From: Simon South <simon@simonsouth.net>
To: 53005@debbugs.gnu.org
Subject: bug#53005: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF
Date: Tue, 04 Jan 2022 09:36:57 -0500 [thread overview]
Message-ID: <87v8yz1sae.fsf@simonsouth.net> (raw)
Currently cryptsetup from the "cryptsetup-static" package is unable to
open LUKS2 encrypted volumes that use the Argon2i key-derivation
algorithm, the default for LUKS2. It catches SIGABRT and exits without
opening the volume.
This appears to be a regression following the merge of the
core-updates-frozen branch and because of it, I'm unable to boot into an
up-to-date system as there is no way to get past the "Enter passphrase"
prompt at startup.
I've verified this on both AArch64 and x86-64. To reproduce:
1. Ensure the "cryptsetup" package is installed in your profile and that
"cryptsetup-static", the statically-linked equivalent added to the
initrd and used during startup, is available on your system:
guix install cryptsetup
guix build --verbosity=2 cryptsetup-static
2. Create a file containing a dummy LUKS2 volume:
truncate -s 32M ./dummy-luks-volume
cryptsetup luksFormat --type luks2 ./dummy-luks-volume
Make sure the Argon2i PBKDF algorithm was selected during formatting:
cryptsetup luksDump ./dummy-luks-volume | grep argon
This should output "PBKDF: argon2i".
3. Verify the volume can be opened using the regular cryptsetup tool:
sudo cryptsetup open --type luks ./dummy-luks-volume dummy-volume
ls /dev/mapper/dummy-volume
sudo cryptsetup close /dev/mapper/dummy-volume
4. Now try opening the volume using the statically-linked cryptsetup:
sudo `guix build cryptsetup-static`/sbin/cryptsetup open \
--type luks ./dummy-luks-volume dummy-volume
ls /dev/mapper/dummy-volume
You should find (on most runs, at least) after you enter the passphrase
the tool exits with "Aborted" and with no entry added beneath
/dev/mapper.
--
Simon South
simon@simonsouth.net
next reply other threads:[~2022-01-04 14:38 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-04 14:36 Simon South [this message]
2022-01-04 14:44 ` bug#53005: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF Simon South
2022-01-08 1:52 ` Simon South
2022-01-10 23:34 ` Simon South
2022-01-10 23:34 ` bug#53005: [PATCH 1/1] gnu: glibc: Preserve "__pthread_key_create" symbol Simon South
2022-01-12 19:21 ` Leo Famulari
2022-01-12 21:22 ` Simon South
2022-05-01 9:49 ` Tom Fitzhenry
2022-08-19 3:31 ` bug#53005: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF angry rectangle
2024-02-07 19:59 ` Simon South
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v8yz1sae.fsf@simonsouth.net \
--to=simon@simonsouth.net \
--cc=53005@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).