On Saturday, April 18, 2015 9:35:27 PM Fernando Rodriguez wrote: > On Saturday, April 18, 2015 12:27:15 PM Marko Weber | 8000 wrote: > > > > hello list, > > > > i try to crypt a partition with cryptsetup. > > Yes, in Kernel i had all need things i think. > > > > CONFIG_CRYPTO=y > > CONFIG_CRYPTO_ALGAPI=y > > CONFIG_CRYPTO_ALGAPI2=y > > CONFIG_CRYPTO_AEAD=m > > CONFIG_CRYPTO_AEAD2=y > > CONFIG_CRYPTO_BLKCIPHER=y > > CONFIG_CRYPTO_BLKCIPHER2=y > > CONFIG_CRYPTO_HASH=y > > CONFIG_CRYPTO_HASH2=y > > CONFIG_CRYPTO_RNG=m > > CONFIG_CRYPTO_RNG2=y > > CONFIG_CRYPTO_PCOMP=m > > CONFIG_CRYPTO_PCOMP2=y > > CONFIG_CRYPTO_MANAGER=y > > CONFIG_CRYPTO_MANAGER2=y > > CONFIG_CRYPTO_USER=m > > # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set > > CONFIG_CRYPTO_GF128MUL=m > > CONFIG_CRYPTO_NULL=m > > CONFIG_CRYPTO_PCRYPT=m > > CONFIG_CRYPTO_WORKQUEUE=y > > CONFIG_CRYPTO_CRYPTD=m > > CONFIG_CRYPTO_MCRYPTD=m > > CONFIG_CRYPTO_AUTHENC=m > > CONFIG_CRYPTO_TEST=m > > CONFIG_CRYPTO_ABLK_HELPER=m > > CONFIG_CRYPTO_GLUE_HELPER_X86=m > > CONFIG_CRYPTO_CCM=m > > CONFIG_CRYPTO_GCM=m > > CONFIG_CRYPTO_SEQIV=m > > CONFIG_CRYPTO_CBC=y > > CONFIG_CRYPTO_CTR=m > > CONFIG_CRYPTO_CTS=m > > CONFIG_CRYPTO_ECB=m > > CONFIG_CRYPTO_LRW=m > > CONFIG_CRYPTO_PCBC=m > > CONFIG_CRYPTO_XTS=m > > CONFIG_CRYPTO_CMAC=m > > CONFIG_CRYPTO_HMAC=m > > CONFIG_CRYPTO_XCBC=m > > CONFIG_CRYPTO_VMAC=m > > CONFIG_CRYPTO_CRC32C=y > > CONFIG_CRYPTO_CRC32C_INTEL=m > > CONFIG_CRYPTO_CRC32=m > > CONFIG_CRYPTO_CRC32_PCLMUL=m > > CONFIG_CRYPTO_CRCT10DIF=y > > CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m > > CONFIG_CRYPTO_GHASH=m > > CONFIG_CRYPTO_MD4=m > > CONFIG_CRYPTO_MD5=y > > CONFIG_CRYPTO_MICHAEL_MIC=m > > CONFIG_CRYPTO_RMD128=m > > CONFIG_CRYPTO_RMD160=m > > CONFIG_CRYPTO_RMD256=m > > CONFIG_CRYPTO_RMD320=m > > CONFIG_CRYPTO_SHA1=m > > CONFIG_CRYPTO_SHA1_SSSE3=m > > CONFIG_CRYPTO_SHA256_SSSE3=m > > CONFIG_CRYPTO_SHA512_SSSE3=m > > CONFIG_CRYPTO_SHA1_MB=m > > CONFIG_CRYPTO_SHA256=m > > CONFIG_CRYPTO_SHA512=m > > CONFIG_CRYPTO_TGR192=m > > CONFIG_CRYPTO_WP512=m > > CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m > > CONFIG_CRYPTO_AES=y > > CONFIG_CRYPTO_AES_X86_64=m > > CONFIG_CRYPTO_AES_NI_INTEL=m > > CONFIG_CRYPTO_ANUBIS=m > > CONFIG_CRYPTO_ARC4=m > > CONFIG_CRYPTO_BLOWFISH=m > > CONFIG_CRYPTO_BLOWFISH_COMMON=m > > CONFIG_CRYPTO_BLOWFISH_X86_64=m > > CONFIG_CRYPTO_CAMELLIA=m > > CONFIG_CRYPTO_CAMELLIA_X86_64=m > > CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m > > CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m > > CONFIG_CRYPTO_CAST_COMMON=m > > CONFIG_CRYPTO_CAST5=m > > CONFIG_CRYPTO_CAST5_AVX_X86_64=m > > CONFIG_CRYPTO_CAST6=m > > CONFIG_CRYPTO_CAST6_AVX_X86_64=m > > CONFIG_CRYPTO_DES=m > > CONFIG_CRYPTO_DES3_EDE_X86_64=m > > CONFIG_CRYPTO_FCRYPT=m > > CONFIG_CRYPTO_KHAZAD=m > > CONFIG_CRYPTO_SALSA20=m > > CONFIG_CRYPTO_SALSA20_X86_64=m > > CONFIG_CRYPTO_SEED=m > > CONFIG_CRYPTO_SERPENT=m > > CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m > > CONFIG_CRYPTO_SERPENT_AVX_X86_64=m > > CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m > > CONFIG_CRYPTO_TEA=m > > CONFIG_CRYPTO_TWOFISH=m > > CONFIG_CRYPTO_TWOFISH_COMMON=m > > CONFIG_CRYPTO_TWOFISH_X86_64=m > > CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m > > CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m > > CONFIG_CRYPTO_DEFLATE=m > > CONFIG_CRYPTO_ZLIB=m > > CONFIG_CRYPTO_LZO=m > > CONFIG_CRYPTO_LZ4=m > > CONFIG_CRYPTO_LZ4HC=m > > CONFIG_CRYPTO_ANSI_CPRNG=m > > CONFIG_CRYPTO_DRBG_MENU=m > > CONFIG_CRYPTO_DRBG_HMAC=y > > # CONFIG_CRYPTO_DRBG_HASH is not set > > # CONFIG_CRYPTO_DRBG_CTR is not set > > CONFIG_CRYPTO_DRBG=m > > CONFIG_CRYPTO_USER_API=m > > CONFIG_CRYPTO_USER_API_HASH=m > > CONFIG_CRYPTO_USER_API_SKCIPHER=m > > CONFIG_CRYPTO_HASH_INFO=y > > # CONFIG_CRYPTO_HW is not set > > > > > > but when i try to use cryptsetup i get this: > > > > # cryptsetup -c aes-xts:plain64 -y -s 256 luksFormat > > /dev/mapper/VolGroup01-media2 > > > > WARNING! > > ======== > > This will overwrite data on /dev/mapper/VolGroup01-media2 irrevocably. > > > > Are you sure? (Type uppercase yes): YES > > Enter passphrase: > > Verify passphrase: > > device-mapper: reload ioctl on failed: Invalid argument > > Failed to setup dm-crypt key mapping for device > > /dev/mapper/VolGroup01-media2. > > Check that kernel supports aes-xts:plain64 cipher (check syslog for more > > info). > > > > > > > > Any ideas? > > > > i built cryptsetup with this useflags: > > > > nls openssl python udev urandom > > > > > > > > cryptsetup --help shows me i am able to use the options > > > > Default compiled-in device cipher parameters: > > loop-AES: aes, Key 256 bits > > plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: > > ripemd160 > > LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: > > sha1, RNG: /dev/random > > > > > > any help / ideas or knowledge welcome. > > > > best regards > > > > marko > > That message is incorrectly shown if something's wrong with the way you > specified the cipher and key size. It threw me off for a while too. This is what > I ended up using: > > cryptsetup -i 30000 -c twofish-xts-essiv:sha256 -s 512 -h sha512 luksFormat > file.img > > I don't remember where I was getting it wrong, I think I was using -s 256 but > xts uses half the key for every other block so the key needs to be twice the > size. I found a site with a table that list what you can use with which > options but unfortunately I can't find it now. So try using -s 512 (since > cryptsetup is telling you that you can use a 256 bit key).
btw. it's not telling you that you can use those. It's telling you that those are the compiled-in defaults (what it will select for you if you don't specify anything). It shows the same for me and I'm not using either. -- Fernando Rodriguez
