tSecurity check for extra keyslots - tomb - the crypto undertaker
 (HTM) git clone git://parazyd.org/tomb.git
 (DIR) Log
 (DIR) Files
 (DIR) Refs
 (DIR) README
 (DIR) LICENSE
       ---
 (DIR) commit 825f7ed687c6a0facc8bad7ccc14e3d10e52015f
 (DIR) parent 12a7760895753baddf4d05ec114cc6c4980daa3a
 (HTM) Author: Jaromil <jaromil@dyne.org>
       Date:   Sat, 30 Mar 2013 18:44:05 +0100
       
       Security check for extra keyslots
       
       when a tomb is opened we check if other slots besides the master (0)
       are enabled and if so we warn the user that there can be a backdoor.
       LUKS permits the presence of multiple keys that can open a single
       volume, but this weakens the security of it and we are not really
       interested in implementing it.
       
       Diffstat:
         M src/tomb                            |      14 +++++++++++---
       
       1 file changed, 11 insertions(+), 3 deletions(-)
       ---
 (DIR) diff --git a/src/tomb b/src/tomb
       t@@ -931,7 +931,7 @@ lock_tomb_with_key() {
            _message "formatting Luks mapped device"
            get_lukskey "${tombpass}" ${tombkey} | \
                cryptsetup --key-file -   --batch-mode \
       -        --cipher ${cipher} --key-size 256 \
       +        --cipher ${cipher} --key-size 256 --key-slot 0 \
                luksFormat ${nstloop}
            if ! [ $? = 0 ]; then
                _warning "cryptsetup luksFormat returned an error"
       t@@ -1173,7 +1173,6 @@ mount_tomb() {
            fi
            losetup -f ${tombdir}/${tombfile}
        
       -    _message "check for a valid LUKS encrypted device"
            cryptsetup isLuks ${nstloop}
            if [ $? != 0 ]; then
                # is it a LUKS encrypted nest? see cryptsetup(1)
       t@@ -1181,13 +1180,21 @@ mount_tomb() {
                $norm || rmdir $tombmount 2>/dev/null
                return 1
            fi
       +    say "this tomb is a valid LUKS encrypted device"
        
       -    tombdump=(`cryptsetup luksDump ${nstloop} | awk '
       +    luksdump="`cryptsetup luksDump ${nstloop}`"
       +    tombdump=(`print $luksdump | awk '
                /^Cipher name/ {print $3}
                /^Cipher mode/ {print $3}
                /^Hash spec/   {print $3}'`)
            say "cipher is \"$tombdump[1]\" mode \"$tombdump[2]\" hash \"$tombdump[3]\""
        
       +    slotwarn=`print $luksdump | awk '
       +        BEGIN { zero=0 }
       +        /^Key slot 0/ { zero=1 }
       +        /^Key slot.*ENABLED/ { if(zero==1) print "WARN" }'`
       +    { test "$slotwarn" = "WARN" } && {
       +        _warning "Multiple key slots are enabled on this tomb. Beware: there can be a backdoor." }
        
            # save date of mount in minutes since 1970
            mapdate=`date +%s`
       t@@ -1756,6 +1763,7 @@ list_tombs() {
                tombmount=${t[(ws:;:)2]}
                tombfs=${t[(ws:;:)3]}
                tombfsopts=${t[(ws:;:)4]}
       +        tombloop=${mapper[(ws:.:)4]}
        
                # calculate tomb size
                ts=`df -hP /dev/mapper/$mapper |