramters...=20 Yes, the initrd can be made very small, but it still takes up 16K of RAM plus the code to implement RAMdisk and minix fs, and the extra bootloader configuration to load the RAMdisk, and some miscellaneous black magic to find the losetup utility and its runtime dependencies. It's more of an administrative headache than a size headache on modern machines, but the combined size of all of these components is still significant for a boot floppy or an older laptop. On the other hand, simply linking the important parts of losetup into the kernel takes up less than one K, and there are space savings in other places: the kernel-space losetup code can share cryptoapi's digest functions, initrd and minix FS can be dropped from the kernel image, and the kernel-space losetup code can go in an __init section to be discarded after use. There are none of the administrative headaches associated with extra cleartext partitions or initrd's (although your bootloader might need to specify ciphers, keysizes, and physical devices on the kernel command-line). We already have direct kernel support for root on various common non-physical-device cases including RAID, NFS, RAM disk, and separate boot/root floppies with a prompt to change media between them. These are all common and useful cases where direct kernel support is justified. I think root on cryptoloop support is a straightforward addition to those. -- Zygo Blaxell (Laptop) GPG = D13D 6651 F446 9787 600B AD1E CCF3 6F93 2823 44AD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Jan 3 01:36:48 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:13210 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 3 Jan 2002 01:36:38 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 03 Jan 2002 01:36:12 +0100 (CET) Received: from ns.suse.de ([IPv6:::ffff:213.95.15.193]:48135 "EHLO Cantor.suse.de") by humbolt.nl.linux.org with ESMTP id convert rfc822-to-8bit; Mon, 31 Dec 2001 17:08:41 +0100 Received: from Hermes.suse.de (Hermes.suse.de [213.95.15.136]) by Cantor.suse.de (Postfix) with ESMTP id 109E91E862; Mon, 31 Dec 2001 17:08:41 +0100 (MET) Date: Mon, 31 Dec 2001 17:08:40 +0100 (MET) From: Roman Drahtmueller To: Harmon Seaver Cc: linux-crypto Subject: Re: SUSE In-Reply-To: <3C2B5783.A7433228@cybershamanix.com> Message-ID: X-Organization: SuSE GmbH MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: draht@suse.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org > > Seems like there was some discussion about SUSE before, but I deleted > it, I guess (and where are the archives anyhow?) but I've recently > become intrigued by SUSE, especially since finding out that they support > an encrypted file system on the install, and am probably going to make > it my next system, after many years of redhat and a bit of debian. > Any comments on SUSE's cfs? :-) It works, and it does so pretty nicely. There may be plenty of room for improvement what the creation of a crypted loopback device is concerned, especially wrt the graphical user interface (yast2). Roman. -- - - | Roman Drahtmüller // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - - - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Jan 3 15:52:18 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:47242 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 3 Jan 2002 15:52:07 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 03 Jan 2002 15:51:28 +0100 (CET) Received: from legba.tvnet.hu ([IPv6:::ffff:195.38.96.20]:30353 "EHLO legba.tvnet.hu") by humbolt.nl.linux.org with ESMTP id ; Thu, 3 Jan 2002 15:51:19 +0100 Received: from kain.satimex.tvnet.hu (quaker.satimex.tvnet.hu [195.38.97.169]) by legba.tvnet.hu (8.9.3+Sun/8.9.3) with ESMTP id PAA15275 for ; Thu, 3 Jan 2002 15:51:17 +0100 (MET) Message-Id: <5.0.0.25.2.20020103153118.01c92130@pop.tvnet.hu> X-Sender: newsmail@pop.tvnet.hu (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Thu, 03 Jan 2002 15:41:20 +0100 To: linux-crypto@nl.linux.org From: Newsmail Subject: <*> generic loop cryptographic filter (EXPERIMENTAL) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: newsmail@satimex.tvnet.hu Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org <*> generic loop cryptographic filter (EXPERIMENTAL) hmm if I enable this option do I have to enable this: <*> Cryptographic ciphers, or those ciphers will be included automatically as described? regards, greg - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Jan 4 19:41:52 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:55725 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 4 Jan 2002 19:41:38 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 04 Jan 2002 19:40:56 +0100 (CET) Received: from erasmus.off.net ([IPv6:::ffff:64.39.30.25]:40205 "EHLO erasmus.off.net") by humbolt.nl.linux.org with ESMTP id ; Fri, 4 Jan 2002 19:40:41 +0100 Received: by erasmus.off.net (Postfix, from userid 929) id E6794540A7; Fri, 4 Jan 2002 13:40:40 -0500 (EST) Date: Fri, 4 Jan 2002 13:40:40 -0500 From: Jerome Etienne To: linux-crypto@nl.linux.org Subject: init script which reveal passwords Message-ID: <20020104134040.A18065@long-haul.net> Reply-To: Jerome Etienne Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jme@off.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org i think i found a hole in the script proposed in the encryption HOWTO (http://encryptionhowto.sourceforge.net/) to setup an encripted loop device. The script is dumped at the end of this text. It allows any user of the box to learn the password used to encrypt the block device on this box, so to read/write its content. Note it isnt a bug of the encrypted loop device in itself but a bug in a admin script. To send the password to losetup, the script puts it in the command line: echo "$PASS1" | losetup -e "$CIPHER" -p 0 "$LOOPDEV" "$UNDERLYING" Any user on the same box, can see the password using 'ps' so i considere it as a hole. ------------------------------ mkloop.sh ------------------------- #!/bin/bash # the cipher is the first command line argument CIPHER="$1" # the loop device to use is the second LOOPDEV="$2" # the underlying file is third UNDERLYING="$3" echo I am going to switch swap off \- we have no means to keep pages echo locked in memory with shell scripts. read -p "Continue ? " [ $REPLY = 'y' ] || exit 1 echo -n OK, swap off... swapoff -a echo done # until the two passphrases match and are not empty... until [ "$PASS1" = "$PASS2" -a -n "$PASS1" ]; do # the bash read buitlin has to support the -s option. # Don't use read without -s!! read -s -p "Enter Passphrase: " PASS1; echo read -s -p "Re-enter Passphrase: " PASS2; echo done # setup the loop device using the passphrase given on STDIN. echo "$PASS1" | losetup -e "$CIPHER" -p 0 "$LOOPDEV" "$UNDERLYING" echo -n swap on... swapon -a echo done - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Jan 4 19:46:45 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:41903 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 4 Jan 2002 19:46:33 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 04 Jan 2002 19:46:26 +0100 (CET) Received: from ns.suse.de ([IPv6:::ffff:213.95.15.193]:17160 "EHLO Cantor.suse.de") by humbolt.nl.linux.org with ESMTP id convert rfc822-to-8bit; Fri, 4 Jan 2002 19:46:17 +0100 Received: from Hermes.suse.de (Hermes.suse.de [213.95.15.136]) by Cantor.suse.de (Postfix) with ESMTP id 5895F1ECD8; Fri, 4 Jan 2002 19:46:17 +0100 (MET) Date: Fri, 4 Jan 2002 19:46:15 +0100 (MET) From: Roman Drahtmueller To: Jerome Etienne Cc: linux-crypto@nl.linux.org Subject: Re: init script which reveal passwords In-Reply-To: <20020104134040.A18065@long-haul.net> Message-ID: X-Organization: SuSE GmbH MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: draht@suse.