From 98bb3da708a475ff67dc019fddcb307d18856e5f Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 17 Apr 2024 10:35:42 +0200 Subject: Merging debian version 2:2.7.0-1. Signed-off-by: Daniel Baumann --- debian/changelog | 77 +++++++++- debian/control | 2 +- debian/cryptsetup-bin.NEWS | 18 +++ debian/cryptsetup-suspend.lintian-overrides | 2 - debian/initramfs/hooks/cryptroot | 2 +- debian/libcryptsetup12.symbols | 12 ++ ...al-memory-available-also-in-PBKDF-benchma.patch | 74 ---------- ...en-keyslot-requires-more-memory-than-avai.patch | 49 ------- ...-killer-on-low-memory-systems-without-swa.patch | 163 --------------------- ...-detected-free-memory-on-systems-without-.patch | 43 ------ debian/patches/series | 4 - debian/tests/control | 4 + debian/tests/cryptdisks | 6 +- debian/tests/cryptdisks.init | 2 +- debian/tests/crypto-backend | 66 +++++++++ debian/tests/cryptroot-nested.d/preinst | 2 +- debian/tests/cryptroot-nested.d/setup | 4 +- debian/tests/utils/mock.pm | 28 +++- 18 files changed, 208 insertions(+), 350 deletions(-) delete mode 100644 debian/cryptsetup-suspend.lintian-overrides delete mode 100644 debian/patches/Check-for-physical-memory-available-also-in-PBKDF-benchma.patch delete mode 100644 debian/patches/Print-warning-when-keyslot-requires-more-memory-than-avai.patch delete mode 100644 debian/patches/Try-to-avoid-OOM-killer-on-low-memory-systems-without-swa.patch delete mode 100644 debian/patches/Use-only-half-of-detected-free-memory-on-systems-without-.patch delete mode 100644 debian/patches/series create mode 100755 debian/tests/crypto-backend diff --git a/debian/changelog b/debian/changelog index 1666b8f..d15ff89 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,55 @@ +cryptsetup (2:2.7.0-1) unstable; urgency=medium + + * Upload to unstable. + * Revert "d/gbp.conf: Set ‘debian-branch = debian/experimental’." + * Revert "Use OpenSSL's own argon2 implementation" (since sid doesn't have + OpenSSL 3.2 yet). + * Revert "d/control: cryptsetup Depends: Bump minimum cryptsetup-bin version + to 2.7~." + * Revert "d/cryptsetup.lintian-overrides: Ignore ‘conflicts-with-version + cryptsetup-nuke-password’." + * Revert "d/cryptsetup.lintian-overrides: Remove unused overrides." + * Revert "/lib/cryptsetup/askpass: coordinated move to /usr for DEP17" + + -- Guilhem Moulin Mon, 26 Feb 2024 12:50:46 +0100 + +cryptsetup (2:2.7.0-1+exp) experimental; urgency=medium + + * New upstream release. + + [ Guilhem Moulin ] + * d/control: cryptsetup Depends: Bump minimum cryptsetup-bin version to 2.7~. + * d/control: Build-Depends: Replace pkg-config with pkgconf. + * d/cryptsetup-suspend.lintian-overrides: Remove alien tag. + * d/cryptsetup.lintian-overrides: Remove unused overrides. + * d/cryptsetup.lintian-overrides: Add override ‘conflicts-with-version + cryptsetup-nuke-password’. + * d/t/cryptroot-*: Fix DEP-8 tests with QEMU 8.2. + + [ Helmut Grohne ] + * /lib/cryptsetup/askpass: coordinated move to /usr for DEP17. + (Closes: #1060270) + + -- Guilhem Moulin Mon, 26 Feb 2024 11:57:19 +0100 + +cryptsetup (2:2.7.0~rc1-1) experimental; urgency=medium + + * New upstream release candidate. + * d/gbp.conf: Set ‘debian-branch = debian/experimental’. + * Add new DEP-8 test to check crypto backend flags. (And whether system + libargon2 is used.) + * Use OpenSSL's own argon2 implementation rather than libargon2. This drops + libargon2 from (Build-)Depends and bumps the minimum required OpenSSL + version to 3.2. + + -- Guilhem Moulin Wed, 20 Dec 2023 18:28:36 +0100 + +cryptsetup (2:2.7.0~rc0-2) experimental; urgency=medium + + Rebuild for experimental. + + -- Guilhem Moulin Tue, 05 Dec 2023 21:11:42 +0100 + cryptsetup (2:2.6.1-6~progress7.99u1) graograman-backports; urgency=medium * Initial reupload to graograman-backports. @@ -13,7 +65,7 @@ cryptsetup (2:2.6.1-6~progress7.99u1) graograman-backports; urgency=medium cryptsetup (2:2.6.1-6) unstable; urgency=medium [ Kevin Locke ] - * cryptsetup-initramfs: Add support from compressed kernel modules. + * cryptsetup-initramfs: Add support for compressed kernel modules. (Closes: #1036049, #1057441) [ Guilhem Moulin ] @@ -23,6 +75,29 @@ cryptsetup (2:2.6.1-6) unstable; urgency=medium -- Guilhem Moulin Tue, 05 Dec 2023 17:48:58 +0100 +cryptsetup (2:2.7.0~rc0-1) experimental; urgency=medium + + * New upstream release candidate 2.7.0: + + Add support for (opt-in) hardware OPAL disk encryption. + + plain mode: Set default cipher to aes-xts-plain64 and password hashing + to sha256. This is a backward incompatible change for plain mode when + relying on the defaults. It doesn't affect LUKS volumes. Defaults for + plain mode should not be relied upon anyway; for many releases the + Debian wrappers found in the ‘cryptsetup’ binary package spew a loud + warning when ‘cipher=’ or ‘hash=’ are not explicitly specified in the + crypttab(5) options of plain devices. The cryptsetup(8) executable now + issue such a warning as well. + + Allow activation (open), luksResume, and luksAddKey to use the volume + key stored in a keyring. + + Allow one to store volume key to a user-specified keyring in open and + luksResume commands. + * Update d/libcryptsetup12.symbols. + * Remove d/patches applied upstream. + * Update debian/* to reflect current cipher and hash for plain mode. + * d/tests: Replace `passwd --delete` with `busybox passwd -d`. + + -- Guilhem Moulin Wed, 29 Nov 2023 17:19:10 +0100 + cryptsetup (2:2.6.1-5) unstable; urgency=medium [ Guilhem Moulin ] diff --git a/debian/control b/debian/control index a885251..e2f7ccb 100644 --- a/debian/control +++ b/debian/control @@ -28,7 +28,7 @@ Build-Depends: asciidoctor , libssh-dev, libssl-dev, libtool, - pkg-config, + pkgconf, po-debconf, procps , uuid-dev, diff --git a/debian/cryptsetup-bin.NEWS b/debian/cryptsetup-bin.NEWS index ec5bf13..54ec605 100644 --- a/debian/cryptsetup-bin.NEWS +++ b/debian/cryptsetup-bin.NEWS @@ -1,3 +1,21 @@ +cryptsetup (2:2.7.0~rc0-1) experimental; urgency=medium + + Default cipher and password hashing for plain mode have respectively + been changed to aes-xts-plain64 and sha256 (from aes-cbc-essiv:sha256 + resp. ripemd160). + + The new values matches what is used for LUKS, but the change does NOT + affect LUKS volumes. + + This is a backward incompatible change for plain mode when relying on + the defaults, which (for plain mode only) is strongly advised against. + For many releases the Debian wrappers found in the ‘cryptsetup’ binary + package have spewed a loud warning for plain devices from crypttab(5) + where ‘cipher=’ or ‘hash=’ are not explicitly specified. The + cryptsetup(8) executable now issue such a warning as well. + + -- Guilhem Moulin Wed, 29 Nov 2023 17:19:10 +0100 + cryptsetup (2:2.3.6-1+exp1) bullseye-security; urgency=high This release fixes a key truncation issue for standalone dm-integrity diff --git a/debian/cryptsetup-suspend.lintian-overrides b/debian/cryptsetup-suspend.lintian-overrides deleted file mode 100644 index c5a34f6..0000000 --- a/debian/cryptsetup-suspend.lintian-overrides +++ /dev/null @@ -1,2 +0,0 @@ -# cryptsetup-suspend depends on systemd and doesn't work with sysvinit -cryptsetup-suspend: package-supports-alternative-init-but-no-init.d-script diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot index c16f7c2..83d29fd 100644 --- a/debian/initramfs/hooks/cryptroot +++ b/debian/initramfs/hooks/cryptroot @@ -220,7 +220,7 @@ populate_CRYPTO_HASHES() { elif [ "$CRYPTTAB_TYPE" = "plain" ]; then # --hash is being ignored when opening via key file if [ "$CRYPTTAB_KEY" = "none" ] && [ -z "${CRYPTTAB_OPTION_keyscript+x}" ]; then - hash="${CRYPTTAB_OPTION_hash-ripemd160}" # default password hashing as of cryptsetup 2.5 + hash="${CRYPTTAB_OPTION_hash-sha256}" # default password hashing as of cryptsetup 2.7 fi else hash="" # or hash="@@UNKNOWN@@"? diff --git a/debian/libcryptsetup12.symbols b/debian/libcryptsetup12.symbols index f124910..5b30b7f 100644 --- a/debian/libcryptsetup12.symbols +++ b/debian/libcryptsetup12.symbols @@ -4,9 +4,11 @@ libcryptsetup.so.12 libcryptsetup12 #MINVER# CRYPTSETUP_2.4@CRYPTSETUP_2.4 2:2.4 CRYPTSETUP_2.5@CRYPTSETUP_2.5 2:2.5 CRYPTSETUP_2.6@CRYPTSETUP_2.6 2:2.6 + CRYPTSETUP_2.7@CRYPTSETUP_2.7 2:2.7 crypt_activate_by_keyfile@CRYPTSETUP_2.0 2:1.4 crypt_activate_by_keyfile_offset@CRYPTSETUP_2.0 2:1.4.3 crypt_activate_by_keyring@CRYPTSETUP_2.0 2:2.0 + crypt_activate_by_keyslot_context@CRYPTSETUP_2.7 2:2.7 crypt_activate_by_keyfile_device_offset@CRYPTSETUP_2.0 2:2.0.1 crypt_activate_by_passphrase@CRYPTSETUP_2.0 2:1.4 crypt_activate_by_signed_key@CRYPTSETUP_2.0 2:2.3 @@ -23,6 +25,7 @@ libcryptsetup.so.12 libcryptsetup12 #MINVER# crypt_dump_json@CRYPTSETUP_2.4 2:2.4 crypt_format@CRYPTSETUP_2.0 2:1.4 crypt_format@CRYPTSETUP_2.4 2:2.4 + crypt_format_luks2_opal@CRYPTSETUP_2.7 2:2.7 crypt_free@CRYPTSETUP_2.0 2:1.4 crypt_get_active_device@CRYPTSETUP_2.0 2:1.4 crypt_get_active_integrity_failures@CRYPTSETUP_2.0 2:2.0.3 @@ -33,6 +36,8 @@ libcryptsetup.so.12 libcryptsetup12 #MINVER# crypt_get_default_type@CRYPTSETUP_2.0 2:2.1 crypt_get_device_name@CRYPTSETUP_2.0 2:1.4 crypt_get_dir@CRYPTSETUP_2.0 2:1.4 + crypt_get_hw_encryption_key_size@CRYPTSETUP_2.7 2:2.7 + crypt_get_hw_encryption_type@CRYPTSETUP_2.7 2:2.7 crypt_get_integrity_info@CRYPTSETUP_2.0 2:2.0 crypt_get_iv_offset@CRYPTSETUP_2.0 2:1.4 crypt_get_label@CRYPTSETUP_2.5 2:2.5 @@ -69,8 +74,11 @@ libcryptsetup.so.12 libcryptsetup12 #MINVER# crypt_keyslot_context_get_error@CRYPTSETUP_2.6 2:2.6 crypt_keyslot_context_get_type@CRYPTSETUP_2.6 2:2.6 crypt_keyslot_context_init_by_keyfile@CRYPTSETUP_2.6 2:2.6 + crypt_keyslot_context_init_by_keyring@CRYPTSETUP_2.7 2:2.7 crypt_keyslot_context_init_by_passphrase@CRYPTSETUP_2.6 2:2.6 + crypt_keyslot_context_init_by_signed_key@CRYPTSETUP_2.7 2:2.7 crypt_keyslot_context_init_by_token@CRYPTSETUP_2.6 2:2.6 + crypt_keyslot_context_init_by_vk_in_keyring@CRYPTSETUP_2.7 2:2.7 crypt_keyslot_context_init_by_volume_key@CRYPTSETUP_2.6 2:2.6 crypt_keyslot_context_set_pin@CRYPTSETUP_2.6 2:2.6 crypt_keyslot_destroy@CRYPTSETUP_2.0 2:1.4 @@ -99,6 +107,7 @@ libcryptsetup.so.12 libcryptsetup12 #MINVER# crypt_resume_by_keyfile@CRYPTSETUP_2.0 2:1.4 crypt_resume_by_keyfile_device_offset@CRYPTSETUP_2.0 2:2.0.1 crypt_resume_by_keyfile_offset@CRYPTSETUP_2.0 2:1.4.3 + crypt_resume_by_keyslot_context@CRYPTSETUP_2.7 2:2.7 crypt_resume_by_passphrase@CRYPTSETUP_2.0 2:1.4 crypt_resume_by_token_pin@CRYPTSETUP_2.5 2:2.5 crypt_resume_by_volume_key@CRYPTSETUP_2.0 2:2.3 @@ -112,6 +121,7 @@ libcryptsetup.so.12 libcryptsetup12 #MINVER# crypt_set_data_offset@CRYPTSETUP_2.0 2:2.1 crypt_set_debug_level@CRYPTSETUP_2.0 2:1.4 crypt_set_iteration_time@CRYPTSETUP_2.0 2:1.4.1 + crypt_set_keyring_to_link@CRYPTSETUP_2.7 2:2.7 crypt_set_label@CRYPTSETUP_2.0 2:2.0 crypt_set_log_callback@CRYPTSETUP_2.0 2:1.4 crypt_set_metadata_size@CRYPTSETUP_2.0 2:2.1 @@ -130,6 +140,7 @@ libcryptsetup.so.12 libcryptsetup12 #MINVER# crypt_token_luks2_keyring_set@CRYPTSETUP_2.0 2:2.0 crypt_token_max@CRYPTSETUP_2.4 2:2.4 crypt_token_register@CRYPTSETUP_2.0 2:2.0 + crypt_token_set_external_path@CRYPTSETUP_2.7 2:2.7 crypt_token_status@CRYPTSETUP_2.0 2:2.0 crypt_token_unassign_keyslot@CRYPTSETUP_2.0 2:2.0 crypt_volume_key_get@CRYPTSETUP_2.0 2:1.4 @@ -137,3 +148,4 @@ libcryptsetup.so.12 libcryptsetup12 #MINVER# crypt_volume_key_keyring@CRYPTSETUP_2.0 2:2.0 crypt_volume_key_verify@CRYPTSETUP_2.0 2:1.4 crypt_wipe@CRYPTSETUP_2.0 2:2.0 + crypt_wipe_hw_opal@CRYPTSETUP_2.7 2:2.7 diff --git a/debian/patches/Check-for-physical-memory-available-also-in-PBKDF-benchma.patch b/debian/patches/Check-for-physical-memory-available-also-in-PBKDF-benchma.patch deleted file mode 100644 index 2032283..0000000 --- a/debian/patches/Check-for-physical-memory-available-also-in-PBKDF-benchma.patch +++ /dev/null @@ -1,74 +0,0 @@ -From: Milan Broz -Date: Mon, 3 Apr 2023 13:31:16 +0200 -Subject: Check for physical memory available also in PBKDF