[dm-crypt] What am I missing for aes-cbc-plain

Jan Willies jan at willies.info
Tue May 17 16:54:12 CEST 2011


Hi Milan,

2011/5/17 Milan Broz <mbroz at redhat.com>

>
> On 05/17/2011 04:21 PM, Jan Willies wrote:
> > Hi there,
> >
> > I have stared at it long enough, and still can't make out what's missing.
> >
> > I'm trying to mount an aes-cbc-plain encrypted disk with cryptsetup-1.3.0
> on kernel-2.6.37.6:
> >
> > root at dockstar:~# cryptsetup luksOpen /dev/sda2 storage
> > Enter passphrase for /dev/sda2:
> > device-mapper: reload ioctl failed: No such file or directory
> > Failed to setup dm-crypt key mapping for device /dev/sda2.
> > Check that kernel supports aes-cbc-plain cipher (check syslog for more
> info).
> > Failed to read from key storage.
>
> Please run cryptsetup with --debug and post full output.
>

Here's the output:

root at dockstar:~# cryptsetup --debug luksOpen /dev/sda2 storage
# cryptsetup 1.3.0 processing "cryptsetup --debug luksOpen /dev/sda2
storage"
# Running command luksOpen.
# Locking memory.
# Allocating crypt device /dev/sda2 context.
# Trying to open and read device /dev/sda2.
# Initialising device-mapper backend, UDEV is disabled.
# Detected dm-crypt version 1.7.0, dm-ioctl version 4.18.0.
# Trying to load LUKS1 crypt type from device /dev/sda2.
# Initialising gcrypt crypto backend.
# Reading LUKS header of size 1024 from device /dev/sda2
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Iteration time set to 1000 miliseconds.
# Activating volume storage [keyslot -1] using [none] passphrase.
# dm status storage  OF   [16384]
# Interactive passphrase entry requested.
Enter passphrase for /dev/sda2:
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# DM-UUID is CRYPT-TEMP-temporary-cryptsetup-2022
# dm create temporary-cryptsetup-2022 CRYPT-TEMP-temporary-cryptsetup-2022
OF   [16384]
# dm reload temporary-cryptsetup-2022  OF   [16384]
device-mapper: reload ioctl failed: No such file or directory
# dm remove temporary-cryptsetup-2022  OF   [16384]
# temporary-cryptsetup-2022: Stacking NODE_DEL (replaces other stacked ops)
Failed to setup dm-crypt key mapping for device /dev/sda2.
Check that kernel supports aes-cbc-plain cipher (check syslog for more
info).
Failed to read from key storage.
# Releasing crypt device /dev/sda2 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 5: Failed to read from key storage.


> I would also try to blacklist Marvell hw accelerator module (mv_cesa) and
> try
> to use generic aes crypto modules.
> (All this seems to me like bug in this crypto driver).


When blacklisting mv_cesa, I only get

root at dockstar:~# cat /proc/crypto
name         : sha1
driver       : sha1-generic
module       : sha1_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 20

name         : aes
driver       : aes-generic
module       : aes_generic
priority     : 100
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : crc32c
driver       : crc32c-generic
module       : crc32c
priority     : 100
refcnt       : 2
selftest     : passed
type         : shash
blocksize    : 1
digestsize   : 4

although aes_generic and cbc are loaded.


regards,

Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20110517/515b16a3/attachment.html>


More information about the dm-crypt mailing list