cryptsetup luks

Printable View

Show 40 post(s) from this thread on one page

27-11-2010, 08:38
ddayb

cryptsetup luks

Ïðèâåò!
À åñòü ëè âîçìîæíîñòü ïðèêðóòèòü luks-øèôðîâàíèå ïîäêëþ÷àåìûõ ïî USB äèñêîâ? è ñïðàâèòñÿ ëè wnr3500l?
23-03-2012, 00:40
staticroute

Quote:

Originally Posted by ddayb

Ïðèâåò!
À åñòü ëè âîçìîæíîñòü ïðèêðóòèòü luks-øèôðîâàíèå ïîäêëþ÷àåìûõ ïî USB äèñêîâ? è ñïðàâèòñÿ ëè wnr3500l?

+1, òîëüêî ìîæíî ëè òàêîå íà wl-500gP (v1) ?

Ïîòÿíåò ëè? Õîòåëîñü áû ïîýêñïåðèìåíòèðîâàòü, åñëè íå òðóäíî ïðèêðóòèòå ïëèç :)

EDIT: íàøåë íà ïîëüñêîì http://eko.one.pl/?p=openwrt-crypto çàâòðà áóäó ïðîáîâàòü..

òàê ïîíèìàþ OpenWRT ïàêåòû ñòàâÿòñÿ íà ýòó ïðîøèâêó?
24-03-2012, 10:30
ryzhov_al

Quote:

Originally Posted by staticroute

òàê ïîíèìàþ OpenWRT ïàêåòû ñòàâÿòñÿ íà ýòó ïðîøèâêó?

Íå ñîâñåì. Ó íàñ ñ òîìàòîâöàìè ñâîé êëîí ðåïîçèòîðèÿ OpenWRT, ïî îáú¸ìó ðàâíûé ïðèìåðíî òðåòè îáú¸ìà îðèãèíàëà.

Quote:

Originally Posted by Rucha

Àêòóàëüíà ëè èíñòðóêöèÿ èç ïåðâîãî ïîñòà (Ïðèìåðíûé ïîðÿäîê ïåðåõîäà íà íàøó ïðîøèâêó) äëÿ ïåðåõîäà ñ -d ïðîøèâêè íà -rtn?

Â ïåðâîì ïîñòå íåò òàêîé èíñòðóêöèè. Åñëè âû ïðî ñîõðàíåíèå íàñòðîåê ïðè ïåðåõîäå ñ âåòêè -d íà -rtn, òî ïåðåíîñ íàñòðîåê êðàéíå íåæåëàòåëåí.
24-03-2012, 19:51
Rucha

Quote:

Originally Posted by ryzhov_al

Åñëè âû ïðî ñîõðàíåíèå íàñòðîåê ïðè ïåðåõîäå ñ âåòêè -d íà -rtn, òî ïåðåíîñ íàñòðîåê êðàéíå íåæåëàòåëåí.

Äà, à ìîæíî ëè õîòÿáû flashfs âîññòàíîâèòü áåç íåãàòèâíûõ ïîñëåäñòâèé?
24-03-2012, 23:16
staticroute

Quote:

Originally Posted by ryzhov_al

Íå ñîâñåì. Ó íàñ ñ òîìàòîâöàìè ñâîé êëîí ðåïîçèòîðèÿ OpenWRT, ïî îáú¸ìó ðàâíûé ïðèìåðíî òðåòè îáú¸ìà îðèãèíàëà.

íå ìîãëè áû òóäà âêëþ÷èòü cryptsetup ?

+ ÿäðîâûå ìîäóëè dm_crypt, aes256_generic â ïðîøèâêó.

EDIT: http://danm.de/files/src/bcm5365p/REPORTED_DEVICES

êñòàòè â 500gP îêàçûâàåòñÿ åñòü hardware crypto o_O
06-06-2012, 23:55
staticroute

Quote:

Originally Posted by ddayb

Ïðèâåò!
À åñòü ëè âîçìîæíîñòü ïðèêðóòèòü luks-øèôðîâàíèå ïîäêëþ÷àåìûõ ïî USB äèñêîâ? è ñïðàâèòñÿ ëè wnr3500l?

Quote:

Originally Posted by staticroute

+1, òîëüêî ìîæíî ëè òàêîå íà wl-500gP (v1) ?

Ïîòÿíåò ëè? Õîòåëîñü áû ïîýêñïåðèìåíòèðîâàòü, åñëè íå òðóäíî ïðèêðóòèòå ïëèç :)

EDIT: íàøåë íà ïîëüñêîì http://eko.one.pl/?p=openwrt-crypto çàâòðà áóäó ïðîáîâàòü..

òàê ïîíèìàþ OpenWRT ïàêåòû ñòàâÿòñÿ íà ýòó ïðîøèâêó?

ñîáñòâåííî óäàëîñü-òàêè ïîäíÿòü cryptsetup íà wl500gP v1, âñå ðàáîòàåò :)

ñêîìïåëèðîâàë íà optware.. ÷åñòíî ãîâîðÿ çàìó÷àëñÿ ïðàâèòü èñõîäíèêè, ÷òîáû îíî ñîáðàëîñü..

íóæíî êîíå÷íî æå êîìïèëèòü êàñòîì ïðîøèâêó ñ âêëþ÷åííûìè

Code:

sha256 12320 0 dm_crypt 14224 1 dm_mod 59872 3 dm_crypt cryptoloop 2176 0 aes 31024 2

cryptoloop ïî æåëàíèþ (åñëè ïëàíèðóåòå õðàíèòü â ôàéëå êîíòåéíåð, à íå èñïîëüçîâàòü öåëûé ðàçäåë ôëåøêè).

íóæíî ïî ñóòè îñíîâíîå ýòî ñàì ñêîìïèëåííûé ïàêåò cryptsetup_1.4.3-1_mipsel.ipk

îñòàëüíûå äåïû ipkg äîñòàâèò àâòîìàòîì (îíè óæå âñå åñòü) + ìîäóëè ÿäðà åñòåñòâåííî ñîáðàòü

íåïëîõî á êîíå÷íî ýòî âûíåñòè â îòäåëüíóþ îïöèþ ïðè ñáîðêå ïðîøèâêè, ÷òîáû íå ìó÷àòüñÿ.

ñêîðîñòü åñòåñòâåííî ãðóñòíàÿ:

Code:

dd if=/dev/zero of=1 bs=1M count=20 20+0 records in 20+0 records out 20971520 bytes (20.0MB) copied, 45.423548 seconds, 450.9KB/s

Íî íà WNR3500L ïðîö ïîìîùíåå è ïàìÿòè áîëüøå (â 2 ðàçà), äóìàþ ñêîðîñòü áóäåò ïîëó÷øå, íî íå îñîáî, íå áîëüøå 1ìá/sec
29-07-2012, 05:45
pux

Îòöû, ðàíåå òîâàðèù staticroute çäåñü æå îòïèñàëñÿ, ÷òî ïðîïàò÷èë cryptsetup.

Íåëüçÿ ëè â îñíîâíîé ïðîøèâêå ñîáèðàòü ñðåäè ïðî÷èõ ìîäóëè sha256, dm_mod, dm_crypt, cryptoloop, aes?

Åäèíñòâåííûé íåïðèÿòíûé ìîìåíò, êîòîðûé ïðèõîäèò â ãîëîâó -- óâåëè÷èòñÿ èòîãîâûé ðàçìåð òàðáîëà ñ ìîäóëÿìè.
29-07-2012, 11:55
staticroute

Quote:

Originally Posted by pux

Îòöû, ðàíåå òîâàðèù staticroute çäåñü æå îòïèñàëñÿ, ÷òî ïðîïàò÷èë cryptsetup.

Íåëüçÿ ëè â îñíîâíîé ïðîøèâêå ñîáèðàòü ñðåäè ïðî÷èõ ìîäóëè sha256, dm_mod, dm_crypt, cryptoloop, aes?

Åäèíñòâåííûé íåïðèÿòíûé ìîìåíò, êîòîðûé ïðèõîäèò â ãîëîâó -- óâåëè÷èòñÿ èòîãîâûé ðàçìåð òàðáîëà ñ ìîäóëÿìè.

Âû ìîæåòå ñäåëàòü ýòî ñàìîñòîÿòåëüíî ïðè ñáîðêå ïðîøèâêè è âêëþ÷èòü íóæíûå ìîäóëè, ïðîñòî äëÿ ýòîãî ïðèäåòñÿ (ïîêà ÷òî) ðó÷êàìè ïðàâèòü Makefile.

Ó ìåíÿ åñòü ïîäîçðåíèå, ÷òî cryptsetup ÿ íåìíîãî êðèâî ïðîïàò÷èë, òàê êàê ñîáèðàë ïîä Optware, íàõîäó ìåíÿÿ íóæíûå ñòðóêòóðû â çàãîëîâî÷íûõ ôàéëàõ. Õîòÿ îí è ðàáîòàåò, íî ñ íåêîòîðûìè áàãàìè.

Íàäî áóäåò ïåðåïðîâåðèòü èëè ïåðåëåçòü-òàêè íà Entware è ñîáðàòü óæå òàì.
09-08-2012, 16:15
staticroute

Quote:

Originally Posted by ryzhov_al

Êàêèõ èìåííî? Áîëüøóþ (è íàèáîëåå ïîïóëÿðíóþ) ÷àñòü ðåïîçèòîðèÿ OpenWRT ìû óæå âîáðàëè:

cryptsetup, libdevmapper, lvm2

ñîáñòâåííî ÿ ñàì èõ óæå ñîáðàë, íî òåì íå ìåíåå õîòåëîñü áû âèäåòü èõ òîæå, èìåëîñü ââèäó, ÷òî íå âûáðàíû âñå äîñòóïíûå ïàêåòû â make menuconfig, à òîëüêî èçáðàííûå.
09-08-2012, 18:44
ryzhov_al

Quote:

Originally Posted by staticroute

cryptsetup,

Çà÷åì? Åñëè ìåñÿöåì ðàíüøå ñàìè äîêàçàëè åãî íåðàáîòîñïîñîáíîñòü â ïëàíå ñêîðîñòè.

Quote:

Originally Posted by staticroute

libdevmapper, lvm2

Çà÷åì? Åñëè ðàíüøå áûëà äîêàçàíà åãî íåðàáîòîñïîñîáíîñòü â ïëàíå ñêîðîñòè. RAID-òî ïîëó÷èòñÿ ñîôòîâûé, íàãðóçêà ïî ââîäó-âûâîäó ëÿæåò íà CPU.
09-08-2012, 18:51
staticroute

Quote:

Originally Posted by ryzhov_al

Çà÷åì? Åñëè ìåñÿöåì ðàíüøå ñàìè äîêàçàëè åãî íåðàáîòîñïîñîáíîñòü â ïëàíå ñêîðîñòè.
Çà÷åì? Åñëè ðàíüøå áûëà äîêàçàíà åãî íåðàáîòîñïîñîáíîñòü â ïëàíå ñêîðîñòè. RAID-òî ïîëó÷èòñÿ ñîôòîâûé, íàãðóçêà ïî ââîäó-âûâîäó ëÿæåò íà CPU.

Çàòåì, ÷òî ýòî êîìó-òî ìîæåò ïðèãîäèòñÿ, ÿ òóäà íå çàïèñûâàþ êàæäóþ ñåêóíäó.

Òî æå ñàìîå ñ LVM.
09-08-2012, 18:53
ryzhov_al

Quote:

Originally Posted by staticroute

Çàòåì, ÷òî ýòî êîìó-òî ìîæåò ïðèãîäèòñÿ, ÿ òóäà íå çàïèñûâàþ êàæäóþ ñåêóíäó.

Òî æå ñàìîå ñ LVM.

Îê, òàê è ñäåëàåì: åñëè åù¸ êîìó-íèáóäü ïðèãîäèòñÿ, òîãäà è ñîáåð¸ì.
21-08-2012, 11:52
platinummsk

Quote:

Originally Posted by ryzhov_al

Îê, òàê è ñäåëàåì: åñëè åù¸ êîìó-íèáóäü ïðèãîäèòñÿ, òîãäà è ñîáåð¸ì.

Áûëî áû îòëè÷íî óâèäåòü cryptsetup â ðåïîçèòîðèè)) èëè ìîæåò åñòü àëüòåðíàòèâà åìó? :)
21-08-2012, 17:44
ryzhov_al

1 Attachment(s)

Cryptosetup. Èíñòðóêöèÿ ïî èñïîëüçîâàíèþ

Quote:

Originally Posted by platinummsk

Áûëî áû îòëè÷íî óâèäåòü cryptsetup â ðåïîçèòîðèè))

Óáîëòàëè:) Cryptosetup äîáàâëåí â ðåïîçèòîðèé. Íèæå ïðèâåäåíà êðàòêàÿ èíñòðóêöèÿ ïî åãî èñïîëüçîâàíèþ. Ó÷òèòå, ÷òî cryptsetup áóäåò áåñïîëåçåí, åñëè ó âàñ íåò ïåðå÷èñëåííûõ íèæå ìîäóëåé ÿäðà äëÿ âàøåé ïðîøèâêè.

1. Ïîäãîòàâëèâàåì ôàéë-êîíòåéíåð
Ðàçìåð êîíòåéíåðà â ïðèìåðå 512Ìá, òåêóùàÿ äèðåêòîðèÿ - íà USB-íîñèòåëå.

Code:

$ opkg install losetup cryptsetup $ dd if=/dev/zero of=./crypto.img bs=1M count=512 $ insmod ./loop.ko $ losetup /dev/loop1 ./crypto.img

Êîíòåéíåð ñìîíòèðîâàí êàê loop device â /dev/loop1. Äëÿ èñïîëüçîâàíèÿ LUKS-øèôðîâàíèÿ åãî íåîáõîäèìî îòôîðìàòèðîâàòü:

Code:

$ insmod ./dm-mod.ko $ insmod ./aes.ko $ insmod ./sha256.ko $ insmod ./dm-crypt.ko $ cryptsetup -y --key-size 256 luksFormat /dev/loop1

2. Ìîíòèðóåì êîíòåéíåð

Code:

$ cryptsetup luksOpen /dev/loop1 crypted

Íàïîìèíàþ, ÷òî cryptsetup - ýòî âñåãî ëèøü user space íàäñòðîéêà, îáëåã÷àþùàÿ èñïîëüçîâàíèå dm-crypt. Â ïðèìåðå áûë ñîçäàí ãîòîâûé ê ìîíòèðîâàíèþ block device /dev/mapper/crypted.

3. Ñîçäà¸ì íà í¸ì ôàéëîâóþ ñèñòåìó
Âñ¸ êàê ñ æ¸ñòêèì äèñêîì:

Code:

$ mkfs.ext3 -j /dev/mapper/crypted $ mkdir /tmp/crypted $ mount /dev/mapper/crypted /tmp/crypted/

Âñ¸! Ìîæíî èñïîëüçîâàòü /tmp/crypted/ äëÿ õðàíåíèÿ çàøèôðîâàííûõ äàííûõ. Îöåíèì ïðîèçâîäèòåëüíîñòü íà RT-N66u (äàííûå çàòèðàþòñÿ!):

Code:

$ /opt/bin/dd if=/dev/zero of=/dev/mapper/crypted bs=1M count=510 510+0 records in 510+0 records out 534773760 bytes (535 MB) copied, 118,957 s, 4,5 MB/s

...ïðè çàãðóçêå ñèñòåìû:

Code:

$ top top - 20:11:29 up 5 days, 22:27, 0 users, load average: 1.06, 1.24, 0.73 Tasks: 82 total, 1 running, 81 sleeping, 0 stopped, 0 zombie Cpu(s): 0.7%us, 63.4%sy, 0.0%ni, 0.0%id, 34.3%wa, 1.3%hi, 0.3%si, 0.0%st Mem: 255520k total, 230476k used, 25044k free, 32832k buffers Swap: 0k total, 0k used, 0k free, 158712k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 26656 admin 11 -5 0 0 0 S 52.5 0.0 1:19.22 kcryptd/0 18037 admin 0 -20 0 0 0 S 5.6 0.0 0:00.49 loop1 18316 admin 17 0 2080 1384 1316 D 4.6 0.5 0:00.26 dd

Èíôîðìàöèþ î ñîñòîÿíèè ñìîíòèðîâàííîãî êðèïòîêîíòåéíåðà ìîæíî ïîñìîòðåòü êîìàíäîé:

Code:

$ cryptsetup -y luksDump /dev/loop1

4. Îêîí÷àíèå ðàáîòû ñ êîíòåéíåðîì
Íàäî ïðîñòî âñ¸ ðàçìîíòèðîâàòü â îáðàòíîì ïîðÿäêå:

Code:

$ umount /tmp/crypted/ $ cryptsetup luksClose crypted $ losetup -d /dev/loop1

Ê ïîñòó ïðèëîæåíû íåîáõîäèìûå ìîäóëè äëÿ ñòîêîâîé/ìåðëèíîâñêîé ïðîøèâêè äëÿ Asus RT-N66u.
21-08-2012, 17:56
ryzhov_al

Cryptoloop. Èíñòðóêöèÿ ïî èñïîëüçîâàíèþ

Quote:

Originally Posted by platinummsk

...èëè ìîæåò åñòü àëüòåðíàòèâà åìó? :)

Åñòü. Ïðåäøåñòâåííèê dm-crypt - cryptoloop.

Â ïîñòå âûøå ÿ ìîíòèðîâàë ôàéë-êîíòåéíåð êàê loop device, à dm-crypt øèôðîâàë äàííûå ìåæäó /dev/loop1 è /dev/mapper/crypted. Ïðè èñïîëüçîâàíèè cryptoloop äàííûå ìåæäó ôàéëîì êîíòåéíåðà è loop device'îì âîëøåáíûì ñïîñîáîì øèôðóþòñÿ íà ëåòó.

1. Ñîçäà¸ì ôàéë-êîíòåéíåð

Code:

$ dd if=/dev/zero of=./crypto.img bs=1M count=512

2. Ïîäãðóæàåì ìîäóëè øèôðîâàíèÿ sha/aes

Code:

$ insmod ./aes.ko $ insmod ./sha256.ko

Øèôðû äîëæíû ñòàòü íàì äîñòóïíû â ïåðå÷íå:

Code:

$ cat /proc/crypto | grep ^name

3. Ìîíòèðóåì øèôðîâàííûé loop device

Code:

$ opkg install losetup $ insmod ./loop.ko $ insmod ./cryptoloop.ko $ losetup -e aes /dev/loop0 ./crypto.img

Äàëåå /dev/loop0 ìîæíî îòôîðìàòèðîâàòü è ñìîíòèðîâàòü ðîâíî êàê â ïðåäûäóùåì ñëó÷àå. Ïðîèçâîäèòåëüíîñòü, ïðàâäà, ïîìåíüøå:

Code:

$ /opt/bin/dd if=/dev/zero of=/dev/loop0 bs=1M count=510 510+0 records in 510+0 records out 534773760 bytes (535 MB) copied, 142,805 s, 3,7 MB/s

...ïðè çàãðóçêå:

Code:

$ top top - 20:07:12 up 5 days, 22:22, 0 users, load average: 4.47, 1.45, 0.59 Tasks: 83 total, 5 running, 77 sleeping, 0 stopped, 1 zombie Cpu(s): 0.6%us, 56.5%sy, 0.0%ni, 0.0%id, 41.7%wa, 0.3%hi, 0.9%si, 0.0%st Mem: 255520k total, 234192k used, 21328k free, 77308k buffers Swap: 0k total, 0k used, 0k free, 117640k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 17397 admin 0 -20 0 0 0 S 49.7 0.0 0:41.73 loop0 17529 admin 18 0 2080 1384 1316 R 2.5 0.5 0:02.42 dd 469 admin 10 -5 0 0 0 S 1.6 0.0 29:06.05 usb-storage

Show 40 post(s) from this thread on one page