Package: cryptsetup Version: 2:1.0.6-7 Followup-For: Bug #513596
I just looked in the source, and the problem comes from lib/setup.c where it's explicitly denied to remove a key with itselfs (keyIndex == openedIndex). The attached patch removes this extra check. I rebuild the package and installed it, and it seems to work fine, I'm able to have an unusable luks partition : r...@pierre:/tmp# cryptsetup luksDump /dev/mapper/pierre-testluks LUKS header information for /dev/mapper/pierre-testluks Version: 1 Cipher name: aes Cipher mode: cbc-essiv:sha256 Hash spec: sha1 Payload offset: 2056 MK bits: 256 MK digest: 2b ba 0b 5a f9 cb 49 57 f6 db 7e cd 94 a6 21 fb 48 83 e3 02 MK salt: 58 89 47 04 76 85 e3 77 75 09 2e eb 41 e2 f7 18 8e 9f 27 03 38 a0 94 87 5e 95 1d fa 98 80 e3 9d MK iterations: 10 UUID: 1defedc2-a202-46fe-81ca-5ddbf997a891 Key Slot 0: DISABLED Key Slot 1: DISABLED Key Slot 2: DISABLED Key Slot 3: DISABLED Key Slot 4: DISABLED Key Slot 5: DISABLED Key Slot 6: DISABLED Key Slot 7: DISABLED I didn't noticed any side effect for now... -- System Information: Debian Release: 5.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.18-6-amd64 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages cryptsetup depends on: ii dmsetup 2:1.02.27-4 The Linux Kernel Device Mapper use ii libc6 2.7-18 GNU C Library: Shared libraries ii libdevmapper1.02.1 2:1.02.27-4 The Linux Kernel Device Mapper use ii libpopt0 1.14-4 lib for parsing cmdline parameters ii libuuid1 1.41.3-1 universally unique id library cryptsetup recommends no packages. Versions of packages cryptsetup suggests: ii dosfstools 3.0.1-1 utilities for making and checking ii initramfs-tools [linux-initra 0.92o tools for generating an initramfs ii udev 0.125-7 /dev/ and hotplug management daemo -- no debconf information
diff -ru cryptsetup-1.0.6.orig/lib/setup.c cryptsetup-1.0.6/lib/setup.c --- cryptsetup-1.0.6.orig/lib/setup.c 2009-01-30 17:06:59.000000000 +0100 +++ cryptsetup-1.0.6/lib/setup.c 2009-01-30 17:07:59.000000000 +0100 @@ -659,7 +659,7 @@ LUKS_dealloc_masterkey(mk); mk = NULL; } - if(openedIndex < 0 || keyIndex == openedIndex) { + if(openedIndex < 0) { options->icb->log(CRYPT_LOG_ERROR,"No remaining key available with this passphrase.\n"); r = -EPERM; goto out; } else