unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#53005: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF
@ 2022-01-04 14:36 Simon South
  2022-01-04 14:44 ` Simon South
                   ` (4 more replies)
  0 siblings, 5 replies; 10+ messages in thread
From: Simon South @ 2022-01-04 14:36 UTC (permalink / raw)
  To: 53005

Currently cryptsetup from the "cryptsetup-static" package is unable to
open LUKS2 encrypted volumes that use the Argon2i key-derivation
algorithm, the default for LUKS2.  It catches SIGABRT and exits without
opening the volume.

This appears to be a regression following the merge of the
core-updates-frozen branch and because of it, I'm unable to boot into an
up-to-date system as there is no way to get past the "Enter passphrase"
prompt at startup.

I've verified this on both AArch64 and x86-64.  To reproduce:

1. Ensure the "cryptsetup" package is installed in your profile and that
   "cryptsetup-static", the statically-linked equivalent added to the
   initrd and used during startup, is available on your system:

     guix install cryptsetup
     guix build --verbosity=2 cryptsetup-static

2. Create a file containing a dummy LUKS2 volume:

     truncate -s 32M ./dummy-luks-volume
     cryptsetup luksFormat --type luks2 ./dummy-luks-volume

   Make sure the Argon2i PBKDF algorithm was selected during formatting:

     cryptsetup luksDump ./dummy-luks-volume | grep argon

   This should output "PBKDF: argon2i".

3. Verify the volume can be opened using the regular cryptsetup tool:

     sudo cryptsetup open --type luks ./dummy-luks-volume dummy-volume
     ls /dev/mapper/dummy-volume
     sudo cryptsetup close /dev/mapper/dummy-volume

4. Now try opening the volume using the statically-linked cryptsetup:

     sudo `guix build cryptsetup-static`/sbin/cryptsetup open \
       --type luks ./dummy-luks-volume dummy-volume
     ls /dev/mapper/dummy-volume

You should find (on most runs, at least) after you enter the passphrase
the tool exits with "Aborted" and with no entry added beneath
/dev/mapper.

-- 
Simon South
simon@simonsouth.net




^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2024-02-07 20:00 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-04 14:36 bug#53005: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF Simon South
2022-01-04 14:44 ` Simon South
2022-01-08  1:52 ` Simon South
2022-01-10 23:34 ` Simon South
2022-01-10 23:34   ` bug#53005: [PATCH 1/1] gnu: glibc: Preserve "__pthread_key_create" symbol Simon South
2022-01-12 19:21     ` Leo Famulari
2022-01-12 21:22       ` Simon South
2022-05-01  9:49         ` Tom Fitzhenry
2022-08-19  3:31 ` bug#53005: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF angry rectangle
2024-02-07 19:59 ` Simon South

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).