* [dm-crypt] Troubleshooting: Header Conversion to argon2id @ 2018-09-11 17:09 procmem 2018-09-11 17:20 ` Ondrej Kozina 0 siblings, 1 reply; 18+ messages in thread From: procmem @ 2018-09-11 17:09 UTC (permalink / raw) To: dm-crypt, whonix-devel Hi, I went ahead and tested the commands recommended by Milan for converting headers to use the better pbkdf algo. Unfortunately I'm running into an obscure error and wanted your advice on how to solve it. Please see the output of the command with --debug root@debian:/home/user# cryptsetup luksConvertKey --key-slot 1 --pbkdf argon2id --pbkdf-force-iterations 50 --pbkdf-memory 1048576 --pbkdf-parallel 4 /dev/vda1 --debug # cryptsetup 2.0.4 processing "cryptsetup luksConvertKey --key-slot 1 --pbkdf argon2id --pbkdf-force-iterations 50 --pbkdf-memory 1048576 --pbkdf-parallel 4 /dev/vda1 --debug" # Running command luksConvertKey. # Locking memory. # Installing SIGINT/SIGTERM handler. # Unblocking interruption on signal. # Allocating context for crypt device /dev/vda1. # Trying to open and read device /dev/vda1 with direct-io. # Initialising device-mapper backend library. # Trying to load LUKS2 crypt type from device /dev/vda1. # Crypto backend (gcrypt 1.8.3) initialized in cryptsetup library version 2.0.4. # Detected kernel Linux 4.17.0-3-amd64 x86_64. # Loading LUKS2 header (repair disabled). # Opening lock resource file /run/cryptsetup/L_254:1 # Acquiring read lock for device /dev/vda1. # Verifying read lock handle for device /dev/vda1. # Device /dev/vda1 READ lock taken. # Trying to read primary LUKS2 header at offset 0x0. # Opening locked device /dev/vda1 # Veryfing locked device handle (bdev) # Trying to read secondary LUKS2 header at offset 0x4000. # Opening locked device /dev/vda1 # Veryfing locked device handle (bdev) # Trying to read secondary LUKS2 header at offset 0x8000. # Opening locked device /dev/vda1 # Veryfing locked device handle (bdev) # Trying to read secondary LUKS2 header at offset 0x10000. # Opening locked device /dev/vda1 # Veryfing locked device handle (bdev) # Trying to read secondary LUKS2 header at offset 0x20000. # Opening locked device /dev/vda1 # Veryfing locked device handle (bdev) # Trying to read secondary LUKS2 header at offset 0x40000. # Opening locked device /dev/vda1 # Veryfing locked device handle (bdev) # Trying to read secondary LUKS2 header at offset 0x80000. # Opening locked device /dev/vda1 # Veryfing locked device handle (bdev) # Trying to read secondary LUKS2 header at offset 0x100000. # Opening locked device /dev/vda1 # Veryfing locked device handle (bdev) # Trying to read secondary LUKS2 header at offset 0x200000. # Opening locked device /dev/vda1 # Veryfing locked device handle (bdev) # Trying to read secondary LUKS2 header at offset 0x400000. # Opening locked device /dev/vda1 # Veryfing locked device handle (bdev) # LUKS2 header read failed (-22). # Device /dev/vda1 READ lock released. # Releasing crypt device /dev/vda1 context. # Releasing device-mapper backend. # Unlocking memory. Command failed with code -1 (wrong or missing parameters). ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-11 17:09 [dm-crypt] Troubleshooting: Header Conversion to argon2id procmem @ 2018-09-11 17:20 ` Ondrej Kozina 2018-09-11 17:53 ` procmem 2018-09-12 4:16 ` procmem 0 siblings, 2 replies; 18+ messages in thread From: Ondrej Kozina @ 2018-09-11 17:20 UTC (permalink / raw) To: dm-crypt; +Cc: procmem, whonix-devel On 09/11/2018 07:09 PM, procmem wrote: > Hi, I went ahead and tested the commands recommended by Milan for > converting headers to use the better pbkdf algo. Unfortunately I'm > running into an obscure error and wanted your advice on how to solve it. > > Please see the output of the command with --debug > Hi, luksConvertKey command works only on LUKS2 keyslots. Looking at debug output it seems your device is not LUKS2 type. Regards Ondrej ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-11 17:20 ` Ondrej Kozina @ 2018-09-11 17:53 ` procmem 2018-09-12 4:16 ` procmem 1 sibling, 0 replies; 18+ messages in thread From: procmem @ 2018-09-11 17:53 UTC (permalink / raw) To: Ondrej Kozina, dm-crypt; +Cc: whonix-devel Ondrej Kozina: > On 09/11/2018 07:09 PM, procmem wrote: >> Hi, I went ahead and tested the commands recommended by Milan for >> converting headers to use the better pbkdf algo. Unfortunately I'm >> running into an obscure error and wanted your advice on how to solve it. >> >> Please see the output of the command with --debug >> > Hi, > > luksConvertKey command works only on LUKS2 keyslots. Looking at debug > output it seems your device is not LUKS2 type. > > Regards > Ondrej Thanks. I see. How can I convert a LUKS1 to a LUKS2 before running this command on it? ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-11 17:20 ` Ondrej Kozina 2018-09-11 17:53 ` procmem @ 2018-09-12 4:16 ` procmem 2018-09-12 4:44 ` Milan Broz 1 sibling, 1 reply; 18+ messages in thread From: procmem @ 2018-09-12 4:16 UTC (permalink / raw) To: Ondrej Kozina, dm-crypt; +Cc: whonix-devel Ondrej Kozina: > On 09/11/2018 07:09 PM, procmem wrote: >> Hi, I went ahead and tested the commands recommended by Milan for >> converting headers to use the better pbkdf algo. Unfortunately I'm >> running into an obscure error and wanted your advice on how to solve it. >> >> Please see the output of the command with --debug >> > Hi, > > luksConvertKey command works only on LUKS2 keyslots. Looking at debug > output it seems your device is not LUKS2 type. > > Regards > Ondrej Now that I think about it this can't be the reason because the header is LUKS2 when using cryptsetup 2.0 and above - which is the version included in Debian Testing/Buster. Also running 'cryptsetup convert' with --debug gives the same error. ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-12 4:16 ` procmem @ 2018-09-12 4:44 ` Milan Broz 2018-09-12 15:21 ` procmem 0 siblings, 1 reply; 18+ messages in thread From: Milan Broz @ 2018-09-12 4:44 UTC (permalink / raw) To: procmem, Ondrej Kozina, dm-crypt; +Cc: whonix-devel On 12/09/18 06:16, procmem wrote: > Ondrej Kozina: >> On 09/11/2018 07:09 PM, procmem wrote: >>> Hi, I went ahead and tested the commands recommended by Milan for >>> converting headers to use the better pbkdf algo. Unfortunately I'm >>> running into an obscure error and wanted your advice on how to solve it. >>> >>> Please see the output of the command with --debug >>> >> Hi, >> >> luksConvertKey command works only on LUKS2 keyslots. Looking at debug >> output it seems your device is not LUKS2 type. >> >> Regards >> Ondrej > > Now that I think about it this can't be the reason because the header is > LUKS2 when using cryptsetup 2.0 and above - which is the version > included in Debian Testing/Buster. No, header is not always LUKS2 by default, cryptsetup 2.0.x luksFormat still uses LUKS1 format by default. Do not mix version of utility and version of LUKS metadata format. Anyway, it seems that there is no LUKS header on the device at all, or it is somehow corrupted, all commands then must fail of course. Can you please paste output of "blkid -p <device>" and "cryptsetup luksDump --debug <device>" ? m. > > Also running 'cryptsetup convert' with --debug gives the same error. > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > https://www.saout.de/mailman/listinfo/dm-crypt > ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-12 4:44 ` Milan Broz @ 2018-09-12 15:21 ` procmem 2018-09-12 15:52 ` Guilhem Moulin 0 siblings, 1 reply; 18+ messages in thread From: procmem @ 2018-09-12 15:21 UTC (permalink / raw) To: Milan Broz, Ondrej Kozina, dm-crypt; +Cc: whonix-devel Milan Broz: > On 12/09/18 06:16, procmem wrote: >> Ondrej Kozina: >>> On 09/11/2018 07:09 PM, procmem wrote: >>>> Hi, I went ahead and tested the commands recommended by Milan for >>>> converting headers to use the better pbkdf algo. Unfortunately I'm >>>> running into an obscure error and wanted your advice on how to solve it. >>>> >>>> Please see the output of the command with --debug >>>> >>> Hi, >>> >>> luksConvertKey command works only on LUKS2 keyslots. Looking at debug >>> output it seems your device is not LUKS2 type. >>> >>> Regards >>> Ondrej >> >> Now that I think about it this can't be the reason because the header is >> LUKS2 when using cryptsetup 2.0 and above - which is the version >> included in Debian Testing/Buster. > > No, header is not always LUKS2 by default, cryptsetup 2.0.x luksFormat still uses LUKS1 > format by default. Do not mix version of utility and version of LUKS metadata format. > > Anyway, it seems that there is no LUKS header on the device at all, or it is somehow > corrupted, all commands then must fail of course. > > Can you please paste output of "blkid -p <device>" and "cryptsetup luksDump --debug <device>" ? > > m. > Summary: OK. Looks like I was manipulating the wrong device. It is vda5 not vda1 that has the header. The header is version 1. Conversion to v2 still fails however. blkid -p /dev/vda5 /dev/vda5: VERSION="1" UUID="fd28a001-e2a1-46dc-8e6c-99f0a55b1851" TYPE="crypto_LUKS" USAGE="crypto" PART_ENTRY_SCHEME="dos" PART_ENTRY_UUID="860c80ea-05" PART_ENTRY_TYPE="0x83" PART_ENTRY_NUMBER="5" PART_ENTRY_OFFSET="501760" PART_ENTRY_SIZE="104353792" PART_ENTRY_DISK="254:0" *** cryptsetup luksDump --debug /dev/vda5 # cryptsetup 2.0.4 processing "cryptsetup luksDump --debug /dev/vda5" # Running command luksDump. # Locking memory. # Installing SIGINT/SIGTERM handler. # Unblocking interruption on signal. # Allocating context for crypt device /dev/vda5. # Trying to open and read device /dev/vda5 with direct-io. # Initialising device-mapper backend library. # Trying