Re: [dm-crypt] [ANNOUNCE] cryptsetup 1.4.0-rc1 (test release candidate)

[Arno Wagner <arno@wagner.name>]

On Mon, Oct 10, 2011 at 09:25:07PM +0200, Milan Broz wrote:
> 
> The first cryptsetup 1.4.0-rc1 release candidate is available at
> 
>    http://code.google.com/p/cryptsetup/
> 
> Feedback and bug reports are welcomed.
> 
> 
> Cryptsetup 1.4.0 Release Notes
> ==============================
> 
> Changes since version 1.3.1
> 
> Important changes
> ~~~~~~~~~~~~~~~~~
> 
> WARNING: This release removes old deprecated API from libcryptsetup
>          (all functions using struct crypt_options).
> 
>          This require libcrypsetup version change and
>          rebuild of applications using cryptsetup library.
>          All new API symbols are backward compatible.
> 
> * If device is not rotational disk, cryptsetup no longer tries
>   to wipe keyslot with Gutmann algorithm for magnetic media erase
>   but simply rewrites area once by random data.

Hmm. How do you determine that? Not that I see any fundamental
problem,
 
> * The on-disk LUKS header can now be detached (e.g. placed on separate
>   device or in file) using new --header option.

Nice!

>   This option is only relevant for LUKS devices and can be used in
>   luksFormat, luksOpen, luksSuspend, luksResume and resize commands.
> 
>   If used with luksFormat the --align-payload option is taken
>   as absolute sector alignment on ciphertext device and can be zero.
> 
>   Example:
>     Create LUKS device with ciphertext device on /dev/sdb and header
>     on device /dev/sdc. Use all space on /dev/sdb (no reserved area for header).
> 
>           cryptsetup luksFormat /dev/sdb --header /dev/sdc --align-payload 0
> 
>    Activate such device:
>           cryptsetup luksOpen /dev/sdb --header /dev/sdc test_disk
> 
>    You can use file for LUKS header (loop device will be used while
>    manipulating with such detached header), just you have to create
>    large enough file in advance.
> 
>           dd if=/dev/zero of=/mnt/luks_header bs=1M count=4
>           cryptsetup luksFormat /dev/sdb --header /mnt/luks_header --align-payload 0
> 
>    Activation is the same as above.
> 
>           cryptsetup luksOpen /dev/sdb --header /mnt/luks_header test_disk
> 
>    All keyslot operations need to be run on _header_ not on ciphertext device,
>    an example:
> 
>           cryptsetup luksAddKey /mnt/luks_header
> 
>    If you do not use --align-payload 0, you can later restore LUKS header
>    on device itself (and use it as normal LUKS device without detached header).
> 
>    WARNING: There is no possible check that specified ciphertext device
>             matches detached on-disk header. Use with care, it can destroy
>             your data in case of a mistake.

It should refuse to mount though, just like a plain dm-crypt
device if you enter the wrong passphrase.

>    WARNING: Storing LUKS header in a file means that anti-forensic splitter
>             cannot properly work (there is filesystem allocation layer between
>             header and disk).

You mean the splitted data may end up all over the disk making
wiping problematic, especially if the filesystem does "overwrites" 
to different places?

> * Support --enable-discards option to allow discards/TRIM requests.
> 
>    Since kernel 3.1, dm-crypt devices optionally (not by default) support
>    block discards (TRIM) comands.
>    If you want to enable this operation, you have to enable it manually
>    on every activation using --enable-discards
> 
>           cryptsetup luksOpen --enable-discards /dev/sdb test_disk
> 
>    WARNING: There are several security consequences, please read at least
>             http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html
>             before you enable it.
> 
> * Add --shared option for creating non-overlapping crypt segments.
> 
>    The --shared options checks that mapped segments are not overlapping
>    and allows non-exclusive access to underlying device.
>    Only plain crypt devices can be used in this mode.
> 
>    Example - map 64M of device disk and following 32 M area as another disk.
> 
>      cryptsetup create outer_disk /dev/sdb --offset 0 --size 65536
>      cryptsetup create inner_disk /dev/sdb --offset 65536 --size 32768 --shared
> 
>  (It can be used to simulate trivial hidden disk concepts.)
> 
> libcryptsetup API changes:
>   * Added options to suport detached metadata device
>      crypt_init_by_name_and_header()
>      crypt_set_data_device()
>   * Add crypt_last_error() API call.
>   * Fix plain crypt format parameters to include size option.
>   * Add crypt_get_iv_offset() function.
> 
>   * Remove old API functions (all functions using crypt_options).
> 
> * Support key-slot option for luksOpen (use only explicit keyslot).
> 
>    You can now specify key slot in luksOpen and limit checking
>    only to specified slot.
> 
> * Support retries and timeout parameters for luksSuspend.
>   (The same way as in luksOpen.)
> 
> * Add doxygen-like documentation (it will be available on project page later).
>   (To generate it manually run doxygen in docs directory.)
> 
> Other changes
> ~~~~~~~~~~~~~
> * Fix crypt_load to properly check device size.
> * Do not allow context format of already formatted device.
> * Do not allow key retrieval while suspended (key could be wiped).
> * Do not allow suspend for non-LUKS devices.
> * Fix luksKillSLot exit code if slot is inactive or invalid.
> * Fix exit code if passphrases do not match in luksAddKey.
> * Fix return code for status command when device doesn't exists.
> * Support Nettle 2.4 crypto backend (supports ripemd160).
> * Add LUKS on-disk format description into package.

Good.

> * Enhance check of device size before writing LUKS header.

To prevent problems if the device is smaller than the header?

> * Add more paranoid checks for LUKS header and keyslot attributes.
> * Use new /dev/loop-control (kernel 3.1) if possible.
> * Remove hash/hmac restart from crypto backend and make it part of hash/hmac final.
> * Improve check for invalid offset and size values.
> * Revert default initialisation of volume key in crypt_init_by_name().
> * Add more regression tests.
> * Add some libcryptsetup example files (see docs/examples).

Good.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier