lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9aebff4d-71b0-9fe0-2ccc-38c80fc2179a@gmail.com>
Date:   Tue, 12 Jun 2018 07:50:33 +0200
From:   Milan Broz <gmazyland@...il.com>
To:     Xiongfeng Wang <wangxiongfeng2@...wei.com>, agk@...hat.com,
        snitzer@...hat.com
Cc:     broonie@...aro.org, arnd@...db.de, joakim.bech@...aro.org,
        dm-devel@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: [Query] Failed to create dm-crypt device when using AEAD type

On 06/12/2018 07:37 AM, Xiongfeng Wang wrote:
> Hi Dm-crypt maintainers,
> 
> Recently, I was testing the dm-crypt, but I failed to create dm-crypt device when using AEAD type.
> I would really appreciate it if you could give some help.
> The error info is as follows:
> localhost:~ # export SIZE_INT=997376
> 8 J 0"ost:~ # dmsetup create integ1 --table "0 $SIZE_INT integrity /dev/sdd2 0 2
> localhost:~ #
> dom \host:~ # dmsetup create crypt1 --table "0 $SIZE_INT crypt capi:gcm(aes)-ran
>>  11ff33c6fb942655efb3e30cf4c0fd95f5ef483afca72166c530ae26151dd83b \
>>  0 /dev/mapper/integ1 0 1 integrity:28:aead"
> [ 1746.631559] device-mapper: crypt: Integrity AEAD, tag size 16, IV size 12.
> [ 1746.649796] device-mapper: crypt: INTEGRITY AEAD ERROR, sector 997248
> [ 1746.656382] device-mapper: crypt: INTEGRITY AEAD ERROR, sector 997248
> [ 1746.662826] Buffer I/O error on dev dm-3, logical block 124656, async page read

These errors actually say that it works as expected! :)

If the underlying device has no integrity tags initialized, *every* access to device must generate
integrity fail (because integrity tag is just not correct).

And the errors above are perhaps udev scans that are triggered by inotify when new device appears
and it tries to find some signatures on uninitialized disk with blkid.

If you use cryptsetup, it will try to wipe the device, alternatively you can use
dd (just be sure to use direct-io, page cache can generate some reads that fails as well),
so in your case something like this:

  # dd if=/dev/zero of=/dev/maper/crypt1 bs=1M oflag=direct

should wipe the device (and store integrity tags).

If you activate your devices again (with the same parameters), no integrity errors should be present.

(I will write more documentation in next weeks regarding all this stuff, we have now better
AEAD ciphers in 4.18.)

Thanks,
Milan
 
> 
> I tested it both on qemu and hardware, and it printed the same error.
> The error seems always on the last several sectors within the SIZE_INT I designated.
> When I change the SIZE_INT, the error sector num also change.
> I think something went wrong in the software, not the hardware.
> 
> My board don't have AEAD accelerator, so it uses the software implemented cipher.
> My kernel version is 4.17-rc3.
> 
> The command is as follows:
> export SIZE_INT=997376
> dmsetup create integ1 --table "0 $SIZE_INT integrity /dev/sdd2 0 28 J 0"
> dmsetup create crypt1 --table "0 $SIZE_INT crypt capi:gcm(aes)-random \
>  11ff33c6fb942655efb3e30cf4c0fd95f5ef483afca72166c530ae26151dd83b \
>  0 /dev/mapper/integ1 0 1 integrity:28:aead"
> 
> This command comes from the commit information of the commit which introduce AEAD.
> (commit ef43aa38063a6b2b3c6618e28ab35794f4f1fe29
> dm crypt: add cryptographic data integrity protection (authenticated encryption))
> I only change 'aes-gcm-random' to 'capi:gcm(aes)-random'
> 
> Really appreciate it if you could have a look at it, Thanks!
> 
> Regards,
> Xiongfeng
> 
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