1 |
hi fernando, |
2 |
|
3 |
Am 2015-04-19 03:35, schrieb Fernando Rodriguez: |
4 |
> On Saturday, April 18, 2015 12:27:15 PM Marko Weber | 8000 wrote: |
5 |
>> |
6 |
>> hello list, |
7 |
>> |
8 |
>> i try to crypt a partition with cryptsetup. |
9 |
>> Yes, in Kernel i had all need things i think. |
10 |
>> |
11 |
>> CONFIG_CRYPTO=y |
12 |
>> CONFIG_CRYPTO_ALGAPI=y |
13 |
>> CONFIG_CRYPTO_ALGAPI2=y |
14 |
>> CONFIG_CRYPTO_AEAD=m |
15 |
>> CONFIG_CRYPTO_AEAD2=y |
16 |
>> CONFIG_CRYPTO_BLKCIPHER=y |
17 |
>> CONFIG_CRYPTO_BLKCIPHER2=y |
18 |
>> CONFIG_CRYPTO_HASH=y |
19 |
>> CONFIG_CRYPTO_HASH2=y |
20 |
>> CONFIG_CRYPTO_RNG=m |
21 |
>> CONFIG_CRYPTO_RNG2=y |
22 |
>> CONFIG_CRYPTO_PCOMP=m |
23 |
>> CONFIG_CRYPTO_PCOMP2=y |
24 |
>> CONFIG_CRYPTO_MANAGER=y |
25 |
>> CONFIG_CRYPTO_MANAGER2=y |
26 |
>> CONFIG_CRYPTO_USER=m |
27 |
>> # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set |
28 |
>> CONFIG_CRYPTO_GF128MUL=m |
29 |
>> CONFIG_CRYPTO_NULL=m |
30 |
>> CONFIG_CRYPTO_PCRYPT=m |
31 |
>> CONFIG_CRYPTO_WORKQUEUE=y |
32 |
>> CONFIG_CRYPTO_CRYPTD=m |
33 |
>> CONFIG_CRYPTO_MCRYPTD=m |
34 |
>> CONFIG_CRYPTO_AUTHENC=m |
35 |
>> CONFIG_CRYPTO_TEST=m |
36 |
>> CONFIG_CRYPTO_ABLK_HELPER=m |
37 |
>> CONFIG_CRYPTO_GLUE_HELPER_X86=m |
38 |
>> CONFIG_CRYPTO_CCM=m |
39 |
>> CONFIG_CRYPTO_GCM=m |
40 |
>> CONFIG_CRYPTO_SEQIV=m |
41 |
>> CONFIG_CRYPTO_CBC=y |
42 |
>> CONFIG_CRYPTO_CTR=m |
43 |
>> CONFIG_CRYPTO_CTS=m |
44 |
>> CONFIG_CRYPTO_ECB=m |
45 |
>> CONFIG_CRYPTO_LRW=m |
46 |
>> CONFIG_CRYPTO_PCBC=m |
47 |
>> CONFIG_CRYPTO_XTS=m |
48 |
>> CONFIG_CRYPTO_CMAC=m |
49 |
>> CONFIG_CRYPTO_HMAC=m |
50 |
>> CONFIG_CRYPTO_XCBC=m |
51 |
>> CONFIG_CRYPTO_VMAC=m |
52 |
>> CONFIG_CRYPTO_CRC32C=y |
53 |
>> CONFIG_CRYPTO_CRC32C_INTEL=m |
54 |
>> CONFIG_CRYPTO_CRC32=m |
55 |
>> CONFIG_CRYPTO_CRC32_PCLMUL=m |
56 |
>> CONFIG_CRYPTO_CRCT10DIF=y |
57 |
>> CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m |
58 |
>> CONFIG_CRYPTO_GHASH=m |
59 |
>> CONFIG_CRYPTO_MD4=m |
60 |
>> CONFIG_CRYPTO_MD5=y |
61 |
>> CONFIG_CRYPTO_MICHAEL_MIC=m |
62 |
>> CONFIG_CRYPTO_RMD128=m |
63 |
>> CONFIG_CRYPTO_RMD160=m |
64 |
>> CONFIG_CRYPTO_RMD256=m |
65 |
>> CONFIG_CRYPTO_RMD320=m |
66 |
>> CONFIG_CRYPTO_SHA1=m |
67 |
>> CONFIG_CRYPTO_SHA1_SSSE3=m |
68 |
>> CONFIG_CRYPTO_SHA256_SSSE3=m |
69 |
>> CONFIG_CRYPTO_SHA512_SSSE3=m |
70 |
>> CONFIG_CRYPTO_SHA1_MB=m |
71 |
>> CONFIG_CRYPTO_SHA256=m |
72 |
>> CONFIG_CRYPTO_SHA512=m |
73 |
>> CONFIG_CRYPTO_TGR192=m |
74 |
>> CONFIG_CRYPTO_WP512=m |
75 |
>> CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m |
76 |
>> CONFIG_CRYPTO_AES=y |
77 |
>> CONFIG_CRYPTO_AES_X86_64=m |
78 |
>> CONFIG_CRYPTO_AES_NI_INTEL=m |
79 |
>> CONFIG_CRYPTO_ANUBIS=m |
80 |
>> CONFIG_CRYPTO_ARC4=m |
81 |
>> CONFIG_CRYPTO_BLOWFISH=m |
82 |
>> CONFIG_CRYPTO_BLOWFISH_COMMON=m |
83 |
>> CONFIG_CRYPTO_BLOWFISH_X86_64=m |
84 |
>> CONFIG_CRYPTO_CAMELLIA=m |
85 |
>> CONFIG_CRYPTO_CAMELLIA_X86_64=m |
86 |
>> CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m |
87 |
>> CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m |
88 |
>> CONFIG_CRYPTO_CAST_COMMON=m |
89 |
>> CONFIG_CRYPTO_CAST5=m |
90 |
>> CONFIG_CRYPTO_CAST5_AVX_X86_64=m |
91 |
>> CONFIG_CRYPTO_CAST6=m |
92 |
>> CONFIG_CRYPTO_CAST6_AVX_X86_64=m |
93 |
>> CONFIG_CRYPTO_DES=m |
94 |
>> CONFIG_CRYPTO_DES3_EDE_X86_64=m |
95 |
>> CONFIG_CRYPTO_FCRYPT=m |
96 |
>> CONFIG_CRYPTO_KHAZAD=m |
97 |
>> CONFIG_CRYPTO_SALSA20=m |
98 |
>> CONFIG_CRYPTO_SALSA20_X86_64=m |
99 |
>> CONFIG_CRYPTO_SEED=m |
100 |
>> CONFIG_CRYPTO_SERPENT=m |
101 |
>> CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m |
102 |
>> CONFIG_CRYPTO_SERPENT_AVX_X86_64=m |
103 |
>> CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m |
104 |
>> CONFIG_CRYPTO_TEA=m |
105 |
>> CONFIG_CRYPTO_TWOFISH=m |
106 |
>> CONFIG_CRYPTO_TWOFISH_COMMON=m |
107 |
>> CONFIG_CRYPTO_TWOFISH_X86_64=m |
108 |
>> CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m |
109 |
>> CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m |
110 |
>> CONFIG_CRYPTO_DEFLATE=m |
111 |
>> CONFIG_CRYPTO_ZLIB=m |
112 |
>> CONFIG_CRYPTO_LZO=m |
113 |
>> CONFIG_CRYPTO_LZ4=m |
114 |
>> CONFIG_CRYPTO_LZ4HC=m |
115 |
>> CONFIG_CRYPTO_ANSI_CPRNG=m |
116 |
>> CONFIG_CRYPTO_DRBG_MENU=m |
117 |
>> CONFIG_CRYPTO_DRBG_HMAC=y |
118 |
>> # CONFIG_CRYPTO_DRBG_HASH is not set |
119 |
>> # CONFIG_CRYPTO_DRBG_CTR is not set |
120 |
>> CONFIG_CRYPTO_DRBG=m |
121 |
>> CONFIG_CRYPTO_USER_API=m |
122 |
>> CONFIG_CRYPTO_USER_API_HASH=m |
123 |
>> CONFIG_CRYPTO_USER_API_SKCIPHER=m |
124 |
>> CONFIG_CRYPTO_HASH_INFO=y |
125 |
>> # CONFIG_CRYPTO_HW is not set |
126 |
>> |
127 |
>> |
128 |
>> but when i try to use cryptsetup i get this: |
129 |
>> |
130 |
>> # cryptsetup -c aes-xts:plain64 -y -s 256 luksFormat |
131 |
>> /dev/mapper/VolGroup01-media2 |
132 |
>> |
133 |
>> WARNING! |
134 |
>> ======== |
135 |
>> This will overwrite data on /dev/mapper/VolGroup01-media2 irrevocably. |
136 |
>> # cryptsetup -c aes-xts:plain64 -y -s 512 luksFormat |
137 |
>> /dev/mapper/VolGroup01-media2 |
138 |
|
139 |
WARNING! |
140 |
======== |
141 |
This will overwrite data on /dev/mapper/VolGroup01-media2 irrevocably. |
142 |
|
143 |
Are you sure? (Type uppercase yes): YES |
144 |
Enter passphrase: |
145 |
Verify passphrase: |
146 |
device-mapper: reload ioctl on failed: Invalid argument |
147 |
Failed to setup dm-crypt key mapping for device |
148 |
/dev/mapper/VolGroup01-media2. |
149 |
Check that kernel supports aes-xts:plain64 cipher (check syslog for more |
150 |
info). |
151 |
>> Are you sure? (Type uppercase yes): YES |
152 |
>> Enter passphrase: |
153 |
>> Verify passphrase: |
154 |
>> device-mapper: reload ioctl on failed: Invalid argument |
155 |
>> Failed to setup dm-crypt key mapping for device |
156 |
>> /dev/mapper/VolGroup01-media2. |
157 |
>> Check that kernel supports aes-xts:plain64 cipher (check syslog for |
158 |
>> more |
159 |
>> info). |
160 |
>> |
161 |
>> |
162 |
>> |
163 |
>> Any ideas? |
164 |
>> |
165 |
>> i built cryptsetup with this useflags: |
166 |
>> |
167 |
>> nls openssl python udev urandom |
168 |
>> |
169 |
>> |
170 |
>> |
171 |
>> cryptsetup --help shows me i am able to use the options |
172 |
>> |
173 |
>> Default compiled-in device cipher parameters: |
174 |
>> loop-AES: aes, Key 256 bits |
175 |
>> plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: |
176 |
>> ripemd160 |
177 |
>> LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: |
178 |
>> sha1, RNG: /dev/random |
179 |
>> |
180 |
>> |
181 |
>> any help / ideas or knowledge welcome. |
182 |
>> |
183 |
>> best regards |
184 |
>> |
185 |
>> marko |
186 |
> |
187 |
> That message is incorrectly shown if something's wrong with the way you |
188 |
> specified the cipher and key size. It threw me off for a while too. |
189 |
> This is what |
190 |
> I ended up using: |
191 |
> |
192 |
> cryptsetup -i 30000 -c twofish-xts-essiv:sha256 -s 512 -h sha512 |
193 |
> luksFormat |
194 |
> file.img |
195 |
> |
196 |
> I don't remember where I was getting it wrong, I think I was using -s |
197 |
> 256 but |
198 |
> xts uses half the key for every other block so the key needs to be |
199 |
> twice the |
200 |
> size. I found a site with a table that list what you can use with which |
201 |
> options but unfortunately I can't find it now. So try using -s 512 |
202 |
> (since |
203 |
> cryptsetup is telling you that you can use a 256 bit key). |
204 |
|
205 |
also with keysize 512 i get: |
206 |
|
207 |
# cryptsetup -c aes-xts:plain64 -y -s 512 luksFormat |
208 |
/dev/mapper/VolGroup01-media2 |
209 |
|
210 |
WARNING! |
211 |
======== |
212 |
This will overwrite data on /dev/mapper/VolGroup01-media2 irrevocably. |
213 |
|
214 |
Are you sure? (Type uppercase yes): YES |
215 |
Enter passphrase: |
216 |
Verify passphrase: |
217 |
device-mapper: reload ioctl on failed: Invalid argument |
218 |
Failed to setup dm-crypt key mapping for device |
219 |
/dev/mapper/VolGroup01-media2. |
220 |
Check that kernel supports aes-xts:plain64 cipher (check syslog for more |
221 |
info). |
222 |
|
223 |
|
224 |
NOW; i have all crypto thingies in Kernel and not as modules. |
225 |
Still not working |