This patch has no functional impact. It only renames misleading
parameter 'keyfile_size_max' to 'key_size' because that's
how it's actually interpreted since beginning. Also updated
API documentation accordingly.
a) checks crypt_load() fails when single LUKS2 header is corrupted and
blkid detect other device signature from LUKS or none.
b) check explicit crypt_repair is able to override blkid restriction
and fix corrupted primary header
c) check a) and b) with disabled locks
Also moves FIXME comment lower to LUKS2 code with note that currently it's
safe to do crypt_repair on LUKS2 format without paying attention to LUKS2
requirements.
auto-recovery triggers any time when only single correct LUKS2
header instance was found. That may be dangerous.
We should suppress auto-recovery in case blkid decided the
device is no longer LUKS device. For example if secondary (intact)
LUKS2 header was left behind and blkid declares the device is LVM2
member.
Moreover if at least one header instance is corrupted and blkid
declares device non-empty and non-LUKS in the same time, header load
operation will be aborted with error.
--disable-dev-random now disables reading from /dev/random instead of
incorrectly enabling it. This was found by reviewing all of flags
in configure.ac.
We call crypt_random_init in init_crypto, but never call
crypt_random_exit. This change just copies what the crypt_backend
functions do, and calls crypt_random_exit in the descructor.
The code scan for the second header only if primary is corrrupted.
Let's set the possible offsets more clear.
This patch also removes 8kB header offset (that was not supported anyway).
Note: it is always better to use external libargon2 library.
Unfortunately, until Argon2 is in generic crypto libraries,
we must sometimes use bundled version just for bureaucratic reasons.
Let's include optimized variant of reference implementation as well.
Note, this code will not add any SSE compiler switches.
If --enable-internal-sse-argon2 option is used, it checks if current
compilation flags support simple SSE progam and if so, it use
the optimized variant.
(Not tested for AVX optimizations; it expects that SSE is enabled as well.)
Almost all the headers in cryptsetup are self-suffienct (in that they
compile on their own). By including <stddef.h>, <stdint.h>, or
<sys/types.h>, all headers will now compile on their own.
This is useful for importing cryptsetup into Bazel/Blaze.
As poptGetOptArg() returns "const char *", assigning it to a
"const char *" varible triggers a warning on Clang:
"incompatible-pointer-types-discards-qualifiers".
see unit test write_blockwise(length=2097153, bsize=4096), on x86
with original test file size=2097152.
The test is trying to write_blockwise 1 more byte than actual file
size.
Note that both functions perform seek operations aligned to sector
boundary if possible before returning.
Unaligned input offset gets aligned on first preceding sector
boundary.
This change makes the declaration of logger() match its definition,
it also avoids the use of the "class" C++ keyword. This is useful for
importing cryptsetup into Bazel/Blaze.
