From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-163792-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id A7DBF138A6C
	for <garchives@archives.gentoo.org>; Sun, 19 Apr 2015 01:36:59 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 72EE4E0972;
	Sun, 19 Apr 2015 01:36:52 +0000 (UTC)
Received: from cdptpa-oedge-vip.email.rr.com (cdptpa-outbound-snat.email.rr.com [107.14.166.226])
	by pigeon.gentoo.org (Postfix) with ESMTP id 33208E0965
	for <gentoo-user@lists.gentoo.org>; Sun, 19 Apr 2015 01:36:51 +0000 (UTC)
Received: from [142.196.200.180] ([142.196.200.180:43843] helo=navi.localnet)
	by cdptpa-oedge01 (envelope-from <frodriguez.developer@outlook.com>)
	(ecelerity 3.5.0.35861 r(Momo-dev:tip)) with ESMTP
	id C1/B6-05805-2B603355; Sun, 19 Apr 2015 01:36:50 +0000
From: Fernando Rodriguez <frodriguez.developer@outlook.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] cryptsetup wont use aes-xts:plain64
Date: Sat, 18 Apr 2015 21:35:27 -0400
Message-ID: <1747465.EH4NcqrpOD@navi>
User-Agent: KMail/4.14.3 (Linux/3.19.3; KDE/4.14.3; x86_64; ; )
In-Reply-To: <a120b9c08f9b974c0e4f931e075a20e8@zbfmail.de>
References: <a120b9c08f9b974c0e4f931e075a20e8@zbfmail.de>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
X-RR-Connecting-IP: 107.14.168.118:25
X-Cloudmark-Score: 0
X-Archives-Salt: 3c862c62-4b83-4e7a-a079-a94d6d2558bb
X-Archives-Hash: 9af925f02f288686983351728f244489

