[dm-crypt] how to get keyslog PBKDF settings via libcryptsetup

[dm-crypt] how to get keyslog PBKDF settings via libcryptsetup

[Jonas Meurer]

[-- Attachment #1.1: Type: text/plain, Size: 1707 bytes --]

Hello dm-crypt folks,

I want to retrieve pbkdf params for active keyslots of LUKS devices.
First I looked into `crypt_keyslot_get_pbkdf()`, but contrary to what
the code suggests[1], it doesn't return values for LUKS1 devices.

Also, looking at the actual return valudes, it seems to return the
calculated values for a new keyslot, not the ones for the active
keyslot, right?

Is there another way to retrieve the values that `cryptsetup luksDump`
shows? I'm particularely interested in the `iterations` values for LUKS1
and `memory` values for LUKS2 devices.

Here's my (non-working code):

struct crypt_device *cd = NULL;
if (crypt_init_by_name(&cd, devices[i])) {
    errx(EXIT_FAILURE, "couldn't init LUKS device %s", devices[i]);
} else {
    int ks_max = crypt_keyslot_max(crypt_get_type(cd));
    for (int j = 0; j < ks_max; j++) {
        crypt_keyslot_info ki = crypt_keyslot_status(cd, j);
        if (ki == CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_ACTIVE_LAST) {
            // Keyslot is active
            struct crypt_pbkdf_type pbkdf_ki;
            if (crypt_keyslot_get_pbkdf(cd, ki, &pbkdf_ki)) {
                printf("  max_memory_kb: %d\n", pbkdf_ki.max_memory_kb);
            } else {
                warn("No PBKDF for ks %d (device %s)", j, devices[i]);
           }
        }
    }
}
crypt_free(cd);


When giving a LUKS2 device, I get (somewhat strange) results:

  max_memory_kb: 1824273616

When giving a LUKS1 device, crypt_keyslot_get_pbkdf isn't successful:

cryptsetup-suspend: No PBKDF for ks 0 (device cont3_crypt): Success

Cheers
 jonas

[1]
https://gitlab.com/cryptsetup/cryptsetup/blob/4448ddc/lib/setup.c#L5175-5178


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [dm-crypt] how to get keyslog PBKDF settings via libcryptsetup

[Ondrej Kozina]

On 1/28/20 3:51 PM, Jonas Meurer wrote:
> Hello dm-crypt folks,
> 
> I want to retrieve pbkdf params for active keyslots of LUKS devices.
> First I looked into `crypt_keyslot_get_pbkdf()`, but contrary to what
> the code suggests[1], it doesn't return values for LUKS1 devices.

No, it should definitely work. What version of library have you tested 
it with?

> 
> Also, looking at the actual return valudes, it seems to return the
> calculated values for a new keyslot, not the ones for the active
> keyslot, right?

Again, this would be either bug in libcryptsetup or some mistake in your 
application code. Looking at libcryptsetup code it extracts values 
directly from metadata for both LUKS1 and LUKS2.

> 
> Is there another way to retrieve the values that `cryptsetup luksDump`
> shows? I'm particularely interested in the `iterations` values for LUKS1
> and `memory` values for LUKS2 devices.
> 
> Here's my (non-working code):
> 
> struct crypt_device *cd = NULL;
> if (crypt_init_by_name(&cd, devices[i])) {
>      errx(EXIT_FAILURE, "couldn't init LUKS device %s", devices[i]);
> } else {
>      int ks_max = crypt_keyslot_max(crypt_get_type(cd));
>      for (int j = 0; j < ks_max; j++) {
>          crypt_keyslot_info ki = crypt_keyslot_status(cd, j);
>          if (ki == CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_ACTIVE_LAST) {
>              // Keyslot is active
>              struct crypt_pbkdf_type pbkdf_ki;
>              if (crypt_keyslot_get_pbkdf(cd, ki, &pbkdf_ki)) {
>                  printf("  max_memory_kb: %d\n", pbkdf_ki.max_memory_kb);
>              } else {
>                  warn("No PBKDF for ks %d (device %s)", j, devices[i]);
>             }
>          }
>      }
> }
> crypt_free(cd);

Do you get same values when you try to modify your code a bit?

Could you replace crypt_init_by_name() with

crypt_init(/path/to/luks/metadata/device)
and subsequent
crypt_load()

Do you get same (wrong) values?

O.

