`cryptsetup reencrypt` seems to cripple digest iteration count
Issue description
When running cryptsetup reencrypt /dev/mydisk
the iteration count on the digest is greatly decreased to the hardcoded minimum for PBKDF2 despite other defaults being adhered to.
I doubt I selected the iteration count manually when I created my container, so I assume it was chosen by benchmark at luksFormat
time. After the reencrypt
the iteration count is much smaller (was 176646
, now is 1000
), and to my poor knowledge so small that it is not recommended.
I would have understood if reencrypt
re-chose a default, but clearly it didn't even run a benchmark. Since the digest protects the master key, is this a bug in cryptsetup
?
Steps for reproducing the issue
I had a LUKS partition for which cryptsetup luksDump /dev/mydisk
gave (excerpt)
Digests:
0: pbkdf2
Hash: sha256
Iterations: 176646
Salt: xx xx ...
...
Running cryptsetup reencrypt /dev/mydisk
while the container was online removed the previous digest after it was done (understandably), leaving the following (Iterations
has now changed to a much smaller value)
Digests:
1: pbkdf2
Hash: sha256
Iterations: 1000
Salt: xx xx ...
...
Additional info
I'm using a fresh installation of Ubuntu 20.10.
Debug log
(Note: I only made this log after the iteration value had changed to 1000 the first time.)
# cryptsetup 2.3.3 processing "cryptsetup reencrypt /dev/mydisk --debug --debug-json --key-file=key.key"
# Running command reencrypt.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/mydisk.
# Trying to open and read device /dev/mydisk with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/mydisk.
# Crypto backend (OpenSSL 1.1.1f 31 Mar 2020) initialized in cryptsetup library version 2.3.3.
# Detected kernel Linux 5.8.0-25-generic x86_64.
# Loading LUKS2 header (repair disabled).
# Acquiring read lock for device /dev/mydisk.
# Opening lock resource file /run/cryptsetup/L_8:131
# Verifying lock handle for /dev/mydisk.
# Device /dev/mydisk READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/mydisk
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:6a2c337c5e7e43414dccd85ea57eafcbb38d4e269dcd333955609c7ca4f6ffde (on-disk)
# Checksum:6a2c337c5e7e43414dccd85ea57eafcbb38d4e269dcd333955609c7ca4f6ffde (in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Reusing open ro fd on device /dev/mydisk
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:7ae0706cb5606e09f4bc235384bf9aeb0fcceec52451139f4b0d5b6e41fda590 (on-disk)
# Checksum:7ae0706cb5606e09f4bc235384bf9aeb0fcceec52451139f4b0d5b6e41fda590 (in-memory)
# Device size 498770903040, offset 16777216.
# Device /dev/mydisk READ lock released.
# PBKDF argon2i, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# File descriptor passphrase entry requested.
# Checking volume passphrase [keyslot 1] using passphrase.
# Trying to open LUKS2 keyslot 1.
# Reading keyslot area [0x47000].
# Acquiring read lock for device /dev/mydisk.
# Opening lock resource file /run/cryptsetup/L_8:131
# Verifying lock handle for /dev/mydisk.
# Device /dev/mydisk READ lock taken.
# Reusing open ro fd on device /dev/mydisk
# Device /dev/mydisk READ lock released.
# Verifying key from keyslot 1, digest 0.
Key slot 1 unlocked.
# PBKDF argon2i, time_ms 0 (iterations 9), max_memory_kb 1048576, parallel_threads 4.
# Adding new keyslot -1 with volume key unassigned to a crypt segment.
# Selected keyslot 0.
# Digest 0 (pbkdf2) verify failed with -1.
# Creating new digest 1 (pbkdf2).
# Setting PBKDF2 type key digest 1.
# Digest JSON:# {
"type":"pbkdf2",
"keyslots":[
],
"segments":[
],
"hash":"sha256",
"iterations":1000,
"salt":"5rvL/q1N5jAayrquuttmuGF2qRD7i1zMUz5m9kAWt2Y=",
"digest":"TJjIVkqUbHbAHRF5XrE0okttb2x+Y6I35MbBY1njiWg="
}# Keyslot 0 assigned to digest 1.
# Trying to allocate LUKS2 keyslot 0.
# Found area 32768 -> 290816
# Reusing PBKDF values (no benchmark flag is set).
# Keyslot JSON:# {
"type":"luks2",
"key_size":64,
"af":{
"type":"luks1",
"stripes":4000,
"hash":"sha256"
},
"area":{
"type":"raw",
"offset":"32768",
"size":"258048",
"encryption":"aes-xts-plain64",
"key_size":64
},
"kdf":{
"type":"argon2i",
"time":9,
"memory":1048576,
"cpus":4,
"salt":"quiklLxDvdB3t0JjbUznFVrcKnQOoEksXB82xVsMVL0="
}
}# Calculating attributes for LUKS2 keyslot 0.
(truncated)