[systemd-bugs] [Bug 52630] New: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sat Jul 28 19:18:05 PDT 2012 

https://bugs.freedesktop.org/show_bug.cgi?id=52630

             Bug #: 52630
           Summary: systemd-cryptsetup handles keyfile differently from
                    cryptsetup on plain mode
    Classification: Unclassified
           Product: systemd
           Version: unspecified
          Platform: x86-64 (AMD64)
        OS/Version: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
        AssignedTo: systemd-bugs at lists.freedesktop.org
        ReportedBy: lenharo at gmail.com
         QAContact: systemd-bugs at lists.freedesktop.org


Hi,

cryptsetup handles keyfile for plain mode as follows (from man page)
1. if reading a keyfile via --keyfile switch, the content of the file will be
used as key and only the needed bytes to fulfill the key size will be read. No
hash is applied to contents of the keyfile
2. if reading from stdin (via --keyfile=- switch), the entire content of the
file will be read and will also be hashed using the default hash algo or the
one specified via --hash switch

systemd-cryptsetup mixes the above two algos in just one,doing the following:
- key size bytes will be read from keyfile (mode 1) and a hash will be applied
on it(mode 2)

This makes it difficult to use crypttab+systemd-cryptsetup on disks encrypted
using plain mode from cryptsetup.

Examples:
dd count=10k bs=4k </dev/zero >container
losetup /dev/loop0 container
dd count=4 bs=512 </dev/urandom >key_file

1. cryptsetup -c aes-xts-plain -s 512 -h sha256 -d key_file create test
/dev/loop0
mkfs.ext2 /dev/mapper/test
mount /dev/mapper/test /mnt/test

umount /mnt/test
cryptsetup remove test
/usr/lib/systemd/systemd-cryptsetup attach test /dev/loop0 key_file
cipher=aes-xts-plain,size=512,hash=sha256
mount /dev/mapper/test /mnt/test
Error: mount: wrong fs type, bad option, bad superblock on /dev/mapper/test,
       missing codepage or helper program, or other error
       In some cases useful info is found in syslog - try
       dmesg | tail or so

2. cat key_file |cryptsetup -c aes-xts-plain -s 512 -h sha256 -d - create test
Same error aforementioned happens.


The only way to make it to work is to create a keyfile with exact the size of
the key and use the syntax of example #2. But this is not the idea of having a 
keyfile, since one could use any file (of any size) as keyfile in example #2
using cryptsetup.

My request would be to have systemd-cryptsetup handling keyfiles the same way
cryptsetup does.

Thank you,
Marcos

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the systemd-bugs mailing list