logging in with luks2 converted encrypted disk only accepts keylsot #1 password

Could you attach luksDump output?

LUKS header information
Version: 2
Epoch: 3
Metadata area: 12288 bytes
UUID: 45e55b5c-b1f4-425c-9021-373b0a12e571
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)

Data segments:
  0: crypt
offset: 2097152 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]

Keyslots:
  0: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
PBKDF: pbkdf2
Hash: sha256
Iterations: 845624
Salt: c1 e7 58 7d ee ef 17 44 f9 13 92 e8 29 d9 b4 6f
            e6 cb 54 90 5d 70 bf 6f 25 f6 e5 2b c7 79 96 d5
AF stripes: 4000
Area offset:32768 [bytes]
Area length:258048 [bytes]
Digest ID: 0
  1: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
PBKDF: pbkdf2
Hash: sha256
Iterations: 860898
Salt: d5 9a ad a9 01 6e ba 88 b9 cd 32 51 ed b6 60 13
            76 fc b2 16 d9 98 47 4c 66 d6 18 73 68 4e 9b a3
AF stripes: 4000
Area offset:290816 [bytes]
Area length:258048 [bytes]
Digest ID: 0
  2: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
PBKDF: argon2i
Time cost: 4
Memory: 640788
Threads: 4
Salt: 02 68 90 48 4c c8 fc 2b 1d ab 7f d9 da 03 3a 27
            a6 a8 5d ff c6 a6 cb 39 c8 9b c1 33 4b 5f 01 b5
AF stripes: 4000
Area offset:548864 [bytes]
Area length:258048 [bytes]
Digest ID: 0
Tokens:
Digests:
  0: pbkdf2
Hash: sha256
Iterations: 54161
Salt: 66 af a5 a2 a3 34 58 d9 bc 61 b0 9d f4 16 5f 6e
            71 47 1e 9e 24 90 d1 68 2c 76 d8 64 fe 73 f8 de
Digest: 49 87 5b 3a b2 51 be 91 e6 7e
            38 fd 39 b0 0b b8 86 a9 f3 2d

________________________________
From: <email address hidden> <email address hidden> on behalf of asi <email address hidden>
Sent: Tuesday, March 13, 2018 3:25 AM
To: <email address hidden>
Subject: [Bug 1755322] Re: logging in with luks2 converted encrypted disk only accepts keylsot #1 password

Could you attach luksDump output?

--
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/1755322
Bug #1755322 “logging in with luks2 converted encrypted disk onl...” : Bugs : cryptsetup package : Ubuntu<https://bugs.launchpad.net/bugs/1755322>
bugs.launchpad.net
Converted encrypted startup disk to Luks2 format. When I did only the #0 keyslot passphrase is accepted at startup. Correct passphase for other slots (#1, #2) says incorrect pass Description: Ubuntu Bionic Beaver (development branch) Release: 18.04 cryptsetup: Installed: 2:2.0.1-0ubuntu2 Candidate: 2:2.0.1-0ubuntu2 Version table: *** 2:2.0.1-0ubuntu2 500 500 http://us.archive.ubuntu.com/ubuntu bionic/main amd64 Packages 100 /var/lib/dpkg/status ProblemType: Bug ...

Title:
  logging in with luks2 converted encrypted disk only accepts keylsot #1
  password

Status in cryptsetup package in Ubuntu:
  New

Bug description:
  Converted encrypted startup disk to Luks2 format.

  When I did only the #0 keyslot passphrase is accepted at startup.

  Correct passphase for other slots (#1, #2) says incorrect pass

  Description: Ubuntu Bionic Beaver (development branch)
  Release: 18.04

  cryptsetup:
    ...

LUKS header information
Version: 2
Epoch: 3
Metadata area: 12288 bytes
UUID: 45e55b5c-b1f4-425c-9021-373b0a12e571
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)

Data segments:
  0: crypt
 offset: 2097152 [bytes]
 length: (whole device)
 cipher: aes-xts-plain64
 sector: 512 [bytes]

