Re: [dm-crypt] about invalid key slots

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <mbroz@redhat.com>
To: ".. ink .." <mhogomchungu@gmail.com>
Cc: dm-crypt@saout.de
Subject: Re: [dm-crypt] about invalid key slots
Date: Mon, 02 Apr 2012 10:42:07 +0200	[thread overview]
Message-ID: <4F79665F.8080706@redhat.com> (raw)
In-Reply-To: <CAFnMBaR24NYrMLh2M+jskXfUSAJSsmwh3CvA=aR_Tkpkd6Sw=w@mail.gmail.com>

On 04/02/2012 07:43 AM, .. ink .. wrote:

> is it possible to get or how can i create a volume with an invalid
> key? i would lik3 to test this for my program zulucrypt but i cant
> seem to manage to corrupt a volume. The best i have got after trying
> for hours is inconsistency at best.

You do not need to add test for anything - crypt_load reports invalid header.

Obviously you cannot create invalid LUKS header with libcryptsetup
(or you found a bug :-) but you can easily simulate similar problem
e.g. by overwriting the second sector of device:

# cryptsetup luksFormat /dev/sdb
# dd if=/dev/urandom of=/dev/sdb seek=1 bs=512 count=1

# cryptsetup luksDump /dev/sdb
LUKS keyslot 6 is invalid.
LUKS keyslot 7 is invalid.

Note it is visible header, just keyslot info area, not the keyslot
itself. (Perhaps I should fix the error message.)

> crypt_keyslot_status API shows the key is invalid but cryptsetup
> luksDump shown the key slot as disabled and cryptsetup executable
> just says the password does not exist when trying to open the volume
> with the a key in  slot i try to make invalid

You are parsing some error code wrong, it should fail during
crypt_load() already. If it fails, using any api function
over invalid crypt context is undefined, whatever function it is.

Milan

next prev parent reply	other threads:[~2012-04-02  8:42 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-02  0:41 [dm-crypt] about invalid key slots .. ink ..
2012-04-02  5:43 ` .. ink ..
2012-04-02  7:47   ` Arno Wagner
2012-04-02  8:42   ` Milan Broz [this message]
     [not found]     ` <CAFnMBaS63WvxydnvMmhfXBjLKh4KkxYGg_CABHM3ypP6_63Zog@mail.gmail.com>
2012-04-02 10:10       ` .. ink ..
2012-04-02 11:15         ` Milan Broz
     [not found]       ` <4F7980D1.4080703@redhat.com>
2012-04-02 12:14         ` .. ink ..
2012-04-02 13:06           ` Milan Broz
     [not found]             ` <CAFnMBaTmxH+s2bwt+VJAtOb8sa6wHb2pTGtk5CxsM2+BYs0rpQ@mail.gmail.com>
2012-04-02 18:19               ` .. ink ..

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F79665F.8080706@redhat.com \
    --to=mbroz@redhat.com \
    --cc=dm-crypt@saout.de \
    --cc=mhogomchungu@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.