Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 78550

Summary: aes encryption option is not available
Product: [Retired] Red Hat Linux Reporter: Michael Lee Yohe <michael>
Component: util-linuxAssignee: Elliot Lee <sopwith>
Status: CLOSED DUPLICATE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: sam
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-12-07 14:28:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Michael Lee Yohe 2002-11-25 17:47:11 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020830

Description of problem:
When discussing loopback encryption with Arjan, he said that instead of having
to use DES, I could use AES instead (since it is bundled with Red Hat Linux) -
losetup does not recognize "aes" as an available encryption option.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. # losetup -e aes /dev/loop0 test.img 

Actual Results:  Unsupported encryption type aes

Expected Results:  Should allow user to setup an aes encrypted loopback device.

Additional info:

$ rpm -q losetup
losetup-2.11r-10

Comment 1 Michael Lee Yohe 2002-11-25 17:54:06 UTC
Further, I force injected the "cipher-aes" module:

# modprobe cipher-aes
# losetup -e aes /dev/loop0 /home/myohe/test.img 
Unsupported encryption type aes
# losetup -e cipher-aes /dev/loop0 /home/myohe/test.img 
Unsupported encryption type cipher-aes
# losetup -e AES /dev/loop0 /home/myohe/test.img 
Unsupported encryption type AES


Comment 2 Michael Lee Yohe 2002-11-25 17:56:39 UTC
I should finish my thoughts before hitting "submit.."

# dmesg | grep cryptoapi
cryptoapi: loaded
cryptoapi: Registered aes-ecb (0)
cryptoapi: Registered aes-cbc (65536)
cryptoapi: Registered aes-cfb (131072)
cryptoapi: Registered aes-ctr (262144)
cryptoapi: Registered aes-rtc (524288)

# losetup -e aes-rtc /dev/loop0 /home/myohe/test.img 
Unsupported encryption type aes-rtc
# losetup -e aes-ecb /dev/loop0 /home/myohe/test.img 
Unsupported encryption type aes-ecb
# losetup -e aes-cfb /dev/loop0 /home/myohe/test.img 
Unsupported encryption type aes-cfb
# losetup -e aes-ctr /dev/loop0 /home/myohe/test.img 
Unsupported encryption type aes-ctr
# losetup -e aes-cbc /dev/loop0 /home/myohe/test.img 
Unsupported encryption type aes-cbc



Comment 3 Need Real Name 2002-12-05 08:45:04 UTC
And while it's open (along the same lines); 
how come it only supports XOR which is slow and DES which doesn't work anyway:

losetup -e des /dev/loop0 /file
Password:
Init (up to 16 hex digits):
ioctl: LOOP_SET_STATUS: Invalid argument

Lets take DES out as everyone agrees it is too weak and doesn't work anyway, 
and lets put at least one decent one in by default; AES, IDEA or something, and 
even better would be to be able to use loadable encryption modules.


Comment 4 Michael Lee Yohe 2002-12-05 15:01:26 UTC
The DES problem is related to Bug 56698 and includes a semi-howto on what to do
to get encrypted filesystems to work under Red Hat Linux (albeit a non-packaged
method).

I filed Bug 78544 against the kernel - Arjan correctly informed me that the
_kernel_ has loopback encryption support.  However, the Red Hat Linux
distribution itself _does not_ have the support.  I will modify Bug 78544
accordingly to reference the distribution's lack of a method EVEN when the man
pages (documentation) say otherwise.

Comment 5 Need Real Name 2002-12-05 21:30:40 UTC
Does this mean I can just get the src.rpm to losetup and util-linux packages 
and add to the .spec file the patches from 
http://www.kernel.org/pub/linux/kernel/crypto/v2.4/ and expect it to work?

If I understand the problem correctly, and it is so, then I am happy to put 
together and updated src.rpm for rawhide and/or redhat update.

Sam
[Yes, and I meant XOR was fast, not slow]

Comment 6 Need Real Name 2002-12-07 14:28:28 UTC
Well.... I derived the patch for the util-linux package but it doesn't apply 
cleanly when combined with all the other redhat linux-util patches part of 
the .src.rpm

And not knowing the purposes behind many of the applied patches I can't tell 
how far from a working crypto losetup we are; or if or how much still needs 
patching.

So I'll have to leave it to the util-linux package maintainers to sort out what 
is still missing and fix it up.


Comment 7 Elliot Lee 2002-12-09 18:59:07 UTC

*** This bug has been marked as a duplicate of 56698 ***