| Cryptsetup 1.6.0 Release Notes |
| ============================== |
| |
| Changes since version 1.6.0-rc1 |
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| |
| * Change LUKS default cipher to to use XTS encryption mode, |
| aes-xts-plain64 (i.e. using AES128-XTS). |
| |
| XTS mode becomes standard in hard disk encryption. |
| |
| You can still use any old mode: |
| - compile cryptsetup with old default: |
| configure --with-luks1-cipher=aes --with-luks1-mode=cbc-essiv:sha256 --with-luks1-keybits=256 |
| - format LUKS device with old default: |
| cryptsetup luksFormat -c aes-cbc-essiv:sha256 -s 256 <device> |
| |
| |
| * Skip tests and fix error messages if running on old systems (or with old kernel). |
| |
| * Rename configure.in to configure.ac and fix issues with new automake and pkgconfig |
| and --disable-kernel_crypto option to allow compilation with old kernel headers. |
| |
| * Allow repair of 512 bits key header. |
| |
| * Fix status of device if path argument is used and fix double path prefix |
| for non-existent device path. |
| |
| |
| Changes since version 1.5.1 |
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| |
| Important changes |
| ~~~~~~~~~~~~~~~~~ |
| |
| * Cryptsetup and libcryptsetup is now released under GPLv2+ |
| (GPL version 2 or any later). |
| Some internal code handling files (loopaes, verity, tcrypt |
| and crypto backend wrapper) are LGPLv2+. |
| |
| Previously code was GPL version 2 only. |
| |
| |
| * Introducing new unified command open and close. |
| |
| Example: |
| cryptsetup open --type plain|luks|loopaes|tcrypt <device> <name> |
| (type defaults to luks) |
| |
| with backward-compatible aliases plainOpen, luksOpen, loopaesOpen, |
| tcryptOpen. Basically "open --type xyz" has alias "xyzOpen". |
| |
| The "create" command (plain device create) is DEPRECATED but will |
| be still supported. |
| (This command is confusing because of switched arguments order.) |
| |
| The close command is generic command to remove mapping and have |
| backward compatible aliases (remove, luksClose, ...) which behaves |
| exactly the same. |
| |
| While all old syntax is still supported, I strongly suggest to use |
| new command syntax which is common for all device types (and possible |
| new formats added in future). |
| |
| |
| * cryptsetup now support directly TCRYPT (TrueCrypt and compatible tc-play) |
| on-disk format |
| (Code is independent implementation not related to original project). |
| |
| Only dump (tcryptDump command) and activation (open --type tcrypt or tcryptOpen) |
| of TCRYPT device are supported. No header changes are supported. |
| |
| It is intended to easily access containers shared with other operating systems |
| without need to install 3rd party software. For native Linux installations LUKS |
| is the preferred format. |
| |
| WARNING: TCRYPT extension requires kernel userspace crypto API to be |
| available (introduced in Linux kernel 2.6.38). |
| If you are configuring kernel yourself, enable "User-space interface |
| for symmetric key cipher algorithms" in "Cryptographic API" section |
| (CRYPTO_USER_API_SKCIPHER .config option). |
| |
| Because TCRYPT header is encrypted, you have to always provide valid |
| passphrase and keyfiles. Keyfiles are handled exactly the same as in original |
| format (basically, first 1MB of every keyfile is mixed using CRC32 into pool). |
| |
| Cryptsetup should recognize all TCRYPT header variants ever released, except |
| legacy cipher chains using LRW encryption mode with 64 bits encryption block |
| (namely Blowfish in LRW mode is not recognized, this is limitation of kernel |
| crypto API). |
| |
| Device activation is supported only for LRW/XTS modes (again, limitation |
| of kernel dmcrypt which do not implements TCRYPT extensions to CBC mode). |
| (So old containers cannot be activated, but you can use libcryptsetup |
| for lost password search, example of such code is included in misc directory.) |
| |
| Hidden header are supported using --tcrypt-hidden option, system encryption |
| using --tcrypt-system option. |
| |
| For detailed description see man page. |
| |
| EXAMPLE: |
| * Dump device parameters of container in file: |
| |
| # cryptsetup tcryptDump tst |
| Enter passphrase: |
| |
| TCRYPT header information for tst |
| Version: 5 |
| Driver req.: 7 |
| Sector size: 512 |
| MK offset: 131072 |
| PBKDF2 hash: sha512 |
| Cipher chain: serpent-twofish-aes |
| Cipher mode: xts-plain64 |
| MK bits: 1536 |
| |
| You can also dump master key using --dump-master-key. |
| Dump does not require superuser privilege. |
| |
| * Activation of this container |
| |
| # cryptsetup tcryptOpen tst tcrypt_dev |
| Enter passphrase: |
| (Chain of dmcrypt devices is activated as /dev/mapper/tcrypt_dev.) |
| |
| * See status of active TCRYPT device |
| |
| # cryptsetup status tcrypt_dev |
| |
