[dm-crypt] [ANNOUNCE] cryptsetup 1.6.4

Arno Wagner arno at wagner.name
Fri Feb 28 12:38:41 CET 2014


On Fri, Feb 28, 2014 at 12:29:35 CET, Milan Broz wrote:
[...]
> These are the steps for fixing Whirlpool gcrypt issue, there is manual hack
> to LUKS header required, otherwise it is straightforward. I think this
> should be in FAQ as well...

I will add it.

Arno

> (Feel free to fix this description, I just quickly tested this on Arch distro.
> Probably more safe script can be written, volunteers welcome ;-)
> 
> How to fix "flawed gcrypt Whirlpool" hash in LUKS header
> 
> All the text below expects cryptsetup 1.6.4 installed.
> (Previous version doesn't have needed code for workaround.)
> 
> What's the problem?
> 
> - gcrypt in version prior to 1.6.0 includes flawed Whirlpool hash
> (bug only hits when hash is calculated in multiple chunks, unfortunately
> this is the cryptsetup case).
> If you use Whirlpool as LUKS header hash with previous gcrypt and upgrade
> to gcrypt 1.6.x, you cannot open LUKS device anymore.
> 
> These are the steps how to fix it in-place:
> 
> -1) Backup LUKS header. Really. (see luksHeaderBackup command)
> 
> 0) Use cryptsetup 1.6.4 or more recent.
> 
> 
> 1) double check which gcrypt you are using. You can even use cryptsetup here:
> 
>   # cryptsetup luksDump <your luks device> --debug | grep backend
> 
>   - for flawed (old gcrypt) you should see something like this:
>   # Crypto backend (gcrypt 1.5.3, flawed whirlpool) initialized.
> 
>   - for already fixed gcrypt you should see
>   # Crypto backend (gcrypt 1.6.1) initialized.
> 
> 
> Next step depends if you can unlock the device (old gcrypt) or you
> are already running upgraded system (and cannot unlock LUKS device anymore).
> 
> 
> 2a) If you can unlock device (you have still old gcrypt and want to prepare
> for gcrypt upgrade) simply reencrypt LUKS header with different hash (e.g. sha256)
> 
>   # cryptsetup-reencrypt --keep-key --hash sha256 <your luks device>
> 
> and you are done (you will need to enter all keyslot passphrasses).
> 
> 
> 2b) If you have already broken system (upgraded gcrypt).
> 
>   - you MUST use gcrypt 1.6.1 or more recent
>   (requires bug emulation flag, cryptsetup must be compiled with this version)
> 
>   - now you need to change LUKS header hash name from "whirlpool" to "whirlpool_gcryptbug"
>   (this requires manual overwrite). You can use hex editor or e.g.
> 
>    # echo -n -e 'whirlpool_gcryptbug\0' | dd of=<luks device> bs=1 seek=72 conv=notrunc
> 
>    verify with cryptsetup luksDump. This step is dangerous, so be sure you have backups
>    (notrunc dd option it very important for LUKS images in file).
> 
>   And now you can open the device again.
> 
>   I strongly suggest to change LUKS hash now as described in 2a) so your device
>   is compatible with older distros again.
> 
> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -  Plato


More information about the dm-crypt mailing list