[dm-crypt] [ANNOUNCE] cryptsetup 1.6.0

Arno Wagner arno at wagner.name
Mon Jan 14 18:37:06 CET 2013


Nice! Compiles cleanly on my box and all checks are 
successful. This is Debian "squeeze" 64 bit with a
self-compiled kernel 3.4.25 from kernel.org.

I am also preparing an FAQ entry that recaps the 
discussion of AES128-XTS vs. AES256-XTS. 

Arno 

On Mon, Jan 14, 2013 at 12:19:36PM +0100, Milan Broz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> The stable cryptsetup 1.6.0 release is available at
> 
>    http://code.google.com/p/cryptsetup/
> 
> Feedback and bug reports are welcomed.
> 
> 
> Cryptsetup 1.6.0 Release Notes
> ==============================
> 
> Changes since version 1.6.0-rc1
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
>  * Change LUKS default cipher to to use XTS encryption mode,
>    aes-xts-plain64 (i.e. using AES128-XTS).
> 
>    XTS mode becomes standard in hard disk encryption.
> 
>    You can still use any old mode:
> 
>     - compile cryptsetup with old default:
>       configure --with-luks1-cipher=aes --with-luks1-mode=cbc-essiv:sha256 --with-luks1-keybits=256
> 
>     - format LUKS device with old default:
>       cryptsetup luksFormat -c aes-cbc-essiv:sha256 -s 256 <device>
> 
>  * Skip tests and fix error messages if running on old systems (or with old kernel).
> 
>  * Rename configure.in to configure.ac, fix issues with new automake and pkgconfig
>    and --disable-kernel_crypto option to allow compilation with old kernel headers.
> 
>  * Allow repair of 512 bits key header.
> 
>  * Fix status of device if path argument is used and fix double path prefix
>    for non-existent device path.
> 
> 
> Changes since version 1.5.1
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> Important changes
> ~~~~~~~~~~~~~~~~~
> 
>  * Cryptsetup and libcryptsetup is now released under GPLv2+
>    (GPL version 2 or any later).
>    Some internal code handling files (loopaes, verity, tcrypt
>    and crypto backend wrapper) are LGPLv2+.
> 
>    Previously code was GPL version 2 only.
> 
> 
>  * Introducing new unified command open and close.
> 
>    Example:
>       cryptsetup open --type plain|luks|loopaes|tcrypt <device> <name>
>       (type defaults to luks)
> 
>    with backward-compatible aliases plainOpen, luksOpen, loopaesOpen,
>    tcryptOpen. Basically "open --type xyz" has alias "xyzOpen".
> 
>    The "create" command (plain device create) is DEPRECATED but will
>    be still supported.
>    (This command is confusing because of switched arguments order.)
> 
>    The close command is generic command to remove mapping and have
>    backward compatible aliases (remove, luksClose, ...) which behaves
>    exactly the same.
> 
>    While all old syntax is still supported, I strongly suggest to use
>    new command syntax which is common for all device types (and possible
>    new formats added in future).
> 
> 
>  * cryptsetup now support directly TCRYPT (TrueCrypt and compatible tc-play)
>    on-disk format
>    (Code is independent implementation not related to original project).
> 
>    Only dump (tcryptDump command) and activation (open --type tcrypt or tcryptOpen)
>    of TCRYPT device are supported. No header changes are supported.
> 
>    It is intended to easily access containers shared with other operating systems
>    without need to install 3rd party software. For native Linux installations LUKS
>    is the preferred format.
> 
>    WARNING: TCRYPT extension requires kernel userspace crypto API to be
>    available (introduced in Linux kernel 2.6.38).
>    If you are configuring kernel yourself, enable "User-space interface
>    for symmetric key cipher algorithms" in "Cryptographic API" section
>    (CRYPTO_USER_API_SKCIPHER .config option).
> 
>    Because  TCRYPT  header  is encrypted, you have to always provide valid
>    passphrase and keyfiles. Keyfiles are handled exactly the same as in original
>    format (basically, first 1MB of every keyfile is mixed using CRC32 into pool).
> 
>    Cryptsetup should recognize all TCRYPT header variants ever released, except
>    legacy  cipher chains  using LRW encryption mode with 64 bits encryption block
>    (namely Blowfish in LRW mode is not recognized, this is limitation of kernel
>    crypto API).
> 
>    Device activation is supported only for LRW/XTS modes (again, limitation
>    of kernel dmcrypt which do not implements TCRYPT extensions to CBC mode).
>    (So old containers cannot be activated, but you can use libcryptsetup
>    for lost password search, example of such code is included in misc directory.)
> 
>    Hidden headers are supported using --tcrypt-hidden option, system encryption
>    using --tcrypt-system option.
> 
>    For detailed description see man page.
> 
>    EXAMPLE:
>      * Dump device parameters of container in file:
> 
>      # cryptsetup tcryptDump tst
>        Enter passphrase: 
> 
>      TCRYPT header information for tst
>      Version:        5
>      Driver req.:    7
>      Sector size:    512
>      MK offset:      131072
>      PBKDF2 hash:    sha512
>      Cipher chain:   serpent-twofish-aes
>      Cipher mode:    xts-plain64
>      MK bits:        1536
> 
>      You can also dump master key using --dump-master-key.
>      Dump does not require superuser privilege.
> 
>      * Activation of this container
> 
>      # cryptsetup tcryptOpen tst tcrypt_dev
>        Enter passphrase: 
>       (Chain of dmcrypt devices is activated as /dev/mapper/tcrypt_dev.)
> 
>      * See status of active TCRYPT device
> 
>      # cryptsetup status tcrypt_dev
> 
>      /dev/mapper/tcrypt_dev is active.
>      type:    TCRYPT
>      cipher:  serpent-twofish-aes-xts-plain64
>      keysize: 1536 bits
>      device:  /dev/loop0
>      loop:    /tmp/tst
>      offset:  256 sectors
>      size:    65024 sectors
>      skipped: 256 sectors
>      mode:    read/write
> 
>     * And plaintext filesystem now ready to mount
> 
>     # blkid /dev/mapper/tcrypt_dev
>     /dev/mapper/tcrypt_dev: SEC_TYPE="msdos" UUID="9F33-2954" TYPE="vfat"
> 
> 
>  * Add (optional) support for lipwquality for new LUKS passwords.
> 
>    If password is entered through terminal (no keyfile specified)
>    and cryptsetup is compiled with --enable-pwquality, default
>    system pwquality settings are used to check password quality.
> 
>    You can always override this check by using new --force-password option.
> 
>    For more info about pwquality project see http://libpwquality.fedorahosted.org/
> 
> 
>  * Proper handle interrupt signals (ctrl+c and TERM signal) in tools
> 
>    Code should now handle interrupt properly, release and explicitly wipe
>    in-memory key materials on interrupt.
>    (Direct users of libcryptsetup should always call crypt_free() when
>    code is interrupted to wipe all resources. There is no signal handling
>    in library, it is up to the tool using it.)
> 
>  
>  * Add new benchmark command
> 
>    The "benchmark" command now tries to benchmark PBKDF2 and some block
>    cipher variants. You can specify you own parameters (--cipher/--key-size
>    for block ciphers, --hash for PBKDF2).
> 
>    See man page for detailed description.
> 
>    WARNING: benchmark command requires kernel userspace crypto API to be
>    available (introduced in Linux kernel 2.6.38).
>    If you are configuring kernel yourself, enable "User-space interface
>    for symmetric key cipher algorithms" in "Cryptographic API" section
>    (CRYPTO_USER_API_SKCIPHER .config option).
> 
>    EXAMPLE:
>      # cryptsetup benchmark
>      # Tests are approximate using memory only (no storage IO).
>      PBKDF2-sha1       111077 iterations per second
>      PBKDF2-sha256      53718 iterations per second
>      PBKDF2-sha512      18832 iterations per second
>      PBKDF2-ripemd160   89775 iterations per second
>      PBKDF2-whirlpool   23918 iterations per second
>             #  Algorithm | Key | Encryption | Decryption
>           aes-cbc   128b  212.0 MiB/s  428.0 MiB/s
>       serpent-cbc   128b   23.1 MiB/s   66.0 MiB/s
>       twofish-cbc   128b   46.1 MiB/s   50.5 MiB/s
>           aes-cbc   256b  163.0 MiB/s  350.0 MiB/s
>       serpent-cbc   256b   23.1 MiB/s   66.0 MiB/s
>       twofish-cbc   256b   47.0 MiB/s   50.0 MiB/s
>           aes-xts   256b  190.0 MiB/s  190.0 MiB/s
>       serpent-xts   256b   58.4 MiB/s   58.0 MiB/s
>       twofish-xts   256b   49.0 MiB/s   49.5 MiB/s
>           aes-xts   512b  175.0 MiB/s  175.0 MiB/s
>       serpent-xts   512b   59.0 MiB/s   58.0 MiB/s
>       twofish-xts   512b   48.5 MiB/s   49.5 MiB/s
> 
>      Or you can specify cipher yourself:
>      # cryptsetup benchmark --cipher cast5-cbc-essiv:sha256 -s 128
>      # Tests are approximate using memory only (no storage IO).
>      #  Algorithm | Key | Encryption | Decryption
>         cast5-cbc   128b   32.4 MiB/s   35.0 MiB/s
> 
>      WARNING: these tests do not use dmcrypt, only crypto API.
>      You have to benchmark the whole device stack and you can get completely
>      different results. But is is usable for basic comparison.
>      (Note for example AES-NI decryption optimization effect in example above.)
> 
> Features
> ~~~~~~~~
> 
>  * Do not maintain ChangeLog file anymore, see git log for detailed changes,
>    e.g. here http://code.google.com/p/cryptsetup/source/list
> 
>  * Move change key into library, add crypt_keyslot_change_by_passphrase().
>    This change is useful mainly in FIPS mode, where we cannot
>    extract volume key directly from libcryptsetup.
> 
>  * Add verbose messages during reencryption.
> 
>  * Default LUKS PBKDF2 iteration time is now configurable.
> 
>  * Add simple cipher benchmarking API.
> 
>  * Add kernel skcipher backend.
> 
>  * Add CRC32 implementation (for TCRYPT).
> 
>  * Move PBKDF2 into crypto backend wrapper.
>    This allows use it in other formats, use library implementations and
>    also possible use of different KDF function in future.
> 
>  * New PBKDF2 benchmark using getrusage().
> 
> Fixes
> ~~~~~
> 
>  * Avoid O_DIRECT open if underlying storage doesn't support it.
> 
>  * Fix some non-translated messages.
> 
>  * Fix regression in header backup (1.5.1) with container in file.
> 
>  * Fix blockwise read/write for end writes near end of device.
>    (was not used in previous versions)
> 
>  * Ignore setpriority failure.
> 
>  * Code changes to fix/ignore problems found by Coverity static analysis, including
>    - Get page size should never fail.
>    - Fix time of check/use (TOCTOU test) in tools
>    - Fix time of check/use in loop/wipe utils.
>    - Fix time of check/use in device utils.
> 
>  * Disallow header restore if context is non-LUKS device.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> 
> iQIcBAEBCAAGBQJQ8+m8AAoJENmwV3vZPpj8sfsP/A/hE/jJQ57V3p/cZStjw2Vl
> 06pzQL34PnjPMTO6JvPtjEQVhHkEBzRrQuB0O6cOD57SO6Ew1H4zotk2ZywiRBei
> f6OK0R/SlhT1zqs1VgNi9ZCvkpO7bnxSbGkP7DMX5yZsiZTfjVlVFzq2mw2X5yJV
> AcjRZ7iWrjiLA7aOY3NvPY72FcWkHWlG7qw2BIKFUQ9+EvXJQByNoEOsiuYtmmo+
> smdPocX5ZtpPNEmpNe3M2JeCX6WBFZSX+hRRsx+AE8WOgf5ZJY6Z32fvphx8bxJA
> 44lAJukhBI3EUpNmwCTTZKnNceWZlNqPVnJbk+MrcC1/T8+OfqDsB2UZaawkMI8I
> eat+fEB1L2bW7rAjpQekxvx/+uu8HGVJ6FrANcPB+lJ6juf3WQOhBUzTfsHFX0fJ
> ctYYYIdOdZEeWzwCD/o0LVunCwef/dOcOWjp3HMZMHXlqwotpVClK+6+5BnUJimA
> xRUye32jBb11OayqQYJtDnJL46nMtSfGGvbq1sh/w+AfRbsjUqG1pjJ5gXuRk8jV
> 3/90d0td2yucXd6oCcCdVd0QHZDw6deIYp15Nmbleur7vZ0y/TuGc74mUrYuTGQ8
> 5Qh9tmJE+XH3pwf4VqD7/vdG/3k7z9/9fEzzHngejzj379cOAJCG44NxoGqloCel
> PHTgWOW5aGnL/QZUqAjz
> =2T+g
> -----END PGP SIGNATURE-----
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell


More information about the dm-crypt mailing list