benchmark. - -Origin: https://gitlab.com/cryptsetup/cryptsetup/-/commit/7893c33d71cde09e240234c484c6c468f22c2fe7 -Bug: https://gitlab.com/cryptsetup/cryptsetup/-/issues/802#note_1328592911 -Bug-Debian: https://bugs.debian.org/1028250 ---- - lib/internal.h | 1 + - lib/utils_benchmark.c | 9 +++++++++ - lib/utils_pbkdf.c | 4 ++-- - 3 files changed, 12 insertions(+), 2 deletions(-) - -diff --git a/lib/internal.h b/lib/internal.h -index 98095fa..f261cae 100644 ---- a/lib/internal.h -+++ b/lib/internal.h -@@ -89,6 +89,7 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd, - struct crypt_pbkdf_type *pbkdf, - size_t volume_key_size); - const char *crypt_get_cipher_spec(struct crypt_device *cd); -+uint32_t pbkdf_adjusted_phys_memory_kb(void); - - /* Device backend */ - struct device; -diff --git a/lib/utils_benchmark.c b/lib/utils_benchmark.c -index 728e4df..a0326ce 100644 ---- a/lib/utils_benchmark.c -+++ b/lib/utils_benchmark.c -@@ -101,6 +101,7 @@ int crypt_benchmark_pbkdf(struct crypt_device *cd, - { - int r, priority; - const char *kdf_opt; -+ uint32_t memory_kb; - - if (!pbkdf || (!password && password_size)) - return -EINVAL; -@@ -113,6 +114,14 @@ int crypt_benchmark_pbkdf(struct crypt_device *cd, - - log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt); - -+ memory_kb = pbkdf_adjusted_phys_memory_kb(); -+ if (memory_kb < pbkdf->max_memory_kb) { -+ log_dbg(cd, "Not enough physical memory detected, " -+ "PBKDF max memory decreased from %dkB to %dkB.", -+ pbkdf->max_memory_kb, memory_kb); -+ pbkdf->max_memory_kb = memory_kb; -+ } -+ - crypt_process_priority(cd, &priority, true); - r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size, - salt, salt_size, volume_key_size, pbkdf->time_ms, -diff --git a/lib/utils_pbkdf.c b/lib/utils_pbkdf.c -index d8f41c7..b2d4fa0 100644 ---- a/lib/utils_pbkdf.c -+++ b/lib/utils_pbkdf.c -@@ -61,7 +61,7 @@ const struct crypt_pbkdf_type *crypt_get_pbkdf_type_params(const char *pbkdf_typ - return NULL; - } - --static uint32_t adjusted_phys_memory(void) -+uint32_t pbkdf_adjusted_phys_memory_kb(void) - { - uint64_t free_kb, memory_kb = crypt_getphysmemory_kb(); - -@@ -258,7 +258,7 @@ int init_pbkdf_type(struct crypt_device *cd, - } - - if (cd_pbkdf->max_memory_kb) { -- memory_kb = adjusted_phys_memory(); -+ memory_kb = pbkdf_adjusted_phys_memory_kb(); - if (cd_pbkdf->max_memory_kb > memory_kb) { - log_dbg(cd, "Not enough physical memory detected, " - "PBKDF max memory decreased from %dkB to %dkB.", diff --git a/debian/patches/Print-warning-when-keyslot-requires-more-memory-than-avai.patch b/debian/patches/Print-warning-when-keyslot-requires-more-memory-than-avai.patch deleted file mode 100644 index 91bab91..0000000 --- a/debian/patches/Print-warning-when-keyslot-requires-more-memory-than-avai.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: Milan Broz -Date: Tue, 28 Feb 2023 14:18:10 +0100 -Subject: Print warning when keyslot requires more memory than available - -This warning is displayed only if maximum memory was adjusted: -no swap, not enough memory, but is not printed if user set keyslot -memory cost above default limit intentionally. - -In the latter case we have to check all available memory and guess -if swap is enough - this is not job af cryptsetup and also -it should not excessively parse any /sys files during keyslot open. - -Origin: https://gitlab.com/cryptsetup/cryptsetup/-/commit/27f8e5c08f0e0054225c9a2b1eda5b4200d4565b -Bug: https://gitlab.com/cryptsetup/cryptsetup/-/issues/802#note_1287298872 -Bug-Debian: https://bugs.debian.org/1032734 ---- - lib/luks2/luks2_keyslot_luks2.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c -index 491dcad..3be1135 100644 ---- a/lib/luks2/luks2_keyslot_luks2.c -+++ b/lib/luks2/luks2_keyslot_luks2.c -@@ -307,7 +307,7 @@ static int luks2_keyslot_get_key(struct crypt_device *cd, - char *volume_key, size_t volume_key_len) - { - struct volume_key *derived_key = NULL; -- struct crypt_pbkdf_type pbkdf; -+ struct crypt_pbkdf_type pbkdf, *cd_pbkdf; - char *AfKey = NULL; - size_t AFEKSize; - const char *af_hash = NULL; -@@ -360,6 +360,16 @@ static int luks2_keyslot_get_key(struct crypt_device *cd, - goto out; - } - -+ /* -+ * Print warning when keyslot requires more memory than available -+ * (if maximum memory was adjusted - no swap, not enough memory), -+ * but be silent if user set keyslot memory cost above default limit intentionally. -+ */ -+ cd_pbkdf = crypt_get_pbkdf(cd); -+ if (cd_pbkdf->max_memory_kb && pbkdf.max_memory_kb > cd_pbkdf->max_memory_kb && -+ pbkdf.max_memory_kb <= DEFAULT_LUKS2_MEMORY_KB) -+ log_std(cd, _("Warning: keyslot operation could fail as it requires more than available memory.\n")); -+ - /* - * If requested, serialize unlocking for memory-hard KDF. Usually NOOP. - */ diff --git a/debian/patches/Try-to-avoid-OOM-killer-on-low-memory-systems-without-swa.patch b/debian/patches/Try-to-avoid-OOM-killer-on-low-memory-systems-without-swa.patch deleted file mode 100644 index b8f81b9..0000000 --- a/debian/patches/Try-to-avoid-OOM-killer-on-low-memory-systems-without-swa.patch +++ /dev/null @@ -1,163 +0,0 @@ -From: Milan Broz -Date: Mon, 20 Feb 2023 16:45:36 +0100 -Subject: Try to avoid OOM killer on low-memory systems without swap. - -Benchmark for memory-hard KDF is tricky, seems that relying -on maximum half of physical memory is not enough. - -Let's allow only free physical available space if there is no swap. -This should not cause changes on normal systems, at least. - -Origin: https://gitlab.com/cryptsetup/cryptsetup/-/commit/899bad8c06957a94a198d1eaa293ed8db205f1de -Bug: https://gitlab.com/cryptsetup/cryptsetup/-/issues/802 -Bug-Debian: https://bugs.debian.org/1028250 ---- - lib/internal.h | 2 ++ - lib/utils.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ - lib/utils_pbkdf.c | 11 ++++++++++- - tests/api-test-2.c | 12 ++++++++---- - 4 files changed, 67 insertions(+), 5 deletions(-) - -diff --git a/lib/internal.h b/lib/internal.h -index b5cb4e3..98095fa 100644 ---- a/lib/internal.h -+++ b/lib/internal.h -@@ -168,6 +168,8 @@ int crypt_uuid_cmp(const char *dm_uuid, const char *hdr_uuid); - size_t crypt_getpagesize(void); - unsigned crypt_cpusonline(void); - uint64_t crypt_getphysmemory_kb(void); -+uint64_t crypt_getphysmemoryfree_kb(void); -+bool crypt_swapavailable(void); - - int init_crypto(struct crypt_device *ctx); - -diff --git a/lib/utils.c b/lib/utils.c -index bfcf60d..e9d5b5b 100644 ---- a/lib/utils.c -+++ b/lib/utils.c -@@ -59,6 +59,53 @@ uint64_t crypt_getphysmemory_kb(void) - return phys_memory_kb; - } - -+uint64_t crypt_getphysmemoryfree_kb(void) -+{ -+ long pagesize, phys_pages; -+ uint64_t phys_memoryfree_kb; -+ -+ pagesize = sysconf(_SC_PAGESIZE); -+ phys_pages = sysconf(_SC_AVPHYS_PAGES); -+ -+ if (pagesize < 0 || phys_pages < 0) -+ return 0; -+ -+ phys_memoryfree_kb = pagesize / 1024; -+ phys_memoryfree_kb *= phys_pages; -+ -+ return phys_memoryfree_kb; -+} -+ -+bool crypt_swapavailable(void) -+{ -+ int fd; -+ ssize_t size; -+ char buf[4096], *p; -+ uint64_t total; -+ -+ if ((fd = open("/proc/meminfo", O_RDONLY)) < 0) -+ return true; -+ -+ size = read(fd, buf, sizeof(buf)); -+ close(fd); -+ if (size < 1) -+ return true; -+ -+ if (size < (ssize_t)sizeof(buf)) -+ buf[size] = 0; -+ else -+ buf[sizeof(buf) - 1] = 0; -+ -+ p = strstr(buf, "SwapTotal:"); -+ if (!p) -+ return true; -+ -+ if (sscanf(p, "SwapTotal: %" PRIu64 " kB", &total) != 1) -+ return true; -+ -+ return total > 0; -+} -+ - void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise) - { - int _priority, new_priority; -diff --git a/lib/utils_pbkdf.c b/lib/utils_pbkdf.c -index 4d7e18d..d8f41c7 100644 ---- a/lib/utils_pbkdf.c -+++ b/lib/utils_pbkdf.c -@@ -63,7 +63,7 @@ const struct crypt_pbkdf_type *crypt_get_pbkdf_type_params(const char *pbkdf_typ - - static uint32_t adjusted_phys_memory(void) - { -- uint64_t memory_kb = crypt_getphysmemory_kb(); -+ uint64_t free_kb, memory_kb = crypt_getphysmemory_kb(); - - /* Ignore bogus value */ - if (memory_kb < (128 * 1024) || memory_kb > UINT32_MAX) -@@ -75,6 +75,15 @@ static uint32_t adjusted_phys_memory(void) - */ - memory_kb /= 2; - -+ /* -+ * Never use more that available free space on system without swap. -+ */ -+ if (!crypt_swapavailable()) { -+ free_kb = crypt_getphysmemoryfree_kb(); -+ if (free_kb > (64 * 1024) && free_kb < memory_kb) -+ return free_kb; -+ } -+ - return memory_kb; - } - -diff --git a/tests/api-test-2.c b/tests/api-test-2.c -index 824ae65..923165c 100644 ---- a/tests/api-test-2.c -+++ b/tests/api-test-2.c -@@ -2802,7 +2802,8 @@ static void Pbkdf(void) - OK_(strcmp(pbkdf->type, default_luks2_pbkdf)); - OK_(strcmp(pbkdf->hash, default_luks1_hash)); - EQ_(pbkdf->time_ms, default_luks2_iter_time); -- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); -+ GE_(pbkdf->max_memory_kb, 64 * 1024); -+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb); - EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads)); - // set and verify argon2 type - OK_(crypt_set_pbkdf_type(cd, &argon2)); -@@ -2827,7 +2828,8 @@ static void Pbkdf(void) - OK_(strcmp(pbkdf->type, default_luks2_pbkdf)); - OK_(strcmp(pbkdf->hash, default_luks1_hash)); - EQ_(pbkdf->time_ms, default_luks2_iter_time); -- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); -+ GE_(pbkdf->max_memory_kb, 64 * 1024); -+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb); - EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads)); - // try to pass illegal values - argon2.parallel_threads = 0; -@@ -2858,14 +2860,16 @@ static void Pbkdf(void) - OK_(strcmp(pbkdf->type, default_luks2_pbkdf)); - OK_(strcmp(pbkdf->hash, default_luks1_hash)); - EQ_(pbkdf->time_ms, default_luks2_iter_time); -- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); -+ GE_(pbkdf->max_memory_kb, 64 * 1024); -+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb); - EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads)); - crypt_set_iteration_time(cd, 1); - OK_(crypt_load(cd, CRYPT_LUKS, NULL)); - OK_(strcmp(pbkdf->type, default_luks2_pbkdf)); - OK_(strcmp(pbkdf->hash, default_luks1_hash)); - EQ_(pbkdf->time_ms, 1); -- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory()); -+ GE_(pbkdf->max_memory_kb, 64 * 1024); -+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb); - EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads)); - CRYPT_FREE(cd); - diff --git a/debian/patches/Use-only-half-of-detected-free-memory-on-systems-without-.patch b/debian/patches/Use-only-half-of-detected-free-memory-on-systems-without-.patch deleted file mode 100644 index caf47ce..0000000 --- a/debian/patches/Use-only-half-of-detected-free-memory-on-systems-without-.patch +++ /dev/null @@ -1,43 +0,0 @@ -From: Milan Broz -Date: Mon, 17 Apr 2023 13:41:17 +0200 -Subject: Use only half of detected free memory on systems without swap. - -As tests shows, limiting used Argon2 memory to free memory on -systems without swap is still not enough. -Use just half of it, this should bring needed margin while -still use Argon2. - -Note, for very-low memory constrained systems user should -avoid memory-hard PBKDF (IOW manually select PBKDF2), we -do not do this automatically. - -Origin: https://gitlab.com/cryptsetup/cryptsetup/-/commit/6721d3a8b29b13fe88aeeaefe09d457e99d1c6fa -Bug: https://gitlab.com/cryptsetup/cryptsetup/-/issues/802#note_1328592911 -Bug-Debian: https://bugs.debian.org/1028250 ---- - lib/utils_pbkdf.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/lib/utils_pbkdf.c b/lib/utils_pbkdf.c -index b2d4fa0..7399bd2 100644 ---- a/lib/utils_pbkdf.c -+++ b/lib/utils_pbkdf.c -@@ -76,10 +76,17 @@ uint32_t pbkdf_adjusted_phys_memory_kb(void) - memory_kb /= 2; - - /* -- * Never use more that available free space on system without swap. -+ * Never use more that half of available free memory on system without swap. - */ - if (!crypt_swapavailable()) { - free_kb = crypt_getphysmemoryfree_kb(); -+ -+ /* -+ * Using exactly free memory causes OOM too, use only half of the value. -+ * Ignore small values (< 64MB), user should use PBKDF2 in such environment. -+ */ -+ free_kb /= 2; -+ - if (free_kb > (64 * 1024) && free_kb < memory_kb) - return free_kb; - } diff --git a/debian/patches/series b/debian/patches/series deleted file mode 100644 index f64f6f7..0000000 --- a/debian/patches/series +++ /dev/null @@ -1,4 +0,0 @@ -Try-to-avoid-OOM-killer-on-low-memory-systems-without-swa.patch -Print-warning-when-keyslot-requires-more-memory-than-avai.patch -Check-for-physical-memory-available-also-in-PBKDF-benchma.patch -Use-only-half-of-detected-free-memory-on-systems-without-.patch diff --git a/debian/tests/control b/debian/tests/control index 52752a3..193d0f0 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -131,3 +131,7 @@ Depends: linux-image-generic, linux-image-686-pae [i386] Restrictions: hint-testsuite-triggers Architecture: amd64 i386 + +Tests: crypto-backend +Depends: cryptsetup-bin +Restrictions: superficial diff --git a/debian/tests/cryptdisks b/debian/tests/cryptdisks index 3d3223b..b8c6bcc 100755 --- a/debian/tests/cryptdisks +++ b/debian/tests/cryptdisks @@ -151,7 +151,7 @@ cryptdisks_stop plain_crypt disk_setup cat >/etc/crypttab <<-EOF - sector_crypt $CRYPT_DEV /dev/urandom plain,cipher=aes-cbc-essiv:sha256,size=256,sector-size=4096 + sector_crypt $CRYPT_DEV /dev/urandom plain,cipher=aes-xts-plain64,size=256,sector-size=4096 EOF cryptdisks_start sector_crypt @@ -168,7 +168,7 @@ cryptdisks_stop sector_crypt disk_setup cat /proc/sys/kernel/random/uuid >"$TMPDIR/passphrase" cat >/etc/crypttab <<-EOF - hash_crypt $CRYPT_DEV none plain,cipher=aes-cbc-essiv:sha256,size=256,hash=sha256 + hash_crypt $CRYPT_DEV none plain,cipher=aes-xts-plain64,size=256,hash=sha256 EOF cryptdisks_start hash_crypt /etc/crypttab <<-EOF - offset_crypt $CRYPT_DEV /dev/urandom plain,cipher=aes-cbc-essiv:sha256,size=256,offset=$offset,skip=$skip + offset_crypt $CRYPT_DEV /dev/urandom plain,cipher=aes-xts-plain64,size=256,offset=$offset,skip=$skip EOF # having an existing file system before the offset has no effect (cf. #994056) diff --git a/debian/tests/cryptdisks.init b/debian/tests/cryptdisks.init index 408c325..2019e03 100755 --- a/debian/tests/cryptdisks.init +++ b/debian/tests/cryptdisks.init @@ -23,7 +23,7 @@ dmsetup create disk12 <<-EOF $((64 * 2*1024)) $((64 * 2*1024)) linear /dev/mapper/disk2 0 EOF -cipher="aes-cbc-essiv:sha256" +cipher="aes-xts-plain64" size=32 # bytes cat >/etc/crypttab <<-EOF crypt_disk0 /dev/mapper/disk0 /dev/urandom plain,cipher=$cipher,size=$((8*size)) diff --git a/debian/tests/crypto-backend b/debian/tests/crypto-backend new file mode 100755 index 0000000..47dc5a8 --- /dev/null +++ b/debian/tests/crypto-backend @@ -0,0 +1,66 @@ +#!/bin/sh + +# Check crypto backend, see https://gitlab.com/cryptsetup/cryptsetup/-/issues/851 . + +set -ue +PATH="/usr/bin:/bin" +export PATH + +CRYPTSETUP="/sbin/cryptsetup" + +NAME="crypto-backend" +TEMPDIR="$AUTOPKGTEST_TMP/$NAME" + +mkdir "$TEMPDIR" +trap 'rm -rf -- "$TEMPDIR"' EXIT INT TERM + +IMG="$TEMPDIR/disk.img" +KEYFILE="$TEMPDIR/keyfile" +DEBUG="$TEMPDIR/debug" + +dd if=/dev/zero bs=1M count=64 status="none" of="$IMG" +head -c32 /dev/urandom >"$KEYFILE" + +"$CRYPTSETUP" luksFormat --batch-mode \ + --key-file="$KEYFILE" \ + --type=luks2 \ + --pbkdf=argon2id \ + --pbkdf-force-iterations=4 \ + --pbkdf-memory=32 \ + -- "$IMG" + +"$CRYPTSETUP" luksOpen --debug --key-file="$KEYFILE" --test-passphrase "$IMG" >"$DEBUG" +sed -nri '/^# Crypto backend\s+/ {s/.*?\(([^()]+)\).*/\1/p;q}' "$DEBUG" +cat "$DEBUG" + +if ! grep -qE '^OpenSSL\b' <"$DEBUG"; then + echo "ERROR: Crypto backend isn't OpenSSL" >&2 + exit 1 +fi + +sed -ri 's/^[^\[]*//' "$DEBUG" +# " [cryptsetup libargon2]": bundled libargon2 +# " [external libargon2]": system libargon2 +# "][argon2]": crypto backend's own implementation +if ! grep -qF " [external libargon2]" <"$DEBUG"; then + echo "ERROR: Unexpected argon2 backend" >&2 + exit 1 +fi + +LIBCRYPTSETUP="$(env --unset=LD_PRELOAD ldd "$CRYPTSETUP" | sed -nr '/^\s*libcryptsetup\.so(\.