tomb

commit 825f7ed687c6a0facc8bad7ccc14e3d10e52015f
parent 12a7760895753baddf4d05ec114cc6c4980daa3a
Author: Jaromil <jaromil@dyne.org>
Date:   Sat, 30 Mar 2013 18:44:05 +0100

Security check for extra keyslots

when a tomb is opened we check if other slots besides the master (0)
are enabled and if so we warn the user that there can be a backdoor.
LUKS permits the presence of multiple keys that can open a single
volume, but this weakens the security of it and we are not really
interested in implementing it.

Diffstat:
M
src/tomb
 | 
14
+++++++++++---

1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/tomb b/src/tomb
@@ -931,7 +931,7 @@ lock_tomb_with_key() {
     _message "formatting Luks mapped device"
     get_lukskey "${tombpass}" ${tombkey} | \
 	cryptsetup --key-file -   --batch-mode \
-	--cipher ${cipher} --key-size 256 \
+	--cipher ${cipher} --key-size 256 --key-slot 0 \
 	luksFormat ${nstloop}
     if ! [ $? = 0 ]; then
 	_warning "cryptsetup luksFormat returned an error"
@@ -1173,7 +1173,6 @@ mount_tomb() {
     fi
     losetup -f ${tombdir}/${tombfile}
 
-    _message "check for a valid LUKS encrypted device"
     cryptsetup isLuks ${nstloop}
     if [ $? != 0 ]; then
         # is it a LUKS encrypted nest? see cryptsetup(1)
@@ -1181,13 +1180,21 @@ mount_tomb() {
         $norm || rmdir $tombmount 2>/dev/null
         return 1
     fi
+    say "this tomb is a valid LUKS encrypted device"
 
-    tombdump=(`cryptsetup luksDump ${nstloop} | awk '
+    luksdump="`cryptsetup luksDump ${nstloop}`"
+    tombdump=(`print $luksdump | awk '
 	/^Cipher name/ {print $3}
 	/^Cipher mode/ {print $3}
 	/^Hash spec/   {print $3}'`)
     say "cipher is \"$tombdump[1]\" mode \"$tombdump[2]\" hash \"$tombdump[3]\""
 
+    slotwarn=`print $luksdump | awk '
+	BEGIN { zero=0 }
+	/^Key slot 0/ { zero=1 }
+	/^Key slot.*ENABLED/ { if(zero==1) print "WARN" }'`
+    { test "$slotwarn" = "WARN" } && {
+	_warning "Multiple key slots are enabled on this tomb. Beware: there can be a backdoor." }
 
     # save date of mount in minutes since 1970
     mapdate=`date +%s`
@@ -1756,6 +1763,7 @@ list_tombs() {
 	tombmount=${t[(ws:;:)2]}
 	tombfs=${t[(ws:;:)3]}
 	tombfsopts=${t[(ws:;:)4]}
+	tombloop=${mapper[(ws:.:)4]}
 
 	# calculate tomb size
 	ts=`df -hP /dev/mapper/$mapper |