[pkg-cryptsetup-devel] Bug#941051: cryptsetup: luksFormat crash with benbi IV generator and LUKS2 integrity option(s)

Bernhard Übelacker bernhardu at mailbox.org
Tue Jan 7 12:56:06 GMT 2020 

Dear Maintainer,
I rebuilt a linux-image package with the patch applied
and the submitters' cryptsetup command finished
without visible error to me.
(console output and dmesg in second half of attached file.)

Due to my limited knowledge of cryptsetup I guess Jerad
could better judge if the resulting device is working
properly afterwards.

Kind regards,
Bernhard
-------------- next part --------------

# Unstable amd64 qemu VM 2020-01-06


apt-mark hold kmod libkmod2     #Bug 948257

apt update
apt dist-upgrade



fdisk /dev/sdb
mkfs.ext4 /dev/sdX1

mkdir /home/benutzer/source
mount /dev/sdb1 /home/benutzer/source
chown benutzer:benutzer /home/benutzer/source




apt install linux-image-5.4.0-2-amd64-unsigned systemd-coredump mc htop strace cryptsetup fakeroot
apt build-dep linux-image-5.4.0-2-amd64-unsigned

dpkg --purge linux-image-5.3.0-3-amd64 linux-image-5.4.0-1-amd64 linux-image-amd64 linux-image-5.4.0-2-amd64-unsigned







mkdir /home/benutzer/source/linux-image-5.4.0-2-amd64-unsigned/orig -p
cd    /home/benutzer/source/linux-image-5.4.0-2-amd64-unsigned/orig
apt source linux-image-5.4.0-2-amd64-unsigned
cd






############
############

# 1. Without patch


cd /home/benutzer/source/linux-image-5.4.0-2-amd64-unsigned
cp orig try1 -a
cd try1/linux-5.4.8
fakeroot debian/rules source
sed -i 's at debian/bin/buildcheck.py @-debian/bin/buildcheck.py @g' debian/rules.real
time fakeroot make -j`nproc` -f debian/rules.gen binary-arch_amd64_none_amd64

        ~ 1h
        ~25 GB





dpkg -i /home/benutzer/source/linux-image-5.4.0-2-amd64-unsigned/try1/linux-image-5.4.0-2-amd64-unsigned_5.4.8-1_amd64.deb
reboot







truncate -s 400M /tmp/test
losetup /dev/loop0 /tmp/test

export LANG=C
cryptsetup luksFormat \
    --cipher=twofish-xts-benbi \
    --hash=sha512 \
    --verify-passphrase \
    --key-size=512 \
    --use-random \
    --type=luks2 \
    --pbkdf=argon2id \
    --pbkdf-memory=1048576 \
    --pbkdf-parallel=4 \
    --pbkdf-force-iterations=5 \
    --integrity=hmac-sha256 \
    --integrity-no-journal \
    --sector-size=4096 \
    /dev/loop0

losetup -d /dev/loop0
rm /tmp/test




[Mo Jan  6 20:08:28 2020] loop: module loaded

[Mo Jan  6 20:08:36 2020] device-mapper: uevent: version 1.0.3
[Mo Jan  6 20:08:36 2020] device-mapper: ioctl: 4.41.0-ioctl (2019-09-16) initialised: dm-devel at redhat.com
[Mo Jan  6 20:08:36 2020] NET: Registered protocol family 38
[Mo Jan  6 20:08:36 2020] cryptd: max_cpu_qlen set to 1000
[Mo Jan  6 20:08:36 2020] CPU feature 'AVX registers' is not supported.
[Mo Jan  6 20:08:36 2020] xor: measuring software checksum speed
[Mo Jan  6 20:08:36 2020]    prefetch64-sse: 17846.000 MB/sec
[Mo Jan  6 20:08:36 2020]    generic_sse: 16337.000 MB/sec
[Mo Jan  6 20:08:36 2020] xor: using function: prefetch64-sse (17846.000 MB/sec)
[Mo Jan  6 20:08:36 2020] async_tx: api initialized (async)
[Mo Jan  6 20:08:38 2020] alg: No test for authenc(hmac(sha256),xts(twofish)) (authenc(hmac(sha256-generic),xts(ecb-twofish-3way)))
[Mo Jan  6 20:08:38 2020] device-mapper: table: 254:1: crypt: Error creating IV
[Mo Jan  6 20:08:38 2020] device-mapper: ioctl: error adding target to table
[Mo Jan  6 20:09:50 2020] BUG: unable to handle page fault for address: 0000004000000024
[Mo Jan  6 20:09:50 2020] #PF: supervisor read access in kernel mode
[Mo Jan  6 20:09:50 2020] #PF: error_code(0x0000) - not-present page
[Mo Jan  6 20:09:50 2020] PGD 0 P4D 0 
[Mo Jan  6 20:09:50 2020] Oops: 0000 [#1] SMP NOPTI
[Mo Jan  6 20:09:50 2020] CPU: 4 PID: 665 Comm: cryptsetup Tainted: G            E     5.4.0-2-amd64 #1 Debian 5.4.8-1
[Mo Jan  6 20:09:50 2020] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[Mo Jan  6 20:09:50 2020] RIP: 0010:crypt_iv_benbi_ctr+0x18/0x60 [dm_crypt]






############
############

# 2. With patch


cd /home/benutzer/source/linux-image-5.4.0-2-amd64-unsigned
cp orig try2 -a
cd try2/linux-5.4.8
fakeroot debian/rules source
sed -i 's at debian/bin/buildcheck.py @-debian/bin/buildcheck.py @g' debian/rules.real

wget "https://git.kernel.org/pub/scm/linux/kernel/git/mbroz/linux.git/patch/?id=c3563cd7350dff811543cbc275547a7f878a6c3a" -O ../c3563cd7350dff811543cbc275547a7f878a6c3a.patch
patch -p1 < ../c3563cd7350dff811543cbc275547a7f878a6c3a.patch

time fakeroot make -j`nproc` -f debian/rules.gen binary-arch_amd64_none_amd64

        real    61m33,973s
        user    240m28,026s
        sys     33m8,348s

        du -sh .
        25G     .


dpkg -i /home/benutzer/source/linux-image-5.4.0-2-amd64-unsigned/try2/linux-image-5.4.0-2-amd64-unsigned_5.4.8-1_amd64.deb
reboot










truncate -s 400M /tmp/test
losetup /dev/loop0 /tmp/test

export LANG=C
cryptsetup luksFormat \
    --cipher=twofish-xts-benbi \
    --hash=sha512 \
    --verify-passphrase \
    --key-size=512 \
    --use-random \
    --type=luks2 \
    --pbkdf=argon2id \
    --pbkdf-memory=1048576 \
    --pbkdf-parallel=4 \
    --pbkdf-force-iterations=5 \
    --integrity=hmac-sha256 \
    --integrity-no-journal \
    --sector-size=4096 \
    /dev/loop0

losetup -d /dev/loop0
rm /tmp/test



root at debian:~# truncate -s 400M /tmp/test
root at debian:~# losetup /dev/loop0 /tmp/test
root at debian:~# 
root at debian:~# export LANG=C
root at debian:~# cryptsetup luksFormat \
>     --cipher=twofish-xts-benbi \
>     --hash=sha512 \
>     --verify-passphrase \
>     --key-size=512 \
>     --use-random \
>     --type=luks2 \
>     --pbkdf=argon2id \
>     --pbkdf-memory=1048576 \
>     --pbkdf-parallel=4 \
>     --pbkdf-force-iterations=5 \
>     --integrity=hmac-sha256 \
>     --integrity-no-journal \
>     --sector-size=4096 \
>     /dev/loop0

WARNING!
========
This will overwrite data on /dev/loop0 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase for /tmp/test: 
Verify passphrase: 
Wiping device to initialize integrity checksum.
You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).
Finished, time 00:02.586,  377 MiB written, speed 146.1 MiB/s
root at debian:~# 




[Di Jan  7 12:01:10 2020] loop: module loaded

[Di Jan  7 12:01:25 2020] device-mapper: uevent: version 1.0.3
[Di Jan  7 12:01:25 2020] device-mapper: ioctl: 4.41.0-ioctl (2019-09-16) initialised: dm-devel at redhat.com
[Di Jan  7 12:01:25 2020] NET: Registered protocol family 38
[Di Jan  7 12:01:25 2020] cryptd: max_cpu_qlen set to 1000
[Di Jan  7 12:01:25 2020] CPU feature 'AVX registers' is not supported.
[Di Jan  7 12:01:25 2020] xor: measuring software checksum speed
[Di Jan  7 12:01:25 2020]    prefetch64-sse: 17943.000 MB/sec
[Di Jan  7 12:01:25 2020]    generic_sse: 16228.000 MB/sec
[Di Jan  7 12:01:25 2020] xor: using function: prefetch64-sse (17943.000 MB/sec)
[Di Jan  7 12:01:25 2020] async_tx: api initialized (async)
[Di Jan  7 12:01:27 2020] alg: No test for authenc(hmac(sha256),xts(twofish)) (authenc(hmac(sha256-generic),xts(ecb-twofish-3way)))

More information about the pkg-cryptsetup-devel mailing list