| /dev/mapper/tcrypt_dev is active. |
| type: TCRYPT |
| cipher: serpent-twofish-aes-xts-plain64 |
| keysize: 1536 bits |
| device: /dev/loop0 |
| loop: /tmp/tst |
| offset: 256 sectors |
| size: 65024 sectors |
| skipped: 256 sectors |
| mode: read/write |
| |
| * And plaintext filesystem now ready to mount |
| |
| # blkid /dev/mapper/tcrypt_dev |
| /dev/mapper/tcrypt_dev: SEC_TYPE="msdos" UUID="9F33-2954" TYPE="vfat" |
| |
| |
| * Add (optional) support for lipwquality for new LUKS passwords. |
| |
| If password is entered through terminal (no keyfile specified) |
| and cryptsetup is compiled with --enable-pwquality, default |
| system pwquality settings are used to check password quality. |
| |
| You can always override this check by using new --force-password option. |
| |
| For more info about pwquality project see http://libpwquality.fedorahosted.org/ |
| |
| |
| * Proper handle interrupt signals (ctrl+c and TERM signal) in tools |
| |
| Code should now handle interrupt properly, release and explicitly wipe |
| in-memory key materials on interrupt. |
| (Direct users of libcryptsetup should always call crypt_free() when |
| code is interrupted to wipe all resources. There is no signal handling |
| in library, it is up to the tool using it.) |
| |
| |
| * Add new benchmark command |
| |
| The "benchmark" command now tries to benchmark PBKDF2 and some block |
| cipher variants. You can specify you own parameters (--cipher/--key-size |
| for block ciphers, --hash for PBKDF2). |
| |
| See man page for detailed description. |
| |
| WARNING: benchmark command requires kernel userspace crypto API to be |
| available (introduced in Linux kernel 2.6.38). |
| If you are configuring kernel yourself, enable "User-space interface |
| for symmetric key cipher algorithms" in "Cryptographic API" section |
| (CRYPTO_USER_API_SKCIPHER .config option). |
| |
| EXAMPLE: |
| # cryptsetup benchmark |
| # Tests are approximate using memory only (no storage IO). |
| PBKDF2-sha1 111077 iterations per second |
| PBKDF2-sha256 53718 iterations per second |
| PBKDF2-sha512 18832 iterations per second |
| PBKDF2-ripemd160 89775 iterations per second |
| PBKDF2-whirlpool 23918 iterations per second |
| # Algorithm | Key | Encryption | Decryption |
| aes-cbc 128b 212.0 MiB/s 428.0 MiB/s |
| serpent-cbc 128b 23.1 MiB/s 66.0 MiB/s |
| twofish-cbc 128b 46.1 MiB/s 50.5 MiB/s |
| aes-cbc 256b 163.0 MiB/s 350.0 MiB/s |
| serpent-cbc 256b 23.1 MiB/s 66.0 MiB/s |
| twofish-cbc 256b 47.0 MiB/s 50.0 MiB/s |
| aes-xts 256b 190.0 MiB/s 190.0 MiB/s |
| serpent-xts 256b 58.4 MiB/s 58.0 MiB/s |
| twofish-xts 256b 49.0 MiB/s 49.5 MiB/s |
| aes-xts 512b 175.0 MiB/s 175.0 MiB/s |
| serpent-xts 512b 59.0 MiB/s 58.0 MiB/s |
| twofish-xts 512b 48.5 MiB/s 49.5 MiB/s |
| |
| Or you can specify cipher yourself: |
| # cryptsetup benchmark --cipher cast5-cbc-essiv:sha256 -s 128 |
| # Tests are approximate using memory only (no storage IO). |
| # Algorithm | Key | Encryption | Decryption |
| cast5-cbc 128b 32.4 MiB/s 35.0 MiB/s |
| |
| WARNING: these tests do not use dmcrypt, only crypto API. |
| You have to benchmark the whole device stack and you can get completely |
| different results. But is is usable for basic comparison. |
| (Note for example AES-NI decryption optimization effect in example above.) |
| |
| Features |
| ~~~~~~~~ |
| |
| * Do not maintain ChangeLog file anymore, see git log for detailed changes, |
| e.g. here http://code.google.com/p/cryptsetup/source/list |
| |
| * Move change key into library, add crypt_keyslot_change_by_passphrase(). |
| This change is useful mainly in FIPS mode, where we cannot |
| extract volume key directly from libcryptsetup. |
| |
| * Add verbose messages during reencryption. |
| |
| * Default LUKS PBKDF2 iteration time is now configurable. |
| |
| * Add simple cipher benchmarking API. |
| |
| * Add kernel skcipher backend. |
| |
| * Add CRC32 implementation (for TCRYPT). |
| |
| * Move PBKDF2 into crypto backend wrapper. |
| This allows use it in other formats, use library implementations and |
| also possible use of different KDF function in future. |
| |
| * New PBKDF2 benchmark using getrusage(). |
| |
| Fixes |
| ~~~~~ |
| |
| * Avoid O_DIRECT open if underlying storage doesn't support it. |
| |
| * Fix some non-translated messages. |
| |
| * Fix regression in header backup (1.5.1) with container in file. |
| |
| * Fix blockwise read/write for end writes near end of device. |
| (was not used in previous versions) |
| |
| * Ignore setpriority failure. |
| |
| * Code changes to fix/ignore problems found by Coverity static analysis, including |
| - Get page size should never fail. |
| - Fix time of check/use (TOCTOU test) in tools |
| - Fix time of check/use in loop/wipe utils. |
| - Fix time of check/use in device utils. |
| |
| * Disallow header restore if context is non-LUKS device. |