Bug#726448: marked as done (partman-crypto: crypto-volume wiping less secure than volume encryption)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 09 Nov 2013 15:26:51 +0000
with message-id <E1VfAR1-0001mV-Nt@franck.debian.org>
and subject line Bug#726448: fixed in partman-crypto 66
has caused the Debian Bug report #726448,
regarding partman-crypto: crypto-volume wiping less secure than volume encryption
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
726448: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726448
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: partman-crypto: crypto-volume wiping less secure than volume encryption
• From: Thiemo Nagel <thiemo.nagel@gmail.com>
• Date: Tue, 15 Oct 2013 21:38:08 +0200
• Message-id: <20131015193808.16932.74457.reportbug@kiste>

Package: partman-crypto
Version: 63
Severity: important
Tags: d-i patch

Hello,

[copied from changelog:]

Wiping of crypto volumes is done by setting up dmcrypt for the volume, filling
it with zeroes and then forgetting the key.  Previously, for the transient
crypto-volume, always the configuration "aes xts-plain64 128" had been used.
In the case the user chose a stronger setting, eg. "aes xts-plain64 256", this
meant that wiping occured with less security than encryption, i.e. metadata
was protected less than the actual data.

This changeset causes crypto_wipe_device() to read the encryption settings of
the to-be-wiped volume and to use them for wiping, too.

Cheers,
Thiemo

P.S.: The second patch adds a bit of logging. Please only apply it if you
consider that useful.

>From c50fb8869e6ff5686c25b53afedd71cba524f255 Mon Sep 17 00:00:00 2001
From: Thiemo Nagel <thiemo.nagel@gmail.com>
Date: Mon, 14 Oct 2013 10:38:09 +0200
Subject: [PATCH 1/2] Use configured crypto options for volume wiping

Wiping of crypto volumes is done by setting up dmcrypt for the volume, filling
it with zeroes and then forgetting the key.  Previously, for the transient
crypto-volume, always the configuration "aes xts-plain64 128" had been used.
In the case the user chose a stronger setting, eg. "aes xts-plain64 256", this
meant that wiping occured with less security than encryption, i.e. metadata
was protected less than the actual data.

This changeset causes crypto_wipe_device() to read the encryption settings of
the to-be-wiped volume and to use them for wiping, too.
---
 active_partition/erasepart/do_option |    7 +------
 lib/crypto-base.sh                   |   20 ++++++++++++++------
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/active_partition/erasepart/do_option b/active_partition/erasepart/do_option
index 5afcd11..ab46844 100755
--- a/active_partition/erasepart/do_option
+++ b/active_partition/erasepart/do_option
@@ -9,11 +9,6 @@ part=$dev/$id
 
 cd $dev
 
-type=""
-if [ -f $part/crypto_type ]; then
-	type=$(cat $part/crypto_type)
-fi
-
 if [ -f $part/skip_erase ]; then
 	exit 0
 fi
@@ -22,4 +17,4 @@ open_dialog PARTITION_INFO $id
 read_line num id size type fs path name
 close_dialog
 
-crypto_wipe_device $path $type "" || true
+crypto_wipe_device $path $part "" || true
diff --git a/lib/crypto-base.sh b/lib/crypto-base.sh
index e0f8e77..b34e984 100644
--- a/lib/crypto-base.sh
+++ b/lib/crypto-base.sh
@@ -313,9 +313,9 @@ crypto_do_wipe () {
 }
 
 crypto_wipe_device () {
-	local device method interactive targetdevice
+	local device part interactive type cipher ivalgorithm keysize targetdevice
 	device=$1
-	method=$2
+	part=$2
 	interactive=$3
 	if [ "$interactive" != no ]; then
 		interactive=yes
@@ -335,10 +335,18 @@ crypto_wipe_device () {
 		fi
 	fi
 
+	type=""
+	if [ -r $part/crypto_type ]; then
+		type=$(cat $part/crypto_type)
+	fi
+
 	# Setup crypto
-	if [ $method = dm-crypt ]; then
+	if [ "$type" = dm-crypt ]; then
+		cipher=$(cat $part/cipher)
+		ivalgorithm=$(cat $part/ivalgorithm)
+		keysize=$(cat $part/keysize)
 		targetdevice=$(get_free_mapping)
-		setup_dmcrypt $targetdevice $device aes xts-plain64 plain 128 /dev/urandom || return 1
+		setup_dmcrypt $targetdevice $device $cipher $ivalgorithm plain $keysize /dev/urandom || return 1
 		targetdevice="/dev/mapper/$targetdevice"
 	else
 		# Just wipe the device with zeroes
@@ -358,7 +366,7 @@ crypto_wipe_device () {
 	fi
 
 	# Teardown crypto
-	if [ $method = dm-crypt ]; then
+	if [ "$type" = dm-crypt ]; then
 		log-output -t partman-crypto /sbin/cryptsetup remove ${targetdevice##/dev/mapper/}
 	fi
 
@@ -751,7 +759,7 @@ crypto_setup() {
 				continue
 			fi
 
-			if ! crypto_wipe_device $path $(cat $id/crypto_type) $interactive; then
+			if ! crypto_wipe_device $path $dev/$id $interactive; then
 				db_fset partman-crypto/commit_failed seen false
 				db_input critical partman-crypto/commit_failed
 				db_go || true
-- 
1.7.10.4

>From d92737985c370d1289ad696e11d8a4a6d2abef62 Mon Sep 17 00:00:00 2001
From: Thiemo Nagel <thiemo.nagel@gmail.com>
Date: Mon, 14 Oct 2013 10:39:34 +0200
Subject: [PATCH 2/2] Add a bit of logging to crypto_wipe_device()

---
 lib/crypto-base.sh |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/crypto-base.sh b/lib/crypto-base.sh
index b34e984..5b9e918 100644
--- a/lib/crypto-base.sh
+++ b/lib/crypto-base.sh
@@ -348,9 +348,11 @@ crypto_wipe_device () {
 		targetdevice=$(get_free_mapping)
 		setup_dmcrypt $targetdevice $device $cipher $ivalgorithm plain $keysize /dev/urandom || return 1
 		targetdevice="/dev/mapper/$targetdevice"
+		log "wiping $targetdevice with $cipher $ivalgorithm $keysize"
 	else
 		# Just wipe the device with zeroes
 		targetdevice=$device
+		log "wiping $targetdevice with plain zeroes"
 	fi
 
 	# Erase
-- 
1.7.10.4

--- End Message ---

--- Begin Message ---

• To: 726448-close@bugs.debian.org
• Subject: Bug#726448: fixed in partman-crypto 66
• From: Christian Perrier <bubulle@debian.org>
• Date: Sat, 09 Nov 2013 15:26:51 +0000
• Message-id: <E1VfAR1-0001mV-Nt@franck.debian.org>

Source: partman-crypto
Source-Version: 66

We believe that the bug you reported is fixed in the latest version of
partman-crypto, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 726448@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Perrier <bubulle@debian.org> (supplier of updated partman-crypto package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 09 Nov 2013 09:14:39 +0100
Source: partman-crypto
Binary: partman-crypto partman-crypto-dm
Architecture: source i386 all
Version: 66
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Christian Perrier <bubulle@debian.org>
Description: 
 partman-crypto - Add to partman support for block device encryption (udeb)
 partman-crypto-dm - Add to partman support for dm-crypt encryption (udeb)
Closes: 726448
Changes: 
 partman-crypto (66) unstable; urgency=low
 .
   [ Thiemo Nagel ]
   * Use the same security setting for wiping existing volumes
     than previous settings, when the volume was already encrypted.
     Closes: #726448
Checksums-Sha1: 
 1ef7aaf4090d3e5845407bbbf84bdd47f1efb905 1782 partman-crypto_66.dsc
 afdf8f22207d4b86fb791ce3a810cc03272b80af 377343 partman-crypto_66.tar.gz
 73bc2fa461992f93b94fd1902792429e8a719bca 295526 partman-crypto_66_i386.udeb
 cb2bb40c4121029fce07e6a149c725553a9e6bfe 1328 partman-crypto-dm_66_all.udeb
Checksums-Sha256: 
 9e02fa7c1f701ebc52637b8716123e44f76187d4c14d56f5b3f39fbaed6e1c49 1782 partman-crypto_66.dsc
 563aac99cc7309bb54ae11c82fcc490ddd560c85d3499b39befd9ae644ca03b8 377343 partman-crypto_66.tar.gz
 fde72c762e4407baaa04f6689b2eb716387b41334f93a822bab594ce49f47a2d 295526 partman-crypto_66_i386.udeb
 8e34e9a31dee0f8c0fc89acdeef06053318e07b427f0c08dd05e5754fbd715d3 1328 partman-crypto-dm_66_all.udeb
Files: 
 0c468d86c3a7547bb37e7f6d1f62bd02 1782 debian-installer optional partman-crypto_66.dsc
 25d718d9f64022b66712a80493555452 377343 debian-installer optional partman-crypto_66.tar.gz
 a0fbee501b75606c54a1b3ffd50d5c34 295526 debian-installer optional partman-crypto_66_i386.udeb
 47d5efa71a5e7c26d971e74c71d4923e 1328 debian-installer optional partman-crypto-dm_66_all.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIVAwUBUn466IcvcCxNbiWoAQKZhhAAgiOZgDIMCka/JI5wwXf+0TVgvCQY5KqZ
LbhW2ds7rCEeeiFNOMenMwBYmgA+zoDNGEwqY/MQOTrwRTWQH4x2O9LEw8Wo97OU
WnwMjI9pmmgXdSKLJfG717sevFKgYSfxyRryk+5vK6IF06qign3zXza6L4lqsawc
sz3FcUXNkoxwuFatGR2sxLWBl1UOzcQA46yV6kY2owNhIHDMVsNSpTfP7JaA1cvw
0n9xI1LshF0xSOZw3t60cfcEbcERqxGfVe8h8eV6CGXq7wu1ORQibeAo4KgwheO0
oeX82hUvYPrGKVlmofdgHOpwhiMKiK3KgrOYTeV74uWqnPBnaK7uey2wLV1Viq97
rJ2SqR6qCQ70FRQu+HMYfSCha9urNLYuTePknlSbQxTeYWbadXQIqjV0rr1xNpIB
K1A8goZdCIiz62pWz3KanXJiGn0/lyYnkIewgoz4w/r1FnN1Ac1xxqCeu9MvDBC4
FN7q8N5ln7QYgC67/KpF0ntXP0j4cXcmPjNvlhWrTr6h5VeqL0dWuljXLfaFKcXh
9onjrQUBAVpoBSYcJDV5KFeVmuQAH5cV5GIAtj+hugFMvGTQpuq76HksrJwvrWuQ
PKMYjuRxQLzB8fbVpihE8g+rSPu9ko21T9TnLQIBMkmPNXoM3JguKGWHDOoDJQY2
H88Dy8Xq6ds=
=wxAi
-----END PGP SIGNATURE-----

--- End Message ---