novel LUKS problem: 'cryptsetup open' mostly doesn't work

This forum is for topics dealing with problems with software specifically in the ARMv7h repo.
Topic locked

novel LUKS problem: 'cryptsetup open' mostly doesn't work

Postby pants » Sat Nov 19, 2016 10:49 pm

I am trying to set up an encrypted home partition on an SD card and have run into a baffling problem. Formatting a new LUKS device with cryptsetup works without error. If I try to open the new device without any option flags, which should be possible because those options are written in the LUKS header, my key fails to unlock the device. If I try to open the new device with all option flags, my key unlocks the device on only the second try, every time. Nothing helpful is written to the journal. Debug output is provided below. Help would be appreciated.

I am running linux-veyron 3.14.0-22 on an ASUS C201 with libgcrypt 1.7.3-1.

$this->bbcode_second_pass_code('', '
root@HAL ~ # cryptsetup --debug --hash sha512 -s 512 --cipher aes-xts-plain64 --type luks luksFormat /dev/mmcblk1p1
# cryptsetup 1.7.3 processing "cryptsetup --debug --hash sha512 -s 512 --cipher aes-xts-plain64 --type luks luksFormat /dev/mmcblk1p1"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.

WARNING!
========
This will overwrite data on /dev/mmcblk1p1 irrevocably.

Are you sure? (Type uppercase yes): YES
# Allocating crypt device /dev/mmcblk1p1 context.
# Trying to open and read device /dev/mmcblk1p1 with direct-io.
# Initialising device-mapper backend library.
# Timeout set to 0 miliseconds.
# Iteration time set to 2000 milliseconds.
# Interactive passphrase entry requested.
Enter passphrase:
Verify passphrase:
# Formatting device /dev/mmcblk1p1 as type LUKS1.
# Crypto backend (gcrypt 1.7.3) initialized in cryptsetup library version 1.7.3.
# Detected kernel Linux 3.14.0-22-ARCH armv7l.
# Topology: IO (512/0), offset = 0; Required alignment is 1048576 bytes.
# Checking if cipher aes-xts-plain64 is usable.
# Using userspace crypto wrapper to access keyslot area.
# Generating LUKS header version 1 using hash sha512, aes, xts-plain64, MK 64 bytes
# KDF pbkdf2, hash sha512: 152409 iterations per second (512-bits key).
# Data offset 4096, UUID ad98f1b1-d538-48d9-bdfb-530e70c0a502, digest iterations 37000
# Updating LUKS header of size 1024 on device /dev/mmcblk1p1
# Key length 64, device size 62330880 sectors, header size 4036 sectors.
# Reading LUKS header of size 1024 from device /dev/mmcblk1p1
# Key length 64, device size 62330880 sectors, header size 4036 sectors.
# Adding new keyslot -1 using volume key.
# Calculating data for key slot 0
# KDF pbkdf2, hash sha512: 150657 iterations per second (512-bits key).
# Key slot 0 use 294251 password iterations.
# Using hash sha512 for AF in key slot 0, 4000 stripes
# Updating key slot 0 [0x1000] area.
# Using userspace crypto wrapper to access keyslot area.
# Key slot 0 was enabled in LUKS header.
# Updating LUKS header of size 1024 on device /dev/mmcblk1p1
# Key length 64, device size 62330880 sectors, header size 4036 sectors.
# Reading LUKS header of size 1024 from device /dev/mmcblk1p1
# Key length 64, device size 62330880 sectors, header size 4036 sectors.
# Releasing crypt device /dev/mmcblk1p1 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.
root@HAL ~ # cryptsetup --debug luksDump /dev/mmcblk1p1
# cryptsetup 1.7.3 processing "cryptsetup --debug luksDump /dev/mmcblk1p1"
# Running command luksDump.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/mmcblk1p1 context.
# Trying to open and read device /dev/mmcblk1p1 with direct-io.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/mmcblk1p1.
# Crypto backend (gcrypt 1.7.3) initialized in cryptsetup library version 1.7.3.
# Detected kernel Linux 3.14.0-22-ARCH armv7l.
# Reading LUKS header of size 1024 from device /dev/mmcblk1p1
# Key length 64, device size 62330880 sectors, header size 4036 sectors.
LUKS header information for /dev/mmcblk1p1

Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha512
Payload offset: 4096
MK bits: 512
MK digest: 38 7e 26 62 02 89 42 9e a8 9d 41 e2 21 b9 74 8e 22 a4 a9 4d
MK salt: 5a 19 77 3d f9 14 26 3a 0f 89 7c b6 c7 48 3e 6b
8b ea bd 5a 3e 99 db 0d 31 e7 76 84 44 2d 72 1a
MK iterations: 37000
UUID: ad98f1b1-d538-48d9-bdfb-530e70c0a502

Key Slot 0: ENABLED
Iterations: 294251
Salt: 57 f5 3c bb 5e ec 9c c2 91 92 34 09 ac 07 d6 29
e7 62 cb 07 a8 f6 d4 ca c0 84 5e fc 3a 40 01 9f
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
# Releasing crypt device /dev/mmcblk1p1 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.
root@HAL ~ # cryptsetup --debug open /dev/mmcblk1p1 home
# cryptsetup 1.7.3 processing "cryptsetup --debug open /dev/mmcblk1p1 home"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/mmcblk1p1 context.
# Trying to open and read device /dev/mmcblk1p1 with direct-io.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/mmcblk1p1.
# Crypto backend (gcrypt 1.7.3) initialized in cryptsetup library version 1.7.3.
# Detected kernel Linux 3.14.0-22-ARCH armv7l.
# Reading LUKS header of size 1024 from device /dev/mmcblk1p1
# Key length 64, device size 62330880 sectors, header size 4036 sectors.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 2000 milliseconds.
# Activating volume home [keyslot -1] using [none] passphrase.
# dm version [ opencount flush ] [16384] (*1)
# dm versions [ opencount flush ] [16384] (*1)
# Detected dm-verity version 1.2.0.
# Detected dm-crypt version 1.13.0, dm-ioctl version 4.27.0.
# Device-mapper backend running with UDEV support enabled.
# dm status home [ opencount flush ] [16384] (*1)
# Interactive passphrase entry requested.
Enter passphrase for /dev/mmcblk1p1:
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Trying to open key slot 1 [INACTIVE].
# Trying to open key slot 2 [INACTIVE].
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
No key available with this passphrase.
# Interactive passphrase entry requested.
Enter passphrase for /dev/mmcblk1p1:
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Trying to open key slot 1 [INACTIVE].
# Trying to open key slot 2 [INACTIVE].
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
No key available with this passphrase.
# Interactive passphrase entry requested.
Enter passphrase for /dev/mmcblk1p1:
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Trying to open key slot 1 [INACTIVE].
# Trying to open key slot 2 [INACTIVE].
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
No key available with this passphrase.
# Releasing crypt device /dev/mmcblk1p1 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 1: Operation not permitted
cryptsetup --debug open /dev/mmcblk1p1 home 6.67s user 0.04s system 48% cpu 13.856 total
2 root@HAL ~ # cryptsetup --debug --hash sha512 -s 512 --cipher aes-xts-plain64 --type luks open /dev/mmcblk1p1 home :(
# cryptsetup 1.7.3 processing "cryptsetup --debug --hash sha512 -s 512 --cipher aes-xts-plain64 --type luks open /dev/mmcblk1p1 home"
# Running command open.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating crypt device /dev/mmcblk1p1 context.
# Trying to open and read device /dev/mmcblk1p1 with direct-io.
# Initialising device-mapper backend library.
# Trying to load LUKS1 crypt type from device /dev/mmcblk1p1.
# Crypto backend (gcrypt 1.7.3) initialized in cryptsetup library version 1.7.3.
# Detected kernel Linux 3.14.0-22-ARCH armv7l.
# Reading LUKS header of size 1024 from device /dev/mmcblk1p1
# Key length 64, device size 62330880 sectors, header size 4036 sectors.
# Timeout set to 0 miliseconds.
# Password retry count set to 3.
# Password verification disabled.
# Iteration time set to 2000 milliseconds.
# Activating volume home [keyslot -1] using [none] passphrase.
# dm version [ opencount flush ] [16384] (*1)
# dm versions [ opencount flush ] [16384] (*1)
# Detected dm-verity version 1.2.0.
# Detected dm-crypt version 1.13.0, dm-ioctl version 4.27.0.
# Device-mapper backend running with UDEV support enabled.
# dm status home [ opencount flush ] [16384] (*1)
# Interactive passphrase entry requested.
Enter passphrase for /dev/mmcblk1p1:
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
# Trying to open key slot 1 [INACTIVE].
# Trying to open key slot 2 [INACTIVE].
# Trying to open key slot 3 [INACTIVE].
# Trying to open key slot 4 [INACTIVE].
# Trying to open key slot 5 [INACTIVE].
# Trying to open key slot 6 [INACTIVE].
# Trying to open key slot 7 [INACTIVE].
No key available with this passphrase.
# Interactive passphrase entry requested.
Enter passphrase for /dev/mmcblk1p1:
# Trying to open key slot 0 [ACTIVE_LAST].
# Reading key slot 0 area.
# Using userspace crypto wrapper to access keyslot area.
Key slot 0 unlocked.
# Calculated device size is 62326784 sectors (RW), offset 4096.
# DM-UUID is CRYPT-LUKS1-ad98f1b1d53848d9bdfb530e70c0a502-home
# Udev cookie 0xd4dd8ba (semid 65536) created
# Udev cookie 0xd4dd8ba (semid 65536) incremented to 1
# Udev cookie 0xd4dd8ba (semid 65536) incremented to 2
# Udev cookie 0xd4dd8ba (semid 65536) assigned to CREATE task(0) with flags (0x0)
# dm create home CRYPT-LUKS1-ad98f1b1d53848d9bdfb530e70c0a502-home [ opencount flush ] [16384] (*1)
# dm reload home [ opencount flush securedata ] [16384] (*1)
# dm resume home [ opencount flush securedata ] [16384] (*1)
# home: Stacking NODE_ADD (254,0) 0:0 0600 [verify_udev]
# home: Stacking NODE_READ_AHEAD 256 (flags=1)
# Udev cookie 0xd4dd8ba (semid 65536) decremented to 1
# Udev cookie 0xd4dd8ba (semid 65536) waiting for zero
# Udev cookie 0xd4dd8ba (semid 65536) destroyed
# home: Processing NODE_ADD (254,0) 0:0 0600 [verify_udev]
# home: Processing NODE_READ_AHEAD 256 (flags=1)
# home (254:0): read ahead is 256
# home: retaining kernel read ahead of 256 (requested 256)
# Releasing crypt device /dev/mmcblk1p1 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.
root@HAL ~ #
')
pants
 
Posts: 2
Joined: Tue Nov 10, 2015 3:52 pm
Top
Topic locked

Return to ARMv7h

Who is online

Users browsing this forum: No registered users and 13 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group    © Arch Linux ARM