On 8/16/21 2:35 PM, JT Morée wrote:
$ echo '{ "type" : "blah" , "keyslots" : [], "key1" : "does not work" }' | ./cryptsetup token import /dev/sdb2 --key-slot 1 --debug
# cryptsetup 2.4.0-rc1 processing "/home/jt/local/cryptsetup/cryptsetup.jt/.libs/cryptsetup token import /dev/sdb2 --key-slot 1 --debug"
# Running command token.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/sdb2.
# Trying to open and read device /dev/sdb2 with direct-io.
# Initialising device-mapper backend library.
# Trying to load LUKS2 crypt type from device /dev/sdb2.
# Crypto backend (OpenSSL 1.1.1j 16 Feb 2021) initialized in cryptsetup library version 2.4.0-rc1.
# Detected kernel Linux 5.11.0-25-generic x86_64.
# Loading LUKS2 header (repair disabled).
# Acquiring read lock for device /dev/sdb2.
# Opening lock resource file /run/cryptsetup/L_8:18
# Verifying lock handle for /dev/sdb2.
# Device /dev/sdb2 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/sdb2
# Veryfing locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:57e4caf994053134277ddb302b8d729fb8818d14bcf6eeecefb05cdffec8407f (on-disk)
# Checksum:57e4caf994053134277ddb302b8d729fb8818d14bcf6eeecefb05cdffec8407f (in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Reusing open ro fd on device /dev/sdb2
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:c3b853e230c1cc786bc6b95cb40650b89b6060bba018d39beb89a26d43eb8af2 (on-disk)
# Checksum:c3b853e230c1cc786bc6b95cb40650b89b6060bba018d39beb89a26d43eb8af2 (in-memory)
# Device size 1907359744, offset 16777216.
# Device /dev/sdb2 READ lock released.
# PBKDF argon2id, time_ms 2000 (iterations 0), max_memory_kb 1048576, parallel_threads 4.
# STDIN descriptor JSON read requested.
# Updating JSON for token -1.
# Trying to load /usr/lib/cryptsetup/libcryptsetup-token-blah.so.
# /usr/lib/cryptsetup/libcryptsetup-token-blah.so: cannot open shared object file: No such file or directory
# Device size 1907359744, offset 16777216.
# Acquiring write lock for device /dev/sdb2.
# Opening lock resource file /run/cryptsetup/L_8:18
# Verifying lock handle for /dev/sdb2.
# Device /dev/sdb2 WRITE lock taken.
# Checking context sequence id matches value stored on disk.
# Reusing open ro fd on device /dev/sdb2
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Opening locked device /dev/sdb2
# Veryfing locked device handle (bdev)
# Checksum:d5b36f9571c82d4ea76e086e1e16934c2ef99b953d171f6ffbf3ae3e7c47bba3 (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Reusing open rw fd on device /dev/sdb2
# Checksum:75aa1286798a9d47acbdf6cf7b67c3b6a3e7af748624bdca64ad222d7e954e4f (in-memory)
# Device /dev/sdb2 WRITE lock released.
# Keyslot 1 assigned to token 6.
# Keyslots section "" is missing "1" (object) specification.
Failed to assign token 6 to keyslot 1.
# Updating JSON for token 6.
# Device size 1907359744, offset 16777216.
# Acquiring write lock for device /dev/sdb2.
# Opening lock resource file /run/cryptsetup/L_8:18
# Verifying lock handle for /dev/sdb2.
# Device /dev/sdb2 WRITE lock taken.
# Checking context sequence id matches value stored on disk.
# Reusing open ro fd on device /dev/sdb2
# Trying to write LUKS2 header (16384 bytes) at offset 0.
# Reusing open rw fd on device /dev/sdb2
# Checksum:29f1ecbb169f48d69be0ae5b2c8a3cfc42d8d25bf0853dcd3119eb27faa6a568 (in-memory)
# Trying to write LUKS2 header (16384 bytes) at offset 16384.
# Reusing open rw fd on device /dev/sdb2
# Checksum:b20770ce7233f9d53f39f863d160f4f511088f860e30502c03a48574da981212 (in-memory)
# Device /dev/sdb2 WRITE lock released.
# Releasing crypt device /dev/sdb2 context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/sdb2.
# Closing read write fd for /dev/sdb2.
Command failed with code -1 (wrong or missing parameters).
Actually, this is not a bug. It seems the keyslot 1 does not exist in
LUKS2 metadata in this very example:
> # Keyslots section "" is missing "1" (object) specification.
Quote above comes from validation code that checks if all assigned
keyslots in token object actually exists (in this example keyslot is
being added via --key-slot cli parameter).
If you can reproduce the failure again, please open issue on gitlab with
following command outputs again:
cryptsetup luksDump /dev/sda2 --debug-json
- and -
echo '{ "type" : "blah" , "keyslots" : [], "key1" : "does not work" }' |
./cryptsetup token import /dev/sdb2 --key-slot 1 --debug
Thank you
O.
_______________________________________________
dm-crypt mailing list -- dm-crypt@xxxxxxxx
To unsubscribe send an email to dm-crypt-leave@xxxxxxxx