Misleading cryptsetup error message

Peter Klotz <email address hidden> writes:

> root@ubuntu:~# cryptsetup luksOpen /dev/sdb1 crypt_rally2
> Enter LUKS passphrase:
> Command failed: No key available with this passphrase.
>
> Actually the supplied password was correct but kernel module dm_crypt
> is not loaded in this scenario.

After looking into the code (luks/keymanage.c) this is not something
easy to add. Checking for the module is not an option either, because
the kernel might have support for dm-crypt compiled in.

I'm CC'ing the upstream mailing list. Do you guys have any idea how this
could be solved? This bug was originaly filed at
https://launchpad.net/bugs/267192

--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

LVM2 tackles this by doing the library equivalent of 'dmsetup targets'
and if the target is not listed it tries modprobe then checks again.

Alasdair
--
<email address hidden>

Milan Broz writes:

> loading of dm_crypt is not cryptsetup job.
>
> Device-mapper has already autoloading of necessary target modules built in.
> You just need device-mapper core initialized (dm_mod kernel module loaded).
>
> It just "simply works" on default configuration:
>
> # lsmod
> Module Size Used by
> dm_mod 48656 0

I see, but couldn't cryptsetup at least warn if the running system has
not even dm_mod loaded instead of indicating the user had entered a
wrong passphrase?

> Is it reproducible in other system? If not, it is some bug in Ubuntu
> Live CD.

You believe it is a bug if the Ubuntu live cd does not autoload dm_mod
on startup? What do other ubuntu-developers think about this?

--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

On Wed, Sep 10, 2008 at 04:27:41PM +0200, Reinhard Tartler wrote:
> Milan Broz writes:
> > loading of dm_crypt is not cryptsetup job.
> >
> > Device-mapper has already autoloading of necessary target modules built in.
> > You just need device-mapper core initialized (dm_mod kernel module loaded).
> >
> > It just "simply works" on default configuration:
> >
> > # lsmod
> > Module Size Used by
> > dm_mod 48656 0
>
> I see, but couldn't cryptsetup at least warn if the running system has
> not even dm_mod loaded instead of indicating the user had entered a
> wrong passphrase?

Most tools that need a particular kernel feature modprobe the
corresponding module just in case (or check first and then modprobe, as
Alasdair mentions that lvm2 does). It would make sense for cryptsetup to
do this.

The wrong error message is clearly a bug, IMO. It's just poor error
handling (understandably, since presumably this is a situation not many
cryptsetup developers encounter, but even so).

> > Is it reproducible in other system? If not, it is some bug in Ubuntu
> > Live CD.
>
> You believe it is a bug if the Ubuntu live cd does not autoload dm_mod
> on startup? What do other ubuntu-developers think about this?

I disagree - there's no reason for the Ubuntu live CD to do so. dm-mod
is modular so that we don't have to load it when it isn't needed, and
the live CD doesn't need it.

I mean, of course we *could*, but in general programs that make fewer
assumptions about the system they're running on are more reliable so I
don't think it makes sense for the system to load kernel modules on the
off-chance that some program might need them. For example, we don't load
the kvm module on the off-chance that you might want to start up a
virtual machine; kvm takes care of doing that if you run it. From the
point of view of the Ubuntu live CD, dm-mod falls into much the same
boat.

--
Colin Watson [<email address hidden>]

This is quite an annoying bug. I just tried out the Intrepid Live CD and wondered if Intrepid's doesn't have AES support or something like this. Correct me if I'm wrong, isn't this even a regression? As far as I remember Hardy's cryptsetup didn't have this problem.

What about Collin's idea of cryptsetup simply trying to modprobe dm_mod just in case? Seems like practicable solution to me. In any case this bug should be resolved. As we already know what causes the problem ignoring it for five months seems rather awkward to me. ;-)

i believe that this and other misleading errors have been fixed in cryptsetup 1.0.7~rc1. from the changelog:

 * Summary of changes in subversion for 1.0.7-rc1:
        * [...]
 * Check device size when loading LUKS header. Remove misleading error message later.
 * Add error hint if dm-crypt mapping failed.
 * Use better error messages if device doesn't exist or is already used by other mapping.
        * [...]
 * Return more descriptive error in case of IO or header format error.
        * [...]
 * Check device mapper communication and warn user if device-mapper support missing in kernel.
        * [...]
 * Error handling improvement.
        * [...]

Is this fixed, like mejo assumes?

(in Lucid, which has 1.1.0~rc2-1ubuntu13 currently - Karmic has 1.0.6)

[Expired for cryptsetup (Ubuntu) because there has been no activity for 60 days.]