1 |
Finally! |
2 |
|
3 |
Am 2015-04-18 12:27, schrieb Marko Weber | 8000: |
4 |
> hello list, |
5 |
> |
6 |
> i try to crypt a partition with cryptsetup. |
7 |
> Yes, in Kernel i had all need things i think. |
8 |
> |
9 |
> CONFIG_CRYPTO=y |
10 |
> CONFIG_CRYPTO_ALGAPI=y |
11 |
> CONFIG_CRYPTO_ALGAPI2=y |
12 |
> CONFIG_CRYPTO_AEAD=m |
13 |
> CONFIG_CRYPTO_AEAD2=y |
14 |
> CONFIG_CRYPTO_BLKCIPHER=y |
15 |
> CONFIG_CRYPTO_BLKCIPHER2=y |
16 |
> CONFIG_CRYPTO_HASH=y |
17 |
> CONFIG_CRYPTO_HASH2=y |
18 |
> CONFIG_CRYPTO_RNG=m |
19 |
> CONFIG_CRYPTO_RNG2=y |
20 |
> CONFIG_CRYPTO_PCOMP=m |
21 |
> CONFIG_CRYPTO_PCOMP2=y |
22 |
> CONFIG_CRYPTO_MANAGER=y |
23 |
> CONFIG_CRYPTO_MANAGER2=y |
24 |
> CONFIG_CRYPTO_USER=m |
25 |
> # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set |
26 |
> CONFIG_CRYPTO_GF128MUL=m |
27 |
> CONFIG_CRYPTO_NULL=m |
28 |
> CONFIG_CRYPTO_PCRYPT=m |
29 |
> CONFIG_CRYPTO_WORKQUEUE=y |
30 |
> CONFIG_CRYPTO_CRYPTD=m |
31 |
> CONFIG_CRYPTO_MCRYPTD=m |
32 |
> CONFIG_CRYPTO_AUTHENC=m |
33 |
> CONFIG_CRYPTO_TEST=m |
34 |
> CONFIG_CRYPTO_ABLK_HELPER=m |
35 |
> CONFIG_CRYPTO_GLUE_HELPER_X86=m |
36 |
> CONFIG_CRYPTO_CCM=m |
37 |
> CONFIG_CRYPTO_GCM=m |
38 |
> CONFIG_CRYPTO_SEQIV=m |
39 |
> CONFIG_CRYPTO_CBC=y |
40 |
> CONFIG_CRYPTO_CTR=m |
41 |
> CONFIG_CRYPTO_CTS=m |
42 |
> CONFIG_CRYPTO_ECB=m |
43 |
> CONFIG_CRYPTO_LRW=m |
44 |
> CONFIG_CRYPTO_PCBC=m |
45 |
> CONFIG_CRYPTO_XTS=m |
46 |
> CONFIG_CRYPTO_CMAC=m |
47 |
> CONFIG_CRYPTO_HMAC=m |
48 |
> CONFIG_CRYPTO_XCBC=m |
49 |
> CONFIG_CRYPTO_VMAC=m |
50 |
> CONFIG_CRYPTO_CRC32C=y |
51 |
> CONFIG_CRYPTO_CRC32C_INTEL=m |
52 |
> CONFIG_CRYPTO_CRC32=m |
53 |
> CONFIG_CRYPTO_CRC32_PCLMUL=m |
54 |
> CONFIG_CRYPTO_CRCT10DIF=y |
55 |
> CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m |
56 |
> CONFIG_CRYPTO_GHASH=m |
57 |
> CONFIG_CRYPTO_MD4=m |
58 |
> CONFIG_CRYPTO_MD5=y |
59 |
> CONFIG_CRYPTO_MICHAEL_MIC=m |
60 |
> CONFIG_CRYPTO_RMD128=m |
61 |
> CONFIG_CRYPTO_RMD160=m |
62 |
> CONFIG_CRYPTO_RMD256=m |
63 |
> CONFIG_CRYPTO_RMD320=m |
64 |
> CONFIG_CRYPTO_SHA1=m |
65 |
> CONFIG_CRYPTO_SHA1_SSSE3=m |
66 |
> CONFIG_CRYPTO_SHA256_SSSE3=m |
67 |
> CONFIG_CRYPTO_SHA512_SSSE3=m |
68 |
> CONFIG_CRYPTO_SHA1_MB=m |
69 |
> CONFIG_CRYPTO_SHA256=m |
70 |
> CONFIG_CRYPTO_SHA512=m |
71 |
> CONFIG_CRYPTO_TGR192=m |
72 |
> CONFIG_CRYPTO_WP512=m |
73 |
> CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m |
74 |
> CONFIG_CRYPTO_AES=y |
75 |
> CONFIG_CRYPTO_AES_X86_64=m |
76 |
> CONFIG_CRYPTO_AES_NI_INTEL=m |
77 |
> CONFIG_CRYPTO_ANUBIS=m |
78 |
> CONFIG_CRYPTO_ARC4=m |
79 |
> CONFIG_CRYPTO_BLOWFISH=m |
80 |
> CONFIG_CRYPTO_BLOWFISH_COMMON=m |
81 |
> CONFIG_CRYPTO_BLOWFISH_X86_64=m |
82 |
> CONFIG_CRYPTO_CAMELLIA=m |
83 |
> CONFIG_CRYPTO_CAMELLIA_X86_64=m |
84 |
> CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m |
85 |
> CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m |
86 |
> CONFIG_CRYPTO_CAST_COMMON=m |
87 |
> CONFIG_CRYPTO_CAST5=m |
88 |
> CONFIG_CRYPTO_CAST5_AVX_X86_64=m |
89 |
> CONFIG_CRYPTO_CAST6=m |
90 |
