* [dm-crypt] LUKS2 AES-GCM-random erroring with key size issue. [not found] <7d63ae4f-0b97-4b98-ac1b-5f26880950ac@Spark> @ 2020-02-27 5:37 ` vinay paduru 2020-02-28 10:22 ` Michael Kjörling 2020-02-28 11:21 ` Milan Broz 0 siblings, 2 replies; 6+ messages in thread From: vinay paduru @ 2020-02-27 5:37 UTC (permalink / raw) To: dm-crypt; +Cc: vinay paduru [-- Attachment #1: Type: text/plain, Size: 672 bytes --] Hello Team, I am trying to encrypt a volume with LUKS2 AES-GCM-Random cipher and I am seeing an error saying “key size 256 bits” not available. I tried changing the key size but same error repeats for whatever the key size we give. Could you please help us solve this problem. # cryptsetup --verbose luksFormat --type luks2 --cipher aes-gcm-random --integrity aead /dev/sdb2 WARNING! ======== This will overwrite data on /dev/sdb2 irrevocably. Are you sure? (Type 'yes' in capital letters): YES Enter passphrase for /dev/sdb2: Verify passphrase: Cipher aes-gcm-random (key size 256 bits) is not available. Regards, Vinay [-- Attachment #2: Type: text/html, Size: 3085 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] LUKS2 AES-GCM-random erroring with key size issue. 2020-02-27 5:37 ` [dm-crypt] LUKS2 AES-GCM-random erroring with key size issue vinay paduru @ 2020-02-28 10:22 ` Michael Kjörling 2020-02-28 11:21 ` Milan Broz 1 sibling, 0 replies; 6+ messages in thread From: Michael Kjörling @ 2020-02-28 10:22 UTC (permalink / raw) To: dm-crypt On 27 Feb 2020 05:37 +0000, from vinay.paduru@live.com (vinay paduru): > Could you please help us solve this problem. > > # cryptsetup --verbose luksFormat --type luks2 --cipher aes-gcm-random --integrity aead /dev/sdb2 > [...] > Cipher aes-gcm-random (key size 256 bits) is not available. Try running the same command with --debug and send the full output of that. The exact kernel and cryptsetup version and build you're using (including distribution package version, if applicable), and the contents of /proc/crypto immediately after running cryptsetup, might also be useful. Especially if you're building from source, it's also a good idea to double-check that the cryptsetup binary that you're running is the one you expect. -- Michael Kjörling • https://michael.kjorling.se • michael@kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?” ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] LUKS2 AES-GCM-random erroring with key size issue. 2020-02-27 5:37 ` [dm-crypt] LUKS2 AES-GCM-random erroring with key size issue vinay paduru 2020-02-28 10:22 ` Michael Kjörling @ 2020-02-28 11:21 ` Milan Broz 2020-03-02 5:30 ` vinay paduru 1 sibling, 1 reply; 6+ messages in thread From: Milan Broz @ 2020-02-28 11:21 UTC (permalink / raw) To: vinay paduru, dm-crypt On 27/02/2020 06:37, vinay paduru wrote: > I am trying to encrypt a volume with *LUKS2* *AES-GCM-Random* cipher > and I am seeing an error saying “key size 256 bits” not available. I > tried changing the key size but same error repeats for whatever the > key size we give. Do you have kernel with gcm crypto module enabled? Milan ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] LUKS2 AES-GCM-random erroring with key size issue. 2020-02-28 11:21 ` Milan Broz @ 2020-03-02 5:30 ` vinay paduru 2020-03-02 7:23 ` Milan Broz 0 siblings, 1 reply; 6+ messages in thread From: vinay paduru @ 2020-03-02 5:30 UTC (permalink / raw) To: dm-crypt, Milan Broz [-- Attachment #1: Type: text/plain, Size: 1657 bytes --] Hello Milan, Yes, I have the module installed and enabled. # lsmod | grep -i gcm gcm 24576 0 # modprobe gcm # modinfo gcm filename: /lib/modules/4.1.12-61.1.19.el7uek.x86_64/kernel/crypto/gcm.ko alias: crypto-gcm alias: gcm alias: crypto-rfc4543 alias: rfc4543 alias: crypto-rfc4106 alias: rfc4106 alias: crypto-gcm_base alias: gcm_base author: Mikko Herranen <mh1@iki.fi> description: Galois/Counter Mode license: GPL srcversion: 0805471CE9244CDA1D08732 depends: intree: Y vermagic: 4.1.12-61.1.19.el7uek.x86_64 SMP mod_unload modversions signer: Oracle CA Server sig_key: 99:0C:6B:AD:6E:20:40:AB:2F:AC:19:2B:13:86:80:73:E1:2A:95:FB sig_hashalgo: sha512 #cryptsetup luksFormat --type luks2 /dev/sdb2 --cipher aes-gcm-random --integrity aead WARNING! ======== This will overwrite data on /dev/sdb2 irrevocably. Are you sure? (Type 'yes' in capital letters): YES Enter passphrase for /dev/sdb2: Verify passphrase: Cipher aes-gcm-random (key size 256 bits) is not available. # Vinay On 28 Feb 2020, 4:51 PM +0530, Milan Broz <gmazyland@gmail.com>, wrote: On 27/02/2020 06:37, vinay paduru wrote: I am trying to encrypt a volume with *LUKS2* *AES-GCM-Random* cipher and I am seeing an error saying “key size 256 bits” not available. I tried changing the key size but same error repeats for whatever the key size we give. Do you have kernel with gcm crypto module enabled? Milan [-- Attachment #2: Type: text/html, Size: 9575 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] LUKS2 AES-GCM-random erroring with key size issue. 2020-03-02 5:30 ` vinay paduru @ 2020-03-02 7:23 ` Milan Broz 2020-03-12 7:34 ` vinay paduru 0 siblings, 1 reply; 6+ messages in thread From: Milan Broz @ 2020-03-02 7:23 UTC (permalink / raw) To: vinay paduru, dm-crypt On 02/03/2020 06:30, vinay paduru wrote: > Yes, I have the module installed and enabled. > > filename: /lib/modules/4.1.12-61.1.19.el7uek.x86_64/kernel/crypto/gcm.ko Hi, as suggested, also check --debug output and syslog. I cannot provide you support for commercial kernel with possibly (not) backported patches, please contact your vendor if it is not working properly. (Couldn't resist, but it is Oracle unbreakable kernel (uek) so it have to work, obviously!) More seriously, it is quite possible that you are missing more things here (dm-integrity) that is required for authenticated encryption etc. We do not support dm-integrity in RHEL7 at all, do not expect it to work in distro clones even with updated kernel. Milan ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dm-crypt] LUKS2 AES-GCM-random erroring with key size issue. 2020-03-02 7:23 ` Milan Broz @ 2020-03-12 7:34 ` vinay paduru 0 siblings, 0 replies; 6+ messages in thread From: vinay paduru @ 2020-03-12 7:34 UTC (permalink / raw) To: dm-crypt, Milan Broz [-- Attachment #1: Type: text/plain, Size: 1064 bytes --] Thank you for the detailed explanation Milan and apologies for late response. We were trying it on OEL-7 distro. Any chance of supporting OEL-7 distro in future as OEL-6 is almost EOL ? Vinay On 2 Mar 2020, 12:53 PM +0530, Milan Broz <gmazyland@gmail.com>, wrote: > On 02/03/2020 06:30, vinay paduru wrote: > > Yes, I have the module installed and enabled. > > > > filename: /lib/modules/4.1.12-61.1.19.el7uek.x86_64/kernel/crypto/gcm.ko > > Hi, > > as suggested, also check --debug output and syslog. > > I cannot provide you support for commercial kernel with possibly (not) backported patches, > please contact your vendor if it is not working properly. > (Couldn't resist, but it is Oracle unbreakable kernel (uek) so it have to work, obviously!) > > More seriously, it is quite possible that you are missing more things here (dm-integrity) > that is required for authenticated encryption etc. > > We do not support dm-integrity in RHEL7 at all, do not expect it to work in distro clones > even with updated kernel. > > Milan [-- Attachment #2: Type: text/html, Size: 1744 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-03-12 7:35 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <7d63ae4f-0b97-4b98-ac1b-5f26880950ac@Spark> 2020-02-27 5:37 ` [dm-crypt] LUKS2 AES-GCM-random erroring with key size issue vinay paduru 2020-02-28 10:22 ` Michael Kjörling 2020-02-28 11:21 ` Milan Broz 2020-03-02 5:30 ` vinay paduru 2020-03-02 7:23 ` Milan Broz 2020-03-12 7:34 ` vinay paduru
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.