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org > To send the password to losetup, the script puts it in the > command line: > echo "$PASS1" | losetup -e "$CIPHER" -p 0 "$LOOPDEV" "$UNDERLYING" > > Any user on the same box, can see the password using 'ps' so > i considere it as a hole. Maybe, yes. But since you claimed already that this is a _init_ script, and since swap isn't even turned on yet, the whole issue is irrelevant since nobody can have logged on yet. No network, no local gettys yet, just some shell asking for a password. That thing shouldn't be used in any other context, though. Thanks, Roman. -- - - | Roman Drahtmüller // "You don't need eyes to see, | SuSE GmbH - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - - - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Jan 4 19:54:38 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:55985 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 4 Jan 2002 19:54:25 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 04 Jan 2002 19:54:19 +0100 (CET) Received: from erasmus.off.net ([IPv6:::ffff:64.39.30.25]:48397 "EHLO erasmus.off.net") by humbolt.nl.linux.org with ESMTP id ; Fri, 4 Jan 2002 19:54:03 +0100 Received: by erasmus.off.net (Postfix, from userid 929) id 84EC3540A7; Fri, 4 Jan 2002 13:54:04 -0500 (EST) Date: Fri, 4 Jan 2002 13:54:04 -0500 From: Jerome Etienne To: Roman Drahtmueller Cc: Jerome Etienne , linux-crypto@nl.linux.org Subject: Re: init script which reveal passwords Message-ID: <20020104135404.A18116@long-haul.net> Reply-To: Jerome Etienne References: <20020104134040.A18065@long-haul.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: ; from draht@suse.de on Fri, Jan 04, 2002 at 07:46:15PM +0100 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jme@off.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org if this script is only used during the boot, you are correct. But i fail to see why you assume this. i told it is a initialization script which is different that a boot script. On Fri, Jan 04, 2002 at 07:46:15PM +0100, Roman Drahtmueller wrote: > Maybe, yes. But since you claimed already that this is a _init_ script, > and since swap isn't even turned on yet, the whole issue is irrelevant > since nobody can have logged on yet. No network, no local gettys yet, just > some shell asking for a password. > > That thing shouldn't be used in any other context, though. > > Thanks, > Roman. > -- > - - > | Roman Drahtmüller // "You don't need eyes to see, | > SuSE GmbH - Security Phone: // you need vision!" > | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | > - - > > - > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Jan 4 20:29:24 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:29877 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 4 Jan 2002 20:29:05 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 04 Jan 2002 20:28:58 +0100 (CET) Received: from outmail-1.caramail.com ([IPv6:::ffff:213.193.12.65]:39105 "EHLO outmail-1.caramail.com") by humbolt.nl.linux.org with ESMTP id ; Fri, 4 Jan 2002 20:28:47 +0100 Received: from firemail.de (newwww-30.caramail.com [213.193.12.40]) by outmail-1.caramail.com (8.8.8/8.8.8) with SMTP id UAA10407 for linux-crypto@nl.linux.org; Fri, 4 Jan 2002 20:28:43 +0100 (MET) Posted-Date: Fri, 4 Jan 2002 20:28:43 +0100 (MET) From: Andreas Schreier To: linux-crypto@nl.linux.org Message-ID: <1010172523008573@firemail.de> X-Mailer: Caramail - www.caramail.com X-Originating-IP: [80.133.184.178] Mime-Version: 1.0 Subject: Request for Help Content-Type: multipart/mixed; boundary="=_NextPart_Caramail_0085731010172523_ID" Date: Fri, 4 Jan 2002 20:28:47 +0100 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: a_schreier@firemail.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --=_NextPart_Caramail_0085731010172523_ID Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit I would like to have an encrypted root filesystem using one of the latest kernels (I use RH 7.2). Unfortunately I couldn't find a recent tutorial. Could you please point me to tutorials or HOWTOs that teach how to setup an encrypted root filesystem? Can I have the kernel (and everything else which is not encrypted) on a boot CD? I don't want to have any data that is not encrypted (and vulnerable to trojans) on my harddisk. Thank you very much in advance. Regards Andreas PS listing the commands I need would also be greatly appreciated. I don't need too much of a description and what I want is pretty simple for most of you, I guess ;-) ______________________________________________________ Einmal schenken, 12mal auspacken: Zeitschriften-Abos zu Weihnachten! http://rubriken.fireball.de/guj/ --=_NextPart_Caramail_0085731010172523_ID-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Jan 4 20:50:13 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:20408 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 4 Jan 2002 20:50:05 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 04 Jan 2002 20:49:55 +0100 (CET) Received: from hank-fep8-0.inet.fi ([IPv6:::ffff:194.251.242.203]:6349 "EHLO fep08.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Fri, 4 Jan 2002 20:49:40 +0100 Received: from pp.inet.fi ([194.197.67.248]) by fep08.tmt.tele.fi (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with ESMTP id <20020104194937.MYVQ12526.fep08.tmt.tele.fi@pp.inet.fi>; Fri, 4 Jan 2002 21:49:37 +0200 Message-ID: <3C360758.BF58820A@pp.inet.fi> Date: Fri, 04 Jan 2002 21:49:44 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: Andreas Schreier CC: linux-crypto@nl.linux.org Subject: Re: Request for Help References: <1010172523008573@firemail.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Andreas Schreier wrote: > I would like to have an encrypted root filesystem using > one of the latest kernels (I use RH 7.2). Unfortunately I > couldn't find a recent tutorial. Could you please point me > to tutorials or HOWTOs that teach how to setup an > encrypted root filesystem? > > Can I have the kernel (and everything else which is not > encrypted) on a boot CD? I don't want to have any data > that is not encrypted (and vulnerable to trojans) on my > harddisk. Loop-AES' README file has instructions for encrypting root and swap partitions. Announcement here: http://mail.nl.linux.org/linux-crypto/2001-12/msg00065.html http://marc.theaimsgroup.com/?l=linux-crypto&m=100928929324854&w=2 Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jan 5 15:14:26 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:51079 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 5 Jan 2002 15:14:12 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 05 Jan 2002 15:13:28 +0100 (CET) Received: from outmail-1.caramail.com ([IPv6:::ffff:213.193.12.65]:21495 "EHLO outmail-1.caramail.com") by humbolt.nl.linux.org with ESMTP id ; Sat, 5 Jan 2002 15:13:11 +0100 Received: from firemail.de (newwww-24.caramail.com [213.193.12.34]) by outmail-1.caramail.com (8.8.8/8.8.8) with SMTP id PAA27566; Sat, 5 Jan 2002 15:13:06 +0100 (MET) Posted-Date: Sat, 5 Jan 2002 15:13:06 +0100 (MET) From: Andreas Schreier To: "Andrew McGuinness ; Andreas Schreier" ; linux-crypto@nl.linux.org Message-ID: <1010239985018908@firemail.de> X-Mailer: Caramail - www.caramail.com X-Originating-IP: [80.133.180.76] Mime-Version: 1.0 Subject: Re[1]: Request for Help Content-Type: multipart/mixed; boundary="=_NextPart_Caramail_0189081010239985_ID" Date: Sat, 5 Jan 2002 15:13:11 +0100 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: a_schreier@firemail.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --=_NextPart_Caramail_0189081010239985_ID Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit > I'm not sure that encrypting your hard disk is really a > protection against trojans - you have to give access to the > disk to anything you run, so if it's a trojan it will act > as normal. It's some protection against someone with physical > access planting a trojan on your system while you're away > from it, but apparently not perfect (see the recent thread > "Vulnerability in encrypted loop device for Linux", which I > didn't understand) I agree with you. I just need it as a physical protection because sometimes I am away from my laptop. Regards Andreas ______________________________________________________ Einmal schenken, 12mal auspacken: Zeitschriften-Abos zu Weihnachten! http://rubriken.fireball.de/guj/ --=_NextPart_Caramail_0189081010239985_ID-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Tue Jan 8 18:52:36 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:26059 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 8 Jan 2002 18:52:24 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 08 Jan 2002 18:51:50 +0100 (CET) Received: from CPE00E02915899A.cpe.net.cable.rogers.com ([IPv6:::ffff:24.112.88.234]:14762 "EHLO mokona.furryterror.org") by humbolt.nl.linux.org with ESMTP id ; Tue, 8 Jan 2002 18:51:36 +0100 Received: from mngexecu by mokona.furryterror.org with local (Exim 3.33 #1 (Debian)) id 16O0P3-000705-00; Tue, 08 Jan 2002 12:51:13 -0500 From: umsfalfb@umail.furryterror.org (Zygo Blaxell) Subject: Re: Crypto on root filesystem Date: 8 Jan 2002 12:50:23 -0500 Organization: A poorly-maintained Debian GNU/Linux InterNetNews site Message-ID: References: NNTP-Posting-Host: 10.215.3.77 X-Header-Mangling: Original "From:" was To: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: umsfalfb@umail.furryterror.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org In article , IT3 Stuart Blake Tener, USNR-R wrote: >Zygo: > > I am reading your post below with regard to making the linux crypto part of >the kernel, but I am curious how does this impact those people whom are >using devfs=mount with their kernels? If there was an in-kernel losetup, it would presumably use the raw device major/minor numbers just like the existing 'root=' kernel command-line parameter. So you'd say something like append locrypt=aes lokeysize=256 loroot=0302 lodev=7 root=0707 which would be equivalent to something like: losetup -e aes -k 256 /dev/loop7 /dev/hda2 mount /dev/hda2 /somewhere cd /somewhere pivot_root /somewhere /somewhere/else exec chroot /sbin/init Now interestingly enough, if you use devfs to do that actual losetup command, you get around the busy-device-inode problem that prevents you from dropping the init RAM disk (you get around it because the busy inode is on devfs, and devfs doesn't care about busy inodes when you umount it). Next time my laptop crashes I will have to try this. ;-) -- Zygo Blaxell (Laptop) GPG = D13D 6651 F446 9787 600B AD1E CCF3 6F93 2823 44AD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Jan 9 10:38:18 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:47305 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 9 Jan 2002 10:38:07 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 09 Jan 2002 10:37:41 +0100 (CET) Received: from fw134121.kitanet.ne.jp ([IPv6:::ffff:210.237.134.121]:43272 "EHLO gw.osaru.yi.org") by humbolt.nl.linux.org with ESMTP id ; Wed, 9 Jan 2002 10:37:24 +0100 Received: from [::1] (helo=dom.osaru.yi.org.osaru.yi.org) by gw.osaru.yi.org with esmtp (Exim 3.12 #2) id 16OFAV-0001xO-00 for linux-crypto@nl.linux.org; Wed, 09 Jan 2002 18:37:11 +0900 Date: Wed, 09 Jan 2002 18:36:49 +0900 Message-ID: From: KANDA Mitsuru / =?ISO-2022-JP?B?GyRCP0BFRBsoQiAbJEI9PBsoQg==?= To: linux-crypto@nl.linux.org Subject: about IV X-GnuPG-fingerprint: 9A35 D378 F084 9EA4 EFBA 925B 1C93 B376 F0EF BE59 User-Agent: SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory?= =?ISO-8859-4?Q?=F2mae?=) APEL/10.3 Emacs/21.1 (i386-debian-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: kanda@nn.iij4u.or.jp Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hello implementers. Let me ask you one question. I updated cryptoapi 2.4.3 to int-patch-2.4.17.0 . I found the iv[] member in struct cipher_context{} was commented out and "u32 iv[]" arg was added in some functions(encrypt(),decript()...). Why did you move iv[] from cipher_context{} to functions? Regards, KANDA Mitsuru (kanda@nn.iij4u.or.jp) Toshiba Reseach & Development Center Communication Platform Laboratory (mk@isl.rdc.toshiba.co.jp) USAGI Project (mk@linux-ipv6.org) - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Jan 9 11:05:32 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:49356 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 9 Jan 2002 11:05:21 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 09 Jan 2002 11:05:15 +0100 (CET) Received: from cm.med.3284844210.kabelnet.net ([IPv6:::ffff:195.202.190.178]:8343 "EHLO phobos.hvrlab.org") by humbolt.nl.linux.org with ESMTP id ; Wed, 9 Jan 2002 11:04:53 +0100 Received: from janus.txd.hvrlab.org (IDENT:ZeZgDTQeD4U84XogDvE5vTb44KvzDaN3@janus.txd.hvrlab.org [10.51.1.5]) by phobos.hvrlab.org (8.11.6/8.11.6) with ESMTP id g09A4h903297; Wed, 9 Jan 2002 11:04:43 +0100 Subject: Re: about IV From: Herbert Valerio Riedel To: KANDA Mitsuru / =?UTF-8?Q?=E7=A5=9E=E7=94=B0_?= =?UTF-8?Q?=E5=85=85?= Cc: linux-crypto@nl.linux.org In-Reply-To: References: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-zdH8yXDPbt4CnraSmuHm" X-Mailer: Evolution/1.0 (Preview Release) Date: 09 Jan 2002 11:04:43 +0100 Message-Id: <1010570683.32152.78.camel@janus.txd.hvrlab.org> Mime-Version: 1.0 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: hvr@hvrlab.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --=-zdH8yXDPbt4CnraSmuHm Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, 2002-01-09 at 10:36, KANDA Mitsuru / =E7=A5=9E=E7=94=B0 =E5=85=85 w= rote: > I updated cryptoapi 2.4.3 to int-patch-2.4.17.0 . =20 > I found the iv[] member in struct cipher_context{} was commented out=20 > and "u32 iv[]" arg was added in some functions(encrypt(),decript()...). =20 > Why did you move iv[] from cipher_context{} to functions? that was done by me; the problem was, that having the IV associated with the context would require to use a kernel lock on the shared IV value in the cipher context; otherwise if the en/decryption function were called more than once (and you modify the IV value beforehand) you'd end up with ugly race conditions (which were observed with the loop filter function, which would use one context per loop device; using locks in order to serialize I/O encryption didn't seem a good idea...) ...passing the IV as parameter effectively solves this problem... hope my explaination makes some sense... if you have any suggestions/comments please don't hesitate to share them with us... regards, --=20 Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 --=-zdH8yXDPbt4CnraSmuHm Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8PBW7SYHgZIg/QUIRAqQAAKCsXT36KB1hnm9FYxkxnuyrRoCUwACg58iE IZuX+IIDzvzZfy9uzsexdWU= =9bdu -----END PGP SIGNATURE----- --=-zdH8yXDPbt4CnraSmuHm-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Thu Jan 10 12:33:21 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:20392 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Thu, 10 Jan 2002 12:33:08 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Thu, 10 Jan 2002 12:32:42 +0100 (CET) Received: from mx0.gmx.net ([IPv6:::ffff:213.165.64.100]:7514 "HELO mx0.gmx.net") by humbolt.nl.linux.org with SMTP id ; Thu, 10 Jan 2002 12:32:27 +0100 Received: (qmail 10721 invoked by uid 0); 10 Jan 2002 11:32:26 -0000 Date: Thu, 10 Jan 2002 12:32:26 +0100 (MET) From: ragnagock@gmx.de To: linux-crypto@nl.linux.org MIME-Version: 1.0 Subject: losetup -p -- how? X-Priority: 3 (Normal) X-Authenticated-Sender: #0004399983@gmx.net X-Authenticated-IP: [141.18.9.91] Message-ID: <15289.1010662346@www55.gmx.net> X-Mailer: WWW-Mail 1.5 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ragnagock@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi, Using the CryptoAPI-patched losetup... How do I use the losetup -p feature within a shell script? Do I have to close the filehandle after losetup or is this done by losetup? -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jan 12 21:03:34 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:58811 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 12 Jan 2002 21:03:18 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 12 Jan 2002 21:02:55 +0100 (CET) Received: from web13703.mail.yahoo.com ([IPv6:::ffff:216.136.175.136]:4112 "HELO web13703.mail.yahoo.com") by humbolt.nl.linux.org with SMTP id ; Sat, 12 Jan 2002 16:41:50 +0100 Message-ID: <20020112154147.18336.qmail@web13703.mail.yahoo.com> Received: from [203.197.157.56] by web13703.mail.yahoo.com via HTTP; Sat, 12 Jan 2002 07:41:47 PST Date: Sat, 12 Jan 2002 07:41:47 -0800 (PST) From: kap eed Subject: "information" To: linux-crypto@nl.linux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: kapeedsoft@yahoo.