1927409 – Pre online reencryption checks fail with cipher null dm-crypt mappings

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1927409 - Pre online reencryption checks fail with cipher null dm-crypt mappings

Summary: Pre online reencryption checks fail with cipher null dm-crypt mappings

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	cryptsetup
Sub Component:
Version:	8.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	8.0
Assignee:	Ondrej Kozina
QA Contact:	guazhang@redhat.com
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-02-10 16:50 UTC by John Call
Modified:	2021-09-06 15:22 UTC (History)
CC List:	6 users (show)
Fixed In Version:	cryptsetup-2.3.3-4.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-05-18 15:10:38 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description John Call 2021-02-10 16:50:56 UTC

****** Description of problem:
`cryptsetup reencrypt /dev/sda4` fails with "Command failed with code -1 (wrong or missing parameters)." when attempting to reencrypt the LUKS volume containing the root filesystem (/).  This happens on CoreOS which uses a null cipher (cipher_null-ecb) for both the keyslots and data segments.


****** Version-Release number of selected component (if applicable):
sh-4.4# cat /etc/os-release
NAME="Red Hat Enterprise Linux CoreOS"
VERSION="46.82.202101131942-0"


****** Email snippet from Ondrej:
From: Ondrej Kozina <okozina>
Date: Tue, Feb 9, 2021 at 1:47 AM
Subject: Re: Have you successfully reencrypted a CoreOS drive?

...LUKS2 reencryption is designed to work online, with mounted fs 
and it does not matter if it's root fs or not...
...I have probably never tested the scenario where initial 
cipher is "cipher_null"...


******  Reproducer steps and errors:
sh-4.4# lsblk
NAME                         MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda                            8:0    0   120G  0 disk
|-sda1                         8:1    0   384M  0 part /boot
|-sda2                         8:2    0   127M  0 part /boot/efi
|-sda3                         8:3    0     1M  0 part
`-sda4                         8:4    0 119.5G  0 part
  `-coreos-luks-root-nocrypt 253:0    0 119.5G  0 dm   /sysroot
sr0                           11:0    1   374K  0 rom  
sr1                           11:1    1  1024M  0 rom  

sh-4.4# cryptsetup luksDump /dev/sda4
LUKS header information
Version:       2
Epoch:         5
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID:           00000000-0000-4000-a000-000000000002
Label:         crypt_rootfs
Subsystem:     (no subsystem)
Flags:       (no flags)

Data segments:
  0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: cipher_null-ecb
sector: 512 [bytes]

Keyslots:
  0: luks2
Key:        256 bits
Priority:   normal
Cipher:     cipher_null-ecb
Cipher key: 256 bits
PBKDF:      argon2i
Time cost:  4
Memory:     389869
Threads:    1
Salt:       71 e2 80 3e c0 28 e2 d7 00 1e 7f d2 9b 7f 21 82
           d6 27 e1 7e bc 5e 59 bc 74 c5 d6 a0 07 de ff 55
AF stripes: 4000
AF hash:    sha256
Area offset:32768 [bytes]
Area length:131072 [bytes]
Digest ID:  0
Tokens:
  9: coreos
Keyslot:  0
Digests:
  0: pbkdf2
Hash:       sha256
Iterations: 235317
Salt:       e6 28 6c 6b 6d 90 51 6b 5e f3 2a 1a 8d 72 1d 51
           a3 7b ad 31 56 97 65 dc 9e 69 16 85 85 d9 d0 8c
Digest:     19 bb 31 e1 2a 3d a2 ec 2e ef 20 82 9d 2f 2f 57
           74 2a 2e f5 a5 13 d0 ed d9 4b 50 74 c3 a0 c1 f4

sh-4.4# cryptsetup luksAddKey /dev/sda4
Enter any existing passphrase:
Enter new passphrase for key slot:
Verify passphrase:

sh-4.4# echo $?
0

sh-4.4# cryptsetup luksDump /dev/sda4
LUKS header information
Version:       2
Epoch:         6
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID:           00000000-0000-4000-a000-000000000002
Label:         crypt_rootfs
Subsystem:     (no subsystem)
Flags:       (no flags)

Data segments:
  0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: cipher_null-ecb
sector: 512 [bytes]

Keyslots:
  0: luks2
Key:        256 bits
Priority:   normal
Cipher:     cipher_null-ecb
Cipher key: 256 bits
PBKDF:      argon2i
Time cost:  4
Memory:     389869
Threads:    1
Salt:       71 e2 80 3e c0 28 e2 d7 00 1e 7f d2 9b 7f 21 82
           d6 27 e1 7e bc 5e 59 bc 74 c5 d6 a0 07 de ff 55
AF stripes: 4000
AF hash:    sha256
Area offset:32768 [bytes]
Area length:131072 [bytes]
Digest ID:  0
  1: luks2
Key:        256 bits
Priority:   normal
Cipher:     cipher_null-ecb
Cipher key: 256 bits
PBKDF:      argon2i
Time cost:  4
Memory:     1048576
Threads:    4
Salt:       bb 08 fb 01 56 35 d2 72 85 4c 3c a9 84 1e f9 a7
           30 1a ea 02 7d 44 98 0b 05 7e 7e f2 a9 df fe 36
AF stripes: 4000
AF hash:    sha256
Area offset:163840 [bytes]
Area length:131072 [bytes]
Digest ID:  0
Tokens:
  9: coreos
Keyslot:  0
Digests:
  0: pbkdf2
Hash:       sha256
Iterations: 235317
Salt:       e6 28 6c 6b 6d 90 51 6b 5e f3 2a 1a 8d 72 1d 51
           a3 7b ad 31 56 97 65 dc 9e 69 16 85 85 d9 d0 8c
Digest:     19 bb 31 e1 2a 3d a2 ec 2e ef 20 82 9d 2f 2f 57
           74 2a 2e f5 a5 13 d0 ed d9 4b 50 74 c3 a0 c1 f4

sh-4.4# cryptsetup reencrypt /dev/sda4
Enter passphrase for key slot 0:
Enter passphrase for key slot 1:
Device /dev/sda4 is still in use.

sh-4.4# echo $?
1

sh-4.4# cryptsetup reencrypt /dev/sda4 --debug
# cryptsetup 2.2.2 processing "cryptsetup reencrypt /dev/sda4 --debug"
# Running command reencrypt.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/sda4.
# Trying to open and read device /dev/sda4 with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/sda4.
# Crypto backend (OpenSSL 1.1.1c FIPS  28 May 2019) initialized in cryptsetup library version 2.2.2.
# Detected kernel Linux 4.18.0-193.40.1.el8_2.x86_64 x86_64.
# Loading LUKS2 header (repair disabled).
# Acquiring read lock for device /dev/sda4.
# Opening lock resource file /run/cryptsetup/L_8:4
# Verifying lock handle for /dev/sda4.
# Device /dev/sda4 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/sda4
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:197f5b175475f5efcfbbe46ef96686774d2c7020a703f7f2ee40f15efc54db28 (on-disk)
# Checksum:197f5b175475f5efcfbbe46ef96686774d2c7020a703f7f2ee40f15efc54db28 (in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Reusing open ro fd on device /dev/sda4
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:1965a38b5c2d40bc9df1bbc9edde22c7dfaa0be25ac6356b62619cc629efe291 (on-disk)
# Checksum:1965a38b5c2d40bc9df1bbc9edde22c7dfaa0be25ac6356b62619cc629efe291 (in-memory)
# Device size 128311082496, offset 16777216.
# Device /dev/sda4 READ lock released.
# PBKDF argon2i, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# Interactive passphrase entry requested.
Enter passphrase for key slot 0:
# Checking volume passphrase [keyslot 0] using passphrase.
# Trying to open LUKS2 keyslot 0.
# Reading keyslot area [0x8000].
# Acquiring read lock for device /dev/sda4.
# Opening lock resource file /run/cryptsetup/L_8:4
# Verifying lock handle for /dev/sda4.
# Device /dev/sda4 READ lock taken.
# Reusing open ro fd on device /dev/sda4
# Device /dev/sda4 READ lock released.
# Verifying key from keyslot 0, digest 0.
Key slot 0 unlocked.
# Interactive passphrase entry requested.
Enter passphrase for key slot 1:
# Checking volume passphrase [keyslot 1] using passphrase.
# Trying to open LUKS2 keyslot 1.
# Reading keyslot area [0x28000].
# Acquiring read lock for device /dev/sda4.
# Opening lock resource file /run/cryptsetup/L_8:4
# Verifying lock handle for /dev/sda4.
# Device /dev/sda4 READ lock taken.
# Reusing open ro fd on device /dev/sda4
# Device /dev/sda4 READ lock released.
# Verifying key from keyslot 1, digest 0.
Key slot 1 unlocked.
# PBKDF argon2i, time_ms 0 (iterations 4), max_memory_kb 389869, parallel_threads 1.
# Adding new keyslot -1 with volume key unassigned to a crypt segment.
# Selected keyslot 2.
# Digest 0 (pbkdf2) verify failed with -1.
# Creating new digest 1 (pbkdf2).
# Setting PBKDF2 type key digest 1.
# Keyslot 2 assigned to digest 1.
# Trying to allocate LUKS2 keyslot 2.
# Found area 294912 -> 425984
# Reusing PBKDF values (no benchmark flag is set).
# Calculating attributes for LUKS2 keyslot 2.
# Acquiring write lock for device /dev/sda4.
# Opening lock resource file /run/cryptsetup/L_8:4
# Verifying lock handle for /dev/sda4.
# Device /dev/sda4 WRITE lock taken.
# Checking context sequence id matches value stored on disk.
# Reusing open ro fd on device /dev/sda4
# Updating keyslot area [0x48000].
# Opening locked device /dev/sda4
# Veryfing locked device handle (bdev)
# Device size 128311082496, offset 16777216.
# Device /dev/sda4 WRITE lock already held.
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Reusing open rw fd on device /dev/sda4
# Checksum:ebd1dfaf655b402423f8a7e6295aec8b1f750513acfdbaa5f6da39e0aad2ada9 (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Reusing open rw fd on device /dev/sda4
# Checksum:e12b00d3c1d5abafc150fd6464b2c2f881ff7c0dce38dbe27bbd3971de55ae4c (in-memory)
# Device /dev/sda4 WRITE lock released.
Key slot 2 created.
# Trying to open LUKS2 keyslot 2.
# Reading keyslot area [0x48000].
# Acquiring read lock for device /dev/sda4.
# Opening lock resource file /run/cryptsetup/L_8:4
# Verifying lock handle for /dev/sda4.
# Device /dev/sda4 READ lock taken.
# Reusing open ro fd on device /dev/sda4
# Device /dev/sda4 READ lock released.
# Verifying key from keyslot 2, digest 1.
# Keyslot 2 assigned to token 9.
# Device size 128311082496, offset 16777216.
# Acquiring write lock for device /dev/sda4.
# Opening lock resource file /run/cryptsetup/L_8:4
# Verifying lock handle for /dev/sda4.
# Device /dev/sda4 WRITE lock taken.
# Checking context sequence id matches value stored on disk.
# Reusing open ro fd on device /dev/sda4
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Reusing open rw fd on device /dev/sda4
# Checksum:0e65c9e24709ec4e0cdf5a41b6a1d9acdb1723011824e59d381aa222b4836b75 (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Reusing open rw fd on device /dev/sda4
# Checksum:b9e6974bde9e2ca4efb6676d72c004b962a4ed13a0e8372e9e5315d1400f91ca (in-memory)
# Device /dev/sda4 WRITE lock released.
# PBKDF argon2i, time_ms 0 (iterations 4), max_memory_kb 1048576, parallel_threads 4.
# Adding new keyslot -1 with volume key unassigned to a crypt segment.
# Selected keyslot 3.
# Digest 0 (pbkdf2) verify failed with -1.
# Digest 0 (pbkdf2) verify failed with -1.
# Keyslot 3 assigned to digest 1.
# Trying to allocate LUKS2 keyslot 3.
# Found area 425984 -> 557056
# Reusing PBKDF values (no benchmark flag is set).
# Calculating attributes for LUKS2 keyslot 3.
# Acquiring write lock for device /dev/sda4.
# Opening lock resource file /run/cryptsetup/L_8:4
# Verifying lock handle for /dev/sda4.
# Device /dev/sda4 WRITE lock taken.
# Checking context sequence id matches value stored on disk.
# Reusing open ro fd on device /dev/sda4
# Updating keyslot area [0x68000].
# Reusing open rw fd on device /dev/sda4
# Device size 128311082496, offset 16777216.
# Device /dev/sda4 WRITE lock already held.
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Reusing open rw fd on device /dev/sda4
# Checksum:14d15deb79e5d5f39d2c663876e730783a5e9f1feab4ca55f208ce27887352d9 (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Reusing open rw fd on device /dev/sda4
# Checksum:c1c52adb640a06f6ce42da9a7f0829ccdd4aead5e932c3c983d462f63b4878d1 (in-memory)
# Device /dev/sda4 WRITE lock released.
Key slot 3 created.
# Looking for any dm device with prefix: dm-uuid-CRYPT-LUKS2-0000000000004000a000000000000002
# Device /dev/sda4 has 1 active holders.
Device /dev/sda4 is still in use.
# Destroying keyslot 2.
# Acquiring write lock for device /dev/sda4.
# Opening lock resource file /run/cryptsetup/L_8:4
# Verifying lock handle for /dev/sda4.
# Device /dev/sda4 WRITE lock taken.
# Checking context sequence id matches value stored on disk.
# Reusing open ro fd on device /dev/sda4
# Reusing open rw fd on device /dev/sda4
# Keyslot 2 unassigned from digest 0.
# Keyslot 2 unassigned from digest 1.
# Keyslot 2 unassigned from token 9.
# Device size 128311082496, offset 16777216.
# Device /dev/sda4 WRITE lock already held.
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Reusing open rw fd on device /dev/sda4
# Checksum:4bba70f18ad3bbe1c198d4fcee9380bda8059bf0d464ef837d3b1d127ac67b22 (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Reusing open rw fd on device /dev/sda4
# Checksum:435303e46711d6f603e4d3f60b4229d253c0fafe758ca79480bfc3af3c021c24 (in-memory)
# Device /dev/sda4 WRITE lock released.
# Destroying keyslot 3.
# Acquiring write lock for device /dev/sda4.
# Opening lock resource file /run/cryptsetup/L_8:4
# Verifying lock handle for /dev/sda4.
# Device /dev/sda4 WRITE lock taken.
# Checking context sequence id matches value stored on disk.
# Reusing open ro fd on device /dev/sda4
# Reusing open rw fd on device /dev/sda4
# Keyslot 3 unassigned from digest 0.
# Keyslot 3 unassigned from digest 1.
# Keyslot 3 unassigned from token 9.
# Erasing unused digest 1.
# Device size 128311082496, offset 16777216.
# Device /dev/sda4 WRITE lock already held.
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Reusing open rw fd on device /dev/sda4
# Checksum:2c5ff1b9d38cc6fbabe151dcce4febe34580e594003828aaeacf1ac40c97848d (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Reusing open rw fd on device /dev/sda4
# Checksum:c3a3f4bde892e20db1484ee39e7cc9a76a2cdbcda423920f8e79cb5d22a8049c (in-memory)
# Device /dev/sda4 WRITE lock released.
# Releasing crypt device /dev/sda4 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/sda4.
# Closing read write fd for /dev/sda4.
Command failed with code -1 (wrong or missing parameters).
sh-4.4#

Comment 2 guazhang@redhat.com 2021-02-16 14:45:44 UTC

Hi

cryptsetup-2.3.3-3.el8.x86_64

[root@dell-r430-5 home]# cryptsetup luksFormat -c cipher_null  /dev/loop0
WARNING: Device /dev/loop0 already contains a 'crypto_LUKS' superblock signature.

WARNING!
========
This will overwrite data on /dev/loop0 irrevocably.

Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /root/1.tar: 
Verify passphrase: 
[root@dell-r430-5 home]# cryptsetup open  /dev/loop0 loop0
Enter passphrase for /root/1.tar: 
'[root@dell-r430-5 home]# lsblk
NAME                        MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
loop0                         7:0    0     1G  0 loop  
`-loop0                     253:3    0  1008M  0 crypt 
sda                           8:0    0 278.9G  0 disk  
|-sda1                        8:1    0     1G  0 part  /boot
`-sda2                        8:2    0 277.9G  0 part  
  |-rhel_dell--r430--5-root 253:0    0    70G  0 lvm   /
  |-rhel_dell--r430--5-swap 253:1    0  15.7G  0 lvm   [SWAP]
  `-rhel_dell--r430--5-home 253:2    0 192.2G  0 lvm   /home
sr0                          11:0    1  1024M  0 rom   
[root@dell-r430-5 home]# cryptsetup reencrypt /dev/loop0 -c aes-xts-plain64
Enter passphrase for key slot 0: 
Auto-detected active dm device 'loop0' for data device /dev/loop0.
Mismatching parameters on device loop0.
Failed to initialize LUKS2 reencryption in metadata.
[root@dell-r430-5 home]# $?
-bash: 1: command not found

Comment 4 Ondrej Kozina 2021-02-17 11:19:46 UTC

Fixed with following upstream PR: https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/137

Comment 9 guazhang@redhat.com 2021-02-19 00:51:34 UTC

Hi

[root@storageqe-69 ~]# uname -a
Linux storageqe-69.rhts.eng.pek2.redhat.com 4.18.0-287.el8.x86_64 #1 SMP Thu Feb 11 03:56:04 EST 2021 x86_64 x86_64 x86_64 GNU/Linux
[root@storageqe-69 ~]# rpm -qa | grep cryptsetup
cryptsetup-reencrypt-2.3.3-4.el8.x86_64
cryptsetup-libs-2.3.3-4.el8.x86_64
cryptsetup-2.3.3-4.el8.x86_64
cryptsetup-devel-2.3.3-4.el8.x86_64

[root@storageqe-69 ~]# cryptsetup luksFormat -c cipher_null /dev/loop0

WARNING!
========
This will overwrite data on /dev/loop0 irrevocably.

Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /root/1.tar: 
Verify passphrase: 
[root@storageqe-69 ~]# cryptsetup reencrypt /dev/loop0 -c aes-xts-plain64
Enter passphrase for key slot 0: 
[root@storageqe-69 ~]# 
[root@storageqe-69 ~]# cryptsetup luksDump  /dev/loop0 
LUKS header information
Version:       	2
Epoch:         	10
Metadata area: 	16384 [bytes]
Keyslots area: 	16744448 [bytes]
UUID:          	61cead81-4840-4baf-861b-008026767af2
Label:         	(no label)
Subsystem:     	(no subsystem)
Flags:       	(no flags)

Data segments:
  0: crypt
	offset: 16777216 [bytes]
	length: (whole device)
	cipher: aes-xts-plain64
	sector: 512 [bytes]

Keyslots:
  1: luks2
	Key:        512 bits
	Priority:   normal
	Cipher:     aes-xts-plain64
	Cipher key: 512 bits
	PBKDF:      argon2i
	Time cost:  10
	Memory:     1048576
	Threads:    4
	Salt:       e8 b6 30 7c b1 d0 36 92 c3 96 86 cb 23 6d 8b f1 
	            8d 3f 74 d2 0a 8f f3 95 26 46 1d c9 cc ee 65 57 
	AF stripes: 4000
	AF hash:    sha256
	Area offset:163840 [bytes]
	Area length:258048 [bytes]
	Digest ID:  1
Tokens:
Digests:
  1: pbkdf2
	Hash:       sha256
	Iterations: 1000
	Salt:       82 4d 84 54 a3 12 bd b6 2b 1d 36 29 94 0b ad f0 
	            e6 93 44 b8 59 34 89 56 eb f9 ee 60 ad 05 ab 3f 
	Digest:     d0 c7 76 fd b9 47 aa 63 67 8a 3b 0b 59 0b 56 ec 
	            e0 5a 66 12 b7 e1 8c 9e 06 1b a4 12 76 b8 09 d9 
[root@storageqe-69 ~]



test pass with fixed package, move to verified

Comment 11 errata-xmlrpc 2021-05-18 15:10:38 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (cryptsetup bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1728

Note You need to log in before you can comment on or make changes to this bug.