mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-05 16:00:05 +01:00
3106b4e2c1
Reported by `git ls-tree -rz --name-only | grep -Evz -e '\.(pdf|xz)$' -e ^po/ | xargs -r0 spellintian --`. All changes are documentation-related (comments, manuals, etc.) except for s/fial/fail/ in tests/unit-wipe-test. The remaining entry are AFAICT all false positives, mostly annotations such as `@param name name of xyz` or `struct foo foo`: $ git ls-tree -rz HEAD --name-only | grep -Evz -e '\.(pdf|xz)$' -e ^po/ | xargs -r0 spellintian -- COPYING.LGPL: "GNU Library Public License" -> "GNU Library General Public License" autogen.sh: echo echo (duplicate word) -> echo configure.ac: fi fi (duplicate word) -> fi docs/v1.7.2-ReleaseNotes: option option (duplicate word) -> option lib/crypto_backend/cipher_check.c: block block (duplicate word) -> block lib/libcryptsetup.h: name name (duplicate word) -> name lib/libcryptsetup.h: type type (duplicate word) -> type lib/libcryptsetup.h: passphrase passphrase (duplicate word) -> passphrase lib/libcryptsetup.h: flags flags (duplicate word) -> flags lib/libcryptsetup.h: password password (duplicate word) -> password lib/libcryptsetup.h: salt salt (duplicate word) -> salt lib/libcryptsetup.h: keyslot keyslot (duplicate word) -> keyslot lib/libcryptsetup.h: priority priority (duplicate word) -> priority lib/libcryptsetup.h: offset offset (duplicate word) -> offset lib/libcryptsetup.h: length length (duplicate word) -> length lib/libcryptsetup.h: keyfile keyfile (duplicate word) -> keyfile lib/libcryptsetup.h: token token (duplicate word) -> token lib/libcryptsetup.h: cipher cipher (duplicate word) -> cipher lib/libcryptsetup.h: size size (duplicate word) -> size lib/luks2/luks2_json_metadata.c: long long (duplicate word) -> long lib/luks2/luks2_keyslot_luks2.c: AFEKSize AFEKSize (duplicate word) -> AFEKSize lib/luks2/luks2_reencrypt.c: alignment alignment (duplicate word) -> alignment lib/luks2/luks2_reencrypt_digest.c: ptr ptr (duplicate word) -> ptr lib/luks2/luks2_reencrypt_digest.c: buffer buffer (duplicate word) -> buffer lib/luks2/luks2_segment.c: min min (duplicate word) -> min lib/verity/verity_fec.c: blocks blocks (duplicate word) -> blocks man/cryptsetup.8.adoc: LUKS LUKS (duplicate word) -> LUKS scripts/cryptsetup.conf.in: root root (duplicate word) -> root src/Makemodule.am: endif endif (duplicate word) -> endif src/cryptsetup.c: long long (duplicate word) -> long src/utils_args.c: long long (duplicate word) -> long tests/compat-test2: fi fi (duplicate word) -> fi tests/device-test: echo echo (duplicate word) -> echo tests/differ.c: long long (duplicate word) -> long tests/loopaes-test: done done (duplicate word) -> done tests/luks2-integrity-test: aead aead (duplicate word) -> aead tests/luks2-reencryption-test: fi fi (duplicate word) -> fi tests/mode-test: done done (duplicate word) -> done tests/password-hash-test: cat cat (duplicate word) -> cat tests/password-hash-test: fi fi (duplicate word) -> fi tests/unit-wipe.c: long long (duplicate word) -> long tests/verity-compat-test: done done (duplicate word) -> done tests/verity-compat-test: fi fi (duplicate word) -> fi tokens/ssh/cryptsetup-ssh.c: argp argp (duplicate word) -> argp tokens/ssh/cryptsetup-ssh.c: arguments arguments (duplicate word) -> arguments (Treated COPYING.LGPL as a false positive too since it's the exact text from https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html .)
122 lines
5.2 KiB
Plaintext
122 lines
5.2 KiB
Plaintext
Cryptsetup 2.0.3 Release Notes
|
|
==============================
|
|
Stable bug-fix release with new features.
|
|
|
|
Cryptsetup 2.x version introduces a new on-disk LUKS2 format.
|
|
|
|
The legacy LUKS (referenced as LUKS1) will be fully supported
|
|
forever as well as a traditional and fully backward compatible format.
|
|
|
|
Please note that authenticated disk encryption, non-cryptographic
|
|
data integrity protection (dm-integrity), use of Argon2 Password-Based
|
|
Key Derivation Function and the LUKS2 on-disk format itself are new
|
|
features and can contain some bugs.
|
|
|
|
To provide all security features of authenticated encryption, we need
|
|
a better nonce-reuse resistant algorithm in the kernel (see note below).
|
|
For now, please use authenticated encryption as an experimental feature.
|
|
|
|
Please do not use LUKS2 without properly configured backup or in
|
|
production systems that need to be compatible with older systems.
