From: Milan Broz <gmazyland@gmail.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Milan Broz <gmazyland@gmail.com>
Cc: "open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@vger.kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Eric Biggers <ebiggers@google.com>,
device-mapper development <dm-devel@redhat.com>,
linux-fscrypt@vger.kernel.org,
Gilad Ben-Yossef <gilad@benyossef.com>
Subject: Re: [PATCH v2 0/4] crypto: switch to crypto API for ESSIV generation
Date: Wed, 19 Jun 2019 15:08:41 +0200 [thread overview]
Message-ID: <dea2ec13-61d4-5009-df04-9508bb8e7827@gmail.com> (raw)
In-Reply-To: <CAKv+Gu_XFbB9TTjMO+=QmZ40H1LV5DB57-zeUEb9dN3yNyia=w@mail.gmail.com>
On 19/06/2019 14:49, Ard Biesheuvel wrote:
> On Wed, 19 Jun 2019 at 14:36, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>>
>> On Wed, 19 Jun 2019 at 13:33, Milan Broz <gmazyland@gmail.com> wrote:
>>>
>>> On 19/06/2019 13:16, Ard Biesheuvel wrote:
>>>>> Try
>>>>> cryptsetup open --type plain -c null /dev/sdd test -q
>>>>> or
>>>>> dmsetup create test --table " 0 417792 crypt cipher_null-ecb - 0 /dev/sdd 0"
>>>>>
>>>>> (or just run full cryptsetup testsuite)
>>>>>
>>>>
>>>> Is that your mode-test script?
>>>>
>>>> I saw some errors about the null cipher, but tbh, it looked completely
>>>> unrelated to me, so i skipped those for the moment. But now, it looks
>>>> like it is related after all.
>>>
>>> This was triggered by align-test, mode-test fails the same though.
>>>
>>> It is definitely related, I think you just changed the mode parsing in dm-crypt.
>>> (cipher null contains only one dash I guess).
>>>
>>
>> On my unpatched 4.19 kernel, mode-test gives me
>>
>> $ sudo ./mode-test
>> aes PLAIN:[table OK][status OK]
>> LUKS1:[table OK][status OK] CHECKSUM:[OK]
>> aes-plain PLAIN:[table OK][status OK]
>> LUKS1:[table OK][status OK] CHECKSUM:[OK]
>> null PLAIN:[table OK][status OK]
>> LUKS1:[table OK][status OK] CHECKSUM:[OK]
>> cipher_null PLAIN:[table FAIL]
>> Expecting cipher_null-ecb got cipher_null-cbc-plain.
>> FAILED at line 64 ./mode-test
>>
>> which is why I commented out those tests in the first place.
>>
>> I can reproduce the crash after I re-enable them again, so I will need
>> to look into that. But something seems to be broken already.
>> Note that this is running on arm64 using a kconfig based on the Debian kernel.
>
> Actually, could this be an issue with cryptsetup being out of date? On
> another arm64 system with a more recent distro, it works fine
Ah yes, it was changed because we hardened dm-crypt mode validation in kernel
https://gitlab.com/cryptsetup/cryptsetup/commit/aeea93fa9553ad70ed57f273aecb233113b204d6#f40cab3037a50bf28ce20d8aae52bfa6a0c0e2c4_137_137
So either use test form the released version of cryptsetup (all version are here)
https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/
Or better use upstream git, we added a lot of tests anyway.
Milan
next prev parent reply other threads:[~2019-06-19 13:08 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-18 21:27 [PATCH v2 0/4] crypto: switch to crypto API for ESSIV generation Ard Biesheuvel
2019-06-18 21:27 ` [PATCH v2 1/4] crypto: essiv - create wrapper template " Ard Biesheuvel
2019-06-19 15:18 ` Ondrej Mosnáček
2019-06-19 15:45 ` Ard Biesheuvel
2019-06-18 21:27 ` [PATCH v2 2/4] fs: crypto: invoke crypto API for ESSIV handling Ard Biesheuvel
2019-06-18 21:27 ` [PATCH v2 3/4] md: dm-crypt: infer ESSIV block cipher from cipher string directly Ard Biesheuvel
2019-06-18 21:27 ` [PATCH v2 4/4] md: dm-crypt: switch to ESSIV crypto API template Ard Biesheuvel
2019-06-19 6:56 ` [PATCH v2 0/4] crypto: switch to crypto API for ESSIV generation Milan Broz
2019-06-19 7:11 ` Ard Biesheuvel
2019-06-19 9:14 ` Ard Biesheuvel
2019-06-19 11:01 ` Milan Broz
2019-06-19 11:16 ` Ard Biesheuvel
2019-06-19 11:33 ` Milan Broz
2019-06-19 12:36 ` Ard Biesheuvel
2019-06-19 12:49 ` Ard Biesheuvel
2019-06-19 13:08 ` Milan Broz [this message]
2019-06-19 13:13 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dea2ec13-61d4-5009-df04-9508bb8e7827@gmail.com \
--to=gmazyland@gmail.com \
--cc=ard.biesheuvel@linaro.org \
--cc=dm-devel@redhat.com \
--cc=ebiggers@google.com \
--cc=gilad@benyossef.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox