[Gluster-devel] question on crypt xlator

Edward Shishkin edward at redhat.com
Thu Oct 9 19:14:17 UTC 2014


On Mon, 6 Oct 2014 12:19:44 +0000
Emmanuel Dreyfus <manu at netbsd.org> wrote:

> Hi


Hello Emmanuel,


> 
> crtypt.t gives me this on a symlink after umount/remount:
> [2014-10-06 09:28:17.199230] E [metadata.c:534:open_format_v1]
> 0-crypt: EMTD verification failed [2014-10-06 09:28:17.200028] W
> [crypt.c:74:get_crypt_inode_info] 0-patchy-crypt: Can not get inode
> info
> 
> I understand this is about file metdata signature, and I suspect 
> something subbtle must change over remounts in NetBSD, but what?
> 
> What crypt xlator uses for metadata? Reading the sources gives
> no obvious answer.


We cipher some per-file encryption attributes in the AEAD (GCM) mode.

"EMTD verification failed" means failed "authentication part" of AEAD
mode (EMTD stands for "Encrypted part of MeTaData"). Normally this
message indicates tampering, that is the pair (encrypted_attributes,
MAC) received from the non-trusted server differs from the original one
that was created on the trusted client machine. However, in your case
it is most likely because of a bug in the crypt translator. TBH, I
haven't tested this on NetBSD.

We'll try to narrow down the problem. For now I have the following
questions:

1) What is the number of the failed step?
2) What endianess does your machine have?


Thanks for the report,
Edward.


More information about the Gluster-devel mailing list