re: [4.0] cryptsetup fails

From: McCaffrey, Timothy M
Date: Wed Mar 04 2015 - 14:21:36 EST

Next message: Stephen Boyd: "Re: [PATCH] dmaengine: bam-dma: fill slave directions bit mask"
Previous message: Eduardo Habkost: "Re: [Qemu-devel] [PATCH v3 01/16] Introduce probe mode for machine type none"
In reply to: Thomas Meyer: "[4.0] cryptsetup fails"
Next in thread: McCaffrey, Timothy M: "RE: re: [4.0] cryptsetup fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Subject: [4.0] cryptsetup fails
>From: Thomas Meyer <thomas () m3y3r ! de>
>Date: 2015-03-04 12:12:47
>Hi,

>I wanted to give the new kernel a try, but the cryptsetup fails with:
>[ 8.747114] localhost.localdomain systemd-cryptsetup[280]: Set cipher aes, mode xts-plain64, key size 256 bits for device /dev/disk/[...]
>[ 9.265258] localhost.localdomain kernel: device-mapper: table: 254:0: crypt: Error allocating crypto tfm
>[ 9.265265] localhost.localdomain kernel: device-mapper: ioctl: error adding target to table
>[ 9.280993] localhost.localdomain systemd-cryptsetup[280]: Failed to activate: Input/output error

>the error seems to get produced in drivers/md/dm-crypt.c:

>5ebaee6d2 (Milan Broz 2010-08-12 04:14:07 +0100 1619) /* Allocate cipher */
>fd2d231fa (Mikulas Patocka 2012-07-27 15:08:05 +0100 1620) ret = crypt_alloc_tfms(cc, cipher_api);
>fd2d231fa (Mikulas Patocka 2012-07-27 15:08:05 +0100 1621) if (ret < 0) {
>fd2d231fa (Mikulas Patocka 2012-07-27 15:08:05 +0100 1622) ti->error = "Error allocating crypto tfm";
>fd2d231fa (Mikulas Patocka 2012-07-27 15:08:05 +0100 1623) goto bad;

>$ grep AES /boot/config-4.0.0-rc1-23421-g023a600
># CONFIG_SND_MAESTRO3 is not set
>CONFIG_CRYPTO_AES=y
>CONFIG_CRYPTO_AES_X86_64=m
>CONFIG_CRYPTO_AES_NI_INTEL=m
>CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m
>CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m

>any ideas what did change here? what am i missing?

>with kind regards
>thomas

I submitted a patch to the crypto mailing list that fixed the AESNI module so it handles 256 bit keys
properly, I am not sure it was included on the 4.0 kernel (it was submitted for the 3.20 kernel).

Previously, if you specified a 256 bit key, it would set the key properly, but the AESNI (both SSE & AVX versions)
module would only do 10 rounds (instead of 14 like it is supposed to).

You would get the same failure as above if you didn't load the AESNI module with an older kernel.

You may need to decrypt your disk with an older kernel, then re-encrypt it.

- Tim

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Boyd: "Re: [PATCH] dmaengine: bam-dma: fill slave directions bit mask"
Previous message: Eduardo Habkost: "Re: [Qemu-devel] [PATCH v3 01/16] Introduce probe mode for machine type none"
In reply to: Thomas Meyer: "[4.0] cryptsetup fails"
Next in thread: McCaffrey, Timothy M: "RE: re: [4.0] cryptsetup fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]