|
|
|
|
Changes since version 2.0.2
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
* Expose interface to unbound LUKS2 keyslots.
|
|
Unbound LUKS2 keyslot allows storing a key material that is independent
|
|
of master volume key (it is not bound to encrypted data segment).
|
|
|
|
* New API extensions for unbound keyslots (LUKS2 only)
|
|
crypt_keyslot_get_key_size() and crypt_volume_key_get()
|
|
These functions allow one to get key and key size for unbound keyslots.
|
|
|
|
* New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only).
|
|
|
|
* Add --unbound keyslot option to the cryptsetup luksAddKey command.
|
|
|
|
* Add crypt_get_active_integrity_failures() call to get integrity
|
|
failure count for dm-integrity devices.
|
|
|
|
* Add crypt_get_pbkdf_default() function to get per-type PBKDF default
|
|
setting.
|
|
|
|
* Add new flag to crypt_keyslot_add_by_key() to force update device
|
|
volume key. This call is mainly intended for a wrapped key change.
|
|
|
|
* Allow volume key store in a file with cryptsetup.
|
|
The --dump-master-key together with --master-key-file allows cryptsetup
|
|
to store the binary volume key to a file instead of standard output.
|
|
|
|
* Add support detached header for cryptsetup-reencrypt command.
|
|
|
|
* Fix VeraCrypt PIM handling - use proper iterations count formula
|
|
for PBKDF2-SHA512 and PBKDF2-Whirlpool used in system volumes.
|
|
|
|
* Fix cryptsetup tcryptDump for VeraCrypt PIM (support --veracrypt-pim).
|
|
|
|
* Add --with-default-luks-format configure time option.
|
|
(Option to override default LUKS format version.)
|
|
|
|
* Fix LUKS version conversion for detached (and trimmed) LUKS headers.
|
|
|
|
* Add luksConvertKey cryptsetup command that converts specific keyslot
|
|
from one PBKDF to another.
|
|
|
|
* Do not allow conversion to LUKS2 if LUKSMETA (external tool metadata)
|
|
header is detected.
|
|
|
|
* More cleanup and hardening of LUKS2 keyslot specific validation options.
|
|
Add more checks for cipher validity before writing metadata on-disk.
|
|
|
|
* Do not allow LUKS1 version downconversion if the header contains tokens.
|
|
|
|
* Add "paes" family ciphers (AES wrapped key scheme for mainframes)
|
|
to allowed ciphers.
|
|
Specific wrapped ley configuration logic must be done by 3rd party tool,
|
|
LUKS2 stores only keyslot material and allow activation of the device.
|
|
|
|
* Add support for --check-at-most-once option (kernel 4.17) to veritysetup.
|
|
This flag can be dangerous; if you can control underlying device
|
|
(you can change its content after it was verified) it will no longer
|
|
prevent reading tampered data and also it does not prevent silent
|
|
data corruptions that appear after the block was once read.
|
|
|
|
* Fix return code (EPERM instead of EINVAL) and retry count for bad
|
|
passphrase on non-tty input.
|
|
|
|
* Enable support for FEC decoding in veritysetup to check dm-verity devices
|
|
with additional Reed-Solomon code in userspace (verify command).
|
|
|
|
Unfinished things & TODO for next releases
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
* There will be better documentation and examples (planned for 2.0.4).
|
|
|
|
* There will be some more formal definition of the threat model for integrity
|
|
protection. (And a link to some papers discussing integrity protection,
|
|
once it is, hopefully, accepted and published.)
|
|
|
|
* Authenticated encryption will use new algorithms from CAESAR competition
|
|
https://competitions.cr.yp.to/caesar-submissions.html.
|
|
We plan to use AEGIS and MORUS, as CAESAR finalists.
|
|
|
|
NOTE: Currently available authenticated modes (GCM, Chacha20-poly1305)
|
|
in the kernel have too small 96-bit nonces that are problematic with
|
|
randomly generated IVs (the collision probability is not negligible).
|
|
|
|
* Authenticated encryption do not set encryption for a dm-integrity journal.
|
|
|
|
While it does not influence data confidentiality or integrity protection,
|
|
an attacker can get some more information from data journal or cause that
|
|
system will corrupt sectors after journal replay. (That corruption will be
|
|
detected though.)
|
|
|
|
* There are examples of user-defined tokens inside misc/luks2_keyslot_example
|
|
directory (like a simple external program that uses libssh to unlock LUKS2
|
|
using remote keyfile).
|
|
|
|
* The python binding (pycryptsetup) contains only basic functionality for LUKS1
|
|
(it is not updated for new features) and will be REMOVED in version 2.1
|
|
in favor of python bindings to the libblockdev library.
|
|
See https://github.com/storaged-project/libblockdev/releases/tag/2.17-1 that
|
|
already supports LUKS2 and VeraCrypt devices handling through libcryptsetup.
|