How does Ansible Vault detect wrong password?

Question

What mechanism does Ansible Vault use to detect wrong vault passwords? In other word, if a user inputs wrong vault password then Ansible shows error message below. How?

Decryption failed (no vault secrets were found that could decrypt)

Is there any section in Vault Payload that Ansible uses to detect wrong passwords?

Answer 1

The code for ansible-vault with the relevant section can be found here: https://github.com/ansible/ansible/blob/devel/lib/ansible/parsing/vault/init.py#L736

Summarised, it uses the specified password and vault ID to decrypt the file. So it will look for the vault ID in the vault file and will then try to decrypt the password. The crytpo part will only return a byte string when the decryption was successful and the expected format (PKCS7) is returned:

• So first, the content of the vault is parsed (hex format is converted to actual bytes):

b_ciphertext, b_salt, b_crypted_hmac = parse_vaulttext(b_vaulttext)

• Then, the relevant keys are generated from the salt and the password:

b_password = secret.bytes
b_key1, b_key2, b_iv = cls._gen_key_initctr(b_password, b_salt)

• As you note correctly, the first thing that the _decrypt_cryptography function does is to check if the HMAC is correct, using one of the keys derived from the password above:

hmac = HMAC(b_key2, hashes.SHA256(), CRYPTOGRAPHY_BACKEND)
hmac.update(b_ciphertext)
try:
  hmac.verify(_unhexlify(b_crypted_hmac))
except InvalidSignature as e:
  raise AnsibleVaultError('HMAC verification failed: %s' % e)

• Then, the actual decryption happens:

cipher = C_Cipher(algorithms.AES(b_key1), modes.CTR(b_iv), CRYPTOGRAPHY_BACKEND)
decryptor = cipher.decryptor()
unpadder = padding.PKCS7(128).unpadder()
b_plaintext = unpadder.update(
  decryptor.update(b_ciphertext) + decryptor.finalize()
) + unpadder.finalize()

• The b_plaintext is then returned.

So when you use the wrong password, the crypto function will return non-PKCS7 data and this then leads to the message above.