[dm-crypt] luksFormat library API doesnt seem to work with large keyfiles.

.. ink .. mhogomchungu at gmail.com
Tue Jan 17 09:05:16 CET 2012


using cryptsetup 1.4.1

test case below.

key1 keyfile is a  text file with 64 characters in it.
key.cr is a 4.3MB mp3 file.
xxx is a 10 MB container file.

cryptsetup is cryptsetup executable version 1.4.1
/cryptTest  is a binary executable that create luks containers, code is
below.

below results show the following.

cryptsetup can open luks volumes cryptsetup executable created with both
keyfiles.

crypsetup can open luks volume created with key1 but not with key.cr when
the volume is created with keyfiles using library API.

question 1. Is there a maximum limit on the size of the key file?
question 2. how can the exe work with both key files but the library API
works with one key file and not the other? Doesnt this suggest a bug?
question 3. does my code contain an error somewhere? Both should have fails
if so.

[root at mtz ink]# cryptsetup -qv luksFormat xxx key1
Command successful.
[root at mtz ink]# cryptsetup -v -d key1 luksOpen xxx xxx
Key slot 0 unlocked.
Command successful.
[root at mtz ink]# cryptsetup -v  luksClose xxx
Command successful.
[root at mtz ink]# ./cryptTest xxx key1
[root at mtz ink]# cryptsetup -v -d key1 luksOpen xxx xxx
Key slot 0 unlocked.
Command successful.
[root at mtz ink]# cryptsetup -v  luksClose xxx
Command successful.
[root at mtz ink]# cryptsetup -qv luksFormat xxx key.cr
Command successful.
[root at mtz ink]# cryptsetup -v -d key.cr  luksOpen xxx xxx
Key slot 0 unlocked.
Command successful.
[root at mtz ink]# cryptsetup -v  luksClose xxx
Command successful.
[root at mtz ink]# ./cryptTest xxx key.cr
[root at mtz ink]# cryptsetup -v -d key.cr  luksOpen xxx xxx
No key available with this passphrase.
Command failed with code 1: No key available with this passphrase.

code for cryptTest:


#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <libcryptsetup.h>

int main(int argc, char * argv[])
{
    const char * device = argv[1] ;
    const char * keyFile = argv[2] ;
    char * c ;
    struct stat st ;
    int fd ;
    int status ;
    ssize_t size ;
    struct crypt_device *cd;

    struct crypt_params_luks1 params = {
        .hash = "sha1",
        .data_alignment = 4096,
    };

    stat( keyFile, &st ) ;
    c = ( char * ) malloc( sizeof( char ) * ( st.st_size + 1 ) ) ;

    fd = open( keyFile,O_RDONLY ) ;
    size = read( fd,c,st.st_size ) ;

    close( fd ) ;
    *( c + st.st_size ) = '\0' ;

    if( size == st.st_size )
        printf("all content of the file read\n") ;
    status = crypt_init( &cd,device ) ;

    printf("%d\n",status);
    crypt_set_rng_type( cd, CRYPT_RNG_URANDOM );

    status = crypt_format(
cd,CRYPT_LUKS1,"aes","cbc-essiv:sha256",NULL,NULL,32,&params );
    printf("%d\n",status);

    status = crypt_keyslot_add_by_volume_key(
cd,CRYPT_ANY_SLOT,NULL,32,c,strlen( c ) );
    printf("%d\n",status);

    return 0;
}

ps:i added those printfs after i did the test to make sure there are no
errors reported and that is why they do not show up in my above test.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20120117/e50e776f/attachment.html>


More information about the dm-crypt mailing list