* [dm-crypt] luksFormat library API doesnt seem to work with large keyfiles.
@ 2012-01-17 8:05 .. ink ..
2012-01-17 8:44 ` Milan Broz
0 siblings, 1 reply; 3+ messages in thread
From: .. ink .. @ 2012-01-17 8:05 UTC (permalink / raw)
To: dm-crypt
[-- Attachment #1: Type: text/plain, Size: 3036 bytes --]
using cryptsetup 1.4.1
test case below.
key1 keyfile is a text file with 64 characters in it.
key.cr is a 4.3MB mp3 file.
xxx is a 10 MB container file.
cryptsetup is cryptsetup executable version 1.4.1
/cryptTest is a binary executable that create luks containers, code is
below.
below results show the following.
cryptsetup can open luks volumes cryptsetup executable created with both
keyfiles.
crypsetup can open luks volume created with key1 but not with key.cr when
the volume is created with keyfiles using library API.
question 1. Is there a maximum limit on the size of the key file?
question 2. how can the exe work with both key files but the library API
works with one key file and not the other? Doesnt this suggest a bug?
question 3. does my code contain an error somewhere? Both should have fails
if so.
[root@mtz ink]# cryptsetup -qv luksFormat xxx key1
Command successful.
[root@mtz ink]# cryptsetup -v -d key1 luksOpen xxx xxx
Key slot 0 unlocked.
Command successful.
[root@mtz ink]# cryptsetup -v luksClose xxx
Command successful.
[root@mtz ink]# ./cryptTest xxx key1
[root@mtz ink]# cryptsetup -v -d key1 luksOpen xxx xxx
Key slot 0 unlocked.
Command successful.
[root@mtz ink]# cryptsetup -v luksClose xxx
Command successful.
[root@mtz ink]# cryptsetup -qv luksFormat xxx key.cr
Command successful.
[root@mtz ink]# cryptsetup -v -d key.cr luksOpen xxx xxx
Key slot 0 unlocked.
Command successful.
[root@mtz ink]# cryptsetup -v luksClose xxx
Command successful.
[root@mtz ink]# ./cryptTest xxx key.cr
[root@mtz ink]# cryptsetup -v -d key.cr luksOpen xxx xxx
No key available with this passphrase.
Command failed with code 1: No key available with this passphrase.
code for cryptTest:
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <libcryptsetup.h>
int main(int argc, char * argv[])
{
const char * device = argv[1] ;
const char * keyFile = argv[2] ;
char * c ;
struct stat st ;
int fd ;
int status ;
ssize_t size ;
struct crypt_device *cd;
struct crypt_params_luks1 params = {
.hash = "sha1",
.data_alignment = 4096,
};
stat( keyFile, &st ) ;
c = ( char * ) malloc( sizeof( char ) * ( st.st_size + 1 ) ) ;
fd = open( keyFile,O_RDONLY ) ;
size = read( fd,c,st.st_size ) ;
close( fd ) ;
*( c + st.st_size ) = '\0' ;
if( size == st.st_size )
printf("all content of the file read\n") ;
status = crypt_init( &cd,device ) ;
printf("%d\n",status);
crypt_set_rng_type( cd, CRYPT_RNG_URANDOM );
status = crypt_format(
cd,CRYPT_LUKS1,"aes","cbc-essiv:sha256",NULL,NULL,32,¶ms );
printf("%d\n",status);
status = crypt_keyslot_add_by_volume_key(
cd,CRYPT_ANY_SLOT,NULL,32,c,strlen( c ) );
printf("%d\n",status);
return 0;
}
ps:i added those printfs after i did the test to make sure there are no
errors reported and that is why they do not show up in my above test.
[-- Attachment #2: Type: text/html, Size: 3708 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [dm-crypt] luksFormat library API doesnt seem to work with large keyfiles.
2012-01-17 8:05 [dm-crypt] luksFormat library API doesnt seem to work with large keyfiles .. ink ..
@ 2012-01-17 8:44 ` Milan Broz
2012-01-18 3:15 ` .. ink ..
0 siblings, 1 reply; 3+ messages in thread
From: Milan Broz @ 2012-01-17 8:44 UTC (permalink / raw)
To: .. ink ..; +Cc: dm-crypt
On 01/17/2012 09:05 AM, .. ink .. wrote:
> using cryptsetup 1.4.1
>
> test case below.
(please also read examples in docs/examples)
> key1 keyfile is a text file with 64 characters in it.
> key.cr <http://key.cr> is a 4.3MB mp3 file.
...
> status = crypt_keyslot_add_by_volume_key( cd,CRYPT_ANY_SLOT,NULL,32,c,strlen( c ) );
I guess strlen(c) is wrong, it will stop on the first zero (mp3 is binary data, not C string).
What about use st.st_size here?
About limits - there is default/compiled one but you can always override
it through API, exactly as you did above.
(Also see cryptsetup --help - "Default compiled-in keyfile parameters", you have
to override keyfile size using --keyfile-size option if it is over compiled-in limit
in CLI command.)
Milan
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] luksFormat library API doesnt seem to work with large keyfiles.
2012-01-17 8:44 ` Milan Broz
@ 2012-01-18 3:15 ` .. ink ..
0 siblings, 0 replies; 3+ messages in thread
From: .. ink .. @ 2012-01-18 3:15 UTC (permalink / raw)
To: Milan Broz, dm-crypt
[-- Attachment #1: Type: text/plain, Size: 681 bytes --]
On Tue, Jan 17, 2012 at 3:44 AM, Milan Broz <mbroz@redhat.com> wrote:
> On 01/17/2012 09:05 AM, .. ink .. wrote:
>
>> using cryptsetup 1.4.1
>>
>> test case belo
>>
> (please also read examples in docs/examples)
>
>
I have seen the example and the source code, they are both easy to follow
and very informative.
>
>
> status = crypt_keyslot_add_by_volume_**key(
>> cd,CRYPT_ANY_SLOT,NULL,32,c,**strlen( c ) );
>>
>
> I guess strlen(c) is wrong, it will stop on the first zero (mp3 is binary
> data, not C string).
>
> What about use st.st_size here?
>
st.st_size works as expected so the bug was on my side. Will stop using
strlen to find out length of keyfiles.
Thanks
[-- Attachment #2: Type: text/html, Size: 1409 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-01-18 3:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-01-17 8:05 [dm-crypt] luksFormat library API doesnt seem to work with large keyfiles .. ink ..
2012-01-17 8:44 ` Milan Broz
2012-01-18 3:15 ` .. ink ..
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.