--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: Key hash algorithm is ignored when using LUKS
- From: Jérôme Vizcaino <jerome.vizcaino@gmail.com>
- Date: Tue, 19 May 2015 19:39:29 +0200
- Message-id: <CADKgbRrSZ_ANYR3GUsWcAeskqwHEoNu834R32-9d3T7fiZxpyw@mail.gmail.com>
Package: partman-crypto
Version: 81
Hi,
Although keyhash is declared in the debconf entries of the package, this option is never used when calling cryptsetup.
This is a bit of a problem because, even when you select something strong like SHA512, it is not used and defaults back to SHA-1.
I've attached a patch to fix this.
Thank you
Jérôme
commit 509a0baebf38b665b49eded630280e8e7594cf58 (HEAD, refs/heads/master)
Author: Jérôme Vizcaino <jerome.vizcaino@gmail.com>
Date: Tue May 12 16:38:23 2015 +0200
LUKS honors the given keyhash algorithm
diff --git a/lib/crypto-base.sh b/lib/crypto-base.sh
index dbe958a..e4316d3 100644
--- a/lib/crypto-base.sh
+++ b/lib/crypto-base.sh
@@ -210,8 +210,9 @@ setup_luks () {
device=$2
cipher=$3
iv=$4
- size=$5
- pass=$6
+ hash=$5
+ size=$6
+ pass=$7
[ -x /sbin/cryptsetup ] || return 1
@@ -219,7 +220,7 @@ setup_luks () {
[ "${iv%xts-*}" = "${iv}" ] || size="$(($size * 2))"
log-output -t partman-crypto \
- /sbin/cryptsetup -c $cipher-$iv -s $size luksFormat $device $pass
+ /sbin/cryptsetup -c $cipher-$iv -h $hash -s $size luksFormat $device $pass
if [ $? -ne 0 ]; then
log "luksFormat failed"
return 2
@@ -262,7 +263,7 @@ setup_cryptdev () {
fi
fi
if [ $keytype = passphrase ]; then
- setup_luks $cryptdev $realdev $cipher $ivalgorithm $keysize $keyfile || return 1
+ setup_luks $cryptdev $realdev $cipher $ivalgorithm $keyhash $keysize $keyfile || return 1
elif [ $keytype = random ]; then
setup_dmcrypt $cryptdev $realdev $cipher $ivalgorithm plain $keysize /dev/urandom || return 1
else
--- End Message ---
--- Begin Message ---
Source: partman-crypto
Source-Version: 84
We believe that the bug you reported is fixed in the latest version of
partman-crypto, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 785733@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Cyril Brulebois <kibi@debian.org> (supplier of updated partman-crypto package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 10 Jul 2015 02:31:45 +0200
Source: partman-crypto
Binary: partman-crypto partman-crypto-dm
Architecture: source all amd64
Version: 84
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Cyril Brulebois <kibi@debian.org>
Description:
partman-crypto - Add to partman support for block device encryption (udeb)
partman-crypto-dm - Add to partman support for dm-crypt encryption (udeb)
Closes: 785732 785733
Changes:
partman-crypto (84) unstable; urgency=medium
.
* Make default crypto parameters preseedable (Closes: #785732). Thanks
to Jérôme Vizcaino for the report and the patch!
* Honor specified keyhash algorithm for LUKS (Closes: #785733). Thanks
to Jérôme Vizcaino for the report and the patch! (bis)
Checksums-Sha1:
517d339cfce1606ab2b0870251cfaeff39dfd0b2 1787 partman-crypto_84.dsc
8d86256ab90098dace40449aaa43bf84e160406d 262820 partman-crypto_84.tar.xz
3cfd70652aea62966828b0f58e11500ab7a5efce 1316 partman-crypto-dm_84_all.udeb
0c4283ff1b641cc3eae0a6c85681f98ab5c565c6 313494 partman-crypto_84_amd64.udeb
Checksums-Sha256:
4533f2a7d60e23537ce57f0ecf9ece9cb0eacc799f2d12465930abd22efd686c 1787 partman-crypto_84.dsc
2188053a0db0db16c1381389e2f03d823735b67d9c4ed75393e9656256c4766a 262820 partman-crypto_84.tar.xz
8b963072d968c521d728e1bab30358a06ed3c83244bb3684f818aa22052a8468 1316 partman-crypto-dm_84_all.udeb
0c51c5f43ae5bbcfd54c4da124a7dfb114232f6585cb58bc3fc3aa717311ee77 313494 partman-crypto_84_amd64.udeb
Files:
2a21db44bd49068766b14d8c5160a110 1787 debian-installer optional partman-crypto_84.dsc
149cc261c1acf79e2eb4270bc14e8e17 262820 debian-installer optional partman-crypto_84.tar.xz
07916a8f7764025aa94228d59fe76312 1316 debian-installer optional partman-crypto-dm_84_all.udeb
4ca14a5a58172095856b471ba5e3a89f 313494 debian-installer optional partman-crypto_84_amd64.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVnxLGAAoJEP+RSvDCs1Ugc/sP/joW3pMoVBQsA8K8spuSN/6e
M4d3MgxTTkElfDKPfCi9inp/+qAJtB4/BJHLfqIsi0zTNk5Mule6+iVLb09/mCo8
QgcVZ6PBfKUahlCXXOVSkXhs1ES8JabRxIaTt3YTSbAuaZJSn9iWwg4AX7hL2VZE
V0rwg9fhMdN77bqZINcPwzeHcrt39kWTo0YQmbnxXhsRL9GJ5ZXITS1dmWdUAMNv
M0b7n2lj1a/kE1PKjavS6u0O49IF11xCAdqdfhiLo3U8omRAm7PWjfzajNplYxGF
vac9FzKt0IFESpczxUgyYR2yEEGynovqA5ZBjU+cgoEWfd5KqTtphFBt6HWulFpi
jWVnX5VBeJ+f0adiR0ygo27xqwASI4tM/WGUSjsRmGJfcbB5L5WTi+awmJnaOUPV
yhbmuL4WbFsAepeNirZNZ6ZsdfrAGUyj7XlU1qU0agrW+rtQfpjPbIsmlCPYxF00
SxbfXvk44fbgIwFW8D9mDcHDztkjH/ZyRpnMyJ7w2j0Lo+/qn3Wzf3mp6MbtYF7i
zJrWsbvRgnAkcGX0XCK/zD01dJSq+QHCpdG/LpmXR8mRVdfVlS1w2T5ynow6knog
B+gbkek7FMVLAq9Z6QeicC39seHvBYn5ut7l1byvESuEMTauhkGVMyHPclIa0BoR
xscznhfRUjcgotyQNmhP
=MqwO
-----END PGP SIGNATURE-----
--- End Message ---