Failed to delete LUKS2 header (omv5)
subzero79 opened this issue · 2 comments
subzero79 commented
Again same as issue #26 luks2 dumps the output differently from luks1, this fails to parse the header offset. This makes dd fails as there is no count value argument
LUKS1
LUKS header information for /dev/vdg
Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha256
Payload offset: 4096
MK bits: 512
MK digest: fa 51 65 84 10 6b 1d 5b fe 1e 2d 52 58 48 a8 ef 4c 1a ae 33
MK salt: 92 4f c5 93 9e fe dc ea f9 82 c1 1e dc 5d 54 57
6d 0f 72 87 a2 9b cc f4 20 ec 89 5d 96 ee 61 88
MK iterations: 86231
UUID: 2c0a2db2-f14a-45e0-a0c2-1278581cecfd
Key Slot 0: ENABLED
Iterations: 1388842
Salt: 69 e2 69 b3 41 1d 12 14 e8 68 1c 5e 87 2f 6f 9d
ee 36 7f 32 9f e9 97 7d a4 3d fa 9a a4 aa a0 be
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
LUKS2
LUKS header information
Version: 2
Epoch: 4
Metadata area: 16384 [bytes]
Keyslots area: 16744448 [bytes]
UUID: ada57cad-239d-43da-aee8-6d35c0c88c6c
Label: (no label)
Subsystem: (no subsystem)
Flags: (no flags)
Data segments:
0: crypt
offset: 16777216 [bytes]
length: (whole device)
cipher: aes-xts-plain64
sector: 512 [bytes]
Keyslots:
0: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
Destroy the header by overwriting it
$cmd = sprintf("dd if=/dev/urandom of=%s bs=512 count=%s",
escapeshellarg($sd->getDeviceFile()),
escapeshellarg($header_size));
$process = new Process($cmd);
$process->setRedirect2to1();
$process->execute($output, $exitStatus);
PBKDF: argon2i
Time cost: 4
Memory: 438162
Threads: 1
Salt: 39 9b 6c b4 b6 15 82 31 8a d5 50 db 3d ac aa 2e
79 bc 05 f9 12 e3 3d 54 c1 b7 01 98 ee 52 c1 c1
AF stripes: 4000
AF hash: sha256
Area offset:32768 [bytes]
Area length:258048 [bytes]
Digest ID: 0
1: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: argon2i
Time cost: 4
Memory: 392461
Threads: 1
Salt: 09 ee 5b 21 c3 d4 9b 64 cb 45 5a 1e f7 64 c9 96
b7 65 1d 20 41 e7 4e 41 49 e1 a3 d8 ef c6 a5 cf
AF stripes: 4000
AF hash: sha256
Area offset:290816 [bytes]
Area length:258048 [bytes]
Digest ID: 0
Tokens:
Digests:
0: pbkdf2
Hash: sha256
Iterations: 87849
Salt: 9f 75 b0 4d ad ce 7f 48 67 eb 63 7a e3 38 cc 65
a4 19 fd b0 78 0d 08 4d 0f ca 6c 10 c7 61 44 16
Digest: b4 43 2e 61 9b a5 02 90 9e a8 81 b0 6e 1b 87 01
05 56 ab 81 12 8a 66 6d cf 76 b0 0f 65 bb 19 d6
For now just depending on the luks version will set header to 4KB for v1, and 16MB for luks2
This should go on remove method of luks container instance, feels like duplicate code since version is already gathered at getData(),
@ryecoaaron is there a way of calling the getData() function inside remove() ?
$version = explode(':',
preg_replace('/\s/',
'',
implode('',
preg_grep("/^Version:/",
$this->headerInfo))))[1];
if ($version = 1) {
$header_size = 4096;
} else if ($version = 2) {
$header_size = 16777216;
}
ryecoaaron commented
@subzero79 Sure, $this->getData() since they are in the same class.
subzero79 commented
Just in case someone steps into the same error
Unable to remove encrypted device: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; dd if=/dev/urandom of='/dev/vdh' bs=512 count='' 2>&1' with exit code '1': dd: invalid number: ‘’
Error #0:
OMV\Exception: Unable to remove encrypted device: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; dd if=/dev/urandom of='/dev/vdh' bs=512 count='' 2>&1' with exit code '1': dd: invalid number: ‘’ in /usr/share/openmediavault/engined/rpc/luks.inc:440
Stack trace:
#0 [internal function]: OMVRpcServiceLuksMgmt->deleteContainer(Array, Array)
#1 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
#2 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('deleteContainer', Array, Array)
#3 /usr/sbin/omv-engined(537): OMV\Rpc\Rpc::call('LuksMgmt', 'deleteContainer', Array, Array, 1)
#4 {main}