[dm-crypt] cryptsetup problem on Raspberry Pi 2 w 512bit key-size (works on Raspberry Pi 1, x86_64, 256bit)

Johannes Ernst johannes.ernst at gmail.com
Tue Feb 24 00:02:15 CET 2015


All in one place:

> dd if=/dev/zero of=./test.img count=8 bs=1M

> cryptsetup --hash sha512 --key-size 512 -v luksFormat ./test.img
Used password ‘asdf’ (no quotes)

> cryptsetup open test.img test
Enter passphrase for test.img: 
No key available with this passphrase.
Enter passphrase for test.img: 
No key available with this passphrase.
^C

> cryptsetup luksDump test.img     
LUKS header information for test.img

Version:       	1
Cipher name:   	aes
Cipher mode:   	xts-plain64
Hash spec:     	sha512
Payload offset:	4096
MK bits:       	512
MK digest:     	a6 c0 8d f7 f8 db b0 95 77 b7 72 09 3f 8f 86 ff 6f 31 0b a1 
MK salt:       	1c 9f 21 cf 2c 81 26 49 cc 36 a0 3a 6d 9e 49 a3 
               	43 3d a7 38 7d 12 86 5b 4e df f9 ac 38 1c a4 38 
MK iterations: 	1000
UUID:          	d4a0b4ab-b15e-4faf-8504-7e01d88dd9de

Key Slot 0: ENABLED
	Iterations:         	4289
	Salt:               	3c 8b 2e de 72 3f 17 5c 4c 3b d3 ca 5e 09 77 11 
	                      	69 10 1d 54 ab de c8 87 f9 fd 76 b5 e4 13 1e 04 
	Key material offset:	8
	AF stripes:            	4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

> cryptsetup open --debug test.img test
# cryptsetup 1.6.6 processing "cryptsetup open --debug test.img test"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device test.img context.
# Trying to open and read device test.img.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device test.img.
# Crypto backend (gcrypt 1.6.2) initialized.
# Detected kernel Linux 3.18.7-5-ARCH armv7l.
# Reading LUKS header of size 1024 from device test.img
# Key length 64, device size 16384 sectors, header size 4036 sectors.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 1000 miliseconds.
# Activating volume test [keyslot -1] using [none] passphrase.
# dm version   OF   [16384] (*1)
# dm versions   OF   [16384] (*1)
# Detected dm-crypt version 1.13.0, dm-ioctl version 4.28.0.
# Device-mapper backend running with UDEV support enabled.
# dm status test  OF   [16384] (*1)
# Interactive passphrase entry requested.
Enter passphrase for test.img: 
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Trying to open key slot 1 [INACTIVE].
# Trying to open key slot 2 [INACTIVE].
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
No key available with this passphrase.
# Interactive passphrase entry requested.
Enter passphrase for test.img: 
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
Key slot 0 unlocked.
# Allocating a free loop device.
# Trying to open and read device /dev/loop5.
# Calculated device size is 12288 sectors (RW), offset 4096.
# DM-UUID is CRYPT-LUKS1-d4a0b4abb15e4faf85047e01d88dd9de-test
# Udev cookie 0xd4d3a56 (semid 720898) created
# Udev cookie 0xd4d3a56 (semid 720898) incremented to 1
# Udev cookie 0xd4d3a56 (semid 720898) incremented to 2
# Udev cookie 0xd4d3a56 (semid 720898) assigned to CREATE task(0) with flags         (0x0)
# dm create test CRYPT-LUKS1-d4a0b4abb15e4faf85047e01d88dd9de-test OF   [16384] (*1)
# dm reload test  OFW    [16384] (*1)
# dm resume test  OFW    [16384] (*1)
# test: Stacking NODE_ADD (253,9) 0:0 0600 [verify_udev]
# test: Stacking NODE_READ_AHEAD 256 (flags=1)
# Udev cookie 0xd4d3a56 (semid 720898) decremented to 1
# Udev cookie 0xd4d3a56 (semid 720898) waiting for zero
# Udev cookie 0xd4d3a56 (semid 720898) destroyed
# test: Processing NODE_ADD (253,9) 0:0 0600 [verify_udev]
# test: Processing NODE_READ_AHEAD 256 (flags=1)
# test (253:9): read ahead is 256
# test: retaining kernel read ahead of 256 (requested 256)
# Releasing crypt device test.img context.
# Releasing device-mapper backend.
# Closed loop /dev/loop5 (test.img).
# Unlocking memory.
Command successful.





More information about the dm-crypt mailing list