i am seeing something odd, i can not explain it but this is what i am seeing, atleast there is consistency finally.
i wrote a simple program to test this and this is what i have found out. the program is called cik in this example and it takes 4 args,path to luks volume,offset,junk to write at the offset,new hopefully corrupted volume
on-disk-format.pdf says key-slot-2 is at offset 256, luksDump says its at 264. Is this expected?
the output of "zuluCrypt-cli -b" to show slot status :
0 - inactive slot
1- active slot
2- invalid slot
test1
[ink@mtz ~]$ ./cik luks 256 tiufvtfbuybougougbtvtvviytrf cvol
[ink@mtz ~]$ zuluCrypt-cli -b -d cvol
12100000
[ink@mtz ~]$
when i try my test with offset 256 , luksDump reports the slot as disabled but crypt_keyslot_status API reports it as invalid as the above test show.
the above is output as reported by crypt_keyslot_max(), full code at the end of this email.
test2
[ink@mtz ~]$ ./cik luks 264 tiufvtfbuybougougbtvtvviytrf cvol
[ink@mtz ~]$ zuluCrypt-cli -b -d cvol
11100000
[ink@mtz ~]$
when i add junk at offset 264 of length less than 32 characters as above,crypt_keyslot_max() and luksDump reports the slot as active and cryptsetup ask for a passphrase when attempting to open the volume.
test3
[ink@mtz ~]$ ./cik luks 264 tiufvtfbuybougougbtvtfgytfvytr
yfbyfvviytrf cvol
[ink@mtz ~]$ zuluCrypt-cli -b -d cvol
device "cvol" is not a luks device
[ink@mtz ~]$
if i increase the junk to above 32 characters as above, luksDump reports:
[root@mtz ink]# cryptsetup luksDump cvol
LUKS keyslot 1 is invalid.
and zuluCrypt reports:
./cik luks 264 tiufvtfbuybougougbtvtfgytfvytryfbyfvviytrf cvol
[ink@mtz ~]$ zuluCrypt-cli -b -d cvol
device "cvol" is not a luks device
can these 3 tests be explained? i am using cryptsetup 1.4.1
zuluCypt code that check for keyslots as promised above:
char * empty_slots( const char * device )
{
crypt_keyslot_info cki ;
struct crypt_device * cd;
int i ;
int j ;
int k ;
char * slot ;
if( is_luks( device ) == 1 )
return NULL ;
i = crypt_init( &cd,device ) ;
if( i != 0 )
return NULL ;
i = crypt_load( cd, CRYPT_LUKS1, NULL ) ;
if( i != 0 )
return NULL ;
k = crypt_keyslot_max( CRYPT_LUKS1 ) ;
slot = ( char * ) malloc( sizeof( char ) * ( k + 1 ) ) ;
for( j = 0 ; j < k ; j++){
cki = crypt_keyslot_status(cd, j);
switch ( cki ){
case CRYPT_SLOT_INACTIVE : slot[j] = '0' ; break ;
case CRYPT_SLOT_ACTIVE : slot[j] = '1' ; break ;
case CRYPT_SLOT_INVALID : slot[j] = '2' ; break ;
case CRYPT_SLOT_ACTIVE_LAST: slot[j] = '3' ; break ;
}
}
slot[j] = '\0' ;
crypt_free( cd );
return slot ;
}
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
