Re: [dm-crypt] Option "validate passphrase" for command cryptsetup

[Louis <spalax@gresille.org>]

	Hi,

On 19/06/2012 18:56, ken wrote:
> Thanks for this.  Yes, I would like the makefile and configure.ac files.
	Here they are, at the end of this message. If you really want a license
for it, let's say WTF Public license.
http://en.wikipedia.org/wiki/WTFPL

> Will this program work on just the LUKS header?  Or does it work only on
> the entire mount point (with all the data therein included)?.
	I have no idea. The program is very short, and does only four calls to
the Cryptsetup API, so you may be able to understand it and guess it
yourself. Or just test it on dummy data.
	Sorry not to give you a definitive answer: I am not an expert in
cryptography, and I learned the minimum amount of Cryptestup needed to
be able to write this piece of code.

> Is there a delay of some seconds required between invocations?
	Well, on my computer, it takes more than one second to run, which may
seem long for a simple verification of a passphrase. But I think it is
simply the time taken by the API to check the passphrase on my very old
computer. There is no such delay in my code to prevent brute force
attack, nor (if I am not wrong) in the functions of the Cryptsetup API I
am using.

	Louis

===================================================
To compile the program, save the following files, make sure cryptsetup
library is installed ("apt-get install libcryptsetup-dev" on Debian) and
run :

$ touch NEWS README AUTHORS ChangeLog COPYING
$ autoreconf --install
$ ./configure
$ make

Then, to check your passphrase :

$ sudo ./cryptsetup_check_passphrase /dev/sda5
Enter passphrase for /dev/sda5:
Valid key (slot 0)

To integrate it in your brute-force-my-own-disk script, note that :
- the error code is 0 if the key is valid, 1 otherwise;
- if the key is not valid, the program lets you three guesses.


===== cryptsetup_check_passphrase.c =====

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <libcryptsetup.h>

void usage() {
  printf("cryptsetup_check_passphrase LUKSDEVICE\n");
}

int check_passphrase(const char* device_name) {
  int keyslot;
  int error;
  struct crypt_device *cd = NULL;

  if ((error = crypt_init(&cd, device_name))) {
    printf("Could not open device \"%s\": %s\n", device_name,
strerror(-error));
    return 1;
  }
  if ((error = crypt_load(cd, NULL, NULL))) {
    printf("Could not load device \"%s\": %s\n", device_name,
strerror(-error));
    return 1;
  }

  keyslot = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, NULL,
0, 0);
  if (keyslot >= 0) {
    printf("Valid key (slot %u)\n", keyslot);
    error = 0;
  } else {
    printf("No matching key found: %s\n", strerror(-keyslot));
    error = 1;
  }
  crypt_free(cd);
  return error;
}

int main( int argc, const char* argv[] ) {
  int status;

  /* Parsing arguments */
  if (argc != 2) {
    usage();
    return 1;
  }

  /* Check */
  status = check_passphrase(argv[1]);

  return status;
}

===== Makefile.am =====

bin_PROGRAMS = cryptsetup_check_passphrase

cryptsetup_check_passphrase_SOURCES = cryptsetup_check_passphrase.c
cryptsetup_check_passphrase_LDADD = $(CRYPTSETUP_LIBS)

===== configure.ac =====

AC_INIT([cryptsetup_check_passphrase], [0.1.0])
AM_INIT_AUTOMAKE([-Wall -Werror])
AC_PROG_CC

AC_LANG_C

PKG_CHECK_MODULES([CRYPTSETUP], [libcryptsetup])

AC_CONFIG_FILES([Makefile])
AC_OUTPUT



> On 06/19/2012 06:53 AM Louis wrote:
>>     Hello,
>>     for information, I wrote a small C program to check if the given
>> passphrase is correct, without doing anything on the disk. The command
>> is used this way:
>>
>>     $ cryptsetup_check_passphrase /dev/sda1
>>     Enter passphrase for /dev/sda1:<MY_SECRET_PASSPHRASE>
>>     Valid key (slot 0)
>>     $
>>
>>     If you think it can benefit cryptsetup, I offer to write the
>> necessary
>> patch to include it to cryptsetup (as a "luksValidateKey" LUKS action).
>>
>>
>> # why do I need such a command ?
>>
>>     We are a group of hacktivists who offer some online services (such as
>> email addresses). Our disks are encrypted using LUKS. As we are six
>> members operating the server, and we reboot it only a few times a year,
>> it may happen that some of us only use the passphrase once in two years,
>> which is prone to forgetting. So we want a way to, once in a while (at
>> our monthly meetings), check that we still know our passphrase, without
>> risking to do something on the disk (creating, removing partition,
>> deleting passphrases, etc.).
>>
>> # Security risks
>>
>>     Isn't this function a wonderful tool to try brute force attacks ?
>> I do
>> not think so. Attacker needs to be root to run it, at which point (s)he
>> can already do a lot of harmful things. Moreover, once (s)he is root,
>> attacker might as well compile the program I just wrote to try this
>> brute force attack. To sum up: Yes, it can be used to brute force the
>> partition, but nothing more that what was possible to do without this
>> tool.
>>
>>     Regards,
>>     Louis