[systemd-bugs] [Bug 52630] New: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sat Jul 28 19:18:05 PDT 2012
https://bugs.freedesktop.org/show_bug.cgi?id=52630
Bug #: 52630
Summary: systemd-cryptsetup handles keyfile differently from
cryptsetup on plain mode
Classification: Unclassified
Product: systemd
Version: unspecified
Platform: x86-64 (AMD64)
OS/Version: Linux (All)
Status: NEW
Severity: normal
Priority: medium
Component: general
AssignedTo: systemd-bugs at lists.freedesktop.org
ReportedBy: lenharo at gmail.com
QAContact: systemd-bugs at lists.freedesktop.org
Hi,
cryptsetup handles keyfile for plain mode as follows (from man page)
1. if reading a keyfile via --keyfile switch, the content of the file will be
used as key and only the needed bytes to fulfill the key size will be read. No
hash is applied to contents of the keyfile
2. if reading from stdin (via --keyfile=- switch), the entire content of the
file will be read and will also be hashed using the default hash algo or the
one specified via --hash switch
systemd-cryptsetup mixes the above two algos in just one,doing the following:
- key size bytes will be read from keyfile (mode 1) and a hash will be applied
on it(mode 2)
This makes it difficult to use crypttab+systemd-cryptsetup on disks encrypted
using plain mode from cryptsetup.
Examples:
dd count=10k bs=4k </dev/zero >container
losetup /dev/loop0 container
dd count=4 bs=512 </dev/urandom >key_file
1. cryptsetup -c aes-xts-plain -s 512 -h sha256 -d key_file create test
/dev/loop0
mkfs.ext2 /dev/mapper/test
mount /dev/mapper/test /mnt/test
umount /mnt/test
cryptsetup remove test
/usr/lib/systemd/systemd-cryptsetup attach test /dev/loop0 key_file
cipher=aes-xts-plain,size=512,hash=sha256
mount /dev/mapper/test /mnt/test
Error: mount: wrong fs type, bad option, bad superblock on /dev/mapper/test,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
2. cat key_file |cryptsetup -c aes-xts-plain -s 512 -h sha256 -d - create test
Same error aforementioned happens.
The only way to make it to work is to create a keyfile with exact the size of
the key and use the syntax of example #2. But this is not the idea of having a
keyfile, since one could use any file (of any size) as keyfile in example #2
using cryptsetup.
My request would be to have systemd-cryptsetup handling keyfiles the same way
cryptsetup does.
Thank you,
Marcos
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are the assignee for the bug.
More information about the systemd-bugs
mailing list