Integrity does not seem to work with detached header
Issue description
Integrity does not seem to work with detached header.
Steps for reproducing the issue
Does not work
cryptsetup luksFormat mydatafile.data --debug --type luks2 --header myheaderfile.header --integrity hmac-sha256
Works
cryptsetup luksFormat mydatafile.data --debug --type luks2 --header myheaderfile.header
cryptsetup luksFormat mydatafile.data --debug --type luks2 --integrity hmac-sha256
Additional info
Arch Linux Kernel 5.9.1 cryptsetup 2.3.4
Debug log
$ cryptsetup luksFormat mydatafile.data --debug --type luks2 --header myheaderfile.header --integrity hmac-sha256
# cryptsetup 2.3.4 processing "cryptsetup luksFormat mydatafile.data --debug --type luks2 --header myheaderfile.header --integrity hmac-sha256"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
WARNING!
========
Header file does not exist, do you want to create it?
Are you sure? (Type 'yes' in capital letters): YES
# Creating header file.
# Allocating context for crypt device myheaderfile.header.
# Trying to open and read device myheaderfile.header with direct-io.
# Initialising device-mapper backend library.
# Interactive passphrase entry requested.
Enter passphrase for myheaderfile.header:
Verify passphrase:
# Crypto backend (OpenSSL 1.1.1h 22 Sep 2020) initialized in cryptsetup library version 2.3.4.
# Detected kernel Linux 5.9.1-arch1-1 x86_64.
# PBKDF argon2i, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# Formatting device myheaderfile.header as type LUKS2.
# Trying to open and read device mydatafile.data with direct-io.
# Checking if cipher aes-xts-plain64 is usable.
# Using userspace crypto wrapper to access keyslot area.
# Formatting LUKS2 with JSON metadata area 12288 bytes and keyslots area 16744448 bytes.
# Creating new digest 0 (pbkdf2).
# Setting PBKDF2 type key digest 0.
# Running pbkdf2(sha256) benchmark.
# PBKDF benchmark: memory cost = 0, iterations = 630153, threads = 0 (took 52 ms)
# PBKDF benchmark: memory cost = 0, iterations = 1202495, threads = 0 (took 436 ms)
# PBKDF benchmark: memory cost = 0, iterations = 1198372, threads = 0 (took 875 ms)
# Benchmark returns pbkdf2(sha256) 1198372 iterations, 0 memory, 0 threads (for 768-bits key).
# Segment 0 assigned to digest 0.
# Wiping LUKS areas (0x000000 - 0x001000) with zeroes.
# Wiping keyslots area (0x008000 - 0x1000000) with random data.
# Reusing open rw fd on device myheaderfile.header
# dm version [ opencount flush ] [16384] (*1)
# dm versions [ opencount flush ] [16384] (*1)
# Detected dm-ioctl version 4.42.0.
# Detected dm-integrity version 1.6.0.
# Detected dm-crypt version 1.22.0.
# Device-mapper backend running with UDEV support enabled.
# Trying to format INTEGRITY device on top of mydatafile.data, tmp name temporary-cryptsetup-3ad2ef06-7d40-4281-95ce-effb20546c7f, tag size 32.
# Allocating a free loop device.
# Trying to open and read device /dev/loop0 with direct-io.
# Allocating a free loop device.
# Trying to open and read device /dev/loop1 with direct-io.
# DM-UUID is CRYPT-INTEGRITY-temporary-cryptsetup-3ad2ef06-7d40-4281-95ce-effb20546c7f
# Udev cookie 0xd4d28c8 (semid 229381) created
# Udev cookie 0xd4d28c8 (semid 229381) incremented to 1
# Udev cookie 0xd4d28c8 (semid 229381) incremented to 2
# Udev cookie 0xd4d28c8 (semid 229381) assigned to CREATE task(0) with flags DISABLE_SUBSYSTEM_RULES DISABLE_DISK_RULES DISABLE_OTHER_RULES DISABLE_LIBRARY_FALLBACK (0x2e)
# dm create temporary-cryptsetup-3ad2ef06-7d40-4281-95ce-effb20546c7f CRYPT-INTEGRITY-temporary-cryptsetup-3ad2ef06-7d40-4281-95ce-effb20546c7f [ opencount flush ] [16384] (*1)
# dm reload temporary-cryptsetup-3ad2ef06-7d40-4281-95ce-effb20546c7f [ opencount flush securedata ] [16384] (*1)
# dm resume temporary-cryptsetup-3ad2ef06-7d40-4281-95ce-effb20546c7f [ opencount flush securedata ] [16384] (*1)
# temporary-cryptsetup-3ad2ef06-7d40-4281-95ce-effb20546c7f: Stacking NODE_ADD (254,5) 0:0 0600 [trust_udev]
# temporary-cryptsetup-3ad2ef06-7d40-4281-95ce-effb20546c7f: Stacking NODE_READ_AHEAD 256 (flags=1)
# Udev cookie 0xd4d28c8 (semid 229381) decremented to 1
# Udev cookie 0xd4d28c8 (semid 229381) waiting for zero
# Udev cookie 0xd4d28c8 (semid 229381) destroyed
# temporary-cryptsetup-3ad2ef06-7d40-4281-95ce-effb20546c7f: Skipping NODE_ADD (254,5) 0:0 0600 [trust_udev]
# temporary-cryptsetup-3ad2ef06-7d40-4281-95ce-effb20546c7f: Processing NODE_READ_AHEAD 256 (flags=1)
# temporary-cryptsetup-3ad2ef06-7d40-4281-95ce-effb20546c7f (254:5): read ahead is 256
# temporary-cryptsetup-3ad2ef06-7d40-4281-95ce-effb20546c7f: retaining kernel read ahead of 256 (requested 256)
# dm versions [ opencount flush ] [16384] (*1)
# Udev cookie 0xd4dd68f (semid 229382) created
# Udev cookie 0xd4dd68f (semid 229382) incremented to 1
# Udev cookie 0xd4dd68f (semid 229382) incremented to 2
# Udev cookie 0xd4dd68f (semid 229382) assigned to REMOVE task(2) with flags DISABLE_LIBRARY_FALLBACK (0x20)
# dm remove temporary-cryptsetup-3ad2ef06-7d40-4281-95ce-effb20546c7f [ opencount flush retryremove ] [16384] (*1)
# Udev cookie 0xd4dd68f (semid 229382) decremented to 0
# Udev cookie 0xd4dd68f (semid 229382) waiting for zero
# Udev cookie 0xd4dd68f (semid 229382) destroyed
# Device size 16777216, offset 16777216.
# Acquiring write lock for device myheaderfile.header.
# Verifying lock handle for myheaderfile.header.
# Device myheaderfile.header WRITE lock taken.
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Reusing open rw fd on device myheaderfile.header
# Checksum:96d6f7d553599d154441ed0fae7e9c6ae5ef782ec6e2442eadb6b7395c231b1a (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Reusing open rw fd on device myheaderfile.header
# Checksum:5398c61d3a3c19e16f01654391541bcedb5c1f82d4b584c2daf7ab091030601f (in-memory)
# Device myheaderfile.header WRITE lock released.
# Adding new keyslot -1 using volume key.
# Adding new keyslot -1 with volume key assigned to a crypt segment.
# Selected keyslot 0.
# Keyslot 0 assigned to digest 0.
# Trying to allocate LUKS2 keyslot 0.
# Found area 32768 -> 417792
# Running argon2i() benchmark.
# PBKDF benchmark: memory cost = 32, iterations = 4, threads = 4 (took 16 ms)
# PBKDF benchmark: memory cost = 500, iterations = 4, threads = 4 (took 3 ms)
# PBKDF benchmark: memory cost = 8000, iterations = 4, threads = 4 (took 27 ms)
# PBKDF benchmark: memory cost = 74074, iterations = 4, threads = 4 (took 215 ms)
# PBKDF benchmark: memory cost = 86132, iterations = 4, threads = 4 (took 234 ms)
# PBKDF benchmark: memory cost = 92021, iterations = 4, threads = 4 (took 253 ms)
# PBKDF benchmark: memory cost = 727438, iterations = 4, threads = 4 (took 1651 ms)
# PBKDF benchmark: memory cost = 881208, iterations = 4, threads = 4 (took 1855 ms)
# PBKDF benchmark: memory cost = 950089, iterations = 4, threads = 4 (took 2097 ms)
# Benchmark returns argon2i() 4 iterations, 950089 memory, 4 threads (for 512-bits key).
# Calculating attributes for LUKS2 keyslot 0.
# Acquiring write lock for device myheaderfile.header.
# Verifying lock handle for myheaderfile.header.
# Device myheaderfile.header WRITE lock taken.
# Checking context sequence id matches value stored on disk.
# Reusing open ro fd on device myheaderfile.header
# Updating keyslot area [0x8000].
# Reusing open rw fd on device myheaderfile.header
# Device size 16777216, offset 16777216.
# Device myheaderfile.header WRITE lock already held.
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Reusing open rw fd on device myheaderfile.header
# Checksum:d4493b9dd6d90a7c0b85db2357f736018ac53f699f4d4ec284fbb9b28a05f3ec (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Reusing open rw fd on device myheaderfile.header
# Checksum:49509022b2565c4a0652583554d54be8650f381c17e0bbd424585db0d421dade (in-memory)
# Device myheaderfile.header WRITE lock released.
Key slot 0 created.
Wiping device to initialize integrity checksum.
You can interrupt this by pressing CTRL+c (rest of not wiped device will contain invalid checksum).
# Activating volume temporary-cryptsetup-ce117076-32a8-458c-a22c-8ec3472411cc by volume key.
# dm versions [ opencount flush ] [16384] (*1)
# dm status temporary-cryptsetup-ce117076-32a8-458c-a22c-8ec3472411cc [ opencount noflush ] [16384] (*1)
# Loading key (96 bytes, type logon) in thread keyring.
# Reusing open ro fd on device myheaderfile.header
No integrity superblock detected on myheaderfile.header.
# Requesting keyring logon key for revoke and unlink.
# Releasing crypt device myheaderfile.header context.
# Releasing device-mapper backend.
# Closing read write fd for mydatafile.data.
# Closed loop /dev/loop0 (mydatafile.data).
# Closing read only fd for myheaderfile.header.
# Closing read write fd for myheaderfile.header.
# Closed loop /dev/loop1 (myheaderfile.header).
# Unlocking memory.
Command failed with code -1 (wrong or missing parameters).
Update:
Adding --integrity-no-wipe
also works:
cryptsetup luksFormat mydatafile.data --debug --type luks2 --header myheaderfile.header --integrity hmac-sha256 --integrity-no-wipe
Update 2:
The following command:
cryptsetup luksFormat mydatafile.data --debug --type luks2 --header myheaderfile.header --integrity hmac-sha256 --integrity-no-wipe --cipher aes-xts-random
works only for data files up to 178563584
bytes. For larger files the following error occurs:
device-mapper: reload ioctl on failed: Invalid argument
Cannot format integrity for device data.