Re: What am I missing for aes-cbc-plain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Milan,

2011/5/17 Milan Broz <mbroz@xxxxxxxxxx>

On 05/17/2011 04:21 PM, Jan Willies wrote:
> Hi there,
>
> I have stared at it long enough, and still can't make out what's missing.
>
> I'm trying to mount an aes-cbc-plain encrypted disk with cryptsetup-1.3.0 on kernel-2.6.37.6:
>
> root@dockstar:~# cryptsetup luksOpen /dev/sda2 storage
> Enter passphrase for /dev/sda2:
> device-mapper: reload ioctl failed: No such file or directory
> Failed to setup dm-crypt key mapping for device /dev/sda2.
> Check that kernel supports aes-cbc-plain cipher (check syslog for more info).
> Failed to read from key storage.

Please run cryptsetup with --debug and post full output.

Here's the output:

root@dockstar:~# cryptsetup --debug luksOpen /dev/sda2 storage
# cryptsetup 1.3.0 processing "cryptsetup --debug luksOpen /dev/sda2 storage"
# Running command luksOpen.
# Locking memory.
# Allocating crypt device /dev/sda2 context.
# Trying to open and read device /dev/sda2.
# Initialising device-mapper backend, UDEV is disabled.
# Detected dm-crypt version 1.7.0, dm-ioctl version 4.18.0.
# Trying to load LUKS1 crypt type from device /dev/sda2.
# Initialising gcrypt crypto backend.
# Reading LUKS header of size 1024 from device /dev/sda2
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Iteration time set to 1000 miliseconds.
# Activating volume storage [keyslot -1] using [none] passphrase.
# dm status storage  OF   [16384]
# Interactive passphrase entry requested.
Enter passphrase for /dev/sda2:
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# DM-UUID is CRYPT-TEMP-temporary-cryptsetup-2022
# dm create temporary-cryptsetup-2022 CRYPT-TEMP-temporary-cryptsetup-2022 OF   [16384]
# dm reload temporary-cryptsetup-2022  OF   [16384]
device-mapper: reload ioctl failed: No such file or directory
# dm remove temporary-cryptsetup-2022  OF   [16384]
# temporary-cryptsetup-2022: Stacking NODE_DEL (replaces other stacked ops)
Failed to setup dm-crypt key mapping for device /dev/sda2.
Check that kernel supports aes-cbc-plain cipher (check syslog for more info).
Failed to read from key storage.
# Releasing crypt device /dev/sda2 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 5: Failed to read from key storage.
 
I would also try to blacklist Marvell hw accelerator module (mv_cesa) and try
to use generic aes crypto modules.
(All this seems to me like bug in this crypto driver).

When blacklisting mv_cesa, I only get

root@dockstar:~# cat /proc/crypto
name         : sha1
driver       : sha1-generic
module       : sha1_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 20

name         : aes
driver       : aes-generic
module       : aes_generic
priority     : 100
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : crc32c
driver       : crc32c-generic
module       : crc32c
priority     : 100
refcnt       : 2
selftest     : passed
type         : shash
blocksize    : 1
digestsize   : 4

although aes_generic and cbc are loaded.


regards,

Jan
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux