From zhao123mei@21cn.com Fri Aug 1 04:59:49 2003 Received: from [IPv6:3ffe:8260:10f:ffff::2] ([IPv6:3ffe:8260:10f:ffff::2]:47499 "EHLO localhost") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Aug 2003 04:59:41 +0200 Received: from [IPv6:::ffff:218.19.173.8] ([IPv6:::ffff:218.19.173.8]:33168 "EHLO linux-crypto-archive") by imladris.surriel.com with ESMTP id S82761AbTHAC7M (ORCPT ); Thu, 31 Jul 2003 22:59:12 -0400 From: =?GB2312?B?ueO2q8nu29rK0M/juem159fT09DP3rmry74=?= Subject: =?GB2312?B?ytPGtbLJvK+/qA==?= 3:11:7:581 To: linux-crypto-archive@nl.linux.org Content-Type: text/html;charset="GB2312" Reply-To: zhaoqiaomei@21cn.com Disposition-Notification-To: zhaoqiaomei@21cn.com Date: Tue, 4 Jan 2000 03:11:28 +0800 X-Priority: 4 Message-Id: Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org

视频采集卡-1
*MPEG-4压缩格式,四路视频输入,一路音频输入
*资源25帧/秒PAL制式,30帧/秒NTSC制式
*用于单路采集时,可提供全实时视频采集功能
*回放可选择不同的速度回放,快进或快退
*录像占用硬盘空间60M-100M/路/小时
*显示分辨率768×576 384×288
*报警传输通过局域网,广域网进行报警信号传输
*可远端浏览图像,远程回放录像,可通过电话线传输,可通过IE浏览
*单系统可支持安装4块卡,达到16路视频采集,录像总资源100帧
*Windows 98操作系统

视频采集卡-
*MJPEG压缩格式
*显示分辨率640×480 320×240
*一卡提供4-8路视频输入
*单卡总资源高达100帧/秒PAL制式,NTSC制式120帧/秒
*实时显示,录像总资源最高达100帧
*四路报警输入,四路报警输出,移动侦测报警
*录像模式可设置,动态录像、传感录像、定时录像及连续录像
*控制云台、镜头功能,硬盘自动覆盖
*同时监视、录像及回放,远端可单画面或多画面显示
*网络功能,远端可多画面浏览
*放帧数可调,录像占用硬盘空间200-500M路/小时
*系统支持安装二块卡,最高达16路视频,录像总资源200帧
*indows 98操作系统,支持简体中文、繁体中文及英文介面
*议配置:华硕815EP主板 ATI 32M显卡

视频采集卡-3
*ENGIN-K压缩格式,支持PAL及NTSL制式
*16路一卡制,4路实时监控,录像总资源100帧
*分辨率640×480,320×240,160×120
*单卡总资源高达100帧/秒PAL制式,NTSC制式120帧/秒
*八路报警输入,八路报警输出,移动侦测报警
*录像模式可设置,动态录像、传感录像、定时录像及连续录像
*前端设备故障语音提示报警,并通过网络(ISDN/DDN/PSTN/LAN)主动传至卡部
*通过网络自动轮巡可将所有ATM机监控设备工作状态集中汇总至卡部
*控制云台、镜头功能,硬盘自动覆盖
*可同时监视、录像及回放,远端可单画面或多画面显示
*回放帧数可调,录像占用硬盘空间200M-400M/路/小时
*视频输入1-16路,音频输入1路
*单系统支持安装二块卡,录像总资源达到200帧
*操作系统Wndows 98
*议配置:华硕815EP主板 ATI 32M显卡

联系人:赵巧辉

电话:020-82349026 88303097

E-mail:zhaoqiaomei@21cn.com

广东深圳市香归电子有限公司

From linux-crypto-bounce@nl.linux.org Fri Aug 1 21:01:40 2003 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:60551 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Aug 2003 21:01:31 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 01 Aug 2003 21:01:22 +0200 (CEST) Received: from adsl-216-158-28-251.cust.oldcity.dca.net ([IPv6:::ffff:216.158.28.251]:16009 "EHLO fukurou.paranoiacs.org") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Aug 2003 21:00:21 +0200 Received: from fukurou.paranoiacs.org (localhost [127.0.0.1]) by fukurou.paranoiacs.org (8.12.9/8.12.9) with ESMTP id h71Ijm8g020579; Fri, 1 Aug 2003 14:45:49 -0400 Received: (from sluskyb@localhost) by fukurou.paranoiacs.org (8.12.9/8.12.9/Submit) id h71IjhOY020578; Fri, 1 Aug 2003 14:45:43 -0400 Date: Fri, 1 Aug 2003 14:45:43 -0400 From: Ben Slusky To: Andries.Brouwer@cwi.nl Cc: fvw@var.cx, linux-kernel@vger.kernel.org, linux-crypto@nl.linux.org Subject: Re: 2.6.0-test2+Util-linux/cryptoapi Message-ID: <20030801184543.GA15828@fukurou.paranoiacs.org> Mail-Followup-To: Andries.Brouwer@cwi.nl, fvw@var.cx, linux-kernel@vger.kernel.org, linux-crypto@nl.linux.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: sluskyb@paranoiacs.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org On Thu, 31 Jul 2003 11:41:25 +0200, Andries.Brouwer@cwi.nl wrote: > The patches I got were maximal, too much junk. > So I went for a minimal version instead. > > It is usable (when the kernel part is stable, which it isn't today) > but mount/losetup may well acquire a few options before it is > conveniently usable. Can we discuss those options now? I find the latest losetup to be completely unusable, tho' I appreciate the effort that's gone into it so far. Firstly, are the other key size choices (128-bit, 192-bit) gone for good? If so then I'll need to redo this entire hard disk (which currently uses 128-bit AES) before I can test 2.6 on my laptop. Secondly, there's the issue of passphrase hashing. I agree with the decision to cut it out of losetup, but where do we put it now? Andries has suggested an external program, but this isn't as simple as it sounds. To get this working would require a new way of reading the passphrase, since the hashed passphrase might contain a newline, or a null. Maybe change the semantics of the -p option, so that: losetup -e aes /dev/loop/10 /home/sluskyb/testloop will work when I give it the passphrase "foobar", but also pwhash -h sha1 |losetup -e aes -k 128 -p 0 /dev/loop/0 \ /dev/discs/disc0/part3 will read exactly 16 bytes of (probably) non-printable chars and use that as the key. Questions? Comments? Flames? -- Ben Slusky | A free society is a society sluskyb@paranoiacs.org | where it is safe to be sluskyb@stwing.org | unpopular. PGP keyID ADA44B3B | -Adlai Stevenson - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Fri Aug 1 23:02:16 2003 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:10157 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Aug 2003 23:02:00 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Fri, 01 Aug 2003 23:01:52 +0200 (CEST) Received: from hera.cwi.nl ([IPv6:::ffff:192.16.191.8]:6906 "EHLO hera.cwi.nl") by humbolt.nl.linux.org with ESMTP id ; Fri, 1 Aug 2003 23:01:04 +0200 Received: from apps.cwi.nl (apps.cwi.nl [192.16.191.34]) by hera.cwi.nl with ESMTP id XAA17666 for ; Fri, 1 Aug 2003 23:00:53 +0200 (MEST) From: Andries.Brouwer@cwi.nl Received: by apps.cwi.nl id h71L0ri01916; Fri, 1 Aug 2003 23:00:53 +0200 (MEST) Date: Fri, 1 Aug 2003 23:00:53 +0200 (MEST) Message-Id: To: Andries.Brouwer@cwi.nl, sluskyb@paranoiacs.org Subject: Re: 2.6.0-test2+Util-linux/cryptoapi Cc: fvw@var.cx, linux-crypto@nl.linux.org, linux-kernel@vger.kernel.org X-Spam-Status: No, hits=0.6 required=5.0 tests=NO_REAL_NAME version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: Andries.Brouwer@cwi.nl Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org From: Ben Slusky > The patches I got were maximal, too much junk. > So I went for a minimal version instead. > > It is usable (when the kernel part is stable, which it isn't today) > but mount/losetup may well acquire a few options before it is > conveniently usable. Can we discuss those options now? I find the latest losetup to be completely unusable, tho' I appreciate the effort that's gone into it so far. Firstly, are the other key size choices (128-bit, 192-bit) gone for good? If so then I'll need to redo this entire hard disk (which currently uses 128-bit AES) before I can test 2.6 on my laptop. We need some discussion - there is no hurry. Consider: Crypto users are a small minority. On the other hand, every Linux user needs mount. Also in emergency situations. Possibly from a rescue floppy. Consider: mount is suid root. Both reasons imply that it is undesirable to add a lot of messy code to mount, quite apart from maintainability. If the messy code is in an external program of which the path name is given as a -o option, then the correctness of the external program is the invokers responsibility, and it doesnt take space on the rescue floppies of non crypto users. Consider: Most people want to invoke losetup from mount. But we just concluded that it is desirable to try and prevent bloating mount. Yes, it is full of garbage already, but that is no reason to add even more. You want key size choices. OK. I don't like to add another option to mount. Probably all encryption stuff can be part of the -o encryption= option. How is stuff coded? Well, everybody can invent some suitable syntax. The one I like best wins. Proposals complete with (nice, readable) code get bonus points. Secondly, there's the issue of passphrase hashing. I agree with the decision to cut it out of losetup, but where do we put it now? Andries has suggested an external program, but this isn't as simple as it sounds. To get this working would require a new way of reading the passphrase, since the hashed passphrase might contain a newline, or a null. Maybe change the semantics of the -p option, so that: losetup -e aes /dev/loop/10 /home/sluskyb/testloop will work when I give it the passphrase "foobar", but also pwhash -h sha1 | losetup -e aes -k 128 -p 0 /dev/loop/0 \ /dev/discs/disc0/part3 will read exactly 16 bytes of (probably) non-printable chars and use that as the key. Sounds entirely reasonable. This is good for doing things "by hand". But people also want to have crypto mounts described in /etc/fstab. The option column there should contain all information needed to do the losetup and mount. I would be most happy if people on crypto lists would discuss details. I do not think this belongs on linux-kernel. Andries [I see that this is cc-ed to linux-crypto@nl.linux.org - maybe that is an appropriate list.] - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Aug 2 07:28:43 2003 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:10661 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Aug 2003 07:28:34 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 02 Aug 2003 07:28:30 +0200 (CEST) Received: from fe113213.fl.FreeBit.NE.JP ([IPv6:::ffff:219.112.113.213]:31487 "HELO yume88.com") by humbolt.nl.linux.org with SMTP id ; Sat, 2 Aug 2003 07:28:05 +0200 From: dm82 To: linux-crypto@nl.linux.org Reply-To: dm_dmmaster@yume.otegami.com Subject: =?iso-2022-jp?q?=96=A2=8F=B3=91=F8=8DL=8D=90=81=A6=91f=90l=89=E6=91=9C=96=F14000=96=87=82=F0=8Bl=82=DF=8D=9E=82=F1=82=BE=8C=83=88=C0=8C=83=83=8C=83A=8F=A4=95i?= Date: Sat, 02 Aug 2003 14:28:07 +0900 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="e6d9600b-b66f-4654-949b-5339135a8056" Message-Id: <20030802052808Z19467-29181+7676@humbolt.nl.linux.org> X-Spam-Status: No, hits=1.8 required=5.0 tests=CHARSET_FARAWAY_HEADERS version=2.20 X-Spam-Level: * X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: dm_dmmaster@yume.otegami.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This is a multi-part message in MIME format --e6d9600b-b66f-4654-949b-5339135a8056 Content-Type: text/plain; charset=iso-2022-jp Content-Transfer-Encoding: quoted-printable <=91=97=90M=8B=C6=8E=D2> http://dmmster.com .<=8E=96=8B=C6=8E=D2> http://net-channel.info/ .=94z=90M=92=E2=8E~=82=CC=95=FB=82=CD=82=B1=82=BF=82=E7=82=DC=82=C5=81= @dmmaster1@yume.otegami.com .=81=A6=94z=90M=92=E2=8E~=8E=E8=91=B1=82=AB=82=A9=82=E7=96=F148=8E=9E=8A=D4= =88=C8=93=E0=82=C5=94=BD=89f=82=B3=82=EA=82=DC=82=B7=81B .=83=81=81[=83=8B=83N=83=8A=81[=83j=83=93=83O=8B@=8A=ED=82=CC=8C=CC=8F=E1=82= =C9=82=E6=82=E8=90=94=89=F1=82=E0=94z=90M=92=E2=8E~=82=CC=90l=82=C9 .=91=97=82=C1=82=C4=82=A2=82=E9=89=C2=94\=90=AB=82=AA=82=A0=82=E8=82=DC=82=B5= =82=BD=81B=90=BD=82=C9=90\=82=B5=96=F3=82=A0=82=E8=82=DC=82=B9=82=F1=82=C5=82= =B5=82=BD=81B .=82=BB=82=CC=82=E6=82=A4=82=C8=95=FB=82=CD=8C=8F=96=BC=82=C9=81u=81=9B=89=F1= =96=DA=81v=82=C6=8BL=93=FC=82=B5=82=C4=8F=E3=8BL=83A=83h=83=8C=83X=82=C9=91=97= =82=C1=82=C4=82=AD=82=BE=82=B3=82=A2=81B .=82=BB=82=EA=88=C8=8AO=82=CC=95=FB=82=CD=96{=95=AA=82=C9=94z=90M=92=E2=8E= ~=82=C6=8BL=93=FC=82=B5=82=C4=8F=E3=8BL=83A=83h=83=8C=83X=82=C9=91=97=82=C1=82= =C4=82=AD=82=BE=82=B3=82=A2=81B .=81I=81I=81=A6=95K=82=B8=94z=90M=92=E2=8E~=82=CC=83A=83h=83=8C=83X=82=A9=82= =E7=82=A8=91=97=82=E8=82=AD=82=BE=82=B3=82=A2=81I=81I . . .=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81= =A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81= =A1 .=91f=90l=89=E6=91=9C=8FW50=96=87=8C=C0=92=E8=82=CC=91=81=82=A2=82=E0=82=CC= =8F=9F=82=BF=8C=83=83=8C=83A=8F=A4=95i=81I=81I .=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81= =A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81= =A1 .=83A=83\=83R=8A=DB=8C=A9=82=A6=81E=82=A8=82=C1=82=CF=82=A2=81E=95=FA=94A=81= E=83t=83F=83=89=83`=83I=81E .=93=90=8EB=81E=8F=AD=8F=97=81ESM=81E=83X=83J=83g=83=8D=89=E6=91=9C=96=9E=8D= =DA .=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81= =A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81=A1=81= =A1 . .=81=9E=81\=81\=81\=81\=81\=81\=81\=81\=81\=81\=81\=81\=81\=81\=81\=81\=81= \=81\=81\=81\=81\=81\=81\=81\=81=9E .=81b=81@=81@ =81=E2=81=E2=81@http://net-channel.info/=81@=81=E1=81=E1 .=81=9E=81\=81\=81\=81\=81\=81\=81\=81\=81\=81\=81\=81\=81\=81\=81\=81\=81= \=81\=81\=81\=81\=81\=81\=81\=81=9E .__=82=A2=82=E2=82=E7=82=B5=82=A2=89=E6=91=9C=96=9E=8D=DA=82=C8=82=CC=82=C5= 18=8D=CE=96=A2=96=9E=82=CC=95=FB=97=A7=82=BF=93=FC=82=E8=8C=B5=8B=D6__ . . .*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81= c*=81c*=81c*=81c*=81c*=81c*=81c*=81c* .=83T=83C=83g=82=AA=8F=C1=82=A6=82=C4=82=B5=82=DC=82=A4=8B=B0=82=EA=82=AA=82= =A0=82=E8=82=DC=82=B7=82=CC=82=C5=81A=82=A8=91=81=82=DF=82=C9=8C=A9=82=C9=97= =88=82=C4=89=BA=82=B3=82=A2=82=CB=81=F4 .*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81c*=81= c*=81c*=81c*=81c*=81c*=81c*=81c*=81c* --e6d9600b-b66f-4654-949b-5339135a8056-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Aug 2 09:01:17 2003 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:32920 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Aug 2003 09:00:59 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 02 Aug 2003 09:00:54 +0200 (CEST) Received: from [IPv6:3ffe:8260:10f:ffff::2] ([IPv6:3ffe:8260:10f:ffff::2]:14799 "EHLO localhost") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Aug 2003 09:00:36 +0200 Received: from [IPv6:::ffff:211.243.185.59] ([IPv6:::ffff:211.243.185.59]:33030 "HELO center") by imladris.surriel.com with SMTP id S81338AbTHBG6s (ORCPT ); Sat, 2 Aug 2003 02:58:48 -0400 From: bnate@gte.net To: linux-crypto@nl.linux.org Subject: hahaha Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Date: Sat, 2 Aug 2003 15:57:39 +0900 X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Message-Id: X-Spam-Status: No, hits=0.6 required=5.0 tests=NO_REAL_NAME version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: bnate@gte.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org whats up dude, you should see this! i saved a bomb.. Don't pass up this amazing opportunity to change your life! With the money you save, put it towards a new car! http://btrack.iwon.com/r.pl?redir=http://money@buynow3sx.com/viewso65/index.asp?RefID=198478 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From bsaml@yahoo.com Sat Aug 2 09:09:52 2003 Received: from [IPv6:3ffe:8260:10f:ffff::2] ([IPv6:3ffe:8260:10f:ffff::2]:212 "EHLO localhost") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Aug 2003 09:09:42 +0200 Received: from 2557.bhz.virtua.com.br ([IPv6:::ffff:200.167.255.7]:21508 "HELO matrix") by imladris.surriel.com with SMTP id S81345AbTHBHJ3 (ORCPT ); Sat, 2 Aug 2003 03:09:29 -0400 From: bsaml@yahoo.com To: linux-crypto-archive@nl.linux.org Subject: check it! Sender: bsaml@yahoo.com Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Date: Sat, 2 Aug 2003 04:02:25 -0300 X-Mailer: Ximian Evolution 1.2.2 (1.2.2-4) Message-Id: Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org whats up. I thought you might be interested in this. Every day thousands of Americans are saving money, don't be one of the few who miss out! you're placed up for auction and financers outbid each other on getting you the best deal on your mortgage! http://btrack.iwon.com/r.pl?redir=http://mortgagewinner@buynow3sx.com/viewso65/index.asp?RefID=198478 From bduke@erols.com Sat Aug 2 09:39:51 2003 Received: from [IPv6:3ffe:8260:10f:ffff::2] ([IPv6:3ffe:8260:10f:ffff::2]:29661 "EHLO localhost") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Aug 2003 09:39:42 +0200 Received: from [IPv6:::ffff:220.74.145.168] ([IPv6:::ffff:220.74.145.168]:61189 "HELO eca39268efc34fa") by imladris.surriel.com with SMTP id S81377AbTHBHja (ORCPT ); Sat, 2 Aug 2003 03:39:30 -0400 From: bduke@erols.com To: linux-crypto-archive@nl.linux.org Subject: check it! Sender: bduke@erols.com Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Date: Sun, 1 Jun 2003 16:43:06 +0900 X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Message-Id: Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org whats up. I thought you might be interested in this. its a godsend, I have saved a fortune With the money you save, put it towards a new car! http://btrack.iwon.com/r.pl?redir=http://mortgagebrokers@buynow3sx.com/viewso65/index.asp?RefID=198478 From linux-crypto-bounce@nl.linux.org Sat Aug 2 09:41:52 2003 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:26061 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Aug 2003 09:41:43 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 02 Aug 2003 09:41:39 +0200 (CEST) Received: from [IPv6:3ffe:8260:10f:ffff::2] ([IPv6:3ffe:8260:10f:ffff::2]:29661 "EHLO localhost") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Aug 2003 09:41:20 +0200 Received: from [IPv6:::ffff:220.74.145.168] ([IPv6:::ffff:220.74.145.168]:62213 "HELO eca39268efc34fa") by imladris.surriel.com with SMTP id S81352AbTHBHjl (ORCPT ); Sat, 2 Aug 2003 03:39:41 -0400 From: bduke@erols.com To: linux-crypto@nl.linux.org Subject: check it! Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Date: Sun, 1 Jun 2003 16:43:01 +0900 X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Message-Id: X-Spam-Status: No, hits=3.4 required=5.0 tests=NO_REAL_NAME,PLING,DATE_IN_FUTURE version=2.20 X-Spam-Level: *** X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: bduke@erols.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org whats up. I thought you might be interested in this. its a godsend, I have saved a fortune With the money you save, put it towards a new car! http://btrack.iwon.com/r.pl?redir=http://mortgagebrokers@buynow3sx.com/viewso65/index.asp?RefID=198478 - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sat Aug 2 18:15:06 2003 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:34472 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Aug 2003 18:14:46 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sat, 02 Aug 2003 18:14:42 +0200 (CEST) Received: from werbeagentur-aufwind.com ([IPv6:::ffff:217.160.128.76]:45485 "EHLO mail.werbeagentur-aufwind.com") by humbolt.nl.linux.org with ESMTP id ; Sat, 2 Aug 2003 18:12:18 +0200 Received: (qmail 30573 invoked by uid 94); 2 Aug 2003 18:12:13 +0200 Received: from christophe@saout.de by websrv by uid 91 with qmail-scanner-1.12 (spamassassin: 2.31. oav. Clear:SA:0(-2.0/7.0):. Processed in 4.544766 secs); 02 Aug 2003 16:12:13 -0000 Received: from p5083bb9b.dip.t-dialin.net (HELO mail.cs.pocnet.net) (smtp@werbeagentur-aufwind.com@80.131.187.155) by werbeagentur-aufwind.com with DES-CBC3-SHA encrypted SMTP; 2 Aug 2003 18:12:08 +0200 Received: (qmail 27748 invoked from network); 2 Aug 2003 18:12:06 +0200 Received: from chtephan.cs.pocnet.net (192.168.80.2) by server.cs.pocnet.net with SMTP; 2 Aug 2003 18:12:06 +0200 Subject: [RFC] device mapper crypt target From: Christophe Saout To: Linux Crypto Mailing List Content-Type: multipart/mixed; boundary="=-orEW0W/61HcGJRUtm3R/" Message-Id: <1059840725.3687.3.camel@chtephan.cs.pocnet.net> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.3 Date: 02 Aug 2003 18:12:05 +0200 X-Spam-Status: No, hits=-0.2 required=5.0 tests=DOMAIN_BODY,UNIFIED_PATCH version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: christophe@saout.de Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --=-orEW0W/61HcGJRUtm3R/ Content-Type: text/plain Content-Transfer-Encoding: 7bit Hi! I've already sent this mail to lkml, but it doesn't seem to get much attention. I'd be happy if it would get at least some feedback. I'm not subscribed to this list, so please cc me or lkml. But I'll look through the archives regulary in case I miss something. The last days I've written a target for the device-mapper in the 2.5 kernel that uses the in-kernel cryptoapi to do transparent encryption on a block device. It works for me and doesn't show any strange corruptions. Joe (the device-mapper guy) also looked over it and made some modifications. The target doesn't have any special user space tool yet, so you have to use the dmsetup tool (in the libdevmapper-1.0 package you'll find on the Sistina ftp server) to set up an encrypted device. It also means that it doesn't store a passhrase encrypted key, you'll have to directly specify the key for the symmetric encryption/decrypt operation. With the dmsetup tool you can create a device like this: dmsetup create The device will be created in /dev/mapper/ and can be removed with "dmsetup remove ". The table file can contain several lines, but if you just want a device that doesn't use several other devices as backend (like LVM can do), specifying only one line is fine. The syntax for the crypt target is: is one of the ciphers in the cryptoapi like aes or des. You can optionally specify the block chaining mode like "aes-cbc" or "aes-ecb" (inspired by cryptoloop, but no copied code). The CBC mode is the default, but it doesn't really do cipher block chaining, it only additonally perturbs the encryption by munging the sector number so that the same sector gets always encrypted differently, like zero-filled ones. is the actual key. It's hex encrypted, two digits per byte. is used with CBC and you can specify a sector offset for the perturbation. For example if you want to map only a part of your encrypted device and start at some offset, you can specify it here, so that you're still able to read your data. is the device path of the device you want to encrypt (can also be a loop device if you want to test things on a file). is the sector offset in the device where you want the mapping to start. So a complete line for the table file might look like: 0 204800 crypt aes 0123456789abcdef0123456789abcdef 0 /dev/hda7 0 (the second parameter is the size of the device you want to create in sectors, this would give a 100 MB device). If something fails look into your log file (and don't forget to remove the device that was created with dmsetup remove ). My tests suggest that it's fairly stable. I've created different filesystems on it (ext2, ext3, reiserfs) and did a lot of copy operations from/to/on it. A lot of small files, large files. Unmounting/remounting, etc... I didn't find any corruptions. It even works when putting swap space on it and it didn't deadlock my machine under extreme memory pressure. I also added a lot of temporary debug statements and poisoning code to make sure that allocations and frees are correctly balanced. The attached patch adds a dm-daemon.c/.h, this is a forward-ported version from 2.4 and the actual dm-crypt.c. It can be compiled in statically or as a module (kernel configuration: Multiple Devices -> Device mapper -> crypt target). The patch should apply cleanly on top of 2.6.0-test2. I've appended it as an attachement because my mailer adds additional newlines. :( -- Christophe Saout Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html --=-orEW0W/61HcGJRUtm3R/ Content-Disposition: attachment; filename=dm-crypt.diff Content-Type: text/x-patch; name=dm-crypt.diff; charset=iso-8859-15 Content-Transfer-Encoding: 7bit diff -Nur linux.orig/drivers/md/dm-crypt.c linux/drivers/md/dm-crypt.c --- linux.orig/drivers/md/dm-crypt.c 1970-01-01 01:00:00.000000000 +0100 +++ linux/drivers/md/dm-crypt.c 2003-08-01 22:23:14.432616688 +0200 @@ -0,0 +1,785 @@ +/* + * Copyright (C) 2003 Christophe Saout + * + * This file is released under the GPL. + */ + +#include "dm.h" +#include "dm-daemon.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * per bio private data + */ +struct crypt_io { + struct dm_target *target; + struct bio *bio; + struct bio *first_clone; + atomic_t pending; + int error; +}; + +/* + * context holding the current state of a multi-part conversion + */ +struct convert_context { + struct bio *bio_in; + struct bio *bio_out; + unsigned int offset_in; + unsigned int offset_out; + int idx_in; + int idx_out; + sector_t sector; + int write; +}; + +/* + * Crypt: maps a linear range of a block device + * and encrypts / decrypts at the same time. + */ +struct crypt_c { + struct dm_dev *dev; + sector_t start; + + /* + * pool for per bio private data and + * for encryption buffer pages + */ + mempool_t *io_pool; + mempool_t *page_pool; + + /* + * crypto related data + */ + struct crypto_tfm *tfm; + sector_t iv_offset; + int iv_size; + int key_size; + u8 key[0]; +}; + +#define MIN_IOS 256 +#define MIN_POOL_PAGES 16 +#define MIN_BIO_PAGES 8 + +static kmem_cache_t *_io_cache; + +/* + * Mempool alloc and free functions for the page and io pool + */ +static void *mempool_alloc_page(int gfp_mask, void *data) +{ + return alloc_page(gfp_mask); +} + +static void mempool_free_page(void *page, void *data) +{ + __free_page(page); +} + +static inline struct page *crypt_alloc_page(struct crypt_c *cc, int gfp_mask) +{ + return mempool_alloc(cc->page_pool, gfp_mask); +} + +static inline void crypt_free_page(struct crypt_c *cc, struct page *page) +{ + mempool_free(page, cc->page_pool); +} + +static inline struct crypt_io *crypt_alloc_io(struct crypt_c *cc) +{ + return mempool_alloc(cc->io_pool, GFP_NOIO); +} + +static inline void crypt_free_io(struct crypt_c *cc, struct crypt_io *io) +{ + return mempool_free(io, cc->io_pool); +} + +/* + * Encrypt / decrypt a single sector, source and destination buffers + * are stored in scatterlists. In CBC mode initialise the "previous + * block" with the sector number (it's not a real chaining because + * it would not allow to seek on the device...) + */ +static inline int +crypt_convert_scatterlist(struct crypt_c *cc, struct scatterlist *out, + struct scatterlist *in, unsigned int length, + int write, sector_t sector) +{ + u8 iv[cc->iv_size]; + int r; + + if (cc->iv_size) { + *(u32 *)iv = cpu_to_le32(sector & 0xffffffff); + if (cc->iv_size > sizeof(u32) / sizeof(u8)) + memset(iv + (sizeof(u32) / sizeof(u8)), 0, + cc->iv_size - (sizeof(u32) / sizeof(u8))); + + if (write) + r = crypto_cipher_encrypt_iv(cc->tfm, out, in, length, iv); + else + r = crypto_cipher_decrypt_iv(cc->tfm, out, in, length, iv); + } else { + if (write) + r = crypto_cipher_encrypt(cc->tfm, out, in, length); + else + r = crypto_cipher_decrypt(cc->tfm, out, in, length); + } + + return r; +} + +static void +crypt_convert_init(struct crypt_c *cc, struct convert_context *ctx, + struct bio *bio_out, struct bio *bio_in, + sector_t sector, int write) +{ + ctx->bio_in = bio_in; + ctx->bio_out = bio_out; + ctx->offset_in = 0; + ctx->offset_out = 0; + ctx->idx_in = bio_in ? bio_in->bi_idx : 0; + ctx->idx_out = bio_out ? bio_out->bi_idx : 0; + ctx->sector = sector + cc->iv_offset; + ctx->write = write; +} + +/* + * Encrypt / decrypt data from one bio to another one (may be the same) + */ +static int crypt_convert(struct crypt_c *cc, + struct convert_context *ctx) +{ + int r = 0; + + while(ctx->idx_in < ctx->bio_in->bi_vcnt && + ctx->idx_out < ctx->bio_out->bi_vcnt) { + struct bio_vec *bv_in = bio_iovec_idx(ctx->bio_in, ctx->idx_in); + struct bio_vec *bv_out = bio_iovec_idx(ctx->bio_out, ctx->idx_out); + struct scatterlist sg_in = { + .page = bv_in->bv_page, + .offset = bv_in->bv_offset + ctx->offset_in, + .length = 1 << SECTOR_SHIFT + }; + struct scatterlist sg_out = { + .page = bv_out->bv_page, + .offset = bv_out->bv_offset + ctx->offset_out, + .length = 1 << SECTOR_SHIFT + }; + + ctx->offset_in += sg_in.length; + if (ctx->offset_in >= bv_in->bv_len) { + ctx->offset_in = 0; + ctx->idx_in++; + } + + ctx->offset_out += sg_out.length; + if (ctx->offset_out >= bv_out->bv_len) { + ctx->offset_out = 0; + ctx->idx_out++; + } + + r = crypt_convert_scatterlist(cc, &sg_out, &sg_in, sg_in.length, + ctx->write, ctx->sector); + if (r < 0) + break; + + ctx->sector++; + } + + return r; +} + +/* + * Generate a new unfragmented bio with the given size + * This should never violate the device limitations + * May return a smaller bio when running out of pages + */ +static struct bio * +crypt_alloc_buffer(struct crypt_c *cc, unsigned int size, + struct bio *base_bio, int *bio_vec_idx) +{ + struct bio *bio; + int nr_iovecs = dm_div_up(size, PAGE_SIZE); + int gfp_mask = GFP_NOIO | __GFP_HIGHMEM; + int i; + + if (base_bio) + bio = bio_clone(base_bio, GFP_NOIO); + else + bio = bio_alloc(GFP_NOIO, nr_iovecs); + if (!bio) + return NULL; + + /* if the last bio was not complete, continue where that one ends */ + bio->bi_idx = *bio_vec_idx; + bio->bi_vcnt = *bio_vec_idx; + bio->bi_size = 0; + + /* bio->bi_idx pages have already been allocated */ + size -= bio->bi_idx * PAGE_SIZE; + + for(i = bio->bi_idx; i < nr_iovecs; i++) { + struct bio_vec *bv = bio_iovec_idx(bio, i); + + bv->bv_page = crypt_alloc_page(cc, gfp_mask); + if (!bv->bv_page) + break; + + /* + * if additional pages cannot be allocated without waiting + * return a partially allocated bio, the caller will then try + * to allocate additional bios while submitting this partial bio + */ + if ((i - bio->bi_idx) == (MIN_BIO_PAGES - 1)) + gfp_mask = (gfp_mask | __GFP_NOWARN) & ~__GFP_WAIT; + + bv->bv_offset = 0; + if (size > PAGE_SIZE) + bv->bv_len = PAGE_SIZE; + else + bv->bv_len = size; + + bio->bi_size += bv->bv_len; + bio->bi_vcnt++; + size -= bv->bv_len; + } + + if (!bio->bi_size) { + bio_put(bio); + return NULL; + } + + /* + * remember the last bio_vec allocated to be able to correctly + * continue after splitting caused by memory pressure + */ + *bio_vec_idx = bio->bi_vcnt; + + return bio; +} + +static void crypt_free_buffer_pages(struct crypt_c *cc, struct bio *bio, + unsigned int bytes) +{ + int i = bio->bi_idx; + + while(bytes) { + struct bio_vec *bv = bio_iovec_idx(bio, i++); + crypt_free_page(cc, bv->bv_page); + bytes -= bv->bv_len; + } +} + +/* + * One of the bios was finished. Check for completion of + * the whole request and correctly cleanup the buffer. + */ +static void dec_pending(struct crypt_io *io, int error) +{ + struct crypt_c *cc = (struct crypt_c*) io->target->private; + + if (!atomic_dec_and_test(&io->pending)) + return; + + if (io->first_clone) + bio_put(io->first_clone); + + if (error < 0) + io->error = error; + + if (io->bio) + bio_endio(io->bio, io->bio->bi_size, io->error); + + crypt_free_io(cc, io); +} + +/* + * kcryptd: + * + * Needed because we can't decrypt when called in an + * interrupt context, so returning bios from read requests get + * queued here. + */ +static spinlock_t _kcryptd_lock = SPIN_LOCK_UNLOCKED; +static struct bio *_bio_head; +static struct bio *_bio_tail; + +static struct dm_daemon _kcryptd; + +/* + * Fetch a list of the complete bios. + */ +static struct bio *kcryptd_get_bios(void) +{ + struct bio *bio; + + spin_lock_irq(&_kcryptd_lock); + bio = _bio_head; + if (bio) + _bio_head = _bio_tail = NULL; + spin_unlock_irq(&_kcryptd_lock); + + return bio; +} + +/* + * Append bio to work queue + */ +static void kcryptd_queue_bio(struct bio *bio) +{ + unsigned long flags; + + spin_lock_irqsave(&_kcryptd_lock, flags); + if (_bio_tail) + _bio_tail->bi_next = bio; + else + _bio_head = bio; + _bio_tail = bio; + spin_unlock_irqrestore(&_kcryptd_lock, flags); +} + +static void kcryptd(void) +{ + int r; + struct bio *bio; + struct bio *next_bio; + struct crypt_io *io; + struct crypt_c *cc; + struct convert_context ctx; + + bio = kcryptd_get_bios(); + + while (bio) { + io = (struct crypt_io *) bio->bi_private; + cc = (struct crypt_c *) io->target->private; + + crypt_convert_init(cc, &ctx, io->bio, io->bio, + io->bio->bi_sector - io->target->begin, 0); + r = crypt_convert(cc, &ctx); + + next_bio = bio->bi_next; + + bio->bi_next = NULL; + bio_put(bio); + dec_pending(io, r); + + bio = next_bio; + } +} + +/* + * Decode key from its hex representation + */ +static int crypt_decode_key(u8 *key, char *hex, int size) +{ + int i; + for(i = 0; i < size; i++) { + int digits; + if (*hex >= 'a' && *hex <= 'f') + digits = *hex - ('a' - 10); + else if (*hex >= 'A' && *hex <= 'F') + digits = *hex - ('A' - 10); + else if (*hex >= '0' && *hex <= '9') + digits = *hex - '0'; + else + return -EINVAL; + + digits <<= 4; + hex++; + + if (*hex >= 'a' && *hex <= 'f') + digits += *hex - ('a' - 10); + else if (*hex >= 'A' && *hex <= 'F') + digits += *hex - ('A' - 10); + else if (*hex >= '0' && *hex <= '9') + digits += *hex - '0'; + else + return -EINVAL; + + hex++; + key[i] = (u8)digits; + } + + if (*hex != '\0') + return -EINVAL; + + return 0; +} + +/* + * Encode key into its hex representation + */ +static void crypt_encode_key(char *hex, u8 *key, int size) +{ + static char hex_digits[] = "0123456789abcdef"; + int i; + + for(i = 0; i < size; i++) { + *hex++ = hex_digits[*key >> 4]; + *hex++ = hex_digits[*key & 0x0f]; + key++; + } + + *hex++ = '\0'; +} + +/* + * Construct an encryption mapping: + * + */ +static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) +{ + struct crypt_c *cc; + struct crypto_tfm *tfm; + char *tmp; + char *cipher; + char *mode; + int crypto_flags; + int iv_size; + int key_size; + + if (argc != 5) { + ti->error = "dm-crypt: Not enough arguments"; + return -EINVAL; + } + + tmp = argv[0]; + cipher = strsep(&tmp, "-"); + mode = strsep(&tmp, "-"); + + if (tmp) + DMWARN("dm-crypt: Unexpected additional cipher options"); + + if (!mode || strcmp(mode, "cbc") == 0) + crypto_flags = CRYPTO_TFM_MODE_CBC; + else if (strcmp(mode, "ecb") == 0) + crypto_flags = CRYPTO_TFM_MODE_ECB; + else { + ti->error = "dm-crypt: Invalid chaining mode"; + return -EINVAL; + } + + tfm = crypto_alloc_tfm(cipher, crypto_flags); + if (!tfm) { + ti->error = "dm-crypt: Error allocating crypto tfm"; + return -EINVAL; + } + + key_size = strlen(argv[1]) >> 1; + if (tfm->crt_u.cipher.cit_decrypt_iv && tfm->crt_u.cipher.cit_encrypt_iv) + iv_size = max(crypto_tfm_alg_ivsize(tfm), sizeof(u32) / sizeof(u8)); + else + iv_size = 0; + + cc = kmalloc(sizeof(*cc) + key_size * sizeof(u8), GFP_KERNEL); + if (cc == NULL) { + ti->error = + "dm-crypt: Cannot allocate transparent encryption context"; + crypto_free_tfm(tfm); + return -ENOMEM; + } + + cc->io_pool = mempool_create(MIN_IOS, mempool_alloc_slab, + mempool_free_slab, _io_cache); + if (!cc->io_pool) { + ti->error = "dm-crypt: Cannot allocate crypt io mempool"; + goto bad1; + } + + cc->page_pool = mempool_create(MIN_POOL_PAGES, mempool_alloc_page, + mempool_free_page, NULL); + if (!cc->page_pool) { + ti->error = "dm-crypt: Cannot allocate page mempool"; + goto bad2; + } + + cc->tfm = tfm; + cc->iv_size = iv_size; + cc->key_size = key_size; + if ((key_size == 0 && strcmp(argv[1], "-") != 0) + || crypt_decode_key(cc->key, argv[1], key_size) < 0) { + ti->error = "dm-crypt: Error decoding key"; + goto bad3; + } + + if (tfm->crt_u.cipher.cit_setkey(tfm, cc->key, key_size) < 0) { + ti->error = "dm-crypt: Error setting key"; + goto bad3; + } + + if (sscanf(argv[2], SECTOR_FORMAT, &cc->iv_offset) != 1) { + ti->error = "dm-crypt: Invalid iv_offset sector"; + goto bad3; + } + + if (sscanf(argv[4], SECTOR_FORMAT, &cc->start) != 1) { + ti->error = "dm-crypt: Invalid device sector"; + goto bad3; + } + + if (dm_get_device(ti, argv[3], cc->start, ti->len, + dm_table_get_mode(ti->table), &cc->dev)) { + ti->error = "dm-crypt: Device lookup failed"; + goto bad3; + } + + ti->private = cc; + return 0; + +bad3: + mempool_destroy(cc->page_pool); +bad2: + mempool_destroy(cc->io_pool); +bad1: + crypto_free_tfm(tfm); + kfree(cc); + return -EINVAL; +} + +static void crypt_dtr(struct dm_target *ti) +{ + struct crypt_c *cc = (struct crypt_c *) ti->private; + + mempool_destroy(cc->page_pool); + mempool_destroy(cc->io_pool); + + crypto_free_tfm(cc->tfm); + dm_put_device(ti, cc->dev); + kfree(cc); +} + +static int crypt_endio(struct bio *bio, unsigned int done, int error) +{ + struct crypt_io *io = (struct crypt_io*) bio->bi_private; + struct crypt_c *cc = (struct crypt_c*) io->target->private; + + if (bio_rw(bio) == WRITE) { + /* + * free the processed pages, even if + * it's only a partially completed write + */ + crypt_free_buffer_pages(cc, bio, done); + } + + if (bio->bi_size) + return 1; + + /* + * successful reads get decrypted by the worker thread + * because we never want to decrypt in an irq context + */ + if ((bio_rw(bio) == READ || bio_rw(bio) == READA) + && bio_flagged(bio, BIO_UPTODATE)) { + kcryptd_queue_bio(bio); + dm_daemon_wake(&_kcryptd); + return 0; + } + + bio_put(bio); + dec_pending(io, error); + + return error; +} + +static int crypt_map(struct dm_target *ti, struct bio *bio) +{ + struct crypt_c *cc = (struct crypt_c*) ti->private; + struct crypt_io *io = crypt_alloc_io(cc); + struct bio *clone = NULL; + struct convert_context ctx; + unsigned int remaining = bio->bi_size; + sector_t sector = bio->bi_sector - ti->begin; + int bio_vec_idx = 0; + int r = 0; + + io->target = ti; + io->bio = bio; + io->first_clone = NULL; + io->error = 0; + atomic_set(&io->pending, 1); /* hold a reference */ + + if (bio_rw(bio) == WRITE) + crypt_convert_init(cc, &ctx, NULL, bio, sector, 1); + + /* + * The allocated buffers can be smaller then the whole bio, + * so repeat the whole process until all the data can be handled. + */ + while (remaining) { + if (bio_rw(bio) == WRITE) { + clone = crypt_alloc_buffer(cc, bio->bi_size, + io->first_clone, + &bio_vec_idx); + if (clone) { + ctx.bio_out = clone; + r = crypt_convert(cc, &ctx); + if (r < 0) { + crypt_free_buffer_pages(cc, clone, + clone->bi_size); + bio_put(clone); + goto cleanup; + } + } + } else + clone = bio_clone(bio, GFP_NOIO); + + if (!clone) { + r = -ENOMEM; + goto cleanup; + } + + if (!io->first_clone) { + /* + * hold a reference to the first clone, because it holds + * the bio_vec array and that needs to be released only + * after all other clones are released + */ + bio_get(clone); + io->first_clone = clone; + } + atomic_inc(&io->pending); + + clone->bi_private = io; + clone->bi_end_io = crypt_endio; + clone->bi_bdev = cc->dev->bdev; + clone->bi_sector = cc->start + sector; + clone->bi_rw = bio->bi_rw; + + remaining -= clone->bi_size; + sector += bio_sectors(clone); + + generic_make_request(clone); + } + + /* drop reference, clones could have returned before we reach this */ + dec_pending(io, 0); + return 0; + +cleanup: + if (io->first_clone) { + dec_pending(io, r); + return 0; + } + + /* if no bio has been dispatched yet, we can directly return the error */ + crypt_free_io(cc, io); + return r; +} + +static int crypt_status(struct dm_target *ti, status_type_t type, + char *result, unsigned int maxlen) +{ + struct crypt_c *cc = (struct crypt_c *) ti->private; + char b[BDEVNAME_SIZE]; + const char *cipher; + const char *mode = NULL; + int offset; + + switch (type) { + case STATUSTYPE_INFO: + result[0] = '\0'; + break; + + case STATUSTYPE_TABLE: + cipher = crypto_tfm_alg_name(cc->tfm); + + switch(cc->tfm->crt_u.cipher.cit_mode) { + case CRYPTO_TFM_MODE_CBC: + mode = "cbc"; + break; + case CRYPTO_TFM_MODE_ECB: + mode = "ecb"; + break; + default: + BUG(); + } + + snprintf(result, maxlen, "%s-%s ", cipher, mode); + offset = strlen(result); + + if (cc->key_size > 0) { + if ((maxlen - offset) < ((cc->key_size << 1) + 1)) + return -ENOMEM; + + crypt_encode_key(result + offset, cc->key, cc->key_size); + offset += cc->key_size << 1; + } else { + if (offset >= maxlen) + return -ENOMEM; + result[offset++] = '-'; + } + + snprintf(result + offset, maxlen - offset, " " SECTOR_FORMAT + " %s " SECTOR_FORMAT, cc->iv_offset, + bdevname(cc->dev->bdev, b), cc->start); + break; + } + return 0; +} + +static struct target_type crypt_target = { + .name = "crypt", + .module = THIS_MODULE, + .ctr = crypt_ctr, + .dtr = crypt_dtr, + .map = crypt_map, + .status = crypt_status, +}; + +int __init dm_crypt_init(void) +{ + int r; + + _io_cache = kmem_cache_create("dm-crypt io", sizeof(struct crypt_io), + 0, 0, NULL, NULL); + if (!_io_cache) + return -ENOMEM; + + r = dm_daemon_start(&_kcryptd, "kcryptd", kcryptd); + if (r) { + DMERR("couldn't create kcryptd: %d", r); + kmem_cache_destroy(_io_cache); + return r; + } + + r = dm_register_target(&crypt_target); + if (r < 0) { + DMERR("crypt: register failed %d", r); + dm_daemon_stop(&_kcryptd); + kmem_cache_destroy(_io_cache); + } + + return r; +} + +void dm_crypt_exit(void) +{ + int r = dm_unregister_target(&crypt_target); + + if (r < 0) + DMERR("crypt: unregister failed %d", r); + + dm_daemon_stop(&_kcryptd); + kmem_cache_destroy(_io_cache); +} + +/* + * module hooks + */ +module_init(dm_crypt_init) +module_exit(dm_crypt_exit) + +MODULE_AUTHOR("Christophe Saout "); +MODULE_DESCRIPTION(DM_NAME " target for transparent encryption / decryption"); +MODULE_LICENSE("GPL"); diff -Nur linux.orig/drivers/md/dm-daemon.c linux/drivers/md/dm-daemon.c --- linux.orig/drivers/md/dm-daemon.c 1970-01-01 01:00:00.000000000 +0100 +++ linux/drivers/md/dm-daemon.c 2003-08-01 22:22:40.020848072 +0200 @@ -0,0 +1,107 @@ +/* + * Copyright (C) 2003 Sistina Software + * + * This file is released under the LGPL. + */ + +#include "dm.h" +#include "dm-daemon.h" + +#include +#include + +static int daemon(void *arg) +{ + struct dm_daemon *dd = (struct dm_daemon *) arg; + DECLARE_WAITQUEUE(wq, current); + + daemonize("%s", dd->name); + + atomic_set(&dd->please_die, 0); + + add_wait_queue(&dd->job_queue, &wq); + + down(&dd->run_lock); + up(&dd->start_lock); + + /* + * dd->fn() could do anything, very likely it will + * suspend. So we can't set the state to + * TASK_INTERRUPTIBLE before calling it. In order to + * prevent a race with a waking thread we do this little + * dance with the dd->woken variable. + */ + while (1) { + if (atomic_read(&dd->please_die)) + goto out; + + if (current->flags & PF_FREEZE) + refrigerator(PF_IOTHREAD); + + do { + set_current_state(TASK_RUNNING); + + atomic_set(&dd->woken, 0); + dd->fn(); + + set_current_state(TASK_INTERRUPTIBLE); + } while (atomic_read(&dd->woken)); + + schedule(); + } + + out: + remove_wait_queue(&dd->job_queue, &wq); + up(&dd->run_lock); + return 0; +} + +int dm_daemon_start(struct dm_daemon *dd, const char *name, void (*fn)(void)) +{ + pid_t pid = 0; + + /* + * Initialise the dm_daemon. + */ + dd->fn = fn; + strncpy(dd->name, name, sizeof(dd->name) - 1); + sema_init(&dd->start_lock, 1); + sema_init(&dd->run_lock, 1); + init_waitqueue_head(&dd->job_queue); + + /* + * Start the new thread. + */ + down(&dd->start_lock); + pid = kernel_thread(daemon, dd, CLONE_KERNEL); + if (pid <= 0) { + DMERR("Failed to start %s thread", name); + return -EAGAIN; + } + + /* + * wait for the daemon to up this mutex. + */ + down(&dd->start_lock); + up(&dd->start_lock); + + return 0; +} + +void dm_daemon_stop(struct dm_daemon *dd) +{ + atomic_set(&dd->please_die, 1); + dm_daemon_wake(dd); + down(&dd->run_lock); + up(&dd->run_lock); +} + +void dm_daemon_wake(struct dm_daemon *dd) +{ + atomic_set(&dd->woken, 1); + wake_up_interruptible(&dd->job_queue); +} + +EXPORT_SYMBOL(dm_daemon_start); +EXPORT_SYMBOL(dm_daemon_stop); +EXPORT_SYMBOL(dm_daemon_wake); diff -Nur linux.orig/drivers/md/dm-daemon.h linux/drivers/md/dm-daemon.h --- linux.orig/drivers/md/dm-daemon.h 1970-01-01 01:00:00.000000000 +0100 +++ linux/drivers/md/dm-daemon.h 2003-08-01 22:20:52.378212240 +0200 @@ -0,0 +1,29 @@ +/* + * Copyright (C) 2003 Sistina Software + * + * This file is released under the LGPL. + */ + +#ifndef DM_DAEMON_H +#define DM_DAEMON_H + +#include +#include + +struct dm_daemon { + void (*fn)(void); + char name[16]; + atomic_t please_die; + struct semaphore start_lock; + struct semaphore run_lock; + + atomic_t woken; + wait_queue_head_t job_queue; +}; + +int dm_daemon_start(struct dm_daemon *dd, const char *name, void (*fn)(void)); +void dm_daemon_stop(struct dm_daemon *dd); +void dm_daemon_wake(struct dm_daemon *dd); +int dm_daemon_running(struct dm_daemon *dd); + +#endif diff -Nur linux.orig/drivers/md/Kconfig linux/drivers/md/Kconfig --- linux.orig/drivers/md/Kconfig 2003-08-01 22:18:50.202785728 +0200 +++ linux/drivers/md/Kconfig 2003-08-01 22:20:52.379212088 +0200 @@ -152,5 +152,15 @@ Recent tools use a new version of the ioctl interface, only select this option if you intend using such tools. +config BLK_DM_CRYPT + tristate "dm-crypt target (EXPERIMENTAL)" + depends on BLK_DEV_DM && EXPERIMENTAL + select CRYPTO + ---help--- + This device-mapper target allows you to create a device that + transparently encrypts the data on it. You'll need to activate + the required ciphers in the cryptoapi configuration in order to + be able to use it. + endmenu diff -Nur linux.orig/drivers/md/Makefile linux/drivers/md/Makefile --- linux.orig/drivers/md/Makefile 2003-08-01 22:18:54.147186088 +0200 +++ linux/drivers/md/Makefile 2003-08-01 22:20:52.379212088 +0200 @@ -3,7 +3,7 @@ # dm-mod-objs := dm.o dm-table.o dm-target.o dm-linear.o dm-stripe.o \ - dm-ioctl.o + dm-ioctl.o dm-daemon.o # Note: link order is important. All raid personalities # and xor.o must come before md.o, as they each initialise @@ -17,3 +17,4 @@ obj-$(CONFIG_MD_MULTIPATH) += multipath.o obj-$(CONFIG_BLK_DEV_MD) += md.o obj-$(CONFIG_BLK_DEV_DM) += dm-mod.o +obj-$(CONFIG_BLK_DM_CRYPT) += dm-crypt.o --=-orEW0W/61HcGJRUtm3R/-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Sun Aug 3 00:23:56 2003 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:39916 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Sun, 3 Aug 2003 00:23:47 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Sun, 03 Aug 2003 00:23:42 +0200 (CEST) Received: from relay3.softcomca.com ([IPv6:::ffff:168.144.1.70]:44550 "EHLO relay3.softcomca.com") by humbolt.nl.linux.org with ESMTP id convert rfc822-to-8bit; Sun, 3 Aug 2003 00:23:14 +0200 Received: from M2W077.mail2web.com ([168.144.251.187]) by relay3.softcomca.com with Microsoft SMTPSVC(5.0.2195.6713); Sat, 2 Aug 2003 18:23:05 -0400 Message-ID: <114780-2200386222235363@M2W077.mail2web.com> X-Priority: 3 Reply-To: schander@mindspring.com X-Originating-IP: 219.65.96.75 X-URL: http://mail2web.com/ From: "schander@mindspring.com" To: linux-crypto@nl.linux.org Cc: sluskyb@paranoiacs.org, Andries.Brouwer@cwi.nl Subject: Re: 2.6.0-test2+Util-linux/cryptoapi Date: Sat, 2 Aug 2003 18:23:05 -0400 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT X-OriginalArrivalTime: 02 Aug 2003 22:23:05.0326 (UTC) FILETIME=[A4C0E8E0:01C35944] X-Spam-Status: No, hits=2.4 required=5.0 tests=FROM_NAME_EQ_FROM_ADDR version=2.20 X-Spam-Level: ** X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: schander@mindspring.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org > Secondly, there's the issue of passphrase hashing. I agree with the > decision to cut it out of losetup, but where do we put it now? Andries > has suggested an external program, but this isn't as simple as it sounds. > To get this working would require a new way of reading the passphrase, > since the hashed passphrase might contain a newline, or a null. Maybe > change the semantics of the -p option, so that: > > losetup -e aes /dev/loop/10 /home/sluskyb/testloop > > will work when I give it the passphrase "foobar", but also > > pwhash -h sha1 |losetup -e aes -k 128 -p 0 /dev/loop/0 \ > /dev/discs/disc0/part3 > > will read exactly 16 bytes of (probably) non-printable chars and use > that as the key. I've implemented an external PAM module (pam_losetup) that hashes a passphrase (obtained from PAM) along with a stored salt value, and then uses it to decrypt a stored filesystem key (both the key and the salt are stored in a system keyfile, by default /etc/qpasswd). This is then piped to losetup (the format of the piped key probably needs to change). Try out qryptix-0.1 (on sourceforge, probably mirrored elsewhere) for this and some additional utilities to generate and manage the encrypted keys. There is some minimal documentation on getting it going, but no man pages yet. I'm using it on a number of machines (mostly laptops) to secure my home directory. Comments, suggestions, patches would be welcome. (Not sure if this will make it past the spam filter at linux-crypto, so I'm cc'ing it). -Siva schander@mindspring.com Qryptix Data Security, Chennai, India. -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ . - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From bhemiflatbottom@email.com Sun Aug 3 11:47:28 2003 Received: from [IPv6:3ffe:8260:10f:ffff::2] ([IPv6:3ffe:8260:10f:ffff::2]:13773 "EHLO localhost") by humbolt.nl.linux.org with ESMTP id ; Sun, 3 Aug 2003 11:47:08 +0200 Received: from 218-164-85-219.HINET-IP.hinet.net ([IPv6:::ffff:218.164.85.219]:41229 "HELO m3w4e8") by imladris.surriel.com with SMTP id S82326AbTHCJpa (ORCPT ); Sun, 3 Aug 2003 05:45:30 -0400 From: bhemiflatbottom@email.com To: linux-crypto-archive@nl.linux.org Subject: Re: Hey man Sender: bhemiflatbottom@email.com Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Sun, 3 Aug 2003 17:39:53 +0800 X-Mailer: AOL 7.0 for Windows US sub 118 Message-Id: Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org

DON'T LOSE ANY MORE MONEY ON YOUR EXISTING HOME LOAN!

whats up. I thought you might be interested in this.

its a godsend, I have saved a fortune

I personally couldnt have got out of the mess I was in without this site

From bpat_77@erols.com Sun Aug 3 12:41:12 2003 Received: from [IPv6:3ffe:8260:10f:ffff::2] ([IPv6:3ffe:8260:10f:ffff::2]:47320 "EHLO localhost") by humbolt.nl.linux.org with ESMTP id ; Sun, 3 Aug 2003 12:41:04 +0200 Received: from [IPv6:::ffff:61.104.184.130] ([IPv6:::ffff:61.104.184.130]:24326 "HELO fireblade") by imladris.surriel.com with SMTP id S82267AbTHCKjP (ORCPT ); Sun, 3 Aug 2003 06:39:15 -0400 From: bpat_77@erols.com To: linux-crypto-archive@nl.linux.org Subject: heh Sender: bpat_77@erols.com Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Sun, 3 Aug 2003 19:37:53 +0900 X-Mailer: Microsoft Outlook Express 5.00.2919.6900 DM Message-Id: Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org

DON'T LOSE ANY MORE MONEY ON YOUR EXISTING HOME LOAN!

hey there, i thought you'd like to check this out

its a godsend, I have saved a fortune

I hope your ready for lower mortgage repayments!

From bricardo@yahoo.com Sun Aug 3 13:34:34 2003 Received: from [IPv6:::ffff:211.245.19.214] ([IPv6:::ffff:211.245.19.214]:12549 "HELO naeil050") by humbolt.nl.linux.org with SMTP id ; Sun, 3 Aug 2003 13:34:23 +0200 From: bricardo@yahoo.com To: linux-crypto-archive@nl.linux.org Subject: man Sender: bricardo@yahoo.com Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Sun, 3 Aug 2003 20:34:15 +0900 X-Mailer: Microsoft Outlook Express 6.00.2800.1106 Message-Id: <20030803113428Z20294-26060+14993@humbolt.nl.linux.org> Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org

DON'T LOSE ANY MORE MONEY ON YOUR EXISTING HOME LOAN!

hi please check out the following site

Only the banks know about this great offer, now you can too!

are you prepared for lower mortgage repayments?

From bcraigdavis@yahoo.com Mon Aug 4 03:51:56 2003 Received: from 52.c218-184-96.ethome.net.tw ([IPv6:::ffff:218.184.96.52]:47885 "HELO rita-6f763a1939") by humbolt.nl.linux.org with SMTP id ; Mon, 4 Aug 2003 03:51:39 +0200 From: bcraigdavis@yahoo.com To: linux-crypto-archive@nl.linux.org Subject: hey its me Sender: bcraigdavis@yahoo.com Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Mon, 4 Aug 2003 09:50:09 +0800 X-Mailer: Microsoft Outlook, Build 10.0.2627 Message-Id: <20030804015147Z19820-26060+15247@humbolt.nl.linux.org> Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org

DON'T LOSE ANY MORE MONEY ON YOUR EXISTING HOME LOAN!

whats up dude, you should see this! i saved a bomb..

Only the banks know about this great offer, now you can too!

With the money you save, put it towards a new car!

From linux-crypto-bounce@nl.linux.org Mon Aug 4 06:08:31 2003 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:22426 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 4 Aug 2003 06:08:25 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 04 Aug 2003 06:08:20 +0200 (CEST) Received: from relay1.softcomca.com ([IPv6:::ffff:168.144.1.67]:20485 "EHLO relay1.softcomca.com") by humbolt.nl.linux.org with ESMTP id convert rfc822-to-8bit; Mon, 4 Aug 2003 06:07:45 +0200 Received: from M2W091.mail2web.com ([168.144.251.203]) by relay1.softcomca.com with Microsoft SMTPSVC(5.0.2195.6713); Mon, 4 Aug 2003 00:07:44 -0400 Message-ID: <269620-22003814474475@M2W091.mail2web.com> X-Priority: 3 Reply-To: schander@mindspring.com X-Originating-IP: 219.65.96.189 X-URL: http://mail2web.com/ From: "schander@mindspring.com" To: mike@flyn.org Cc: linux-crypto@nl.linux.org Subject: Re: 2.6.0-test2+Util-linux/cryptoapi Date: Mon, 4 Aug 2003 00:07:44 -0400 MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT X-OriginalArrivalTime: 04 Aug 2003 04:07:44.0039 (UTC) FILETIME=[F4A3DB70:01C35A3D] X-Spam-Status: No, hits=2.4 required=5.0 tests=FROM_NAME_EQ_FROM_ADDR version=2.20 X-Spam-Level: ** X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: schander@mindspring.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org mike@flyn.org wrote: >Have you seen pam_mount? It is available at http://www.flyn.org and one of its >specialties is mounting encrypted home directories. Yes, I've seen pam_mount; although it's not a strict superset of the capabilities of pam_losetup, it has significantly more functionality. My aim with pam_losetup was to keep it very minimalist, and focus on retrieving keys, hashing and setting up encrypted loops. > In fact, if you can find an >August issue of the Linux Journal, you will find an article on this very subject >(though it addresses Linux 2.4's cryptoloop). Actually, pam_losetup also addresses 2.4's cryptoloop, but the changes to accomodate 2.6 should be minimal (a few /dev path names and perhaps changes in losetup invocation). Sorry for not making this clear. > Pam_mount also allows one to change their system password without changing their >encrypted filesystem's key (which can easily be truly random/maximum entropy >because the user does not need to remember it). Exactly the same idea in pam_losetup; I derive the filesystem key from /dev/random before encrypting it. I also added a salt to the passphrase hash to foil dictionary attacks on the passphrase. I'm currently using md5crypt to derive 128 bits for the internal des_ede operation to encrypt/ decrypt the filesystem key (it's probably sufficient to use DES, since the entropy of the unencrypted filesystem key is maximal). The main pros of pam_losetup are: 1) The addition of the system keyfile, /etc/qpasswd greatly reduces the clutter/overload in /etc/fstab. The options field was getting cluttered with all the 'cipher=' and 'keybits=' stuff, which is all now relocated to /etc/ qpasswd. The format of an entry in /etc/qpasswd is simple and minimal: :::::: Both the salt and key are base64 encoded, so it's possible to keep the line below 80 chars (I like my text files to fit without line-wrap :-). I've included a simple library to manipulate keyfiles, with the routines fgetqpent(), getqpent(), setqpent(), endqpent() & putqpent(). The semantics are similar if not identical to the passwd file handling routines in glibc - fgetpwent(), ... . 2) Focus on key management: all the user (filesystem) keys are kept together, so interesting things can be done with them (key backup, escrow, etc.). Also, the keyfile can be kept on removable media, for more security. 3) mount has a much simpler task - it can look at a more classical, uncluttered, /etc/fstab, which will have simple entry linking the loop device and the home directory (or any other directory, for that matter). 4) It's still possible to use pam_mount in the PAM stack following pam_losetup, for example: ... auth required /lib/security/pam_losetup.so ... session required /lib/security/pam_losetup.so ... auth required /lib/secuirty/pam_mount.so ... session required /lib/security/pam_mount.so ... ... For certain applications (like login), pam_losetup plus a redirection login script in a dummy home directory, seems to be sufficient. Cons: 1) Nested encrypted loops, possible with pam_mount, are not possible with pam_losetup, although multiple encrypted loops, with directory nesting, are still possible (it's not possible to keep the container file within another encrypted filesystem, which is not that much of a downside). Possible future directions include a merge of the codebases of pam_losetup and pam_mount, though it seems not to be necessary in the light of 4) above. I'm pretty pleased with my introduction of the concept of keyfiles, so I'd like to keep that in pam_losetup. I think a simple pam_losetup, which handles keys and loop setup, and a simple pam_mount, which handles mounts only, might be a good general direction to head. Comments, suggestions, etc. welcome. -Siva schander@mindspring.com Qryptix Data Security, Chennai, India. -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ . - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Aug 4 06:58:10 2003 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:48032 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 4 Aug 2003 06:57:52 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 04 Aug 2003 06:57:48 +0200 (CEST) Received: from adsl-216-158-28-251.cust.oldcity.dca.net ([IPv6:::ffff:216.158.28.251]:41856 "EHLO fukurou.paranoiacs.org") by humbolt.nl.linux.org with ESMTP id ; Mon, 4 Aug 2003 06:57:12 +0200 Received: from fukurou.paranoiacs.org (eddie@localhost [127.0.0.1]) by fukurou.paranoiacs.org (8.12.9/8.12.9) with ESMTP id h744v7AG028884; Mon, 4 Aug 2003 00:57:08 -0400 Received: (from sluskyb@localhost) by fukurou.paranoiacs.org (8.12.9/8.12.9/Submit) id h744v6td028883; Mon, 4 Aug 2003 00:57:06 -0400 Date: Mon, 4 Aug 2003 00:57:06 -0400 From: Ben Slusky To: Andries.Brouwer@cwi.nl Cc: linux-crypto@nl.linux.org Subject: PATCH 1/2: variable key length for losetup Message-ID: <20030804045704.GA2136@fukurou.paranoiacs.org> Mail-Followup-To: Andries.Brouwer@cwi.nl, linux-crypto@nl.linux.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="7AUc2qLy4jB3hD7Z" Content-Disposition: inline User-Agent: Mutt/1.4i X-Spam-Status: No, hits=-5.0 required=5.0 tests=UNIFIED_PATCH version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: sluskyb@paranoiacs.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org --7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline This patch allows losetup and mount to do cryptoloop encryption with keys of size other than 256 bits. For example, to use 128-bit AES-CBC encryption, the syntax is: losetup -e aes-cbc-128 /dev/loop/10 /home/sluskyb/testloop or mount -o loop,encryption=aes-cbc-128 /home/sluskyb/testloop /mnt/testloop I figured that since we're now requiring the user to add the -cbc (or -ctr etc.), -128 would fit in. This is implemented using POSIX regular expressions. I'm not particularly proud of that, but I think if we want to specify key size within the existing encryption= option then that's the best way to go. QCF? -- Ben Slusky | You must be smarter than sluskyb@paranoiacs.org | <= this stick to ride the sluskyb@stwing.org | internet. PGP keyID ADA44B3B --7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="losetup-variable-key-size.patch" --- lomount.c-fixed-key-size 2003-07-16 19:56:53.000000000 -0400 +++ lomount.c 2003-08-02 19:25:01.000000000 -0400 @@ -24,12 +24,15 @@ #include #include #include +#include #include #include +#include #include #include #include #include +#include #include "loop.h" #include "lomount.h" @@ -249,8 +252,10 @@ set_loop(const char *device, const char *file, int offset, const char *encryption, int pfd, int *loopro) { struct loop_info64 loopinfo64; - int fd, ffd, mode; - char *pass; + int fd, ffd, mode, keysize = 0, rerror; + char *pass, *encryption_buf, rerror_buf[LINE_MAX+1]; + regex_t keysize_re; + regmatch_t keysize_rm; mode = (*loopro ? O_RDONLY : O_RDWR); if ((ffd = open(file, mode)) < 0) { @@ -276,8 +281,38 @@ loopinfo64.lo_encrypt_type = atoi(encryption); } else { loopinfo64.lo_encrypt_type = LO_CRYPT_CRYPTOAPI; + + if((encryption_buf = strdup(encryption)) == NULL) { + perror("strdup"); + fprintf(stderr, + _("Couldn't allocate memory, exiting.\n")); + exit(1); + } + + if ((rerror = regcomp(&keysize_re, + "-[[:digit:]]+$", + REG_EXTENDED)) != 0) { + fprintf(stderr, _("regcomp: ")); + regerror(rerror, &keysize_re, rerror_buf, + LINE_MAX); + fprintf(stderr, "%s\n", rerror_buf); + } else { + if (regexec(&keysize_re, encryption_buf, + 1, &keysize_rm, 0) == 0) { + keysize = atoi(encryption_buf + + keysize_rm.rm_so + 1); + /* convert #bits to #bytes */ + keysize /= 8; + /* cut the keysize out now */ + encryption_buf[keysize_rm.rm_so] = '\0'; + } + + regfree(&keysize_re); + } + snprintf(loopinfo64.lo_crypt_name, LO_NAME_SIZE, - "%s", encryption); + "%s", encryption_buf); + free(encryption_buf); } } @@ -307,9 +342,14 @@ strlen(loopinfo64.lo_encrypt_key); break; default: + if (keysize == 0) { + fprintf(stderr, _("You must specify a key size (in bits) for use with CryptoAPI encryption.\n")); + return -1; + } + /* FIXME we should be checking keysize against the min/max in /proc/crypto */ pass = xgetpass(pfd, _("Password: ")); xstrncpy(loopinfo64.lo_encrypt_key, pass, LO_KEY_SIZE); - loopinfo64.lo_encrypt_key_size = LO_KEY_SIZE; + loopinfo64.lo_encrypt_key_size = keysize; } if (ioctl(fd, LOOP_SET_FD, ffd) < 0) { --7AUc2qLy4jB3hD7Z-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From linux-crypto-bounce@nl.linux.org Mon Aug 4 08:02:20 2003 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:6568 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 4 Aug 2003 08:02:13 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 04 Aug 2003 08:02:09 +0200 (CEST) Received: from adsl-216-158-28-251.cust.oldcity.dca.net ([IPv6:::ffff:216.158.28.251]:50048 "EHLO fukurou.paranoiacs.org") by humbolt.nl.linux.org with ESMTP id ; Mon, 4 Aug 2003 08:01:54 +0200 Received: from fukurou.paranoiacs.org (eddie@localhost [127.0.0.1]) by fukurou.paranoiacs.org (8.12.9/8.12.9) with ESMTP id h7461pAG032601; Mon, 4 Aug 2003 02:01:51 -0400 Received: (from sluskyb@localhost) by fukurou.paranoiacs.org (8.12.9/8.12.9/Submit) id h7461pv0032600; Mon, 4 Aug 2003 02:01:51 -0400 Date: Mon, 4 Aug 2003 02:01:50 -0400 From: Ben Slusky To: Andries.Brouwer@cwi.nl Cc: linux-crypto@nl.linux.org Subject: Re: PATCH 2/2: external hashing program use in losetup Message-ID: <20030804060148.GC2136@fukurou.paranoiacs.org> Mail-Followup-To: Andries.Brouwer@cwi.nl, linux-crypto@nl.linux.org References: <20030804050818.GB2136@fukurou.paranoiacs.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030804050818.GB2136@fukurou.paranoiacs.org> User-Agent: Mutt/1.4i X-Spam-Status: No, hits=-4.4 required=5.0 tests=IN_REP_TO version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: sluskyb@paranoiacs.org Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Oops, the patch can't handle nulls or newlines or other weird stuff in the hashed passphrase. To be fixed later. -- Ben Slusky | "Dance like it hurts, love sluskyb@paranoiacs.org | like you need money, work sluskyb@stwing.org | when people are watching." PGP keyID ADA44B3B | -Dogbert - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From katrina@ecstaseayachtcharter.com Mon Aug 4 09:11:56 2003 Received: from adsl-63-202-111-97.dsl.lsan03.pacbell.net ([IPv6:::ffff:63.202.111.97]:22532 "EHLO laptop") by humbolt.nl.linux.org with ESMTP id ; Mon, 4 Aug 2003 09:11:42 +0200 To: linux-crypto-archive@nl.linux.org From: "Katrina" Subject: Take a Fantasy Cruise with Me! Date: Mon, 04 Aug 2003 00:11:53 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20030804071150Z19729-11083+259@humbolt.nl.linux.org> Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi again, it's me Katrina from Ecstasea Yacht Charter. Just wanted to say thanks for pre-registering with us and we wanted to let you know that we are now up and running! I can't wait to see you on deck with me and my girlfriends! In case you don't remember how to reach me, you can go to the website below to make discreet reservations... We'll have a great time! xoxo- Katrina http://EcstaseaYachtCharter.com From linux-crypto-bounce@nl.linux.org Mon Aug 4 09:12:27 2003 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:15281 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 4 Aug 2003 09:12:16 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 04 Aug 2003 09:12:11 +0200 (CEST) Received: from adsl-63-202-111-97.dsl.lsan03.pacbell.net ([IPv6:::ffff:63.202.111.97]:20740 "EHLO laptop") by humbolt.nl.linux.org with ESMTP id ; Mon, 4 Aug 2003 09:11:44 +0200 To: linux-crypto@nl.linux.org From: "Katrina" Subject: Take a Fantasy Cruise with Me! Date: Mon, 04 Aug 2003 00:11:46 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20030804071150Z19730-15587+3567@humbolt.nl.linux.org> X-Spam-Status: No, hits=0.5 required=5.0 tests=PLING version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: katrina@ecstaseayachtcharter.com Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi again, it's me Katrina from Ecstasea Yacht Charter. Just wanted to say thanks for pre-registering with us and we wanted to let you know that we are now up and running! I can't wait to see you on deck with me and my girlfriends! In case you don't remember how to reach me, you can go to the website below to make discreet reservations... We'll have a great time! xoxo- Katrina http://EcstaseaYachtCharter.com - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From bpresto@erols.com Mon Aug 4 11:03:00 2003 Received: from [IPv6:::ffff:61.75.109.95] ([IPv6:::ffff:61.75.109.95]:48650 "HELO gw975u6a5hu1hpx") by humbolt.nl.linux.org with SMTP id ; Mon, 4 Aug 2003 11:02:45 +0200 From: bpresto@erols.com To: linux-crypto-archive@nl.linux.org Subject: Re: what up Sender: bpresto@erols.com Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Mon, 4 Aug 2003 18:02:42 +0900 X-Mailer: Internet Mail Service (5.5.2650.21) Message-Id: <20030804090255Z19943-6193+3107@humbolt.nl.linux.org> Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org

DON'T LOSE ANY MORE MONEY ON YOUR EXISTING HOME LOAN!

I saw you online and thought you might like to take a look at this

Every day thousands of Americans are saving money, don't be one of the few who miss out!

you're placed up for auction and financers outbid each other on getting you the best deal on your mortgage!

From braven@email.com Mon Aug 4 12:19:27 2003 Received: from [IPv6:::ffff:61.83.156.157] ([IPv6:::ffff:61.83.156.157]:40196 "HELO pc6") by humbolt.nl.linux.org with SMTP id ; Mon, 4 Aug 2003 12:19:25 +0200 From: braven@email.com To: linux-crypto-archive@nl.linux.org Subject: heya Sender: braven@email.com Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Mon, 4 Aug 2003 19:18:38 +0900 X-Mailer: Microsoft Outlook Express 6.00.2800.1106 Message-Id: <20030804101926Z19963-11083+322@humbolt.nl.linux.org> Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org

DON'T LOSE ANY MORE MONEY ON YOUR EXISTING HOME LOAN!

we could all use some extra money at the end of the week!

Every day thousands of Americans are saving money, don't be one of the few who miss out!

I hope your ready for lower mortgage repayments!

From linux-crypto-bounce@nl.linux.org Mon Aug 4 12:49:20 2003 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:37072 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Mon, 4 Aug 2003 12:49:02 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Mon, 04 Aug 2003 12:48:57 +0200 (CEST) Received: from [IPv6:3ffe:8260:10f:ffff::2] ([IPv6:3ffe:8260:10f:ffff::2]:903 "EHLO localhost") by humbolt.nl.linux.org with ESMTP id ; Mon, 4 Aug 2003 12:48:32 +0200 Received: from [IPv6:::ffff:62.166.232.230] ([IPv6:::ffff:62.166.232.230]:2279 "HELO netscape396.com") by imladris.surriel.com with SMTP id S83320AbTHDKsa (ORCPT ); Mon, 4 Aug 2003 06:48:30 -0400 From: TRAVIS NKALA To: linux-crypto@nl.linux.org Reply-To: travisnkala@netscape.net Subject: INVESTMENT PROPOSAL Date: Mon, 04 Aug 2003 12:47:27 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="e993524f-8f44-492e-9097-de011dd45197" Message-Id: X-Spam-Status: No, hits=1.0 required=5.0 tests=DEAR_SOMEBODY,SUPERLONG_LINE,SUBJ_ALL_CAPS version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: travisnkala@netscape.net Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org This is a multi-part message in MIME format --e993524f-8f44-492e-9097-de011dd45197 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Dear Sir, Difficulties encountered in efforts to establish a business abroad = necessitate this search for someone to assist me in securing and investing = the sum of USD21,000.000 (twenty one million dollars)inherited from my = father's business reserve. I am the heir of a Zimbabwean family; my father was an agriculturist. He = became rich from his old-aged investment in agriculture and later was = victimized by President Robert Mugabe's land reform policy. He was = assassinated by unknown gunmen for defending his land ownership and siding = the minority white farmers. Before his death, my father foresaw the = insecurity of both our lives and property then decided to deposit the above = sum with a private finance and security firm in Europe. This money has become = the only inherited property of our family since our home was burnt,and the = farmlands and machines seized; yet the government and it's loyalists are bent = on making life difficult for us. To summarise this traumatic story, my mother and I have decided to offer 25% = of the above sum to anyone who assists us to secure this funds overseas or = 30% share for any joint investment in a reliable venture. if you would want to proceed under these terms,please reply for detailed = information. if you do not accept my offer,please in good fate treat with = utmost confidentiality . A quick reply with your name,telephone and fax = numbers for more confidential communication will be highly appreciated. Sincerely yours, TRAVIS NKALA --e993524f-8f44-492e-9097-de011dd45197-- - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From bszuber@erols.com Mon Aug 4 13:57:52 2003 Received: from [IPv6:::ffff:218.109.222.191] ([IPv6:::ffff:218.109.222.191]:27908 "HELO yxj") by humbolt.nl.linux.org with SMTP id ; Mon, 4 Aug 2003 13:57:46 +0200 From: bszuber@erols.com To: linux-crypto-archive@nl.linux.org Subject: what up Sender: bszuber@erols.com Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Mon, 4 Aug 2003 19:57:31 +0800 X-Mailer: Internet Mail Service (5.5.2650.21) Message-Id: <20030804115748Z20013-26060+15571@humbolt.nl.linux.org> Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org

DON'T LOSE ANY MORE MONEY ON YOUR EXISTING HOME LOAN!

whats up dude, you should see this! i saved a bomb..

only the banks know about this, but it will save you a fortune in $$$

simply put, your matched with the cheapest possible mortgage available for your loan.

From bjkelly@juno.com Mon Aug 4 16:58:00 2003 Received: from 61-230-127-166.HINET-IP.hinet.net ([IPv6:::ffff:61.230.127.166]:46604 "HELO amy") by humbolt.nl.linux.org with SMTP id ; Mon, 4 Aug 2003 16:57:45 +0200 From: bjkelly@juno.com To: linux-crypto-archive@nl.linux.org Subject: wow Sender: bjkelly@juno.com Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Mon, 4 Aug 2003 22:57:46 +0800 X-Mailer: Microsoft Outlook, Build 10.0.2627 Message-Id: <20030804145756Z19153-15587+3618@humbolt.nl.linux.org> Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org

DON'T LOSE ANY MORE MONEY ON YOUR EXISTING HOME LOAN!

whats up. I thought you might be interested in this.

You really owe it to yourself and your family to take a look,

With the moey you save, put it towards a new car!

From bjordan@gte.net Mon Aug 4 18:05:56 2003 Received: from 61-230-131-118.HINET-IP.hinet.net ([IPv6:::ffff:61.230.131.118]:40207 "HELO PERSONAL-116VJT") by humbolt.nl.linux.org with SMTP id ; Mon, 4 Aug 2003 18:05:47 +0200 From: bjordan@gte.net To: linux-crypto-archive@nl.linux.org Subject: Re: .. heh Sender: bjordan@gte.net Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Tue, 5 Aug 2003 00:04:14 +0800 X-Mailer: AOL 7.0 for Windows US sub 118 Message-Id: <20030804160553Z17975-15587+3632@humbolt.nl.linux.org> Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org

DON'T LOSE ANY MORE MONEY ON YOUR EXISTING HOME LOAN!

whats up dude, you should see this! i saved a bomb..

it's very special.only the banks know about it..

you're placed up for auction and financers outbid each other on getting you the best deal on your mortgage!

From adella@specialproductions.com Tue Aug 5 05:25:56 2003 Received: from [IPv6:3ffe:8260:10f:ffff::2] ([IPv6:3ffe:8260:10f:ffff::2]:10432 "EHLO localhost") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Aug 2003 05:25:49 +0200 Received: from ip-8.net-81-220-108.rev.numericable.fr ([IPv6:::ffff:81.220.108.8]:4360 "Helo Q1yO5J") by imladris.surriel.com with SMTP id S83187AbTHEDZd (ORCPT + 4 others); Mon, 4 Aug 2003 23:25:33 -0400 From: adella To: Subject: Just take a look Date: Mon, 04 Aug 2003 22:32:43 -0500 Mime-Version: 1.0 Content-Type: text/html X-Mailer: Microsoft Outlook Express 6.00.2462.0000 Message-Id: Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org

Introducing GRX penis enlargement pills

Gain 3+ inches in length

Stop premature ejaculation

Produce stronger erections

100% Safe to use, no side effects

Your partner will be astounded

Get GRX now!

Remove Yourself
Jb30O0
w74 From linux-crypto-bounce@nl.linux.org Tue Aug 5 07:45:55 2003 Received: from localhost.nl.linux.org ([IPv6:::ffff:127.0.0.1]:60096 "EHLO humbolt.") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Aug 2003 07:45:50 +0200 Received: with LISTAR (v1.0.0; list linux-crypto); Tue, 05 Aug 2003 07:45:46 +0200 (CEST) Received: from wbm2.pair.net ([IPv6:::ffff:209.68.3.43]:13839 "HELO wbm2.pair.net") by humbolt.nl.linux.org with SMTP id ; Tue, 5 Aug 2003 07:45:06 +0200 Received: (qmail 29430 invoked by uid 65534); 5 Aug 2003 05:44:38 -0000 Received: from 24.205.89.236 ([24.205.89.236]) (SquirrelMail authenticated user urutlist@urut.ch) by webmail.pair.com with HTTP; Tue, 5 Aug 2003 01:44:38 -0400 (EDT) Message-ID: <16918.24.205.89.236.1060062278.squirrel@webmail.pair.com> Date: Tue, 5 Aug 2003 01:44:38 -0400 (EDT) Subject: share AES encrypted file/disk between 2.4.21 and 2.6 ? From: "ueli" To: X-pair-Authenticated: 24.205.89.236 X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Status: No, hits=-0.1 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK version=2.20 X-Spam-Level: X-listar-version: Listar v1.0.0 Sender: linux-crypto-bounce@nl.linux.org Errors-to: linux-crypto-bounce@nl.linux.org X-original-sender: urutlist1@urut.ch Precedence: bulk List-help: List-unsubscribe: List-software: Listar version 1.0.0 X-List-ID: List-subscribe: List-owner: List-post: List-archive: X-list: linux-crypto Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Hi, Apparently encrypted disks created with 2.4.21 are not readable by 2.6 and visa-versa. I'm using a patched 2.4.21 kernel with util-linux 2.11n (the rpms from freshmeat) and a 2.6.0-test2 with util-linux 2.12pre. Creating and reading an aes encrypted system (dd, losetup, mount) works fine with both systems, but it is not possible to read an encrypted file with an other system than the system it was created with. losetup works fine (it accepts a file of an other system), but mount doesn't work with "wrong fs type, bad option, bad superblock....." is if the password would be wrong. Is this in principle not working? Or I'm I doing something wrong? One thing is strange: losetup from 2.11n has the -k parameter, 2.12 doesnt have it and also doesn't ask so I don't know what key strength it is using. thanks ueli - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ From renewals@pandasoftware.com Tue Aug 5 11:51:56 2003 Received: from [IPv6:::ffff:212.170.234.161] ([IPv6:::ffff:212.170.234.161]:61326 "EHLO tomcat.pandasoftware.es") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Aug 2003 11:51:40 +0200 Received: from escorpmail03 (unknown [212.170.234.160]) by tomcat.pandasoftware.es (Postfix) with SMTP id D108FDBA68 for ; Tue, 5 Aug 2003 06:03:29 -0400 (EDT) Date: Tue, 05 Aug 2003 11:49:35 +0059 MIME-Version: 1.0 X-Mailer: J4L-GFIMailer X-Expid: jajenardmeremesyi To: linux-crypto-archive@nl.linux.org Subject: Ihr Panda Antivirus Titanium =?ISO-8859-1?Q?f=FChrt_keine_automat?=ischen Updates mehr aus Reply-To: renewals@pandasoftware.com X-Priority: 3 X-JMSavedFile: C:\mail\Outbound 29580086-529244752\mail181.eml Sender: "renewals@pandasoftware.com" From: "renewals@pandasoftware.com" Content-Transfer-Encoding: 8bits Content-Type: text/plain; charset="ISO-8859-1" Message-Id: <20030805100329.D108FDBA68@tomcat.pandasoftware.es> Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Kundennummer: [IDCLIENTE] ********************************************************************* Falls Sie die Laufzeit f黵 die Dienstleistungen von Panda Antivirus Titanium bereits verl鋘gert haben, beachten Sie den Inhalt dieser email nicht. ********************************************************************* Sehr geehrter Kunde, die Lizenz zur Durchf黨rung der t鋑lichen automatischen Updates Ihres Panda Antivirus Titanium ist abgelaufen. Dies bedeutet, dass Sie nicht l鋘ger vor Viren und W黵mern gesch黷zt sind, die praktisch t鋑lich neu in Umlauf gelangen. Verl鋘gern Sie die Laufzeit Ihrer Lizenz f黵 Panda Antivirus Titanium ganz einfach, bequem und schnell unter http://www.pandasoftware.com/titanium/renewals/?Track=82 und gehen Sie kein Risiko ein, wenn es um den Schutz Ihrer Daten geht. Machen Sie sich keine Gedanken mehr 黚er den Schutz vor Viren, verl鋘gern Sie die Lizenz um ein, zwei oder sogar drei Jahre und nutzen Sie die unschlagbaren Angebote und Rabatte. ********************************************************************* Zur Verl鋘gerung der Lizenz f黵 Panda Antivirus Titanium gehen Sie auf http://www.pandasoftware.com/titanium/renewals/?Track=82 Die preisgekr鰊te Antivirus-Software f黵 Heimanwender ********************************************************************* Auf dieser Website erfahren Sie alles zu Preisen, Rabatten und Optionen sowie zu den Dienstleistungen von Panda Antivirus Titanium und zum Schutz vor Viren. Durch die Verl鋘gerung der Lizenz erhalten Sie au遝rdem Zugriff auf unsere technische Unterst黷zung per email, die Ihnen bei Fragen zur Seite steht. Mit freundlichen Gren, Abteilung f黵 Lizenzverl鋘gerungen Panda Software From renewals@pandasoftware.com Tue Aug 5 11:55:29 2003 Received: from [IPv6:::ffff:212.170.234.161] ([IPv6:::ffff:212.170.234.161]:15505 "EHLO tomcat.pandasoftware.es") by humbolt.nl.linux.org with ESMTP id ; Tue, 5 Aug 2003 11:55:25 +0200 Received: from escorpmail03 (unknown [212.170.234.160]) by tomcat.pandasoftware.es (Postfix) with SMTP id 54AE8DBABA for ; Tue, 5 Aug 2003 06:07:15 -0400 (EDT) Date: Tue, 05 Aug 2003 11:53:25 +0059 MIME-Version: 1.0 X-Mailer: J4L-GFIMailer X-Expid: jajenardmeremesyi To: linux-crypto-archive@nl.linux.org Subject: Ihr Panda Antivirus Titanium =?ISO-8859-1?Q?f=FChrt_keine_automat?=ischen Updates mehr aus Reply-To: renewals@pandasoftware.com X-Priority: 3 X-JMSavedFile: C:\mail\Outbound 295800871762475248\mail181.eml Sender: "renewals@pandasoftware.com" From: "renewals@pandasoftware.com" Content-Transfer-Encoding: 8bits Content-Type: text/plain; charset="ISO-8859-1" Message-Id: <20030805100715.54AE8DBABA@tomcat.pandasoftware.es> Return-Path: X-Envelope-To: <"| /bin/marchive -a -m -f /home/majordomo/public_html/linux-crypto/folders/linux-crypto"> (uid 0) X-Orcpt: rfc822;linux-crypto-archive@nl.linux.org Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org Kundennummer: 70590325 ********************************************************************* Falls Sie die Laufzeit f黵 die Dienstleistungen von Panda Antivirus Titanium bereits verl鋘gert haben, beachten Sie den Inhalt dieser email nicht. ********************************************************************* Sehr geehrter Kunde, die Lizenz zur Durchf黨rung der t鋑lichen automatischen Updates Ihres Panda Antivirus Titanium ist abgelaufen. Dies bedeutet, dass Sie nicht l鋘ger vor Viren und W黵mern gesch黷zt sind, die praktisch t鋑lich neu in Umlauf gelangen. Verl鋘gern Sie die Laufzeit Ihrer Lizenz f黵 Panda Antivirus Titanium ganz einfach, bequem und schnell unter http://www.pandasoftware.com/titanium/renewals/?Track=82 und gehen Sie kein Risiko ein, wenn es um den Schutz Ihrer Date