Questions and answers concerning crypto and looppack device
By Patrice Lacroix <tootix@writeme.com>
Last update: 1999-05-21

1) What is the crypto API?

It allow other parts of the kernel to use crypto in a generic way,
most notably the loopback device driver (loop_gen.c).


2) What is loop_gen?

First, you should already be familiar with basic loopback device. See
losetup(1) for more info.

Loop_gen is the generic encryption layer for the loopback driver.
It uses the crypto API to do encryption. It works with every ciphers
supported by the crypto API. Not all ciphers in the crypto library
support the API yet.

Loop_gen (and the crypto api) will eventually replace all other loopback
encryption modules.

Loop_gen use all supported ciphers in CBC mode.


3) What can I do with loop_gen?

The basic loopback device driver allow you to use a file as a block
device.  With loop_gen, data in the file associated with the loopback
block device can be encrypted with strong crypto.

You can use the result as any other block device. If you create a file
system and mount it, then every file in the file system will be
automaticly encrypted.


4) Can I use all this as modules?

Sure! In make menuconfig (or whatever), under Crypto options, say M to
Crypto ciphers and to the ciphers you want. Under Block Device, say M to
loopback device and to General Encryption Support. Don't select any other
encryption modules unless you can't live without them and they are
no longer suported by the crypto API.

Build your kernel and modules, make modules_install, reboot, depmod -a

In /etc/conf.modules, add:

alias loop-xfer-gen-0 loop_gen
alias loop-xfer-gen-10 loop_gen
alias cipher-2 des
alias cipher-4 blowfish
alias cipher-6 idea
alias cipher-7 serp6f
alias cipher-8 mars6
alias cipher-11 rc62
alias cipher-15 dfc2
alias cipher-16 rijndael
alias cipher-17 rc5


5) Why all those funny numbers?

In short, the kernel know ciphers only by number. If you really want to know
how it works, you can grep request_module in linux/crypto/api.c and
linux/drivers/block/loop.c.


6) I get "Unsupported encryption type" when I use losetup or mount. What's
   wrong?

You need a version of losetup and mount that understand new encryption
types. To get it, you probably have to apply the util-linux patch you can
find in linux/Documentation/crypto and rebuild mount and losetup.


7) Can I stack loop devices and encryption?

Yes!


6) I can't access the content of my encrypted file system since I
   moved the backing file to a new partition. Why?

This is because when a block of data is encrypted with loop_gen,
its IV for CBC encryption is set to the real block where the
file is located on the block device underneath it. So when the
encrypted file system is physically moved on a block device, the
IV used for encryption and decryption change, and data can't be
decrypted correctly.

As of patch-int-2.2.10.4, you should answer 'Y' to the question 'Use
relative block numbers as basis for transfer functions (RECOMMENDED)'
to avoid this problem.

Another solution is to losetup your file once without using crypto and
then losetup again the first loopback block device to add
encryption. Since the encryption will always be from block 0 (inside
the first loopback device), the IV for CBC encryption will be the same
no matter where the original file is located.

Ex:

# losetup /dev/loop0 encfs.loop
# losetup -e blowfish /dev/loop1 /dev/loop0
Password: (not shown)
# mount /dev/loop1 /mnt

(here you can access the fs under /mnt...)

(and to destroy loopback devices...)

# umount /mnt
# losetup -d /dev/loop1
# losetup -d /dev/loop0

With this solution, you can do backup of your encrypted data
(which is a good thing) but it's more complexe and it's probably
less secure (which is a bad thing).


7) Since patch-int-2.2.10.4 I can't access my encrypted device.

As of patch-int-2.2.10.4, the encrypted files will be incompatible
with older files if you answer 'Y' to the question 'Use relative block
numbers as basis for transfer functions (RECOMMENDED)'.  To be able to
back up your encrypted files in the future, you should convert to the
new layout [which uses relative block numbers as IV to the cipher
instead of absolute ones].  This can be accomplished by doing
something like the following:

<using your old kernel...>
# losetup -e mypreferredcipher /dev/loop0 /myfile
<enter passphrase>
# dd if=/dev/loop0 of=tmpfile
# losetup -d /dev/loop0

<using your new kernel...>
# losetup -e mypreferredcipher /dev/loop0 /myfile
<enter passphrase>
# dd if=tmpfile of=/dev/loop0
# dd if=/dev/zero of=tmpfile bs=1k count=<size of tmpfile>
or you could download some of the special software used for wiping
magnetic media such as wipe from
http://gsu.linux.org.tr/wipe/

8) I made an encrypted filesystem on my hard-disk and tried to burn it
   on a CD.  Now I can't get the CD to work properly.

This is a current limitation in the loop device code.  The block size
(the smalles number of bytes that can be read) of a hard-disk is
smaller than the block size of a CD-ROM.  This causes problems since
the block size dictates how many bytes are encrypted as a block.

There is no solution to this problem at this time, but it isn't hard
to fix.  Contact me (Alexander Kjeldaas <astor@fast.no>) if you're
willing to work on this problem.