Keyslots:
  0: luks2
 Key: 512 bits
 Priority: normal
 Cipher: aes-xts-plain64
 PBKDF: pbkdf2
 Hash: sha256
 Iterations: 845624
 Salt: c1 e7 58 7d ee ef 17 44 f9 13 92 e8 29 d9 b4 6f
             e6 cb 54 90 5d 70 bf 6f 25 f6 e5 2b c7 79 96 d5
 AF stripes: 4000
 Area offset:32768 [bytes]
 Area length:258048 [bytes]
 Digest ID: 0
  1: luks2
 Key: 512 bits
 Priority: normal
 Cipher: aes-xts-plain64
 PBKDF: pbkdf2
 Hash: sha256
 Iterations: 860898
 Salt: d5 9a ad a9 01 6e ba 88 b9 cd 32 51 ed b6 60 13
             76 fc b2 16 d9 98 47 4c 66 d6 18 73 68 4e 9b a3
 AF stripes: 4000
 Area offset:290816 [bytes]
 Area length:258048 [bytes]
 Digest ID: 0
  2: luks2
 Key: 512 bits
 Priority: normal
 Cipher: aes-xts-plain64
 PBKDF: argon2i
 Time cost: 4
 Memory: 640788
 Threads: 4
 Salt: 02 68 90 48 4c c8 fc 2b 1d ab 7f d9 da 03 3a 27
             a6 a8 5d ff c6 a6 cb 39 c8 9b c1 33 4b 5f 01 b5
 AF stripes: 4000
 Area offset:548864 [bytes]
 Area length:258048 [bytes]
 Digest ID: 0
Tokens:
Digests:
  0: pbkdf2
 Hash: sha256
 Iterations: 54161
 Salt: 66 af a5 a2 a3 34 58 d9 bc 61 b0 9d f4 16 5f 6e
             71 47 1e 9e 24 90 d1 68 2c 76 d8 64 fe 73 f8 de
 Digest: 49 87 5b 3a b2 51 be 91 e6 7e
             38 fd 39 b0 0b b8 86 a9 f3 2d

Thx. So, the keyslot 2 was not converted, but added later once device was already in luks2 mode.

Anyway, all offsets and parameters look correct, I was able to recreate the same sized device and it works for me (with upstream git, 2.0.2+).

Can you try from command line for each slot and passphrases:
 cryptsetup luksOpen <device> --test-passphrase -T 1 -v

If anything is not accepted (and you are sure the passphrase is correct:), please add --debug keyword and paste output here.

Otherwise it is something special to Ubuntu that someone else have to analyse :-)

All passwords accepted.

I'll try to submit to Ubuntu.

Jim

This bug was fixed in the package cryptsetup - 2:2.0.2-1ubuntu1

---------------
cryptsetup (2:2.0.2-1ubuntu1) bionic; urgency=low

  * Merge from Debian unstable.
    - bugfix upstream release, which solves problems with luks2 format
      disks not unlocking. LP: #1755322.
  * Remaining changes:
    - debian/control:
      + Depend on plymouth.
      + Invert the "busybox | busybox-static" Recommends, as the latter
        is the one we ship in main as part of the ubuntu-standard task.
      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
    - Drop c99 std, as the default is now higher than that
    - Drop upstart system jobs.
    - Add maintscript to drop removed upstart system jobs.
      - debian has its own now, but we have different version numbers.
        this delta can be dropped after 18.04 release.
    - Drop the CRYPTSETUP variable warning from the initramfs hook, as
      overlayroot package ships a dropin in conf-hooks.d triggering false
      warnings.
  * Dropped changes:
    - debian/cryptdisks{,-udev}.maintscript: drop, there is no package named
      'cryptdisks' or 'cryptdisks-udev'.

cryptsetup (2:2.0.2-1) unstable; urgency=low

  * New upstream release 2.0.2
  * debian/initramfs/cryptroot-hook: copy libgcc_s.so.1 to the initrd, as
    libargon2 (used by LUKS2 devices) uses pthread_cancel. (Closes: #890798.)
  * debian/initramfs/cryptroot-script: create locking directory at initramfs
    stage, before running the cryptsetup binary, which would create it
    automatically but also spew a warning.
  * debian/patches/Fix-loopaesOpen-for-keyfile-on-standard-input.patch:
    removed as it was cherry-picked from upstream and included in 2.0.2.
  * debian/libcryptsetup12.symbols: update with new crypt_token_is_assigned()
    API function.

cryptsetup (2:2.0.1-1) unstable; urgency=low

  * New upstream release 2.0.1:
    - Use /run/cryptsetup as default for cryptsetup locking dir.
    - Add missing symbols for new functions to debian/libcryptsetup12.symbols.
  * debian/copyright: update copyright years.
  * debian/patches: backport upstream's 8728ba08 to fix opening of loop-AES
    devices using --key-file=-. (Closes: #888162.)
  * debian/rules: replace `autoreconf -f -i` with `dh_autoreconf` and add
    `dh_autoreconf_clean` to the "clean:" target. This bumps the minimum
    debhelper version to 9.20160403~ in Build-Depends. (Closes: #888742.)

 -- Steve Langasek <email address hidden> Fri, 06 Apr 2018 10:23:53 -0700