[pkg-cryptsetup-devel] Bug#949336: Mapped integrity devices of size ≥2TiB are unusable on 32-bits platforms

nbf at waifu.club nbf at waifu.club
Wed May 12 19:25:20 BST 2021


Control: tag -1 - moreinfo
Control: found -1 + 2:2.3.4-2

Hi,
I am sorry for the misleading guesses from my previous messages.
I finally got to running some more tests and it is not a 32bit or arm
problem.
Long-keyed volumes created by 2.0.2 cannot be opened by 2.2.2 and vice 
versa.
I tested also with 2:2.3.4-2 amd64 from bullseye and it is the same as 
2.2.2.

Here are the steps that reproduce across all kernel versions I tried:

1) Create the required files and volumes
# head -c 4096 /dev/urandom >integrity-key-file
^ here source code says key-size is BITS, but integritysetup wants 4096 
BYTES(!)
# head -c 10M /dev/zero >integrity-volume2.0.2
# head -c 10M /dev/zero >integrity-volume2.2.2

2) Format one volume with 2.0.2 and the other with 2.2.2
# 2.0.2/integritysetup --sector-size 4096 --tag-size 32 --integrity 
hmac-sha256 --integrity-key-size=4096 
--integrity-key-file=integrity-key-file format integrity-volume2.0.2
# 2.2.2/integritysetup -qv --sector-size 4096 --tag-size 32 --integrity 
hmac-sha256 --integrity-key-size=4096 
--integrity-key-file=integrity-key-file format integrity-volume2.2.2

3a) Open and test the 2.0.2 volume with 2.0.2 - no problem
# 2.0.2/integritysetup --integrity hmac-sha256 --integrity-key-size=4096 
--integrity-key-file=integrity-key-file open integrity-volume2.0.2 
DM-INTEGRITY
# md5sum /dev/mapper/DM-INTEGRITY
e5601036ed0b1020b0179cd3d0d276d8  /dev/mapper/DM-INTEGRITY
# dmsetup status DM-INTEGRITY
0 19952 integrity 0 19952 -
# 2.0.2/integritysetup close DM-INTEGRITY

3b) Open and test the 2.2.2 volume with 2.2.2 - no problem
# 2.2.2/integritysetup --integrity hmac-sha256 --integrity-key-size=4096 
--integrity-key-file=integrity-key-file open integrity-volume2.2.2 
DM-INTEGRITY
# md5sum /dev/mapper/DM-INTEGRITY
e5601036ed0b1020b0179cd3d0d276d8  /dev/mapper/DM-INTEGRITY
# dmsetup status DM-INTEGRITY
0 19952 integrity 0 19952 -
# 2.2.2/integritysetup close DM-INTEGRITY

3c) Open and test the 2.0.2 volume with 2.2.2 - FAIL
# 2.2.2/integritysetup --integrity hmac-sha256 --integrity-key-size=4096 
--integrity-key-file=integrity-key-file open integrity-volume2.0.2 
DM-INTEGRITY
# md5sum /dev/mapper/DM-INTEGRITY
md5sum: /dev/mapper/DM-INTEGRITY: Input/output error
# dmsetup status DM-INTEGRITY
0 19952 integrity 14 19952 -
# 2.2.2/integritysetup close DM-INTEGRITY

3d) Open and test the 2.2.2 volume with 2.0.2 - FAIL
# 2.0.2/integritysetup --integrity hmac-sha256 --integrity-key-size=4096 
--integrity-key-file=integrity-key-file open integrity-volume2.2.2 
DM-INTEGRITY
# md5sum /dev/mapper/DM-INTEGRITY
md5sum: /dev/mapper/DM-INTEGRITY: Input/output error
# dmsetup status DM-INTEGRITY
0 19952 integrity 6 19952 -
# 2.0.2/integritysetup close DM-INTEGRITY

3e) Opening the volume with --integrity-recovery-mode always works
I assume this means data layout is same, but the integrity tags are 
different.

4) I tried to find out how many are actually used ("BITS v.s. BYTES"):
integritysetup 2.0.2 cares only about first 106 bytes (strange number)
integritysetup 2.2.2 cares only about first 114 bytes (strange number, 
+8)
integritysetup 2.3.4-2

6) Based on these results I managed to open the 2.0.2 volume with 2.2.2
# 2.2.2/integritysetup --integrity hmac-sha256 --integrity-key-size=106 
--integrity-key-file=integrity-key-file open integrity-volume2.0.2 
DM-INTEGRITY
# md5sum /dev/mapper/DM-INTEGRITY
e5601036ed0b1020b0179cd3d0d276d8  /dev/mapper/DM-INTEGRITY
# dmsetup status DM-INTEGRITY
19952 integrity 0 19952 -
# 2.2.2/integritysetup close DM-INTEGRITY


Best,
n.b.f.



More information about the pkg-cryptsetup-devel mailing list