[Bug 1299557] Re: cryptsetup luksFormat fails with -s <keysize>

Niels Ganser niels at sockgap.de
Tue Sep 16 12:11:35 UTC 2014 

I see a potentially similar issue, but the offending option is `-c aes-
xts` in my case.

Successful command `cryptsetup -i 5000 -h PBKDF2-sha256 -h sha512
luksFormat --debug /dev/e/enc`:

# cryptsetup 1.6.1 processing "cryptsetup -i 5000 -h PBKDF2-sha256 -h sha512 luksFormat --debug /dev/e/enc"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.

WARNING!
========
This will overwrite data on /dev/e/enc irrevocably.

Are you sure? (Type uppercase yes): YES
# Allocating crypt device /dev/e/enc context.
# Trying to open and read device /dev/e/enc.
# Initialising device-mapper backend library.
# Timeout set to 0 miliseconds.
# Iteration time set to 5000 miliseconds.
# Interactive passphrase entry requested.
Enter passphrase: 
Verify passphrase: 
# Formatting device /dev/e/enc as type LUKS1.
# Crypto backend (gcrypt 1.5.3) initialized.
# Topology: IO (512/0), offset = 0; Required alignment is 1048576 bytes.
# Generating LUKS header version 1 using hash sha512, aes, xts-plain64, MK 32 bytes
# Crypto backend (gcrypt 1.5.3) initialized.
# KDF pbkdf2, hash sha512: 180291 iterations per second.
# Data offset 4096, UUID ecde023d-d4f1-4e98-977d-8547ce9570b8, digest iterations 110000
# Updating LUKS header of size 1024 on device /dev/e/enc
# Key length 32, device size 2048000 sectors, header size 2050 sectors.
# Reading LUKS header of size 1024 from device /dev/e/enc
# Key length 32, device size 2048000 sectors, header size 2050 sectors.
# Adding new keyslot -1 using volume key.
# Calculating data for key slot 0
# Crypto backend (gcrypt 1.5.3) initialized.
# KDF pbkdf2, hash sha512: 180788 iterations per second.
# Key slot 0 use 441376 password iterations.
# Using hash sha512 for AF in key slot 0, 4000 stripes
# Updating key slot 0 [0x1000] area.
# Calculated device size is 250 sectors (RW), offset 8.
# dm version   OF   [16384] (*1)
# dm versions   OF   [16384] (*1)
# Detected dm-crypt version 1.13.0, dm-ioctl version 4.27.0.
# Device-mapper backend running with UDEV support enabled.
# DM-UUID is CRYPT-TEMP-temporary-cryptsetup-4478
# Udev cookie 0xd4d7800 (semid 2228240) created
# Udev cookie 0xd4d7800 (semid 2228240) incremented to 1
# Udev cookie 0xd4d7800 (semid 2228240) incremented to 2
# Udev cookie 0xd4d7800 (semid 2228240) assigned to CREATE task(0) with flags DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES (0xe)
# dm create temporary-cryptsetup-4478 CRYPT-TEMP-temporary-cryptsetup-4478 OF   [16384] (*1)
# dm reload temporary-cryptsetup-4478  OFW    [16384] (*1)
# dm resume temporary-cryptsetup-4478  OFW    [16384] (*1)
# temporary-cryptsetup-4478: Stacking NODE_ADD (252,6) 0:6 0660 [verify_udev]
# temporary-cryptsetup-4478: Stacking NODE_READ_AHEAD 256 (flags=1)
# Udev cookie 0xd4d7800 (semid 2228240) decremented to 1
# Udev cookie 0xd4d7800 (semid 2228240) waiting for zero
# Udev cookie 0xd4d7800 (semid 2228240) destroyed
# temporary-cryptsetup-4478: Processing NODE_ADD (252,6) 0:6 0660 [verify_udev]
# temporary-cryptsetup-4478: Processing NODE_READ_AHEAD 256 (flags=1)
# temporary-cryptsetup-4478 (252:6): read ahead is 256
# temporary-cryptsetup-4478 (252:6): Setting read ahead to 256
# Udev cookie 0xd4d4648 (semid 2261008) created
# Udev cookie 0xd4d4648 (semid 2261008) incremented to 1
# Udev cookie 0xd4d4648 (semid 2261008) incremented to 2
# Udev cookie 0xd4d4648 (semid 2261008) assigned to REMOVE task(2) with flags (0x0)
# dm remove temporary-cryptsetup-4478  OFT    [16384] (*1)
# temporary-cryptsetup-4478: Stacking NODE_DEL [verify_udev]
# Udev cookie 0xd4d4648 (semid 2261008) decremented to 1
# Udev cookie 0xd4d4648 (semid 2261008) waiting for zero
# Udev cookie 0xd4d4648 (semid 2261008) destroyed
# temporary-cryptsetup-4478: Processing NODE_DEL [verify_udev]
# Key slot 0 was enabled in LUKS header.
# Updating LUKS header of size 1024 on device /dev/e/enc
# Key length 32, device size 2048000 sectors, header size 2050 sectors.
# Reading LUKS header of size 1024 from device /dev/e/enc
# Key length 32, device size 2048000 sectors, header size 2050 sectors.
# Releasing crypt device /dev/e/enc context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.

Failing command `cryptsetup -i 5000 -h PBKDF2-sha256 -h sha512 -c aes-
xts --debug luksFormat /dev/e/enc`:

# cryptsetup 1.6.1 processing "cryptsetup -i 5000 -h PBKDF2-sha256 -h sha512 -c aes-xts --debug luksFormat /dev/e/enc"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.

WARNING!
========
This will overwrite data on /dev/e/enc irrevocably.

Are you sure? (Type uppercase yes): YES
# Allocating crypt device /dev/e/enc context.
# Trying to open and read device /dev/e/enc.
# Initialising device-mapper backend library.
# Timeout set to 0 miliseconds.
# Iteration time set to 5000 miliseconds.
# Interactive passphrase entry requested.
Enter passphrase: 
Verify passphrase: 
# Formatting device /dev/e/enc as type LUKS1.
# Crypto backend (gcrypt 1.5.3) initialized.
# Topology: IO (512/0), offset = 0; Required alignment is 1048576 bytes.
# Generating LUKS header version 1 using hash sha512, aes, xts, MK 32 bytes
# Crypto backend (gcrypt 1.5.3) initialized.
# KDF pbkdf2, hash sha512: 177124 iterations per second.
# Data offset 4096, UUID 4e308c09-e0f7-4ed5-ad9a-b325892517aa, digest iterations 107500
# Updating LUKS header of size 1024 on device /dev/e/enc
# Key length 32, device size 2048000 sectors, header size 2050 sectors.
# Reading LUKS header of size 1024 from device /dev/e/enc
# Key length 32, device size 2048000 sectors, header size 2050 sectors.
# Adding new keyslot -1 using volume key.
# Calculating data for key slot 0
# Crypto backend (gcrypt 1.5.3) initialized.
# KDF pbkdf2, hash sha512: 179796 iterations per second.
# Key slot 0 use 438955 password iterations.
# Using hash sha512 for AF in key slot 0, 4000 stripes
# Updating key slot 0 [0x1000] area.
# Calculated device size is 250 sectors (RW), offset 8.
# dm version   OF   [16384] (*1)
# dm versions   OF   [16384] (*1)
# Detected dm-crypt version 1.13.0, dm-ioctl version 4.27.0.
# Device-mapper backend running with UDEV support enabled.
# DM-UUID is CRYPT-TEMP-temporary-cryptsetup-4493
# Udev cookie 0xd4d3c5f (semid 2293776) created
# Udev cookie 0xd4d3c5f (semid 2293776) incremented to 1
# Udev cookie 0xd4d3c5f (semid 2293776) incremented to 2
# Udev cookie 0xd4d3c5f (semid 2293776) assigned to CREATE task(0) with flags DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES (0xe)
# dm create temporary-cryptsetup-4493 CRYPT-TEMP-temporary-cryptsetup-4493 OF   [16384] (*1)
# dm reload temporary-cryptsetup-4493  OFW    [16384] (*1)
device-mapper: reload ioctl on  failed: Invalid argument
# Udev cookie 0xd4d3c5f (semid 2293776) decremented to 1
# Udev cookie 0xd4d3c5f (semid 2293776) incremented to 2
# Udev cookie 0xd4d3c5f (semid 2293776) assigned to REMOVE task(2) with flags DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES (0xe)
# dm remove temporary-cryptsetup-4493  OFW    [16384] (*1)
# temporary-cryptsetup-4493: Stacking NODE_DEL [verify_udev]
# Udev cookie 0xd4d3c5f (semid 2293776) decremented to 1
# Udev cookie 0xd4d3c5f (semid 2293776) waiting for zero
# Udev cookie 0xd4d3c5f (semid 2293776) destroyed
# temporary-cryptsetup-4493: Processing NODE_DEL [verify_udev]
Failed to open temporary keystore device.
