From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail-we0-x230.google.com (mail-we0-x230.google.com
 [IPv6:2a00:1450:400c:c03::230])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Sat, 21 Feb 2015 07:53:58 +0100 (CET)
Received: by wevm14 with SMTP id m14so9139832wev.13
 for <dm-crypt@saout.de>; Fri, 20 Feb 2015 22:53:56 -0800 (PST)
Message-ID: <54E82B80.8000607@gmail.com>
Date: Sat, 21 Feb 2015 07:53:52 +0100
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <2E68FEAA-A69B-4E25-84F9-F30B2E7DFB69@gmail.com>
 <54E7B46D.8060805@tu-ilmenau.de>
 <E401AE9C-F988-4839-AC13-62D4FADD7290@gmail.com>
In-Reply-To: <E401AE9C-F988-4839-AC13-62D4FADD7290@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Subject: Re: [dm-crypt] cryptsetup problem on Raspberry Pi 2 w 512bit
 key-size (works on Raspberry Pi 1, x86_64, 256bit)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Johannes Ernst <johannes.ernst@gmail.com>, Lars Winterfeld <lars.winterfeld@tu-ilmenau.de>
Cc: dm-crypt@saout.de

On 02/20/2015 11:59 PM, Johannes Ernst wrote:
> It’s not the keyboard layout: I interact with both Pi’s through ssh and terminal on OSX. And it even happens with extremely simple pass phrases such as ‘asdf’.

Hi,

it is very unlikely cryptsetup problem but I would guess some kernel crypt or library ARM glitch.
(Cryptsetup is tested even on new ARM64 and there is not many platform dependent code.)

Whatever, please send me full output from that command with added --debug.
I always need exact versions of kernel, crypto libraries a obviously cryptsetup.

(If us use other hash it works even on Pi? Try sha1 and sha256 at least.)

Thanks,
Milan

> 
> 
>> On Feb 20, 2015, at 14:25, Lars Winterfeld <lars.winterfeld@tu-ilmenau.de> wrote:
>>
>> Hi.
>>
>> You could add another keyslot with a keyfile and open the device with
>> that to be absolutely sure you did not just miss-type the password
>> (because of a different keyboard layout on the Raspberry Pi 2 etc.)
>>
>>
>>
>> On 20.02.2015 22:37, Johannes Ernst wrote:
>>> TL;DR: 
>>>    cryptsetup --hash sha512 --key-size 512 -v luksFormat ./test.img
>>> cannot be opened again on the new Raspberry Pi 2. Shorter key-size, and other platforms work.
>>>
>>> This is a bit a puzzler to me …
>>>
>>> This is what I do:
>>>    # Create 8M image
>>>    dd if=/dev/zero of=./test.img count=8 bs=1M
>>>    # Set up encryption -- enter a suitable password when asked
>>>    cryptsetup --hash sha512 --key-size 512 -v luksFormat ./test.img
>>>    # Now attempt to open it, entering the same password
>>>    cryptsetup open test.img test
>>>
>>> and indeed it works for me on x86_64, the Raspberry PI 1, and the BeagleBone Black. However, it fails on the Raspberry Pi 2 with:
>>> 	"No key available with this passphrase."
>>>
>>> If I create the encrypted image on the Raspberry Pi 2, I can open it on other platforms. However, I cannot open any image with these parameters on the Raspberry Pi 2, regardless where it was created.
>>>
>>> If I set the key-size to 256 bit, it works on all platforms.
>>>
>>> The Raspberry Pi 2 is an ARM v7 processor, unlike the Raspberry Pi 1. But then, the BeagleBone Black is Arm V7, too.
>>>
>>> Puzzled ...
>>>
>>>
>>>
>>>
>>> Johannes.