* [dm-crypt] cryptsetup 1.2 to 1.6 upgrade
@ 2015-11-19 13:07 Jose Thomas
2015-11-19 14:30 ` Milan Broz
0 siblings, 1 reply; 3+ messages in thread
From: Jose Thomas @ 2015-11-19 13:07 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 2487 bytes --]
Hi,
We are using crypsetup (in plain dmcrypt mode) on RHEL 6.6.
$ cryptsetup --version
cryptsetup 1.2.0
$ cryptsetup --help | tail -3
Default compiled-in device cipher parameters:
plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripemd160
LUKS1: aes-cbc-essiv:sha256, Key: 256 bits, LUKS header hashing: sha1,
RNG: /dev/urandom
$ cryptsetup status encrypteddata
/dev/mapper/encrypteddata is active and is in use.
type: PLAIN
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/xvdz
offset: 0 sectors
size: 314572800 sectors
mode: read/write
I am planning to upgrade to RHEL 7.1 with the same set of keys
$ cryptsetup --version
cryptsetup 1.6.7
$ cryptsetup --help | tail -4
Default compiled-in device cipher parameters:
loop-AES: aes, Key 256 bits
plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripemd160
LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: sha1, RNG:
/dev/urandom
$ ls -l /dev/shm/key.dat
-rw-------. 1 root root 16 Nov 19 05:03 /dev/shm/key.dat
$ cryptsetup create --debug -d /dev/shm/key.dat encrypteddata /dev/xvdz
# cryptsetup 1.6.7 processing "cryptsetup create --debug -d
/dev/shm/key.dat encrypteddata /dev/xvdz"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/xvdz context.
# Trying to open and read device /dev/xvdz with direct-io.
# Initialising device-mapper backend library.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Formatting device /dev/xvdz as type PLAIN.
# Crypto backend (gcrypt 1.5.3) initialized.
# Detected kernel Linux 3.10.0-229.20.1.el7.x86_64 x86_64.
# Activating volume encrypteddata [keyslot -1] using keyfile
/dev/shm/key.dat.
# dm version OF [16384] (*1)
# dm versions OF [16384] (*1)
# Detected dm-crypt version 1.13.0, dm-ioctl version 4.29.0.
# Device-mapper backend running with UDEV support enabled.
# dm status encrypteddata OF [16384] (*1)
# File descriptor passphrase entry requested.
Cannot read requested amount of data.
# Releasing crypt device /dev/xvdz context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 22: Invalid argument
I am getting this error while running cryptsetup - "Cannot read requested
amount of data." What am i missing here ? I tried to convert the create
command to the new "open" version - but it still does not work for me.
Regards,
Jose
[-- Attachment #2: Type: text/html, Size: 2792 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] cryptsetup 1.2 to 1.6 upgrade
2015-11-19 13:07 [dm-crypt] cryptsetup 1.2 to 1.6 upgrade Jose Thomas
@ 2015-11-19 14:30 ` Milan Broz
2015-11-19 15:32 ` Jose Thomas
0 siblings, 1 reply; 3+ messages in thread
From: Milan Broz @ 2015-11-19 14:30 UTC (permalink / raw)
To: Jose Thomas, dm-crypt
On 11/19/2015 02:07 PM, Jose Thomas wrote:
>
> $ ls -l /dev/shm/key.dat
> -rw-------. 1 root root 16 Nov 19 05:03 /dev/shm/key.dat
Your keyfile is only 16 bytes long, you need 32 bytes for 256bit key.
(There was an bug in cryptsetup 1.2.0 where this was not reported and rest
of key was zeroed.)
Try to add these zeroes to your keyfile and repeat.
(Like dd if=/dev/zero of=<keyfile> seek=16 bs=1 count=16 conv=notrunc )
But note your key is half-zeroed (since the beginning!).
Milan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] cryptsetup 1.2 to 1.6 upgrade
2015-11-19 14:30 ` Milan Broz
@ 2015-11-19 15:32 ` Jose Thomas
0 siblings, 0 replies; 3+ messages in thread
From: Jose Thomas @ 2015-11-19 15:32 UTC (permalink / raw)
To: Milan Broz; +Cc: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 836 bytes --]
Milan,
I had seen this - https://gitlab.com/cryptsetup/cryptsetup/issues/112. But
it did not click to me - since the key reported as 256 bits in "status"
output.
Thanks for the pointer. I will try out your solution.
Thanks & regards,
Jose
On Thu, Nov 19, 2015 at 8:00 PM, Milan Broz <gmazyland@gmail.com> wrote:
>
> On 11/19/2015 02:07 PM, Jose Thomas wrote:
> >
> > $ ls -l /dev/shm/key.dat
> > -rw-------. 1 root root 16 Nov 19 05:03 /dev/shm/key.dat
>
> Your keyfile is only 16 bytes long, you need 32 bytes for 256bit key.
>
> (There was an bug in cryptsetup 1.2.0 where this was not reported and rest
> of key was zeroed.)
>
> Try to add these zeroes to your keyfile and repeat.
> (Like dd if=/dev/zero of=<keyfile> seek=16 bs=1 count=16 conv=notrunc )
>
> But note your key is half-zeroed (since the beginning!).
>
> Milan
>
[-- Attachment #2: Type: text/html, Size: 1407 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-11-19 15:32 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-19 13:07 [dm-crypt] cryptsetup 1.2 to 1.6 upgrade Jose Thomas
2015-11-19 14:30 ` Milan Broz
2015-11-19 15:32 ` Jose Thomas
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.