to load any crypt type from device /dev/vda5. # Crypto backend (gcrypt 1.8.3) initialized in cryptsetup library version 2.0.4. # Detected kernel Linux 4.17.0-3-amd64 x86_64. # PBKDF pbkdf2, hash sha256, time_ms 2000 (iterations 0), max_memory_kb 0, parallel_threads 0. # Reading LUKS header of size 1024 from device /dev/vda5 # Key length 64, device size 104353792 sectors, header size 4036 sectors. LUKS header information for /dev/vda5 Version: 1 Cipher name: aes Cipher mode: xts-plain64 Hash spec: sha256 Payload offset: 4096 MK bits: 512 MK digest: 92 88 0b 12 d8 87 59 a4 01 25 08 a9 54 df 70 31 ac 31 8b 6f MK salt: 7d 75 4b 38 2c ce 04 ba be 99 81 c7 18 4e d9 ea 04 c3 70 16 6e 7b f3 74 92 c2 a5 da c8 86 8f 57 MK iterations: 64503 UUID: fd28a001-e2a1-46dc-8e6c-99f0a55b1851 Key Slot 0: ENABLED Iterations: 1007276 Salt: 82 dd 05 76 f7 39 41 45 c9 a4 a6 f3 b4 a4 50 a5 f8 00 3a cb bd e1 ff 00 39 cb 74 b2 f2 1a 0a e9 Key material offset: 8 AF stripes: 4000 Key Slot 1: DISABLED Key Slot 2: DISABLED Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED # Releasing crypt device /dev/vda5 context. # Releasing device-mapper backend. # Unlocking memory. Command successful. *** cryptsetup convert /dev/vda5 --type luks2 --debug # cryptsetup 2.0.4 processing "cryptsetup convert /dev/vda5 --type luks2 --debug" # Running command convert. # Locking memory. # Installing SIGINT/SIGTERM handler. # Unblocking interruption on signal. # Allocating context for crypt device /dev/vda5. # Trying to open and read device /dev/vda5 with direct-io. # Initialising device-mapper backend library. # Trying to load any crypt type from device /dev/vda5. # Crypto backend (gcrypt 1.8.3) initialized in cryptsetup library version 2.0.4. # Detected kernel Linux 4.17.0-3-amd64 x86_64. # PBKDF pbkdf2, hash sha256, time_ms 2000 (iterations 0), max_memory_kb 0, parallel_threads 0. # Reading LUKS header of size 1024 from device /dev/vda5 # Key length 64, device size 104353792 sectors, header size 4036 sectors. WARNING! ======== This operation will convert /dev/vda5 to LUKS2 format. Are you sure? (Type uppercase yes): YES # Converting LUKS device to type LUKS2 # Max size: 2097152, LUKS1 (full) header size 2068480 , required shift: 28672 # DM-UUID is CRYPT-LUKS1-fd28a001e2a146dc8e6c99f0a55b1851- Cannot convert device /dev/vda5 which is still in use. # Releasing crypt device /dev/vda5 context. # Releasing device-mapper backend. # Unlocking memory. Command failed with code -5 (device already exists or device is busy). ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-12 15:21 ` procmem @ 2018-09-12 15:52 ` Guilhem Moulin 2018-09-13 0:47 ` procmem 0 siblings, 1 reply; 18+ messages in thread From: Guilhem Moulin @ 2018-09-12 15:52 UTC (permalink / raw) To: procmem; +Cc: dm-crypt, whonix-devel [-- Attachment #1: Type: text/plain, Size: 802 bytes --] Hi, On Wed, 12 Sep 2018 at 15:21:00 +0000, procmem wrote: > cryptsetup convert /dev/vda5 --type luks2 --debug > […] > Cannot convert device /dev/vda5 which is still in use. > […] > Command failed with code -5 (device already exists or device is busy). As the error message indicates, you need to remove (ie, close) the mapped device first. If that device is required for your system to run (for instance if it's holding the root file system) you won't be able to run `cryptsetup luksClose $name` from the main system; however you should be able to perform `cryptsetup convert` from a live CD, or from the initramfs image. Also, if as you hinted at you're using a detached header, you'll need to pass --header=/path/to/header to `cryptsetup convert`. Cheers, -- Guilhem. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-12 15:52 ` Guilhem Moulin @ 2018-09-13 0:47 ` procmem 2018-09-13 1:53 ` Arno Wagner 2018-09-13 1:58 ` Guilhem Moulin 0 siblings, 2 replies; 18+ messages in thread From: procmem @ 2018-09-13 0:47 UTC (permalink / raw) To: dm-crypt, whonix-devel Guilhem Moulin: > Hi, > > On Wed, 12 Sep 2018 at 15:21:00 +0000, procmem wrote: >> cryptsetup convert /dev/vda5 --type luks2 --debug >> […] >> Cannot convert device /dev/vda5 which is still in use. >> […] >> Command failed with code -5 (device already exists or device is busy). > > As the error message indicates, you need to remove (ie, close) the > mapped device first. If that device is required for your system to run > (for instance if it's holding the root file system) you won't be able to > run `cryptsetup luksClose $name` from the main system; however you > should be able to perform `cryptsetup convert` from a live CD, or from > the initramfs image. > initramfs sounds like the most versatile option. Any pointers on how to to this? Searching SE turns up irrelevant results. > Also, if as you hinted at you're using a detached header, you'll need to > pass --header=/path/to/header to `cryptsetup convert`. > > Cheers, > ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-13 0:47 ` procmem @ 2018-09-13 1:53 ` Arno Wagner 2018-09-13 1:58 ` Guilhem Moulin 1 sibling, 0 replies; 18+ messages in thread From: Arno Wagner @ 2018-09-13 1:53 UTC (permalink / raw) To: dm-crypt On Thu, Sep 13, 2018 at 02:47:00 CEST, procmem wrote: > > > Guilhem Moulin: > > Hi, > > > > On Wed, 12 Sep 2018 at 15:21:00 +0000, procmem wrote: > >> cryptsetup convert /dev/vda5 --type luks2 --debug > >> […] > >> Cannot convert device /dev/vda5 which is still in use. > >> […] > >> Command failed with code -5 (device already exists or device is busy). > > > > As the error message indicates, you need to remove (ie, close) the > > mapped device first. If that device is required for your system to run > > (for instance if it's holding the root file system) you won't be able to > > run `cryptsetup luksClose $name` from the main system; however you > > should be able to perform `cryptsetup convert` from a live CD, or from > > the initramfs image. > > > > initramfs sounds like the most versatile option. Any pointers on how to > to this? Searching SE turns up irrelevant results. The FAQ has an example how to do an an initrd, including dropping to shell, in Chapter 9: https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions#9-the-initrd-question Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-13 0:47 ` procmem 2018-09-13 1:53 ` Arno Wagner @ 2018-09-13 1:58 ` Guilhem Moulin 2018-09-13 14:13 ` procmem 1 sibling, 1 reply; 18+ messages in thread From: Guilhem Moulin @ 2018-09-13 1:58 UTC (permalink / raw) To: procmem; +Cc: dm-crypt, whonix-devel [-- Attachment #1: Type: text/plain, Size: 1873 bytes --] On Thu, 13 Sep 2018 at 00:47:00 +0000, procmem wrote: > Guilhem Moulin: >> On Wed, 12 Sep 2018 at 15:21:00 +0000, procmem wrote: >>> cryptsetup convert /dev/vda5 --type luks2 --debug >>> […] >>> Cannot convert device /dev/vda5 which is still in use. >>> […] >>> Command failed with code -5 (device already exists or device is busy). >> >> As the error message indicates, you need to remove (ie, close) the >> mapped device first. If that device is required for your system to run >> (for instance if it's holding the root file system) you won't be able to >> run `cryptsetup luksClose $name` from the main system; however you >> should be able to perform `cryptsetup convert` from a live CD, or from >> the initramfs image. > > initramfs sounds like the most versatile option. Any pointers on how to > to this? Searching SE turns up irrelevant results. Before rebooting you might want to make sure the ‘algif_skcipher’ kernel module is included in the initramfs image, otherwise you might not be able to open LUKS2 volumes. (See https://bugs.debian.org/896968 for details.) To do so, run the following two commands: echo algif_skcipher | sudo tee -a /etc/initramfs-tools/modules sudo update-initramfs -u Now assuming your bootloader is GRUB, reboot, press <E> to obtain an emacs-like screen, append “ break=premount” to the line starting with “initrd”, and press <Ctrl>+<X> to boot. (The edit is transient and won't survive the next reboot.) You should land into an initramfs debug shell; see initramfs-tools(7) for details. That has probably become off-topic for the dm-crypt list, by the way (discussing how to reboot into an initramfs shell has nothing to do with dm-crypt, LUKS, or cryptsetup(8) per se); the user support channels of your distro might be a better venue for this. -- Guilhem. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-13 1:58 ` Guilhem Moulin @ 2018-09-13 14:13 ` procmem 2018-09-13 15:00 ` Ondrej Kozina 0 siblings, 1 reply; 18+ messages in thread From: procmem @ 2018-09-13 14:13 UTC (permalink / raw) To: dm-crypt, whonix-devel Guilhem Moulin: > On Thu, 13 Sep 2018 at 00:47:00 +0000, procmem wrote: >> Guilhem Moulin: >>> On Wed, 12 Sep 2018 at 15:21:00 +0000, procmem wrote: >>>> cryptsetup convert /dev/vda5 --type luks2 --debug >>>> […] >>>> Cannot convert device /dev/vda5 which is still in use. >>>> […] >>>> Command failed with code -5 (device already exists or device is busy). >>> >>> As the error message indicates, you need to remove (ie, close) the >>> mapped device first. If that device is required for your system to run >>> (for instance if it's holding the root file system) you won't be able to >>> run `cryptsetup luksClose $name` from the main system; however you >>> should be able to perform `cryptsetup convert` from a live CD, or from >>> the initramfs image. >> >> initramfs sounds like the most versatile option. Any pointers on how to >> to this? Searching SE turns up irrelevant results. > > Before rebooting you might want to make sure the ‘algif_skcipher’ kernel > module is included in the initramfs image, otherwise you might not be > able to open LUKS2 volumes. (See https://bugs.debian.org/896968 for > details.) To do so, run the following two commands: > > echo algif_skcipher | sudo tee -a /etc/initramfs-tools/modules > sudo update-initramfs -u > > Now assuming your bootloader is GRUB, reboot, press <E> to obtain an > emacs-like screen, append “ break=premount” to the line starting with > “initrd”, and press <Ctrl>+<X> to boot. (The edit is transient and > won't survive the next reboot.) You should land into an initramfs debug > shell; see initramfs-tools(7) for details. > > That has probably become off-topic for the dm-crypt list, by the way > (discussing how to reboot into an initramfs shell has nothing to do with > dm-crypt, LUKS, or cryptsetup(8) per se); the user support channels of > your distro might be a better venue for this. > Appending break=premount to the line starting with "linux" worked for converting the header to v2. However changing it to argon2id still failed with a -1 error code. So I ended up bypassing this process by creating a new keyslot with the same passphrase - which happens to use the best parameters by default (argon2id in this case) and then going back and deleting the legacy keyslot: # cryptsetup luksAddKey /dev/vda5 -S 1 # cryptsetup luksKillSlot /dev/vda5 0 Everything continues to boot up. I think this is the best way to do things unless anyone has any reservations* * As long as no SSDs are used I don't think users have to worry about the old header floating around. Though I'm unsure if in-place conversion would have been a security advantage in that case. ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-13 14:13 ` procmem @ 2018-09-13 15:00 ` Ondrej Kozina 2018-09-13 14:22 ` procmem 0 siblings, 1 reply; 18+ messages in thread From: Ondrej Kozina @ 2018-09-13 15:00 UTC (permalink / raw) To: dm-crypt; +Cc: procmem, whonix-devel On 09/13/2018 04:13 PM, procmem wrote: > > > Appending break=premount to the line starting with "linux" worked for > converting the header to v2. However changing it to argon2id still > failed with a -1 error code. Well, this sounds like a bug. Could you please provide us with debug output for failing command trying to luksConvertKey that particular keyslot? > > So I ended up bypassing this process by creating a new keyslot with the > same passphrase - which happens to use the best parameters by default > (argon2id in this case) and then going back and deleting the legacy keyslot: Actually luksConvertKey command works similar to process you just described. With only exception that it replaces the keyslot in-place. O. ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-13 15:00 ` Ondrej Kozina @ 2018-09-13 14:22 ` procmem 2018-09-13 16:02 ` Guilhem Moulin 0 siblings, 1 reply; 18+ messages in thread From: procmem @ 2018-09-13 14:22 UTC (permalink / raw) To: Ondrej Kozina, dm-crypt; +Cc: whonix-devel Ondrej Kozina: > On 09/13/2018 04:13 PM, procmem wrote: >> >> >> Appending break=premount to the line starting with "linux" worked for >> converting the header to v2. However changing it to argon2id still >> failed with a -1 error code. > > Well, this sounds like a bug. Could you please provide us with debug > output for failing command trying to luksConvertKey that particular > keyslot? > Sure thing but I don't know how to access initramfs command history. Unlike a booted-up environment there is no opportunity to scroll and select entire output for saving. >> >> So I ended up bypassing this process by creating a new keyslot with the >> same passphrase - which happens to use the best parameters by default >> (argon2id in this case) and then going back and deleting the legacy >> keyslot: > > Actually luksConvertKey command works similar to process you just > described. With only exception that it replaces the keyslot in-place. > Cool. Good to know :) ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-13 14:22 ` procmem @ 2018-09-13 16:02 ` Guilhem Moulin 2018-09-14 0:21 ` procmem 0 siblings, 1 reply; 18+ messages in thread From: Guilhem Moulin @ 2018-09-13 16:02 UTC (permalink / raw) To: procmem; +Cc: dm-crypt [-- Attachment #1: Type: text/plain, Size: 838 bytes --] On Thu, 13 Sep 2018 at 14:22:00 +0000, procmem wrote: > Ondrej Kozina: >> Well, this sounds like a bug. Could you please provide us with debug >> output for failing command trying to luksConvertKey that particular >> keyslot? > > Sure thing but I don't know how to access initramfs command history. > Unlike a booted-up environment there is no opportunity to scroll and > select entire output for saving. You can redirect the output to a file under /run/initramfs. /run is moved to the rootfs at init-bottom stage, shortly before the execution is turned over to the `init` binary, so content added at early boot stage will also be available later during the boot process. (Again, assuming your initramfs is comes from initramfs-tools, which is the default in Debian — and I guess its derivatives.) -- Guilhem. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-13 16:02 ` Guilhem Moulin @ 2018-09-14 0:21 ` procmem 2018-09-14 7:10 ` Ondrej Kozina 2018-09-14 8:20 ` Ondrej Kozina 0 siblings, 2 replies; 18+ messages in thread From: procmem @ 2018-09-14 0:21 UTC (permalink / raw) To: dm-crypt, whonix-devel Guilhem Moulin: > On Thu, 13 Sep 2018 at 14:22:00 +0000, procmem wrote: >> Ondrej Kozina: >>> Well, this sounds like a bug. Could you please provide us with debug >>> output for failing command trying to luksConvertKey that particular >>> keyslot? >> >> Sure thing but I don't know how to access initramfs command history. >> Unlike a booted-up environment there is no opportunity to scroll and >> select entire output for saving. > > You can redirect the output to a file under /run/initramfs. /run is > moved to the rootfs at init-bottom stage, shortly before the execution > is turned over to the `init` binary, so content added at early boot > stage will also be available later during the boot process. > > (Again, assuming your initramfs is comes from initramfs-tools, which is > the default in Debian — and I guess its derivatives.) > OK here are the contents of the redirected output: # cryptsetup 2.0.4 processing "cryptsetup luksConvertKey --key-slot 1 --pbkdf argon2id --pbkdf-force-iterations 50 --pbkdf-memory 1048576 --pbkdf-parallel 4 /dev/vda5 --debug" # Running command luksConvertKey. # Locking memory. # Installing SIGINT/SIGTERM handler. # Unblocking interruption on signal. # Allocating context for crypt device /dev/vda5. # Trying to open and read device /dev/vda5 with direct-io. # Initialising device-mapper backend library. # Trying to load LUKS2 crypt type from device /dev/vda5. # Crypto backend (gcrypt 1.8.3) initialized in cryptsetup library version 2.0.4. # Detected kernel Linux 4.18.0-1-amd64 x86_64. # Loading LUKS2 header (repair disabled). # Opening lock resource file /run/cryptsetup/L_254:5 # Acquiring read lock for device /dev/vda5. # Verifying read lock handle for device /dev/vda5. # Device /dev/vda5 READ lock taken. # Trying to read primary LUKS2 header at offset 0x0. # Opening locked device /dev/vda5 # Veryfing locked device handle (bdev) # LUKS2 header version 2 of size 16384 bytes, checksum sha256. # Checksum:a1e5fa25edf5bea01bd1367ec6ff77ac06bdbce31e341078879c742ad1d08815 (on-disk) # Checksum:a1e5fa25edf5bea01bd1367ec6ff77ac06bdbce31e341078879c742ad1d08815 (in-memory) # Trying to read secondary LUKS2 header at offset 0x4000. # Opening locked device /dev/vda5 # Veryfing locked device handle (bdev) # LUKS2 header version 2 of size 16384 bytes, checksum sha256. # Checksum:41ee6b99cf321c80bbf50a7f007cf459f50d0b6d90f50ff53b8f79c9abf53933 (on-disk) # Checksum:41ee6b99cf321c80bbf50a7f007cf459f50d0b6d90f50ff53b8f79c9abf53933 (in-memory) # Device size 53429141504, header size 2097152. # Device /dev/vda5 READ lock released. # Only 2 active CPUs detected, PBKDF threads decreased from 4 to 2. # Not enough physical memory detected, PBKDF max memory decreased from 1048576kB to 506328kB. # PBKDF argon2i, hash sha256, time_ms 2000 (iterations 0), max_memory_kb 506328, parallel_threads 2. # Only 2 active CPUs detected, PBKDF threads decreased from 4 to 2. # Not enough physical memory detected, PBKDF max memory decreased from 1048576kB to 506328kB. # PBKDF argon2id, hash sha256, time_ms 2000 (iterations 50), max_memory_kb 506328, parallel_threads 2. # Interactive passphrase entry requested. # Changing passphrase from old keyslot 1 to new 1. # Reloading LUKS2 header (repair disabled). # Opening lock resource file /run/cryptsetup/L_254:5 # Acquiring read lock for device /dev/vda5. # Verifying read lock handle for device /dev/vda5. # Device /dev/vda5 READ lock taken. # Trying to read primary LUKS2 header at offset 0x0. # Opening locked device /dev/vda5 # Veryfing locked device handle (bdev) # LUKS2 header version 2 of size 16384 bytes, checksum sha256. # Checksum:a1e5fa25edf5bea01bd1367ec6ff77ac06bdbce31e341078879c742ad1d08815 (on-disk) # Checksum:a1e5fa25edf5bea01bd1367ec6ff77ac06bdbce31e341078879c742ad1d08815 (in-memory) # Trying to read secondary LUKS2 header at offset 0x4000. # Opening locked device /dev/vda5 # Veryfing locked device handle (bdev) # LUKS2 header version 2 of size 16384 bytes, checksum sha256. # Checksum:41ee6b99cf321c80bbf50a7f007cf459f50d0b6d90f50ff53b8f79c9abf53933 (on-disk) # Checksum:41ee6b99cf321c80bbf50a7f007cf459f50d0b6d90f50ff53b8f79c9abf53933 (in-memory) # Device size 53429141504, header size 2097152. # Device /dev/vda5 READ lock released. # Releasing crypt device /dev/vda5 context. # Releasing device-mapper backend. # Unlocking memory. Command failed with code -1 (wrong or missing parameters). ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-14 0:21 ` procmem @ 2018-09-14 7:10 ` Ondrej Kozina 2018-09-14 8:20 ` Ondrej Kozina 1 sibling, 0 replies; 18+ messages in thread From: Ondrej Kozina @ 2018-09-14 7:10 UTC (permalink / raw) To: dm-crypt; +Cc: procmem, whonix-devel On 09/14/2018 02:21 AM, procmem wrote: > > > Guilhem Moulin: >> On Thu, 13 Sep 2018 at 14:22:00 +0000, procmem wrote: >>> Ondrej Kozina: >>>> Well, this sounds like a bug. Could you please provide us with debug >>>> output for failing command trying to luksConvertKey that particular >>>> keyslot? >>> >>> Sure thing but I don't know how to access initramfs command history. >>> Unlike a booted-up environment there is no opportunity to scroll and >>> select entire output for saving. >> >> You can redirect the output to a file under /run/initramfs. /run is >> moved to the rootfs at init-bottom stage, shortly before the execution >> is turned over to the `init` binary, so content added at early boot >> stage will also be available later during the boot process. >> >> (Again, assuming your initramfs is comes from initramfs-tools, which is >> the default in Debian — and I guess its derivatives.) >> > > OK here are the contents of the redirected output: > Thank you! Even thought the output is good for nothing. But that's definitely our fault for being lazy with more helpful debug messages:) Out of curiosity, does it behave same after you finish boot process? Does it fail with same error as in initrd phase? Anyway, I'm going to experiment with it now Thank you O. ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-14 0:21 ` procmem 2018-09-14 7:10 ` Ondrej Kozina @ 2018-09-14 8:20 ` Ondrej Kozina 2018-09-15 1:33 ` procmem 1 sibling, 1 reply; 18+ messages in thread From: Ondrej Kozina @ 2018-09-14 8:20 UTC (permalink / raw) To: dm-crypt; +Cc: procmem, whonix-devel On 09/14/2018 02:21 AM, procmem wrote: > > > Guilhem Moulin: >> On Thu, 13 Sep 2018 at 14:22:00 +0000, procmem wrote: >>> Ondrej Kozina: >>>> Well, this sounds like a bug. Could you please provide us with debug >>>> output for failing command trying to luksConvertKey that particular >>>> keyslot? >>> >>> Sure thing but I don't know how to access initramfs command history. >>> Unlike a booted-up environment there is no opportunity to scroll and >>> select entire output for saving. >> >> You can redirect the output to a file under /run/initramfs. /run is >> moved to the rootfs at init-bottom stage, shortly before the execution >> is turned over to the `init` binary, so content added at early boot >> stage will also be available later during the boot process. >> >> (Again, assuming your initramfs is comes from initramfs-tools, which is >> the default in Debian — and I guess its derivatives.) >> > > OK here are the contents of the redirected output: > Are you sure your keyslot 1 is active? The only way I can reproduce the same cryptic failure is with my keyslot passed in params being inactive. It's a bug because cryptsetup cli should emit proper error message about it. New issue: https://gitlab.com/cryptsetup/cryptsetup/issues/416 O. ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [dm-crypt] Troubleshooting: Header Conversion to argon2id 2018-09-14 8:20 ` Ondrej Kozina @ 2018-09-15 1:33 ` procmem 0 siblings, 0 replies; 18+ messages in thread From: procmem @ 2018-09-15 1:33 UTC (permalink / raw) To: Ondrej Kozina, dm-crypt; +Cc: whonix-devel Ondrej Kozina: > On 09/14/2018 02:21 AM, procmem wrote: >> >> >> Guilhem Moulin: >>> On Thu, 13 Sep 2018 at 14:22:00 +0000, procmem wrote: >>>> Ondrej Kozina: >>>>> Well, this sounds like a bug. Could you please provide us with debug >>>>> output for failing command trying to luksConvertKey that particular >>>>> keyslot? >>>> >>>> Sure thing but I don't know how to access initramfs command history. >>>> Unlike a booted-up environment there is no opportunity to scroll and >>>> select entire output for saving. >>> >>> You can redirect the output to a file under /run/initramfs. /run is >>> moved to the rootfs at init-bottom stage, shortly before the execution >>> is turned over to the `init` binary, so content added at early boot >>> stage will also be available later during the boot process. >>> >>> (Again, assuming your initramfs is comes from initramfs-tools, which is >>> the default in Debian — and I guess its derivatives.) >>> >> >> OK here are the contents of the redirected output: >> > > Are you sure your keyslot 1 is active? The only way I can reproduce the > same cryptic failure is with my keyslot passed in params being inactive. > It's a bug because cryptsetup cli should emit proper error message about > it. > > New issue: https://gitlab.com/cryptsetup/cryptsetup/issues/416 > > O. Indeed that was it. My bad. I was blindly typing in the same command that designated the non-existent keyslot 1 while the key was in 0. Nonetheless a clearer error message should help. This command did work from initramfs: cryptsetup luksConvertKey --key-slot 0 --pbkdf argon2id --pbkdf-force-iterations 50 --pbkdf-memory 1048576 --pbkdf-parallel 4 <device> Verified that the header data was changed as intended after boot. Also noticed a nice delay after entering passphrases now. That should throw a big fat wrench in brute-forcing efforts ;) sudo cryptsetup luksDump --debug /dev/vda5 # cryptsetup 2.0.4 processing "cryptsetup luksDump --debug /dev/vda5" # Running command luksDump. # Locking memory. # Installing SIGINT/SIGTERM handler. # Unblocking interruption on signal. # Allocating context for crypt device /dev/vda5. # Trying to open and read device /dev/vda5 with direct-io. # Initialising device-mapper backend library. # Trying to load any crypt type from device /dev/vda5. # Crypto backend (gcrypt 1.8.3) initialized in cryptsetup library version 2.0.4. # Detected kernel Linux 4.17.0-3-amd64 x86_64. # Loading LUKS2 header (repair disabled). # Opening lock resource file /run/cryptsetup/L_254:5 # Acquiring read lock for device /dev/vda5. # Verifying read lock handle for device /dev/vda5. # Device /dev/vda5 READ lock taken. # Trying to read primary LUKS2 header at offset 0x0. # Opening locked device /dev/vda5 # Veryfing locked device handle (bdev) # LUKS2 header version 2 of size 16384 bytes, checksum sha256. # Checksum:267f3c4bc0b36cb98e99bc1f32066d9e8843c2977a65df04c43c2f474aca3efc (on-disk) # Checksum:267f3c4bc0b36cb98e99bc1f32066d9e8843c2977a65df04c43c2f474aca3efc (in-memory) # Trying to read secondary LUKS2 header at offset 0x4000. # Opening locked device /dev/vda5 # Veryfing locked device handle (bdev) # LUKS2 header version 2 of size 16384 bytes, checksum sha256. # Checksum:70714e66fa9d9913bb85191a96cb5f4348d349a716b9c4a8dd297fe02431fc56 (on-disk) # Checksum:70714e66fa9d9913bb85191a96cb5f4348d349a716b9c4a8dd297fe02431fc56 (in-memory) # Device size 53429141504, header size 2097152. # Device /dev/vda5 READ lock released. # Only 2 active CPUs detected, PBKDF threads decreased from 4 to 2. # Not enough physical memory detected, PBKDF max memory decreased from 1048576kB to 506360kB. # PBKDF argon2i, hash sha256, time_ms 2000 (iterations 0), max_memory_kb 506360, parallel_threads 2. # { "keyslots":{ "0":{ "type":"luks2", "key_size":64, "kdf":{ "type":"argon2id", "time":50, "memory":506360, "cpus":2, "salt":"3K2QS1LyYWoQiVXz2sVfqYoRFgLNj8YOQUnj7PJacgg=" }, "af":{ "type":"luks1", "hash":"sha256", "stripes":4000 }, "area":{ "type":"raw", "encryption":"aes-xts-plain64", "key_size":64, "offset":"32768", "size":"258048" } } }, "tokens":{ }, "segments":{ "0":{ "type":"crypt", "offset":"2097152", "iv_tweak":"0", "size":"dynamic", "encryption":"aes-xts-plain64", "sector_size":512 } }, "digests":{ "0":{ "type":"pbkdf2", "keyslots":[ "0" ], "segments":[ "0" ], "hash":"sha256", "salt":"fXVLOCzOBLq+mYHHGE7Z6gTDcBZue\/N0ksKl2siGj1c=", "digest":"kogLEtiHWaQBJQipVN9wMawxi28=", "iterations":64503 } }, "config":{ "json_size":"12288", "keyslots_size":"2064384" } } LUKS header information Version: 2 Epoch: 3 Metadata area: 12288 bytes UUID: fd28a001-e2a1-46dc-8e6c-99f0a55b1851 Label: (no label) Subsystem: (no subsystem) Flags: (no flags) Data segments: 0: crypt offset: 2097152 [bytes] length: (whole device) cipher: aes-xts-plain64 sector: 512 [bytes] Keyslots: 0: luks2 Key: 512 bits Priority: normal Cipher: aes-xts-plain64 PBKDF: argon2id Time cost: 50 Memory: 506360 Threads: 2 Salt: dc ad 90 4b 52 f2 61 6a 10 89 55 f3 da c5 5f a9 8a 11 16 02 cd 8f c6 0e 41 49 e3 ec f2 5a 72 08 AF stripes: 4000 Area offset:32768 [bytes] Area length:258048 [bytes] Digest ID: 0 Tokens: Digests: 0: pbkdf2 Hash: sha256 Iterations: 64503 Salt: 7d 75 4b 38 2c ce 04 ba be 99 81 c7 18 4e d9 ea 04 c3 70 16 6e 7b f3 74 92 c2 a5 da c8 86 8f 57 Digest: 92 88 0b 12 d8 87 59 a4 01 25 08 a9 54 df 70 31 ac 31 8b 6f # Releasing crypt device /dev/vda5 context. # Releasing device-mapper backend. # Unlocking memory. Command successful. ^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2018-09-15 1:33 UTC | newest] Thread overview: 18+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-09-11 17:09 [dm-crypt] Troubleshooting: Header Conversion to argon2id procmem 2018-09-11 17:20 ` Ondrej Kozina 2018-09-11 17:53 ` procmem 2018-09-12 4:16 ` procmem 2018-09-12 4:44 ` Milan Broz 2018-09-12 15:21 ` procmem 2018-09-12 15:52 ` Guilhem Moulin 2018-09-13 0:47 ` procmem 2018-09-13 1:53 ` Arno Wagner 2018-09-13 1:58 ` Guilhem Moulin 2018-09-13 14:13 ` procmem 2018-09-13 15:00 ` Ondrej Kozina 2018-09-13 14:22 ` procmem 2018-09-13 16:02 ` Guilhem Moulin 2018-09-14 0:21 ` procmem 2018-09-14 7:10 ` Ondrej Kozina 2018-09-14 8:20 ` Ondrej Kozina 2018-09-15 1:33 ` procmem
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.