From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <n-roeser@gmx.net>
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by mail.saout.de (Postfix) with SMTP
	for <dm-crypt@saout.de>; Thu, 27 May 2010 00:48:46 +0200 (CEST)
Message-ID: <4BFDA544.1060707@gmx.net>
Date: Thu, 27 May 2010 00:48:36 +0200
From: "Nico R." <n-roeser@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig0FCE86334280462C3A1CA8B9"
Subject: [dm-crypt] Problem with piped passphrases containing newline
	character
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig0FCE86334280462C3A1CA8B9
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hello!

I am using some code like the following in order to initialize and open
LUKS containers:

$ gpg -d < secret.asc | sudo \
    cryptsetup luksFormat /dev/$DEVICE -

$ gpg -d < secret.asc | sudo \
    cryptsetup --key-file=3D- luksOpen /dev/$DEVICE blah


secret.asc is a file encrypted with GnuPG, which contains unknown
(possibly random) data. It usually includes at least one newline characte=
r.

The above commands have been carefully crafted after reading the man
page over and over (especially the parts about reading passphrases from
standard input or a pipe, and about newline handling), and after
studying the relevant parts of the code. I believe that this was the
proper way to use passphrases which are binary blobs with cryptsetup
versions around 1.0.6.

It used to work properly with cryptsetup-1.0.6. However, I am now
experiencing an error with cryptsetup-1.1.1 if the passphrase is
containing a newline character. I am using a simplified testcase to show
the problem. The following commands are written for bash. I assume that
there is a block device named /dev/loop0 which has enough space to hold
a LUKS container.

$ export LC_ALL=3DPOSIX
$ echo -n $'foo\nbar' | sudo \
    cryptsetup luksFormat /dev/loop0 -
$ echo -n $'foo\nbar' | sudo \
    cryptsetup --key-file=3D- luksOpen /dev/loop0 testing
No key available with this passphrase.


At first it seemed to be related to issue 52[1], but trying out the svn
revisions around 208 did not confirm that assumption.

I svn-bisect[2]-ed the problem, and found out that the change in
behavior was probably introduced somewhere between r109 and r124
(inclusively, each). I have not digged even more deeply into it, because
I currently do not understand the tricky details.

This is probably a bug in the code, or the documentation is misleading.
Or am I using cryptsetup improperly and am I misunderstanding its manpage=
?


[1] https://code.google.com/p/cryptsetup/issues/detail?id=3D52
[2] http://search.cpan.org/perldoc?svn-bisect


Thanks
--=20
Nico


--------------enig0FCE86334280462C3A1CA8B9
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)

iEYEARECAAYFAkv9pUkACgkQxI5uhYOGv4UXqwCeKZcwmoRpIdvYOeQ6/tH9s/7n
WlsAoJ3zVMFnm4CJPcxfH49FJVWWDuiO
=iq+3
-----END PGP SIGNATURE-----

--------------enig0FCE86334280462C3A1CA8B9--