Fix gcc signed/unsigned warning for key length.

And always use unsigned int declaration.
Update vi.po.
2025-12-06 16:30:04 +01:00 · 2013-03-31 11:24:26 +02:00 · 2013-03-26 21:19:03 +01:00 · 2013-03-24 23:36:26 +01:00 · 2013-03-24 10:02:19 +01:00 · 2013-03-24 09:05:33 +01:00
102 changed files with 17056 additions and 9321 deletions
--- a/2
+++ b/2
@@ -1,3 +1,3 @@
 Christophe Saout <christophe@saout.de>
 Clemens Fruhwirth <clemens@endorphin.org>
-Milan Broz <asi@ucw.cz>
+Milan Broz <gmazyland@gmail.com>
--- a/COPYING.LGPL
+++ b/COPYING.LGPL
@@ -500,3 +500,18 @@ necessary.  Here is a sample; alter the names:
  Ty Coon, President of Vice

 That's all there is to it!
+
+-----
+In addition, as a special exception, the copyright holders give
+permission to link the code of portions of this program with the
+OpenSSL library under certain conditions as described in each
+individual source file, and distribute linked combinations
+including the two.
+
+You must obey the GNU Lesser General Public License in all respects
+for all of the code used other than OpenSSL.  If you modify
+file(s) with this exception, you may extend this exception to your
+version of the file(s), but you are not obligated to do so.  If you
+do not wish to do so, delete this exception statement from your
+version.  If you delete this exception statement from all source
+files in the program, then also delete it here.
--- a/868
+++ b/868
@@ -1,866 +1,6 @@
-2012-07-10  Milan Broz  <gmazyland@gmail.com>
-	* Version 1.5.0.
+Since version 1.6 this file is no longer maintained.

-2012-06-25  Milan Broz  <gmazyland@gmail.com>
-	* Add --device-size option for reencryption tool.
-	* Switch to use unit suffix for --reduce-device-size option.
-	* Remove open device debugging feature (no longer needed).
-	* Fix library name for FIPS check.
+See docs/*ReleaseNotes for release changes documentation.

-2012-06-20  Milan Broz  <gmazyland@gmail.com>
-	* Version 1.5.0-rc2.
-
-2012-06-18  Milan Broz  <gmazyland@gmail.com>
-	* Introduce cryptsetup-reencrypt - experimental offline LUKS reencryption tool.
-	* Fix luks-header-from-active script (do not use LUKS header on-disk, add UUID).
-	* Add --test-passphrase option for luksOpen (check passphrase only).
-
-2012-06-11  Milan Broz  <gmazyland@gmail.com>
-	* Introduce veritysetup for dm-verity target management.
-	* Version 1.5.0-rc1.
-
-2012-06-10  Milan Broz  <gmazyland@gmail.com>
-	* Both data and header device can now be a file.
-	* Loop is automatically allocated in crypt_set_data_device().
-	* Require only up to last keyslot area for header device (ignore data offset).
-	* Fix header backup and restore to work on files with large data offset.
-
-2012-05-27  Milan Broz  <gmazyland@gmail.com>
-	* Fix readonly activation if underlying device is readonly (1.4.0).
-	* Include stddef.h in libdevmapper.h (size_t definition).
-	* Version 1.4.3.
-
-2012-05-21  Milan Broz  <gmazyland@gmail.com>
-	* Add --enable-fips for linking with fipscheck library.
-	* Initialize binary and library selfcheck if running in FIPS mode.
-	* Use FIPS RNG in FIPS mode for KEY and SALT (only gcrypt backend supported).
-
-2012-05-09  Milan Broz  <gmazyland@gmail.com>
-	* Fix keyslot removal (wipe keyslot) for device with 4k hw block (1.4.0).
-	* Allow empty cipher (cipher_null) for testing.
-
-2012-05-02  Milan Broz  <gmazyland@gmail.com>
-	* Fix loop mapping on readonly file.
-	* Relax --shared test, allow mapping even for overlapping segments.
-	* Support shared flag for LUKS devices (dangerous).
-	* Switch on retry on device remove for libdevmapper.
-	* Allow "private" activation (skip some udev global rules) flag.
-
-2012-04-09  Milan Broz  <gmazyland@gmail.com>
-	* Fix header check to support old (cryptsetup 1.0.0) header alignment. (1.4.0)
-	* Version 1.4.2.
-
-2012-03-16  Milan Broz  <gmazyland@gmail.com>
-	* Add --keyfile-offset and --new-keyfile-offset parameters to API and CLI.
-	* Add repair command and crypt_repair() for known LUKS metadata problems repair.
-	* Allow to specify --align-payload only for luksFormat.
-
-2012-03-16  Milan Broz  <mbroz@redhat.com>
-	* Unify password verification option.
-	* Support password verification with quiet flag if possible. (1.2.0)
-	* Fix retry if entered passphrases (with verify option) do not match.
-	* Support UUID=<LUKS_UUID> format for device specification.
-
-2012-02-11  Milan Broz  <mbroz@redhat.com>
-	* Add --master-key-file option to luksOpen (open using volume key).
-
-2012-01-12  Milan Broz  <mbroz@redhat.com>
-	* Fix use of empty keyfile.
-
-2011-11-13  Milan Broz  <mbroz@redhat.com>
-	* Fix error message for luksClose and detached LUKS header.
-	* Allow --header for status command to get full info with detached header.
-
-2011-11-09  Milan Broz  <mbroz@redhat.com>
-	* Version 1.4.1.
-
-2011-11-05  Milan Broz  <mbroz@redhat.com>
-	* Merge pycryptsetup (Python libcryptsetup bindings).
-	* Fix stupid typo in set_iteration_time API call.
-	* Fix cryptsetup status output if parameter is device path.
-
-2011-10-27  Milan Broz  <mbroz@redhat.com>
-	* Fix crypt_get_volume_key_size() for plain device.
-	* Fix FSF address in license text.
-
-2011-10-25  Milan Broz  <mbroz@redhat.com>
-	* Print informative message in isLuks only in verbose mode.
-	* Version 1.4.0.
-
-2011-10-10  Milan Broz  <mbroz@redhat.com>
-	* Version 1.4.0-rc1.
-
-2011-10-05  Milan Broz  <mbroz@redhat.com>
-	* Support Nettle 2.4 crypto backend (for ripemd160).
-	* If device is not rotational, do not use Gutmann wipe method.
-	* Add crypt_last_error() API call.
-	* Fix luksKillSLot exit code if slot is inactive or invalid.
-	* Fix exit code if passphrases do not match in luksAddKey.
-	* Add LUKS on-disk format description into package.
-
-2011-09-22  Milan Broz  <mbroz@redhat.com>
-	* Support key-slot option for luksOpen (use only explicit keyslot).
-
-2011-08-22  Milan Broz  <mbroz@redhat.com>
-	* Add more paranoid checks for LUKS header and keyslot attributes.
-	* Fix crypt_load to properly check device size.
-	* Use new /dev/loop-control (kernel 3.1) if possible.
-	* Enhance check of device size before writing LUKS header.
-	* Do not allow context format of already formatted device.
-
-2011-07-25  Milan Broz  <mbroz@redhat.com>
-	* Remove hash/hmac restart from crypto backend and make it part of hash/hmac final.
-	* Improve check for invalid offset and size values.
-
-2011-07-19  Milan Broz  <mbroz@redhat.com>
-	* Revert default initialisation of volume key in crypt_init_by_name().
-	* Do not allow key retrieval while suspended (key could be wiped).
-	* Do not allow suspend for non-LUKS devices.
-	* Support retries and timeout parameters for luksSuspend.
-	* Add --header option for detached metadata (on-disk LUKS header) device.
-	* Add crypt_init_by_name_and_header() and crypt_set_data_device() to API.
-	* Allow different data offset setting for detached header.
-
-2011-07-07  Milan Broz  <mbroz@redhat.com>
-	* Remove old API functions (all functions using crypt_options).
-	* Add --enable-discards option to allow discards/TRIM requests.
-	* Add crypt_get_iv_offset() function to API.
-
-2011-07-01  Milan Broz  <mbroz@redhat.com>
-	* Add --shared option for creating non-overlapping crypt segments.
-	* Add shared flag to libcryptsetup api.
-	* Fix plain crypt format parameters to include size option (API change).
-
-2011-06-08  Milan Broz  <mbroz@redhat.com>
-	* Fix return code for status command when device doesn't exists.
-
-2011-05-24  Milan Broz  <mbroz@redhat.com>
-	* Version 1.3.1.
-
-2011-05-17  Milan Broz  <mbroz@redhat.com>
-	* Fix keyfile=- processing in create command (1.3.0).
-	* Simplify device path status check.
-
-2011-05-03  Milan Broz  <mbroz@redhat.com>
-	* Do not ignore size argument for create command (1.2.0).
-
-2011-04-18  Milan Broz  <mbroz@redhat.com>
-	* Fix error paths in blockwise code and lseek_write call.
-	* Add Nettle crypto backend support.
-
-2011-04-05  Milan Broz  <mbroz@redhat.com>
-	* Version 1.3.0.
-
-2011-03-22  Milan Broz  <mbroz@redhat.com>
-	* Also support --skip and --hash option for loopaesOpen.
-	* Fix return code when passphrase is read from pipe.
-	* Document cryptsetup exit codes.
-
-2011-03-18  Milan Broz  <mbroz@redhat.com>
-	* Respect maximum keyfile size paramater.
-	* Introduce maximum default keyfile size, add configure option.
-	* Require the whole key read from keyfile in create command (broken in 1.2.0).
-	* Fix offset option for loopaesOpen.
-	* Lock memory also in luksDump command.
-	* Version 1.3.0-rc2.
-
-2011-03-14  Milan Broz  <mbroz@redhat.com>
-	* Version 1.3.0-rc1.
-
-2011-03-11  Milan Broz  <mbroz@redhat.com>
-	* Add loop manipulation code and support mapping of images in file.
-	* Add backing device loop info into status message.
-	* Add luksChangeKey command.
-
-2011-03-05  Milan Broz  <mbroz@redhat.com>
-	* Add exception to COPYING for binary distribution linked with OpenSSL library.
-	* Set secure data flag (wipe all ioclt buffers) if devmapper library supports it.
-
-2011-01-29  Milan Broz  <mbroz@redhat.com>
-	* Fix mapping removal if device disappeared but node still exists.
-	* Fix luksAddKey return code if master key is used.
-
-2011-01-25  Milan Broz  <mbroz@redhat.com>
-	* Add loop-AES handling (loopaesOpen and loopaesClose commands).
-	 (requires kernel 2.6.38 and above)
-
-2011-01-05  Milan Broz  <mbroz@redhat.com>
-	* Fix static build (--disable-static-cryptsetup now works properly).
-
-2010-12-30  Milan Broz  <mbroz@redhat.com>
-	* Add compile time crypto backends implementation
-	  (gcrypt, OpenSSL, NSS and userspace Linux kernel crypto api).
-	* Currently NSS is lacking ripemd160, cannot provide full plain compatibility.
-	* Use --with-crypto_backend=[gcrypt|openssl|nss|kernel] to configure.
-
-2010-12-20  Milan Broz  <mbroz@redhat.com>
-	* Version 1.2.0.
-
-2010-11-25  Milan Broz  <mbroz@redhat.com>
-	* Fix crypt_activate_by_keyfile() to work with PLAIN devices.
-	* Fix create command to properly handle keyfile size.
-
-2010-11-16  Milan Broz  <mbroz@redhat.com>
-	* Version 1.2.0-rc1.
-
-2010-11-13  Milan Broz  <mbroz@redhat.com>
-	* Fix password callback call.
-	* Fix default plain password entry from terminal in activate_by_passphrase.
-	* Add --dump-master-key option for luksDump to allow volume key dump.
-	* Allow to activate by internally cached volume key
-	  (format/activate without keyslots active - used for temporary devices).
-	* Initialize volume key from active device in crypt_init_by_name()
-	* Fix cryptsetup binary exitcodes.
-	* Increase library version (still binary compatible with 1.1.x release).
-
-2010-11-01  Milan Broz  <mbroz@redhat.com>
-	* No longer support luksDelKey, reload and --non-exclusive.
-	* Remove some obsolete info from man page.
-	* Add crypt_get_type(), crypt_resize(), crypt_keyslot_max()
-	and crypt_get_active_device() to API.
-	* Rewrite all implementations in cryptsetup to new API.
-	* Fix luksRemoveKey to behave as documented (do not ask
-	for remaining keyslot passphrase).
-	* Add more regression tests for commands.
-	* Disallow mapping of device which is already in use (mapped or mounted).
-	* Disallow luksFormat on device in use.
-
-2010-10-27  Milan Broz  <mbroz@redhat.com>
-	* Rewrite cryptsetup luksFormat, luksOpen, luksAddKey to use new API
-	  to allow adding new features.
-	* Implement --use-random and --use-urandom for luksFormat to allow
-	  setting of RNG for volume key generator.
-	* Add crypt_set_rng_type() and crypt_get_rng_type() to API.
-	* Add crypt_set_uuid() to API.
-	* Allow UUID setting in luksFormat and luksUUID (--uuid parameter).
-	* Add --keyfile-size and --new-keyfile-size (in bytes) size and disallow overloading
-	  of --key-size for limiting keyfile reads.
-	* Fix luksFormat to properly use key file with --master-key-file switch.
-	* Fix possible double free when handling master key file.
-
-2010-10-17  Milan Broz  <mbroz@redhat.com>
-	* Add crypt_get_device_name() to API (get underlying device name).
-	* Change detection for static libraries.
-	* Fix pkg-config use in automake scripts.
-	* Remove --disable-shared-library switch and handle static library build
-	  by common libtool logic (using --enable-static).
-	* Add --enable-static-cryptsetup option to build cryptsetup.static binary
-	  together with shared build.
-
-2010-08-05  Milan Broz  <mbroz@redhat.com>
-	* Wipe iteration and salt after KillSlot in LUKS header.
-	* Rewrite file differ test to C (and fix it to really work).
-	* Switch to 1MiB default alignment of data.
-	  For more info see https://bugzilla.redhat.com/show_bug.cgi?id=621684
-	* Do not query non-existent device twice (cryptsetup status /dev/nonexistent).
-	* Check if requested hash is supported before writing LUKS header.
-
-2010-07-28  Arno Wagner <arno@wagner.name>
-	* Add FAQ (Frequently Asked Questions) file to distribution.
-
-2010-07-03  Milan Broz  <mbroz@redhat.com>
-	* Fix udev support for old libdevmapper with not compatible definition.
-	* Version 1.1.3.
-
-2010-06-01  Milan Broz  <mbroz@redhat.com>
-	* Fix device alignment ioctl calls parameters.
-	* Fix activate_by_* API calls to handle NULL device name as documented.
-
-2010-05-30  Milan Broz  <mbroz@redhat.com>
-	* Version 1.1.2.
-
-2010-05-27  Milan Broz  <mbroz@redhat.com>
-	* Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile.
-	* Support --key-file/-d option for luksFormat.
-	* Fix description of --key-file and add --verbose and --debug options to man page.
-	* Add verbose log level and move unlocking message there.
-	* Remove device even if underlying device disappeared.
-	* Fix (deprecated) reload device command to accept new device argument.
-
-2010-05-23  Milan Broz  <mbroz@redhat.com>
-	* Fix luksClose operation for stacked DM devices.
-	* Version 1.1.1.
-
-2010-05-03  Milan Broz  <mbroz@redhat.com>
-	* Fix automatic dm-crypt module loading.
-	* Escape hyphens in man page.
-	* Version 1.1.1-rc2.
-
-2010-04-30  Milan Broz  <mbroz@redhat.com>
-	* Try to use pkgconfig for device mapper library.
-	* Detect old dm-crypt module and disable LUKS suspend/resume.
-	* Fix apitest to work on older systems.
-	* Allow no hash specification in plain device constructor.
-	* Fix luksOpen reading of passphrase on stdin (if "-" keyfile specified).
-	* Fix isLuks to initialise crypto backend (blkid instead is suggested anyway).
-	* Version 1.1.1-rc1.
-
-2010-04-12  Milan Broz  <mbroz@redhat.com>
-	* Fix package config to use proper package version.
-	* Avoid class C++ keyword in library header.
-	* Detect and use devmapper udev support if available (disable by --disable-udev).
-
-2010-04-06  Milan Broz  <mbroz@redhat.com>
-	* Prefer some device paths in status display.
-	* Support device topology detectionfor data alignment.
-
-2010-02-25  Milan Broz  <mbroz@redhat.com>
-	* Do not verify unlocking passphrase in luksAddKey command.
-	* Properly initialise crypto backend in header backup/restore commands.
-
-2010-01-17  Milan Broz  <mbroz@redhat.com>
-	* If gcrypt compiled with capabilities, document workaround for cryptsetup (see lib/gcrypt.c).
-	* Version 1.1.0.
-
-2010-01-10  Milan Broz  <mbroz@redhat.com>
-	* Fix initialisation of gcrypt duting luksFormat.
-	* Convert hash name to lower case in header (fix sha1 backward comatible header)
-	* Check for minimum required gcrypt version.
-
-2009-12-30  Milan Broz  <mbroz@redhat.com>
-	* Fix key slot iteration count calculation (small -i value was the same as default).
-	* The slot and key digest iteration minimun is now 1000.
-	* The key digest iteration # is calculated from iteration time (approx 1/8 of that).
-	* Version 1.1.0-rc4.
-
-2009-12-11  Milan Broz  <mbroz@redhat.com>
-	* Fix error handling during reading passhrase.
-
-2009-12-01  Milan Broz  <mbroz@redhat.com>
-	* Allow changes of default compiled-in cipher parameters through configure.
-	* Switch default key size for LUKS to 256bits.
-	* Switch default plain mode to aes-cbc-essiv:sha256 (default is backward incompatible!).
-
-2009-11-14  Milan Broz  <mbroz@redhat.com>
-	* Add CRYPT_ prefix to enum defined in libcryptsetup.h.
-	* Fix status call to fail when running as non-root user.
-	* Check in configure if selinux libraries are required in static version.
-	* Add temporary debug code to find processes locking internal device.
-	* Simplify build system, use autopoint and clean gettext processing.
-	* Use proper NLS macros and detection (so the message translation works again).
-	* Version 1.1.0-rc3.
-
-2009-09-30  Milan Broz  <mbroz@redhat.com>
-	* Fix exported symbols and versions in libcryptsetup.
-	* Do not use internal lib functions in cryptsetup.
-	* Add crypt_log to library.
-	* Fix crypt_remove_device (remove, luksClose) implementation.
-	* Move dm backend initialisation to library calls.
-	* Move duplicate Command failed message to verbose level (error is printed always).
-	* Add some password and used algorithms notes to man page.
-	* Version 1.1.0-rc2.
-
-2009-09-28  Milan Broz  <mbroz@redhat.com>
-	* Add luksHeaderBackup and luksHeaderRestore commands.
-	* Fail passphrase read if piped input no longer exists.
-	* Version 1.1.0-rc1.
-
-2009-09-15  Milan Broz  <mbroz@redhat.com>
-	* Initialize crypto library before LUKS header load.
-	* Fix manpage to not require --size which expands to device size by default.
-
-2009-09-10  Milan Broz  <mbroz@redhat.com>
-	* Clean up Makefiles and configure script.
-	* Version 1.1.0-test0.
-
-2009-09-08  Milan Broz  <mbroz@redhat.com>
-	* Use dm-uuid for all crypt devices, contains device type and name now.
-	* Try to read first sector from device to properly check that device is ready.
-
-2009-09-02  Milan Broz  <mbroz@redhat.com>
-	* Add luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase).
-
-2009-08-30  Milan Broz  <mbroz@redhat.com>
-	* Require device device-mapper to build and do not use backend wrapper for dm calls.
-	* Move memory locking and dm initialization to command layer.
-	* Increase priority of process if memory is locked.
-	* Add log macros and make logging modre consitent.
-	* Move command successful messages to verbose level.
-	* Introduce --debug parameter.
-	* Move device utils code and provide context parameter (for log).
-	* Keyfile now must be provided by path, only stdin file descriptor is used (api only).
-	* Do not call isatty() on closed keyfile descriptor.
-	* Run performance check for PBKDF2 from LUKS code, do not mix hash algoritms results.
-	* Add ability to provide pre-generated master key and UUID in LUKS header format.
-	* Add LUKS function to verify master key digest.
-	* Move key slot manuipulation function into LUKS specific code.
-	* Replace global options struct with separate parameters in helper functions.
-	* Add new libcryptsetup API (documented in libcryptsetup.h).
-	* Implement old API calls using new functions.
-	* Remove old API code helper functions.
-	* Add --master-key-file option for luksFormat and luksAddKey.
-
-2009-08-17  Milan Broz  <mbroz@redhat.com>
-	* Fix PBKDF2 speed calculation for large passhrases.
-	* Allow using passphrase provided in options struct for LuksOpen.
-	* Allow restrict keys size in LuksOpen.
-
-2009-07-30  Milan Broz  <mbroz@redhat.com>
-	* Fix errors when compiled with LUKS_DEBUG.
-	* Print error when getline fails.
-	* Remove po/cryptsetup-luks.pot, it's autogenerated.
-	* Return ENOENT for empty keyslots, EINVAL will be used later for other type of error.
-	* Switch PBKDF2 from internal SHA1 to libgcrypt, make hash algorithm not hardcoded to SHA1 here.
-	* Add required parameters for changing hash used in LUKS key setup scheme.
-	* Do not export simple XOR helper now used only inside AF functions.
-	* Completely remove internal SHA1 implementanion code, not needed anymore.
-	* Enable hash algorithm selection for LUKS through -h luksFormat option.
-
-2009-07-28  Milan Broz  <mbroz@redhat.com>
-	* Pad luks header to 512 sector size.
-	* Rework read/write blockwise to not split operation to many pieces.
-	* Use posix_memalign if available.
-
-2009-07-22  Milan Broz  <mbroz@redhat.com>
-	* Fix segfault if provided slot in luksKillslot is invalid.
-	* Remove unneeded timeout when remove of temporary device succeeded.
-
-2009-07-22  Milan Broz  <mbroz@redhat.com>
-	* version 1.0.7
-
-2009-07-16  Milan Broz  <mbroz@redhat.com>
-	* Allow removal of last slot in luksRemoveKey and luksKillSlot.
-
-2009-07-11  Milan Broz  <mbroz@redhat.com>
-
-	* Add --disable-selinux option and fix static build if selinux is required.
-	* Reject unsupported --offset and --skip options for luksFormat and update man page.
-
-2009-06-22  Milan Broz  <mbroz@redhat.com>
-
-	* Summary of changes in subversion for 1.0.7-rc1:
-	* Various man page fixes.
-	* Set UUID in device-mapper for LUKS devices.
-	* Retain readahead of underlying device.
-	* Display device name when asking for password.
-	* Check device size when loading LUKS header. Remove misleading error message later.
-	* Add error hint if dm-crypt mapping failed.
-	* Use better error messages if device doesn't exist or is already used by other mapping.
-	* Fix make distcheck.
-	* Check if all slots are full during luksAddKey.
-	* Fix segfault in set_error.
-	* Code cleanups, remove precompiled pot files, remove unnecessary files from po directory
-	* Fix uninitialized return value variable in setup.c.
-	* Code cleanups. (thanks to Ivan Stankovic)
-	* Fix wrong output for remaining key at key deletion.
-	* Allow deletion of key slot while other keys have the same key information.
-	* Add missing AM_PROG_CC_C_O to configure.in
-	* Remove duplicate sentence in man page.
-	* Wipe start of device (possible fs signature) before LUKS-formatting.
-	* Do not process configure.in in hidden directories.
-	* Return more descriptive error in case of IO or header format error.
-	* Use remapping to error target instead of calling udevsettle for temporary crypt device.
-	* Check device mapper communication and warn user if device-mapper support missing in kernel.
-	* Fix signal handler to properly close device.
-	* write_lseek_blockwise: declare innerCount outside the if block.
-	* add -Wall to the default CFLAGS. fix some signedness issues.
-	* Error handling improvement.
-	* Add non-exclusive override to interface definition.
-	* Refactor key slot selection into keyslot_from_option.
-
-2007-05-01  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/backends.c, man/cryptsetup.8: Apply patch from Ludwig Nussel
-	<ludwig.nussel@suse.de>, for old SuSE compat hashing.
-
-2007-04-16  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* Summary of changes in subversion:
-	Fix segfault for key size > 32 bytes.
-	Kick ancient header version conversion. 
-	Fix http://bugs.debian.org/403075
-	No passwort retrying for I/O errors.
-	Fix hang on "-i 0".
-	Fix parenthesization error that prevented --tries from working
-	correctly.
-
-2006-11-28  gettextize  <bug-gnu-gettext@gnu.org>
-
-	* m4/gettext.m4: Upgrade to gettext-0.15.
-	* m4/glibc2.m4: New file, from gettext-0.15.
-	* m4/intmax.m4: New file, from gettext-0.15.
-	* m4/inttypes-h.m4: New file, from gettext-0.15.
-	* m4/inttypes-pri.m4: Upgrade to gettext-0.15.
-	* m4/lib-link.m4: Upgrade to gettext-0.15.
-	* m4/lib-prefix.m4: Upgrade to gettext-0.15.
-	* m4/lock.m4: New file, from gettext-0.15.
-	* m4/longdouble.m4: New file, from gettext-0.15.
-	* m4/longlong.m4: New file, from gettext-0.15.
-	* m4/nls.m4: Upgrade to gettext-0.15.
-	* m4/po.m4: Upgrade to gettext-0.15.
-	* m4/printf-posix.m4: New file, from gettext-0.15.
-	* m4/signed.m4: New file, from gettext-0.15.
-	* m4/size_max.m4: New file, from gettext-0.15.
-	* m4/visibility.m4: New file, from gettext-0.15.
-	* m4/wchar_t.m4: New file, from gettext-0.15.
-	* m4/wint_t.m4: New file, from gettext-0.15.
-	* m4/xsize.m4: New file, from gettext-0.15.
-	* m4/Makefile.am: New file.
-	* configure.in (AC_OUTPUT): Add m4/Makefile.
-	(AM_GNU_GETTEXT_VERSION): Bump to 0.15.
-
-2006-10-22  David Härdeman  <david@hardeman.nu>
-
-	* Allow hashing of keys passed through stdin.
-
-2006-10-13  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: 1.0.4 release
-
-2006-10-13  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* man/cryptsetup.8: Document --tries switch; patch by Jonas
-	Meurer.
-
-2006-10-13  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c: Added terminal timeout rewrite as forwarded by
-	Jonas Meurer
-
-2006-10-04  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* Merged patch from Marc Merlin <marc@merlins.org> to allow user
-	selection of key slot.
-
-2006-09-26  gettextize  <bug-gnu-gettext@gnu.org>
-
-	* m4/codeset.m4: Upgrade to gettext-0.14.4.
-	* m4/gettext.m4: Upgrade to gettext-0.14.4.
-	* m4/glibc2.m4: New file, from gettext-0.14.4.
-	* m4/glibc21.m4: Upgrade to gettext-0.14.4.
-	* m4/iconv.m4: Upgrade to gettext-0.14.4.
-	* m4/intdiv0.m4: Upgrade to gettext-0.14.4.
-	* m4/intmax.m4: New file, from gettext-0.14.4.
-	* m4/inttypes.m4: Upgrade to gettext-0.14.4.
-	* m4/inttypes_h.m4: Upgrade to gettext-0.14.4.
-	* m4/inttypes-pri.m4: Upgrade to gettext-0.14.4.
-	* m4/isc-posix.m4: Upgrade to gettext-0.14.4.
-	* m4/lcmessage.m4: Upgrade to gettext-0.14.4.
-	* m4/lib-ld.m4: Upgrade to gettext-0.14.4.
-	* m4/lib-link.m4: Upgrade to gettext-0.14.4.
-	* m4/lib-prefix.m4: Upgrade to gettext-0.14.4.
-	* m4/longdouble.m4: New file, from gettext-0.14.4.
-	* m4/longlong.m4: New file, from gettext-0.14.4.
-	* m4/nls.m4: Upgrade to gettext-0.14.4.
-	* m4/po.m4: Upgrade to gettext-0.14.4.
-	* m4/printf-posix.m4: New file, from gettext-0.14.4.
-	* m4/progtest.m4: Upgrade to gettext-0.14.4.
-	* m4/signed.m4: New file, from gettext-0.14.4.
-	* m4/size_max.m4: New file, from gettext-0.14.4.
-	* m4/stdint_h.m4: Upgrade to gettext-0.14.4.
-	* m4/uintmax_t.m4: Upgrade to gettext-0.14.4.
-	* m4/ulonglong.m4: Upgrade to gettext-0.14.4.
-	* m4/wchar_t.m4: New file, from gettext-0.14.4.
-	* m4/wint_t.m4: New file, from gettext-0.14.4.
-	* m4/xsize.m4: New file, from gettext-0.14.4.
-	* Makefile.am (ACLOCAL_AMFLAGS): New variable.
-	* configure.in (AM_GNU_GETTEXT_VERSION): Bump to 0.14.4.
-
-2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: 1.0.4-rc2
-
-2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* luks/Makefile.am: Add a few regression tests 
-
-2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c (get_key): Applied patch from David Härdeman
-	<david@2gen.com> for reading binary keys from stdin using
-	the "-" as key file.
-
-2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c (__crypt_luks_add_key): For checking options struct
-	(optionsCheck) filter out CRYPT_FLAG_VERIFY and
-	CRYPT_FLAG_VERIFY_IF_POSSIBLE, so that in no case password verification is done
-	for password retrieval.
-
-2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: Merge Patch from http://bugs.gentoo.org/show_bug.cgi?id=132126 for sepol
-
-2006-07-23  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* Applied patches from David Härdeman <david@2gen.com> to fix 64
-	bit compiler warning issues.
-
-2006-05-19  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* Applied patches from Jonas Meurer
-	  - fix terminal status after timeout
-	  - add remark for --tries to manpage
-	  - allow more than 32 chars from standard input.
-	  - exit status fix for cryptsetup status.
-
-2006-05-06  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* src/cryptsetup.c (yesDialog): Fix getline problem for 64-bit archs. 
-
-2006-04-05  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: Release 1.0.3.
-
-	* Applied patch by Johannes Weißl for more meaningful exit codes
-	and password retries
-
-2006-03-30  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c (__crypt_create_device): (char *) -> (const char *)
-
-2006-03-30  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* Apply alignPayload patch from Peter Palfrader <weasel@debian.org>
-
-2006-03-15  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: 1.0.3-rc3. Most unplease release ever. 
-	* lib/setup.c (__crypt_create_device): More verbose error message.
-
-2006-02-26  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c: Revert to 1.0.1 key reading.
-
-2006-02-25  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* man/cryptsetup.8: merge patch from Jonas Meurer
-
-2006-02-25  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: 1.0.3-rc2
-
-2006-02-25  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/libdevmapper.c (dm_create_device): Remove dup check here.
-	* lib/setup.c (__crypt_luks_open): Adopt same dup check as regular
-	create command.
-
-2006-02-22  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: Spin 1.0.3-rc1
-
-2006-02-22  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* src/cryptsetup.c (action_create): Change defaulting.
-	(action_luksFormat): Change defaulting.
-
-	* lib/setup.c (parse_into_name_and_mode): Revert that default
-	change. This is FORBIDDEN here, as it will change cryptsetup
-	entire default. This is BAD in a non-LUKS world.
-
-2006-02-21  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* luks/keyencryption.c (setup_mapping): Add proper size restriction to mapping.	
-	(LUKS_endec_template): Add more verbose error message.
-
-2006-02-21  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/libdevmapper.c (dm_query_device): Incorporate patch from
-	Bastian Blank
-	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344313
-
-2006-02-21  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* src/cryptsetup.c: Rename show_error -> show_status.
-
-2006-02-20  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/libdevmapper.c (dm_create_device): Prevent existing mapping
-	from being removed when a mapping with the same name is added
-
-	* Add timeout patch from Jonas Meurer 
-
-	* src/cryptsetup.c: Remove conditional error printing to enable
-	printing the no-error msg (Command successful). Verify passphrase
-	for LUKS volumes.
-	(main): Add no-verify-passphrase
-
-	* lib/setup.c (parse_into_name_and_mode): Change default mode complition to essiv:sha256.
-
-2006-01-04  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* src/cryptsetup.c (help): Merge patch from Gentoo: change gettext(..) to _(..).
-
-2005-12-06  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* man/cryptsetup.8: Correct "seconds" to "microseconds" in the explaination for -i.
-
-2005-11-09  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* src/cryptsetup.c (main): Add version string.
-
-2005-11-08  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/backends.c: compile fix. 
-
-2005-09-11  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c (get_key): Fixed another incompatibility from my
-	get_key rewrite with original cryptsetup.
-
-2005-09-11  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* Merged changes from Florian Knauf's fk02 branch.
-
-2005-09-08  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c (get_key): Fixed another incompatiblity with
-	original cryptsetup.
-
-2005-08-20  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* Checked in a patch from Michael Gebetsroither <gebi@sbox.tugraz.at>
-	  to silent all confirmation dialogs.
-
-2005-06-23  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* src/cryptsetup.c (help): print PACKAGE_STRING
-
-2005-06-20  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* luks/keymanage.c (LUKS_set_key): Security check against header manipulation
-
-	* src/cryptsetup.c (action_luksDelKey): Safety check in luksDelKey
-
-	* luks/keymanage.c: Changed disk layout generation to align key material to 4k boundaries.
-	(LUKS_is_last_keyslot): Added LUKS_is_last_keyslot function.
-
-        * Applied patch from Bill Nottingham fixing a lot of prototypes.
-
-	* src/cryptsetup.c (action_luksOpen): Add support for -r flag.
-
-	* configure.in: Version bump 1.0.1
-
-2005-06-16  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c (__crypt_luks_open): Remove mem leaking of dmCipherSpec.
-	(get_key): Fix missing zero termination for read string. 
-
-2005-06-12  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* luks/keyencryption.c (setup_mapping): Added CRYPT_FLAG_READONLY in case of O_RDONLY mode
-
-2005-06-11  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: Version bump 1.0.1-pre
-
-2005-06-09  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/utils.c: Added write_llseek_blocksize method to support sector wiping on sector_size != 512 
-	media
-
-2005-05-23  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/setup.c (crypt_luksDelKey): Added missing return statement
-	(setup_leave): Added missing return statement
-
-	* luks/keyencryption.c (clear_mapping): Added missing return statement
-
-2005-05-19  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* lib/utils.c (write_blockwise, read_blockwise): Changed to soft bsize instead of SECTOR_SIZE
-
-	* luks/keymanage.c (wipe): Changed open mode to O_DIRECT | O_SYNC, and changed write 
-	to use the blockwise write helper
-
-2005-04-21  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* man/cryptsetup.8: Corrected an error, thanks to Dick Middleton.
-
-2005-04-09  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* luks/sha/hmac.c: Add 64 bit bug fix courtesy to 
-	Oliver Paukstadt <pstadt@sourcentral.org>.
-
-	* luks/pbkdf.c, luks/keyencryption.c, luks/keymanage.c, luks/af.c: Added a license 
-	disclaimer and remove option for "any future GPL versions".
-
-2005-03-25  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* configure.in: man page Makefile. Version bump 1.0.
-
-	* man/cryptsetup.8: finalize man page and move to section 8.
-
-	* src/cryptsetup.c (action_luksFormat): Add "are you sure" for interactive sessions.
-
-	* lib/setup.c (crypt_luksDump), src/cryptsetup.c: add LUKS dump command
-
-2005-03-24  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* src/cryptsetup.c, luks/Makefile.am (test), lib/setup.c (setup_enter): 
-	rename luksInit to luksFormat
-
-2005-03-12  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* man/cryptsetup.1: Add man page.
-
-	* lib/setup.c: Remove unneccessary LUKS_write_phdr call, so the
-	phdr is written after passphrase reading, so the user can change
-	his mind, and not have a partial written LUKS header on it's disk.
-
-2005-02-09  Clemens Fruhwirth  <clemens@endorphin.org>
-
-	* luks/keymanage.c (LUKS_write_phdr): converted argument phdr to
-	pointer, and make a copy of phdr for conversion
-
-	* configure.in: Version dump.
-
-	* luks/keyencryption.c: Convert to read|write_blockwise.
-
-	* luks/keymanage.c: Convert to read|write_blockwise.
-
-	* lib/utils.c: Add read|write_blockwise functions, to use in
-	O_DIRECT file accesses. 
-
-2004-03-11 Thursday 15:52   Christophe Saout <christophe@saout.de>
-
-	* lib/blockdev.h: BLKGETSIZE64 really uses size_t as third
-	  argument, the rest is wrong.
-
-2004-03-10 Wednesday 17:50   Christophe Saout <christophe@saout.de>
-
-	* lib/: libcryptsetup.h, libdevmapper.c: Small fixes.
-
-2004-03-09 Tuesday 21:41   Christophe Saout <christophe@saout.de>
-
-	* lib/internal.h, lib/libcryptsetup.h, lib/libdevmapper.c,
-	  lib/setup.c, po/de.po, src/cryptsetup.c: Added internal flags to
-	  keep track of malloc'ed return values in struct crypt_options and
-	  add a function to free the memory. Also add a readonly flag to
-	  libcryptsetup.
-
-2004-03-09 Tuesday 16:03   Christophe Saout <christophe@saout.de>
-
-	* ChangeLog, configure.in, setup-gettext, lib/Makefile.am,
-	  lib/backends.c, lib/blockdev.h, lib/gcrypt.c, lib/internal.h,
-	  lib/libcryptsetup.h, lib/libdevmapper.c, lib/setup.c,
-	  lib/utils.c, po/de.po, src/Makefile.am, src/cryptsetup.c: More
-	  reorganization work.
-
-2004-03-08 Monday 01:38   Christophe Saout <christophe@saout.de>
-
-	* ChangeLog, Makefile.am, acinclude.m4, configure.in,
-	  lib/Makefile.am, lib/backends.c, lib/blockdev.h, lib/gcrypt.c,
-	  lib/libdevmapper.c, lib/setup.c, lib/utils.c, po/de.po,
-	  src/Makefile.am: BLKGETSIZE64 fixes and started modularity
-	  enhancements
-
-2004-03-04 Thursday 21:06   Christophe Saout <christophe@saout.de>
-
-	* Makefile.am, po/de.po, src/cryptsetup.c, src/cryptsetup.h: First
-	  backward compatible working version.
-
-2004-03-04 Thursday 00:42   Christophe Saout <christophe@saout.de>
-
-	* NEWS, AUTHORS, ChangeLog, Makefile.am, README, autogen.sh,
-	  configure.in, setup-gettext, po/ChangeLog, po/LINGUAS,
-	  po/POTFILES.in, po/de.po, src/cryptsetup.c, src/cryptsetup.h,
-	  src/Makefile.am (utags: initial): Initial checkin.
-
-2004-03-04 Thursday 00:42   Christophe Saout <christophe@saout.de>
-
-	* NEWS, AUTHORS, ChangeLog, Makefile.am, README, autogen.sh,
-	  configure.in, setup-gettext, po/ChangeLog, po/LINGUAS,
-	  po/POTFILES.in, po/de.po, src/cryptsetup.c, src/cryptsetup.h,
-	  src/Makefile.am: Initial revision
+See version control history for full commit messages.
+  http://code.google.com/p/cryptsetup/source/list
--- a/510
+++ b/510
@@ -8,6 +8,7 @@ Sections
 6. Backup and Data Recovery
 7. Interoperability with other Disk Encryption Tools
 8. Issues with Specific Versions of cryptsetup
+9. References and Further Reading
 A. Contributors


@@ -37,6 +38,11 @@ A. Contributors
  such a disaster! In particular, make sure you have a current header
  backup before doing any potentially dangerous operations.

+  SSDs/FLASH DRIVES: SSDs and Flash are different. Currently it is
+  unclear how to get LUKS or plain dm-crypt to run on them with the
+  full set of security features intact. This may or may not be a
+  problem, depending on the attacher model. See Section 5.19.
+
  BACKUP: Yes, encrypted disks die, just as normal ones do. A full
  backup is mandatory, see Section "6. Backup and Data Recovery" on
  options for doing encrypted backup.
@@ -77,7 +83,7 @@ A. Contributors

  PASSPHRASE CHARACTER SET: Some people have had difficulties with
  this when upgrading distributions. It is highly advisable to only
-  use the 94 printable characters from the first 128 characters of
+  use the 95 printable characters from the first 128 characters of
  the ASCII table, as they will always have the same binary
  representation. Other characters may have different encoding
  depending on system configuration and your passphrase will not
@@ -86,7 +92,7 @@ A. Contributors
  http://en.wikipedia.org/wiki/ASCII


- * 1.3 System Specific warnings
+ * 1.3 System specific warnings

  - Ubuntu as of 4/2011: It seems the installer offers to create
  LUKS partitions in a way that several people mistook for an offer
@@ -98,8 +104,37 @@ A. Contributors
  This issue has been acknowledged by the Ubuntu dev team, see here:
  http://launchpad.net/bugs/420080

+  Update 7/2012: I am unsure whether this has been fixed by now, best
+  be careful.

- * 1.4 Who wrote this?
+
+ * 1.4 My LUKS-device is broken! Help!
+
+  First: Do not panic! In many cases the data is still recoverable.
+  Do not do anything hasty! Steps:
+
+  - Take some deep breaths. Maybe add some relaxing music. This may
+  sound funny, but I am completely serious. Often, critical damage is
+  done only after the initial problem.
+
+  - Do not reboot. The keys mays still be in the kernel if the device
+  is mapped.
+
+  - Make sure others do not reboot the system.
+
+  - Do not write to your disk without a clear understanding why this
+  will not make matters worse. Do a sector-level backup before any
+  writes. Often you do not need to write at all to get enough access
+  to make a backup of the data.
+
+  - Relax some more.
+
+  - Read section 6 of this FAQ.
+
+  - Ask on the mailing-list if you need more help.
+
+
+ * 1.5 Who wrote this?

  Current FAQ maintainer is Arno Wagner <arno@wagner.name>. Other
  contributors are listed at the end. If you want to contribute, send
@@ -149,10 +184,116 @@ A. Contributors
  http://dir.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt


+ * 1.7 Unsubscribe from the mailing-list
+
+  Send mail to dm-crypt-unsubscribe@saout.de from the subscribed
+  account. You will get an email with instructions.
+
+  Basically, you just have to respond to it unmodified to get
+  unsubscribed. The listserver admin functions are not very fast. It
+  can take 15 minutes or longer for a reply to arrive (I suspect
+  greylisting is in use), so be patient.
+
+  Also note that nobody on the list can unsubscribe you, sending
+  demands to be unsubscribed to the list just annoys people that are
+  entirely blameless for you being subscribed.
+
+  If you are subscribed, a subscription confirmation email was sent
+  to your email account and it had to be answered before the
+  subscription went active. The confirmation emails from the
+  listserver have subjects like these (with other numbers):
+
+  Subject: confirm 9964cf10.....
+  
+  and are sent from dm-crypt-request@saout.de. You should check
+  whether you have anything like it in your sent email folder. If
+  you find nothing and are sure you did not confirm, then you should
+  look into a possible compromise of your email account.
+
+
 2. Setup 


- * 2.1 What is the difference between "plain" and LUKS format?
+ * 2.1 LUKS Container Setup mini-HOWTO
+
+  This item tries to give you a very brief list of all the steps you
+  should go though when creating a new LUKS encrypted container, i.e.
+  encrypted disk, partition or loop-file.
+
+  01) All data will be lost, if there is data on the target, make a 
+  backup.
+
+  02) Make very sure you have the right target disk, partition or
+  loop-file.
+
+  03) If the target was in use previously, it is a good idea to
+  wipe it before creating the LUKS container in order to remove any
+  trace of old file systems and data. For example, some users have
+  managed to run e2fsck on a partition containing a LUKS container,
+  possibly because of residual ext2 superblocks from an earlier use.
+  This can do arbitrary damage up to complete and permanent loss of
+  all data in the LUKS container.
+
+  To just quickly wipe file systems (old data may remain), use
+
+     wipefs -a <target device>
+ 
+  To wipe file system and data, use something like
+
+     cat /dev/zero > <target device>
+ 
+  This can take a while. To get a progress indicator, you can use
+  the tool dd_rescue (->google) instead or use my stream meter "wcs"
+  (source here: http://www.tansi.org/tools/index.html) in the
+  following fashion:
+
+     cat /dev/zero | wcs > <target device>
+ 
+  Be very sure you have the right target, all data will be lost!
+
+  Note that automatic wiping is on the TODO list for cryptsetup, so
+  at some time in the future this will become unnecessary.
+
+  04) Create the LUKS container:
+     cryptsetup luksFormat <target device>
+ 
+  Just follow the on-screen instructions.
+
+  05) Map the container. Here it will be mapped to /dev/mapper/c1:
+     cryptsetup luksOpen <target device> c1 
+ 
+  06) (Optionally) wipe the container (make sure you have the right target!):
+     cat /dev/zero > /dev/mapper/c1
+      
+  Note that this creates a small information leak, as an attacker can
+  determine whether a 512 byte block is zero if the attacker has
+  access to the encrypted container multiple times. Typically a
+  competent attacker that has access multiple times can install a
+  passphrase sniffer anyways, so this leakage is not very
+  significant. For getting a progress indicator, see step 03.
+
+  Note that at some time in the future, cryptsetup will do this for
+  you, but currently it is a TODO list item.
+
+  07) Create a file system in the mapped container, for example an 
+  ext3 file system (any other file system is possible):
+
+     mke2fs -j /dev/mapper/c1
+ 
+  08) Mount your encrypted file system, here on /mnt:
+     mount /dev/mapper/c1 /mnt 
+ 
+  Done. You can now use the encrypted file system to store data. Be
+  sure to read though the rest of the FAQ, these are just the very
+  basics. In particular, there are a number of mistakes that are
+  easy to make, but will compromise your security.
+
+
+ * 2.2 What is the difference between "plain" and LUKS format?
+
+  First, unless you happen to understand the cryptographic background
+  well, you should use LUKS. It does protect the user from a lot of
+  common mistakes. Plain dm-crypt is for experts.

  Plain format is just that: It has no metadata on disk, reads all
  parameters from the commandline (or the defaults), derives a
@@ -202,7 +343,7 @@ A. Contributors
  non-default XTS mode).


- * 2.2 Can I encrypt an already existing, non-empty partition to use
+ * 2.3 Can I encrypt an already existing, non-empty partition to use
   LUKS?

  There is no converter, and it is not really needed. The way to do
@@ -217,7 +358,7 @@ A. Contributors
  to be in a filesystem.


- * 2.3 How do I use LUKS with a loop-device?
+ * 2.4 How do I use LUKS with a loop-device?

  This can be very handy for experiments. Setup is just the same as
  with any block device. If you want, for example, to use a 100MiB
@@ -231,7 +372,7 @@ A. Contributors
  To unmap the file when done, use "losetup -d /dev/loop0".


- * 2.4 When I add a new key-slot to LUKS, it asks for a passphrase but
+ * 2.5 When I add a new key-slot to LUKS, it asks for a passphrase but
   then complains about there not being a key-slot with that
   passphrase?

@@ -243,7 +384,7 @@ A. Contributors
  new key-slot.


- * 2.5 Encryption on top of RAID or the other way round?
+ * 2.6 Encryption on top of RAID or the other way round?

  Unless you have special needs, place encryption between RAID and
  filesystem, i.e. encryption on top of RAID. You can do it the other
@@ -253,7 +394,7 @@ A. Contributors
  device, e.g. /dev/dm0 .


- * 2.6 How do I read a dm-crypt key from file?
+ * 2.7 How do I read a dm-crypt key from file?

  Note that the file will still be hashed first, just like keyboard
  input. Use the --key-file option, like this:
@@ -261,7 +402,7 @@ A. Contributors
      cryptsetup create --key-file keyfile e1 /dev/loop0
 

- * 2.7 How do I read a LUKS slot key from file?
+ * 2.8 How do I read a LUKS slot key from file?

  What you really do here is to read a passphrase from file, just as
  you would with manual entry of a passphrase for a key-slot. You can
@@ -287,7 +428,7 @@ A. Contributors
      cryptsetup luksOpen --key-file keyfile /dev/loop0 e1
 

- * 2.8 How do I read the LUKS master key from file?
+ * 2.9 How do I read the LUKS master key from file?

  The question you should ask yourself first is why you would want to
  do this. The only legitimate reason I can think of is if you want
@@ -298,7 +439,7 @@ A. Contributors
  do this here.


- * 2.9 What are the security requirements for a key read from file?
+ * 2.10 What are the security requirements for a key read from file?

  A file-stored key or passphrase has the same security requirements
  as one entered interactively, however you can use random bytes and
@@ -310,7 +451,7 @@ A. Contributors
      head -c 256 /dev/random > keyfile
 

- * 2.10 If I map a journaled file system using dm-crypt/LUKS, does it
+ * 2.11 If I map a journaled file system using dm-crypt/LUKS, does it
   still provide its usual transactional guarantees?

  Yes, it does, unless a very old kernel is used. The required flags
@@ -338,7 +479,7 @@ A. Contributors
  should improve further and eventually the problem should go away.


- * 2.11 Can I use LUKS or cryptsetup with a more secure (external)
+ * 2.12 Can I use LUKS or cryptsetup with a more secure (external)
   medium for key storage, e.g. TPM or a smartcard?

  Yes, see the answers on using a file-supplied key. You do have to
@@ -348,7 +489,7 @@ A. Contributors
  storage.


- * 2.12 Can I resize a dm-crypt or LUKS partition?
+ * 2.13 Can I resize a dm-crypt or LUKS partition?

  Yes, you can, as neither dm-crypt nor LUKS stores partition size.
  Whether you should is a different question. Personally I recommend
@@ -368,6 +509,22 @@ A. Contributors
  for that.


+ * 2.14 How do I Benchmark the Ciphers, Hashes and Modes?
+
+  Since version 1.60 cryptsetup supports the "benchmark" command.
+  Simply run as root:
+
+   cryptsetup benchmark
+ 
+  It will output first iterations/second for the key-derivation
+  function PBKDF2 parameterized with different hash-functions, and
+  then the raw encryption speed of ciphers with different modes and
+  key-sizes. You can get more than the default benchmarks, see the
+  man-page for the relevant parameters. Note that XTS mode takes two
+  keys, hence the listed key sizes are double that for other modes
+  and half of it is the cipher key, the other half is the XTS key.
+
+
 3. Common Problems 


@@ -556,7 +713,106 @@ A. Contributors
 5. Security Aspects 


- * 5.1 Is LUKS insecure? Everybody can see I have encrypted data!
+ * 5.1 How long is a secure passphrase ?
+
+  This is just the short answer. For more info and explanation of
+  some of the terms used in this item, read the rest of Section 5.
+  The actual recommendation is at the end of this item.
+
+  First, passphrase length is not really the right measure,
+  passphrase entropy is. For example, a random lowercase letter (a-z)
+  gives you 4.7 bit of entropy, one element of a-z0-9 gives you 5.2
+  bits of entropy, an element of a-zA-Z0-9 gives you 5.9 bits and
+  a-zA-Z0-9!@#$%^&:-+ gives you 6.2 bits. On the other hand, a random
+  English word only gives you 0.6...1.3 bits of entropy per
+  character. Using sentences that make sense gives lower entropy,
+  series of random words gives higher entropy. Do not use sentences
+  that can be tied to you or found on your computer. This type of
+  attack is done routinely today.
+
+  That said, it does not matter too much what scheme you use, but it
+  does matter how much entropy your passphrase contains, because an
+  attacker has to try on average
+
+      1/2 * 2^(bits of entropy in passphrase)    
+ 
+  different passphrases to guess correctly.
+
+  Historically, estimations tended to use computing time estimates,
+  but more modern approaches try to estimate cost of guessing a
+  passphrase.
+
+  As an example, I will try to get an estimate from the numbers in
+  http://it.slashdot.org/story/12/12/05/0623215/new-25-gpu-monster-devours-strong-passwords-in-minutes
+  More references can be found a the end of this document. Note that
+  these are estimates from the defender side, so assuming something
+  is easier than it actually is is fine. An attacker may still have
+  vastly higher cost than estimated here.
+
+  LUKS uses SHA1 for hasing per default. The claim in the reference is
+  63 billion tries/second for SHA1. We will leave aside the check
+  whether a try actually decrypts a key-slot. Now, the machine has 25
+  GPUs, which I will estimate at an overall lifetime cost of USD/EUR
+  1000 each, and an useful lifetime of 2 years. (This is on the low
+  side.) Disregarding downtime, the machine can then break
+
+     N = 63*10^9 * 3600 * 24 * 365 * 2 ~ 4*10^18     
+   
+  passphrases for EUR/USD 25k. That is one 62 bit passphrase hashed
+  once with SHA1 for EUR/USD 25k. Note that as this can be
+  parallelized, it can be done faster than 2 years with several of
+  these machines.
+
+  For plain dm-crypt (no hash iteration) this is it. This gives (with
+  SHA1, plain dm-crypt default is ripemd160 which seems to be
+  slightly slower than SHA1):
+
+    Passphrase entropy  Cost to break  
+    60 bit              EUR/USD     6k  
+    65 bit              EUR/USD   200K
+    70 bit              EUR/USD     6M
+    75 bit              EUR/USD   200M
+    80 bit              EUR/USD     6B
+    85 bit              EUR/USD   200B
+    ...                      ...    
+ 
+  For LUKS, you have to take into account hash iteration in PBKDF2.
+  For a current CPU, there are about 100k iterations (as can be
+  queried with ''cryptsetup luksDump''.
+
+  The table above then becomes:
+
+    Passphrase entropy  Cost to break 
+    50 bit              EUR/USD   600k 
+    55 bit              EUR/USD    20M
+    60 bit              EUR/USD   600M  
+    65 bit              EUR/USD    20B
+    70 bit              EUR/USD   600B
+    75 bit              EUR/USD    20T
+    ...                      ...    
+ 
+  Recommendation:
+
+  To get reasonable security for the next 10 years, it is a good idea
+  to overestimate by a factor of at least 1000.
+
+  Then there is the question of how much the attacker is willing to
+  spend. That is up to your own security evaluation. For general use,
+  I will assume the attacker is willing to spend up to 1 million
+  EUR/USD. Then we get the following recommendations:
+
+  Plain dm-crypt: Use > 80 bit. That is e.g. 17 random chars from a-z
+  or a random English sentence of > 135 characters length.
+
+  LUKS: Use > 65 bit. That is e.g. 14 random chars from a-z or a
+  random English sentence of > 108 characters length.
+
+  If paranoid, add at least 20 bit. That is roughly four additional
+  characters for random passphrases and roughly 32 characters for a
+  random English sentence.
+
+
+ * 5.2 Is LUKS insecure? Everybody can see I have encrypted data!

  In practice it does not really matter. In most civilized countries
  you can just refuse to hand over the keys, no harm done. In some
@@ -581,7 +837,7 @@ A. Contributors
  difference between "plain" and LUKS format?"


- * 5.2 Should I initialize (overwrite) a new LUKS/dm-crypt partition?
+ * 5.3 Should I initialize (overwrite) a new LUKS/dm-crypt partition?

  If you just create a filesystem on it, most of the old data will
  still be there. If the old data is sensitive, you should overwrite
@@ -600,7 +856,7 @@ A. Contributors
      dd if=/dev/zero of=/dev/mapper/e1
       

- * 5.3 How do I securely erase a LUKS (or other) partition?
+ * 5.4 How do I securely erase a LUKS (or other) partition?

  For LUKS, if you are in a desperate hurry, overwrite the LUKS
  header and key-slot area. This means overwriting the first
@@ -641,7 +897,7 @@ A. Contributors
      dd_rescue -w /dev/zero /dev/sde1   
 

- * 5.4 How do I securely erase a backup of a LUKS partition or header?
+ * 5.5 How do I securely erase a backup of a LUKS partition or header?

  That depends on the medium it is stored on. For HDD and SSD, use
  overwrite with zeros. For an SSD or FLASH drive (USB stick), you
@@ -659,12 +915,12 @@ A. Contributors
  lead to data not actually being deleted at all during overwrites.


- * 5.5 What about backup? Does it compromise security?
+ * 5.6 What about backup? Does it compromise security?

  That depends. See item 6.7.


- * 5.6 Why is all my data permanently gone if I overwrite the LUKS
+ * 5.7 Why is all my data permanently gone if I overwrite the LUKS
   header?

  Overwriting the LUKS header in part or in full is the most common
@@ -692,7 +948,7 @@ A. Contributors
  a mapped LUKS container?" in Section "Backup and Data Recovery".


- * 5.7 What is a "salt"?
+ * 5.8 What is a "salt"?

  A salt is a random key-grade value added to the passphrase before
  it is processed. It is not kept secret. The reason for using salts
@@ -720,7 +976,7 @@ A. Contributors
  infeasible.


- * 5.8 Is LUKS secure with a low-entropy (bad) passphrase?
+ * 5.9 Is LUKS secure with a low-entropy (bad) passphrase?

  Note: You should only use the 94 printable characters from 7 bit
  ASCII code to prevent your passphrase from failing when the
@@ -773,7 +1029,7 @@ A. Contributors
  this is good passphrase material.


- * 5.9 What is "iteration count" and why is decreasing it a bad idea?
+ * 5.10 What is "iteration count" and why is decreasing it a bad idea?

  Iteration count is the number of PBKDF2 iterations a passphrase is
  put through before it is used to unlock a key-slot. Iterations are
@@ -838,7 +1094,7 @@ A. Contributors
  this danger significantly.


- * 5.10 Some people say PBKDF2 is insecure?
+ * 5.11 Some people say PBKDF2 is insecure?

  There is some discussion that a hash-function should have a "large
  memory" property, i.e. that it should require a lot of memory to be
@@ -857,17 +1113,17 @@ A. Contributors
  power, all of it with plenty of memory for computing "large
  memory" hashes. Bot-net operators also have all the memory they
  want. The only protection against a resourceful attacker is a
-  high-entropy passphrase, see items 5.8 and 5.9.
+  high-entropy passphrase, see items 5.9 and 5.10.


- * 5.11 What about iteration count with plain dm-crypt?
+ * 5.12 What about iteration count with plain dm-crypt?

  Simple: There is none. There is also no salting. If you use plain
  dm-crypt, the only way to be secure is to use a high entropy
  passphrase. If in doubt, use LUKS instead.


- * 5.12 Is LUKS with default parameters less secure on a slow CPU?
+ * 5.13 Is LUKS with default parameters less secure on a slow CPU?

  Unfortunately, yes. However the only aspect affected is the
  protection for low-entropy passphrase or master-key. All other
@@ -891,7 +1147,7 @@ A. Contributors
  compensate for problems in front of the keyboard.


- * 5.13 Why was the default aes-cbc-plain replaced with aes-cbc-essiv?
+ * 5.14 Why was the default aes-cbc-plain replaced with aes-cbc-essiv?

  Note: This item applies both to plain dm-crypt and to LUKS

@@ -921,7 +1177,7 @@ A. Contributors
  knowing the encryption key and the watermarking attack fails.


- * 5.14 Are there any problems with "plain" IV? What is "plain64"?
+ * 5.15 Are there any problems with "plain" IV? What is "plain64"?

  First, "plain" and "plain64" are both not secure to use with CBC,
  see previous FAQ item.
@@ -937,7 +1193,7 @@ A. Contributors
  does not cause any performance penalty compared to "plain".


- * 5.15 What about XTS mode?
+ * 5.16 What about XTS mode?

  XTS mode is potentially even more secure than cbc-essiv (but only if
  cbc-essiv is insecure in your scenario). It is a NIST standard and
@@ -956,7 +1212,7 @@ A. Contributors
  apply.


- * 5.16 Is LUKS FIPS-140-2 certified?
+ * 5.17 Is LUKS FIPS-140-2 certified?

  No. But that is more a problem of FIPS-140-2 than of LUKS. From a
  technical point-of-view, LUKS with the right parameters would be
@@ -973,7 +1229,7 @@ A. Contributors
  entropy-starved situation.


- * 5.16 What about Plausible Deniability?
+ * 5.18 What about Plausible Deniability?

  First let me attempt a definition for the case of encrypted
  filesystems: Plausible deniability is when you hide encrypted data
@@ -1032,6 +1288,73 @@ A. Contributors
  foot, you can figure out how to do it yourself.


+ * 5.19 What about SSDs or Flash Drives?
+
+  The problem is that you cannot reliably erase parts of these
+  devices, mainly due to wear-leveling and possibly defect
+  management.
+
+  Basically, when overwriting a sector (of 512B), what the device
+  does is to move an internal sector (may be 128kB or even larger) to
+  some pool of discarded, not-yet erased unused sectors, take a
+  fresh empty sector from the empty-sector pool and copy the old
+  sector over with the changes to the small part you wrote. This is
+  done in some fashion so that larger writes do not cause a lot of
+  small internal updates.
+
+  The thing is that the mappings between outside-adressable sectors
+  and inside sectors is arbitrary (and the vendors are not talking).
+  Also the discarded sectors are not necessarily erased immediately.
+  They may linger a long time.
+
+  For plain dm-crypt, the consequences are that older encrypted data
+  may be lying around in some internal pools of the device. Thus may
+  or may not be a problem and depends on the application. Remember
+  the same can happen with a filesystem if consecutive writes to the
+  same area of a file can go to different sectors.
+
+  However, for LUKS, the worst case is that key-slots and LUKS
+  header may end up in these internal pools. This means that password
+  management functionality is compromised (the old passwords may
+  still be around, potentially for a very long time) and that fast
+  erase by overwriting the header and key-slot area is insecure.
+
+  Also keep in mind that the discarded/used pool may be large. For
+  example, a 240GB SSD has about 16GB of spare area in the chips that
+  it is free to do with as it likes. You would need to make each
+  individual key-slot larger than that to allow reliable overwriting.
+  And that assumes the disk thinks all other space is in use.
+  Reading the internal pools using forensic tools is not that hard,
+  but may involve some soldering.
+
+  What to do?
+
+  If you trust the device vendor (you probably should not...) you can
+  try an ATA "secure erase" command for SSDs. That does not work for
+  USB keys though. And if it finishes after a few seconds, it was
+  possibly faked by the SSD.
+
+  If you can do without password management and are fine with doing
+  physical destruction for permenently deleting data (allways after
+  one or several full overwrites!), you can use plain dm-crypt or
+  LUKS.
+
+  If you want or need the original LUKS security features to work,
+  you can use a detached LUKS header and put that on a conventional,
+  magnetic disk. That leaves potentially old encrypted data in the
+  pools on the disk, but otherwise you get LUKS with the same
+  security as on a magnetic disk.
+
+  If you are concerned about your laptop being stolen, you are likely
+  fine using LUKS on an SSD. An attacker would need to have access
+  to an old passphrase (and the key-slot for this old passphrase
+  would actually need to still be somewhere in the SSD) for your
+  data to be at risk. So unless you pasted your old passphrase all
+  over the Internet or the attacker has knowledge of it from some
+  other source and does a targetted laptop theft to get at your
+  data, you should be fine.
+
+
 6. Backup and Data Recovery 


@@ -1252,7 +1575,7 @@ A. Contributors
  process, except generating a new LUKS header with the old master
  key (it prints the command for that though):

-http://code.google.com/p/cryptsetup/source/browse/trunk/misc/luks-header-from-active
+http://code.google.com/p/cryptsetup/source/browse/misc/luks-header-from-active

  You can also do this manually. Here is how:

@@ -1472,11 +1795,12 @@ http://code.google.com/p/cryptsetup/source/browse/trunk/misc/luks-header-from-ac
  - Passphrase hash algorithm needs specifying

  Also note that because plain dm-crypt and loop-aes format does not
-  have metadata, autodetection, while feasible in most cases, would
-  be a lot of work that nobody really wants to do. If you still have
-  the old set-up, using a verbosity option (-v) on mapping with the
-  old tool or having a look into the system logs after setup could
-  give you the information you need.
+  have metadata, and while the loopAES extension for cryptsetup tries
+  autodetection (see command loopaesOpen), it may not always work.
+  If you still have the old set-up, using a verbosity option (-v)
+  on mapping with the old tool or having a look into the system logs
+  after setup could give you the information you need. Below, there
+  are also some things that worked for somebody.


 * 7.3 loop-aes patched into losetup on Debian 5.x, kernel 2.6.32
@@ -1503,6 +1827,52 @@ http://code.google.com/p/cryptsetup/source/browse/trunk/misc/luks-header-from-ac
  --cipher twofish-cbc-null -s 192 -h ripemd160:20
 

+ * 7.5 loop-aes v1 format OpenSUSE
+
+  Apparently this is done by older OpenSUSE distros and stopped
+  working from OpenSUSE 12.1 to 12.2. One user had success with the
+  following:
+
+  cryptsetup create <target> <device> -c aes -s 128 -h sha256
+ 
+
+ * 7.6 Kernel encrypted loop device (cryptoloop)
+
+  There are a number of different losetup implementations for using
+  encrypted loop devices so getting this to work may need a bit of
+  experimentation.
+
+  NOTE: Do NOT use this for new containers! Some of the existing
+  implementations are insecure and future support is uncertain.
+
+  Example for a compatible mapping:
+
+    losetup -e twofish -N /dev/loop0 /image.img
+ 
+  translates to
+
+    cryptsetup create image_plain /image.img -c twofish-cbc-plain -H plain
+ 
+  with the mapping being done to /dev/mapper/image_plain instead of
+  to /dev/loop0.
+
+  More details:
+
+  Cipher, mode and pasword hash (or no hash):
+
+  -e cipher [-N]        => -c cipher-cbc-plain -H plain [-s 256]
+  -e cipher             => -c cipher-cbc-plain -H ripemd160 [-s 256]
+ 
+  Key size and offsets (losetup: bytes, cryptsetuop: sectors of 512
+  bytes):
+
+  -k 128                 => -s 128
+  -o 2560                => -o 5 -p 5       # 2560/512 = 5
+ 
+  There is no replacement for --pass-fd, it has to be emulated using
+  keyfiles, see the cryptsetup man-page.
+
+
 8. Issues with Specific Versions of cryptsetup 


@@ -1534,6 +1904,68 @@ http://code.google.com/p/cryptsetup/source/browse/trunk/misc/luks-header-from-ac
  version of cryptsetup (1.0.x) provided by SLED, which should also
  not be used anymore as well. My advice would be to drop SLED 10.

+
+9. References and Further Reading 
+
+
+ * Purpose of this Section
+
+  The purpose of this section is to collect references to all
+  materials that do not fit the FAQ but are relevant in some fashion.
+  This can be core topics like the LUKS spec or disk encryption, but
+  it can also be more tangential, like secure storage management or
+  cryptography used in LUKS. It should still have relevance to
+  cryptsetup and its applications.
+
+  If you wan to see something added here, send email to the
+  maintainer (or the cryptsetup mailing list) giving an URL, a
+  description (1-3 lines preferred) and a section to put it in. You
+  can also propose new sections.
+
+  At this time I would like to limit the references to things that
+  are available on the web.
+
+
+ * Specifications
+
+  - LUKS on-disk format spec:
+  http://code.google.com/p/cryptsetup/wiki/Specification
+
+
+ * Code Examples
+
+  - Some code examples are in the source package under docs/examples
+
+
+ * Brute-forcing passphrases
+
+  -
+  http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html
+
+  -
+  http://it.slashdot.org/story/12/12/05/0623215/new-25-gpu-monster-devours-strong-passwords-in-minutes
+
+
+ * Tools
+
+
+ * SSD and Flash Disk Related
+
+
+ * Disk Encryption
+
+
+ * Attacks Against Disk Encryption
+
+
+ * Risk Management as Relevant for Disk Encryption
+
+
+ * Cryptography
+
+
+ * Secure Storage
+
 A. Contributors In no particular order:

  - Arno Wagner
--- a/9
+++ b/9
@@ -1,7 +1,8 @@
-Version 1.6.0:
+Version 1.7:
 - Export wipe device functions
 - Support K/M suffixes for align payload (new switch?).
- FIPS: move changekey to library
- online reencryption api?
- integrate more metadata formats
 - TRIM for keyslots
+- Do we need crypt_data_path() - path to data device (if differs)?
+- Resync ETA time is not accurate, calculate it better (last minute window?).
+- Crypt benchmark cannot ttest ECB mode.
+- Log doesn't work yet in early binary start (FIPS message).
--- a/autogen.sh
+++ b/autogen.sh
@@ -22,7 +22,7 @@ DIE=0
  DIE=1
 }

-(grep "^AM_PROG_LIBTOOL" $srcdir/configure.in >/dev/null) && {
+(grep "^AM_PROG_LIBTOOL" $srcdir/configure.ac >/dev/null) && {
  (libtool --version) < /dev/null > /dev/null 2>&1 || {
    echo
    echo "**Error**: You must have libtool installed."
--- a/configure.ac
+++ b/configure.ac
@@ -1,9 +1,9 @@
 AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[1.5.0])
+AC_INIT([cryptsetup],[1.6.1])

 dnl library version from <major>.<minor>.<release>[-<suffix>]
 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
-LIBCRYPTSETUP_VERSION_INFO=7:0:3
+LIBCRYPTSETUP_VERSION_INFO=9:0:5
 dnl library file name for FIPS selfcheck
 LIBCRYPTSETUP_VERSION_FIPS="libcryptsetup.so.4"

@@ -27,6 +27,7 @@ AC_PROG_INSTALL
 AC_PROG_MAKE_SET
 AC_ENABLE_STATIC(no)
 LT_INIT
+PKG_PROG_PKG_CONFIG

 AC_HEADER_DIRENT
 AC_HEADER_STDC
@@ -91,6 +92,21 @@ AC_DEFUN([NO_FIPS], [
 	fi
 ])

+dnl ==========================================================================
+dnl pwquality library (cryptsetup CLI only)
+AC_ARG_ENABLE([pwquality], AS_HELP_STRING([--enable-pwquality],[enable password quality checking]),
+[with_pwquality=$enableval],
+[with_pwquality=no])
+
+if test "x$with_pwquality" = "xyes"; then
+	AC_DEFINE(ENABLE_PWQUALITY, 1, [Enable password quality checking])
+	PKG_CHECK_MODULES([PWQUALITY], [pwquality >= 1.0.0],,
+		AC_MSG_ERROR([You need pwquality library.]))
+
+	dnl FIXME: this is really hack for now
+	PWQUALITY_STATIC_LIBS="$PWQUALITY_LIBS -lcrack -lz"
+fi
+
 dnl ==========================================================================
 dnl Crypto backend functions

@@ -100,6 +116,10 @@ AC_DEFUN([CONFIGURE_GCRYPT], [
 	else
 		GCRYPT_REQ_VERSION=1.1.42
 	fi
+	dnl Check if we can use gcrypt PBKDF2 (1.6.0 supports empty password)
+	AC_ARG_ENABLE([gcrypt-pbkdf2], AS_HELP_STRING([--enable-gcrypt-pbkdf2],[force enable internal gcrypt PBKDF2]),
+		[use_internal_pbkdf2=0],
+		[AM_PATH_LIBGCRYPT([1.6.0], [use_internal_pbkdf2=0], [use_internal_pbkdf2=1])])
 	AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])

 	if test x$enable_static_cryptsetup = xyes; then
@@ -124,6 +144,7 @@ AC_DEFUN([CONFIGURE_OPENSSL], [
 		AC_MSG_ERROR([You need openssl library.]))
 	CRYPTO_CFLAGS=$OPENSSL_CFLAGS
 	CRYPTO_LIBS=$OPENSSL_LIBS
+	use_internal_pbkdf2=0

 	if test x$enable_static_cryptsetup = xyes; then
 		saved_PKG_CONFIG=$PKG_CONFIG
@@ -152,15 +173,17 @@ AC_DEFUN([CONFIGURE_NSS], [

 	CRYPTO_CFLAGS=$NSS_CFLAGS
 	CRYPTO_LIBS=$NSS_LIBS
+	use_internal_pbkdf2=1
 	NO_FIPS([])
 ])

 AC_DEFUN([CONFIGURE_KERNEL], [
 	AC_CHECK_HEADERS(linux/if_alg.h,,
-		[AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])])
+		[AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface.])])
 #	AC_CHECK_DECLS([AF_ALG],,
 #		[AC_MSG_ERROR([You need Linux kernel with userspace crypto interface.])],
 #		[#include <sys/socket.h>])
+	use_internal_pbkdf2=1
 	NO_FIPS([])
 ])

@@ -175,6 +198,7 @@ AC_DEFUN([CONFIGURE_NETTLE], [
 	LIBS=$saved_LIBS

 	CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
+	use_internal_pbkdf2=1
 	NO_FIPS([])
 ])

@@ -238,6 +262,19 @@ AC_ARG_WITH([crypto_backend],
 	AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [gcrypt]]),
 	[], with_crypto_backend=gcrypt
 )
+
+dnl Kernel crypto API backend needed for benchmark and tcrypt
+AC_ARG_ENABLE([kernel_crypto], AS_HELP_STRING([--disable-kernel_crypto],
+	[disable kernel userspace crypto (no benchmark and tcrypt)]),
+	[with_kernel_crypto=$enableval],
+	[with_kernel_crypto=yes])
+
+if test "x$with_kernel_crypto" = "xyes"; then
+	AC_CHECK_HEADERS(linux/if_alg.h,,
+		[AC_MSG_ERROR([You need Linux kernel headers with userspace crypto interface. (Or use --disable-kernel_crypto.)])])
+	AC_DEFINE(ENABLE_AF_ALG, 1, [Enable using of kernel userspace crypto])
+fi
+
 case $with_crypto_backend in
 	gcrypt)  CONFIGURE_GCRYPT([]) ;;
 	openssl) CONFIGURE_OPENSSL([]) ;;
@@ -252,6 +289,9 @@ AM_CONDITIONAL(CRYPTO_BACKEND_NSS,     test $with_crypto_backend = nss)
 AM_CONDITIONAL(CRYPTO_BACKEND_KERNEL,  test $with_crypto_backend = kernel)
 AM_CONDITIONAL(CRYPTO_BACKEND_NETTLE,  test $with_crypto_backend = nettle)

+AM_CONDITIONAL(CRYPTO_INTERNAL_PBKDF2, test $use_internal_pbkdf2 = 1)
+AC_DEFINE_UNQUOTED(USE_INTERNAL_PBKDF2, [$use_internal_pbkdf2], [Use internal PBKDF2])
+
 dnl Magic for cryptsetup.static build.
 if test x$enable_static_cryptsetup = xyes; then
 	saved_PKG_CONFIG=$PKG_CONFIG
@@ -287,6 +327,9 @@ fi
 AC_SUBST([DEVMAPPER_LIBS])
 AC_SUBST([DEVMAPPER_STATIC_LIBS])

+AC_SUBST([PWQUALITY_LIBS])
+AC_SUBST([PWQUALITY_STATIC_LIBS])
+
 AC_SUBST([CRYPTO_CFLAGS])
 AC_SUBST([CRYPTO_LIBS])
 AC_SUBST([CRYPTO_STATIC_LIBS])
@@ -344,8 +387,9 @@ CS_NUM_WITH([plain-keybits],[key length in bits for plain mode], [256])

 CS_STR_WITH([luks1-hash],   [hash function for LUKS1 header], [sha1])
 CS_STR_WITH([luks1-cipher], [cipher for LUKS1], [aes])
-CS_STR_WITH([luks1-mode],   [cipher mode for LUKS1], [cbc-essiv:sha256])
+CS_STR_WITH([luks1-mode],   [cipher mode for LUKS1], [xts-plain64])
 CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256])
+CS_NUM_WITH([luks1-iter-time],[PBKDF2 iteration time for LUKS1 (in ms)], [1000])

 CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes])
 CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256])
@@ -367,6 +411,7 @@ lib/crypto_backend/Makefile
 lib/luks1/Makefile
 lib/loopaes/Makefile
 lib/verity/Makefile
+lib/tcrypt/Makefile
 src/Makefile
 po/Makefile.in
 man/Makefile
--- a/docs/ChangeLog.old
+++ b/docs/ChangeLog.old
@@ -0,0 +1,887 @@
+2012-12-21  Milan Broz  <gmazyland@gmail.com>
+	* Since version 1.6 This file is no longer maintained.
+	* See version control log http://code.google.com/p/cryptsetup/source/list
+
+2012-10-11  Milan Broz  <gmazyland@gmail.com>
+	* Added keyslot checker (by Arno Wagner).
+	* Version 1.5.1.
+
+2012-09-11  Milan Broz  <gmazyland@gmail.com>
+	* Add crypt_keyslot_area() API call.
+
+2012-08-27  Milan Broz  <gmazyland@gmail.com>
+	* Optimize seek to keyfile-offset (Issue #135, thx to dreisner).
+	* Fix luksHeaderBackup for very old v1.0 unaligned LUKS headers.
+
+2012-08-12  Milan Broz  <gmazyland@gmail.com>
+	* Allocate loop device late (only when real block device needed).
+	* Rework underlying device/file access functions.
+	* Create hash image if doesn't exist in veritysetup format.
+	* Provide better error message if running as non-root user (device-mapper, loop).
+
+2012-07-10  Milan Broz  <gmazyland@gmail.com>
+	* Version 1.5.0.
+
+2012-06-25  Milan Broz  <gmazyland@gmail.com>
+	* Add --device-size option for reencryption tool.
+	* Switch to use unit suffix for --reduce-device-size option.
+	* Remove open device debugging feature (no longer needed).
+	* Fix library name for FIPS check.
+
+2012-06-20  Milan Broz  <gmazyland@gmail.com>
+	* Version 1.5.0-rc2.
+
+2012-06-18  Milan Broz  <gmazyland@gmail.com>
+	* Introduce cryptsetup-reencrypt - experimental offline LUKS reencryption tool.
+	* Fix luks-header-from-active script (do not use LUKS header on-disk, add UUID).
+	* Add --test-passphrase option for luksOpen (check passphrase only).
+
+2012-06-11  Milan Broz  <gmazyland@gmail.com>
+	* Introduce veritysetup for dm-verity target management.
+	* Version 1.5.0-rc1.
+
+2012-06-10  Milan Broz  <gmazyland@gmail.com>
+	* Both data and header device can now be a file.
+	* Loop is automatically allocated in crypt_set_data_device().
+	* Require only up to last keyslot area for header device (ignore data offset).
+	* Fix header backup and restore to work on files with large data offset.
+
+2012-05-27  Milan Broz  <gmazyland@gmail.com>
+	* Fix readonly activation if underlying device is readonly (1.4.0).
+	* Include stddef.h in libdevmapper.h (size_t definition).
+	* Version 1.4.3.
+
+2012-05-21  Milan Broz  <gmazyland@gmail.com>
+	* Add --enable-fips for linking with fipscheck library.
+	* Initialize binary and library selfcheck if running in FIPS mode.
+	* Use FIPS RNG in FIPS mode for KEY and SALT (only gcrypt backend supported).
+
+2012-05-09  Milan Broz  <gmazyland@gmail.com>
+	* Fix keyslot removal (wipe keyslot) for device with 4k hw block (1.4.0).
+	* Allow empty cipher (cipher_null) for testing.
+
+2012-05-02  Milan Broz  <gmazyland@gmail.com>
+	* Fix loop mapping on readonly file.
+	* Relax --shared test, allow mapping even for overlapping segments.
+	* Support shared flag for LUKS devices (dangerous).
+	* Switch on retry on device remove for libdevmapper.
+	* Allow "private" activation (skip some udev global rules) flag.
+
+2012-04-09  Milan Broz  <gmazyland@gmail.com>
+	* Fix header check to support old (cryptsetup 1.0.0) header alignment. (1.4.0)
+	* Version 1.4.2.
+
+2012-03-16  Milan Broz  <gmazyland@gmail.com>
+	* Add --keyfile-offset and --new-keyfile-offset parameters to API and CLI.
+	* Add repair command and crypt_repair() for known LUKS metadata problems repair.
+	* Allow to specify --align-payload only for luksFormat.
+
+2012-03-16  Milan Broz  <mbroz@redhat.com>
+	* Unify password verification option.
+	* Support password verification with quiet flag if possible. (1.2.0)
+	* Fix retry if entered passphrases (with verify option) do not match.
+	* Support UUID=<LUKS_UUID> format for device specification.
+
+2012-02-11  Milan Broz  <mbroz@redhat.com>
+	* Add --master-key-file option to luksOpen (open using volume key).
+
+2012-01-12  Milan Broz  <mbroz@redhat.com>
+	* Fix use of empty keyfile.
+
+2011-11-13  Milan Broz  <mbroz@redhat.com>
+	* Fix error message for luksClose and detached LUKS header.
+	* Allow --header for status command to get full info with detached header.
+
+2011-11-09  Milan Broz  <mbroz@redhat.com>
+	* Version 1.4.1.
+
+2011-11-05  Milan Broz  <mbroz@redhat.com>
+	* Merge pycryptsetup (Python libcryptsetup bindings).
+	* Fix stupid typo in set_iteration_time API call.
+	* Fix cryptsetup status output if parameter is device path.
+
+2011-10-27  Milan Broz  <mbroz@redhat.com>
+	* Fix crypt_get_volume_key_size() for plain device.
+	* Fix FSF address in license text.
+
+2011-10-25  Milan Broz  <mbroz@redhat.com>
+	* Print informative message in isLuks only in verbose mode.
+	* Version 1.4.0.
+
+2011-10-10  Milan Broz  <mbroz@redhat.com>
+	* Version 1.4.0-rc1.
+
+2011-10-05  Milan Broz  <mbroz@redhat.com>
+	* Support Nettle 2.4 crypto backend (for ripemd160).
+	* If device is not rotational, do not use Gutmann wipe method.
+	* Add crypt_last_error() API call.
+	* Fix luksKillSLot exit code if slot is inactive or invalid.
+	* Fix exit code if passphrases do not match in luksAddKey.
+	* Add LUKS on-disk format description into package.
+
+2011-09-22  Milan Broz  <mbroz@redhat.com>
+	* Support key-slot option for luksOpen (use only explicit keyslot).
+
+2011-08-22  Milan Broz  <mbroz@redhat.com>
+	* Add more paranoid checks for LUKS header and keyslot attributes.
+	* Fix crypt_load to properly check device size.
+	* Use new /dev/loop-control (kernel 3.1) if possible.
+	* Enhance check of device size before writing LUKS header.
+	* Do not allow context format of already formatted device.
+
+2011-07-25  Milan Broz  <mbroz@redhat.com>
+	* Remove hash/hmac restart from crypto backend and make it part of hash/hmac final.
+	* Improve check for invalid offset and size values.
+
+2011-07-19  Milan Broz  <mbroz@redhat.com>
+	* Revert default initialisation of volume key in crypt_init_by_name().
+	* Do not allow key retrieval while suspended (key could be wiped).
+	* Do not allow suspend for non-LUKS devices.
+	* Support retries and timeout parameters for luksSuspend.
+	* Add --header option for detached metadata (on-disk LUKS header) device.
+	* Add crypt_init_by_name_and_header() and crypt_set_data_device() to API.
+	* Allow different data offset setting for detached header.
+
+2011-07-07  Milan Broz  <mbroz@redhat.com>
+	* Remove old API functions (all functions using crypt_options).
+	* Add --enable-discards option to allow discards/TRIM requests.
+	* Add crypt_get_iv_offset() function to API.
+
+2011-07-01  Milan Broz  <mbroz@redhat.com>
+	* Add --shared option for creating non-overlapping crypt segments.
+	* Add shared flag to libcryptsetup api.
+	* Fix plain crypt format parameters to include size option (API change).
+
+2011-06-08  Milan Broz  <mbroz@redhat.com>
+	* Fix return code for status command when device doesn't exists.
+
+2011-05-24  Milan Broz  <mbroz@redhat.com>
+	* Version 1.3.1.
+
+2011-05-17  Milan Broz  <mbroz@redhat.com>
+	* Fix keyfile=- processing in create command (1.3.0).
+	* Simplify device path status check.
+
+2011-05-03  Milan Broz  <mbroz@redhat.com>
+	* Do not ignore size argument for create command (1.2.0).
+
+2011-04-18  Milan Broz  <mbroz@redhat.com>
+	* Fix error paths in blockwise code and lseek_write call.
+	* Add Nettle crypto backend support.
+
+2011-04-05  Milan Broz  <mbroz@redhat.com>
+	* Version 1.3.0.
+
+2011-03-22  Milan Broz  <mbroz@redhat.com>
+	* Also support --skip and --hash option for loopaesOpen.
+	* Fix return code when passphrase is read from pipe.
+	* Document cryptsetup exit codes.
+
+2011-03-18  Milan Broz  <mbroz@redhat.com>
+	* Respect maximum keyfile size paramater.
+	* Introduce maximum default keyfile size, add configure option.
+	* Require the whole key read from keyfile in create command (broken in 1.2.0).
+	* Fix offset option for loopaesOpen.
+	* Lock memory also in luksDump command.
+	* Version 1.3.0-rc2.
+
+2011-03-14  Milan Broz  <mbroz@redhat.com>
+	* Version 1.3.0-rc1.
+
+2011-03-11  Milan Broz  <mbroz@redhat.com>
+	* Add loop manipulation code and support mapping of images in file.
+	* Add backing device loop info into status message.
+	* Add luksChangeKey command.
+
+2011-03-05  Milan Broz  <mbroz@redhat.com>
+	* Add exception to COPYING for binary distribution linked with OpenSSL library.
+	* Set secure data flag (wipe all ioclt buffers) if devmapper library supports it.
+
+2011-01-29  Milan Broz  <mbroz@redhat.com>
+	* Fix mapping removal if device disappeared but node still exists.
+	* Fix luksAddKey return code if master key is used.
+
+2011-01-25  Milan Broz  <mbroz@redhat.com>
+	* Add loop-AES handling (loopaesOpen and loopaesClose commands).
+	 (requires kernel 2.6.38 and above)
+
+2011-01-05  Milan Broz  <mbroz@redhat.com>
+	* Fix static build (--disable-static-cryptsetup now works properly).
+
+2010-12-30  Milan Broz  <mbroz@redhat.com>
+	* Add compile time crypto backends implementation
+	  (gcrypt, OpenSSL, NSS and userspace Linux kernel crypto api).
+	* Currently NSS is lacking ripemd160, cannot provide full plain compatibility.
+	* Use --with-crypto_backend=[gcrypt|openssl|nss|kernel] to configure.
+
+2010-12-20  Milan Broz  <mbroz@redhat.com>
+	* Version 1.2.0.
+
+2010-11-25  Milan Broz  <mbroz@redhat.com>
+	* Fix crypt_activate_by_keyfile() to work with PLAIN devices.
+	* Fix create command to properly handle keyfile size.
+
+2010-11-16  Milan Broz  <mbroz@redhat.com>
+	* Version 1.2.0-rc1.
+
+2010-11-13  Milan Broz  <mbroz@redhat.com>
+	* Fix password callback call.
+	* Fix default plain password entry from terminal in activate_by_passphrase.
+	* Add --dump-master-key option for luksDump to allow volume key dump.
+	* Allow to activate by internally cached volume key
+	  (format/activate without keyslots active - used for temporary devices).
+	* Initialize volume key from active device in crypt_init_by_name()
+	* Fix cryptsetup binary exitcodes.
+	* Increase library version (still binary compatible with 1.1.x release).
+
+2010-11-01  Milan Broz  <mbroz@redhat.com>
+	* No longer support luksDelKey, reload and --non-exclusive.
+	* Remove some obsolete info from man page.
+	* Add crypt_get_type(), crypt_resize(), crypt_keyslot_max()
+	and crypt_get_active_device() to API.
+	* Rewrite all implementations in cryptsetup to new API.
+	* Fix luksRemoveKey to behave as documented (do not ask
+	for remaining keyslot passphrase).
+	* Add more regression tests for commands.
+	* Disallow mapping of device which is already in use (mapped or mounted).
+	* Disallow luksFormat on device in use.
+
+2010-10-27  Milan Broz  <mbroz@redhat.com>
+	* Rewrite cryptsetup luksFormat, luksOpen, luksAddKey to use new API
+	  to allow adding new features.
+	* Implement --use-random and --use-urandom for luksFormat to allow
+	  setting of RNG for volume key generator.
+	* Add crypt_set_rng_type() and crypt_get_rng_type() to API.
+	* Add crypt_set_uuid() to API.
+	* Allow UUID setting in luksFormat and luksUUID (--uuid parameter).
+	* Add --keyfile-size and --new-keyfile-size (in bytes) size and disallow overloading
+	  of --key-size for limiting keyfile reads.
+	* Fix luksFormat to properly use key file with --master-key-file switch.
+	* Fix possible double free when handling master key file.
+
+2010-10-17  Milan Broz  <mbroz@redhat.com>
+	* Add crypt_get_device_name() to API (get underlying device name).
+	* Change detection for static libraries.
+	* Fix pkg-config use in automake scripts.
+	* Remove --disable-shared-library switch and handle static library build
+	  by common libtool logic (using --enable-static).
+	* Add --enable-static-cryptsetup option to build cryptsetup.static binary
+	  together with shared build.
+
+2010-08-05  Milan Broz  <mbroz@redhat.com>
+	* Wipe iteration and salt after KillSlot in LUKS header.
+	* Rewrite file differ test to C (and fix it to really work).
+	* Switch to 1MiB default alignment of data.
+	  For more info see https://bugzilla.redhat.com/show_bug.cgi?id=621684
+	* Do not query non-existent device twice (cryptsetup status /dev/nonexistent).
+	* Check if requested hash is supported before writing LUKS header.
+
+2010-07-28  Arno Wagner <arno@wagner.name>
+	* Add FAQ (Frequently Asked Questions) file to distribution.
+
+2010-07-03  Milan Broz  <mbroz@redhat.com>
+	* Fix udev support for old libdevmapper with not compatible definition.
+	* Version 1.1.3.
+
+2010-06-01  Milan Broz  <mbroz@redhat.com>
+	* Fix device alignment ioctl calls parameters.
+	* Fix activate_by_* API calls to handle NULL device name as documented.
+
+2010-05-30  Milan Broz  <mbroz@redhat.com>
+	* Version 1.1.2.
+
+2010-05-27  Milan Broz  <mbroz@redhat.com>
+	* Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile.
+	* Support --key-file/-d option for luksFormat.
+	* Fix description of --key-file and add --verbose and --debug options to man page.
+	* Add verbose log level and move unlocking message there.
+	* Remove device even if underlying device disappeared.
+	* Fix (deprecated) reload device command to accept new device argument.
+
+2010-05-23  Milan Broz  <mbroz@redhat.com>
+	* Fix luksClose operation for stacked DM devices.
+	* Version 1.1.1.
+
+2010-05-03  Milan Broz  <mbroz@redhat.com>
+	* Fix automatic dm-crypt module loading.
+	* Escape hyphens in man page.
+	* Version 1.1.1-rc2.
+
+2010-04-30  Milan Broz  <mbroz@redhat.com>
+	* Try to use pkgconfig for device mapper library.
+	* Detect old dm-crypt module and disable LUKS suspend/resume.
+	* Fix apitest to work on older systems.
+	* Allow no hash specification in plain device constructor.
+	* Fix luksOpen reading of passphrase on stdin (if "-" keyfile specified).
+	* Fix isLuks to initialise crypto backend (blkid instead is suggested anyway).
+	* Version 1.1.1-rc1.
+
+2010-04-12  Milan Broz  <mbroz@redhat.com>
+	* Fix package config to use proper package version.
+	* Avoid class C++ keyword in library header.
+	* Detect and use devmapper udev support if available (disable by --disable-udev).
+
+2010-04-06  Milan Broz  <mbroz@redhat.com>
+	* Prefer some device paths in status display.
+	* Support device topology detectionfor data alignment.
+
+2010-02-25  Milan Broz  <mbroz@redhat.com>
+	* Do not verify unlocking passphrase in luksAddKey command.
+	* Properly initialise crypto backend in header backup/restore commands.
+
+2010-01-17  Milan Broz  <mbroz@redhat.com>
+	* If gcrypt compiled with capabilities, document workaround for cryptsetup (see lib/gcrypt.c).
+	* Version 1.1.0.
+
+2010-01-10  Milan Broz  <mbroz@redhat.com>
+	* Fix initialisation of gcrypt duting luksFormat.
+	* Convert hash name to lower case in header (fix sha1 backward comatible header)
+	* Check for minimum required gcrypt version.
+
+2009-12-30  Milan Broz  <mbroz@redhat.com>
+	* Fix key slot iteration count calculation (small -i value was the same as default).
+	* The slot and key digest iteration minimun is now 1000.
+	* The key digest iteration # is calculated from iteration time (approx 1/8 of that).
+	* Version 1.1.0-rc4.
+
+2009-12-11  Milan Broz  <mbroz@redhat.com>
+	* Fix error handling during reading passhrase.
+
+2009-12-01  Milan Broz  <mbroz@redhat.com>
+	* Allow changes of default compiled-in cipher parameters through configure.
+	* Switch default key size for LUKS to 256bits.
+	* Switch default plain mode to aes-cbc-essiv:sha256 (default is backward incompatible!).
+
+2009-11-14  Milan Broz  <mbroz@redhat.com>
+	* Add CRYPT_ prefix to enum defined in libcryptsetup.h.
+	* Fix status call to fail when running as non-root user.
+	* Check in configure if selinux libraries are required in static version.
+	* Add temporary debug code to find processes locking internal device.
+	* Simplify build system, use autopoint and clean gettext processing.
+	* Use proper NLS macros and detection (so the message translation works again).
+	* Version 1.1.0-rc3.
+
+2009-09-30  Milan Broz  <mbroz@redhat.com>
+	* Fix exported symbols and versions in libcryptsetup.
+	* Do not use internal lib functions in cryptsetup.
+	* Add crypt_log to library.
+	* Fix crypt_remove_device (remove, luksClose) implementation.
+	* Move dm backend initialisation to library calls.
+	* Move duplicate Command failed message to verbose level (error is printed always).
+	* Add some password and used algorithms notes to man page.
+	* Version 1.1.0-rc2.
+
+2009-09-28  Milan Broz  <mbroz@redhat.com>
+	* Add luksHeaderBackup and luksHeaderRestore commands.
+	* Fail passphrase read if piped input no longer exists.
+	* Version 1.1.0-rc1.
+
+2009-09-15  Milan Broz  <mbroz@redhat.com>
+	* Initialize crypto library before LUKS header load.
+	* Fix manpage to not require --size which expands to device size by default.
+
+2009-09-10  Milan Broz  <mbroz@redhat.com>
+	* Clean up Makefiles and configure script.
+	* Version 1.1.0-test0.
+
+2009-09-08  Milan Broz  <mbroz@redhat.com>
+	* Use dm-uuid for all crypt devices, contains device type and name now.
+	* Try to read first sector from device to properly check that device is ready.
+
+2009-09-02  Milan Broz  <mbroz@redhat.com>
+	* Add luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase).
+
+2009-08-30  Milan Broz  <mbroz@redhat.com>
+	* Require device device-mapper to build and do not use backend wrapper for dm calls.
+	* Move memory locking and dm initialization to command layer.
+	* Increase priority of process if memory is locked.
+	* Add log macros and make logging modre consitent.
+	* Move command successful messages to verbose level.
+	* Introduce --debug parameter.
+	* Move device utils code and provide context parameter (for log).
+	* Keyfile now must be provided by path, only stdin file descriptor is used (api only).
+	* Do not call isatty() on closed keyfile descriptor.
+	* Run performance check for PBKDF2 from LUKS code, do not mix hash algoritms results.
+	* Add ability to provide pre-generated master key and UUID in LUKS header format.
+	* Add LUKS function to verify master key digest.
+	* Move key slot manuipulation function into LUKS specific code.
+	* Replace global options struct with separate parameters in helper functions.
+	* Add new libcryptsetup API (documented in libcryptsetup.h).
+	* Implement old API calls using new functions.
+	* Remove old API code helper functions.
+	* Add --master-key-file option for luksFormat and luksAddKey.
+
+2009-08-17  Milan Broz  <mbroz@redhat.com>
+	* Fix PBKDF2 speed calculation for large passhrases.
+	* Allow using passphrase provided in options struct for LuksOpen.
+	* Allow restrict keys size in LuksOpen.
+
+2009-07-30  Milan Broz  <mbroz@redhat.com>
+	* Fix errors when compiled with LUKS_DEBUG.
+	* Print error when getline fails.
+	* Remove po/cryptsetup-luks.pot, it's autogenerated.
+	* Return ENOENT for empty keyslots, EINVAL will be used later for other type of error.
+	* Switch PBKDF2 from internal SHA1 to libgcrypt, make hash algorithm not hardcoded to SHA1 here.
+	* Add required parameters for changing hash used in LUKS key setup scheme.
+	* Do not export simple XOR helper now used only inside AF functions.
+	* Completely remove internal SHA1 implementanion code, not needed anymore.
+	* Enable hash algorithm selection for LUKS through -h luksFormat option.
+
+2009-07-28  Milan Broz  <mbroz@redhat.com>
+	* Pad luks header to 512 sector size.
+	* Rework read/write blockwise to not split operation to many pieces.
+	* Use posix_memalign if available.
+
+2009-07-22  Milan Broz  <mbroz@redhat.com>
+	* Fix segfault if provided slot in luksKillslot is invalid.
+	* Remove unneeded timeout when remove of temporary device succeeded.
+
+2009-07-22  Milan Broz  <mbroz@redhat.com>
+	* version 1.0.7
+
+2009-07-16  Milan Broz  <mbroz@redhat.com>
+	* Allow removal of last slot in luksRemoveKey and luksKillSlot.
+
+2009-07-11  Milan Broz  <mbroz@redhat.com>
+
+	* Add --disable-selinux option and fix static build if selinux is required.
+	* Reject unsupported --offset and --skip options for luksFormat and update man page.
+
+2009-06-22  Milan Broz  <mbroz@redhat.com>
+
+	* Summary of changes in subversion for 1.0.7-rc1:
+	* Various man page fixes.
+	* Set UUID in device-mapper for LUKS devices.
+	* Retain readahead of underlying device.
+	* Display device name when asking for password.
+	* Check device size when loading LUKS header. Remove misleading error message later.
+	* Add error hint if dm-crypt mapping failed.
+	* Use better error messages if device doesn't exist or is already used by other mapping.
+	* Fix make distcheck.
+	* Check if all slots are full during luksAddKey.
+	* Fix segfault in set_error.
+	* Code cleanups, remove precompiled pot files, remove unnecessary files from po directory
+	* Fix uninitialized return value variable in setup.c.
+	* Code cleanups. (thanks to Ivan Stankovic)
+	* Fix wrong output for remaining key at key deletion.
+	* Allow deletion of key slot while other keys have the same key information.
+	* Add missing AM_PROG_CC_C_O to configure.in
+	* Remove duplicate sentence in man page.
+	* Wipe start of device (possible fs signature) before LUKS-formatting.
+	* Do not process configure.in in hidden directories.
+	* Return more descriptive error in case of IO or header format error.
+	* Use remapping to error target instead of calling udevsettle for temporary crypt device.
+	* Check device mapper communication and warn user if device-mapper support missing in kernel.
+	* Fix signal handler to properly close device.
+	* write_lseek_blockwise: declare innerCount outside the if block.
+	* add -Wall to the default CFLAGS. fix some signedness issues.
+	* Error handling improvement.
+	* Add non-exclusive override to interface definition.
+	* Refactor key slot selection into keyslot_from_option.
+
+2007-05-01  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/backends.c, man/cryptsetup.8: Apply patch from Ludwig Nussel
+	<ludwig.nussel@suse.de>, for old SuSE compat hashing.
+
+2007-04-16  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* Summary of changes in subversion:
+	Fix segfault for key size > 32 bytes.
+	Kick ancient header version conversion. 
+	Fix http://bugs.debian.org/403075
+	No passwort retrying for I/O errors.
+	Fix hang on "-i 0".
+	Fix parenthesization error that prevented --tries from working
+	correctly.
+
+2006-11-28  gettextize  <bug-gnu-gettext@gnu.org>
+
+	* m4/gettext.m4: Upgrade to gettext-0.15.
+	* m4/glibc2.m4: New file, from gettext-0.15.
+	* m4/intmax.m4: New file, from gettext-0.15.
+	* m4/inttypes-h.m4: New file, from gettext-0.15.
+	* m4/inttypes-pri.m4: Upgrade to gettext-0.15.
+	* m4/lib-link.m4: Upgrade to gettext-0.15.
+	* m4/lib-prefix.m4: Upgrade to gettext-0.15.
+	* m4/lock.m4: New file, from gettext-0.15.
+	* m4/longdouble.m4: New file, from gettext-0.15.
+	* m4/longlong.m4: New file, from gettext-0.15.
+	* m4/nls.m4: Upgrade to gettext-0.15.
+	* m4/po.m4: Upgrade to gettext-0.15.
+	* m4/printf-posix.m4: New file, from gettext-0.15.
+	* m4/signed.m4: New file, from gettext-0.15.
+	* m4/size_max.m4: New file, from gettext-0.15.
+	* m4/visibility.m4: New file, from gettext-0.15.
+	* m4/wchar_t.m4: New file, from gettext-0.15.
+	* m4/wint_t.m4: New file, from gettext-0.15.
+	* m4/xsize.m4: New file, from gettext-0.15.
+	* m4/Makefile.am: New file.
+	* configure.in (AC_OUTPUT): Add m4/Makefile.
+	(AM_GNU_GETTEXT_VERSION): Bump to 0.15.
+
+2006-10-22  David Härdeman  <david@hardeman.nu>
+
+	* Allow hashing of keys passed through stdin.
+
+2006-10-13  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: 1.0.4 release
+
+2006-10-13  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* man/cryptsetup.8: Document --tries switch; patch by Jonas
+	Meurer.
+
+2006-10-13  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c: Added terminal timeout rewrite as forwarded by
+	Jonas Meurer
+
+2006-10-04  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* Merged patch from Marc Merlin <marc@merlins.org> to allow user
+	selection of key slot.
+
+2006-09-26  gettextize  <bug-gnu-gettext@gnu.org>
+
+	* m4/codeset.m4: Upgrade to gettext-0.14.4.
+	* m4/gettext.m4: Upgrade to gettext-0.14.4.
+	* m4/glibc2.m4: New file, from gettext-0.14.4.
+	* m4/glibc21.m4: Upgrade to gettext-0.14.4.
+	* m4/iconv.m4: Upgrade to gettext-0.14.4.
+	* m4/intdiv0.m4: Upgrade to gettext-0.14.4.
+	* m4/intmax.m4: New file, from gettext-0.14.4.
+	* m4/inttypes.m4: Upgrade to gettext-0.14.4.
+	* m4/inttypes_h.m4: Upgrade to gettext-0.14.4.
+	* m4/inttypes-pri.m4: Upgrade to gettext-0.14.4.
+	* m4/isc-posix.m4: Upgrade to gettext-0.14.4.
+	* m4/lcmessage.m4: Upgrade to gettext-0.14.4.
+	* m4/lib-ld.m4: Upgrade to gettext-0.14.4.
+	* m4/lib-link.m4: Upgrade to gettext-0.14.4.
+	* m4/lib-prefix.m4: Upgrade to gettext-0.14.4.
+	* m4/longdouble.m4: New file, from gettext-0.14.4.
+	* m4/longlong.m4: New file, from gettext-0.14.4.
+	* m4/nls.m4: Upgrade to gettext-0.14.4.
+	* m4/po.m4: Upgrade to gettext-0.14.4.
+	* m4/printf-posix.m4: New file, from gettext-0.14.4.
+	* m4/progtest.m4: Upgrade to gettext-0.14.4.
+	* m4/signed.m4: New file, from gettext-0.14.4.
+	* m4/size_max.m4: New file, from gettext-0.14.4.
+	* m4/stdint_h.m4: Upgrade to gettext-0.14.4.
+	* m4/uintmax_t.m4: Upgrade to gettext-0.14.4.
+	* m4/ulonglong.m4: Upgrade to gettext-0.14.4.
+	* m4/wchar_t.m4: New file, from gettext-0.14.4.
+	* m4/wint_t.m4: New file, from gettext-0.14.4.
+	* m4/xsize.m4: New file, from gettext-0.14.4.
+	* Makefile.am (ACLOCAL_AMFLAGS): New variable.
+	* configure.in (AM_GNU_GETTEXT_VERSION): Bump to 0.14.4.
+
+2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: 1.0.4-rc2
+
+2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* luks/Makefile.am: Add a few regression tests 
+
+2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c (get_key): Applied patch from David Härdeman
+	<david@2gen.com> for reading binary keys from stdin using
+	the "-" as key file.
+
+2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c (__crypt_luks_add_key): For checking options struct
+	(optionsCheck) filter out CRYPT_FLAG_VERIFY and
+	CRYPT_FLAG_VERIFY_IF_POSSIBLE, so that in no case password verification is done
+	for password retrieval.
+
+2006-08-04  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: Merge Patch from http://bugs.gentoo.org/show_bug.cgi?id=132126 for sepol
+
+2006-07-23  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* Applied patches from David Härdeman <david@2gen.com> to fix 64
+	bit compiler warning issues.
+
+2006-05-19  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* Applied patches from Jonas Meurer
+	  - fix terminal status after timeout
+	  - add remark for --tries to manpage
+	  - allow more than 32 chars from standard input.
+	  - exit status fix for cryptsetup status.
+
+2006-05-06  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* src/cryptsetup.c (yesDialog): Fix getline problem for 64-bit archs. 
+
+2006-04-05  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: Release 1.0.3.
+
+	* Applied patch by Johannes Weißl for more meaningful exit codes
+	and password retries
+
+2006-03-30  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c (__crypt_create_device): (char *) -> (const char *)
+
+2006-03-30  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* Apply alignPayload patch from Peter Palfrader <weasel@debian.org>
+
+2006-03-15  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: 1.0.3-rc3. Most unplease release ever. 
+	* lib/setup.c (__crypt_create_device): More verbose error message.
+
+2006-02-26  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c: Revert to 1.0.1 key reading.
+
+2006-02-25  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* man/cryptsetup.8: merge patch from Jonas Meurer
+
+2006-02-25  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: 1.0.3-rc2
+
+2006-02-25  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/libdevmapper.c (dm_create_device): Remove dup check here.
+	* lib/setup.c (__crypt_luks_open): Adopt same dup check as regular
+	create command.
+
+2006-02-22  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: Spin 1.0.3-rc1
+
+2006-02-22  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* src/cryptsetup.c (action_create): Change defaulting.
+	(action_luksFormat): Change defaulting.
+
+	* lib/setup.c (parse_into_name_and_mode): Revert that default
+	change. This is FORBIDDEN here, as it will change cryptsetup
+	entire default. This is BAD in a non-LUKS world.
+
+2006-02-21  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* luks/keyencryption.c (setup_mapping): Add proper size restriction to mapping.	
+	(LUKS_endec_template): Add more verbose error message.
+
+2006-02-21  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/libdevmapper.c (dm_query_device): Incorporate patch from
+	Bastian Blank
+	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344313
+
+2006-02-21  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* src/cryptsetup.c: Rename show_error -> show_status.
+
+2006-02-20  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/libdevmapper.c (dm_create_device): Prevent existing mapping
+	from being removed when a mapping with the same name is added
+
+	* Add timeout patch from Jonas Meurer 
+
+	* src/cryptsetup.c: Remove conditional error printing to enable
+	printing the no-error msg (Command successful). Verify passphrase
+	for LUKS volumes.
+	(main): Add no-verify-passphrase
+
+	* lib/setup.c (parse_into_name_and_mode): Change default mode complition to essiv:sha256.
+
+2006-01-04  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* src/cryptsetup.c (help): Merge patch from Gentoo: change gettext(..) to _(..).
+
+2005-12-06  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* man/cryptsetup.8: Correct "seconds" to "microseconds" in the explaination for -i.
+
+2005-11-09  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* src/cryptsetup.c (main): Add version string.
+
+2005-11-08  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/backends.c: compile fix. 
+
+2005-09-11  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c (get_key): Fixed another incompatibility from my
+	get_key rewrite with original cryptsetup.
+
+2005-09-11  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* Merged changes from Florian Knauf's fk02 branch.
+
+2005-09-08  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c (get_key): Fixed another incompatiblity with
+	original cryptsetup.
+
+2005-08-20  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* Checked in a patch from Michael Gebetsroither <gebi@sbox.tugraz.at>
+	  to silent all confirmation dialogs.
+
+2005-06-23  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* src/cryptsetup.c (help): print PACKAGE_STRING
+
+2005-06-20  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* luks/keymanage.c (LUKS_set_key): Security check against header manipulation
+
+	* src/cryptsetup.c (action_luksDelKey): Safety check in luksDelKey
+
+	* luks/keymanage.c: Changed disk layout generation to align key material to 4k boundaries.
+	(LUKS_is_last_keyslot): Added LUKS_is_last_keyslot function.
+
+        * Applied patch from Bill Nottingham fixing a lot of prototypes.
+
+	* src/cryptsetup.c (action_luksOpen): Add support for -r flag.
+
+	* configure.in: Version bump 1.0.1
+
+2005-06-16  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c (__crypt_luks_open): Remove mem leaking of dmCipherSpec.
+	(get_key): Fix missing zero termination for read string. 
+
+2005-06-12  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* luks/keyencryption.c (setup_mapping): Added CRYPT_FLAG_READONLY in case of O_RDONLY mode
+
+2005-06-11  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: Version bump 1.0.1-pre
+
+2005-06-09  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/utils.c: Added write_llseek_blocksize method to support sector wiping on sector_size != 512 
+	media
+
+2005-05-23  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/setup.c (crypt_luksDelKey): Added missing return statement
+	(setup_leave): Added missing return statement
+
+	* luks/keyencryption.c (clear_mapping): Added missing return statement
+
+2005-05-19  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* lib/utils.c (write_blockwise, read_blockwise): Changed to soft bsize instead of SECTOR_SIZE
+
+	* luks/keymanage.c (wipe): Changed open mode to O_DIRECT | O_SYNC, and changed write 
+	to use the blockwise write helper
+
+2005-04-21  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* man/cryptsetup.8: Corrected an error, thanks to Dick Middleton.
+
+2005-04-09  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* luks/sha/hmac.c: Add 64 bit bug fix courtesy to 
+	Oliver Paukstadt <pstadt@sourcentral.org>.
+
+	* luks/pbkdf.c, luks/keyencryption.c, luks/keymanage.c, luks/af.c: Added a license 
+	disclaimer and remove option for "any future GPL versions".
+
+2005-03-25  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* configure.in: man page Makefile. Version bump 1.0.
+
+	* man/cryptsetup.8: finalize man page and move to section 8.
+
+	* src/cryptsetup.c (action_luksFormat): Add "are you sure" for interactive sessions.
+
+	* lib/setup.c (crypt_luksDump), src/cryptsetup.c: add LUKS dump command
+
+2005-03-24  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* src/cryptsetup.c, luks/Makefile.am (test), lib/setup.c (setup_enter): 
+	rename luksInit to luksFormat
+
+2005-03-12  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* man/cryptsetup.1: Add man page.
+
+	* lib/setup.c: Remove unneccessary LUKS_write_phdr call, so the
+	phdr is written after passphrase reading, so the user can change
+	his mind, and not have a partial written LUKS header on it's disk.
+
+2005-02-09  Clemens Fruhwirth  <clemens@endorphin.org>
+
+	* luks/keymanage.c (LUKS_write_phdr): converted argument phdr to
+	pointer, and make a copy of phdr for conversion
+
+	* configure.in: Version dump.
+
+	* luks/keyencryption.c: Convert to read|write_blockwise.
+
+	* luks/keymanage.c: Convert to read|write_blockwise.
+
+	* lib/utils.c: Add read|write_blockwise functions, to use in
+	O_DIRECT file accesses. 
+
+2004-03-11 Thursday 15:52   Christophe Saout <christophe@saout.de>
+
+	* lib/blockdev.h: BLKGETSIZE64 really uses size_t as third
+	  argument, the rest is wrong.
+
+2004-03-10 Wednesday 17:50   Christophe Saout <christophe@saout.de>
+
+	* lib/: libcryptsetup.h, libdevmapper.c: Small fixes.
+
+2004-03-09 Tuesday 21:41   Christophe Saout <christophe@saout.de>
+
+	* lib/internal.h, lib/libcryptsetup.h, lib/libdevmapper.c,
+	  lib/setup.c, po/de.po, src/cryptsetup.c: Added internal flags to
+	  keep track of malloc'ed return values in struct crypt_options and
+	  add a function to free the memory. Also add a readonly flag to
+	  libcryptsetup.
+
+2004-03-09 Tuesday 16:03   Christophe Saout <christophe@saout.de>
+
+	* ChangeLog, configure.in, setup-gettext, lib/Makefile.am,
+	  lib/backends.c, lib/blockdev.h, lib/gcrypt.c, lib/internal.h,
+	  lib/libcryptsetup.h, lib/libdevmapper.c, lib/setup.c,
+	  lib/utils.c, po/de.po, src/Makefile.am, src/cryptsetup.c: More
+	  reorganization work.
+
+2004-03-08 Monday 01:38   Christophe Saout <christophe@saout.de>
+
+	* ChangeLog, Makefile.am, acinclude.m4, configure.in,
+	  lib/Makefile.am, lib/backends.c, lib/blockdev.h, lib/gcrypt.c,
+	  lib/libdevmapper.c, lib/setup.c, lib/utils.c, po/de.po,
+	  src/Makefile.am: BLKGETSIZE64 fixes and started modularity
+	  enhancements
+
+2004-03-04 Thursday 21:06   Christophe Saout <christophe@saout.de>
+
+	* Makefile.am, po/de.po, src/cryptsetup.c, src/cryptsetup.h: First
+	  backward compatible working version.
+
+2004-03-04 Thursday 00:42   Christophe Saout <christophe@saout.de>
+
+	* NEWS, AUTHORS, ChangeLog, Makefile.am, README, autogen.sh,
+	  configure.in, setup-gettext, po/ChangeLog, po/LINGUAS,
+	  po/POTFILES.in, po/de.po, src/cryptsetup.c, src/cryptsetup.h,
+	  src/Makefile.am (utags: initial): Initial checkin.
+
+2004-03-04 Thursday 00:42   Christophe Saout <christophe@saout.de>
+
+	* NEWS, AUTHORS, ChangeLog, Makefile.am, README, autogen.sh,
+	  configure.in, setup-gettext, po/ChangeLog, po/LINGUAS,
+	  po/POTFILES.in, po/de.po, src/cryptsetup.c, src/cryptsetup.h,
+	  src/Makefile.am: Initial revision
--- a/docs/v1.5.1-ReleaseNotes
+++ b/docs/v1.5.1-ReleaseNotes
@@ -0,0 +1,32 @@
+Cryptsetup 1.5.1 Release Notes
+==============================
+
+Changes since version 1.5.0
+
+* The libcryptsetup library now tries to initialize device-mapper backend and
+  loop devices only if they are really needed (lazy initializations).
+  This allows some operations to be run by a non-root user.
+
+  (Unfortunately LUKS header keyslot operations still require temporary dm-crypt
+  device and device-mapper subsystem is available only to superuser.)
+
+  Also clear error messages are provided if running as non-root user and
+  operation requires privileged user.
+
+* Veritysetup can be now used by a normal user for creating hash image to file
+  and also it can create hash image if doesn't exist.
+  (Previously it required pre-allocated space.)
+
+* Added crypt_keyslot_area() API call which allows external tools
+  to get exact keyslot offsets and analyse content.
+
+  An example of a tool that searches the keyslot area of a LUKS container
+  for positions where entropy is low and hence there is a high probability
+  of damage is in misc/kesylot_checker.
+  (Thanks to Arno Wagner for the code.)
+
+* Optimized seek to keyfile-offset if key offset is large.
+
+* Fixed luksHeaderBackup for very old v1.0 unaligned LUKS headers.
+
+* Various fixes for problems found by a several static analysis tools.
--- a/docs/v1.6.0-ReleaseNotes
+++ b/docs/v1.6.0-ReleaseNotes
@@ -0,0 +1,261 @@
+Cryptsetup 1.6.0 Release Notes
+==============================
+
+Changes since version 1.6.0-rc1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ * Change LUKS default cipher to to use XTS encryption mode,
+   aes-xts-plain64 (i.e. using AES128-XTS).
+
+   XTS mode becomes standard in hard disk encryption.
+
+   You can still use any old mode:
+    - compile cryptsetup with old default:
+      configure --with-luks1-cipher=aes --with-luks1-mode=cbc-essiv:sha256 --with-luks1-keybits=256
+    - format LUKS device with old default:
+      cryptsetup luksFormat -c aes-cbc-essiv:sha256 -s 256 <device>
+
+
+ * Skip tests and fix error messages if running on old systems (or with old kernel).
+
+ * Rename configure.in to configure.ac and fix issues with new automake and pkgconfig
+   and --disable-kernel_crypto option to allow compilation with old kernel headers.
+
+ * Allow repair of 512 bits key header.
+
+ * Fix status of device if path argument is used and fix double path prefix
+   for non-existent device path.
+
+
+Changes since version 1.5.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Important changes
+~~~~~~~~~~~~~~~~~
+
+ * Cryptsetup and libcryptsetup is now released under GPLv2+
+   (GPL version 2 or any later).
+   Some internal code handling files (loopaes, verity, tcrypt
+   and crypto backend wrapper) are LGPLv2+.
+
+   Previously code was GPL version 2 only.
+
+
+ * Introducing new unified command open and close.
+
+   Example:
+      cryptsetup open --type plain|luks|loopaes|tcrypt <device> <name>
+      (type defaults to luks)
+
+   with backward-compatible aliases plainOpen, luksOpen, loopaesOpen,
+   tcryptOpen. Basically "open --type xyz" has alias "xyzOpen".
+
+   The "create" command (plain device create) is DEPRECATED but will
+   be still supported.
+   (This command is confusing because of switched arguments order.)
+
+   The close command is generic command to remove mapping and have
+   backward compatible aliases (remove, luksClose, ...) which behaves
+   exactly the same.
+
+   While all old syntax is still supported, I strongly suggest to use
+   new command syntax which is common for all device types (and possible
+   new formats added in future).
+
+
+ * cryptsetup now support directly TCRYPT (TrueCrypt and compatible tc-play)
+   on-disk format
+   (Code is independent implementation not related to original project).
+
+   Only dump (tcryptDump command) and activation (open --type tcrypt or tcryptOpen)
+   of TCRYPT device are supported. No header changes are supported.
+
+   It is intended to easily access containers shared with other operating systems
+   without need to install 3rd party software. For native Linux installations LUKS
+   is the preferred format.
+
+   WARNING: TCRYPT extension requires kernel userspace crypto API to be
+   available (introduced in Linux kernel 2.6.38).
+   If you are configuring kernel yourself, enable "User-space interface
+   for symmetric key cipher algorithms" in "Cryptographic API" section
+   (CRYPTO_USER_API_SKCIPHER .config option).
+
+   Because  TCRYPT  header  is encrypted, you have to always provide valid
+   passphrase and keyfiles. Keyfiles are handled exactly the same as in original
+   format (basically, first 1MB of every keyfile is mixed using CRC32 into pool).
+
+   Cryptsetup should recognize all TCRYPT header variants ever released, except
+   legacy  cipher chains  using LRW encryption mode with 64 bits encryption block
+   (namely Blowfish in LRW mode is not recognized, this is limitation of kernel
+   crypto API).
+
+   Device activation is supported only for LRW/XTS modes (again, limitation
+   of kernel dmcrypt which do not implements TCRYPT extensions to CBC mode).
+   (So old containers cannot be activated, but you can use libcryptsetup
+   for lost password search, example of such code is included in misc directory.)
+
+   Hidden header are supported using --tcrypt-hidden option, system encryption
+   using --tcrypt-system option.
+
+   For detailed description see man page.
+
+   EXAMPLE:
+     * Dump device parameters of container in file:
+
+     # cryptsetup tcryptDump tst
+       Enter passphrase: 
+
+     TCRYPT header information for tst
+     Version:        5
+     Driver req.:    7
+     Sector size:    512
+     MK offset:      131072
+     PBKDF2 hash:    sha512
+     Cipher chain:   serpent-twofish-aes
+     Cipher mode:    xts-plain64
+     MK bits:        1536
+
+     You can also dump master key using --dump-master-key.
+     Dump does not require superuser privilege.
+
+     * Activation of this container
+
+     # cryptsetup tcryptOpen tst tcrypt_dev
+       Enter passphrase: 
+      (Chain of dmcrypt devices is activated as /dev/mapper/tcrypt_dev.)
+
+     * See status of active TCRYPT device
+
+     # cryptsetup status tcrypt_dev
+
+     /dev/mapper/tcrypt_dev is active.
+     type:    TCRYPT
+     cipher:  serpent-twofish-aes-xts-plain64
+     keysize: 1536 bits
+     device:  /dev/loop0
+     loop:    /tmp/tst
+     offset:  256 sectors
+     size:    65024 sectors
+     skipped: 256 sectors
+     mode:    read/write
+
+    * And plaintext filesystem now ready to mount
+
+    # blkid /dev/mapper/tcrypt_dev
+    /dev/mapper/tcrypt_dev: SEC_TYPE="msdos" UUID="9F33-2954" TYPE="vfat"
+
+
+ * Add (optional) support for lipwquality for new LUKS passwords.
+
+   If password is entered through terminal (no keyfile specified)
+   and cryptsetup is compiled with --enable-pwquality, default
+   system pwquality settings are used to check password quality.
+
+   You can always override this check by using new --force-password option.
+
+   For more info about pwquality project see http://libpwquality.fedorahosted.org/
+
+
+ * Proper handle interrupt signals (ctrl+c and TERM signal) in tools
+
+   Code should now handle interrupt properly, release and explicitly wipe
+   in-memory key materials on interrupt.
+   (Direct users of libcryptsetup should always call crypt_free() when
+   code is interrupted to wipe all resources. There is no signal handling
+   in library, it is up to the tool using it.)
+
+ 
+ * Add new benchmark command
+
+   The "benchmark" command now tries to benchmark PBKDF2 and some block
+   cipher variants. You can specify you own parameters (--cipher/--key-size
+   for block ciphers, --hash for PBKDF2).
+
+   See man page for detailed description.
+
+   WARNING: benchmark command requires kernel userspace crypto API to be
+   available (introduced in Linux kernel 2.6.38).
+   If you are configuring kernel yourself, enable "User-space interface
+   for symmetric key cipher algorithms" in "Cryptographic API" section
+   (CRYPTO_USER_API_SKCIPHER .config option).
+
+   EXAMPLE:
+     # cryptsetup benchmark
+     # Tests are approximate using memory only (no storage IO).
+     PBKDF2-sha1       111077 iterations per second
+     PBKDF2-sha256      53718 iterations per second
+     PBKDF2-sha512      18832 iterations per second
+     PBKDF2-ripemd160   89775 iterations per second
+     PBKDF2-whirlpool   23918 iterations per second
+            #  Algorithm | Key | Encryption | Decryption
+          aes-cbc   128b  212.0 MiB/s  428.0 MiB/s
+      serpent-cbc   128b   23.1 MiB/s   66.0 MiB/s
+      twofish-cbc   128b   46.1 MiB/s   50.5 MiB/s
+          aes-cbc   256b  163.0 MiB/s  350.0 MiB/s
+      serpent-cbc   256b   23.1 MiB/s   66.0 MiB/s
+      twofish-cbc   256b   47.0 MiB/s   50.0 MiB/s
+          aes-xts   256b  190.0 MiB/s  190.0 MiB/s
+      serpent-xts   256b   58.4 MiB/s   58.0 MiB/s
+      twofish-xts   256b   49.0 MiB/s   49.5 MiB/s
+          aes-xts   512b  175.0 MiB/s  175.0 MiB/s
+      serpent-xts   512b   59.0 MiB/s   58.0 MiB/s
+      twofish-xts   512b   48.5 MiB/s   49.5 MiB/s
+
+     Or you can specify cipher yourself:
+     # cryptsetup benchmark --cipher cast5-cbc-essiv:sha256 -s 128
+     # Tests are approximate using memory only (no storage IO).
+     #  Algorithm | Key | Encryption | Decryption
+        cast5-cbc   128b   32.4 MiB/s   35.0 MiB/s
+
+     WARNING: these tests do not use dmcrypt, only crypto API.
+     You have to benchmark the whole device stack and you can get completely
+     different results. But is is usable for basic comparison.
+     (Note for example AES-NI decryption optimization effect in example above.)
+
+Features
+~~~~~~~~
+
+ * Do not maintain ChangeLog file anymore, see git log for detailed changes,
+   e.g. here http://code.google.com/p/cryptsetup/source/list
+
+ * Move change key into library, add crypt_keyslot_change_by_passphrase().
+   This change is useful mainly in FIPS mode, where we cannot
+   extract volume key directly from libcryptsetup.
+
+ * Add verbose messages during reencryption.
+
+ * Default LUKS PBKDF2 iteration time is now configurable.
+
+ * Add simple cipher benchmarking API.
+
+ * Add kernel skcipher backend.
+
+ * Add CRC32 implementation (for TCRYPT).
+
+ * Move PBKDF2 into crypto backend wrapper.
+   This allows use it in other formats, use library implementations and
+   also possible use of different KDF function in future.
+
+ * New PBKDF2 benchmark using getrusage().
+
+Fixes
+~~~~~
+
+ * Avoid O_DIRECT open if underlying storage doesn't support it.
+
+ * Fix some non-translated messages.
+
+ * Fix regression in header backup (1.5.1) with container in file.
+
+ * Fix blockwise read/write for end writes near end of device.
+   (was not used in previous versions)
+
+ * Ignore setpriority failure.
+
+ * Code changes to fix/ignore problems found by Coverity static analysis, including
+   - Get page size should never fail.
+   - Fix time of check/use (TOCTOU test) in tools
+   - Fix time of check/use in loop/wipe utils.
+   - Fix time of check/use in device utils.
+
+ * Disallow header restore if context is non-LUKS device.
--- a/docs/v1.6.1-ReleaseNotes
+++ b/docs/v1.6.1-ReleaseNotes
@@ -0,0 +1,32 @@
+Cryptsetup 1.6.1 Release Notes
+==============================
+
+Changes since version 1.6.0
+
+* Fix loop-AES keyfile parsing.
+  Loop-AES keyfile should be text keyfile, reject keyfiles which
+  are not properly terminated.
+
+* Fix passphrase pool overflow for too long TCRYPT passphrase.
+ (Maximal TCRYPT passphrase length is 64 characters.)
+
+* Return EPERM (translated to exit code 2) for too long TCRYPT passphrase.
+
+* Fix deactivation of device when failed underlying node disappeared.
+
+* Fix API deactivate call for TCRYPT format and NULL context parameter.
+
+* Improve keyslot checker example documentation.
+
+* Report error message if deactivation fails and device is still busy.
+
+* Make passphrase prompts more consistent (and remove "LUKS" form prompt).
+
+* Fix some missing headers (compilation failed with alternative libc).
+
+* Remove not functional API UUID support for plain & loopaes devices.
+  (not persistent activation UUID).
+
+* Properly cleanup devices on interrupt in api-test.
+
+* Support all tests run if kernel is in FIPS mode.
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -1,16 +1,17 @@
-SUBDIRS = crypto_backend luks1 loopaes verity
+SUBDIRS = crypto_backend luks1 loopaes verity tcrypt

 moduledir = $(libdir)/cryptsetup

 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libcryptsetup.pc

-INCLUDES = \
+AM_CPPFLAGS = \
 	-I$(top_srcdir)				\
 	-I$(top_srcdir)/lib/crypto_backend	\
 	-I$(top_srcdir)/lib/luks1		\
 	-I$(top_srcdir)/lib/loopaes		\
 	-I$(top_srcdir)/lib/verity		\
+	-I$(top_srcdir)/lib/tcrypt		\
 	-DDATADIR=\""$(datadir)"\"		\
 	-DLIBDIR=\""$(libdir)"\"		\
 	-DPREFIX=\""$(prefix)"\"		\
@@ -26,7 +27,8 @@ common_ldadd = \
 	crypto_backend/libcrypto_backend.la	\
 	luks1/libluks1.la			\
 	loopaes/libloopaes.la			\
-	verity/libverity.la
+	verity/libverity.la			\
+	tcrypt/libtcrypt.la

 libcryptsetup_la_DEPENDENCIES = $(common_ldadd) libcryptsetup.sym

@@ -51,6 +53,7 @@ libcryptsetup_la_SOURCES = \
 	nls.h					\
 	libcryptsetup.h				\
 	utils.c					\
+	utils_benchmark.c			\
 	utils_crypt.c				\
 	utils_crypt.h				\
 	utils_loop.c				\
@@ -59,6 +62,7 @@ libcryptsetup_la_SOURCES = \
 	utils_wipe.c				\
 	utils_fips.c				\
 	utils_fips.h				\
+	utils_device.c				\
 	libdevmapper.c				\
 	utils_dm.h				\
 	volumekey.c				\
--- a/lib/bitops.h
+++ b/lib/bitops.h
@@ -1,13 +1,114 @@
+/*
+ * No copyright is claimed.  This code is in the public domain; do with
+ * it what you wish.
+ *
+ * Written by Karel Zak <kzak@redhat.com>
+ */
 #ifndef BITOPS_H
 #define BITOPS_H

 #include <stdint.h>
+#include <sys/param.h>
+
+#if defined(HAVE_BYTESWAP_H)
+# include <byteswap.h>
+#endif
+
+#if defined(HAVE_ENDIAN_H)
+#  include <endian.h>
+#elif defined(HAVE_SYS_ENDIAN_H)	/* BSDs have them here */
+#  include <sys/endian.h>
+#endif
+
+#if defined(__OpenBSD__)
+# include <sys/types.h>
+# define be16toh(x) betoh16(x)
+# define be32toh(x) betoh32(x)
+# define be64toh(x) betoh64(x)
+#endif
+
+/*
+ * Fallbacks
+ */
+#ifndef bswap_16
+# define bswap_16(x)   ((((x) & 0x00FF) << 8) | \
+			(((x) & 0xFF00) >> 8))
+#endif
+
+#ifndef bswap_32
+# define bswap_32(x)   ((((x) & 0x000000FF) << 24) | \
+			(((x) & 0x0000FF00) << 8)  | \
+			(((x) & 0x00FF0000) >> 8)  | \
+			(((x) & 0xFF000000) >> 24))
+#endif
+
+#ifndef bswap_64
+# define bswap_64(x) ((((x) & 0x00000000000000FFULL) << 56) | \
+                      (((x) & 0x000000000000FF00ULL) << 40) | \
+                      (((x) & 0x0000000000FF0000ULL) << 24) | \
+                      (((x) & 0x00000000FF000000ULL) << 8)  | \
+                      (((x) & 0x000000FF00000000ULL) >> 8)  | \
+                      (((x) & 0x0000FF0000000000ULL) >> 24) | \
+                      (((x) & 0x00FF000000000000ULL) >> 40) | \
+                      (((x) & 0xFF00000000000000ULL) >> 56))
+#endif
+
+#ifndef htobe16
+# if !defined(WORDS_BIGENDIAN)
+#  define htobe16(x) bswap_16 (x)
+#  define htole16(x) (x)
+#  define be16toh(x) bswap_16 (x)
+#  define le16toh(x) (x)
+#  define htobe32(x) bswap_32 (x)
+#  define htole32(x) (x)
+#  define be32toh(x) bswap_32 (x)
+#  define le32toh(x) (x)
+#  define htobe64(x) bswap_64 (x)
+#  define htole64(x) (x)
+#  define be64toh(x) bswap_64 (x)
+#  define le64toh(x) (x)
+# else
+#  define htobe16(x) (x)
+#  define htole16(x) bswap_16 (x)
+#  define be16toh(x) (x)
+#  define le16toh(x) bswap_16 (x)
+#  define htobe32(x) (x)
+#  define htole32(x) bswap_32 (x)
+#  define be32toh(x) (x)
+#  define le32toh(x) bswap_32 (x)
+#  define htobe64(x) (x)
+#  define htole64(x) bswap_64 (x)
+#  define be64toh(x) (x)
+#  define le64toh(x) bswap_64 (x)
+# endif
+#endif
+
+/*
+ * Byte swab macros (based on linux/byteorder/swab.h)
+ */
+#define swab16(x) bswap_16(x)
+#define swab32(x) bswap_32(x)
+#define swab64(x) bswap_64(x)
+
+#define cpu_to_le16(x) ((uint16_t) htole16(x))
+#define cpu_to_le32(x) ((uint32_t) htole32(x))
+#define cpu_to_le64(x) ((uint64_t) htole64(x))
+
+#define cpu_to_be16(x) ((uint16_t) htobe16(x))
+#define cpu_to_be32(x) ((uint32_t) htobe32(x))
+#define cpu_to_be64(x) ((uint64_t) htobe64(x))
+
+#define le16_to_cpu(x) ((uint16_t) le16toh(x))
+#define le32_to_cpu(x) ((uint32_t) le32toh(x))
+#define le64_to_cpu(x) ((uint64_t) le64toh(x))
+
+#define be16_to_cpu(x) ((uint16_t) be16toh(x))
+#define be32_to_cpu(x) ((uint32_t) be32toh(x))
+#define be64_to_cpu(x) ((uint64_t) be64toh(x))

 /*
 * Bit map related macros. Usually provided by libc.
 */
-#include <sys/param.h>
-
 #ifndef NBBY
 # define NBBY            CHAR_BIT
 #endif
@@ -19,65 +120,4 @@
 # define isclr(a,i)	(((a)[(i)/NBBY] & (1<<((i)%NBBY))) == 0)
 #endif

-/*
- * Byte swab macros (based on linux/byteorder/swab.h)
- */
-#define swab16(x) \
-	((uint16_t)( \
-		(((uint16_t)(x) & (uint16_t)0x00ffU) << 8) | \
-		(((uint16_t)(x) & (uint16_t)0xff00U) >> 8) ))
-
-#define swab32(x) \
-	((uint32_t)( \
-		(((uint32_t)(x) & (uint32_t)0x000000ffUL) << 24) | \
-		(((uint32_t)(x) & (uint32_t)0x0000ff00UL) <<  8) | \
-		(((uint32_t)(x) & (uint32_t)0x00ff0000UL) >>  8) | \
-		(((uint32_t)(x) & (uint32_t)0xff000000UL) >> 24) ))
-
-#define swab64(x) \
-	((uint64_t)( \
-		(uint64_t)(((uint64_t)(x) & (uint64_t)0x00000000000000ffULL) << 56) | \
-		(uint64_t)(((uint64_t)(x) & (uint64_t)0x000000000000ff00ULL) << 40) | \
-		(uint64_t)(((uint64_t)(x) & (uint64_t)0x0000000000ff0000ULL) << 24) | \
-		(uint64_t)(((uint64_t)(x) & (uint64_t)0x00000000ff000000ULL) <<  8) | \
-	        (uint64_t)(((uint64_t)(x) & (uint64_t)0x000000ff00000000ULL) >>  8) | \
-		(uint64_t)(((uint64_t)(x) & (uint64_t)0x0000ff0000000000ULL) >> 24) | \
-		(uint64_t)(((uint64_t)(x) & (uint64_t)0x00ff000000000000ULL) >> 40) | \
-		(uint64_t)(((uint64_t)(x) & (uint64_t)0xff00000000000000ULL) >> 56) ))
-
-
-#ifdef WORDS_BIGENDIAN
-
-#define cpu_to_le16(x) swab16(x)
-#define cpu_to_le32(x) swab32(x)
-#define cpu_to_le64(x) swab64(x)
-#define cpu_to_be16(x) ((uint16_t)(x))
-#define cpu_to_be32(x) ((uint32_t)(x))
-#define cpu_to_be64(x) ((uint64_t)(x))
-
-#define le16_to_cpu(x) swab16(x)
-#define le32_to_cpu(x) swab32(x)
-#define le64_to_cpu(x) swab64(x)
-#define be16_to_cpu(x) ((uint16_t)(x))
-#define be32_to_cpu(x) ((uint32_t)(x))
-#define be64_to_cpu(x) ((uint64_t)(x))
-
-#else /* !WORDS_BIGENDIAN */
-
-#define cpu_to_le16(x) ((uint16_t)(x))
-#define cpu_to_le32(x) ((uint32_t)(x))
-#define cpu_to_le64(x) ((uint64_t)(x))
-#define cpu_to_be16(x) swab16(x)
-#define cpu_to_be32(x) swab32(x)
-#define cpu_to_be64(x) swab64(x)
-
-#define le16_to_cpu(x) ((uint16_t)(x))
-#define le32_to_cpu(x) ((uint32_t)(x))
-#define le64_to_cpu(x) ((uint64_t)(x))
-#define be16_to_cpu(x) swab16(x)
-#define be32_to_cpu(x) swab32(x)
-#define be64_to_cpu(x) swab64(x)
-
-#endif /* WORDS_BIGENDIAN */
-
 #endif /* BITOPS_H */
--- a/lib/crypt_plain.c
+++ b/lib/crypt_plain.c
@@ -2,11 +2,13 @@
 * cryptsetup plain device helper functions
 *
 * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
- * Copyright (C) 2010-2011 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/lib/crypto_backend/Makefile.am
+++ b/lib/crypto_backend/Makefile.am
@@ -4,7 +4,8 @@ noinst_LTLIBRARIES = libcrypto_backend.la

 libcrypto_backend_la_CFLAGS = -Wall @CRYPTO_CFLAGS@

-libcrypto_backend_la_SOURCES = crypto_backend.h
+libcrypto_backend_la_SOURCES = crypto_backend.h \
+	crypto_cipher_kernel.c pbkdf_check.c crc32.c

 if CRYPTO_BACKEND_GCRYPT
 libcrypto_backend_la_SOURCES += crypto_gcrypt.c
@@ -22,4 +23,8 @@ if CRYPTO_BACKEND_NETTLE
 libcrypto_backend_la_SOURCES += crypto_nettle.c
 endif

-INCLUDES = -D_GNU_SOURCE -I$(top_srcdir)/lib
+if CRYPTO_INTERNAL_PBKDF2
+libcrypto_backend_la_SOURCES += pbkdf2_generic.c
+endif
+
+AM_CPPFLAGS = -D_GNU_SOURCE -I$(top_srcdir)/lib
--- a/lib/crypto_backend/crc32.c
+++ b/lib/crypto_backend/crc32.c
@@ -0,0 +1,116 @@
+/*
+ *  COPYRIGHT (C) 1986 Gary S. Brown.  You may use this program, or
+ *  code or tables extracted from it, as desired without restriction.
+ *
+ *  First, the polynomial itself and its table of feedback terms.  The
+ *  polynomial is
+ *  X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0
+ *
+ *  Note that we take it "backwards" and put the highest-order term in
+ *  the lowest-order bit.  The X^32 term is "implied"; the LSB is the
+ *  X^31 term, etc.  The X^0 term (usually shown as "+1") results in
+ *  the MSB being 1.
+ *
+ *  Note that the usual hardware shift register implementation, which
+ *  is what we're using (we're merely optimizing it by doing eight-bit
+ *  chunks at a time) shifts bits into the lowest-order term.  In our
+ *  implementation, that means shifting towards the right.  Why do we
+ *  do it this way?  Because the calculated CRC must be transmitted in
+ *  order from highest-order term to lowest-order term.  UARTs transmit
+ *  characters in order from LSB to MSB.  By storing the CRC this way,
+ *  we hand it to the UART in the order low-byte to high-byte; the UART
+ *  sends each low-bit to hight-bit; and the result is transmission bit
+ *  by bit from highest- to lowest-order term without requiring any bit
+ *  shuffling on our part.  Reception works similarly.
+ *
+ *  The feedback terms table consists of 256, 32-bit entries.  Notes
+ *
+ *      The table can be generated at runtime if desired; code to do so
+ *      is shown later.  It might not be obvious, but the feedback
+ *      terms simply represent the results of eight shift/xor opera-
+ *      tions for all combinations of data and CRC register values.
+ *
+ *      The values must be right-shifted by eight bits by the "updcrc"
+ *      logic; the shift must be unsigned (bring in zeroes).  On some
+ *      hardware you could probably optimize the shift in assembler by
+ *      using byte-swap instructions.
+ *      polynomial $edb88320
+ *
+ */
+
+#include <stdio.h>
+
+#include "crypto_backend.h"
+
+
+static const uint32_t crc32_tab[] = {
+	0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L,
+	0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L,
+	0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L,
+	0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
+	0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L,
+	0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L,
+	0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L,
+	0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
+	0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L,
+	0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL,
+	0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L,
+	0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
+	0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L,
+	0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL,
+	0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL,
+	0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
+	0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL,
+	0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L,
+	0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L,
+	0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
+	0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL,
+	0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L,
+	0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L,
+	0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
+	0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L,
+	0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L,
+	0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L,
+	0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
+	0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L,
+	0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL,
+	0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL,
+	0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
+	0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L,
+	0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL,
+	0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL,
+	0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
+	0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL,
+	0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L,
+	0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL,
+	0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
+	0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL,
+	0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L,
+	0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L,
+	0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
+	0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L,
+	0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L,
+	0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L,
+	0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
+	0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L,
+	0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L,
+	0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL,
+	0x2d02ef8dL
+};
+
+/*
+ * This a generic crc32() function, it takes seed as an argument,
+ * and does __not__ xor at the end. Then individual users can do
+ * whatever they need.
+ */
+uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len)
+{
+	uint32_t crc = seed;
+	const unsigned char *p = buf;
+
+	while(len-- > 0)
+		crc = crc32_tab[(crc ^ *p++) & 0xff] ^ (crc >> 8);
+
+	return crc;
+}
+
--- a/lib/crypto_backend/crypto_backend.h
+++ b/lib/crypto_backend/crypto_backend.h
@@ -2,29 +2,33 @@
 * crypto backend implementation
 *
 * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Milan Broz
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 #ifndef _CRYPTO_BACKEND_H
 #define _CRYPTO_BACKEND_H

 #include <stdint.h>
+#include <string.h>
 #include "config.h"

 struct crypt_device;
 struct crypt_hash;
 struct crypt_hmac;
+struct crypt_cipher;

 int crypt_backend_init(struct crypt_device *ctx);

@@ -52,4 +56,38 @@ int crypt_hmac_destroy(struct crypt_hmac *ctx);
 enum { CRYPT_RND_NORMAL = 0, CRYPT_RND_KEY = 1, CRYPT_RND_SALT = 2 };
 int crypt_backend_rng(char *buffer, size_t length, int quality, int fips);

+/* PBKDF*/
+int crypt_pbkdf_check(const char *kdf, const char *hash,
+		      const char *password, size_t password_size,
+		      const char *salt, size_t salt_size,
+		      uint64_t *iter_secs);
+int crypt_pbkdf(const char *kdf, const char *hash,
+		const char *password, size_t password_length,
+		const char *salt, size_t salt_length,
+		char *key, size_t key_length,
+		unsigned int iterations);
+
+#if USE_INTERNAL_PBKDF2
+/* internal PBKDF2 implementation */
+int pkcs5_pbkdf2(const char *hash,
+		 const char *P, size_t Plen,
+		 const char *S, size_t Slen,
+		 unsigned int c,
+		 unsigned int dkLen,char *DK);
+#endif
+
+/* CRC32 */
+uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len);
+
+/* ciphers */
+int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
+		    const char *mode, const void *buffer, size_t length);
+int crypt_cipher_destroy(struct crypt_cipher *ctx);
+int crypt_cipher_encrypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length);
+int crypt_cipher_decrypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length);
+
 #endif /* _CRYPTO_BACKEND_H */
--- a/lib/crypto_backend/crypto_cipher_kernel.c
+++ b/lib/crypto_backend/crypto_cipher_kernel.c
@@ -0,0 +1,228 @@
+/*
+ * Linux kernel userspace API crypto backend implementation (skcipher)
+ *
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012, Milan Broz
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include "crypto_backend.h"
+
+#ifdef ENABLE_AF_ALG
+
+#include <linux/if_alg.h>
+
+#ifndef AF_ALG
+#define AF_ALG 38
+#endif
+#ifndef SOL_ALG
+#define SOL_ALG 279
+#endif
+
+struct crypt_cipher {
+	int tfmfd;
+	int opfd;
+};
+
+/* Shared with hash kernel backend */
+int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd);
+
+int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd)
+{
+	*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+	if (*tfmfd == -1)
+		return -ENOTSUP;
+
+	if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) == -1) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -ENOENT;
+	}
+
+	*opfd = accept(*tfmfd, NULL, 0);
+	if (*opfd == -1) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+/*
+ *ciphers
+ *
+ * ENOENT - algorithm not available
+ * ENOTSUP - AF_ALG family not available
+ * (but cannot check specificaly for skcipher API)
+ */
+int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
+		    const char *mode, const void *buffer, size_t length)
+{
+	struct crypt_cipher *h;
+	struct sockaddr_alg sa = {
+		.salg_family = AF_ALG,
+		.salg_type = "skcipher",
+	};
+	int r;
+
+	h = malloc(sizeof(*h));
+	if (!h)
+		return -ENOMEM;
+
+	snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
+		 "%s(%s)", mode, name);
+
+	r = crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd);
+	if (r < 0) {
+		free(h);
+		return r;
+	}
+
+	if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) {
+		crypt_cipher_destroy(h);
+		return -EINVAL;
+	}
+
+	*ctx = h;
+	return 0;
+}
+
+/* The in/out should be aligned to page boundary */
+static int crypt_cipher_crypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length,
+			 uint32_t direction)
+{
+	int r = 0;
+	ssize_t len;
+	struct af_alg_iv *alg_iv;
+	struct cmsghdr *header;
+	uint32_t *type;
+	struct iovec iov = {
+		.iov_base = (void*)(uintptr_t)in,
+		.iov_len = length,
+	};
+	int iv_msg_size = iv ? CMSG_SPACE(sizeof(*alg_iv) + iv_length) : 0;
+	char buffer[CMSG_SPACE(sizeof(*type)) + iv_msg_size];
+	struct msghdr msg = {
+		.msg_control = buffer,
+		.msg_controllen = sizeof(buffer),
+		.msg_iov = &iov,
+		.msg_iovlen = 1,
+	};
+
+	if (!in || !out || !length)
+		return -EINVAL;
+
+	if ((!iv && iv_length) || (iv && !iv_length))
+		return -EINVAL;
+
+	memset(buffer, 0, sizeof(buffer));
+
+	/* Set encrypt/decrypt operation */
+	header = CMSG_FIRSTHDR(&msg);
+	header->cmsg_level = SOL_ALG;
+	header->cmsg_type = ALG_SET_OP;
+	header->cmsg_len = CMSG_LEN(sizeof(*type));
+	type = (void*)CMSG_DATA(header);
+	*type = direction;
+
+	/* Set IV */
+	if (iv) {
+		header = CMSG_NXTHDR(&msg, header);
+		header->cmsg_level = SOL_ALG;
+		header->cmsg_type = ALG_SET_IV;
+		header->cmsg_len = iv_msg_size;
+		alg_iv = (void*)CMSG_DATA(header);
+		alg_iv->ivlen = iv_length;
+		memcpy(alg_iv->iv, iv, iv_length);
+	}
+
+	len = sendmsg(ctx->opfd, &msg, 0);
+	if (len != (ssize_t)length) {
+		r = -EIO;
+		goto bad;
+	}
+
+	len = read(ctx->opfd, out, length);
+	if (len != (ssize_t)length)
+		r = -EIO;
+bad:
+	memset(buffer, 0, sizeof(buffer));
+	return r;
+}
+
+int crypt_cipher_encrypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length)
+{
+	return crypt_cipher_crypt(ctx, in, out, length,
+				  iv, iv_length, ALG_OP_ENCRYPT);
+}
+
+int crypt_cipher_decrypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length)
+{
+	return crypt_cipher_crypt(ctx, in, out, length,
+				  iv, iv_length, ALG_OP_DECRYPT);
+}
+
+int crypt_cipher_destroy(struct crypt_cipher *ctx)
+{
+	if (ctx->tfmfd != -1)
+		close(ctx->tfmfd);
+	if (ctx->opfd != -1)
+		close(ctx->opfd);
+	memset(ctx, 0, sizeof(*ctx));
+	free(ctx);
+	return 0;
+}
+
+#else /* ENABLE_AF_ALG */
+
+int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
+		    const char *mode, const void *buffer, size_t length)
+{
+	return -ENOTSUP;
+}
+
+int crypt_cipher_destroy(struct crypt_cipher *ctx)
+{
+	return 0;
+}
+
+int crypt_cipher_encrypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length)
+{
+	return -EINVAL;
+}
+int crypt_cipher_decrypt(struct crypt_cipher *ctx,
+			 const char *in, char *out, size_t length,
+			 const char *iv, size_t iv_length)
+{
+	return -EINVAL;
+}
+#endif
--- a/lib/crypto_backend/crypto_gcrypt.c
+++ b/lib/crypto_backend/crypto_gcrypt.c
@@ -2,18 +2,20 @@
 * GCRYPT crypto backend implementation
 *
 * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Milan Broz
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

@@ -251,3 +253,37 @@ int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
 	}
 	return 0;
 }
+
+/* PBKDF */
+int crypt_pbkdf(const char *kdf, const char *hash,
+		const char *password, size_t password_length,
+		const char *salt, size_t salt_length,
+		char *key, size_t key_length,
+		unsigned int iterations)
+{
+#if USE_INTERNAL_PBKDF2
+	if (!kdf || strncmp(kdf, "pbkdf2", 6))
+		return -EINVAL;
+
+	return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
+			    iterations, key_length, key);
+
+#else /* USE_INTERNAL_PBKDF2 */
+	int hash_id = gcry_md_map_name(hash);
+	int kdf_id;
+
+	if (!hash_id)
+		return -EINVAL;
+
+	if (kdf && !strncmp(kdf, "pbkdf2", 6))
+		kdf_id = GCRY_KDF_PBKDF2;
+	else
+		return -EINVAL;
+
+	if (gcry_kdf_derive(password, password_length, kdf_id, hash_id,
+	    salt, salt_length, iterations, key_length, key))
+		return -EINVAL;
+
+	return 0;
+#endif /* USE_INTERNAL_PBKDF2 */
+}
--- a/lib/crypto_backend/crypto_kernel.c
+++ b/lib/crypto_backend/crypto_kernel.c
@@ -2,18 +2,20 @@
 * Linux kernel userspace API crypto backend implementation
 *
 * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Milan Broz
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

@@ -50,7 +52,7 @@ static struct hash_alg hash_algs[] = {
 	{ "sha512", "sha512", 64 },
 	{ "ripemd160", "rmd160", 20 },
 	{ "whirlpool", "wp512", 64 },
-	{ NULL, 0 }
+	{ NULL, NULL, 0 }
 };

 struct crypt_hash {
@@ -65,31 +67,8 @@ struct crypt_hmac {
 	int hash_len;
 };

-static int _socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd)
-{
-	*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
-	if (*tfmfd == -1)
-		goto bad;
-
-	if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) == -1)
-		goto bad;
-
-	*opfd = accept(*tfmfd, NULL, 0);
-	if (*opfd == -1)
-		goto bad;
-
-	return 0;
-bad:
-	if (*tfmfd != -1) {
-		close(*tfmfd);
-		*tfmfd = -1;
-	}
-	if (*opfd != -1) {
-		close(*opfd);
-		*opfd = -1;
-	}
-	return -EINVAL;
-}
+/* Defined in crypt_kernel_ciphers.c */
+extern int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd);

 int crypt_backend_init(struct crypt_device *ctx)
 {
@@ -107,7 +86,7 @@ int crypt_backend_init(struct crypt_device *ctx)
 	if (uname(&uts) == -1 || strcmp(uts.sysname, "Linux"))
 		return -EINVAL;

-	if (_socket_init(&sa, &tfmfd, &opfd) < 0)
+	if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd) < 0)
 		return -EINVAL;

 	close(tfmfd);
@@ -172,7 +151,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)

 	strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name));

-	if (_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
+	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
 		free(h);
 		return -EINVAL;
 	}
@@ -247,7 +226,7 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 	snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
 		 "hmac(%s)", ha->kernel_name);

-	if (_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
+	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
 		free(h);
 		return -EINVAL;
 	}
@@ -302,3 +281,17 @@ int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
 {
 	return -EINVAL;
 }
+
+/* PBKDF */
+int crypt_pbkdf(const char *kdf, const char *hash,
+		const char *password, size_t password_length,
+		const char *salt, size_t salt_length,
+		char *key, size_t key_length,
+		unsigned int iterations)
+{
+	if (!kdf || strncmp(kdf, "pbkdf2", 6))
+		return -EINVAL;
+
+	return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
+			    iterations, key_length, key);
+}
--- a/lib/crypto_backend/crypto_nettle.c
+++ b/lib/crypto_backend/crypto_nettle.c
@@ -2,18 +2,20 @@
 * Nettle crypto backend implementation
 *
 * Copyright (C) 2011-2012 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2012, Milan Broz
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

@@ -274,3 +276,18 @@ int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)
 {
 	return -EINVAL;
 }
+
+/* PBKDF */
+int crypt_pbkdf(const char *kdf, const char *hash,
+		const char *password, size_t password_length,
+		const char *salt, size_t salt_length,
+		char *key, size_t key_length,
+		unsigned int iterations)
+{
+	if (!kdf || strncmp(kdf, "pbkdf2", 6))
+		return -EINVAL;
+
+	/* FIXME: switch to internal implementation in Nettle 2.6 */
+	return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
+			    iterations, key_length, key);
+}
--- a/lib/crypto_backend/crypto_nss.c
+++ b/lib/crypto_backend/crypto_nss.c
@@ -2,18 +2,20 @@
 * NSS crypto backend implementation
 *
 * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Milan Broz
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

@@ -298,3 +300,17 @@ int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)

 	return 0;
 }
+
+/* PBKDF */
+int crypt_pbkdf(const char *kdf, const char *hash,
+		const char *password, size_t password_length,
+		const char *salt, size_t salt_length,
+		char *key, size_t key_length,
+		unsigned int iterations)
+{
+	if (!kdf || strncmp(kdf, "pbkdf2", 6))
+		return -EINVAL;
+
+	return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
+			    iterations, key_length, key);
+}
--- a/lib/crypto_backend/crypto_openssl.c
+++ b/lib/crypto_backend/crypto_openssl.c
@@ -2,18 +2,20 @@
 * OPENSSL crypto backend implementation
 *
 * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2012, Milan Broz
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * In addition, as a special exception, the copyright holders give
@@ -22,7 +24,7 @@
 * individual source file, and distribute linked combinations
 * including the two.
 *
- * You must obey the GNU General Public License in all respects
+ * You must obey the GNU Lesser General Public License in all respects
 * for all of the code used other than OpenSSL.
 */

@@ -52,7 +54,7 @@ int crypt_backend_init(struct crypt_device *ctx)
 	if (crypto_backend_initialised)
 		return 0;

-	OpenSSL_add_all_digests();
+	OpenSSL_add_all_algorithms();

 	crypto_backend_initialised = 1;
 	return 0;
@@ -230,3 +232,27 @@ int crypt_backend_rng(char *buffer, size_t length, int quality, int fips)

 	return 0;
 }
+
+/* PBKDF */
+int crypt_pbkdf(const char *kdf, const char *hash,
+		const char *password, size_t password_length,
+		const char *salt, size_t salt_length,
+		char *key, size_t key_length,
+		unsigned int iterations)
+{
+	const EVP_MD *hash_id;
+
+	if (!kdf || strncmp(kdf, "pbkdf2", 6))
+		return -EINVAL;
+
+	hash_id = EVP_get_digestbyname(hash);
+	if (!hash_id)
+		return -EINVAL;
+
+	if (!PKCS5_PBKDF2_HMAC(password, (int)password_length,
+	    (unsigned char *)salt, (int)salt_length,
+            (int)iterations, hash_id, (int)key_length, (unsigned char *)key))
+		return -EINVAL;
+
+	return 0;
+}
--- a/lib/crypto_backend/pbkdf2_generic.c
+++ b/lib/crypto_backend/pbkdf2_generic.c
@@ -3,9 +3,8 @@
 * Copyright (C) 2002,2003 Simon Josefsson
 * Copyright (C) 2004 Free Software Foundation
 *
- * LUKS code
- * Copyright (C) 2004, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * cryptsetup related changes
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -23,17 +22,9 @@
 *
 */

-#include <netinet/in.h>
 #include <errno.h>
-#include <signal.h>
 #include <alloca.h>
-#include <string.h>
-#include <sys/time.h>
 #include "crypto_backend.h"
-#include "pbkdf.h"
-
-static volatile uint64_t __PBKDF2_global_j = 0;
-static volatile uint64_t __PBKDF2_performance = 0;

 /*
 * 5.2 PBKDF2
@@ -63,11 +54,11 @@ static volatile uint64_t __PBKDF2_performance = 0;

 #define MAX_PRF_BLOCK_LEN 80

-static int pkcs5_pbkdf2(const char *hash,
+int pkcs5_pbkdf2(const char *hash,
 			const char *P, size_t Plen,
 			const char *S, size_t Slen,
 			unsigned int c, unsigned int dkLen,
-			char *DK, int perfcheck)
+			char *DK)
 {
 	struct crypt_hmac *hmac;
 	char U[MAX_PRF_BLOCK_LEN];
@@ -164,7 +155,7 @@ static int pkcs5_pbkdf2(const char *hash,
 	if (crypt_hmac_init(&hmac, hash, P, Plen))
 		return -EINVAL;

-	for (i = 1; (uint) i <= l; i++) {
+	for (i = 1; (unsigned int) i <= l; i++) {
 		memset(T, 0, hLen);

 		for (u = 1; u <= c ; u++) {
@@ -185,83 +176,14 @@ static int pkcs5_pbkdf2(const char *hash,
 			if (crypt_hmac_final(hmac, U, hLen))
 				goto out;

-			for (k = 0; (uint) k < hLen; k++)
+			for (k = 0; (unsigned int) k < hLen; k++)
 				T[k] ^= U[k];
-
-			if (perfcheck && __PBKDF2_performance) {
-				rc = 0;
-				goto out;
-			}
-
-			if (perfcheck)
-				__PBKDF2_global_j++;
 		}

-		memcpy(DK + (i - 1) * hLen, T, (uint) i == l ? r : hLen);
+		memcpy(DK + (i - 1) * hLen, T, (unsigned int) i == l ? r : hLen);
 	}
 	rc = 0;
 out:
 	crypt_hmac_destroy(hmac);
 	return rc;
 }
-
-int PBKDF2_HMAC(const char *hash,
-		const char *password, size_t passwordLen,
-		const char *salt, size_t saltLen, unsigned int iterations,
-		char *dKey, size_t dKeyLen)
-{
-	return pkcs5_pbkdf2(hash, password, passwordLen, salt, saltLen,
-			    iterations, (unsigned int)dKeyLen, dKey, 0);
-}
-
-int PBKDF2_HMAC_ready(const char *hash)
-{
-	if (crypt_hmac_size(hash) < 20)
-		return -EINVAL;
-
-	return 1;
-}
-
-static void sigvtalarm(int foo __attribute__((unused)))
-{
-	__PBKDF2_performance = __PBKDF2_global_j;
-}
-
-/* This code benchmarks PBKDF2 and returns iterations/second using wth specified hash */
-int PBKDF2_performance_check(const char *hash, uint64_t *iter)
-{
-	int timer_type, r;
-	char buf;
-	struct itimerval it;
-
-	if (__PBKDF2_global_j)
-		return -EBUSY;
-
-	if (PBKDF2_HMAC_ready(hash) < 0)
-		return -EINVAL;
-
-	/* If crypto backend is not implemented in userspace,
-	 * but uses some kernel part, we must measure also time
-	 * spent in kernel. */
-	if (crypt_backend_flags() & CRYPT_BACKEND_KERNEL) {
-		timer_type = ITIMER_PROF;
-		signal(SIGPROF,sigvtalarm);
-	} else {
-		timer_type = ITIMER_VIRTUAL;
-		signal(SIGVTALRM,sigvtalarm);
-	}
-
-	it.it_interval.tv_usec = 0;
-	it.it_interval.tv_sec = 0;
-	it.it_value.tv_usec = 0;
-	it.it_value.tv_sec =  1;
-	if (setitimer(timer_type, &it, NULL) < 0)
-		return -EINVAL;
-
-	r = pkcs5_pbkdf2(hash, "foo", 3, "bar", 3, ~(0U), 1, &buf, 1);
-
-	*iter = __PBKDF2_performance;
-	__PBKDF2_global_j = 0;
-	__PBKDF2_performance = 0;
-	return r;
-}
--- a/lib/crypto_backend/pbkdf_check.c
+++ b/lib/crypto_backend/pbkdf_check.c
@@ -0,0 +1,89 @@
+/*
+ * PBKDF performance check
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012, Milan Broz
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <errno.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include "crypto_backend.h"
+
+static long time_ms(struct rusage *start, struct rusage *end)
+{
+	long ms;
+
+	ms = (end->ru_utime.tv_sec - start->ru_utime.tv_sec) * 1000;
+	ms += (end->ru_utime.tv_usec - start->ru_utime.tv_usec) / 1000;
+
+	if (crypt_backend_flags() & CRYPT_BACKEND_KERNEL) {
+		ms += (end->ru_stime.tv_sec - start->ru_stime.tv_sec) * 1000;
+		ms += (end->ru_stime.tv_usec - start->ru_stime.tv_usec) / 1000;
+	}
+
+	return ms;
+}
+
+/* This code benchmarks PBKDF and returns iterations/second using specified hash */
+int crypt_pbkdf_check(const char *kdf, const char *hash,
+		      const char *password, size_t password_size,
+		      const char *salt, size_t salt_size,
+		      uint64_t *iter_secs)
+{
+	struct rusage rstart, rend;
+	int r = 0, step = 0;
+	long ms = 0;
+	char buf;
+	unsigned int iterations;
+
+	if (!kdf || !hash)
+		return -EINVAL;
+
+	iterations = 1 << 15;
+	while (ms < 500) {
+		if (getrusage(RUSAGE_SELF, &rstart) < 0)
+			return -EINVAL;
+
+		r = crypt_pbkdf(kdf, hash, password, password_size, salt,
+				salt_size, &buf, 1, iterations);
+		if (r < 0)
+			return r;
+
+		if (getrusage(RUSAGE_SELF, &rend) < 0)
+			return -EINVAL;
+
+		ms = time_ms(&rstart, &rend);
+		if (ms > 500)
+			break;
+
+		if (ms <= 62)
+			iterations <<= 4;
+		else if (ms <= 125)
+			iterations <<= 3;
+		else if (ms <= 250)
+			iterations <<= 2;
+		else
+			iterations <<= 1;
+
+		if (++step > 10 || !iterations)
+			return -EINVAL;
+	}
+
+	if (iter_secs)
+		*iter_secs = (iterations * 1000) / ms;
+	return r;
+}
--- a/lib/internal.h
+++ b/lib/internal.h
@@ -4,10 +4,12 @@
 * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
 * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
 * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -63,29 +65,45 @@ struct volume_key *crypt_alloc_volume_key(unsigned keylength, const char *key);
 struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, unsigned keylength);
 void crypt_free_volume_key(struct volume_key *vk);

+/* Device backend */
+struct device;
+int device_alloc(struct device **device, const char *path);
+void device_free(struct device *device);
+const char *device_path(const struct device *device);
+const char *device_block_path(const struct device *device);
+void device_topology_alignment(struct device *device,
+			    unsigned long *required_alignment, /* bytes */
+			    unsigned long *alignment_offset,   /* bytes */
+			    unsigned long default_alignment);
+int device_block_size(struct device *device);
+int device_read_ahead(struct device *device, uint32_t *read_ahead);
+int device_size(struct device *device, uint64_t *size);
+int device_open(struct device *device, int flags);
+
+enum devcheck { DEV_OK = 0, DEV_EXCL = 1, DEV_SHARED = 2 };
+int device_block_adjust(struct crypt_device *cd,
+			struct device *device,
+			enum devcheck device_check,
+			uint64_t device_offset,
+			uint64_t *size,
+			uint32_t *flags);
+size_t size_round_up(size_t size, unsigned int block);
+
+/* Receive backend devices from context helpers */
+struct device *crypt_metadata_device(struct crypt_device *cd);
+struct device *crypt_data_device(struct crypt_device *cd);
+
 int crypt_confirm(struct crypt_device *cd, const char *msg);

 char *crypt_lookup_dev(const char *dev_id);
-int crypt_sysfs_check_crypt_segment(const char *device, uint64_t offset, uint64_t size);
 int crypt_sysfs_get_rotational(int major, int minor, int *rotational);

-int sector_size_for_device(const char *device);
-int device_read_ahead(const char *dev, uint32_t *read_ahead);
-ssize_t write_blockwise(int fd, void *buf, size_t count);
-ssize_t read_blockwise(int fd, void *_buf, size_t count);
-ssize_t write_lseek_blockwise(int fd, char *buf, size_t count, off_t offset);
-int device_ready(struct crypt_device *cd, const char *device, int mode);
-int device_size(const char *device, uint64_t *size);
+ssize_t write_blockwise(int fd, int bsize, void *buf, size_t count);
+ssize_t read_blockwise(int fd, int bsize, void *_buf, size_t count);
+ssize_t write_lseek_blockwise(int fd, int bsize, char *buf, size_t count, off_t offset);

 unsigned crypt_getpagesize(void);
-
-enum devcheck { DEV_OK = 0, DEV_EXCL = 1, DEV_SHARED = 2 };
-int device_check_and_adjust(struct crypt_device *cd,
-			    const char *device,
-			    enum devcheck device_check,
-			    uint64_t *size,
-			    uint64_t *offset,
-			    uint32_t *flags);
+int init_crypto(struct crypt_device *ctx);

 void logger(struct crypt_device *cd, int class, const char *file, int line, const char *format, ...);
 #define log_dbg(x...) logger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
@@ -98,11 +116,6 @@ int crypt_get_debug_level(void);
 int crypt_memlock_inc(struct crypt_device *ctx);
 int crypt_memlock_dec(struct crypt_device *ctx);

-void get_topology_alignment(const char *device,
-			    unsigned long *required_alignment, /* bytes */
-			    unsigned long *alignment_offset,   /* bytes */
-			    unsigned long default_alignment);
-
 int crypt_random_init(struct crypt_device *ctx);
 int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int quality);
 void crypt_random_exit(void);
@@ -131,7 +144,7 @@ typedef enum {
 			    * random algorithm */
 } crypt_wipe_type;

-int crypt_wipe(const char *device,
+int crypt_wipe(struct device *device,
 	       uint64_t offset,
 	       uint64_t sectors,
 	       crypt_wipe_type type,
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -4,10 +4,12 @@
 * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
 * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
 * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -87,7 +89,7 @@ int crypt_init_by_name_and_header(struct crypt_device **cd,
 int crypt_init_by_name(struct crypt_device **cd, const char *name);

 /**
- * @defgroup loglevel "Cryptsetup logging"
+ * @defgroup loglevel Cryptsetup logging
 *
 * Set of functions and defines used in cryptsetup for
 * logging purposes
@@ -237,7 +239,7 @@ void crypt_set_password_verify(struct crypt_device *cd, int password_verify);
 int crypt_set_data_device(struct crypt_device *cd, const char *device);

 /**
- * @defgroup rng "Cryptsetup RNG"
+ * @defgroup rng Cryptsetup RNG
 *
 * @addtogroup rng
 * @{
@@ -283,7 +285,7 @@ int crypt_get_rng_type(struct crypt_device *cd);
 int crypt_memory_lock(struct crypt_device *cd, int lock);

 /**
- * @defgroup crypt_type "Cryptsetup on-disk format types"
+ * @defgroup crypt_type Cryptsetup on-disk format types
 *
 * Set of functions, \#defines and structs related
 * to on-disk format types
@@ -302,6 +304,8 @@ int crypt_memory_lock(struct crypt_device *cd, int lock);
 #define CRYPT_LOOPAES "LOOPAES"
 /** dm-verity mode */
 #define CRYPT_VERITY "VERITY"
+/** TCRYPT (TrueCrypt-compatible) mode */
+#define CRYPT_TCRYPT "TCRYPT"

 /**
 * Get device type
@@ -359,13 +363,6 @@ struct crypt_params_loopaes {
 * @see crypt_format, crypt_load
 *
 */
-/** No on-disk header (only hashes) */
-#define CRYPT_VERITY_NO_HEADER   (1 << 0)
-/** Verity hash in userspace before activation */
-#define CRYPT_VERITY_CHECK_HASH  (1 << 1)
-/** Create hash - format hash device */
-#define CRYPT_VERITY_CREATE_HASH (1 << 2)
-
 struct crypt_params_verity {
 	const char *hash_name;     /**< hash function */
 	const char *data_device;   /**< data_device (CRYPT_VERITY_CREATE_HASH) */
@@ -380,6 +377,41 @@ struct crypt_params_verity {
 	uint32_t flags;            /**< CRYPT_VERITY* flags */
 };

+/** No on-disk header (only hashes) */
+#define CRYPT_VERITY_NO_HEADER   (1 << 0)
+/** Verity hash in userspace before activation */
+#define CRYPT_VERITY_CHECK_HASH  (1 << 1)
+/** Create hash - format hash device */
+#define CRYPT_VERITY_CREATE_HASH (1 << 2)
+
+/**
+ *
+ * Structure used as parameter for TCRYPT device type
+ *
+ * @see crypt_load
+ *
+ */
+struct crypt_params_tcrypt {
+	const char *passphrase;    /**< passphrase to unlock header (input only) */
+	size_t passphrase_size;    /**< passphrase size (input only, max length is 64) */
+	const char **keyfiles;     /**< keyfile paths to unlock header (input only) */
+	unsigned int keyfiles_count;/**< keyfiles count (input only) */
+	const char *hash_name;     /**< hash function for PBKDF */
+	const char *cipher;        /**< cipher chain c1[-c2[-c3]] */
+	const char *mode;          /**< cipher block mode */
+	size_t key_size;           /**< key size in bytes (the whole chain) */
+	uint32_t flags;            /**< CRYPT_TCRYPT* flags */
+};
+
+/** Include legacy modes ehn scannig for header*/
+#define CRYPT_TCRYPT_LEGACY_MODES    (1 << 0)
+/** Try to load hidden header (describing hidden device) */
+#define CRYPT_TCRYPT_HIDDEN_HEADER   (1 << 1)
+/** Try to load backup header */
+#define CRYPT_TCRYPT_BACKUP_HEADER   (1 << 2)
+/** Device contains encrypted system (with boot loader) */
+#define CRYPT_TCRYPT_SYSTEM_HEADER   (1 << 3)
+
 /** @} */

 /**
@@ -540,7 +572,7 @@ int crypt_resume_by_keyfile(struct crypt_device *cd,
 void crypt_free(struct crypt_device *cd);

 /**
- * @defgroup keyslot "Cryptsetup LUKS keyslots"
+ * @defgroup keyslot Cryptsetup LUKS keyslots
 * @addtogroup keyslot
 * @{
 *
@@ -571,14 +603,31 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
 	size_t new_passphrase_size);

 /**
- * Get number of keyslots supported for device type.
+ * Change defined key slot using provided passphrase
 *
- * @param type crypt device type
+ * @pre @e cd contains initialized and formatted LUKS device context
 *
- * @return slot count or negative errno otherwise if device
- * doesn't not support keyslots.
+ * @param cd crypt device handle
+ * @param keyslot_old old keyslot or @e CRYPT_ANY_SLOT
+ * @param keyslot_new new keyslot (can be the same as old)
+ * @param passphrase passphrase used to unlock volume key, @e NULL for query
+ * @param passphrase_size size of passphrase (binary data)
+ * @param new_passphrase passphrase for new keyslot, @e NULL for query
+ * @param new_passphrase_size size of @e new_passphrase (binary data)
+ *
+ * @return allocated key slot number or negative errno otherwise.
+ *
+ * @note This function is just internal implementation of luksChange
+ * command to avoid reading of volume key outside libcryptsetup boundary
+ * in FIPS mode.
 */
-int crypt_keyslot_max(const char *type);
+int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
+	int keyslot_old,
+	int keyslot_new,
+	const char *passphrase,
+	size_t passphrase_size,
+	const char *new_passphrase,
+	size_t new_passphrase_size);

 /**
 * Add key slot using provided key file path
@@ -656,7 +705,7 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
 /** @} */

 /**
- * @defgroup aflags "Device runtime attributes"
+ * @defgroup aflags Device runtime attributes
 *
 * Activation flags
 *
@@ -770,6 +819,8 @@ int crypt_activate_by_keyfile(struct crypt_device *cd,
 * @note For VERITY the volume key means root hash required for activation.
 * 	 Because kernel dm-verity is always read only, you have to provide
 * 	 CRYPT_ACTIVATE_READONLY flag always.
+ * @note For TCRYPT the volume key should be always NULL and because master
+ * 	 key from decrypted header is used instead.
 */
 int crypt_activate_by_volume_key(struct crypt_device *cd,
 	const char *name,
@@ -802,6 +853,9 @@ int crypt_deactivate(struct crypt_device *cd, const char *name);
 * @param passphrase_size size of @e passphrase
 *
 * @return unlocked key slot number or negative errno otherwise.
+ *
+ * @note For TCRYPT cipher chain is  the volume key concatenated
+ * 	 for all ciphers in chain.
 */
 int crypt_volume_key_get(struct crypt_device *cd,
 	int keyslot,
@@ -824,7 +878,7 @@ int crypt_volume_key_verify(struct crypt_device *cd,
 	size_t volume_key_size);

 /**
- * @defgroup devstat "Crypt and Verity device status"
+ * @defgroup devstat Crypt and Verity device status
 * @addtogroup devstat
 * @{
 */
@@ -942,6 +996,63 @@ int crypt_get_verity_info(struct crypt_device *cd,
 	struct crypt_params_verity *vp);
 /** @} */

+/**
+ * @defgroup benchmark Benchmarking
+ *
+ * Benchmarking of algorithms
+ *
+ * @addtogroup benchmark
+ * @{
+ *
+ */
+
+/**
+ * Informational benchmark for ciphers
+ *
+ * @param cd crypt device handle
+ * @param cipher (e.g. "aes")
+ * @param cipher_mode (e.g. "xts"), IV generator is ignored
+ * @param volume_key_size size of volume key in bytes
+ * @param iv_size size of IV in bytes
+ * @param buffer_size size of encryption buffer in bytes used in test
+ * @param encryption_mbs measured encryption speed in MiB/s
+ * @param decryption_mbs measured decryption speed in MiB/s
+ *
+ * @return @e 0 on success or negative errno value otherwise.
+ */
+int crypt_benchmark(struct crypt_device *cd,
+	const char *cipher,
+	const char *cipher_mode,
+	size_t volume_key_size,
+	size_t iv_size,
+	size_t buffer_size,
+	double *encryption_mbs,
+	double *decryption_mbs);
+
+/**
+ * Informational benchmark for KDF
+ *
+ * @param cd crypt device handle
+ * @param kdf Key derivation function (e.g. "pbkdf2")
+ * @param hash Hash algorithm used in KDF (e.g. "sha256")
+ * @param password password for benchmark
+ * @param password_size size of password
+ * @param salt salt for benchmark
+ * @param salt_size size of salt
+ * @param iterations_sec returns measured KDF iterations per second
+ *
+ * @return @e 0 on success or negative errno value otherwise.
+ */
+int crypt_benchmark_kdf(struct crypt_device *cd,
+	const char *kdf,
+	const char *hash,
+	const char *password,
+	size_t password_size,
+	const char *salt,
+	size_t salt_size,
+	uint64_t *iterations_sec);
+/** @} */
+
 /**
 * @addtogroup keyslot
 * @{
@@ -972,6 +1083,32 @@ typedef enum {
 crypt_keyslot_info crypt_keyslot_status(struct crypt_device *cd, int keyslot);
 /** @} */

+/**
+ * Get number of keyslots supported for device type.
+ *
+ * @param type crypt device type
+ *
+ * @return slot count or negative errno otherwise if device
+ * doesn't not support keyslots.
+ */
+int crypt_keyslot_max(const char *type);
+
+/**
+ * Get keyslot area pointers (relative to metadata device)
+ *
+ * @param cd crypt device handle
+ * @param keyslot keyslot number
+ * @param offset offset on metadata device (in bytes)
+ * @param length length of keyslot area (in bytes)
+ *
+ * @return @e 0 on success or negative errno value otherwise.
+ *
+ */
+int crypt_keyslot_area(struct crypt_device *cd,
+	int keyslot,
+	uint64_t *offset,
+	uint64_t *length);
+
 /**
 * Backup header and keyslots to file
 *
@@ -1032,7 +1169,7 @@ void crypt_get_error(char *buf, size_t size);
 const char *crypt_get_dir(void);

 /**
- * @defgroup dbg "Library debug level"
+ * @defgroup dbg Library debug level
 *
 * Set library debug level
 *
--- a/lib/libcryptsetup.sym
+++ b/lib/libcryptsetup.sym
@@ -26,6 +26,7 @@ CRYPTSETUP_1.0 {
 		crypt_free;

 		crypt_keyslot_add_by_passphrase;
+		crypt_keyslot_change_by_passphrase;
 		crypt_keyslot_add_by_keyfile;
 		crypt_keyslot_add_by_keyfile_offset;
 		crypt_keyslot_add_by_volume_key;
@@ -39,6 +40,8 @@ CRYPTSETUP_1.0 {
 		crypt_volume_key_verify;
 		crypt_status;
 		crypt_dump;
+		crypt_benchmark;
+		crypt_benchmark_kdf;
 		crypt_get_cipher;
 		crypt_get_cipher_mode;
 		crypt_get_uuid;
@@ -55,6 +58,7 @@ CRYPTSETUP_1.0 {
 		crypt_get_rng_type;

 		crypt_keyslot_max;
+		crypt_keyslot_area;
 		crypt_keyslot_status;
 		crypt_last_error;
 		crypt_get_error;
--- a/lib/libdevmapper.c
+++ b/lib/libdevmapper.c
@@ -4,10 +4,12 @@
 * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
 * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
 * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -38,10 +40,11 @@

 /* Set if dm-crypt version was probed */
 static int _dm_crypt_checked = 0;
+static int _quiet_log = 0;
 static uint32_t _dm_crypt_flags = 0;

-static int _dm_use_count = 0;
 static struct crypt_device *_context = NULL;
+static int _dm_use_count = 0;

 /* Check if we have DM flag to instruct kernel to force wipe buffers */
 #if !HAVE_DECL_DM_TASK_SECURE_DATA
@@ -81,11 +84,14 @@ static void set_dm_error(int level,

 	va_start(va, f);
 	if (vasprintf(&msg, f, va) > 0) {
-		if (level < 4) {
+		if (level < 4 && !_quiet_log) {
 			log_err(_context, msg);
 			log_err(_context, "\n");
-		} else
-			log_dbg(msg);
+		} else {
+			/* We do not use DM visual stack backtrace here */
+			if (strncmp(msg, "<backtrace>", 11))
+				log_dbg(msg);
+		}
 	}
 	free(msg);
 	va_end(va);
@@ -142,23 +148,23 @@ static int _dm_check_versions(void)
 	struct dm_task *dmt;
 	struct dm_versions *target, *last_target;
 	char dm_version[16];
+	int r = 0;

 	if (_dm_crypt_checked)
 		return 1;

+	/* Shut up DM while checking */
+	_quiet_log = 1;
+
 	/* FIXME: add support to DM so it forces crypt target module load here */
 	if (!(dmt = dm_task_create(DM_DEVICE_LIST_VERSIONS)))
-		return 0;
+		goto out;

-	if (!dm_task_run(dmt)) {
-		dm_task_destroy(dmt);
-		return 0;
-	}
+	if (!dm_task_run(dmt))
+		goto out;

-	if (!dm_task_get_driver_version(dmt, dm_version, sizeof(dm_version))) {
-		dm_task_destroy(dmt);
-		return 0;
-	}
+	if (!dm_task_get_driver_version(dmt, dm_version, sizeof(dm_version)))
+		goto out;

 	target = dm_task_get_versions(dmt);
 	do {
@@ -177,52 +183,67 @@ static int _dm_check_versions(void)
 		target = (struct dm_versions *)((char *) target + target->next);
 	} while (last_target != target);

-	dm_task_destroy(dmt);
-	return 1;
+	r = 1;
+	log_dbg("Device-mapper backend running with UDEV support %sabled.",
+		_dm_use_udev() ? "en" : "dis");
+out:
+	if (dmt)
+		dm_task_destroy(dmt);
+
+	_quiet_log = 0;
+	return r;
 }

 uint32_t dm_flags(void)
 {
-	if (!_dm_crypt_checked)
-		_dm_check_versions();
-
+	_dm_check_versions();
 	return _dm_crypt_flags;
 }

-int dm_init(struct crypt_device *context, int check_kernel)
+/* This doesn't run any kernel checks, just set up userspace libdevmapper */
+void dm_backend_init(void)
 {
 	if (!_dm_use_count++) {
-		log_dbg("Initialising device-mapper backend%s, UDEV is %sabled.",
-			check_kernel ? "" : " (NO kernel check requested)",
-			_dm_use_udev() ? "en" : "dis");
-		if (check_kernel && !_dm_check_versions()) {
-			log_err(context, _("Cannot initialize device-mapper. Is dm_mod kernel module loaded?\n"));
-			return -1;
-		}
-		if (getuid() || geteuid())
-			log_dbg(("WARNING: Running as a non-root user. Functionality may be unavailable."));
+		log_dbg("Initialising device-mapper backend library.");
 		dm_log_init(set_dm_error);
 		dm_log_init_verbose(10);
 	}
-
-	// FIXME: global context is not safe
-	if (context)
-		_context = context;
-
-	return 1;	/* unsafe memory */
 }

-void dm_exit(void)
+void dm_backend_exit(void)
 {
 	if (_dm_use_count && (!--_dm_use_count)) {
 		log_dbg("Releasing device-mapper backend.");
 		dm_log_init_verbose(0);
 		dm_log_init(NULL);
 		dm_lib_release();
-		_context = NULL;
 	}
 }

+/*
+ * libdevmapper is not context friendly, switch context on every DM call.
+ * FIXME: this is not safe if called in parallel but neither is DM lib.
+ */
+static int dm_init_context(struct crypt_device *cd)
+{
+	_context = cd;
+	if (!_dm_check_versions()) {
+		if (getuid() || geteuid())
+			log_err(cd, _("Cannot initialize device-mapper, "
+				      "running as non-root user.\n"));
+		else
+			log_err(cd, _("Cannot initialize device-mapper. "
+				      "Is dm_mod kernel module loaded?\n"));
+		_context = NULL;
+		return -ENOTSUP;
+	}
+	return 0;
+}
+static void dm_exit_context(void)
+{
+	_context = NULL;
+}
+
 /* Return path to DM device */
 char *dm_device_path(const char *prefix, int major, int minor)
 {
@@ -287,14 +308,16 @@ static char *get_dm_crypt_params(struct crypt_dm_active_device *dmd)
 		hex_key(hexkey, dmd->u.crypt.vk->keylength, dmd->u.crypt.vk->key);

 	max_size = strlen(hexkey) + strlen(dmd->u.crypt.cipher) +
-		   strlen(dmd->data_device) + strlen(features) + 64;
+		   strlen(device_block_path(dmd->data_device)) +
+		   strlen(features) + 64;
 	params = crypt_safe_alloc(max_size);
 	if (!params)
 		goto out;

 	r = snprintf(params, max_size, "%s %s %" PRIu64 " %s %" PRIu64 "%s",
 		     dmd->u.crypt.cipher, hexkey, dmd->u.crypt.iv_offset,
-		     dmd->data_device, dmd->u.crypt.offset, features);
+		     device_block_path(dmd->data_device), dmd->u.crypt.offset,
+		     features);
 	if (r < 0 || r >= max_size) {
 		crypt_safe_free(params);
 		params = NULL;
@@ -328,8 +351,8 @@ static char *get_dm_verity_params(struct crypt_params_verity *vp,
 		strncpy(hexsalt, "-", 2);

 	max_size = strlen(hexroot) + strlen(hexsalt) +
-		   strlen(dmd->data_device) +
-		   strlen(dmd->u.verity.hash_device) +
+		   strlen(device_block_path(dmd->data_device)) +
+		   strlen(device_block_path(dmd->u.verity.hash_device)) +
 		   strlen(vp->hash_name) + 128;

 	params = crypt_safe_alloc(max_size);
@@ -338,8 +361,8 @@ static char *get_dm_verity_params(struct crypt_params_verity *vp,

 	r = snprintf(params, max_size,
 		     "%u %s %s %u %u %" PRIu64 " %" PRIu64 " %s %s %s",
-		     vp->hash_type, dmd->data_device,
-		     dmd->u.verity.hash_device,
+		     vp->hash_type, device_block_path(dmd->data_device),
+		     device_block_path(dmd->u.verity.hash_device),
 		     vp->data_block_size, vp->hash_block_size,
 		     vp->data_size, dmd->u.verity.hash_offset,
 		     vp->hash_name, hexroot, hexsalt);
@@ -423,7 +446,8 @@ error:
 	return r;
 }

-int dm_remove_device(const char *name, int force, uint64_t size)
+int dm_remove_device(struct crypt_device *cd, const char *name,
+		     int force, uint64_t size)
 {
 	int r = -EINVAL;
 	int retries = force ? RETRY_COUNT : 1;
@@ -432,6 +456,9 @@ int dm_remove_device(const char *name, int force, uint64_t size)
 	if (!name || (force && !size))
 		return -EINVAL;

+	if (dm_init_context(cd))
+		return -ENOTSUP;
+
 	do {
 		r = _dm_simple(DM_DEVICE_REMOVE, name, 1) ? 0 : -EINVAL;
 		if (--retries && r) {
@@ -454,6 +481,7 @@ int dm_remove_device(const char *name, int force, uint64_t size)
 	} while (r == -EINVAL && retries);

 	dm_task_update_nodes();
+	dm_exit_context();

 	return r;
 }
@@ -465,14 +493,19 @@ int dm_remove_device(const char *name, int force, uint64_t size)
 * CRYPT-LUKS1-00000000000000000000000000000000-name
 * CRYPT-TEMP-name
 */
-static void dm_prepare_uuid(const char *name, const char *type, const char *uuid, char *buf, size_t buflen)
+static int dm_prepare_uuid(const char *name, const char *type, const char *uuid, char *buf, size_t buflen)
 {
 	char *ptr, uuid2[UUID_LEN] = {0};
 	uuid_t uu;
 	unsigned i = 0;

 	/* Remove '-' chars */
-	if (uuid && !uuid_parse(uuid, uu)) {
+	if (uuid) {
+		if (uuid_parse(uuid, uu) < 0) {
+			log_dbg("Requested UUID %s has invalid format.", uuid);
+			return -EINVAL;
+		}
+
 		for (ptr = uuid2, i = 0; i < UUID_LEN; i++)
 			if (uuid[i] != '-') {
 				*ptr = uuid[i];
@@ -488,10 +521,12 @@ static void dm_prepare_uuid(const char *name, const char *type, const char *uuid
 	log_dbg("DM-UUID is %s", buf);
 	if (i >= buflen)
 		log_err(NULL, _("DM-UUID for device %s was truncated.\n"), name);
+
+	return 0;
 }

 static int _dm_create_device(const char *name, const char *type,
-			     const char *device, uint32_t flags,
+			     struct device *device, uint32_t flags,
 			     const char *uuid, uint64_t size,
 			     char *params, int reload)
 {
@@ -514,7 +549,9 @@ static int _dm_create_device(const char *name, const char *type,
 		if (!dm_task_set_name(dmt, name))
 			goto out_no_removal;
 	} else {
-		dm_prepare_uuid(name, type, uuid, dev_uuid, sizeof(dev_uuid));
+		r = dm_prepare_uuid(name, type, uuid, dev_uuid, sizeof(dev_uuid));
+		if (r < 0)
+			return r;

 		if (!(dmt = dm_task_create(DM_DEVICE_CREATE)))
 			goto out_no_removal;
@@ -572,7 +609,7 @@ out:
 	}

 	if (r < 0 && !reload)
-		dm_remove_device(name, 0, 0);
+		_dm_simple(DM_DEVICE_REMOVE, name, 1);

 out_no_removal:
 	if (cookie && _dm_use_udev())
@@ -587,23 +624,31 @@ out_no_removal:
 	return r;
 }

-int dm_create_device(const char *name,
+int dm_create_device(struct crypt_device *cd, const char *name,
 		     const char *type,
 		     struct crypt_dm_active_device *dmd,
 		     int reload)
 {
 	char *table_params = NULL;
+	int r = -EINVAL;
+
+	if (!type)
+		return -EINVAL;
+
+	if (dm_init_context(cd))
+		return -ENOTSUP;

 	if (dmd->target == DM_CRYPT)
 		table_params = get_dm_crypt_params(dmd);
 	else if (dmd->target == DM_VERITY)
 		table_params = get_dm_verity_params(dmd->u.verity.vp, dmd);

-	if (!table_params || !type)
-		return -EINVAL;
-
-	return _dm_create_device(name, type, dmd->data_device, dmd->flags,
-				 dmd->uuid, dmd->size, table_params, reload);
+	if (table_params)
+		r = _dm_create_device(name, type, dmd->data_device,
+				      dmd->flags, dmd->uuid, dmd->size,
+				      table_params, reload);
+	dm_exit_context();
+	return r;
 }

 static int dm_status_dmi(const char *name, struct dm_info *dmi,
@@ -656,31 +701,45 @@ out:
 	return r;
 }

-int dm_status_device(const char *name)
+int dm_status_device(struct crypt_device *cd, const char *name)
 {
 	int r;
 	struct dm_info dmi;
+	struct stat st;

+	/* libdevmapper is too clever and handles
+	 * path argument differenly with error.
+	 * Fail early here if parameter is non-existent path.
+	 */
+	if (strchr(name, '/') && stat(name, &st) < 0)
+		return -ENODEV;
+
+	if (dm_init_context(cd))
+		return -ENOTSUP;
 	r = dm_status_dmi(name, &dmi, NULL, NULL);
+	dm_exit_context();
 	if (r < 0)
 		return r;

 	return (dmi.open_count > 0);
 }

-int dm_status_suspended(const char *name)
+int dm_status_suspended(struct crypt_device *cd, const char *name)
 {
 	int r;
 	struct dm_info dmi;

+	if (dm_init_context(cd))
+		return -ENOTSUP;
 	r = dm_status_dmi(name, &dmi, DM_CRYPT_TARGET, NULL);
+	dm_exit_context();
 	if (r < 0)
 		return r;

 	return dmi.suspended ? 1 : 0;
 }

-int dm_status_verity_ok(const char *name)
+static int _dm_status_verity_ok(const char *name)
 {
 	int r;
 	struct dm_info dmi;
@@ -699,6 +758,17 @@ int dm_status_verity_ok(const char *name)
 	return r;
 }

+int dm_status_verity_ok(struct crypt_device *cd, const char *name)
+{
+	int r;
+
+	if (dm_init_context(cd))
+		return -ENOTSUP;
+	r = _dm_status_verity_ok(name);
+	dm_exit_context();
+	return r;
+}
+
 /* FIXME use hex wrapper, user val wrappers for line parsing */
 static int _dm_query_crypt(uint32_t get_flags,
 			   struct dm_info *dmi,
@@ -708,6 +778,7 @@ static int _dm_query_crypt(uint32_t get_flags,
 	uint64_t val64;
 	char *rcipher, *key_, *rdevice, *endp, buffer[3], *arg;
 	unsigned int i;
+	int r;

 	memset(dmd, 0, sizeof(*dmd));
 	dmd->target = DM_CRYPT;
@@ -730,8 +801,13 @@ static int _dm_query_crypt(uint32_t get_flags,

 	/* device */
 	rdevice = strsep(&params, " ");
-	if (get_flags & DM_ACTIVE_DEVICE)
-		dmd->data_device = crypt_lookup_dev(rdevice);
+	if (get_flags & DM_ACTIVE_DEVICE) {
+		arg = crypt_lookup_dev(rdevice);
+		r = device_alloc(&dmd->data_device, arg);
+		free(arg);
+		if (r < 0 && r != -ENOTBLK)
+			return r;
+	}

 	/*offset */
 	if (!params)
@@ -805,6 +881,7 @@ static int _dm_query_verity(uint32_t get_flags,
 	uint64_t val64;
 	ssize_t len;
 	char *str, *str2;
+	int r;

 	if (get_flags & DM_ACTIVE_VERITY_PARAMS)
 		vp = dmd->u.verity.vp;
@@ -826,15 +903,25 @@ static int _dm_query_verity(uint32_t get_flags,
 	str = strsep(&params, " ");
 	if (!params)
 		return -EINVAL;
-	if (get_flags & DM_ACTIVE_DEVICE)
-		dmd->data_device = crypt_lookup_dev(str);
+	if (get_flags & DM_ACTIVE_DEVICE) {
+		str2 = crypt_lookup_dev(str);
+		r = device_alloc(&dmd->data_device, str2);
+		free(str2);
+		if (r < 0 && r != -ENOTBLK)
+			return r;
+	}

 	/* hash device */
 	str = strsep(&params, " ");
 	if (!params)
 		return -EINVAL;
-	if (get_flags & DM_ACTIVE_VERITY_HASH_DEVICE)
-		dmd->u.verity.hash_device = crypt_lookup_dev(str);
+	if (get_flags & DM_ACTIVE_VERITY_HASH_DEVICE) {
+		str2 = crypt_lookup_dev(str);
+		r = device_alloc(&dmd->u.verity.hash_device, str2);
+		free(str2);
+		if (r < 0 && r != -ENOTBLK)
+			return r;
+	}

 	/* data block size*/
 	val32 = strtoul(params, &params, 10);
@@ -907,8 +994,8 @@ static int _dm_query_verity(uint32_t get_flags,
 	return 0;
 }

-int dm_query_device(const char *name, uint32_t get_flags,
-		    struct crypt_dm_active_device *dmd)
+int dm_query_device(struct crypt_device *cd, const char *name,
+		    uint32_t get_flags, struct crypt_dm_active_device *dmd)
 {
 	struct dm_task *dmt;
 	struct dm_info dmi;
@@ -918,6 +1005,8 @@ int dm_query_device(const char *name, uint32_t get_flags,
 	void *next = NULL;
 	int r = -EINVAL;

+	if (dm_init_context(cd))
+		return -ENOTSUP;
 	if (!(dmt = dm_task_create(DM_DEVICE_TABLE)))
 		goto out;
 	if ((dm_flags() & DM_SECURE_SUPPORTED) && !dm_task_secure_data(dmt))
@@ -949,7 +1038,7 @@ int dm_query_device(const char *name, uint32_t get_flags,
 		r = _dm_query_verity(get_flags, &dmi, params, dmd);
 		if (r < 0)
 			goto out;
-		r = dm_status_verity_ok(name);
+		r = _dm_status_verity_ok(name);
 		if (r < 0)
 			goto out;
 		if (r == 0)
@@ -979,6 +1068,7 @@ out:
 	if (dmt)
 		dm_task_destroy(dmt);

+	dm_exit_context();
 	return r;
 }

@@ -1009,52 +1099,63 @@ static int _dm_message(const char *name, const char *msg)
 	return r;
 }

-int dm_suspend_and_wipe_key(const char *name)
+int dm_suspend_and_wipe_key(struct crypt_device *cd, const char *name)
 {
-	if (!_dm_check_versions())
+	int r = -ENOTSUP;
+
+	if (dm_init_context(cd))
 		return -ENOTSUP;

 	if (!(_dm_crypt_flags & DM_KEY_WIPE_SUPPORTED))
-		return -ENOTSUP;
+		goto out;

-	if (!_dm_simple(DM_DEVICE_SUSPEND, name, 0))
-		return -EINVAL;
+	if (!_dm_simple(DM_DEVICE_SUSPEND, name, 0)) {
+		r = -EINVAL;
+		goto out;
+	}

 	if (!_dm_message(name, "key wipe")) {
 		_dm_simple(DM_DEVICE_RESUME, name, 1);
-		return -EINVAL;
+		r = -EINVAL;
+		goto out;
 	}
-
-	return 0;
+	r = 0;
+out:
+	dm_exit_context();
+	return r;
 }

-int dm_resume_and_reinstate_key(const char *name,
-				size_t key_size,
-				const char *key)
+int dm_resume_and_reinstate_key(struct crypt_device *cd, const char *name,
+				size_t key_size, const char *key)
 {
 	int msg_size = key_size * 2 + 10; // key set <key>
-	char *msg;
-	int r = 0;
+	char *msg = NULL;
+	int r = -ENOTSUP;

-	if (!_dm_check_versions())
+	if (dm_init_context(cd))
 		return -ENOTSUP;

 	if (!(_dm_crypt_flags & DM_KEY_WIPE_SUPPORTED))
-		return -ENOTSUP;
+		goto out;

 	msg = crypt_safe_alloc(msg_size);
-	if (!msg)
-		return -ENOMEM;
+	if (!msg) {
+		r = -ENOMEM;
+		goto out;
+	}

-	memset(msg, 0, msg_size);
 	strcpy(msg, "key set ");
 	hex_key(&msg[8], key_size, key);

 	if (!_dm_message(name, msg) ||
-	    !_dm_simple(DM_DEVICE_RESUME, name, 1))
+	    !_dm_simple(DM_DEVICE_RESUME, name, 1)) {
 		r = -EINVAL;
-
+		goto out;
+	}
+	r = 0;
+out:
 	crypt_safe_free(msg);
+	dm_exit_context();
 	return r;
 }

@@ -1072,27 +1173,3 @@ int dm_is_dm_kernel_name(const char *name)
 {
 	return strncmp(name, "dm-", 3) ? 0 : 1;
 }
-
-int dm_check_segment(const char *name, uint64_t offset, uint64_t size)
-{
-	struct crypt_dm_active_device dmd;
-	int r;
-
-	log_dbg("Checking segments for device %s.", name);
-
-	r = dm_query_device(name, 0, &dmd);
-	if (r < 0)
-		return r;
-
-	if (offset >= (dmd.u.crypt.offset + dmd.size) ||
-	   (offset + size) <= dmd.u.crypt.offset)
-		r = 0;
-	else
-		r = -EBUSY;
-
-	log_dbg("seg: %" PRIu64 " - %" PRIu64 ", new %" PRIu64 " - %" PRIu64 "%s",
-	       dmd.u.crypt.offset, dmd.u.crypt.offset + dmd.size, offset, offset + size,
-	       r ? " (overlapping)" : " (ok)");
-
-	return r;
-}
--- a/lib/loopaes/Makefile.am
+++ b/lib/loopaes/Makefile.am
@@ -8,7 +8,7 @@ libloopaes_la_SOURCES = \
 	loopaes.c \
 	loopaes.h

-INCLUDES = -D_GNU_SOURCE			\
+AM_CPPFLAGS = -D_GNU_SOURCE			\
 	-D_LARGEFILE64_SOURCE                   \
 	-D_FILE_OFFSET_BITS=64                  \
        -I$(top_srcdir)/lib			\
--- a/lib/loopaes/loopaes.c
+++ b/lib/loopaes/loopaes.c
@@ -2,18 +2,20 @@
 * loop-AES compatible volume handling
 *
 * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2013, Milan Broz
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

@@ -73,16 +75,16 @@ static int hash_keys(struct crypt_device *cd,
 		     const char *hash_override,
 		     const char **input_keys,
 		     unsigned int keys_count,
-		     unsigned int key_len_output)
+		     unsigned int key_len_output,
+		     unsigned int key_len_input)
 {
 	const char *hash_name;
 	char tweak, *key_ptr;
-	unsigned i, key_len_input;
+	unsigned int i;
 	int r;

 	hash_name = hash_override ?: get_hash(key_len_output);
 	tweak = get_tweak(keys_count);
-	key_len_input = strlen(input_keys[0]);

 	if (!keys_count || !key_len_output || !hash_name || !key_len_input) {
 		log_err(cd, _("Key processing error (using hash %s).\n"),
@@ -132,7 +134,8 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
 			  size_t buffer_len)
 {
 	const char *keys[LOOPAES_KEYS_MAX];
-	unsigned i, key_index, key_len, offset;
+	unsigned int key_lengths[LOOPAES_KEYS_MAX];
+	unsigned int i, key_index, key_len, offset;

 	log_dbg("Parsing loop-AES keyfile of size %d.", buffer_len);

@@ -152,33 +155,45 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,

 	offset = 0;
 	key_index = 0;
+	key_lengths[0] = 0;
 	while (offset < buffer_len && key_index < LOOPAES_KEYS_MAX) {
-		keys[key_index++] = &buffer[offset];
-		while (offset < buffer_len && buffer[offset])
+		keys[key_index] = &buffer[offset];
+		key_lengths[key_index] = 0;;
+		while (offset < buffer_len && buffer[offset]) {
 			offset++;
+			key_lengths[key_index]++;
+		}
+		if (offset == buffer_len) {
+			log_dbg("Unterminated key #%d in keyfile.", key_index);
+			log_err(cd, _("Incompatible loop-AES keyfile detected.\n"));
+			return -EINVAL;
+		}
 		while (offset < buffer_len && !buffer[offset])
 			offset++;
+		key_index++;
 	}

 	/* All keys must be the same length */
-	key_len = key_index ? strlen(keys[0]) : 0;
+	key_len = key_lengths[0];
 	for (i = 0; i < key_index; i++)
-		if (key_len != strlen(keys[i])) {
+		if (!key_lengths[i] || (key_lengths[i] != key_len)) {
 			log_dbg("Unexpected length %d of key #%d (should be %d).",
-				strlen(keys[i]), i, key_len);
+				key_lengths[i], i, key_len);
 			key_len = 0;
 			break;
 		}

-	log_dbg("Keyfile: %d keys of length %d.", key_index, key_len);
 	if (offset != buffer_len || key_len == 0 ||
 	   (key_index != 1 && key_index !=64 && key_index != 65)) {
 		log_err(cd, _("Incompatible loop-AES keyfile detected.\n"));
 		return -EINVAL;
 	}

+	log_dbg("Keyfile: %d keys of length %d.", key_index, key_len);
+
 	*keys_count = key_index;
-	return hash_keys(cd, vk, hash, keys, key_index, crypt_get_volume_key_size(cd));
+	return hash_keys(cd, vk, hash, keys, key_index,
+			 crypt_get_volume_key_size(cd), key_len);
 }

 int LOOPAES_activate(struct crypt_device *cd,
@@ -193,10 +208,9 @@ int LOOPAES_activate(struct crypt_device *cd,
 	int r;
 	struct crypt_dm_active_device dmd = {
 		.target = DM_CRYPT,
-		.uuid   = crypt_get_uuid(cd),
 		.size   = 0,
 		.flags  = flags,
-		.data_device = crypt_get_device_name(cd),
+		.data_device = crypt_data_device(cd),
 		.u.crypt  = {
 			.cipher = NULL,
 			.vk     = vk,
@@ -205,9 +219,8 @@ int LOOPAES_activate(struct crypt_device *cd,
 		}
 	};

-
-	r = device_check_and_adjust(cd, dmd.data_device, DEV_EXCL,
-				    &dmd.size, &dmd.u.crypt.offset, &flags);
+	r = device_block_adjust(cd, dmd.data_device, DEV_EXCL,
+				dmd.u.crypt.offset, &dmd.size, &dmd.flags);
 	if (r)
 		return r;

@@ -225,9 +238,9 @@ int LOOPAES_activate(struct crypt_device *cd,
 	log_dbg("Trying to activate loop-AES device %s using cipher %s.",
 		name, dmd.u.crypt.cipher);

-	r = dm_create_device(name, CRYPT_LOOPAES, &dmd, 0);
+	r = dm_create_device(cd, name, CRYPT_LOOPAES, &dmd, 0);

-	if (!r && !(dm_flags() & req_flags)) {
+	if (r < 0 && !(dm_flags() & req_flags)) {
 		log_err(cd, _("Kernel doesn't support loop-AES compatible mapping.\n"));
 		r = -ENOTSUP;
 	}
--- a/lib/loopaes/loopaes.h
+++ b/lib/loopaes/loopaes.h
@@ -2,18 +2,20 @@
 * loop-AES compatible volume handling
 *
 * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2013, Milan Broz
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

--- a/lib/luks1/Makefile.am
+++ b/lib/luks1/Makefile.am
@@ -6,14 +6,12 @@ libluks1_la_CFLAGS = -Wall @CRYPTO_CFLAGS@

 libluks1_la_SOURCES = \
 	af.c \
-	pbkdf.c \
 	keymanage.c \
 	keyencryption.c \
-	pbkdf.h \
 	af.h \
 	luks.h

-INCLUDES = -D_GNU_SOURCE			\
+AM_CPPFLAGS = -D_GNU_SOURCE			\
 	-D_LARGEFILE64_SOURCE                   \
 	-D_FILE_OFFSET_BITS=64                  \
        -I$(top_srcdir)/lib			\
--- a/lib/luks1/af.c
+++ b/lib/luks1/af.c
@@ -9,7 +9,8 @@
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -66,9 +67,14 @@ out:

 static int diffuse(char *src, char *dst, size_t size, const char *hash_name)
 {
-	unsigned int digest_size = crypt_hash_size(hash_name);
+	int hash_size = crypt_hash_size(hash_name);
+	unsigned int digest_size;
 	unsigned int i, blocks, padding;

+	if (hash_size <= 0)
+		return 1;
+	digest_size = hash_size;
+
 	blocks = size / digest_size;
 	padding = size % digest_size;

@@ -141,3 +147,17 @@ out:
 	free(bufblock);
 	return r;
 }
+
+/* Size of final split data including sector alignment */
+size_t AF_split_sectors(size_t blocksize, unsigned int blocknumbers)
+{
+	size_t af_size;
+
+	/* data material * stripes */
+	af_size = blocksize * blocknumbers;
+
+	/* round up to sector */
+	af_size = (af_size + (SECTOR_SIZE - 1)) / SECTOR_SIZE;
+
+	return af_size;
+}
--- a/lib/luks1/af.h
+++ b/lib/luks1/af.h
@@ -9,7 +9,8 @@
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -38,5 +39,6 @@

 int AF_split(char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash);
 int AF_merge(char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash);
+size_t AF_split_sectors(size_t blocksize, unsigned int blocknumbers);

 #endif
--- a/lib/luks1/keyencryption.c
+++ b/lib/luks1/keyencryption.c
@@ -6,7 +6,8 @@
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,189 +19,123 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

-#include <string.h>
 #include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <inttypes.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/ioctl.h>
-#include <sys/mman.h>
-#include <sys/utsname.h>
 #include <fcntl.h>
-#include <unistd.h>
 #include <errno.h>
-#include <signal.h>
-
 #include "luks.h"
 #include "internal.h"

-#define div_round_up(a,b) ({          \
-	typeof(a) __a = (a);          \
-	typeof(b) __b = (b);          \
-	(__a - 1) / __b + 1;          \
-})
+static void _error_hint(struct crypt_device *ctx, const char *device,
+			const char *cipher_spec, const char *mode, size_t keyLength)
+{
+	log_err(ctx, _("Failed to setup dm-crypt key mapping for device %s.\n"
+			"Check that kernel supports %s cipher (check syslog for more info).\n"),
+			device, cipher_spec);

-static inline int round_up_modulo(int x, int m) {
-	return div_round_up(x, m) * m;
+	if (!strncmp(mode, "xts", 3) && (keyLength != 256 && keyLength != 512))
+		log_err(ctx, _("Key size in XTS mode must be 256 or 512 bits.\n"));
 }

-static const char *cleaner_name=NULL;
-static uint64_t cleaner_size = 0;
-static int devfd=-1;
-
-static int setup_mapping(const char *cipher, const char *name,
-			 const char *device,
-			 struct volume_key *vk,
-			 unsigned int sector, size_t srcLength,
-			 int mode, struct crypt_device *ctx)
+static int LUKS_endec_template(char *src, size_t srcLength,
+			       const char *cipher, const char *cipher_mode,
+			       struct volume_key *vk,
+			       unsigned int sector,
+			       ssize_t (*func)(int, int, void *, size_t),
+			       int mode,
+			       struct crypt_device *ctx)
 {
-	int device_sector_size = sector_size_for_device(device);
+	char name[PATH_MAX], path[PATH_MAX];
+	char cipher_spec[MAX_CIPHER_LEN * 3];
 	struct crypt_dm_active_device dmd = {
 		.target = DM_CRYPT,
 		.uuid   = NULL,
-		.size   = 0,
-		.flags  = 0,
-		.data_device = device,
+		.flags  = CRYPT_ACTIVATE_PRIVATE,
+		.data_device = crypt_metadata_device(ctx),
 		.u.crypt = {
-			.cipher = cipher,
+			.cipher = cipher_spec,
 			.vk     = vk,
 			.offset = sector,
 			.iv_offset = 0,
 		}
 	};
+	int r, bsize, devfd = -1;
+
+	bsize = device_block_size(dmd.data_device);
+	if (bsize <= 0)
+		return -EINVAL;
+
+	dmd.size = size_round_up(srcLength, bsize) / SECTOR_SIZE;

-	dmd.flags = CRYPT_ACTIVATE_PRIVATE;
 	if (mode == O_RDONLY)
 		dmd.flags |= CRYPT_ACTIVATE_READONLY;
-	/*
-	 * we need to round this to nearest multiple of the underlying
-	 * device's sector size, otherwise the mapping will be refused.
-	 */
-	if(device_sector_size < 0) {
-		log_err(ctx, _("Unable to obtain sector size for %s"), device);
-		return -EINVAL;
+
+	if (snprintf(name, sizeof(name), "temporary-cryptsetup-%d", getpid()) < 0)
+		return -ENOMEM;
+	if (snprintf(path, sizeof(path), "%s/%s", dm_get_dir(), name) < 0)
+		return -ENOMEM;
+	if (snprintf(cipher_spec, sizeof(cipher_spec), "%s-%s", cipher, cipher_mode) < 0)
+		return -ENOMEM;
+
+	r = device_block_adjust(ctx, dmd.data_device, DEV_OK,
+				dmd.u.crypt.offset, &dmd.size, &dmd.flags);
+	if (r < 0) {
+		log_err(ctx, _("Device %s doesn't exist or access denied.\n"),
+			device_path(dmd.data_device));
+		return -EIO;
 	}

-	dmd.size = round_up_modulo(srcLength,device_sector_size)/SECTOR_SIZE;
-	cleaner_size = dmd.size;
-
-	return dm_create_device(name, "TEMP", &dmd, 0);
-}
-
-static void sigint_handler(int sig __attribute__((unused)))
-{
-	if(devfd >= 0)
-		close(devfd);
-	devfd = -1;
-	if(cleaner_name)
-		dm_remove_device(cleaner_name, 1, cleaner_size);
-
-	signal(SIGINT, SIG_DFL);
-	kill(getpid(), SIGINT);
-}
-
-static const char *_error_hint(char *cipherMode, size_t keyLength)
-{
-	const char *hint= "";
-
-	if (!strncmp(cipherMode, "xts", 3) && (keyLength != 256 && keyLength != 512))
-		hint = _("Key size in XTS mode must be 256 or 512 bits.\n");
-
-	return hint;
-}
-
-/* This function is not reentrant safe, as it installs a signal
-   handler and global vars for cleaning */
-static int LUKS_endec_template(char *src, size_t srcLength,
-			       struct luks_phdr *hdr,
-			       struct volume_key *vk,
-			       const char *device,
-			       unsigned int sector,
-			       ssize_t (*func)(int, void *, size_t),
-			       int mode,
-			       struct crypt_device *ctx)
-{
-	char *name = NULL;
-	char *fullpath = NULL;
-	char *dmCipherSpec = NULL;
-	const char *dmDir = dm_get_dir();
-	int r = -1;
-
-	if(dmDir == NULL) {
-		log_err(ctx, _("Failed to obtain device mapper directory."));
-		return -1;
-	}
-	if(asprintf(&name,"temporary-cryptsetup-%d",getpid())               == -1 ||
-	   asprintf(&fullpath,"%s/%s",dmDir,name)                           == -1 ||
-	   asprintf(&dmCipherSpec,"%s-%s",hdr->cipherName, hdr->cipherMode) == -1) {
-	        r = -ENOMEM;
-		goto out1;
-        }
-
-	signal(SIGINT, sigint_handler);
-	cleaner_name = name;
-
-	r = setup_mapping(dmCipherSpec, name, device,
-			  vk, sector, srcLength, mode, ctx);
-	if(r < 0) {
-		log_err(ctx, _("Failed to setup dm-crypt key mapping for device %s.\n"
-			"Check that kernel supports %s cipher (check syslog for more info).\n%s"),
-			device, dmCipherSpec,
-			_error_hint(hdr->cipherMode, vk->keylength * 8));
-		r = -EIO;
-		goto out1;
+	if (mode != O_RDONLY && dmd.flags & CRYPT_ACTIVATE_READONLY) {
+		log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+			device_path(dmd.data_device));
+		return -EACCES;
 	}

-	devfd = open(fullpath, mode | O_DIRECT | O_SYNC);  /* devfd is a global var */
-	if(devfd == -1) {
+	r = dm_create_device(ctx, name, "TEMP", &dmd, 0);
+	if (r < 0) {
+		if (r != -EACCES && r != -ENOTSUP)
+			_error_hint(ctx, device_path(dmd.data_device),
+				    cipher_spec, cipher_mode, vk->keylength * 8);
+		return -EIO;
+	}
+
+	devfd = open(path, mode | O_DIRECT | O_SYNC);
+	if (devfd == -1) {
 		log_err(ctx, _("Failed to open temporary keystore device.\n"));
 		r = -EIO;
-		goto out2;
+		goto out;
 	}

-	r = func(devfd,src,srcLength);
-	if(r < 0) {
+	r = func(devfd, bsize, src, srcLength);
+	if (r < 0) {
 		log_err(ctx, _("Failed to access temporary keystore device.\n"));
 		r = -EIO;
-		goto out3;
-	}
-
-	r = 0;
- out3:
-	close(devfd);
-	devfd = -1;
- out2:
-	dm_remove_device(cleaner_name, 1, cleaner_size);
- out1:
-	signal(SIGINT, SIG_DFL);
-	cleaner_name = NULL;
-	cleaner_size = 0;
-	free(dmCipherSpec);
-	free(fullpath);
-	free(name);
+	} else
+		r = 0;
+ out:
+	if(devfd != -1)
+		close(devfd);
+	dm_remove_device(ctx, name, 1, dmd.size);
 	return r;
 }

 int LUKS_encrypt_to_storage(char *src, size_t srcLength,
-			    struct luks_phdr *hdr,
+			    const char *cipher,
+			    const char *cipher_mode,
 			    struct volume_key *vk,
-			    const char *device,
 			    unsigned int sector,
 			    struct crypt_device *ctx)
 {
-	return LUKS_endec_template(src,srcLength,hdr,vk, device,
-				   sector, write_blockwise, O_RDWR, ctx);
+	return LUKS_endec_template(src, srcLength, cipher, cipher_mode,
+				   vk, sector, write_blockwise, O_RDWR, ctx);
 }

 int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
-			      struct luks_phdr *hdr,
+			      const char *cipher,
+			      const char *cipher_mode,
 			      struct volume_key *vk,
-			      const char *device,
 			      unsigned int sector,
 			      struct crypt_device *ctx)
 {
-	return LUKS_endec_template(dst,dstLength,hdr,vk, device,
-				   sector, read_blockwise, O_RDONLY, ctx);
+	return LUKS_endec_template(dst, dstLength, cipher, cipher_mode,
+				   vk, sector, read_blockwise, O_RDONLY, ctx);
 }
--- a/lib/luks1/keymanage.c
+++ b/lib/luks1/keymanage.c
@@ -6,7 +6,8 @@
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -33,46 +34,49 @@

 #include "luks.h"
 #include "af.h"
-#include "pbkdf.h"
 #include "internal.h"

-#define div_round_up(a,b) ({           \
-	typeof(a) __a = (a);          \
-	typeof(b) __b = (b);          \
-	(__a - 1) / __b + 1;        \
-})
-
-static inline int round_up_modulo(int x, int m) {
-	return div_round_up(x, m) * m;
-}
-
-/* Get size of struct luks_phrd with all keyslots material space */
-static uint64_t LUKS_device_sectors(size_t keyLen)
+/* Get size of struct luks_phdr with all keyslots material space */
+static size_t LUKS_device_sectors(size_t keyLen)
 {
-	uint64_t keyslot_sectors, sector;
+	size_t keyslot_sectors, sector;
 	int i;