[0-9]+)*\s+=>\s+/ {s///;s/\s.*//;p;q}')" +if [ -z "$LIBCRYPTSETUP" ] || [ ! -e "$LIBCRYPTSETUP" ]; then + echo "ERROR: $CRYPTSETUP doesn't link against libcryptsetup??" >&2 + exit 1 +fi + +assert_linked_argon2() { + local path="$1" + if ! env --unset=LD_PRELOAD ldd "$path" | grep -qE '^\s*libargon2\.so(\.[0-9]+)*\s+=>\s'; then + echo "ERROR: $path does not link against libargon2" >&2 + exit 1 + fi + return 0 +} + +assert_linked_argon2 "$CRYPTSETUP" +assert_linked_argon2 "$LIBCRYPTSETUP" diff --git a/debian/tests/cryptroot-nested.d/preinst b/debian/tests/cryptroot-nested.d/preinst index c5f576b..bf5876a 100644 --- a/debian/tests/cryptroot-nested.d/preinst +++ b/debian/tests/cryptroot-nested.d/preinst @@ -2,7 +2,7 @@ cat >/etc/crypttab <<-EOF md0_crypt UUID=$(blkid -s UUID -o value /dev/md0) none vdd_crypt UUID=$(blkid -s UUID -o value /dev/vdd) none - testvg-lv0_crypt /dev/mapper/testvg-lv0 none plain,cipher=aes-cbc-essiv:sha256,size=256,hash=ripemd160 + testvg-lv0_crypt /dev/mapper/testvg-lv0 none plain,cipher=aes-xts-plain64,size=256,hash=sha256 testvg-lv1_crypt UUID=$(blkid -s UUID -o value /dev/testvg/lv1) none EOF diff --git a/debian/tests/cryptroot-nested.d/setup b/debian/tests/cryptroot-nested.d/setup index 6fb6ccd..b08da17 100644 --- a/debian/tests/cryptroot-nested.d/setup +++ b/debian/tests/cryptroot-nested.d/setup @@ -44,9 +44,9 @@ udevadm settle echo -n "testvg-lv0_crypt" >/keyfile cryptsetup open --batch-mode \ --type=plain \ - --cipher="aes-cbc-essiv:sha256" \ + --cipher="aes-xts-plain64" \ --key-size=256 \ - --hash="ripemd160" \ + --hash="sha256" \ -- "/dev/testvg/lv0" "testvg-lv0_crypt" 0) { + my $n = sysread($fh, my $buf, 4096); + if (defined $n and $n > 0) { STDOUT->printflush($buf); $BUFFER{$chan} .= $buf; } else { + die "read: $!" unless defined $n or $! == ECONNRESET; #print STDERR "INFO done reading from $chan\n"; shutdown($fh, SHUT_RD) or die "shutdown: $!"; vec($RBITS, fileno($fh), 1) = 0; @@ -228,6 +229,8 @@ sub shell($%) { # enter S3 sleep state (suspend to ram aka standby) sub suspend() { + @QMP::EVENTS = (); # flush the event queue + write_data($CONSOLE => q{systemctl suspend}); # while the command is asynchronous the system might suspend before # we have a chance to read the next $PS1 @@ -242,6 +245,8 @@ sub suspend() { } sub wakeup() { + @QMP::EVENTS = (); # flush the event queue + my $r = QMP::command(q{system_wakeup}); die if %$r; @@ -256,6 +261,8 @@ sub wakeup() { # enter S4 sleep state (suspend to disk aka hibernate) sub hibernate() { + @QMP::EVENTS = (); # flush the event queue + # an alternative is to send {"execute":"guest-suspend-disk"} on the # guest agent socket, but we don't want to require qemu-guest-agent # on the guest so this will have to do @@ -267,6 +274,8 @@ sub hibernate() { } sub poweroff() { + @QMP::EVENTS = (); # flush the event queue + # XXX would be nice to use the QEMU monitor here but the guest # doesn't seem to respond to system_powerdown QMP commands write_data($CONSOLE => q{poweroff}); @@ -283,6 +292,7 @@ package QMP; # https://qemu.readthedocs.io/en/latest/interop/qemu-qmp-ref.html use JSON (); +our @EVENTS; # read and decode a QMP server line sub getline() { @@ -305,6 +315,7 @@ sub command($;$) { my $resp = QMP::getline() // next; # ignore unsolicited server responses (such as events) return $resp->{return} if exists $resp->{return}; + push @EVENTS, $resp; } } @@ -330,9 +341,16 @@ BEGIN { sub wait_for_event($) { my $event_name = shift; + my @events2; while(1) { - my $resp = QMP::getline() // next; - return if exists $resp->{event} and $resp->{event} eq $event_name; + my $resp = @EVENTS ? shift @EVENTS : QMP::getline(); + next unless defined $resp; + if (exists $resp->{event} and $resp->{event} eq $event_name) { + @EVENTS = @events2; + return; + } else { + push @events2, $resp; + } } } -- cgit v1.2.3