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org PLZ MAIL ME ALL THE PROCESS INVOLVED IN THE "SEND MAIL" OPTION AVAILABLE IN LINUX OPERATING SYSTEM AS I AM JUST TAKING UP A PROJECT ON MODELLING OUT A REAL TIME PROCESS PLZ REPLY "THANKYOU" __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jan 12 21:06:38 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:59325 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 12 Jan 2002 21:06:18 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 12 Jan 2002 21:06:13 +0100 (CET) Received: from zagorka.techno-link.com ([IPv6:::ffff:212.36.5.194]:60678 "HELO sz.techno-link.com") by humbolt.nl.linux.org with SMTP id ; Thu, 10 Jan 2002 18:37:53 +0100 Received: (qmail 9192 invoked from network); 10 Jan 2002 17:40:24 -0000 Received: from pool9-szg.techno-link.com (HELO smash.it.local) (212.36.5.184) by zagorka.techno-link.com with SMTP; 10 Jan 2002 17:40:24 -0000 Received: from r by smash.it.local with local (Exim 3.22 #1 (Debian)) id 16OjHc-00007j-00 for ; Thu, 10 Jan 2002 19:46:32 +0200 Date: Thu, 10 Jan 2002 19:46:32 +0200 From: Pavel Minev Penev To: linux-crypto@nl.linux.org Subject: A 2.4.[57] kernel crypto problem Message-ID: <20020110194632.A460@sz.techno-link.com> Reply-To: linux-crypto@nl.linux.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.23i X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: kal_pav@sz.techno-link.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org I've recently had an experience with the 2.4.5 and 2.4.7 Linux kernels' loop-back crypto (provided by the international patch) which suggests a bug. If you are interested in the problem I may forward the bluky message. Thanks, -- Pav - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jan 12 21:07:35 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:36543 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 12 Jan 2002 21:07:25 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 12 Jan 2002 21:07:20 +0100 (CET) Received: from mx0.gmx.net ([IPv6:::ffff:213.165.64.100]:7514 "HELO mx0.gmx.net") by humbolt.nl.linux.org with SMTP id ; Thu, 10 Jan 2002 12:32:27 +0100 Received: (qmail 10721 invoked by uid 0); 10 Jan 2002 11:32:26 -0000 Date: Thu, 10 Jan 2002 12:32:26 +0100 (MET) From: ragnagock@gmx.de To: linux-crypto@nl.linux.org MIME-Version: 1.0 Subject: losetup -p -- how? X-Priority: 3 (Normal) X-Authenticated-Sender: #0004399983@gmx.net X-Authenticated-IP: [141.18.9.91] Message-ID: <15289.1010662346@www55.gmx.net> X-Mailer: WWW-Mail 1.5 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ragnagock@gmx.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi, Using the CryptoAPI-patched losetup... How do I use the losetup -p feature within a shell script? Do I have to close the filehandle after losetup or is this done by losetup? -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jan 12 21:08:46 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:19905 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 12 Jan 2002 21:08:35 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 12 Jan 2002 21:08:30 +0100 (CET) Received: from c000-h001.c000.snv.cp.net ([IPv6:::ffff:209.228.32.65]:49805 "HELO c000.snv.cp.net") by humbolt.nl.linux.org with SMTP id convert rfc822-to-8bit; Sat, 12 Jan 2002 01:13:05 +0100 Received: (cpmta 17594 invoked from network); 11 Jan 2002 16:12:47 -0800 Received: from 217.225.23.208 (HELO dirichlet.mathematik.uni-bielefeld.de) by smtp.mutz.com (209.228.32.65) with SMTP; 11 Jan 2002 16:12:47 -0800 X-Sent: 12 Jan 2002 00:12:47 GMT Content-Type: text/plain; charset="us-ascii" From: Marc Mutz To: ragnagock@gmx.de, linux-crypto@nl.linux.org Subject: Re: losetup -p -- how? Date: Fri, 11 Jan 2002 19:32:14 +0100 X-Mailer: KMail [version 1.3.8] References: <15289.1010662346@www55.gmx.net> In-Reply-To: <15289.1010662346@www55.gmx.net> X-PGP-Key: 0xBDBFE838 MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT Message-Id: <200201111932.26357@sendmail.mutz.com> X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Marc@Mutz.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 10 January 2002 12:32, ragnagock@gmx.de wrote: > How do I use the > losetup -p > feature within a shell script? losetup -p5 [...] 5< file reads the passphrase from "file" through file descriptor 5. The shell will do all opening and closing for you. echo | losetup -p0 [...] will read it from stdin (ie. the output of echo). Marc - -- It has become fashionable in the post Cold War world to label opponents as terrorists [...]. By doing so, the authorities instill within society a culture of fear, leading people to accept that their rights (and the rights of others) be trampled on for the sake of the common good. In other words, it justifies the loss of privacy and a state of surveillance they would otherwise not accept. Both communism and fascism were examples of this technique used to perfection. -- John Horvath: The Internet: A Terrorist Network? Telepolis 2001/08/22 (#9350) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8Py+43oWD+L2/6DgRAkQcAKDtkAKNQQbfrdqvZEEeI7hrIUQMGwCgzIuv tMS9GMh1KCPoh4XMDEqoLdY= =+9XM -----END PGP SIGNATURE----- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jan 13 02:17:15 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:26857 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 13 Jan 2002 02:17:07 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 13 Jan 2002 02:16:55 +0100 (CET) Received: from mail.gmx.net ([IPv6:::ffff:213.165.64.20]:15233 "HELO mail.gmx.net") by humbolt.nl.linux.org with SMTP id ; Sun, 13 Jan 2002 02:16:49 +0100 Received: (qmail 31114 invoked by uid 0); 13 Jan 2002 01:16:47 -0000 Received: from pd9eaa365.dip.t-dialin.net (HELO host1) (217.234.163.101) by mail.gmx.net (mp005-rz3) with SMTP; 13 Jan 2002 01:16:47 -0000 Message-ID: <002801c19bcf$ede09ae0$0100005a@host1> From: "peter k." To: Cc: Subject: loop-AES initrd + non-english keyboards? Date: Sun, 13 Jan 2002 02:16:28 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: spam-goes-to-dev-null@gmx.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Jari could you maybe implement a feature for selecting the keyboard language which is used when entering the password? Having to type "z" instead of "y" and vice versa because of my qwertz-keyboard is annoying! And btw, it would also be nice if it did not require you to reboot if you have entered a wrong password. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jan 13 14:55:48 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:53425 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 13 Jan 2002 14:55:30 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 13 Jan 2002 14:55:12 +0100 (CET) Received: from portcullis.intechnology.co.uk ([IPv6:::ffff:213.146.131.10]:23045 "EHLO portcullis.intechnology.co.uk") by humbolt.nl.linux.org with ESMTP id ; Sun, 13 Jan 2002 14:55:02 +0100 Received: from [172.16.24.112] (helo=rioja.localnet) by portcullis.intechnology.co.uk with esmtp (Exim 3.33 #4) id 16Pl6E-00048e-00 for linux-crypto@nl.linux.org; Sun, 13 Jan 2002 13:55:02 +0000 Received: from [172.16.30.6] (helo=[172.16.30.6]) by rioja.localnet with esmtp (Exim 3.33 #4) id 16Pl6B-0004aq-00 for linux-crypto@nl.linux.org; Sun, 13 Jan 2002 13:54:59 +0000 Subject: libaes project - would appreciate contributions From: Nigel Metheringham To: linux-crypto@nl.linux.org Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Evolution/1.0.0.99+cvs.2001.12.18.08.57 (Preview Release) Date: 13 Jan 2002 13:54:45 +0000 Message-Id: <1010930085.13599.44.camel@gaspode.localnet> Mime-Version: 1.0 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Nigel.Metheringham@VData.co.uk Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Folks, I'm spamming linux-crypto as I'm hoping that I can get some input from you people and hopefully give you something useful back. I have started a new sourceforge project - libaes - to get a decent AES library available to free software projects. This was initially inspired by a version of Jari Ruusu's libaes which I found elsewhere (I guess having just seen him on here the original libaes is from the kernel crypto project). Project is at http://libaes.sourceforge.net/ (not updated yet) http://sourceforge.net/projects/libaes/ Current State:- - Alpha version release (0.01) - Requires block size set at library compilation time - C code based on Brian Gladman's latest drop - Assembly code (128 bit only) working with this (also based on Brian's work) - Assembly version runs twice as fast as C version on my box (this is mostly cos gcc cannot optomise the C well). The Alpha version is meant to be to get input on the API structure and future directions. I also would like to get some coders - assembler especially on several platforms. The current code has the aes context structure as the last parameter on all calls (as Brian's code). I think moving it to the first parameter may suit people better - specially the cbc wrapping routines. Anyhow please grab this, look at it, comment on it etc... There is a mailing list - http://lists.sourceforge.net/mailman/listinfo/libaes-devel Regards Nigel. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jan 13 17:29:36 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:44734 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 13 Jan 2002 17:29:25 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 13 Jan 2002 17:28:29 +0100 (CET) Received: from hank-fep8-0.inet.fi ([IPv6:::ffff:194.251.242.203]:6276 "EHLO fep08.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Sun, 13 Jan 2002 17:28:16 +0100 Received: from pp.inet.fi ([194.197.67.77]) by fep08.tmt.tele.fi (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with ESMTP id <20020113162806.OSFF12526.fep08.tmt.tele.fi@pp.inet.fi>; Sun, 13 Jan 2002 18:28:06 +0200 Message-ID: <3C41B580.A5122237@pp.inet.fi> Date: Sun, 13 Jan 2002 18:27:44 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: Nigel Metheringham CC: linux-crypto@nl.linux.org Subject: Re: libaes project - would appreciate contributions References: <1010930085.13599.44.camel@gaspode.localnet> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Nigel Metheringham wrote: > I have started a new sourceforge project - libaes - to get a decent AES > library available to free software projects. This was initially > inspired by a version of Jari Ruusu's libaes which I found elsewhere (I > guess having just seen him on here the original libaes is from the > kernel crypto project). Both the C version and optimized assembler version of AES cipher used in loop-AES package are based on original Brian Gladman's code, not based on international crypto patch or cryptoapi. By the way, loop-AES's aes.[ch] sources are portable. They compile and run fine in kernel and user space as well in other operating systems. Assembler implementation is a little bit faster than original Brian Gladman's code on Duron 800 MHz: key length 128 bits, encrypt speed 354.3 Mbits/sec key length 128 bits, decrypt speed 359.3 Mbits/sec key length 192 bits, encrypt speed 298.8 Mbits/sec key length 192 bits, decrypt speed 297.7 Mbits/sec key length 256 bits, encrypt speed 258.8 Mbits/sec key length 256 bits, decrypt speed 260.6 Mbits/sec > The current code has the aes context structure as the last parameter on > all calls (as Brian's code). I think moving it to the first parameter > may suit people better - specially the cbc wrapping routines. I also changed the context struct parameter to be first parameter. It makes more sense that way. Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jan 13 17:32:11 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:64191 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 13 Jan 2002 17:31:52 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 13 Jan 2002 17:31:44 +0100 (CET) Received: from hank-fep8-0.inet.fi ([IPv6:::ffff:194.251.242.203]:15748 "EHLO fep08.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Sun, 13 Jan 2002 17:29:40 +0100 Received: from pp.inet.fi ([194.197.67.77]) by fep08.tmt.tele.fi (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with ESMTP id <20020113162935.OSIS12526.fep08.tmt.tele.fi@pp.inet.fi>; Sun, 13 Jan 2002 18:29:35 +0200 Message-ID: <3C41B5D8.F0FD3DE7@pp.inet.fi> Date: Sun, 13 Jan 2002 18:29:12 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: "peter k." CC: linux-crypto@nl.linux.org Subject: Re: loop-AES initrd + non-english keyboards? References: <002801c19bcf$ede09ae0$0100005a@host1> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org "peter k." wrote: > Jari could you maybe implement a feature for selecting the keyboard language > which is used when entering the password? Having to type "z" instead of "y" > and vice versa because of my qwertz-keyboard is annoying! I assume you are using encrypted root partition and using initrd.gz built by build-initrd.sh Ok, request noted. It's also ok to send in a patch. Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jan 13 20:25:43 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:9166 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 13 Jan 2002 20:25:21 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 13 Jan 2002 20:25:05 +0100 (CET) Received: from bpdcwm01.bpcl.broadband.hu ([IPv6:::ffff:195.184.181.2]:7624 "EHLO mx01.broadband.hu") by humbolt.nl.linux.org with ESMTP id ; Sun, 13 Jan 2002 20:24:54 +0100 Received: from kain.satimex.tvnet.hu (gep427-4530.bp13catv.broadband.hu [80.98.31.185]) by mx01.broadband.hu (Postfix) with ESMTP id 67BCE30DB2 for ; Sun, 13 Jan 2002 20:24:24 +0100 (MET) Message-Id: <5.0.0.25.2.20020113201807.00b78a70@pop.tvnet.hu> X-Sender: newsmail@pop.tvnet.hu (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Sun, 13 Jan 2002 20:19:43 +0100 To: linux-crypto@nl.linux.org From: Newsmail Subject: <*> generic loop cryptographic filter (EXPERIMENTAL) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: newsmail@satimex.tvnet.hu Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org <*> generic loop cryptographic filter (EXPERIMENTAL)-----> what does this option actually do? If I enable it I dont have to care any more about <*> Cryptographic ciphers options below? it will be able too use all of them? regards, greg - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Jan 13 21:30:28 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:5844 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 13 Jan 2002 21:30:08 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 13 Jan 2002 21:29:43 +0100 (CET) Received: from hank-fep6-0.inet.fi ([IPv6:::ffff:194.251.242.201]:44003 "EHLO fep06.