Ubuntu
ecryptfs-utils package

hmac option seems to be ignored

Asked by dan

hi,
I'm trying to make a (new) ecryptfs mount with the ecryptfs_hmac option, but the request to do hmac validation seems either ignored or not working:

sudo mount -t ecryptfs -o ecryptfs_hmac,ecryptfs_cipher=aes,ecryptfs_key_bytes=16 folder1/ folder2/

after answering the few questions the mount helper asks me about the passphrase, plaintext passthrough(no), and filename encryption (tried both yes and no), the mount is done:

Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
  ecryptfs_sig=7fa06f4b66fcde02

There's no mention of loading the hmac feature (it'd be good to have confirmation), but I tried if it was working anyway.
I created a plaintext file in folder2, wrote some text in it, saved, unmounted folder1. hexedit ciphertext, write a bunch of 0's around the encrypted file. mount back the ecryptfs filesystem, cat plaintext text file, no IO error, just some garbage and some of the original plaintext.

What am I missing here? Why is the hmac option not being seen and confirmed at mount time? Isn't it supposed to detect any kind of ciphertext tampering?

thanks.

Question information

Language:
English Edit question
Status:
Expired
For:
Ubuntu ecryptfs-utils Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Launchpad Janitor (janitor) said : 		#1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Revision history for this message
Ingo Ruhnke (grumbel) said : 		#2

I can confirm this behaviour. No matter if I use "hmac", "ecryptfs_hmac" or "ecryptfs_hmac=yes", it never reports an error when the underlying file gets manipulated. Simple script to demonstrate the behaviour:

-- snip --
rm -rf /tmp/front /tmp/back
mkdir /tmp/front /tmp/back
sudo mount -o key=passphrase:passwd=Test,ecryptfs_hmac,ecryptfs_enable_filename_crypto=no,ecryptfs_passthrough=no,ecryptfs_unlink_sigs,ecryptfs_key_bytes=16,ecryptfs_cipher=aes -t ecryptfs /tmp/back/ /tmp/front/
echo HelloWorld > /tmp/front/HelloWorld.txt
cat /tmp/front/HelloWorld.txt
sudo umount /tmp/front

printf "deadbeaf" | dd of=/tmp/back/HelloWorld.txt bs=1 seek=8192 count=8 conv=notrunc
sudo mount -o key=passphrase:passwd=Test,ecryptfs_hmac,ecryptfs_enable_filename_crypto=no,ecryptfs_passthrough=no,ecryptfs_unlink_sigs,ecryptfs_key_bytes=16,ecryptfs_cipher=aes -t ecryptfs /tmp/back/ /tmp/front/
cat /tmp/front/HelloWorld.txt
sudo umount /tmp/front
-- snip --

ecryptfs-stat also fails to detect that HMAC is enabled:

    $ ecryptfs-stat /tmp/back/HelloWorld.txt
    File version: [3]
    Decrypted file size: [11]
    Number of header bytes at front of file: [8192]
    Metadata in the header region
    Encrypted
    HMAC disabled

Revision history for this message
Ingo Ruhnke (grumbel) said : 		#3

This makes it look like authentification isn't yet supported:

http://www.reddit.com/r/crypto/comments/20je6l/ecryptfs_security_audit/

And some other links on Google also make it seem like it's not-yet-implemented. However there is some HMAC code in the source code, so I am not sure what the current state is.

Also the Ubuntu kernel has HMAC crypt enabled, so that shouldn't be an issue either:

$ cat /proc/crypto | grep -i hmac
name : hmac(sha256)
driver : hmac(sha256-generic)
name : hmac(sha1)
driver : hmac(sha1-generic)