Re: json help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ah yes.  the pdf.  I forgot about that doc too.  

Based on the luks2 spec and your examples I am importing/exporting token data but finding it non intuitive and inconsistent.

I have two keyslots for device /dev/sdb2 and I'm trying to assign the tokens to keyslot 1.  I can assign to all keyslots or to keyslot 0 but NOT keyslot 1.  

Here is the short output.  Debug doesn't give me any useful information but I'll post some for the last two commands.

$ echo '{ "type" : "blah" , "keyslots" : [], "foo" : "bar" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 1
Failed to assign token 0 to keyslot 1.
$ echo '{ "type" : "blah" , "keyslots" : [ ], "foo" : "bar" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 1
Failed to assign token 0 to keyslot 1.
$ echo '{ "type" : "blah" , "keyslots" : [1], "foo" : "bar" }' |  ./cryptsetup token import /dev/sdb2
Failed to import token from file.
$ echo '{ "type" : "blah" , "keyslots" : [1], "foo" : "bar" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 1
Failed to import token from file.
$ echo '{ "type" : "blah" , "keyslots" : [], "foo" : "bar" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 0
$ echo '{ "type" : "blah" , "keyslots" : [], "foo0" : "bar0" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 0
$ echo '{ "type" : "blah" , "keyslots" : [], "all" : "all" }' |  ./cryptsetup token import /dev/sdb2
$ echo '{ "type" : "blah" , "keyslots" : [], "all" : "1" }' |  ./cryptsetup token import /dev/sdb2
$ echo '{ "type" : "blah" , "keyslots" : [], "all" : "2" }' |  ./cryptsetup token import /dev/sdb2
$ echo '{ "type" : "blah" , "keyslots" : [], "all" : "3" }' |  ./cryptsetup token import /dev/sdb2
$ cryptsetup luksDump /dev/sdb2 --debug-json
...
"tokens":{
   "0":{
     "type":"blah",
     "keyslots":[
       "0"
     ],
     "foo":"bar"
   },
   "1":{
     "type":"blah",
     "keyslots":[
       "0"
     ],
     "foo0":"bar0"
   },
   "2":{
     "type":"blah",
     "keyslots":[
     ],
     "all":"all"
   },
 },
...


$ echo '{ "type" : "blah" , "keyslots" : [], "key1" : "does not work" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 1 --debug
# cryptsetup 2.4.0-rc1 processing "/home/jt/local/cryptsetup/cryptsetup.jt/.libs/cryptsetup token import /dev/sdb2 --key-slot 1 --debug"
# Running command token.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/sdb2.
# Trying to open and read device /dev/sdb2 with direct-io.
# Initialising device-mapper backend library.
# Trying to load LUKS2 crypt type from device /dev/sdb2.
# Crypto backend (OpenSSL 1.1.1j  16 Feb 2021) initialized in cryptsetup library version 2.4.0-rc1.
# Detected kernel Linux 5.11.0-25-generic x86_64.
# Loading LUKS2 header (repair disabled).
# Acquiring read lock for device /dev/sdb2.
# Opening lock resource file /run/cryptsetup/L_8:18
# Verifying lock handle for /dev/sdb2.
# Device /dev/sdb2 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/sdb2
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:57e4caf994053134277ddb302b8d729fb8818d14bcf6eeecefb05cdffec8407f (on-disk)
# Checksum:57e4caf994053134277ddb302b8d729fb8818d14bcf6eeecefb05cdffec8407f (in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Reusing open ro fd on device /dev/sdb2
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:c3b853e230c1cc786bc6b95cb40650b89b6060bba018d39beb89a26d43eb8af2 (on-disk)
# Checksum:c3b853e230c1cc786bc6b95cb40650b89b6060bba018d39beb89a26d43eb8af2 (in-memory)
# Device size 1907359744, offset 16777216.
# Device /dev/sdb2 READ lock released.
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# STDIN descriptor JSON read requested.
# Updating JSON for token -1.
# Trying to load /usr/lib/cryptsetup/libcryptsetup-token-blah.so.
# /usr/lib/cryptsetup/libcryptsetup-token-blah.so: cannot open shared object file: No such file or directory
# Device size 1907359744, offset 16777216.
# Acquiring write lock for device /dev/sdb2.
# Opening lock resource file /run/cryptsetup/L_8:18
# Verifying lock handle for /dev/sdb2.
# Device /dev/sdb2 WRITE lock taken.
# Checking context sequence id matches value stored on disk.
# Reusing open ro fd on device /dev/sdb2
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Opening locked device /dev/sdb2
# Veryfing locked device handle (bdev)
# Checksum:d5b36f9571c82d4ea76e086e1e16934c2ef99b953d171f6ffbf3ae3e7c47bba3 (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Reusing open rw fd on device /dev/sdb2
# Checksum:75aa1286798a9d47acbdf6cf7b67c3b6a3e7af748624bdca64ad222d7e954e4f (in-memory)
# Device /dev/sdb2 WRITE lock released.
# Keyslot 1 assigned to token 6.
# Keyslots section "" is missing "1" (object) specification.
Failed to assign token 6 to keyslot 1.
# Updating JSON for token 6.
# Device size 1907359744, offset 16777216.
# Acquiring write lock for device /dev/sdb2.
# Opening lock resource file /run/cryptsetup/L_8:18
# Verifying lock handle for /dev/sdb2.
# Device /dev/sdb2 WRITE lock taken.
# Checking context sequence id matches value stored on disk.
# Reusing open ro fd on device /dev/sdb2
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Reusing open rw fd on device /dev/sdb2
# Checksum:29f1ecbb169f48d69be0ae5b2c8a3cfc42d8d25bf0853dcd3119eb27faa6a568 (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Reusing open rw fd on device /dev/sdb2
# Checksum:b20770ce7233f9d53f39f863d160f4f511088f860e30502c03a48574da981212 (in-memory)
# Device /dev/sdb2 WRITE lock released.
# Releasing crypt device /dev/sdb2 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/sdb2.
# Closing read write fd for /dev/sdb2.
Command failed with code -1 (wrong or missing parameters).


$ echo '{ "type" : "blah" , "keyslots" : [1], "key1" : "does not work" }' |  ./cryptsetup token import /dev/sdb2 --key-slot 1 --debug
# cryptsetup 2.4.0-rc1 processing "/home/jt/local/cryptsetup/cryptsetup.jt/.libs/cryptsetup token import /dev/sdb2 --key-slot 1 --debug"
# Running command token.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/sdb2.
# Trying to open and read device /dev/sdb2 with direct-io.
# Initialising device-mapper backend library.
# Trying to load LUKS2 crypt type from device /dev/sdb2.
# Crypto backend (OpenSSL 1.1.1j  16 Feb 2021) initialized in cryptsetup library version 2.4.0-rc1.
# Detected kernel Linux 5.11.0-25-generic x86_64.
# Loading LUKS2 header (repair disabled).
# Acquiring read lock for device /dev/sdb2.
# Opening lock resource file /run/cryptsetup/L_8:18
# Verifying lock handle for /dev/sdb2.
# Device /dev/sdb2 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/sdb2
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:29f1ecbb169f48d69be0ae5b2c8a3cfc42d8d25bf0853dcd3119eb27faa6a568 (on-disk)
# Checksum:29f1ecbb169f48d69be0ae5b2c8a3cfc42d8d25bf0853dcd3119eb27faa6a568 (in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Reusing open ro fd on device /dev/sdb2
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:b20770ce7233f9d53f39f863d160f4f511088f860e30502c03a48574da981212 (on-disk)
# Checksum:b20770ce7233f9d53f39f863d160f4f511088f860e30502c03a48574da981212 (in-memory)
# Device size 1907359744, offset 16777216.
# Device /dev/sdb2 READ lock released.
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# STDIN descriptor JSON read requested.
# Updating JSON for token -1.
# Illegal value type in keyslots array at index 0.
Failed to import token from file.
# Releasing crypt device /dev/sdb2 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/sdb2.
Command failed with code -1 (wrong or missing parameters).




--
JT

_______________________________________________
dm-crypt mailing list -- dm-crypt@xxxxxxxx
To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux