* [dm-crypt] What are the supported ciphers
@ 2015-05-01 15:58 David Backer
2015-05-01 18:12 ` Ralf Ramsauer
0 siblings, 1 reply; 5+ messages in thread
From: David Backer @ 2015-05-01 15:58 UTC (permalink / raw)
To: dm-crypt
Hello,
I tried to figure out what ciphers are supported
but I can't seem to do it. I'm on gentoo. My version is
1.6.5. I compiled it with nettle as the crypto backend.
Thanks, david
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [dm-crypt] What are the supported ciphers
2015-05-01 15:58 [dm-crypt] What are the supported ciphers David Backer
@ 2015-05-01 18:12 ` Ralf Ramsauer
2015-05-01 18:19 ` Ralf Ramsauer
2015-05-01 18:30 ` Milan Broz
0 siblings, 2 replies; 5+ messages in thread
From: Ralf Ramsauer @ 2015-05-01 18:12 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 1412 bytes --]
Hi David,
you can use
cat /proc/crypto
this is part of an example output:
driver : xts-aes-aesni
module : kernel
priority : 400
refcnt : 4
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
which means that this is the AES cipher driven in the XTS mode of
operation. The keysize may be 32, 48 or 64 Byte. Last you need a
initialisation vector generation algorithm (like ESSIV or Plain) which
generates (at least) 16 Bytes.
I remember this page
http://code.google.com/p/cryptsetup/wiki/DMCrypt#IV_generators which is
not accessible any more. I have in mind, that it contained a list of
possible IVs.
Milan, Arno, is this page available at the new wiki? I couldn't find it.
Besides that, maybe it is a good idea to list all possible combinations
of cipher, mode and IV generator together with a 'recommendation' in the
FAQ.
Cheers
Ralf
On 05/01/2015 05:58 PM, David Backer wrote:
> Hello,
> I tried to figure out what ciphers are supported
> but I can't seem to do it. I'm on gentoo. My version is
> 1.6.5. I compiled it with nettle as the crypto backend.
>
> Thanks, david
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
[-- Attachment #2: Type: text/html, Size: 2499 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [dm-crypt] What are the supported ciphers
2015-05-01 18:12 ` Ralf Ramsauer
@ 2015-05-01 18:19 ` Ralf Ramsauer
2015-05-01 18:30 ` Milan Broz
1 sibling, 0 replies; 5+ messages in thread
From: Ralf Ramsauer @ 2015-05-01 18:19 UTC (permalink / raw)
To: dm-crypt
Here's the list, i eventually found it:
https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt#iv-generators
On 05/01/2015 08:12 PM, Ralf Ramsauer wrote:
> I remember this page
> http://code.google.com/p/cryptsetup/wiki/DMCrypt#IV_generators which
> is not accessible any more. I have in mind, that it contained a list
> of possible IVs.
--
Ralf Ramsauer
GPG: 0x8F10049B
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [dm-crypt] What are the supported ciphers
2015-05-01 18:12 ` Ralf Ramsauer
2015-05-01 18:19 ` Ralf Ramsauer
@ 2015-05-01 18:30 ` Milan Broz
1 sibling, 0 replies; 5+ messages in thread
From: Milan Broz @ 2015-05-01 18:30 UTC (permalink / raw)
To: Ralf Ramsauer, dm-crypt
On 05/01/2015 08:12 PM, Ralf Ramsauer wrote:
> Hi David,
>
> you can use
>
> cat /proc/crypto
>
> this is part of an example output:
>
> driver : xts-aes-aesni
> module : kernel
> priority : 400
> refcnt : 4
> selftest : passed
> type : ablkcipher
> async : yes
> blocksize : 16
> min keysize : 32
> max keysize : 64
> ivsize : 16
> geniv : <default>
>
> which means that this is the AES cipher driven in the XTS mode of operation. The keysize may be 32, 48 or 64 Byte. Last you need a initialisation vector generation algorithm (like ESSIV or Plain) which generates (at least) 16 Bytes.
> I remember this page http://code.google.com/p/cryptsetup/wiki/DMCrypt#IV_generators which is not accessible any more. I have in mind, that it contained a list of possible IVs.
>
> Milan, Arno, is this page available at the new wiki? I couldn't find it.
> Besides that, maybe it is a good idea to list all possible combinations of cipher, mode and IV generator together with a 'recommendation' in the FAQ.
yes, it is here, links slightly changed because of markdown syntax:
https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt#iv-generators
FAQ is here
https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions
Some common combination you get when start "cryptsetup benchmark",
if kernel does not support some variant, you will see it.
Anyway, general advice: if you are not expert, do not experiment here and use default.
(to see default - run "cryptsetup --help")
Milan
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [dm-crypt] What are the supported ciphers
@ 2015-05-04 16:56 David Backer
0 siblings, 0 replies; 5+ messages in thread
From: David Backer @ 2015-05-04 16:56 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 306 bytes --]
I get very different results.
I'm going to skip the --ciphers option and try
to go ahead with whatever cryptsetup likes for Luks.
I loaded all the ko files from /lib/modules/*/kernel/crypto
and got exit status 0 fro modprobe.
My kernel was built by myself, I enabled ALL the otions for
encryption.
Thanks
[-- Attachment #2: out.txt --]
[-- Type: text/plain, Size: 17881 bytes --]
name : cbc(aes)
driver : cbc(aes-generic)
module : kernel
priority : 100
refcnt : 1
selftest : passed
type : givcipher
async : no
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : eseqiv
name : cbc(aes)
driver : cbc(aes-generic)
module : kernel
priority : 100
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : xts(aes)
driver : xts(aes-generic)
module : kernel
priority : 100
refcnt : 1
selftest : passed
type : givcipher
async : no
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : eseqiv
name : xts(aes)
driver : xts(aes-generic)
module : xts
priority : 100
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
name : zlib
driver : zlib-generic
module : zlib
priority : 0
refcnt : 1
selftest : passed
type : pcomp
name : wp256
driver : wp256-generic
module : wp512
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 32
name : wp384
driver : wp384-generic
module : wp512
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 48
name : wp512
driver : wp512-generic
module : wp512
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 64
name : twofish
driver : twofish-generic
module : twofish_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : tgr128
driver : tgr128-generic
module : tgr192
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 16
name : tgr160
driver : tgr160-generic
module : tgr192
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : tgr192
driver : tgr192-generic
module : tgr192
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 24
name : xeta
driver : xeta-generic
module : tea
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 16
max keysize : 16
name : xtea
driver : xtea-generic
module : tea
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 16
max keysize : 16
name : tea
driver : tea-generic
module : tea
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 16
max keysize : 16
name : tnepres
driver : tnepres-generic
module : serpent_generic
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : serpent
driver : serpent-generic
module : serpent_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : seed
driver : seed-generic
module : seed
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 16
name : salsa20
driver : salsa20-generic
module : salsa20_generic
priority : 100
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 8
geniv : <default>
name : rmd320
driver : rmd320-generic
module : rmd320
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 40
name : rmd256
driver : rmd256-generic
module : rmd256
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 32
name : rmd160
driver : rmd160-generic
module : rmd160
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : rmd128
driver : rmd128-generic
module : rmd128
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 16
name : michael_mic
driver : michael_mic-generic
module : michael_mic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 8
digestsize : 8
name : md4
driver : md4-generic
module : md4
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 16
name : lzo
driver : lzo-generic
module : lzo
priority : 0
refcnt : 1
selftest : passed
type : compression
name : lz4hc
driver : lz4hc-generic
module : lz4hc
priority : 0
refcnt : 1
selftest : passed
type : compression
name : lz4
driver : lz4-generic
module : lz4
priority : 0
refcnt : 1
selftest : passed
type : compression
name : khazad
driver : khazad-generic
module : khazad
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 16
max keysize : 16
name : ghash
driver : ghash-generic
module : ghash_generic
priority : 100
refcnt : 1
selftest : passed
type : shash
blocksize : 16
digestsize : 16
name : fcrypt
driver : fcrypt-generic
module : fcrypt
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : stdrng
driver : drbg_nopr_hmac_sha256
module : drbg
priority : 121
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_hmac_sha512
module : drbg
priority : 120
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_hmac_sha384
module : drbg
priority : 119
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_hmac_sha1
module : drbg
priority : 118
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_sha256
module : drbg
priority : 117
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_sha512
module : drbg
priority : 116
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_sha384
module : drbg
priority : 115
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_sha1
module : drbg
priority : 114
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_ctr_aes256
module : drbg
priority : 113
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_ctr_aes192
module : drbg
priority : 112
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_ctr_aes128
module : drbg
priority : 111
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : hmac(sha256)
driver : hmac(sha256-ssse3)
module : kernel
priority : 150
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 32
name : stdrng
driver : drbg_pr_hmac_sha256
module : drbg
priority : 110
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_hmac_sha512
module : drbg
priority : 109
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_hmac_sha384
module : drbg
priority : 108
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_hmac_sha1
module : drbg
priority : 107
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : sha224
driver : sha224-ssse3
module : sha256_ssse3
priority : 150
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 28
name : sha256
driver : sha256-ssse3
module : sha256_ssse3
priority : 150
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 32
name : sha224
driver : sha224-generic
module : sha256_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 28
name : sha256
driver : sha256-generic
module : sha256_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 32
name : stdrng
driver : drbg_pr_sha256
module : drbg
priority : 106
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_sha512
module : drbg
priority : 105
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_sha384
module : drbg
priority : 104
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_sha1
module : drbg
priority : 103
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_ctr_aes256
module : drbg
priority : 102
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_ctr_aes192
module : drbg
priority : 101
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : ecb(aes)
driver : ecb(aes-generic)
module : ecb
priority : 100
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : stdrng
driver : drbg_pr_ctr_aes128
module : drbg
priority : 100
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : deflate
driver : deflate-generic
module : deflate
priority : 0
refcnt : 1
selftest : passed
type : compression
name : digest_null
driver : digest_null-generic
module : crypto_null
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 1
digestsize : 0
name : compress_null
driver : compress_null-generic
module : crypto_null
priority : 0
refcnt : 1
selftest : passed
type : compression
name : ecb(cipher_null)
driver : ecb-cipher_null
module : crypto_null
priority : 100
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 0
ivsize : 0
geniv : <default>
name : cipher_null
driver : cipher_null-generic
module : crypto_null
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 1
min keysize : 0
max keysize : 0
name : cast6
driver : cast6-generic
module : cast6_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : cast5
driver : cast5-generic
module : cast5_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 5
max keysize : 16
name : camellia
driver : camellia-generic
module : camellia_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : blowfish
driver : blowfish-generic
module : blowfish_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 4
max keysize : 56
name : anubis
driver : anubis-generic
module : anubis
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 40
name : stdrng
driver : ansi_cprng
module : ansi_cprng
priority : 100
refcnt : 1
selftest : passed
type : rng
seedsize : 48
name : ccm(aes)
driver : ccm_base(ctr(aes-generic),aes-generic)
module : kernel
priority : 200
refcnt : 2
selftest : passed
type : aead
async : no
blocksize : 1
ivsize : 16
maxauthsize : 16
geniv : <built-in>
name : ctr(aes)
driver : ctr(aes-generic)
module : kernel
priority : 100
refcnt : 2
selftest : passed
type : givcipher
async : no
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv
name : ctr(aes)
driver : ctr(aes-generic)
module : kernel
priority : 100
refcnt : 2
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv
name : crc32c
driver : crc32c-intel
module : crc32c_intel
priority : 200
refcnt : 2
selftest : passed
type : shash
blocksize : 1
digestsize : 4
name : __ghash
driver : cryptd(__ghash-pclmulqdqni)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
type : ahash
async : yes
blocksize : 16
digestsize : 16
name : ghash
driver : ghash-clmulni
module : ghash_clmulni_intel
priority : 400
refcnt : 1
selftest : passed
type : ahash
async : yes
blocksize : 16
digestsize : 16
name : __ghash
driver : __ghash-pclmulqdqni
module : ghash_clmulni_intel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 16
digestsize : 16
name : stdrng
driver : krng
module : kernel
priority : 200
refcnt : 2
selftest : passed
type : rng
seedsize : 0
name : crct10dif
driver : crct10dif-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
type : shash
blocksize : 1
digestsize : 2
name : crc32c
driver : crc32c-generic
module : kernel
priority : 100
refcnt : 2
selftest : passed
type : shash
blocksize : 1
digestsize : 4
name : ecb(arc4)
driver : ecb(arc4)-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 1
max keysize : 256
ivsize : 0
geniv : <default>
name : arc4
driver : arc4-generic
module : kernel
priority : 0
refcnt : 3
selftest : passed
type : cipher
blocksize : 1
min keysize : 1
max keysize : 256
name : aes
driver : aes-generic
module : kernel
priority : 100
refcnt : 3
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : des3_ede
driver : des3_ede-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
driver : des-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : sha384
driver : sha384-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 128
digestsize : 48
name : sha512
driver : sha512-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 128
digestsize : 64
name : sha1
driver : sha1-generic
module : kernel
priority : 0
refcnt : 2
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 16
name : crct10dif
driver : crct10dif-pclmul
module : kernel
priority : 200
refcnt : 2
selftest : passed
type : shash
blocksize : 1
digestsize : 2
name : crc32
driver : crc32-pclmul
module : kernel
priority : 200
refcnt : 1
selftest : passed
type : shash
blocksize : 1
digestsize : 4
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-05-04 16:56 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-01 15:58 [dm-crypt] What are the supported ciphers David Backer
2015-05-01 18:12 ` Ralf Ramsauer
2015-05-01 18:19 ` Ralf Ramsauer
2015-05-01 18:30 ` Milan Broz
-- strict thread matches above, loose matches on Subject: below --
2015-05-04 16:56 David Backer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox