From 153aed3d16fc0152fff8cb0260c36a4818ed5150 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Thu, 20 Nov 2025 13:09:20 +0100
Subject: [PATCH] Fix key-size descriptions

For compatibility reasons, cryptsetup uses key size in BITS
while integritysetup in BYTES.

The help is confusing here, this patch fixes it.

Thanks Daniel Tang for notification.
---
 man/common_options.adoc       | 3 ++-
 src/integritysetup_arg_list.h | 6 +++---
 src/utils_reencrypt.c         | 1 +
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/man/common_options.adoc b/man/common_options.adoc
index b0a7fab3..31ca962a 100644
--- a/man/common_options.adoc
+++ b/man/common_options.adoc
@@ -367,8 +367,9 @@ This option is available since the Linux kernel version 6.11.
 endif::[]
 
 ifdef::ACTION_LUKSFORMAT[]
-*--integrity-key-size* _bytes_::
+*--integrity-key-size* _bits_::
 The size of the data integrity key.
+The argument has to be a multiple of 8.
 Configurable only for HMAC integrity.
 The default integrity key size is set to the same as the hash output length.
 endif::[]
diff --git a/src/integritysetup_arg_list.h b/src/integritysetup_arg_list.h
index 6bc6c484..ada8e280 100644
--- a/src/integritysetup_arg_list.h
+++ b/src/integritysetup_arg_list.h
@@ -38,7 +38,7 @@ ARG(OPT_INTEGRITY_INLINE, '\0', POPT_ARG_NONE, N_("Use inline integrity mode (HW
 
 ARG(OPT_INTEGRITY_KEY_FILE, '\0', POPT_ARG_STRING, N_("Read the integrity key from a file"), NULL, CRYPT_ARG_STRING, {}, {})
 
-ARG(OPT_INTEGRITY_KEY_SIZE, '\0', POPT_ARG_STRING, N_("The size of the data integrity key"), N_("BITS"), CRYPT_ARG_UINT32, {}, {})
+ARG(OPT_INTEGRITY_KEY_SIZE, '\0', POPT_ARG_STRING, N_("The size of the data integrity key"), N_("bytes"), CRYPT_ARG_UINT32, {}, {})
 
 ARG(OPT_INTEGRITY_LEGACY_PADDING, '\0', POPT_ARG_NONE, N_("Use inefficient legacy padding (old kernels)"), NULL, CRYPT_ARG_BOOL, {}, {})
 
@@ -60,7 +60,7 @@ ARG(OPT_JOURNAL_COMMIT_TIME, '\0', POPT_ARG_STRING, N_("Journal commit time"), N
 
 ARG(OPT_JOURNAL_INTEGRITY, '\0', POPT_ARG_STRING, N_("Journal integrity algorithm"), NULL, CRYPT_ARG_STRING, {}, {})
 
-ARG(OPT_JOURNAL_INTEGRITY_KEY_SIZE, '\0', POPT_ARG_STRING, N_("The size of the journal integrity key"), N_("BITS"), CRYPT_ARG_UINT32, {}, {})
+ARG(OPT_JOURNAL_INTEGRITY_KEY_SIZE, '\0', POPT_ARG_STRING, N_("The size of the journal integrity key"), N_("bytes"), CRYPT_ARG_UINT32, {}, {})
 
 ARG(OPT_JOURNAL_INTEGRITY_KEY_FILE, '\0', POPT_ARG_STRING, N_("Read the journal integrity key from a file"), NULL, CRYPT_ARG_STRING, {}, {})
 
@@ -68,7 +68,7 @@ ARG(OPT_JOURNAL_CRYPT, '\0', POPT_ARG_STRING, N_("Journal encryption algorithm")
 
 ARG(OPT_JOURNAL_CRYPT_KEY_FILE, '\0', POPT_ARG_STRING, N_("Read the journal encryption key from a file"), NULL, CRYPT_ARG_STRING,{}, {})
 
-ARG(OPT_JOURNAL_CRYPT_KEY_SIZE, '\0', POPT_ARG_STRING, N_("The size of the journal encryption key"), N_("BITS"), CRYPT_ARG_UINT32, {}, {})
+ARG(OPT_JOURNAL_CRYPT_KEY_SIZE, '\0', POPT_ARG_STRING, N_("The size of the journal encryption key"), N_("bytes"), CRYPT_ARG_UINT32, {}, {})
 
 ARG(OPT_JOURNAL_SIZE, 'j', POPT_ARG_STRING, N_("Journal size"), N_("bytes"), CRYPT_ARG_UINT64, {}, OPT_JOURNAL_SIZE_ACTIONS)
 
diff --git a/src/utils_reencrypt.c b/src/utils_reencrypt.c
index 75156a8e..c80c27c5 100644
--- a/src/utils_reencrypt.c
+++ b/src/utils_reencrypt.c
@@ -1914,6 +1914,7 @@ static int reencrypt_luks2_init(struct crypt_device *cd, const char *data_device
 			new_key_size = ARG_UINT32(OPT_NEW_KEY_SIZE_ID);
 
 		if (new_key_size || new_cipher)
+			/* This will convert new key size to bytes from bits */
 			new_key_size = get_adjusted_key_size(cipher, mode, new_key_size,
 							 DEFAULT_LUKS1_KEYBITS, 0);
 		else