search

eternaltyro / cryptsetup

Since Google code is shuttering...
http://code.google.com/p/cryptsetup
GNU General Public License v2.0
0 stars 0 forks source link

luksFormat fails using specific options and twofish as cipher #176

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

1. Try to create a luks container using a combination with twofish as cipher, 
for example:
cryptsetup luksFormat -c twofish-cbc-essiv /dev/sdc1

What is the expected output? What do you see instead?

A lot of error messages are produced. The container is created but no keys are 
saved (all slots are disabled). Output see below. 

What version of the product are you using? On what operating system?

$ uname -a
Linux notebookneu 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux

a$ sudo dpkg -l | grep cryptsetup
ii  cryptsetup                                    2:1.6.1-1                     
     amd64        disk encryption support - startup scripts
ii  cryptsetup-bin                                2:1.6.1-1                     
     amd64        disk encryption support - command line tools
ii  libcryptsetup1                                2:1.3.0-3                     
     amd64        libcryptsetup shared library
ii  libcryptsetup4                                2:1.6.1-1                     
     amd64        disk encryption support - shared library

Please provide any additional information below.

Rebooting or modprobe dm_crypt and dm_mod didn't help. The output is similar to 
some old and already fixed bug from 2010 (as far as I understood it was some 
HAL problem - https://code.google.com/p/cryptsetup/issues/detail?id=38 ) but 
seems to be cipher related this time.
Creating a container works without cipher options (AES). 
Also works with "-c twofish-cbc-essiv:sha256" (no error messages) but doestn't 
with "-c twofish-cbc-essiv" or "-c twofish-cbc-essiv:ripemd160" (no passphrases 
are stored). 

Using the --debug options (some messages are German):

$ sudo cryptsetup luksFormat -y  -c twofish-cbc-essiv --debug /dev/sdc1
# cryptsetup 1.6.1 processing "cryptsetup luksFormat -y -c twofish-cbc-essiv 
--debug /dev/sdc1"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.

WARNING!
========
Hiermit überschreiben Sie Daten auf /dev/sdc1 unwiderruflich.

Are you sure? (Type uppercase yes): YES
# Allocating crypt device /dev/sdc1 context.
# Trying to open and read device /dev/sdc1.
# Initialising device-mapper backend library.
# Timeout set to 0 miliseconds.
# Iteration time set to 1000 miliseconds.
# Interactive passphrase entry requested.
Passsatz eingeben: 
Verify passphrase: 
# Formatting device /dev/sdc1 as type LUKS1.
# Crypto backend (gcrypt 1.5.3) initialized.
# Topology: IO (512/0), offset = 0; Required alignment is 1048576 bytes.
# Generating LUKS header version 1 using hash sha1, twofish, cbc-essiv, MK 32 
bytes
# Crypto backend (gcrypt 1.5.3) initialized.
# KDF pbkdf2, hash sha1: 118724 iterations per second.
# Data offset 4096, UUID dbb606e1-07e0-459a-a6da-46f72fca8aa6, digest 
iterations 14375
# Updating LUKS header of size 1024 on device /dev/sdc1
# Key length 32, device size 2920990720 sectors, header size 2050 sectors.
# Reading LUKS header of size 1024 from device /dev/sdc1
# Key length 32, device size 2920990720 sectors, header size 2050 sectors.
# Adding new keyslot -1 using volume key.
# Calculating data for key slot 0
# Crypto backend (gcrypt 1.5.3) initialized.
# KDF pbkdf2, hash sha1: 119591 iterations per second.
# Key slot 0 use 58393 password iterations.
# Using hash sha1 for AF in key slot 0, 4000 stripes
# Updating key slot 0 [0x1000] area.
# Calculated device size is 250 sectors (RW), offset 8.
# dm version   OF   [16384] (*1)
# dm versions   OF   [16384] (*1)
# Detected dm-crypt version 1.11.1, dm-ioctl version 4.22.0.
# Device-mapper backend running with UDEV support enabled.
# DM-UUID is CRYPT-TEMP-temporary-cryptsetup-7907
# Udev cookie 0xd4df476 (semid 1146881) created
# Udev cookie 0xd4df476 (semid 1146881) incremented to 1
# Udev cookie 0xd4df476 (semid 1146881) incremented to 2
# Udev cookie 0xd4df476 (semid 1146881) assigned to CREATE task(0) with flags 
DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES (0xe)
# dm create temporary-cryptsetup-7907 CRYPT-TEMP-temporary-cryptsetup-7907 OF   
[16384] (*1)
# dm reload temporary-cryptsetup-7907  OFW    [16384] (*1)
device-mapper: reload ioctl on  failed: Das Argument ist ungültig
# Udev cookie 0xd4df476 (semid 1146881) decremented to 1
# Udev cookie 0xd4df476 (semid 1146881) incremented to 2
# Udev cookie 0xd4df476 (semid 1146881) assigned to REMOVE task(2) with flags 
DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES (0xe)
# dm remove temporary-cryptsetup-7907  OFW    [16384] (*1)
# temporary-cryptsetup-7907: Stacking NODE_DEL [verify_udev]
# Udev cookie 0xd4df476 (semid 1146881) decremented to 0
# Udev cookie 0xd4df476 (semid 1146881) waiting for zero
# Udev cookie 0xd4df476 (semid 1146881) destroyed
# temporary-cryptsetup-7907: Processing NODE_DEL [verify_udev]
Öffnen des temporären Schlüsselspeichergeräts fehlgeschlagen.
# Udev cookie 0xd4df99e (semid 1179649) created
# Udev cookie 0xd4df99e (semid 1179649) incremented to 1
# Udev cookie 0xd4df99e (semid 1179649) incremented to 2
# Udev cookie 0xd4df99e (semid 1179649) assigned to REMOVE task(2) with flags 
(0x0)
# dm remove temporary-cryptsetup-7907  OFT    [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-7907 failed: Kein passendes 
Gerät bzw. keine passende Adresse gefunden
# Udev cookie 0xd4df99e (semid 1179649) decremented to 1
# Udev cookie 0xd4df99e (semid 1179649) decremented to 0
# Udev cookie 0xd4df99e (semid 1179649) waiting for zero
# Udev cookie 0xd4df99e (semid 1179649) destroyed
# WARNING: other process locked internal device temporary-cryptsetup-7907, 
retrying remove.
# dm reload temporary-cryptsetup-7907  NFR   [16384] (*1)
device-mapper: reload ioctl on temporary-cryptsetup-7907 failed: Kein passendes 
Gerät bzw. keine passende Adresse gefunden
# Udev cookie 0xd4ddfa5 (semid 1212417) created
# Udev cookie 0xd4ddfa5 (semid 1212417) incremented to 1
# Udev cookie 0xd4ddfa5 (semid 1212417) incremented to 2
# Udev cookie 0xd4ddfa5 (semid 1212417) assigned to REMOVE task(2) with flags 
(0x0)
# dm remove temporary-cryptsetup-7907  OFT    [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-7907 failed: Kein passendes 
Gerät bzw. keine passende Adresse gefunden
# Udev cookie 0xd4ddfa5 (semid 1212417) decremented to 1
# Udev cookie 0xd4ddfa5 (semid 1212417) decremented to 0
# Udev cookie 0xd4ddfa5 (semid 1212417) waiting for zero
# Udev cookie 0xd4ddfa5 (semid 1212417) destroyed
# WARNING: other process locked internal device temporary-cryptsetup-7907, 
retrying remove.
# Udev cookie 0xd4df607 (semid 1245185) created
# Udev cookie 0xd4df607 (semid 1245185) incremented to 1
# Udev cookie 0xd4df607 (semid 1245185) incremented to 2
# Udev cookie 0xd4df607 (semid 1245185) assigned to REMOVE task(2) with flags 
(0x0)
# dm remove temporary-cryptsetup-7907  OFT    [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-7907 failed: Kein passendes 
Gerät bzw. keine passende Adresse gefunden
# Udev cookie 0xd4df607 (semid 1245185) decremented to 1
# Udev cookie 0xd4df607 (semid 1245185) decremented to 0
# Udev cookie 0xd4df607 (semid 1245185) waiting for zero
# Udev cookie 0xd4df607 (semid 1245185) destroyed
# WARNING: other process locked internal device temporary-cryptsetup-7907, 
retrying remove.
# Udev cookie 0xd4dbb0b (semid 1277953) created
# Udev cookie 0xd4dbb0b (semid 1277953) incremented to 1
# Udev cookie 0xd4dbb0b (semid 1277953) incremented to 2
# Udev cookie 0xd4dbb0b (semid 1277953) assigned to REMOVE task(2) with flags 
(0x0)
# dm remove temporary-cryptsetup-7907  OFT    [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-7907 failed: Kein passendes 
Gerät bzw. keine passende Adresse gefunden
# Udev cookie 0xd4dbb0b (semid 1277953) decremented to 1
# Udev cookie 0xd4dbb0b (semid 1277953) decremented to 0
# Udev cookie 0xd4dbb0b (semid 1277953) waiting for zero
# Udev cookie 0xd4dbb0b (semid 1277953) destroyed
# WARNING: other process locked internal device temporary-cryptsetup-7907, 
retrying remove.
# Udev cookie 0xd4dd0c9 (semid 1310721) created
# Udev cookie 0xd4dd0c9 (semid 1310721) incremented to 1
# Udev cookie 0xd4dd0c9 (semid 1310721) incremented to 2
# Udev cookie 0xd4dd0c9 (semid 1310721) assigned to REMOVE task(2) with flags 
(0x0)
# dm remove temporary-cryptsetup-7907  OFT    [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-7907 failed: Kein passendes 
Gerät bzw. keine passende Adresse gefunden
# Udev cookie 0xd4dd0c9 (semid 1310721) decremented to 1
# Udev cookie 0xd4dd0c9 (semid 1310721) decremented to 0
# Udev cookie 0xd4dd0c9 (semid 1310721) waiting for zero
# Udev cookie 0xd4dd0c9 (semid 1310721) destroyed
# Releasing crypt device /dev/sdc1 context.
# Releasing device-mapper backend.
# Unlocking memory.
Befehl fehlgeschlagen mit Code 5: Eingabe-/Ausgabefehler

After that the output of luksdump:

$ sudo cryptsetup luksDump /dev/sdc1
LUKS header information for /dev/sdc1

Version:        1
Cipher name:    twofish
Cipher mode:    cbc-essiv
Hash spec:      sha1
Payload offset: 4096
MK bits:        256
MK digest:      94 b5 54 84 ff 6c 53 5f b9 8e 06 82 f0 f8 64 f0 9b 27 e0 68 
MK salt:        9b bf 4a be a1 e6 02 c7 51 32 d7 54 9a 57 7e d9 
                71 00 c7 75 3a 25 a7 f6 96 2d 8d 82 e8 77 48 89 
MK iterations:  14500
UUID:           77169058-b5b9-4001-aa51-ee01e06c61c8

Key Slot 0: DISABLED
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Original issue reported on code.google.com by DjStY...@gmail.com on 21 Sep 2013 at 7:39

GoogleCodeExporter commented 9 years ago 
This message explains it (no need to run debug to see it):
  device-mapper: reload ioctl on  failed: Das Argument ist ungültig

The argument is wrong because ESSIV requires hash, IOW hash argument for ESSIV 
is mandatory.

So you should really use
cryptsetup luksFormat -c twofish-cbc-essiv:sha256 /dev/sdc1

Unfortunately error reporting from kernel dmcrypt consist only of "INVALID 
parameters" (and rest of messages is just libdevmapper internal mess, no idea 
why it reports 10x times remove ioctl fail).

But header should not be created at all in this, this is bug, will fix it 
somehow later.
(You will get the same output for -c blah-blah :)

Thanks for reporting.

Original comment by gmazyl...@gmail.com on 21 Sep 2013 at 7:56

GoogleCodeExporter commented 9 years ago

Original comment by gmazyl...@gmail.com on 21 Sep 2013 at 7:59

GoogleCodeExporter commented 9 years ago 
Umm...okay, I tried a lot of combinations (only used parameter was "-c 
[cipher]"). Actually most didn't work, not just the ones with twofish:

working:
no parameter (standards)
-c twofish
-c twofish:ripemd160
-c twofish-cbc-essiv:SHA256
-c twofish-cbc-essiv:MD5

failing:
-c twofish:SHA1
-c twofish:SHA256
-c twofish:SHA512
-c twofish:MD5
-c twofish-cbc
-c twofish-cbc:SHA1
-c twofish-cbc:SHA256
-c twofish-cbc:SHA512
-c twofish-cbc:ripemd160
-c twofish-cbc-essiv:SHA1
-c twofish-cbc-essiv:SHA512
-c twofish-cbc-essiv:whirlpool
-c twofish-cbc-essiv:ripemd160
-c AES:MD5
-c aes-cbc-essiv:SHA256 
-c aes-cbc-essiv:ripemd160 
-c aes-xts:ripemd160
-c serpent-cbc:sha1 

$ cat /proc/crypto 
name         : sha512
driver       : sha512-generic
module       : sha512_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 128
digestsize   : 64

name         : sha384
driver       : sha384-generic
module       : sha512_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 128
digestsize   : 48

name         : sha256
driver       : sha256-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 32

name         : sha224
driver       : sha224-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 28

name         : xts(twofish)
driver       : xts(twofish-asm)
module       : kernel
priority     : 200
refcnt       : 1
selftest     : passed
type         : givcipher
async        : no
blocksize    : 16
min keysize  : 32
max keysize  : 64
ivsize       : 16
geniv        : eseqiv

name         : xts(twofish)
driver       : xts(twofish-asm)
module       : xts
priority     : 200
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 32
max keysize  : 64
ivsize       : 16
geniv        : <default>

name         : xts(serpent)
driver       : xts(serpent-generic)
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : givcipher
async        : no
blocksize    : 16
min keysize  : 0
max keysize  : 64
ivsize       : 16
geniv        : eseqiv

name         : xts(serpent)
driver       : xts(serpent-generic)
module       : xts
priority     : 0
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 0
max keysize  : 64
ivsize       : 16
geniv        : <default>

name         : cbc(serpent)
driver       : cbc(serpent-generic)
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : givcipher
async        : no
blocksize    : 16
min keysize  : 0
max keysize  : 32
ivsize       : 16
geniv        : eseqiv

name         : cbc(serpent)
driver       : cbc(serpent-generic)
module       : cbc
priority     : 0
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 0
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : tnepres
driver       : tnepres-generic
module       : serpent
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 0
max keysize  : 32

name         : serpent
driver       : serpent-generic
module       : serpent
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 0
max keysize  : 32

name         : cbc(aes)
driver       : cbc(aes-asm)
module       : kernel
priority     : 200
refcnt       : 1
selftest     : passed
type         : givcipher
async        : no
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : eseqiv

name         : xts(aes)
driver       : xts(aes-asm)
module       : kernel
priority     : 200
refcnt       : 1
selftest     : passed
type         : givcipher
async        : no
blocksize    : 16
min keysize  : 32
max keysize  : 64
ivsize       : 16
geniv        : eseqiv

name         : xts(aes)
driver       : xts(aes-asm)
module       : xts
priority     : 200
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 32
max keysize  : 64
ivsize       : 16
geniv        : <default>

name         : cbc(twofish)
driver       : cbc-twofish-3way
module       : kernel
priority     : 300
refcnt       : 1
selftest     : passed
type         : givcipher
async        : no
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : eseqiv

name         : cbc(twofish)
driver       : cbc(twofish-asm)
module       : cbc
priority     : 200
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : twofish
driver       : twofish-generic
module       : twofish_generic
priority     : 100
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : ctr(twofish)
driver       : ctr-twofish-3way
module       : twofish_x86_64_3way
priority     : 300
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 1
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : cbc(twofish)
driver       : cbc-twofish-3way
module       : twofish_x86_64_3way
priority     : 300
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : ecb(twofish)
driver       : ecb-twofish-3way
module       : twofish_x86_64_3way
priority     : 300
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 0
geniv        : <default>

name         : twofish
driver       : twofish-asm
module       : twofish_x86_64
priority     : 200
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : cbc(aes)
driver       : cbc(aes-asm)
module       : cbc
priority     : 200
refcnt       : 528
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : ecb(aes)
driver       : ecb(aes-asm)
module       : ecb
priority     : 200
refcnt       : 2
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 0
geniv        : <default>

name         : aes
driver       : aes-asm
module       : aes_x86_64
priority     : 200
refcnt       : 529
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : aes
driver       : aes-generic
module       : aes_generic
priority     : 100
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : arc4
driver       : arc4-generic
module       : arc4
priority     : 0
refcnt       : 3
selftest     : passed
type         : cipher
blocksize    : 1
min keysize  : 1
max keysize  : 256

name         : crc32c
driver       : crc32c-generic
module       : crc32c
priority     : 100
refcnt       : 2
selftest     : passed
type         : shash
blocksize    : 1
digestsize   : 4

name         : stdrng
driver       : krng
module       : kernel
priority     : 200
refcnt       : 2
selftest     : passed
type         : rng
seedsize     : 0

name         : md5
driver       : md5-generic
module       : kernel
priority     : 0
refcnt       : 1055
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 16

$cryptsetup --help says about the standard config:

Vorgabewerte für Schlüssel und Passsätze:
    Maximale Größe der Schlüsseldatei: 8192kB, Maximale Länge des interaktiven Passsatzes: 512 Zeichen
Vorgabe für die Durchlaufzeit für PBKDF2 mit LIKS: 1000 Millisekunden

Standard-Verschlüsselungsparameter:
    Loop-AES: aes, Schlüssel 256 Bits
    plain: aes-cbc-essiv:sha256, Schlüssel: 256 Bits, Passsatz-Hashen: ripemd160
    LUKS1: aes-xts-plain64, Schlüssel: 256 Bits, LUKS-Kopfbereich-Hashen: sha1, Zufallszahlengenerator: /dev/urandom

Original comment by DjStY...@gmail.com on 21 Sep 2013 at 8:01

GoogleCodeExporter commented 9 years ago 
Sorry didn't see your comment since I was writing mine at the same time :o) 

What about the other combinations that fail like "twofish-cbc-essiv:sha512"?

Original comment by DjStY...@gmail.com on 21 Sep 2013 at 8:05

GoogleCodeExporter commented 9 years ago 
cryptsetup use logic - if it is possible and user want it, let's do not block 
him.

That said, there are some shortcuts for cipher definitions, perhaps the best is 
to study this internal test
http://code.google.com/p/cryptsetup/source/browse/tests/mode-test
and see dmcrypt spec (cipher+mode is 1:1 to -c parameter)
http://code.google.com/p/cryptsetup/wiki/DMCrypt

Some modes make sense, some make sense but kernel module is not available in 
your config etc. 
I expect user understand how IV and cipher is used when specifying it on 
command line.

Anyway, I would suggest to use XTS mode. If you want twofish, then e.g. -c 
twofish-xtx-plain64 -s 512 for example.

Original comment by gmazyl...@gmail.com on 21 Sep 2013 at 8:20

GoogleCodeExporter commented 9 years ago 
LUKS header is now not written if cipher/mode specification is wrong, commit
http://code.google.com/p/cryptsetup/source/detail?r=ce23225e46cbbef41dd6881acf8b
e5d0016d7ca5#

Original comment by gmazyl...@gmail.com on 10 Nov 2013 at 9:13