On Saturday, April 18, 2015 12:27:15 PM Marko Weber | 8000 wrote:
> 
> hello list,
> 
> i try to crypt a partition with cryptsetup.
> Yes, in Kernel i had all need things i think.
> 
> CONFIG_CRYPTO=y
> CONFIG_CRYPTO_ALGAPI=y
> CONFIG_CRYPTO_ALGAPI2=y
> CONFIG_CRYPTO_AEAD=m
> CONFIG_CRYPTO_AEAD2=y
> CONFIG_CRYPTO_BLKCIPHER=y
> CONFIG_CRYPTO_BLKCIPHER2=y
> CONFIG_CRYPTO_HASH=y
> CONFIG_CRYPTO_HASH2=y
> CONFIG_CRYPTO_RNG=m
> CONFIG_CRYPTO_RNG2=y
> CONFIG_CRYPTO_PCOMP=m
> CONFIG_CRYPTO_PCOMP2=y
> CONFIG_CRYPTO_MANAGER=y
> CONFIG_CRYPTO_MANAGER2=y
> CONFIG_CRYPTO_USER=m
> # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
> CONFIG_CRYPTO_GF128MUL=m
> CONFIG_CRYPTO_NULL=m
> CONFIG_CRYPTO_PCRYPT=m
> CONFIG_CRYPTO_WORKQUEUE=y
> CONFIG_CRYPTO_CRYPTD=m
> CONFIG_CRYPTO_MCRYPTD=m
> CONFIG_CRYPTO_AUTHENC=m
> CONFIG_CRYPTO_TEST=m
> CONFIG_CRYPTO_ABLK_HELPER=m
> CONFIG_CRYPTO_GLUE_HELPER_X86=m
> CONFIG_CRYPTO_CCM=m
> CONFIG_CRYPTO_GCM=m
> CONFIG_CRYPTO_SEQIV=m
> CONFIG_CRYPTO_CBC=y
> CONFIG_CRYPTO_CTR=m
> CONFIG_CRYPTO_CTS=m
> CONFIG_CRYPTO_ECB=m
> CONFIG_CRYPTO_LRW=m
> CONFIG_CRYPTO_PCBC=m
> CONFIG_CRYPTO_XTS=m
> CONFIG_CRYPTO_CMAC=m
> CONFIG_CRYPTO_HMAC=m
> CONFIG_CRYPTO_XCBC=m
> CONFIG_CRYPTO_VMAC=m
> CONFIG_CRYPTO_CRC32C=y
> CONFIG_CRYPTO_CRC32C_INTEL=m
> CONFIG_CRYPTO_CRC32=m
> CONFIG_CRYPTO_CRC32_PCLMUL=m
> CONFIG_CRYPTO_CRCT10DIF=y
> CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
> CONFIG_CRYPTO_GHASH=m
> CONFIG_CRYPTO_MD4=m
> CONFIG_CRYPTO_MD5=y
> CONFIG_CRYPTO_MICHAEL_MIC=m
> CONFIG_CRYPTO_RMD128=m
> CONFIG_CRYPTO_RMD160=m
> CONFIG_CRYPTO_RMD256=m
> CONFIG_CRYPTO_RMD320=m
> CONFIG_CRYPTO_SHA1=m
> CONFIG_CRYPTO_SHA1_SSSE3=m
> CONFIG_CRYPTO_SHA256_SSSE3=m
> CONFIG_CRYPTO_SHA512_SSSE3=m
> CONFIG_CRYPTO_SHA1_MB=m
> CONFIG_CRYPTO_SHA256=m
> CONFIG_CRYPTO_SHA512=m
> CONFIG_CRYPTO_TGR192=m
> CONFIG_CRYPTO_WP512=m
> CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
> CONFIG_CRYPTO_AES=y
> CONFIG_CRYPTO_AES_X86_64=m
> CONFIG_CRYPTO_AES_NI_INTEL=m
> CONFIG_CRYPTO_ANUBIS=m
> CONFIG_CRYPTO_ARC4=m
> CONFIG_CRYPTO_BLOWFISH=m
> CONFIG_CRYPTO_BLOWFISH_COMMON=m
> CONFIG_CRYPTO_BLOWFISH_X86_64=m
> CONFIG_CRYPTO_CAMELLIA=m
> CONFIG_CRYPTO_CAMELLIA_X86_64=m
> CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m
> CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m
> CONFIG_CRYPTO_CAST_COMMON=m
> CONFIG_CRYPTO_CAST5=m
> CONFIG_CRYPTO_CAST5_AVX_X86_64=m
> CONFIG_CRYPTO_CAST6=m
> CONFIG_CRYPTO_CAST6_AVX_X86_64=m
> CONFIG_CRYPTO_DES=m
> CONFIG_CRYPTO_DES3_EDE_X86_64=m
> CONFIG_CRYPTO_FCRYPT=m
> CONFIG_CRYPTO_KHAZAD=m
> CONFIG_CRYPTO_SALSA20=m
> CONFIG_CRYPTO_SALSA20_X86_64=m
> CONFIG_CRYPTO_SEED=m
> CONFIG_CRYPTO_SERPENT=m
> CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m
> CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
> CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
> CONFIG_CRYPTO_TEA=m
> CONFIG_CRYPTO_TWOFISH=m
> CONFIG_CRYPTO_TWOFISH_COMMON=m
> CONFIG_CRYPTO_TWOFISH_X86_64=m
> CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m
> CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
> CONFIG_CRYPTO_DEFLATE=m
> CONFIG_CRYPTO_ZLIB=m
> CONFIG_CRYPTO_LZO=m
> CONFIG_CRYPTO_LZ4=m
> CONFIG_CRYPTO_LZ4HC=m
> CONFIG_CRYPTO_ANSI_CPRNG=m
> CONFIG_CRYPTO_DRBG_MENU=m
> CONFIG_CRYPTO_DRBG_HMAC=y
> # CONFIG_CRYPTO_DRBG_HASH is not set
> # CONFIG_CRYPTO_DRBG_CTR is not set
> CONFIG_CRYPTO_DRBG=m
> CONFIG_CRYPTO_USER_API=m
> CONFIG_CRYPTO_USER_API_HASH=m
> CONFIG_CRYPTO_USER_API_SKCIPHER=m
> CONFIG_CRYPTO_HASH_INFO=y
> # CONFIG_CRYPTO_HW is not set
> 
> 
> but when i try to use cryptsetup i get this:
> 
> # cryptsetup -c aes-xts:plain64 -y -s 256 luksFormat 
> /dev/mapper/VolGroup01-media2
> 
> WARNING!
> ========
> This will overwrite data on /dev/mapper/VolGroup01-media2 irrevocably.
> 
> Are you sure? (Type uppercase yes): YES
> Enter passphrase:
> Verify passphrase:
> device-mapper: reload ioctl on  failed: Invalid argument
> Failed to setup dm-crypt key mapping for device 
> /dev/mapper/VolGroup01-media2.
> Check that kernel supports aes-xts:plain64 cipher (check syslog for more 
> info).
> 
> 
> 
> Any ideas?
> 
> i built cryptsetup with this useflags:
> 
> nls openssl python udev urandom
> 
> 
> 
> cryptsetup --help shows me i am able to use the options
> 
> Default compiled-in device cipher parameters:
>          loop-AES: aes, Key 256 bits
>          plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: 
> ripemd160
>          LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: 
> sha1, RNG: /dev/random
> 
> 
> any help / ideas or knowledge welcome.
> 
> best regards
> 
> marko

That message is incorrectly shown if something's wrong with the way you 
specified the cipher and key size. It threw me off for a while too. This is what 
I ended up using:

cryptsetup -i 30000 -c twofish-xts-essiv:sha256 -s 512 -h sha512 luksFormat 
file.img

I don't remember where I was getting it wrong, I think I was using -s 256 but 
xts uses half the key for every other block so the key needs to be twice the 
size. I found a site with a table that list what you can use with which 
options but unfortunately I can't find it now. So try using -s 512 (since 
cryptsetup is telling you that you can use a 256 bit key).


-- 
Fernando Rodriguez