--allow-discards ignored for TrueCrypt volumes

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Create an encrypted volume using TrueCrypt
2. Open the volume using cryptsetup, specifying --type=tcrypt and 
--allow-discards.
3. run 'dmsetup table' to check the created mapping

The expected output would include '1 allow_discards' at the end of the table 
entry. Instead, the option is not included in the table, and thus discard 
cannot be used.

I am using cryptsetup 1.6.2

It looks like this should be a pretty simple fix. I added

    if (opt_allow_discards)
            flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;

below

    if (opt_readonly)
            flags |= CRYPT_ACTIVATE_READONLY;

in action_open_tcrypt() and everything appears to work properly.

Original issue reported on code.google.com by rkj...@gmail.com on 10 Jan 2014 at 9:33

[GoogleCodeExporter]

Allow discard is intentionally not supported for TrueCrypt volumes.

Fo rmore info read http://www.truecrypt.org/docs/trim-operation

Cryptsetup will not violate this, despite the it is trivial to implement. Also 
it could cause destruction of hidden container if enabled.

We do support this for LUKS and plain volumes though.

Original comment by gmazyl...@gmail.com on 10 Jan 2014 at 10:37

• Changed state: WontFix

[GoogleCodeExporter]

I'm afraid that logic doesn't make any sense to me.

All I see on the linked page is a brief description of trim, possible security 
implications of it, and situations where it can occur with TrueCrypt (notably, 
when using system encryption on Windows). I don't see anything to justify the 
position that no TrueCrypt volumes should be trimmed ever, even when using a 
third party utility and the user understands the security implications, or how 
supporting discard on TrueCrypt drives would be violating anything.

With respect to destruction of a hidden volume, there is no protection against 
a hidden volume getting destroyed, anyway (the cryptsetup documenation says as 
much).

Finally, even if it is decided that discard on a TrueCrypt volume will not be 
implemented under any circumstances, despite the security implications be no 
different than with any other format, I would argue that there is still a bug, 
as there is no indication that --allow-discards isn't supported with 
--type=tcrype, it just silently doesn't work.

Thanks,
Erik

Original comment by rkj...@gmail.com on 10 Jan 2014 at 11:06

[GoogleCodeExporter]

The protection of hidden volume mentioned in man page is on FS level - IOW it 
doesn't protect overwriting hidden area if you fill outer volume more than to 
the offset where hidden volume starts.

Discard is much more dangerous - the whole hidden volume it discarded at once 
if fs (or other tool) discards unused space on underlying device without any 
warning.

AFAIK TrueCrypt itself have no support for TRIM, for normal container it stops 
the TRIM operation (with exceptions of system encryption which is IMHO bug in 
TrueCrypt, possibly because of limitation of bot loader). The descriptions of 
Linux case is wrong, TRIM is by default disabled in dmcrypt.

But yes, you are right, it should print error and it should be documented.

Another option is allow it (direct libcryptsetup users can do it anyway with 
one flag set, as you presented here) but with very strong warning. For hidden 
volumes mapping it must be disabled always anyway.

Original comment by gmazyl...@gmail.com on 11 Jan 2014 at 9:15

• Changed state: Accepted

[GoogleCodeExporter]

Well, I eventually added support for allow discard flag for TCRYPT devices
http://code.google.com/p/cryptsetup/source/detail?r=bec86e3d5ab5d69a15fa81e90781
8fe1f926e61d

If user want to shoot himself in the foot... cryptsetup will not block it:-)

It is disabled only for hidden volumes now, where it will clearly reveal some 
patterns which can help to reveal hidden volume existence.

Original comment by gmazyl...@gmail.com on 11 Jan 2014 at 9:18

• Changed state: Fixed