This patch adds support for fixed padding to cryptsetup.
* Cryptsetup will accept superblocks version 4.
* If the dm-integrity target version is greater than 1.4, cryptsetup will
add a flag "fix_padding" to the dm-integrity target arguments.
There is still one quirk: if we have an old libdm without
DM_DEVICE_GET_TARGET_VERSION and if dm-integrity module is not loaded,
cryptsetup will not detect that it can use the "fix_padding" option.
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Support for multi-segment devices is requirement for online
reencryption to work. Introducing modififed dm backend that
splits data structures describing active device and individual
dm target (or segment).
Since the kernel 4.18 there is a possibility to speficy external
data device for dm-integrity that stores all integrity tags.
The new option --data-device in integritysetup uses this feature.
Some ciphers and key sizes created on-disk metadata that cannot be used.
Use the same test for length-preserving cipher as LUKS1.
Also check if key for integrity algorithm is not too small.
Fixes#373.
Kernel could reject HMAC without a key during format, we must set a key here as well.
Because there is no data area (device size is 8 sectors), it is actually never used,
so we can use zeroed key here.
The real HMAC key is used later during device activation with the real size.
The dm-integrity target is intended to be used for authenticated
encryption through LUKS and dm-crypt.
It can be used in standalone as well; for this use case there
is a simple configuration utility called integritysetup
(similar to veritysetup to dm-verity).
