Unrecognized LUKS error 127

[JeremyRand]

In recent versions of the Fedora package, I'm getting an unrecognized error code 127 when I try to mount a LUKS container file from the Zulucrypt GUI.

However, mounting without Zulucrypt like this:

sudo cryptsetup luksOpen ./Data2.tc Data2.tc
sudo mount /dev/mapper/Data2.tc /run/media/Data2.tc

Works fine with no errors. (The file is a LUKS file, even though it has the .tc extension.)

I'm not certain what would be causing this problem. The same container file worked fine a few versions ago. Unfortunately I don't know exactly which version broke it (sorry; I realize that such info would be very helpful). Any ideas?

[mhogomchungu]

What version of fedora are you using?

What is the output of the following command

 zuluCrypt-cli --test

[mhogomchungu]

One more question,what file system does your volume use?

[FadeMind]

mhogomchungu I confirm this issue. After launch zuluCrypt-cli --test command I have:

 $ zuluCrypt-cli --test
 creating testing images
 creating a keyfile
 creating a keyfile

 create a luks type volume using a key: FAILED
 ERROR: Failed to create a volume

OS: archlinux 64bit zulucrypt lastest GIT commit version self compilled.

[mhogomchungu]

This is weird,

I see no problems in my pclinuxos primary system. I also see no problems in debian 8 and kubuntu 14.10,my two primary test systems.

what version of cryptsetup are both of you using?

Can you try to create a volume using the following commands

truncate -s 50M test.img
zuluCrypt-cli -ck -d test.img -t luks -p xxx -z vfat

ps: copy and paste them to make sure you dont mistype them.

[FadeMind]

Results: [tomasz@arch ~]$ truncate -s 50M test.img [tomasz@arch ~]$ zuluCrypt-cli -ck -d test.img -t luks -p xxx -z vfat ERROR: Failed to create a volume [tomasz@arch ~]$ pacman -Q|grep cryptsetup cryptsetup 1.6.7-1 [tomasz@arch ~]$

[mhogomchungu]

Did you rebuild zuluCrypt after you updated cryptsetup from version 1.6.6 to version 1.6.7?

will download 64 bit arch later on today and try to see whats going on.

[FadeMind]

Yes, I rebuild ZC.

[JeremyRand]

What version of fedora are you using?

Fedora 21 x64.

What is the output of the following command

zuluCrypt-cli --test

$ zuluCrypt-cli --test
creating testing images
creating a keyfile
creating a keyfile

create a luks type volume using a key: FAILED

One more question,what file system does your volume use?

EXT4.

what version of cryptsetup are both of you using?

$ cryptsetup --version
cryptsetup 1.6.7

I'll get you the rest of the requested info soon.

[mhogomchungu]

I am downloading arch linux now to investigate this.

In the mean time,can one of you run the following command and give me its output

truncate -s 50M test.img
zuluCrypt-cli -ck -d test.img -t tcrypt -p xxx

I can not figure out what the problem is by looking at the code.

Creating a LUKS volume uses cryptsetup and does not seem to work.The test above will attempt to create a TrueCrypt volume using tcplay.This test succeeding will mean the problem is with cryptsetup,if it also fails then that will imply the problem is some place.

Also,was the computer restarted before doing these tests? The problem could be caused by library mismatch somewhere after a system update.

[JeremyRand]

Here are my results for both requested tests.

[jeremy@localhost ~]$ truncate -s 50M test.img
[jeremy@localhost ~]$ zuluCrypt-cli -ck -d test.img -t luks -p xxx -z vfat
zuluCrypt-cli: symbol lookup error: zuluCrypt-cli: undefined symbol: zuluCryptSecurityConvertUID

[jeremy@localhost ~]$ truncate -s 50M test.img
[jeremy@localhost ~]$ zuluCrypt-cli -ck -d test.img -t tcrypt -p xxx
zuluCrypt-cli: symbol lookup error: zuluCrypt-cli: undefined symbol: zuluCryptSecurityConvertUID

Also,was the computer restarted before doing these tests? The problem could be caused by library mismatch somewhere after a system update.

In my case the computer had not been restarted prior to running the requested tests. I will reboot when I have a chance and let you know if anything changes, if the issue is not identified by that point.

[mhogomchungu]

@FadeMind,

I build git version of zuluCrypt on the fully updated 64 bit arch linux system and i was unable to reproduce your problem.

Did you restart your system after you updated it? The problem you are seeing could be a result of library mistmatch somewhere after a system update.

The config output of "makepkg -s" is below:

-- The C compiler identification is GNU 5.1.0
-- The CXX compiler identification is GNU 5.1.0
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /usr/bin/c++
-- Check for working CXX compiler: /usr/bin/c++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found PkgConfig: /usr/bin/pkg-config (found version "0.28") 
-- checking for module 'libsecret-1'
--   found libsecret-1, version 0.18.2
-- checking for module 'libcryptsetup'
--   found libcryptsetup, version 1.6.7
-- checking for module 'blkid'
--   found blkid, version 2.26.0
-- checking for module 'pwquality'
--   found pwquality, version 1.2.3
-- found gcrypt header file: /usr/include/gcrypt.h
-- found gcrypt library: /usr/lib64/libgcrypt.so
-- checking for module 'devmapper'
--   found devmapper, version 1.02.99
-- checking for module 'uuid'
--   found uuid, version 2.26.0
-- Looking for gcry_kdf_derive in gcrypt
-- Looking for gcry_kdf_derive in gcrypt - found
-- ---------------------------------------------------------------------------
-- internal version of tcplay will be used to create and open TrueCrypt and VeraCrypt volumes.
-- internal version of tcplay will be used to create and restore TrueCrypt volume headers.
-- creation and restoration of VeraCrypt volumes is currently disabled.
-- ---------------------------------------------------------------------------
-- found gcrypt header file: /usr/include/gcrypt.h
-- found gcrypt header file: /usr/include/gcrypt.h
-- found gcrypt library: /usr/lib64/libgcrypt.so
-- 
--------------------------------------------------------------------------
-- kwallet support NOT found,will not build kwallet functionality
-- -----------------------------------------------------------------------
-- 
--------------------------------------------------------------------------
-- libsecret support found,will build libsecret functionality
-- -----------------------------------------------------------------------
-- ---------------------------------------------------------------------------
-- optional functionality that will be build
-- GUI front ends,zuluCrypt-gui and zuluMount-gui
-- pwquality library support to give passphrase strength measure
-- udev support will be enabled
-- tcplay adds the ability to create truecrypt compatible encrypted containers
-- ---------------------------------------------------------------------------
-- ---------------------------------------------------------------------------
-- optional functionality that will NOT be build
-- ---------------------------------------------------------------------------
-- 

-- udev will be consulted when deciding if a volume is system or not.
-- please read "udev_support" file for more information about udev support and associated problems.

-- Configuring done
-- Generating done

[mhogomchungu]

@JeremyRand

"zuluCryptSecurityConvertUID" function was added on May 19. This function being reported as not being present suggests multiple zuluCrypt libraries are present in your and this could be source of your problem.

What is the output of the following command

locate zuluCrypt | grep usr

Can you try to uninstall the version of zuluCrypt you have installed and then make sure there are no zuluCrypt libraries lying around and then reinstall.This may solve your problem.

[FadeMind]

Here is all https://github.com/FadeMind/archpkgbuilds/tree/master/zulucrypt

I found difference:

libsecret support NOT found,will not build libsecret functionality

but i have installed libsecret 0.18.2-1

what I missed?

[mhogomchungu]

"-DNOGNOME=true" option turns off libsecret support.The option used to manage support for "gnome-keyring" but i changed it to "libsecret" because gnome people now recommends people to use libsecret instead of gnome-keyring.

libsecret is a front end to gnome-keyring.

You seem to be using some sort of a hardened compiler and the problem be somewhere in there. How can i switch to it?

[FadeMind]

I using this makepkg.conf https://github.com/FadeMind/archfixes/blob/master/etc_home_conffiles/makepkg.conf

[mhogomchungu]

I'll have a look at this hardened compiler later on to see if its the cause of the problem.

why are you using it?

can you try to build with "normal" gcc or with clang and see if it makes a difference?

[mhogomchungu]

@FadeMind

i now build zuluCrypt with hardening options as specified from this link[1] that contains the same options in your "makepkg.conf" but i am still unable to reproduce your issue in 64 bit pclinuxos,64 bit debian 8,64 bit arch linux and 64 bit kubuntu 14.10.

hardened check in debian 8 reports the following:

mtz@debian:/usr/bin$ hardening-check /usr/bin/zuluCrypt-cli
/usr/bin/zuluCrypt-cli:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: yes

mtz@debian:/usr/bin$ hardening-check /usr/bin/zuluMount-cli
/usr/bin/zuluMount-cli:
 Position Independent Executable: yes
 Stack protected: yes
 Fortify Source functions: yes (some protected functions found)
 Read-only relocations: yes
 Immediate binding: yes
mtz@debian:/usr/bin$

I am closing this bug report because i think reported problems are local problems and there is nothing i can do on this end to fix them.

@JeremyRand , i hope you will write to inform of your finding when you run zuluCrypt-cli test after you have completely removed zuluCrypt,reinstall it and then restart your computer.

[1] security.stackexchange.com/questions/24444/what-is-the-most-hardened-set-of-options-for-gcc-compiling-c-c

[JeremyRand]

Okay, so I removed the ZuluCrypt packages, and noticed that there were still some ZuluCrypt files left over. I tried building the latest version from source and running make install, and the resulting installation works fine. I guess at some point long ago I probably built ZuluCrypt from source (creating a duplicate installation) and forgot about it. So yes, the problem was on my end. Sorry for the confusion, and thanks for helping figure this out.