Hello dm-crypt folks,
I want to retrieve pbkdf params for active keyslots of LUKS devices.
First I looked into `crypt_keyslot_get_pbkdf()`, but contrary to what
the code suggests[1], it doesn't return values for LUKS1 devices.
Also, looking at the actual return valudes, it seems to return the
calculated values for a new keyslot, not the ones for the active
keyslot, right?
Is there another way to retrieve the values that `cryptsetup luksDump`
shows? I'm particularely interested in the `iterations` values for LUKS1
and `memory` values for LUKS2 devices.
Here's my (non-working code):
struct crypt_device *cd = NULL;
if (crypt_init_by_name(&cd, devices[i])) {
errx(EXIT_FAILURE, "couldn't init LUKS device %s", devices[i]);
} else {
int ks_max = crypt_keyslot_max(crypt_get_type(cd));
for (int j = 0; j < ks_max; j++) {
crypt_keyslot_info ki = crypt_keyslot_status(cd, j);
if (ki == CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_ACTIVE_LAST) {
// Keyslot is active
struct crypt_pbkdf_type pbkdf_ki;
if (crypt_keyslot_get_pbkdf(cd, ki, &pbkdf_ki)) {
printf(" max_memory_kb: %d\n", pbkdf_ki.max_memory_kb);
} else {
warn("No PBKDF for ks %d (device %s)", j, devices[i]);
}
}
}
}
crypt_free(cd);
When giving a LUKS2 device, I get (somewhat strange) results:
max_memory_kb: 1824273616
When giving a LUKS1 device, crypt_keyslot_get_pbkdf isn't successful:
cryptsetup-suspend: No PBKDF for ks 0 (device cont3_crypt): Success
Cheers
jonas
[1]
https://gitlab.com/cryptsetup/cryptsetup/blob/4448ddc/lib/setup.c#L5175-5178
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
