* [dm-crypt] cryptsetup : LUKS2 Issue for using cryptsetup --type with aes-gcm-random
@ 2018-07-19 17:05 laurent cop
2018-07-20 7:54 ` Milan Broz
0 siblings, 1 reply; 4+ messages in thread
From: laurent cop @ 2018-07-19 17:05 UTC (permalink / raw
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 727 bytes --]
Hello,
- I am working on debian9, not connected to internet.(repo is not
accessible)
- I have download cryptsetup-2.0.3 (tar.xz)
- I have execute configure, make, make install script
- I try cryptsetup --version => 2.0.3
- I try cryptsetup --benchmark
I cannot see this algo, in fact I see most of my previous version 1.7
only
- crypsetup -v luksFormat --type luks2 /dev/mydev --cipher aes-gcm-random
--integrity aead
=> Enter passphrase
=> verify
device-mapper: table: 253:0: integrity: unknow target type
device-mapper: ioctl; error adding target to table
device-mapper: reload ioctl on failed : invalid argument
Cannot format integrity for device /dev/mydev
Command failed with code -1
How can I check if my
[-- Attachment #2: Type: text/html, Size: 995 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dm-crypt] cryptsetup : LUKS2 Issue for using cryptsetup --type with aes-gcm-random
2018-07-19 17:05 laurent cop
@ 2018-07-20 7:54 ` Milan Broz
0 siblings, 0 replies; 4+ messages in thread
From: Milan Broz @ 2018-07-20 7:54 UTC (permalink / raw
To: laurent cop, dm-crypt
On 19/07/18 19:05, laurent cop wrote:
> Hello,
>
> - I am working on debian9, not connected to internet.(repo is not accessible)
> - I have download cryptsetup-2.0.3 (tar.xz)
> - I have execute configure, make, make install script
>
> - I try cryptsetup --version => 2.0.3
> - I try cryptsetup --benchmark
> I cannot see this algo, in fact I see most of my previous version 1.7 only
>
> - crypsetup -v luksFormat --type luks2 /dev/mydev --cipher aes-gcm-random --integrity aead
> => Enter passphrase
> => verify
> device-mapper: table: 253:0: integrity: unknow target type
So you have old kernel that does not support dm-integrity.
If you read man page, there is note that you need to use kernel 4.12.
(The detection is quite tricky, because module is autoloaded quite late
but we should probably make error message more clear here.)
m.
> device-mapper: ioctl; error adding target to table
> device-mapper: reload ioctl on failed : invalid argument
> Cannot format integrity for device /dev/mydev
> Command failed with code -1
>
> How can I check if my
>
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> https://www.saout.de/mailman/listinfo/dm-crypt
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [dm-crypt] cryptsetup : LUKS2 Issue for using cryptsetup --type with aes-gcm-random
@ 2018-07-25 17:39 laurent cop
2018-07-26 6:05 ` Milan Broz
0 siblings, 1 reply; 4+ messages in thread
From: laurent cop @ 2018-07-25 17:39 UTC (permalink / raw
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 5442 bytes --]
Hello,
I have upgraded my kernel to 4.16, I am on Debian 9
Nevertheless I received this error :
root@NAS:/home/user1# cryptsetup --debug luksFormat --type luks2
/dev/nvme3n1p1 --cipher aes-gcm-random --integrity aead
# cryptsetup 2.0.3 processing "cryptsetup --debug luksFormat --type luks2
/dev/nvme3n1p1 --cipher aes-gcm-random --integrity aead"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
WARNING!
========
Cette action écrasera définitivement les données sur /dev/nvme3n1p1.
Are you sure? (Type uppercase yes): YES
# Allocating context for crypt device /dev/nvme3n1p1.
# Trying to open and read device /dev/nvme3n1p1 with direct-io.
# Initialising device-mapper backend library.
# Interactive passphrase entry requested.
Saisissez la phrase secrète pour /dev/nvme3n1p1 :
Vérifiez la phrase secrète :
# PBKDF argon2i, hash sha256, time_ms 2000 (iterations 0), max_memory_kb
1048576, parallel_threads 4.
# Formatting device /dev/nvme3n1p1 as type LUKS2.
# Crypto backend (gcrypt 1.7.6-beta) initialized in cryptsetup library
version 2.0.3.
# Detected kernel Linux 4.16.0-0.bpo.2-amd64 x86_64.
# Topology: IO (512/0), offset = 0; Required alignment is 1048576 bytes.
# Creating new digest 0 (pbkdf2).
# Setting PBKDF2 type key digest 0.
# Running pbkdf2(sha256) benchmark.
# PBKDF benchmark: memory cost = 0, iterations = 840205, threads = 0 (took
39 ms)
# PBKDF benchmark: memory cost = 0, iterations = 1344328, threads = 0 (took
390 ms)
# PBKDF benchmark: memory cost = 0, iterations = 1254277, threads = 0 (took
836 ms)
# Benchmark returns pbkdf2(sha256) 1254277 iterations, 0 memory, 0 threads
(for 256-bits key).
