Bug 2212771

Summary: Do not allow selecting specific cipher implementation in libcryptsetup
Product: Red Hat Enterprise Linux 9 Reporter: Ondrej Kozina <okozina>
Component: cryptsetupAssignee: Daniel Zaťovič <dzatovic>
Status: CLOSED ERRATA QA Contact: guazhang <guazhang>
Severity: medium Docs Contact:
Priority: high    
Version: 9.0CC: agk, guazhang, jbrassow, okozina, prajnoha
Target Milestone: rcKeywords: Triaged
Target Release: 9.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: cryptsetup-2.6.0-3.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-11-07 08:55:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ondrej Kozina 2023-06-06 10:06:17 UTC 
Description of problem:

Libcryptsetup should not allow selecting specific cipher implementation when using 'capi' cipher format. For example aes-generic is SW implementation of AES cipher in kernel that does not use HW acceleration specific to available CPU.

Selecting specific cipher implementation should always be delegated to kernel crypto layer. This may allow loading cipher implementations that are susceptible to side-channel attacks on volume keys.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. cryptsetup luksFormat -c 'capi:xts(ecb(aes-generic))-plain64' /dev/device
2. cryptsetup open /dev/device

Actual results:
It passes in both step 1) and step 2)

Expected results:
Neither luksFormat or subsequent open commands shall pass. It also applies on LUKS2 headers previously formated/changed to use aes-generic implementation in kernel.

Additional info:
aes-generic driver is AES software implementation using lookup tables, susceptible to side-channel attacks.
Comment 2 guazhang@redhat.com 2023-07-11 04:57:01 UTC 

cryptsetup-2.6.0-2.el9.x86_64
[root@dell-per730-43 ~]# cryptsetup luksFormat -c 'capi:xts(ecb(aes-generic))-plain64' t.tar -q
Enter passphrase for t.tar: 
[root@dell-per730-43 ~]# $?
-bash: 0: command not found
[root@dell-per730-43 ~]# 


cryptsetup-2.6.0-3.el9.x86_64
[root@storageqe-100 ~]# cryptsetup luksFormat -c 'capi:xts(ecb(aes-generic))-plain64' t.tar 
No known cipher specification pattern detected.
[root@storageqe-100 ~]# $?
-bash: 1: command not found
[root@storageqe-100 ~]# 

so the fixed package have passed.
Comment 6 errata-xmlrpc 2023-11-07 08:55:37 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (cryptsetup bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6680