diff --git a/.cryptsetup.metadata b/.cryptsetup.metadata index 3eba3f7..f921924 100644 --- a/.cryptsetup.metadata +++ b/.cryptsetup.metadata @@ -1,2 +1,2 @@ 8098a06269c4268b0446b34f7b20e8fa6032e006 SOURCES/cryptsetup-2.6.0.tar.xz -ae06fbc13edb47b59ba17eb8faff9959b5eefe93 SOURCES/tests.tar.xz +c8976bd232ae6716f97d29390895dddb63e04d1f SOURCES/tests.tar.xz diff --git a/SOURCES/cryptsetup-2.7.0-Also-disallow-active-devices-with-internal-kernel-na.patch b/SOURCES/cryptsetup-2.7.0-Also-disallow-active-devices-with-internal-kernel-na.patch new file mode 100644 index 0000000..c0fc831 --- /dev/null +++ b/SOURCES/cryptsetup-2.7.0-Also-disallow-active-devices-with-internal-kernel-na.patch @@ -0,0 +1,81 @@ +From dff9ee8c8cb68432e96261b87aabb7aaa51215e7 Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Tue, 2 May 2023 15:42:21 +0200 +Subject: [PATCH] Also disallow active devices with internal kernel names. + +The same problem fixed in commit 438cf1d1b3ef6d7405cfbcbe5f631d3d7467a605 +is present in libdevmapper wrapper when parsing active device table. + +The whole point of conversion was that non-authenticated modes +can be always represented in the old cipher-mode-iv format. +As the internal names contains dash, these are unsupported. + +That said, the libdevmapper backend now correctly returns +full cipher specification including capi prefix for this case. + +Init_by_name call now fails with incomplatible cipher definition error. +--- + lib/setup.c | 2 +- + lib/utils_crypt.c | 9 +++++++++ + tests/mode-test | 5 +++++ + 3 files changed, 15 insertions(+), 1 deletion(-) + +diff --git a/lib/setup.c b/lib/setup.c +index 4bc3f6fb..57435475 100644 +--- a/lib/setup.c ++++ b/lib/setup.c +@@ -1258,7 +1258,7 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name) + r = crypt_parse_name_and_mode(tgt->type == DM_LINEAR ? "null" : tgt->u.crypt.cipher, cipher, + &key_nums, cipher_mode); + if (r < 0) { +- log_dbg(cd, "Cannot parse cipher and mode from active device."); ++ log_err(cd, _("No known cipher specification pattern detected for active device %s."), name); + goto out; + } + +diff --git a/lib/utils_crypt.c b/lib/utils_crypt.c +index c1bde000..9232a91d 100644 +--- a/lib/utils_crypt.c ++++ b/lib/utils_crypt.c +@@ -306,6 +306,15 @@ int crypt_capi_to_cipher(char **org_c, char **org_i, const char *c_dm, const cha + if (i != 2) + return -EINVAL; + ++ /* non-cryptsetup compatible mode (generic driver with dash?) */ ++ if (strrchr(iv, ')')) { ++ if (i_dm) ++ return -EINVAL; ++ if (!(*org_c = strdup(c_dm))) ++ return -ENOMEM; ++ return 0; ++ } ++ + len = strlen(tmp); + if (len < 2) + return -EINVAL; +diff --git a/tests/mode-test b/tests/mode-test +index fe61880a..4775751e 100755 +--- a/tests/mode-test ++++ b/tests/mode-test +@@ -8,6 +8,7 @@ DEV_NAME=dmc_test + HEADER_IMG=mode-test.img + PASSWORD=3xrododenron + PASSWORD1=$PASSWORD ++KEY="7c0dc5dfd0c9191381d92e6ebb3b29e7f0dba53b0de132ae23f5726727173540" + FAST_PBKDF2="--pbkdf pbkdf2 --pbkdf-force-iterations 1000" + + # cipher-chainmode-ivopts:ivmode +@@ -188,6 +189,10 @@ echo -n "CAPI format:" + echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(aes)-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME || fail + $CRYPTSETUP close "$DEV_NAME"_tstdev || fail + echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(ecb(aes-generic))-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME 2>/dev/null && fail ++dmsetup create "$DEV_NAME"_tstdev --table "0 8 crypt capi:xts(ecb(aes-generic))-plain64 $KEY 0 /dev/mapper/$DEV_NAME 0" || fail ++$CRYPTSETUP status "$DEV_NAME"_tstdev >/dev/null 2>&1 && fail ++$CRYPTSETUP close "$DEV_NAME"_tstdev 2>/dev/null && fail ++dmsetup remove "$DEV_NAME"_tstdev || fail + echo [OK] + + cleanup +-- +2.41.0 + diff --git a/SOURCES/cryptsetup-2.7.0-Disallow-use-of-internal-kenrel-crypto-driver-names-.patch b/SOURCES/cryptsetup-2.7.0-Disallow-use-of-internal-kenrel-crypto-driver-names-.patch new file mode 100644 index 0000000..5c50f55 --- /dev/null +++ b/SOURCES/cryptsetup-2.7.0-Disallow-use-of-internal-kenrel-crypto-driver-names-.patch @@ -0,0 +1,68 @@ +From 438cf1d1b3ef6d7405cfbcbe5f631d3d7467a605 Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Mon, 24 Apr 2023 21:19:03 +0200 +Subject: [PATCH] Disallow use of internal kenrel crypto driver names in "capi" + specification. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The common way to specify cipher mode in cryptsetup +is to use cipher-mode-iv notation (like aes-xts-plain64). +With introduction of authenticated ciphers we also allow "capi:" +notation that is directly used by dm-crypt (e.g. capi:xts(aes)-plain64). + +CAPI specification was never intended to be used with internal +kernel crypto api names (with dash in algorithm name), actually the +whole parsing routine wrongly parses mode here now. + +The code not checks if parsing wrongly separated the full cipher +string and effectively allowing only proper cipher names +(example of no longer supported string is capi:xts(ecb(aes-generic))-plain64). + +Thanks to Jan Wichelmann, Luca Wilke and Thomas Eisenbarth from +University of Lübeck for noticing the problems with this code. + +Fixes: #809 +--- + lib/utils_crypt.c | 8 +++++++- + tests/mode-test | 6 ++++++ + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/lib/utils_crypt.c b/lib/utils_crypt.c +index 0b7dc378..c1bde000 100644 +--- a/lib/utils_crypt.c ++++ b/lib/utils_crypt.c +@@ -43,7 +43,13 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums, + cipher, cipher_mode) == 2) { + if (!strcmp(cipher_mode, "plain")) + strcpy(cipher_mode, "cbc-plain"); +- if (key_nums) { ++ if (!strncmp(cipher, "capi:", 5)) { ++ /* CAPI must not use internal cipher driver names with dash */ ++ if (strchr(cipher_mode, ')')) ++ return -EINVAL; ++ if (key_nums) ++ *key_nums = 1; ++ } else if (key_nums) { + char *tmp = strchr(cipher, ':'); + *key_nums = tmp ? atoi(++tmp) : 1; + if (!*key_nums) +diff --git a/tests/mode-test b/tests/mode-test +index 82171fbd..fe61880a 100755 +--- a/tests/mode-test ++++ b/tests/mode-test +@@ -184,4 +184,10 @@ done + dmcrypt xchacha12,aes-adiantum-plain64 + dmcrypt xchacha20,aes-adiantum-plain64 + ++echo -n "CAPI format:" ++echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(aes)-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME || fail ++$CRYPTSETUP close "$DEV_NAME"_tstdev || fail ++echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(ecb(aes-generic))-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME 2>/dev/null && fail ++echo [OK] ++ + cleanup +-- +2.41.0 + diff --git a/SOURCES/cryptsetup-2.7.0-Fix-activation-of-LUKS2-with-capi-format-cipher-and-.patch b/SOURCES/cryptsetup-2.7.0-Fix-activation-of-LUKS2-with-capi-format-cipher-and-.patch new file mode 100644 index 0000000..dbac662 --- /dev/null +++ b/SOURCES/cryptsetup-2.7.0-Fix-activation-of-LUKS2-with-capi-format-cipher-and-.patch @@ -0,0 +1,81 @@ +From b8711faf92868dc82b1a64e7673740444199b2ca Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Sun, 25 Jun 2023 23:32:13 +0200 +Subject: [PATCH] Fix activation of LUKS2 with capi format cipher and kernel + crypt name. + +While activation of internal cipher algorithms (like aes-generic) +is disallowed, some old LUKS2 images can still use it. + +Check the cipher in activate call, but allow to load LUKS2 metadata. +This can allow to add repair code easily and also allow luksDump. + +Also fix segfault in reencrypt code for such a header. + +Fixes: #820 +--- + lib/luks2/luks2_json_metadata.c | 5 +++++ + tests/Makefile.am | 4 +++- + tests/compat-test2 | 17 ++++++++++++++++- + tests/luks2_invalid_cipher.img.xz | Bin 0 -> 135372 bytes + tests/meson.build | 1 + + 5 files changed, 25 insertions(+), 2 deletions(-) + create mode 100644 tests/luks2_invalid_cipher.img.xz + +Index: cryptsetup-2.6.0/lib/luks2/luks2_json_metadata.c +=================================================================== +--- cryptsetup-2.6.0.orig/lib/luks2/luks2_json_metadata.c ++++ cryptsetup-2.6.0/lib/luks2/luks2_json_metadata.c +@@ -2597,6 +2597,11 @@ int LUKS2_activate(struct crypt_device * + if ((r = LUKS2_unmet_requirements(cd, hdr, 0, 0))) + return r; + ++ /* Check that cipher is in compatible format */ ++ if (!crypt_get_cipher(cd)) { ++ log_err(cd, _("No known cipher specification pattern detected in LUKS2 header.")); ++ return -EINVAL; ++ } + r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd), + vk, crypt_get_cipher_spec(cd), crypt_get_iv_offset(cd), + crypt_get_data_offset(cd), crypt_get_integrity(cd) ?: "none", +Index: cryptsetup-2.6.0/tests/compat-test2 +=================================================================== +--- cryptsetup-2.6.0.orig/tests/compat-test2 ++++ cryptsetup-2.6.0/tests/compat-test2 +@@ -16,6 +16,7 @@ IMG10=luks-test-v10 + HEADER_IMG=luks-header + HEADER_KEYU=luks2_keyslot_unassigned.img + HEADER_LUKS2_PV=blkid-luks2-pv.img ++HEADER_LUKS2_INV=luks2_invalid_cipher.img + KEY1=key1 + KEY2=key2 + KEY5=key5 +@@ -50,7 +51,9 @@ function remove_mapping() + [ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove --retry $DEV_NAME2 + [ -b /dev/mapper/$DEV_NAME ] && dmsetup remove --retry $DEV_NAME + losetup -d $LOOPDEV >/dev/null 2>&1 +- rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $HEADER_KEYU $VK_FILE $HEADER_LUKS2_PV missing-file $TOKEN_FILE0 $TOKEN_FILE1 test_image_* $KEY_FILE0 $KEY_FILE1 >/dev/null 2>&1 ++ rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG $HEADER_KEYU $VK_FILE \ ++ $HEADER_LUKS2_PV $HEADER_LUKS2_INV missing-file $TOKEN_FILE0 $TOKEN_FILE1 test_image_* \ ++ $KEY_FILE0 $KEY_FILE1 >/dev/null 2>&1 + + # unlink whole test keyring + [ -n "$TEST_KEYRING" ] && keyctl unlink $TEST_KEYRING "@u" >/dev/null +@@ -1200,5 +1203,17 @@ if [ $HAVE_KEYRING -gt 0 -a -d /proc/sys + $CRYPTSETUP open -q --test-passphrase --token-only --token-id 0 -q $IMG || fail + fi + ++prepare "[44] LUKS2 invalid cipher (kernel cipher driver name)" wipe ++xz -dk $HEADER_LUKS2_INV.xz ++dd if=$HEADER_LUKS2_INV of=$IMG conv=notrunc >/dev/null 2>&1 ++$CRYPTSETUP -q luksDump $LOOPDEV | grep -q "capi:xts(ecb(aes-generic))-plain64" || fail ++echo $PWD1 | $CRYPTSETUP open $LOOPDEV --test-passphrase || fail ++echo $PWD1 | $CRYPTSETUP open $LOOPDEV $DEV_NAME 2>&1 | grep -q "No known cipher specification pattern" || fail ++echo $PWD1 | $CRYPTSETUP reencrypt $LOOPDEV >/dev/null 2>&1 && fail ++dmsetup create $DEV_NAME --uuid CRYPT-LUKS2-3d20686f551748cb89911ad32379821b-test --table \ ++ "0 8 crypt capi:xts(ecb(aes-generic))-plain64 edaa40709797973715e572bf7d86fcbb9cfe2051083c33c28d58fe4e1e7ff642 0 $LOOPDEV 32768" ++$CRYPTSETUP status $DEV_NAME | grep -q "n/a" || fail ++$CRYPTSETUP close $DEV_NAME ||fail ++ + remove_mapping + exit 0 diff --git a/SOURCES/cryptsetup-2.7.0-Fix-init_by_name-to-allow-unknown-cipher-format-in-d.patch b/SOURCES/cryptsetup-2.7.0-Fix-init_by_name-to-allow-unknown-cipher-format-in-d.patch new file mode 100644 index 0000000..7ea25cf --- /dev/null +++ b/SOURCES/cryptsetup-2.7.0-Fix-init_by_name-to-allow-unknown-cipher-format-in-d.patch @@ -0,0 +1,52 @@ +From 53aa5f6c4f7439db1b25846597fb5603870ba55e Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Mon, 5 Jun 2023 16:02:06 +0200 +Subject: [PATCH] Fix init_by_name to allow unknown cipher format in dm-crypt + as null context. + +Deactivation code should deactivate dm-crypt device even if it is unknown +for libcryptsetup. Previous fix for cipher specification was too strict. + +Let's allow initialization as null context, that allow status and +deactivate to be usable again. +--- + lib/setup.c | 6 ++++++ + tests/mode-test | 5 ++--- + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/lib/setup.c b/lib/setup.c +index fd17be8c..786aa900 100644 +--- a/lib/setup.c ++++ b/lib/setup.c +@@ -1276,6 +1276,12 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name) + r = crypt_parse_name_and_mode(tgt->type == DM_LINEAR ? "null" : tgt->u.crypt.cipher, cipher, + &key_nums, cipher_mode); + if (r < 0) { ++ /* Allow crypt null context with unknown cipher string */ ++ if (tgt->type == DM_CRYPT && !tgt->u.crypt.integrity) { ++ crypt_set_null_type(cd); ++ r = 0; ++ goto out; ++ } + log_err(cd, _("No known cipher specification pattern detected for active device %s."), name); + goto out; + } +diff --git a/tests/mode-test b/tests/mode-test +index 4775751e..7f7f20a1 100755 +--- a/tests/mode-test ++++ b/tests/mode-test +@@ -190,9 +190,8 @@ echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(aes)-plain64' -s 256 + $CRYPTSETUP close "$DEV_NAME"_tstdev || fail + echo $PASSWORD | $CRYPTSETUP create -h sha256 -c 'capi:xts(ecb(aes-generic))-plain64' -s 256 "$DEV_NAME"_tstdev /dev/mapper/$DEV_NAME 2>/dev/null && fail + dmsetup create "$DEV_NAME"_tstdev --table "0 8 crypt capi:xts(ecb(aes-generic))-plain64 $KEY 0 /dev/mapper/$DEV_NAME 0" || fail +-$CRYPTSETUP status "$DEV_NAME"_tstdev >/dev/null 2>&1 && fail +-$CRYPTSETUP close "$DEV_NAME"_tstdev 2>/dev/null && fail +-dmsetup remove "$DEV_NAME"_tstdev || fail ++$CRYPTSETUP status "$DEV_NAME"_tstdev 2>/dev/null | grep "type:" | grep -q "n/a" || fail ++$CRYPTSETUP close "$DEV_NAME"_tstdev 2>/dev/null || fail + echo [OK] + + cleanup +-- +2.41.0 + diff --git a/SOURCES/cryptsetup-2.7.0-Fix-reencryption-to-fail-properly-for-unknown-cipher.patch b/SOURCES/cryptsetup-2.7.0-Fix-reencryption-to-fail-properly-for-unknown-cipher.patch new file mode 100644 index 0000000..92b1de2 --- /dev/null +++ b/SOURCES/cryptsetup-2.7.0-Fix-reencryption-to-fail-properly-for-unknown-cipher.patch @@ -0,0 +1,31 @@ +From 1f01eea60e38ac92aa05e4b95372d54b7b9095df Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Mon, 26 Jun 2023 13:25:59 +0200 +Subject: [PATCH] Fix reencryption to fail properly for unknown cipher. + +crypt_get_cipher and crypt_get_cipher mode can return NULL, +check it in advance. +--- + src/utils_reencrypt.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/utils_reencrypt.c b/src/utils_reencrypt.c +index a78557cb..8ffceb36 100644 +--- a/src/utils_reencrypt.c ++++ b/src/utils_reencrypt.c +@@ -419,6 +419,12 @@ static bool luks2_reencrypt_eligible(struct crypt_device *cd) + return false; + } + ++ /* Check that cipher is in compatible format */ ++ if (!crypt_get_cipher(cd)) { ++ log_err(_("No known cipher specification pattern detected in LUKS2 header.")); ++ return false; ++ } ++ + return true; + } + +-- +2.41.0 + diff --git a/SPECS/cryptsetup.spec b/SPECS/cryptsetup.spec index fce51de..7792853 100644 --- a/SPECS/cryptsetup.spec +++ b/SPECS/cryptsetup.spec @@ -1,7 +1,7 @@ Summary: Utility for setting up encrypted disks Name: cryptsetup Version: 2.6.0 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ and LGPLv2+ URL: https://gitlab.com/cryptsetup/cryptsetup BuildRequires: openssl-devel, popt-devel, device-mapper-devel @@ -26,6 +26,11 @@ Patch0000: %{name}-2.6.1-Run-PBKDF-benchmark-with-8-bytes-long-well-known-pas.pa Patch0001: %{name}-2.6.1-Change-tests-to-use-passphrases-with-minimal-8-chars.patch Patch0002: %{name}-2.6.1-Enable-crypt_header_is_detached-for-empty-contexts.patch Patch0003: %{name}-2.6.1-Abort-encryption-when-header-and-data-devices-are-sa.patch +Patch0004: %{name}-2.7.0-Disallow-use-of-internal-kenrel-crypto-driver-names-.patch +Patch0005: %{name}-2.7.0-Also-disallow-active-devices-with-internal-kernel-na.patch +Patch0006: %{name}-2.7.0-Fix-init_by_name-to-allow-unknown-cipher-format-in-d.patch +Patch0007: %{name}-2.7.0-Fix-reencryption-to-fail-properly-for-unknown-cipher.patch +Patch0008: %{name}-2.7.0-Fix-activation-of-LUKS2-with-capi-format-cipher-and-.patch Patch9998: %{name}-Add-FIPS-related-error-message-in-keyslot-add-code.patch Patch9999: %{name}-add-system-library-paths.patch @@ -111,6 +116,14 @@ rm -rf %{buildroot}%{_libdir}/*.la %ghost %attr(700, -, -) %dir /run/cryptsetup %changelog +* Fri Jun 30 2023 Daniel Zatovic - 2.6.0-3 +- patch: Disallow use of internal kenrel crypto driver names in "capi" +- patch: Also disallow active devices with internal kernel names +- patch: Fix init_by_name to allow unknown cipher format in dm-crypt +- patch: Fix reencryption to fail properly for unknown cipher +- patch: Fix activation of LUKS2 with capi format cipher and kernel +- Resolves: #2212771 + * Wed Dec 14 2022 Daniel Zatovic - 2.6.0-2 - Fix FIPS related bugs. - Abort encryption when header and data devices are same.