[pkg-cryptsetup-devel] Bug#612452: Bug#612452: cryptsetup: filesystem check with blkid script is not reliable

Jonas Meurer jonas at freesources.org
Sun Feb 13 13:10:02 UTC 2011 

Hey Christoph, hey Milan,

On 08/02/2011 Christoph Schindler wrote:
> This all could be entirely my fault, of course, but I always just did it
> "the default" way.
> 
> Here is the table with the old ("correct") cipher:
> 
>     pvsvie0401_1-cbackup_1: 0 3907018752 linear 8:17 384
>     backup_1: 0 3907018752 crypt aes-cbc-plain
>     0000000000000000000000000000000000000000000000000000000000000000 0 254:1 0
>     pvsvie0401_0-cbackup_0: 0 580206592 linear 8:3 39059840
>     backup_0: 0 580206592 crypt aes-cbc-plain
>     0000000000000000000000000000000000000000000000000000000000000000 0 254:2 0
> 
> and with the new ("broken") cipher:
> 
>     pvsvie0401_1-cbackup_1: 0 3907018752 linear 8:17 384
>     backup_1: 0 3907018752 crypt aes-cbc-essiv:sha256
>     0000000000000000000000000000000000000000000000000000000000000000 0 254:1 0
>     pvsvie0401_0-cbackup_0: 0 580206592 linear 8:3 39059840
>     backup_0: 0 580206592 crypt aes-cbc-essiv:sha256
>     0000000000000000000000000000000000000000000000000000000000000000 0 254:2 0

I'm able to reproduce this bug. Not sure what to do about it though. It
seems like aes-cbc-plain and aes-cbc-essiv:sha256 give similar results
for the bytes where ext filesystems store the filesystem header/stamp.

all I can do about it, is to document it in README.Debian. Adding more
complex checks additionally to blkid is not an option in my eyes.

here's how I reproduced the bug:

# cryptsetup -c aes-plain create ctest1 /dev/vg_int/ctest1
Enter passphrase: 

# mkfs.ext3 /dev/mapper/ctest1 
[...]

# blkid -o value -s TYPE -p /dev/mapper/ctest1 
ext3

# mount /dev/mapper/ctest1 /mnt

# umount /mnt

# cryptsetup remove ctest1

# cryptsetup create ctest1 /dev/vg_int/ctest_pass
Enter passphrase: 

# blkid -o value -s TYPE -p /dev/mapper/ctest1 
ext3

# mount /dev/mapper/ctest1 /mnt/
mount: wrong fs type, bad option, bad superblock on /dev/mapper/ctest1,
       missing codepage or helper program, or other error
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

# cryptsetup remove ctest1

greetings,
 jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20110213/499b5c47/attachment.pgp>

More information about the pkg-cryptsetup-devel mailing list