Re: [dm-crypt] how to get keyslog PBKDF settings via libcryptsetup

[Ondrej Kozina]

On 1/28/20 3:51 PM, Jonas Meurer wrote:
> 
> When giving a LUKS1 device, crypt_keyslot_get_pbkdf isn't successful:
> 
> cryptsetup-suspend: No PBKDF for ks 0 (device cont3_crypt): Success

For _valid_ LUKS1 device with keyslot 0, this is impossible to get from 
cryptsetup library. The crypt_keyslot_get_pbkdf can't fail in such case. 
So, are you sure *cd contains proper LUKS1 context?

O.

Re: [dm-crypt] how to get keyslog PBKDF settings via libcryptsetup

[Ondrej Kozina]

Hi,

On 1/28/20 3:51 PM, Jonas Meurer wrote:
>              if (crypt_keyslot_get_pbkdf(cd, ki, &pbkdf_ki)) {
>                  printf("  max_memory_kb: %d\n", pbkdf_ki.max_memory_kb);
>              } else {
>                  warn("No PBKDF for ks %d (device %s)", j, devices[i]);
>             }

Probably, you've just switched the condition on 
crypt_keyslot_get_pbkdf(). It returns 0 on success and negative value 
otherwise.

Regards O.

Re: [dm-crypt] how to get keyslog PBKDF settings via libcryptsetup

[Jonas Meurer]

[-- Attachment #1.1: Type: text/plain, Size: 3096 bytes --]

Hey Ondrej,

Ondrej Kozina:
> On 1/28/20 3:51 PM, Jonas Meurer wrote:
>> Hello dm-crypt folks,
>>
>> I want to retrieve pbkdf params for active keyslots of LUKS devices.
>> First I looked into `crypt_keyslot_get_pbkdf()`, but contrary to what
>> the code suggests[1], it doesn't return values for LUKS1 devices.
> 
> No, it should definitely work. What version of library have you tested
> it with?

Thanks for your comments and confirming that I'm on the right track :)

I'm using the latest cryptsetup 2.2.2 version (from the Debian packages).

> So, are you sure *cd contains proper LUKS1 context?

At least I hope so. `crypt_get_type(cd)` returns 'LUKS1' and 'LUKS2'
respectively.

> Probably, you've just switched the condition on
> crypt_keyslot_get_pbkdf(). It returns 0 on success and negative value
> otherwise.

That's how I first understood it that way as well. But after some
testing I got the impression that my crypt_pbkdf_type struct contains
values if the return code is *not* 0. Anyway, I checked the return codes
of `crypt_keyslot_get_pbkdf(cd, ki, &pbkdf_ki)` now for LUKS1 and LUKS2
devices and interestingly, I always get return code '0' for LUKS1
devices and '-2' for LUKS2 devices:

Device cont1_crypt (type LUKS2)
Active keyslot 0: 2
  return code: -2
Active keyslot 1: 2
  return code: -2

Device cont3_crypt (type LUKS1)
Active keyslot 0: 3
cryptsetup-suspend: couldn't get PBKDF for keyslot 0 of device
cont3_crypt: Success
  return code: 0

Also, the crypt_pbkdf_type struct has values '0' for all integers for
LUKS1 and seems to have random values for LUKS2 (probably pointers to
random memory pages?).

Simplified code:

struct crypt_device *cd = NULL;
crypt_init_by_name(&cd, devices[i]);
printf("Device %s (type %s)\n", devices[i], crypt_get_type(cd));
int ks_max = crypt_keyslot_max(crypt_get_type(cd));
for (int j = 0; j < ks_max; j++) {
    crypt_keyslot_info ki = crypt_keyslot_status(cd, j);
    if (ki != CRYPT_SLOT_ACTIVE && ki != CRYPT_SLOT_ACTIVE_LAST)
        continue;
    printf("Active keyslot %d: %d\n", j, ki);
    struct crypt_pbkdf_type pbkdf_ki;
    int res = crypt_keyslot_get_pbkdf(cd, ki, &pbkdf_ki);
    printf("  return code: %d\n", res);
}
crypt_free(cd);


>> Also, looking at the actual return valudes, it seems to return the
>> calculated values for a new keyslot, not the ones for the active
>> keyslot, right?
> 
> Again, this would be either bug in libcryptsetup or some mistake in your
> application code. Looking at libcryptsetup code it extracts values
> directly from metadata for both LUKS1 and LUKS2.

Yep, apparently either I'm doing something wrong or there's a bug in
libcryptsetup. Unfortunately I'm not sure which one is true ;)

> Do you get same values when you try to modify your code a bit?
> 
> Could you replace crypt_init_by_name() with
> 
> crypt_init(/path/to/luks/metadata/device)
> and subsequent
> crypt_load()
> 
> Do you get same (wrong) values?

Jep, I now tried that with exactly the same results.

Cheers
 jonas


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[dm-crypt] Superblock size calculation

[EXTERNAL D Sharmila (Iwave, RBEI/PAC-PF)]

Hi team,

	How to find the superblock size of the physical device which is
encrypted using dm-crypt utility. I have formatted my device using
integritysetup tool and applied integrity using dm-integrity and dm-
crypt stacked on top of that. So my requirement is to corrupt the
physical layer of the device except superblock and check whether it is
mounting successfully. 

Note: I tried corrupting the super block (initial some blocks ) and
tried mounting and it fails. so now I have to try without corrupting
any blocks of the superblock and rest of the things I need to corrupt.

The integritysetup dump is giving me the following result.

root@imx8dx_ccu:~# integritysetup dump /dev/mmcblk0p5 
Info for integrity device /dev/mmcblk0p5.
superblock_version 1
log2_interleave_sectors 15
integrity_tag_size 32
journal_sections 1
provided_data_sectors 14240
sector_size 512
flags 
root@imx8dx_ccu:~# 

How to find the superblock size of the device ?

Regards,
Sharmila

Re: [dm-crypt] how to get keyslog PBKDF settings via libcryptsetup

[Ondrej Kozina]

For anyone interested,

there was a minor bug in LUKS1 crypt_keyslot_get_pbkdf() where we 
returned pbkdf values even for an inactive keyslot. It was fixed with 
commit 
https://gitlab.com/cryptsetup/cryptsetup/commit/47d0cf495dae03822c76ef2ef482f940208d9062 
and it will get distributed with upstream 2.3.0 release.

O.

Re: [dm-crypt] how to get keyslog PBKDF settings via libcryptsetup

[Jonas Meurer]

[-- Attachment #1.1: Type: text/plain, Size: 1961 bytes --]

Hello,

Ondrej Kozina:
> For anyone interested,
> 
> there was a minor bug in LUKS1 crypt_keyslot_get_pbkdf() where we
> returned pbkdf values even for an inactive keyslot. It was fixed with
> commit
> https://gitlab.com/cryptsetup/cryptsetup/commit/47d0cf495dae03822c76ef2ef482f940208d9062
> and it will get distributed with upstream 2.3.0 release.

And for anyone interested in my code example, the major bug was there. I
passed 'ki' (which is the flag that indicates the keyslot status)
instead of 'j' (the keyslot number) to crypt_keyslot_get_pbkdf(). Thanks
to Ondrej for pointing that out!

Here's a fixed version of my example code:

#include <stdlib.h>
#include <stdio.h>
#include <err.h>
#include <string.h>

#include <libcryptsetup.h>

int main(int argc, char *argv[]) {
    if (argc != 3 || (strcmp(argv[1], CRYPT_LUKS1) != 0 &&
strcmp(argv[1], CRYPT_LUKS2) != 0))
        errx(EXIT_FAILURE, "expects LUKS1/LUKS2 as first and LUKS device
as second argument");
    struct crypt_device *cd = NULL;
    if (crypt_init(&cd, argv[2]) < 0)
        err(EXIT_FAILURE, "crypt_init failed");
    if (crypt_load(cd, argv[1], NULL) < 0)
        err(EXIT_FAILURE, "crypt_load failed");
    fprintf(stderr, "Device %s (type %s)\n", argv[2], crypt_get_type(cd));
    int ks_max = crypt_keyslot_max(crypt_get_type(cd));
    for (int j = 0; j < ks_max; j++) {
        crypt_keyslot_info ki = crypt_keyslot_status(cd, j);
        if (ki != CRYPT_SLOT_ACTIVE && ki != CRYPT_SLOT_ACTIVE_LAST)
            continue;
        fprintf(stderr, "Active keyslot %d: %d\n", j, ki);
        struct crypt_pbkdf_type pbkdf_ki;
        int res = crypt_keyslot_get_pbkdf(cd, j, &pbkdf_ki);
        fprintf(stderr, "  return code: %d\n", res);
        fprintf(stderr, "  iterations: %d\n", pbkdf_ki.iterations);
        fprintf(stderr, "  max_memory_kb: %d\n", pbkdf_ki.max_memory_kb);
    }
    crypt_free(cd);
}

Cheers
 jonas


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]