[dm-crypt] Fwd: Incompatible LRW changes from 2.6.27 to 2.6.29?

[Massimo Burcheri <massimo@burcheri.de>]

Hello,


Attached you will find my explicit description of the problem I already 
posted to several news groups like this Message-ID
<4543608.1EYhl2MHyX@burcheri.albasani.net>
without getting any ansers so far.
I even wrote to the authors of the LRW kernel modules who told me to 
better ask the LUKS community...

Regards,
Massimo Burcheri



--------------- Weitergeleitete Nachricht (Anfang)

Betreff: Incompatible LRW changes from 2.6.27 to 2.6.29?
Absender: Massimo Burcheri <massimo.burcheri@gmx.de>
Datum: Tue, 01 Sep 2009 16:49:30 +0200
Newsgruppe: comp.os.linux.development.system

Hello,

since 2.6.29 (especially patched linux-2.6.29-gentoo-r5) I cannot open a
LUKS encrypted partition anymore. The same with 2.6.30. Under 2.6.27 it
still works.
By  cryptsetup -c twofish  or without -c option (that is AES by default)
there are no problems with using encrypted partitions on both kernels.
Therefore it could be related to the LRW option.

My applied cipher is twofish-lrw-benbi:sha256.
Kernel configuration on "Cryptographic API is unchanged from 2.6.27 to
the more recent.

I did some  tests with LUKS-encrypted loop disks. There I noticed that
this cipher is incompatible from 2.6.27 to 2.6.29/30. With both kernels
I can format like this:

,----
| # cryptsetup  luksFormat -c twofish-lrw-benbi:sha256 \
| -s 256 -h sha1 /dev/loop1
`----

But the resulting encrypted partition cannot be opened with the other
kernel (neither from 27 to 29 nor from 29 to 27:
/No key available with this passphrase./
Opening with the same kernel works.

The LUKS headers of encryptions from the different kernels look
identical:

,----[ # cryptsetup luksDump /dev/loop1 ]
| LUKS header information for /dev/loop1
| 
| Version:        1
| Cipher name:    twofish
| Cipher mode:    lrw-benbi:sha256
| Hash spec:      sha1
| Payload offset: 2056
| MK bits:        256
| MK digest:      3a 10 55 b7 e9 51 bc 97 3c 8d 91 80 cb 1d 88 54 df b8
0e c9
| MK salt:        ae 8d bf 92 31 cd e6 3a 77 c4 e8 02 61 62 b6 4e
|                 42 91 52 fb 3a 1b 42 8d b3 6c e9 83 b3 91 ec e9
| MK iterations:  10
| UUID:           06c85177-a209-4ebf-bbdc-50dc96ee6467
| 
| Key Slot 0: ENABLED
|         Iterations:             228229
|         Salt:                   4b d8 65 b6 a5 db 35 3f 92 d3 d6 b4 97
8a 63 5b
|                                 b1 a3 80 bd 33 90 56 63 d3 a0 f7 fd 44
3c a3 d4
|         Key material offset:    8
|         AF stripes:             4000
| Key Slot 1: DISABLED
| Key Slot 2: DISABLED
| Key Slot 3: DISABLED
| Key Slot 4: DISABLED
| Key Slot 5: DISABLED
| Key Slot 6: DISABLED
| Key Slot 7: DISABLED
`----

cryptsetup version is 1.0.6-r2.

Has someone noticed the same? Or is that a Gentoo Patch-set issue? From
there I still got no answers [1]. Just as in the german group [2].

I will switch to newer (and better) XTS soon.

Regards,
Massimo

References:
[1] https://forums.gentoo.org/viewtopic-t-775793.html
[2] <1781787.Dl8k9oMu2H@burcheri.albasani.net>

--------------- Weitergeleitete Nachricht (Ende)