# Udev cookie 0xd4df87d (semid 2326544) created
# Udev cookie 0xd4df87d (semid 2326544) incremented to 1
# Udev cookie 0xd4df87d (semid 2326544) incremented to 2
# Udev cookie 0xd4df87d (semid 2326544) assigned to REMOVE task(2) with flags (0x0)
# dm remove temporary-cryptsetup-4493  OFT    [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-4493 failed: No such device or address
# Udev cookie 0xd4df87d (semid 2326544) decremented to 1
# Udev cookie 0xd4df87d (semid 2326544) decremented to 0
# Udev cookie 0xd4df87d (semid 2326544) waiting for zero
# Udev cookie 0xd4df87d (semid 2326544) destroyed
# WARNING: other process locked internal device temporary-cryptsetup-4493, retrying remove.
# dm reload temporary-cryptsetup-4493  NFR   [16384] (*1)
device-mapper: reload ioctl on temporary-cryptsetup-4493 failed: No such device or address
# Udev cookie 0xd4de05e (semid 2359312) created
# Udev cookie 0xd4de05e (semid 2359312) incremented to 1
# Udev cookie 0xd4de05e (semid 2359312) incremented to 2
# Udev cookie 0xd4de05e (semid 2359312) assigned to REMOVE task(2) with flags (0x0)
# dm remove temporary-cryptsetup-4493  OFT    [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-4493 failed: No such device or address
# Udev cookie 0xd4de05e (semid 2359312) decremented to 1
# Udev cookie 0xd4de05e (semid 2359312) decremented to 0
# Udev cookie 0xd4de05e (semid 2359312) waiting for zero
# Udev cookie 0xd4de05e (semid 2359312) destroyed
# WARNING: other process locked internal device temporary-cryptsetup-4493, retrying remove.
# Udev cookie 0xd4d2b99 (semid 2392080) created
# Udev cookie 0xd4d2b99 (semid 2392080) incremented to 1
# Udev cookie 0xd4d2b99 (semid 2392080) incremented to 2
# Udev cookie 0xd4d2b99 (semid 2392080) assigned to REMOVE task(2) with flags (0x0)
# dm remove temporary-cryptsetup-4493  OFT    [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-4493 failed: No such device or address
# Udev cookie 0xd4d2b99 (semid 2392080) decremented to 1
# Udev cookie 0xd4d2b99 (semid 2392080) decremented to 0
# Udev cookie 0xd4d2b99 (semid 2392080) waiting for zero
# Udev cookie 0xd4d2b99 (semid 2392080) destroyed
# WARNING: other process locked internal device temporary-cryptsetup-4493, retrying remove.
# Udev cookie 0xd4d83c1 (semid 2424848) created
# Udev cookie 0xd4d83c1 (semid 2424848) incremented to 1
# Udev cookie 0xd4d83c1 (semid 2424848) incremented to 2
# Udev cookie 0xd4d83c1 (semid 2424848) assigned to REMOVE task(2) with flags (0x0)
# dm remove temporary-cryptsetup-4493  OFT    [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-4493 failed: No such device or address
# Udev cookie 0xd4d83c1 (semid 2424848) decremented to 1
# Udev cookie 0xd4d83c1 (semid 2424848) decremented to 0
# Udev cookie 0xd4d83c1 (semid 2424848) waiting for zero
# Udev cookie 0xd4d83c1 (semid 2424848) destroyed
# WARNING: other process locked internal device temporary-cryptsetup-4493, retrying remove.
# Udev cookie 0xd4d3985 (semid 2457616) created
# Udev cookie 0xd4d3985 (semid 2457616) incremented to 1
# Udev cookie 0xd4d3985 (semid 2457616) incremented to 2
# Udev cookie 0xd4d3985 (semid 2457616) assigned to REMOVE task(2) with flags (0x0)
# dm remove temporary-cryptsetup-4493  OFT    [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-4493 failed: No such device or address
# Udev cookie 0xd4d3985 (semid 2457616) decremented to 1
# Udev cookie 0xd4d3985 (semid 2457616) decremented to 0
# Udev cookie 0xd4d3985 (semid 2457616) waiting for zero
# Udev cookie 0xd4d3985 (semid 2457616) destroyed
# Releasing crypt device /dev/e/enc context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 5: Input/output error

FWIW, I'm creating the encrypted volume on top of a LVM logical volume.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1299557

Title:
  cryptsetup luksFormat fails with -s <keysize>

Status in “cryptsetup” package in Ubuntu:
  Confirmed

Bug description:
  I installed beta2 of 14.04 yesterday.  Today, I am trying to manually
  create an encrypted partition.  If I specify a key size to cryptsetup
  with -s, cryptsetup fails as follows.

  root at slab:~# cryptsetup -y -s 128 luksFormat /dev/sda6
  WARNING!
  ========
  This will overwrite data on /dev/sda6 irrevocably.
  Are you sure? (Type uppercase yes): YES
  Enter passphrase:
  Verify passphrase:
  device-mapper: reload ioctl on  failed: Invalid argument
  Failed to open temporary keystore device.
  device-mapper: remove ioctl on temporary-cryptsetup-2231 failed: No such device or address
  device-mapper: reload ioctl on temporary-cryptsetup-2231 failed: No such device or address
  device-mapper: remove ioctl on temporary-cryptsetup-2231 failed: No such device or address
  device-mapper: remove ioctl on temporary-cryptsetup-2231 failed: No such device or address
  device-mapper: remove ioctl on temporary-cryptsetup-2231 failed: No such device or address
  device-mapper: remove ioctl on temporary-cryptsetup-2231 failed: No such device or address

  After the above, luksDump shows all 8 key slots as DISABLED.

  Without -s, cryptsetup will succeed, as follows.

  root at slab:~# cryptsetup -y luksFormat /dev/sda6
  WARNING!
  ========
  This will overwrite data on /dev/sda6 irrevocably.
  Are you sure? (Type uppercase yes): YES
  Enter passphrase:
  Verify passphrase:
  root at slab:~#

  Other info:

  root at slab:~# lsb_release -rd
  Description:    Ubuntu Trusty Tahr (development branch)
  Release:        14.04

  root at slab:~# apt-cache policy cryptsetup
  cryptsetup:
    Installed: 2:1.6.1-1ubuntu1
    Candidate: 2:1.6.1-1ubuntu1
    Version table:
   *** 2:1.6.1-1ubuntu1 0
          500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1299557/+subscriptions

More information about the foundations-bugs mailing list