[dm-crypt] cryptsetup support for dm-crypt suspend/resume

[dm-crypt] cryptsetup support for dm-crypt suspend/resume

[Martin Milata]

[-- Attachment #1: Type: text/plain, Size: 1508 bytes --]

Hello.

I'm using dm-crypt to encrypt both my root and home partitions on my
laptop. However, I use suspend-to-ram and rarely turn the computer off.

I was wondering whether it would be possible to somehow tell dm-crypt to
temporarily discard the encryption key and block all reads/writes until
the key is provided again. This way, if i discarded the key to my /home
before suspend-to-ram, the potential thief wouldn't be able to get
anything else than what is cached in the ram (or at least, easily).

Turns out device-mapper already has commands for blocking all i/o and
resuming it again (dmsetup suspend, dmsetup resume) and that dm-crypt
driver makes it possible to wipe/re-set the key while suspended. Only
thing that's missing is userspace tool that could do this (or i just
wasn't able to find one).

Would it be possible to have e.g. luksSuspend and luksResume commands in
cryptsetup, where luksSuspend would equal running "dmsetup suspend dev;
dmsetup message dev 0 key wipe" (i.e. not really dependent on luks) and
luksResume would get the password from user, decrypt the key in header
and do equivalent of "dmsetup message dev 0 key set key; dmsetup resume
dev"; and use luksSuspend before suspend-to-ram and luksResume after the
wakeup?

Does such a feature make sense or wouldn't it increase security of the
partition in question at all?

If it's not total nonsense and none of the developers would like to
implement it himself, I'm willing to try to write a patch for
cryptsetup.

Thanks,
-MM

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: [dm-crypt] cryptsetup support for dm-crypt suspend/resume

[Milan Broz]

Martin Milata wrote:
> Would it be possible to have e.g. luksSuspend and luksResume commands in
> cryptsetup, where luksSuspend would equal running "dmsetup suspend dev;
> dmsetup message dev 0 key wipe" (i.e. not really dependent on luks) and
> luksResume would get the password from user, decrypt the key in header
> and do equivalent of "dmsetup message dev 0 key set key; dmsetup resume
> dev"; and use luksSuspend before suspend-to-ram and luksResume after the
> wakeup?

Yes, I plan to add this, you can track this issue here
http://code.google.com/p/cryptsetup/issues/detail?id=3

> Does such a feature make sense or wouldn't it increase security of the
> partition in question at all?

Depends on situation, after key wipe there should be no
volume key in memory but memory still can contain unencrypted data...

> If it's not total nonsense and none of the developers would like to
> implement it himself, I'm willing to try to write a patch for
> cryptsetup.

It should be easy to implement but my priority is now prepare new libcryptsetup
api (will appear in svn soon) and implementation of these new features will follow
- over this new api. Old api remains in its current state without
new features added - just to retain compatibility, so implementing anything new
using it is waste of time for now:-)

Milan
--
mbroz@redhat.com

Re: [dm-crypt] cryptsetup support for dm-crypt suspend/resume

[Arno Wagner]

Seems I am making a habit f accidentially responding directly...

Arno

On Fri, Aug 28, 2009 at 07:21:36AM +0200, Arno Wagner wrote:
> On Fri, Aug 28, 2009 at 12:46:17AM +0200, Martin Milata wrote:
> > Hello.
> > 
> > I'm using dm-crypt to encrypt both my root and home partitions on my
> > laptop. However, I use suspend-to-ram and rarely turn the computer off.
> > 
> > I was wondering whether it would be possible to somehow tell dm-crypt to
> > temporarily discard the encryption key and block all reads/writes until
> > the key is provided again. This way, if i discarded the key to my /home
> > before suspend-to-ram, the potential thief wouldn't be able to get
> > anything else than what is cached in the ram (or at least, easily).
> > 
> > Turns out device-mapper already has commands for blocking all i/o and
> > resuming it again (dmsetup suspend, dmsetup resume) and that dm-crypt
> > driver makes it possible to wipe/re-set the key while suspended. Only
> > thing that's missing is userspace tool that could do this (or i just
> > wasn't able to find one).
> > 
> > Would it be possible to have e.g. luksSuspend and luksResume commands in
> > cryptsetup, where luksSuspend would equal running "dmsetup suspend dev;
> > dmsetup message dev 0 key wipe" (i.e. not really dependent on luks) and
> > luksResume would get the password from user, decrypt the key in header
> > and do equivalent of "dmsetup message dev 0 key set key; dmsetup resume
> > dev"; and use luksSuspend before suspend-to-ram and luksResume after the
> > wakeup?
> > 
> > Does such a feature make sense or wouldn't it increase security of the
> > partition in question at all?
> 
> Makes sense and increases security. I am wondering however whether
> this could just be scripted by
> 1) Store all parameters besides key in some file
> 2) Completely remove and umount the device before suspend.
> 3) An resume: Use a wraper around dm-crypt that gets the parameters 
>    from the file, asks for the password and initializes and mounts 
>    the device just as if it was newly created.
> 
> Arno
>  
> > If it's not total nonsense and none of the developers would like to
> > implement it himself, I'm willing to try to write a patch for
> > cryptsetup.
> > 
> > Thanks,
> > -MM
> 
> 
> 
> > _______________________________________________
> > dm-crypt mailing list
> > dm-crypt@saout.de
> > http://www.saout.de/mailman/listinfo/dm-crypt
> 
> 
> -- 
> Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
> GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
> ----
> Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
> 
> If it's in the news, don't worry about it.  The very definition of 
> "news" is "something that hardly ever happens." -- Bruce Schneier 

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

Re: [dm-crypt] cryptsetup support for dm-crypt suspend/resume

[Martin Milata]

[-- Attachment #1: Type: text/plain, Size: 1167 bytes --]

On Fri, Aug 28, 2009 at 08:04:16 +0200, Milan Broz wrote:
> Martin Milata wrote:
> > Would it be possible to have e.g. luksSuspend and luksResume commands in
> > [...]
> > wakeup?
> 
> Yes, I plan to add this, you can track this issue here
> http://code.google.com/p/cryptsetup/issues/detail?id=3
> 
> > Does such a feature make sense or wouldn't it increase security of the
> > partition in question at all?
> 
> Depends on situation, after key wipe there should be no
> volume key in memory but memory still can contain unencrypted data...
> 
> > If it's not total nonsense and none of the developers would like to
> > implement it himself, I'm willing to try to write a patch for
> > cryptsetup.
> 
> It should be easy to implement but my priority is now prepare new libcryptsetup
> api (will appear in svn soon) and implementation of these new features will follow
> - over this new api. Old api remains in its current state without
> new features added - just to retain compatibility, so implementing anything new
> using it is waste of time for now:-)

Ok, thanks for clarification. I'll be looking forward to trying the new
version.

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: [dm-crypt] cryptsetup support for dm-crypt suspend/resume

[Martin Milata]

[-- Attachment #1: Type: text/plain, Size: 697 bytes --]

On Fri, Aug 28, 2009 at 07:21:36 +0200, Arno Wagner wrote:
> Makes sense and increases security. I am wondering however whether
> this could just be scripted by
> 1) Store all parameters besides key in some file
> 2) Completely remove and umount the device before suspend.
> 3) An resume: Use a wraper around dm-crypt that gets the parameters 
>    from the file, asks for the password and initializes and mounts 
>    the device just as if it was newly created.

If I understand it correctly, this would require unmounting the
partition (and thus killing all programs using it), which I would like
to avoid. And cached contents of the filesystem would probably remain in
RAM anyway.

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: [dm-crypt] cryptsetup support for dm-crypt suspend/resume

[Arno Wagner]

On Fri, Aug 28, 2009 at 11:46:17AM +0200, Martin Milata wrote:
> On Fri, Aug 28, 2009 at 07:21:36 +0200, Arno Wagner wrote:
> > Makes sense and increases security. I am wondering however whether
> > this could just be scripted by
> > 1) Store all parameters besides key in some file
> > 2) Completely remove and umount the device before suspend.
> > 3) An resume: Use a wraper around dm-crypt that gets the parameters 
> >    from the file, asks for the password and initializes and mounts 
> >    the device just as if it was newly created.
> 
> If I understand it correctly, this would require unmounting the
> partition (and thus killing all programs using it), which I would like
> to avoid. And cached contents of the filesystem would probably remain in
> RAM anyway.

I am not sure you even can remove the mapping (and hence
the encryption) without umounting. If you can, that would
be better, obviously but then you likely have to do that
with specialised code.

But this may be a case where suspending is not really 
possible.

Arno

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

Re: [dm-crypt] cryptsetup support for dm-crypt suspend/resume

[Martin Milata]

[-- Attachment #1: Type: text/plain, Size: 1757 bytes --]

On Fri, Aug 28, 2009 at 15:53:35 +0200, Arno Wagner wrote:
> On Fri, Aug 28, 2009 at 11:46:17AM +0200, Martin Milata wrote:
> > On Fri, Aug 28, 2009 at 07:21:36 +0200, Arno Wagner wrote:
> > > Makes sense and increases security. I am wondering however whether
> > > this could just be scripted by
> > > 1) Store all parameters besides key in some file
> > > 2) Completely remove and umount the device before suspend.
> > > 3) An resume: Use a wraper around dm-crypt that gets the parameters 
> > >    from the file, asks for the password and initializes and mounts 
> > >    the device just as if it was newly created.
> > 
> > If I understand it correctly, this would require unmounting the
> > partition (and thus killing all programs using it), which I would like
> > to avoid. And cached contents of the filesystem would probably remain in
> > RAM anyway.
> 
> I am not sure you even can remove the mapping (and hence
> the encryption) without umounting. If you can, that would
> be better, obviously but then you likely have to do that
> with specialised code.

I'm sorry, my original post is probably too confusing. I used the words
"suspend" and "resume" in two different meanings which was probably not
very clear. Besides the obvious meaning (suspend/resume computer to/from
ram), I also meant suspend/resume commands of device-mapper which are (i
guess) completely independent of suspending computer to ram. Their
descriptions can be found on dmsetup manual page.

Using these commands, it should be possible to temporarily throw out the
encryption key without unmounting the filesystem or removing the
mapping. That would require support in cryptsetup, though.

Sorry for not making myself clear.

Regards,
MM

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: [dm-crypt] cryptsetup support for dm-crypt suspend/resume

[Alasdair G Kergon]

On Fri, Aug 28, 2009 at 04:28:56PM +0200, Martin Milata wrote:
> Using these commands, it should be possible to temporarily throw out the
> encryption key without unmounting the filesystem or removing the
> mapping. That would require support in cryptsetup, though.
 
I added support for that to device mapper ages back.

1. suspend device
2. send message 'key wipe'

later

1. send message 'key set <key>'
2. resume device

Can be done from command line 'dmsetup' or from an application using direct
libdevmapper library calls.

Alasdair