[prev in list] [next in list] [prev in thread] [next in thread]
List: dm-crypt
Subject: Re: [dm-crypt] how to get keyslog PBKDF settings via libcryptsetup
From: Jonas Meurer <jonas () freesources ! org>
Date: 2020-01-31 13:55:49
Message-ID: d7ff66c0-6060-90e8-e45b-d1fc0b2d4cff () freesources ! org
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
Hello,
Ondrej Kozina:
> For anyone interested,
>
> there was a minor bug in LUKS1 crypt_keyslot_get_pbkdf() where we
> returned pbkdf values even for an inactive keyslot. It was fixed with
> commit
> https://gitlab.com/cryptsetup/cryptsetup/commit/47d0cf495dae03822c76ef2ef482f940208d9062
> and it will get distributed with upstream 2.3.0 release.
And for anyone interested in my code example, the major bug was there. I
passed 'ki' (which is the flag that indicates the keyslot status)
instead of 'j' (the keyslot number) to crypt_keyslot_get_pbkdf(). Thanks
to Ondrej for pointing that out!
Here's a fixed version of my example code:
#include <stdlib.h>
#include <stdio.h>
#include <err.h>
#include <string.h>
#include <libcryptsetup.h>
int main(int argc, char *argv[]) {
if (argc != 3 || (strcmp(argv[1], CRYPT_LUKS1) != 0 &&
strcmp(argv[1], CRYPT_LUKS2) != 0))
errx(EXIT_FAILURE, "expects LUKS1/LUKS2 as first and LUKS device
as second argument");
struct crypt_device *cd = NULL;
if (crypt_init(&cd, argv[2]) < 0)
err(EXIT_FAILURE, "crypt_init failed");
if (crypt_load(cd, argv[1], NULL) < 0)
err(EXIT_FAILURE, "crypt_load failed");
fprintf(stderr, "Device %s (type %s)\n", argv[2], crypt_get_type(cd));
int ks_max = crypt_keyslot_max(crypt_get_type(cd));
for (int j = 0; j < ks_max; j++) {
crypt_keyslot_info ki = crypt_keyslot_status(cd, j);
if (ki != CRYPT_SLOT_ACTIVE && ki != CRYPT_SLOT_ACTIVE_LAST)
continue;
fprintf(stderr, "Active keyslot %d: %d\n", j, ki);
struct crypt_pbkdf_type pbkdf_ki;
int res = crypt_keyslot_get_pbkdf(cd, j, &pbkdf_ki);
fprintf(stderr, " return code: %d\n", res);
fprintf(stderr, " iterations: %d\n", pbkdf_ki.iterations);
fprintf(stderr, " max_memory_kb: %d\n", pbkdf_ki.max_memory_kb);
}
crypt_free(cd);
}
Cheers
jonas
["signature.asc" (application/pgp-signature)]
_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
https://www.saout.de/mailman/listinfo/dm-crypt
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic