lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <8f8710fbd9454b7eb6811e81637d4dfc@US-EXCH13-4.na.uis.unisys.com>
Date:	Wed, 4 Mar 2015 19:16:35 +0000
From:	"McCaffrey, Timothy M" <Timothy.McCaffrey@...sys.com>
To:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: re: [4.0] cryptsetup fails



> -----Original Message-----
> From: McCaffrey, Timothy M
> Sent: Wednesday, March 04, 2015 2:14 PM
> To: 'linux-kernel@...r.kernel.org'
> Subject: re: [4.0] cryptsetup fails
> 
> >Subject:    [4.0] cryptsetup fails
> >From:       Thomas Meyer <thomas () m3y3r ! de>
> >Date:       2015-03-04 12:12:47
> >Hi,
> 
> >I wanted to give the new kernel a try, but the cryptsetup fails with:
> >[    8.747114] localhost.localdomain systemd-cryptsetup[280]: Set cipher aes,
> mode xts-plain64, key size 256 bits for device /dev/disk/[...]
> >[    9.265258] localhost.localdomain kernel: device-mapper: table: 254:0:
> crypt: Error allocating crypto tfm
> >[    9.265265] localhost.localdomain kernel: device-mapper: ioctl: error
> adding target to table
> >[    9.280993] localhost.localdomain systemd-cryptsetup[280]: Failed to
> activate: Input/output error
> 
> >the error seems to get produced in drivers/md/dm-crypt.c:
> 
> >5ebaee6d2       (Milan Broz     2010-08-12 04:14:07 +0100       1619)   /* Allocate
> cipher */
> >fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1620)   ret =
> crypt_alloc_tfms(cc, cipher_api);
> >fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1621)   if
> (ret < 0) {
> >fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1622)
> ti->error = "Error allocating crypto tfm";
> >fd2d231fa       (Mikulas Patocka        2012-07-27 15:08:05 +0100       1623)
> goto bad;
> 
> >$ grep AES /boot/config-4.0.0-rc1-23421-g023a600
> ># CONFIG_SND_MAESTRO3 is not set
> >CONFIG_CRYPTO_AES=y
> >CONFIG_CRYPTO_AES_X86_64=m
> >CONFIG_CRYPTO_AES_NI_INTEL=m
> >CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m
> >CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m
> 
> >any ideas what did change here? what am i missing?
> 
> >with kind regards
> >thomas
> 
> I submitted a patch to the crypto mailing list that fixed the AESNI module so it
> handles 256 bit keys
> properly, I am not sure it was included on the 4.0 kernel (it was submitted for
> the 3.20 kernel).
> 
> Previously, if you specified a 256 bit key, it would set the key properly, but
> the AESNI (both SSE & AVX versions)
> module would only do 10 rounds (instead of 14 like it is supposed to).
> 
> You would get the same failure as above if you didn't load the AESNI module
> with an older kernel.
> 
> You may need to decrypt your disk with an older kernel, then re-encrypt it.
> 
> 	- Tim

I should also note these changes were for AES/GCM only, they may not apply to AES/TXT.

	- Tim
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