← Back to team overview

kernel-packages team mailing list archive

Thread
Date

[Bug 1558079] Re: cryptsetup tcryptOpen doesn't work anymore

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: hede <1558079@xxxxxxxxxxxxxxxxxx>
Date: Wed, 11 May 2016 08:00:25 -0000
Reply-to: Bug 1558079 <1558079@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

No further logs are needed, the cause and several solution are known.

The error is caused by the fact that newer Kernels do not allow to
modify the cryptographic interface "kernel<->userspace" via
bind/setkey/... after accept(2) has been called. But the old cryptsetup
in trusty tahr is doing definitely that: calling accept(2) first and
then setkey to the file descriptor.

There are various possible solutions to the problem.

The simple one:

I've created a ppa. Use cryptsetup from there:
https://launchpad.net/~michael-heide/+archive/ubuntu/test2

(btw: I've created some packages in the past but these were unsigned and
I've incremented the version number a little awkward. So I created some
new packages with cleaner versioning for the ppa)

Other possible solutions:

- Manually patching cryptsetup. The patch I've added (see above) changes
the order of accept/setkey.

- Using some newer cryptsetup - the one in ubuntu trusty (14.04) is
outdated - newer versions from newer ubuntu or debian releases (using
compiled .deb) should work.

- Manually Reverting back the corresponding patch to the Kernel: [crypto: af_alg - Disallow bind/setkey/... after accept(2)]
* added to [linux (3.19.0-52.58) vivid; urgency=low] with [ Upstream Kernel Changes ]
* added to [linux (3.13.0-80.124) trusty; urgency=low] with [ Upstream Kernel Changes ]
(i.e. manually unpatching those patches within the linux sources)

- installing some older kernel versions <3.19.0-52.58 / <3.13.0-80.124

- wait for the original ubuntu cryptsetup maintainer to fix his package

--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1558079

Title:
cryptsetup tcryptOpen doesn't work anymore

Status in cryptsetup package in Ubuntu:
Confirmed
Status in linux package in Ubuntu:
Invalid

Bug description:
I'm using cryptsetup to open TrueCrypt encrypted NTFS filesystems:
cryptsetup tcryptOpen /dev/sdf2 tcrypt

At least until linux-image-3.13.0-79-generic this work fine.
Booting linux-image-3.13.0-83-generic and running cryptsetup results in:

Required kernel crypto interface not available.
Ensure you have algif_skcipher kernel module loaded.

The module algif_skcipher is loaded, so the tenor of the error message
is wrong, but cryptsetup cannot open the container, so at least there
_is_ some error. Probably it's related to some unsupported instruction
set. With linux-image-3.13.0-83 there are errors in dmesg which are
not present with linux-image-3.13.0-79:

AVX instructions are not detected

System information:

OS: Ubuntu 14.04.4 LTS
CPU: Phenom II X6

TCRYPT header information for /dev/sdf2
Version: 5
Driver req.: 7
Sector size: 512
MK offset: 131072
PBKDF2 hash: ripemd160
Cipher chain: aes
Cipher mode: xts-plain64
MK bits: 512

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1558079/+subscriptions

References

[Bug 1558079] [NEW] cryptsetup tcryptOpen doesn't work anymode
From: hede, 2016-03-16