Asus RT-AC86U LUKS problem

[chavo]

I compiled kernel with encryption support
Connected usb hdd luks created in ubuntu.
But i have Input/output error
If i connect usb hdd to ubuntu i have no errors.

Simple reproduce error
1) Compile kernel with
CONFIG_BLK_DEV_DM=y
CONFIG_DM_CRYPT=y
CONFIG_MD=y
CONFIG_BLK_DEV_MD=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_XTS=y

2)
dd if=/dev/zero of=./crypto.img bs=1M count=512

Output
512+0 records in
512+0 records out

3)
losetup /dev/loop1 ./crypto.img

4)
opkg install cryptsetup-openssl
cryptsetup --verbose --debug luksFormat /dev/loop1

Output
# cryptsetup 1.7.5 processing "cryptsetup --verbose --debug luksFormat /dev/loop1"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.

WARNING!
========
This will overwrite data on /dev/loop1 irrevocably.
Are you sure? (Type uppercase yes): YES
# Allocating crypt device /dev/loop1 context.
# Trying to open and read device /dev/loop1 with direct-io.
# Initialising device-mapper backend library.
# Timeout set to 0 miliseconds.
# Iteration time set to 2000 milliseconds.
# Interactive passphrase entry requested.
Enter passphrase:
Verify passphrase:
# Formatting device /dev/loop1 as type LUKS1.
# Crypto backend (OpenSSL 1.0.2o 27 Mar 2018) initialized in cryptsetup library version 1.7.5.
# Detected kernel Linux 4.1.27 aarch64.
# Topology: IO (512/0), offset = 0; Required alignment is 1048576 bytes.
# Checking if cipher aes-xts-plain64 is usable.
# Using userspace crypto wrapper to access keyslot area.
# Generating LUKS header version 1 using hash sha256, aes, xts-plain64, MK 32 bytes
# KDF pbkdf2, hash sha256: 718202 iterations per second (256-bits key).
# Data offset 4096, UUID 6a17bff2-ecb6-4744-bf21-6cbcba48e061, digest iterations 175250
# Updating LUKS header of size 1024 on device /dev/loop1
# Key length 32, device size 1048576 sectors, header size 2050 sectors.
# Reading LUKS header of size 1024 from device /dev/loop1
# Key length 32, device size 1048576 sectors, header size 2050 sectors.
# Adding new keyslot -1 using volume key.
# Calculating data for key slot 0
# KDF pbkdf2, hash sha256: 718202 iterations per second (256-bits key).
# Key slot 0 use 1402738 password iterations.
# Using hash sha256 for AF in key slot 0, 4000 stripes
# Updating key slot 0 [0x1000] area.
# Using userspace crypto wrapper to access keyslot area.
# Key slot 0 was enabled in LUKS header.
# Updating LUKS header of size 1024 on device /dev/loop1
# Key lngth 32, device size 1048576 sectors, header size 2050 sectors.
# Reading LUKS header of size 1024 from device /dev/loop1
# Key length 32, device size 1048576 sectors, header size 2050 sectors.
# Releasing crypt device /dev/loop1 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.

5)
cryptsetup luksOpen /dev/loop1 500mb

6)
cryptsetup -v status 500mb

Output
/dev/mapper/500mb is active.
type: LUKS1
cipher: aes-xts-plain64
keysize: 256 bits
device: /dev/loop1
loop: /tmp/mnt/asus/crypto.img
offset: 4096 sectors
size: 1044480 sectors
mode: read/write
Command successful.

7)
cryptsetup luksDump /dev/loop1

Output

LUKS header information for /dev/loop1

Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha256
Payload offset: 4096
MK bits: 256
MK digest: fc f0 d6 08 83 e1 d6 5e 08 89 1b 05 21 2e 27 1e 7b 08 7c c7
MK salt: ab 91 39 d1 32 13 01 1f 56 d4 e1 f8 f7 d6 cf 10
ad 13 25 83 86 2f bf 52 82 23 b7 87 d5 c7 76 c2
MK iterations: 175250
UUID: 6a17bff2-ecb6-4744-bf21-6cbcba48e061

Key Slot 0: ENABLED
Iterations: 1402738
Salt: 6d 05 bf 7d 89 a6 0d 3b 86 b3 d4 3f 64 a1 17 6e
c2 a4 5c 7f b0 54 84 1e b2 6d ea 75 5f 51 58 73
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED


8) Test write with dd

admin@asus:/tmp/mnt/asus# dd if=/dev/zero of=/dev/mapper/500mb
dd: writing '/dev/mapper/500mb': Input/output error
46513+0 records in
46512+0 records out

admin@asus:/tmp/mnt/asus# dd if=/dev/zero of=/dev/mapper/500mb
dd: writing '/dev/mapper/500mb': Input/output error
61209+0 records in
61208+0 records out

admin@asus:/tmp/mnt/asus# dd if=/dev/zero of=/dev/mapper/500mb
dd: writing '/dev/mapper/500mb': Input/output error
46073+0 records in
46072+0 records out

 

[Darryl]

Why are you using dd to overwrite /dev/mapper/500mb in step 8? It's not appropriate to test write like this with DD, as it destroys everything on your encrypted device. Including, if I recall correctly, the luks header. Your command simply overwrites with random data until you get a file error when it tries to write to the last record. To this extent if it was a test it succeeded but possibly destructively. The command you use would normally be used on a physical disk drive used in the past to make sure as far as possible that the old data cannot be recovered. In this case you created the file crypto.img with dd straight from /dev/zero. I don't see any need to then overwrite the encrypted /dev/mapper/500mb. You should start again, and leave out your step 8. From memory, your next step should then be to create a file system on /dev/mapper/500mb using the relevant mkfs command for one of the supported filesystems. You should then be able to mount the encrypted filesystem and use it.

 

[chavo]

Darryl
i think for testing this command is correct, you can check it on your computer
compare with rasbery pi

root@ubuntu:~# dd if=/dev/zero of=/dev/mapper/500mb
dd: writing to '/dev/mapper/500mb': No space left on device
1044481+0 records in
1044480+0 records out
534773760 bytes (535 MB, 510 MiB) copied, 75.3087 s, 7.1 MB/s

 

[Darryl]

Humour me. Do it again leaving out the testing with dd and move on to create your filesystem.

 

[chavo]

admin@asus:/tmp/mnt/asus# mkfs.ext3 /dev/mapper/500mb
mke2fs 1.44.1 (24-Mar-2018)
Creating filesystem with 288436 1k blocks and 72288 inodes
Filesystem UUID: ed63388a-8b4d-4207-bbc5-2c1edd622f4d
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729, 204801, 221185
Allocating group tables: done
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information:
Warning, had trouble writing out superblocks.

 

[Darryl]

I'm not yet out of suggestions but anyone else feel free to chime in.

Did you actually go through all the steps again including the creation of the original crypto.img file. I just went through your commands on my linux desktop leaving out step 8 and creating the filesystem which worked just fine. I'm not sure if your dd in step 8 overwrites anything vital like the luks header. It may not. It's just I don't understand why what I presume are 3 distinct dd attempts write different numbers of records.

So, a couple of things:

1. I have presumed you have a usb hdd formatted with a linux filesystem (not a luks one). You have created on this using Ubuntu the 512mb file crypto.img file to hold your encrypted data. If this is not the case what are you in fact doing? Another option would be to use the whole usb disk or a partition on it for this purpose.

2. I would normally expect a superblock error like this to result from a hardware problem. I'd suggest deleting the crypto.img file, doing an fsck on your usb disk and then redoing everything, leaving out your step 8. Then see if you can create the filesystem, mount it and write to/read from it.

2. Why not just do the whole thing in Ubuntu including the fileystem which you should mount and copy a small file to it to test. The file crypto.img should remain on the usb drive when you have unmounted the file, used luksClose and removed the loop device. This crypto.img is the file that contains the filesystem. You should be able to just plug the usb drive in to the router, setup the loop device, do luksOpen and mount the filesystem. You login to the router and do the cryptsetup from your step 3. Skip your step 4 as you have already set this up in Ubuntu. Do the cryptsetup luksOpen from your step 5, then mount the filesystem. If you are missing any dependencies for crypto on your router this should tell us.

 

[johnathonm]

Any chance if you get this to work you could create a virtual machine to share?

 

[chavo]

can tell in more detail?

 

[chavo]

admin@asus:/tmp/home/root# cryptsetup benchmark

# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1 354248 iterations per second for 256-bit key
PBKDF2-sha256 718202 iterations per second for 256-bit key
PBKDF2-sha512 354248 iterations per second for 256-bit key
PBKDF2-ripemd160 222155 iterations per second for 256-bit key
PBKDF2-whirlpool N/A
# Algorithm | Key | Encryption | Decryption
aes-cbc 128b 205.7 MiB/s 215.1 MiB/s
serpent-cbc 128b 34.7 MiB/s 39.7 MiB/s
twofish-cbc 128b 47.3 MiB/s 49.6 MiB/s
aes-cbc 256b 225.6 MiB/s 213.3 MiB/s
serpent-cbc 256b 33.0 MiB/s 38.6 MiB/s
twofish-cbc 256b 44.0 MiB/s 46.4 MiB/s
aes-xts 256b 210.6 MiB/s 205.4 MiB/s
serpent-xts 256b 37.3 MiB/s 40.6 MiB/s
twofish-xts 256b 51.1 MiB/s 50.4 MiB/s
aes-xts 512b 222.6 MiB/s 220.8 MiB/s
serpent-xts 512b 38.7 MiB/s 41.5 MiB/s
twofish-xts 512b 51.8 MiB/s 50.0 MiB/s

 

[chavo]

found https://www.saout.de/pipermail/dm-crypt/2015-February/004631.html

admin@asus:/tmp/mnt/asus# echo 1| cryptsetup open crypto.img --test-passphrase -v
Key slot 0 unlocked.
Command successful.

admin@asus:/tmp/mnt/asus# echo 1| cryptsetup open crypto.img --test-passphrase -v
Key slot 0 unlocked.
Command successful.

admin@asus:/tmp/mnt/asus# echo 1| cryptsetup open crypto.img --test-passphrase -v
Failed to access temporary keystore device.
Command failed with code 5: Input/output error

 

[chavo]

admin@asus:/tmp/mnt/asus# echo 1| cryptsetup --debug open crypto.img --test-passphrase -v
# cryptsetup 1.7.5 processing "cryptsetup --debug open crypto.img --test-passphrase -v"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device crypto.img context.
# Trying to open and read device crypto.img with direct-io.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device crypto.img.
# Crypto backend (OpenSSL 1.0.2o 27 Mar 2018) initialized in cryptsetup library version 1.7.5.
# Detected kernel Linux 4.1.27 aarch64.
# Reading LUKS header of size 1024 from device crypto.img
# Key length 32, device size 1048576 sectors, header size 2050 sectors.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 2000 milliseconds.
# Checking volume [keyslot -1] using [none] passphrase.
# STDIN descriptor passphrase entry requested.
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Userspace crypto wrapper cannot use aes-xts-plain64 (-95).
# Using dmcrypt to access keyslot area.
# Allocating a free loop device.
# Trying to open and read device /dev/loop0 with direct-io.
# Calculated device size is 256 sectors (RW), offset 8.
# dm version [ opencount flush ] [16384] (*1)
# dm versions [ opencount flush ] [16384] (*1)
# Detected dm-crypt version 1.14.1, dm-ioctl version 4.31.0.
# Device-mapper backend running with UDEV support disabled.
# DM-UUID is CRYPT-TEMP-temporary-cryptsetup-4763
# dm create temporary-cryptsetup-4763 CRYPT-TEMP-temporary-cryptsetup-4763 [ opencount flush ] [16384] (*1)
# dm reload temporary-cryptsetup-4763 [ opencount flush readonly securedata ] [16384] (*1)
# dm resume temporary-cryptsetup-4763 [ opencount flush readonly securedata ] [16384] (*1)
# temporary-cryptsetup-4763: Stacking NODE_ADD (253,0) 0:0 0600
# temporary-cryptsetup-4763: Stacking NODE_READ_AHEAD 256 (flags=1)
# temporary-cryptsetup-4763: Processing NODE_ADD (253,0) 0:0 0600
# Created /dev/mapper/temporary-cryptsetup-4763
# temporary-cryptsetup-4763: Processing NODE_READ_AHEAD 256 (flags=1)
# temporary-cryptsetup-4763 (253:0): read ahead is 256
# temporary-cryptsetup-4763: retaining kernel read ahead of 256 (requested 256)
Failed to access temporary keystore device.
# dm remove temporary-cryptsetup-4763 [ opencount flush retryremove ] [16384] (*1)
# temporary-cryptsetup-4763: Stacking NODE_DEL
# temporary-cryptsetup-4763: Processing NODE_DEL
# Removed /dev/mapper/temporary-cryptsetup-4763
# Releasing crypt device crypto.img context.
# Releasing device-mapper backend.
# Closed loop /dev/loop0 (crypto.img).
# Unlocking memory.
Command failed with code 5: Input/output error

 

[chavo]

with TWOFISH all works fine
cryptsetup --debug --cipher=twofish-xts-plain64 luksFormat /dev/loop1

problem with AES algorithm

 

[chavo]

cat /proc/crypto
i found error module bcmspu
unload bcmspu and all works fine
modprobe -r bcmspu

 

[chavo]

as a result
i compilled kernel with options for fast AES
CONFIG_ARM64_CRYPTO=y
CONFIG_CRYPTO_SHA1_ARM64_CE=y
CONFIG_CRYPTO_SHA2_ARM64_CE=y
CONFIG_CRYPTO_GHASH_ARM64_CE=y
CONFIG_CRYPTO_AES_ARM64_CE=y
CONFIG_CRYPTO_AES_ARM64_CE_CCM=y
CONFIG_CRYPTO_AES_ARM64_CE_BLK=y
CONFIG_CRYPTO_CRC32_ARM64=y

and change priority of AES algorithm to 10000

~/asuswrt-merlin.ng/release/src-rt-5.02hnd/kernel/linux-4.1/arch/arm64/crypto$ cat *.c | grep priority
.cra_priority = 10000,
.cra_priority = 10000,
.cra_priority = 0,
.cra_priority = 0,
.cra_priority = 0,
.cra_priority = 0,
.cra_priority = 10000,
.cra_priority = 10000,
.cra_priority = 10000,
.cra_priority = 10000,
.cra_priority = 10000,
.cra_priority = 10000,
.cra_priority = 10000,
.cra_priority = 10000,
.cra_priority = 10000,
.cra_priority = 10000,

admin@asus:/tmp/home/root# cat /proc/crypto | grep -A 3 "xts(aes)"
name : xts(aes)
driver : xts-aes-ce
module : kernel
priority : 10000
--
name : xts(aes)
driver : xts-aes-iproc
module : bcmspu
priority : 400
--
name : xts(aes)
driver : xts-aes-ce
module : kernel
priority : 10000

admin@asus:/tmp/home/root# cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1 364088 iterations per second for 256-bit key
PBKDF2-sha256 728177 iterations per second for 256-bit key
PBKDF2-sha512 359101 iterations per second for 256-bit key
PBKDF2-ripemd160 229950 iterations per second for 256-bit key
PBKDF2-whirlpool N/A
# Algorithm | Key | Encryption | Decryption
aes-cbc 128b 471.5 MiB/s 583.2 MiB/s
serpent-cbc 128b 37.8 MiB/s 41.8 MiB/s
twofish-cbc 128b 50.0 MiB/s 50.8 MiB/s
aes-cbc 256b 406.9 MiB/s 536.1 MiB/s
serpent-cbc 256b 37.6 MiB/s 42.1 MiB/s
twofish-cbc 256b 50.0 MiB/s 51.0 MiB/s
aes-xts 256b 531.9 MiB/s 519.2 MiB/s
serpent-xts 256b 40.4 MiB/s 42.7 MiB/s
twofish-xts 256b 53.2 MiB/s 51.3 MiB/s
aes-xts 512b 487.4 MiB/s 483.1 MiB/s
serpent-xts 512b 40.5 MiB/s 42.8 MiB/s
twofish-xts 512b 53.5 MiB/s 51.8 MiB/s

luks works fine