lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200723155101.pnezpo574ot4qkzx@atlas.draconx.ca>
Date:   Thu, 23 Jul 2020 11:51:01 -0400
From:   Nick Bowler <nbowler@...conx.ca>
To:     linux-kernel@...r.kernel.org
Cc:     Al Viro <viro@...iv.linux.org.uk>,
        "David S. Miller" <davem@...emloft.net>
Subject: PROBLEM: cryptsetup fails to unlock drive in 5.8-rc6 (regression)

Hi,

After installing Linux 5.8-rc6, it seems cryptsetup can no longer
open LUKS volumes.  Regardless of the entered passphrase (correct
or otherwise), the result is a very unhelpful "Keyslot open failed."
message.

On the kernels which fail, I also noticed that the cryptsetup
benchmark command appears to not be able to determine that any
ciphers are available (output at end of message), possibly for
the same reason.

Bisected to the following commit, which suggests a problem specific
to compat userspace (this is amd64 kernel).  I tested both ia32 and
x32 userspace to confirm the problem.  Reverting this commit on top
of 5.8-rc6 resolves the issue.

Looking at strace output the failing syscall appears to be:

  sendmsg(8, {msg_name=NULL, msg_namelen=0, 
	     msg_iov=[{iov_base=..., iov_len=512}], msg_iovlen=1,
	     msg_control=[{cmsg_len=16, cmsg_level=SOL_ALG,
	     cmsg_type=0x3}, {cmsg_len=32, cmsg_level=SOL_ALG,
	     cmsg_type=0x2}], msg_controllen=48, msg_flags=0}, 0)
	     = -1 EINVAL (Invalid argument)

where fd 8 is the descriptor received after "accept" from the AF_ALG
socket bound to the skcipher algorithm.

  547ce4cfb34cdecfa0ee19c29a5510329a7ac802 is the first bad commit
  commit 547ce4cfb34cdecfa0ee19c29a5510329a7ac802
  Author: Al Viro <viro@...iv.linux.org.uk>
  Date:   Sun May 31 02:06:55 2020 +0100

      switch cmsghdr_from_user_compat_to_kern() to copy_from_user()

      no point getting compat_cmsghdr field-by-field

      Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
      Signed-off-by: David S. Miller <davem@...emloft.net>

   net/compat.c | 15 ++++++++-------
   1 file changed, 8 insertions(+), 7 deletions(-)

  # cryptsetup open /dev/nvme0n1p2 test
  Enter passphrase for /dev/nvme0n1p2:
  Keyslot open failed.
  
  # cryptsetup benchmark
  # Tests are approximate using memory only (no storage IO).
  PBKDF2-sha1       362077 iterations per second for 256-bit key
  PBKDF2-sha256     503155 iterations per second for 256-bit key
  PBKDF2-sha512     396586 iterations per second for 256-bit key
  PBKDF2-ripemd160  283398 iterations per second for 256-bit key
  PBKDF2-whirlpool  159649 iterations per second for 256-bit key
  argon2i       4 iterations, 111601 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
  argon2id      4 iterations, 112215 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
  #     Algorithm |       Key |      Encryption |      Decryption
          aes-cbc        128b               N/A               N/A
      serpent-cbc        128b               N/A               N/A
      twofish-cbc        128b               N/A               N/A
          aes-cbc        256b               N/A               N/A
      serpent-cbc        256b               N/A               N/A
      twofish-cbc        256b               N/A               N/A
          aes-xts        256b               N/A               N/A
      serpent-xts        256b               N/A               N/A
      twofish-xts        256b               N/A               N/A
          aes-xts        512b               N/A               N/A
      serpent-xts        512b               N/A               N/A
      twofish-xts        512b               N/A               N/A

Cheers,
-- 
Nick Bowler

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