Bug 2212771

Summary: Do not allow selecting specific cipher implementation in libcryptsetup
Product: Red Hat Enterprise Linux 9 Reporter: Ondrej Kozina <okozina>
Component: cryptsetupAssignee: Daniel Zaťovič <dzatovic>
Status: VERIFIED --- QA Contact: guazhang <guazhang>
Severity: medium Docs Contact:
Priority: high    
Version: 9.0CC: agk, guazhang, jbrassow, okozina, prajnoha
Target Milestone: rcKeywords: Triaged
Target Release: 9.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: cryptsetup-2.6.0-3.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ondrej Kozina 2023-06-06 10:06:17 UTC 
Description of problem:

Libcryptsetup should not allow selecting specific cipher implementation when using 'capi' cipher format. For example aes-generic is SW implementation of AES cipher in kernel that does not use HW acceleration specific to available CPU.

Selecting specific cipher implementation should always be delegated to kernel crypto layer. This may allow loading cipher implementations that are susceptible to side-channel attacks on volume keys.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. cryptsetup luksFormat -c 'capi:xts(ecb(aes-generic))-plain64' /dev/device
2. cryptsetup open /dev/device

Actual results:
It passes in both step 1) and step 2)

Expected results:
Neither luksFormat or subsequent open commands shall pass. It also applies on LUKS2 headers previously formated/changed to use aes-generic implementation in kernel.

Additional info:
aes-generic driver is AES software implementation using lookup tables, susceptible to side-channel attacks.
Comment 2 guazhang@redhat.com 2023-07-11 04:57:01 UTC 

cryptsetup-2.6.0-2.el9.x86_64
[root@dell-per730-43 ~]# cryptsetup luksFormat -c 'capi:xts(ecb(aes-generic))-plain64' t.tar -q
Enter passphrase for t.tar: 
[root@dell-per730-43 ~]# $?
-bash: 0: command not found
[root@dell-per730-43 ~]# 


cryptsetup-2.6.0-3.el9.x86_64
[root@storageqe-100 ~]# cryptsetup luksFormat -c 'capi:xts(ecb(aes-generic))-plain64' t.tar 
No known cipher specification pattern detected.
[root@storageqe-100 ~]# $?
-bash: 1: command not found
[root@storageqe-100 ~]# 

so the fixed package have passed.