[4.0] cryptsetup fails

[4.0] cryptsetup fails

[Thomas Meyer]

Hi,

I wanted to give the new kernel a try, but the cryptsetup fails with:
[    8.747114] localhost.localdomain systemd-cryptsetup[280]: Set cipher aes, mode xts-plain64, key size 256 bits for device /dev/disk/[...]
[    9.265258] localhost.localdomain kernel: device-mapper: table: 254:0: crypt: Error allocating crypto tfm
[    9.265265] localhost.localdomain kernel: device-mapper: ioctl: error adding target to table
[    9.280993] localhost.localdomain systemd-cryptsetup[280]: Failed to activate: Input/output error

the error seems to get produced in drivers/md/dm-crypt.c:

5ebaee6d2       (Milan Broz     2010-08-12 04:14:07 +0100       1619)   /* Allocate cipher */
fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1620)   ret = crypt_alloc_tfms(cc, cipher_api);
fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1621)   if (ret < 0) {
fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1622)           ti->error = "Error allocating crypto tfm";
fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1623)           goto bad;

$ grep AES /boot/config-4.0.0-rc1-23421-g023a600 
# CONFIG_SND_MAESTRO3 is not set
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES_X86_64=m
CONFIG_CRYPTO_AES_NI_INTEL=m
CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m
CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m

any ideas what did change here? what am i missing?

with kind regards
thomas

re: [4.0] cryptsetup fails

[McCaffrey, Timothy M]

>Subject:    [4.0] cryptsetup fails
>From:       Thomas Meyer <thomas () m3y3r ! de>
>Date:       2015-03-04 12:12:47
>Hi,

>I wanted to give the new kernel a try, but the cryptsetup fails with:
>[    8.747114] localhost.localdomain systemd-cryptsetup[280]: Set cipher aes, mode xts-plain64, key size 256 bits for device /dev/disk/[...]
>[    9.265258] localhost.localdomain kernel: device-mapper: table: 254:0: crypt: Error allocating crypto tfm
>[    9.265265] localhost.localdomain kernel: device-mapper: ioctl: error adding target to table
>[    9.280993] localhost.localdomain systemd-cryptsetup[280]: Failed to activate: Input/output error

>the error seems to get produced in drivers/md/dm-crypt.c:

>5ebaee6d2       (Milan Broz     2010-08-12 04:14:07 +0100       1619)   /* Allocate cipher */
>fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1620)   ret = crypt_alloc_tfms(cc, cipher_api);
>fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1621)   if (ret < 0) {
>fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1622)           ti->error = "Error allocating crypto tfm";
>fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1623)           goto bad;

>$ grep AES /boot/config-4.0.0-rc1-23421-g023a600 
># CONFIG_SND_MAESTRO3 is not set
>CONFIG_CRYPTO_AES=y
>CONFIG_CRYPTO_AES_X86_64=m
>CONFIG_CRYPTO_AES_NI_INTEL=m
>CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m
>CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m

>any ideas what did change here? what am i missing?

>with kind regards
>thomas

I submitted a patch to the crypto mailing list that fixed the AESNI module so it handles 256 bit keys 
properly, I am not sure it was included on the 4.0 kernel (it was submitted for the 3.20 kernel).

Previously, if you specified a 256 bit key, it would set the key properly, but the AESNI (both SSE & AVX versions)
module would only do 10 rounds (instead of 14 like it is supposed to).  

You would get the same failure as above if you didn't load the AESNI module with an older kernel.

You may need to decrypt your disk with an older kernel, then re-encrypt it.

	- Tim