From: Jonas Meurer <jonas@freesources.org>
To: dm-crypt <dm-crypt@saout.de>
Subject: [dm-crypt] how to get keyslog PBKDF settings via libcryptsetup
Date: Tue, 28 Jan 2020 15:51:25 +0100 [thread overview]
Message-ID: <9c428b57-b3e7-38e1-d963-4596e46f69ea@freesources.org> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 1707 bytes --]
Hello dm-crypt folks,
I want to retrieve pbkdf params for active keyslots of LUKS devices.
First I looked into `crypt_keyslot_get_pbkdf()`, but contrary to what
the code suggests[1], it doesn't return values for LUKS1 devices.
Also, looking at the actual return valudes, it seems to return the
calculated values for a new keyslot, not the ones for the active
keyslot, right?
Is there another way to retrieve the values that `cryptsetup luksDump`
shows? I'm particularely interested in the `iterations` values for LUKS1
and `memory` values for LUKS2 devices.
Here's my (non-working code):
struct crypt_device *cd = NULL;
if (crypt_init_by_name(&cd, devices[i])) {
errx(EXIT_FAILURE, "couldn't init LUKS device %s", devices[i]);
} else {
int ks_max = crypt_keyslot_max(crypt_get_type(cd));
for (int j = 0; j < ks_max; j++) {
crypt_keyslot_info ki = crypt_keyslot_status(cd, j);
if (ki == CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_ACTIVE_LAST) {
// Keyslot is active
struct crypt_pbkdf_type pbkdf_ki;
if (crypt_keyslot_get_pbkdf(cd, ki, &pbkdf_ki)) {
printf(" max_memory_kb: %d\n", pbkdf_ki.max_memory_kb);
} else {
warn("No PBKDF for ks %d (device %s)", j, devices[i]);
}
}
}
}
crypt_free(cd);
When giving a LUKS2 device, I get (somewhat strange) results:
max_memory_kb: 1824273616
When giving a LUKS1 device, crypt_keyslot_get_pbkdf isn't successful:
cryptsetup-suspend: No PBKDF for ks 0 (device cont3_crypt): Success
Cheers
jonas
[1]
https://gitlab.com/cryptsetup/cryptsetup/blob/4448ddc/lib/setup.c#L5175-5178
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next reply other threads:[~2020-01-28 15:05 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-28 14:51 Jonas Meurer [this message]
2020-01-29 10:23 ` [dm-crypt] how to get keyslog PBKDF settings via libcryptsetup Ondrej Kozina
2020-01-29 14:14 ` Jonas Meurer
2020-01-29 10:32 ` Ondrej Kozina
2020-01-29 10:36 ` Ondrej Kozina
2020-01-30 4:38 ` [dm-crypt] Superblock size calculation EXTERNAL D Sharmila (Iwave, RBEI/PAC-PF)
2020-01-31 13:52 ` [dm-crypt] how to get keyslog PBKDF settings via libcryptsetup Ondrej Kozina
2020-01-31 13:55 ` Jonas Meurer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9c428b57-b3e7-38e1-d963-4596e46f69ea@freesources.org \
--to=jonas@freesources.org \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).