Version 1.6.2.

sync with wiki version
Update fr.po.
2025-12-05 16:00:05 +01:00 · 2013-08-04 19:01:55 +02:00 · 2013-08-02 23:53:22 +02:00 · 2013-07-31 21:20:14 +02:00 · 2013-07-30 07:45:12 +02:00 · 2013-07-27 22:59:40 +02:00
123 changed files with 26785 additions and 8161 deletions
--- a/2
+++ b/2
@@ -1,3 +1,3 @@
 Christophe Saout <christophe@saout.de>
 Clemens Fruhwirth <clemens@endorphin.org>
-Milan Broz <asi@ucw.cz>
+Milan Broz <gmazyland@gmail.com>
--- a/COPYING.LGPL
+++ b/COPYING.LGPL
@@ -500,3 +500,18 @@ necessary.  Here is a sample; alter the names:
  Ty Coon, President of Vice

 That's all there is to it!
+
+-----
+In addition, as a special exception, the copyright holders give
+permission to link the code of portions of this program with the
+OpenSSL library under certain conditions as described in each
+individual source file, and distribute linked combinations
+including the two.
+
+You must obey the GNU Lesser General Public License in all respects
+for all of the code used other than OpenSSL.  If you modify
+file(s) with this exception, you may extend this exception to your
+version of the file(s), but you are not obligated to do so.  If you
+do not wish to do so, delete this exception statement from your
+version.  If you delete this exception statement from all source
+files in the program, then also delete it here.
--- a/795
+++ b/795
@@ -1,793 +1,6 @@
-2011-11-09  Milan Broz  <mbroz@redhat.com>
-	* Version 1.4.1.
+Since version 1.6 this file is no longer maintained.

-2011-11-05  Milan Broz  <mbroz@redhat.com>
-	* Merge pycryptsetup (Python libcryptsetup bindings).
-	* Fix stupid typo in set_iteration_time API call.
-	* Fix cryptsetup status output if parameter is device path.
+See docs/*ReleaseNotes for release changes documentation.

-2011-10-27  Milan Broz  <mbroz@redhat.com>
-	* Fix crypt_get_volume_key_size() for plain device.
-	* Fix FSF address in license text.
-
-2011-10-25  Milan Broz  <mbroz@redhat.com>
-	* Print informative message in isLuks only in verbose mode.
-	* Version 1.4.0.
-
-2011-10-10  Milan Broz  <mbroz@redhat.com>
-	* Version 1.4.0-rc1.
-
-2011-10-05  Milan Broz  <mbroz@redhat.com>
-	* Support Nettle 2.4 crypto backend (for ripemd160).
-	* If device is not rotational, do not use Gutmann wipe method.
-	* Add crypt_last_error() API call.
-	* Fix luksKillSLot exit code if slot is inactive or invalid.
-	* Fix exit code if passphrases do not match in luksAddKey.
-	* Add LUKS on-disk format description into package.
-
-2011-09-22  Milan Broz  <mbroz@redhat.com>
-	* Support key-slot option for luksOpen (use only explicit keyslot).
-
-2011-08-22  Milan Broz  <mbroz@redhat.com>
-	* Add more paranoid checks for LUKS header and keyslot attributes.
-	* Fix crypt_load to properly check device size.
-	* Use new /dev/loop-control (kernel 3.1) if possible.
-	* Enhance check of device size before writing LUKS header.
-	* Do not allow context format of already formatted device.
-
-2011-07-25  Milan Broz  <mbroz@redhat.com>
-	* Remove hash/hmac restart from crypto backend and make it part of hash/hmac final.
-	* Improve check for invalid offset and size values.
-
-2011-07-19  Milan Broz  <mbroz@redhat.com>
-	* Revert default initialisation of volume key in crypt_init_by_name().
-	* Do not allow key retrieval while suspended (key could be wiped).
-	* Do not allow suspend for non-LUKS devices.
-	* Support retries and timeout parameters for luksSuspend.
-	* Add --header option for detached metadata (on-disk LUKS header) device.
-	* Add crypt_init_by_name_and_header() and crypt_set_data_device() to API.
-	* Allow different data offset setting for detached header.
-
-2011-07-07  Milan Broz  <mbroz@redhat.com>
-	* Remove old API functions (all functions using crypt_options).
-	* Add --enable-discards option to allow discards/TRIM requests.
-	* Add crypt_get_iv_offset() function to API.
-
-2011-07-01  Milan Broz  <mbroz@redhat.com>
-	* Add --shared option for creating non-overlapping crypt segments.
-	* Add shared flag to libcryptsetup api.
-	* Fix plain crypt format parameters to include size option (API change).
-
-2011-06-08  Milan Broz  <mbroz@redhat.com>
-	* Fix return code for status command when device doesn't exists.
-
-2011-05-24  Milan Broz  <mbroz@redhat.com>
-	* Version 1.3.1.
-
-2011-05-17  Milan Broz  <mbroz@redhat.com>
-	* Fix keyfile=- processing in create command (1.3.0).
-	* Simplify device path status check.
-
-2011-05-03  Milan Broz  <mbroz@redhat.com>
-	* Do not ignore size argument for create command (1.2.0).
-
-2011-04-18  Milan Broz  <mbroz@redhat.com>
-	* Fix error paths in blockwise code and lseek_write call.
-	* Add Nettle crypto backend support.
-
-2011-04-05  Milan Broz  <mbroz@redhat.com>
-	* Version 1.3.0.
-
-2011-03-22  Milan Broz  <mbroz@redhat.com>
-	* Also support --skip and --hash option for loopaesOpen.
-	* Fix return code when passphrase is read from pipe.
-	* Document cryptsetup exit codes.
-
-2011-03-18  Milan Broz  <mbroz@redhat.com>
-	* Respect maximum keyfile size paramater.
-	* Introduce maximum default keyfile size, add configure option.
-	* Require the whole key read from keyfile in create command (broken in 1.2.0).
-	* Fix offset option for loopaesOpen.
-	* Lock memory also in luksDump command.
-	* Version 1.3.0-rc2.
-
-2011-03-14  Milan Broz  <mbroz@redhat.com>
-	* Version 1.3.0-rc1.
-
-2011-03-11  Milan Broz  <mbroz@redhat.com>
-	* Add loop manipulation code and support mapping of images in file.
-	* Add backing device loop info into status message.
-	* Add luksChangeKey command.
-
-2011-03-05  Milan Broz  <mbroz@redhat.com>
-	* Add exception to COPYING for binary distribution linked with OpenSSL library.
-	* Set secure data flag (wipe all ioclt buffers) if devmapper library supports it.
-
-2011-01-29  Milan Broz  <mbroz@redhat.com>
-	* Fix mapping removal if device disappeared but node still exists.
-	* Fix luksAddKey return code if master key is used.
-
-2011-01-25  Milan Broz  <mbroz@redhat.com>
-	* Add loop-AES handling (loopaesOpen and loopaesClose commands).
-	 (requires kernel 2.6.38 and above)
-
-2011-01-05  Milan Broz  <mbroz@redhat.com>
-	* Fix static build (--disable-static-cryptsetup now works properly).
-
-2010-12-30  Milan Broz  <mbroz@redhat.com>
-	* Add compile time crypto backends implementation
-	  (gcrypt, OpenSSL, NSS and userspace Linux kernel crypto api).
-	* Currently NSS is lacking ripemd160, cannot provide full plain compatibility.
-	* Use --with-crypto_backend=[gcrypt|openssl|nss|kernel] to configure.
-
-2010-12-20  Milan Broz  <mbroz@redhat.com>
-	* Version 1.2.0.
-
-2010-11-25  Milan Broz  <mbroz@redhat.com>
-	* Fix crypt_activate_by_keyfile() to work with PLAIN devices.
-	* Fix create command to properly handle keyfile size.
-
-2010-11-16  Milan Broz  <mbroz@redhat.com>
-	* Version 1.2.0-rc1.
-
-2010-11-13  Milan Broz  <mbroz@redhat.com>
-	* Fix password callback call.
-	* Fix default plain password entry from terminal in activate_by_passphrase.
-	* Add --dump-master-key option for luksDump to allow volume key dump.
-	* Allow to activate by internally cached volume key
-	  (format/activate without keyslots active - used for temporary devices).
-	* Initialize volume key from active device in crypt_init_by_name()
-	* Fix cryptsetup binary exitcodes.
-	* Increase library version (still binary compatible with 1.1.x release).
-
-2010-11-01  Milan Broz  <mbroz@redhat.com>
-	* No longer support luksDelKey, reload and --non-exclusive.
-	* Remove some obsolete info from man page.
-	* Add crypt_get_type(), crypt_resize(), crypt_keyslot_max()
-	and crypt_get_active_device() to API.
-	* Rewrite all implementations in cryptsetup to new API.
-	* Fix luksRemoveKey to behave as documented (do not ask
-	for remaining keyslot passphrase).
-	* Add more regression tests for commands.
-	* Disallow mapping of device which is already in use (mapped or mounted).
-	* Disallow luksFormat on device in use.
-
-2010-10-27  Milan Broz  <mbroz@redhat.com>
-	* Rewrite cryptsetup luksFormat, luksOpen, luksAddKey to use new API
-	  to allow adding new features.
-	* Implement --use-random and --use-urandom for luksFormat to allow
-	  setting of RNG for volume key generator.
-	* Add crypt_set_rng_type() and crypt_get_rng_type() to API.
-	* Add crypt_set_uuid() to API.
-	* Allow UUID setting in luksFormat and luksUUID (--uuid parameter).
-	* Add --keyfile-size and --new-keyfile-size (in bytes) size and disallow overloading
-	  of --key-size for limiting keyfile reads.
-	* Fix luksFormat to properly use key file with --master-key-file switch.
-	* Fix possible double free when handling master key file.
-
-2010-10-17  Milan Broz  <mbroz@redhat.com>
-	* Add crypt_get_device_name() to API (get underlying device name).
-	* Change detection for static libraries.
-	* Fix pkg-config use in automake scripts.
-	* Remove --disable-shared-library switch and handle static library build
-	  by common libtool logic (using --enable-static).
-	* Add --enable-static-cryptsetup option to build cryptsetup.static binary
-	  together with shared build.
-
-2010-08-05  Milan Broz  <mbroz@redhat.com>
-	* Wipe iteration and salt after KillSlot in LUKS header.
-	* Rewrite file differ test to C (and fix it to really work).
-	* Switch to 1MiB default alignment of data.
-	  For more info see https://bugzilla.redhat.com/show_bug.cgi?id=621684
-	* Do not query non-existent device twice (cryptsetup status /dev/nonexistent).
-	* Check if requested hash is supported before writing LUKS header.
-
-2010-07-28  Arno Wagner <arno@wagner.name>
-	* Add FAQ (Frequently Asked Questions) file to distribution.
-
-2010-07-03  Milan Broz  <mbroz@redhat.com>
-	* Fix udev support for old libdevmapper with not compatible definition.
-	* Version 1.1.3.
-
-2010-06-01  Milan Broz  <mbroz@redhat.com>
-	* Fix device alignment ioctl calls parameters.
-	* Fix activate_by_* API calls to handle NULL device name as documented.
-
-2010-05-30  Milan Broz  <mbroz@redhat.com>
-	* Version 1.1.2.
-
-2010-05-27  Milan Broz  <mbroz@redhat.com>
-	* Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile.
-	* Support --key-file/-d option for luksFormat.
-	* Fix description of --key-file and add --verbose and --debug options to man page.
-	* Add verbose log level and move unlocking message there.
-	* Remove device even if underlying device disappeared.
-	* Fix (deprecated) reload device command to accept new device argument.
-
-2010-05-23  Milan Broz  <mbroz@redhat.com>
-	* Fix luksClose operation for stacked DM devices.
-	* Version 1.1.1.
-
-2010-05-03  Milan Broz  <mbroz@redhat.com>
-	* Fix automatic dm-crypt module loading.
-	* Escape hyphens in man page.
-	* Version 1.1.1-rc2.
-
-2010-04-30  Milan Broz  <mbroz@redhat.com>
-	* Try to use pkgconfig for device mapper library.
-	* Detect old dm-crypt module and disable LUKS suspend/resume.
-	* Fix apitest to work on older systems.
-	* Allow no hash specification in plain device constructor.
-	* Fix luksOpen reading of passphrase on stdin (if "-" keyfile specified).
-	* Fix isLuks to initialise crypto backend (blkid instead is suggested anyway).
-	* Version 1.1.1-rc1.
-
-2010-04-12  Milan Broz  <mbroz@redhat.com>
-	* Fix package config to use proper package version.
-	* Avoid class C++ keyword in library header.
-	* Detect and use devmapper udev support if available (disable by --disable-udev).
-
-2010-04-06  Milan Broz  <mbroz@redhat.com>
-	* Prefer some device paths in status display.
-	* Support device topology detectionfor data alignment.
-
-2010-02-25  Milan Broz  <mbroz@redhat.com>
-	* Do not verify unlocking passphrase in luksAddKey command.
-	* Properly initialise crypto backend in header backup/restore commands.
-
-2010-01-17  Milan Broz  <mbroz@redhat.com>
-	* If gcrypt compiled with capabilities, document workaround for cryptsetup (see lib/gcrypt.c).
-	* Version 1.1.0.
-
-2010-01-10  Milan Broz  <mbroz@redhat.com>
-	* Fix initialisation of gcrypt duting luksFormat.
-	* Convert hash name to lower case in header (fix sha1 backward comatible header)
-	* Check for minimum required gcrypt version.
-
-2009-12-30  Milan Broz  <mbroz@redhat.com>
-	* Fix key slot iteration count calculation (small -i value was the same as default).
-	* The slot and key digest iteration minimun is now 1000.
-	* The key digest iteration # is calculated from iteration time (approx 1/8 of that).
-	* Version 1.1.0-rc4.
-
-2009-12-11  Milan Broz  <mbroz@redhat.com>
-	* Fix error handling during reading passhrase.
-
-2009-12-01  Milan Broz  <mbroz@redhat.com>
-	* Allow changes of default compiled-in cipher parameters through configure.
-	* Switch default key size for LUKS to 256bits.
-	* Switch default plain mode to aes-cbc-essiv:sha256 (default is backward incompatible!).
-
-2009-11-14  Milan Broz  <mbroz@redhat.com>
-	* Add CRYPT_ prefix to enum defined in libcryptsetup.h.
-	* Fix status call to fail when running as non-root user.
-	* Check in configure if selinux libraries are required in static version.
-	* Add temporary debug code to find processes locking internal device.
-	* Simplify build system, use autopoint and clean gettext processing.
-	* Use proper NLS macros and detection (so the message translation works again).
-	* Version 1.1.0-rc3.
-
-2009-09-30  Milan Broz  <mbroz@redhat.com>
-	* Fix exported symbols and versions in libcryptsetup.
-	* Do not use internal lib functions in cryptsetup.
-	* Add crypt_log to library.
-	* Fix crypt_remove_device (remove, luksClose) implementation.
-	* Move dm backend initialisation to library calls.
-	* Move duplicate Command failed message to verbose level (error is printed always).
-	* Add some password and used algorithms notes to man page.
-	* Version 1.1.0-rc2.
-
-2009-09-28  Milan Broz  <mbroz@redhat.com>
-	* Add luksHeaderBackup and luksHeaderRestore commands.
-	* Fail passphrase read if piped input no longer exists.
-	* Version 1.1.0-rc1.
-
-2009-09-15  Milan Broz  <mbroz@redhat.com>
-	* Initialize crypto library before LUKS header load.
-	* Fix manpage to not require --size which expands to device size by default.
-
-2009-09-10  Milan Broz  <mbroz@redhat.com>
-	* Clean up Makefiles and configure script.
-	* Version 1.1.0-test0.
-
-2009-09-08  Milan Broz  <mbroz@redhat.com>
-	* Use dm-uuid for all crypt devices, contains device type and name now.
-	* Try to read first sector from device to properly check that device is ready.
-
-2009-09-02  Milan Broz  <mbroz@redhat.com>
-	* Add luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase).
-
-2009-08-30  Milan Broz  <mbroz@redhat.com>
-	* Require device device-mapper to build and do not use backend wrapper for dm calls.
-	* Move memory locking and dm initialization to command layer.
-	* Increase priority of process if memory is locked.
-	* Add log macros and make logging modre consitent.
-	* Move command successful messages to verbose level.
-	* Introduce --debug parameter.
-	* Move device utils code and provide context parameter (for log).
-	* Keyfile now must be provided by path, only stdin file descriptor is used (api only).
-	* Do not call isatty() on closed keyfile descriptor.
-	* Run performance check for PBKDF2 from LUKS code, do not mix hash algoritms results.
-	* Add ability to provide pre-generated master key and UUID in LUKS header format.
-	* Add LUKS function to verify master key digest.
-	* Move key slot manuipulation function into LUKS specific code.
-	* Replace global options struct with separate parameters in helper functions.
-	* Add new libcryptsetup API (documented in libcryptsetup.h).
-	* Implement old API calls using new functions.
-	* Remove old API code helper functions.
-	* Add --master-key-file option for luksFormat and luksAddKey.
-
-2009-08-17  Milan Broz  <mbroz@redhat.com>
-	* Fix PBKDF2 speed calculation for large passhrases.
-	* Allow using passphrase provided in options struct for LuksOpen.
-	* Allow restrict keys size in LuksOpen.
-
-2009-07-30  Milan Broz  <mbroz@redhat.com>
-	* Fix errors when compiled with LUKS_DEBUG.
-	* Print error when getline fails.
-	* Remove po/cryptsetup-luks.pot, it's autogenerated.
-	* Return ENOENT for empty keyslots, EINVAL will be used later for other type of error.
-	* Switch PBKDF2 from internal SHA1 to libgcrypt, make hash algorithm not hardcoded to SHA1 here.
-	* Add required parameters for changing hash used in LUKS key setup scheme.
-	* Do not export simple XOR helper now used only inside AF functions.
-	* Completely remove internal SHA1 implementanion code, not needed anymore.
-	* Enable hash algorithm selection for LUKS through -h luksFormat option.
-
-2009-07-28  Milan Broz  <mbroz@redhat.com>
-	* Pad luks header to 512 sector size.
-	* Rework read/write blockwise to not split operation to many pieces.
-	* Use posix_memalign if available.
-
-2009-07-22  Milan Broz  <mbroz@redhat.com>
-	* Fix segfault if provided slot in luksKillslot is invalid.
-	* Remove unneeded timeout when remove of temporary device succeeded.
-
-2009-07-22  Milan Broz  <mbroz@redhat.com>
-	* version 1.0.7
-
-2009-07-16  Milan Broz  <mbroz@redhat.com>
-	* Allow removal of last slot in luksRemoveKey and luksKillSlot.
-
-2009-07-11  Milan Broz  <mbroz@redhat.com>
-
-	* Add --disable-selinux option and fix static build if selinux is required.
-	* Reject unsupported --offset and --skip options for luksFormat and update man page.
-
-2009-06-22  Milan Broz  <mbroz@redhat.com>
-
-	* Summary of changes in subversion for 1.0.7-rc1:
-	* Various man page fixes.
-	* Set UUID in device-mapper for LUKS devices.
-	* Retain readahead of underlying device.
-	* Display device name when asking for password.
-	* Check device size when loading LUKS header. Remove misleading error message later.
-	* Add error hint if dm-crypt mapping failed.
-	* Use better error messages if device doesn't exist or is already used by other mapping.
-	* Fix make distcheck.
-	* Check if all slots are full during luksAddKey.
-	* Fix segfault in set_error.
-	* Code cleanups, remove precompiled pot files, remove unnecessary files from po directory
-	* Fix uninitialized return value variable in setup.c.
-	* Code cleanups. (thanks to Ivan Stankovic)
-	* Fix wrong output for remaining key at key deletion.
-	* Allow deletion of key slot while other keys have the same key information.
-	* Add missing AM_PROG_CC_C_O to configure.in
-	* Remove duplicate sentence in man page.
-	* Wipe start of device (possible fs signature) before LUKS-formatting.
-	* Do not process configure.in in hidden directories.
-	* Return more descriptive error in case of IO or header format error.
-	* Use remapping to error target instead of calling udevsettle for temporary crypt device.
-	* Check device mapper communication and warn user if device-mapper support missing in kernel.
-	* Fix signal handler to properly close device.
-	* write_lseek_blockwise: declare innerCount outside the if block.
-	* add -Wall to the default CFLAGS. fix some signedness issues.
-	* Error handling improvement.
-	* Add non-exclusive override to interface definition.
-	* Refactor key slot selection into keyslot_from_option.
-
-2007-05-01  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/backends.c, man/cryptsetup.8: Apply patch from Ludwig Nussel
-	<ludwig.nussel@suse.de>, for old SuSE compat hashing.
-
-2007-04-16  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* Summary of changes in subversion:
-	Fix segfault for key size > 32 bytes.
-	Kick ancient header version conversion. 
-	Fix http://bugs.debian.org/403075
-	No passwort retrying for I/O errors.
-	Fix hang on "-i 0".
-	Fix parenthesization error that prevented --tries from working
-	correctly.
-
-2006-11-28  gettextize  <bug-gnu-gettext@gnu.org>
-
-	* m4/gettext.m4: Upgrade to gettext-0.15.
-	* m4/glibc2.m4: New file, from gettext-0.15.
-	* m4/intmax.m4: New file, from gettext-0.15.
-	* m4/inttypes-h.m4: New file, from gettext-0.15.
-	* m4/inttypes-pri.m4: Upgrade to gettext-0.15.
-	* m4/lib-link.m4: Upgrade to gettext-0.15.
-	* m4/lib-prefix.m4: Upgrade to gettext-0.15.
-	* m4/lock.m4: New file, from gettext-0.15.
-	* m4/longdouble.m4: New file, from gettext-0.15.
-	* m4/longlong.m4: New file, from gettext-0.15.
-	* m4/nls.m4: Upgrade to gettext-0.15.
-	* m4/po.m4: Upgrade to gettext-0.15.
-	* m4/printf-posix.m4: New file, from gettext-0.15.
-	* m4/signed.m4: New file, from gettext-0.15.
-	* m4/size_max.m4: New file, from gettext-0.15.
-	* m4/visibility.m4: New file, from gettext-0.15.
-	* m4/wchar_t.m4: New file, from gettext-0.15.
-	* m4/wint_t.m4: New file, from gettext-0.15.
-	* m4/xsize.m4: New file, from gettext-0.15.
-	* m4/Makefile.am: New file.
-	* configure.in (AC_OUTPUT): Add m4/Makefile.
-	(AM_GNU_GETTEXT_VERSION): Bump to 0.15.
-
-2006-10-22  David Härdeman  <david@hardeman.nu>
-
-	* Allow hashing of keys passed through stdin.
-
-2006-10-13  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: 1.0.4 release
-
-2006-10-13  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* man/cryptsetup.8: Document --tries switch; patch by Jonas
-	Meurer.
-
-2006-10-13  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c: Added terminal timeout rewrite as forwarded by
-	Jonas Meurer
-
-2006-10-04  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* Merged patch from Marc Merlin <marc@merlins.org> to allow user
-	selection of key slot.
-
-2006-09-26  gettextize  <bug-gnu-gettext@gnu.org>
-
-	* m4/codeset.m4: Upgrade to gettext-0.14.4.
-	* m4/gettext.m4: Upgrade to gettext-0.14.4.
-	* m4/glibc2.m4: New file, from gettext-0.14.4.
-	* m4/glibc21.m4: Upgrade to gettext-0.14.4.
-	* m4/iconv.m4: Upgrade to gettext-0.14.4.
-	* m4/intdiv0.m4: Upgrade to gettext-0.14.4.
-	* m4/intmax.m4: New file, from gettext-0.14.4.
-	* m4/inttypes.m4: Upgrade to gettext-0.14.4.
-	* m4/inttypes_h.m4: Upgrade to gettext-0.14.4.
-	* m4/inttypes-pri.m4: Upgrade to gettext-0.14.4.
-	* m4/isc-posix.m4: Upgrade to gettext-0.14.4.
-	* m4/lcmessage.m4: Upgrade to gettext-0.14.4.
-	* m4/lib-ld.m4: Upgrade to gettext-0.14.4.
-	* m4/lib-link.m4: Upgrade to gettext-0.14.4.
-	* m4/lib-prefix.m4: Upgrade to gettext-0.14.4.
-	* m4/longdouble.m4: New file, from gettext-0.14.4.
-	* m4/longlong.m4: New file, from gettext-0.14.4.
-	* m4/nls.m4: Upgrade to gettext-0.14.4.
-	* m4/po.m4: Upgrade to gettext-0.14.4.
-	* m4/printf-posix.m4: New file, from gettext-0.14.4.
-	* m4/progtest.m4: Upgrade to gettext-0.14.4.
-	* m4/signed.m4: New file, from gettext-0.14.4.
-	* m4/size_max.m4: New file, from gettext-0.14.4.
-	* m4/stdint_h.m4: Upgrade to gettext-0.14.4.
-	* m4/uintmax_t.m4: Upgrade to gettext-0.14.4.
-	* m4/ulonglong.m4: Upgrade to gettext-0.14.4.
-	* m4/wchar_t.m4: New file, from gettext-0.14.4.
-	* m4/wint_t.m4: New file, from gettext-0.14.4.
-	* m4/xsize.m4: New file, from gettext-0.14.4.
-	* Makefile.am (ACLOCAL_AMFLAGS): New variable.
-	* configure.in (AM_GNU_GETTEXT_VERSION): Bump to 0.14.4.
-
-2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: 1.0.4-rc2
-
-2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* luks/Makefile.am: Add a few regression tests 
-
-2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c (get_key): Applied patch from David Härdeman
-	<david@2gen.com> for reading binary keys from stdin using
-	the "-" as key file.
-
-2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c (__crypt_luks_add_key): For checking options struct
-	(optionsCheck) filter out CRYPT_FLAG_VERIFY and
-	CRYPT_FLAG_VERIFY_IF_POSSIBLE, so that in no case password verification is done
-	for password retrieval.
-
-2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: Merge Patch from http://bugs.gentoo.org/show_bug.cgi?id=132126 for sepol
-
-2006-07-23  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* Applied patches from David Härdeman <david@2gen.com> to fix 64
-	bit compiler warning issues.
-
-2006-05-19  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* Applied patches from Jonas Meurer
-	  - fix terminal status after timeout
-	  - add remark for --tries to manpage
-	  - allow more than 32 chars from standard input.
-	  - exit status fix for cryptsetup status.
-
-2006-05-06  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* src/cryptsetup.c (yesDialog): Fix getline problem for 64-bit archs. 
-
-2006-04-05  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: Release 1.0.3.
-
-	* Applied patch by Johannes Weißl for more meaningful exit codes
-	and password retries
-
-2006-03-30  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c (__crypt_create_device): (char *) -> (const char *)
-
-2006-03-30  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* Apply alignPayload patch from Peter Palfrader <weasel@debian.org>
-
-2006-03-15  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: 1.0.3-rc3. Most unplease release ever. 
-	* lib/setup.c (__crypt_create_device): More verbose error message.
-
-2006-02-26  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c: Revert to 1.0.1 key reading.
-
-2006-02-25  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* man/cryptsetup.8: merge patch from Jonas Meurer
-
-2006-02-25  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: 1.0.3-rc2
-
-2006-02-25  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/libdevmapper.c (dm_create_device): Remove dup check here.
-	* lib/setup.c (__crypt_luks_open): Adopt same dup check as regular
-	create command.
-
-2006-02-22  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: Spin 1.0.3-rc1
-
-2006-02-22  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* src/cryptsetup.c (action_create): Change defaulting.
-	(action_luksFormat): Change defaulting.
-
-	* lib/setup.c (parse_into_name_and_mode): Revert that default
-	change. This is FORBIDDEN here, as it will change cryptsetup
-	entire default. This is BAD in a non-LUKS world.
-
-2006-02-21  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* luks/keyencryption.c (setup_mapping): Add proper size restriction to mapping.	
-	(LUKS_endec_template): Add more verbose error message.
-
-2006-02-21  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/libdevmapper.c (dm_query_device): Incorporate patch from
-	Bastian Blank
-	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344313
-
-2006-02-21  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* src/cryptsetup.c: Rename show_error -> show_status.
-
-2006-02-20  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/libdevmapper.c (dm_create_device): Prevent existing mapping
-	from being removed when a mapping with the same name is added
-
-	* Add timeout patch from Jonas Meurer 
-
-	* src/cryptsetup.c: Remove conditional error printing to enable
-	printing the no-error msg (Command successful). Verify passphrase
-	for LUKS volumes.
-	(main): Add no-verify-passphrase
-
-	* lib/setup.c (parse_into_name_and_mode): Change default mode complition to essiv:sha256.
-
-2006-01-04  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* src/cryptsetup.c (help): Merge patch from Gentoo: change gettext(..) to _(..).
-
-2005-12-06  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* man/cryptsetup.8: Correct "seconds" to "microseconds" in the explaination for -i.
-
-2005-11-09  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* src/cryptsetup.c (main): Add version string.
-
-2005-11-08  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/backends.c: compile fix. 
-
-2005-09-11  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c (get_key): Fixed another incompatibility from my
-	get_key rewrite with original cryptsetup.
-
-2005-09-11  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* Merged changes from Florian Knauf's fk02 branch.
-
-2005-09-08  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c (get_key): Fixed another incompatiblity with
-	original cryptsetup.
-
-2005-08-20  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* Checked in a patch from Michael Gebetsroither <gebi@sbox.tugraz.at>
-	  to silent all confirmation dialogs.
-
-2005-06-23  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* src/cryptsetup.c (help): print PACKAGE_STRING
-
-2005-06-20  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* luks/keymanage.c (LUKS_set_key): Security check against header manipulation
-
-	* src/cryptsetup.c (action_luksDelKey): Safety check in luksDelKey
-
-	* luks/keymanage.c: Changed disk layout generation to align key material to 4k boundaries.
-	(LUKS_is_last_keyslot): Added LUKS_is_last_keyslot function.
-
-        * Applied patch from Bill Nottingham fixing a lot of prototypes.
-
-	* src/cryptsetup.c (action_luksOpen): Add support for -r flag.
-
-	* configure.in: Version bump 1.0.1
-
-2005-06-16  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c (__crypt_luks_open): Remove mem leaking of dmCipherSpec.
-	(get_key): Fix missing zero termination for read string. 
-
-2005-06-12  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* luks/keyencryption.c (setup_mapping): Added CRYPT_FLAG_READONLY in case of O_RDONLY mode
-
-2005-06-11  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: Version bump 1.0.1-pre
-
-2005-06-09  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/utils.c: Added write_llseek_blocksize method to support sector wiping on sector_size != 512 
-	media
-
-2005-05-23  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c (crypt_luksDelKey): Added missing return statement
-	(setup_leave): Added missing return statement
-
-	* luks/keyencryption.c (clear_mapping): Added missing return statement
-
-2005-05-19  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/utils.c (write_blockwise, read_blockwise): Changed to soft bsize instead of SECTOR_SIZE
-
-	* luks/keymanage.c (wipe): Changed open mode to O_DIRECT | O_SYNC, and changed write 
-	to use the blockwise write helper
-
-2005-04-21  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* man/cryptsetup.8: Corrected an error, thanks to Dick Middleton.
-
-2005-04-09  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* luks/sha/hmac.c: Add 64 bit bug fix courtesy to 
-	Oliver Paukstadt <pstadt@sourcentral.org>.
-
-	* luks/pbkdf.c, luks/keyencryption.c, luks/keymanage.c, luks/af.c: Added a license 
-	disclaimer and remove option for "any future GPL versions".
-
-2005-03-25  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: man page Makefile. Version bump 1.0.
-
-	* man/cryptsetup.8: finalize man page and move to section 8.
-
-	* src/cryptsetup.c (action_luksFormat): Add "are you sure" for interactive sessions.
-
-	* lib/setup.c (crypt_luksDump), src/cryptsetup.c: add LUKS dump command
-
-2005-03-24  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* src/cryptsetup.c, luks/Makefile.am (test), lib/setup.c (setup_enter): 
-	rename luksInit to luksFormat
-
-2005-03-12  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* man/cryptsetup.1: Add man page.
-
-	* lib/setup.c: Remove unneccessary LUKS_write_phdr call, so the
-	phdr is written after passphrase reading, so the user can change
-	his mind, and not have a partial written LUKS header on it's disk.
-
-2005-02-09  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* luks/keymanage.c (LUKS_write_phdr): converted argument phdr to
-	pointer, and make a copy of phdr for conversion
-
-	* configure.in: Version dump.
-
-	* luks/keyencryption.c: Convert to read|write_blockwise.
-
-	* luks/keymanage.c: Convert to read|write_blockwise.
-
-	* lib/utils.c: Add read|write_blockwise functions, to use in
-	O_DIRECT file accesses. 
-
-2004-03-11 Thursday 15:52   Christophe Saout <christophe@saout.de>
-
-	* lib/blockdev.h: BLKGETSIZE64 really uses size_t as third
-	  argument, the rest is wrong.
-
-2004-03-10 Wednesday 17:50   Christophe Saout <christophe@saout.de>
-
-	* lib/: libcryptsetup.h, libdevmapper.c: Small fixes.
-
-2004-03-09 Tuesday 21:41   Christophe Saout <christophe@saout.de>
-
-	* lib/internal.h, lib/libcryptsetup.h, lib/libdevmapper.c,
-	  lib/setup.c, po/de.po, src/cryptsetup.c: Added internal flags to
-	  keep track of malloc'ed return values in struct crypt_options and
-	  add a function to free the memory. Also add a readonly flag to
-	  libcryptsetup.
-
-2004-03-09 Tuesday 16:03   Christophe Saout <christophe@saout.de>
-
-	* ChangeLog, configure.in, setup-gettext, lib/Makefile.am,
-	  lib/backends.c, lib/blockdev.h, lib/gcrypt.c, lib/internal.h,
-	  lib/libcryptsetup.h, lib/libdevmapper.c, lib/setup.c,
-	  lib/utils.c, po/de.po, src/Makefile.am, src/cryptsetup.c: More
-	  reorganization work.
-
-2004-03-08 Monday 01:38   Christophe Saout <christophe@saout.de>
-
-	* ChangeLog, Makefile.am, acinclude.m4, configure.in,
-	  lib/Makefile.am, lib/backends.c, lib/blockdev.h, lib/gcrypt.c,
-	  lib/libdevmapper.c, lib/setup.c, lib/utils.c, po/de.po,
-	  src/Makefile.am: BLKGETSIZE64 fixes and started modularity
-	  enhancements
-
-2004-03-04 Thursday 21:06   Christophe Saout <christophe@saout.de>
-
-	* Makefile.am, po/de.po, src/cryptsetup.c, src/cryptsetup.h: First
-	  backward compatible working version.
-
-2004-03-04 Thursday 00:42   Christophe Saout <christophe@saout.de>
-
-	* NEWS, AUTHORS, ChangeLog, Makefile.am, README, autogen.sh,
-	  configure.in, setup-gettext, po/ChangeLog, po/LINGUAS,
-	  po/POTFILES.in, po/de.po, src/cryptsetup.c, src/cryptsetup.h,
-	  src/Makefile.am (utags: initial): Initial checkin.
-
-2004-03-04 Thursday 00:42   Christophe Saout <christophe@saout.de>
-
-	* NEWS, AUTHORS, ChangeLog, Makefile.am, README, autogen.sh,
-	  configure.in, setup-gettext, po/ChangeLog, po/LINGUAS,
-	  po/POTFILES.in, po/de.po, src/cryptsetup.c, src/cryptsetup.h,
-	  src/Makefile.am: Initial revision
+See version control history for full commit messages.
+  http://code.google.com/p/cryptsetup/source/list
--- a/1210
+++ b/1210
--- a/2
+++ b/2
@@ -23,7 +23,7 @@ DOWNLOAD:
 SOURCE CODE:

      URL: http://code.google.com/p/cryptsetup/source/browse/
-      Checkout: svn checkout http://cryptsetup.googlecode.com/svn/trunk/ cryptsetup
+      Checkout: git clone https://code.google.com/p/cryptsetup/

 NLS (PO TRANSLATIONS):

--- a/10
+++ b/10
@@ -1,6 +1,8 @@
-Version 1.5.0:
+Version 1.7:
 - Export wipe device functions
 - Support K/M suffixes for align payload (new switch?).
- FIPS patches (RNG, volume key restrictions, move changekey to library)
- online reencryption api?
- integrate more metadata formats
+- TRIM for keyslots
+- Do we need crypt_data_path() - path to data device (if differs)?
+- Resync ETA time is not accurate, calculate it better (last minute window?).
+- Crypt benchmark cannot ttest ECB mode.
+- Log doesn't work yet in early binary start (FIPS message).
--- a/autogen.sh
+++ b/autogen.sh
@@ -22,7 +22,7 @@ DIE=0
  DIE=1
 }

-(grep "^AM_PROG_LIBTOOL" $srcdir/configure.in >/dev/null) && {
+(grep "^AM_PROG_LIBTOOL" $srcdir/configure.ac >/dev/null) && {
  (libtool --version) < /dev/null > /dev/null 2>&1 || {
    echo
    echo "**Error**: You must have libtool installed."
@@ -78,7 +78,7 @@ autopoint --force $AP_OPTS
 libtoolize --force --copy
 aclocal -I m4 $AL_OPTS
 autoheader $AH_OPTS
-automake --add-missing --gnu $AM_OPTS
+automake --add-missing --copy --gnu $AM_OPTS
 autoconf $AC_OPTS

 if test x$NOCONFIGURE = x; then
--- a/configure.ac
+++ b/configure.ac
@@ -1,15 +1,23 @@
 AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[1.4.1])
+AC_INIT([cryptsetup],[1.6.2])

 dnl library version from <major>.<minor>.<release>[-<suffix>]
 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
-LIBCRYPTSETUP_VERSION_INFO=4:0:0
+LIBCRYPTSETUP_VERSION_INFO=9:0:5
+dnl library file name for FIPS selfcheck
+LIBCRYPTSETUP_VERSION_FIPS="libcryptsetup.so.4"

 AC_CONFIG_SRCDIR(src/cryptsetup.c)
 AC_CONFIG_MACRO_DIR([m4])

 AC_CONFIG_HEADERS([config.h:config.h.in])
-AM_INIT_AUTOMAKE(dist-bzip2)
+
+# We do not want to run test in parallel. Really.
+# http://lists.gnu.org/archive/html/automake/2013-01/msg00060.html
+
+# For old automake use this
+#AM_INIT_AUTOMAKE(dist-bzip2)
+AM_INIT_AUTOMAKE([dist-bzip2 1.12 serial-tests])

 if test "x$prefix" = "xNONE"; then
 	sysconfdir=/etc
@@ -25,27 +33,32 @@ AC_PROG_INSTALL
 AC_PROG_MAKE_SET
 AC_ENABLE_STATIC(no)
 LT_INIT
+PKG_PROG_PKG_CONFIG

 AC_HEADER_DIRENT
 AC_HEADER_STDC
 AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \
-	ctype.h unistd.h locale.h)
+	ctype.h unistd.h locale.h byteswap.h endian.h)

-AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR('You need the uuid library')])
-AC_CHECK_HEADER(libdevmapper.h,,[AC_MSG_ERROR('You need the device-mapper library')])
+AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR([You need the uuid library.])])
+AC_CHECK_HEADER(libdevmapper.h,,[AC_MSG_ERROR([You need the device-mapper library.])])

 saved_LIBS=$LIBS
-AC_CHECK_LIB(uuid, uuid_clear, ,[AC_MSG_ERROR('You need the uuid library')])
+AC_CHECK_LIB(uuid, uuid_clear, ,[AC_MSG_ERROR([You need the uuid library.])])
 AC_SUBST(UUID_LIBS, $LIBS)
 LIBS=$saved_LIBS

 AC_CHECK_FUNCS([posix_memalign])

+if test "x$enable_largefile" = "xno" ; then
+  AC_MSG_ERROR([Building with --disable-largefile is not supported, it can cause data corruption.])
+fi
+
 AC_C_CONST
 AC_C_BIGENDIAN
 AC_TYPE_OFF_T
 AC_SYS_LARGEFILE
-
+AC_FUNC_FSEEKO
 AC_PROG_GCC_TRADITIONAL

 dnl ==========================================================================
@@ -61,11 +74,63 @@ AC_CHECK_LIB(popt, poptConfigFileToString,,
 AC_SUBST(POPT_LIBS, $LIBS)
 LIBS=$saved_LIBS

+dnl ==========================================================================
+dnl FIPS extensions
+AC_ARG_ENABLE([fips], AS_HELP_STRING([--enable-fips],[enable FIPS mode restrictions]),
+[with_fips=$enableval],
+[with_fips=no])
+
+if test "x$with_fips" = "xyes"; then
+	AC_DEFINE(ENABLE_FIPS, 1, [Enable FIPS mode restrictions])
+	AC_DEFINE_UNQUOTED(LIBCRYPTSETUP_VERSION_FIPS, ["$LIBCRYPTSETUP_VERSION_FIPS"],
+		[library file name for FIPS selfcheck])
+
+	if test "x$enable_static" = "xyes" -o "x$enable_static_cryptsetup" = "xyes" ; then
+		AC_MSG_ERROR([Static build is not compatible with FIPS.])
+	fi
+
+	saved_LIBS=$LIBS
+	AC_CHECK_LIB(fipscheck, FIPSCHECK_verify, ,[AC_MSG_ERROR([You need the fipscheck library.])])
+	AC_SUBST(FIPSCHECK_LIBS, $LIBS)
+	LIBS=$saved_LIBS
+
+fi
+
+AC_DEFUN([NO_FIPS], [
+	if test "x$with_fips" = "xyes"; then
+		AC_MSG_ERROR([This option is not compatible with FIPS.])
+	fi
+])
+
+dnl ==========================================================================
+dnl pwquality library (cryptsetup CLI only)
+AC_ARG_ENABLE([pwquality], AS_HELP_STRING([--enable-pwquality],[enable password quality checking]),
+[with_pwquality=$enableval],
+[with_pwquality=no])
+
+if test "x$with_pwquality" = "xyes"; then
+	AC_DEFINE(ENABLE_PWQUALITY, 1, [Enable password quality checking])
+	PKG_CHECK_MODULES([PWQUALITY], [pwquality >= 1.0.0],,
+		AC_MSG_ERROR([You need pwquality library.]))
+
+	dnl FIXME: this is really hack for now
+	PWQUALITY_STATIC_LIBS="$PWQUALITY_LIBS -lcrack -lz"
+fi
+
 dnl ==========================================================================
 dnl Crypto backend functions

 AC_DEFUN([CONFIGURE_GCRYPT], [
-	AM_PATH_LIBGCRYPT(1.1.42,,[AC_MSG_ERROR('You need the gcrypt library')])
+	if test "x$with_fips" = "xyes"; then
+		GCRYPT_REQ_VERSION=1.4.5
+	else
+		GCRYPT_REQ_VERSION=1.1.42
+	fi
+	dnl Check if we can use gcrypt PBKDF2 (1.6.0 supports empty password)
+	AC_ARG_ENABLE([gcrypt-pbkdf2], AS_HELP_STRING([--enable-gcrypt-pbkdf2],[force enable internal gcrypt PBKDF2]),
+		[use_internal_pbkdf2=0],
+		[AM_PATH_LIBGCRYPT([1.6.0], [use_internal_pbkdf2=0], [use_internal_pbkdf2=1])])
+	AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])

 	if test x$enable_static_cryptsetup = xyes; then
 		saved_LIBS=$LIBS
@@ -80,13 +145,16 @@ AC_DEFUN([CONFIGURE_GCRYPT], [
 	CRYPTO_CFLAGS=$LIBGCRYPT_CFLAGS
 	CRYPTO_LIBS=$LIBGCRYPT_LIBS
 	CRYPTO_STATIC_LIBS=$LIBGCRYPT_STATIC_LIBS
+
+	AC_DEFINE_UNQUOTED(GCRYPT_REQ_VERSION, ["$GCRYPT_REQ_VERSION"], [Requested gcrypt version])
 ])

 AC_DEFUN([CONFIGURE_OPENSSL], [
 	PKG_CHECK_MODULES([OPENSSL], [openssl >= 0.9.8],,
-		AC_MSG_ERROR('You need openssl library'))
+		AC_MSG_ERROR([You need openssl library.]))
 	CRYPTO_CFLAGS=$OPENSSL_CFLAGS
 	CRYPTO_LIBS=$OPENSSL_LIBS
+	use_internal_pbkdf2=0

 	if test x$enable_static_cryptsetup = xyes; then
 		saved_PKG_CONFIG=$PKG_CONFIG
@@ -95,41 +163,53 @@ AC_DEFUN([CONFIGURE_OPENSSL], [
 		CRYPTO_STATIC_LIBS=$OPENSSL_LIBS
 		PKG_CONFIG=$saved_PKG_CONFIG
 	fi
+	NO_FIPS([])
 ])

 AC_DEFUN([CONFIGURE_NSS], [
 	if test x$enable_static_cryptsetup = xyes; then
-		AC_MSG_ERROR([Static build of cryptsetup is not supported with NSS.]),
+		AC_MSG_ERROR([Static build of cryptsetup is not supported with NSS.])
 	fi

 	AC_MSG_WARN([NSS backend does NOT provide backward compatibility (missing ripemd160 hash).])

 	PKG_CHECK_MODULES([NSS], [nss],,
-		AC_MSG_ERROR('You need nss library'))
+		AC_MSG_ERROR([You need nss library.]))
+
+	saved_CFLAGS=$CFLAGS
+	CFLAGS="$CFLAGS $NSS_CFLAGS"
+	AC_CHECK_DECLS([NSS_GetVersion], [], [], [#include <nss.h>])
+	CFLAGS=$saved_CFLAGS
+
 	CRYPTO_CFLAGS=$NSS_CFLAGS
 	CRYPTO_LIBS=$NSS_LIBS
+	use_internal_pbkdf2=1
+	NO_FIPS([])
 ])

 AC_DEFUN([CONFIGURE_KERNEL], [
 	AC_CHECK_HEADERS(linux/if_alg.h,,
-		[AC_MSG_ERROR('You need Linux kernel with userspace crypto interface.')])
+		[AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface.])])
 #	AC_CHECK_DECLS([AF_ALG],,
-#		[AC_MSG_ERROR('You need Linux kernel with userspace crypto interface.')],
+#		[AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
 #		[#include <sys/socket.h>])
-
+	use_internal_pbkdf2=1
+	NO_FIPS([])
 ])

 AC_DEFUN([CONFIGURE_NETTLE], [
 	AC_CHECK_HEADERS(nettle/sha.h,,
-		[AC_MSG_ERROR('You need Nettle cryptographic library.')])
+		[AC_MSG_ERROR([You need Nettle cryptographic library.])])

 	saved_LIBS=$LIBS
 	AC_CHECK_LIB(nettle, nettle_ripemd160_init,,
-		[AC_MSG_ERROR('You need Nettle library version 2.4 or more recent.')])
+		[AC_MSG_ERROR([You need Nettle library version 2.4 or more recent.])])
 	CRYPTO_LIBS=$LIBS
 	LIBS=$saved_LIBS

 	CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
+	use_internal_pbkdf2=1
+	NO_FIPS([])
 ])

 dnl ==========================================================================
@@ -144,7 +224,17 @@ if test x$enable_static_cryptsetup = xyes; then
 		enable_static=yes
 	fi
 fi
-AM_CONDITIONAL(STATIC_CRYPTSETUP, test x$enable_static_cryptsetup = xyes)
+AM_CONDITIONAL(STATIC_TOOLS, test x$enable_static_cryptsetup = xyes)
+
+AC_ARG_ENABLE(veritysetup,
+	AS_HELP_STRING([--disable-veritysetup],
+	[disable veritysetup support]),[], [enable_veritysetup=yes])
+AM_CONDITIONAL(VERITYSETUP, test x$enable_veritysetup = xyes)
+
+AC_ARG_ENABLE([cryptsetup-reencrypt],
+	AS_HELP_STRING([--enable-cryptsetup-reencrypt],
+	[enable cryptsetup-reencrypt tool]))
+AM_CONDITIONAL(REENCRYPT, test x$enable_cryptsetup_reencrypt = xyes)

 AC_ARG_ENABLE(selinux,
 	AS_HELP_STRING([--disable-selinux],
@@ -166,6 +256,7 @@ LIBS=$saved_LIBS

 LIBS="$LIBS $DEVMAPPER_LIBS"
 AC_CHECK_DECLS([dm_task_secure_data], [], [], [#include <libdevmapper.h>])
+AC_CHECK_DECLS([dm_task_retry_remove], [], [], [#include <libdevmapper.h>])
 AC_CHECK_DECLS([DM_UDEV_DISABLE_DISK_RULES_FLAG], [have_cookie=yes], [have_cookie=no], [#include <libdevmapper.h>])
 if test "x$enable_udev" = xyes; then
 	if test "x$have_cookie" = xno; then
@@ -181,6 +272,19 @@ AC_ARG_WITH([crypto_backend],
 	AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [gcrypt]]),
 	[], with_crypto_backend=gcrypt
 )
+
+dnl Kernel crypto API backend needed for benchmark and tcrypt
+AC_ARG_ENABLE([kernel_crypto], AS_HELP_STRING([--disable-kernel_crypto],
+	[disable kernel userspace crypto (no benchmark and tcrypt)]),
+	[with_kernel_crypto=$enableval],
+	[with_kernel_crypto=yes])
+
+if test "x$with_kernel_crypto" = "xyes"; then
+	AC_CHECK_HEADERS(linux/if_alg.h,,
+		[AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface. (Or use --disable-kernel_crypto.)])])
+	AC_DEFINE(ENABLE_AF_ALG, 1, [Enable using of kernel userspace crypto])
+fi
+
 case $with_crypto_backend in
 	gcrypt)  CONFIGURE_GCRYPT([]) ;;
 	openssl) CONFIGURE_OPENSSL([]) ;;
@@ -195,6 +299,9 @@ AM_CONDITIONAL(CRYPTO_BACKEND_NSS,     test $with_crypto_backend = nss)
 AM_CONDITIONAL(CRYPTO_BACKEND_KERNEL,  test $with_crypto_backend = kernel)
 AM_CONDITIONAL(CRYPTO_BACKEND_NETTLE,  test $with_crypto_backend = nettle)

+AM_CONDITIONAL(CRYPTO_INTERNAL_PBKDF2, test $use_internal_pbkdf2 = 1)
+AC_DEFINE_UNQUOTED(USE_INTERNAL_PBKDF2, [$use_internal_pbkdf2], [Use internal PBKDF2])
+
 dnl Magic for cryptsetup.static build.
 if test x$enable_static_cryptsetup = xyes; then
 	saved_PKG_CONFIG=$PKG_CONFIG
@@ -230,12 +337,16 @@ fi
 AC_SUBST([DEVMAPPER_LIBS])
 AC_SUBST([DEVMAPPER_STATIC_LIBS])

+AC_SUBST([PWQUALITY_LIBS])
+AC_SUBST([PWQUALITY_STATIC_LIBS])
+
 AC_SUBST([CRYPTO_CFLAGS])
 AC_SUBST([CRYPTO_LIBS])
 AC_SUBST([CRYPTO_STATIC_LIBS])

 AC_SUBST([LIBCRYPTSETUP_VERSION])
 AC_SUBST([LIBCRYPTSETUP_VERSION_INFO])
+AC_SUBST([LIBCRYPTSETUP_VERSION_FIPS])

 dnl ==========================================================================
 AC_ARG_ENABLE([dev-random], AS_HELP_STRING([--enable-dev-random],
@@ -286,14 +397,20 @@ CS_NUM_WITH([plain-keybits],[key length in bits for plain mode], [256])

 CS_STR_WITH([luks1-hash],   [hash function for LUKS1 header], [sha1])
 CS_STR_WITH([luks1-cipher], [cipher for LUKS1], [aes])
-CS_STR_WITH([luks1-mode],   [cipher mode for LUKS1], [cbc-essiv:sha256])
+CS_STR_WITH([luks1-mode],   [cipher mode for LUKS1], [xts-plain64])
 CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256])
+CS_NUM_WITH([luks1-iter-time],[PBKDF2 iteration time for LUKS1 (in ms)], [1000])

 CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes])
 CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256])

-CS_NUM_WITH([keyfile-size-maxkb],[maximum keyfile size (in kilobytes)], [8192])
-CS_NUM_WITH([passphrase-size-max],[maximum keyfile size (in kilobytes)], [512])
+CS_NUM_WITH([keyfile-size-maxkb],[maximum keyfile size (in KiB)], [8192])
+CS_NUM_WITH([passphrase-size-max],[maximum keyfile size (in characters)], [512])
+
+CS_STR_WITH([verity-hash],       [hash function for verity mode], [sha256])
+CS_NUM_WITH([verity-data-block], [data block size for verity mode], [4096])
+CS_NUM_WITH([verity-hash-block], [hash block size for verity mode], [4096])
+CS_NUM_WITH([verity-salt-size],  [salt size for verity mode], [32])

 dnl ==========================================================================

@@ -303,6 +420,8 @@ lib/libcryptsetup.pc
 lib/crypto_backend/Makefile
 lib/luks1/Makefile
 lib/loopaes/Makefile
+lib/verity/Makefile
+lib/tcrypt/Makefile
 src/Makefile
 po/Makefile.in
 man/Makefile
--- a/docs/ChangeLog.old
+++ b/docs/ChangeLog.old
@@ -0,0 +1,887 @@
+2012-12-21  Milan Broz  <gmazyland@gmail.com>
+	* Since version 1.6 This file is no longer maintained.
+	* See version control log http://code.google.com/p/cryptsetup/source/list
+
+2012-10-11  Milan Broz  <gmazyland@gmail.com>
+	* Added keyslot checker (by Arno Wagner).
+	* Version 1.5.1.
+
+2012-09-11  Milan Broz  <gmazyland@gmail.com>
+	* Add crypt_keyslot_area() API call.
+
+2012-08-27  Milan Broz  <gmazyland@gmail.com>
+	* Optimize seek to keyfile-offset (Issue #135, thx to dreisner).
+	* Fix luksHeaderBackup for very old v1.0 unaligned LUKS headers.
+
+2012-08-12  Milan Broz  <gmazyland@gmail.com>
+	* Allocate loop device late (only when real block device needed).
+	* Rework underlying device/file access functions.
+	* Create hash image if doesn't exist in veritysetup format.
+	* Provide better error message if running as non-root user (device-mapper, loop).
+
+2012-07-10  Milan Broz  <gmazyland@gmail.com>
+	* Version 1.5.0.
+
+2012-06-25  Milan Broz  <gmazyland@gmail.com>
+	* Add --device-size option for reencryption tool.
+	* Switch to use unit suffix for --reduce-device-size option.
+	* Remove open device debugging feature (no longer needed).
+	* Fix library name for FIPS check.
+
+2012-06-20  Milan Broz  <gmazyland@gmail.com>
+	* Version 1.5.0-rc2.
+
+2012-06-18  Milan Broz  <gmazyland@gmail.com>
+	* Introduce cryptsetup-reencrypt - experimental offline LUKS reencryption tool.
+	* Fix luks-header-from-active script (do not use LUKS header on-disk, add UUID).
+	* Add --test-passphrase option for luksOpen (check passphrase only).
+
+2012-06-11  Milan Broz  <gmazyland@gmail.com>
+	* Introduce veritysetup for dm-verity target management.
+	* Version 1.5.0-rc1.
+
+2012-06-10  Milan Broz  <gmazyland@gmail.com>
+	* Both data and header device can now be a file.
+	* Loop is automatically allocated in crypt_set_data_device().
+	* Require only up to last keyslot area for header device (ignore data offset).
+	* Fix header backup and restore to work on files with large data offset.
+
+2012-05-27  Milan Broz  <gmazyland@gmail.com>
+	* Fix readonly activation if underlying device is readonly (1.4.0).
+	* Include stddef.h in libdevmapper.h (size_t definition).
+	* Version 1.4.3.
+
+2012-05-21  Milan Broz  <gmazyland@gmail.com>
+	* Add --enable-fips for linking with fipscheck library.
+	* Initialize binary and library selfcheck if running in FIPS mode.
+	* Use FIPS RNG in FIPS mode for KEY and SALT (only gcrypt backend supported).
+
+2012-05-09  Milan Broz  <gmazyland@gmail.com>
+	* Fix keyslot removal (wipe keyslot) for device with 4k hw block (1.4.0).
+	* Allow empty cipher (cipher_null) for testing.
+
+2012-05-02  Milan Broz  <gmazyland@gmail.com>
+	* Fix loop mapping on readonly file.
+	* Relax --shared test, allow mapping even for overlapping segments.
+	* Support shared flag for LUKS devices (dangerous).
+	* Switch on retry on device remove for libdevmapper.
+	* Allow "private" activation (skip some udev global rules) flag.
+
+2012-04-09  Milan Broz  <gmazyland@gmail.com>
+	* Fix header check to support old (cryptsetup 1.0.0) header alignment. (1.4.0)
+	* Version 1.4.2.
+
+2012-03-16  Milan Broz  <gmazyland@gmail.com>
+	* Add --keyfile-offset and --new-keyfile-offset parameters to API and CLI.
+	* Add repair command and crypt_repair() for known LUKS metadata problems repair.
+	* Allow to specify --align-payload only for luksFormat.
+
+2012-03-16  Milan Broz  <mbroz@redhat.com>
+	* Unify password verification option.
+	* Support password verification with quiet flag if possible. (1.2.0)
+	* Fix retry if entered passphrases (with verify option) do not match.
+	* Support UUID=<LUKS_UUID> format for device specification.
+
+2012-02-11  Milan Broz  <mbroz@redhat.com>
+	* Add --master-key-file option to luksOpen (open using volume key).
+
+2012-01-12  Milan Broz  <mbroz@redhat.com>
+	* Fix use of empty keyfile.
+
+2011-11-13  Milan Broz  <mbroz@redhat.com>
+	* Fix error message for luksClose and detached LUKS header.
+	* Allow --header for status command to get full info with detached header.
+
+2011-11-09  Milan Broz  <mbroz@redhat.com>
+	* Version 1.4.1.
+
+2011-11-05  Milan Broz  <mbroz@redhat.com>
+	* Merge pycryptsetup (Python libcryptsetup bindings).
+	* Fix stupid typo in set_iteration_time API call.
+	* Fix cryptsetup status output if parameter is device path.
+
+2011-10-27  Milan Broz  <mbroz@redhat.com>
+	* Fix crypt_get_volume_key_size() for plain device.
+	* Fix FSF address in license text.
+
+2011-10-25  Milan Broz  <mbroz@redhat.com>
+	* Print informative message in isLuks only in verbose mode.
+	* Version 1.4.0.
+
+2011-10-10  Milan Broz  <mbroz@redhat.com>
+	* Version 1.4.0-rc1.
+
+2011-10-05  Milan Broz  <mbroz@redhat.com>
+	* Support Nettle 2.4 crypto backend (for ripemd160).
+	* If device is not rotational, do not use Gutmann wipe method.
+	* Add crypt_last_error() API call.
+	* Fix luksKillSLot exit code if slot is inactive or invalid.
+	* Fix exit code if passphrases do not match in luksAddKey.
+	* Add LUKS on-disk format description into package.
+
+2011-09-22  Milan Broz  <mbroz@redhat.com>
+	* Support key-slot option for luksOpen (use only explicit keyslot).
+
+2011-08-22  Milan Broz  <mbroz@redhat.com>
+	* Add more paranoid checks for LUKS header and keyslot attributes.
+	* Fix crypt_load to properly check device size.
+	* Use new /dev/loop-control (kernel 3.1) if possible.
+	* Enhance check of device size before writing LUKS header.
+	* Do not allow context format of already formatted device.
+
+2011-07-25  Milan Broz  <mbroz@redhat.com>
+	* Remove hash/hmac restart from crypto backend and make it part of hash/hmac final.
+	* Improve check for invalid offset and size values.
+
+2011-07-19  Milan Broz  <mbroz@redhat.com>
+	* Revert default initialisation of volume key in crypt_init_by_name().
+	* Do not allow key retrieval while suspended (key could be wiped).
+	* Do not allow suspend for non-LUKS devices.
+	* Support retries and timeout parameters for luksSuspend.
+	* Add --header option for detached metadata (on-disk LUKS header) device.
+	* Add crypt_init_by_name_and_header() and crypt_set_data_device() to API.
+	* Allow different data offset setting for detached header.
+
+2011-07-07  Milan Broz  <mbroz@redhat.com>
+	* Remove old API functions (all functions using crypt_options).
+	* Add --enable-discards option to allow discards/TRIM requests.
+	* Add crypt_get_iv_offset() function to API.
+
+2011-07-01  Milan Broz  <mbroz@redhat.com>
+	* Add --shared option for creating non-overlapping crypt segments.
+	* Add shared flag to libcryptsetup api.
+	* Fix plain crypt format parameters to include size option (API change).
+
+2011-06-08  Milan Broz  <mbroz@redhat.com>
+	* Fix return code for status command when device doesn't exists.
+
+2011-05-24  Milan Broz  <mbroz@redhat.com>
+	* Version 1.3.1.
+
+2011-05-17  Milan Broz  <mbroz@redhat.com>
+	* Fix keyfile=- processing in create command (1.3.0).
+	* Simplify device path status check.
+
+2011-05-03  Milan Broz  <mbroz@redhat.com>
+	* Do not ignore size argument for create command (1.2.0).
+
+2011-04-18  Milan Broz  <mbroz@redhat.com>
+	* Fix error paths in blockwise code and lseek_write call.
+	* Add Nettle crypto backend support.
+
+2011-04-05  Milan Broz  <mbroz@redhat.com>
+	* Version 1.3.0.
+
+2011-03-22  Milan Broz  <mbroz@redhat.com>
+	* Also support --skip and --hash option for loopaesOpen.
+	* Fix return code when passphrase is read from pipe.
+	* Document cryptsetup exit codes.
+
+2011-03-18  Milan Broz  <mbroz@redhat.com>
+	* Respect maximum keyfile size paramater.
+	* Introduce maximum default keyfile size, add configure option.
+	* Require the whole key read from keyfile in create command (broken in 1.2.0).
+	* Fix offset option for loopaesOpen.
+	* Lock memory also in luksDump command.
+	* Version 1.3.0-rc2.
+
+2011-03-14  Milan Broz  <mbroz@redhat.com>
+	* Version 1.3.0-rc1.
+
+2011-03-11  Milan Broz  <mbroz@redhat.com>
+	* Add loop manipulation code and support mapping of images in file.
+	* Add backing device loop info into status message.
+	* Add luksChangeKey command.
+
+2011-03-05  Milan Broz  <mbroz@redhat.com>
+	* Add exception to COPYING for binary distribution linked with OpenSSL library.
+	* Set secure data flag (wipe all ioclt buffers) if devmapper library supports it.
+
+2011-01-29  Milan Broz  <mbroz@redhat.com>
+	* Fix mapping removal if device disappeared but node still exists.
+	* Fix luksAddKey return code if master key is used.
+
+2011-01-25  Milan Broz  <mbroz@redhat.com>
+	* Add loop-AES handling (loopaesOpen and loopaesClose commands).
+	 (requires kernel 2.6.38 and above)
+
+2011-01-05  Milan Broz  <mbroz@redhat.com>
+	* Fix static build (--disable-static-cryptsetup now works properly).
+
+2010-12-30  Milan Broz  <mbroz@redhat.com>
+	* Add compile time crypto backends implementation
+	  (gcrypt, OpenSSL, NSS and userspace Linux kernel crypto api).
+	* Currently NSS is lacking ripemd160, cannot provide full plain compatibility.
+	* Use --with-crypto_backend=[gcrypt|openssl|nss|kernel] to configure.
+
+2010-12-20  Milan Broz  <mbroz@redhat.com>
+	* Version 1.2.0.
+
+2010-11-25  Milan Broz  <mbroz@redhat.com>
+	* Fix crypt_activate_by_keyfile() to work with PLAIN devices.
+	* Fix create command to properly handle keyfile size.
+
+2010-11-16  Milan Broz  <mbroz@redhat.com>
+	* Version 1.2.0-rc1.
+
+2010-11-13  Milan Broz  <mbroz@redhat.com>
+	* Fix password callback call.
+	* Fix default plain password entry from terminal in activate_by_passphrase.
+	* Add --dump-master-key option for luksDump to allow volume key dump.
+	* Allow to activate by internally cached volume key
+	  (format/activate without keyslots active - used for temporary devices).
+	* Initialize volume key from active device in crypt_init_by_name()
+	* Fix cryptsetup binary exitcodes.
+	* Increase library version (still binary compatible with 1.1.x release).
+
+2010-11-01  Milan Broz  <mbroz@redhat.com>
+	* No longer support luksDelKey, reload and --non-exclusive.
+	* Remove some obsolete info from man page.
+	* Add crypt_get_type(), crypt_resize(), crypt_keyslot_max()
+	and crypt_get_active_device() to API.
+	* Rewrite all implementations in cryptsetup to new API.
+	* Fix luksRemoveKey to behave as documented (do not ask
+	for remaining keyslot passphrase).
+	* Add more regression tests for commands.
+	* Disallow mapping of device which is already in use (mapped or mounted).
+	* Disallow luksFormat on device in use.
+
+2010-10-27  Milan Broz  <mbroz@redhat.com>
+	* Rewrite cryptsetup luksFormat, luksOpen, luksAddKey to use new API
+	  to allow adding new features.
+	* Implement --use-random and --use-urandom for luksFormat to allow
+	  setting of RNG for volume key generator.
+	* Add crypt_set_rng_type() and crypt_get_rng_type() to API.
+	* Add crypt_set_uuid() to API.
+	* Allow UUID setting in luksFormat and luksUUID (--uuid parameter).
+	* Add --keyfile-size and --new-keyfile-size (in bytes) size and disallow overloading
+	  of --key-size for limiting keyfile reads.
+	* Fix luksFormat to properly use key file with --master-key-file switch.
+	* Fix possible double free when handling master key file.
+
+2010-10-17  Milan Broz  <mbroz@redhat.com>
+	* Add crypt_get_device_name() to API (get underlying device name).
+	* Change detection for static libraries.
+	* Fix pkg-config use in automake scripts.
+	* Remove --disable-shared-library switch and handle static library build
+	  by common libtool logic (using --enable-static).
+	* Add --enable-static-cryptsetup option to build cryptsetup.static binary
+	  together with shared build.
+
+2010-08-05  Milan Broz  <mbroz@redhat.com>
+	* Wipe iteration and salt after KillSlot in LUKS header.
+	* Rewrite file differ test to C (and fix it to really work).
+	* Switch to 1MiB default alignment of data.
+	  For more info see https://bugzilla.redhat.com/show_bug.cgi?id=621684
+	* Do not query non-existent device twice (cryptsetup status /dev/nonexistent).
+	* Check if requested hash is supported before writing LUKS header.
+
+2010-07-28  Arno Wagner <arno@wagner.name>
+	* Add FAQ (Frequently Asked Questions) file to distribution.
+
+2010-07-03  Milan Broz  <mbroz@redhat.com>
+	* Fix udev support for old libdevmapper with not compatible definition.
+	* Version 1.1.3.
+
+2010-06-01  Milan Broz  <mbroz@redhat.com>
+	* Fix device alignment ioctl calls parameters.
+	* Fix activate_by_* API calls to handle NULL device name as documented.
+
+2010-05-30  Milan Broz  <mbroz@redhat.com>
+	* Version 1.1.2.
+
+2010-05-27  Milan Broz  <mbroz@redhat.com>
+	* Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile.
+	* Support --key-file/-d option for luksFormat.
+	* Fix description of --key-file and add --verbose and --debug options to man page.
+	* Add verbose log level and move unlocking message there.
+	* Remove device even if underlying device disappeared.
+	* Fix (deprecated) reload device command to accept new device argument.
+
+2010-05-23  Milan Broz  <mbroz@redhat.com>
+	* Fix luksClose operation for stacked DM devices.
+	* Version 1.1.1.
+
+2010-05-03  Milan Broz  <mbroz@redhat.com>
+	* Fix automatic dm-crypt module loading.
+	* Escape hyphens in man page.
+	* Version 1.1.1-rc2.
+
+2010-04-30  Milan Broz  <mbroz@redhat.com>
+	* Try to use pkgconfig for device mapper library.
+	* Detect old dm-crypt module and disable LUKS suspend/resume.
+	* Fix apitest to work on older systems.
+	* Allow no hash specification in plain device constructor.
+	* Fix luksOpen reading of passphrase on stdin (if "-" keyfile specified).
+	* Fix isLuks to initialise crypto backend (blkid instead is suggested anyway).
+	* Version 1.1.1-rc1.
+
+2010-04-12  Milan Broz  <mbroz@redhat.com>
+	* Fix package config to use proper package version.
+	* Avoid class C++ keyword in library header.
+	* Detect and use devmapper udev support if available (disable by --disable-udev).
+
+2010-04-06  Milan Broz  <mbroz@redhat.com>
+	* Prefer some device paths in status display.
+	* Support device topology detectionfor data alignment.
+
+2010-02-25  Milan Broz  <mbroz@redhat.com>
+	* Do not verify unlocking passphrase in luksAddKey command.
+	* Properly initialise crypto backend in header backup/restore commands.
+
+2010-01-17  Milan Broz  <mbroz@redhat.com>
+	* If gcrypt compiled with capabilities, document workaround for cryptsetup (see lib/gcrypt.c).
+	* Version 1.1.0.
+
+2010-01-10  Milan Broz  <mbroz@redhat.com>
+	* Fix initialisation of gcrypt duting luksFormat.
+	* Convert hash name to lower case in header (fix sha1 backward comatible header)
+	* Check for minimum required gcrypt version.
+
+2009-12-30  Milan Broz  <mbroz@redhat.com>
+	* Fix key slot iteration count calculation (small -i value was the same as default).
+	* The slot and key digest iteration minimun is now 1000.
+	* The key digest iteration # is calculated from iteration time (approx 1/8 of that).
+	* Version 1.1.0-rc4.
+
+2009-12-11  Milan Broz  <mbroz@redhat.com>
+	* Fix error handling during reading passhrase.
+
+2009-12-01  Milan Broz  <mbroz@redhat.com>
+	* Allow changes of default compiled-in cipher parameters through configure.
+	* Switch default key size for LUKS to 256bits.
+	* Switch default plain mode to aes-cbc-essiv:sha256 (default is backward incompatible!).
+
+2009-11-14  Milan Broz  <mbroz@redhat.com>
+	* Add CRYPT_ prefix to enum defined in libcryptsetup.h.
+	* Fix status call to fail when running as non-root user.
+	* Check in configure if selinux libraries are required in static version.
+	* Add temporary debug code to find processes locking internal device.
+	* Simplify build system, use autopoint and clean gettext processing.
+	* Use proper NLS macros and detection (so the message translation works again).
+	* Version 1.1.0-rc3.
+
+2009-09-30  Milan Broz  <mbroz@redhat.com>
+	* Fix exported symbols and versions in libcryptsetup.
+	* Do not use internal lib functions in cryptsetup.
+	* Add crypt_log to library.
+	* Fix crypt_remove_device (remove, luksClose) implementation.
+	* Move dm backend initialisation to library calls.
+	* Move duplicate Command failed message to verbose level (error is printed always).
+	* Add some password and used algorithms notes to man page.
+	* Version 1.1.0-rc2.
+
+2009-09-28  Milan Broz  <mbroz@redhat.com>
+	* Add luksHeaderBackup and luksHeaderRestore commands.
+	* Fail passphrase read if piped input no longer exists.
+	* Version 1.1.0-rc1.
+
+2009-09-15  Milan Broz  <mbroz@redhat.com>
+	* Initialize crypto library before LUKS header load.
+	* Fix manpage to not require --size which expands to device size by default.
+
+2009-09-10  Milan Broz  <mbroz@redhat.com>
+	* Clean up Makefiles and configure script.
+	* Version 1.1.0-test0.
+
+2009-09-08  Milan Broz  <mbroz@redhat.com>
+	* Use dm-uuid for all crypt devices, contains device type and name now.
+	* Try to read first sector from device to properly check that device is ready.
+
+2009-09-02  Milan Broz  <mbroz@redhat.com>
+	* Add luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase).
+
+2009-08-30  Milan Broz  <mbroz@redhat.com>
+	* Require device device-mapper to build and do not use backend wrapper for dm calls.
+	* Move memory locking and dm initialization to command layer.
+	* Increase priority of process if memory is locked.
+	* Add log macros and make logging modre consitent.
+	* Move command successful messages to verbose level.
+	* Introduce --debug parameter.
+	* Move device utils code and provide context parameter (for log).
+	* Keyfile now must be provided by path, only stdin file descriptor is used (api only).
+	* Do not call isatty() on closed keyfile descriptor.
+	* Run performance check for PBKDF2 from LUKS code, do not mix hash algoritms results.
+	* Add ability to provide pre-generated master key and UUID in LUKS header format.
+	* Add LUKS function to verify master key digest.
+	* Move key slot manuipulation function into LUKS specific code.
+	* Replace global options struct with separate parameters in helper functions.
+	* Add new libcryptsetup API (documented in libcryptsetup.h).
+	* Implement old API calls using new functions.
+	* Remove old API code helper functions.
+	* Add --master-key-file option for luksFormat and luksAddKey.
+
+2009-08-17  Milan Broz  <mbroz@redhat.com>
+	* Fix PBKDF2 speed calculation for large passhrases.
+	* Allow using passphrase provided in options struct for LuksOpen.
+	* Allow restrict keys size in LuksOpen.
+
+2009-07-30  Milan Broz  <mbroz@redhat.com>
+	* Fix errors when compiled with LUKS_DEBUG.
+	* Print error when getline fails.
+	* Remove po/cryptsetup-luks.pot, it's autogenerated.
+	* Return ENOENT for empty keyslots, EINVAL will be used later for other type of error.
+	* Switch PBKDF2 from internal SHA1 to libgcrypt, make hash algorithm not hardcoded to SHA1 here.
+	* Add required parameters for changing hash used in LUKS key setup scheme.
+	* Do not export simple XOR helper now used only inside AF functions.
+	* Completely remove internal SHA1 implementanion code, not needed anymore.
+	* Enable hash algorithm selection for LUKS through -h luksFormat option.
+
+2009-07-28  Milan Broz  <mbroz@redhat.com>
+	* Pad luks header to 512 sector size.
+	* Rework read/write blockwise to not split operation to many pieces.
+	* Use posix_memalign if available.
+
+2009-07-22  Milan Broz  <mbroz@redhat.com>
+	* Fix segfault if provided slot in luksKillslot is invalid.
+	* Remove unneeded timeout when remove of temporary device succeeded.
+
+2009-07-22  Milan Broz  <mbroz@redhat.com>
+	* version 1.0.7
+
+2009-07-16  Milan Broz  <mbroz@redhat.com>
+	* Allow removal of last slot in luksRemoveKey and luksKillSlot.
+
+2009-07-11  Milan Broz  <mbroz@redhat.com>
+
+	* Add --disable-selinux option and fix static build if selinux is required.
+	* Reject unsupported --offset and --skip options for luksFormat and update man page.
+
+2009-06-22  Milan Broz  <mbroz@redhat.com>
+
+	* Summary of changes in subversion for 1.0.7-rc1:
+	* Various man page fixes.
+	* Set UUID in device-mapper for LUKS devices.
+	* Retain readahead of underlying device.
+	* Display device name when asking for password.
+	* Check device size when loading LUKS header. Remove misleading error message later.
+	* Add error hint if dm-crypt mapping failed.
+	* Use better error messages if device doesn't exist or is already used by other mapping.
+	* Fix make distcheck.
+	* Check if all slots are full during luksAddKey.
+	* Fix segfault in set_error.
+	* Code cleanups, remove precompiled pot files, remove unnecessary files from po directory
+	* Fix uninitialized return value variable in setup.c.
+	* Code cleanups. (thanks to Ivan Stankovic)
+	* Fix wrong output for remaining key at key deletion.
+	* Allow deletion of key slot while other keys have the same key information.
+	* Add missing AM_PROG_CC_C_O to configure.in
+	* Remove duplicate sentence in man page.
+	* Wipe start of device (possible fs signature) before LUKS-formatting.
+	* Do not process configure.in in hidden directories.
+	* Return more descriptive error in case of IO or header format error.
+	* Use remapping to error target instead of calling udevsettle for temporary crypt device.
+	* Check device mapper communication and warn user if device-mapper support missing in kernel.
+	* Fix signal handler to properly close device.
+	* write_lseek_blockwise: declare innerCount outside the if block.
+	* add -Wall to the default CFLAGS. fix some signedness issues.
+	* Error handling improvement.
+	* Add non-exclusive override to interface definition.
+	* Refactor key slot selection into keyslot_from_option.
+
+2007-05-01  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/backends.c, man/cryptsetup.8: Apply patch from Ludwig Nussel
+	<ludwig.nussel@suse.de>, for old SuSE compat hashing.
+
+2007-04-16  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* Summary of changes in subversion:
+	Fix segfault for key size > 32 bytes.
+	Kick ancient header version conversion. 
+	Fix http://bugs.debian.org/403075
+	No passwort retrying for I/O errors.
+	Fix hang on "-i 0".
+	Fix parenthesization error that prevented --tries from working
+	correctly.
+
+2006-11-28  gettextize  <bug-gnu-gettext@gnu.org>
+
+	* m4/gettext.m4: Upgrade to gettext-0.15.
+	* m4/glibc2.m4: New file, from gettext-0.15.
+	* m4/intmax.m4: New file, from gettext-0.15.
+	* m4/inttypes-h.m4: New file, from gettext-0.15.
+	* m4/inttypes-pri.m4: Upgrade to gettext-0.15.
+	* m4/lib-link.m4: Upgrade to gettext-0.15.
+	* m4/lib-prefix.m4: Upgrade to gettext-0.15.
+	* m4/lock.m4: New file, from gettext-0.15.
+	* m4/longdouble.m4: New file, from gettext-0.15.
+	* m4/longlong.m4: New file, from gettext-0.15.
+	* m4/nls.m4: Upgrade to gettext-0.15.
+	* m4/po.m4: Upgrade to gettext-0.15.
+	* m4/printf-posix.m4: New file, from gettext-0.15.
+	* m4/signed.m4: New file, from gettext-0.15.
+	* m4/size_max.m4: New file, from gettext-0.15.
+	* m4/visibility.m4: New file, from gettext-0.15.
+	* m4/wchar_t.m4: New file, from gettext-0.15.
+	* m4/wint_t.m4: New file, from gettext-0.15.
+	* m4/xsize.m4: New file, from gettext-0.15.
+	* m4/Makefile.am: New file.
+	* configure.in (AC_OUTPUT): Add m4/Makefile.
+	(AM_GNU_GETTEXT_VERSION): Bump to 0.15.
+
+2006-10-22  David Härdeman  <david@hardeman.nu>
+
+	* Allow hashing of keys passed through stdin.
+
+2006-10-13  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: 1.0.4 release
+
+2006-10-13  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* man/cryptsetup.8: Document --tries switch; patch by Jonas
+	Meurer.
+
+2006-10-13  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c: Added terminal timeout rewrite as forwarded by
+	Jonas Meurer
+
+2006-10-04  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* Merged patch from Marc Merlin <marc@merlins.org> to allow user
+	selection of key slot.
+
+2006-09-26  gettextize  <bug-gnu-gettext@gnu.org>
+
+	* m4/codeset.m4: Upgrade to gettext-0.14.4.
+	* m4/gettext.m4: Upgrade to gettext-0.14.4.
+	* m4/glibc2.m4: New file, from gettext-0.14.4.
+	* m4/glibc21.m4: Upgrade to gettext-0.14.4.
+	* m4/iconv.m4: Upgrade to gettext-0.14.4.
+	* m4/intdiv0.m4: Upgrade to gettext-0.14.4.
+	* m4/intmax.m4: New file, from gettext-0.14.4.
+	* m4/inttypes.m4: Upgrade to gettext-0.14.4.
+	* m4/inttypes_h.m4: Upgrade to gettext-0.14.4.
+	* m4/inttypes-pri.m4: Upgrade to gettext-0.14.4.
+	* m4/isc-posix.m4: Upgrade to gettext-0.14.4.
+	* m4/lcmessage.m4: Upgrade to gettext-0.14.4.
+	* m4/lib-ld.m4: Upgrade to gettext-0.14.4.
+	* m4/lib-link.m4: Upgrade to gettext-0.14.4.
+	* m4/lib-prefix.m4: Upgrade to gettext-0.14.4.
+	* m4/longdouble.m4: New file, from gettext-0.14.4.
+	* m4/longlong.m4: New file, from gettext-0.14.4.
+	* m4/nls.m4: Upgrade to gettext-0.14.4.
+	* m4/po.m4: Upgrade to gettext-0.14.4.
+	* m4/printf-posix.m4: New file, from gettext-0.14.4.
+	* m4/progtest.m4: Upgrade to gettext-0.14.4.
+	* m4/signed.m4: New file, from gettext-0.14.4.
+	* m4/size_max.m4: New file, from gettext-0.14.4.
+	* m4/stdint_h.m4: Upgrade to gettext-0.14.4.
+	* m4/uintmax_t.m4: Upgrade to gettext-0.14.4.
+	* m4/ulonglong.m4: Upgrade to gettext-0.14.4.
+	* m4/wchar_t.m4: New file, from gettext-0.14.4.
+	* m4/wint_t.m4: New file, from gettext-0.14.4.
+	* m4/xsize.m4: New file, from gettext-0.14.4.
+	* Makefile.am (ACLOCAL_AMFLAGS): New variable.
+	* configure.in (AM_GNU_GETTEXT_VERSION): Bump to 0.14.4.
+
+2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: 1.0.4-rc2
+
+2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* luks/Makefile.am: Add a few regression tests 
+
+2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c (get_key): Applied patch from David Härdeman
+	<david@2gen.com> for reading binary keys from stdin using
+	the "-" as key file.
+
+2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c (__crypt_luks_add_key): For checking options struct
+	(optionsCheck) filter out CRYPT_FLAG_VERIFY and
+	CRYPT_FLAG_VERIFY_IF_POSSIBLE, so that in no case password verification is done
+	for password retrieval.
+
+2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: Merge Patch from http://bugs.gentoo.org/show_bug.cgi?id=132126 for sepol
+
+2006-07-23  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* Applied patches from David Härdeman <david@2gen.com> to fix 64
+	bit compiler warning issues.
+
+2006-05-19  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* Applied patches from Jonas Meurer
+	  - fix terminal status after timeout
+	  - add remark for --tries to manpage
+	  - allow more than 32 chars from standard input.
+	  - exit status fix for cryptsetup status.
+
+2006-05-06  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* src/cryptsetup.c (yesDialog): Fix getline problem for 64-bit archs. 
+
+2006-04-05  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: Release 1.0.3.
+
+	* Applied patch by Johannes Weißl for more meaningful exit codes
+	and password retries
+
+2006-03-30  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c (__crypt_create_device): (char *) -> (const char *)
+
+2006-03-30  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* Apply alignPayload patch from Peter Palfrader <weasel@debian.org>
+
+2006-03-15  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: 1.0.3-rc3. Most unplease release ever. 
+	* lib/setup.c (__crypt_create_device): More verbose error message.
+
+2006-02-26  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c: Revert to 1.0.1 key reading.
+
+2006-02-25  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* man/cryptsetup.8: merge patch from Jonas Meurer
+
+2006-02-25  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: 1.0.3-rc2
+
+2006-02-25  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/libdevmapper.c (dm_create_device): Remove dup check here.
+	* lib/setup.c (__crypt_luks_open): Adopt same dup check as regular
+	create command.
+
+2006-02-22  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: Spin 1.0.3-rc1
+
+2006-02-22  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* src/cryptsetup.c (action_create): Change defaulting.
+	(action_luksFormat): Change defaulting.
+
+	* lib/setup.c (parse_into_name_and_mode): Revert that default
+	change. This is FORBIDDEN here, as it will change cryptsetup
+	entire default. This is BAD in a non-LUKS world.
+
+2006-02-21  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* luks/keyencryption.c (setup_mapping): Add proper size restriction to mapping.	
+	(LUKS_endec_template): Add more verbose error message.
+
+2006-02-21  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/libdevmapper.c (dm_query_device): Incorporate patch from
+	Bastian Blank
+	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344313
+
+2006-02-21  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* src/cryptsetup.c: Rename show_error -> show_status.
+
+2006-02-20  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/libdevmapper.c (dm_create_device): Prevent existing mapping
+	from being removed when a mapping with the same name is added
+
+	* Add timeout patch from Jonas Meurer 
+
+	* src/cryptsetup.c: Remove conditional error printing to enable
+	printing the no-error msg (Command successful). Verify passphrase
+	for LUKS volumes.
+	(main): Add no-verify-passphrase
+
+	* lib/setup.c (parse_into_name_and_mode): Change default mode complition to essiv:sha256.
+
+2006-01-04  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* src/cryptsetup.c (help): Merge patch from Gentoo: change gettext(..) to _(..).
+
+2005-12-06  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* man/cryptsetup.8: Correct "seconds" to "microseconds" in the explaination for -i.
+
+2005-11-09  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* src/cryptsetup.c (main): Add version string.
+
+2005-11-08  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/backends.c: compile fix. 
+
+2005-09-11  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c (get_key): Fixed another incompatibility from my
+	get_key rewrite with original cryptsetup.
+
+2005-09-11  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* Merged changes from Florian Knauf's fk02 branch.
+
+2005-09-08  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c (get_key): Fixed another incompatiblity with
+	original cryptsetup.
+
+2005-08-20  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* Checked in a patch from Michael Gebetsroither <gebi@sbox.tugraz.at>
+	  to silent all confirmation dialogs.
+
+2005-06-23  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* src/cryptsetup.c (help): print PACKAGE_STRING
+
+2005-06-20  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* luks/keymanage.c (LUKS_set_key): Security check against header manipulation
+
+	* src/cryptsetup.c (action_luksDelKey): Safety check in luksDelKey
+
+	* luks/keymanage.c: Changed disk layout generation to align key material to 4k boundaries.
+	(LUKS_is_last_keyslot): Added LUKS_is_last_keyslot function.
+
+        * Applied patch from Bill Nottingham fixing a lot of prototypes.
+
+	* src/cryptsetup.c (action_luksOpen): Add support for -r flag.
+
+	* configure.in: Version bump 1.0.1
+
+2005-06-16  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c (__crypt_luks_open): Remove mem leaking of dmCipherSpec.
+	(get_key): Fix missing zero termination for read string. 
+
+2005-06-12  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* luks/keyencryption.c (setup_mapping): Added CRYPT_FLAG_READONLY in case of O_RDONLY mode
+
+2005-06-11  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: Version bump 1.0.1-pre
+
+2005-06-09  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/utils.c: Added write_llseek_blocksize method to support sector wiping on sector_size != 512 
+	media
+
+2005-05-23  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c (crypt_luksDelKey): Added missing return statement
+	(setup_leave): Added missing return statement
+
+	* luks/keyencryption.c (clear_mapping): Added missing return statement
+
+2005-05-19  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/utils.c (write_blockwise, read_blockwise): Changed to soft bsize instead of SECTOR_SIZE
+
+	* luks/keymanage.c (wipe): Changed open mode to O_DIRECT | O_SYNC, and changed write 
+	to use the blockwise write helper
+
+2005-04-21  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* man/cryptsetup.8: Corrected an error, thanks to Dick Middleton.
+
+2005-04-09  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* luks/sha/hmac.c: Add 64 bit bug fix courtesy to 
+	Oliver Paukstadt <pstadt@sourcentral.org>.
+
+	* luks/pbkdf.c, luks/keyencryption.c, luks/keymanage.c, luks/af.c: Added a license 
+	disclaimer and remove option for "any future GPL versions".
+
+2005-03-25  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: man page Makefile. Version bump 1.0.
+
+	* man/cryptsetup.8: finalize man page and move to section 8.
+
+	* src/cryptsetup.c (action_luksFormat): Add "are you sure" for interactive sessions.
+
+	* lib/setup.c (crypt_luksDump), src/cryptsetup.c: add LUKS dump command
+
+2005-03-24  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* src/cryptsetup.c, luks/Makefile.am (test), lib/setup.c (setup_enter): 
+	rename luksInit to luksFormat
+
+2005-03-12  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* man/cryptsetup.1: Add man page.
+
+	* lib/setup.c: Remove unneccessary LUKS_write_phdr call, so the
+	phdr is written after passphrase reading, so the user can change
+	his mind, and not have a partial written LUKS header on it's disk.
+
+2005-02-09  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* luks/keymanage.c (LUKS_write_phdr): converted argument phdr to
+	pointer, and make a copy of phdr for conversion
+
+	* configure.in: Version dump.
+
+	* luks/keyencryption.c: Convert to read|write_blockwise.
+
+	* luks/keymanage.c: Convert to read|write_blockwise.
+
+	* lib/utils.c: Add read|write_blockwise functions, to use in
+	O_DIRECT file accesses. 
+
+2004-03-11 Thursday 15:52   Christophe Saout <christophe@saout.de>
+
+	* lib/blockdev.h: BLKGETSIZE64 really uses size_t as third
+	  argument, the rest is wrong.
+
+2004-03-10 Wednesday 17:50   Christophe Saout <christophe@saout.de>
+
+	* lib/: libcryptsetup.h, libdevmapper.c: Small fixes.
+
+2004-03-09 Tuesday 21:41   Christophe Saout <christophe@saout.de>
+
+	* lib/internal.h, lib/libcryptsetup.h, lib/libdevmapper.c,
+	  lib/setup.c, po/de.po, src/cryptsetup.c: Added internal flags to
+	  keep track of malloc'ed return values in struct crypt_options and
+	  add a function to free the memory. Also add a readonly flag to
+	  libcryptsetup.
+
+2004-03-09 Tuesday 16:03   Christophe Saout <christophe@saout.de>
+
+	* ChangeLog, configure.in, setup-gettext, lib/Makefile.am,
+	  lib/backends.c, lib/blockdev.h, lib/gcrypt.c, lib/internal.h,
+	  lib/libcryptsetup.h, lib/libdevmapper.c, lib/setup.c,
+	  lib/utils.c, po/de.po, src/Makefile.am, src/cryptsetup.c: More
+	  reorganization work.
+
+2004-03-08 Monday 01:38   Christophe Saout <christophe@saout.de>
+
+	* ChangeLog, Makefile.am, acinclude.m4, configure.in,
+	  lib/Makefile.am, lib/backends.c, lib/blockdev.h, lib/gcrypt.c,
+	  lib/libdevmapper.c, lib/setup.c, lib/utils.c, po/de.po,
+	  src/Makefile.am: BLKGETSIZE64 fixes and started modularity
+	  enhancements
+
+2004-03-04 Thursday 21:06   Christophe Saout <christophe@saout.de>
+
+	* Makefile.am, po/de.po, src/cryptsetup.c, src/cryptsetup.h: First
+	  backward compatible working version.
+
+2004-03-04 Thursday 00:42   Christophe Saout <christophe@saout.de>
+
+	* NEWS, AUTHORS, ChangeLog, Makefile.am, README, autogen.sh,
+	  configure.in, setup-gettext, po/ChangeLog, po/LINGUAS,
+	  po/POTFILES.in, po/de.po, src/cryptsetup.c, src/cryptsetup.h,
+	  src/Makefile.am (utags: initial): Initial checkin.
+
+2004-03-04 Thursday 00:42   Christophe Saout <christophe@saout.de>
+
+	* NEWS, AUTHORS, ChangeLog, Makefile.am, README, autogen.sh,
+	  configure.in, setup-gettext, po/ChangeLog, po/LINGUAS,
+	  po/POTFILES.in, po/de.po, src/cryptsetup.c, src/cryptsetup.h,
+	  src/Makefile.am: Initial revision
--- a/docs/doxygen_index
+++ b/docs/doxygen_index
@@ -3,6 +3,8 @@
 *
 * The documentation covers public parts of cryptsetup API. In the following sections you'll find
 * the examples that describe some features of cryptsetup API.
+ * For more info about libcryptsetup API versions see
+ * <a href="http://upstream-tracker.org/versions/libcryptsetup.html">Upstream Tracker</a>.
 *
 * <OL type="A">
 *	<LI>@ref cexamples "Cryptsetup API examples"</LI>
--- a/docs/v1.4.0-ReleaseNotes
+++ b/docs/v1.4.0-ReleaseNotes
@@ -62,14 +62,14 @@ WARNING: This release removes old deprecated API from libcryptsetup
            cannot properly work (there is filesystem allocation layer between
            header and disk).

-* Support --enable-discards option to allow discards/TRIM requests.
+* Support --allow-discards option to allow discards/TRIM requests.

   Since kernel 3.1, dm-crypt devices optionally (not by default) support
-   block discards (TRIM) comands.
+   block discards (TRIM) commands.
   If you want to enable this operation, you have to enable it manually
-   on every activation using --enable-discards
+   on every activation using --allow-discards

-          cryptsetup luksOpen --enable-discards /dev/sdb test_disk
+          cryptsetup luksOpen --allow-discards /dev/sdb test_disk

