search

eternaltyro / cryptsetup

Since Google code is shuttering...
http://code.google.com/p/cryptsetup
GNU General Public License v2.0
0 stars 0 forks source link

Weird output when luksFormat'ing using --header AND --align-payload #155

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

Setup(key file for --header option):
dd if=/dev/zero of=key.img bs=1M count=4                                        

1. sudo cryptsetup luksFormat -q somenonexistingfile --header key.img 
--align-payload=1   
2. Enter LUKS passphrase at prompt.

What is the expected output?
No output

What do you see instead?
LUKS keyslot 0 is invalid.
LUKS keyslot 1 is invalid.
LUKS keyslot 2 is invalid.
LUKS keyslot 3 is invalid.
LUKS keyslot 4 is invalid.
LUKS keyslot 5 is invalid.
LUKS keyslot 6 is invalid.
LUKS keyslot 7 is invalid.
Error re-reading LUKS header after update on device /dev/loop0.

What version of the product are you using? On what operating system?

>cryptsetup --version
cryptsetup 1.4.3

>uname -a
Linux thelap 3.8.0-17-generic #27-Ubuntu SMP Sun Apr 7 19:40:26 UTC 2013 i686 
i686 i686 GNU/Linux

Please provide any additional information below.

Increasing the --align-payload option value sees only part of the keyslots as 
marked invalid.
E.g.
>sudo cryptsetup luksFormat -q somenonexistingfile --header key.img 
--align-payload=1024

Gives:
LUKS keyslot 3 is invalid.
LUKS keyslot 4 is invalid.
LUKS keyslot 5 is invalid.
LUKS keyslot 6 is invalid.
LUKS keyslot 7 is invalid.
Error re-reading LUKS header after update on device /dev/loop0.

Further increasing the value makes the error output disappear:
>sudo cryptsetup luksFormat -q somenonexistingfile --header key.img 
--align-payload=2056

No output

Even further increasing the value changes the error output(one beyond sector 
length of key file):
>sudo cryptsetup luksFormat -q somenonexistingfile --header key.img 
--align-payload=8193

Output:
Device /dev/loop0 is too small.

Original issue reported on code.google.com by cms...@gmail.com on 20 Apr 2013 at 1:19

GoogleCodeExporter commented 9 years ago 
Hm, wonderful bug. Version 1.6.1 behaves differently but the problem is still 
there.

Thanks for reporting it.

Original comment by gmazyl...@gmail.com on 24 Apr 2013 at 9:01

GoogleCodeExporter commented 9 years ago 
Yep, I noticed that, too.

Thought I should report it against the older versions, though, in case those 
are still supported.

Original comment by cms...@gmail.com on 24 Apr 2013 at 10:53

GoogleCodeExporter commented 9 years ago 
Fixed (or better said small offset disabled) in commit
http://code.google.com/p/cryptsetup/source/detail?r=ae9c9cf369cb24ac5267376401c8
0c2c40ada6a2#

So you should now see:
# cryptsetup luksFormat -q somefile --header key.img --align-payload=1
Enter passphrase: 
Data offset for detached LUKS header must be either 0 or higher than header 
size (2050 sectors).

See explanation in commit. In short, if you want detached header, you can 
either use data offset 0 (so whole data device is used) or there is always 
"reserved" space on data device of header size. (You can always fill this space 
with random data or whatever - it is not used).

That's perhaps the safest solution for the current LUKS format.

Original comment by gmazyl...@gmail.com on 11 May 2013 at 9:21