[dm-crypt] luksAddKey hangs for ~85 minutes and then fails

Milan Broz gmazyland at gmail.com
Thu Jun 23 08:29:51 CEST 2016


On 06/21/2016 05:51 PM, Joe Hillenbrand wrote:
> I gathered the requested output. Unfortunately, it doesn't look very
> helpful. Each command took about +95 minutes.

Just for the archive, that particular system has apparently broken getrusage() call
that returns zeroed process/system time, so benchmark cannot work there properly.

I would like to know why but apparently this is not cryptsetup failure.

Milan


> 
> On Mon, Jun 20, 2016 at 8:24 PM, Milan Broz <gmazyland at gmail.com> wrote:
>>
>> Does it work if you just open the device? For example try
>>
>> cryptsetup luksOpen /dev/md1 --test-passphrase
> 
> Yes, I can open and mount it fine.
> 
>>
>>> and then fails with the "Not compatible PBKDF2 options" message and exit code 1.
>>>
>>>     $ sudo cryptsetup luksAddKey /dev/md1 /etc/.md1.key
>>>     Enter any existing passphrase:
>>>     Not compatible PBKDF2 options (using hash algorithm sha256).
>>
>> Could you please send output with added --debug switch?
> 
> # cryptsetup 1.7.1 processing "cryptsetup luksAddKey --debug /dev/md1
> /etc/.md1.key"
> # Running command luksAddKey.
> # Locking memory.
> # Installing SIGINT/SIGTERM handler.
> # Unblocking interruption on signal.
> # Allocating crypt device /dev/md1 context.
> # Trying to open and read device /dev/md1 with direct-io.
> # Initialising device-mapper backend library.
> # Trying to load LUKS1 crypt type from device /dev/md1.
> # Crypto backend (gcrypt 1.7.1) initialized in cryptsetup library version 1.7.1.
> # Detected kernel Linux 4.6.2-1-ARCH x86_64.
> # Reading LUKS header of size 1024 from device /dev/md1
> # Key length 32, device size 11720126464 sectors, header size 2050 sectors.
> # Password verification disabled.
> # Timeout set to 0 miliseconds.
> # Iteration time set to 2000 miliseconds.
> # Interactive passphrase entry requested.
> Enter any existing passphrase:
> # Checking volume  [keyslot -1] using passphrase.
> # Trying to open key slot 0 [ACTIVE_LAST].
> # Reading key slot 0 area.
> # Using userspace crypto wrapper to access keyslot area.
> Key slot 0 unlocked.
> # File descriptor passphrase entry requested.
> # Adding new keyslot, existing passphrase provided,new passphrase provided.
> # Trying to open key slot 0 [ACTIVE_LAST].
> # Reading key slot 0 area.
> # Using userspace crypto wrapper to access keyslot area.
> Key slot 0 unlocked.
> # Calculating data for key slot 1
> Not compatible PBKDF2 options (using hash algorithm sha256).
> # Releasing crypt device /dev/md1 context.
> # Releasing device-mapper backend.
> # Unlocking memory.
> Command failed with code 22: Invalid argument
> 
> 
>> It is failing PBKDF2 benchmark here so please try and send output
>> of these commands as well:
>>
>> cryptsetup benchmark -h sha256 --debug
> 
> # cryptsetup 1.7.1 processing "cryptsetup benchmark -h sha256 --debug"
> # Running command benchmark.
> # Installing SIGINT/SIGTERM handler.
> # Unblocking interruption on signal.
> # Tests are approximate using memory only (no storage IO).
> # Crypto backend (gcrypt 1.7.1) initialized in cryptsetup library version 1.7.1.
> # Detected kernel Linux 4.6.2-1-ARCH x86_64.
> PBKDF2-sha256        N/A
> Command failed with code 22.
> 
>> cryptsetup benchmark -h sha1 --debug
> 
> # cryptsetup 1.7.1 processing "cryptsetup benchmark -h sha1 --debug"
> # Running command benchmark.
> # Installing SIGINT/SIGTERM handler.
> # Unblocking interruption on signal.
> # Tests are approximate using memory only (no storage IO).
> ]# Crypto backend (gcrypt 1.7.1) initialized in cryptsetup library
> version 1.7.1.
> # Detected kernel Linux 4.6.2-1-ARCH x86_64.
> PBKDF2-sha1          N/A
> Command failed with code 22.
> 
>> What distro and version it is?
> 
> Arch
> 
>> Do you compile anything (kernel, cryptsetup, library...) yourself?
> 
> No. It's all stock.
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 


More information about the dm-crypt mailing list