cryptsetup-reencrypt -- resilience of cipher specification
Hi, I made some trials with cryptsetup-reencrypt. In doing so, I encountered an awkward issue with input validation: I encrypted a device with default (aes-xts-plain64). Now re-encrypting it with --cipher serpent-xts-plain64 works fine. If I specify it a little odd, e.g. --cipher twofish-xts:sha256, it returns with "device-mapper: reload ioctl on failed: Invalid argument Failed to setup dm-crypt key mapping for device LUKS-4c068ebd-96db-40fd-aa54-422a6819b9a3.new. Check that kernel supports twofish-xts:sha256 cipher (check syslog for more info). Creation of LUKS backup headers failed."
No big deal.
However, if I use for example --cipher twofish-xts, it returns with "WARNING: this is experimental code, it can completely break your data. Enter passphrase for key slot 0: device-mapper: reload ioctl on failed: Invalid argument Activation of temporary devices failed."
Now "--cipher twofish-xts" may have been wrong to start with, but the problem is that in this case the warning proves correct - the luksHeader gets wrecked:
cryptsetup luksDump /dev/sda6Device /dev/sda6 is not a valid LUKS device.
Debug output to follow, if you need it/it helps. cryptsetup 1.6.7 (Arch Linux)