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Sun, 13 Jan 2002 21:29:25 +0100 Received: from pp.inet.fi ([194.197.67.190]) by fep06.tmt.tele.fi (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with ESMTP id <20020113202917.NHTN25739.fep06.tmt.tele.fi@pp.inet.fi>; Sun, 13 Jan 2002 22:29:17 +0200 Message-ID: <3C41EE10.90F3C72@pp.inet.fi> Date: Sun, 13 Jan 2002 22:29:04 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: "peter k." CC: linux-crypto@nl.linux.org Subject: Re: loop-AES initrd + non-english keyboards? References: <002801c19bcf$ede09ae0$0100005a@host1> <3C41B5D8.F0FD3DE7@pp.inet.fi> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Jari Ruusu wrote: > "peter k." wrote: > > Jari could you maybe implement a feature for selecting the keyboard language > > which is used when entering the password? Having to type "z" instead of "y" > > and vice versa because of my qwertz-keyboard is annoying! > > I assume you are using encrypted root partition and using initrd.gz built by > build-initrd.sh > > Ok, request noted. It's also ok to send in a patch. A patch to load national keyboard layout _before_ asking root partition passphrase is below. Patch is for loop-AES-v1.5b version. Regards, Jari Ruusu --- build-initrd.sh.old Wed Dec 12 20:09:35 2001 +++ build-initrd.sh Sun Jan 13 21:47:23 2002 @@ -2,7 +2,7 @@ # # build-initrd.sh # -# Written by Jari Ruusu, December 12 2001 +# Written by Jari Ruusu, January 13 2002 # # Copyright 2001 by Jari Ruusu. # Redistribution of this file is permitted under the GNU Public License. @@ -78,6 +78,10 @@ # temporary loop device index used in this script, 7 == /dev/loop7 TEMPLOOPINDEX=7 +# 1 = load national keyboard layout, 0 = don't load +# You _must_ manually copy correct keyboard layout to /boot/default.kmap +LOADNATIONALKEYB=0 + if [ $# = 1 ] ; then if [ ! -f $1 ] ; then @@ -174,6 +178,12 @@ goto fail4; } +#if ${LOADNATIONALKEYB} + buf[0] = 0; + strCat(buf, "/lib/loadkeys /lib/default.kmap"); + exeWait(buf); +#endif + #if ${USEMODULE} uname(&un); buf[0] = 0; @@ -322,7 +332,10 @@ z="/sbin/losetup" if [ ${USEMODULE} == 1 ] ; then - z="/sbin/insmod /sbin/losetup" + z="${z} /sbin/insmod" +fi +if [ ${LOADNATIONALKEYB} == 1 ] ; then + z="${z} "`which loadkeys` fi for x in ${z} ; do echo Copying ${SOURCEROOT}${x} to ${DESTINATIONROOT}${DESTINATIONPREFIX} - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Jan 14 13:43:55 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:16832 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 14 Jan 2002 13:43:46 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 14 Jan 2002 13:43:18 +0100 (CET) Received: from [IPv6:2001:658:0:2:203:47ff:fe77:28ae] ([IPv6:2001:658:0:2:203:47ff:fe77:28ae]:49425 "EHLO wins.ash.de") by humbolt.nl.linux.org with ESMTP id ; Mon, 14 Jan 2002 13:43:01 +0100 Received: (qmail 27164 invoked from network); 14 Jan 2002 12:27:35 -0000 Received: from backoffice.ash.de (2001:658:100::2e0:7dff:fe72:6bbc) by 2001:658::2:203:47ff:fe77:28ae with DES-CBC3-SHA encrypted SMTP cert backoffice@ash.de; 14 Jan 2002 12:27:35 -0000 Received: (qmail 28574 invoked by uid 500); 14 Jan 2002 12:42:30 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 14 Jan 2002 12:42:30 -0000 Date: Mon, 14 Jan 2002 13:42:30 +0100 (CET) From: Hauke Johannknecht To: "peter k." cc: , Jari Ruusu Subject: Re: loop-AES initrd + non-english keyboards? In-Reply-To: <002801c19bcf$ede09ae0$0100005a@host1> Message-ID: X-NCC-RegID: de.trmd MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: ash@ash.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Sun, 13 Jan 2002, peter k. wrote: > And btw, it would also be nice if it did not require you to reboot if you > have entered a wrong password. i was thinking about this a few days ago. in case of "pivot mode" it should be trivial to add a repeat askfor($passphrase); until (mount($root)); loop. but again, so many projects, so little time. :( i will try to mail a patch within the next days. Gruss, Hauke -- Hauke Johannknecht Berlin / Germany HJ422-RIPE Use PGP ! -> lynx -dump http://www.ash.de/ash.asc | pgp -kaf - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Wed Jan 16 15:20:33 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:27820 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Wed, 16 Jan 2002 15:20:17 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Wed, 16 Jan 2002 15:18:41 +0100 (CET) Received: from web14912.mail.yahoo.com ([IPv6:::ffff:216.136.225.248]:61445 "HELO web14912.mail.yahoo.com") by humbolt.nl.linux.org with SMTP id ; Wed, 16 Jan 2002 15:18:36 +0100 Message-ID: <20020116141830.13998.qmail@web14912.mail.yahoo.com> Received: from [64.231.9.67] by web14912.mail.yahoo.com via HTTP; Wed, 16 Jan 2002 09:18:30 EST Date: Wed, 16 Jan 2002 09:18:30 -0500 (EST) From: Michael Zhu Subject: Loop AES patch for loop.c and lomount.c To: linux-crypto@nl.linux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mylinuxk@yahoo.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hello, everyone, where can I find the most updated loop aes patch for loop.c and lomount.c. My original losetup doesn't work for the loop aes. I need a new one. Thanks. Michael ______________________________________________________________________ Web-hosting solutions for home and business! http://website.yahoo.ca - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jan 19 20:55:36 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:53419 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 19 Jan 2002 20:55:29 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 19 Jan 2002 20:54:58 +0100 (CET) Received: from web14912.mail.yahoo.com ([IPv6:::ffff:216.136.225.248]:61445 "HELO web14912.mail.yahoo.com") by humbolt.nl.linux.org with SMTP id ; Wed, 16 Jan 2002 15:18:36 +0100 Message-ID: <20020116141830.13998.qmail@web14912.mail.yahoo.com> Received: from [64.231.9.67] by web14912.mail.yahoo.com via HTTP; Wed, 16 Jan 2002 09:18:30 EST Date: Wed, 16 Jan 2002 09:18:30 -0500 (EST) From: Michael Zhu Subject: Loop AES patch for loop.c and lomount.c To: linux-crypto@nl.linux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mylinuxk@yahoo.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hello, everyone, where can I find the most updated loop aes patch for loop.c and lomount.c. My original losetup doesn't work for the loop aes. I need a new one. Thanks. Michael ______________________________________________________________________ Web-hosting solutions for home and business! http://website.yahoo.ca - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jan 19 20:57:57 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:47022 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 19 Jan 2002 20:57:52 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 19 Jan 2002 20:57:47 +0100 (CET) Received: from hank-fep7-0.inet.fi ([IPv6:::ffff:194.251.242.202]:64679 "EHLO fep07.tmt.tele.fi") by humbolt.nl.linux.org with ESMTP id ; Wed, 16 Jan 2002 16:33:58 +0100 Received: from pp.inet.fi ([194.197.67.158]) by fep07.tmt.tele.fi (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with ESMTP id <20020116153348.RLWC23168.fep07.tmt.tele.fi@pp.inet.fi>; Wed, 16 Jan 2002 17:33:48 +0200 Message-ID: <3C459D5C.952BA6F4@pp.inet.fi> Date: Wed, 16 Jan 2002 17:33:48 +0200 From: Jari Ruusu X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.2.20aa1 i686) X-Accept-Language: en MIME-Version: 1.0 To: Michael Zhu CC: linux-crypto@nl.linux.org Subject: Re: Loop AES patch for loop.c and lomount.c References: <20020116141830.13998.qmail@web14912.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: jari.ruusu@pp.inet.fi Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Michael Zhu wrote: > Hello, everyone, where can I find the most updated > loop aes patch for loop.c and lomount.c. My original > losetup doesn't work for the loop aes. I need a new > one. Thanks. http://mail.nl.linux.org/linux-crypto/2001-12/msg00065.html http://marc.theaimsgroup.com/?l=linux-crypto&m=100928929324854&w=2 Regards, Jari Ruusu - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jan 19 20:58:47 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:62127 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 19 Jan 2002 20:58:34 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 19 Jan 2002 20:58:23 +0100 (CET) Received: from moremagic.merlins.org ([IPv6:::ffff:204.80.101.251]:18885 "EHLO mail2.merlins.org") by humbolt.nl.linux.org with ESMTP id ; Fri, 18 Jan 2002 01:37:24 +0100 Received: from merlin by mail2.merlins.org with local (Exim 3.31-VA-mm2 #1 (Debian)) id 16RN1M-0006Ya-00 for ; Thu, 17 Jan 2002 16:36:40 -0800 Date: Thu, 17 Jan 2002 16:36:40 -0800 From: Marc MERLIN To: linux-crypto@nl.linux.org Subject: FreeS/WAN + linux crypto in 2.4.17 Message-ID: <20020117163640.B20867@merlins.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.15i X-Sysadmin: BOFH X-URL: http://marc.merlins.org/ X-Operating-System: Proudly running Linux 2.4.14-lvm1.0.1rc4-ext3-0.9.15-grsec-1.8.8-servers11/Debian woody X-Mailer: Some Outlooks can't quote properly without this header X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: marc_news@valinux.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi, So, I was hoping to get FreeS/WAN to compile as a module and add it to one of my kernels. I then realized that I had to patch my kernel. Would have been easier with a real patch instead of the dreadful makefile and patch process which dies if anything doesn't patch perfectly. After the pain of working around it, I eventually got the compile to bomb at the end (fs 1.91 and 2.4.17). After the pain of working around it, I eventually got the compile to bomb at the end (see failure at the end of the message) So, I looked around and found cryptoapi.sf.net which had the goal of making crypto a module in an existing kernel. While it doesn't include FS, I did find a promising freeswan-import.sh script which seems to convert the FS patches into a real patch that I can just apply. However, I don't think it's going to make FS 1.91 work any better if it fails to build now, but if I like the features offered by cryptoapi, and wouldn't mind having them in addition to FS (I can't tell if it makes FS share the cryptoAPI code or if they each have their own). I guess my main question is can I get FS to work with cryptoapi 2.4.7.0, and linux 2.4.17? If so, which version of FS should I try to patch? Can I try to use the freeswan-import.sh script? Thanks Marc Linking failure attached here: ld: Warning: size of symbol `SHA1Update' changed from 222 to 215 in net/network.o net/network.o: In function `SHA1Init': /var/local/src/misckernels/linux-2.4.17-fswan-1.91-grsec-1.9.2-servers1/net/ipsec/ipsec_sha1.c:101: multiple definition of `SHA1Init' kernel/kernel.o(.text+0x17734): first defined here net/network.o: In function `SHA1Final': /var/local/src/misckernels/linux-2.4.17-fswan-1.91-grsec-1.9.2-servers1/net/ipsec/ipsec_sha1.c(.text+0x5f294): multiple definition of `SHA1Final' kernel/kernel.o(.text+0x1784c): first defined here ld: Warning: size of symbol `SHA1Final' changed from 313 to 309 in net/network.o net/network.o: In function `SHA1Transform': /var/local/src/misckernels/linux-2.4.17-fswan-1.91-grsec-1.9.2-servers1/net/ipsec/ipsec_sha1.c(.text+0x5d420): multiple definition of `SHA1Transform' kernel/kernel.o(.text+0x159d0): first defined here make[1]: *** [vmlinux] Error 1 make[1]: Leaving directory `/var/local/src/misckernels/linux-2.4.17-fswan-1.91-grsec-1.9.2-servers1' make: *** [stamp-build] Error 2 -- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jan 19 20:59:17 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:12209 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 19 Jan 2002 20:59:07 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 19 Jan 2002 20:58:57 +0100 (CET) Received: from web14907.mail.yahoo.com ([IPv6:::ffff:216.136.225.59]:55301 "HELO web14907.mail.yahoo.com") by humbolt.nl.linux.org with SMTP id ; Thu, 17 Jan 2002 21:36:56 +0100 Message-ID: <20020117203653.2399.qmail@web14907.mail.yahoo.com> Received: from [64.231.8.187] by web14907.mail.yahoo.com via HTTP; Thu, 17 Jan 2002 15:36:53 EST Date: Thu, 17 Jan 2002 15:36:53 -0500 (EST) From: Michael Zhu Subject: sizeof(dev_t) between lomount.c and loop.c To: linux-crypto@nl.linux.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mylinuxk@yahoo.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hello, everyone, I have a problem when I use the loop device. I compiled and built the loop.o and losetup.o. Then I used the insmod loop.o to load the loop.o into the kernel. Up to now everything is OK. Then I used the following command to connect the loop0 with the floppy disk device. losetup -e xor /dev/loop0 /dev/fd0 It succeeded. Then I used "mke2fs /dev/loop0" and "mount /dev/loop0 /floppy" to format and mount the loop device. Then I copied some files to the loop device. But I found that the data on the floppy was never encrypted. After tracing the code I found that the loop.o always called the transfer_none() function. That means that it doesn't use the transfer_xor(). At last I found the exact reason. Both losetup and loop use the loop.h header file. In this header file there is a struct loop_info which contains 2 parameters, dev_t loop_device and dev_t loop_rdevice. I print the size of this structure and the size of the dev_t variable type both is losetup and loop. The following is the output. In losetup: The sizeof(struct loop_info) is 148. The sizeof(dev_t) is 8. In loop: The sizeof(struct loop_info) is 136. The sizeof(dev_t) is 2. You see that means that the definition of dev_t in losetup and loop is different. So I couldn't get the correct result. I know that losetup runs in user space while loop runs in kernel space. Is that the reason of this? After I omitted these two parameters in the loop_info structure, then everything is OK. What is the problem? Thanks in advance. Michael ______________________________________________________________________ Web-hosting solutions for home and business! http://website.yahoo.ca - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jan 19 21:00:17 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:6580 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 19 Jan 2002 20:59:57 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 19 Jan 2002 20:59:52 +0100 (CET) Received: from smtp017.mail.yahoo.com ([IPv6:::ffff:216.136.174.114]:63495 "HELO smtp017.mail.yahoo.com") by humbolt.nl.linux.org with SMTP id ; Fri, 18 Jan 2002 03:17:41 +0100 Received: from unknown (HELO zhujj) (142.204.83.114) by smtp.mail.vip.sc5.yahoo.com with SMTP; 18 Jan 2002 02:17:37 -0000 Message-ID: <002601c19fdf$67e5c780$7253cc8e@zhujj> From: "Michael Zhu" To: Subject: Different sizeof(dev_t) in lomount.c and loop.c Date: Thu, 17 Jan 2002 21:17:17 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0023_01C19F9C.57A8A830" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: mylinuxk@yahoo.ca Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This is a multi-part message in MIME format. ------=_NextPart_000_0023_01C19F9C.57A8A830 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Hello, everyone, I have a problem when I use the loop device. I = recompiled and built the losetup.o and loop.o. Then I used the insmod = loop.o to load it into the kernel. Then I use the following command to = connect the loop0 with the floppy disk. losetup -e xor /dev/loop0 /dev/fd0 It succeeded. Up to now it seemed that everything is OK. Then I used the = "mke2fs /dev/loop0" and "mount /dev/loop0 /floppy" to format and mount = the loop device. Then I copied some files to the loop device. Then I = used the "umount /floppy" and "losetup -d /dev/loop0" to unmount the = floppy and disconnected that with the loop device. Then I found that the = data on the floppy disk was never encrypted. It is just the normal ext2 = format. In loop.o it always call the transfer_none() function rather = than the transfer_xor(). After tracing the code I found the exact reason. Both the lomount.c and = the loop.c include the loop.h header file. In this header file there is = a loop_info structure. And this structure contains two parameters: = 'dev_t lo_device' and 'dev_t lo_rdevice'. I printed the size of the = loop_info structure and the size of the dev_t variable type in losetup = and loop. The following are the output. In losetup: The sizeof(loop_info) is 148. The sizeof(dev_t) is 8. In loop: The sizeof(loop_info) is 136. The sizeof(dev_t) is 2. You see the difference. It seemed that the definition of the dev_t is = different in losetup and loop. What is wrong? After I omited these 2 = parameters from the loop_info structure, then everything is OK. It works = very fine. I know that the losetup runs in user space while loop runs in = kernel space. That is the reason for this? Anyone has the same problem?=20 Michael ------=_NextPart_000_0023_01C19F9C.57A8A830 Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: quoted-printable

Hello, everyone, I have a problem when = I use the=20 loop device. I recompiled and built the losetup.o and loop.o. Then I = used the=20 insmod loop.o to load it into the kernel. Then I use the following = command to=20 connect the loop0 with the floppy disk.

