Bug#726448: partman-crypto: crypto-volume wiping less secure than volume encryption

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#726448: partman-crypto: crypto-volume wiping less secure than volume encryption
From: Thiemo Nagel <thiemo.nagel@gmail.com>
Date: Tue, 15 Oct 2013 21:38:08 +0200
Message-id: <[🔎] 20131015193808.16932.74457.reportbug@kiste>
Reply-to: Thiemo Nagel <thiemo.nagel@gmail.com>, 726448@bugs.debian.org

Package: partman-crypto
Version: 63
Severity: important
Tags: d-i patch

Hello,

[copied from changelog:]

Wiping of crypto volumes is done by setting up dmcrypt for the volume, filling
it with zeroes and then forgetting the key.  Previously, for the transient
crypto-volume, always the configuration "aes xts-plain64 128" had been used.
In the case the user chose a stronger setting, eg. "aes xts-plain64 256", this
meant that wiping occured with less security than encryption, i.e. metadata
was protected less than the actual data.

This changeset causes crypto_wipe_device() to read the encryption settings of
the to-be-wiped volume and to use them for wiping, too.

Cheers,
Thiemo

P.S.: The second patch adds a bit of logging. Please only apply it if you
consider that useful.

>From c50fb8869e6ff5686c25b53afedd71cba524f255 Mon Sep 17 00:00:00 2001
From: Thiemo Nagel <thiemo.nagel@gmail.com>
Date: Mon, 14 Oct 2013 10:38:09 +0200
Subject: [PATCH 1/2] Use configured crypto options for volume wiping

Wiping of crypto volumes is done by setting up dmcrypt for the volume, filling
it with zeroes and then forgetting the key.  Previously, for the transient
crypto-volume, always the configuration "aes xts-plain64 128" had been used.
In the case the user chose a stronger setting, eg. "aes xts-plain64 256", this
meant that wiping occured with less security than encryption, i.e. metadata
was protected less than the actual data.

This changeset causes crypto_wipe_device() to read the encryption settings of
the to-be-wiped volume and to use them for wiping, too.
---
 active_partition/erasepart/do_option |    7 +------
 lib/crypto-base.sh                   |   20 ++++++++++++++------
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/active_partition/erasepart/do_option b/active_partition/erasepart/do_option
index 5afcd11..ab46844 100755
--- a/active_partition/erasepart/do_option
+++ b/active_partition/erasepart/do_option
@@ -9,11 +9,6 @@ part=$dev/$id
 
 cd $dev
 
-type=""
-if [ -f $part/crypto_type ]; then
-	type=$(cat $part/crypto_type)
-fi
-
 if [ -f $part/skip_erase ]; then
 	exit 0
 fi
@@ -22,4 +17,4 @@ open_dialog PARTITION_INFO $id
 read_line num id size type fs path name
 close_dialog
 
-crypto_wipe_device $path $type "" || true
+crypto_wipe_device $path $part "" || true
diff --git a/lib/crypto-base.sh b/lib/crypto-base.sh
index e0f8e77..b34e984 100644
--- a/lib/crypto-base.sh
+++ b/lib/crypto-base.sh
@@ -313,9 +313,9 @@ crypto_do_wipe () {
 }
 
 crypto_wipe_device () {
-	local device method interactive targetdevice
+	local device part interactive type cipher ivalgorithm keysize targetdevice
 	device=$1
-	method=$2
+	part=$2
 	interactive=$3
 	if [ "$interactive" != no ]; then
 		interactive=yes
@@ -335,10 +335,18 @@ crypto_wipe_device () {
 		fi
 	fi
 
+	type=""
+	if [ -r $part/crypto_type ]; then
+		type=$(cat $part/crypto_type)
+	fi
+
 	# Setup crypto
-	if [ $method = dm-crypt ]; then
+	if [ "$type" = dm-crypt ]; then
+		cipher=$(cat $part/cipher)
+		ivalgorithm=$(cat $part/ivalgorithm)
+		keysize=$(cat $part/keysize)
 		targetdevice=$(get_free_mapping)
-		setup_dmcrypt $targetdevice $device aes xts-plain64 plain 128 /dev/urandom || return 1
+		setup_dmcrypt $targetdevice $device $cipher $ivalgorithm plain $keysize /dev/urandom || return 1
 		targetdevice="/dev/mapper/$targetdevice"
 	else
 		# Just wipe the device with zeroes
@@ -358,7 +366,7 @@ crypto_wipe_device () {
 	fi
 
 	# Teardown crypto
-	if [ $method = dm-crypt ]; then
+	if [ "$type" = dm-crypt ]; then
 		log-output -t partman-crypto /sbin/cryptsetup remove ${targetdevice##/dev/mapper/}
 	fi
 
@@ -751,7 +759,7 @@ crypto_setup() {
 				continue
 			fi
 
-			if ! crypto_wipe_device $path $(cat $id/crypto_type) $interactive; then
+			if ! crypto_wipe_device $path $dev/$id $interactive; then
 				db_fset partman-crypto/commit_failed seen false
 				db_input critical partman-crypto/commit_failed
 				db_go || true
-- 
1.7.10.4

>From d92737985c370d1289ad696e11d8a4a6d2abef62 Mon Sep 17 00:00:00 2001
From: Thiemo Nagel <thiemo.nagel@gmail.com>
Date: Mon, 14 Oct 2013 10:39:34 +0200
Subject: [PATCH 2/2] Add a bit of logging to crypto_wipe_device()

---
 lib/crypto-base.sh |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/crypto-base.sh b/lib/crypto-base.sh
index b34e984..5b9e918 100644
--- a/lib/crypto-base.sh
+++ b/lib/crypto-base.sh
@@ -348,9 +348,11 @@ crypto_wipe_device () {
 		targetdevice=$(get_free_mapping)
 		setup_dmcrypt $targetdevice $device $cipher $ivalgorithm plain $keysize /dev/urandom || return 1
 		targetdevice="/dev/mapper/$targetdevice"
+		log "wiping $targetdevice with $cipher $ivalgorithm $keysize"
 	else
 		# Just wipe the device with zeroes
 		targetdevice=$device
+		log "wiping $targetdevice with plain zeroes"
 	fi
 
 	# Erase
-- 
1.7.10.4

Reply to:

Prev by Date: Bug#726434: debian-installer: Time zone "Busingen" is missing "ü" umlaut
Next by Date: Bug#723729: other places
Previous by thread: Bug#726434: debian-installer: Time zone "Busingen" is missing "ü" umlaut
Next by thread: Bug#723729: other places
Index(es):
- Date
- Thread