| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 Jul 2020 11:51:01 -0400
From: Nick Bowler <nbowler@...conx.ca>
To: linux-kernel@...r.kernel.org
Cc: Al Viro <viro@...iv.linux.org.uk>,
"David S. Miller" <davem@...emloft.net>
Subject: PROBLEM: cryptsetup fails to unlock drive in 5.8-rc6 (regression)
Hi,
After installing Linux 5.8-rc6, it seems cryptsetup can no longer
open LUKS volumes. Regardless of the entered passphrase (correct
or otherwise), the result is a very unhelpful "Keyslot open failed."
message.
On the kernels which fail, I also noticed that the cryptsetup
benchmark command appears to not be able to determine that any
ciphers are available (output at end of message), possibly for
the same reason.
Bisected to the following commit, which suggests a problem specific
to compat userspace (this is amd64 kernel). I tested both ia32 and
x32 userspace to confirm the problem. Reverting this commit on top
of 5.8-rc6 resolves the issue.
Looking at strace output the failing syscall appears to be:
sendmsg(8, {msg_name=NULL, msg_namelen=0,
msg_iov=[{iov_base=..., iov_len=512}], msg_iovlen=1,
msg_control=[{cmsg_len=16, cmsg_level=SOL_ALG,
cmsg_type=0x3}, {cmsg_len=32, cmsg_level=SOL_ALG,
cmsg_type=0x2}], msg_controllen=48, msg_flags=0}, 0)
= -1 EINVAL (Invalid argument)
where fd 8 is the descriptor received after "accept" from the AF_ALG
socket bound to the skcipher algorithm.
547ce4cfb34cdecfa0ee19c29a5510329a7ac802 is the first bad commit
commit 547ce4cfb34cdecfa0ee19c29a5510329a7ac802
Author: Al Viro <viro@...iv.linux.org.uk>
Date: Sun May 31 02:06:55 2020 +0100
switch cmsghdr_from_user_compat_to_kern() to copy_from_user()
no point getting compat_cmsghdr field-by-field
Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
Signed-off-by: David S. Miller <davem@...emloft.net>
net/compat.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
# cryptsetup open /dev/nvme0n1p2 test
Enter passphrase for /dev/nvme0n1p2:
Keyslot open failed.
# cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1 362077 iterations per second for 256-bit key
PBKDF2-sha256 503155 iterations per second for 256-bit key
PBKDF2-sha512 396586 iterations per second for 256-bit key
PBKDF2-ripemd160 283398 iterations per second for 256-bit key
PBKDF2-whirlpool 159649 iterations per second for 256-bit key
argon2i 4 iterations, 111601 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id 4 iterations, 112215 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
# Algorithm | Key | Encryption | Decryption
aes-cbc 128b N/A N/A
serpent-cbc 128b N/A N/A
twofish-cbc 128b N/A N/A
aes-cbc 256b N/A N/A
serpent-cbc 256b N/A N/A
twofish-cbc 256b N/A N/A
aes-xts 256b N/A N/A
serpent-xts 256b N/A N/A
twofish-xts 256b N/A N/A
aes-xts 512b N/A N/A
serpent-xts 512b N/A N/A
twofish-xts 512b N/A N/A
Cheers,
--
Nick Bowler
Powered by blists - more mailing lists