losetup -e xor /dev/loop0 = /dev/fd0

It succeeded. Up to now it seemed that = everything=20 is OK. Then I used the "mke2fs /dev/loop0" and "mount /dev/loop0 = /floppy" to=20 format and mount the loop device. Then I copied some files to the loop = device.=20 Then I used the "umount /floppy" and "losetup -d /dev/loop0" to unmount = the=20 floppy and disconnected that with the loop device. Then I found that the = data on=20 the floppy disk was never encrypted. It is just the normal ext2 format. = In=20 loop.o it always call the transfer_none() function rather than the=20 transfer_xor().

After tracing the code I found the = exact reason.=20 Both the lomount.c and the loop.c include the loop.h header file. In = this header=20 file there is a loop_info structure. And this = structure contains two=20 parameters: 'dev_t lo_device' and 'dev_t lo_rdevice'. I printed the size = of the=20 loop_info structure and the size of the dev_t variable type in losetup = and loop.=20 The following are the output.

In losetup:

The sizeof(loop_info) is = 148.

The sizeof(dev_t) is 8.

In loop:

The sizeof(loop_info) is = 136.

The sizeof(dev_t) is 2.

You see the difference. It seemed that the definition of the dev_t = is=20 different in losetup and loop. What is wrong? After I omited these 2 = parameters=20 from the loop_info structure, then everything is OK. It works very fine. = I know=20 that the losetup runs in user space while loop runs in kernel space. = That is the=20 reason for this?

Anyone has the same problem?

Michael

------=_NextPart_000_0023_01C19F9C.57A8A830-- _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jan 19 21:00:57 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:15542 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 19 Jan 2002 21:00:42 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 19 Jan 2002 21:00:36 +0100 (CET) Received: from moremagic.merlins.org ([IPv6:::ffff:204.80.101.251]:8114 "EHLO mail2.merlins.org") by humbolt.nl.linux.org with ESMTP id ; Fri, 18 Jan 2002 19:32:44 +0100 Received: from merlin by mail2.merlins.org with local (Exim 3.31-VA-mm2 #1 (Debian)) id 16Rdog-0008RU-00 for ; Fri, 18 Jan 2002 10:32:42 -0800 Date: Fri, 18 Jan 2002 10:32:42 -0800 From: Marc MERLIN To: linux-crypto@nl.linux.org Subject: FreeS/WAN + linux crypto in linux 2.4.17 Message-ID: <20020118103242.A32329@merlins.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.15i X-Sysadmin: BOFH X-URL: http://marc.merlins.org/ X-Operating-System: Proudly running Linux 2.4.14-lvm1.0.1rc4-ext3-0.9.15-grsec-1.8.8-servers11/Debian woody X-Mailer: Some Outlooks can't quote properly without this header X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: marc_crypto@merlins.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org [Trying again, it didn't go through the first time] Hi, So, I was hoping to get FreeS/WAN to compile as a module and add it to one of my kernels. I then realized that I had to patch my kernel. Would have been easier with a real patch instead of the dreadful makefile and patch process which dies if anything doesn't patch perfectly. After the pain of working around it, I eventually got the compile to bomb at the end (fs 1.91 and 2.4.17). After the pain of working around it, I eventually got the compile to bomb at the end (see failure at the end of the message) So, I looked around and found cryptoapi.sf.net which had the goal of making crypto a module in an existing kernel. While it doesn't include FS, I did find a promising freeswan-import.sh script which seems to convert the FS patches into a real patch that I can just apply. However, I don't think it's going to make FS 1.91 work any better if it fails to build now, but if I like the features offered by cryptoapi, and wouldn't mind having them in addition to FS (I can't tell if it makes FS share the cryptoAPI code or if they each have their own). I guess my main question is can I get FS to work with cryptoapi 2.4.7.0, and linux 2.4.17? If so, which version of FS should I try to patch? Can I try to use the freeswan-import.sh script? Thanks Marc Linking failure attached here: /var/local/src/misckernels/linux-2.4.17-fswan-1.91-grsec-1.9.2-servers1/arch/i386/lib/lib.a /var/local/src/misckernels/linux-2.4.17-fswan-1.91-grsec-1.9.2-servers1/lib/lib.a /var/local/src/misckernels/linux-2.4.17-fswan-1.91-grsec-1.9.2-servers1/arch/i386/lib/lib.a \ --end-group \ -o vmlinux net/network.o: In function `SHA1Update': /var/local/src/misckernels/linux-2.4.17-fswan-1.91-grsec-1.9.2-servers1/net/ipsec/ipsec_sha1.c(.text+0x5f1bc): multiple definition of `SHA1Update' kernel/kernel.o(.text+0x1776c): first defined here ld: Warning: size of symbol `SHA1Update' changed from 222 to 215 in net/network.o net/network.o: In function `SHA1Init': /var/local/src/misckernels/linux-2.4.17-fswan-1.91-grsec-1.9.2-servers1/net/ipsec/ipsec_sha1.c:101: multiple definition of `SHA1Init' kernel/kernel.o(.text+0x17734): first defined here net/network.o: In function `SHA1Final': /var/local/src/misckernels/linux-2.4.17-fswan-1.91-grsec-1.9.2-servers1/net/ipsec/ipsec_sha1.c(.text+0x5f294): multiple definition of `SHA1Final' kernel/kernel.o(.text+0x1784c): first defined here ld: Warning: size of symbol `SHA1Final' changed from 313 to 309 in net/network.o net/network.o: In function `SHA1Transform': /var/local/src/misckernels/linux-2.4.17-fswan-1.91-grsec-1.9.2-servers1/net/ipsec/ipsec_sha1.c(.text+0x5d420): multiple definition of `SHA1Transform' kernel/kernel.o(.text+0x159d0): first defined here make: *** [vmlinux] Error 1 -- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Jan 19 22:13:19 2002 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:1738 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 19 Jan 2002 22:13:01 +0100 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 19 Jan 2002 22:12:53 +0100 (CET) Received: from zagorka.techno-link.com ([IPv6:::ffff:212.36.5.194]:55310 "HELO sz.techno-link.com") by humbolt.nl.linux.org with SMTP id ; Sat, 19 Jan 2002 22:12:40 +0100 Received: (qmail 24010 invoked from network); 19 Jan 2002 21:16:55 -0000 Received: from pool10-szg.techno-link.com (HELO smash.it.local) (212.36.5.185) by zagorka.techno-link.com with SMTP; 19 Jan 2002 21:16:55 -0000 Received: from r by smash.it.local with local (Exim 3.22 #1 (Debian)) id 16S2x2-0000o1-00 for ; Sat, 19 Jan 2002 23:23:00 +0200 Date: Sat, 19 Jan 2002 23:23:00 +0200 From: Pavel Minev Penev To: linux-crypto@nl.linux.org Subject: Re: sizeof(dev_t) between lomount.c and loop.c Message-ID: <20020119232300.A2518@sz.techno-link.com> Reply-To: linux-crypto@nl.linux.org Mail-Followup-To: linux-crypto@nl.linux.org References: <20020117203653.2399.qmail@web14907.mail.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="lrZ03NoBR/3+SXJZ" Content-Disposition: inline In-Reply-To: <20020117203653.2399.qmail@web14907.mail.yahoo.com> User-Agent: Mutt/1.3.23i X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: kal_pav@sz.techno-link.com Precedence: bulk List-help: