from http://loop-aes.ajept.com/Readme.txt Hello, This mini-project adds LOOP_MULTI_KEY_SETUP_V3 functionality to SUSE 10.1. It's basically a glom between loop_fish2.c and loop-AES. The reason it was done is that loop-AES requires you to replace loop.c, and this was unacceptable. If you successfully patch this in, you will end up with a loadable module - loop_aes.ko, that will add the missing (and desired) functionality. How to obtain the kit --------------------- This source kit is available from: http://loop-AES.ajept.com/loop-AES.tar.gz What else you will need: ------------------------ Get a copy of loop-AES-v3.1e.tar.bz2 from Sourceforge, at http://www.sourceforge.net/project=loop-AES Get a copy of util-linux-2.12r.tar.bz2, at http://www.kernel.org/pub/linux/utils/util-linux/ Steps to install ---------------- Any file with a '.patched' at the end should replace a kernel source file of that name. You can either just copy over, or for the tin hat crowd, merge in from these files. 1. Install SUSE 10.1 on your box, and be sure to include the linux kernel source kit. You should end up with the following directories in /usr/src: linux linux-2.6.16.21-0.25 linux-2.6.16.21-0.25-obj linux-obj packages 2. To be sure all is ok at this point, build the kernel as follows: cd /usr/src/linux make oldconfig make Don't leave out the 'make oldconfig' step, or misery will follow you for the rest of your life if you do. When all is said and done, it should complete without errors. 3. For convenience, create the 'loop-AES' directory in /usr/src/linux/drivers/block/loop-AES, and copy this kit in there. - or do - cd /usr/src/linux/drivers/block tar -xvf loop-AES.tar.gz 4. Then, replace the following kernel files: Kconfig.patched => /usr/src/linux/drivers/block/Kconfig loop.h => /usr/src/linux/include/linux/loop.h, /usr/include/linux/loop.h Makefile.patched => /usr/src/linux/drivers/block/Makefile 5. Copy the following files into /usr/src/linux/drivers/block aes.c aes.h loop_aes.c md5.c md5.h 6. Once patched, you've got to tell the linux configuration system to build your new loadable driver, loopaes.ko. So so by: cd /usr/src/linux make menuconfig and, under block devices, select loop_aes as a type 'M', a loadable device. Exit menuconfig and be sure to save your configuration. 7. Rebuild the kernel cd /usr/src/linux make I don't recommend a 'make install' as you don't have to. Just remember the location of loopaes.ko. Contratulations! You've done it. You end up with loopaes.ko, a loadable driver that supports LOOP_MULTI_KEY_SETUP_V3. 8. utils need upgrade Before you can get it to work, you've got to build a copy of losetup that knows about loop-AES. Do so by applying patch loop-AES-v3.1e/util-linux-2.12r.diff to util-linux-2.12r/ - or do - cd util-linux-2.12r patch -p1 < loop-AES-v3.1e/util-linux-2.12r.diff make I don't recommend installing this package, as I have no idea what the patch does. None the less, you do end up with one executable, util-linux-2.12r/mount/losetup. I'd rather just rename this to losetupaes and remember its location. Using your new driver --------------------- Just load loopaes.ko before use. You can do so as follows: cd /usr/src/linux/drivers/block insmod ./loopaes.ko Voilla! LOOP_MULTI_KEY_SETUP_V3 should now work with losetupaes. For further information in doing so, please refer to the excellent doc at loop-AES-v3.1e/README Discussion ---------- I don't claim to have QA'd this package. I did load the module and used LOOP_MULTI_KEY_SETUP_V3 to initialize, mount, and dismount a loop disk - which is, in reality, only one five minute test. Things I haven't done: A. Try to mount a previously encrypted disk from some other software base. B. Run it for more than 5 minutes. C. Verify that loop-AES-v3.1e/loop.h changes any of the structures. D. Do any sort of code review of any of the code. E. Verify that the encryption scheme actually provide any sort of security Furthermore, the api changed for transfer_aes, to: int transfer_aes(struct loop_device *lo, int cmd, struct page *raw_page, unsigned raw_off, struct page *loop_page, unsigned loop_off, int size, sector_t devSect) { char *raw_buf = kmap_atomic(raw_page, KM_USER0) + raw_off; char *loop_buf = kmap_atomic(loop_page, KM_USER1) + loop_off; ... } What's kmap_atomic? Why did the api change? Who changed it? Where is the architect? How can I contact the architect? Is this correct? Why is the sky blue? What is the meaning of life? So, I make no claims about usability what-so-ever. Contacting the author --------------------- Feel free to email me for any reason at: mailto:// pagcal @ runbox.com and be sure to include 'loop-AES' in the subject or my email system will junk the message. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/