> CONFIG_CRYPTO_CAST6_AVX_X86_64=m |
91 |
> CONFIG_CRYPTO_DES=m |
92 |
> CONFIG_CRYPTO_DES3_EDE_X86_64=m |
93 |
> CONFIG_CRYPTO_FCRYPT=m |
94 |
> CONFIG_CRYPTO_KHAZAD=m |
95 |
> CONFIG_CRYPTO_SALSA20=m |
96 |
> CONFIG_CRYPTO_SALSA20_X86_64=m |
97 |
> CONFIG_CRYPTO_SEED=m |
98 |
> CONFIG_CRYPTO_SERPENT=m |
99 |
> CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m |
100 |
> CONFIG_CRYPTO_SERPENT_AVX_X86_64=m |
101 |
> CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m |
102 |
> CONFIG_CRYPTO_TEA=m |
103 |
> CONFIG_CRYPTO_TWOFISH=m |
104 |
> CONFIG_CRYPTO_TWOFISH_COMMON=m |
105 |
> CONFIG_CRYPTO_TWOFISH_X86_64=m |
106 |
> CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m |
107 |
> CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m |
108 |
> CONFIG_CRYPTO_DEFLATE=m |
109 |
> CONFIG_CRYPTO_ZLIB=m |
110 |
> CONFIG_CRYPTO_LZO=m |
111 |
> CONFIG_CRYPTO_LZ4=m |
112 |
> CONFIG_CRYPTO_LZ4HC=m |
113 |
> CONFIG_CRYPTO_ANSI_CPRNG=m |
114 |
> CONFIG_CRYPTO_DRBG_MENU=m |
115 |
> CONFIG_CRYPTO_DRBG_HMAC=y |
116 |
> # CONFIG_CRYPTO_DRBG_HASH is not set |
117 |
> # CONFIG_CRYPTO_DRBG_CTR is not set |
118 |
> CONFIG_CRYPTO_DRBG=m |
119 |
> CONFIG_CRYPTO_USER_API=m |
120 |
> CONFIG_CRYPTO_USER_API_HASH=m |
121 |
> CONFIG_CRYPTO_USER_API_SKCIPHER=m |
122 |
> CONFIG_CRYPTO_HASH_INFO=y |
123 |
> # CONFIG_CRYPTO_HW is not set |
124 |
> |
125 |
> |
126 |
> but when i try to use cryptsetup i get this: |
127 |
> |
128 |
> # cryptsetup -c aes-xts:plain64 -y -s 256 luksFormat |
129 |
> /dev/mapper/VolGroup01-media2 |
130 |
> |
131 |
> WARNING! |
132 |
> ======== |
133 |
> This will overwrite data on /dev/mapper/VolGroup01-media2 irrevocably. |
134 |
> |
135 |
> Are you sure? (Type uppercase yes): YES |
136 |
> Enter passphrase: |
137 |
> Verify passphrase: |
138 |
> device-mapper: reload ioctl on failed: Invalid argument |
139 |
> Failed to setup dm-crypt key mapping for device |
140 |
> /dev/mapper/VolGroup01-media2. |
141 |
> Check that kernel supports aes-xts:plain64 cipher (check syslog for |
142 |
> more info). |
143 |
> |
144 |
> |
145 |
> |
146 |
> Any ideas? |
147 |
> |
148 |
> i built cryptsetup with this useflags: |
149 |
> |
150 |
> nls openssl python udev urandom |
151 |
> |
152 |
> |
153 |
> |
154 |
> cryptsetup --help shows me i am able to use the options |
155 |
> |
156 |
> Default compiled-in device cipher parameters: |
157 |
> loop-AES: aes, Key 256 bits |
158 |
> plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: |
159 |
> ripemd160 |
160 |
> LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: |
161 |
> sha1, RNG: /dev/random |
162 |
> |
163 |
> |
164 |
> any help / ideas or knowledge welcome. |
165 |
> |
166 |
> best regards |
167 |
> |
168 |
> marko |
169 |
|
170 |
i got it working! |
171 |
|
172 |
cryptsetup -c aes-xts-plain -h sha256 -y -s 256 luksFormat |
173 |
/dev/mapper/VolGroup01-media2 |
174 |
|
175 |
But on writing a testfile of 4G with i get 22,9 Mb/sec. |
176 |
Is there a cipher/hash/keysize which alloows me a bit more write |
177 |
performance? |
178 |
|
179 |
marko |