GNOME Bugzilla – Bug 795617
Implement opening and closing of LUKS mappings
Last modified: 2018-08-22 16:32:45 UTC
This is the next step in adding LUKS support to GParted. It will allow the user to open and close LUKS mappings. Opening LUKS mappings will need single password entry. This will need secure password handling and add saving of passwords in RAM for the life of GParted to avoid having to re-enter passwords when unlocking the same LUKS mapping for a second time. Also see: [1] LUKS password handling, threats and preventative measures https://bugzilla.gnome.org/show_bug.cgi?id=627701#c56 Creation of encrypted partitions will required double password entry and redesign of the Create Partition dialog. That is not addressed here. Patchset for this to follow. Mike
Created attachment 371487 [details] [review] Implement opening and closing of LUKS mappings (v1) Hi Curtis, Here's the patchset for this. I wonder if I have got the password entry dialog designed and working right. I think so. Although it only displays a generic "Failed to open LUKS encryption" if the password is wrong or anything else with "cryptsetup luksOpen" fails. I choose not to display error messages directly from "cryptsetup luksOpen" as they are not under GParted's control to translate and other password entry dialogs I looked at, such as GUI login and unlock don't report any technical as to why unlocking failed, only that it did. Thanks, Mike
Created attachment 371492 [details] [review] Implement opening and closing of LUKS mappings (v2) Here's patchset v2. Just a minor commit message and code comment update in p13/15.
Hi Mike, Your approach to adding the ability to open and close LUKS mappings looks good to me. From what I see you have researched potential vulnerabilities and put in place measures to reduce the risk of passwork leaks. I could not and most likely would not have done better myself. Great work! ENHANCEMENT SUGGESTIONS ----------------------- 1. P02/15: Add unit tests for PasswordRAMStore module (#795617) Minor typo in commit comment "test" -> "tested": CHANGE FROM: However zeroing of memory is being test when individual... ^^^^ TO: However zeroing of memory is being tested when individual... 2. P15/15: Change to insert or replace PasswordRAMStore::store() interface (#795617) Minor typo in commment comment "with" -> "which" CHANGE FROM: password with a key which already exists) with the store() method with ^^^^ replaces or inserts the password depending on whether the key already TO: password with a key which already exists) with the store() method which replaces or inserts the password depending on whether the key already TESTING ------- Following are the testing steps I used to create an encrypted partition in a GUID Partition Table on Ubuntu 18.04: 1. Using GParted: Create primary sdb1 512 MiB unformatted partition 2. Setup LUKS encryption on sdb1 $ sudo cryptsetup luksFormat /dev/sdb1 -c aes -s 256 -h sha256 # # Entered uppercase "YES" when promopted. # Entered "mypassword1" as passphrase. # $ sudo cryptsetup luksOpen /dev/sdb1 vault 3. Format encrypted sdb5 partition $ sudo mke2fs -j /dev/mapper/vault -L myLabel 4. Started GParted: # The sdb1 partition is shown with: # # Filesystem: [Encrypted] ext3 # Label: myLabel # Size, Used, and Unused all have non-zero values 5. Double-click on sdb1 partition: # For sdb1 the encryption section is shown with: # # Encryption: luks # Path: /dev/mapper/vault # UUID: <non-zero value> # Status: Open 6. Right-click on sdb1 partition: # Notice that "Mount" option is greyed out. # # This is as expected because the mount location is not # contained in /etc/fstab. 7. Mount /dev/mapper/vault encrypted sdb1 partition on /mnt. $ sudo mount /dev/mapper/vault /mnt 8. Refresh GParted. # GParted -> Refresh Devices 9. Right-click on sdb1 partition: # Notice that "Unmount" option is available. 10. Right click on sdb1 partition and unmount. # Notice that partition is umounted. These steps work as expected. Mike, Patch set v2 looks good to me. If you would like I can commit this with the above mentioned commit message changes. Curtis
Hi Mike, I'm just re-reading this report. In my testing I did not observe a way to open the LUKS encrypted partition, nor a way to view the password entry dialog box. If I have missed something then please let me know. Curtis
Created attachment 371538 [details] [review] Implement opening and closing of LUKS mappings (v3) Hi Curtis, See the commit message for P09/15. It shows where the menu item is for opening a LUKS mapping and explains how it changes from "Open Encryption" to "Close Encryption" depending on whether the LUKS mapping is already closed or open respectively. This is equivalent to how the "Mount" automatically changes to "Unmount" depending on whether the file system is mounted or not. When GParted opens a LUKS partition for the first time it automatically prompts for a password. After that it uses the remembered password. Given you testing steps from comment 3 above you will need to use GParted to close the mapping. Then when getting _GParted_ to open it for the first time you will be prompted for the password. Attached is patchset v3 with the grammatical corrections mentioned in comment 3. Thanks, Mike
Hi Mike, Thank you for the testing tips and updating the patch set. Following are three sections covering test preparation, test steps, and some unexpected console messages I observed on Ubuntu 18.04. Overall patch set v3 is looking good. TEST PREPARATION ---------------- Create a LUKS encrypted partition with the ext3 file system. 1. Using GParted: # Create primary sdb1 512 MiB unformatted partition 2. Setup LUKS encryption on sdb1 # Install cryptsetup if not installed with: # sudo apt-get install cryptsetup $ sudo cryptsetup luksFormat /dev/sdb1 -c aes -s 256 -h sha256 # # Entered uppercase "YES" when prompted. # Entered "mypassword1" as passphrase. # $ sudo cryptsetup luksOpen /dev/sdb1 vault 3. Format encrypted sdb5 partition $ sudo mke2fs -j /dev/mapper/vault -L myLabel 4. Close the encrypted volume $ sudo cryptsetup luksClose vault TEST STEPS ---------- These test steps start with the encrypted partition neither decrypted nor mounted. 1. Started GParted. # Partition: /dev/sdb1 <no lock icon> # File System: [Encrypted] # Label: <blank> 2. Double-click on sdb1 partition for Information dialog. # File System # File system: <blank> # Label: <blank> # UUID: <blank> # Status: Not accessible (Encrypted) # # Encryption # Encryption: luks # Path: <blank> # UUID: <non-zero value> # Status: Closed # Close Dialog 3. Right-click on sdb1 partition. # Notice "Open Encryption" option is available # Notice "Mount" option is greyed out (as is to be expected) 4. Select "Open Encryption", at "LUKS Passphrase /dev/sdb1" dialog, type in password, select "Unlock" # Partition: /dev/sdb1 <no lock icon> # File System: [Encrypted] ext3 # Label: myLabel 5. Right-click on sdb1 partition. # Notice "Close Encryption" option is available # Notice "Mount" option is greyed out (as is to be expected) # Note that if the partition had a mount entry in /etc/fstab # then I anticipate GParted should enable the "mount" option. # This was not tested. 6. In a terminal mount the encrypted volume. $ ls /dev/mapper control sdb1_crypt $ sudo mount /dev/mapper/sdb1_crypt /mnt 7. Refresh GParted with Ctrl+R. # Partition: /dev/sdb1 <*lock icon*> # File System: [Encrypted] ext3 # Mount Point: /mnt # Label: myLabel 8. Right-click on sdb1 partition: # Notice "Close Encryption" option is greyed out (as expected) # Notice "Unmount" option is available 9. Choose "Unmount". # Partition: /dev/sdb1 <no lock icon> # File System: [Encrypted] ext3 # Label: myLabel 10. Right-click on sdb1 partition. # Notice "Close Encryption" option is available # Notice "Mount" option is greyed out (as is to be expected) 11. Choose "Close Encryption" # Partition: /dev/sdb1 <no lock icon> # File System: [Encrypted] # Label: <blank> 12. Right click on sdb1 partition. # Notice "Open Encryption" option is available # Notice "Mount" option is greyed out (as is to be expected) 13. Select "Open Encryption" # Notice that GParted remembers password and I am not prompted # for passphrase. # Partition: /dev/sdb1 <no lock icon> # File System: [Encrypted] ext3 # Label: myLabel 14. Right click on sdb1 partition. # Notice "Close Encryption" option is available # Notice "Mount" option is greyed out (as is to be expected) 15. Choose "Close Encryption". # Partition: /dev/sdb1 <no lock icon> # File System: [Encrypted] # Label: <blank> At this point the status of the encrypted partition is the same as when the test steps were initiated. Based on the above steps it appears that opening and closing LUKS encrypted partitions is working as it should. :-) CONSOLE MESSAGES ---------------- As a side note I noticed the following console messages on startup of GParted. $ sudo src/gparted /dev/sdb Unit -.mount does not exist, proceeding anyway. Gtk-Message: 10:17:10.587: Failed to load module "canberra-gtk-module" ====================== libparted : 3.2 ====================== The "Unit" and "Gtk-Message" lines do not appear to adversely impact GParted, but it would be good to learn if these are an indication of potential problems to come with newer distros. When you have time I think it would be worth investigating further to see if we can somehow address these "Unit" and "Gtk-Message" console messages. I am available to perform additional test steps as needed. Thanks, Curtis
Hi Curtis, Try building and running GParted built from either GPARTED_0_31_0 or master. I am confident you will get the same messages. Namely this patchset hasn't introduced those messages. "Unit" message is from systemd and is related to the masking of file system mounting in the gparted shell wrapper. I have seen it on recent distros. I have just not got around to looking into it. "Gtk-Message" is from GTK itself. This Ubuntu question may provide an answer for you. * Failed to load module “canberra-gtk-module” … but already installed https://askubuntu.com/questions/342202/failed-to-load-module-canberra-gtk-module-but-already-installed Thanks, Mike
Thanks Mike for the prompt response and suggestions. When I run the official GParted 0.31.0 release I only see the "Gtk-Message". The "Unit" message is not displayed. $ sudo src/gpartedbin /dev/sdb Gtk-Message: 11:50:54.469: Failed to load module "canberra-gtk-module" ====================== libparted : 3.2 ====================== After I re-install the libcanberra-gtk-module, the "Gtk-Message" goes away when running the GParted 0.31.0 release. $ sudo apt-get install --reinstall libcanberra-gtk-module <snip> $ sudo src/gpartedbin /dev/sdb ====================== libparted : 3.2 ====================== Now when I run GParted with patch set v3, both messages disappear. $ sudo src/gpartedbin /dev/sdb ====================== libparted : 3.2 ====================== Hence in my opinion patch set v3 is ready to be committed to the git repository. If you are in agreement then just let me know and I will commit the patch set in the next day or so. Curtis
Go for it. Mike
Thank you Mike for your work on this enhancement. Patch set v3 from comment #5 has been committed to the git repository for inclusion in the next release of GParted. The relevant git commits can be viewed at the following links: Add PasswordRAMStore module (#795617) https://git.gnome.org/browse/gparted/commit/?id=04637a3426bd36c88947322f75f7eae2a820141c Add unit tests for PasswordRAMStore module (#795617) https://git.gnome.org/browse/gparted/commit/?id=c6657aab9efe8cefece2017bee4bef9ece607e73 Split out erasing all passwords into a separate method (#795617) https://git.gnome.org/browse/gparted/commit/?id=e2cb8b3126570c70f8a08efc61e85ad5d7ce105f Add unit testing of erasing all passwords (#795617) https://git.gnome.org/browse/gparted/commit/?id=d2a2ebe4a189a86dace668092adc8b200931c7b4 Simplify obtaining address of password memory for unit tests (#795617) https://git.gnome.org/browse/gparted/commit/?id=9b52666bdb06b566c3ca36016ce0d8d65fd5daec Add ability for small writes to stdin of child processes (#795617) https://git.gnome.org/browse/gparted/commit/?id=8dff80edc65b2923b400ddadebacf9bcf378d09f Stop using shell when reading jfs file system usage (#795617) https://git.gnome.org/browse/gparted/commit/?id=4d7e66eda0a41fd674f48ebb597ffb9cc7337294 Rename some Win_GParted members to *toggle_fs_busy* (#795617) https://git.gnome.org/browse/gparted/commit/?id=f898910e906bd82acc3b4e11d3e3c6e4018ac1be Add unimplemented open/close encryption to the partition menu (#795617) https://git.gnome.org/browse/gparted/commit/?id=e4959c520f02167a21220f71f9ab6e1329a9025b Add closing LUKS mappings (#795617) https://git.gnome.org/browse/gparted/commit/?id=c47b1cdca129792dfcd4d1637efec126bb2fc0ff Add password entry dialog and attempt LUKS unlock once (#795617) https://git.gnome.org/browse/gparted/commit/?id=f4d47fe5a552cceae75da3ce1daa40d44255e091 Keep password dialog open until successful unlock or cancellation (#795617) https://git.gnome.org/browse/gparted/commit/?id=307472489dc61261f2fc9360760301657dc81113 Stop copying password into insecure memory when getting entry (#795617) https://git.gnome.org/browse/gparted/commit/?id=3d49fdc2e44f01ba3fcdc6a1c9ab0c1ee2067450 Report LUKS unlock errors into the password dialog (#795617) https://git.gnome.org/browse/gparted/commit/?id=1bbb81f920ac50693ea65498d6661a651055c2d0 Change to insert or replace PasswordRAMStore::store() interface (#795617) https://git.gnome.org/browse/gparted/commit/?id=957216f06c80c83b07a49123ac7e4df147fa477a
Created attachment 372482 [details] [review] Minor LUKS unlock password dialog improvements (v1) Hi Curtis, I had my friend test the new opening and closing LUKS code. This small patchset is the result. It improves the user experience a little with respect to what happens when the wrong password is used. Thanks, Mike
Thank you Mike and your friend for these improvements to the unlock password dialog. There was only one minor typo in the commit message for P1/2 that I corrected: Just for completeness also programmatically make the password entry box have focus when the dialog box is created and first displayed, even though it gets this be default. ^^ || by Patch set v1 from comment #11 has been committed to the git repository. The relevant git commits can be viewed at the following links: After LUKS unlock failure select failed password (#795617) https://gitlab.gnome.org/GNOME/gparted/commit/1be7b8bc2e379ed113a981ff1f341f3629f16284 Clear previous LUKS unlock failure error before next attempt (#795617) https://gitlab.gnome.org/GNOME/gparted/commit/a2af9d4a34cb7f33c852bd14c713eeea2b2ebeb3
Created attachment 373297 [details] [review] Update help maual with opening and closing encrypted partitions (v1) Hi Curtis, I happened to be reading the GParted Help Manual and realised it doesn't describe the new open and close encrypted partition actions. This patch updates the Help Manual to correct this. Thanks, Mike
Hi Mike, I am at a writers conference for the next three days so I will plan to review this update next week. Have a great weekend, Curtis
Hi Mike, I had time for a quick look and have one suggestion so that the text better matches other areas of the help manual. SUGGESTION Under *Opening an Encrypted Partition*, merge item 4 with item 3. That way item 4 does not appear to be a step that the user executes. This is similar to other areas of the help manuals and similar to *Closing and Encrypted Partition* in the patch. Thanks, Curtis
Created attachment 373303 [details] [review] Update help maual with opening and closing encrypted partitions (v2) Hi Curtis, Here's version 2. In *Opening an Encrypted Partition* it merges items 2, 3 and 4 together. Also adds a note about the scope and purpose of GParted remembering of LUKS Passphrases. Thanks, Mike
Thank you Mike for these updates to the GParted Help Manual. This latest patch set looks good to me. Patch set v2 from comment #16 has been committed to the git repository for inclusion in the next release of GParted. The relevant git commit can be viewed at the following link: Update help manual with opening and closing encrypted partitions (#795617) https://gitlab.gnome.org/GNOME/gparted/commit/fad5c9ff773a25c5879f52f01e304a93973ecbb8
This enhancement was included in the GParted 0.32.0 release on August 22, 2018.