Gentoo Archives: gentoo-user

From: bitlord <bitlord0xff@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] cryptsetup wont use aes-xts:plain64
Date: Mon, 20 Apr 2015 16:19:43
Message-Id: 20150420181940.79a2f19f@gen2ws.local
In Reply to: [gentoo-user] cryptsetup wont use aes-xts:plain64 by Marko Weber | 8000
1 On Sat, 18 Apr 2015 12:27:15 +0200
2 Marko Weber | 8000 <weber@×××××××.de> wrote:
3
4 >
5 > hello list,
6 >
7 > i try to crypt a partition with cryptsetup.
8 > Yes, in Kernel i had all need things i think.
9 >
10 > CONFIG_CRYPTO=y
11 ...
12 > # CONFIG_CRYPTO_HW is not set
13 >
14 >
15 > but when i try to use cryptsetup i get this:
16 >
17 > # cryptsetup -c aes-xts:plain64 -y -s 256 luksFormat
18 > /dev/mapper/VolGroup01-media2
19 >
20 > WARNING!
21 > ========
22 > This will overwrite data on /dev/mapper/VolGroup01-media2 irrevocably.
23 >
24 > Are you sure? (Type uppercase yes): YES
25 > Enter passphrase:
26 > Verify passphrase:
27 > device-mapper: reload ioctl on failed: Invalid argument
28 > Failed to setup dm-crypt key mapping for device
29 > /dev/mapper/VolGroup01-media2.
30 > Check that kernel supports aes-xts:plain64 cipher (check syslog for
31 > more info).
32 >
33 >
34 >
35 > Any ideas?
36 >
37 > i built cryptsetup with this useflags:
38 >
39 > nls openssl python udev urandom
40 >
41 >
42 >
43 > cryptsetup --help shows me i am able to use the options
44 >
45 > Default compiled-in device cipher parameters:
46 > loop-AES: aes, Key 256 bits
47 > plain: aes-cbc-essiv:sha256, Key: 256 bits, Password
48 > hashing: ripemd160
49 > LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing:
50 > sha1, RNG: /dev/random
51 >
52 >
53 > any help / ideas or knowledge welcome.
54 >
55 > best regards
56 >
57 > marko
58 >
59 >
60 >
61 >
62 >
63
64 I read the whole tread, but will reply here.
65
66 I use this mode on some devices, and for me works fine (gentoo
67 systems), I have it enabled in kernel, also I have cryptsetup with
68 sys-fs/cryptsetup-1.6.5 (gcrypt nls python_single_target_python2_7
69 python_targets_python2_7 python_targets_python3_3 udev)
70 You can probably ignore python*, 'gcrypt' is probably important USE
71 flag.
72
73 Also something which maybe unrelated to you but is important about
74 CONFIG_CRYPTO_XTS is
75 "XTS: IEEE1619/D16 narrow block cipher use with
76 aes-xts-plain, key size 256, 384 or 512 bits. This implementation
77 currently can't handle a sectorsize which is not a multiple of 16
78 bytes."