bugzilla-daemon at defect.opensolaris.org
2008-May-20 07:04 UTC
[Bug 1987] New: ''zfs create -o encryption=aes-128-ccm -o keysource=raw, prompt .." shouldn''t work with a 256 bits key
http://defect.opensolaris.org/bz/show_bug.cgi?id=1987
Summary: ''zfs create -o encryption=aes-128-ccm -o
keysource=raw,prompt .." shouldn''t work with a
256 bits
key
Classification: Development
Product: zfs-crypto
Version: unspecified
Platform: Other
OS/Version: Solaris
Status: NEW
Severity: minor
Priority: P3
Component: other
AssignedTo: darrenm at opensolaris.org
ReportedBy: hua.tang at sun.com
QAContact: hua.tang at sun.com
CC: zfs-crypto-discuss at opensolaris.org
Estimated Hours: 0.0
build: zfs-crypto-gate-2008-05-15-12:38
This bug was found during verifying 1052.
# zfs create -o encryption=aes-128-ccm -o keyscope=dataset -o
keysource=raw,file:///export/home/raw_key_file tank/fs_6
cannot create ''tank/fs_6'': Key length invalid (32).
# cat /export/home/raw_key_file | zfs create -o encryption=aes-128-ccm -o
keyscope=dataset -o keysource=raw,prompt tank/fs_6
# zfs list tank/fs_6
NAME USED AVAIL REFER MOUNTPOINT
tank/fs_6 18K 218M 18K /tank/fs_6
# pktool list keystore=file objtype=key infile=/export/home/raw_key_file
Found 1 symmetric keys.
Key #1 - symmetric: /export/home/raw_key_file (256 bits)
#
--
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
bugzilla-daemon at defect.opensolaris.org
2008-May-20 08:41 UTC
[Bug 1987] ''zfs create -o encryption=aes-128-ccm -o keysource=raw,prompt .. " shouldn''t work with a 256 bits key
http://defect.opensolaris.org/bz/show_bug.cgi?id=1987 --- Comment #1 from Grace <hua.tang at sun.com> 2008-05-20 01:41:27 --- For ''zfs create'' with keyscope=dataset, it only happens with keysource=raw,prompt. But with keyscope=pool, ''zfs create -o encryption=aes-128-ccm'' succeeds with a 128 bits key while keysource=raw|hex,prompt|file. For example: # zpool create -f -o keysource=hex,file:///export/home/hex_key_file test /export/home/testfile_2 # zfs create -o encryption=aes-128-ccm test/fs # cat /export/home/hex_key_file 9adf6ac44655ccc414a5e9197a34c52731f5fe08d9191a7cd3811ab6f69f1078# # zpool create -f -o keysource=raw,file:///export/home/raw_key_file test /export/home/testfile_2 # zfs create -o encryption=aes-128-ccm test/fs # pktool list keystore=file objtype=key infile=/export/home/raw_key_file Found 1 symmetric keys. Key #1 - symmetric: /export/home/raw_key_file (256 bits) # -- Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
bugzilla-daemon at defect.opensolaris.org
2008-May-20 09:43 UTC
[Bug 1987] ''zfs create -o encryption=aes-128-ccm -o keysource=raw,prompt .. " shouldn''t work with a 256 bits key
http://defect.opensolaris.org/bz/show_bug.cgi?id=1987
Darren J Moffat <darrenm at opensolaris.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution| |INVALID
--- Comment #2 from Darren J Moffat <darrenm at opensolaris.org>
2008-05-20 02:43:46 ---
This is not a bug when the key is prompted for and is expected behaviour.
The zpool case is definitely not a bug. The pool key is used to wrap per
dataset keys for those datasets with keyscope=pool. There is no relationship
between the size of the pool key and the encryption value on the dataset. The
datasets themselves can have either aes-128-ccm or aes-256-ccm and a given pool
can have mix of both.
I''m closing as not a bug.
--
Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.