[pkg-cryptsetup-devel] Bug#578979: cryptsetup isLuks does not work for volumes with a non-FIPS hash (e.g.:ripemd160)
Christian Lamparter
chunkeey at googlemail.com
Fri Apr 23 23:34:10 UTC 2010
Package: cryptsetup
Version: 2:1.1.0-2.1
Severity: normal
Tags: squeeze sid patch
cryptsetup isLuks [..] code-path does not initialize gcrypt library properly.
For example: This is luksDump is from a healthy volume,
which was created with ripemd160 as the selected message digest.
# cryptsetup luksDump /dev/loop1
LUKS header information for /dev/loop1
Version: 1
Cipher name: serpent
Cipher mode: xts-benbi
Hash spec: ripemd160 <---
Payload offset: 2056
MK bits: 256
MK digest: 47 cd 8a 78 ab [...]
MK salt: d6 a9 81 f2 d7 [...]
MK iterations: 20750
UUID: e4245[...]
Key Slot 0: ENABLED
Iterations: 83[...]
Salt: 5d [...]
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
[...]
However, for the same volume isLuks failes with
# cryptsetup isLuks /dev/loop1
Requested LUKS hash ripemd160 is not supported.
-
This behavior is actually a feature of libgcrypt.
It prevents damage and misuse of the library.
But in my case (I made the mistake of making
a root partition with ripemd160...) it confused
The initramfs script /scripts/local-top/cryptsetup,
which then tried to call "cryptsetup create ..."
instead of "luksOpen".
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-2.6.34-rc4-wl root=/dev/mapper/linux2-disc1_crypt ro console=ttyS0,115200 console=tty0 hpet=force
-- /etc/crypttab
linux2-disc1_crypt /dev/mapper/linux2-disc1 none luks
-- /etc/fstab
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/linux2-disc1_crypt / reiserfs noatime,user_xattr 0 1
proc /proc proc defaults 0 0
/dev/sda1 /boot ext2 noatime,nosuid,nodev,noexec 0 1
none_debugfs /sys/kernel/debug debugfs defaults 0 0
-- lsmod
Module Size Used by
nls_iso8859_1 4473 0
nls_cp850 5314 0
vfat 8328 0
fat 44631 1 vfat
tcp_diag 895 0
inet_diag 7293 1 tcp_diag
nvidia 10786745 22
ppdev 5611 0
lp 9164 0
bluetooth 51651 2
rfkill 16789 2 bluetooth
xt_multiport 2266 1
iptable_filter 1386 1
ip_tables 14814 1 iptable_filter
x_tables 19492 3 xt_multiport,iptable_filter,ip_tables
pktcdvd 24942 1
cpufreq_conservative 9806 0
binfmt_misc 6782 1
deflate 1769 0
zlib_deflate 18923 1 deflate
ctr 3437 0
camellia 17980 0
cast5 15752 0
des_generic 16074 0
xcbc 2367 0
rmd160 7752 0
crypto_null 2582 0
dm_snapshot 25924 0
dm_mirror 11784 0
dm_region_hash 9698 1 dm_mirror
dm_log 8264 2 dm_mirror,dm_region_hash
fuse 54512 1
nfsd 262150 13
exportfs 3418 1 nfsd
nfs 249246 0
lockd 62571 2 nfsd,nfs
nfs_acl 2277 2 nfsd,nfs
auth_rpcgss 37647 2 nfsd,nfs
sunrpc 193752 14 nfsd,nfs,lockd,nfs_acl,auth_rpcgss
i2c_dev 4497 0
cpufreq_userspace 2560 0
powernow_k8 13359 1
hwmon_vid 2026 0
firewire_sbp2 12036 0
snd_emu10k1_synth 4932 0
snd_emux_synth 29089 1 snd_emu10k1_synth
snd_seq_virmidi 3996 1 snd_emux_synth
snd_seq_midi_emul 4927 1 snd_emux_synth
snd_emu10k1 129919 3 snd_emu10k1_synth
snd_ac97_codec 110598 1 snd_emu10k1
ac97_bus 1242 1 snd_ac97_codec
snd_pcm_oss 30195 0
snd_mixer_oss 12678 1 snd_pcm_oss
snd_pcm 67238 4 snd_emu10k1,snd_ac97_codec,snd_pcm_oss
snd_page_alloc 7252 2 snd_emu10k1,snd_pcm
snd_util_mem 3290 2 snd_emux_synth,snd_emu10k1
snd_hwdep 5642 2 snd_emux_synth,snd_emu10k1
snd_seq_dummy 1542 0
snd_seq_oss 24254 0
snd_seq_midi 4604 0
snd_rawmidi 18819 3 snd_seq_virmidi,snd_emu10k1,snd_seq_midi
snd_seq_midi_event 6067 3 snd_seq_virmidi,snd_seq_oss,snd_seq_midi
snd_seq 45917 9 snd_emux_synth,snd_seq_virmidi,snd_seq_midi_emul,snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_seq_midi_event
snd_timer 18457 3 snd_emu10k1,snd_pcm,snd_seq
snd_seq_device 5762 8 snd_emu10k1_synth,snd_emux_synth,snd_emu10k1,snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_rawmidi,snd_seq
snd 56213 16 snd_emux_synth,snd_seq_virmidi,snd_emu10k1,snd_ac97_codec,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_hwdep,snd_seq_oss,snd_rawmidi,snd_seq,snd_timer,snd_seq_device
parport_pc 26456 1
parport 31679 3 ppdev,lp,parport_pc
rtc_cmos 8215 1
rtc_core 14000 2 rtc_cmos
rtc_lib 2433 1 rtc_core
rt2860sta 468028 0
k8temp 3403 0
hwmon 1840 1 k8temp
i2c_nforce2 5247 0
i2c_core 21356 3 nvidia,i2c_dev,i2c_nforce2
ohci_hcd 18795 0
firewire_ohci 20229 0
skge 34816 0
firewire_core 43315 2 firewire_sbp2,firewire_ohci
ehci_hcd 30507 0
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.34-rc4-wl (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages cryptsetup depends on:
ii dmsetup 2:1.02.45-1 The Linux Kernel Device Mapper use
ii libc6 2.10.2-7 Embedded GNU C Library: Shared lib
ii libdevmapper1.02.1 2:1.02.45-1 The Linux Kernel Device Mapper use
ii libpopt0 1.15-1 lib for parsing cmdline parameters
ii libuuid1 2.16.2-0 Universally Unique ID library
cryptsetup recommends no packages.
Versions of packages cryptsetup suggests:
ii dosfstools 3.0.9-1 utilities for making and checking
ii initramfs-tools [linux-initra 0.94.4 tools for generating an initramfs
ii udev 151-3 /dev/ and hotplug management daemo
-- no debconf information
-------------- next part --------------
--- a/lib/setup.c 2010-04-24 00:37:46.000000000 +0200
+++ b/lib/setup.c 2010-04-24 00:38:50.000000000 +0200
@@ -921,6 +921,11 @@ int crypt_isLuks(struct crypt_options *o
log_dbg("Check device %s for LUKS header.", options->device);
+ if (init_crypto()) {
+ log_err(cd, _("Cannot initialize crypto backend.\n"));
+ return -ENOSYS;
+ }
+
r = crypt_init(&cd, options->device);
if (r < 0)
return -EINVAL;
More information about the pkg-cryptsetup-devel
mailing list