LUKS2 volume creation fails

[HulaHoopWhonix]

I tried creating LUKS2 volumes on Debian Buster but it errors out without explanation. I have the cryptsetup binaries installed. Any idea if it is a missing dependency or a bug in ZC?

[mhogomchungu]

Run below command from root's terminal and report its output

zuluCrypt-cli --test

[HulaHoopWhonix]

Output:

user@host:~$ zuluCrypt-cli --test

WARNING: "loop" kernel module does not appear to be loaded,
tests and opening of encrypted containers in files will fail if the module was not built into the kernel

creating a testing image file
creating a testing image file
creating a testing image file
creating a keyfile
creating a keyfile

create a luks type volume using a key: FAILED
user@host:~$ sudo modprobe -f loop
user@host:~$ zuluCrypt-cli --test
creating a testing image file
creating a testing image file
creating a testing image file
creating a keyfile
creating a keyfile

create a luks type volume using a key: FAILED

[mhogomchungu]

You were supposed to run the command from root's account.

Is your system fully updated? There was a version of zulucrypt in debian buster that was not working people and the problem was fixed later on.

[HulaHoopWhonix]

I updated the apt sources and redownloaded zulucrypt.-gui. Tested it wih LUKS2 same problem. Ran test as root with out put below. Am I right to say it does't test the second LUKS version? :

root@host:/home/user# zuluCrypt-cli --test
creating a testing image file
creating a testing image file
creating a testing image file
creating a keyfile
creating a keyfile

create a luks type volume using a key: password
PASSED

check if a luks volume is a luks volume: PASSED

create luks header backup: PASSED

restore luks header from backup: PASSED

create a plain type volume using a key: PASSED

create a tcrypt type volume using a key: PASSED

open a plain volume with a key: PASSED
closing a plain volume: PASSED

open a plain volume with a keyfile: PASSED
closing a plain volume: PASSED

open a tcrypt volume with a key: PASSED
closing a tcrypt volume: PASSED

test plugin not found,skip plain volume opening with a plugin

open a luks volume with a key: PASSED
closing a luks volume: PASSED

open a luks volume with a keyfile: PASSED
closing a luks volume: PASSED

test plugin not found,skip luks volume opening with a plugin

check key slots in use: 30000000

add a key to a luks volume using a key and a key: PASSED
add key to luks volume using keyfile and keyfile: PASSED
add key to luks volume using passphrase and keyfile: PASSED
add key to luks volume using keyfile and passphrase: PASSED

check key slots in use: 11111000

remove a key from a luks volume using a key: PASSED
remove a key from a luks volume using a keyfile: PASSED
check key slots in use: 01011000

check if there are no opened mappers: PASSED
root@host:/home/user# password
WARNING:root:could not open file '/etc/apt/sources.list'

password: command not found

[mhogomchungu]

From root's run these commands and post the output of the second command

1. truncate -s 50M luks.img
2. cryptsetup -v --debug luksFormat luks.img --type=LUKS2 --pbkdf=argon2i --pbkdf-parallel=4 --pbkdf-memory=1024 --sector-size=512
3. rm -rf luks.img

[HulaHoopWhonix]

root@host:/home/user# truncate -s 50M luks.img
root@host:/home/user# cryptsetup -v --debug luksFormat luks.img --type=LUKS2 --pbkdf=argon2i --pbkdf-parallel=4 --pbkdf-memory=1024 --sector-size=512
# cryptsetup 2.1.0 processing "cryptsetup -v --debug luksFormat luks.img --type=LUKS2 --pbkdf=argon2i --pbkdf-parallel=4 --pbkdf-memory=1024 --sector-size=512"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device luks.img.
# Trying to open and read device luks.img with direct-io.
# Initialising device-mapper backend library.

WARNING!
========
This will overwrite data on luks.img irrevocably.

Are you sure? (Type uppercase yes): YES
# Interactive passphrase entry requested.
Enter passphrase for luks.img: 
Verify passphrase: 
# Crypto backend (OpenSSL 1.1.1b  26 Feb 2019) initialized in cryptsetup library version 2.1.0.
# Detected kernel Linux 4.19.0-4-amd64 x86_64.
# Only 1 active CPUs detected, PBKDF threads decreased from 4 to 1.
# PBKDF argon2i, hash sha256, time_ms 2000 (iterations 0), max_memory_kb 1024, parallel_threads 1.
# Formatting device luks.img as type LUKS2.
# Topology info for luks.img not supported, using default offset 1048576 bytes.
# Checking if cipher aes-xts-plain64 is usable.
# Using userspace crypto wrapper to access keyslot area.
# Formatting LUKS2 with JSON metadata area 12288 bytes and keyslots area 16744448 bytes.
# Creating new digest 0 (pbkdf2).
# Setting PBKDF2 type key digest 0.
# Running pbkdf2(sha256) benchmark.
# PBKDF benchmark: memory cost = 0, iterations = 655360, threads = 0 (took 50 ms)
# PBKDF benchmark: memory cost = 0, iterations = 618994, threads = 0 (took 847 ms)
# Benchmark returns pbkdf2(sha256) 618994 iterations, 0 memory, 0 threads (for 512-bits key).
# Segment 0 assigned to digest 0.
# Wiping LUKS areas (0x000000 - 0x1000000) with zeroes.
# Wiping keyslots area (0x008000 - 0x1000000) with random data.
# Device size 52428800, offset 16777216.
# Acquiring write lock for device luks.img.
# Verifying write lock handle for device luks.img.
# Device luks.img WRITE lock taken.
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Opening locked device luks.img
# Veryfing locked device handle (regular file)
# Checksum:9e753f16b6af6c70e40739d13c89fe647ccff9bc5b3ddf4c7991dbcfdea2fd81 (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Opening locked device luks.img
# Veryfing locked device handle (regular file)
# Checksum:3dba43069c1db2238e1b24ffc966634d0c550c2056de0f7a577ddadd6e98eab0 (in-memory)
# Device luks.img WRITE lock released.
# Adding new keyslot -1 using volume key.
# Adding new keyslot -1 with volume key assigned to a crypt segment.
# Selected keyslot 0.
# Verifying key digest 0.
# Keyslot 0 assigned to digest 0.
# Trying to allocate LUKS2 keyslot 0.
# Found area 32768 -> 290816
# Running argon2i() benchmark.
# PBKDF benchmark: memory cost = 32, iterations = 4, threads = 1 (took 0 ms)
# PBKDF benchmark: memory cost = 512, iterations = 4, threads = 1 (took 2 ms)
# PBKDF benchmark: memory cost = 1024, iterations = 4, threads = 1 (took 5 ms)
# PBKDF benchmark: memory cost = 1024, iterations = 64, threads = 1 (took 80 ms)
# PBKDF benchmark: memory cost = 1024, iterations = 200, threads = 1 (took 255 ms)
# PBKDF benchmark: memory cost = 1024, iterations = 1568, threads = 1 (took 2016 ms)
# Benchmark returns argon2i() 1568 iterations, 1024 memory, 1 threads (for 512-bits key).
# Calculating attributes for LUKS2 keyslot 0.
# Updating keyslot area [0x8000].
# Acquiring write lock for device luks.img.
# Verifying write lock handle for device luks.img.
# Device luks.img WRITE lock taken.
# Opening locked device luks.img
# Veryfing locked device handle (regular file)
# Device luks.img WRITE lock released.
# Device size 52428800, offset 16777216.
# Acquiring write lock for device luks.img.
# Verifying write lock handle for device luks.img.
# Device luks.img WRITE lock taken.
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Opening locked device luks.img
# Veryfing locked device handle (regular file)
# Checksum:23c9d0ead8986b9292593f0632d6d37cb28a3d295296abd628dcd5cb03d5d0c3 (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Opening locked device luks.img
# Veryfing locked device handle (regular file)
# Checksum:e64295f75ebf8fae0aaa58278c6fff26ca80a2d64d95d98b48473d52225d14df (in-memory)
# Device luks.img WRITE lock released.
Key slot 0 created.
# Releasing crypt device luks.img context.
# Releasing device-mapper backend.
# Unlocking memory.
Command successful.
root@host:/home/user# rm -rf luks.img
root@host:/home/user# 

[mhogomchungu]

I dont see anything wrong with your output and I don't see why zuluCrypt is failing.

Will install Debian buster Monday to see for myself why its failing.

[mhogomchungu]

Where are you trying to create your volume?

In a container file or hard drive?
If its in a hard drive, can you create a LUKS1/TrueCrypt/VeraCrypt volume?

If its in a hard drive ,can you create a LUKS2 volume with the test command i gave above but with "luks.img" path substituted with your hard drive

[HulaHoopWhonix]

In a container file or hard drive?

Just a container file. Haven't tried anything else for now.

If its in a hard drive ,can you create a LUKS2 volume with the test command i gave above but with "luks.img" path substituted with your hard drive

I'm a bit of a noob with HDD volume encryption. I focus on just container files.

[HulaHoopWhonix]

Will install Debian buster Monday to see for myself why its failing.

Thanks for spending time to install Buster.

Please use the opportunity to test deniable plain dm-crypt containers too, which I ran into problems with. It is a very interesting feature to have and I'm happy to see it exists on Linux.

#115

[mhogomchungu]

I can not reproduce your issue in debian Buster.

What is the size of the container file you are creating?

[mhogomchungu]

Found the problem. The volume creation process took more than 30 seconds in your system and this[1] method was timing out after 30 seconds

This[2] commit solved the problem.

Thanks for the report.

[1] https://doc.qt.io/qt-5/qlocalsocket.html#waitForReadyRead
[2] a6417eb