[Bug 1942003] [NEW] Partial interactive password read on Focal

Aaron Thompson 1942003 at bugs.launchpad.net
Sun Aug 29 19:05:14 UTC 2021 

Public bug reported:

Upstream bug: https://gitlab.com/cryptsetup/cryptsetup/-/issues/627

This is a latent bug in cryptsetup versions before 2.3.5 that surfaced
due to a change in the behavior of the kernel's TTY driver. The bug was
not triggered on Focal's 5.8 kernels, but it is on the 5.11 kernel that
was recently released, so this bug is now occurring on up-to-date Focal
systems.

This bug only occurs, at least in my testing, for interactively-entered
passphrases with lengths that are a multiple of 64. In that case,
cryptsetup reads one byte less than it should. (A test tool is
attached.) I would guess this bug won't be triggered for many people,
but for those who do happen to hit it, it's pretty bad. Volumes created
without the bug cannot be unlocked interactively with the bug.
cryptsetup will only read the passphrase correctly using a non-TTY stdin
or a key file. Also, volumes created interactively with the bug can be
unlocked without the bug, but only if the last byte of the passphrase is
omitted.

For example, on a current Focal host:

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.3 LTS
Release:	20.04
Codename:	focal

$ uname -a
Linux ip-172-31-9-241 5.11.0-1016-aws #17~20.04.1-Ubuntu SMP Thu Aug 12 05:39:36 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

$ dpkg-query --no-pager -l cryptsetup-bin
ii  cryptsetup-bin 2:2.2.2-3ubuntu2.3 amd64        disk encryption support - command line tools

$ perl -pe chomp > test-passphrase
1234567891123456789212345678931234567894123456789512345678961234

$ wc test-passphrase 
 0  1 64 test-passphrase

$ dd if=/dev/zero of=test-block-dev bs=32M count=1
$ sudo cryptsetup luksFormat test-block-dev test-passphrase 

WARNING!
========
This will overwrite data on test-block-dev irrevocably.

Are you sure? (Type uppercase yes): YES

$ sudo cryptsetup --tries 1 open test-block-dev testing
Enter passphrase for test-block-dev: 1234567891123456789212345678931234567894123456789512345678961234
No key available with this passphrase.

$ dd if=/dev/zero of=test-block-dev bs=32M count=1
$ sudo cryptsetup luksFormat test-block-dev

WARNING!
========
This will overwrite data on test-block-dev irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase for test-block-dev: 1234567891123456789212345678931234567894123456789512345678961234
Verify passphrase: 1234567891123456789212345678931234567894123456789512345678961234

$ sudo cryptsetup --key-file test-passphrase open test-block-dev testing
No key available with this passphrase.


In contrast, both of the cryptsetup open commands succeed if running on a 5.8 kernel.

Fortunately the fix is straightforward so I hope we can get it released
to Focal. I'll send a merge request.

** Affects: cryptsetup (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "A test tool that shows what the buggy cryptsetup reads from a TTY"
   https://bugs.launchpad.net/bugs/1942003/+attachment/5521478/+files/tty-read-test.c

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1942003

Title:
  Partial interactive password read on Focal

Status in cryptsetup package in Ubuntu:
  New

Bug description:
  Upstream bug: https://gitlab.com/cryptsetup/cryptsetup/-/issues/627

  This is a latent bug in cryptsetup versions before 2.3.5 that surfaced
  due to a change in the behavior of the kernel's TTY driver. The bug
  was not triggered on Focal's 5.8 kernels, but it is on the 5.11 kernel
  that was recently released, so this bug is now occurring on up-to-date
  Focal systems.

  This bug only occurs, at least in my testing, for interactively-
  entered passphrases with lengths that are a multiple of 64. In that
  case, cryptsetup reads one byte less than it should. (A test tool is
  attached.) I would guess this bug won't be triggered for many people,
  but for those who do happen to hit it, it's pretty bad. Volumes
  created without the bug cannot be unlocked interactively with the bug.
  cryptsetup will only read the passphrase correctly using a non-TTY
  stdin or a key file. Also, volumes created interactively with the bug
  can be unlocked without the bug, but only if the last byte of the
  passphrase is omitted.

  For example, on a current Focal host:

  $ lsb_release -a
  No LSB modules are available.
  Distributor ID:	Ubuntu
  Description:	Ubuntu 20.04.3 LTS
  Release:	20.04
  Codename:	focal

  $ uname -a
  Linux ip-172-31-9-241 5.11.0-1016-aws #17~20.04.1-Ubuntu SMP Thu Aug 12 05:39:36 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

  $ dpkg-query --no-pager -l cryptsetup-bin
  ii  cryptsetup-bin 2:2.2.2-3ubuntu2.3 amd64        disk encryption support - command line tools

  $ perl -pe chomp > test-passphrase
  1234567891123456789212345678931234567894123456789512345678961234

  $ wc test-passphrase 
   0  1 64 test-passphrase

  $ dd if=/dev/zero of=test-block-dev bs=32M count=1
  $ sudo cryptsetup luksFormat test-block-dev test-passphrase 

  WARNING!
  ========
  This will overwrite data on test-block-dev irrevocably.

  Are you sure? (Type uppercase yes): YES

  $ sudo cryptsetup --tries 1 open test-block-dev testing
  Enter passphrase for test-block-dev: 1234567891123456789212345678931234567894123456789512345678961234
  No key available with this passphrase.

  $ dd if=/dev/zero of=test-block-dev bs=32M count=1
  $ sudo cryptsetup luksFormat test-block-dev

  WARNING!
  ========
  This will overwrite data on test-block-dev irrevocably.

  Are you sure? (Type uppercase yes): YES
  Enter passphrase for test-block-dev: 1234567891123456789212345678931234567894123456789512345678961234
  Verify passphrase: 1234567891123456789212345678931234567894123456789512345678961234

  $ sudo cryptsetup --key-file test-passphrase open test-block-dev testing
  No key available with this passphrase.

  
  In contrast, both of the cryptsetup open commands succeed if running on a 5.8 kernel.

  Fortunately the fix is straightforward so I hope we can get it
  released to Focal. I'll send a merge request.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1942003/+subscriptions

More information about the foundations-bugs mailing list