From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail-wm0-x22c.google.com (mail-wm0-x22c.google.com
 [IPv6:2a00:1450:400c:c09::22c])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Mon, 14 Mar 2016 23:27:48 +0100 (CET)
Received: by mail-wm0-x22c.google.com with SMTP id p65so120817131wmp.1
 for <dm-crypt@saout.de>; Mon, 14 Mar 2016 15:27:48 -0700 (PDT)
Received: from [192.168.2.28] (218.83.broadband9.iol.cz. [90.176.83.218])
 by smtp.gmail.com with ESMTPSA id z127sm18032456wme.5.2016.03.14.15.27.47
 for <dm-crypt@saout.de>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 14 Mar 2016 15:27:47 -0700 (PDT)
References: <20160314152130.GF21198@redhat.com>
 <56E709E2.4010004@whgl.uni-frankfurt.de> <56E716EF.2080709@gmail.com>
 <56E72C09.9000903@whgl.uni-frankfurt.de>
From: Milan Broz <gmazyland@gmail.com>
Message-ID: <56E73AE2.9020404@gmail.com>
Date: Mon, 14 Mar 2016 23:27:46 +0100
MIME-Version: 1.0
In-Reply-To: <56E72C09.9000903@whgl.uni-frankfurt.de>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Some questions/clarifications around the LUKS spec
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 03/14/2016 10:24 PM, Sven Eschenberg wrote:

> Updating a spec needs more than just mentioning something. Esp. changes 
> may not be incompatible to previous revisions. If changes are 
> incompatible, a new version is needed (instead of a simple revision). A 
> change to the list of valid values as well as the change in offset 
> calculation to meet alignment requirements are indeed incompatible to 
> the original specification for the v1 header, like it or not. Thus, by 
> introducing these changes, a new version of the on disk format was 
> introduced and this should have been reflected by reversioning the 
> header as well. Having multiple possible specs for the same 
> magic+version is something one really should not go for.

On-disk format should be backward compatible since cryptsetup 1.0.1,
no change in version is needed.
(But there were bugs - so nobody should use such old versions.)

Algorithm support is always dynamic thing (you can blacklist kernel
module, run in FIPS mode that allows only NIST friendly algorithms...)
So "mandatory" list for LUKS does not make sense in reality.

Offset calculation for keyslot is the same as well ... but reading
that pseudo-algorithm in spec - the slot alignment to 4k diverged
in 1.0 -> 1.0.1 (2005). Clemens probably forgot to update spec here,
so this is IMHO bug in spec (and I missed this).

(Cryptsetup can still open old sector-aligned version - despite this version
was never in any distro.)
 
User data alignment was always read from header, it was never calculated
and I think spec expect it this way.

Milan