search

eternaltyro / cryptsetup

Since Google code is shuttering...
http://code.google.com/p/cryptsetup
GNU General Public License v2.0
0 stars 0 forks source link

Fails to decrypt LUKS file on a samba server due to use of O_DIRECT flag #247

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Create a LUKS encrypted file on a samba server using an older version of 
cryptsetup
2. Attempt to open the encrypted file using the current version of cryptsetup

What is the expected output? What do you see instead?
Expected:
$ sudo ./cryptsetup luksOpen /mnt/Media/photo-backup.img pbak --key-file 
pbak.key
$ ls /dev/mapper/
control  pbak

What I see:
$ sudo cryptsetup luksOpen /mnt/Media/photo-backup.img pbak --key-file pbak.key
IO error while decrypting keyslot.
$ ls /dev/mapper/
control

What version of the product are you using? On what operating system?
cryptsetup 2:1.6.6-5 on Debian
Also confirmed on upstream commit 6b10f30eb925123b8e46bbf2cbd9f0dde60c1955

Please provide any additional information below.

strace snippet:

open("/mnt/Media/photo-backup.img", O_RDONLY|O_SYNC|O_DIRECT) = 10
lseek(10, 135168, SEEK_SET)             = 135168
fstatfs(10, {f_type=0xff534d42, f_bsize=4096, f_blocks=1453494282, 
f_bfree=602178550, f_bavail=528926691, f_files=183132160, f_ffree=181634697, 
f_fsid={0, 0}, f_namelen=4096, f_frsize=4096}) = 0
fstat(10, {st_mode=S_IFREG|0644, st_size=214748364800, ...}) = 0
read(10, 0x10d9000, 126976)             = -1 EINVAL (Invalid argument)

Removing the O_DIRECT flag from device_open() solves the issue.

Original issue reported on code.google.com by DarkStar...@gmail.com on 2 Mar 2015 at 11:52

GoogleCodeExporter commented 9 years ago 
Is it the same issue discussed on IRC or a new one? :)

Anyway, the problem here is probably bug in Samba (or other layer which allows 
to open file with O_DIRECT but then fails to read that even from 0 offset).
(Old version works because it used loop device mapping instead of direct file 
access.
Using loop device is also workaround here.)

I am still not sure if we should workaround this bug.
But I will probably add simple read-first sector test there to check that 
O_DIRECT really works.

Original comment by gmazyl...@gmail.com on 9 Mar 2015 at 2:35

GoogleCodeExporter commented 9 years ago 
Should be fixed in commit
https://code.google.com/p/cryptsetup/source/detail?r=0bc437d92c30945991881c8b8ca
245a016fc1236

Please test it if you can, thanks.

Original comment by gmazyl...@gmail.com on 18 Mar 2015 at 2:09