[dm-crypt] about invalid key slots
mbroz at redhat.com
Mon Apr 2 10:42:07 CEST 2012
On 04/02/2012 07:43 AM, .. ink .. wrote:
> is it possible to get or how can i create a volume with an invalid
> key? i would lik3 to test this for my program zulucrypt but i cant
> seem to manage to corrupt a volume. The best i have got after trying
> for hours is inconsistency at best.
You do not need to add test for anything - crypt_load reports invalid header.
Obviously you cannot create invalid LUKS header with libcryptsetup
(or you found a bug :-) but you can easily simulate similar problem
e.g. by overwriting the second sector of device:
# cryptsetup luksFormat /dev/sdb
# dd if=/dev/urandom of=/dev/sdb seek=1 bs=512 count=1
# cryptsetup luksDump /dev/sdb
LUKS keyslot 6 is invalid.
LUKS keyslot 7 is invalid.
Note it is visible header, just keyslot info area, not the keyslot
itself. (Perhaps I should fix the error message.)
> crypt_keyslot_status API shows the key is invalid but cryptsetup
> luksDump shown the key slot as disabled and cryptsetup executable
> just says the password does not exist when trying to open the volume
> with the a key in slot i try to make invalid
You are parsing some error code wrong, it should fail during
crypt_load() already. If it fails, using any api function
over invalid crypt context is undefined, whatever function it is.
More information about the dm-crypt