← Back to team overview

kernel-packages team mailing list archive

[Bug 1558079] Re: cryptsetup tcryptOpen doesn't work anymore


No further logs are needed, the cause and several solution are known.

The error is caused by the fact that newer Kernels do not allow to
modify the cryptographic interface "kernel<->userspace" via
bind/setkey/... after accept(2) has been called. But the old cryptsetup
in trusty tahr is doing definitely that: calling accept(2) first and
then setkey to the file descriptor.

There are various possible solutions to the problem.

The simple one:

I've created a ppa. Use cryptsetup from there:

(btw: I've created some packages in the past but these were unsigned and
I've incremented the version number a little awkward. So I created some
new packages with cleaner versioning for the ppa)

Other possible solutions:

- Manually patching cryptsetup. The patch I've added (see above) changes
the order of accept/setkey.

- Using some newer cryptsetup - the one in ubuntu trusty (14.04) is
outdated - newer versions from newer ubuntu or debian releases (using
compiled .deb) should work.

- Manually Reverting back the corresponding patch to the Kernel: [crypto: af_alg - Disallow bind/setkey/... after accept(2)] 
  * added to [linux (3.19.0-52.58) vivid; urgency=low] with [ Upstream Kernel Changes ]
  * added to [linux (3.13.0-80.124) trusty; urgency=low] with [ Upstream Kernel Changes ]
  (i.e. manually unpatching those patches within the linux sources)

- installing some older kernel versions <3.19.0-52.58 / <3.13.0-80.124

- wait for the original ubuntu cryptsetup maintainer to fix his package

You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.

  cryptsetup tcryptOpen doesn't work anymore

Status in cryptsetup package in Ubuntu:
Status in linux package in Ubuntu:

Bug description:
  I'm using cryptsetup to open TrueCrypt encrypted NTFS filesystems:
  cryptsetup tcryptOpen /dev/sdf2 tcrypt

  At least until linux-image-3.13.0-79-generic this work fine. 
  Booting linux-image-3.13.0-83-generic and running cryptsetup results in:

  Required kernel crypto interface not available.
  Ensure you have algif_skcipher kernel module loaded.

  The module algif_skcipher is loaded, so the tenor of the error message
  is wrong, but cryptsetup cannot open the container, so at least there
  _is_ some error. Probably it's related to some unsupported instruction
  set. With  linux-image-3.13.0-83 there are errors in dmesg which are
  not present with linux-image-3.13.0-79:

  AVX instructions are not detected

  System information:

  OS: Ubuntu 14.04.4 LTS
  CPU: Phenom II X6

  TCRYPT header information for /dev/sdf2
  Version:       	5
  Driver req.:	7
  Sector size:	512
  MK offset:	131072
  PBKDF2 hash:	ripemd160
  Cipher chain:	aes
  Cipher mode:	xts-plain64
  MK bits:       	512

To manage notifications about this bug go to: