Modify

Opened 7 years ago

Last modified 4 years ago

#9375 new defect

cryptsetup seems only to work in aes-ecb cipher mode

Reported by: anonymous Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: cryptsetup Cc:

Description

cryptsetup luksFormat or cryptsetup luksOpen give the following error in cipher modes other than aes-ecb (i.e. cryptsetup -c aes-xts-plain luksFormat /dev/sda1):

device-mapper: reload ioctl failed: No such file or directory
Failed to setup dm-crypt key mapping for device /dev/sda1.
Check that kernel supports aes-xts-plain cipher (check syslog for more info).

dmesg:

device-mapper: table: 253:0: crypt: Error allocating crypto tfm
device-mapper: ioctl: error adding target to table

lsmod:

Module                  Size  Used by    Not tainted
wp512                  23488  0 
twofish_generic         7792  0 
twofish_common         13984  1 twofish_generic
tgr192                 12208  0 
blowfish                8720  0 
serpent                19904  0 
cast6                   8272  0 
cast5                  17424  0 
anubis                  9200  0 
crc32c                  1920  0 
fcrypt                  8320  0 
sha512_generic          7088  0 
sha256_generic          8976  0 
ums_usbat               7296  0 
ums_sddr55              4736  0 
ums_sddr09              8704  0 
ums_karma               1456  0 
ums_jumpshot            3568  0 
ums_isd200              4880  0 
ums_freecom             1872  0 
ums_datafab             4624  0 
ums_cypress             2064  0 
ums_alauda              8256  0 
usbserial              22432  0 
usblp                   8224  0 
leds_wndr3700_usb        672  0 
ledtrig_usbdev          2032  0 
nf_nat_irc               784  0 
nf_conntrack_irc        2480  1 nf_nat_irc
nf_nat_ftp               976  0 
nf_conntrack_ftp        4416  1 nf_nat_ftp
xt_HL                   1200  0 
xt_hl                    720  0 
ipt_ECN                 1280  0 
xt_CLASSIFY              448  0 
xt_time                 1472  0 
xt_tcpmss                896  0 
xt_statistic             720  0 
xt_mark                  592 30 
xt_length                592  5 
ipt_ecn                  880  0 
xt_DSCP                 1296  0 
xt_dscp                  912  0 
xt_string                688  0 
xt_layer7               8960  0 
ipt_MASQUERADE           928  1 
iptable_nat             2128  1 
nf_nat                  9808  4 nf_nat_irc,nf_nat_ftp,ipt_MASQUERADE,iptable_nat
xt_recent               5888  0 
xt_helper                800  0 
xt_connmark              960  2 
xt_connbytes            1312  0 
xt_conntrack            1648  0 
xt_NOTRACK               464  0 
iptable_raw              576  1 
xt_state                 624  6 
nf_conntrack_ipv4       3808 11 iptable_nat,nf_nat
nf_defrag_ipv4           624  1 nf_conntrack_ipv4
nf_conntrack           36672 15 nf_nat_irc,nf_conntrack_irc,nf_nat_ftp,nf_conntrack_ftp,xt_layer7,ipt_MASQUERADE,iptable_nat,nf_nat,xt_helper,xt_connmark,xt_connbytes,xt_conntrack,xt_NOTRACK,xt_state,nf_conntrack_ipv4
pppoe                   7216  0 
pppox                   1152  1 pppoe
sch_red                 3424  4 
sch_sfq                 4656  4 
sch_hfsc               13680  2 
ipt_REJECT              1616  2 
cls_fw                  3152  8 
xt_TCPMSS               1744  2 
sch_ingress              816  1 
ipt_LOG                 5840  0 
act_mirred              2448  0 
xt_comment               416  0 
em_u32                   496  0 
xt_multiport            1104  5 
cls_u32                 5760  0 
ifb                     2144  0 
xt_mac                   544  0 
xt_limit                 960  1 
iptable_mangle           864  1 
iptable_filter           640  1 
ip_tables               8352  4 iptable_nat,iptable_raw,iptable_mangle,iptable_filter
xt_tcpudp               1568 32 
x_tables               10032 35 xt_HL,xt_hl,ipt_ECN,xt_CLASSIFY,xt_time,xt_tcpmss,xt_statistic,xt_mark,xt_length,ipt_ecn,xt_DSCP,xt_dscp,xt_string,xt_layer7,ipt_MASQUERADE,iptable_nat,xt_recent,xt_helper,xt_connmark,xt_connbytes,xt_conntrack,xt_NOTRACK,iptable_raw,xt_state,ipt_REJECT,xt_TCPMSS,ipt_LOG,xt_comment,xt_multiport,xt_mac,xt_limit,iptable_mangle,iptable_filter,ip_tables,xt_tcpudp
ppp_async               6000  0 
ppp_generic            18384  3 pppoe,pppox,ppp_async
slhc                    4000  1 ppp_generic
loop                   10624  1 
vfat                    7776  0 
fat                    41152  1 vfat
isofs                  28016  0 
dm_crypt               10544  0 
dm_mirror              11216  0 
dm_region_hash          5232  1 dm_mirror
dm_log                  7088  2 dm_mirror,dm_region_hash
dm_mod                 48944  3 dm_crypt,dm_mirror,dm_log
raid10                 21328  0 
raid1                  19440  0 
ath9k                  75312  0 
md_mod                 82416  2 raid10,raid1
ath9k_common            1168  1 ath9k
ath9k_hw              237024  2 ath9k,ath9k_common
ath                    11360  2 ath9k,ath9k_hw
nls_utf8                 784  0 
nls_iso8859_15          3312  0 
nls_iso8859_1           2800  0 
nls_cp852               3568  0 
nls_cp850               3568  0 
nls_cp437               4336  0 
mac80211              204640  1 ath9k
ts_fsm                  2496  0 
ts_bm                   1360  0 
ts_kmp                  1296  0 
crc_ccitt                944  1 ppp_async
cfg80211              117616  2 ath9k,mac80211
compat                  2432  1 mac80211
xts                     1920  0 
gf128mul                6672  1 xts
sha1_generic            1312  0 
michael_mic             1472  0 
md5                     4144  0 
hmac                    2240  0 
ecb                     1264  0 
deflate                 1312  0 
cbc                     1968  0 
arc4                     768  4 
aes_generic            29840  4 
crypto_blkcipher        9056  4 dm_crypt,xts,ecb,cbc
cryptomgr               1808  0 
aead                    3568  1 cryptomgr
crypto_hash             7792  9 wp512,tgr192,crc32c,sha512_generic,sha256_generic,sha1_generic,michael_mic,md5,hmac
crypto_algapi           9008 18 twofish_generic,blowfish,serpent,cast6,cast5,anubis,fcrypt,xts,hmac,ecb,deflate,cbc,arc4,aes_generic,crypto_blkcipher,cryptomgr,aead,crypto_hash
usb_storage            32624 11 ums_usbat,ums_sddr55,ums_sddr09,ums_karma,ums_jumpshot,ums_isd200,ums_freecom,ums_datafab,ums_cypress,ums_alauda
ohci_hcd               16560  0 
ehci_hcd               32064  0 
sd_mod                 21072  2 
ext4                  217808  1 
jbd2                   36048  1 ext4
usbcore                95120 17 ums_usbat,ums_sddr55,ums_sddr09,ums_karma,ums_jumpshot,ums_isd200,ums_freecom,ums_datafab,ums_cypress,ums_alauda,usbserial,usblp,ledtrig_usbdev,usb_storage,ohci_hcd,ehci_hcd
scsi_mod               67808  3 ums_cypress,usb_storage,sd_mod
nls_base                4544 10 vfat,fat,isofs,nls_utf8,nls_iso8859_15,nls_iso8859_1,nls_cp852,nls_cp850,nls_cp437,usbcore
mbcache                 3504  1 ext4
crc16                    944  1 ext4
zlib_deflate           17424  1 deflate
leds_gpio               1584  0 
button_hotplug          2688  0 
gpio_keys_polled        2080  0 
input_polldev           2064  1 gpio_keys_polled
input_core             18864  4 button_hotplug,gpio_keys_polled,input_polldev

Version: r26785

Attached file: .config

Attachments (1)

.config (116.5 KB) - added by anonymous 7 years ago.

Download all attachments as: .zip

Change History (7)

Changed 7 years ago by anonymous

comment:1 Changed 7 years ago by ddxx0n

This is really strange, cryptsetup -c [mode] luksFormat /dev/null is working on my system with either mode you mentioned and I cannot spot any missing modules on your list at first glance.

For reference, Here's my module list, maybe you find something missing on your system yourself:

Module                  Size  Used by    Tainted: G
dm_crypt               12848  0
dm_mod                 49376  1 dm_crypt
pppoe                   7200  2
pppox                   1152  1 pppoe
ppp_generic            18384  6 pppoe,pppox
nfsd                   68304  1
lockd                  54832  1 nfsd
sunrpc                140640  4 nfsd,lockd
exportfs                2544  1 nfsd
leds_wndr3700_usb        672  0
xt_TPROXY               2016  0
nf_tproxy_core           656  1 xt_TPROXY,[permanent]
nf_conntrack_netlink    10624  0
nfnetlink_queue         4800  0
nfnetlink_log           5152  0
nfnetlink               1616  3 nf_conntrack_netlink,nfnetlink_queue,nfnetlink_log
xt_CHAOS                1696  4
xt_TARPIT               1776  1
xt_DELUDE               1360  1
ipt_ULOG                3888  7
nf_conntrack_tftp       2352  0
nf_conntrack_sip       15920  0
nf_conntrack_rtsp       3888  0
nf_conntrack_pptp       3088  0
nf_conntrack_h323      33008  0
nf_nat_proto_gre         784  0
nf_conntrack_proto_gre     2304  1 nf_conntrack_pptp
nf_conntrack_amanda     1552  0
nf_conntrack_irc        2496  0
nf_nat_ftp               976  0
nf_conntrack_ftp        4416  1 nf_nat_ftp
xt_iprange               864  0
xt_CLASSIFY              448  0
xt_tcpmss                896  0
xt_mark                  592  0
xt_length                592  0
xt_layer7               8976  0
compat_xtables          1536  3 xt_CHAOS,xt_TARPIT,xt_DELUDE
ipt_MASQUERADE           944  1
iptable_nat             2608  1
nf_nat                 10512  4 nf_nat_proto_gre,nf_nat_ftp,ipt_MASQUERADE,iptable_nat
xt_recent               5744  6
xt_connmark              960  0
xt_conntrack            1648  0
xt_NOTRACK               464  2
iptable_raw              560  1
xt_state                 624  7
nf_conntrack_ipv4       4336 10 iptable_nat,nf_nat
nf_defrag_ipv4           624  2 xt_TPROXY,nf_conntrack_ipv4
nf_conntrack           37808 20 nf_conntrack_netlink,nf_conntrack_tftp,nf_conntrack_sip,nf_conntrack_rtsp,nf_conntrack_pptp,nf_conntrack_h323,nf_conntrack_proto_gre,nf_conntrack_amanda,nf_conntrack_irc,nf_nat_ftp,nf_conntrack_ftp,xt_layer7,ipt_MASQUERADE,iptable_nat,nf_nat,xt_connmark,xt_conntrack,xt_NOTRACK,xt_state,nf_conntrack_ipv4
ipt_REJECT              1664  3
xt_TCPMSS               1872  2
ipt_LOG                 5840  1
xt_comment               416  0
xt_multiport            1104 15
xt_limit                 960  7
iptable_mangle           848  1
iptable_filter           624  1
ip_tables               8512  4 iptable_nat,iptable_raw,iptable_mangle,iptable_filter
xt_tcpudp               1568 31
x_tables               10064 28 xt_TPROXY,xt_CHAOS,ipt_ULOG,xt_iprange,xt_CLASSIFY,xt_tcpmss,xt_mark,xt_length,xt_layer7,compat_xtables,ipt_MASQUERADE,iptable_nat,xt_recent,xt_connmark,xt_conntrack,xt_NOTRACK,iptable_raw,xt_state,ipt_REJECT,xt_TCPMSS,ipt_LOG,xt_comment,xt_multiport,xt_limit,iptable_mangle,iptable_filter,ip_tables,xt_tcpudp
ath9k                  73264  0
ath9k_common            1168  1 ath9k
ath9k_hw              237280  2 ath9k,ath9k_common
ath                    11360  2 ath9k,ath9k_hw
nls_utf8                 784  0
nls_iso8859_15          3312  0
nls_iso8859_1           2800  0
nls_cp850               3568  0
nls_cp437               4336  0
mac80211              190480  1 ath9k
ts_kmp                  1296  5
crc_ccitt                944  0
cfg80211              117328  2 ath9k,mac80211
compat                   656  0
xts                     1920  0
gf128mul                6672  1 xts
arc4                     768  4
aes_generic            29840  3
crypto_blkcipher        9056  2 dm_crypt,xts
cryptomgr               1808  0
aead                    3568  1 cryptomgr
crypto_hash             7824  1 dm_crypt
crypto_algapi           9008  8 dm_crypt,xts,arc4,aes_generic,crypto_blkcipher,cryptomgr,aead,crypto_hash
slhc                    4000  1 ppp_generic
usb_storage            32624  2
ohci_hcd               16560  0
ehci_hcd               32128  0
sd_mod                 21504  3
ext4                  220496  1
jbd2                   36240  1 ext4
usbcore                95024  4 usb_storage,ohci_hcd,ehci_hcd
scsi_mod               67776  2 usb_storage,sd_mod
nls_base                4544  6 nls_utf8,nls_iso8859_15,nls_iso8859_1,nls_cp850,nls_cp437,usbcore
mbcache                 3504  1 ext4
crc16                    944  1 ext4
input_polldev           2064  0
input_core             19792  1 input_polldev

comment:2 Changed 7 years ago by anonymous

Thanks for the quick answer. Now I know that this should be working.

cryptsetup -c [mode] luksFormat /dev/null gives for any [mode] the following error:

Cannot open device /dev/null for read-only access.

The only successful luksFormat command is cryptsetup -c aes-ecb luksFormat /dev/sda1 and dmesg reports:

device-mapper: crypt: Selected cipher does not support IVs

/proc/crypto:

name         : ecb(aes)
driver       : ecb(aes-generic)
module       : ecb
priority     : 100
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 0
geniv        : <default>

name         : wp256
driver       : wp256-generic
module       : wp512
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 32

name         : wp384
driver       : wp384-generic
module       : wp512
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 48

name         : wp512
driver       : wp512-generic
module       : wp512
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 64

name         : twofish
driver       : twofish-generic
module       : twofish_generic
priority     : 100
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : tgr128
driver       : tgr128-generic
module       : tgr192
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 16

name         : tgr160
driver       : tgr160-generic
module       : tgr192
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 20

name         : tgr192
driver       : tgr192-generic
module       : tgr192
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 24

name         : blowfish
driver       : blowfish-generic
module       : blowfish
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 8
min keysize  : 4
max keysize  : 56

name         : tnepres
driver       : tnepres-generic
module       : serpent
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 0
max keysize  : 32

name         : serpent
driver       : serpent-generic
module       : serpent
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 0
max keysize  : 32

name         : cast6
driver       : cast6-generic
module       : cast6
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : cast5
driver       : cast5-generic
module       : cast5
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 8
min keysize  : 5
max keysize  : 16

name         : anubis
driver       : anubis-generic
module       : anubis
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 40

name         : xts(aes)
driver       : xts(aes-generic)
module       : xts
priority     : 100
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 32
max keysize  : 64
ivsize       : 16
geniv        : <default>

name         : crc32c
driver       : crc32c-generic
module       : crc32c
priority     : 100
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 1
digestsize   : 4

name         : fcrypt
driver       : fcrypt-generic
module       : fcrypt
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 8
min keysize  : 8
max keysize  : 8

name         : cbc(aes)
driver       : cbc(aes-generic)
module       : cbc
priority     : 100
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : sha512
driver       : sha512-generic
module       : sha512_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 128
digestsize   : 64

name         : sha384
driver       : sha384-generic
module       : sha512_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 128
digestsize   : 48

name         : sha256
driver       : sha256-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 32

name         : sha224
driver       : sha224-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 28

name         : sha1
driver       : sha1-generic
module       : sha1_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 20

name         : michael_mic
driver       : michael_mic-generic
module       : michael_mic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 8
digestsize   : 8

name         : md5
driver       : md5-generic
module       : md5
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 16

name         : deflate
driver       : deflate-generic
module       : deflate
priority     : 0
refcnt       : 1
selftest     : passed
type         : compression

name         : arc4
driver       : arc4-generic
module       : arc4
priority     : 0
refcnt       : 5
selftest     : passed
type         : cipher
blocksize    : 1
min keysize  : 1
max keysize  : 256

name         : aes
driver       : aes-generic
module       : aes_generic
priority     : 100
refcnt       : 4
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

comment:3 Changed 7 years ago by anonymous

Could this have been fixed by Changesets 26812-26815?
Shall I compile the newest trunk version?

comment:4 Changed 7 years ago by ddxx0n

  • of course the /dev/null target produces an error, it's an example to test out the cipher combination w/o formating your hd
  • imho it's always a good idea to try the latest trunk when working on a bug, you never know what side effects a fix has had
  • your crypto modules seem to be loaded alright, it really should be working. if it's still broken I suggest using the forum, fewer people read bug tickets than posts over there

comment:5 Changed 7 years ago by anonymous

Good news: I compiled r26885 and now everything works perfect! Can't tell what exactly did the trick, but I suspect the new option CONFIG_PACKAGE_kmod-crypto-iv did it.

comment:6 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.