   WARNING: There are several security consequences, please read at least
            http://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html
--- a/docs/v1.4.2-ReleaseNotes
+++ b/docs/v1.4.2-ReleaseNotes
@@ -0,0 +1,44 @@
+Cryptsetup 1.4.2 Release Notes
+==============================
+
+Changes since version 1.4.1
+
+* Add --keyfile-offset and --new-keyfile-offset parameters to API and CLI.
+  These options can be used to skip start of keyfile or device used as keyfile.
+
+* Add repair command and crypt_repair() for known LUKS metadata problems repair.
+
+  Some well-known LUKS metadata corruptions are easy to repair, this
+  command should provide a way to fix these problems.
+
+  Always create binary backup of header device before running repair,
+  (only 4kB - visible header) for example by using dd:
+     dd if=/dev/<LUKS header device> of=repair_bck.img bs=1k count=4
+
+  Then you can try to run repair:
+     cryptsetup repair <device>
+
+ Note, not all problems are possible to repair and if keyslot or some header
+ parameters are overwritten, device is lost permanently.
+
+* Fix header check to support old (cryptsetup 1.0.0) header alignment.
+  (Regression in 1.4.0)
+
+* Allow to specify --align-payload only for luksFormat.
+
+* Add --master-key-file option to luksOpen (open using volume key).
+
+* Support UUID=<LUKS_UUID> format for device specification.
+  You can open device by UUID (only shortcut to /dev/disk/by-uuid/ symlinks).
+
+* Support password verification with quiet flag if possible. (1.2.0)
+  Password verification can be still possible if input is terminal.
+
+* Fix retry if entered passphrases (with verify option) do not match.
+  (It should retry if requested, not fail.)
+
+* Fix use of empty keyfile.
+
+* Fix error message for luksClose and detached LUKS header.
+
+* Allow --header for status command to get full info with detached header.
--- a/docs/v1.4.3-ReleaseNotes
+++ b/docs/v1.4.3-ReleaseNotes
@@ -0,0 +1,62 @@
+Cryptsetup 1.4.3 Release Notes
+==============================
+
+Changes since version 1.4.2
+
+* Fix readonly activation if underlying device is readonly (1.4.0).
+
+* Fix loop mapping on readonly file.
+
+* Include stddef.h in libdevmapper.h (size_t definition).
+
+* Fix keyslot removal for device with 4k hw block (1.4.0).
+(Wipe keyslot failed in this case.)
+
+* Relax --shared flag to allow mapping even for overlapping segments.
+
+  The --shared flag (and API CRYPT_ACTIVATE_SHARED flag) is now able
+  to map arbitrary overlapping area. From API it is even usable
+  for LUKS devices.
+  It is user responsibility to not cause data corruption though.
+
+  This allows e.g. scubed to work again and also allows some
+  tricky extensions later.
+
+* Allow empty cipher (cipher_null) for testing.
+
+  You can now use "null" (or directly cipher_null-ecb) in cryptsetup.
+  This means no encryption, useful for performance tests
+  (measure dm-crypt layer overhead).
+
+* Switch on retry on device remove for libdevmapper.
+  Device-mapper now retry removal if device is busy.
+
+* Allow "private" activation (skip some udev global rules) flag.
+  Cryptsetup library API now allows to specify CRYPT_ACTIVATE_PRIVATE,
+  which means that some udev rules are not processed.
+  (Used for temporary devices, like internal keyslot mappings where
+  it is not desirable to run any device scans.)
+
+* This release also includes some Red Hat/Fedora specific extensions
+related to FIPS140-2 compliance.
+
+In fact, all these patches are more formal changes and are just subset
+of building blocks for FIPS certification. See FAQ for more details
+about FIPS.
+
+FIPS extensions are enabled by using --enable-fips configure switch.
+
+In FIPS mode (kernel booted with fips=1 and gcrypt in FIPS mode)
+
+  - it provides library and binary integrity verification using
+  libfipscheck (requires pre-generated checksums)
+
+  - it uses FIPS approved RNG for encryption key and salt generation
+  (note that using /dev/random is not formally FIPS compliant RNG).
+
+ - only gcrypt crypto backend is currently supported in FIPS mode.
+
+The FIPS RNG requirement for salt comes from NIST SP 800-132 recommendation.
+(Recommendation for Password-Based Key Derivation. Part 1: Storage Applications.
+http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf)
+LUKS should be aligned to this recommendation otherwise.
--- a/docs/v1.5.0-ReleaseNotes
+++ b/docs/v1.5.0-ReleaseNotes
@@ -0,0 +1,241 @@
+Cryptsetup 1.5.0 Release Notes
+==============================
+
+This release covers mainly inclusion of:
+
+  * Veritysetup tool (and related libcryptsetup extensions for dm-verity).
+
+  * Experimental cryptsetup-reencrypt tool (LUKS offline reencryption).
+
+Changes since version 1.5.0-rc2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+  * Add --device-size option for reencryption tool.
+
+  * Switch to use unit suffix for --reduce-device-size option.
+
+  * Remove open device debugging feature (no longer needed).
+
+  * Fix library name for FIPS check.
+
+  * Add example of using reencryption inside dracut (see misc/dracut).
+
+Changes since version 1.5.0-rc1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Introduce cryptsetup-reencrypt - experimental offline LUKS reencryption tool.
+
+! cryptsetup-reencrypt tool is EXPERIMENTAL
+! ALWAYS BE SURE YOU HAVE RELIABLE BACKUP BEFORE USING THIS TOOL
+
+This tool tries to simplify situation when you need to re-encrypt the whole
+LUKS device in situ (without need to move data elsewhere).
+
+This can happen for example when you want to change volume (master) key,
+encryption algorithm, or other encryption parameter.
+
+Cryptsetup-reencrypt can even optionally shift data on device
+(reducing data device size - you need some free space at the end of device).
+
+In general, cryptsetup-reencrypt can be used to
+
+ - re-generate volume key
+ - change arbitrary encryption parameters
+ - add encryption to not yet encrypted drive
+
+Side effect of reencryption is that final device will contain
+only ciphertext (for all sectors) so even if device was not properly
+wiped by random data, after reencryption you cannot distinguish
+which sectors are used.
+(Reecryption is done always for the whole device.)
+
+There are for sure bugs, please TEST IT IN TEST ENVIRONMENT before
+use for your data.
+
+This tool is not resistant to HW and kernel failures - hw crash
+will cause serious data corruption.
+
+You can enable compilation of this tool with --enable-cryptsetup-reencrypt
+configure option (it is switched off by default).
+(Tool requires libcryptsetup 1.4.3 and later.)
+
+You have to provide all keyslot passphrases or use --keyslot-option
+(then all other keyslots will be disabled).
+
+EXAMPLES (from man page)
+
+Reencrypt /dev/sdb1 (change volume key)
+   # cryptsetup-reencrypt /dev/sdb1
+
+Reencrypt and also change cipher and cipher mode
+  # cryptsetup-reencrypt /dev/sdb1 -c aes-xts-plain64
+
+  Note: if you are changing key size, there must be enough space
+  for keyslots in header or you have to use --reduce-device size and
+  reduce fs in advance.
+
+Add LUKS encryption to not yet encrypted device
+  First, be sure you have space added to disk.
+  Or, alternatively, shrink filesystem in advance.
+
+  Here we need 4096 512-bytes sectors (enough for 2x128 bit key).
+
+  # fdisk -u /dev/sdb # move sdb1 partition end + 4096 sectors
+
+  # cryptsetup-reencrypt /dev/sdb1 --new --reduce-device-size 4096
+
+There are some options which can improve performance (depends on system),
+namely --use-directio (use direct IO for all operations) can be faster
+on some systems. See man page.
+
+Progress and estimated time is printed during reencryption.
+
+You can suspend reencryption (using ctrl+c or term signal).
+To continue reencryption you have to provide only
+the device parameter (offset is stored in temporary log file).
+
+Please note LUKS device is marked invalid during reencryption and
+you have to retain tool temporary files until reencryption finishes.
+
+Temporary files are LUKS-<uuid>.[log|org|new]
+
+Other changes
+~~~~~~~~~~~~~
+
+  * Fix luks-header-from-active script (do not use LUKS header on-disk, add UUID).
+
+  * Add --test-passphrase option for luksOpen (check passphrase only).
+
+  * Fix parsing of hexadecimal string (salt or root hash) in veritysetup.
+
+Changes since version 1.4.3
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Introduce veritysetup tool for dm-verity target management.
+
+The dm-verity device-mapper target was added to Linux kernel 3.4 and
+provides transparent integrity checking of block devices using a cryptographic
+digest provided by the kernel crypto API. This target is read-only.
+
+It is meant to be setup as part of a verified boot path (it was originally
+developed by Chrome OS authors as part of verified boot infrastructure).
+
+For deeper description please see http://code.google.com/p/cryptsetup/wiki/DMVerity
+and kernel dm-verity documentation.
+
+The libcryptsetup library was extended to support manipulation
+with dm-verity kernel module and new veritysetup CLI tool is added.
+
+There are no additional library requirements (it uses the same crypto
+backend as cryptsetup).
+
+If you want compile cryptsetup without veritysetup tool,
+use --disable-veritysetup configure option.
+For other configuration option see configure --help and veritysetup --help
+(e.g. default parameters).
+
+Supported libcryptsetup functions new CRYPT_VERITY type:
+  crypt_init
+  crypt_init_by_name
+  crypt_set_data device
+  crypt_get_type
+  crypt_format
+  crypt_load
+  crypt_get_active_device
+  crypt_activate_by_volume_key (volume key == root hash here)
+  crypt_dump
+and new introduced function
+  crypt_get_verity_info
+
+Please see comments in libcryptsetup.h and veritysetup.c as an code example
+how to use CRYPT_VERITY API.
+
+The veritysetup tool supports these operations:
+
+  veritysetup format <data_device> <hash_device>
+    Formats <hash_device> (calculates all hash areas according to <data_device>).
+    This is initial command to prepare device <hash_device> for later verification.
+
+  veritysetup create <name> <data_device> <hash_device> <root_hash>
+    Creates (activates) a dm-verity mapping with <name> backed by device <data_device>
+    and using <hash_device> for in-kernel verification.
+
+  veritysetup verify <data_device> <hash_device> <root_hash>
+    Verifies data in userspace (no kernel device is activated).
+
+  veritysetup remove <name>
+    Removes activated device from kernel (similar to dmsetup remove).
+
+  veritysetup status <name>
+    Reports status for the active kernel dm-verity device.
+
+  veritysetup dump <hash_device>
+    Reports parameters of verity device from on-disk stored superblock.
+
+For more info see veritysetup --help and veritysetup man page.
+
+Other changes
+~~~~~~~~~~~~~
+
+  * Both data and header device can now be a file and
+    loop device is automatically allocated.
+
+  * Require only up to last keyslot area for header device, previously
+    backup (and activation) required device/file of size up to data start
+    offset (data payload).
+
+  * Fix header backup and restore to work on files with large data offset.
+    Backup and restore now works even if backup file is smaller than data offset.
+
+Appendix: Examples of veritysetup use
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
+
+ Format device using default parameters, info and final root hash is printed:
+ # veritysetup format /dev/sdb /dev/sdc
+ VERITY header information for /dev/sdc
+ UUID:                   fad30431-0c59-4fa6-9b57-732a90501f75
+ Hash type:              1
+ Data blocks:            52224
+ Data block size:        4096
+ Hash block size:        4096
+ Hash algorithm:         sha256
+ Salt:                   5cc52759af76a092e0c21829cd0ef6938f69831bf86926525106f92a7e9e3aa9
+ Root hash:              7aefa4506f7af497ac491a27f862cf8005ea782a5d97f6426945a6896ab557a1
+
+ Activation of device in-kernel:
+ # veritysetup create vr /dev/sdb /dev/sdc 7aefa4506f7af497ac491a27f862cf8005ea782a5d97f6426945a6896ab557a1
+ Note - if device is corrupted, kernel mapping is created but will report failure:
+ Verity device detected corruption after activation.
+
+ Userspace verification:
+ # veritysetup verify /dev/sdb /dev/sdc 7aefa4506f7af497ac491a27f862cf8005ea782a5d97f6426945a6896ab557a1
+  Verification failed at position 8192.
+  Verification of data area failed.
+
+ Active device status report:
+ # veritysetup status vr
+ /dev/mapper/vr is active.
+   type:        VERITY
+   status:      verified
+   hash type:   1
+   data block:  4096
+   hash block:  4096
+   hash name:   sha256
+   salt:        5cc52759af76a092e0c21829cd0ef6938f69831bf86926525106f92a7e9e3aa9
+   data device: /dev/sdb
+   size:        417792 sectors
+   mode:        readonly
+   hash device: /dev/sdc
+   hash offset: 8 sectors
+
+ Dump of on-disk superblock information:
+ # veritysetup dump /dev/sdc
+ VERITY header information for /dev/sdc
+ UUID:                   fad30431-0c59-4fa6-9b57-732a90501f75
+ Hash type:              1
+ Data blocks:            52224
+ Data block size:        4096
+ Hash block size:        4096
+ Hash algorithm:         sha256
+ Salt:                   5cc52759af76a092e0c21829cd0ef6938f69831bf86926525106f92a7e9e3aa9
+
+ Remove mapping:
+ # veritysetup remove vr
--- a/docs/v1.5.1-ReleaseNotes
+++ b/docs/v1.5.1-ReleaseNotes
@@ -0,0 +1,32 @@
+Cryptsetup 1.5.1 Release Notes
+==============================
+
+Changes since version 1.5.0
+
+* The libcryptsetup library now tries to initialize device-mapper backend and
+  loop devices only if they are really needed (lazy initializations).
+  This allows some operations to be run by a non-root user.
+
+  (Unfortunately LUKS header keyslot operations still require temporary dm-crypt
+  device and device-mapper subsystem is available only to superuser.)
+
+  Also clear error messages are provided if running as non-root user and
+  operation requires privileged user.
+
+* Veritysetup can be now used by a normal user for creating hash image to file
+  and also it can create hash image if doesn't exist.
+  (Previously it required pre-allocated space.)
+
+* Added crypt_keyslot_area() API call which allows external tools
+  to get exact keyslot offsets and analyse content.
+
+  An example of a tool that searches the keyslot area of a LUKS container
+  for positions where entropy is low and hence there is a high probability
+  of damage is in misc/kesylot_checker.
+  (Thanks to Arno Wagner for the code.)
+
+* Optimized seek to keyfile-offset if key offset is large.
+
+* Fixed luksHeaderBackup for very old v1.0 unaligned LUKS headers.
+
+* Various fixes for problems found by a several static analysis tools.
--- a/docs/v1.6.0-ReleaseNotes
+++ b/docs/v1.6.0-ReleaseNotes
@@ -0,0 +1,261 @@
+Cryptsetup 1.6.0 Release Notes
+==============================
+
+Changes since version 1.6.0-rc1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ * Change LUKS default cipher to to use XTS encryption mode,
+   aes-xts-plain64 (i.e. using AES128-XTS).
+
+   XTS mode becomes standard in hard disk encryption.
+
+   You can still use any old mode:
+    - compile cryptsetup with old default:
+      configure --with-luks1-cipher=aes --with-luks1-mode=cbc-essiv:sha256 --with-luks1-keybits=256
+    - format LUKS device with old default:
+      cryptsetup luksFormat -c aes-cbc-essiv:sha256 -s 256 <device>
+
+
+ * Skip tests and fix error messages if running on old systems (or with old kernel).
+
+ * Rename configure.in to configure.ac and fix issues with new automake and pkgconfig
+   and --disable-kernel_crypto option to allow compilation with old kernel headers.
+
+ * Allow repair of 512 bits key header.
+
+ * Fix status of device if path argument is used and fix double path prefix
+   for non-existent device path.
+
+
+Changes since version 1.5.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Important changes
+~~~~~~~~~~~~~~~~~
+
+ * Cryptsetup and libcryptsetup is now released under GPLv2+
+   (GPL version 2 or any later).
+   Some internal code handling files (loopaes, verity, tcrypt
+   and crypto backend wrapper) are LGPLv2+.
+
+   Previously code was GPL version 2 only.
+
+
+ * Introducing new unified command open and close.
+
+   Example:
+      cryptsetup open --type plain|luks|loopaes|tcrypt <device> <name>
+      (type defaults to luks)
+
+   with backward-compatible aliases plainOpen, luksOpen, loopaesOpen,
+   tcryptOpen. Basically "open --type xyz" has alias "xyzOpen".
+
+   The "create" command (plain device create) is DEPRECATED but will
+   be still supported.
+   (This command is confusing because of switched arguments order.)
+
+   The close command is generic command to remove mapping and have
+   backward compatible aliases (remove, luksClose, ...) which behaves
+   exactly the same.
+
+   While all old syntax is still supported, I strongly suggest to use
+   new command syntax which is common for all device types (and possible
+   new formats added in future).
+
+
+ * cryptsetup now support directly TCRYPT (TrueCrypt and compatible tc-play)
+   on-disk format
+   (Code is independent implementation not related to original project).
+
+   Only dump (tcryptDump command) and activation (open --type tcrypt or tcryptOpen)
+   of TCRYPT device are supported. No header changes are supported.
+
+   It is intended to easily access containers shared with other operating systems
+   without need to install 3rd party software. For native Linux installations LUKS
+   is the preferred format.
+
+   WARNING: TCRYPT extension requires kernel userspace crypto API to be
+   available (introduced in Linux kernel 2.6.38).
+   If you are configuring kernel yourself, enable "User-space interface
+   for symmetric key cipher algorithms" in "Cryptographic API" section
+   (CRYPTO_USER_API_SKCIPHER .config option).
+
+   Because  TCRYPT  header  is encrypted, you have to always provide valid
+   passphrase and keyfiles. Keyfiles are handled exactly the same as in original
+   format (basically, first 1MB of every keyfile is mixed using CRC32 into pool).
+
+   Cryptsetup should recognize all TCRYPT header variants ever released, except
+   legacy  cipher chains  using LRW encryption mode with 64 bits encryption block
+   (namely Blowfish in LRW mode is not recognized, this is limitation of kernel
+   crypto API).
+
+   Device activation is supported only for LRW/XTS modes (again, limitation
+   of kernel dmcrypt which do not implements TCRYPT extensions to CBC mode).
+   (So old containers cannot be activated, but you can use libcryptsetup
+   for lost password search, example of such code is included in misc directory.)
+
+   Hidden header are supported using --tcrypt-hidden option, system encryption
+   using --tcrypt-system option.
+
+   For detailed description see man page.
+
+   EXAMPLE:
+     * Dump device parameters of container in file:
+
+     # cryptsetup tcryptDump tst
+       Enter passphrase: 
+
+     TCRYPT header information for tst
+     Version:        5
+     Driver req.:    7
+     Sector size:    512
+     MK offset:      131072
+     PBKDF2 hash:    sha512
+     Cipher chain:   serpent-twofish-aes
+     Cipher mode:    xts-plain64
+     MK bits:        1536
+
+     You can also dump master key using --dump-master-key.
+     Dump does not require superuser privilege.
+
+     * Activation of this container
+
+     # cryptsetup tcryptOpen tst tcrypt_dev
+       Enter passphrase: 
+      (Chain of dmcrypt devices is activated as /dev/mapper/tcrypt_dev.)
+
+     * See status of active TCRYPT device
+
+     # cryptsetup status tcrypt_dev
+
+     /dev/mapper/tcrypt_dev is active.
+     type:    TCRYPT
+     cipher:  serpent-twofish-aes-xts-plain64
+     keysize: 1536 bits
+     device:  /dev/loop0
+     loop:    /tmp/tst
+     offset:  256 sectors
+     size:    65024 sectors
+     skipped: 256 sectors
+     mode:    read/write
+
+    * And plaintext filesystem now ready to mount
+
+    # blkid /dev/mapper/tcrypt_dev
+    /dev/mapper/tcrypt_dev: SEC_TYPE="msdos" UUID="9F33-2954" TYPE="vfat"
+
+
+ * Add (optional) support for lipwquality for new LUKS passwords.
+
+   If password is entered through terminal (no keyfile specified)
+   and cryptsetup is compiled with --enable-pwquality, default
+   system pwquality settings are used to check password quality.
+
+   You can always override this check by using new --force-password option.
+
+   For more info about pwquality project see http://libpwquality.fedorahosted.org/
+
+
+ * Proper handle interrupt signals (ctrl+c and TERM signal) in tools
+
+   Code should now handle interrupt properly, release and explicitly wipe
+   in-memory key materials on interrupt.
+   (Direct users of libcryptsetup should always call crypt_free() when
+   code is interrupted to wipe all resources. There is no signal handling
+   in library, it is up to the tool using it.)
+
+ 
+ * Add new benchmark command
+
+   The "benchmark" command now tries to benchmark PBKDF2 and some block
+   cipher variants. You can specify you own parameters (--cipher/--key-size
+   for block ciphers, --hash for PBKDF2).
+
+   See man page for detailed description.
+
+   WARNING: benchmark command requires kernel userspace crypto API to be
+   available (introduced in Linux kernel 2.6.38).
+   If you are configuring kernel yourself, enable "User-space interface
+   for symmetric key cipher algorithms" in "Cryptographic API" section
+   (CRYPTO_USER_API_SKCIPHER .config option).
+
+   EXAMPLE:
+     # cryptsetup benchmark
+     # Tests are approximate using memory only (no storage IO).
+     PBKDF2-sha1       111077 iterations per second
+     PBKDF2-sha256      53718 iterations per second
+     PBKDF2-sha512      18832 iterations per second
+     PBKDF2-ripemd160   89775 iterations per second
+     PBKDF2-whirlpool   23918 iterations per second
+            #  Algorithm | Key | Encryption | Decryption
+          aes-cbc   128b  212.0 MiB/s  428.0 MiB/s
+      serpent-cbc   128b   23.1 MiB/s   66.0 MiB/s
+      twofish-cbc   128b   46.1 MiB/s   50.5 MiB/s
+          aes-cbc   256b  163.0 MiB/s  350.0 MiB/s
+      serpent-cbc   256b   23.1 MiB/s   66.0 MiB/s
+      twofish-cbc   256b   47.0 MiB/s   50.0 MiB/s
+          aes-xts   256b  190.0 MiB/s  190.0 MiB/s
+      serpent-xts   256b   58.4 MiB/s   58.0 MiB/s
+      twofish-xts   256b   49.0 MiB/s   49.5 MiB/s
+          aes-xts   512b  175.0 MiB/s  175.0 MiB/s
+      serpent-xts   512b   59.0 MiB/s   58.0 MiB/s
+      twofish-xts   512b   48.5 MiB/s   49.5 MiB/s
+
+     Or you can specify cipher yourself:
+     # cryptsetup benchmark --cipher cast5-cbc-essiv:sha256 -s 128
+     # Tests are approximate using memory only (no storage IO).
+     #  Algorithm | Key | Encryption | Decryption
+        cast5-cbc   128b   32.4 MiB/s   35.0 MiB/s
+
+     WARNING: these tests do not use dmcrypt, only crypto API.
+     You have to benchmark the whole device stack and you can get completely
+     different results. But is is usable for basic comparison.
+     (Note for example AES-NI decryption optimization effect in example above.)
+
+Features
+~~~~~~~~
+
+ * Do not maintain ChangeLog file anymore, see git log for detailed changes,
+   e.g. here http://code.google.com/p/cryptsetup/source/list
+
+ * Move change key into library, add crypt_keyslot_change_by_passphrase().
+   This change is useful mainly in FIPS mode, where we cannot
+   extract volume key directly from libcryptsetup.
+
+ * Add verbose messages during reencryption.
+
+ * Default LUKS PBKDF2 iteration time is now configurable.
+
+ * Add simple cipher benchmarking API.
+
+ * Add kernel skcipher backend.
+
+ * Add CRC32 implementation (for TCRYPT).
+
+ * Move PBKDF2 into crypto backend wrapper.
+   This allows use it in other formats, use library implementations and
+   also possible use of different KDF function in future.
+
+ * New PBKDF2 benchmark using getrusage().
+
+Fixes
+~~~~~
+
+ * Avoid O_DIRECT open if underlying storage doesn't support it.
+
+ * Fix some non-translated messages.
+
+ * Fix regression in header backup (1.5.1) with container in file.
+
+ * Fix blockwise read/write for end writes near end of device.
+   (was not used in previous versions)
+
+ * Ignore setpriority failure.
+
+ * Code changes to fix/ignore problems found by Coverity static analysis, including
+   - Get page size should never fail.
+   - Fix time of check/use (TOCTOU test) in tools
+   - Fix time of check/use in loop/wipe utils.
+   - Fix time of check/use in device utils.
+
+ * Disallow header restore if context is non-LUKS device.
--- a/docs/v1.6.1-ReleaseNotes
+++ b/docs/v1.6.1-ReleaseNotes
@@ -0,0 +1,32 @@
+Cryptsetup 1.6.1 Release Notes
+==============================
+
+Changes since version 1.6.0
+
+* Fix loop-AES keyfile parsing.
+  Loop-AES keyfile should be text keyfile, reject keyfiles which
+  are not properly terminated.
+
+* Fix passphrase pool overflow for too long TCRYPT passphrase.
+ (Maximal TCRYPT passphrase length is 64 characters.)
+
+* Return EPERM (translated to exit code 2) for too long TCRYPT passphrase.
+
+* Fix deactivation of device when failed underlying node disappeared.
+
+* Fix API deactivate call for TCRYPT format and NULL context parameter.
+
+* Improve keyslot checker example documentation.
+
+* Report error message if deactivation fails and device is still busy.
+
+* Make passphrase prompts more consistent (and remove "LUKS" form prompt).
+
+* Fix some missing headers (compilation failed with alternative libc).
+
+* Remove not functional API UUID support for plain & loopaes devices.
+  (not persistent activation UUID).
+
+* Properly cleanup devices on interrupt in api-test.
+
+* Support all tests run if kernel is in FIPS mode.
--- a/docs/v1.6.2-ReleaseNotes
+++ b/docs/v1.6.2-ReleaseNotes
@@ -0,0 +1,25 @@
+Cryptsetup 1.6.2 Release Notes
+==============================
+
+Changes since version 1.6.1
+
+* Print error and fail if more device arguments are present for isLuks command.
+
+* Fix cipher specification string parsing (found by gcc -fsanitize=address option).
+
+* Try to map TCRYPT system encryption through partition
+  (allows to activate mapping when other partition on the same device is mounted).
+
+* Print a warning if system encryption is used and device is a partition.
+  (TCRYPT system encryption uses whole device argument.)
+
+* Disallow explicit small payload offset for LUKS detached header.
+  LUKS detached header only allows data payload 0 (whole data device is used)
+  or explicit offset larger than header + keyslots size.
+
+* Fix boundary condition for verity device that caused failure for certain device sizes.
+
+* Various fixes to documentation, including update FAQ, default modes
+  and TCRYPT description.
+
+* Workaround for some recent changes in automake (serial-tests).
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -1,59 +1,65 @@
-SUBDIRS = crypto_backend luks1 loopaes
+SUBDIRS = crypto_backend luks1 loopaes verity tcrypt

 moduledir = $(libdir)/cryptsetup

 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libcryptsetup.pc

-INCLUDES = \
+AM_CPPFLAGS = -include config.h \
 	-I$(top_srcdir)				\
 	-I$(top_srcdir)/lib/crypto_backend	\
 	-I$(top_srcdir)/lib/luks1		\
 	-I$(top_srcdir)/lib/loopaes		\
+	-I$(top_srcdir)/lib/verity		\
+	-I$(top_srcdir)/lib/tcrypt		\
 	-DDATADIR=\""$(datadir)"\"		\
 	-DLIBDIR=\""$(libdir)"\"		\
 	-DPREFIX=\""$(prefix)"\"		\
 	-DSYSCONFDIR=\""$(sysconfdir)"\"	\
-	-DVERSION=\""$(VERSION)"\"		\
-	-D_GNU_SOURCE				\
-	-D_LARGEFILE64_SOURCE			\
-	-D_FILE_OFFSET_BITS=64
+	-DVERSION=\""$(VERSION)"\"

 lib_LTLIBRARIES = libcryptsetup.la

 common_ldadd = \
 	crypto_backend/libcrypto_backend.la	\
 	luks1/libluks1.la			\
-	loopaes/libloopaes.la
+	loopaes/libloopaes.la			\
+	verity/libverity.la			\
+	tcrypt/libtcrypt.la

 libcryptsetup_la_DEPENDENCIES = $(common_ldadd) libcryptsetup.sym

-libcryptsetup_la_LDFLAGS = \
+libcryptsetup_la_LDFLAGS = $(AM_LDFLAGS) -no-undefined \
 	-Wl,--version-script=$(top_srcdir)/lib/libcryptsetup.sym \
 	-version-info @LIBCRYPTSETUP_VERSION_INFO@

-libcryptsetup_la_CFLAGS = -Wall @CRYPTO_CFLAGS@
+libcryptsetup_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@

 libcryptsetup_la_LIBADD = \
 	@UUID_LIBS@				\
 	@DEVMAPPER_LIBS@			\
 	@CRYPTO_LIBS@				\
+	@FIPSCHECK_LIBS@			\
 	$(common_ldadd)


 libcryptsetup_la_SOURCES = \
 	setup.c					\
 	internal.h				\
+	bitops.h				\
 	nls.h					\
 	libcryptsetup.h				\
 	utils.c					\
+	utils_benchmark.c			\
 	utils_crypt.c				\
 	utils_crypt.h				\
-	utils_debug.c				\
 	utils_loop.c				\
 	utils_loop.h				\
 	utils_devpath.c				\
 	utils_wipe.c				\
+	utils_fips.c				\
+	utils_fips.h				\
+	utils_device.c				\
 	libdevmapper.c				\
 	utils_dm.h				\
 	volumekey.c				\
--- a/lib/bitops.h
+++ b/lib/bitops.h
@@ -0,0 +1,123 @@
+/*
+ * No copyright is claimed.  This code is in the public domain; do with
+ * it what you wish.
+ *
+ * Written by Karel Zak <kzak@redhat.com>
+ */
+#ifndef BITOPS_H
+#define BITOPS_H
+
+#include <stdint.h>
+#include <sys/param.h>
+
+#if defined(HAVE_BYTESWAP_H)
+# include <byteswap.h>
+#endif
+
+#if defined(HAVE_ENDIAN_H)
+#  include <endian.h>
+#elif defined(HAVE_SYS_ENDIAN_H)	/* BSDs have them here */
+#  include <sys/endian.h>
+#endif
+
+#if defined(__OpenBSD__)
+# include <sys/types.h>
+# define be16toh(x) betoh16(x)
+# define be32toh(x) betoh32(x)
+# define be64toh(x) betoh64(x)
+#endif
+
+/*
+ * Fallbacks
+ */
+#ifndef bswap_16
+# define bswap_16(x)   ((((x) & 0x00FF) << 8) | \
+			(((x) & 0xFF00) >> 8))
+#endif
+
+#ifndef bswap_32
+# define bswap_32(x)   ((((x) & 0x000000FF) << 24) | \
+			(((x) & 0x0000FF00) << 8)  | \
+			(((x) & 0x00FF0000) >> 8)  | \
+			(((x) & 0xFF000000) >> 24))
+#endif
+
+#ifndef bswap_64
+# define bswap_64(x) ((((x) & 0x00000000000000FFULL) << 56) | \
+                      (((x) & 0x000000000000FF00ULL) << 40) | \
+                      (((x) & 0x0000000000FF0000ULL) << 24) | \
+                      (((x) & 0x00000000FF000000ULL) << 8)  | \
+                      (((x) & 0x000000FF00000000ULL) >> 8)  | \
+                      (((x) & 0x0000FF0000000000ULL) >> 24) | \
+                      (((x) & 0x00FF000000000000ULL) >> 40) | \
+                      (((x) & 0xFF00000000000000ULL) >> 56))
+#endif
+
+#ifndef htobe16
+# if !defined(WORDS_BIGENDIAN)
+#  define htobe16(x) bswap_16 (x)
+#  define htole16(x) (x)
+#  define be16toh(x) bswap_16 (x)
+#  define le16toh(x) (x)
+#  define htobe32(x) bswap_32 (x)
+#  define htole32(x) (x)
+#  define be32toh(x) bswap_32 (x)
+#  define le32toh(x) (x)
+#  define htobe64(x) bswap_64 (x)
+#  define htole64(x) (x)
+#  define be64toh(x) bswap_64 (x)
+#  define le64toh(x) (x)
+# else
+#  define htobe16(x) (x)
+#  define htole16(x) bswap_16 (x)
+#  define be16toh(x) (x)
+#  define le16toh(x) bswap_16 (x)
+#  define htobe32(x) (x)
+#  define htole32(x) bswap_32 (x)
+#  define be32toh(x) (x)
+#  define le32toh(x) bswap_32 (x)
+#  define htobe64(x) (x)
+#  define htole64(x) bswap_64 (x)
+#  define be64toh(x) (x)
+#  define le64toh(x) bswap_64 (x)
+# endif
+#endif
+
+/*
+ * Byte swab macros (based on linux/byteorder/swab.h)
+ */
+#define swab16(x) bswap_16(x)
+#define swab32(x) bswap_32(x)
+#define swab64(x) bswap_64(x)
+
+#define cpu_to_le16(x) ((uint16_t) htole16(x))
+#define cpu_to_le32(x) ((uint32_t) htole32(x))
+#define cpu_to_le64(x) ((uint64_t) htole64(x))
+
+#define cpu_to_be16(x) ((uint16_t) htobe16(x))
+#define cpu_to_be32(x) ((uint32_t) htobe32(x))
+#define cpu_to_be64(x) ((uint64_t) htobe64(x))
+
+#define le16_to_cpu(x) ((uint16_t) le16toh(x))
+#define le32_to_cpu(x) ((uint32_t) le32toh(x))
+#define le64_to_cpu(x) ((uint64_t) le64toh(x))
+
+#define be16_to_cpu(x) ((uint16_t) be16toh(x))
+#define be32_to_cpu(x) ((uint32_t) be32toh(x))
+#define be64_to_cpu(x) ((uint64_t) be64toh(x))
+
+/*
+ * Bit map related macros. Usually provided by libc.
+ */
+#ifndef NBBY
+# define NBBY            CHAR_BIT
+#endif
+
+#ifndef setbit
+# define setbit(a,i)	((a)[(i)/NBBY] |= 1<<((i)%NBBY))
+# define clrbit(a,i)	((a)[(i)/NBBY] &= ~(1<<((i)%NBBY)))
+# define isset(a,i)	((a)[(i)/NBBY] & (1<<((i)%NBBY)))
+# define isclr(a,i)	(((a)[(i)/NBBY] & (1<<((i)%NBBY))) == 0)
+#endif
+
+#endif /* BITOPS_H */
--- a/lib/crypt_plain.c
+++ b/lib/crypt_plain.c
@@ -2,11 +2,13 @@
 * cryptsetup plain device helper functions
 *
 * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
- * Copyright (C) 2010-2011 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -22,8 +24,8 @@
 #include <stdlib.h>
 #include <errno.h>

+#include "libcryptsetup.h"
 #include "internal.h"
-#include "crypto_backend.h"

 static int hash(const char *hash_name, size_t key_size, char *key,
 		size_t passphrase_size, const char *passphrase)
--- a/lib/crypto_backend/Makefile.am
+++ b/lib/crypto_backend/Makefile.am
@@ -2,9 +2,10 @@ moduledir = $(libdir)/cryptsetup

 noinst_LTLIBRARIES = libcrypto_backend.la

-libcrypto_backend_la_CFLAGS = -Wall @CRYPTO_CFLAGS@
+libcrypto_backend_la_CFLAGS = $(AM_CFLAGS) -Wall @CRYPTO_CFLAGS@

-libcrypto_backend_la_SOURCES = crypto_backend.h
+libcrypto_backend_la_SOURCES = crypto_backend.h \
+	crypto_cipher_kernel.c pbkdf_check.c crc32.c

 if CRYPTO_BACKEND_GCRYPT
 libcrypto_backend_la_SOURCES += crypto_gcrypt.c
@@ -22,4 +23,8 @@ if CRYPTO_BACKEND_NETTLE
 libcrypto_backend_la_SOURCES += crypto_nettle.c
 endif

-INCLUDES = -D_GNU_SOURCE -I$(top_srcdir)/lib
+if CRYPTO_INTERNAL_PBKDF2
+libcrypto_backend_la_SOURCES += pbkdf2_generic.c
+endif
+
+AM_CPPFLAGS = -include config.h -I$(top_srcdir)/lib
--- a/lib/crypto_backend/crc32.c
+++ b/lib/crypto_backend/crc32.c
@@ -0,0 +1,116 @@
+/*
+ *  COPYRIGHT (C) 1986 Gary S. Brown.  You may use this program, or
+ *  code or tables extracted from it, as desired without restriction.
+ *
+ *  First, the polynomial itself and its table of feedback terms.  The
+ *  polynomial is
+ *  X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0
+ *
+ *  Note that we take it "backwards" and put the highest-order term in
+ *  the lowest-order bit.  The X^32 term is "implied"; the LSB is the
+ *  X^31 term, etc.  The X^0 term (usually shown as "+1") results in
+ *  the MSB being 1.
+ *
+ *  Note that the usual hardware shift register implementation, which
+ *  is what we're using (we're merely optimizing it by doing eight-bit
+ *  chunks at a time) shifts bits into the lowest-order term.  In our
+ *  implementation, that means shifting towards the right.  Why do we
+ *  do it this way?  Because the calculated CRC must be transmitted in
+ *  order from highest-order term to lowest-order term.  UARTs transmit
+ *  characters in order from LSB to MSB.  By storing the CRC this way,
+ *  we hand it to the UART in the order low-byte to high-byte; the UART
+ *  sends each low-bit to hight-bit; and the result is transmission bit
+ *  by bit from highest- to lowest-order term without requiring any bit
+ *  shuffling on our part.  Reception works similarly.
+ *
+ *  The feedback terms table consists of 256, 32-bit entries.  Notes
+ *
+ *      The table can be generated at runtime if desired; code to do so
+ *      is shown later.  It might not be obvious, but the feedback
+ *      terms simply represent the results of eight shift/xor opera-
+ *      tions for all combinations of data and CRC register values.
+ *
+ *      The values must be right-shifted by eight bits by the "updcrc"
+ *      logic; the shift must be unsigned (bring in zeroes).  On some
+ *      hardware you could probably optimize the shift in assembler by
+ *      using byte-swap instructions.
+ *      polynomial $edb88320
+ *
+ */
+
+#include <stdio.h>
+
+#include "crypto_backend.h"
+
+
+static const uint32_t crc32_tab[] = {
+	0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L,
+	0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L,
+	0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L,
+	0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
+	0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L,
+	0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L,
+	0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L,
+	0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
+	0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L,
+	0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL,
+	0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L,
+	0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
+	0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L,
+	0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL,
+	0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL,
+	0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
+	0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL,
+	0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L,
+	0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L,
+	0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
+	0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL,
+	0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L,
+	0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L,
+	0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
+	0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L,
+	0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L,
+	0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L,
+	0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
+	0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L,
+	0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL,
+	0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL,
+	0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
+	0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L,
+	0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL,
+	0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL,
+	0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
+	0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL,
+	0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L,
+	0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL,
+	0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
+	0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL,
+	0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L,
+	0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L,
+	0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
+	0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L,
+	0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L,
+	0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L,
+	0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
+	0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L,
+	0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L,
+	0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL,
+	0x2d02ef8dL
+};
+
+/*
+ * This a generic crc32() function, it takes seed as an argument,
+ * and does __not__ xor at the end. Then individual users can do
+ * whatever they need.
+ */
+uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len)
+{
+	uint32_t crc = seed;
+	const unsigned char *p = buf;
+
+	while(len-- > 0)
+		crc = crc32_tab[(crc ^ *p++) & 0xff] ^ (crc >> 8);
+
+	return crc;
+}
+
--- a/lib/crypto_backend/crypto_backend.h
+++ b/lib/crypto_backend/crypto_backend.h
@@ -1,17 +1,40 @@
+/*
+ * crypto backend implementation
+ *
+ * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Milan Broz
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
 #ifndef _CRYPTO_BACKEND_H
 #define _CRYPTO_BACKEND_H

-#include "libcryptsetup.h"
-#include "internal.h"
+#include <stdint.h>
+#include <string.h>

+struct crypt_device;
 struct crypt_hash;
 struct crypt_hmac;
+struct crypt_cipher;

 int crypt_backend_init(struct crypt_device *ctx);

 #define CRYPT_BACKEND_KERNEL (1 << 0)	/* Crypto uses kernel part, for benchmark */

 uint32_t crypt_backend_flags(void);
+const char *crypt_backend_version(void);

 /* HASH */
 int crypt_hash_size(const char *name);
@@ -28,4 +51,42 @@ int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length);
 int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length);
 int crypt_hmac_destroy(struct crypt_hmac *ctx);

+/* RNG (if fips paramater set, must provide FIPS compliance) */
+enum { CRYPT_RND_NORMAL = 0, CRYPT_RND_KEY = 1, CRYPT_RND_SALT = 2 };
+int crypt_backend_rng(char *buffer, size_t length, int quality, int fips);
+
+/* PBKDF*/
+int crypt_pbkdf_check(const char *kdf, const char *hash,
+		      const char *password, size_t password_size,
+		      const char *salt, size_t salt_size,
+		      uint64_t *iter_secs);
+int crypt_pbkdf(const char *kdf, const char *hash,
+		const char *password, size_t password_length,
+		const char *salt, size_t salt_length,
+		char *key, size_t key_length,
+		unsigned int iterations);
+
+#if USE_INTERNAL_PBKDF2
+/* internal PBKDF2 implementation */
+int pkcs5_pbkdf2(const char *hash,
+		 const char *P, size_t Plen,
+		 const char *S, size_t Slen,
+		 unsigned int c,
+		 unsigned int dkLen,char *DK);
+#endif
+
+/* CRC32 */
+uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len);
+
+/* ciphers */
+int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
+		    const char *mode, const void *buffer, size_t length);
+int crypt_cipher_destroy(struct crypt_cipher *ctx);
+int crypt_cipher_encrypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length);
+int crypt_cipher_decrypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length);
+
 #endif /* _CRYPTO_BACKEND_H */
--- a/lib/crypto_backend/crypto_cipher_kernel.c
+++ b/lib/crypto_backend/crypto_cipher_kernel.c
@@ -0,0 +1,228 @@
+/*
+ * Linux kernel userspace API crypto backend implementation (skcipher)
+ *
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012, Milan Broz
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include "crypto_backend.h"
+
+#ifdef ENABLE_AF_ALG
+
+#include <linux/if_alg.h>
+
+#ifndef AF_ALG
+#define AF_ALG 38
+#endif
+#ifndef SOL_ALG
+#define SOL_ALG 279
+#endif
+
+struct crypt_cipher {
+	int tfmfd;
+	int opfd;
+};
+
+/* Shared with hash kernel backend */
+int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd);
+
+int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd)
+{
+	*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+	if (*tfmfd == -1)
+		return -ENOTSUP;
+
+	if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) == -1) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -ENOENT;
+	}
+
+	*opfd = accept(*tfmfd, NULL, 0);
+	if (*opfd == -1) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+/*
+ *ciphers
+ *
+ * ENOENT - algorithm not available
+ * ENOTSUP - AF_ALG family not available
+ * (but cannot check specificaly for skcipher API)
+ */
+int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
+		    const char *mode, const void *buffer, size_t length)
+{
+	struct crypt_cipher *h;
+	struct sockaddr_alg sa = {
+		.salg_family = AF_ALG,
+		.salg_type = "skcipher",
+	};
+	int r;
+
+	h = malloc(sizeof(*h));
+	if (!h)
+		return -ENOMEM;
+
+	snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
+		 "%s(%s)", mode, name);
+
+	r = crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd);
+	if (r < 0) {
+		free(h);
+		return r;
+	}
+
+	if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) {
+		crypt_cipher_destroy(h);
+		return -EINVAL;
+	}
+
+	*ctx = h;
+	return 0;
+}
+
+/* The in/out should be aligned to page boundary */
+static int crypt_cipher_crypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length,
+			 uint32_t direction)
+{
+	int r = 0;
+	ssize_t len;
+	struct af_alg_iv *alg_iv;
+	struct cmsghdr *header;
+	uint32_t *type;
+	struct iovec iov = {
+		.iov_base = (void*)(uintptr_t)in,
+		.iov_len = length,
+	};
+	int iv_msg_size = iv ? CMSG_SPACE(sizeof(*alg_iv) + iv_length) : 0;
+	char buffer[CMSG_SPACE(sizeof(*type)) + iv_msg_size];
+	struct msghdr msg = {
+		.msg_control = buffer,
+		.msg_controllen = sizeof(buffer),
+		.msg_iov = &iov,
+		.msg_iovlen = 1,
+	};
+
+	if (!in || !out || !length)
+		return -EINVAL;
+
+	if ((!iv && iv_length) || (iv && !iv_length))
+		return -EINVAL;
+
+	memset(buffer, 0, sizeof(buffer));
+
+	/* Set encrypt/decrypt operation */
+	header = CMSG_FIRSTHDR(&msg);
+	header->cmsg_level = SOL_ALG;
+	header->cmsg_type = ALG_SET_OP;
+	header->cmsg_len = CMSG_LEN(sizeof(*type));
+	type = (void*)CMSG_DATA(header);
+	*type = direction;
+
+	/* Set IV */
+	if (iv) {
+		header = CMSG_NXTHDR(&msg, header);
+		header->cmsg_level = SOL_ALG;
+		header->cmsg_type = ALG_SET_IV;
+		header->cmsg_len = iv_msg_size;
+		alg_iv = (void*)CMSG_DATA(header);
+		alg_iv->ivlen = iv_length;
+		memcpy(alg_iv->iv, iv, iv_length);
+	}
+
+	len = sendmsg(ctx->opfd, &msg, 0);
+	if (len != (ssize_t)length) {
+		r = -EIO;
+		goto bad;
+	}
+
+	len = read(ctx->opfd, out, length);
+	if (len != (ssize_t)length)
+		r = -EIO;
+bad:
+	memset(buffer, 0, sizeof(buffer));
+	return r;
+}
+
+int crypt_cipher_encrypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length)
+{
+	return crypt_cipher_crypt(ctx, in, out, length,
+				  iv, iv_length, ALG_OP_ENCRYPT);
+}
+
+int crypt_cipher_decrypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length)
+{
+	return crypt_cipher_crypt(ctx, in, out, length,
+				  iv, iv_length, ALG_OP_DECRYPT);
+}
+
+int crypt_cipher_destroy(struct crypt_cipher *ctx)
+{
+	if (ctx->tfmfd != -1)
+		close(ctx->tfmfd);
+	if (ctx->opfd != -1)
+		close(ctx->opfd);
+	memset(ctx, 0, sizeof(*ctx));
+	free(ctx);
+	return 0;
+}
+
+#else /* ENABLE_AF_ALG */
+
+int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
+		    const char *mode, const void *buffer, size_t length)
+{
+	return -ENOTSUP;
+}
+
+int crypt_cipher_destroy(struct crypt_cipher *ctx)
+{
+	return 0;
+}
+
+int crypt_cipher_encrypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length)
+{
+	return -EINVAL;
+}
+int crypt_cipher_decrypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length)
+{
+	return -EINVAL;
+}
+#endif
--- a/lib/crypto_backend/crypto_gcrypt.c
+++ b/lib/crypto_backend/crypto_gcrypt.c
@@ -1,31 +1,34 @@
 /*
 * GCRYPT crypto backend implementation
 *
- * Copyright (C) 2010-2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Milan Broz
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

 #include <string.h>
+#include <stdio.h>
 #include <errno.h>
 #include <assert.h>
 #include <gcrypt.h>
 #include "crypto_backend.h"

-#define GCRYPT_REQ_VERSION "1.1.42"
-
 static int crypto_backend_initialised = 0;
+static int crypto_backend_secmem = 1;
+static char version[64];

 struct crypt_hash {
 	gcry_md_hd_t hd;
@@ -39,12 +42,11 @@ struct crypt_hmac {
 	int hash_len;
 };

-int crypt_backend_init(struct crypt_device *ctx __attribute__((unused)))
+int crypt_backend_init(struct crypt_device *ctx)
 {
 	if (crypto_backend_initialised)
 		return 0;

-	log_dbg("Initialising gcrypt crypto backend.");
 	if (!gcry_control (GCRYCTL_INITIALIZATION_FINISHED_P)) {
 		if (!gcry_check_version (GCRYPT_REQ_VERSION)) {
 			return -ENOSYS;
@@ -57,8 +59,8 @@ int crypt_backend_init(struct crypt_device *ctx __attribute__((unused)))
 * and it locks its memory space anyway.
 */
 #if 0
-		log_dbg("Initializing crypto backend (secure memory disabled).");
 		gcry_control (GCRYCTL_DISABLE_SECMEM);
+		crypto_backend_secmem = 0;
 #else

 		gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
@@ -68,10 +70,18 @@ int crypt_backend_init(struct crypt_device *ctx __attribute__((unused)))
 		gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
 	}

+	snprintf(version, 64, "gcrypt %s%s",
+		 gcry_check_version(NULL),
+		 crypto_backend_secmem ? "" : ", secmem disabled");
 	crypto_backend_initialised = 1;
 	return 0;
 }

+const char *crypt_backend_version(void)
+{
+	return crypto_backend_initialised ? version : "";
+}
+
 uint32_t crypt_backend_flags(void)
 {
 	return 0;
@@ -227,3 +237,53 @@ int crypt_hmac_destroy(struct crypt_hmac *ctx)
 	free(ctx);
 	return 0;
 }
+
+/* RNG */
+int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+{
+	switch(quality) {
+	case CRYPT_RND_NORMAL:
+		gcry_randomize(buffer, length, GCRY_STRONG_RANDOM);
+		break;
+	case CRYPT_RND_SALT:
+	case CRYPT_RND_KEY:
+	default:
+		gcry_randomize(buffer, length, GCRY_VERY_STRONG_RANDOM);
+		break;
+	}
+	return 0;
+}
+
+/* PBKDF */
+int crypt_pbkdf(const char *kdf, const char *hash,
+		const char *password, size_t password_length,
+		const char *salt, size_t salt_length,
+		char *key, size_t key_length,
+		unsigned int iterations)
+{
+#if USE_INTERNAL_PBKDF2
+	if (!kdf || strncmp(kdf, "pbkdf2", 6))
+		return -EINVAL;
+
+	return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
+			    iterations, key_length, key);
+
+#else /* USE_INTERNAL_PBKDF2 */
+	int hash_id = gcry_md_map_name(hash);
+	int kdf_id;
+
+	if (!hash_id)
+		return -EINVAL;
+
+	if (kdf && !strncmp(kdf, "pbkdf2", 6))
+		kdf_id = GCRY_KDF_PBKDF2;
+	else
+		return -EINVAL;
+
+	if (gcry_kdf_derive(password, password_length, kdf_id, hash_id,
+	    salt, salt_length, iterations, key_length, key))
+		return -EINVAL;
+
+	return 0;
+#endif /* USE_INTERNAL_PBKDF2 */
+}
--- a/lib/crypto_backend/crypto_kernel.c
+++ b/lib/crypto_backend/crypto_kernel.c
@@ -1,19 +1,21 @@
 /*
 * Linux kernel userspace API crypto backend implementation
 *
- * Copyright (C) 2010-2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Milan Broz
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

@@ -36,6 +38,7 @@
 #endif

 static int crypto_backend_initialised = 0;
+static char version[64];

 struct hash_alg {
 	const char *name;
@@ -49,7 +52,7 @@ static struct hash_alg hash_algs[] = {
 	{ "sha512", "sha512", 64 },
 	{ "ripemd160", "rmd160", 20 },
 	{ "whirlpool", "wp512", 64 },
-	{ NULL, 0 }
+	{ NULL, NULL, 0 }
 };

 struct crypt_hash {
@@ -64,36 +67,12 @@ struct crypt_hmac {
 	int hash_len;
 };

-static int _socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd)
-{
-	*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
-	if (*tfmfd == -1)
-		goto bad;
-
-	if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) == -1)
-		goto bad;
-
-	*opfd = accept(*tfmfd, NULL, 0);
-	if (*opfd == -1)
-		goto bad;
-
-	return 0;
-bad:
-	if (*tfmfd != -1) {
-		close(*tfmfd);
-		*tfmfd = -1;
-	}
-	if (*opfd != -1) {
-		close(*opfd);
-		*opfd = -1;
-	}
-	return -EINVAL;
-}
+/* Defined in crypt_kernel_ciphers.c */
+extern int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd);

 int crypt_backend_init(struct crypt_device *ctx)
 {
 	struct utsname uts;
-
 	struct sockaddr_alg sa = {
 		.salg_family = AF_ALG,
 		.salg_type = "hash",
@@ -104,18 +83,18 @@ int crypt_backend_init(struct crypt_device *ctx)
 	if (crypto_backend_initialised)
 		return 0;

-	log_dbg("Initialising kernel crypto API backend.");
-
 	if (uname(&uts) == -1 || strcmp(uts.sysname, "Linux"))
 		return -EINVAL;
-	log_dbg("Kernel version %s %s.", uts.sysname, uts.release);

-	if (_socket_init(&sa, &tfmfd, &opfd) < 0)
+	if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd) < 0)
 		return -EINVAL;

 	close(tfmfd);
 	close(opfd);

+	snprintf(version, sizeof(version), "%s %s kernel cryptoAPI",
+		 uts.sysname, uts.release);
+
 	crypto_backend_initialised = 1;
 	return 0;
 }
@@ -125,6 +104,11 @@ uint32_t crypt_backend_flags(void)
 	return CRYPT_BACKEND_KERNEL;
 }

+const char *crypt_backend_version(void)
+{
+	return crypto_backend_initialised ? version : "";
+}
+
 static struct hash_alg *_get_alg(const char *name)
 {
 	int i = 0;
@@ -167,7 +151,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)

 	strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name));

-	if (_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
+	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
 		free(h);
 		return -EINVAL;
 	}
@@ -242,7 +226,7 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 	snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
 		 "hmac(%s)", ha->kernel_name);

-	if (_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
+	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
 		free(h);
 		return -EINVAL;
 	}
@@ -291,3 +275,23 @@ int crypt_hmac_destroy(struct crypt_hmac *ctx)
 	free(ctx);
 	return 0;
 }
+
+/* RNG - N/A */
+int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+{
+	return -EINVAL;
+}
+
+/* PBKDF */
+int crypt_pbkdf(const char *kdf, const char *hash,
+		const char *password, size_t password_length,
+		const char *salt, size_t salt_length,
+		char *key, size_t key_length,
+		unsigned int iterations)
+{
+	if (!kdf || strncmp(kdf, "pbkdf2", 6))
+		return -EINVAL;
+
+	return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
+			    iterations, key_length, key);
+}
--- a/lib/crypto_backend/crypto_nettle.c
+++ b/lib/crypto_backend/crypto_nettle.c
@@ -1,19 +1,21 @@
 /*
 * Nettle crypto backend implementation
 *
- * Copyright (C) 2011 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2012 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2012, Milan Broz
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

@@ -24,6 +26,8 @@
 #include <nettle/hmac.h>
 #include "crypto_backend.h"

+static char *version = "Nettle";
+
 typedef void (*init_func) (void *);
 typedef void (*update_func) (void *, unsigned, const uint8_t *);
 typedef void (*digest_func) (void *, unsigned, uint8_t *);
@@ -135,10 +139,14 @@ static struct hash_alg *_get_alg(const char *name)

 int crypt_backend_init(struct crypt_device *ctx)
 {
-	log_dbg("Initialising Nettle crypto backend.");
 	return 0;
 }

+const char *crypt_backend_version(void)
+{
+	return version;
+}
+
 /* HASH */
 int crypt_hash_size(const char *name)
 {
@@ -262,3 +270,24 @@ int crypt_hmac_destroy(struct crypt_hmac *ctx)
 	free(ctx);
 	return 0;
 }
+
+/* RNG - N/A */
+int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+{
+	return -EINVAL;
+}
+
+/* PBKDF */
+int crypt_pbkdf(const char *kdf, const char *hash,
+		const char *password, size_t password_length,
+		const char *salt, size_t salt_length,
+		char *key, size_t key_length,
+		unsigned int iterations)
+{
+	if (!kdf || strncmp(kdf, "pbkdf2", 6))
+		return -EINVAL;
+
+	/* FIXME: switch to internal implementation in Nettle 2.6 */
+	return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
+			    iterations, key_length, key);
+}
--- a/lib/crypto_backend/crypto_nss.c
+++ b/lib/crypto_backend/crypto_nss.c
@@ -1,19 +1,21 @@
 /*
 * NSS crypto backend implementation
 *
- * Copyright (C) 2010-2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Milan Broz
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

@@ -23,7 +25,10 @@
 #include <pk11pub.h>
 #include "crypto_backend.h"

+#define CONST_CAST(x) (x)(uintptr_t)
+
 static int crypto_backend_initialised = 0;
+static char version[64];

 struct hash_alg {
 	const char *name;
@@ -70,10 +75,14 @@ int crypt_backend_init(struct crypt_device *ctx)
 	if (crypto_backend_initialised)
 		return 0;

-	log_dbg("Initialising NSS crypto backend.");
 	if (NSS_NoDB_Init(".") != SECSuccess)
 		return -EINVAL;

+#if HAVE_DECL_NSS_GETVERSION
+	snprintf(version, 64, "NSS %s", NSS_GetVersion());
+#else
+	snprintf(version, 64, "NSS");
+#endif
 	crypto_backend_initialised = 1;
 	return 0;
 }
@@ -83,6 +92,11 @@ uint32_t crypt_backend_flags(void)
 	return 0;
 }

+const char *crypt_backend_version(void)
+{
+	return crypto_backend_initialised ? version : "";
+}
+
 /* HASH */
 int crypt_hash_size(const char *name)
 {
@@ -274,3 +288,29 @@ int crypt_hmac_destroy(struct crypt_hmac *ctx)
 	free(ctx);
 	return 0;
 }
+
+/* RNG */
+int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+{
+	if (fips)
+		return -EINVAL;
+
+	if (PK11_GenerateRandom((unsigned char *)buffer, length) != SECSuccess)
+		return -EINVAL;
+
+	return 0;
+}
+
+/* PBKDF */
+int crypt_pbkdf(const char *kdf, const char *hash,
+		const char *password, size_t password_length,
+		const char *salt, size_t salt_length,
+		char *key, size_t key_length,
+		unsigned int iterations)
+{
+	if (!kdf || strncmp(kdf, "pbkdf2", 6))
+		return -EINVAL;
+
+	return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
+			    iterations, key_length, key);
+}
--- a/lib/crypto_backend/crypto_openssl.c
+++ b/lib/crypto_backend/crypto_openssl.c
@@ -1,19 +1,21 @@
 /*
 * OPENSSL crypto backend implementation
 *
- * Copyright (C) 2010-2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Milan Broz
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * In addition, as a special exception, the copyright holders give
@@ -22,7 +24,7 @@
 * individual source file, and distribute linked combinations
 * including the two.
 *
- * You must obey the GNU General Public License in all respects
+ * You must obey the GNU Lesser General Public License in all respects
 * for all of the code used other than OpenSSL.
 */

@@ -30,6 +32,7 @@
 #include <errno.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
+#include <openssl/rand.h>
 #include "crypto_backend.h"

 static int crypto_backend_initialised = 0;
@@ -51,8 +54,7 @@ int crypt_backend_init(struct crypt_device *ctx)
 	if (crypto_backend_initialised)
 		return 0;

-	OpenSSL_add_all_digests();
-	log_dbg("OpenSSL crypto backend initialized.");
+	OpenSSL_add_all_algorithms();

 	crypto_backend_initialised = 1;
 	return 0;
@@ -63,6 +65,11 @@ uint32_t crypt_backend_flags(void)
 	return 0;
 }

