Comment 5 for bug 1633518

Reviewed: https://review.openstack.org/386670
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=2010c13c0a229531a1ec3c84fb9c05e7310cf824
Submitter: Jenkins
Branch: master

commit 2010c13c0a229531a1ec3c84fb9c05e7310cf824
Author: Lee Yarwood <email address hidden>
Date: Fri Oct 14 16:41:53 2016 +0100

    encryptors: Workaround mangled passphrases

    Prior to Ib563b0ea the passphrase used by CryptsetupEncryptor and
    LuksEncryptor had any leading zeros per hexadecimal digit removed, for
    example 0x04 or 04 would turn into 0x4 or 4. As a result any volume
    encrypted prior to the release of Newton used a modified passphrase that
    was different to that stored by the key manager being used in the
    environment.

    To correct this for LuksEncryptor volumes permission denied errors are
    now caught when attempting to open a volume. A second attempt to open
    the volume is then made using a mangled passphrase. If successful the
    correct passphrase is then added to the volume before the mangled
    passphrase is finally removed. This workaround can be removed in a
    future release once it is safe to assume that all LuksEncryptor volumes
    have had any mangled passphrases replaced in this way.

    This isn't possible for CryptsetupEncryptor volumes as the plain mode
    used by cryptsetup does not provide a way for adding and removing keys.
    As such on a permission denied error a second attempt is made to open
    the volume using a mangled passphrase. Unlike the above workaround this
    cannot be removed in a future release.

    Change-Id: I7096463c5eba951dd6322ee6965435e877ca0371
    Partial-bug: #1633518