This can happen if write buffer size is smaller than underlying
block size and initial buffer is misaligned.
Also use size_t for buffer length variables.
Batch mode should enable no-query keyslot wipe but only if user
did not provided password or keyfile explicitely.
Fixes issue #265.
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Note that no longer using SHA1 is just to prevent situation
when it is no longer available on hardened systems, there is
no known security problem (finding collisions is not a problem for LUKS).
Increasing iteration time is in combination with PBKDF2 benchmark
fixes try to keep PBKDF2 iteration count still high enough and
also acceptable for users.
(Long term is to replace PBKDF2 algorithm with Password Hashing
Competiton winner.).
N.B. distributions can change these defaults in compilation time.
The previous PBKDF2 benchmark code did not take into account
output key length.
For SHA1 (with 160-bits output) and 256-bit keys (and longer)
it means that the final value was higher than it should be.
For other hash algorithms (like SHA256 or SHA512) it caused
that iteration count was smaller (in comparison to SHA1) than
expected for the requested time period.
This patch fixes the code to use key size for the formatted device
(or default LUKS key size if running in informational benchmark mode).
Thanks to A.Visconti, S.Bossi, A.Calo and H.Ragab
(http://www.club.di.unimi.it/) for point this out.
(Based on "What users should know about Full Disk Encryption
based on LUKS" paper to be presented on CANS2015).
If password is entered through terminal (no keyfile specified) and
cryptsetup is compiled with --enable-passwdqc[=/etc/passwdqc.conf],
default system passwdqc settings are used to check password quality.
