[Whonix-devel] [dm-crypt] Troubleshooting: Header Conversion to argon2id
procmem
procmem at riseup.net
Sat Sep 15 03:33:00 CEST 2018
Ondrej Kozina:
> On 09/14/2018 02:21 AM, procmem wrote:
>>
>>
>> Guilhem Moulin:
>>> On Thu, 13 Sep 2018 at 14:22:00 +0000, procmem wrote:
>>>> Ondrej Kozina:
>>>>> Well, this sounds like a bug. Could you please provide us with debug
>>>>> output for failing command trying to luksConvertKey that particular
>>>>> keyslot?
>>>>
>>>> Sure thing but I don't know how to access initramfs command history.
>>>> Unlike a booted-up environment there is no opportunity to scroll and
>>>> select entire output for saving.
>>>
>>> You can redirect the output to a file under /run/initramfs. /run is
>>> moved to the rootfs at init-bottom stage, shortly before the execution
>>> is turned over to the `init` binary, so content added at early boot
>>> stage will also be available later during the boot process.
>>>
>>> (Again, assuming your initramfs is comes from initramfs-tools, which is
>>> the default in Debian — and I guess its derivatives.)
>>>
>>
>> OK here are the contents of the redirected output:
>>
>
> Are you sure your keyslot 1 is active? The only way I can reproduce the
> same cryptic failure is with my keyslot passed in params being inactive.
> It's a bug because cryptsetup cli should emit proper error message about
> it.
>
> New issue: https://gitlab.com/cryptsetup/cryptsetup/issues/416
>
> O.
Indeed that was it. My bad. I was blindly typing in the same command
that designated the non-existent keyslot 1 while the key was in 0.
Nonetheless a clearer error message should help.
This command did work from initramfs:
cryptsetup luksConvertKey --key-slot 0 --pbkdf argon2id
--pbkdf-force-iterations 50 --pbkdf-memory 1048576 --pbkdf-parallel 4
<device>
Verified that the header data was changed as intended after boot. Also
noticed a nice delay after entering passphrases now. That should throw a
big fat wrench in brute-forcing efforts ;)
sudo cryptsetup luksDump --debug /dev/vda5
# cryptsetup 2.0.4 processing "cryptsetup luksDump --debug /dev/vda5"
# Running command luksDump.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/vda5.
# Trying to open and read device /dev/vda5 with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/vda5.
# Crypto backend (gcrypt 1.8.3) initialized in cryptsetup library
version 2.0.4.
# Detected kernel Linux 4.17.0-3-amd64 x86_64.
# Loading LUKS2 header (repair disabled).
# Opening lock resource file /run/cryptsetup/L_254:5
# Acquiring read lock for device /dev/vda5.
# Verifying read lock handle for device /dev/vda5.
# Device /dev/vda5 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/vda5
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
#
Checksum:267f3c4bc0b36cb98e99bc1f32066d9e8843c2977a65df04c43c2f474aca3efc
(on-disk)
#
Checksum:267f3c4bc0b36cb98e99bc1f32066d9e8843c2977a65df04c43c2f474aca3efc
(in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Opening locked device /dev/vda5
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
#
Checksum:70714e66fa9d9913bb85191a96cb5f4348d349a716b9c4a8dd297fe02431fc56
(on-disk)
#
Checksum:70714e66fa9d9913bb85191a96cb5f4348d349a716b9c4a8dd297fe02431fc56
(in-memory)
# Device size 53429141504, header size 2097152.
# Device /dev/vda5 READ lock released.
# Only 2 active CPUs detected, PBKDF threads decreased from 4 to 2.
# Not enough physical memory detected, PBKDF max memory decreased from
1048576kB to 506360kB.
# PBKDF argon2i, hash sha256, time_ms 2000 (iterations 0), max_memory_kb
506360, parallel_threads 2.
# {
"keyslots":{
"0":{
"type":"luks2",
"key_size":64,
"kdf":{
"type":"argon2id",
"time":50,
"memory":506360,
"cpus":2,
"salt":"3K2QS1LyYWoQiVXz2sVfqYoRFgLNj8YOQUnj7PJacgg="
},
"af":{
"type":"luks1",
"hash":"sha256",
"stripes":4000
},
"area":{
"type":"raw",
"encryption":"aes-xts-plain64",
"key_size":64,
"offset":"32768",
"size":"258048"
}
}
},
"tokens":{
},
"segments":{
"0":{
"type":"crypt",
"offset":"2097152",
"iv_tweak":"0",
"size":"dynamic",
"encryption":"aes-xts-plain64",
"sector_size":512
}
},
"digests":{
"0":{
"type":"pbkdf2",
"keyslots":[
"0"
],
"segments":[
"0"
],
"hash":"sha256",
"salt":"fXVLOCzOBLq+mYHHGE7Z6gTDcBZue\/N0ksKl2siGj1c=",
"digest":"kogLEtiHWaQBJQipVN9wMawxi28=",
"iterations":64503
}
},
"config":{
"json_size":"12288",
"keyslots_size":"2064384"
}
}
LUKS header information
Version: 2
Epoch: 3
Metadata area: 12288 bytes
UUID: fd28a001-e2a1-46dc-8e6c-99f0a55b1851
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 2097152 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
Keyslots:
0: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
PBKDF: argon2id
Time cost: 50
Memory: 506360
Threads: 2
Salt: dc ad 90 4b 52 f2 61 6a 10 89 55 f3 da c5 5f a9
8a 11 16 02 cd 8f c6 0e 41 49 e3 ec f2 5a 72 08
AF stripes: 4000
Area offset:32768 [bytes]
Area length:258048 [bytes]
Digest ID: 0
Tokens:
Digests:
0: pbkdf2
Hash: sha256
Iterations: 64503
Salt: 7d 75 4b 38 2c ce 04 ba be 99 81 c7 18 4e d9 ea
04 c3 70 16 6e 7b f3 74 92 c2 a5 da c8 86 8f 57
Digest: 92 88 0b 12 d8 87 59 a4 01 25
08 a9 54 df 70 31 ac 31 8b 6f
# Releasing crypt device /dev/vda5 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.
More information about the Whonix-devel
mailing list