bug#53005: closed (cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF)

[GNU bug Tracking System]

Your message dated Wed, 07 Feb 2024 14:59:05 -0500
with message-id <87jzng59me.fsf@simonsouth.net>
and subject line Re: bug#53005: cryptsetup-static aborts opening LUKS2 volume 
with Argon2i PBKDF
has caused the debbugs.gnu.org bug report #53005,
regarding cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
53005: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=53005
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
> --- Begin Message ---
>
>
>
> Subject: 
>
> cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF
>
>
>
>
> Date: 
>
> Tue, 04 Jan 2022 09:36:57 -0500
>
>
>
>
> Currently cryptsetup from the "cryptsetup-static" package is unable to
> open LUKS2 encrypted volumes that use the Argon2i key-derivation
> algorithm, the default for LUKS2.  It catches SIGABRT and exits without
> opening the volume.
>
> This appears to be a regression following the merge of the
> core-updates-frozen branch and because of it, I'm unable to boot into an
> up-to-date system as there is no way to get past the "Enter passphrase"
> prompt at startup.
>
> I've verified this on both AArch64 and x86-64.  To reproduce:
>
> 1. Ensure the "cryptsetup" package is installed in your profile and that
>    "cryptsetup-static", the statically-linked equivalent added to the
>    initrd and used during startup, is available on your system:
>
>      guix install cryptsetup
>      guix build --verbosity=2 cryptsetup-static
>
> 2. Create a file containing a dummy LUKS2 volume:
>
>      truncate -s 32M ./dummy-luks-volume
>      cryptsetup luksFormat --type luks2 ./dummy-luks-volume
>
>    Make sure the Argon2i PBKDF algorithm was selected during formatting:
>
>      cryptsetup luksDump ./dummy-luks-volume | grep argon
>
>    This should output "PBKDF: argon2i".
>
> 3. Verify the volume can be opened using the regular cryptsetup tool:
>
>      sudo cryptsetup open --type luks ./dummy-luks-volume dummy-volume
>      ls /dev/mapper/dummy-volume
>      sudo cryptsetup close /dev/mapper/dummy-volume
>
> 4. Now try opening the volume using the statically-linked cryptsetup:
>
>      sudo `guix build cryptsetup-static`/sbin/cryptsetup open \
>        --type luks ./dummy-luks-volume dummy-volume
>      ls /dev/mapper/dummy-volume
>
> You should find (on most runs, at least) after you enter the passphrase
> the tool exits with "Aborted" and with no entry added beneath
> /dev/mapper.
>
> -- 
> Simon South
> simon@simonsouth.net
>
>
>
> --- End Message ---
> --- Begin Message ---
>
>
>
> Subject: 
>
> Re: bug#53005: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF
>
>
>
>
> Date: 
>
> Wed, 07 Feb 2024 14:59:05 -0500
>
>
>
>
> User-agent: 
>
> Gnus/5.13 (Gnus v5.13)
>
>
>
>
> This issue was fixed with commit 6b6fb7872486, "gnu: glibc: Build with
> '--strip-debug' instead of '--strip-all'."
>
> -- 
> Simon South
> simon@simonsouth.net
>
>
> --- End Message ---