# crypto: lrw - incompatible big endian support 2.6.27->2.6.29

## Massimo B.

Hello,

since switching from linux-2.6.27-gentoo-r8 to linux-2.6.29-gentoo-r5 I cannot open a Luks partition anymore (password not found). With old linux-2.6.27-gentoo-r8 it still works. Kernel config I created by make silentoldconfig. Ciphers and blockdevices are all enabled as before. I also rebuild cryptsetup with /usr/src/linux -> linux-2.6.29-gentoo-r5/.

```
LUKS header information for /dev/hda5

Version:        1

Cipher name:    twofish

Cipher mode:    lrw-benbi:sha256

Hash spec:      sha1

Payload offset: 2056

MK bits:        256

MK digest:      6c 18 cd 8b f7 8c ac 1a 3c e1 8c 08 22 b2 c6 ad 89 ec 16 e4

MK salt:        22 7e 07 21 4c a3 2c 8b 55 be 79 97 bc f0 39 a5

                44 33 18 c2 5a 0b 0c f5 13 51 3a 76 da d2 52 84

MK iterations:  10

UUID:           0716c772-9a0f-42ed-a06d-84ca4d9766a1

Key Slot 0: ENABLED

        Iterations:             104857

        Salt:                   40 0d a3 fc 15 05 bf 2e a8 12 6d 02 c5 8c 29 1b

                                a3 1f c1 9e 2f 9f 0a 8f bd c0 0f 6d c9 dd fe 29

        Key material offset:    8

        AF stripes:             4000

Key Slot 1: ENABLED

        Iterations:             104827

        Salt:                   62 2c 47 a8 36 ae 08 c7 5b b2 c8 d2 cb d2 80 27

                                3d 1e 19 c4 03 20 ae 04 5a 2f 32 29 45 cc ce a3

        Key material offset:    264

        AF stripes:             4000

Key Slot 2: DISABLED

Key Slot 3: DISABLED

Key Slot 4: DISABLED

Key Slot 5: DISABLED

Key Slot 6: DISABLED

Key Slot 7: DISABLED
```

```
# zgrep TWOFISH /usr/src/linux-2.6.27-gentoo-r8/.config

CONFIG_CRYPTO_TWOFISH=y

CONFIG_CRYPTO_TWOFISH_COMMON=y

# zgrep TWOFISH /usr/src/linux-2.6.29-gentoo-r5/.config

CONFIG_CRYPTO_TWOFISH=y

CONFIG_CRYPTO_TWOFISH_COMMON=y
```

```
# zgrep SHA /usr/src/linux-2.6.27-gentoo-r8/.config

# CONFIG_CRYPTO_SHA1 is not set

CONFIG_CRYPTO_SHA256=y

CONFIG_CRYPTO_SHA512=y

# zgrep SHA /usr/src/linux-2.6.29-gentoo-r5/.config

# CONFIG_CRYPTO_SHA1 is not set

CONFIG_CRYPTO_SHA256=y

CONFIG_CRYPTO_SHA512=y
```

```
# zgrep DEV_DM /usr/src/linux-2.6.27-gentoo-r8/.config

CONFIG_BLK_DEV_DM=y

# CONFIG_BLK_DEV_DM_BBR is not set

# zgrep DEV_DM /usr/src/linux-2.6.29-gentoo-r5/.config

CONFIG_BLK_DEV_DM=y

# CONFIG_BLK_DEV_DM_BBR is not set
```

```
# zgrep DM_CRYPT /usr/src/linux-2.6.27-gentoo-r8/.config

CONFIG_DM_CRYPT=y

# zgrep DM_CRYPT /usr/src/linux-2.6.29-gentoo-r5/.config
```

----------

## ChristianMuenster

Hi Massimo,

same problem for me. Did you find any solution?

I tried linux-2.6.29-gentoo-r5 and vanilla 2.6.29.4, both don't work.

Christian

EDIT: After booting the live-CD I can access the encrypted device.

EDIT2: solved. The encrypted device ist using XTS which is in experimental options of 2.6.29.4. With activation of these there is an option in kernelconfig to enable XTS and then it works with the vanilla kernel. I didn't try the gentoo-sources yet.

----------

## Massimo B.

Hi Christian,

please try with Gentoo kernel. Besides filesystem do you have similar encryption settings similar to mine? For luksOpen there is no need for filesystem modules since mounting is done afterwards.

Regards,

Massimo

----------

## toralf

I gorgot to select CONFIG_CRYPTO_XTS when I tested that kernel. Probably you forgot also an kernel option ?

----------

## Massimo B.

Oh ok. I mixed up XFS with XTS.

I don't have XTS (yet) but LRW, see dump. So both kernels don't have XTS enabled. I think about switching to XTS soon since it is considered more secure than LRW.

----------

## ChristianMuenster

Now I tried gentoo-kernel and it works for me. I have aes, xts-plain and sha1.

----------

## Massimo B.

Now I tried with linux-2.6.30-gentoo-r4, same problem.

I tried around with LUKS encrypted look disks. Encrypting with -c twofish works with both, 27 and 29/30. But encrypting with

```
cryptsetup  luksFormat -c twofish-lrw-benbi:sha256 -s 256 -h sha1 /dev/loop1
```

like my home partition was done is not compatible from 27 to 29/30. Encrypting a loop disk with 27 is not possible to open with 30, while encrypted disks with 30 cannot be opened on 27.

----------

## Massimo B.

Further investigations meanwhile:

USE-Net: <1781787.Dl8k9oMu2H@burcheri.albasani.net>

dm-crypt mailing list

There has been a big endian patch that should fix some issue but apparently breaks compatibility!!

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8eb2dfac41c71701bb741f496f0cb7b7e4a3c3f6

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fd4609a8e00a867303783ade62d67953fb72adc8

----------

