Posted by: Wildan Maulana | September 11, 2007

[SOLVED] The code Flow of cryptsetup luksFormat

The command :

bash-3.2# cryptsetup -y –cipher plain luksFormat /dev/mmcblk0p2


This will overwrite data on /dev/mmcblk0p2 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:

Unable to obtain sector size for /dev/mmcblk0p2
Failed to setup dm-crypt key mapping.
Check kernel for support for the plain-cbc-plain cipher spec and verify that /dev/mmcblk0p2 contains at least 133 sectors.
Failed to write to key storage.

Command failed.

Here is the execution flow … :

First the command execute the following function (cryptsetup-1.0.5/src/cryptsetup.c)

static int action_luksFormat(int arg)
struct crypt_options options = {
.key_size = (opt_key_size != 0 ? opt_key_size : DEFAULT_LUKS_KEY_SIZE) / 8,
.device = action_argv[0],
.cipher = opt_cipher?opt_cipher:DEFAULT_LUKS_CIPHER,
.new_key_file = action_argc > 1 ? action_argv[1] : NULL,
.flags = opt_verify_passphrase ? CRYPT_FLAG_VERIFY : (!opt_batch_mode?CRYPT_FLAG_VERIFY_IF_POSSIBLE : 0),
.iteration_time = opt_iteration_time,
.timeout = opt_timeout,
.align_payload = opt_align_payload,

int r = 0; char *msg = NULL;

if(asprintf(&msg, _(“This will overwrite data on %s irrevocably.”), options.device) == -1) {
fputs(_(“memory allocation error in action_luksFormat”), stderr);
} else {
r = yesDialog(msg) ? crypt_luksFormat(&options) : -EINVAL;
return r;

After you answer the question with “YES”, then it will execute the crypt_luksFormat(&options) function which is on cryptsetup-1.0.5/lib/setup.c

int crypt_luksFormat(struct crypt_options *options)
return crypt_job(__crypt_luks_format, 0, options);

Then this function will call __crypt_luks_format(), which is on cryptsetup-1.0.5/lib/setup.c

static int __crypt_luks_format(int arg, struct setup_backend *backend, struct crypt_options *options)
int r;

struct luks_phdr header;
struct luks_masterkey *mk=NULL;
char *password;
char cipherName[LUKS_CIPHERNAME_L];
char cipherMode[LUKS_CIPHERMODE_L];
int passwordLen;
int PBKDF2perSecond;

mk = LUKS_generate_masterkey(options->key_size);
if(NULL == mk) return –ENOMEM;

#define printoffset(entry) printf(“offset of ” #entry ” = %d\n”, (char *)(&header.entry)-(char *)(&header))

printf(“sizeof phdr %d, key slot %d\n”,sizeof(struct luks_phdr),sizeof(header.keyblock[0]));

r = parse_into_name_and_mode(options->cipher, cipherName, cipherMode);
if(r < 0) return r;

r = LUKS_generate_phdr(&header,mk,cipherName, cipherMode,LUKS_STRIPES, options->align_payload);
if(r < 0) {
set_error(“Can’t write phdr”);
return r;

PBKDF2perSecond = LUKS_benchmarkt_iterations();
header.keyblock[0].passwordIterations = at_least_one(PBKDF2perSecond * ((float)options->iteration_time / 1000.0));
fprintf(stderr, “pitr %d\n”, header.keyblock[0].passwordIterations);
options->key_size = 0; // FIXME, define a clean interface some day.
options->key_file = options->new_key_file;
options->new_key_file = NULL;
get_key(options,”Enter LUKS passphrase: “,&password,&passwordLen);
if(!password) {
r = -EINVAL; goto out;
r = LUKS_set_key(options->device, 0, password, passwordLen, &header, mk, backend);
if(r < 0) goto out;

r = 0;
return r;

If the LUKS_generate_masterkey return true (program successfully creating the masterkey)
then it will execute parse_into_name_and_mode() if this function
return values greater than 0 it will execute LUKS_generate_phdr().

Then it will ask you for the passphrase, if the passphrase you
entered twice right, then it will execute the
LUKS_set_key() function


  1. […] cryptsetup –cipher aes luksOpen /dev/mmcblk0p2 rahasia After previous problem was solved …, now i encounter a new problem when try to open the encrypted partition with […]

  2. Somehow i missed the point. Probably lost in translation🙂 Anyway … nice blog to visit.

    cheers, Quaker

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: