test case below.
key1 keyfile is a text file with 64 characters in it.
key.cr is a 4.3MB mp3 file.
xxx is a 10 MB container file.
cryptsetup is cryptsetup executable version 1.4.1
/cryptTest is a binary executable that create luks containers, code is below.
below results show the following.
cryptsetup can open luks volumes cryptsetup executable created with both keyfiles.
crypsetup can open luks volume created with key1 but not with key.cr when the volume is created with keyfiles using library API.
question 1. Is there a maximum limit on the size of the key file?
question 2. how can the exe work with both key files but the library API works with one key file and not the other? Doesnt this suggest a bug?
question 3. does my code contain an error somewhere? Both should have fails if so.
[root@mtz ink]# cryptsetup -qv luksFormat xxx key1
Command successful.
[root@mtz ink]# cryptsetup -v -d key1 luksOpen xxx xxx
Key slot 0 unlocked.
Command successful.
[root@mtz ink]# cryptsetup -v luksClose xxx
Command successful.
[root@mtz ink]# ./cryptTest xxx key1
[root@mtz ink]# cryptsetup -v -d key1 luksOpen xxx xxx
Key slot 0 unlocked.
Command successful.
[root@mtz ink]# cryptsetup -v luksClose xxx
Command successful.
[root@mtz ink]# cryptsetup -qv luksFormat xxx key.cr
Command successful.
[root@mtz ink]# cryptsetup -v -d key.cr luksOpen xxx xxx
Key slot 0 unlocked.
Command successful.
[root@mtz ink]# cryptsetup -v luksClose xxx
Command successful.
[root@mtz ink]# ./cryptTest xxx key.cr
[root@mtz ink]# cryptsetup -v -d key.cr luksOpen xxx xxx
No key available with this passphrase.
Command failed with code 1: No key available with this passphrase.
code for cryptTest:
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <libcryptsetup.h>
int main(int argc, char * argv[])
{
const char * device = argv[1] ;
const char * keyFile = argv[2] ;
char * c ;
struct stat st ;
int fd ;
int status ;
ssize_t size ;
struct crypt_device *cd;
struct crypt_params_luks1 params = {
.hash = "sha1",
.data_alignment = 4096,
};
stat( keyFile, &st ) ;
c = ( char * ) malloc( sizeof( char ) * ( st.st_size + 1 ) ) ;
fd = open( keyFile,O_RDONLY ) ;
size = read( fd,c,st.st_size ) ;
close( fd ) ;
*( c + st.st_size ) = '\0' ;
if( size == st.st_size )
printf("all content of the file read\n") ;
status = crypt_init( &cd,device ) ;
printf("%d\n",status);
crypt_set_rng_type( cd, CRYPT_RNG_URANDOM );
status = crypt_format( cd,CRYPT_LUKS1,"aes","cbc-essiv:sha256",NULL,NULL,32,¶ms );
printf("%d\n",status);
status = crypt_keyslot_add_by_volume_key( cd,CRYPT_ANY_SLOT,NULL,32,c,strlen( c ) );
printf("%d\n",status);
return 0;
}
ps:i added those printfs after i did the test to make sure there are no errors reported and that is why they do not show up in my above test.
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
