Comment 7 for bug 1633518

The following change has also been pushed for os-brick to correct this :

encryptors: Workaround mangled passphrases
https://review.openstack.org/#/c/397934/

As with the Nova change I've now manually verified this. To do so I also had to use the following change moving Nova to use the os-brick supplied encryptors :

DNM - encryptors: Switch to os-brick encryptor classes
https://review.openstack.org/#/c/391597/

$ cinder type-create LUKS
$ cinder encryption-type-create --cipher aes-xts-plain64 --key_size 512 --control_location front-end LUKS nova.volume.encryptors.luks.LuksEncryptor
$ cinder create --volume-type LUKS 1
$ cinder set-bootable b9567416-f463-44ec-be70-c25977124614 true
$ nova boot --boot-volume b9567416-f463-44ec-be70-c25977124614 --flavor 1 test
$ nova delete test
$ sudo cryptsetup luksAddKey /dev/mapper/stack--volumes--lvmdriver--1-volume--b9567416--f463--44ec--be70--c25977124614
Enter any existing passphrase: 010203040506
Enter new passphrase for key slot: 123456
Verify passphrase: 123456
$ sudo cryptsetup luksRemoveKey /dev/mapper/stack--volumes--lvmdriver--1-volume--b9567416--f463--44ec--be70--c25977124614
Enter passphrase to be deleted: 010203040506
$ sudo cryptsetup luksDump /dev/mapper/stack--volumes--lvmdriver--1-volume--b9567416--f463--44ec--be70--c25977124614
LUKS header information for /dev/mapper/stack--volumes--lvmdriver--1-volume--b9567416--f463--44ec--be70--c25977124614

Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha256
Payload offset: 4096
MK bits: 512
MK digest: e1 48 9b 16 0f 2c 12 b2 e3 0f 59 5b a0 69 cd 2b 77 a8 e5 06
MK salt: ad b8 a8 ad ac c1 99 d8 55 59 7f 16 77 e1 1d 80
                0f 14 81 e7 59 ed 39 f0 ce 44 ae f8 11 9a 1f c2
MK iterations: 148250
UUID: 2d841497-ce78-4a67-a778-efeb7d6e17ad

Key Slot 0: DISABLED
Key Slot 1: ENABLED
        Iterations: 860503
        Salt: 1b a2 86 6a db 7a 99 7d d0 cc 73 bd fe c1 57 04
                                22 ec 25 79 18 22 12 68 6a 08 03 22 76 69 18 c2
        Key material offset: 512
        AF stripes: 4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

$ nova boot --boot-volume b9567416-f463-44ec-be70-c25977124614 --flavor 1 test
$ nova delete test
$ sudo cryptsetup luksOpen /dev/mapper/stack--volumes--lvmdriver--1-volume--b9567416--f463--44ec--be70--c25977124614 test
Enter passphrase for /dev/mapper/stack--volumes--lvmdriver--1-volume--b9567416--f463--44ec--be70--c25977124614: 010203040506
$ sudo cryptsetup luksClose test
$ sudo cryptsetup luksDump /dev/mapper/stack--volumes--lvmdriver--1-volume--b9567416--f463--44ec--be70--c25977124614
LUKS header information for /dev/mapper/stack--volumes--lvmdriver--1-volume--b9567416--f463--44ec--be70--c25977124614

Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha256
Payload offset: 4096
MK bits: 512
MK digest: e1 48 9b 16 0f 2c 12 b2 e3 0f 59 5b a0 69 cd 2b 77 a8 e5 06
MK salt: ad b8 a8 ad ac c1 99 d8 55 59 7f 16 77 e1 1d 80
                0f 14 81 e7 59 ed 39 f0 ce 44 ae f8 11 9a 1f c2
MK iterations: 148250
UUID: 2d841497-ce78-4a67-a778-efeb7d6e17ad

Key Slot 0: ENABLED
        Iterations: 715082
        Salt: 8e ee fd f3 d1 e2 ad b4 4d 79 d4 43 ea 93 0b b1
                                46 41 4c 75 77 bf dc fa 2a dd f6 03 af 26 fc 32
        Key material offset: 8
        AF stripes: 4000