* [dm-crypt] What am I missing for aes-cbc-plain
@ 2011-05-17 14:21 Jan Willies
2011-05-17 14:39 ` Milan Broz
0 siblings, 1 reply; 6+ messages in thread
From: Jan Willies @ 2011-05-17 14:21 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 3364 bytes --]
Hi there,
I have stared at it long enough, and still can't make out what's missing.
I'm trying to mount an aes-cbc-plain encrypted disk with cryptsetup-1.3.0 on
kernel-2.6.37.6:
root@dockstar:~# cryptsetup luksOpen /dev/sda2 storage
Enter passphrase for /dev/sda2:
device-mapper: reload ioctl failed: No such file or directory
Failed to setup dm-crypt key mapping for device /dev/sda2.
Check that kernel supports aes-cbc-plain cipher (check syslog for more
info).
Failed to read from key storage.
May 17 15:34:27 dockstar kern.err kernel: device-mapper: table: 254:0:
crypt: Error allocating crypto tfm
May 17 15:34:27 dockstar kern.warn kernel: device-mapper: ioctl: error
adding target to table
According to /proc/crypto aes-cbc should be working correctly:
root@dockstar:~# cat /proc/crypto
name : sha1
driver : sha1-generic
module : sha1_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : hmac(sha1)
driver : mv-hmac-sha1
module : mv_cesa
priority : 300
refcnt : 1
selftest : passed
type : ahash
async : yes
blocksize : 64
digestsize : 20
name : sha1
driver : mv-sha1
module : mv_cesa
priority : 300
refcnt : 1
selftest : passed
type : ahash
async : yes
blocksize : 64
digestsize : 20
name : cbc(aes)
driver : mv-cbc-aes
module : mv_cesa
priority : 300
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : ecb(aes)
driver : mv-ecb-aes
module : mv_cesa
priority : 300
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : aes
driver : aes-generic
module : aes_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : crc32c
driver : crc32c-generic
module : crc32c
priority : 100
refcnt : 2
selftest : passed
type : shash
blocksize : 1
digestsize : 4
root@dockstar:~# lsmod
aead 3340 1 cryptomgr
aes_generic 33156 1 mv_cesa
cbc 1656 0
crc32c 1960 1
crypto_algapi 8412 7
mv_cesa,cbc,aes_generic,crypto_blkcipher,cryptomgr,aead,crypto_hash
crypto_blkcipher 8701 3 dm_crypt,mv_cesa,cbc
crypto_hash 7260 4 sha1_generic,mv_cesa,libcrc32c,crc32c
cryptomgr 1732 0
dm_crypt 9944 0
dm_log 6676 2 dm_mirror,dm_region_hash
dm_mirror 10520 0
dm_mod 43952 3 dm_crypt,dm_mirror,dm_log
dm_region_hash 4852 1 dm_mirror
mv_cesa 7380 0
sha1_generic 1232 0
root@dockstar:~# cryptsetup luksDump /dev/sda2
LUKS header information for /dev/sda2
Version: 1
Cipher name: aes
Cipher mode: cbc-plain
Hash spec: sha1
Payload offset: 2056
MK bits: 256
MK digest: 6a [...]
Key Slot 0: ENABLED
[...]
Thanks for any pointers,
Jan
[-- Attachment #2: Type: text/html, Size: 5025 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] What am I missing for aes-cbc-plain
2011-05-17 14:21 [dm-crypt] What am I missing for aes-cbc-plain Jan Willies
@ 2011-05-17 14:39 ` Milan Broz
2011-05-17 14:54 ` Jan Willies
0 siblings, 1 reply; 6+ messages in thread
From: Milan Broz @ 2011-05-17 14:39 UTC (permalink / raw)
To: Jan Willies; +Cc: dm-crypt
On 05/17/2011 04:21 PM, Jan Willies wrote:
> Hi there,
>
> I have stared at it long enough, and still can't make out what's missing.
>
> I'm trying to mount an aes-cbc-plain encrypted disk with cryptsetup-1.3.0 on kernel-2.6.37.6:
>
> root@dockstar:~# cryptsetup luksOpen /dev/sda2 storage
> Enter passphrase for /dev/sda2:
> device-mapper: reload ioctl failed: No such file or directory
> Failed to setup dm-crypt key mapping for device /dev/sda2.
> Check that kernel supports aes-cbc-plain cipher (check syslog for more info).
> Failed to read from key storage.
Please run cryptsetup with --debug and post full output.
I would also try to blacklist Marvell hw accelerator module (mv_cesa) and try
to use generic aes crypto modules.
(All this seems to me like bug in this crypto driver).
Milan
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] What am I missing for aes-cbc-plain
2011-05-17 14:39 ` Milan Broz
@ 2011-05-17 14:54 ` Jan Willies
2011-05-17 16:31 ` Milan Broz
0 siblings, 1 reply; 6+ messages in thread
From: Jan Willies @ 2011-05-17 14:54 UTC (permalink / raw)
To: Milan Broz; +Cc: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 3233 bytes --]
Hi Milan,
2011/5/17 Milan Broz <mbroz@redhat.com>
>
> On 05/17/2011 04:21 PM, Jan Willies wrote:
> > Hi there,
> >
> > I have stared at it long enough, and still can't make out what's missing.
> >
> > I'm trying to mount an aes-cbc-plain encrypted disk with cryptsetup-1.3.0
> on kernel-2.6.37.6:
> >
> > root@dockstar:~# cryptsetup luksOpen /dev/sda2 storage
> > Enter passphrase for /dev/sda2:
> > device-mapper: reload ioctl failed: No such file or directory
> > Failed to setup dm-crypt key mapping for device /dev/sda2.
> > Check that kernel supports aes-cbc-plain cipher (check syslog for more
> info).
> > Failed to read from key storage.
>
> Please run cryptsetup with --debug and post full output.
>
Here's the output:
root@dockstar:~# cryptsetup --debug luksOpen /dev/sda2 storage
# cryptsetup 1.3.0 processing "cryptsetup --debug luksOpen /dev/sda2
storage"
# Running command luksOpen.
# Locking memory.
# Allocating crypt device /dev/sda2 context.
# Trying to open and read device /dev/sda2.
# Initialising device-mapper backend, UDEV is disabled.
# Detected dm-crypt version 1.7.0, dm-ioctl version 4.18.0.
# Trying to load LUKS1 crypt type from device /dev/sda2.
# Initialising gcrypt crypto backend.
# Reading LUKS header of size 1024 from device /dev/sda2
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Iteration time set to 1000 miliseconds.
# Activating volume storage [keyslot -1] using [none] passphrase.
# dm status storage OF [16384]
# Interactive passphrase entry requested.
Enter passphrase for /dev/sda2:
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# DM-UUID is CRYPT-TEMP-temporary-cryptsetup-2022
# dm create temporary-cryptsetup-2022 CRYPT-TEMP-temporary-cryptsetup-2022
OF [16384]
# dm reload temporary-cryptsetup-2022 OF [16384]
device-mapper: reload ioctl failed: No such file or directory
# dm remove temporary-cryptsetup-2022 OF [16384]
# temporary-cryptsetup-2022: Stacking NODE_DEL (replaces other stacked ops)
Failed to setup dm-crypt key mapping for device /dev/sda2.
Check that kernel supports aes-cbc-plain cipher (check syslog for more
info).
Failed to read from key storage.
# Releasing crypt device /dev/sda2 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 5: Failed to read from key storage.
> I would also try to blacklist Marvell hw accelerator module (mv_cesa) and
> try
> to use generic aes crypto modules.
> (All this seems to me like bug in this crypto driver).
When blacklisting mv_cesa, I only get
root@dockstar:~# cat /proc/crypto
name : sha1
driver : sha1-generic
module : sha1_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : aes
driver : aes-generic
module : aes_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : crc32c
driver : crc32c-generic
module : crc32c
priority : 100
refcnt : 2
selftest : passed
type : shash
blocksize : 1
digestsize : 4
although aes_generic and cbc are loaded.
regards,
Jan
[-- Attachment #2: Type: text/html, Size: 4638 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] What am I missing for aes-cbc-plain
2011-05-17 14:54 ` Jan Willies
@ 2011-05-17 16:31 ` Milan Broz
2011-05-17 17:09 ` Jan Willies
0 siblings, 1 reply; 6+ messages in thread
From: Milan Broz @ 2011-05-17 16:31 UTC (permalink / raw)
To: Jan Willies; +Cc: dm-crypt
On 05/17/2011 04:54 PM, Jan Willies wrote:
> # DM-UUID is CRYPT-TEMP-temporary-cryptsetup-2022
> # dm create temporary-cryptsetup-2022 CRYPT-TEMP-temporary-cryptsetup-2022 OF [16384]
> # dm reload temporary-cryptsetup-2022 OF [16384]
> device-mapper: reload ioctl failed: No such file or directory
There is something strange on your system - either some kernel modules are missing
or something similar. Any other messages in syslog?
According to used mv_cesa module I guess it is some ARM platform, right?
Maybe try to keep LUKS from the picture and check modes works, just
use plain crypt - like this:
echo "password" | cryptsetup create tst /dev/<some dev> -c aes-cbc-plain -s 128
cryptsetup remove tst
Does it fail for all combination of modes?
(Try aes-ecb - it is insecure, but just to test if aes driver works).
If it still fails with "No such file or directory", try some simple device-mapper
target using the same device:
dmsetup create tst --table "0 1000 linear /dev/sda2 0"
dmsetup remove tst
Does this work?
Milan
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] What am I missing for aes-cbc-plain
2011-05-17 16:31 ` Milan Broz
@ 2011-05-17 17:09 ` Jan Willies
2011-05-20 8:17 ` Jan Willies
0 siblings, 1 reply; 6+ messages in thread
From: Jan Willies @ 2011-05-17 17:09 UTC (permalink / raw)
To: Milan Broz; +Cc: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 1445 bytes --]
2011/5/17 Milan Broz <mbroz@redhat.com>
> On 05/17/2011 04:54 PM, Jan Willies wrote:
> > # DM-UUID is CRYPT-TEMP-temporary-cryptsetup-2022
> > # dm create temporary-cryptsetup-2022
> CRYPT-TEMP-temporary-cryptsetup-2022 OF [16384]
> > # dm reload temporary-cryptsetup-2022 OF [16384]
> > device-mapper: reload ioctl failed: No such file or directory
>
> There is something strange on your system - either some kernel modules are
> missing
> or something similar. Any other messages in syslog?
>
No, unfortunately not.
> According to used mv_cesa module I guess it is some ARM platform, right?
>
Exactly.
> Maybe try to keep LUKS from the picture and check modes works, just
> use plain crypt - like this:
>
> echo "password" | cryptsetup create tst /dev/<some dev> -c aes-cbc-plain -s
> 128
> cryptsetup remove tst
>
root@OpenWrt:/# echo "password" | cryptsetup create tst /dev/sda1 -c
aes-cbc-pla
in -s 128
device-mapper: table: 254:0: crypt: Error allocating crypto tfm
device-mapper: ioctl: error adding target to table
device-mapper: reload ioctl failed: No such file or directory
> Does it fail for all combination of modes?
> (Try aes-ecb - it is insecure, but just to test if aes driver works).
>
That seems to work:
root@OpenWrt:/# echo "password" | cryptsetup create tst /dev/sda1 -c aes-ecb
-s
128
root@OpenWrt:/# cryptsetup remove tst
hm, so the aes driver works but not in combination with aes-cbc?
regards,
Jan
[-- Attachment #2: Type: text/html, Size: 2442 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] What am I missing for aes-cbc-plain
2011-05-17 17:09 ` Jan Willies
@ 2011-05-20 8:17 ` Jan Willies
0 siblings, 0 replies; 6+ messages in thread
From: Jan Willies @ 2011-05-20 8:17 UTC (permalink / raw)
To: Milan Broz; +Cc: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 677 bytes --]
2011/5/17 Jan Willies <jan@willies.info>
> Maybe try to keep LUKS from the picture and check modes works, just
>
>> use plain crypt - like this:
>>
>> echo "password" | cryptsetup create tst /dev/<some dev> -c aes-cbc-plain
>> -s 128
>> cryptsetup remove tst
>>
>
> root@OpenWrt:/# echo "password" | cryptsetup create tst /dev/sda1 -c
> aes-cbc-pla
> in -s 128
> device-mapper: table: 254:0: crypt: Error allocating crypto tfm
> device-mapper: ioctl: error adding target to table
> device-mapper: reload ioctl failed: No such file or directory
>
It works now, I was missing the module 'chainiv'.
Could the error message somehow be improved to reflect that?
regards,
jan
[-- Attachment #2: Type: text/html, Size: 1309 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2011-05-20 8:17 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-05-17 14:21 [dm-crypt] What am I missing for aes-cbc-plain Jan Willies
2011-05-17 14:39 ` Milan Broz
2011-05-17 14:54 ` Jan Willies
2011-05-17 16:31 ` Milan Broz
2011-05-17 17:09 ` Jan Willies
2011-05-20 8:17 ` Jan Willies
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.