+const char *crypt_backend_version(void)
+{
+	return SSLeay_version(SSLEAY_VERSION);
+}
+
 /* HASH */
 int crypt_hash_size(const char *name)
 {
@@ -213,3 +220,39 @@ int crypt_hmac_destroy(struct crypt_hmac *ctx)
 	free(ctx);
 	return 0;
 }
+
+/* RNG */
+int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
+{
+	if (fips)
+		return -EINVAL;
+
+	if (RAND_bytes((unsigned char *)buffer, length) != 1)
+		return -EINVAL;
+
+	return 0;
+}
+
+/* PBKDF */
+int crypt_pbkdf(const char *kdf, const char *hash,
+		const char *password, size_t password_length,
+		const char *salt, size_t salt_length,
+		char *key, size_t key_length,
+		unsigned int iterations)
+{
+	const EVP_MD *hash_id;
+
+	if (!kdf || strncmp(kdf, "pbkdf2", 6))
+		return -EINVAL;
+
+	hash_id = EVP_get_digestbyname(hash);
+	if (!hash_id)
+		return -EINVAL;
+
+	if (!PKCS5_PBKDF2_HMAC(password, (int)password_length,
+	    (unsigned char *)salt, (int)salt_length,
+            (int)iterations, hash_id, (int)key_length, (unsigned char *)key))
+		return -EINVAL;
+
+	return 0;
+}
--- a/lib/crypto_backend/pbkdf2_generic.c
+++ b/lib/crypto_backend/pbkdf2_generic.c
@@ -1,10 +1,10 @@
-/* Implementation of Password-Based Cryptography as per PKCS#5
+/*
+ * Implementation of Password-Based Cryptography as per PKCS#5
 * Copyright (C) 2002,2003 Simon Josefsson
 * Copyright (C) 2004 Free Software Foundation
 *
- * LUKS code
- * Copyright (C) 2004, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2011, Red Hat, Inc. All rights reserved.
+ * cryptsetup related changes
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -22,17 +22,9 @@
 *
 */

-#include <netinet/in.h>
 #include <errno.h>
-#include <signal.h>
 #include <alloca.h>
-#include <string.h>
-#include <sys/time.h>
 #include "crypto_backend.h"
-#include "pbkdf.h"
-
-static volatile uint64_t __PBKDF2_global_j = 0;
-static volatile uint64_t __PBKDF2_performance = 0;

 /*
 * 5.2 PBKDF2
@@ -62,11 +54,11 @@ static volatile uint64_t __PBKDF2_performance = 0;

 #define MAX_PRF_BLOCK_LEN 80

-static int pkcs5_pbkdf2(const char *hash,
+int pkcs5_pbkdf2(const char *hash,
 			const char *P, size_t Plen,
 			const char *S, size_t Slen,
 			unsigned int c, unsigned int dkLen,
-			char *DK, int perfcheck)
+			char *DK)
 {
 	struct crypt_hmac *hmac;
 	char U[MAX_PRF_BLOCK_LEN];
@@ -163,7 +155,7 @@ static int pkcs5_pbkdf2(const char *hash,
 	if (crypt_hmac_init(&hmac, hash, P, Plen))
 		return -EINVAL;

-	for (i = 1; (uint) i <= l; i++) {
+	for (i = 1; (unsigned int) i <= l; i++) {
 		memset(T, 0, hLen);

 		for (u = 1; u <= c ; u++) {
@@ -184,83 +176,14 @@ static int pkcs5_pbkdf2(const char *hash,
 			if (crypt_hmac_final(hmac, U, hLen))
 				goto out;

-			for (k = 0; (uint) k < hLen; k++)
+			for (k = 0; (unsigned int) k < hLen; k++)
 				T[k] ^= U[k];
-
-			if (perfcheck && __PBKDF2_performance) {
-				rc = 0;
-				goto out;
-			}
-
-			if (perfcheck)
-				__PBKDF2_global_j++;
 		}

-		memcpy(DK + (i - 1) * hLen, T, (uint) i == l ? r : hLen);
+		memcpy(DK + (i - 1) * hLen, T, (unsigned int) i == l ? r : hLen);
 	}
 	rc = 0;
 out:
 	crypt_hmac_destroy(hmac);
 	return rc;
 }
-
-int PBKDF2_HMAC(const char *hash,
-		const char *password, size_t passwordLen,
-		const char *salt, size_t saltLen, unsigned int iterations,
-		char *dKey, size_t dKeyLen)
-{
-	return pkcs5_pbkdf2(hash, password, passwordLen, salt, saltLen,
-			    iterations, (unsigned int)dKeyLen, dKey, 0);
-}
-
-int PBKDF2_HMAC_ready(const char *hash)
-{
-	if (crypt_hmac_size(hash) < 20)
-		return -EINVAL;
-
-	return 1;
-}
-
-static void sigvtalarm(int foo __attribute__((unused)))
-{
-	__PBKDF2_performance = __PBKDF2_global_j;
-}
-
-/* This code benchmarks PBKDF2 and returns iterations/second using wth specified hash */
-int PBKDF2_performance_check(const char *hash, uint64_t *iter)
-{
-	int timer_type, r;
-	char buf;
-	struct itimerval it;
-
-	if (__PBKDF2_global_j)
-		return -EBUSY;
-
-	if (PBKDF2_HMAC_ready(hash) < 0)
-		return -EINVAL;
-
-	/* If crypto backend is not implemented in userspace,
-	 * but uses some kernel part, we must measure also time
-	 * spent in kernel. */
-	if (crypt_backend_flags() & CRYPT_BACKEND_KERNEL) {
-		timer_type = ITIMER_PROF;
-		signal(SIGPROF,sigvtalarm);
-	} else {
-		timer_type = ITIMER_VIRTUAL;
-		signal(SIGVTALRM,sigvtalarm);
-	}
-
-	it.it_interval.tv_usec = 0;
-	it.it_interval.tv_sec = 0;
-	it.it_value.tv_usec = 0;
-	it.it_value.tv_sec =  1;
-	if (setitimer(timer_type, &it, NULL) < 0)
-		return -EINVAL;
-
-	r = pkcs5_pbkdf2(hash, "foo", 3, "bar", 3, ~(0U), 1, &buf, 1);
-
-	*iter = __PBKDF2_performance;
-	__PBKDF2_global_j = 0;
-	__PBKDF2_performance = 0;
-	return r;
-}
--- a/lib/crypto_backend/pbkdf_check.c
+++ b/lib/crypto_backend/pbkdf_check.c
@@ -0,0 +1,89 @@
+/*
+ * PBKDF performance check
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012, Milan Broz
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <errno.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include "crypto_backend.h"
+
+static long time_ms(struct rusage *start, struct rusage *end)
+{
+	long ms;
+
+	ms = (end->ru_utime.tv_sec - start->ru_utime.tv_sec) * 1000;
+	ms += (end->ru_utime.tv_usec - start->ru_utime.tv_usec) / 1000;
+
+	if (crypt_backend_flags() & CRYPT_BACKEND_KERNEL) {
+		ms += (end->ru_stime.tv_sec - start->ru_stime.tv_sec) * 1000;
+		ms += (end->ru_stime.tv_usec - start->ru_stime.tv_usec) / 1000;
+	}
+
+	return ms;
+}
+
+/* This code benchmarks PBKDF and returns iterations/second using specified hash */
+int crypt_pbkdf_check(const char *kdf, const char *hash,
+		      const char *password, size_t password_size,
+		      const char *salt, size_t salt_size,
+		      uint64_t *iter_secs)
+{
+	struct rusage rstart, rend;
+	int r = 0, step = 0;
+	long ms = 0;
+	char buf;
+	unsigned int iterations;
+
+	if (!kdf || !hash)
+		return -EINVAL;
+
+	iterations = 1 << 15;
+	while (ms < 500) {
+		if (getrusage(RUSAGE_SELF, &rstart) < 0)
+			return -EINVAL;
+
+		r = crypt_pbkdf(kdf, hash, password, password_size, salt,
+				salt_size, &buf, 1, iterations);
+		if (r < 0)
+			return r;
+
+		if (getrusage(RUSAGE_SELF, &rend) < 0)
+			return -EINVAL;
+
+		ms = time_ms(&rstart, &rend);
+		if (ms > 500)
+			break;
+
+		if (ms <= 62)
+			iterations <<= 4;
+		else if (ms <= 125)
+			iterations <<= 3;
+		else if (ms <= 250)
+			iterations <<= 2;
+		else
+			iterations <<= 1;
+
+		if (++step > 10 || !iterations)
+			return -EINVAL;
+	}
+
+	if (iter_secs)
+		*iter_secs = (iterations * 1000) / ms;
+	return r;
+}
--- a/lib/internal.h
+++ b/lib/internal.h
@@ -1,19 +1,43 @@
+/*
+ * libcryptsetup - cryptsetup library internal
+ *
+ * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
 #ifndef INTERNAL_H
 #define INTERNAL_H

-#ifdef HAVE_CONFIG_H
-#	include "config.h"
-#endif
-
 #include <stdint.h>
 #include <stdarg.h>
 #include <unistd.h>
 #include <inttypes.h>

 #include "nls.h"
+#include "bitops.h"
 #include "utils_crypt.h"
 #include "utils_loop.h"
 #include "utils_dm.h"
+#include "utils_fips.h"
+#include "crypto_backend.h"
+
+#include "libcryptsetup.h"

 /* to silent gcc -Wcast-qual for const cast */
 #define CONST_CAST(x) (x)(uintptr_t)
@@ -37,27 +61,47 @@ struct volume_key *crypt_alloc_volume_key(unsigned keylength, const char *key);
 struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, unsigned keylength);
 void crypt_free_volume_key(struct volume_key *vk);

+/* Device backend */
+struct device;
+int device_alloc(struct device **device, const char *path);
+void device_free(struct device *device);
+const char *device_path(const struct device *device);
+const char *device_block_path(const struct device *device);
+void device_topology_alignment(struct device *device,
+			    unsigned long *required_alignment, /* bytes */
+			    unsigned long *alignment_offset,   /* bytes */
+			    unsigned long default_alignment);
+int device_block_size(struct device *device);
+int device_read_ahead(struct device *device, uint32_t *read_ahead);
+int device_size(struct device *device, uint64_t *size);
+int device_open(struct device *device, int flags);
+
+enum devcheck { DEV_OK = 0, DEV_EXCL = 1, DEV_SHARED = 2 };
+int device_block_adjust(struct crypt_device *cd,
+			struct device *device,
+			enum devcheck device_check,
+			uint64_t device_offset,
+			uint64_t *size,
+			uint32_t *flags);
+size_t size_round_up(size_t size, unsigned int block);
+
+/* Receive backend devices from context helpers */
+struct device *crypt_metadata_device(struct crypt_device *cd);
+struct device *crypt_data_device(struct crypt_device *cd);
+
 int crypt_confirm(struct crypt_device *cd, const char *msg);

 char *crypt_lookup_dev(const char *dev_id);
-int crypt_sysfs_check_crypt_segment(const char *device, uint64_t offset, uint64_t size);
-int crypt_sysfs_get_rotational(int major, int minor, int *rotational);
+int crypt_dev_is_rotational(int major, int minor);
+int crypt_dev_is_partition(const char *dev_path);
+char *crypt_get_partition_device(const char *dev_path, uint64_t offset, uint64_t size);

-int sector_size_for_device(const char *device);
-int device_read_ahead(const char *dev, uint32_t *read_ahead);
-ssize_t write_blockwise(int fd, void *buf, size_t count);
-ssize_t read_blockwise(int fd, void *_buf, size_t count);
-ssize_t write_lseek_blockwise(int fd, char *buf, size_t count, off_t offset);
-int device_ready(struct crypt_device *cd, const char *device, int mode);
-int device_size(const char *device, uint64_t *size);
+ssize_t write_blockwise(int fd, int bsize, void *buf, size_t count);
+ssize_t read_blockwise(int fd, int bsize, void *_buf, size_t count);
+ssize_t write_lseek_blockwise(int fd, int bsize, char *buf, size_t count, off_t offset);

-enum devcheck { DEV_OK = 0, DEV_EXCL = 1, DEV_SHARED = 2 };
-int device_check_and_adjust(struct crypt_device *cd,
-			    const char *device,
-			    enum devcheck device_check,
-			    uint64_t *size,
-			    uint64_t *offset,
-			    uint32_t *flags);
+unsigned crypt_getpagesize(void);
+int init_crypto(struct crypt_device *ctx);

 void logger(struct crypt_device *cd, int class, const char *file, int line, const char *format, ...);
 #define log_dbg(x...) logger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
@@ -66,17 +110,10 @@ void logger(struct crypt_device *cd, int class, const char *file, int line, cons
 #define log_err(c, x...) logger(c, CRYPT_LOG_ERROR, __FILE__, __LINE__, x)

 int crypt_get_debug_level(void);
-void debug_processes_using_device(const char *name);

 int crypt_memlock_inc(struct crypt_device *ctx);
 int crypt_memlock_dec(struct crypt_device *ctx);

-void get_topology_alignment(const char *device,
-			    unsigned long *required_alignment, /* bytes */
-			    unsigned long *alignment_offset,   /* bytes */
-			    unsigned long default_alignment);
-
-enum { CRYPT_RND_NORMAL = 0, CRYPT_RND_KEY = 1 };
 int crypt_random_init(struct crypt_device *ctx);
 int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int quality);
 void crypt_random_exit(void);
@@ -105,7 +142,7 @@ typedef enum {
 			    * random algorithm */
 } crypt_wipe_type;

-int crypt_wipe(const char *device,
+int crypt_wipe(struct device *device,
 	       uint64_t offset,
 	       uint64_t sectors,
 	       crypt_wipe_type type,
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -1,3 +1,26 @@
+/*
+ * libcryptsetup - cryptsetup library
+ *
+ * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
 /**
 * @file libcryptsetup.h
 * @brief Public cryptsetup API
@@ -12,6 +35,7 @@
 extern "C" {
 #endif

+#include <stddef.h>
 #include <stdint.h>

 struct crypt_device; /* crypt device handle */
@@ -65,7 +89,7 @@ int crypt_init_by_name_and_header(struct crypt_device **cd,
 int crypt_init_by_name(struct crypt_device **cd, const char *name);

 /**
- * @defgroup loglevel "Cryptsetup logging"
+ * @defgroup loglevel Cryptsetup logging
 *
 * Set of functions and defines used in cryptsetup for
 * logging purposes
@@ -204,19 +228,18 @@ void crypt_set_iterarion_time(struct crypt_device *cd, uint64_t iteration_time_m
 void crypt_set_password_verify(struct crypt_device *cd, int password_verify);

 /**
- * Set data device (encrypted payload area device) if LUKS header is separated
+ * Set data device
+ * For LUKS it is encrypted data device when LUKS header is separated.
+ * For VERITY it is data device when hash device is separated.
 *
 * @param cd crypt device handle
 * @param device path to device
 *
- * @pre context is of LUKS type
- * @pre unlike @ref crypt_init, in this function param @e device
- * 	has to be block device (at least 512B large)
 */
 int crypt_set_data_device(struct crypt_device *cd, const char *device);

 /**
- * @defgroup rng "Cryptsetup RNG"
+ * @defgroup rng Cryptsetup RNG
 *
 * @addtogroup rng
 * @{
@@ -262,7 +285,7 @@ int crypt_get_rng_type(struct crypt_device *cd);
 int crypt_memory_lock(struct crypt_device *cd, int lock);

 /**
- * @defgroup crypt_type "Cryptsetup on-disk format types"
+ * @defgroup crypt_type Cryptsetup on-disk format types
 *
 * Set of functions, \#defines and structs related
 * to on-disk format types
@@ -273,12 +296,16 @@ int crypt_memory_lock(struct crypt_device *cd, int lock);
 * @{
 */

-/** regular crypt device, no on-disk header */
+/** plain crypt device, no on-disk header */
 #define CRYPT_PLAIN "PLAIN"
 /** LUKS version 1 header on-disk */
 #define CRYPT_LUKS1 "LUKS1"
 /** loop-AES compatibility mode */
 #define CRYPT_LOOPAES "LOOPAES"
+/** dm-verity mode */
+#define CRYPT_VERITY "VERITY"
+/** TCRYPT (TrueCrypt-compatible) mode */
+#define CRYPT_TCRYPT "TCRYPT"

 /**
 * Get device type
@@ -329,6 +356,62 @@ struct crypt_params_loopaes {
 	uint64_t skip;    /**< IV offset / initialization sector */
 };

+/**
+ *
+ * Structure used as parameter for dm-verity device type
+ *
+ * @see crypt_format, crypt_load
+ *
+ */
+struct crypt_params_verity {
+	const char *hash_name;     /**< hash function */
+	const char *data_device;   /**< data_device (CRYPT_VERITY_CREATE_HASH) */
+	const char *hash_device;   /**< hash_device (output only) */
+	const char *salt;          /**< salt */
+	uint32_t salt_size;        /**< salt size (in bytes) */
+	uint32_t hash_type;        /**< in-kernel hashing type */
+	uint32_t data_block_size;  /**< data block size (in bytes) */
+	uint32_t hash_block_size;  /**< hash block size (in bytes) */
+	uint64_t data_size;        /**< data area size (in data blocks) */
+	uint64_t hash_area_offset; /**< hash/header offset (in bytes) */
+	uint32_t flags;            /**< CRYPT_VERITY* flags */
+};
+
+/** No on-disk header (only hashes) */
+#define CRYPT_VERITY_NO_HEADER   (1 << 0)
+/** Verity hash in userspace before activation */
+#define CRYPT_VERITY_CHECK_HASH  (1 << 1)
+/** Create hash - format hash device */
+#define CRYPT_VERITY_CREATE_HASH (1 << 2)
+
+/**
+ *
+ * Structure used as parameter for TCRYPT device type
+ *
+ * @see crypt_load
+ *
+ */
+struct crypt_params_tcrypt {
+	const char *passphrase;    /**< passphrase to unlock header (input only) */
+	size_t passphrase_size;    /**< passphrase size (input only, max length is 64) */
+	const char **keyfiles;     /**< keyfile paths to unlock header (input only) */
+	unsigned int keyfiles_count;/**< keyfiles count (input only) */
+	const char *hash_name;     /**< hash function for PBKDF */
+	const char *cipher;        /**< cipher chain c1[-c2[-c3]] */
+	const char *mode;          /**< cipher block mode */
+	size_t key_size;           /**< key size in bytes (the whole chain) */
+	uint32_t flags;            /**< CRYPT_TCRYPT* flags */
+};
+
+/** Include legacy modes ehn scannig for header*/
+#define CRYPT_TCRYPT_LEGACY_MODES    (1 << 0)
+/** Try to load hidden header (describing hidden device) */
+#define CRYPT_TCRYPT_HIDDEN_HEADER   (1 << 1)
+/** Try to load backup header */
+#define CRYPT_TCRYPT_BACKUP_HEADER   (1 << 2)
+/** Device contains encrypted system (with boot loader) */
+#define CRYPT_TCRYPT_SYSTEM_HEADER   (1 << 3)
+
 /** @} */

 /**
@@ -347,8 +430,10 @@ struct crypt_params_loopaes {
 *
 * @returns @e 0 on success or negative errno value otherwise.
 *
- * @note Note that crypt_format does not enable any keyslot (in case of work with LUKS device), but it stores volume key internally
- * 	 and subsequent crypt_keyslot_add_* calls can be used.
+ * @note Note that crypt_format does not enable any keyslot (in case of work with LUKS device),
+ * 	but it stores volume key internally and subsequent crypt_keyslot_add_* calls can be used.
+ * @note For VERITY @link crypt_type @endlink, only uuid parameter is used, others paramaters
+ * 	are ignored and verity specific attributes are set through mandatory params option.
 */
 int crypt_format(struct crypt_device *cd,
 	const char *type,
@@ -376,7 +461,7 @@ int crypt_set_uuid(struct crypt_device *cd,
 * Load crypt device parameters from on-disk header
 *
 * @param cd crypt device handle
- * @param requested_type - use @e NULL for all known
+ * @param requested_type @link crypt_type @endlink or @e NULL for all known
 * @param params crypt type specific parameters (see @link crypt_type @endlink)
 *
 * @returns 0 on success or negative errno value otherwise.
@@ -384,13 +469,27 @@ int crypt_set_uuid(struct crypt_device *cd,
 * @post In case LUKS header is read successfully but payload device is too small
 * error is returned and device type in context is set to @e NULL
 *
- * @note Note that in current version load works only for LUKS device type
+ * @note Note that in current version load works only for LUKS and VERITY device type.
 *
 */
 int crypt_load(struct crypt_device *cd,
 	       const char *requested_type,
 	       void *params);

+/**
+ * Try to repair crypt device on-disk header if invalid
+ *
+ * @param cd crypt device handle
+ * @param requested_type @link crypt_type @endlink or @e NULL for all known
+ * @param params crypt type specific parameters (see @link crypt_type @endlink)
+ *
+ * @returns 0 on success or negative errno value otherwise.
+ *
+ */
+int crypt_repair(struct crypt_device *cd,
+		 const char *requested_type,
+		 void *params);
+
 /**
 * Resize crypt device
 *
@@ -433,10 +532,10 @@ int crypt_suspend(struct crypt_device *cd,
 * @note Only LUKS device type is supported
 */
 int crypt_resume_by_passphrase(struct crypt_device *cd,
-			       const char *name,
-			       int keyslot,
-			       const char *passphrase,
-			       size_t passphrase_size);
+	const char *name,
+	int keyslot,
+	const char *passphrase,
+	size_t passphrase_size);

 /**
 * Resumes crypt device using key file.
@@ -446,14 +545,24 @@ int crypt_resume_by_passphrase(struct crypt_device *cd,
 * @param keyslot requested keyslot or CRYPT_ANY_SLOT
 * @param keyfile key file used to unlock volume key, @e NULL for passphrase query
 * @param keyfile_size number of bytes to read from keyfile, 0 is unlimited
+ * @param keyfile_offset number of bytes to skip at start of keyfile
 *
 * @return unlocked key slot number or negative errno otherwise.
 */
+int crypt_resume_by_keyfile_offset(struct crypt_device *cd,
+	const char *name,
+	int keyslot,
+	const char *keyfile,
+	size_t keyfile_size,
+	size_t keyfile_offset);
+/**
+ * Backward compatible crypt_resume_by_keyfile_offset() (without offset).
+ */
 int crypt_resume_by_keyfile(struct crypt_device *cd,
-			    const char *name,
-			    int keyslot,
-			    const char *keyfile,
-			    size_t keyfile_size);
+	const char *name,
+	int keyslot,
+	const char *keyfile,
+	size_t keyfile_size);

 /**
 * Releases crypt device context and used memory.
@@ -463,7 +572,7 @@ int crypt_resume_by_keyfile(struct crypt_device *cd,
 void crypt_free(struct crypt_device *cd);

 /**
- * @defgroup keyslot "Cryptsetup LUKS keyslots"
+ * @defgroup keyslot Cryptsetup LUKS keyslots
 * @addtogroup keyslot
 * @{
 *
@@ -494,14 +603,31 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
 	size_t new_passphrase_size);

 /**
- * Get number of keyslots supported for device type.
+ * Change defined key slot using provided passphrase
 *
- * @param type crypt device type
+ * @pre @e cd contains initialized and formatted LUKS device context
 *
- * @return slot count or negative errno otherwise if device
- * doesn't not support keyslots.
+ * @param cd crypt device handle
+ * @param keyslot_old old keyslot or @e CRYPT_ANY_SLOT
+ * @param keyslot_new new keyslot (can be the same as old)
+ * @param passphrase passphrase used to unlock volume key, @e NULL for query
+ * @param passphrase_size size of passphrase (binary data)
+ * @param new_passphrase passphrase for new keyslot, @e NULL for query
+ * @param new_passphrase_size size of @e new_passphrase (binary data)
+ *
+ * @return allocated key slot number or negative errno otherwise.
+ *
+ * @note This function is just internal implementation of luksChange
+ * command to avoid reading of volume key outside libcryptsetup boundary
+ * in FIPS mode.
 */
-int crypt_keyslot_max(const char *type);
+int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
+	int keyslot_old,
+	int keyslot_new,
+	const char *passphrase,
+	size_t passphrase_size,
+	const char *new_passphrase,
+	size_t new_passphrase_size);

 /**
 * Add key slot using provided key file path
@@ -512,14 +638,27 @@ int crypt_keyslot_max(const char *type);
 * @param keyslot requested keyslot or @e CRYPT_ANY_SLOT
 * @param keyfile key file used to unlock volume key, @e NULL for passphrase query
 * @param keyfile_size number of bytes to read from keyfile, @e 0 is unlimited
+ * @param keyfile_offset number of bytes to skip at start of keyfile
 * @param new_keyfile keyfile for new keyslot, @e NULL for passphrase query
 * @param new_keyfile_size number of bytes to read from @e new_keyfile, @e 0 is unlimited
+ * @param new_keyfile_offset number of bytes to skip at start of new_keyfile
 *
 * @return allocated key slot number or negative errno otherwise.
 *
 * @note Note that @e keyfile can be "-" for STDIN
 *
 */
+int crypt_keyslot_add_by_keyfile_offset(struct crypt_device *cd,
+	int keyslot,
+	const char *keyfile,
+	size_t keyfile_size,
+	size_t keyfile_offset,
+	const char *new_keyfile,
+	size_t new_keyfile_size,
+	size_t new_keyfile_offset);
+/**
+ * Backward compatible crypt_keyslot_add_by_keyfile_offset() (without offset).
+ */
 int crypt_keyslot_add_by_keyfile(struct crypt_device *cd,
 	int keyslot,
 	const char *keyfile,
@@ -566,7 +705,7 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
 /** @} */

 /**
- * @defgroup aflags "Device runtime attributes"
+ * @defgroup aflags Device runtime attributes
 *
 * Activation flags
 *
@@ -578,10 +717,14 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
 #define CRYPT_ACTIVATE_READONLY (1 << 0)
 /** only reported for device without uuid */
 #define CRYPT_ACTIVATE_NO_UUID  (1 << 1)
-/** activate more non-overlapping mapping to the same device */
+/** activate even if cannot grant exclusive access (DANGEROUS) */
 #define CRYPT_ACTIVATE_SHARED   (1 << 2)
 /** enable discards aka TRIM */
 #define CRYPT_ACTIVATE_ALLOW_DISCARDS (1 << 3)
+/** skip global udev rules in activation ("private device"), input only */
+#define CRYPT_ACTIVATE_PRIVATE (1 << 4)
+/** corruption detected (verity), output only */
+#define CRYPT_ACTIVATE_CORRUPTED (1 << 5)

 /**
 * Active device runtime attributes
@@ -636,10 +779,21 @@ int crypt_activate_by_passphrase(struct crypt_device *cd,
 * @param keyslot requested keyslot to check or CRYPT_ANY_SLOT
 * @param keyfile key file used to unlock volume key
 * @param keyfile_size number of bytes to read from keyfile, 0 is unlimited
+ * @param keyfile_offset number of bytes to skip at start of keyfile
 * @param flags activation flags
 *
 * @return unlocked key slot number or negative errno otherwise.
 */
+int crypt_activate_by_keyfile_offset(struct crypt_device *cd,
+	const char *name,
+	int keyslot,
+	const char *keyfile,
+	size_t keyfile_size,
+	size_t keyfile_offset,
+	uint32_t flags);
+/**
+ * Backward compatible crypt_activate_by_keyfile_offset() (without offset).
+ */
 int crypt_activate_by_keyfile(struct crypt_device *cd,
 	const char *name,
 	int keyslot,
@@ -662,6 +816,11 @@ int crypt_activate_by_keyfile(struct crypt_device *cd,
 * @note If @e NULL is used for volume_key, device has to be initialized
 * 	 by previous operation (like @ref crypt_format
 * 	 or @ref crypt_init_by_name)
+ * @note For VERITY the volume key means root hash required for activation.
+ * 	 Because kernel dm-verity is always read only, you have to provide
+ * 	 CRYPT_ACTIVATE_READONLY flag always.
+ * @note For TCRYPT the volume key should be always NULL and because master
+ * 	 key from decrypted header is used instead.
 */
 int crypt_activate_by_volume_key(struct crypt_device *cd,
 	const char *name,
@@ -694,6 +853,9 @@ int crypt_deactivate(struct crypt_device *cd, const char *name);
 * @param passphrase_size size of @e passphrase
 *
 * @return unlocked key slot number or negative errno otherwise.
+ *
+ * @note For TCRYPT cipher chain is  the volume key concatenated
+ * 	 for all ciphers in chain.
 */
 int crypt_volume_key_get(struct crypt_device *cd,
 	int keyslot,
@@ -715,9 +877,8 @@ int crypt_volume_key_verify(struct crypt_device *cd,
 	const char *volume_key,
 	size_t volume_key_size);

-
-/*
- * @defgroup devstat "dmcrypt device status"
+/**
+ * @defgroup devstat Crypt and Verity device status
 * @addtogroup devstat
 * @{
 */
@@ -744,7 +905,7 @@ typedef enum {
 crypt_status_info crypt_status(struct crypt_device *cd, const char *name);

 /**
- * Dump text-formatted information about crypt device to log output
+ * Dump text-formatted information about crypt or verity device to log output
 *
 * @param cd crypt device handle
 *
@@ -822,6 +983,76 @@ uint64_t crypt_get_iv_offset(struct crypt_device *cd);
 */
 int crypt_get_volume_key_size(struct crypt_device *cd);

+/**
+ * Get device parameters for VERITY device
+ *
+ * @param cd crypt device handle
+ * @param vp verity device info
+ *
+ * @e 0 on success or negative errno value otherwise.
+ *
+ */
+int crypt_get_verity_info(struct crypt_device *cd,
+	struct crypt_params_verity *vp);
+/** @} */
+
+/**
+ * @defgroup benchmark Benchmarking
+ *
+ * Benchmarking of algorithms
+ *
+ * @addtogroup benchmark
+ * @{
+ *
+ */
+
+/**
+ * Informational benchmark for ciphers
+ *
+ * @param cd crypt device handle
+ * @param cipher (e.g. "aes")
+ * @param cipher_mode (e.g. "xts"), IV generator is ignored
+ * @param volume_key_size size of volume key in bytes
+ * @param iv_size size of IV in bytes
+ * @param buffer_size size of encryption buffer in bytes used in test
+ * @param encryption_mbs measured encryption speed in MiB/s
+ * @param decryption_mbs measured decryption speed in MiB/s
+ *
+ * @return @e 0 on success or negative errno value otherwise.
+ */
+int crypt_benchmark(struct crypt_device *cd,
+	const char *cipher,
+	const char *cipher_mode,
+	size_t volume_key_size,
+	size_t iv_size,
+	size_t buffer_size,
+	double *encryption_mbs,
+	double *decryption_mbs);
+
+/**
+ * Informational benchmark for KDF
+ *
+ * @param cd crypt device handle
+ * @param kdf Key derivation function (e.g. "pbkdf2")
+ * @param hash Hash algorithm used in KDF (e.g. "sha256")
+ * @param password password for benchmark
+ * @param password_size size of password
+ * @param salt salt for benchmark
+ * @param salt_size size of salt
+ * @param iterations_sec returns measured KDF iterations per second
+ *
+ * @return @e 0 on success or negative errno value otherwise.
+ */
+int crypt_benchmark_kdf(struct crypt_device *cd,
+	const char *kdf,
+	const char *hash,
+	const char *password,
+	size_t password_size,
+	const char *salt,
+	size_t salt_size,
+	uint64_t *iterations_sec);
+/** @} */
+
 /**
 * @addtogroup keyslot
 * @{
@@ -852,11 +1083,37 @@ typedef enum {
 crypt_keyslot_info crypt_keyslot_status(struct crypt_device *cd, int keyslot);
 /** @} */

+/**
+ * Get number of keyslots supported for device type.
+ *
+ * @param type crypt device type
+ *
+ * @return slot count or negative errno otherwise if device
+ * doesn't not support keyslots.
+ */
+int crypt_keyslot_max(const char *type);
+
+/**
+ * Get keyslot area pointers (relative to metadata device)
+ *
+ * @param cd crypt device handle
+ * @param keyslot keyslot number
+ * @param offset offset on metadata device (in bytes)
+ * @param length length of keyslot area (in bytes)
+ *
+ * @return @e 0 on success or negative errno value otherwise.
+ *
+ */
+int crypt_keyslot_area(struct crypt_device *cd,
+	int keyslot,
+	uint64_t *offset,
+	uint64_t *length);
+
 /**
 * Backup header and keyslots to file
 *
 * @param cd crypt device handle
- * @param requested_type type of header to backup
+ * @param requested_type @link crypt_type @endlink or @e NULL for all known
 * @param backup_file file to backup header to
 *
 * @return @e 0 on success or negative errno value otherwise.
@@ -871,7 +1128,7 @@ int crypt_header_backup(struct crypt_device *cd,
 *
 *
 * @param cd crypt device handle
- * @param requested_type type of header to restore
+ * @param requested_type @link crypt_type @endlink or @e NULL for all known
 * @param backup_file file to restore header from
 *
 * @return @e 0 on success or negative errno value otherwise.
@@ -912,7 +1169,7 @@ void crypt_get_error(char *buf, size_t size);
 const char *crypt_get_dir(void);

 /**
- * @defgroup dbg "Library debug level"
+ * @defgroup dbg Library debug level
 *
 * Set library debug level
 *
--- a/lib/libcryptsetup.sym
+++ b/lib/libcryptsetup.sym
@@ -17,24 +17,31 @@ CRYPTSETUP_1.0 {
 		crypt_memory_lock;
 		crypt_format;
 		crypt_load;
+		crypt_repair;
 		crypt_resize;
 		crypt_suspend;
 		crypt_resume_by_passphrase;
 		crypt_resume_by_keyfile;
+		crypt_resume_by_keyfile_offset;
 		crypt_free;

 		crypt_keyslot_add_by_passphrase;
+		crypt_keyslot_change_by_passphrase;
 		crypt_keyslot_add_by_keyfile;
+		crypt_keyslot_add_by_keyfile_offset;
 		crypt_keyslot_add_by_volume_key;
 		crypt_keyslot_destroy;
 		crypt_activate_by_passphrase;
 		crypt_activate_by_keyfile;
+		crypt_activate_by_keyfile_offset;
 		crypt_activate_by_volume_key;
 		crypt_deactivate;
 		crypt_volume_key_get;
 		crypt_volume_key_verify;
 		crypt_status;
 		crypt_dump;
+		crypt_benchmark;
+		crypt_benchmark_kdf;
 		crypt_get_cipher;
 		crypt_get_cipher_mode;
 		crypt_get_uuid;
@@ -42,6 +49,7 @@ CRYPTSETUP_1.0 {
 		crypt_get_iv_offset;
 		crypt_get_volume_key_size;
 		crypt_get_device_name;
+		crypt_get_verity_info;

 		crypt_get_type;
 		crypt_get_active_device;
@@ -50,6 +58,7 @@ CRYPTSETUP_1.0 {
 		crypt_get_rng_type;

 		crypt_keyslot_max;
+		crypt_keyslot_area;
 		crypt_keyslot_status;
 		crypt_last_error;
 		crypt_get_error;
--- a/lib/libdevmapper.c
+++ b/lib/libdevmapper.c
--- a/lib/loopaes/Makefile.am
+++ b/lib/loopaes/Makefile.am
@@ -2,15 +2,13 @@ moduledir = $(libdir)/cryptsetup

 noinst_LTLIBRARIES = libloopaes.la

-libloopaes_la_CFLAGS = -Wall @CRYPTO_CFLAGS@
+libloopaes_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@

 libloopaes_la_SOURCES = \
 	loopaes.c \
 	loopaes.h

-INCLUDES = -D_GNU_SOURCE			\
-	-D_LARGEFILE64_SOURCE                   \
-	-D_FILE_OFFSET_BITS=64                  \
+AM_CPPFLAGS = -include config.h \
        -I$(top_srcdir)/lib			\
        -I$(top_srcdir)/lib/crypto_backend

--- a/lib/loopaes/loopaes.c
+++ b/lib/loopaes/loopaes.c
@@ -1,19 +1,21 @@
 /*
 * loop-AES compatible volume handling
 *
- * Copyright (C) 2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2013, Milan Broz
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

@@ -22,8 +24,9 @@
 #include <stdlib.h>
 #include <string.h>

-#include "crypto_backend.h"
+#include "libcryptsetup.h"
 #include "loopaes.h"
+#include "internal.h"

 static const char *get_hash(unsigned int key_size)
 {
@@ -72,16 +75,16 @@ static int hash_keys(struct crypt_device *cd,
 		     const char *hash_override,
 		     const char **input_keys,
 		     unsigned int keys_count,
-		     unsigned int key_len_output)
+		     unsigned int key_len_output,
+		     unsigned int key_len_input)
 {
 	const char *hash_name;
 	char tweak, *key_ptr;
-	unsigned i, key_len_input;
+	unsigned int i;
 	int r;

 	hash_name = hash_override ?: get_hash(key_len_output);
 	tweak = get_tweak(keys_count);
-	key_len_input = strlen(input_keys[0]);

 	if (!keys_count || !key_len_output || !hash_name || !key_len_input) {
 		log_err(cd, _("Key processing error (using hash %s).\n"),
@@ -131,7 +134,8 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
 			  size_t buffer_len)
 {
 	const char *keys[LOOPAES_KEYS_MAX];
-	unsigned i, key_index, key_len, offset;
+	unsigned int key_lengths[LOOPAES_KEYS_MAX];
+	unsigned int i, key_index, key_len, offset;

 	log_dbg("Parsing loop-AES keyfile of size %d.", buffer_len);

@@ -151,33 +155,45 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,

 	offset = 0;
 	key_index = 0;
+	key_lengths[0] = 0;
 	while (offset < buffer_len && key_index < LOOPAES_KEYS_MAX) {
-		keys[key_index++] = &buffer[offset];
-		while (offset < buffer_len && buffer[offset])
+		keys[key_index] = &buffer[offset];
+		key_lengths[key_index] = 0;;
+		while (offset < buffer_len && buffer[offset]) {
 			offset++;
+			key_lengths[key_index]++;
+		}
+		if (offset == buffer_len) {
+			log_dbg("Unterminated key #%d in keyfile.", key_index);
+			log_err(cd, _("Incompatible loop-AES keyfile detected.\n"));
+			return -EINVAL;
+		}
 		while (offset < buffer_len && !buffer[offset])
 			offset++;
+		key_index++;
 	}

 	/* All keys must be the same length */
-	key_len = key_index ? strlen(keys[0]) : 0;
+	key_len = key_lengths[0];
 	for (i = 0; i < key_index; i++)
-		if (key_len != strlen(keys[i])) {
+		if (!key_lengths[i] || (key_lengths[i] != key_len)) {
 			log_dbg("Unexpected length %d of key #%d (should be %d).",
-				strlen(keys[i]), i, key_len);
+				key_lengths[i], i, key_len);
 			key_len = 0;
 			break;
 		}

-	log_dbg("Keyfile: %d keys of length %d.", key_index, key_len);
 	if (offset != buffer_len || key_len == 0 ||
 	   (key_index != 1 && key_index !=64 && key_index != 65)) {
 		log_err(cd, _("Incompatible loop-AES keyfile detected.\n"));
 		return -EINVAL;
 	}

+	log_dbg("Keyfile: %d keys of length %d.", key_index, key_len);
+
 	*keys_count = key_index;
-	return hash_keys(cd, vk, hash, keys, key_index, crypt_get_volume_key_size(cd));
+	return hash_keys(cd, vk, hash, keys, key_index,
+			 crypt_get_volume_key_size(cd), key_len);
 }

 int LOOPAES_activate(struct crypt_device *cd,
@@ -191,18 +207,20 @@ int LOOPAES_activate(struct crypt_device *cd,
 	uint32_t req_flags;
 	int r;
 	struct crypt_dm_active_device dmd = {
-		.device = crypt_get_device_name(cd),
-		.cipher = NULL,
-		.uuid   = crypt_get_uuid(cd),
-		.vk    = vk,
-		.offset = crypt_get_data_offset(cd),
-		.iv_offset = crypt_get_iv_offset(cd),
+		.target = DM_CRYPT,
 		.size   = 0,
-		.flags  = flags
+		.flags  = flags,
+		.data_device = crypt_data_device(cd),
+		.u.crypt  = {
+			.cipher = NULL,
+			.vk     = vk,
+			.offset = crypt_get_data_offset(cd),
+			.iv_offset = crypt_get_iv_offset(cd),
+		}
 	};

-
-	r = device_check_and_adjust(cd, dmd.device, DEV_EXCL, &dmd.size, &dmd.offset, &flags);
+	r = device_block_adjust(cd, dmd.data_device, DEV_EXCL,
+				dmd.u.crypt.offset, &dmd.size, &dmd.flags);
 	if (r)
 		return r;

@@ -216,12 +234,13 @@ int LOOPAES_activate(struct crypt_device *cd,
 	if (r < 0)
 		return -ENOMEM;

-	dmd.cipher = cipher;
-	log_dbg("Trying to activate loop-AES device %s using cipher %s.", name, dmd.cipher);
+	dmd.u.crypt.cipher = cipher;
+	log_dbg("Trying to activate loop-AES device %s using cipher %s.",
+		name, dmd.u.crypt.cipher);

-	r = dm_create_device(name, CRYPT_LOOPAES, &dmd, 0);
+	r = dm_create_device(cd, name, CRYPT_LOOPAES, &dmd, 0);

-	if (!r && !(dm_flags() & req_flags)) {
+	if (r < 0 && !(dm_flags() & req_flags)) {
 		log_err(cd, _("Kernel doesn't support loop-AES compatible mapping.\n"));
 		r = -ENOTSUP;
 	}
--- a/lib/loopaes/loopaes.h
+++ b/lib/loopaes/loopaes.h
@@ -1,8 +1,28 @@
+/*
+ * loop-AES compatible volume handling
+ *
+ * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2013, Milan Broz
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
 #ifndef _LOOPAES_H
 #define _LOOPAES_H

 #include <unistd.h>
-#include "config.h"

 struct crypt_device;
 struct volume_key;
--- a/lib/luks1/Makefile.am
+++ b/lib/luks1/Makefile.am
@@ -2,20 +2,16 @@ moduledir = $(libdir)/cryptsetup

 noinst_LTLIBRARIES = libluks1.la

-libluks1_la_CFLAGS = -Wall @CRYPTO_CFLAGS@
+libluks1_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@

 libluks1_la_SOURCES = \
 	af.c \
-	pbkdf.c \
 	keymanage.c \
 	keyencryption.c \
-	pbkdf.h \
 	af.h \
 	luks.h

-INCLUDES = -D_GNU_SOURCE			\
-	-D_LARGEFILE64_SOURCE                   \
-	-D_FILE_OFFSET_BITS=64                  \
+AM_CPPFLAGS = -include config.h \
        -I$(top_srcdir)/lib			\
        -I$(top_srcdir)/lib/crypto_backend

--- a/lib/luks1/af.c
+++ b/lib/luks1/af.c
@@ -2,14 +2,15 @@
 * AFsplitter - Anti forensic information splitter
 *
 * Copyright (C) 2004, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
 *
 * AFsplitter diffuses information over a large stripe of data,
 * therefor supporting secure data destruction.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -26,7 +27,6 @@
 #include <string.h>
 #include <netinet/in.h>
 #include <errno.h>
-#include "crypto_backend.h"
 #include "internal.h"
 #include "af.h"

@@ -67,9 +67,14 @@ out:

 static int diffuse(char *src, char *dst, size_t size, const char *hash_name)
 {
-	unsigned int digest_size = crypt_hash_size(hash_name);
+	int hash_size = crypt_hash_size(hash_name);
+	unsigned int digest_size;
 	unsigned int i, blocks, padding;

+	if (hash_size <= 0)
+		return 1;
+	digest_size = hash_size;
+
 	blocks = size / digest_size;
 	padding = size % digest_size;

@@ -142,3 +147,17 @@ out:
 	free(bufblock);
 	return r;
 }
+
+/* Size of final split data including sector alignment */
+size_t AF_split_sectors(size_t blocksize, unsigned int blocknumbers)
+{
+	size_t af_size;
+
+	/* data material * stripes */
+	af_size = blocksize * blocknumbers;
+
+	/* round up to sector */
+	af_size = (af_size + (SECTOR_SIZE - 1)) / SECTOR_SIZE;
+
+	return af_size;
+}
--- a/lib/luks1/af.h
+++ b/lib/luks1/af.h
@@ -1,10 +1,28 @@
-#ifndef INCLUDED_CRYPTSETUP_LUKS_AF_H
-#define INCLUDED_CRYPTSETUP_LUKS_AF_H
-
 /*
 * AFsplitter - Anti forensic information splitter
- * Copyright 2004, Clemens Fruhwirth <clemens@endorphin.org>
+ *
+ * Copyright (C) 2004, Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ *
+ * AFsplitter diffuses information over a large stripe of data,
+ * therefor supporting secure data destruction.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
+#ifndef INCLUDED_CRYPTSETUP_LUKS_AF_H
+#define INCLUDED_CRYPTSETUP_LUKS_AF_H

 /*
 * AF_split operates on src and produces information split data in
@@ -21,5 +39,6 @@

 int AF_split(char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash);
 int AF_merge(char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash);
+size_t AF_split_sectors(size_t blocksize, unsigned int blocknumbers);

 #endif
--- a/lib/luks1/keyencryption.c
+++ b/lib/luks1/keyencryption.c
@@ -2,10 +2,12 @@
 * LUKS - Linux Unified Key Setup
 *
 * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -17,183 +19,123 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

-#include <string.h>
 #include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <inttypes.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/ioctl.h>
-#include <sys/mman.h>
-#include <sys/utsname.h>
 #include <fcntl.h>
-#include <unistd.h>
 #include <errno.h>
-#include <signal.h>
-
 #include "luks.h"
 #include "internal.h"

-#define div_round_up(a,b) ({          \
-	typeof(a) __a = (a);          \
-	typeof(b) __b = (b);          \
-	(__a - 1) / __b + 1;          \
-})
-
-static inline int round_up_modulo(int x, int m) {
-	return div_round_up(x, m) * m;
-}
-
-static const char *cleaner_name=NULL;
-static uint64_t cleaner_size = 0;
-static int devfd=-1;
-
-static int setup_mapping(const char *cipher, const char *name,
-			 const char *device,
-			 struct volume_key *vk,
-			 unsigned int sector, size_t srcLength,
-			 int mode, struct crypt_device *ctx)
+static void _error_hint(struct crypt_device *ctx, const char *device,
+			const char *cipher_spec, const char *mode, size_t keyLength)
 {
-	int device_sector_size = sector_size_for_device(device);
-	struct crypt_dm_active_device dmd = {
-		.device = device,
-		.cipher = cipher,
-		.uuid   = NULL,
-		.vk     = vk,
-		.offset = sector,
-		.iv_offset = 0,
-		.size   = 0,
-		.flags  = (mode == O_RDONLY) ? CRYPT_ACTIVATE_READONLY : 0
-	};
+	log_err(ctx, _("Failed to setup dm-crypt key mapping for device %s.\n"
+			"Check that kernel supports %s cipher (check syslog for more info).\n"),
+			device, cipher_spec);

-	/*
-	 * we need to round this to nearest multiple of the underlying
-	 * device's sector size, otherwise the mapping will be refused.
-	 */
-	if(device_sector_size < 0) {
-		log_err(ctx, _("Unable to obtain sector size for %s"), device);
-		return -EINVAL;
-	}
-
-	dmd.size = round_up_modulo(srcLength,device_sector_size)/SECTOR_SIZE;
-	cleaner_size = dmd.size;
-
-	return dm_create_device(name, "TEMP", &dmd, 0);
+	if (!strncmp(mode, "xts", 3) && (keyLength != 256 && keyLength != 512))
+		log_err(ctx, _("Key size in XTS mode must be 256 or 512 bits.\n"));
 }

-static void sigint_handler(int sig __attribute__((unused)))
-{
-	if(devfd >= 0)
-		close(devfd);
-	devfd = -1;
-	if(cleaner_name)
-		dm_remove_device(cleaner_name, 1, cleaner_size);
-
-	signal(SIGINT, SIG_DFL);
-	kill(getpid(), SIGINT);
-}
-
-static const char *_error_hint(char *cipherMode, size_t keyLength)
-{
-	const char *hint= "";
-
-	if (!strncmp(cipherMode, "xts", 3) && (keyLength != 256 && keyLength != 512))
-		hint = _("Key size in XTS mode must be 256 or 512 bits.\n");
-
-	return hint;
-}
-
-/* This function is not reentrant safe, as it installs a signal
-   handler and global vars for cleaning */
 static int LUKS_endec_template(char *src, size_t srcLength,
-			       struct luks_phdr *hdr,
+			       const char *cipher, const char *cipher_mode,
 			       struct volume_key *vk,
-			       const char *device,
 			       unsigned int sector,
-			       ssize_t (*func)(int, void *, size_t),
+			       ssize_t (*func)(int, int, void *, size_t),
 			       int mode,
 			       struct crypt_device *ctx)
 {
-	char *name = NULL;
-	char *fullpath = NULL;
-	char *dmCipherSpec = NULL;
-	const char *dmDir = dm_get_dir();
-	int r = -1;
+	char name[PATH_MAX], path[PATH_MAX];
+	char cipher_spec[MAX_CIPHER_LEN * 3];
+	struct crypt_dm_active_device dmd = {
+		.target = DM_CRYPT,
+		.uuid   = NULL,
+		.flags  = CRYPT_ACTIVATE_PRIVATE,
+		.data_device = crypt_metadata_device(ctx),
+		.u.crypt = {
+			.cipher = cipher_spec,
+			.vk     = vk,
+			.offset = sector,
+			.iv_offset = 0,
+		}
+	};
+	int r, bsize, devfd = -1;

-	if(dmDir == NULL) {
-		log_err(ctx, _("Failed to obtain device mapper directory."));
-		return -1;
-	}
-	if(asprintf(&name,"temporary-cryptsetup-%d",getpid())               == -1 ||
-	   asprintf(&fullpath,"%s/%s",dmDir,name)                           == -1 ||
-	   asprintf(&dmCipherSpec,"%s-%s",hdr->cipherName, hdr->cipherMode) == -1) {
-	        r = -ENOMEM;
-		goto out1;
-        }
+	bsize = device_block_size(dmd.data_device);
+	if (bsize <= 0)
+		return -EINVAL;

-	signal(SIGINT, sigint_handler);
-	cleaner_name = name;
+	dmd.size = size_round_up(srcLength, bsize) / SECTOR_SIZE;

-	r = setup_mapping(dmCipherSpec, name, device,
-			  vk, sector, srcLength, mode, ctx);
-	if(r < 0) {
-		log_err(ctx, _("Failed to setup dm-crypt key mapping for device %s.\n"
-			"Check that kernel supports %s cipher (check syslog for more info).\n%s"),
-			device, dmCipherSpec,
-			_error_hint(hdr->cipherMode, vk->keylength * 8));
-		r = -EIO;
-		goto out1;
+	if (mode == O_RDONLY)
+		dmd.flags |= CRYPT_ACTIVATE_READONLY;
+
+	if (snprintf(name, sizeof(name), "temporary-cryptsetup-%d", getpid()) < 0)
+		return -ENOMEM;
+	if (snprintf(path, sizeof(path), "%s/%s", dm_get_dir(), name) < 0)
+		return -ENOMEM;
+	if (snprintf(cipher_spec, sizeof(cipher_spec), "%s-%s", cipher, cipher_mode) < 0)
+		return -ENOMEM;
+
+	r = device_block_adjust(ctx, dmd.data_device, DEV_OK,
+				dmd.u.crypt.offset, &dmd.size, &dmd.flags);
+	if (r < 0) {
+		log_err(ctx, _("Device %s doesn't exist or access denied.\n"),
+			device_path(dmd.data_device));
+		return -EIO;
 	}

-	devfd = open(fullpath, mode | O_DIRECT | O_SYNC);  /* devfd is a global var */
-	if(devfd == -1) {
+	if (mode != O_RDONLY && dmd.flags & CRYPT_ACTIVATE_READONLY) {
+		log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+			device_path(dmd.data_device));
+		return -EACCES;
+	}
+
+	r = dm_create_device(ctx, name, "TEMP", &dmd, 0);
+	if (r < 0) {
+		if (r != -EACCES && r != -ENOTSUP)
+			_error_hint(ctx, device_path(dmd.data_device),
+				    cipher_spec, cipher_mode, vk->keylength * 8);
+		return -EIO;
+	}
+
+	devfd = open(path, mode | O_DIRECT | O_SYNC);
+	if (devfd == -1) {
 		log_err(ctx, _("Failed to open temporary keystore device.\n"));
 		r = -EIO;
-		goto out2;
+		goto out;
 	}

-	r = func(devfd,src,srcLength);
-	if(r < 0) {
+	r = func(devfd, bsize, src, srcLength);
+	if (r < 0) {
 		log_err(ctx, _("Failed to access temporary keystore device.\n"));
 		r = -EIO;
-		goto out3;
-	}
-
-	r = 0;
- out3:
-	close(devfd);
-	devfd = -1;
- out2:
-	dm_remove_device(cleaner_name, 1, cleaner_size);
- out1:
-	signal(SIGINT, SIG_DFL);
-	cleaner_name = NULL;
-	cleaner_size = 0;
-	free(dmCipherSpec);
-	free(fullpath);
-	free(name);
+	} else
+		r = 0;
+ out:
+	if(devfd != -1)
+		close(devfd);
+	dm_remove_device(ctx, name, 1, dmd.size);
 	return r;
 }

 int LUKS_encrypt_to_storage(char *src, size_t srcLength,
-			    struct luks_phdr *hdr,
+			    const char *cipher,
+			    const char *cipher_mode,
 			    struct volume_key *vk,
-			    const char *device,
 			    unsigned int sector,
 			    struct crypt_device *ctx)
 {
-	return LUKS_endec_template(src,srcLength,hdr,vk, device,
-				   sector, write_blockwise, O_RDWR, ctx);
+	return LUKS_endec_template(src, srcLength, cipher, cipher_mode,
+				   vk, sector, write_blockwise, O_RDWR, ctx);
 }

 int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
-			      struct luks_phdr *hdr,
+			      const char *cipher,
+			      const char *cipher_mode,
 			      struct volume_key *vk,
-			      const char *device,
 			      unsigned int sector,
 			      struct crypt_device *ctx)
 {
-	return LUKS_endec_template(dst,dstLength,hdr,vk, device,
-				   sector, read_blockwise, O_RDONLY, ctx);
+	return LUKS_endec_template(dst, dstLength, cipher, cipher_mode,
+				   vk, sector, read_blockwise, O_RDONLY, ctx);
 }
--- a/lib/luks1/keymanage.c
+++ b/lib/luks1/keymanage.c
@@ -2,10 +2,12 @@
 * LUKS - Linux Unified Key Setup
 *
 * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -32,52 +34,63 @@

 #include "luks.h"
 #include "af.h"
-#include "pbkdf.h"
 #include "internal.h"

-#define div_round_up(a,b) ({           \
-	typeof(a) __a = (a);          \
-	typeof(b) __b = (b);          \
-	(__a - 1) / __b + 1;        \
-})
-
-static inline int round_up_modulo(int x, int m) {
-	return div_round_up(x, m) * m;
-}
-
-/* Get size of struct luks_phrd with all keyslots material space */
-static uint64_t LUKS_device_sectors(size_t keyLen, unsigned int stripes)
+/* Get size of struct luks_phdr with all keyslots material space */
+static size_t LUKS_device_sectors(size_t keyLen)
 {
-	uint64_t keyslot_sectors, sector;
+	size_t keyslot_sectors, sector;
 	int i;

-	keyslot_sectors = div_round_up(keyLen * stripes, SECTOR_SIZE);
-	sector = round_up_modulo(LUKS_PHDR_SIZE, LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
+	keyslot_sectors = AF_split_sectors(keyLen, LUKS_STRIPES);
+	sector = LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE;

 	for (i = 0; i < LUKS_NUMKEYS; i++) {
-		sector = round_up_modulo(sector, LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
+		sector = size_round_up(sector, LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
 		sector += keyslot_sectors;
 	}

 	return sector;
 }

-static int LUKS_check_device_size(const char *device,
-				  uint64_t min_sectors,
-				  size_t keyLength)
+int LUKS_keyslot_area(struct luks_phdr *hdr,
+	int keyslot,
+	uint64_t *offset,
+	uint64_t *length)
 {
-	uint64_t dev_size, req_sectors;
+	if(keyslot >= LUKS_NUMKEYS || keyslot < 0)
+		return -EINVAL;

-	req_sectors = LUKS_device_sectors(keyLength, LUKS_STRIPES);
-	if (min_sectors > req_sectors)
-		req_sectors = min_sectors;
+	*offset = hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE;
+	*length = AF_split_sectors(hdr->keyBytes, LUKS_STRIPES) * SECTOR_SIZE;

-	if(device_size(device, &dev_size)) {
-		log_dbg("Cannot get device size for device %s.", device);
+	return 0;
+}
+
+static int LUKS_check_device_size(struct crypt_device *ctx, size_t keyLength)
+{
+	struct device *device = crypt_metadata_device(ctx);
+	uint64_t dev_sectors, hdr_sectors;
+
+	if (!keyLength)
+		return -EINVAL;
+
+	if(device_size(device, &dev_sectors)) {
+		log_dbg("Cannot get device size for device %s.", device_path(device));
 		return -EIO;
 	}

-	return (req_sectors > (dev_size >> SECTOR_SHIFT));
+	dev_sectors >>= SECTOR_SHIFT;
+	hdr_sectors = LUKS_device_sectors(keyLength);
+	log_dbg("Key length %u, device size %" PRIu64 " sectors, header size %"
+		PRIu64 " sectors.",keyLength, dev_sectors, hdr_sectors);
+
+	if (hdr_sectors > dev_sectors) {
+		log_err(ctx, _("Device %s is too small.\n"), device_path(device));
+		return -EINVAL;
+	}
+
+	return 0;
 }

 /* Check keyslot to prevent access outside of header and keyslot area */
@@ -86,7 +99,7 @@ static int LUKS_check_keyslot_size(const struct luks_phdr *phdr, unsigned int ke
 	uint32_t secs_per_stripes;

 	/* First sectors is the header itself */
-	if (phdr->keyblock[keyIndex].keyMaterialOffset * SECTOR_SIZE < LUKS_ALIGN_KEYSLOTS) {
+	if (phdr->keyblock[keyIndex].keyMaterialOffset * SECTOR_SIZE < sizeof(*phdr)) {
 		log_dbg("Invalid offset %u in keyslot %u.",
 			phdr->keyblock[keyIndex].keyMaterialOffset, keyIndex);
 		return 1;
@@ -103,7 +116,7 @@ static int LUKS_check_keyslot_size(const struct luks_phdr *phdr, unsigned int ke
 		return 1;
 	}

-	secs_per_stripes = div_round_up(phdr->keyBytes * phdr->keyblock[keyIndex].stripes, SECTOR_SIZE);
+	secs_per_stripes = AF_split_sectors(phdr->keyBytes, phdr->keyblock[keyIndex].stripes);

 	if (phdr->payloadOffset < (phdr->keyblock[keyIndex].keyMaterialOffset + secs_per_stripes)) {
 		log_dbg("Invalid keyslot size %u (offset %u, stripes %u) in "
@@ -135,25 +148,19 @@ static const char *dbg_slot_state(crypt_keyslot_info ki)

 int LUKS_hdr_backup(
 	const char *backup_file,
-	const char *device,
 	struct luks_phdr *hdr,
 	struct crypt_device *ctx)
 {
+	struct device *device = crypt_metadata_device(ctx);
 	int r = 0, devfd = -1;
 	ssize_t buffer_size;
 	char *buffer = NULL;
-	struct stat st;

-	if(stat(backup_file, &st) == 0) {
-		log_err(ctx, _("Requested file %s already exist.\n"), backup_file);
-		return -EINVAL;
-	}
-
-	r = LUKS_read_phdr(device, hdr, 1, ctx);
+	r = LUKS_read_phdr(hdr, 1, 0, ctx);
 	if (r)
 		return r;

-	buffer_size = hdr->payloadOffset << SECTOR_SHIFT;
+	buffer_size = LUKS_device_sectors(hdr->keyBytes) << SECTOR_SHIFT;
 	buffer = crypt_safe_alloc(buffer_size);
 	if (!buffer || buffer_size < LUKS_ALIGN_KEYSLOTS) {
 		r = -ENOMEM;
@@ -163,28 +170,33 @@ int LUKS_hdr_backup(
 	log_dbg("Storing backup of header (%u bytes) and keyslot area (%u bytes).",
 		sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS);

-	devfd = open(device, O_RDONLY | O_DIRECT | O_SYNC);
+	devfd = device_open(device, O_RDONLY);
 	if(devfd == -1) {
-		log_err(ctx, _("Device %s is not a valid LUKS device.\n"), device);
+		log_err(ctx, _("Device %s is not a valid LUKS device.\n"), device_path(device));
 		r = -EINVAL;
 		goto out;
 	}

-	if(read_blockwise(devfd, buffer, buffer_size) < buffer_size) {
+	if (read_blockwise(devfd, device_block_size(device), buffer, buffer_size) < buffer_size) {
 		r = -EIO;
 		goto out;
 	}
 	close(devfd);

 	/* Wipe unused area, so backup cannot contain old signatures */
-	memset(buffer + sizeof(*hdr), 0, LUKS_ALIGN_KEYSLOTS - sizeof(*hdr));
+	if (hdr->keyblock[0].keyMaterialOffset * SECTOR_SIZE == LUKS_ALIGN_KEYSLOTS)
+		memset(buffer + sizeof(*hdr), 0, LUKS_ALIGN_KEYSLOTS - sizeof(*hdr));

-	devfd = creat(backup_file, S_IRUSR);
-	if(devfd == -1) {
+	devfd = open(backup_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
+	if (devfd == -1) {
+		if (errno == EEXIST)
+			log_err(ctx, _("Requested header backup file %s already exists.\n"), backup_file);
+		else
+			log_err(ctx, _("Cannot create header backup file %s.\n"), backup_file);
 		r = -EINVAL;
 		goto out;
 	}
-	if(write(devfd, buffer, buffer_size) < buffer_size) {
+	if (write(devfd, buffer, buffer_size) < buffer_size) {
 		log_err(ctx, _("Cannot write header backup file %s.\n"), backup_file);
 		r = -EIO;
 		goto out;
@@ -201,23 +213,21 @@ out:

 int LUKS_hdr_restore(
 	const char *backup_file,
-	const char *device,
 	struct luks_phdr *hdr,
 	struct crypt_device *ctx)
 {
+	struct device *device = crypt_metadata_device(ctx);
 	int r = 0, devfd = -1, diff_uuid = 0;
-	ssize_t buffer_size;
+	ssize_t buffer_size = 0;
 	char *buffer = NULL, msg[200];
-	struct stat st;
 	struct luks_phdr hdr_file;

-	if(stat(backup_file, &st) < 0) {
-		log_err(ctx, _("Backup file %s doesn't exist.\n"), backup_file);
-		return -EINVAL;
-	}
+	r = LUKS_read_phdr_backup(backup_file, &hdr_file, 0, ctx);
+	if (r == -ENOENT)
+		return r;

-	r = LUKS_read_phdr_backup(backup_file, device, &hdr_file, 0, ctx);
-	buffer_size = hdr_file.payloadOffset << SECTOR_SHIFT;
+	if (!r)
+		buffer_size = LUKS_device_sectors(hdr_file.keyBytes) << SECTOR_SHIFT;

 	if (r || buffer_size < LUKS_ALIGN_KEYSLOTS) {
 		log_err(ctx, _("Backup file doesn't contain valid LUKS header.\n"));
@@ -232,22 +242,22 @@ int LUKS_hdr_restore(
 	}

 	devfd = open(backup_file, O_RDONLY);
-	if(devfd == -1) {
+	if (devfd == -1) {
 		log_err(ctx, _("Cannot open header backup file %s.\n"), backup_file);
 		r = -EINVAL;
 		goto out;
 	}

-	if(read(devfd, buffer, buffer_size) < buffer_size) {
+	if (read(devfd, buffer, buffer_size) < buffer_size) {
 		log_err(ctx, _("Cannot read header backup file %s.\n"), backup_file);
 		r = -EIO;
 		goto out;
 	}
 	close(devfd);

-	r = LUKS_read_phdr(device, hdr, 0, ctx);
+	r = LUKS_read_phdr(hdr, 0, 0, ctx);
 	if (r == 0) {
-		log_dbg("Device %s already contains LUKS header, checking UUID and offset.", device);
+		log_dbg("Device %s already contains LUKS header, checking UUID and offset.", device_path(device));
 		if(hdr->payloadOffset != hdr_file.payloadOffset ||
 		   hdr->keyBytes != hdr_file.keyBytes) {
 			log_err(ctx, _("Data offset or key size differs on device and backup, restore failed.\n"));
@@ -258,7 +268,7 @@ int LUKS_hdr_restore(
 			diff_uuid = 1;
 	}

-	if (snprintf(msg, sizeof(msg), _("Device %s %s%s"), device,
+	if (snprintf(msg, sizeof(msg), _("Device %s %s%s"), device_path(device),
 		 r ? _("does not contain LUKS header. Replacing header can destroy data on that device.") :
 		     _("already contains LUKS header. Replacing header will destroy existing keyslots."),
 		     diff_uuid ? _("\nWARNING: real device header has different UUID than backup!") : "") < 0) {
@@ -272,23 +282,27 @@ int LUKS_hdr_restore(
 	}

 	log_dbg("Storing backup of header (%u bytes) and keyslot area (%u bytes) to device %s.",
-		sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS, device);
+		sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS, device_path(device));

-	devfd = open(device, O_WRONLY | O_DIRECT | O_SYNC);
-	if(devfd == -1) {
-		log_err(ctx, _("Cannot open device %s.\n"), device);
+	devfd = device_open(device, O_RDWR);
+	if (devfd == -1) {
+		if (errno == EACCES)
+			log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+				device_path(device));
+		else
+			log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
 		r = -EINVAL;
 		goto out;
 	}

-	if(write_blockwise(devfd, buffer, buffer_size) < buffer_size) {
+	if (write_blockwise(devfd, device_block_size(device), buffer, buffer_size) < buffer_size) {
 		r = -EIO;
 		goto out;
 	}
 	close(devfd);

 	/* Be sure to reload new data */
-	r = LUKS_read_phdr(device, hdr, 1, ctx);
+	r = LUKS_read_phdr(hdr, 1, 0, ctx);
 out:
 	if (devfd != -1)
 		close(devfd);
@@ -296,9 +310,96 @@ out:
 	return r;
 }

+/* This routine should do some just basic recovery for known problems. */
+static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
+{
+	struct luks_phdr temp_phdr;
+	const unsigned char *sector = (const unsigned char*)phdr;
+	struct volume_key *vk;
+	uint64_t PBKDF2_per_sec = 1;
+	int i, bad, r, need_write = 0;
+
+	if (phdr->keyBytes != 16 && phdr->keyBytes != 32 && phdr->keyBytes != 64) {
+		log_err(ctx, _("Non standard key size, manual repair required.\n"));
+		return -EINVAL;
+	}
+	/* cryptsetup 1.0 did not align to 4k, cannot repair this one */
+	if (phdr->keyblock[0].keyMaterialOffset < (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) {
+		log_err(ctx, _("Non standard keyslots alignment, manual repair required.\n"));
+		return -EINVAL;
+	}
+
+	vk = crypt_alloc_volume_key(phdr->keyBytes, NULL);
+
+	log_verbose(ctx, _("Repairing keyslots.\n"));
+
+	log_dbg("Generating second header with the same parameters for check.");
+	/* cipherName, cipherMode, hashSpec, uuid are already null terminated */
+	/* payloadOffset - cannot check */
+	r = LUKS_generate_phdr(&temp_phdr, vk, phdr->cipherName, phdr->cipherMode,
+			       phdr->hashSpec,phdr->uuid, LUKS_STRIPES,
+			       phdr->payloadOffset, 0,
+			       1, &PBKDF2_per_sec,
+			       1, ctx);
+	if (r < 0) {
+		log_err(ctx, _("Repair failed."));
+		goto out;
+	}
+
+	for(i = 0; i < LUKS_NUMKEYS; ++i) {
+		if (phdr->keyblock[i].active == LUKS_KEY_ENABLED)  {
+			log_dbg("Skipping repair for active keyslot %i.", i);
+			continue;
+		}
+
+		bad = 0;
+		if (phdr->keyblock[i].keyMaterialOffset != temp_phdr.keyblock[i].keyMaterialOffset) {
+			log_err(ctx, _("Keyslot %i: offset repaired (%u -> %u).\n"), i,
+				(unsigned)phdr->keyblock[i].keyMaterialOffset,
+				(unsigned)temp_phdr.keyblock[i].keyMaterialOffset);
+			phdr->keyblock[i].keyMaterialOffset = temp_phdr.keyblock[i].keyMaterialOffset;
+			bad = 1;
+		}
+
+		if (phdr->keyblock[i].stripes != temp_phdr.keyblock[i].stripes) {
+			log_err(ctx, _("Keyslot %i: stripes repaired (%u -> %u).\n"), i,
+				(unsigned)phdr->keyblock[i].stripes,
+				(unsigned)temp_phdr.keyblock[i].stripes);
+			phdr->keyblock[i].stripes = temp_phdr.keyblock[i].stripes;
+			bad = 1;
+		}
+
+		/* Known case - MSDOS partition table signature */
+		if (i == 6 && sector[0x1fe] == 0x55 && sector[0x1ff] == 0xaa) {
+			log_err(ctx, _("Keyslot %i: bogus partition signature.\n"), i);
+			bad = 1;
+		}
+
+		if(bad) {
+			log_err(ctx, _("Keyslot %i: salt wiped.\n"), i);
+			phdr->keyblock[i].active = LUKS_KEY_DISABLED;
+			memset(&phdr->keyblock[i].passwordSalt, 0x00, LUKS_SALTSIZE);
+			phdr->keyblock[i].passwordIterations = 0;
+		}
+
+		if (bad)
+			need_write = 1;
+	}
+
+	if (need_write) {
+		log_verbose(ctx, _("Writing LUKS header to disk.\n"));
+		r = LUKS_write_phdr(phdr, ctx);
+	}
+out:
+	crypt_free_volume_key(vk);
+	memset(&temp_phdr, 0, sizeof(temp_phdr));
+	return r;
+}
+
 static int _check_and_convert_hdr(const char *device,
 				  struct luks_phdr *hdr,
 				  int require_luks_device,
+				  int repair,
 				  struct crypt_device *ctx)
 {
 	int r = 0;
@@ -309,34 +410,44 @@ static int _check_and_convert_hdr(const char *device,
 		log_dbg("LUKS header not detected.");
 		if (require_luks_device)
 			log_err(ctx, _("Device %s is not a valid LUKS device.\n"), device);
-		r = -EINVAL;
+		return -EINVAL;
 	} else if((hdr->version = ntohs(hdr->version)) != 1) {	/* Convert every uint16/32_t item from network byte order */
 		log_err(ctx, _("Unsupported LUKS version %d.\n"), hdr->version);
-		r = -EINVAL;
-	} else if (PBKDF2_HMAC_ready(hdr->hashSpec) < 0) {
+		return -EINVAL;
+	}
+
+	hdr->hashSpec[LUKS_HASHSPEC_L - 1] = '\0';
+	if (crypt_hmac_size(hdr->hashSpec) < LUKS_DIGESTSIZE) {
 		log_err(ctx, _("Requested LUKS hash %s is not supported.\n"), hdr->hashSpec);
-		r = -EINVAL;
-	} else {
-		hdr->payloadOffset      = ntohl(hdr->payloadOffset);
-		hdr->keyBytes           = ntohl(hdr->keyBytes);
-		hdr->mkDigestIterations = ntohl(hdr->mkDigestIterations);
+		return -EINVAL;
+	}

-		for(i = 0; i < LUKS_NUMKEYS; ++i) {
-			hdr->keyblock[i].active             = ntohl(hdr->keyblock[i].active);
-			hdr->keyblock[i].passwordIterations = ntohl(hdr->keyblock[i].passwordIterations);
-			hdr->keyblock[i].keyMaterialOffset  = ntohl(hdr->keyblock[i].keyMaterialOffset);
-			hdr->keyblock[i].stripes            = ntohl(hdr->keyblock[i].stripes);
-			if (LUKS_check_keyslot_size(hdr, i)) {
-				log_err(ctx, _("LUKS keyslot %u is invalid.\n"), i);
-				// FIXME: allow header recovery
-				r = -EINVAL;
-			}
+	/* Header detected */
+	hdr->payloadOffset      = ntohl(hdr->payloadOffset);
+	hdr->keyBytes           = ntohl(hdr->keyBytes);
+	hdr->mkDigestIterations = ntohl(hdr->mkDigestIterations);
+
+	for(i = 0; i < LUKS_NUMKEYS; ++i) {
+		hdr->keyblock[i].active             = ntohl(hdr->keyblock[i].active);
+		hdr->keyblock[i].passwordIterations = ntohl(hdr->keyblock[i].passwordIterations);
+		hdr->keyblock[i].keyMaterialOffset  = ntohl(hdr->keyblock[i].keyMaterialOffset);
+		hdr->keyblock[i].stripes            = ntohl(hdr->keyblock[i].stripes);
+		if (LUKS_check_keyslot_size(hdr, i)) {
+			log_err(ctx, _("LUKS keyslot %u is invalid.\n"), i);
+			r = -EINVAL;
 		}
+	}

-		/* Avoid unterminated strings */
-		hdr->cipherName[LUKS_CIPHERNAME_L - 1] = '\0';
-		hdr->cipherMode[LUKS_CIPHERMODE_L - 1] = '\0';
-		hdr->uuid[UUID_STRING_L - 1] = '\0';
+	/* Avoid unterminated strings */
+	hdr->cipherName[LUKS_CIPHERNAME_L - 1] = '\0';
+	hdr->cipherMode[LUKS_CIPHERMODE_L - 1] = '\0';
+	hdr->uuid[UUID_STRING_L - 1] = '\0';
+
+	if (repair) {
+		if (r == -EINVAL)
+			r = _keyslot_repair(hdr, ctx);
+		else
+			log_verbose(ctx, _("No known problems detected for LUKS header.\n"));
 	}

 	return r;
@@ -357,7 +468,6 @@ static void LUKS_fix_header_compatible(struct luks_phdr *header)
 }

 int LUKS_read_phdr_backup(const char *backup_file,
-			  const char *device,
 			  struct luks_phdr *hdr,
 			  int require_luks_device,
 			  struct crypt_device *ctx)
@@ -370,51 +480,66 @@ int LUKS_read_phdr_backup(const char *backup_file,

 	devfd = open(backup_file, O_RDONLY);
 	if(-1 == devfd) {
-		log_err(ctx, _("Cannot open file %s.\n"), device);
-		return -EINVAL;
+		log_err(ctx, _("Cannot open header backup file %s.\n"), backup_file);
+		return -ENOENT;
 	}

 	if (read(devfd, hdr, hdr_size) < hdr_size)
 		r = -EIO;
 	else {
 		LUKS_fix_header_compatible(hdr);
-		r = _check_and_convert_hdr(backup_file, hdr, require_luks_device, ctx);
+		r = _check_and_convert_hdr(backup_file, hdr,
+					   require_luks_device, 0, ctx);
 	}

 	close(devfd);
 	return r;
 }

-int LUKS_read_phdr(const char *device,
-		   struct luks_phdr *hdr,
+int LUKS_read_phdr(struct luks_phdr *hdr,
 		   int require_luks_device,
+		   int repair,
 		   struct crypt_device *ctx)
 {
+	struct device *device = crypt_metadata_device(ctx);
 	ssize_t hdr_size = sizeof(struct luks_phdr);
 	int devfd = 0, r = 0;

-	log_dbg("Reading LUKS header of size %d from device %s",
-		hdr_size, device);
+	/* LUKS header starts at offset 0, first keyslot on LUKS_ALIGN_KEYSLOTS */
+	assert(sizeof(struct luks_phdr) <= LUKS_ALIGN_KEYSLOTS);

-	devfd = open(device,O_RDONLY | O_DIRECT | O_SYNC);
-	if(-1 == devfd) {
-		log_err(ctx, _("Cannot open device %s.\n"), device);
+	/* Stripes count cannot be changed without additional code fixes yet */
+	assert(LUKS_STRIPES == 4000);
+
+	if (repair && !require_luks_device)
+		return -EINVAL;
+
+	log_dbg("Reading LUKS header of size %d from device %s",
+		hdr_size, device_path(device));
+
+	devfd = device_open(device, O_RDONLY);
+	if (devfd == -1) {
+		log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
 		return -EINVAL;
 	}

-	if (read_blockwise(devfd, hdr, hdr_size) < hdr_size)
+	if (read_blockwise(devfd, device_block_size(device), hdr, hdr_size) < hdr_size)
 		r = -EIO;
 	else
-		r = _check_and_convert_hdr(device, hdr, require_luks_device, ctx);
+		r = _check_and_convert_hdr(device_path(device), hdr, require_luks_device,
+					   repair, ctx);
+
+	if (!r)
+		r = LUKS_check_device_size(ctx, hdr->keyBytes);

 	close(devfd);
 	return r;
 }

-int LUKS_write_phdr(const char *device,
-		    struct luks_phdr *hdr,
+int LUKS_write_phdr(struct luks_phdr *hdr,
 		    struct crypt_device *ctx)
 {
+	struct device *device = crypt_metadata_device(ctx);
 	ssize_t hdr_size = sizeof(struct luks_phdr);
 	int devfd = 0;
 	unsigned int i;
@@ -422,16 +547,19 @@ int LUKS_write_phdr(const char *device,
 	int r;

 	log_dbg("Updating LUKS header of size %d on device %s",
-		sizeof(struct luks_phdr), device);
+		sizeof(struct luks_phdr), device_path(device));

-	if (LUKS_check_device_size(device, hdr->payloadOffset, hdr->keyBytes)) {
-		log_err(ctx, _("Device %s is too small.\n"), device);
-		return -EINVAL;
-	}
+	r = LUKS_check_device_size(ctx, hdr->keyBytes);
+	if (r)
+		return r;

-	devfd = open(device,O_RDWR | O_DIRECT | O_SYNC);
+	devfd = device_open(device, O_RDWR);
 	if(-1 == devfd) {
-		log_err(ctx, _("Cannot open device %s.\n"), device);
+		if (errno == EACCES)
+			log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+				device_path(device));
+		else
+			log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
 		return -EINVAL;
 	}

@@ -450,36 +578,22 @@ int LUKS_write_phdr(const char *device,
 		convHdr.keyblock[i].stripes            = htonl(hdr->keyblock[i].stripes);
 	}

-	r = write_blockwise(devfd, &convHdr, hdr_size) < hdr_size ? -EIO : 0;
+	r = write_blockwise(devfd, device_block_size(device), &convHdr, hdr_size) < hdr_size ? -EIO : 0;
 	if (r)
-		log_err(ctx, _("Error during update of LUKS header on device %s.\n"), device);
+		log_err(ctx, _("Error during update of LUKS header on device %s.\n"), device_path(device));
 	close(devfd);

 	/* Re-read header from disk to be sure that in-memory and on-disk data are the same. */
 	if (!r) {
-		r = LUKS_read_phdr(device, hdr, 1, ctx);
+		r = LUKS_read_phdr(hdr, 1, 0, ctx);
 		if (r)
-			log_err(ctx, _("Error re-reading LUKS header after update on device %s.\n"), device);
+			log_err(ctx, _("Error re-reading LUKS header after update on device %s.\n"),
+				device_path(device));
 	}

 	return r;
 }

-static int LUKS_PBKDF2_performance_check(const char *hashSpec,
-					 uint64_t *PBKDF2_per_sec,
-					 struct crypt_device *ctx)
-{
-	if (!*PBKDF2_per_sec) {
-		if (PBKDF2_performance_check(hashSpec, PBKDF2_per_sec) < 0) {
-			log_err(ctx, _("Not compatible PBKDF2 options (using hash algorithm %s).\n"), hashSpec);
-			return -EINVAL;
-		}
-		log_dbg("PBKDF2: %" PRIu64 " iterations per second using hash %s.", *PBKDF2_per_sec, hashSpec);
-	}
-
-	return 0;
-}
-
 int LUKS_generate_phdr(struct luks_phdr *header,
 		       const struct volume_key *vk,
 		       const char *cipherName, const char *cipherMode, const char *hashSpec,
@@ -488,21 +602,27 @@ int LUKS_generate_phdr(struct luks_phdr *header,
 		       unsigned int alignOffset,
 		       uint32_t iteration_time_ms,
 		       uint64_t *PBKDF2_per_sec,
-		       const char *metadata_device,
+		       int detached_metadata_device,
 		       struct crypt_device *ctx)
 {
-	unsigned int i=0;
-	unsigned int blocksPerStripeSet = div_round_up(vk->keylength*stripes,SECTOR_SIZE);
+	unsigned int i = 0, hdr_sectors = LUKS_device_sectors(vk->keylength);
+	size_t blocksPerStripeSet, currentSector;
 	int r;
 	uuid_t partitionUuid;
-	int currentSector;
 	char luksMagic[] = LUKS_MAGIC;

 	/* For separate metadata device allow zero alignment */
-	if (alignPayload == 0 && !metadata_device)
+	if (alignPayload == 0 && !detached_metadata_device)
 		alignPayload = DEFAULT_DISK_ALIGNMENT / SECTOR_SIZE;

-	if (PBKDF2_HMAC_ready(hashSpec) < 0) {
+	if (alignPayload && detached_metadata_device && alignPayload < hdr_sectors) {
+		log_err(ctx, _("Data offset for detached LUKS header must be "
+			       "either 0 or higher than header size (%d sectors).\n"),
+			       hdr_sectors);
+		return -EINVAL;
+	}
+
+	if (crypt_hmac_size(hashSpec) < LUKS_DIGESTSIZE) {
 		log_err(ctx, _("Requested LUKS hash %s is not supported.\n"), hashSpec);
 		return -EINVAL;
 	}
@@ -531,45 +651,51 @@ int LUKS_generate_phdr(struct luks_phdr *header,
 		header->version, header->hashSpec ,header->cipherName, header->cipherMode,
 		header->keyBytes);

-	r = crypt_random_get(ctx, header->mkDigestSalt, LUKS_SALTSIZE, CRYPT_RND_NORMAL);
+	r = crypt_random_get(ctx, header->mkDigestSalt, LUKS_SALTSIZE, CRYPT_RND_SALT);
 	if(r < 0) {
-		log_err(ctx,  _("Cannot create LUKS header: reading random salt failed.\n"));
+		log_err(ctx, _("Cannot create LUKS header: reading random salt failed.\n"));
 		return r;
 	}

-	if ((r = LUKS_PBKDF2_performance_check(header->hashSpec, PBKDF2_per_sec, ctx)))
+	r = crypt_benchmark_kdf(ctx, "pbkdf2", header->hashSpec,
+				"foo", 3, "bar", 3, PBKDF2_per_sec);
+	if (r < 0) {
+		log_err(ctx, _("Not compatible PBKDF2 options (using hash algorithm %s).\n"),
+			header->hashSpec);
 		return r;
+	}

 	/* Compute master key digest */
 	iteration_time_ms /= 8;
 	header->mkDigestIterations = at_least((uint32_t)(*PBKDF2_per_sec/1024) * iteration_time_ms,
 					      LUKS_MKD_ITERATIONS_MIN);

-	r = PBKDF2_HMAC(header->hashSpec,vk->key,vk->keylength,
-			header->mkDigestSalt,LUKS_SALTSIZE,
-			header->mkDigestIterations,
-			header->mkDigest,LUKS_DIGESTSIZE);
+	r = crypt_pbkdf("pbkdf2", header->hashSpec, vk->key,vk->keylength,
+			header->mkDigestSalt, LUKS_SALTSIZE,
+			header->mkDigest,LUKS_DIGESTSIZE,
+			header->mkDigestIterations);
 	if(r < 0) {
-		log_err(ctx,  _("Cannot create LUKS header: header digest failed (using hash %s).\n"),
+		log_err(ctx, _("Cannot create LUKS header: header digest failed (using hash %s).\n"),
 			header->hashSpec);
 		return r;
 	}

-	currentSector = round_up_modulo(LUKS_PHDR_SIZE, LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
+	currentSector = LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE;
+	blocksPerStripeSet = AF_split_sectors(vk->keylength, stripes);
 	for(i = 0; i < LUKS_NUMKEYS; ++i) {
 		header->keyblock[i].active = LUKS_KEY_DISABLED;
 		header->keyblock[i].keyMaterialOffset = currentSector;
 		header->keyblock[i].stripes = stripes;
-		currentSector = round_up_modulo(currentSector + blocksPerStripeSet,
+		currentSector = size_round_up(currentSector + blocksPerStripeSet,
 						LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
 	}

-	if (metadata_device) {
+	if (detached_metadata_device) {
 		/* for separate metadata device use alignPayload directly */
 		header->payloadOffset = alignPayload;
 	} else {
 		/* alignOffset - offset from natural device alignment provided by topology info */
-		currentSector = round_up_modulo(currentSector, alignPayload);
+		currentSector = size_round_up(currentSector, alignPayload);
 		header->payloadOffset = currentSector + alignOffset;
 	}

@@ -582,7 +708,6 @@ int LUKS_generate_phdr(struct luks_phdr *header,
 }

 int LUKS_hdr_uuid_set(
-	const char *device,
 	struct luks_phdr *hdr,
 	const char *uuid,
 	struct crypt_device *ctx)
@@ -598,10 +723,10 @@ int LUKS_hdr_uuid_set(

 	uuid_unparse(partitionUuid, hdr->uuid);

-	return LUKS_write_phdr(device, hdr, ctx);
+	return LUKS_write_phdr(hdr, ctx);
 }

-int LUKS_set_key(const char *device, unsigned int keyIndex,
+int LUKS_set_key(unsigned int keyIndex,
 		 const char *password, size_t passwordLen,
 		 struct luks_phdr *hdr, struct volume_key *vk,
 		 uint32_t iteration_time_ms,
@@ -610,16 +735,17 @@ int LUKS_set_key(const char *device, unsigned int keyIndex,
 {
 	struct volume_key *derived_key;
 	char *AfKey = NULL;
-	unsigned int AFEKSize;
+	size_t AFEKSize;
 	uint64_t PBKDF2_temp;
 	int r;

 	if(hdr->keyblock[keyIndex].active != LUKS_KEY_DISABLED) {
-		log_err(ctx,  _("Key slot %d active, purge first.\n"), keyIndex);
+		log_err(ctx, _("Key slot %d active, purge first.\n"), keyIndex);
 		return -EINVAL;
 	}

-	if(hdr->keyblock[keyIndex].stripes < LUKS_STRIPES) {
+	/* LUKS keyslot has always at least 4000 stripes accoding to specification */
+	if(hdr->keyblock[keyIndex].stripes < 4000) {
 	        log_err(ctx, _("Key slot %d material includes too few stripes. Header manipulation?\n"),
 			keyIndex);
 	         return -EINVAL;
@@ -627,8 +753,13 @@ int LUKS_set_key(const char *device, unsigned int keyIndex,

 	log_dbg("Calculating data for key slot %d", keyIndex);

-	if ((r = LUKS_PBKDF2_performance_check(hdr->hashSpec, PBKDF2_per_sec, ctx)))
+	r = crypt_benchmark_kdf(ctx, "pbkdf2", hdr->hashSpec,
+				"foo", 3, "bar", 3, PBKDF2_per_sec);
+	if (r < 0) {
+		log_err(ctx, _("Not compatible PBKDF2 options (using hash algorithm %s).\n"),
+			hdr->hashSpec);
 		return r;
+	}

 	/*
 	 * Avoid floating point operation
@@ -648,14 +779,14 @@ int LUKS_set_key(const char *device, unsigned int keyIndex,
 		return -ENOMEM;

 	r = crypt_random_get(ctx, hdr->keyblock[keyIndex].passwordSalt,
-		       LUKS_SALTSIZE, CRYPT_RND_NORMAL);
+		       LUKS_SALTSIZE, CRYPT_RND_SALT);
 	if (r < 0)
-		return r;
+		goto out;

-	r = PBKDF2_HMAC(hdr->hashSpec, password,passwordLen,
-			hdr->keyblock[keyIndex].passwordSalt,LUKS_SALTSIZE,
-			hdr->keyblock[keyIndex].passwordIterations,
-			derived_key->key, hdr->keyBytes);
+	r = crypt_pbkdf("pbkdf2", hdr->hashSpec, password, passwordLen,
+			hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE,
+			derived_key->key, hdr->keyBytes,
+			hdr->keyblock[keyIndex].passwordIterations);
 	if (r < 0)
 		goto out;

@@ -663,7 +794,7 @@ int LUKS_set_key(const char *device, unsigned int keyIndex,
 	 * AF splitting, the masterkey stored in vk->key is split to AfKey
 	 */
 	assert(vk->keylength == hdr->keyBytes);
-	AFEKSize = hdr->keyblock[keyIndex].stripes*vk->keylength;
+	AFEKSize = AF_split_sectors(vk->keylength, hdr->keyblock[keyIndex].stripes) * SECTOR_SIZE;
 	AfKey = crypt_safe_alloc(AFEKSize);
 	if (!AfKey) {
 		r = -ENOMEM;
@@ -676,27 +807,24 @@ int LUKS_set_key(const char *device, unsigned int keyIndex,
 	if (r < 0)
 		goto out;

-	log_dbg("Updating key slot %d [0x%04x] area on device %s.", keyIndex,
-		hdr->keyblock[keyIndex].keyMaterialOffset << 9, device);
+	log_dbg("Updating key slot %d [0x%04x] area.", keyIndex,
+		hdr->keyblock[keyIndex].keyMaterialOffset << 9);
 	/* Encryption via dm */
 	r = LUKS_encrypt_to_storage(AfKey,
 				    AFEKSize,
-				    hdr,
+				    hdr->cipherName, hdr->cipherMode,
 				    derived_key,
-				    device,
 				    hdr->keyblock[keyIndex].keyMaterialOffset,
 				    ctx);
-	if (r < 0) {
-		log_err(ctx, _("Failed to write to key storage.\n"));
+	if (r < 0)
 		goto out;
-	}

 	/* Mark the key as active in phdr */
 	r = LUKS_keyslot_set(hdr, (int)keyIndex, 1);
 	if (r < 0)
 		goto out;

-	r = LUKS_write_phdr(device, hdr, ctx);
+	r = LUKS_write_phdr(hdr, ctx);
 	if (r < 0)
 		goto out;

@@ -713,10 +841,10 @@ int LUKS_verify_volume_key(const struct luks_phdr *hdr,
 {
 	char checkHashBuf[LUKS_DIGESTSIZE];

-	if (PBKDF2_HMAC(hdr->hashSpec, vk->key, vk->keylength,
+	if (crypt_pbkdf("pbkdf2", hdr->hashSpec, vk->key, vk->keylength,
 			hdr->mkDigestSalt, LUKS_SALTSIZE,
-			hdr->mkDigestIterations, checkHashBuf,
-			LUKS_DIGESTSIZE) < 0)
+			checkHashBuf, LUKS_DIGESTSIZE,
+			hdr->mkDigestIterations) < 0)
 		return -EINVAL;

 	if (memcmp(checkHashBuf, hdr->mkDigest, LUKS_DIGESTSIZE))
@@ -726,8 +854,7 @@ int LUKS_verify_volume_key(const struct luks_phdr *hdr,
 }

 /* Try to open a particular key slot */
-static int LUKS_open_key(const char *device,
-		  unsigned int keyIndex,
+static int LUKS_open_key(unsigned int keyIndex,
 		  const char *password,
 		  size_t passwordLen,
 		  struct luks_phdr *hdr,
@@ -751,30 +878,29 @@ static int LUKS_open_key(const char *device,
 		return -ENOMEM;

 	assert(vk->keylength == hdr->keyBytes);
-	AFEKSize = hdr->keyblock[keyIndex].stripes*vk->keylength;
+	AFEKSize = AF_split_sectors(vk->keylength, hdr->keyblock[keyIndex].stripes) * SECTOR_SIZE;
 	AfKey = crypt_safe_alloc(AFEKSize);
-	if (!AfKey)
-		return -ENOMEM;
+	if (!AfKey) {
+		r = -ENOMEM;
+		goto out;
+	}

-	r = PBKDF2_HMAC(hdr->hashSpec, password,passwordLen,
-			hdr->keyblock[keyIndex].passwordSalt,LUKS_SALTSIZE,
-			hdr->keyblock[keyIndex].passwordIterations,
-			derived_key->key, hdr->keyBytes);
+	r = crypt_pbkdf("pbkdf2", hdr->hashSpec, password, passwordLen,
+			hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE,
+			derived_key->key, hdr->keyBytes,
+			hdr->keyblock[keyIndex].passwordIterations);
 	if (r < 0)
 		goto out;

 	log_dbg("Reading key slot %d area.", keyIndex);
 	r = LUKS_decrypt_from_storage(AfKey,
 				      AFEKSize,
-				      hdr,
+				      hdr->cipherName, hdr->cipherMode,
 				      derived_key,
-				      device,
 				      hdr->keyblock[keyIndex].keyMaterialOffset,
 				      ctx);
-	if (r < 0) {
-		log_err(ctx, _("Failed to read from key storage.\n"));
+	if (r < 0)
 		goto out;
-	}

 	r = AF_merge(AfKey,vk->key,vk->keylength,hdr->keyblock[keyIndex].stripes,hdr->hashSpec);
 	if (r < 0)
@@ -789,8 +915,7 @@ out:
 	return r;
 }

-int LUKS_open_key_with_hdr(const char *device,
-			   int keyIndex,
+int LUKS_open_key_with_hdr(int keyIndex,
 			   const char *password,
 			   size_t passwordLen,
 			   struct luks_phdr *hdr,
@@ -803,12 +928,12 @@ int LUKS_open_key_with_hdr(const char *device,
 	*vk = crypt_alloc_volume_key(hdr->keyBytes, NULL);

 	if (keyIndex >= 0) {
-		r = LUKS_open_key(device, keyIndex, password, passwordLen, hdr, *vk, ctx);
+		r = LUKS_open_key(keyIndex, password, passwordLen, hdr, *vk, ctx);
 		return (r < 0) ? r : keyIndex;
 	}

 	for(i = 0; i < LUKS_NUMKEYS; i++) {
-		r = LUKS_open_key(device, i, password, passwordLen, hdr, *vk, ctx);
+		r = LUKS_open_key(i, password, passwordLen, hdr, *vk, ctx);
 		if(r == 0)
 			return i;

@@ -822,15 +947,15 @@ int LUKS_open_key_with_hdr(const char *device,
 	return -EPERM;
 }

-int LUKS_del_key(const char *device,
-		 unsigned int keyIndex,
+int LUKS_del_key(unsigned int keyIndex,
 		 struct luks_phdr *hdr,
 		 struct crypt_device *ctx)
 {
-	unsigned int startOffset, endOffset, stripesLen;
+	struct device *device = crypt_metadata_device(ctx);
+	unsigned int startOffset, endOffset;
 	int r;

-	r = LUKS_read_phdr(device, hdr, 1, ctx);
+	r = LUKS_read_phdr(hdr, 1, 0, ctx);
 	if (r)
 		return r;

@@ -843,14 +968,19 @@ int LUKS_del_key(const char *device,

 	/* secure deletion of key material */
 	startOffset = hdr->keyblock[keyIndex].keyMaterialOffset;
-	stripesLen = hdr->keyBytes * hdr->keyblock[keyIndex].stripes;
-	endOffset = startOffset + div_round_up(stripesLen, SECTOR_SIZE);
+	endOffset = startOffset + AF_split_sectors(hdr->keyBytes, hdr->keyblock[keyIndex].stripes);

 	r = crypt_wipe(device, startOffset * SECTOR_SIZE,
 		       (endOffset - startOffset) * SECTOR_SIZE,
 		       CRYPT_WIPE_DISK, 0);
 	if (r) {
-		log_err(ctx, _("Cannot wipe device %s.\n"), device);
+		if (r == -EACCES) {
+			log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+				device_path(device));
+			r = -EINVAL;
+		} else
+			log_err(ctx, _("Cannot wipe device %s.\n"),
+				device_path(device));
 		return r;
 	}

@@ -858,7 +988,7 @@ int LUKS_del_key(const char *device,
 	memset(&hdr->keyblock[keyIndex].passwordSalt, 0, LUKS_SALTSIZE);
 	hdr->keyblock[keyIndex].passwordIterations = 0;

-	r = LUKS_write_phdr(device, hdr, ctx);
+	r = LUKS_write_phdr(hdr, ctx);

 	return r;
 }
@@ -927,19 +1057,28 @@ int LUKS1_activate(struct crypt_device *cd,
 {
 	int r;
 	char *dm_cipher = NULL;
+	enum devcheck device_check;
 	struct crypt_dm_active_device dmd = {
-		.device = crypt_get_device_name(cd),
-		.cipher = NULL,
+		.target = DM_CRYPT,
 		.uuid   = crypt_get_uuid(cd),
-		.vk    = vk,
-		.offset = crypt_get_data_offset(cd),
-		.iv_offset = 0,
+		.flags  = flags,
 		.size   = 0,
-		.flags  = flags
+		.data_device = crypt_data_device(cd),
+		.u.crypt = {
+			.cipher = NULL,
+			.vk     = vk,
+			.offset = crypt_get_data_offset(cd),
+			.iv_offset = 0,
+		}
 	};

-	r = device_check_and_adjust(cd, dmd.device, DEV_EXCL,
-				    &dmd.size, &dmd.offset, &flags);
+	if (dmd.flags & CRYPT_ACTIVATE_SHARED)
+		device_check = DEV_SHARED;
+	else
+		device_check = DEV_EXCL;
+
+	r = device_block_adjust(cd, dmd.data_device, device_check,
+				 dmd.u.crypt.offset, &dmd.size, &dmd.flags);
 	if (r)
 		return r;

@@ -947,8 +1086,8 @@ int LUKS1_activate(struct crypt_device *cd,
 	if (r < 0)
 		return -ENOMEM;

-	dmd.cipher = dm_cipher;
-	r = dm_create_device(name, CRYPT_LUKS1, &dmd, 0);
+	dmd.u.crypt.cipher = dm_cipher;
+	r = dm_create_device(cd, name, CRYPT_LUKS1, &dmd, 0);

 	free(dm_cipher);
 	return r;
--- a/lib/luks1/luks.h
+++ b/lib/luks1/luks.h
@@ -1,3 +1,24 @@
+/*
+ * LUKS - Linux Unified Key Setup
+ *
+ * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
 #ifndef INCLUDED_CRYPTSETUP_LUKS_LUKS_H
 #define INCLUDED_CRYPTSETUP_LUKS_LUKS_H

@@ -31,8 +52,6 @@
 #define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
 #define LUKS_MAGIC_L 6

-#define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1)
-
 /* Actually we need only 37, but we don't want struct autoaligning to kick in */
 #define UUID_STRING_L 40

@@ -43,6 +62,7 @@
 converted */

 struct volume_key;
+struct device_backend;

 struct luks_phdr {
 	char		magic[LUKS_MAGIC_L];
@@ -88,47 +108,41 @@ int LUKS_generate_phdr(
 	unsigned int alignOffset,
 	uint32_t iteration_time_ms,
 	uint64_t *PBKDF2_per_sec,
-	const char *metadata_device,
+	int detached_metadata_device,
 	struct crypt_device *ctx);

 int LUKS_read_phdr(
-	const char *device,
 	struct luks_phdr *hdr,
 	int require_luks_device,
+	int repair,
 	struct crypt_device *ctx);

 int LUKS_read_phdr_backup(
 	const char *backup_file,
-	const char *device,
 	struct luks_phdr *hdr,
 	int require_luks_device,
 	struct crypt_device *ctx);

 int LUKS_hdr_uuid_set(
-	const char *device,
 	struct luks_phdr *hdr,
 	const char *uuid,
 	struct crypt_device *ctx);

 int LUKS_hdr_backup(
 	const char *backup_file,
-	const char *device,
 	struct luks_phdr *hdr,
 	struct crypt_device *ctx);

 int LUKS_hdr_restore(
 	const char *backup_file,
-	const char *device,
 	struct luks_phdr *hdr,
 	struct crypt_device *ctx);

 int LUKS_write_phdr(
-	const char *device,
 	struct luks_phdr *hdr,
 	struct crypt_device *ctx);

 int LUKS_set_key(
-	const char *device,
 	unsigned int keyIndex,
 	const char *password,
 	size_t passwordLen,
@@ -139,7 +153,6 @@ int LUKS_set_key(
 	struct crypt_device *ctx);

 int LUKS_open_key_with_hdr(
-	const char *device,
 	int keyIndex,
 	const char *password,
 	size_t passwordLen,
@@ -148,7 +161,6 @@ int LUKS_open_key_with_hdr(
 	struct crypt_device *ctx);

 int LUKS_del_key(
-	const char *device,
 	unsigned int keyIndex,
 	struct luks_phdr *hdr,
 	struct crypt_device *ctx);
@@ -157,20 +169,24 @@ crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
 int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
 int LUKS_keyslot_active_count(struct luks_phdr *hdr);
 int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable);
+int LUKS_keyslot_area(struct luks_phdr *hdr,
+	int keyslot,
+	uint64_t *offset,
+	uint64_t *length);

 int LUKS_encrypt_to_storage(
 	char *src, size_t srcLength,
-	struct luks_phdr *hdr,
+	const char *cipher,
+	const char *cipher_mode,
 	struct volume_key *vk,
-	const char *device,
 	unsigned int sector,
 	struct crypt_device *ctx);

 int LUKS_decrypt_from_storage(
 	char *dst, size_t dstLength,
-	struct luks_phdr *hdr,
+	const char *cipher,
+	const char *cipher_mode,
 	struct volume_key *vk,
-	const char *device,
 	unsigned int sector,
 	struct crypt_device *ctx);

--- a/lib/luks1/pbkdf.h
+++ b/lib/luks1/pbkdf.h
@@ -1,15 +0,0 @@
-#ifndef INCLUDED_CRYPTSETUP_LUKS_PBKDF_H
-#define INCLUDED_CRYPTSETUP_LUKS_PBKDF_H
-
-#include <stddef.h>
-
-int PBKDF2_HMAC(const char *hash,
-		const char *password, size_t passwordLen,
-		const char *salt, size_t saltLen, unsigned int iterations,
-		char *dKey, size_t dKeyLen);
-
-
-int PBKDF2_performance_check(const char *hash, uint64_t *iter);
-int PBKDF2_HMAC_ready(const char *hash);
-
-#endif
--- a/lib/nls.h
+++ b/lib/nls.h
@@ -31,4 +31,4 @@
    ( (Count) == 1 ? (Singular) : (Plural) )
 #endif

-#endif /* CRYPTSETUP_H */
+#endif /* CRYPTSETUP_NLS_H */
--- a/lib/random.c
+++ b/lib/random.c
@@ -1,11 +1,12 @@
 /*
 * cryptsetup kernel RNG access functions
 *
- * Copyright (C) 2010-2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -22,6 +23,7 @@
 #include <fcntl.h>
 #include <errno.h>
 #include <assert.h>
+#include <sys/select.h>

 #include "libcryptsetup.h"
 #include "internal.h"
@@ -176,7 +178,17 @@ int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int qualit
 	case CRYPT_RND_NORMAL:
 		status = _get_urandom(ctx, buf, len);
 		break;
+	case CRYPT_RND_SALT:
+		if (crypt_fips_mode())
+			status = crypt_backend_rng(buf, len, quality, 1);
+		else
+			status = _get_urandom(ctx, buf, len);
+		break;
 	case CRYPT_RND_KEY:
+		if (crypt_fips_mode()) {
+			status = crypt_backend_rng(buf, len, quality, 1);
+			break;
+		}
 		rng_type = ctx ? crypt_get_rng_type(ctx) :
 				 crypt_random_default_key_rng();
 		switch (rng_type) {
--- a/lib/setup.c
+++ b/lib/setup.c
--- a/lib/tcrypt/Makefile.am
+++ b/lib/tcrypt/Makefile.am
@@ -0,0 +1,14 @@
+moduledir = $(libdir)/cryptsetup
+
+noinst_LTLIBRARIES = libtcrypt.la
+
+libtcrypt_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@
+
+libtcrypt_la_SOURCES = \
+	tcrypt.c \
+	tcrypt.h
+
+AM_CPPFLAGS = -include config.h \
+        -I$(top_srcdir)/lib			\
+        -I$(top_srcdir)/lib/crypto_backend
+
--- a/lib/tcrypt/tcrypt.c
+++ b/lib/tcrypt/tcrypt.c
--- a/lib/tcrypt/tcrypt.h
+++ b/lib/tcrypt/tcrypt.h
@@ -0,0 +1,114 @@
+/*
+ * TCRYPT (TrueCrypt-compatible)  header defitinion
+ *
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2013, Milan Broz
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "libcryptsetup.h"
+
+#ifndef _CRYPTSETUP_TCRYPT_H
+#define _CRYPTSETUP_TCRYPT_H
+
+#define TCRYPT_HDR_SALT_LEN 64
+#define TCRYPT_HDR_IV_LEN   16
+#define TCRYPT_HDR_LEN     448
+#define TCRYPT_HDR_KEY_LEN 192
+#define TCRYPT_HDR_MAGIC "TRUE"
+#define TCRYPT_HDR_MAGIC_LEN 4
+
+#define TCRYPT_HDR_HIDDEN_OFFSET_OLD -1536
+#define TCRYPT_HDR_HIDDEN_OFFSET 65536
+
+#define TCRYPT_HDR_HIDDEN_OFFSET_BCK -65536
+#define TCRYPT_HDR_OFFSET_BCK -131072
+
+#define TCRYPT_HDR_SYSTEM_OFFSET 31744
+
+#define TCRYPT_LRW_IKEY_LEN 16
+#define TCRYPT_KEY_POOL_LEN 64
+#define TCRYPT_KEYFILE_LEN  1048576
+
+#define TCRYPT_HDR_FLAG_SYSTEM    (1 << 0)
+#define TCRYPT_HDR_FLAG_NONSYSTEM (1 << 1)
+
+struct tcrypt_phdr {
+	char salt[TCRYPT_HDR_SALT_LEN];
+
+	/* encrypted part, TCRYPT_HDR_LEN bytes */
+	union {
+	struct __attribute__((__packed__)) {
+		char     magic[TCRYPT_HDR_MAGIC_LEN];
+		uint16_t version;
+		uint16_t version_tc;
+		uint32_t keys_crc32;
+		uint64_t _reserved1[2]; /* data/header ctime */
+		uint64_t hidden_volume_size;
+		uint64_t volume_size;
+		uint64_t mk_offset;
+		uint64_t mk_size;
+		uint32_t flags;
+		uint32_t sector_size;
+		uint8_t  _reserved2[120];
+		uint32_t header_crc32;
+		char     keys[256];
+	} d;
+	char e[TCRYPT_HDR_LEN];
+	};
+} __attribute__((__packed__));
+
+struct crypt_dm_active_device;
+struct volume_key;
+struct device;
+
+int TCRYPT_read_phdr(struct crypt_device *cd,
+		     struct tcrypt_phdr *hdr,
+		     struct crypt_params_tcrypt *params);
+
+int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
+			const struct crypt_dm_active_device *dmd,
+			struct device **device,
+			struct crypt_params_tcrypt *tcrypt_params,
+			struct tcrypt_phdr *tcrypt_hdr);
+
+int TCRYPT_activate(struct crypt_device *cd,
+		     const char *name,
+		     struct tcrypt_phdr *hdr,
+		     struct crypt_params_tcrypt *params,
+		     uint32_t flags);
+
+int TCRYPT_deactivate(struct crypt_device *cd,
+		      const char *name);
+
+uint64_t TCRYPT_get_data_offset(struct crypt_device *cd,
+				struct tcrypt_phdr *hdr,
+				struct crypt_params_tcrypt *params);
+
+uint64_t TCRYPT_get_iv_offset(struct crypt_device *cd,
+			      struct tcrypt_phdr *hdr,
+			      struct crypt_params_tcrypt *params);
+
+int TCRYPT_get_volume_key(struct crypt_device *cd,
+			  struct tcrypt_phdr *hdr,
+			  struct crypt_params_tcrypt *params,
+			  struct volume_key **vk);
+
+int TCRYPT_dump(struct crypt_device *cd,
+		struct tcrypt_phdr *hdr,
+		struct crypt_params_tcrypt *params);
+
+#endif
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -3,11 +3,13 @@
 *
 * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
 * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -22,22 +24,18 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include <stddef.h>
-#include <stdarg.h>
 #include <errno.h>
-#include <linux/fs.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/ioctl.h>
-#include <fcntl.h>
 #include <sys/mman.h>
 #include <sys/resource.h>

-#include "libcryptsetup.h"
 #include "internal.h"

+unsigned crypt_getpagesize(void)
+{
+	long r = sysconf(_SC_PAGESIZE);
+	return r < 0 ? DEFAULT_MEM_ALIGNMENT : r;
+}
+
 static int get_alignment(int fd)
 {
 	int alignment = DEFAULT_MEM_ALIGNMENT;
@@ -69,52 +67,15 @@ static void *aligned_malloc(void **base, int size, int alignment)
 #endif
 }

-int device_read_ahead(const char *dev, uint32_t *read_ahead)
-{
-	int fd, r = 0;
-	long read_ahead_long;
-
-	if ((fd = open(dev, O_RDONLY)) < 0)
-		return 0;
-
-	r = ioctl(fd, BLKRAGET, &read_ahead_long) ? 0 : 1;
-	close(fd);
-
-	if (r)
-		*read_ahead = (uint32_t) read_ahead_long;
-
-	return r;
-}
-
-static int sector_size(int fd) 
-{
-	int bsize;
-	if (ioctl(fd,BLKSSZGET, &bsize) < 0)
-		return -EINVAL;
-	else
-		return bsize;
-}
-
-int sector_size_for_device(const char *device)
-{
-	int fd = open(device, O_RDONLY);
-	int r;
-	if(fd < 0)
-		return -EINVAL;
-	r = sector_size(fd);
-	close(fd);
-	return r;
-}
-
-ssize_t write_blockwise(int fd, void *orig_buf, size_t count)
+ssize_t write_blockwise(int fd, int bsize, void *orig_buf, size_t count)
 {
 	void *hangover_buf, *hangover_buf_base = NULL;
 	void *buf, *buf_base = NULL;
-	int r, hangover, solid, bsize, alignment;
+	int r, hangover, solid, alignment;
 	ssize_t ret = -1;

-	if ((bsize = sector_size(fd)) < 0)
-		return bsize;
+	if (fd == -1 || !orig_buf || bsize <= 0)
+		return -1;

 	hangover = count % bsize;
 	solid = count - hangover;
@@ -138,16 +99,19 @@ ssize_t write_blockwise(int fd, void *orig_buf, size_t count)
 			goto out;

 		r = read(fd, hangover_buf, bsize);
-		if (r < 0 || r != bsize)
+		if (r < 0 || r < hangover)
 			goto out;

+		if (r < bsize)
+			bsize = r;
+
 		r = lseek(fd, -bsize, SEEK_CUR);
 		if (r < 0)
 			goto out;
 		memcpy(hangover_buf, (char*)buf + solid, hangover);

 		r = write(fd, hangover_buf, bsize);
-		if (r < 0 || r != bsize)
+		if (r < 0 || r < hangover)
 			goto out;
 	}
 	ret = count;
@@ -158,14 +122,14 @@ out:
 	return ret;
 }

-ssize_t read_blockwise(int fd, void *orig_buf, size_t count) {
+ssize_t read_blockwise(int fd, int bsize, void *orig_buf, size_t count) {
 	void *hangover_buf, *hangover_buf_base = NULL;
 	void *buf, *buf_base = NULL;
-	int r, hangover, solid, bsize, alignment;
+	int r, hangover, solid, alignment;
 	ssize_t ret = -1;

-	if ((bsize = sector_size(fd)) < 0)
-		return bsize;
+	if (fd == -1 || !orig_buf || bsize <= 0)
+		return -1;

 	hangover = count % bsize;
 	solid = count - hangover;
@@ -187,7 +151,7 @@ ssize_t read_blockwise(int fd, void *orig_buf, size_t count) {
 		if (!hangover_buf)
 			goto out;
 		r = read(fd, hangover_buf, bsize);
-		if (r <  0 || r != bsize)
+		if (r <  0 || r < hangover)
 			goto out;

 		memcpy((char *)buf + solid, hangover_buf, hangover);
@@ -208,15 +172,15 @@ out:
 * is implicitly included in the read/write offset, which can not be set to non-aligned
 * boundaries. Hence, we combine llseek with write.
 */
-ssize_t write_lseek_blockwise(int fd, char *buf, size_t count, off_t offset) {
+ssize_t write_lseek_blockwise(int fd, int bsize, char *buf, size_t count, off_t offset) {
 	char *frontPadBuf;
 	void *frontPadBuf_base = NULL;
-	int r, bsize, frontHang;
+	int r, frontHang;
 	size_t innerCount = 0;
 	ssize_t ret = -1;

-	if ((bsize = sector_size(fd)) < 0)
-		return bsize;
+	if (fd == -1 || !buf || bsize <= 0)
+		return -1;

 	frontHang = offset % bsize;

@@ -250,7 +214,7 @@ ssize_t write_lseek_blockwise(int fd, char *buf, size_t count, off_t offset) {
 		count -= innerCount;
 	}

-	ret = count ? write_blockwise(fd, buf, count) : 0;
+	ret = count ? write_blockwise(fd, bsize, buf, count) : 0;
 	if (ret >= 0)
 		ret += innerCount;
 out:
@@ -259,182 +223,6 @@ out:
 	return ret;
 }

-int device_ready(struct crypt_device *cd, const char *device, int mode)
-{
-	int devfd, r = 0;
-	ssize_t s;
-	struct stat st;
-	char buf[512];
-
-	if(stat(device, &st) < 0) {
-		log_err(cd, _("Device %s doesn't exist or access denied.\n"), device);
-		return -EINVAL;
-	}
-
-	if (!S_ISBLK(st.st_mode))
-		return -ENOTBLK;
-
-	log_dbg("Trying to open and read device %s.", device);
-	devfd = open(device, mode | O_DIRECT | O_SYNC);
-	if(devfd < 0) {
-		log_err(cd, _("Cannot open device %s for %s%s access.\n"), device,
-			(mode & O_EXCL) ? _("exclusive ") : "",
-			(mode & O_RDWR) ? _("writable") : _("read-only"));
-		return -EINVAL;
-	}
-
-	 /* Try to read first sector */
-	s = read_blockwise(devfd, buf, sizeof(buf));
-	if (s < 0 || s != sizeof(buf)) {
-		log_verbose(cd, _("Cannot read device %s.\n"), device);
-		r = -EIO;
-	}
-
-	memset(buf, 0, sizeof(buf));
-	close(devfd);
-
-	return r;
-}
-
-int device_size(const char *device, uint64_t *size)
-{
-	int devfd, r = 0;
-
-	devfd = open(device, O_RDONLY);
-	if(devfd == -1)
-		return -EINVAL;
-
-	if (ioctl(devfd, BLKGETSIZE64, size) < 0)
-		r = -EINVAL;
-
-	close(devfd);
-	return r;
-}
-
-static int get_device_infos(const char *device, enum devcheck device_check,
-			    int *readonly, uint64_t *size)
-{
-	struct stat st;
-	unsigned long size_small;
-	int fd, r = -1;
-	int flags = 0;
-
-	*readonly = 0;
-	*size = 0;
-
-	if (stat(device, &st) < 0)
-		return -EINVAL;
-
-	/* never wipe header on mounted device */
-	if (device_check == DEV_EXCL && S_ISBLK(st.st_mode))
-		flags |= O_EXCL;
-
-	/* Try to open read-write to check whether it is a read-only device */
-	fd = open(device, O_RDWR | flags);
-	if (fd == -1 && errno == EROFS) {
-		*readonly = 1;
-		fd = open(device, O_RDONLY | flags);
-	}
-
-	if (fd == -1 && device_check == DEV_EXCL && errno == EBUSY)
-		return -EBUSY;
-
-	if (fd == -1)
-		return -EINVAL;
-
-	/* If the device can be opened read-write, i.e. readonly is still 0, then
-	 * check whether BKROGET says that it is read-only. E.g. read-only loop
-	 * devices may be openend read-write but are read-only according to BLKROGET
-	 */
-	if (*readonly == 0 && (r = ioctl(fd, BLKROGET, readonly)) < 0)
-		goto out;
-
-	if (ioctl(fd, BLKGETSIZE64, size) >= 0) {
-		*size >>= SECTOR_SHIFT;
-		r = 0;
-		goto out;
-	}
-
-	if (ioctl(fd, BLKGETSIZE, &size_small) >= 0) {
-		*size = (uint64_t)size_small;
-		r = 0;
-		goto out;
-	}
-
-	r = -EINVAL;
-out:
-	close(fd);
-	return r;
-}
-
-int device_check_and_adjust(struct crypt_device *cd,
-			    const char *device,
-			    enum devcheck device_check,
-			    uint64_t *size,
-			    uint64_t *offset,
-			    uint32_t *flags)
-{
-	int r, real_readonly;
-	uint64_t real_size;
-
-	if (!device)
-		return -ENOTBLK;
-
-	r = get_device_infos(device, device_check, &real_readonly, &real_size);
-	if (r < 0) {
-		if (r == -EBUSY)
-			log_err(cd, _("Cannot use device %s which is in use "
-				      "(already mapped or mounted).\n"),
-				      device);
-		else
-			log_err(cd, _("Cannot get info about device %s.\n"),
-				device);
-		return r;
-	}
-
-	if (*offset >= real_size) {
-		log_err(cd, _("Requested offset is beyond real size of device %s.\n"),
-			device);
-		return -EINVAL;
-	}
-
-	if (!*size) {
-		*size = real_size;
-		if (!*size) {
-			log_err(cd, _("Device %s has zero size.\n"), device);
-			return -ENOTBLK;
-		}
-		*size -= *offset;
-	}
-
-	/* in case of size is set by parameter */
-	if ((real_size - *offset) < *size) {
-		log_dbg("Device %s: offset = %" PRIu64 " requested size = %" PRIu64
-			", backing device size = %" PRIu64,
-			device, *offset, *size, real_size);
-		log_err(cd, _("Device %s is too small.\n"), device);
-		return -EINVAL;
-	}
-
-	if (device_check == DEV_SHARED) {
-		log_dbg("Checking crypt segments for device %s.", device);
-		r = crypt_sysfs_check_crypt_segment(device, *offset, *size);
-		if (r < 0) {
-			log_err(cd, _("Cannot use device %s (crypt segments "
-				    "overlaps or in use by another device).\n"),
-				    device);
-			return r;
-		}
-	}
-
-	if (real_readonly)
-		*flags |= CRYPT_ACTIVATE_READONLY;
-
-	log_dbg("Calculated device size is %" PRIu64 " sectors (%s), offset %" PRIu64 ".",
-		*size, real_readonly ? "RO" : "RW", *offset);
-	return 0;
-}
-
 /* MEMLOCK */
 #define DEFAULT_PROCESS_PRIORITY -18

@@ -447,7 +235,7 @@ int crypt_memlock_inc(struct crypt_device *ctx)
 	if (!_memlock_count++) {
 		log_dbg("Locking memory.");
 		if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) {
-			log_err(ctx, _("WARNING!!! Possibly insecure memory. Are you root?\n"));
+			log_dbg("Cannot lock memory with mlockall.");
 			_memlock_count--;
 			return 0;
 		}
@@ -456,7 +244,7 @@ int crypt_memlock_inc(struct crypt_device *ctx)
 			log_err(ctx, _("Cannot get process priority.\n"));
 		else
 			if (setpriority(PRIO_PROCESS, 0, DEFAULT_PROCESS_PRIORITY))
-				log_err(ctx, _("setpriority %d failed: %s\n"),
+				log_dbg("setpriority %d failed: %s",
 					DEFAULT_PROCESS_PRIORITY, strerror(errno));
 	}
 	return _memlock_count ? 1 : 0;
@@ -469,64 +257,7 @@ int crypt_memlock_dec(struct crypt_device *ctx)
 		if (munlockall() == -1)
 			log_err(ctx, _("Cannot unlock memory.\n"));
 		if (setpriority(PRIO_PROCESS, 0, _priority))
-			log_err(ctx, _("setpriority %d failed: %s\n"), _priority, strerror(errno));
+			log_dbg("setpriority %d failed: %s", _priority, strerror(errno));
 	}
 	return _memlock_count ? 1 : 0;
 }
-
-/* DEVICE TOPOLOGY */
-
-/* block device topology ioctls, introduced in 2.6.32 */
-#ifndef BLKIOMIN
-#define BLKIOMIN    _IO(0x12,120)
-#define BLKIOOPT    _IO(0x12,121)
-#define BLKALIGNOFF _IO(0x12,122)
-#endif
-
-void get_topology_alignment(const char *device,
-			    unsigned long *required_alignment, /* bytes */
-			    unsigned long *alignment_offset,   /* bytes */
-			    unsigned long default_alignment)
-{
-	int dev_alignment_offset = 0;
-	unsigned int min_io_size = 0, opt_io_size = 0;
-	unsigned long temp_alignment = 0;
-	int fd;
-
-	*required_alignment = default_alignment;
-	*alignment_offset = 0;
-
-	fd = open(device, O_RDONLY);
-	if (fd == -1)
-		return;
-
-	/* minimum io size */
-	if (ioctl(fd, BLKIOMIN, &min_io_size) == -1) {
-		log_dbg("Topology info for %s not supported, using default offset %lu bytes.",
-			device, default_alignment);
-		goto out;
-	}
-
-	/* optimal io size */
-	if (ioctl(fd, BLKIOOPT, &opt_io_size) == -1)
-		opt_io_size = min_io_size;
-
-	/* alignment offset, bogus -1 means misaligned/unknown */
-	if (ioctl(fd, BLKALIGNOFF, &dev_alignment_offset) == -1 || dev_alignment_offset < 0)
-		dev_alignment_offset = 0;
-	*alignment_offset = (unsigned long)dev_alignment_offset;
-
-	temp_alignment = (unsigned long)min_io_size;
-
-	if (temp_alignment < (unsigned long)opt_io_size)
-		temp_alignment = (unsigned long)opt_io_size;
-
-	/* If calculated alignment is multiple of default, keep default */
-	if (temp_alignment && (default_alignment % temp_alignment))
-		*required_alignment = temp_alignment;
-
-	log_dbg("Topology: IO (%u/%u), offset = %lu; Required alignment is %lu bytes.",
-		min_io_size, opt_io_size, *alignment_offset, *required_alignment);
-out:
-	(void)close(fd);
-}
--- a/lib/utils_benchmark.c
+++ b/lib/utils_benchmark.c
@@ -0,0 +1,248 @@
+/*
+ * libcryptsetup - cryptsetup library, cipher bechmark
+ *
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012, Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+#include "internal.h"
+
+/*
+ * This is not simulating storage, so using disk block causes extreme overhead.
+ * Let's use some fixed block size where results are more reliable...
+ */
+#define CIPHER_BLOCK_BYTES 65536
+
+/*
+ * The whole test depends on Linux kernel usermode crypto API for now.
+ * (The same implementations are used in dm-crypt though.)
+ */
+
+struct cipher_perf {
+	char name[32];
+	char mode[32];
+	char *key;
+	size_t key_length;
+	char *iv;
+	size_t iv_length;
+	size_t buffer_size;
+};
+
+static long time_ms(struct rusage *start, struct rusage *end)
+{
+	long ms = 0;
+
+	/* For kernel backend, we need to measure only tim in kernel.
+	ms = (end->ru_utime.tv_sec - start->ru_utime.tv_sec) * 1000;
+	ms += (end->ru_utime.tv_usec - start->ru_utime.tv_usec) / 1000;
+	*/
+
+	ms += (end->ru_stime.tv_sec - start->ru_stime.tv_sec) * 1000;
+	ms += (end->ru_stime.tv_usec - start->ru_stime.tv_usec) / 1000;
+
+	return ms;
+}
+
+static int cipher_perf_one(struct cipher_perf *cp, char *buf,
+			   size_t buf_size, int enc)
+{
+	struct crypt_cipher *cipher = NULL;
+	size_t done = 0, block = CIPHER_BLOCK_BYTES;
+	int r;
+
+	if (buf_size < block)
+		block = buf_size;
+
+	r = crypt_cipher_init(&cipher, cp->name, cp->mode, cp->key, cp->key_length);
+	if (r < 0) {
+		log_dbg("Cannot initialise cipher %s, mode %s.", cp->name, cp->mode);
+		return r;
+	}
+
+	while (done < buf_size) {
+		if ((done + block) > buf_size)
+			block = buf_size - done;
+
+		if (enc)
+			r = crypt_cipher_encrypt(cipher, &buf[done], &buf[done],
+						 block, cp->iv, cp->iv_length);
+		else
+			r = crypt_cipher_decrypt(cipher, &buf[done], &buf[done],
+						 block, cp->iv, cp->iv_length);
+		if (r < 0)
+			break;
+
+		done += block;
+	}
+
+	crypt_cipher_destroy(cipher);
+
+	return r;
+}
+static long cipher_measure(struct cipher_perf *cp, char *buf,
+			   size_t buf_size, int encrypt)
+{
+	struct rusage rstart, rend;
+	int r;
+
+	if (getrusage(RUSAGE_SELF, &rstart) < 0)
+		return -EINVAL;
+
+	r = cipher_perf_one(cp, buf, buf_size, encrypt);
+	if (r < 0)
+		return r;
+
+	if (getrusage(RUSAGE_SELF, &rend) < 0)
+		return -EINVAL;
+
+	return time_ms(&rstart, &rend);
+}
+
+static double speed_mbs(unsigned long bytes, unsigned long ms)
+{
+	double speed = bytes, s = ms / 1000.;
+
+	return speed / (1024 * 1024) / s;
+}
+
+static int cipher_perf(struct cipher_perf *cp,
+	double *encryption_mbs, double *decryption_mbs)
+{
+	long ms_enc, ms_dec, ms;
+	int repeat_enc, repeat_dec;
+	void *buf = NULL;
+
+	if (posix_memalign(&buf, crypt_getpagesize(), cp->buffer_size))
+		return -ENOMEM;
+
+	ms_enc = 0;
+	repeat_enc = 1;
+	while (ms_enc < 1000) {
+		ms = cipher_measure(cp, buf, cp->buffer_size, 1);
+		if (ms < 0) {
+			free(buf);
+			return (int)ms;
+		}
+		ms_enc += ms;
+		repeat_enc++;
+	}
+
+	ms_dec = 0;
+	repeat_dec = 1;
+	while (ms_dec < 1000) {
+		ms = cipher_measure(cp, buf, cp->buffer_size, 0);
+		if (ms < 0) {
+			free(buf);
+			return (int)ms;
+		}
+		ms_dec += ms;
+		repeat_dec++;
+	}
+
+	free(buf);
+
+	*encryption_mbs = speed_mbs(cp->buffer_size * repeat_enc, ms_enc);
+	*decryption_mbs = speed_mbs(cp->buffer_size * repeat_dec, ms_dec);
+
+	return  0;
+}
+
+int crypt_benchmark(struct crypt_device *cd,
+	const char *cipher,
+	const char *cipher_mode,
+	size_t volume_key_size,
+	size_t iv_size,
+	size_t buffer_size,
+	double *encryption_mbs,
+	double *decryption_mbs)
+{
+	struct cipher_perf cp = {
+		.key_length = volume_key_size,
+		.iv_length = iv_size,
+		.buffer_size = buffer_size,
+	};
+	char *c;
+	int r;
+
+	if (!cipher || !cipher_mode || !volume_key_size)
+		return -EINVAL;
+
+	r = init_crypto(cd);
+	if (r < 0)
+		return r;
+
+	r = -ENOMEM;
+	if (iv_size) {
+		cp.iv = malloc(iv_size);
+		if (!cp.iv)
+			goto out;
+		crypt_random_get(cd, cp.iv, iv_size, CRYPT_RND_NORMAL);
+	}
+
+	cp.key = malloc(volume_key_size);
+	if (!cp.key)
+		goto out;
+
+	crypt_random_get(cd, cp.key, volume_key_size, CRYPT_RND_NORMAL);
+	strncpy(cp.name, cipher, sizeof(cp.name)-1);
+	strncpy(cp.mode, cipher_mode, sizeof(cp.mode)-1);
+
+	/* Ignore IV generator */
+	if ((c  = strchr(cp.mode, '-')))
+		*c = '\0';
+
+	r = cipher_perf(&cp, encryption_mbs, decryption_mbs);
+out:
+	free(cp.key);
+	free(cp.iv);
+	return r;
+}
+
+int crypt_benchmark_kdf(struct crypt_device *cd,
+	const char *kdf,
+	const char *hash,
+	const char *password,
+	size_t password_size,
+	const char *salt,
+	size_t salt_size,
+	uint64_t *iterations_sec)
+{
+	int r;
+
+	if (!iterations_sec)
+		return -EINVAL;
+
+	r = init_crypto(cd);
+	if (r < 0)
+		return r;
+
+	if (!strncmp(kdf, "pbkdf2", 6))
+		r = crypt_pbkdf_check(kdf, hash, password, password_size,
+				      salt, salt_size, iterations_sec);
+	else
+		r = -EINVAL;
+
+	if (!r)
+		log_dbg("KDF %s, hash %s: %" PRIu64 " iterations per second.",
+			kdf, hash, *iterations_sec);
+	return r;
+}
--- a/lib/utils_crypt.c
+++ b/lib/utils_crypt.c
@@ -1,12 +1,14 @@
 /*
- * util_crypt - cipher utilities for cryptsetup
+ * utils_crypt - cipher utilities for cryptsetup
 *
 * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -23,6 +25,8 @@
 #include <stdio.h>
 #include <string.h>
 #include <errno.h>
+#include <ctype.h>
+#include <limits.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <unistd.h>
@@ -58,6 +62,15 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
 		return 0;
 	}

+	/* Short version for "empty" cipher */
+	if (!strcmp(s, "null")) {
+		strncpy(cipher, "cipher_null", MAX_CIPHER_LEN);
+		strncpy(cipher_mode, "ecb", 9);
+		if (key_nums)
+			*key_nums = 0;
+		return 0;
+	}
+
 	if (sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]", cipher) == 1) {
 		strncpy(cipher_mode, "cbc-plain", 10);
 		if (key_nums)
@@ -81,7 +94,9 @@ void *crypt_safe_alloc(size_t size)
 		return NULL;

 	alloc->size = size;
+	memset(&alloc->data, 0, size);

+	/* coverity[leaked_storage] */
 	return &alloc->data;
 }

@@ -250,6 +265,49 @@ out_err:
 	return r;
 }

+/*
+ * A simple call to lseek(3) might not be possible for some inputs (e.g.
+ * reading from a pipe), so this function instead reads of up to BUFSIZ bytes
+ * at a time until the specified number of bytes. It returns -1 on read error
+ * or when it reaches EOF before the requested number of bytes have been
+ * discarded.
+ */
+static int keyfile_seek(int fd, size_t bytes)
+{
+	char tmp[BUFSIZ];
+	size_t next_read;
+	ssize_t bytes_r;
+	off_t r;
+
+	r = lseek(fd, bytes, SEEK_CUR);
+	if (r > 0)
+		return 0;
+	if (r < 0 && errno != ESPIPE)
+		return -1;
+
+	while (bytes > 0) {
+		/* figure out how much to read */
+		next_read = bytes > sizeof(tmp) ? sizeof(tmp) : bytes;
+
+		bytes_r = read(fd, tmp, next_read);
+		if (bytes_r < 0) {
+			if (errno == EINTR)
+				continue;
+
+			/* read error */
+			return -1;
+		}
+
+		if (bytes_r == 0)
+			/* EOF */
+			break;
+
+		bytes -= bytes_r;
+	}
+
+	return bytes == 0 ? 0 : -1;
+}
+
 /*
 * Note: --key-file=- is interpreted as a read from a binary file (stdin)
 * key_size_max == 0 means detect maximum according to input type (tty/file)
@@ -257,14 +315,14 @@ out_err:
 */
 int crypt_get_key(const char *prompt,
 		  char **key, size_t *key_size,
-		  size_t keyfile_size_max, const char *key_file,
-		  int timeout, int verify,
+		  size_t keyfile_offset, size_t keyfile_size_max,
+		  const char *key_file, int timeout, int verify,
 		  struct crypt_device *cd)
 {
 	int fd, regular_file, read_stdin, char_read, unlimited_read = 0;
 	int r = -EINVAL;
 	char *pass = NULL;
-	size_t buflen, i;
+	size_t buflen, i, file_read_size;
 	struct stat st;

 	*key = NULL;
@@ -273,8 +331,13 @@ int crypt_get_key(const char *prompt,
 	/* Passphrase read from stdin? */
 	read_stdin = (!key_file || !strcmp(key_file, "-")) ? 1 : 0;

-	if(read_stdin && isatty(STDIN_FILENO))
+	if (read_stdin && isatty(STDIN_FILENO)) {
+		if (keyfile_offset) {
+			log_err(cd, _("Cannot use offset with terminal input.\n"));
+			return -EINVAL;
+		}
 		return crypt_get_key_tty(prompt, key, key_size, timeout, verify, cd);
+	}

 	if (read_stdin)
 		log_dbg("STDIN descriptor passphrase entry requested.");
@@ -303,11 +366,19 @@ int crypt_get_key(const char *prompt,
 		}
 		if(S_ISREG(st.st_mode)) {
 			regular_file = 1;
+			file_read_size = (size_t)st.st_size;
+
+			if (keyfile_offset > file_read_size) {
+				log_err(cd, _("Cannot seek to requested keyfile offset.\n"));
+				goto out_err;
+			}
+			file_read_size -= keyfile_offset;
+
 			/* known keyfile size, alloc it in one step */
-			if ((size_t)st.st_size >= keyfile_size_max)
+			if (file_read_size >= keyfile_size_max)
 				buflen = keyfile_size_max;
-			else
-				buflen = st.st_size;
+			else if (file_read_size)
+				buflen = file_read_size;
 		}
 	}

@@ -317,6 +388,12 @@ int crypt_get_key(const char *prompt,
 		goto out_err;
 	}

+	/* Discard keyfile_offset bytes on input */
+	if (keyfile_offset && keyfile_seek(fd, keyfile_offset) < 0) {
+		log_err(cd, _("Cannot seek to requested keyfile offset.\n"));
+		goto out_err;
+	}
+
 	for(i = 0; i < keyfile_size_max; i++) {
 		if(i == buflen) {
 			buflen += 4096;
@@ -348,7 +425,7 @@ int crypt_get_key(const char *prompt,

 	/* Fail if we exceeded internal default (no specified size) */
 	if (unlimited_read && i == keyfile_size_max) {
-		log_err(cd, _("Maximum keyfile size exceeeded.\n"));
+		log_err(cd, _("Maximum keyfile size exceeded.\n"));
 		goto out_err;
 	}

@@ -357,12 +434,6 @@ int crypt_get_key(const char *prompt,
 		goto out_err;
 	}

-	/* Well, for historical reasons reading empty keyfile is not fail. */
-	if(!i) {
-		crypt_safe_free(pass);
-		pass = NULL;
-	}
-
 	*key = pass;
 	*key_size = i;
 	r = 0;
@@ -374,3 +445,94 @@ out_err:
 		crypt_safe_free(pass);
 	return r;
 }
+
+ssize_t crypt_hex_to_bytes(const char *hex, char **result, int safe_alloc)
+{
+	char buf[3] = "xx\0", *endp, *bytes;
+	size_t i, len;
+
+	len = strlen(hex);
+	if (len % 2)
+		return -EINVAL;
+	len /= 2;
+
+	bytes = safe_alloc ? crypt_safe_alloc(len) : malloc(len);
+	if (!bytes)
+		return -ENOMEM;
+
+	for (i = 0; i < len; i++) {
+		memcpy(buf, &hex[i * 2], 2);
+		bytes[i] = strtoul(buf, &endp, 16);
+		if (endp != &buf[2]) {
+			safe_alloc ? crypt_safe_free(bytes) : free(bytes);
+			return -EINVAL;
+		}
+	}
+	*result = bytes;
+	return i;
+}
+
+/*
+ * Device size string parsing, suffixes:
+ * s|S - 512 bytes sectors
+ * k  |K  |m  |M  |g  |G  |t  |T   - 1024 base
+ * kiB|KiB|miB|MiB|giB|GiB|tiB|TiB - 1024 base
+ * kb |KB |mM |MB |gB |GB |tB |TB  - 1000 base
+ */
+int crypt_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size)
+{
+	char *endp = NULL;
+	size_t len;
+	uint64_t mult_base, mult, tmp;
+
+	*size = strtoull(s, &endp, 10);
+	if (!isdigit(s[0]) ||
+	    (errno == ERANGE && *size == ULLONG_MAX) ||
+	    (errno != 0 && *size == 0))
+		return -EINVAL;
+
+	if (!endp || !*endp)
+		return 0;
+
+	len = strlen(endp);
+	/* Allow "B" and "iB" suffixes */
+	if (len > 3 ||
+	   (len == 3 && (endp[1] != 'i' || endp[2] != 'B')) ||
+	   (len == 2 && endp[1] != 'B'))
+		return -EINVAL;
+
+	if (len == 1 || len == 3)
+		mult_base = 1024;
+	else
+		mult_base = 1000;
+
+	mult = 1;
+	switch (endp[0]) {
+	case 's':
+	case 'S': mult = 512;
+		break;
+	case 't':
+	case 'T': mult *= mult_base;
+		 /* Fall through */
+	case 'g':
+	case 'G': mult *= mult_base;
+		 /* Fall through */
+	case 'm':
+	case 'M': mult *= mult_base;
+		 /* Fall through */
+	case 'k':
+	case 'K': mult *= mult_base;
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	tmp = *size * mult;
+	if ((tmp / *size) != mult) {
+		log_dbg("Device size overflow.");
+		return -EINVAL;
+	}
+
+	*size = tmp;
+	return 0;
+}
--- a/lib/utils_crypt.h
+++ b/lib/utils_crypt.h
@@ -1,11 +1,33 @@
+/*
+ * utils_crypt - cipher utilities for cryptsetup
+ *
+ * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
 #ifndef _UTILS_CRYPT_H
 #define _UTILS_CRYPT_H

 #include <unistd.h>
-#include "config.h"

 #define MAX_CIPHER_LEN		32
-#define MAX_CIPHER_LEN_STR	"32"
+#define MAX_CIPHER_LEN_STR	"31"
+#define MAX_KEYFILES		32

 struct crypt_device;

@@ -14,7 +36,7 @@ int crypt_parse_name_and_mode(const char *s, char *cipher,

 int crypt_get_key(const char *prompt,
 		  char **key, size_t *key_size,
-		  size_t keyfile_size_max,
+		  size_t keyfile_offset, size_t keyfile_size_max,
 		  const char *key_file,
 		  int timeout, int verify,
 		  struct crypt_device *cd);
@@ -23,4 +45,7 @@ void *crypt_safe_alloc(size_t size);
 void crypt_safe_free(void *data);
 void *crypt_safe_realloc(void *data, size_t size);

+ssize_t crypt_hex_to_bytes(const char *hex, char **result, int safe_alloc);
+int crypt_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size);
+
 #endif /* _UTILS_CRYPT_H */
--- a/lib/utils_debug.c
+++ b/lib/utils_debug.c
@@ -1,146 +0,0 @@
-/*
- * Temporary debug code to find processes locking internal cryptsetup devices.
- * This code is intended to run only in debug mode.
- *
- * inspired by psmisc/fuser proc scanning code
- *
- * Copyright (C) 2009-2011, Red Hat, Inc. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <dirent.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <string.h>
-#include "libcryptsetup.h"
-#include "internal.h"
-
-#define MAX_PATHNAME 1024
-#define MAX_SHORTNAME 64
-
-static int numeric_name(const char *name)
-{
-	return (name[0] < '0' || name[0] > '9') ? 0 : 1;
-}
-
-static int check_pid(const pid_t pid, const char *dev_name, const char *short_dev_name)
-{
-	char dirpath[MAX_SHORTNAME], fdpath[MAX_SHORTNAME], linkpath[MAX_PATHNAME];
-	DIR *dirp;
-	struct dirent *direntry;
-	ssize_t len;
-	int r = 0;
-
-	snprintf(dirpath, sizeof(dirpath), "/proc/%d/fd", pid);
-
-	if (!(dirp = opendir(dirpath)))
-		return r;
-
-	while ((direntry = readdir(dirp))) {
-		if (!numeric_name(direntry->d_name))
-			continue;
-
-		snprintf(fdpath, sizeof(fdpath), "/proc/%d/fd/%s", pid, direntry->d_name);
-
-		if ((len = readlink(fdpath, linkpath, MAX_PATHNAME-1)) < 0)
-			break;
-		linkpath[len] = '\0';
-
-		if (!strcmp(dev_name, linkpath)) {
-			r = 1;
-			break;
-		 }
-
-		if (!strcmp(short_dev_name, linkpath)) {
-			r = 2;
-			break;
-		 }
-	}
-	closedir(dirp);
-	return r;
-}
-
-static int read_proc_info(const pid_t pid, pid_t *ppid, char *name, int max_size)
-{
-	char path[MAX_SHORTNAME], info[max_size], c;
-	int fd, xpid, r = 0;
-
-	snprintf(path, sizeof(path), "/proc/%u/stat", pid);
-	if ((fd = open(path, O_RDONLY)) < 0)
-		return 0;
-
-	if (read(fd, info, max_size) > 0 &&
-	    sscanf(info, "%d %s %c %d", &xpid, name, &c, ppid) == 4)
-		r = 1;
-
-	if (!r) {
-		*ppid = 0;
-		name[0] = '\0';
-	}
-	close(fd);
-	return r;
-}
-
-static void report_proc(const pid_t pid, const char *dev_name)
-{
-	char name[MAX_PATHNAME], name2[MAX_PATHNAME];
-	pid_t ppid, ppid2;
-
-	if (read_proc_info(pid, &ppid, name, MAX_PATHNAME) &&
-	    read_proc_info(ppid, &ppid2, name2, MAX_PATHNAME))
-		log_dbg("WARNING: Process PID %u %s [PPID %u %s] spying on internal device %s.",
-			pid, name, ppid, name2, dev_name);
-}
-
-void debug_processes_using_device(const char *dm_name)
-{
-	char short_dev_name[MAX_SHORTNAME], dev_name[MAX_PATHNAME];
-	DIR *proc_dir;
-	struct dirent *proc_dentry;
-	struct stat st;
-	pid_t pid;
-
-	if (crypt_get_debug_level() != CRYPT_LOG_DEBUG)
-		return;
-
-	snprintf(dev_name, sizeof(dev_name), "/dev/mapper/%s", dm_name);
-	if (stat(dev_name, &st) || !S_ISBLK(st.st_mode))
-		return;
-	snprintf(short_dev_name, sizeof(short_dev_name), "/dev/dm-%u", minor(st.st_rdev));
-
-	if (!(proc_dir = opendir("/proc")))
-		return;
-
-	while ((proc_dentry = readdir(proc_dir))) {
-		if (!numeric_name(proc_dentry->d_name))
-			continue;
-
-		pid = atoi(proc_dentry->d_name);
-		switch(check_pid(pid, dev_name, short_dev_name)) {
-		case 1: report_proc(pid, dev_name);
-			break;
-		case 2: report_proc(pid, short_dev_name);
-		default:
-			break;
-		}
-	}
-	closedir(proc_dir);
-}
--- a/lib/utils_device.c
+++ b/lib/utils_device.c
@@ -0,0 +1,442 @@
+/*
+ * device backend utilities
+ *
+ * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <linux/fs.h>
+#include <unistd.h>
+#include "internal.h"
+
+struct device {
+	char *path;
+
+	char *file_path;
+	int loop_fd;
+
+	int init_done:1;
+};
+
+static int device_ready(const char *device)
+{
+	int devfd, r = 0;
+	struct stat st;
+
+	log_dbg("Trying to open and read device %s.", device);
+	devfd = open(device, O_RDONLY);
+	if (devfd < 0) {
+		log_err(NULL, _("Device %s doesn't exist or access denied.\n"), device);
+		return -EINVAL;
+	}
+	if (fstat(devfd, &st) < 0)
+		r = -EINVAL;
+	else if (!S_ISBLK(st.st_mode))
+		r = S_ISREG(st.st_mode) ? -ENOTBLK : -EINVAL;
+
+	close(devfd);
+	return r;
+}
+
+int device_open(struct device *device, int flags)
+{
+	int devfd;
+
+	devfd = open(device_path(device), flags | O_DIRECT | O_SYNC);
+	if (devfd < 0 && errno == EINVAL) {
+		log_dbg("Trying to open device %s without direct-io.",
+			device_path(device));
+		devfd = open(device_path(device), flags | O_SYNC);
+	}
+
+	return devfd;
+}
+
+int device_alloc(struct device **device, const char *path)
+{
+	struct device *dev;
+	int r;
+
+	if (!path) {
+		*device = NULL;
+		return 0;
+	}
+
+	dev = malloc(sizeof(struct device));
+	if (!dev)
+		return -ENOMEM;
+
+	memset(dev, 0, sizeof(struct device));
+	dev->loop_fd = -1;
+
+	r = device_ready(path);
+	if (!r) {
+		dev->init_done = 1;
+	} else if (r == -ENOTBLK) {
+		/* alloc loop later */
+	} else if (r < 0) {
+		free(dev);
+		return -ENOTBLK;
+	}
+
+	dev->path = strdup(path);
+	if (!dev->path) {
+		free(dev);
+		return -ENOMEM;
+	}
+
+	*device = dev;
+	return 0;
+}
+
+void device_free(struct device *device)
+{
+	if (!device)
+		return;
+
+	if (device->loop_fd != -1) {
+		log_dbg("Closed loop %s (%s).", device->path, device->file_path);
+		close(device->loop_fd);
+	}
+
+	free(device->file_path);
+	free(device->path);
+	free(device);
+}
+
+/* Get block device path */
+const char *device_block_path(const struct device *device)
+{
+	if (!device || !device->init_done)
+		return NULL;
+
+	return device->path;
+}
+
+/* Get path to device / file */
+const char *device_path(const struct device *device)
+{
+	if (!device)
+		return NULL;
+
+	if (device->file_path)
+		return device->file_path;
+
+	return device->path;
+}
+
+/* block device topology ioctls, introduced in 2.6.32 */
+#ifndef BLKIOMIN
+#define BLKIOMIN    _IO(0x12,120)
+#define BLKIOOPT    _IO(0x12,121)
+#define BLKALIGNOFF _IO(0x12,122)
+#endif
+
+void device_topology_alignment(struct device *device,
+			    unsigned long *required_alignment, /* bytes */
+			    unsigned long *alignment_offset,   /* bytes */
+			    unsigned long default_alignment)
+{
+	int dev_alignment_offset = 0;
+	unsigned int min_io_size = 0, opt_io_size = 0;
+	unsigned long temp_alignment = 0;
+	int fd;
+
+	*required_alignment = default_alignment;
+	*alignment_offset = 0;
+
+	if (!device || !device->path) //FIXME
+		return;
+
+	fd = open(device->path, O_RDONLY);
+	if (fd == -1)
+		return;
+
+	/* minimum io size */
+	if (ioctl(fd, BLKIOMIN, &min_io_size) == -1) {
+		log_dbg("Topology info for %s not supported, using default offset %lu bytes.",
+			device->path, default_alignment);
+		goto out;
+	}
+
+	/* optimal io size */
+	if (ioctl(fd, BLKIOOPT, &opt_io_size) == -1)
+		opt_io_size = min_io_size;
+
+	/* alignment offset, bogus -1 means misaligned/unknown */
+	if (ioctl(fd, BLKALIGNOFF, &dev_alignment_offset) == -1 || dev_alignment_offset < 0)
+		dev_alignment_offset = 0;
+	*alignment_offset = (unsigned long)dev_alignment_offset;
+
+	temp_alignment = (unsigned long)min_io_size;
+
+	if (temp_alignment < (unsigned long)opt_io_size)
+		temp_alignment = (unsigned long)opt_io_size;
+
+	/* If calculated alignment is multiple of default, keep default */
+	if (temp_alignment && (default_alignment % temp_alignment))
+		*required_alignment = temp_alignment;
+
+	log_dbg("Topology: IO (%u/%u), offset = %lu; Required alignment is %lu bytes.",
+		min_io_size, opt_io_size, *alignment_offset, *required_alignment);
+out:
+	(void)close(fd);
+}
+
+int device_block_size(struct device *device)
+{
+	struct stat st;
+	int fd, bsize = 0, r = -EINVAL;
+
+	if (!device)
+		return 0;
+
+	fd = open(device->path, O_RDONLY);
+	if(fd < 0)
+		return -EINVAL;
+
+	if (fstat(fd, &st) < 0)
+		goto out;
+
+	if (S_ISREG(st.st_mode)) {
+		r = (int)crypt_getpagesize();
+		goto out;
+	}
+
+	if (ioctl(fd, BLKSSZGET, &bsize) >= 0)
+		r = bsize;
+out:
+	close(fd);
+	return r;
+}
+
+int device_read_ahead(struct device *device, uint32_t *read_ahead)
+{
+	int fd, r = 0;
+	long read_ahead_long;
+
+	if (!device)
+		return 0;
+
+	if ((fd = open(device->path, O_RDONLY)) < 0)
+		return 0;
+
+	r = ioctl(fd, BLKRAGET, &read_ahead_long) ? 0 : 1;
+	close(fd);
+
+	if (r)
+		*read_ahead = (uint32_t) read_ahead_long;
+
+	return r;
+}
+
+/* Get data size in bytes */
+int device_size(struct device *device, uint64_t *size)
+{
+	struct stat st;
+	int devfd, r = -EINVAL;
+
+	devfd = open(device->path, O_RDONLY);
+	if(devfd == -1)
+		return -EINVAL;
+
+	if (fstat(devfd, &st) < 0)
+		goto out;
+
+	if (S_ISREG(st.st_mode)) {
+		*size = (uint64_t)st.st_size;
+		r = 0;
+	} else if (ioctl(devfd, BLKGETSIZE64, size) >= 0)
+		r = 0;
+out:
+	close(devfd);
+	return r;
+}
+
+static int device_info(struct device *device,
+			enum devcheck device_check,
+			int *readonly, uint64_t *size)
+{
+	struct stat st;
+	int fd, r = -EINVAL, flags = 0;
+
+	*readonly = 0;
+	*size = 0;
+
+	if (stat(device->path, &st) < 0)
+		return -EINVAL;
+
+	/* never wipe header on mounted device */
+	if (device_check == DEV_EXCL && S_ISBLK(st.st_mode))
+		flags |= O_EXCL;
+
+	/* Try to open read-write to check whether it is a read-only device */
+	/* coverity[toctou] */
+	fd = open(device->path, O_RDWR | flags);
+	if (fd == -1 && errno == EROFS) {
+		*readonly = 1;
+		fd = open(device->path, O_RDONLY | flags);
+	}
+
+	if (fd == -1 && device_check == DEV_EXCL && errno == EBUSY)
+		return -EBUSY;
+
+	if (fd == -1)
+		return -EINVAL;
+
+	if (S_ISREG(st.st_mode)) {
+		//FIXME: add readonly check
+		*size = (uint64_t)st.st_size;
+		*size >>= SECTOR_SHIFT;
+	} else {
+		/* If the device can be opened read-write, i.e. readonly is still 0, then
+		 * check whether BKROGET says that it is read-only. E.g. read-only loop
+		 * devices may be openend read-write but are read-only according to BLKROGET
+		 */
+		if (*readonly == 0 && (r = ioctl(fd, BLKROGET, readonly)) < 0)
+			goto out;
+
+		if (ioctl(fd, BLKGETSIZE64, size) >= 0) {
+			*size >>= SECTOR_SHIFT;
+			r = 0;
+			goto out;
+		}
+	}
+	r = -EINVAL;
+out:
+	close(fd);
+	return r;
+}
+
+static int device_internal_prepare(struct crypt_device *cd, struct device *device)
+{
+	char *loop_device;
+	int r, loop_fd, readonly = 0;
+
+	if (device->init_done)
+		return 0;
+
+	log_dbg("Allocating a free loop device.");
+	loop_device = crypt_loop_get_device();
+	if (!loop_device) {
+		if (getuid() || geteuid())
+			log_err(cd, _("Cannot use a loopback device, "
+				      "running as non-root user.\n"));
+		else
+			log_err(cd, _("Cannot find a free loopback device.\n"));
+		return -ENOTSUP;
+	}
+
+	/* Keep the loop open, dettached on last close. */
+	loop_fd = crypt_loop_attach(loop_device, device->path, 0, 1, &readonly);
+	if (loop_fd == -1) {
+		log_err(cd, _("Attaching loopback device failed "
+			"(loop device with autoclear flag is required).\n"));
+		free(loop_device);
+		return -EINVAL;
+	}
+
+	r = device_ready(loop_device);
+	if (r < 0) {
+		free(loop_device);
+		return r;
+	}
+
+	device->loop_fd = loop_fd;
+	device->file_path = device->path;
+	device->path = loop_device;
+	device->init_done = 1;
+
+	return 0;
+}
+
+int device_block_adjust(struct crypt_device *cd,
+			struct device *device,
+			enum devcheck device_check,
+			uint64_t device_offset,
+			uint64_t *size,
+			uint32_t *flags)
+{
+	int r, real_readonly;
+	uint64_t real_size;
+
+	if (!device)
+		return -ENOTBLK;
+
+	r = device_internal_prepare(cd, device);
+	if (r)
+		return r;
+
+	r = device_info(device, device_check, &real_readonly, &real_size);
+	if (r < 0) {
+		if (r == -EBUSY)
+			log_err(cd, _("Cannot use device %s which is in use "
+				      "(already mapped or mounted).\n"),
+				      device->path);
+		else
+			log_err(cd, _("Cannot get info about device %s.\n"),
+				device->path);
+		return r;
+	}
+
+	if (device_offset >= real_size) {
+		log_err(cd, _("Requested offset is beyond real size of device %s.\n"),
+			device->path);
+		return -EINVAL;
+	}
+
+	if (size && !*size) {
+		*size = real_size;
+		if (!*size) {
+			log_err(cd, _("Device %s has zero size.\n"), device->path);
+			return -ENOTBLK;
+		}
+		*size -= device_offset;
+	}
+
+	/* in case of size is set by parameter */
+	if (size && ((real_size - device_offset) < *size)) {
+		log_dbg("Device %s: offset = %" PRIu64 " requested size = %" PRIu64
+			", backing device size = %" PRIu64,
+			device->path, device_offset, *size, real_size);
+		log_err(cd, _("Device %s is too small.\n"), device->path);
+		return -EINVAL;
+	}
+
+	if (flags && real_readonly)
+		*flags |= CRYPT_ACTIVATE_READONLY;
+
+	if (size)
+		log_dbg("Calculated device size is %" PRIu64" sectors (%s), offset %" PRIu64 ".",
+		*size, real_readonly ? "RO" : "RW", device_offset);
+	return 0;
+}
+
+size_t size_round_up(size_t size, unsigned int block)
+{
+	size_t s = (size + (block - 1)) / block;
+	return s * block;
+}
--- a/lib/utils_devpath.c
+++ b/lib/utils_devpath.c
@@ -3,11 +3,13 @@
 *
 * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
 * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2013, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -26,13 +28,10 @@
 #include <dirent.h>
 #include <fcntl.h>
 #include <errno.h>
+#include <limits.h>
 #include <sys/stat.h>
 #include <sys/types.h>
-#include "utils_dm.h"
-
-char *crypt_lookup_dev(const char *dev_id);
-int crypt_sysfs_check_crypt_segment(const char *device, uint64_t offset, uint64_t size);
-int crypt_sysfs_get_rotational(int major, int minor, int *rotational);
+#include "internal.h"

 static char *__lookup_dev(char *path, dev_t dev, int dir_level, const int max_level)
 {
@@ -135,7 +134,7 @@ char *crypt_lookup_dev(const char *dev_id)
 	if (snprintf(path, sizeof(path), "/sys/dev/block/%s", dev_id) < 0)
 		return NULL;

-	len = readlink(path, link, sizeof(link));
+	len = readlink(path, link, sizeof(link) - 1);
 	if (len < 0) {
 		/* Without /sys use old scan */
 		if (stat("/sys/dev/block", &st) < 0)
@@ -168,15 +167,12 @@ char *crypt_lookup_dev(const char *dev_id)
 	return devpath;
 }

-static int crypt_sysfs_get_major_minor(const char *kname, int *major, int *minor)
+static int _read_uint64(const char *sysfs_path, uint64_t *value)
 {
-	char path[PATH_MAX], tmp[64] = {0};
-	int fd, r = 0;
+	char tmp[64] = {0};
+	int fd, r;

-	if (snprintf(path, sizeof(path), "/sys/block/%s/dev", kname) < 0)
-		return 0;
-
-	if ((fd = open(path, O_RDONLY)) < 0)
+	if ((fd = open(sysfs_path, O_RDONLY)) < 0)
 		return 0;
 	r = read(fd, tmp, sizeof(tmp));
 	close(fd);
@@ -184,85 +180,128 @@ static int crypt_sysfs_get_major_minor(const char *kname, int *major, int *minor
 	if (r <= 0)
 		return 0;

-	tmp[63] = '\0';
-	if (sscanf(tmp, "%d:%d", major, minor) != 2)
+        if (sscanf(tmp, "%" PRIu64, value) != 1)
 		return 0;

 	return 1;
 }

-static int crypt_sysfs_get_holders_dir(const char *device, char *path, int size)
+static int _sysfs_get_uint64(int major, int minor, uint64_t *value, const char *attr)
 {
+	char path[PATH_MAX];
+
+	if (snprintf(path, sizeof(path), "/sys/dev/block/%d:%d/%s",
+		     major, minor, attr) < 0)
+		return 0;
+
+	return _read_uint64(path, value);
+}
+
+static int _path_get_uint64(const char *sysfs_path, uint64_t *value, const char *attr)
+{
+	char path[PATH_MAX];
+
+	if (snprintf(path, sizeof(path), "%s/%s",
+		     sysfs_path, attr) < 0)
+		return 0;
+
+	return _read_uint64(path, value);
+}
+
+int crypt_dev_is_rotational(int major, int minor)
+{
+	uint64_t val;
+
+	if (!_sysfs_get_uint64(major, minor, &val, "queue/rotational"))
+		return 1; /* if failed, expect rotational disk */
+
+	return val ? 1 : 0;
+}
+
+int crypt_dev_is_partition(const char *dev_path)
+{
+	uint64_t val;
 	struct stat st;

-	if (stat(device, &st) < 0 || !S_ISBLK(st.st_mode))
+	if (stat(dev_path, &st) < 0)
 		return 0;

-	if (snprintf(path, size, "/sys/dev/block/%d:%d/holders",
-		     major(st.st_rdev), minor(st.st_rdev)) < 0)
+	if (!S_ISBLK(st.st_mode))
 		return 0;

-	return 1;
+	if (!_sysfs_get_uint64(major(st.st_rdev), minor(st.st_rdev),
+			      &val, "partition"))
+		return 0;
+
+	return val ? 1 : 0;
 }

-int crypt_sysfs_check_crypt_segment(const char *device, uint64_t offset, uint64_t size)
+/* Try to find partition which match offset and size on top level device */
+char *crypt_get_partition_device(const char *dev_path, uint64_t offset, uint64_t size)
 {
+	char link[PATH_MAX], path[PATH_MAX], part_path[PATH_MAX], *devname;
+	char *result = NULL;
+	struct stat st;
+	size_t devname_len;
+	ssize_t len;
+	struct dirent *entry;
 	DIR *dir;
-	struct dirent *d;
-	char path[PATH_MAX], *dmname;
-	int major, minor, r = 0;
+	uint64_t part_offset, part_size;

-	if (!crypt_sysfs_get_holders_dir(device, path, sizeof(path)))
-		return -EINVAL;
+	if (stat(dev_path, &st) < 0)
+		return NULL;

-	if (!(dir = opendir(path)))
-		return -EINVAL;
+	if (!S_ISBLK(st.st_mode))
+		return NULL;

-	while (!r && (d = readdir(dir))) {
-		if (!strcmp(d->d_name, ".") || !strcmp(d->d_name, ".."))
+	if (snprintf(path, sizeof(path), "/sys/dev/block/%d:%d",
+		major(st.st_rdev), minor(st.st_rdev)) < 0)
+		return NULL;
+
+	len = readlink(path, link, sizeof(link) - 1);
+	if (len < 0)
+		return NULL;
+
+	/* Get top level disk name for sysfs search */
+	link[len] = '\0';
+	devname = strrchr(link, '/');
+	if (!devname)
+		return NULL;
+	devname++;
+
+	/* DM devices do not use kernel partitions. */
+	if (dm_is_dm_kernel_name(devname))
+		return NULL;
+
+	dir = opendir(path);
+	if (!dir)
+		return NULL;
+
+	devname_len = strlen(devname);
+	while((entry = readdir(dir))) {
+		if (strncmp(entry->d_name, devname, devname_len))
 			continue;

-		if (!dm_is_dm_kernel_name(d->d_name)) {
-			r = -EBUSY;
-			break;
-		}
+		if (snprintf(part_path, sizeof(part_path), "%s/%s",
+		    path, entry->d_name) < 0)
+			continue;

-		if (!crypt_sysfs_get_major_minor(d->d_name, &major, &minor)) {
-			r = -EINVAL;
-			break;
-		}
+		if (stat(part_path, &st) < 0)
+			continue;

-		if (!(dmname = dm_device_path(NULL, major, minor))) {
-			r = -EINVAL;
-			break;
+		if (S_ISDIR(st.st_mode)) {
+			if (!_path_get_uint64(part_path, &part_offset, "start") ||
+			    !_path_get_uint64(part_path, &part_size, "size"))
+				continue;
+			if (part_offset == offset && part_size == size &&
+			    snprintf(part_path, sizeof(part_path), "/dev/%s",
+				     entry->d_name) > 0) {
+				result = strdup(part_path);
+				break;
+			}
 		}
-		r = dm_check_segment(dmname, offset, size);
-		free(dmname);
 	}
 	closedir(dir);

-	return r;
-}
-
-int crypt_sysfs_get_rotational(int major, int minor, int *rotational)
-{
-	char path[PATH_MAX], tmp[64] = {0};
-	int fd, r;
-
-	if (snprintf(path, sizeof(path), "/sys/dev/block/%d:%d/queue/rotational",
-		     major, minor) < 0)
-		return 0;
-
-	if ((fd = open(path, O_RDONLY)) < 0)
-		return 0;
-	r = read(fd, tmp, sizeof(tmp));
-	close(fd);
-
-	if (r <= 0)
-		return 0;
-
-        if (sscanf(tmp, "%d", rotational) != 1)
-		return 0;
-
-	return 1;
+	return result;
 }
--- a/lib/utils_dm.h
+++ b/lib/utils_dm.h
@@ -1,3 +1,26 @@
+/*
+ * libdevmapper - device-mapper backend for cryptsetup
+ *
+ * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
 #ifndef _UTILS_DM_H
 #define _UTILS_DM_H

@@ -6,6 +29,8 @@

 struct crypt_device;
 struct volume_key;
+struct crypt_params_verity;
+struct device;

 /* Device mapper backend - kernel support flags */
 #define DM_KEY_WIPE_SUPPORTED (1 << 0)	/* key wipe message */
@@ -13,48 +38,71 @@ struct volume_key;
 #define DM_SECURE_SUPPORTED   (1 << 2)	/* wipe (secure) buffer flag */
 #define DM_PLAIN64_SUPPORTED  (1 << 3)	/* plain64 IV */
 #define DM_DISCARDS_SUPPORTED (1 << 4)	/* discards/TRIM option is supported */
+#define DM_VERITY_SUPPORTED   (1 << 5)	/* dm-verity target supported */
 uint32_t dm_flags(void);

 #define DM_ACTIVE_DEVICE	(1 << 0)
-#define DM_ACTIVE_CIPHER	(1 << 1)
-#define DM_ACTIVE_UUID		(1 << 2)
-#define DM_ACTIVE_KEYSIZE	(1 << 3)
-#define DM_ACTIVE_KEY		(1 << 4)
+#define DM_ACTIVE_UUID		(1 << 1)
+
+#define DM_ACTIVE_CRYPT_CIPHER	(1 << 2)
+#define DM_ACTIVE_CRYPT_KEYSIZE	(1 << 3)
+#define DM_ACTIVE_CRYPT_KEY	(1 << 4)
+
+#define DM_ACTIVE_VERITY_ROOT_HASH	(1 << 5)
+#define DM_ACTIVE_VERITY_HASH_DEVICE	(1 << 6)
+#define DM_ACTIVE_VERITY_PARAMS		(1 << 7)

 struct crypt_dm_active_device {
-	const char *device;
-	const char *cipher;
-	const char *uuid;
-
-	/* Active key for device */
-	struct volume_key *vk;
-
-	/* struct crypt_active_device */
-	uint64_t offset;	/* offset in sectors */
-	uint64_t iv_offset;	/* IV initilisation sector */
+	enum { DM_CRYPT = 0, DM_VERITY } target;
 	uint64_t size;		/* active device size */
 	uint32_t flags;		/* activation flags */
+	const char *uuid;
+	struct device *data_device;
+	union {
+	struct {
+		const char *cipher;
+
+		/* Active key for device */
+		struct volume_key *vk;
+
+		/* struct crypt_active_device */
+		uint64_t offset;	/* offset in sectors */
+		uint64_t iv_offset;	/* IV initilisation sector */
+	} crypt;
+	struct {
+		struct device *hash_device;
+
+		const char *root_hash;
+		uint32_t root_hash_size;
+
+		uint64_t hash_offset;	/* hash offset in blocks (not header) */
+		struct crypt_params_verity *vp;
+	} verity;
+	} u;
 };

+void dm_backend_init(void);
+void dm_backend_exit(void);
+
+int dm_remove_device(struct crypt_device *cd, const char *name,
+		     int force, uint64_t size);
+int dm_status_device(struct crypt_device *cd, const char *name);
+int dm_status_suspended(struct crypt_device *cd, const char *name);
+int dm_status_verity_ok(struct crypt_device *cd, const char *name);
+int dm_query_device(struct crypt_device *cd, const char *name,
+		    uint32_t get_flags, struct crypt_dm_active_device *dmd);
+int dm_create_device(struct crypt_device *cd, const char *name,
+		     const char *type, struct crypt_dm_active_device *dmd,
+		     int reload);
+int dm_suspend_and_wipe_key(struct crypt_device *cd, const char *name);
+int dm_resume_and_reinstate_key(struct crypt_device *cd, const char *name,
+				size_t key_size, const char *key);
+
 const char *dm_get_dir(void);
-int dm_init(struct crypt_device *context, int check_kernel);
-void dm_exit(void);
-int dm_remove_device(const char *name, int force, uint64_t size);
-int dm_status_device(const char *name);
-int dm_status_suspended(const char *name);
-int dm_query_device(const char *name, uint32_t get_flags,
-		    struct crypt_dm_active_device *dmd);
-int dm_create_device(const char *name,
-		      const char *type,
-		      struct crypt_dm_active_device *dmd,
-		      int reload);
-int dm_suspend_and_wipe_key(const char *name);
-int dm_resume_and_reinstate_key(const char *name,
-				size_t key_size,
-				const char *key);
-char *dm_device_path(const char *prefix, int major, int minor);
+
+/* These are DM helpers used only by utils_devpath file */
 int dm_is_dm_device(int major, int minor);
 int dm_is_dm_kernel_name(const char *name);
-int dm_check_segment(const char *name, uint64_t offset, uint64_t size);
+char *dm_device_path(const char *prefix, int major, int minor);

 #endif /* _UTILS_DM_H */
--- a/lib/utils_fips.c
+++ b/lib/utils_fips.c
@@ -0,0 +1,62 @@
+/*
+ * FIPS mode utilities
+ *
+ * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+#include "libcryptsetup.h"
+#include "nls.h"
+#include "utils_fips.h"
+
+#if !ENABLE_FIPS
+int crypt_fips_mode(void) { return 0; }
+void crypt_fips_libcryptsetup_check(struct crypt_device *cd) {}
+void crypt_fips_self_check(struct crypt_device *cd) {}
+#else
+#include <fipscheck.h>
+
+int crypt_fips_mode(void)
+{
+	return FIPSCHECK_kernel_fips_mode();
+}
+
+static void crypt_fips_verify(struct crypt_device *cd,
+			       const char *name, const char *function)
+{
+	if (!crypt_fips_mode())
+		return;
+
+	if (!FIPSCHECK_verify(name, function)) {
+		crypt_log(cd, CRYPT_LOG_ERROR, _("FIPS checksum verification failed.\n"));
+		_exit(EXIT_FAILURE);
+	}
+
+	crypt_log(cd, CRYPT_LOG_VERBOSE, _("Running in FIPS mode.\n"));
+}
+
+void crypt_fips_libcryptsetup_check(struct crypt_device *cd)
+{
+	crypt_fips_verify(cd, LIBCRYPTSETUP_VERSION_FIPS, "crypt_init");
+}
+
+void crypt_fips_self_check(struct crypt_device *cd)
+{
+	crypt_fips_verify(cd, NULL, NULL);
+}
+#endif /* ENABLE_FIPS */
--- a/lib/utils_fips.h
+++ b/lib/utils_fips.h
@@ -0,0 +1,30 @@
+/*
+ * FIPS mode utilities
+ *
+ * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _UTILS_FIPS_H
+#define _UTILS_FIPS_H
+
+struct crypt_device;
+
+int crypt_fips_mode(void);
+void crypt_fips_libcryptsetup_check(struct crypt_device *cd);
+void crypt_fips_self_check(struct crypt_device *cd);
+
+#endif /* _UTILS_FIPS_H */
--- a/lib/utils_loop.c
+++ b/lib/utils_loop.c
@@ -1,11 +1,13 @@
 /*
 * loopback block device utilities
 *
- * Copyright (C) 2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -25,6 +27,7 @@
 #include <limits.h>
 #include <sys/ioctl.h>
 #include <sys/stat.h>
+#include <sys/types.h>
 #include <linux/loop.h>

 #include "utils_loop.h"
@@ -43,13 +46,10 @@ static char *crypt_loop_get_device_old(void)
 {
 	char dev[20];
 	int i, loop_fd;
-	struct stat st;
 	struct loop_info64 lo64 = {0};

 	for (i = 0; i < 256; i++) {
 		sprintf(dev, "/dev/loop%d", i);
-		if (stat(dev, &st) || !S_ISBLK(st.st_mode))
-			return NULL;

 		loop_fd = open(dev, O_RDONLY);
 		if (loop_fd < 0)
@@ -99,7 +99,7 @@ int crypt_loop_attach(const char *loop, const char *file, int offset,
 	int loop_fd = -1, file_fd = -1, r = 1;

 	file_fd = open(file, (*readonly ? O_RDONLY : O_RDWR) | O_EXCL);
-	if (file_fd < 0 && errno == EROFS && !*readonly) {
+	if (file_fd < 0 && (errno == EROFS || errno == EACCES) && !*readonly) {
 		*readonly = 1;
 		file_fd = open(file, O_RDONLY | O_EXCL);
 	}
--- a/lib/utils_loop.h
+++ b/lib/utils_loop.h
@@ -1,3 +1,23 @@
+/*
+ * loopback block device utilities
+ *
+ * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
 #ifndef _UTILS_LOOP_H
 #define _UTILS_LOOP_H

--- a/lib/utils_wipe.c
+++ b/lib/utils_wipe.c
@@ -2,11 +2,13 @@
 * utils_wipe - wipe a device
 *
 * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -34,10 +36,20 @@

 #define MAXIMUM_WIPE_BYTES	1024 * 1024 * 32 /* 32 MiB */

-static ssize_t _crypt_wipe_zero(int fd, char *buffer, uint64_t offset, uint64_t size)
+static ssize_t _crypt_wipe_zero(int fd, int bsize, char *buffer,
+				uint64_t offset, uint64_t size)
 {
 	memset(buffer, 0, size);
-	return write_lseek_blockwise(fd, buffer, size, offset);
+	return write_lseek_blockwise(fd, bsize, buffer, size, offset);
+}
+
+static ssize_t _crypt_wipe_random(int fd, int bsize, char *buffer,
+				  uint64_t offset, uint64_t size)
+{
+	if (crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL) < 0)
+		return -EINVAL;
+
+	return write_lseek_blockwise(fd, bsize, buffer, size, offset);
 }

 /*
@@ -66,38 +78,45 @@ static void wipeSpecial(char *buffer, size_t buffer_size, unsigned int turn)
 	}
 }

-static ssize_t _crypt_wipe_disk(int fd, char *buffer, uint64_t offset, uint64_t size)
+static ssize_t _crypt_wipe_disk(int fd, int bsize, char *buffer,
+				uint64_t offset, uint64_t size)
 {
+	int r;
 	unsigned int i;
 	ssize_t written;

 	for(i = 0; i < 39; ++i) {
-		if                (i <  5) crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL);
-		else if(i >=  5 && i < 32) wipeSpecial(buffer, size, i - 5);
-		else if(i >= 32 && i < 38) crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL);
-		else if(i >= 38 && i < 39) memset(buffer, 0xFF, size);
+		if (i <  5) {
+			r = crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL);
+		} else if(i >=  5 && i < 32) {
+			wipeSpecial(buffer, size, i - 5);
+			r = 0;
+		} else if(i >= 32 && i < 38) {
+			r = crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL);
+		} else if(i >= 38 && i < 39) {
+			memset(buffer, 0xFF, size);
+			r = 0;
+		}
+		if (r < 0)
+			return r;

-		written = write_lseek_blockwise(fd, buffer, size, offset);
+		written = write_lseek_blockwise(fd, bsize, buffer, size, offset);
 		if (written < 0 || written != (ssize_t)size)
 			return written;
 	}

-	return written;
+	/* Rewrite it finally with random */
+	return _crypt_wipe_random(fd, bsize, buffer, offset, size);
 }

-static ssize_t _crypt_wipe_random(int fd, char *buffer, uint64_t offset, uint64_t size)
-{
-	crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL);
-	return write_lseek_blockwise(fd, buffer, size, offset);
-}
-
-static ssize_t _crypt_wipe_ssd(int fd, char *buffer, uint64_t offset, uint64_t size)
+static ssize_t _crypt_wipe_ssd(int fd, int bsize, char *buffer,
+			       uint64_t offset, uint64_t size)
 {
 	// FIXME: for now just rewrite it by random
-	return _crypt_wipe_random(fd, buffer, offset, size);
+	return _crypt_wipe_random(fd, bsize, buffer, offset, size);
 }

-int crypt_wipe(const char *device,
+int crypt_wipe(struct device *device,
 	       uint64_t offset,
 	       uint64_t size,
 	       crypt_wipe_type type,
@@ -105,58 +124,64 @@ int crypt_wipe(const char *device,
 {
 	struct stat st;
 	char *buffer;
-	int devfd, flags, rotational;
+	int devfd, flags, bsize;
 	ssize_t written;

 	if (!size || size % SECTOR_SIZE || (size > MAXIMUM_WIPE_BYTES)) {
 		log_dbg("Unsuported wipe size for device %s: %ld.",
-			device, (unsigned long)size);
+			device_path(device), (unsigned long)size);
 		return -EINVAL;
 	}

-	if (stat(device, &st) < 0) {
-		log_dbg("Device %s not found.", device);
+	if (stat(device_path(device), &st) < 0) {
+		log_dbg("Device %s not found.", device_path(device));
 		return -EINVAL;
 	}

-	if (type == CRYPT_WIPE_DISK) {
-		if (!crypt_sysfs_get_rotational(major(st.st_rdev),
-						minor(st.st_rdev),
-						&rotational))
-			rotational = 1;
-		log_dbg("Rotational flag is %d.", rotational);
-		if (!rotational)
+	if (type == CRYPT_WIPE_DISK && S_ISBLK(st.st_mode)) {
+		if (!crypt_dev_is_rotational(major(st.st_rdev),
+						minor(st.st_rdev))) {
 			type = CRYPT_WIPE_SSD;
+			log_dbg("Non-rotational device, using SSD wipe mode.");
+		} else
+			log_dbg("Rotational device, using normal wipe mode.");
 	}

+	bsize = device_block_size(device);
+	if (bsize <= 0)
+		return -EINVAL;
+
 	buffer = malloc(size);
 	if (!buffer)
 		return -ENOMEM;

-	flags = O_WRONLY | O_DIRECT | O_SYNC;
+	flags = O_RDWR;

 	/* use O_EXCL only for block devices */
 	if (exclusive && S_ISBLK(st.st_mode))
 		flags |= O_EXCL;

-	devfd = open(device, flags);
+	/* coverity[toctou] */
+	devfd = device_open(device, flags);
 	if (devfd == -1) {
 		free(buffer);
-		return errno == EBUSY ? -EBUSY : -EINVAL;
+		return errno ? -errno : -EINVAL;
 	}

 	// FIXME: use fixed block size and loop here
 	switch (type) {
 		case CRYPT_WIPE_ZERO:
-			written = _crypt_wipe_zero(devfd, buffer, offset, size);
+			written = _crypt_wipe_zero(devfd, bsize, buffer, offset, size);
 			break;
 		case CRYPT_WIPE_DISK:
-			written = _crypt_wipe_disk(devfd, buffer, offset, size);
+			written = _crypt_wipe_disk(devfd, bsize, buffer, offset, size);
+			break;
 		case CRYPT_WIPE_SSD:
-			written = _crypt_wipe_ssd(devfd, buffer, offset, size);
+			written = _crypt_wipe_ssd(devfd, bsize, buffer, offset, size);
 			break;
 		case CRYPT_WIPE_RANDOM:
-			written = _crypt_wipe_random(devfd, buffer, offset, size);
+			written = _crypt_wipe_random(devfd, bsize, buffer, offset, size);
+			break;
 		default:
 			log_dbg("Unsuported wipe type requested: (%d)", type);
 			written = -1;
--- a/lib/verity/Makefile.am
+++ b/lib/verity/Makefile.am
@@ -0,0 +1,14 @@
+moduledir = $(libdir)/cryptsetup
+
+noinst_LTLIBRARIES = libverity.la
+
+libverity_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@
+
+libverity_la_SOURCES = \
+	verity_hash.c \
+	verity.c \
+	verity.h
+
+AM_CPPFLAGS = -include config.h \
+        -I$(top_srcdir)/lib			\
+        -I$(top_srcdir)/lib/crypto_backend
--- a/lib/verity/verity.c
+++ b/lib/verity/verity.c
@@ -0,0 +1,289 @@
+/*
+ * dm-verity volume handling
+ *
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <netinet/in.h>
+#include <uuid/uuid.h>
+
+#include "libcryptsetup.h"
+#include "verity.h"
+#include "internal.h"
+
+#define VERITY_SIGNATURE "verity\0\0"
+
+/* http://code.google.com/p/cryptsetup/wiki/DMVerity#Verity_superblock_format */
+struct verity_sb {
+	uint8_t  signature[8];	/* "verity\0\0" */
+	uint32_t version;	/* superblock version */
+	uint32_t hash_type;	/* 0 - Chrome OS, 1 - normal */
+	uint8_t  uuid[16];	/* UUID of hash device */
+	uint8_t  algorithm[32];/* hash algorithm name */
+	uint32_t data_block_size; /* data block in bytes */
+	uint32_t hash_block_size; /* hash block in bytes */
+	uint64_t data_blocks;	/* number of data blocks */
+	uint16_t salt_size;	/* salt size */
+	uint8_t  _pad1[6];
+	uint8_t  salt[256];	/* salt */
+	uint8_t  _pad2[168];
+} __attribute__((packed));
+
+/* Read verity superblock from disk */
+int VERITY_read_sb(struct crypt_device *cd,
+		   uint64_t sb_offset,
+		   char **uuid_string,
+		   struct crypt_params_verity *params)
+{
+	struct device *device = crypt_metadata_device(cd);
+	int bsize = device_block_size(device);
+	struct verity_sb sb = {};
+	ssize_t hdr_size = sizeof(struct verity_sb);
+	int devfd = 0, sb_version;
+
+	log_dbg("Reading VERITY header of size %u on device %s, offset %" PRIu64 ".",
+		sizeof(struct verity_sb), device_path(device), sb_offset);
+
+	if (params->flags & CRYPT_VERITY_NO_HEADER) {
+		log_err(cd, _("Verity device doesn't use on-disk header.\n"),
+			device_path(device));
+		return -EINVAL;
+	}
+
+	if (sb_offset % 512) {
+		log_err(cd, _("Unsupported VERITY hash offset.\n"));
+		return -EINVAL;
+	}
+
+	devfd = device_open(device, O_RDONLY);
+	if(devfd == -1) {
+		log_err(cd, _("Cannot open device %s.\n"), device_path(device));
+		return -EINVAL;
+	}
+
+	if(lseek(devfd, sb_offset, SEEK_SET) < 0 ||
+	   read_blockwise(devfd, bsize, &sb, hdr_size) < hdr_size) {
+		close(devfd);
+		return -EIO;
+	}
+	close(devfd);
+
+	if (memcmp(sb.signature, VERITY_SIGNATURE, sizeof(sb.signature))) {
+		log_err(cd, _("Device %s is not a valid VERITY device.\n"),
+			device_path(device));
+		return -EINVAL;
+	}
+
+	sb_version = le32_to_cpu(sb.version);
+	if (sb_version != 1) {
+		log_err(cd, _("Unsupported VERITY version %d.\n"), sb_version);
+		return -EINVAL;
+	}
+	params->hash_type = le32_to_cpu(sb.hash_type);
+	if (params->hash_type > VERITY_MAX_HASH_TYPE) {
+		log_err(cd, _("Unsupported VERITY hash type %d.\n"), params->hash_type);
+		return -EINVAL;
+	}
+
+	params->data_block_size = le32_to_cpu(sb.data_block_size);
+	params->hash_block_size = le32_to_cpu(sb.hash_block_size);
+	if (VERITY_BLOCK_SIZE_OK(params->data_block_size) ||
+	    VERITY_BLOCK_SIZE_OK(params->hash_block_size)) {
+		log_err(cd, _("Unsupported VERITY block size.\n"));
+		return -EINVAL;
+	}
+	params->data_size = le64_to_cpu(sb.data_blocks);
+
+	params->hash_name = strndup((const char*)sb.algorithm, sizeof(sb.algorithm));
+	if (!params->hash_name)
+		return -ENOMEM;
+	if (crypt_hash_size(params->hash_name) <= 0) {
+		log_err(cd, _("Hash algorithm %s not supported.\n"),
+			params->hash_name);
+		free(CONST_CAST(char*)params->hash_name);
+		return -EINVAL;
+	}
+
+	params->salt_size = le16_to_cpu(sb.salt_size);
+	if (params->salt_size > sizeof(sb.salt)) {
+		log_err(cd, _("VERITY header corrupted.\n"));
+		free(CONST_CAST(char*)params->hash_name);
+		return -EINVAL;
+	}
+	params->salt = malloc(params->salt_size);
+	if (!params->salt) {
+		free(CONST_CAST(char*)params->hash_name);
+		return -ENOMEM;
+	}
+	memcpy(CONST_CAST(char*)params->salt, sb.salt, params->salt_size);
+
+	if ((*uuid_string = malloc(40)))
+		uuid_unparse(sb.uuid, *uuid_string);
+
+	params->hash_area_offset = sb_offset;
+	return 0;
+}
+
+/* Write verity superblock to disk */
+int VERITY_write_sb(struct crypt_device *cd,
+		   uint64_t sb_offset,
+		   const char *uuid_string,
+		   struct crypt_params_verity *params)
+{
+	struct device *device = crypt_metadata_device(cd);
+	int bsize = device_block_size(device);
+	struct verity_sb sb = {};
+	ssize_t hdr_size = sizeof(struct verity_sb);
+	uuid_t uuid;
+	int r, devfd = 0;
+
+	log_dbg("Updating VERITY header of size %u on device %s, offset %" PRIu64 ".",
+		sizeof(struct verity_sb), device_path(device), sb_offset);
+
+	if (!uuid_string || uuid_parse(uuid_string, uuid) == -1) {
+		log_err(cd, _("Wrong VERITY UUID format provided.\n"),
+			device_path(device));
+		return -EINVAL;
+	}
+
+	if (params->flags & CRYPT_VERITY_NO_HEADER) {
+		log_err(cd, _("Verity device doesn't use on-disk header.\n"),
+			device_path(device));
+		return -EINVAL;
+	}
+
+	devfd = device_open(device, O_RDWR);
+	if(devfd == -1) {
+		log_err(cd, _("Cannot open device %s.\n"), device_path(device));
+		return -EINVAL;
+	}
+
+	memcpy(&sb.signature, VERITY_SIGNATURE, sizeof(sb.signature));
+	sb.version         = cpu_to_le32(1);
+	sb.hash_type       = cpu_to_le32(params->hash_type);
+	sb.data_block_size = cpu_to_le32(params->data_block_size);
+	sb.hash_block_size = cpu_to_le32(params->hash_block_size);
+	sb.salt_size       = cpu_to_le16(params->salt_size);
+	sb.data_blocks     = cpu_to_le64(params->data_size);
+	strncpy((char *)sb.algorithm, params->hash_name, sizeof(sb.algorithm));
+	memcpy(sb.salt, params->salt, params->salt_size);
+	memcpy(sb.uuid, uuid, sizeof(sb.uuid));
+
+	r = write_lseek_blockwise(devfd, bsize, (char*)&sb, hdr_size, sb_offset) < hdr_size ? -EIO : 0;
+	if (r)
+		log_err(cd, _("Error during update of verity header on device %s.\n"),
+			device_path(device));
+	close(devfd);
+
+	return r;
+}
+
+/* Calculate hash offset in hash blocks */
+uint64_t VERITY_hash_offset_block(struct crypt_params_verity *params)
+{
+	uint64_t hash_offset = params->hash_area_offset;
+
+	if (params->flags & CRYPT_VERITY_NO_HEADER)
+		return hash_offset / params->hash_block_size;
+
+	hash_offset += sizeof(struct verity_sb);
+	hash_offset += params->hash_block_size - 1;
+
+	return hash_offset / params->hash_block_size;
+}
+
+int VERITY_UUID_generate(struct crypt_device *cd, char **uuid_string)
+{
+	uuid_t uuid;
+
+	if (!(*uuid_string = malloc(40)))
+		return -ENOMEM;
+	uuid_generate(uuid);
+	uuid_unparse(uuid, *uuid_string);
+	return 0;
+}
+
+/* Activate verity device in kernel device-mapper */
+int VERITY_activate(struct crypt_device *cd,
+		     const char *name,
+		     const char *root_hash,
+		     size_t root_hash_size,
+		     struct crypt_params_verity *verity_hdr,
+		     uint32_t activation_flags)
+{
+	struct crypt_dm_active_device dmd;
+	int r;
+
+	log_dbg("Trying to activate VERITY device %s using hash %s.",
+		name ?: "[none]", verity_hdr->hash_name);
+
+	if (verity_hdr->flags & CRYPT_VERITY_CHECK_HASH) {
+		log_dbg("Verification of data in userspace required.");
+		r = VERITY_verify(cd, verity_hdr,
+				  root_hash, root_hash_size);
+		if (r < 0)
+			return r;
+	}
+
+	if (!name)
+		return 0;
+
+	dmd.target = DM_VERITY;
+	dmd.data_device = crypt_data_device(cd);
+	dmd.u.verity.hash_device = crypt_metadata_device(cd);
+	dmd.u.verity.root_hash = root_hash;
+	dmd.u.verity.root_hash_size = root_hash_size;
+	dmd.u.verity.hash_offset = VERITY_hash_offset_block(verity_hdr),
+	dmd.flags = activation_flags;
+	dmd.size = verity_hdr->data_size * verity_hdr->data_block_size / 512;
+	dmd.uuid = crypt_get_uuid(cd);
+	dmd.u.verity.vp = verity_hdr;
+
+	r = device_block_adjust(cd, dmd.u.verity.hash_device, DEV_OK,
+				0, NULL, NULL);
+	if (r)
+		return r;
+
+	r = device_block_adjust(cd, dmd.data_device, DEV_EXCL,
+				0, &dmd.size, &dmd.flags);
+	if (r)
+		return r;
+
+	r = dm_create_device(cd, name, CRYPT_VERITY, &dmd, 0);
+	if (r < 0 && !(dm_flags() & DM_VERITY_SUPPORTED)) {
+		log_err(cd, _("Kernel doesn't support dm-verity mapping.\n"));
+		return -ENOTSUP;
+	}
+	if (r < 0)
+		return r;
+
+	r = dm_status_verity_ok(cd, name);
+	if (r < 0)
+		return r;
+
+	if (!r)
+		log_err(cd, _("Verity device detected corruption after activation.\n"));
+	return 0;
+}
--- a/lib/verity/verity.h
+++ b/lib/verity/verity.h
@@ -0,0 +1,64 @@
+/*
+ * dm-verity volume handling
+ *
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _VERITY_H
+#define _VERITY_H
+
+#include <unistd.h>
+
+#define VERITY_MAX_HASH_TYPE 1
+#define VERITY_BLOCK_SIZE_OK(x)	((x) % 512 || (x) < 512 || \
+				(x) > (512 * 1024) || (x) & ((x)-1))
+
+struct crypt_device;
+struct crypt_params_verity;
+
+int VERITY_read_sb(struct crypt_device *cd,
+		   uint64_t sb_offset,
+		   char **uuid,
+		   struct crypt_params_verity *params);
+
+int VERITY_write_sb(struct crypt_device *cd,
+		   uint64_t sb_offset,
+		   const char *uuid_string,
+		   struct crypt_params_verity *params);
+
+int VERITY_activate(struct crypt_device *cd,
+		     const char *name,
+		     const char *root_hash,
+		     size_t root_hash_size,
+		     struct crypt_params_verity *verity_hdr,
+		     uint32_t activation_flags);
+
+int VERITY_verify(struct crypt_device *cd,
+		struct crypt_params_verity *verity_hdr,
+		const char *root_hash,
+		size_t root_hash_size);
+
+int VERITY_create(struct crypt_device *cd,
+		  struct crypt_params_verity *verity_hdr,
+		  char *root_hash,
+		  size_t root_hash_size);
+
+uint64_t VERITY_hash_offset_block(struct crypt_params_verity *params);
+
+int VERITY_UUID_generate(struct crypt_device *cd, char **uuid_string);
+
+#endif
--- a/lib/verity/verity_hash.c
+++ b/lib/verity/verity_hash.c
@@ -0,0 +1,430 @@
+/*
+ * dm-verity volume handling
+ *
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include "verity.h"
+#include "internal.h"
+
+#define VERITY_MAX_LEVELS	63
+
+static unsigned get_bits_up(size_t u)
+{
+	unsigned i = 0;
+	while ((1U << i) < u)
+		i++;
+	return i;
+}
+
+static unsigned get_bits_down(size_t u)
+{
+	unsigned i = 0;
+	while ((u >> i) > 1U)
+		i++;
+	return i;
+}
+
+static int verify_zero(struct crypt_device *cd, FILE *wr, size_t bytes)
+{
+	char block[bytes];
+	size_t i;
+
+	if (fread(block, bytes, 1, wr) != 1) {
+		log_dbg("EIO while reading spare area.");
+		return -EIO;
+	}
+	for (i = 0; i < bytes; i++)
+		if (block[i]) {
+			log_err(cd, _("Spare area is not zeroed at position %" PRIu64 ".\n"),
+				ftello(wr) - bytes);
+			return -EPERM;
+		}
+	return 0;
+}
+
+static int verify_hash_block(const char *hash_name, int version,
+			      char *hash, size_t hash_size,
+			      const char *data, size_t data_size,
+			      const char *salt, size_t salt_size)
+{
+	struct crypt_hash *ctx = NULL;
+	int r;
+
+	if (crypt_hash_init(&ctx, hash_name))
+		return -EINVAL;
+
+	if (version == 1 && (r = crypt_hash_write(ctx, salt, salt_size)))
+		goto out;
+
+	if ((r = crypt_hash_write(ctx, data, data_size)))
+		goto out;
+
+	if (version == 0 && (r = crypt_hash_write(ctx, salt, salt_size)))
+		goto out;
+
+	r = crypt_hash_final(ctx, hash, hash_size);
+out:
+	crypt_hash_destroy(ctx);
+	return r;
+}
+
+static int mult_overflow(off_t *u, off_t b, size_t size)
+{
+	*u = (uint64_t)b * size;
+	if ((off_t)(*u / size) != b || (off_t)*u < 0)
+		return 1;
+	return 0;
+}
+
+static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
+				   off_t data_block, size_t data_block_size,
+				   off_t hash_block, size_t hash_block_size,
+				   off_t blocks, int version,
+				   const char *hash_name, int verify,
+				   char *calculated_digest, size_t digest_size,
+				   const char *salt, size_t salt_size)
+{
+	char left_block[hash_block_size];
+	char data_buffer[data_block_size];
+	char read_digest[digest_size];
+	size_t hash_per_block = 1 << get_bits_down(hash_block_size / digest_size);
+	size_t digest_size_full = 1 << get_bits_up(digest_size);
+	off_t blocks_to_write = (blocks + hash_per_block - 1) / hash_per_block;
+	off_t seek_rd, seek_wr;
+	size_t left_bytes;
+	unsigned i;
+	int r;
+
+	if (mult_overflow(&seek_rd, data_block, data_block_size) ||
+	    mult_overflow(&seek_wr, hash_block, hash_block_size)) {
+		log_err(cd, _("Device offset overflow.\n"));
+		return -EINVAL;
+	}
+
+	if (fseeko(rd, seek_rd, SEEK_SET)) {
+		log_dbg("Cannot seek to requested position in data device.");
+		return -EIO;
+	}
+
+	if (wr && fseeko(wr, seek_wr, SEEK_SET)) {
+		log_dbg("Cannot seek to requested position in hash device.");
+		return -EIO;
+	}
+
+	memset(left_block, 0, hash_block_size);
+	while (blocks_to_write--) {
+		left_bytes = hash_block_size;
+		for (i = 0; i < hash_per_block; i++) {
+			if (!blocks)
+				break;
+			blocks--;
+			if (fread(data_buffer, data_block_size, 1, rd) != 1) {
+				log_dbg("Cannot read data device block.");
+				return -EIO;
+			}
+
+			if (verify_hash_block(hash_name, version,
+					calculated_digest, digest_size,
+					data_buffer, data_block_size,
+					salt, salt_size))
+				return -EINVAL;
+
+			if (!wr)
+				break;
+			if (verify) {
+				if (fread(read_digest, digest_size, 1, wr) != 1) {
+					log_dbg("Cannot read digest form hash device.");
+					return -EIO;
+				}
+				if (memcmp(read_digest, calculated_digest, digest_size)) {
+					log_err(cd, _("Verification failed at position %" PRIu64 ".\n"),
+						ftello(rd) - data_block_size);
+					return -EPERM;
+				}
+			} else {
+				if (fwrite(calculated_digest, digest_size, 1, wr) != 1) {
+					log_dbg("Cannot write digest to hash device.");
+					return -EIO;
+				}
+			}
+			if (version == 0) {
+				left_bytes -= digest_size;
+			} else {
+				if (digest_size_full - digest_size) {
+					if (verify) {
+						r = verify_zero(cd, wr, digest_size_full - digest_size);
+						if (r)
+							return r;
+					} else if (fwrite(left_block, digest_size_full - digest_size, 1, wr) != 1) {
+						log_dbg("Cannot write spare area to hash device.");
+						return -EIO;
+					}
+				}
+				left_bytes -= digest_size_full;
+			}
+		}
+		if (wr && left_bytes) {
+			if (verify) {
+				r = verify_zero(cd , wr, left_bytes);
+				if (r)
+					return r;
+			} else if (fwrite(left_block, left_bytes, 1, wr) != 1) {
+				log_dbg("Cannot write remaining spare area to hash device.");
+				return -EIO;
+			}
+		}
+	}
+
+	return 0;
+}
+
+static int VERITY_create_or_verify_hash(struct crypt_device *cd,
+	int verify,
+	int version,
+	const char *hash_name,
+	struct device *hash_device,
+	struct device *data_device,
+	size_t hash_block_size,
+	size_t data_block_size,
+	off_t data_blocks,
+	off_t hash_position,
+	char *root_hash,
+	size_t digest_size,
+	const char *salt,
+	size_t salt_size)
+{
+	char calculated_digest[digest_size];
+	FILE *data_file = NULL;
+	FILE *hash_file = NULL, *hash_file_2;
+	off_t hash_level_block[VERITY_MAX_LEVELS];
+	off_t hash_level_size[VERITY_MAX_LEVELS];
+	off_t data_file_blocks, s;
+	size_t hash_per_block_bits;
+	off_t data_device_size = 0, hash_device_size = 0;
+	uint64_t dev_size;
+	int levels, i, r;
+
+	log_dbg("Hash %s %s, data device %s, data blocks %" PRIu64
+		", hash_device %s, offset %" PRIu64 ".",
+		verify ? "verification" : "creation", hash_name,
+		device_path(data_device), data_blocks,
+		device_path(hash_device), hash_position);
+
+	if (data_blocks < 0 || hash_position < 0) {
+		log_err(cd, _("Invalid size parameters for verity device.\n"));
+		return -EINVAL;
+	}
+
+	if (!data_blocks) {
+		r = device_size(data_device, &dev_size);
+		if (r < 0)
+			return r;
+
+		data_file_blocks = dev_size / data_block_size;
+	} else
+		data_file_blocks = data_blocks;
+
+	if (mult_overflow(&data_device_size, data_blocks, data_block_size)) {
+		log_err(cd, _("Device offset overflow.\n"));
+		return -EINVAL;
+	}
+
+	hash_per_block_bits = get_bits_down(hash_block_size / digest_size);
+	if (!hash_per_block_bits)
+		return -EINVAL;
+
+	levels = 0;
+	if (data_file_blocks) {
+		while (hash_per_block_bits * levels < 64 &&
+		       (data_file_blocks - 1) >> (hash_per_block_bits * levels))
+			levels++;
+	}
+	log_dbg("Using %d hash levels.", levels);
+
+	if (levels > VERITY_MAX_LEVELS) {
+		log_err(cd, _("Too many tree levels for verity volume.\n"));
+		return -EINVAL;
+	}
+
+	for (i = levels - 1; i >= 0; i--) {
+		hash_level_block[i] = hash_position;
+		// verity position of block data_file_blocks at level i
+		s = (data_file_blocks + ((off_t)1 << ((i + 1) * hash_per_block_bits)) - 1) >> ((i + 1) * hash_per_block_bits);
+		hash_level_size[i] = s;
+		if ((hash_position + s) < hash_position ||
+		    (hash_position + s) < 0) {
+			log_err(cd, _("Device offset overflow.\n"));
+			return -EINVAL;
+		}
+		hash_position += s;
+	}
+
+	if (mult_overflow(&hash_device_size, hash_position, hash_block_size)) {
+		log_err(cd, _("Device offset overflow.\n"));
+		return -EINVAL;
+	}
+
+	log_dbg("Data device size required: %" PRIu64 " bytes.",
+		data_device_size);
+	data_file = fopen(device_path(data_device), "r");
+	if (!data_file) {
+		log_err(cd, _("Cannot open device %s.\n"),
+			device_path(data_device)
+		);
+		r = -EIO;
+		goto out;
+	}
+
+	log_dbg("Hash device size required: %" PRIu64 " bytes.",
+		hash_device_size);
+	hash_file = fopen(device_path(hash_device), verify ? "r" : "r+");
+	if (!hash_file) {
+		log_err(cd, _("Cannot open device %s.\n"),
+			device_path(hash_device));
+		r = -EIO;
+		goto out;
+	}
+
+	memset(calculated_digest, 0, digest_size);
+
+	for (i = 0; i < levels; i++) {
+		if (!i) {
+			r = create_or_verify(cd, data_file, hash_file,
+						    0, data_block_size,
+						    hash_level_block[i], hash_block_size,
+						    data_file_blocks, version, hash_name, verify,
+						    calculated_digest, digest_size, salt, salt_size);
+			if (r)
+				goto out;
+		} else {
+			hash_file_2 = fopen(device_path(hash_device), "r");
+			if (!hash_file_2) {
+				log_err(cd, _("Cannot open device %s.\n"),
+					device_path(hash_device));
+				r = -EIO;
+				goto out;
+			}
+			r = create_or_verify(cd, hash_file_2, hash_file,
+						    hash_level_block[i - 1], hash_block_size,
+						    hash_level_block[i], hash_block_size,
+						    hash_level_size[i - 1], version, hash_name, verify,
+						    calculated_digest, digest_size, salt, salt_size);
+			fclose(hash_file_2);
+			if (r)
+				goto out;
+		}
+	}
+
+	if (levels)
+		r = create_or_verify(cd, hash_file, NULL,
+					    hash_level_block[levels - 1], hash_block_size,
+					    0, hash_block_size,
+					    1, version, hash_name, verify,
+					    calculated_digest, digest_size, salt, salt_size);
+	else
+		r = create_or_verify(cd, data_file, NULL,
+					    0, data_block_size,
+					    0, hash_block_size,
+					    data_file_blocks, version, hash_name, verify,
+					    calculated_digest, digest_size, salt, salt_size);
+out:
+	if (verify) {
+		if (r)
+			log_err(cd, _("Verification of data area failed.\n"));
+		else {
+			log_dbg("Verification of data area succeeded.");
+			r = memcmp(root_hash, calculated_digest, digest_size) ? -EPERM : 0;
+			if (r)
+				log_err(cd, _("Verification of root hash failed.\n"));
+			else
+				log_dbg("Verification of root hash succeeded.");
+		}
+	} else {
+		if (r == -EIO)
+			log_err(cd, _("Input/output error while creating hash area.\n"));
+		else if (r)
+			log_err(cd, _("Creation of hash area failed.\n"));
+		else {
+			fsync(fileno(hash_file));
+			memcpy(root_hash, calculated_digest, digest_size);
+		}
+	}
+
+	if (data_file)
+		fclose(data_file);
+	if (hash_file)
+		fclose(hash_file);
+	return r;
+}
+
+/* Verify verity device using userspace crypto backend */
+int VERITY_verify(struct crypt_device *cd,
+		  struct crypt_params_verity *verity_hdr,
+		  const char *root_hash,
+		  size_t root_hash_size)
+{
+	return VERITY_create_or_verify_hash(cd, 1,
+		verity_hdr->hash_type,
+		verity_hdr->hash_name,
+		crypt_metadata_device(cd),
+		crypt_data_device(cd),
+		verity_hdr->hash_block_size,
+		verity_hdr->data_block_size,
+		verity_hdr->data_size,
+		VERITY_hash_offset_block(verity_hdr),
+		CONST_CAST(char*)root_hash,
+		root_hash_size,
+		verity_hdr->salt,
+		verity_hdr->salt_size);
+}
+
+/* Create verity hash */
+int VERITY_create(struct crypt_device *cd,
+		  struct crypt_params_verity *verity_hdr,
+		  char *root_hash,
+		  size_t root_hash_size)
+{
+	unsigned pgsize = crypt_getpagesize();
+
+	if (verity_hdr->salt_size > 256)
+		return -EINVAL;
+
+	if (verity_hdr->data_block_size > pgsize)
+		log_err(cd, _("WARNING: Kernel cannot activate device if data "
+			      "block size exceeds page size (%u).\n"), pgsize);
+
+	return VERITY_create_or_verify_hash(cd, 0,
+		verity_hdr->hash_type,
+		verity_hdr->hash_name,
+		crypt_metadata_device(cd),
+		crypt_data_device(cd),
+		verity_hdr->hash_block_size,
+		verity_hdr->data_block_size,
+		verity_hdr->data_size,
+		VERITY_hash_offset_block(verity_hdr),
+		root_hash,
+		root_hash_size,
+		verity_hdr->salt,
+		verity_hdr->salt_size);
+}
--- a/lib/volumekey.c
+++ b/lib/volumekey.c
@@ -2,11 +2,12 @@
 * cryptsetup volume key implementation
 *
 * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2010-2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -1,3 +1,11 @@
 man8_MANS = cryptsetup.8

-EXTRA_DIST = cryptsetup.8
+if VERITYSETUP
+man8_MANS += veritysetup.8
+endif
+
+if REENCRYPT
+man8_MANS += cryptsetup-reencrypt.8
+endif
+
+EXTRA_DIST = cryptsetup.8 veritysetup.8 cryptsetup-reencrypt.8
--- a/man/cryptsetup-reencrypt.8
+++ b/man/cryptsetup-reencrypt.8
@@ -0,0 +1,210 @@
+.TH CRYPTSETUP-REENCRYPT "8" "June 2012" "cryptsetup-reencrypt" "Maintenance Commands"
+.SH NAME
+cryptsetup-reencrypt - tool for offline LUKS device re-encryption
+.SH SYNOPSIS
+.B cryptsetup-reencrypt <options> <device>
+.SH DESCRIPTION
+.PP
+Cryptsetup-reencrypt can be used to change reencryption parameters
+which otherwise require full on-disk data change (re-encryption).
+
+You can regenerate \fBvolume key\fR (the real key used in on-disk encryption
+unclocked by passphrase), \fBcipher\fR, \fBcipher mode\fR.
+
+Cryptsetup-reencrypt reencrypts data on LUKS device in-place. During
+reencryption process the LUKS device is marked unavailable.
+
+\fIWARNING\fR: The cryptsetup-reencrypt program is not resistant to hardware
+or kernel failures during reencryption (you can lose you data in this case).
+
+\fIALWAYS BE SURE YOU HAVE RELIABLE BACKUP BEFORE USING THIS TOOL.\fR
+.br
+\fITHIS TOOL IS EXPERIMENTAL.\fR
+
+The reencryption can be temporarily suspended (by TERM signal or by
+using ctrl+c) but you need to retain temporary files named LUKS-<uuid>.[log|org|new].
+LUKS device is unavailable until reencryption is finished though.
+
+Current working directory must by writable and temporary
+files created during reencryption must be present.
+
+For more info about LUKS see cryptsetup(8).
+.PP
+.SH OPTIONS
+.TP
+To start (or continue) re-encryption for <device> use:
+.PP
+\fIcryptsetup-reencrypt\fR <device>
+
+\fB<options>\fR can be [\-\-block-size, \-\-cipher, \-\-hash, \-\-iter-time,
+\-\-use-random | \-\-use-urandom, \-\-key-file, \-\-key-slot, \-\-keyfile-offset,
+\-\-keyfile-size, \-\-tries, \-\-use-directio, \-\-use-fsync, \-\-write-log]
+
+For detailed description of encryption and key file options see \fIcryptsetup(8)\fR
+man page.
+.TP
+.B "\-\-verbose, \-v"
+Print more information on command execution.
+.TP
+.B "\-\-debug"
+Run in debug mode with full diagnostic logs. Debug output
+lines are always prefixed by '#'.
+.TP
+.B "\-\-cipher, \-c" \fI<cipher-spec>\fR
+Set the cipher specification string.
+.TP
+.B "\-\-key-size, \-s \fI<bits>\fR"
+Set key size in bits. The argument has to be a multiple of  8.
+
+The possible key-sizes are limited by the cipher and mode used. 
+
+If you are increasing key size, there must be enough space in the LUKS header
+for enlarged keyslots (data offset must be large enough) or reencryption
+cannot be performed.
+
+If there is not enough space for keyslots with new key size,
+you can destructively shrink device with \-\-reduce-device-size option.
+.TP
+.B "\-\-hash, \-h \fI<hash-spec>\fR"
+Specifies the hash used in the LUKS key setup scheme and volume key digest.
+.TP
+.B "\-\-iter-time, \-i \fI<milliseconds>\fR"
+The number of milliseconds to spend with PBKDF2 passphrase processing for the
+new LUKS header.
+.TP
+.B "\-\-use-random"
+.TP
+.B "\-\-use-urandom"
+Define which kernel random number generator will be used to create the volume key.
+.TP
+.B "\-\-key-file, \-d \fIname\fR"
+Read the passphrase from file.
+
+WARNING: \-\-key-file option can be used only if there only one active keyslot,
+or alternatively, also if \-\-key-slot option is specified (then all other keyslots
+will be disabled in new LUKS device).
+
+If this option is not used, cryptsetup-reencrypt will ask for all active keyslot
+passphrases.
+.TP
+.B "\-\-key-slot, \-S <0-7>"
+Specify which key slot is used.
+
+WARNING: All other keyslots will be disabled if this option is used.
+.TP
+.B "\-\-keyfile-offset \fIvalue\fR"
+Skip \fIvalue\fR bytes at the beginning of the key file.
+.TP
+.B "\-\-keyfile-size, \-l"
+Read a maximum of \fIvalue\fR bytes from the key file.
+Default is to read the whole file up to the compiled-in
+maximum.
+.TP
+.B "\-\-tries, \-T"
+Number of retries for invalid passphrase entry.
+.TP
+.B "\-\-block-size, \-B \fIvalue\fR"
+Use re-encryption block size of <value> in MiB.
+
+Values can be between 1 and 64 MiB.
+.TP
+.B "\-\-device-size \fIsize[units]\fR"
+Instead of real device size, use specified value.
+
+It means that only specified area (from the start of the device
+to the specified size) will be reencrypted.
+
+WARNING: This is destructive operation.
+
+If no unit suffix is specified, the size is in bytes.
+
+Unit suffix can be S for 512 byte sectors, K/M/G/T (or KiB,MiB,GiB,TiB)
+for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale).
+
+WARNING: This is destructive operation.
+.TP
+.B "\-\-reduce-device-size \fIsize[units]\fR"
+Enlarge data offset to specified value by shrinking device size.
+
+This means that last sectors on the original device will be lost,
+ciphertext data will be effectively shifted by specified
+number of sectors.
+
+It can be usefull if you e.g. added some space to underlying
+partition (so last sectors contains no data).
+
+For units suffix see \-\-device-size parameter description.
+
+WARNING: This is destructive operation and cannot be reverted.
+Use with extreme care - shrinked filesystems are usually unrecoverable.
+
+You cannot shrink device more than by 64 MiB (131072 sectors).
+.TP
+.B "\-\-new, N"
+Create new header (encrypt not yet encrypted device).
+
+This option must be used together with \-\-reduce-device-size.
+
+WARNING: This is destructive operation and cannot be reverted.
+
+.TP
+.B "\-\-use-directio"
+Use direct-io (O_DIRECT) for all read/write data operations.
+
+Usefull if direct-io operations perform better than normal buffered
+operations (e.g. in virtual environments).
+.TP
+.B "\-\-use-fsync"
+Use fsync call after every written block.
+.TP
+.B "\-\-write-log"
+Update log file after every block write. This can slow down reencryption
+but will minimize data loss in the case of system crash.
+.TP
+.B "\-\-batch-mode, \-q"
+Suppresses all warnings and reencryption progress output.
+.TP
+.B "\-\-version"
+Show the program version.
+.SH RETURN CODES
+Cryptsetup-reencrypt returns 0 on success and a non-zero value on error.
+
+Error codes are: 1 wrong parameters, 2 no permission,
+3 out of memory, 4 wrong device specified, 5 device already exists
+or device is busy.
+.SH EXAMPLES
+.TP
+Reencrypt /dev/sdb1 (change volume key)
+cryptsetup-reencrypt /dev/sdb1
+.TP
+Reencrypt and also change cipher and cipher mode
+cryptsetup-reencrypt /dev/sdb1 -c aes-xts-plain64
+.TP
+Add LUKS encryption to not yet encrypted device
+
+First, be sure you have space added to disk.
+Or alternatively shrink filesystem in advance.
+.br
+Here we need 4096 512-bytes sectors (enough for 2x128 bit key).
+
+fdisk -u /dev/sdb # move sdb1 partition end + 4096 sectors
+
+cryptsetup-reencrypt /dev/sdb1 --new --reduce-device-size 4096
+
+.SH REPORTING BUGS
+Report bugs, including ones in the documentation, on
+the cryptsetup mailing list at <dm-crypt@saout.de>
+or in the 'Issues' section on LUKS website.
+Please attach the output of the failed command with the
+\-\-debug option added.
+.SH AUTHORS
+Cryptsetup-reencrypt was written by Milan Broz <gmazyland@gmail.com>.
+.SH COPYRIGHT
+Copyright \(co 2012 Milan Broz
+.br
+Copyright \(co 2012 Red Hat, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+.SH SEE ALSO
+The project website at \fBhttp://code.google.com/p/cryptsetup/\fR
--- a/man/cryptsetup.8
+++ b/man/cryptsetup.8
--- a/man/veritysetup.8
+++ b/man/veritysetup.8
@@ -0,0 +1,141 @@
+.TH VERITYSETUP "8" "June 2012" "veritysetup" "Maintenance Commands"
+.SH NAME
+veritysetup - manage dm-verity (block level verification) volumes
+.SH SYNOPSIS
+.B veritysetup <options> <action> <action args>
+.SH DESCRIPTION
+.PP
+Veritysetup is used to configure dm-verity managed device-mapper mappings.
+
+Device-mapper verity target provides read-only transparent integrity
+checking of block devices using kernel crypto API.
+
+The dm-verity devices are always read-only.
+
+Veritysetup supports these operations:
+.PP
+\fIformat\fR <data_device> <hash_device>
+.IP
+Calculates and permanently stores hash verification data for data_device.
+Hash area can be located on the same device after data if specified
+by \-\-hash\-offset option.
+
+Note you need to provide root hash string for device verification
+or activation. Root hash must be trusted.
+
+The data or hash device argument can be block device or file image.
+If hash device path doesn't exist, it will be created as file.
+
+\fB<options>\fR can be [\-\-hash, \-\-no-superblock, \-\-format,
+\-\-data-block-size, \-\-hash-block-size, \-\-data-blocks, \-\-hash-offset,
+\-\-salt, \-\-uuid]
+.PP
+\fIcreate\fR <name> <data_device> <hash_device> <root_hash>
+.IP
+Creates a mapping with <name> backed by device <data_device> and using
+<hash_device> for in-kernel verification.
+
+The <root_hash> is a hexadecimal string.
+
+\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock]
+
+If option \-\-no-superblock is used, you have to use as the same options
+as in initial format operation.
+.PP
+\fIverify\fR <data_device> <hash_device> <root_hash>
+.IP
+Verifies data on data_device with use of hash blocks stored on hash_device.
+
+This command performs userspace verification, no kernel device is created.
+
+The <root_hash> is a hexadecimal string.
+
+\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock]
+
+If option \-\-no-superblock is used, you have to use as the same options
+as in initial format operation.
+.PP
+\fIremove\fR <name>
+.IP
+Removes existing mapping <name>.
+.PP
+\fIstatus\fR <name>
+.IP
+Reports status for the active verity mapping <name>.
+.PP
+\fIdump\fR <hash_device>
+.IP
+Reports parameters of verity device from on-disk stored superblock.
+
+\fB<options>\fR can be [\-\-no-superblock]
+.SH OPTIONS
+.TP
+.B "\-\-verbose, \-v"
+Print more information on command execution.
+.TP
+.B "\-\-debug"
+Run in debug mode with full diagnostic logs. Debug output
+lines are always prefixed by '#'.
+.TP
+.B "\-\-no-superblock"
+Create or use dm-verity without permanent on-disk superblock.
+.TP
+.B "\-\-format=number"
+Specifies the hash version type.
+Format type 0 is original Chrome OS verion. Format type 1 is current version.
+.TP
+.B "\-\-data-block-size=bytes"
+Used block size for the data device.
+(Note kernel supports only page-size as maximum here.)
+.TP
+.B "\-\-hash-block-size=bytes"
+Used block size for the hash device.
+(Note kernel supports only page-size as maximum here.)
+.TP
+.B "\-\-data-blocks=blocks"
+Size of data device used in verification.
+If not specified, the whole device is used.
+.TP
+.B "\-\-hash-offset=bytes"
+Offset of hash area/superblock on hash_device.
+Value must be aligned to disk sector offset.
+.TP
+.B "\-\-salt=hex string"
+Salt used for format or verification.
+Format is a hexadecimal string.
+.TP
+.B "\-\-uuid=UUID"
+Use the provided UUID for format command instead of generating new one.
+
+The UUID must be provided in standard UUID format,
+e.g. 12345678-1234-1234-1234-123456789abc.
+.TP
+.B "\-\-version"
+Show the program version.
+.SH RETURN CODES
+Veritysetup returns 0 on success and a non-zero value on error.
+
+Error codes are: 1 wrong parameters, 2 no permission,
+3 out of memory, 4 wrong device specified, 5 device already exists
+or device is busy.
+.SH REPORTING BUGS
+Report bugs, including ones in the documentation, on
+the cryptsetup mailing list at <dm-crypt@saout.de>
+or in the 'Issues' section on LUKS website.
+Please attach the output of the failed command with the
+\-\-debug option added.
+.SH AUTHORS
+The first implementation of veritysetup was written by Chrome OS authors.
+
+This version is based on verification code written by Mikulas Patocka <mpatocka@redhat.com>
+and rewritten for libcryptsetup by Milan Broz <gmazyland@gmail.com>.
+.SH COPYRIGHT
+Copyright \(co 2012 Red Hat, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+.SH SEE ALSO
+The project website at \fBhttp://code.google.com/p/cryptsetup/\fR
+
+The verity on-disk format specification available at
+\fBhttp://code.google.com/p/cryptsetup/wiki/DMVerity\fR
--- a/misc/dict_search/Makefile
+++ b/misc/dict_search/Makefile
@@ -0,0 +1,17 @@
+TARGET=crypt_dict
+CFLAGS=-O2 -g -Wall -D_GNU_SOURCE
+LDLIBS=-lcryptsetup
+CC=gcc
+
+SOURCES=$(wildcard *.c)
+OBJECTS=$(SOURCES:.c=.o)
+
+all: $(TARGET)
+
+$(TARGET): $(OBJECTS)
+	$(CC) -o $@ $^ $(LDLIBS)
+
+clean:
+	rm -f *.o *~ core $(TARGET)
+
+.PHONY: clean
--- a/misc/dict_search/README
+++ b/misc/dict_search/README
@@ -0,0 +1,22 @@
+Simple example how to use libcryptsetup
+for password search.
+
+Run: crypt_dict luks|tcrypt <device|image> <dictionary> [cpus]
+
+luks|tcrypt specified device type (LUKS or TrueCrypt)
+
+<device|image> is LUKS or TrueCrypt device or image
+
+<dictionary> is list of passphrases to try
+(note trailing EOL is stripped)
+
+cpus - number of processes to start in parallel
+
+Format of dictionary file is simple one password per line,
+if first char on line s # it is skiped as comment.
+
+For LUKS, you have it run as root (device-mapper cannot
+create dmcrypt devices as nrmal user. Code need
+to map keyslots as temporary dmcrypt device.)
+
+For TrueCrypt devices root privilege is not required.
--- a/misc/dict_search/crypt_dict.c
+++ b/misc/dict_search/crypt_dict.c
@@ -0,0 +1,158 @@
+/*
+ * Example of LUKS/TrueCrypt password dictionary search
+ *
+ * Copyright (C) 2012 Milan Broz <gmazyland@gmail.com>
+ *
+ * Run this (for LUKS as root),
+ * e.g. ./crypt_dict test.img /usr/share/john/password.lst 4
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/prctl.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <libcryptsetup.h>
+
+#define MAX_LEN 512
+
+static enum { LUKS, TCRYPT } device_type;
+
+static void check(struct crypt_device *cd, const char *pwd_file, unsigned my_id, unsigned max_id)
+{
+	FILE *f;
+	int len, r = -1;
+	unsigned long line = 0;
+	char pwd[MAX_LEN];
+
+	if (fork())
+		return;
+
+	/* open password file, now in separate process */
+	f = fopen(pwd_file, "r");
+	if (!f) {
+		printf("Cannot open %s.\n", pwd_file);
+		exit(EXIT_FAILURE);
+	}
+
+	while (fgets(pwd, MAX_LEN, f)) {
+
+		/* every process tries N-th line, skip others */
+		if (line++ % max_id != my_id)
+			continue;
+
+		len = strlen(pwd);
+
+		/* strip EOL - this is like a input from tty */
+		if (len && pwd[len - 1] == '\n') {
+			pwd[len - 1] = '\0';
+			len--;
+		}
+
+		/* lines starting "#!comment" are comments */
+		if (len >= 9 && !strncmp(pwd, "#!comment", 9)) {
+			/* printf("skipping %s\n", pwd); */
+			continue;
+		}
+
+		/* printf("%d: checking %s\n", my_id, pwd); */
+		if (device_type == LUKS)
+			r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, pwd, len, 0);
+		else if (device_type == TCRYPT) {
+			struct crypt_params_tcrypt params = {
+				.flags = CRYPT_TCRYPT_LEGACY_MODES,
+				.passphrase = pwd,
+				.passphrase_size = len,
+			};
+			r = crypt_load(cd, CRYPT_TCRYPT, &params);
+		}
+		if (r >= 0) {
+			printf("Found passphrase for slot %d: \"%s\"\n", r, pwd);
+			break;
+		}
+	}
+
+	fclose(f);
+	crypt_free(cd);
+	exit(r >= 0 ? 2 : EXIT_SUCCESS);
+}
+
+int main(int argc, char *argv[])
+{
+	int i, status, procs = 4;
+	struct crypt_device *cd;
+
+	if (argc < 4 || argc > 5) {
+		printf("Use: %s luks|tcrypt <device|file> <password file> [#processes] %d\n", argv[0], argc);
+		exit(EXIT_FAILURE);
+	}
+
+	if (argc == 5 && (sscanf(argv[4], "%i", &procs) != 1 || procs < 1)) {
+		printf("Wrong number of processes.\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if (!strcmp(argv[1], "luks"))
+		device_type = LUKS;
+	else if (!strcmp(argv[1], "tcrypt"))
+		device_type = TCRYPT;
+	else {
+		printf("Wrong device type %s.\n", argv[1]);
+		exit(EXIT_FAILURE);
+	}
+
+	/* crypt_set_debug_level(CRYPT_DEBUG_ALL); */
+
+	/*
+	 * Need to create temporary keyslot device-mapper devices and allocate loop if needed,
+	 * so root is requried here.
+	 */
+	if (getuid() != 0) {
+		printf("You must be root to run this program.\n");
+                exit(EXIT_FAILURE);
+	}
+
+	/* signal all children if anything happens */
+	prctl(PR_SET_PDEATHSIG, SIGHUP);
+	setpriority(PRIO_PROCESS, 0, -5);
+
+	/* we are not going to modify anything, so common init is ok */
+	if (crypt_init(&cd, argv[2]) ||
+	    (device_type == LUKS && crypt_load(cd, CRYPT_LUKS1, NULL))) {
+		printf("Cannot open %s.\n", argv[2]);
+		exit(EXIT_FAILURE);
+	}
+
+	/* run scan in separate processes, it is up to scheduler to assign CPUs inteligently */
+	for (i = 0; i < procs; i++)
+		check(cd, argv[3], i, procs);
+
+	/* wait until at least one finishes with error or status 2 (key found) */
+	while (wait(&status) != -1 && WIFEXITED(status)) {
+		if (WEXITSTATUS(status) == EXIT_SUCCESS)
+			continue;
+		/* kill rest of processes */
+		kill(0, SIGHUP);
+		/* not reached */
+		break;
+	}
+	exit(0);
+}
--- a/misc/dracut_90reencrypt/README
+++ b/misc/dracut_90reencrypt/README
@@ -0,0 +1,23 @@
+Example of simple dracut module for reencryption of system
+LUKS drive on-the-fly.
+
+Install in /usr/[share|lib]/dracut/modules.d/90reencrypt, then
+rebuild intramfs "with dracut -f -a reencrypt".
+
+Dracut then recognize argument rd_REENCRYPT=name:size,
+e.g. rd_REENCRYPT=sda2:52G means only 52G of device
+will be reencrypted (default is whole device).
+(Name is kernel name of device.)
+
+Note that reencryption context is stored in ramdisk, any
+fail can mean complete lost of data!
+
+Copyright (C) 2012 Milan Broz <gmazyland@gmail.com>
+
+This copyrighted material is made available to anyone wishing to use,
+modify, copy, or redistribute it subject to the terms and conditions
+of the GNU General Public License v.2.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software Foundation,
+Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
--- a/misc/dracut_90reencrypt/check.old
+++ b/misc/dracut_90reencrypt/check.old
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+which cryptsetup-reencrypt >/dev/null 2>&1 || exit 1
+
+exit 0
--- a/misc/dracut_90reencrypt/install.old
+++ b/misc/dracut_90reencrypt/install.old
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+inst cryptsetup-reencrypt
+
+inst_hook cmdline 30 "$moddir/parse-reencrypt.sh"
+inst "$moddir"/reencrypt.sh /sbin/reencrypt
--- a/misc/dracut_90reencrypt/module-setup.sh
+++ b/misc/dracut_90reencrypt/module-setup.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+check() {
+    [ -x /sbin/cryptsetup-reencrypt ] || return 1
+    return 255
+}
+
+depends() {
+    echo dm rootfs-block
+    return 0
+}
+
+installkernel() {
+    instmods dm_crypt =crypto
+}
+
+install() {
+    dracut_install cryptsetup-reencrypt
+
+    inst_hook cmdline 30 "$moddir/parse-reencrypt.sh"
+    inst_simple "$moddir"/reencrypt.sh /sbin/reencrypt
+}
--- a/misc/dracut_90reencrypt/parse-reencrypt.sh
+++ b/misc/dracut_90reencrypt/parse-reencrypt.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+REENC=$(getargs rd_REENCRYPT=)
+REENC_DEV=$(echo $REENC | sed 's/:.*//')
+REENC_SIZE=$(echo $REENC | sed -n 's/.*://p')
+
+REENC_KEY=$(getargs rd_REENCRYPT_KEY=)
+if [ -z "$REENC_KEY" ] ; then
+    REENC_KEY=none
+fi
+
+if [ -n "$REENC_DEV" ] ; then
+{
+   printf 'SUBSYSTEM!="block", GOTO="reenc_end"\n'
+   printf 'ACTION!="add|change", GOTO="reenc_end"\n'
+   printf 'KERNEL!="%s", GOTO="reenc_end"\n' $REENC_DEV
+   printf 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/sbin/initqueue \
+           --unique --onetime --name crypt-reencrypt-%%k \
+           /sbin/reencrypt $env{DEVNAME} %s"\n' "$REENC_KEY $REENC_SIZE"
+   printf 'LABEL="reenc_end"\n'
+} > /etc/udev/rules.d/69-reencryption.rules
+fi
--- a/misc/dracut_90reencrypt/reencrypt.sh
+++ b/misc/dracut_90reencrypt/reencrypt.sh
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# $1=$device [$2=keyfile|none [$3=size]]
+#
+
+[ -d /sys/module/dm_crypt ] || modprobe dm_crypt
+
+[ -f /tmp/reencrypted ] && exit 0
+
+. /lib/dracut-lib.sh
+
+# if device name is /dev/dm-X, convert to /dev/mapper/name
+if [ "${1##/dev/dm-}" != "$1" ]; then
+    device="/dev/mapper/$(dmsetup info -c --noheadings -o name "$1")"
+else
+    device="$1"
+fi
+
+PARAMS="$device -T 1 --use-fsync -B 32"
+if [ -n "$3" ]; then
+    PARAMS="$PARAMS --device-size $3"
+fi
+
+reenc_readkey() {
+    local keypath="${1#*:}"
+    local keydev="${1%%:*}"
+
+    local mntp="/tmp/reencrypted-mount-tmp"
+    mkdir "$mntp"
+    mount -r "$keydev" "$mntp" && cat "$mntp/$keypath"
+    umount "$mntp"
+    rm -r "$mntp"
+}
+
+reenc_run() {
+    local cwd=$(pwd)
+    cd /tmp
+    if [ "$1" = "none" ] ; then
+        /bin/plymouth ask-for-password \
+        --prompt "LUKS password for REENCRYPTING $device" \
+        --command="/sbin/cryptsetup-reencrypt $PARAMS"
+    else
+        info "REENCRYPT using key $1"
+        reenc_readkey "$1" | /sbin/cryptsetup-reencrypt -d - $PARAMS
+    fi
+    cd $cwd
+}
+
+info "REENCRYPT $device requested"
+# flock against other interactive activities
+{ flock -s 9;
+    reenc_run $2
+} 9>/.console.lock
+
+# do not ask again
+>> /tmp/reencrypted
+
+exit 0
--- a/misc/keyslot_checker/Makefile
+++ b/misc/keyslot_checker/Makefile
@@ -0,0 +1,14 @@
+TARGETS=chk_luks_keyslots
+CFLAGS=-O0 -g -Wall -D_GNU_SOURCE
+LDLIBS=-lcryptsetup -lm
+CC=gcc
+
+all: $(TARGETS)
+
+chk_luks_keyslots: chk_luks_keyslots.o
+	$(CC) -o $@ $^ $(LDLIBS)
+
+clean:
+	rm -f *.o *~ core $(TARGETS)
+
+.PHONY: clean
--- a/misc/keyslot_checker/README
+++ b/misc/keyslot_checker/README
@@ -0,0 +1,120 @@
+Purpose
+=======
+
+chk_luks_keyslots is a tool that searches the keyslot area of a
+LUKS container for positions where entropy is low and hence
+there is a high probability of damage from overwrites of parts
+of the key-slot with data such as a RAID superblock or a partition
+table.
+
+
+Installation
+============
+
+1. Install the version of cryptsetup the tool came with.
+2. Compile with "make"
+   
+Manual compile can be done with
+   gcc -lm -lcryptsetup chk_luks_keyslots.c -o chk_luks_keyslots
+
+Usage
+=====
+
+Call chk_luks_keyslots without arguments for an option summary.
+
+
+Example of a good keyslot area with keys 0 and 2 in use:
+--------------------------------------------------------
+
+root> ./chk_luks_keyslots /dev/loop0
+
+parameters (commandline and LUKS header):
+  sector size: 512
+  threshold:   0.900000
+
+- processing keyslot 0:  start: 0x001000   end: 0x020400
+- processing keyslot 1:  keyslot not in use
+- processing keyslot 2:  start: 0x041000   end: 0x060400
+- processing keyslot 3:  keyslot not in use
+- processing keyslot 4:  keyslot not in use
+- processing keyslot 5:  keyslot not in use
+- processing keyslot 6:  keyslot not in use
+- processing keyslot 7:  keyslot not in use
+
+
+Same example of a fault in slot 2 at offset 0x50000:
+----------------------------------------------------
+
+root>./chk_luks_keyslots /dev/loop2
+
+parameters (commandline and LUKS header):
+  sector size: 512
+  threshold:   0.900000
+
+- processing keyslot 0:  start: 0x001000   end: 0x020400
+- processing keyslot 1:  keyslot not in use
+- processing keyslot 2:  start: 0x041000   end: 0x060400
+  low entropy at: 0x050000    entropy: 0.549165
+- processing keyslot 3:  keyslot not in use
+- processing keyslot 4:  keyslot not in use
+- processing keyslot 5:  keyslot not in use
+- processing keyslot 6:  keyslot not in use
+- processing keyslot 7:  keyslot not in use
+
+
+Same as last, but verbose:
+--------------------------
+root>./chk_luks_keyslots  -v /dev/loop2
+
+parameters (commandline and LUKS header):
+  sector size: 512
+  threshold:   0.900000
+
+- processing keyslot 0:  start: 0x001000   end: 0x020400
+- processing keyslot 1:  keyslot not in use
+- processing keyslot 2:  start: 0x041000   end: 0x060400
+  low entropy at: 0x050000    entropy: 0.549165
+  Binary dump:
+  0x050000  54 68 69 73 20 69 73 20  61 20 74 65 73 74 2D 73  This is a test-s
+  0x050010  65 63 74 6F 72 20 66 6F  72 20 63 68 6B 5F 6C 75  ector for chk_lu
+  0x050020  6B 73 5F 6B 65 79 73 6C  6F 74 73 20 74 68 65 20  ks_keyslots the
+  0x050030  71 75 69 63 6B 20 62 72  6F 77 6E 20 66 6F 78 20  quick brown fox
+  0x050040  6A 75 6D 70 73 20 6F 76  65 72 20 74 68 65 20 6C  jumps over the l
+  0x050050  61 7A 79 20 64 6F 67 20  74 68 65 20 71 75 69 63  azy dog the quic
+  0x050060  6B 20 62 72 6F 77 6E 20  66 6F 78 20 6A 75 6D 70  k brown fox jump
+  0x050070  73 20 6F 76 65 72 20 74  68 65 20 6C 61 7A 79 20  s over the lazy
+  0x050080  64 6F 67 20 74 68 65 20  71 75 69 63 6B 20 62 72  dog the quick br
+  0x050090  6F 77 6E 20 66 6F 78 20  6A 75 6D 70 73 20 6F 76  own fox jumps ov
+  0x0500a0  65 72 20 74 68 65 20 6C  61 7A 79 20 64 6F 67 20  er the lazy dog
+  0x0500b0  74 68 65 20 71 75 69 63  6B 20 62 72 6F 77 6E 20  the quick brown
+  0x0500c0  66 6F 78 20 6A 75 6D 70  73 20 6F 76 65 72 20 74  fox jumps over t
+  0x0500d0  68 65 20 6C 61 7A 79 20  64 6F 67 20 74 68 65 20  he lazy dog the
+  0x0500e0  71 75 69 63 6B 20 62 72  6F 77 6E 20 66 6F 78 20  quick brown fox
+  0x0500f0  6A 75 6D 70 73 20 6F 76  65 72 20 74 68 65 20 6C  jumps over the l
+  0x050100  61 7A 79 20 64 6F 67 20  74 68 65 20 71 75 69 63  azy dog the quic
+  0x050110  6B 20 62 72 6F 77 6E 20  66 6F 78 20 6A 75 6D 70  k brown fox jump
+  0x050120  73 20 6F 76 65 72 20 74  68 65 20 6C 61 7A 79 20  s over the lazy
+  0x050130  64 6F 67 20 74 68 65 20  71 75 69 63 6B 20 62 72  dog the quick br
+  0x050140  6F 77 6E 20 66 6F 78 20  6A 75 6D 70 73 20 6F 76  own fox jumps ov
+  0x050150  65 72 20 74 68 65 20 6C  61 7A 79 20 64 6F 67 20  er the lazy dog
+  0x050160  74 68 65 20 71 75 69 63  6B 20 62 72 6F 77 6E 20  the quick brown
+  0x050170  66 6F 78 20 6A 75 6D 70  73 20 6F 76 65 72 20 74  fox jumps over t
+  0x050180  68 65 20 6C 61 7A 79 20  64 6F 67 20 74 68 65 20  he lazy dog the
+  0x050190  71 75 69 63 6B 20 62 72  6F 77 6E 20 66 6F 78 20  quick brown fox
+  0x0501a0  6A 75 6D 70 73 20 6F 76  65 72 20 74 68 65 20 6C  jumps over the l
+  0x0501b0  61 7A 79 20 64 6F 67 20  74 68 65 20 71 75 69 63  azy dog the quic
+  0x0501c0  6B 20 62 72 6F 77 6E 20  66 6F 78 20 6A 75 6D 70  k brown fox jump
+  0x0501d0  73 20 6F 76 65 72 20 74  68 65 20 6C 61 7A 79 20  s over the lazy
+  0x0501e0  64 6F 67 20 74 68 65 20  71 75 69 63 6B 20 62 72  dog the quick br
+  0x0501f0  6F 77 6E 20 66 6F 78 20  6A 75 6D 70 73 20 6F 76  own fox jumps ov
+
+- processing keyslot 3:  keyslot not in use
+- processing keyslot 4:  keyslot not in use
+- processing keyslot 5:  keyslot not in use
+- processing keyslot 6:  keyslot not in use
+- processing keyslot 7:  keyslot not in use
+
+----
+Copyright (C) 2012, Arno Wagner <arno@wagner.name>
+This file is free documentation; the author gives
+unlimited permission to copy, distribute and modify it.
--- a/misc/keyslot_checker/chk_luks_keyslots.c
+++ b/misc/keyslot_checker/chk_luks_keyslots.c
@@ -0,0 +1,371 @@
+/*
+ * LUKS keyslot entropy tester. Works only for header version 1.
+ *
+ * Functionality: Determines sample entropy (symbols: bytes) for
+ * each (by default) 512B sector in each used keyslot. If it
+ * is lower than a threshold, the sector address is printed
+ * as it is suspected of having non-"random" data in it, indicating
+ * damage by overwriting. This can obviously not find overwriting
+ * with random or random-like data (encrypted, compressed).
+ *
+ * Version history:
+ *    v0.1: 09.09.2012 Initial release
+ *    v0.2: 08.10.2012 Converted to use libcryptsetup
+ *
+ * Copyright (C) 2012, Arno Wagner <arno@wagner.name>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <ctype.h>
+#include <math.h>
+#include <fcntl.h>
+#include <inttypes.h>
+#include <libcryptsetup.h>
+
+const char *help =
+"Version 0.2 [8.10.2012]\n"
+"\n"
+"    chk_luks_keyslots [options] luks-device \n"
+"\n"
+"This tool checks all keyslots of a LUKS device for \n"
+"low entropy sections. If any are found, they are reported. \n"
+"This allows to find areas damaged by things like filesystem \n"
+"creation or RAID superblocks. \n"
+"\n"
+"Options: \n"
+"  -t <num>  Entropy threshold. Possible values 0.0 ... 1.0 \n"
+"            Default: 0.90, which works well for 512B sectors.\n"
+"            For 512B sectors, you will get frequent misdetections\n"
+"            at thresholds around 0.94\n"
+"            Higher value: more sensitive but more false detections.\n"
+"  -s <num>  Sector size. Must divide keyslot-size.\n"
+"            Default: 512 Bytes.\n"
+"            Values smaller than 128 are generally not very useful.\n"
+"            For values smaller than the default, you need to adjust\n"
+"            the threshold down to reduce misdetection. For values\n"
+"            larger than the default you need to adjust the threshold\n"
+"            up to retain sensitivity.\n"
+"  -v        Print found suspicuous sectors verbosely. \n"
+"  -d        Print decimal addresses instead of hex ones.\n"
+"\n";
+
+
+/* Config defaults */
+
+static int sector_size = 512;
+static double threshold = 0.90;
+static int print_decimal = 0;
+static int verbose = 0;
+
+/* tools */
+
+/* Calculates and returns sample entropy on byte level for
+ * The argument.
+ */
+static double ent_samp(unsigned char * buf, int len)
+{
+	int freq[256];   /* stores symbol frequencies */
+	int i;
+	double e, f;
+
+	/* 0. Plausibility checks */
+	if (len <= 0)
+		return 0.0;
+
+	/* 1. count all frequencies */
+	for (i = 0; i < 256; i++) {
+		freq[i] = 0.0;
+	}
+
+	for (i = 0; i < len; i ++)
+		freq[buf[i]]++;
+
+	/* 2. calculate sample entropy */
+	e = 0.0;
+	for (i = 0; i < 256; i++) {
+		f = freq[i];
+		if (f > 0) {
+			f =  f / (double)len;
+			e += f * log2(f);
+		}
+	}
+
+	if (e != 0.0)
+		e = -1.0 * e;
+
+	e = e / 8.0;
+	return e;
+}
+
+static void print_address(FILE *out, uint64_t value)
+{
+	if (print_decimal) {
+		fprintf(out,"%08" PRIu64 " ", value);
+	} else {
+		fprintf(out,"%#08" PRIx64 " ", value);
+	}
+}
+
+/* uses default "hd" style, i.e. 16 bytes followed by ASCII */
+static void hexdump_line(FILE *out, uint64_t address, unsigned char *buf) {
+	int i;
+	static char tbl[16] = "0123456789ABCDEF";
+
+	fprintf(out,"  ");
+	print_address(out, address);
+	fprintf(out," ");
+
+	/* hex */
+	for (i = 0; i < 16; i++) {
+		fprintf(out, "%c%c",
+			tbl[(unsigned char)buf[i]>> 4],
+			tbl[(unsigned char)buf[i] & 0x0f]);
+		fprintf(out," ");
+		if (i == 7)
+			fprintf(out," ");
+	}
+
+	fprintf(out," ");
+
+	/* ascii */
+	for (i = 0; i < 16; i++) {
+		if (isprint(buf[i])) {
+			fprintf(out, "%c", buf[i]);
+		} else {
+			fprintf(out, ".");
+		}
+	}
+	fprintf(out, "\n");
+}
+
+static void hexdump_sector(FILE *out, unsigned char *buf, uint64_t address, int len)
+{
+	int done;
+
+	done = 0;
+	while (len - done >= 16) {
+		hexdump_line(out, address + done, buf + done);
+		done += 16;
+	}
+}
+
+static int check_keyslots(FILE *out, struct crypt_device *cd, int f_luks)
+{
+	int i;
+	double ent;
+	off_t ofs;
+	uint64_t start, length, end;
+	crypt_keyslot_info ki;
+	unsigned char buffer[sector_size];
+
+	for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS1) ; i++) {
+		fprintf(out, "- processing keyslot %d:", i);
+		ki = crypt_keyslot_status(cd, i);
+		if (ki == CRYPT_SLOT_INACTIVE) {
+			fprintf(out, "  keyslot not in use\n");
+			continue;
+		}
+
+		if (ki == CRYPT_SLOT_INVALID) {
+			fprintf(out, "\nError: keyslot invalid.\n");
+			return EXIT_FAILURE;
+		}
+
+		if (crypt_keyslot_area(cd, i, &start, &length) < 0) {
+			fprintf(stderr,"\nError: querying keyslot area failed for slot %d\n", i);
+			perror(NULL);
+			return EXIT_FAILURE;
+		}
+		end = start + length;
+
+		fprintf(out, "  start: ");
+		print_address(out, start);
+		fprintf(out, "  end: ");
+		print_address(out, end);
+		fprintf(out, "\n");
+
+		/* check whether sector-size divides size */
+		if (length % sector_size != 0) {
+			fprintf(stderr,"\nError: Argument to -s does not divide keyslot size\n");
+			return EXIT_FAILURE;
+		}
+
+		for (ofs = start; (uint64_t)ofs < end; ofs += sector_size) {
+			if (lseek(f_luks, ofs, SEEK_SET) != ofs) {
+				fprintf(stderr,"\nCannot seek to keyslot area.\n");
+				return EXIT_FAILURE;
+			}
+			if (read(f_luks, buffer, sector_size) != sector_size) {
+				fprintf(stderr,"\nCannot read keyslot area.\n");
+				return EXIT_FAILURE;
+			}
+			ent = ent_samp(buffer, sector_size);
+			if (ent < threshold) {
+				fprintf(out, "  low entropy at: ");
+				print_address(out, ofs);
+				fprintf(out, "   entropy: %f\n", ent);
+				if (verbose) {
+					fprintf(out, "  Binary dump:\n");
+					hexdump_sector(out, buffer, (uint64_t)ofs, sector_size);
+					fprintf(out,"\n");
+				}
+			}
+		}
+	}
+
+	return EXIT_SUCCESS;
+}
+
+/* Main */
+int main(int argc, char **argv)
+{
+	/* for option processing */
+	int c, r;
+	char *device;
+
+	/* for use of libcryptsetup */
+	struct crypt_device *cd;
+
+	/* Other vars */
+	int f_luks;   /* device file for the luks device */
+	FILE *out;
+
+	/* temporary helper vars */
+	int res;
+
+	/* getopt values */
+	char *s, *end;
+	double tvalue;
+	int svalue;
+
+	/* global initializations */
+	out = stdout;
+
+	/* get commandline parameters */
+	while ((c = getopt (argc, argv, "t:s:vd")) != -1) {
+		switch (c) {
+		case 't':
+			s = optarg;
+			tvalue = strtod(s, &end);
+			if (s == end) {
+				fprintf(stderr, "\nError: Parsing of argument to -t failed.\n");
+				exit(EXIT_FAILURE);
+			}
+
+			if (tvalue < 0.0 || tvalue > 1.0) {
+				fprintf(stderr,"\nError: Argument to -t must be in 0.0 ... 1.0\n");
+				exit(EXIT_FAILURE);
+			}
+			threshold = tvalue;
+			break;
+		case 's':
+			s = optarg;
+			svalue = strtol(s, &end, 10);
+			if (s == end) {
+				fprintf(stderr, "\nError: Parsing of argument to -s failed.\n");
+				exit(EXIT_FAILURE);
+			}
+
+			if (svalue < 1) {
+				fprintf(stderr,"\nError: Argument to -s must be >= 1 \n");
+				exit(EXIT_FAILURE);
+			}
+			sector_size = svalue;
+			break;
+		case 'v':
+			verbose = 1;
+			break;
+		case 'd':
+			print_decimal = 1;
+			break;
+		case '?':
+			if (optopt == 't' || optopt == 's')
+				fprintf (stderr,"\nError: Option -%c requires an argument.\n",
+					 optopt);
+			else if (isprint (optopt)) {
+				fprintf(stderr,"\nError: Unknown option `-%c'.\n", optopt);
+				fprintf(stderr,"\n\n%s", help);
+			} else {
+				fprintf (stderr, "\nError: Unknown option character `\\x%x'.\n",
+					 optopt);
+				fprintf(stderr,"\n\n%s", help);
+			}
+			exit(EXIT_SUCCESS);
+		default:
+			exit(EXIT_FAILURE);
+		}
+	}
+
+	/* parse non-option stuff. Should be exactly one, the device. */
+	if (optind+1 != argc) {
+		fprintf(stderr,"\nError: exactly one non-option argument expected!\n");
+		fprintf(stderr,"\n\n%s", help);
+		exit(EXIT_FAILURE);
+	}
+	device = argv[optind];
+
+	/* test whether we can open and read device */
+	/* This is neded as we are reading the actual data
+	* in the keyslots dirtectly from the LUKS container.
+	*/
+	f_luks = open(device, O_RDONLY);
+	if (f_luks == -1) {
+		fprintf(stderr,"\nError: Opening of device %s failed:\n", device);
+		perror(NULL);
+		exit(EXIT_FAILURE);
+	}
+
+	/* now get the parameters we need via libcryptsetup */
+	/* Basically we need all active keyslots and their placement on disk */
+
+	/* first init. This does the following:
+	 *   - gets us a crypt_device struct with some values filled in
+	 *     Note: This does some init stuff we do not need, but that
+	 *     should not cause trouble.
+	 */
+
+	res = crypt_init(&cd, device);
+	if (res < 0) {
+		fprintf(stderr, "crypt_init() failed. Maybe not running as root?\n");
+		close(f_luks);
+		exit(EXIT_FAILURE);
+	}
+
+	/* now load LUKS header into the crypt_device
+	 * This should also make sure a valid LUKS1 header is on disk
+	 * and hence we should be able to skip magic and version checks.
+	 */
+	res = crypt_load(cd, CRYPT_LUKS1, NULL);
+	if (res < 0) {
+		fprintf(stderr, "crypt_load() failed. LUKS header too broken/absent?\n");
+		crypt_free(cd);
+		close(f_luks);
+		exit(EXIT_FAILURE);
+	}
+
+	fprintf(out, "\nparameters (commandline and LUKS header):\n");
+	fprintf(out, "  sector size: %d\n", sector_size);
+	fprintf(out, "  threshold:   %0f\n\n", threshold);
+
+	r = check_keyslots(out, cd, f_luks);
+
+	crypt_free(cd);
+	close(f_luks);
+	return r;
+}
--- a/misc/luks-header-from-active
+++ b/misc/luks-header-from-active
@@ -2,7 +2,7 @@

 # Try to get LUKS info and master key from active mapping and prepare parameters for cryptsetup.
 #
-# Copyright (C) 2010,2011 Milan Broz <asi@ucw.cz>
+# Copyright (C) 2010,2011,2012 Milan Broz <gmazyland@gmail.com>
 #
 # This copyrighted material is made available to anyone wishing to use,
 # modify, copy, or redistribute it subject to the terms and conditions
@@ -12,11 +12,22 @@
 # along with this program; if not, write to the Free Software Foundation,
 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
+umask 0077

 fail() { echo -e $1 ; exit 1 ; }
 field() { echo $(dmsetup table --target crypt --showkeys $DEVICE | sed 's/.*: //' | cut -d' ' -f$1) ; }
-field_cryptsetup() { echo $(cryptsetup status $DEVICE | grep $1 | sed "s/.*$1:\s*//;s/\ .*//") ; }
+field_uuid() { echo $(dmsetup info $1 --noheadings -c -o uuid) ; }
+field_device() {
+	TEMP=$(readlink /sys/dev/block/$1 | sed -e 's/.*\///')
+	if [  ${TEMP:0:3} = "dm-" -a -e /sys/block/$TEMP/dm/name ] ; then
+		TEMP=/dev/mapper/$(cat /sys/block/$TEMP/dm/name)
+	else
+		TEMP=/dev/$TEMP
+	fi
+	echo $TEMP
+}

+which readlink >/dev/null || fail "You need readlink (part of coreutils package)."
 which xxd >/dev/null || fail "You need xxd (part of vim package) installed to convert key."

 [ -z "$2" ] && fail "Recover LUKS header from active mapping, use:\n $0 crypt_mapped_device mk_file_name"
@@ -26,20 +37,23 @@ MK_FILE=$2

 [ -z "$(field 4)" ] && fail "Mapping $1 not active or it is not crypt target."

-# FIXME:
-# - add UUID
-# - check for CRYPT-LUKS1-* DM-UUID
-
-CIPHER=$(field_cryptsetup cipher)
-OFFSET=$(field_cryptsetup offset)
-REAL_DEVICE=$(field_cryptsetup device)
-KEY_SIZE=$(field_cryptsetup keysize)
+CIPHER=$(field 4)
+OFFSET=$(field 8)
+SYS_DEVICE=$(field 7)
+REAL_DEVICE=$(field_device $SYS_DEVICE)
 KEY=$(field 5)
+KEY_SIZE=$(( ${#KEY} / 2 * 8 ))
+SYS_UUID=$(field_uuid $DEVICE)
+UUID="${SYS_UUID:12:8}-${SYS_UUID:20:4}-${SYS_UUID:24:4}-${SYS_UUID:28:4}-${SYS_UUID:32:12}"

-[ -z "$CIPHER" -o -z "$OFFSET" -o "$OFFSET" -le 383 -o -z "$KEY" ] && fail "Incompatible device, sorry."
+#echo "CIPHER=$CIPHER OFFSET=$OFFSET SYS_DEVICE=$SYS_DEVICE REAL_DEVICE=$REAL_DEVICE KEY_SIZE=$KEY_SIZE KEY=$KEY UUID=$UUID SYS_UUID=$SYS_UUID"
+
+[ -z "$CIPHER" -o -z "$OFFSET" -o "$OFFSET" -le 383 -o \
+-z "$KEY" -o -z "$UUID" -o -z "$REAL_DEVICE" -o "${SYS_UUID:0:12}" != "CRYPT-LUKS1-" ] && \
+fail "Incompatible device, sorry."

 echo "Generating master key to file $MK_FILE."
 echo -E -n $KEY| xxd -r -p >$MK_FILE

 echo "You can now try to reformat LUKS device using:"
-echo "  cryptsetup luksFormat -c $CIPHER -s $KEY_SIZE --align-payload=$OFFSET --master-key-file=$MK_FILE $REAL_DEVICE"
+echo "  cryptsetup luksFormat -c $CIPHER -s $KEY_SIZE --align-payload=$OFFSET --master-key-file=$MK_FILE --uuid=$UUID $REAL_DEVICE"
--- a/po/LINGUAS
+++ b/po/LINGUAS
@@ -7,4 +7,5 @@ it
 nl
 pl
 sv
+uk
 vi
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -5,10 +5,17 @@ lib/utils.c
 lib/crypt_plain.c
 lib/utils_crypt.c
 lib/utils_loop.c
-lib/utils_debug.c
+lib/utils_fips.c
+lib/utils_device.c
 lib/luks1/af.c
 lib/luks1/keyencryption.c
 lib/luks1/keymanage.c
-lib/luks1/pbkdf.c
 lib/loopaes/loopaes.c
+lib/tcrypt/tcrypt.c
+lib/verity/verity.c
+lib/verity/verity_hash.c
 src/cryptsetup.c
+src/veritysetup.c
+src/cryptsetup_reencrypt.c
+src/utils_tools.c
+src/utils_password.c
--- a/po/cs.po
+++ b/po/cs.po
--- a/po/de.po
+++ b/po/de.po
--- a/po/fi.po
+++ b/po/fi.po
--- a/po/fr.po
+++ b/po/fr.po
--- a/po/it.po
+++ b/po/it.po
--- a/po/nl.po
+++ b/po/nl.po
--- a/po/pl.po
+++ b/po/pl.po
--- a/po/uk.po
+++ b/po/uk.po
--- a/po/vi.po
+++ b/po/vi.po
--- a/python/Makefile.am
+++ b/python/Makefile.am
@@ -1,4 +1,4 @@
-INCLUDES = -I$(top_srcdir)/lib $(PYTHON_INCLUDES)
+AM_CPPFLAGS = -include $(top_srcdir)/config.h -I$(top_srcdir)/lib $(PYTHON_INCLUDES)
 EXTRA_DIST = pycryptsetup-test.py
 CLEANFILES = *.img

@@ -9,8 +9,8 @@ pyexec_LTLIBRARIES = pycryptsetup.la

 pycryptsetup_la_SOURCES = pycryptsetup.c
 pycryptsetup_la_CPPFLAGS = $(AM_CPPFLAGS) $(PYTHON_CPPFLAGS) -fno-strict-aliasing
-pycryptsetup_la_LDFLAGS = -avoid-version -module
-pycryptsetup_la_LIBADD = $(top_srcdir)/lib/libcryptsetup.la -lpython$(PYTHON_VERSION)
+pycryptsetup_la_LDFLAGS = -avoid-version -module -shared -export-dynamic
+pycryptsetup_la_LIBADD = $(top_builddir)/lib/libcryptsetup.la -lpython$(PYTHON_VERSION)
 else
 all:
 endif
--- a/python/pycryptsetup-test.py
+++ b/python/pycryptsetup-test.py
@@ -52,6 +52,10 @@ def print_status(c):
       print "ERROR"
    return

+if os.geteuid() != 0:
+	print "WARNING: You must be root to run this test, test skipped."
+	sys.exit(0)
+
 os.system("dd if=/dev/zero of=" + IMG + " bs=1M count=32 >/dev/null 2>&1")

 c = pycryptsetup.CryptSetup(
--- a/Show More
+++ b/Show More