block 726448 by 722898
thanks
I've rebased the patches so that they apply cleanly on top of those from
http://bugs.debian.org/722898
Cheers,
Thiemo
From b83b939093b22544c3b8d9898662ef66515d039f Mon Sep 17 00:00:00 2001
From: Thiemo Nagel <thiemo.na...@gmail.com>
Date: Mon, 14 Oct 2013 10:38:09 +0200
Subject: [PATCH 6/8] Use configured crypto options for volume wiping
Wiping of crypto volumes is done by setting up dmcrypt for the volume, filling
it with zeroes and then forgetting the key. Previously, for the transient
crypto-volume, always the configuration "aes xts-plain64 128" had been used.
In the case the user chose a stronger setting, eg. "aes xts-plain64 256", this
meant that wiping occured with less security than encryption, i.e. metadata
was protected less than the actual data.
This changeset causes crypto_wipe_device() to read the encryption settings of
the to-be-wiped volume and to use them for wiping, too.
---
active_partition/erasepart/do_option | 7 +------
lib/crypto-base.sh | 11 +++++++----
2 files changed, 8 insertions(+), 10 deletions(-)
diff --git a/active_partition/erasepart/do_option b/active_partition/erasepart/do_option
index 5afcd11..ab46844 100755
--- a/active_partition/erasepart/do_option
+++ b/active_partition/erasepart/do_option
@@ -9,11 +9,6 @@ part=$dev/$id
cd $dev
-type=""
-if [ -f $part/crypto_type ]; then
- type=$(cat $part/crypto_type)
-fi
-
if [ -f $part/skip_erase ]; then
exit 0
fi
@@ -22,4 +17,4 @@ open_dialog PARTITION_INFO $id
read_line num id size type fs path name
close_dialog
-crypto_wipe_device $path $type "" || true
+crypto_wipe_device $path $part "" || true
diff --git a/lib/crypto-base.sh b/lib/crypto-base.sh
index b0037b3..716648e 100644
--- a/lib/crypto-base.sh
+++ b/lib/crypto-base.sh
@@ -314,9 +314,9 @@ crypto_do_wipe () {
}
crypto_wipe_device () {
- local device method interactive targetdevice
+ local device part interactive type cipher ivalgorithm keysize targetdevice
device=$1
- method=$2
+ part=$2
interactive=$3
if [ "$interactive" != no ]; then
interactive=yes
@@ -344,8 +344,11 @@ crypto_wipe_device () {
# Setup crypto
if [ "$type" = crypto ]; then
+ cipher=$(cat $part/cipher)
+ ivalgorithm=$(cat $part/ivalgorithm)
+ keysize=$(cat $part/keysize)
targetdevice=$(get_free_mapping)
- setup_dmcrypt $targetdevice $device aes xts-plain64 plain 128 /dev/urandom || return 1
+ setup_dmcrypt $targetdevice $device $cipher $ivalgorithm plain $keysize /dev/urandom || return 1
targetdevice="/dev/mapper/$targetdevice"
else
# Just wipe the device with zeroes
@@ -759,7 +762,7 @@ crypto_setup() {
continue
fi
- if ! crypto_wipe_device $path $(cat $id/crypto_type) $interactive; then
+ if ! crypto_wipe_device $path $dev/$id $interactive; then
db_fset partman-crypto/commit_failed seen false
db_input critical partman-crypto/commit_failed
db_go || true
--
1.7.10.4
From 8a46f848207ed22c5628519710d54d1d78d815b8 Mon Sep 17 00:00:00 2001
From: Thiemo Nagel <thiemo.na...@gmail.com>
Date: Mon, 14 Oct 2013 10:39:34 +0200
Subject: [PATCH 7/8] Add a bit of logging to crypto_wipe_device()
---
lib/crypto-base.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/crypto-base.sh b/lib/crypto-base.sh
index 716648e..c919763 100644
--- a/lib/crypto-base.sh
+++ b/lib/crypto-base.sh
@@ -350,9 +350,11 @@ crypto_wipe_device () {
targetdevice=$(get_free_mapping)
setup_dmcrypt $targetdevice $device $cipher $ivalgorithm plain $keysize /dev/urandom || return 1
targetdevice="/dev/mapper/$targetdevice"
+ log "wiping $targetdevice with $cipher $ivalgorithm $keysize"
else
# Just wipe the device with zeroes
targetdevice=$device
+ log "wiping $targetdevice with plain zeroes"
fi
# Erase
--
1.7.10.4
