From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SgO0UzF7-fq5 for ; Mon, 2 Apr 2012 10:42:11 +0200 (CEST) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Mon, 2 Apr 2012 10:42:10 +0200 (CEST) Message-ID: <4F79665F.8080706@redhat.com> Date: Mon, 02 Apr 2012 10:42:07 +0200 From: Milan Broz MIME-Version: 1.0 References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] about invalid key slots List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: ".. ink .." Cc: dm-crypt@saout.de On 04/02/2012 07:43 AM, .. ink .. wrote: > is it possible to get or how can i create a volume with an invalid > key? i would lik3 to test this for my program zulucrypt but i cant > seem to manage to corrupt a volume. The best i have got after trying > for hours is inconsistency at best. You do not need to add test for anything - crypt_load reports invalid header. Obviously you cannot create invalid LUKS header with libcryptsetup (or you found a bug :-) but you can easily simulate similar problem e.g. by overwriting the second sector of device: # cryptsetup luksFormat /dev/sdb # dd if=/dev/urandom of=/dev/sdb seek=1 bs=512 count=1 # cryptsetup luksDump /dev/sdb LUKS keyslot 6 is invalid. LUKS keyslot 7 is invalid. Note it is visible header, just keyslot info area, not the keyslot itself. (Perhaps I should fix the error message.) > crypt_keyslot_status API shows the key is invalid but cryptsetup > luksDump shown the key slot as disabled and cryptsetup executable > just says the password does not exist when trying to open the volume > with the a key in slot i try to make invalid You are parsing some error code wrong, it should fail during crypt_load() already. If it fails, using any api function over invalid crypt context is undefined, whatever function it is. Milan