Gentoo Archives: gentoo-user

From:	Marko Weber \| 8000 <weber@×××××××.de>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] cryptsetup wont use aes-xts:plain64
Date:	Mon, 20 Apr 2015 13:43:16
Message-Id:	`0a98c23f83197b1053b155c71ae67202@zbfmail.de`
In Reply to:	Re: [gentoo-user] cryptsetup wont use aes-xts:plain64 by Fernando Rodriguez

1	hi fernando,
2
3	Am 2015-04-19 03:35, schrieb Fernando Rodriguez:
4	> On Saturday, April 18, 2015 12:27:15 PM Marko Weber \| 8000 wrote:
5	>>
6	>> hello list,
7	>>
8	>> i try to crypt a partition with cryptsetup.
9	>> Yes, in Kernel i had all need things i think.
10	>>
11	>> CONFIG_CRYPTO=y
12	>> CONFIG_CRYPTO_ALGAPI=y
13	>> CONFIG_CRYPTO_ALGAPI2=y
14	>> CONFIG_CRYPTO_AEAD=m
15	>> CONFIG_CRYPTO_AEAD2=y
16	>> CONFIG_CRYPTO_BLKCIPHER=y
17	>> CONFIG_CRYPTO_BLKCIPHER2=y
18	>> CONFIG_CRYPTO_HASH=y
19	>> CONFIG_CRYPTO_HASH2=y
20	>> CONFIG_CRYPTO_RNG=m
21	>> CONFIG_CRYPTO_RNG2=y
22	>> CONFIG_CRYPTO_PCOMP=m
23	>> CONFIG_CRYPTO_PCOMP2=y
24	>> CONFIG_CRYPTO_MANAGER=y
25	>> CONFIG_CRYPTO_MANAGER2=y
26	>> CONFIG_CRYPTO_USER=m
27	>> # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
28	>> CONFIG_CRYPTO_GF128MUL=m
29	>> CONFIG_CRYPTO_NULL=m
30	>> CONFIG_CRYPTO_PCRYPT=m
31	>> CONFIG_CRYPTO_WORKQUEUE=y
32	>> CONFIG_CRYPTO_CRYPTD=m
33	>> CONFIG_CRYPTO_MCRYPTD=m
34	>> CONFIG_CRYPTO_AUTHENC=m
35	>> CONFIG_CRYPTO_TEST=m
36	>> CONFIG_CRYPTO_ABLK_HELPER=m
37	>> CONFIG_CRYPTO_GLUE_HELPER_X86=m
38	>> CONFIG_CRYPTO_CCM=m
39	>> CONFIG_CRYPTO_GCM=m
40	>> CONFIG_CRYPTO_SEQIV=m
41	>> CONFIG_CRYPTO_CBC=y
42	>> CONFIG_CRYPTO_CTR=m
43	>> CONFIG_CRYPTO_CTS=m
44	>> CONFIG_CRYPTO_ECB=m
45	>> CONFIG_CRYPTO_LRW=m
46	>> CONFIG_CRYPTO_PCBC=m
47	>> CONFIG_CRYPTO_XTS=m
48	>> CONFIG_CRYPTO_CMAC=m
49	>> CONFIG_CRYPTO_HMAC=m
50	>> CONFIG_CRYPTO_XCBC=m
51	>> CONFIG_CRYPTO_VMAC=m
52	>> CONFIG_CRYPTO_CRC32C=y
53	>> CONFIG_CRYPTO_CRC32C_INTEL=m
54	>> CONFIG_CRYPTO_CRC32=m
55	>> CONFIG_CRYPTO_CRC32_PCLMUL=m
56	>> CONFIG_CRYPTO_CRCT10DIF=y
57	>> CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
58	>> CONFIG_CRYPTO_GHASH=m
59	>> CONFIG_CRYPTO_MD4=m
60	>> CONFIG_CRYPTO_MD5=y
61	>> CONFIG_CRYPTO_MICHAEL_MIC=m
62	>> CONFIG_CRYPTO_RMD128=m
63	>> CONFIG_CRYPTO_RMD160=m
64	>> CONFIG_CRYPTO_RMD256=m
65	>> CONFIG_CRYPTO_RMD320=m
66	>> CONFIG_CRYPTO_SHA1=m
67	>> CONFIG_CRYPTO_SHA1_SSSE3=m
68	>> CONFIG_CRYPTO_SHA256_SSSE3=m
69	>> CONFIG_CRYPTO_SHA512_SSSE3=m
70	>> CONFIG_CRYPTO_SHA1_MB=m
71	>> CONFIG_CRYPTO_SHA256=m
72	>> CONFIG_CRYPTO_SHA512=m
73	>> CONFIG_CRYPTO_TGR192=m
74	>> CONFIG_CRYPTO_WP512=m
75	>> CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
76	>> CONFIG_CRYPTO_AES=y
77	>> CONFIG_CRYPTO_AES_X86_64=m
78	>> CONFIG_CRYPTO_AES_NI_INTEL=m
79	>> CONFIG_CRYPTO_ANUBIS=m
80	>> CONFIG_CRYPTO_ARC4=m
81	>> CONFIG_CRYPTO_BLOWFISH=m
82	>> CONFIG_CRYPTO_BLOWFISH_COMMON=m
83	>> CONFIG_CRYPTO_BLOWFISH_X86_64=m
84	>> CONFIG_CRYPTO_CAMELLIA=m
85	>> CONFIG_CRYPTO_CAMELLIA_X86_64=m
86	>> CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m
87	>> CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m
88	>> CONFIG_CRYPTO_CAST_COMMON=m
89	>> CONFIG_CRYPTO_CAST5=m
90	>> CONFIG_CRYPTO_CAST5_AVX_X86_64=m
91	>> CONFIG_CRYPTO_CAST6=m
92	>> CONFIG_CRYPTO_CAST6_AVX_X86_64=m
93	>> CONFIG_CRYPTO_DES=m
94	>> CONFIG_CRYPTO_DES3_EDE_X86_64=m
95	>> CONFIG_CRYPTO_FCRYPT=m
96	>> CONFIG_CRYPTO_KHAZAD=m
97	>> CONFIG_CRYPTO_SALSA20=m
98	>> CONFIG_CRYPTO_SALSA20_X86_64=m
99	>> CONFIG_CRYPTO_SEED=m
100	>> CONFIG_CRYPTO_SERPENT=m
101	>> CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m
102	>> CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
103	>> CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
104	>> CONFIG_CRYPTO_TEA=m
105	>> CONFIG_CRYPTO_TWOFISH=m
106	>> CONFIG_CRYPTO_TWOFISH_COMMON=m
107	>> CONFIG_CRYPTO_TWOFISH_X86_64=m
108	>> CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m
109	>> CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
110	>> CONFIG_CRYPTO_DEFLATE=m
111	>> CONFIG_CRYPTO_ZLIB=m
112	>> CONFIG_CRYPTO_LZO=m
113	>> CONFIG_CRYPTO_LZ4=m
114	>> CONFIG_CRYPTO_LZ4HC=m
115	>> CONFIG_CRYPTO_ANSI_CPRNG=m
116	>> CONFIG_CRYPTO_DRBG_MENU=m
117	>> CONFIG_CRYPTO_DRBG_HMAC=y
118	>> # CONFIG_CRYPTO_DRBG_HASH is not set
119	>> # CONFIG_CRYPTO_DRBG_CTR is not set
120	>> CONFIG_CRYPTO_DRBG=m
121	>> CONFIG_CRYPTO_USER_API=m
122	>> CONFIG_CRYPTO_USER_API_HASH=m
123	>> CONFIG_CRYPTO_USER_API_SKCIPHER=m
124	>> CONFIG_CRYPTO_HASH_INFO=y
125	>> # CONFIG_CRYPTO_HW is not set
126	>>
127	>>
128	>> but when i try to use cryptsetup i get this:
129	>>
130	>> # cryptsetup -c aes-xts:plain64 -y -s 256 luksFormat
131	>> /dev/mapper/VolGroup01-media2
132	>>
133	>> WARNING!
134	>> ========
135	>> This will overwrite data on /dev/mapper/VolGroup01-media2 irrevocably.
136	>> # cryptsetup -c aes-xts:plain64 -y -s 512 luksFormat
137	>> /dev/mapper/VolGroup01-media2
138
139	WARNING!
140	========
141	This will overwrite data on /dev/mapper/VolGroup01-media2 irrevocably.
142
143	Are you sure? (Type uppercase yes): YES
144	Enter passphrase:
145	Verify passphrase:
146	device-mapper: reload ioctl on failed: Invalid argument
147	Failed to setup dm-crypt key mapping for device
148	/dev/mapper/VolGroup01-media2.
149	Check that kernel supports aes-xts:plain64 cipher (check syslog for more
150	info).
151	>> Are you sure? (Type uppercase yes): YES
152	>> Enter passphrase:
153	>> Verify passphrase:
154	>> device-mapper: reload ioctl on failed: Invalid argument
155	>> Failed to setup dm-crypt key mapping for device
156	>> /dev/mapper/VolGroup01-media2.
157	>> Check that kernel supports aes-xts:plain64 cipher (check syslog for
158	>> more
159	>> info).
160	>>
161	>>
162	>>
163	>> Any ideas?
164	>>
165	>> i built cryptsetup with this useflags:
166	>>
167	>> nls openssl python udev urandom
168	>>
169	>>
170	>>
171	>> cryptsetup --help shows me i am able to use the options
172	>>
173	>> Default compiled-in device cipher parameters:
174	>> loop-AES: aes, Key 256 bits
175	>> plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing:
176	>> ripemd160
177	>> LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing:
178	>> sha1, RNG: /dev/random
179	>>
180	>>
181	>> any help / ideas or knowledge welcome.
182	>>
183	>> best regards
184	>>
185	>> marko
186	>
187	> That message is incorrectly shown if something's wrong with the way you
188	> specified the cipher and key size. It threw me off for a while too.
189	> This is what
190	> I ended up using:
191	>
192	> cryptsetup -i 30000 -c twofish-xts-essiv:sha256 -s 512 -h sha512
193	> luksFormat
194	> file.img
195	>
196	> I don't remember where I was getting it wrong, I think I was using -s
197	> 256 but
198	> xts uses half the key for every other block so the key needs to be
199	> twice the
200	> size. I found a site with a table that list what you can use with which
201	> options but unfortunately I can't find it now. So try using -s 512
202	> (since
203	> cryptsetup is telling you that you can use a 256 bit key).
204
205	also with keysize 512 i get:
206
207	# cryptsetup -c aes-xts:plain64 -y -s 512 luksFormat
208	/dev/mapper/VolGroup01-media2
209
210	WARNING!
211	========
212	This will overwrite data on /dev/mapper/VolGroup01-media2 irrevocably.
213
214	Are you sure? (Type uppercase yes): YES
215	Enter passphrase:
216	Verify passphrase:
217	device-mapper: reload ioctl on failed: Invalid argument
218	Failed to setup dm-crypt key mapping for device
219	/dev/mapper/VolGroup01-media2.
220	Check that kernel supports aes-xts:plain64 cipher (check syslog for more
221	info).
222
223
224	NOW; i have all crypto thingies in Kernel and not as modules.
225	Still not working

Replies

Subject	Author
Re: [gentoo-user] cryptsetup wont use aes-xts:plain64	Heiko Baums <lists@××××××××××××.de>

Report Message

Find on MARC Find on Google Groups