# Digest JSON:
# {
"type":"pbkdf2",
"keyslots":[
],
"segments":[
],
"hash":"sha256",
"iterations":156784,
"salt":"NwIux87cV6KdbMFQf98BE9ZwRomr0+p0Ufc1qLP2BPY=",
"digest":"IBQIZt59E5VgP1Bf02MdtsmcQ4hmg0omp2DJF3Hg7rY="
}
# Segment 0 assigned to digest 0.
# Header JSON:
# {
"keyslots":{
},
"tokens":{
},
"segments":{
"0":{
"type":"crypt",
"offset":"4194304",
"iv_tweak":"0",
"size":"dynamic",
"encryption":"aes-gcm-random",
"sector_size":512,
"integrity":{
"type":"aead",
"journal_encryption":"none",
"journal_integrity":"none"
}
}
},
"digests":{
"0":{
"type":"pbkdf2",
"keyslots":[
],
"segments":[
"0"
],
"hash":"sha256",
"iterations":156784,
"salt":"NwIux87cV6KdbMFQf98BE9ZwRomr0+p0Ufc1qLP2BPY=",
"digest":"IBQIZt59E5VgP1Bf02MdtsmcQ4hmg0omp2DJF3Hg7rY="
}
},
"config":{
"json_size":"12288",
"keyslots_size":"4161536"
}
}
# Opening lock resource file /run/cryptsetup/L_259:9
# Acquiring write lock for device /dev/nvme3n1p1.
# Verifying write lock handle for device /dev/nvme3n1p1.
# Device /dev/nvme3n1p1 WRITE lock taken.
# Trying to format INTEGRITY device on top of /dev/nvme3n1p1, tmp name
temporary-cryptsetup-954e81ee-a612-4cdb-b82a-5567abc01fc4, tag size 28.
# dm version [ opencount flush ] [16384] (*1)
# dm versions [ opencount flush ] [16384] (*1)
# Detected dm-ioctl version 4.37.0.
# Device-mapper backend running with UDEV support enabled.
# dm versions [ opencount flush ] [16384] (*1)
# DM-UUID is
CRYPT-INTEGRITY-temporary-cryptsetup-954e81ee-a612-4cdb-b82a-5567abc01fc4
# Udev cookie 0xd4de5d4 (semid 131074) created
# Udev cookie 0xd4de5d4 (semid 131074) incremented to 1
# Udev cookie 0xd4de5d4 (semid 131074) incremented to 2
# Udev cookie 0xd4de5d4 (semid 131074) assigned to CREATE task(0) with
flags DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES
DISABLE_LIBRARY_FALLBACK (0x2e)
# dm create temporary-cryptsetup-954e81ee-a612-4cdb-b82a-5567abc01fc4
CRYPT-INTEGRITY-temporary-cryptsetup-954e81ee-a612-4cdb-b82a-5567abc01fc4 [
opencount flush ] [16384] (*1)
# dm reload temporary-cryptsetup-954e81ee-a612-4cdb-b82a-5567abc01fc4 [
opencount flush securedata ] [16384] (*1)
device-mapper: reload ioctl on failed: Argument invalide
# Udev cookie 0xd4de5d4 (semid 131074) decremented to 1
# Udev cookie 0xd4de5d4 (semid 131074) incremented to 2
# Udev cookie 0xd4de5d4 (semid 131074) assigned to REMOVE task(2) with
flags DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES
DISABLE_LIBRARY_FALLBACK (0x2e)
# dm remove temporary-cryptsetup-954e81ee-a612-4cdb-b82a-5567abc01fc4 [
opencount flush securedata ] [16384] (*1)
# Udev cookie 0xd4de5d4 (semid 131074) decremented to 1
# Udev cookie 0xd4de5d4 (semid 131074) waiting for zero
# Udev cookie 0xd4de5d4 (semid 131074) destroyed
# dm versions [ opencount flush ] [16384] (*1)
# dm versions [ opencount flush ] [16384] (*1)
Cannot format integrity for device /dev/nvme3n1p1.
# Device /dev/nvme3n1p1 WRITE lock released.
# Releasing crypt device /dev/nvme3n1p1 context.
# Releasing device-mapper backend.
# Unlocking memory.
La commande a échoué avec le code -1 (paramètres erronés ou manquants).
Any help is welcomed :-)
[-- Attachment #2: Type: text/html, Size: 13562 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dm-crypt] cryptsetup : LUKS2 Issue for using cryptsetup --type with aes-gcm-random
2018-07-25 17:39 [dm-crypt] cryptsetup : LUKS2 Issue for using cryptsetup --type with aes-gcm-random laurent cop
@ 2018-07-26 6:05 ` Milan Broz
0 siblings, 0 replies; 4+ messages in thread
From: Milan Broz @ 2018-07-26 6:05 UTC (permalink / raw
To: laurent cop, dm-crypt
On 25/07/18 19:39, laurent cop wrote:
> Hello,
>
> I have upgraded my kernel to 4.16, I am on Debian 9
>
> Nevertheless I received this error :
>
> root@NAS:/home/user1# cryptsetup --debug luksFormat --type luks2 /dev/nvme3n1p1 --cipher aes-gcm-random --integrity aead
>
> # cryptsetup 2.0.3 processing "cryptsetup --debug luksFormat --type luks2 /dev/nvme3n1p1 --cipher aes-gcm-random --integrity aead"
The command is correct, but I expect something is missing in your kernel.
> # Trying to format INTEGRITY device on top of /dev/nvme3n1p1, tmp name temporary-cryptsetup-954e81ee-a612-4cdb-b82a-5567abc01fc4, tag size 28.
> # dm version [ opencount flush ] [16384] (*1)
> # dm versions [ opencount flush ] [16384] (*1)
> # Detected dm-ioctl version 4.37.0.
Here it should also print version of dm-crypt and dm-integrity targets (kernel modules).
Do you have these device-mapper target compiled in and available?
Could you post output of "dmsetup targets" after it fails?
I will add some better error message here, but detection what is available
is more complicated that it seems...
Milan
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-07-26 6:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-07-25 17:39 [dm-crypt] cryptsetup : LUKS2 Issue for using cryptsetup --type with aes-gcm-random laurent cop
2018-07-26 6:05 ` Milan Broz
-- strict thread matches above, loose matches on Subject: below --
2018-07-19 17:05 laurent cop
2018-07-20 7:54 ` Milan Broz
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.