Comment 13 for bug 1633518

Reviewed: https://review.openstack.org/406068
Committed: https://git.openstack.org/cgit/openstack/os-brick/commit/?id=8c401a68bbe52685cbe9122723ff6b7dc921706f
Submitter: Jenkins
Branch: stable/newton

commit 8c401a68bbe52685cbe9122723ff6b7dc921706f
Author: Lee Yarwood <email address hidden>
Date: Mon Nov 14 14:29:17 2016 +0000

    encryptors: Workaround mangled passphrases

    Prior to Ib563b0ea the passphrase used by CryptsetupEncryptor and
    LuksEncryptor had any leading zeros per hexadecimal digit removed, for
    example 0x04 or 04 would turn into 0x4 or 4. As a result any volume
    encrypted prior to the release of Newton used a modified passphrase that
    was different to that stored by the key manager being used in the
    environment.

    To correct this for LuksEncryptor volumes permission denied errors are
    now caught when attempting to open a volume. A second attempt to open
    the volume is then made using a mangled passphrase. If successful the
    correct passphrase is then added to the volume before the mangled
    passphrase is finally removed. This workaround can be removed in a
    future release once it is safe to assume that all LuksEncryptor volumes
    have had any mangled passphrases replaced in this way.

    This isn't possible for CryptsetupEncryptor volumes as the plain mode
    used by cryptsetup does not provide a way for adding and removing keys.
    As such on a permission denied error a second attempt is made to open
    the volume using a mangled passphrase. Unlike the above workaround this
    cannot be removed in a future release.

    Change-Id: I7096463c5eba951dd6322ee6965435e877ca0371
    Partial-bug: #1633518
    (cherry picked from commit 7e33521a39d5b7478008e5d6ba4c754857edbee9)