This is very ugly workaround for situation when multiple
devices are being activated in parallel (systemd crypttab)
and system instead of returning ENOMEM use OOM killer
to randomly kill processes.
This flag is intended to be used only in very specific situations.
crypt_drop_keyring_key function allow to drop all keys in keyring
assocatiated with passed volume key list.
crypt_drop_keyring_key_by_description is used to drop independent key.
If passed key matches any existing digest we will not create
new digest but assign the keyslot to already existing one.
Because reencryption should be able to create more than one
keyslot assigned to new key digest.
TODO: Tests for the new feature
rename sector_start -> iv_start (it's now a iv shift for subsequent
en/decrypt operations)
rename count -> length. We accept length in bytes now and perform sanity
checks at the crypt_storage_init and crypt_storage_decrypt (or encrypt)
respectively.
rename sector -> offset. It's in bytes as well. Sanity checks inside
crypt_storage functions.
For now, the hash was set to sha256 (except for converted LUKS1 header).
This patch adds the same logic as in LUKS1 - hash aglorithms is
loaded from PBKDF setting.
Fixes#396.
The JSON structures should not be printed by default to debug log.
This flag introduces new debug level that prints JSON structures
and keeps default debug output separate.
This patch makes available LUKS2 per-keyslot encryption settings to user.
In LUKS2, keyslot can use different encryption that data.
We can use new crypt_keyslot_get_encryption and crypt_keyslot_set_encryption
API calls to set/get this encryption.
For cryptsetup new --keyslot-cipher and --keyslot-key-size options are added.
The default keyslot encryption algorithm (if cannot be derived from data encryption)
is now available as configure options (default is aes-xts-plain64 with 512-bits key).
NOTE: default was increased from 256-bits.
Support for multi-segment devices is requirement for online
reencryption to work. Introducing modififed dm backend that
splits data structures describing active device and individual
dm target (or segment).
