On Saturday, April 18, 2015 12:27:15 PM Marko Weber | 8000 wrote: > > hello list, > > i try to crypt a partition with cryptsetup. > Yes, in Kernel i had all need things i think. > > CONFIG_CRYPTO=y > CONFIG_CRYPTO_ALGAPI=y > CONFIG_CRYPTO_ALGAPI2=y > CONFIG_CRYPTO_AEAD=m > CONFIG_CRYPTO_AEAD2=y > CONFIG_CRYPTO_BLKCIPHER=y > CONFIG_CRYPTO_BLKCIPHER2=y > CONFIG_CRYPTO_HASH=y > CONFIG_CRYPTO_HASH2=y > CONFIG_CRYPTO_RNG=m > CONFIG_CRYPTO_RNG2=y > CONFIG_CRYPTO_PCOMP=m > CONFIG_CRYPTO_PCOMP2=y > CONFIG_CRYPTO_MANAGER=y > CONFIG_CRYPTO_MANAGER2=y > CONFIG_CRYPTO_USER=m > # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set > CONFIG_CRYPTO_GF128MUL=m > CONFIG_CRYPTO_NULL=m > CONFIG_CRYPTO_PCRYPT=m > CONFIG_CRYPTO_WORKQUEUE=y > CONFIG_CRYPTO_CRYPTD=m > CONFIG_CRYPTO_MCRYPTD=m > CONFIG_CRYPTO_AUTHENC=m > CONFIG_CRYPTO_TEST=m > CONFIG_CRYPTO_ABLK_HELPER=m > CONFIG_CRYPTO_GLUE_HELPER_X86=m > CONFIG_CRYPTO_CCM=m > CONFIG_CRYPTO_GCM=m > CONFIG_CRYPTO_SEQIV=m > CONFIG_CRYPTO_CBC=y > CONFIG_CRYPTO_CTR=m > CONFIG_CRYPTO_CTS=m > CONFIG_CRYPTO_ECB=m > CONFIG_CRYPTO_LRW=m > CONFIG_CRYPTO_PCBC=m > CONFIG_CRYPTO_XTS=m > CONFIG_CRYPTO_CMAC=m > CONFIG_CRYPTO_HMAC=m > CONFIG_CRYPTO_XCBC=m > CONFIG_CRYPTO_VMAC=m > CONFIG_CRYPTO_CRC32C=y > CONFIG_CRYPTO_CRC32C_INTEL=m > CONFIG_CRYPTO_CRC32=m > CONFIG_CRYPTO_CRC32_PCLMUL=m > CONFIG_CRYPTO_CRCT10DIF=y > CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m > CONFIG_CRYPTO_GHASH=m > CONFIG_CRYPTO_MD4=m > CONFIG_CRYPTO_MD5=y > CONFIG_CRYPTO_MICHAEL_MIC=m > CONFIG_CRYPTO_RMD128=m > CONFIG_CRYPTO_RMD160=m > CONFIG_CRYPTO_RMD256=m > CONFIG_CRYPTO_RMD320=m > CONFIG_CRYPTO_SHA1=m > CONFIG_CRYPTO_SHA1_SSSE3=m > CONFIG_CRYPTO_SHA256_SSSE3=m > CONFIG_CRYPTO_SHA512_SSSE3=m > CONFIG_CRYPTO_SHA1_MB=m > CONFIG_CRYPTO_SHA256=m > CONFIG_CRYPTO_SHA512=m > CONFIG_CRYPTO_TGR192=m > CONFIG_CRYPTO_WP512=m > CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m > CONFIG_CRYPTO_AES=y > CONFIG_CRYPTO_AES_X86_64=m > CONFIG_CRYPTO_AES_NI_INTEL=m > CONFIG_CRYPTO_ANUBIS=m > CONFIG_CRYPTO_ARC4=m > CONFIG_CRYPTO_BLOWFISH=m > CONFIG_CRYPTO_BLOWFISH_COMMON=m > CONFIG_CRYPTO_BLOWFISH_X86_64=m > CONFIG_CRYPTO_CAMELLIA=m > CONFIG_CRYPTO_CAMELLIA_X86_64=m > CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m > CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m > CONFIG_CRYPTO_CAST_COMMON=m > CONFIG_CRYPTO_CAST5=m > CONFIG_CRYPTO_CAST5_AVX_X86_64=m > CONFIG_CRYPTO_CAST6=m > CONFIG_CRYPTO_CAST6_AVX_X86_64=m > CONFIG_CRYPTO_DES=m > CONFIG_CRYPTO_DES3_EDE_X86_64=m > CONFIG_CRYPTO_FCRYPT=m > CONFIG_CRYPTO_KHAZAD=m > CONFIG_CRYPTO_SALSA20=m > CONFIG_CRYPTO_SALSA20_X86_64=m > CONFIG_CRYPTO_SEED=m > CONFIG_CRYPTO_SERPENT=m > CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m > CONFIG_CRYPTO_SERPENT_AVX_X86_64=m > CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m > CONFIG_CRYPTO_TEA=m > CONFIG_CRYPTO_TWOFISH=m > CONFIG_CRYPTO_TWOFISH_COMMON=m > CONFIG_CRYPTO_TWOFISH_X86_64=m > CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m > CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m > CONFIG_CRYPTO_DEFLATE=m > CONFIG_CRYPTO_ZLIB=m > CONFIG_CRYPTO_LZO=m > CONFIG_CRYPTO_LZ4=m > CONFIG_CRYPTO_LZ4HC=m > CONFIG_CRYPTO_ANSI_CPRNG=m > CONFIG_CRYPTO_DRBG_MENU=m > CONFIG_CRYPTO_DRBG_HMAC=y > # CONFIG_CRYPTO_DRBG_HASH is not set > # CONFIG_CRYPTO_DRBG_CTR is not set > CONFIG_CRYPTO_DRBG=m > CONFIG_CRYPTO_USER_API=m > CONFIG_CRYPTO_USER_API_HASH=m > CONFIG_CRYPTO_USER_API_SKCIPHER=m > CONFIG_CRYPTO_HASH_INFO=y > # CONFIG_CRYPTO_HW is not set > > > but when i try to use cryptsetup i get this: > > # cryptsetup -c aes-xts:plain64 -y -s 256 luksFormat > /dev/mapper/VolGroup01-media2 > > WARNING! > ======== > This will overwrite data on /dev/mapper/VolGroup01-media2 irrevocably. > > Are you sure? (Type uppercase yes): YES > Enter passphrase: > Verify passphrase: > device-mapper: reload ioctl on failed: Invalid argument > Failed to setup dm-crypt key mapping for device > /dev/mapper/VolGroup01-media2. > Check that kernel supports aes-xts:plain64 cipher (check syslog for more > info). > > > > Any ideas? > > i built cryptsetup with this useflags: > > nls openssl python udev urandom > > > > cryptsetup --help shows me i am able to use the options > > Default compiled-in device cipher parameters: > loop-AES: aes, Key 256 bits > plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: > ripemd160 > LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: > sha1, RNG: /dev/random > > > any help / ideas or knowledge welcome. > > best regards > > marko
That message is incorrectly shown if something's wrong with the way you specified the cipher and key size. It threw me off for a while too. This is what I ended up using: cryptsetup -i 30000 -c twofish-xts-essiv:sha256 -s 512 -h sha512 luksFormat file.img I don't remember where I was getting it wrong, I think I was using -s 256 but xts uses half the key for every other block so the key needs to be twice the size. I found a site with a table that list what you can use with which options but unfortunately I can't find it now. So try using -s 512 (since cryptsetup is telling you that you can use a 256 bit key). -- Fernando Rodriguez