-	keyslot_sectors = div_round_up(keyLen * LUKS_STRIPES, SECTOR_SIZE);
-	sector = round_up_modulo(LUKS_PHDR_SIZE, LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
+	keyslot_sectors = AF_split_sectors(keyLen, LUKS_STRIPES);
+	sector = LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE;

 	for (i = 0; i < LUKS_NUMKEYS; i++) {
-		sector = round_up_modulo(sector, LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
+		sector = size_round_up(sector, LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
 		sector += keyslot_sectors;
 	}

 	return sector;
 }

-static int LUKS_check_device_size(struct crypt_device *ctx, const char *device,
-				  size_t keyLength)
+int LUKS_keyslot_area(struct luks_phdr *hdr,
+	int keyslot,
+	uint64_t *offset,
+	uint64_t *length)
 {
+	if(keyslot >= LUKS_NUMKEYS || keyslot < 0)
+		return -EINVAL;
+
+	*offset = hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE;
+	*length = AF_split_sectors(hdr->keyBytes, LUKS_STRIPES) * SECTOR_SIZE;
+
+	return 0;
+}
+
+static int LUKS_check_device_size(struct crypt_device *ctx, size_t keyLength)
+{
+	struct device *device = crypt_metadata_device(ctx);
 	uint64_t dev_sectors, hdr_sectors;

 	if (!keyLength)
 		return -EINVAL;

 	if(device_size(device, &dev_sectors)) {
-		log_dbg("Cannot get device size for device %s.", device);
+		log_dbg("Cannot get device size for device %s.", device_path(device));
 		return -EIO;
 	}

@@ -82,7 +86,7 @@ static int LUKS_check_device_size(struct crypt_device *ctx, const char *device,
 		PRIu64 " sectors.",keyLength, dev_sectors, hdr_sectors);

 	if (hdr_sectors > dev_sectors) {
-		log_err(ctx, _("Device %s is too small.\n"), device);
+		log_err(ctx, _("Device %s is too small.\n"), device_path(device));
 		return -EINVAL;
 	}

@@ -112,7 +116,7 @@ static int LUKS_check_keyslot_size(const struct luks_phdr *phdr, unsigned int ke
 		return 1;
 	}

-	secs_per_stripes = div_round_up(phdr->keyBytes * phdr->keyblock[keyIndex].stripes, SECTOR_SIZE);
+	secs_per_stripes = AF_split_sectors(phdr->keyBytes, phdr->keyblock[keyIndex].stripes);

 	if (phdr->payloadOffset < (phdr->keyblock[keyIndex].keyMaterialOffset + secs_per_stripes)) {
 		log_dbg("Invalid keyslot size %u (offset %u, stripes %u) in "
@@ -144,21 +148,15 @@ static const char *dbg_slot_state(crypt_keyslot_info ki)

 int LUKS_hdr_backup(
 	const char *backup_file,
-	const char *device,
 	struct luks_phdr *hdr,
 	struct crypt_device *ctx)
 {
+	struct device *device = crypt_metadata_device(ctx);
 	int r = 0, devfd = -1;
 	ssize_t buffer_size;
 	char *buffer = NULL;
-	struct stat st;

-	if(stat(backup_file, &st) == 0) {
-		log_err(ctx, _("Requested file %s already exist.\n"), backup_file);
-		return -EINVAL;
-	}
-
-	r = LUKS_read_phdr(device, hdr, 1, 0, ctx);
+	r = LUKS_read_phdr(hdr, 1, 0, ctx);
 	if (r)
 		return r;

@@ -172,28 +170,33 @@ int LUKS_hdr_backup(
 	log_dbg("Storing backup of header (%u bytes) and keyslot area (%u bytes).",
 		sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS);

-	devfd = open(device, O_RDONLY | O_DIRECT | O_SYNC);
+	devfd = device_open(device, O_RDONLY);
 	if(devfd == -1) {
-		log_err(ctx, _("Device %s is not a valid LUKS device.\n"), device);
+		log_err(ctx, _("Device %s is not a valid LUKS device.\n"), device_path(device));
 		r = -EINVAL;
 		goto out;
 	}

-	if(read_blockwise(devfd, buffer, buffer_size) < buffer_size) {
+	if (read_blockwise(devfd, device_block_size(device), buffer, buffer_size) < buffer_size) {
 		r = -EIO;
 		goto out;
 	}
 	close(devfd);

 	/* Wipe unused area, so backup cannot contain old signatures */
-	memset(buffer + sizeof(*hdr), 0, LUKS_ALIGN_KEYSLOTS - sizeof(*hdr));
+	if (hdr->keyblock[0].keyMaterialOffset * SECTOR_SIZE == LUKS_ALIGN_KEYSLOTS)
+		memset(buffer + sizeof(*hdr), 0, LUKS_ALIGN_KEYSLOTS - sizeof(*hdr));

-	devfd = creat(backup_file, S_IRUSR);
-	if(devfd == -1) {
+	devfd = open(backup_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
+	if (devfd == -1) {
+		if (errno == EEXIST)
+			log_err(ctx, _("Requested header backup file %s already exists.\n"), backup_file);
+		else
+			log_err(ctx, _("Cannot create header backup file %s.\n"), backup_file);
 		r = -EINVAL;
 		goto out;
 	}
-	if(write(devfd, buffer, buffer_size) < buffer_size) {
+	if (write(devfd, buffer, buffer_size) < buffer_size) {
 		log_err(ctx, _("Cannot write header backup file %s.\n"), backup_file);
 		r = -EIO;
 		goto out;
@@ -210,22 +213,19 @@ out:

 int LUKS_hdr_restore(
 	const char *backup_file,
-	const char *device,
 	struct luks_phdr *hdr,
 	struct crypt_device *ctx)
 {
+	struct device *device = crypt_metadata_device(ctx);
 	int r = 0, devfd = -1, diff_uuid = 0;
 	ssize_t buffer_size = 0;
 	char *buffer = NULL, msg[200];
-	struct stat st;
 	struct luks_phdr hdr_file;

-	if(stat(backup_file, &st) < 0) {
-		log_err(ctx, _("Backup file %s doesn't exist.\n"), backup_file);
-		return -EINVAL;
-	}
+	r = LUKS_read_phdr_backup(backup_file, &hdr_file, 0, ctx);
+	if (r == -ENOENT)
+		return r;

-	r = LUKS_read_phdr_backup(backup_file, device, &hdr_file, 0, ctx);
 	if (!r)
 		buffer_size = LUKS_device_sectors(hdr_file.keyBytes) << SECTOR_SHIFT;

@@ -242,22 +242,22 @@ int LUKS_hdr_restore(
 	}

 	devfd = open(backup_file, O_RDONLY);
-	if(devfd == -1) {
+	if (devfd == -1) {
 		log_err(ctx, _("Cannot open header backup file %s.\n"), backup_file);
 		r = -EINVAL;
 		goto out;
 	}

-	if(read(devfd, buffer, buffer_size) < buffer_size) {
+	if (read(devfd, buffer, buffer_size) < buffer_size) {
 		log_err(ctx, _("Cannot read header backup file %s.\n"), backup_file);
 		r = -EIO;
 		goto out;
 	}
 	close(devfd);

-	r = LUKS_read_phdr(device, hdr, 0, 0, ctx);
+	r = LUKS_read_phdr(hdr, 0, 0, ctx);
 	if (r == 0) {
-		log_dbg("Device %s already contains LUKS header, checking UUID and offset.", device);
+		log_dbg("Device %s already contains LUKS header, checking UUID and offset.", device_path(device));
 		if(hdr->payloadOffset != hdr_file.payloadOffset ||
 		   hdr->keyBytes != hdr_file.keyBytes) {
 			log_err(ctx, _("Data offset or key size differs on device and backup, restore failed.\n"));
@@ -268,7 +268,7 @@ int LUKS_hdr_restore(
 			diff_uuid = 1;
 	}

-	if (snprintf(msg, sizeof(msg), _("Device %s %s%s"), device,
+	if (snprintf(msg, sizeof(msg), _("Device %s %s%s"), device_path(device),
 		 r ? _("does not contain LUKS header. Replacing header can destroy data on that device.") :
 		     _("already contains LUKS header. Replacing header will destroy existing keyslots."),
 		     diff_uuid ? _("\nWARNING: real device header has different UUID than backup!") : "") < 0) {
@@ -282,23 +282,27 @@ int LUKS_hdr_restore(
 	}

 	log_dbg("Storing backup of header (%u bytes) and keyslot area (%u bytes) to device %s.",
-		sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS, device);
+		sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS, device_path(device));

-	devfd = open(device, O_WRONLY | O_DIRECT | O_SYNC);
-	if(devfd == -1) {
-		log_err(ctx, _("Cannot open device %s.\n"), device);
+	devfd = device_open(device, O_RDWR);
+	if (devfd == -1) {
+		if (errno == EACCES)
+			log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+				device_path(device));
+		else
+			log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
 		r = -EINVAL;
 		goto out;
 	}

-	if(write_blockwise(devfd, buffer, buffer_size) < buffer_size) {
+	if (write_blockwise(devfd, device_block_size(device), buffer, buffer_size) < buffer_size) {
 		r = -EIO;
 		goto out;
 	}
 	close(devfd);

 	/* Be sure to reload new data */
-	r = LUKS_read_phdr(device, hdr, 1, 0, ctx);
+	r = LUKS_read_phdr(hdr, 1, 0, ctx);
 out:
 	if (devfd != -1)
 		close(devfd);
@@ -307,7 +311,7 @@ out:
 }

 /* This routine should do some just basic recovery for known problems. */
-static int _keyslot_repair(const char *device, struct luks_phdr *phdr, struct crypt_device *ctx)
+static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
 {
 	struct luks_phdr temp_phdr;
 	const unsigned char *sector = (const unsigned char*)phdr;
@@ -315,7 +319,7 @@ static int _keyslot_repair(const char *device, struct luks_phdr *phdr, struct cr
 	uint64_t PBKDF2_per_sec = 1;
 	int i, bad, r, need_write = 0;

-	if (phdr->keyBytes != 16 && phdr->keyBytes != 32) {
+	if (phdr->keyBytes != 16 && phdr->keyBytes != 32 && phdr->keyBytes != 64) {
 		log_err(ctx, _("Non standard key size, manual repair required.\n"));
 		return -EINVAL;
 	}
@@ -336,7 +340,7 @@ static int _keyslot_repair(const char *device, struct luks_phdr *phdr, struct cr
 			       phdr->hashSpec,phdr->uuid, LUKS_STRIPES,
 			       phdr->payloadOffset, 0,
 			       1, &PBKDF2_per_sec,
-			       "/dev/null", ctx);
+			       1, ctx);
 	if (r < 0) {
 		log_err(ctx, _("Repair failed."));
 		goto out;
@@ -384,7 +388,7 @@ static int _keyslot_repair(const char *device, struct luks_phdr *phdr, struct cr

 	if (need_write) {
 		log_verbose(ctx, _("Writing LUKS header to disk.\n"));
-		r = LUKS_write_phdr(device, phdr, ctx);
+		r = LUKS_write_phdr(phdr, ctx);
 	}
 out:
 	crypt_free_volume_key(vk);
@@ -413,7 +417,7 @@ static int _check_and_convert_hdr(const char *device,
 	}

 	hdr->hashSpec[LUKS_HASHSPEC_L - 1] = '\0';
-	if (PBKDF2_HMAC_ready(hdr->hashSpec) < 0) {
+	if (crypt_hmac_size(hdr->hashSpec) < LUKS_DIGESTSIZE) {
 		log_err(ctx, _("Requested LUKS hash %s is not supported.\n"), hdr->hashSpec);
 		return -EINVAL;
 	}
@@ -441,7 +445,7 @@ static int _check_and_convert_hdr(const char *device,

 	if (repair) {
 		if (r == -EINVAL)
-			r = _keyslot_repair(device, hdr, ctx);
+			r = _keyslot_repair(hdr, ctx);
 		else
 			log_verbose(ctx, _("No known problems detected for LUKS header.\n"));
 	}
@@ -464,7 +468,6 @@ static void LUKS_fix_header_compatible(struct luks_phdr *header)
 }

 int LUKS_read_phdr_backup(const char *backup_file,
-			  const char *device,
 			  struct luks_phdr *hdr,
 			  int require_luks_device,
 			  struct crypt_device *ctx)
@@ -477,8 +480,8 @@ int LUKS_read_phdr_backup(const char *backup_file,

 	devfd = open(backup_file, O_RDONLY);
 	if(-1 == devfd) {
-		log_err(ctx, _("Cannot open file %s.\n"), device);
-		return -EINVAL;
+		log_err(ctx, _("Cannot open header backup file %s.\n"), backup_file);
+		return -ENOENT;
 	}

 	if (read(devfd, hdr, hdr_size) < hdr_size)
@@ -493,44 +496,50 @@ int LUKS_read_phdr_backup(const char *backup_file,
 	return r;
 }

-int LUKS_read_phdr(const char *device,
-		   struct luks_phdr *hdr,
+int LUKS_read_phdr(struct luks_phdr *hdr,
 		   int require_luks_device,
 		   int repair,
 		   struct crypt_device *ctx)
 {
+	struct device *device = crypt_metadata_device(ctx);
 	ssize_t hdr_size = sizeof(struct luks_phdr);
 	int devfd = 0, r = 0;

+	/* LUKS header starts at offset 0, first keyslot on LUKS_ALIGN_KEYSLOTS */
+	assert(sizeof(struct luks_phdr) <= LUKS_ALIGN_KEYSLOTS);
+
+	/* Stripes count cannot be changed without additional code fixes yet */
+	assert(LUKS_STRIPES == 4000);
+
 	if (repair && !require_luks_device)
 		return -EINVAL;

 	log_dbg("Reading LUKS header of size %d from device %s",
-		hdr_size, device);
+		hdr_size, device_path(device));

-	devfd = open(device,O_RDONLY | O_DIRECT | O_SYNC);
-	if(-1 == devfd) {
-		log_err(ctx, _("Cannot open device %s.\n"), device);
+	devfd = device_open(device, O_RDONLY);
+	if (devfd == -1) {
+		log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
 		return -EINVAL;
 	}

-	if (read_blockwise(devfd, hdr, hdr_size) < hdr_size)
+	if (read_blockwise(devfd, device_block_size(device), hdr, hdr_size) < hdr_size)
 		r = -EIO;
 	else
-		r = _check_and_convert_hdr(device, hdr, require_luks_device,
+		r = _check_and_convert_hdr(device_path(device), hdr, require_luks_device,
 					   repair, ctx);

 	if (!r)
-		r = LUKS_check_device_size(ctx, device, hdr->keyBytes);
+		r = LUKS_check_device_size(ctx, hdr->keyBytes);

 	close(devfd);
 	return r;
 }

-int LUKS_write_phdr(const char *device,
-		    struct luks_phdr *hdr,
+int LUKS_write_phdr(struct luks_phdr *hdr,
 		    struct crypt_device *ctx)
 {
+	struct device *device = crypt_metadata_device(ctx);
 	ssize_t hdr_size = sizeof(struct luks_phdr);
 	int devfd = 0;
 	unsigned int i;
@@ -538,15 +547,19 @@ int LUKS_write_phdr(const char *device,
 	int r;

 	log_dbg("Updating LUKS header of size %d on device %s",
-		sizeof(struct luks_phdr), device);
+		sizeof(struct luks_phdr), device_path(device));

-	r = LUKS_check_device_size(ctx, device, hdr->keyBytes);
+	r = LUKS_check_device_size(ctx, hdr->keyBytes);
 	if (r)
 		return r;

-	devfd = open(device,O_RDWR | O_DIRECT | O_SYNC);
+	devfd = device_open(device, O_RDWR);
 	if(-1 == devfd) {
-		log_err(ctx, _("Cannot open device %s.\n"), device);
+		if (errno == EACCES)
+			log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+				device_path(device));
+		else
+			log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
 		return -EINVAL;
 	}

@@ -565,36 +578,22 @@ int LUKS_write_phdr(const char *device,
 		convHdr.keyblock[i].stripes            = htonl(hdr->keyblock[i].stripes);
 	}

-	r = write_blockwise(devfd, &convHdr, hdr_size) < hdr_size ? -EIO : 0;
+	r = write_blockwise(devfd, device_block_size(device), &convHdr, hdr_size) < hdr_size ? -EIO : 0;
 	if (r)
-		log_err(ctx, _("Error during update of LUKS header on device %s.\n"), device);
+		log_err(ctx, _("Error during update of LUKS header on device %s.\n"), device_path(device));
 	close(devfd);

 	/* Re-read header from disk to be sure that in-memory and on-disk data are the same. */
 	if (!r) {
-		r = LUKS_read_phdr(device, hdr, 1, 0, ctx);
+		r = LUKS_read_phdr(hdr, 1, 0, ctx);
 		if (r)
-			log_err(ctx, _("Error re-reading LUKS header after update on device %s.\n"), device);
+			log_err(ctx, _("Error re-reading LUKS header after update on device %s.\n"),
+				device_path(device));
 	}

 	return r;
 }

-static int LUKS_PBKDF2_performance_check(const char *hashSpec,
-					 uint64_t *PBKDF2_per_sec,
-					 struct crypt_device *ctx)
-{
-	if (!*PBKDF2_per_sec) {
-		if (PBKDF2_performance_check(hashSpec, PBKDF2_per_sec) < 0) {
-			log_err(ctx, _("Not compatible PBKDF2 options (using hash algorithm %s).\n"), hashSpec);
-			return -EINVAL;
-		}
-		log_dbg("PBKDF2: %" PRIu64 " iterations per second using hash %s.", *PBKDF2_per_sec, hashSpec);
-	}
-
-	return 0;
-}
-
 int LUKS_generate_phdr(struct luks_phdr *header,
 		       const struct volume_key *vk,
 		       const char *cipherName, const char *cipherMode, const char *hashSpec,
@@ -603,21 +602,20 @@ int LUKS_generate_phdr(struct luks_phdr *header,
 		       unsigned int alignOffset,
 		       uint32_t iteration_time_ms,
 		       uint64_t *PBKDF2_per_sec,
-		       const char *metadata_device,
+		       int detached_metadata_device,
 		       struct crypt_device *ctx)
 {
 	unsigned int i=0;
-	unsigned int blocksPerStripeSet = div_round_up(vk->keylength*stripes,SECTOR_SIZE);
+	size_t blocksPerStripeSet, currentSector;
 	int r;
 	uuid_t partitionUuid;
-	int currentSector;
 	char luksMagic[] = LUKS_MAGIC;

 	/* For separate metadata device allow zero alignment */
-	if (alignPayload == 0 && !metadata_device)
+	if (alignPayload == 0 && !detached_metadata_device)
 		alignPayload = DEFAULT_DISK_ALIGNMENT / SECTOR_SIZE;

-	if (PBKDF2_HMAC_ready(hashSpec) < 0) {
+	if (crypt_hmac_size(hashSpec) < LUKS_DIGESTSIZE) {
 		log_err(ctx, _("Requested LUKS hash %s is not supported.\n"), hashSpec);
 		return -EINVAL;
 	}
@@ -648,43 +646,49 @@ int LUKS_generate_phdr(struct luks_phdr *header,

 	r = crypt_random_get(ctx, header->mkDigestSalt, LUKS_SALTSIZE, CRYPT_RND_SALT);
 	if(r < 0) {
-		log_err(ctx,  _("Cannot create LUKS header: reading random salt failed.\n"));
+		log_err(ctx, _("Cannot create LUKS header: reading random salt failed.\n"));
 		return r;
 	}

-	if ((r = LUKS_PBKDF2_performance_check(header->hashSpec, PBKDF2_per_sec, ctx)))
+	r = crypt_benchmark_kdf(ctx, "pbkdf2", header->hashSpec,
+				"foo", 3, "bar", 3, PBKDF2_per_sec);
+	if (r < 0) {
+		log_err(ctx, _("Not compatible PBKDF2 options (using hash algorithm %s).\n"),
+			header->hashSpec);
 		return r;
+	}

 	/* Compute master key digest */
 	iteration_time_ms /= 8;
 	header->mkDigestIterations = at_least((uint32_t)(*PBKDF2_per_sec/1024) * iteration_time_ms,
 					      LUKS_MKD_ITERATIONS_MIN);

-	r = PBKDF2_HMAC(header->hashSpec,vk->key,vk->keylength,
-			header->mkDigestSalt,LUKS_SALTSIZE,
-			header->mkDigestIterations,
-			header->mkDigest,LUKS_DIGESTSIZE);
+	r = crypt_pbkdf("pbkdf2", header->hashSpec, vk->key,vk->keylength,
+			header->mkDigestSalt, LUKS_SALTSIZE,
+			header->mkDigest,LUKS_DIGESTSIZE,
+			header->mkDigestIterations);
 	if(r < 0) {
-		log_err(ctx,  _("Cannot create LUKS header: header digest failed (using hash %s).\n"),
+		log_err(ctx, _("Cannot create LUKS header: header digest failed (using hash %s).\n"),
 			header->hashSpec);
 		return r;
 	}

-	currentSector = round_up_modulo(LUKS_PHDR_SIZE, LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
+	currentSector = LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE;
+	blocksPerStripeSet = AF_split_sectors(vk->keylength, stripes);
 	for(i = 0; i < LUKS_NUMKEYS; ++i) {
 		header->keyblock[i].active = LUKS_KEY_DISABLED;
 		header->keyblock[i].keyMaterialOffset = currentSector;
 		header->keyblock[i].stripes = stripes;
-		currentSector = round_up_modulo(currentSector + blocksPerStripeSet,
+		currentSector = size_round_up(currentSector + blocksPerStripeSet,
 						LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
 	}

-	if (metadata_device) {
+	if (detached_metadata_device) {
 		/* for separate metadata device use alignPayload directly */
 		header->payloadOffset = alignPayload;
 	} else {
 		/* alignOffset - offset from natural device alignment provided by topology info */
-		currentSector = round_up_modulo(currentSector, alignPayload);
+		currentSector = size_round_up(currentSector, alignPayload);
 		header->payloadOffset = currentSector + alignOffset;
 	}

@@ -697,7 +701,6 @@ int LUKS_generate_phdr(struct luks_phdr *header,
 }

 int LUKS_hdr_uuid_set(
-	const char *device,
 	struct luks_phdr *hdr,
 	const char *uuid,
 	struct crypt_device *ctx)
@@ -713,10 +716,10 @@ int LUKS_hdr_uuid_set(

 	uuid_unparse(partitionUuid, hdr->uuid);

-	return LUKS_write_phdr(device, hdr, ctx);
+	return LUKS_write_phdr(hdr, ctx);
 }

-int LUKS_set_key(const char *device, unsigned int keyIndex,
+int LUKS_set_key(unsigned int keyIndex,
 		 const char *password, size_t passwordLen,
 		 struct luks_phdr *hdr, struct volume_key *vk,
 		 uint32_t iteration_time_ms,
@@ -725,16 +728,17 @@ int LUKS_set_key(const char *device, unsigned int keyIndex,
 {
 	struct volume_key *derived_key;
 	char *AfKey = NULL;
-	unsigned int AFEKSize;
+	size_t AFEKSize;
 	uint64_t PBKDF2_temp;
 	int r;

 	if(hdr->keyblock[keyIndex].active != LUKS_KEY_DISABLED) {
-		log_err(ctx,  _("Key slot %d active, purge first.\n"), keyIndex);
+		log_err(ctx, _("Key slot %d active, purge first.\n"), keyIndex);
 		return -EINVAL;
 	}

-	if(hdr->keyblock[keyIndex].stripes < LUKS_STRIPES) {
+	/* LUKS keyslot has always at least 4000 stripes accoding to specification */
+	if(hdr->keyblock[keyIndex].stripes < 4000) {
 	        log_err(ctx, _("Key slot %d material includes too few stripes. Header manipulation?\n"),
 			keyIndex);
 	         return -EINVAL;
@@ -742,8 +746,13 @@ int LUKS_set_key(const char *device, unsigned int keyIndex,

 	log_dbg("Calculating data for key slot %d", keyIndex);

-	if ((r = LUKS_PBKDF2_performance_check(hdr->hashSpec, PBKDF2_per_sec, ctx)))
+	r = crypt_benchmark_kdf(ctx, "pbkdf2", hdr->hashSpec,
+				"foo", 3, "bar", 3, PBKDF2_per_sec);
+	if (r < 0) {
+		log_err(ctx, _("Not compatible PBKDF2 options (using hash algorithm %s).\n"),
+			hdr->hashSpec);
 		return r;
+	}

 	/*
 	 * Avoid floating point operation
@@ -765,12 +774,12 @@ int LUKS_set_key(const char *device, unsigned int keyIndex,
 	r = crypt_random_get(ctx, hdr->keyblock[keyIndex].passwordSalt,
 		       LUKS_SALTSIZE, CRYPT_RND_SALT);
 	if (r < 0)
-		return r;
+		goto out;

-	r = PBKDF2_HMAC(hdr->hashSpec, password,passwordLen,
-			hdr->keyblock[keyIndex].passwordSalt,LUKS_SALTSIZE,
-			hdr->keyblock[keyIndex].passwordIterations,
-			derived_key->key, hdr->keyBytes);
+	r = crypt_pbkdf("pbkdf2", hdr->hashSpec, password, passwordLen,
+			hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE,
+			derived_key->key, hdr->keyBytes,
+			hdr->keyblock[keyIndex].passwordIterations);
 	if (r < 0)
 		goto out;

@@ -778,7 +787,7 @@ int LUKS_set_key(const char *device, unsigned int keyIndex,
 	 * AF splitting, the masterkey stored in vk->key is split to AfKey
 	 */
 	assert(vk->keylength == hdr->keyBytes);
-	AFEKSize = hdr->keyblock[keyIndex].stripes*vk->keylength;
+	AFEKSize = AF_split_sectors(vk->keylength, hdr->keyblock[keyIndex].stripes) * SECTOR_SIZE;
 	AfKey = crypt_safe_alloc(AFEKSize);
 	if (!AfKey) {
 		r = -ENOMEM;
@@ -791,27 +800,24 @@ int LUKS_set_key(const char *device, unsigned int keyIndex,
 	if (r < 0)
 		goto out;

-	log_dbg("Updating key slot %d [0x%04x] area on device %s.", keyIndex,
-		hdr->keyblock[keyIndex].keyMaterialOffset << 9, device);
+	log_dbg("Updating key slot %d [0x%04x] area.", keyIndex,
+		hdr->keyblock[keyIndex].keyMaterialOffset << 9);
 	/* Encryption via dm */
 	r = LUKS_encrypt_to_storage(AfKey,
 				    AFEKSize,
-				    hdr,
+				    hdr->cipherName, hdr->cipherMode,
 				    derived_key,
-				    device,
 				    hdr->keyblock[keyIndex].keyMaterialOffset,
 				    ctx);
-	if (r < 0) {
-		log_err(ctx, _("Failed to write to key storage.\n"));
+	if (r < 0)
 		goto out;
-	}

 	/* Mark the key as active in phdr */
 	r = LUKS_keyslot_set(hdr, (int)keyIndex, 1);
 	if (r < 0)
 		goto out;

-	r = LUKS_write_phdr(device, hdr, ctx);
+	r = LUKS_write_phdr(hdr, ctx);
 	if (r < 0)
 		goto out;

@@ -828,10 +834,10 @@ int LUKS_verify_volume_key(const struct luks_phdr *hdr,
 {
 	char checkHashBuf[LUKS_DIGESTSIZE];

-	if (PBKDF2_HMAC(hdr->hashSpec, vk->key, vk->keylength,
+	if (crypt_pbkdf("pbkdf2", hdr->hashSpec, vk->key, vk->keylength,
 			hdr->mkDigestSalt, LUKS_SALTSIZE,
-			hdr->mkDigestIterations, checkHashBuf,
-			LUKS_DIGESTSIZE) < 0)
+			checkHashBuf, LUKS_DIGESTSIZE,
+			hdr->mkDigestIterations) < 0)
 		return -EINVAL;

 	if (memcmp(checkHashBuf, hdr->mkDigest, LUKS_DIGESTSIZE))
@@ -841,8 +847,7 @@ int LUKS_verify_volume_key(const struct luks_phdr *hdr,
 }

 /* Try to open a particular key slot */
-static int LUKS_open_key(const char *device,
-		  unsigned int keyIndex,
+static int LUKS_open_key(unsigned int keyIndex,
 		  const char *password,
 		  size_t passwordLen,
 		  struct luks_phdr *hdr,
@@ -866,30 +871,29 @@ static int LUKS_open_key(const char *device,
 		return -ENOMEM;

 	assert(vk->keylength == hdr->keyBytes);
-	AFEKSize = hdr->keyblock[keyIndex].stripes*vk->keylength;
+	AFEKSize = AF_split_sectors(vk->keylength, hdr->keyblock[keyIndex].stripes) * SECTOR_SIZE;
 	AfKey = crypt_safe_alloc(AFEKSize);
-	if (!AfKey)
-		return -ENOMEM;
+	if (!AfKey) {
+		r = -ENOMEM;
+		goto out;
+	}

-	r = PBKDF2_HMAC(hdr->hashSpec, password,passwordLen,
-			hdr->keyblock[keyIndex].passwordSalt,LUKS_SALTSIZE,
-			hdr->keyblock[keyIndex].passwordIterations,
-			derived_key->key, hdr->keyBytes);
+	r = crypt_pbkdf("pbkdf2", hdr->hashSpec, password, passwordLen,
+			hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE,
+			derived_key->key, hdr->keyBytes,
+			hdr->keyblock[keyIndex].passwordIterations);
 	if (r < 0)
 		goto out;

 	log_dbg("Reading key slot %d area.", keyIndex);
 	r = LUKS_decrypt_from_storage(AfKey,
 				      AFEKSize,
-				      hdr,
+				      hdr->cipherName, hdr->cipherMode,
 				      derived_key,
-				      device,
 				      hdr->keyblock[keyIndex].keyMaterialOffset,
 				      ctx);
-	if (r < 0) {
-		log_err(ctx, _("Failed to read from key storage.\n"));
+	if (r < 0)
 		goto out;
-	}

 	r = AF_merge(AfKey,vk->key,vk->keylength,hdr->keyblock[keyIndex].stripes,hdr->hashSpec);
 	if (r < 0)
@@ -904,8 +908,7 @@ out:
 	return r;
 }

-int LUKS_open_key_with_hdr(const char *device,
-			   int keyIndex,
+int LUKS_open_key_with_hdr(int keyIndex,
 			   const char *password,
 			   size_t passwordLen,
 			   struct luks_phdr *hdr,
@@ -918,12 +921,12 @@ int LUKS_open_key_with_hdr(const char *device,
 	*vk = crypt_alloc_volume_key(hdr->keyBytes, NULL);

 	if (keyIndex >= 0) {
-		r = LUKS_open_key(device, keyIndex, password, passwordLen, hdr, *vk, ctx);
+		r = LUKS_open_key(keyIndex, password, passwordLen, hdr, *vk, ctx);
 		return (r < 0) ? r : keyIndex;
 	}

 	for(i = 0; i < LUKS_NUMKEYS; i++) {
-		r = LUKS_open_key(device, i, password, passwordLen, hdr, *vk, ctx);
+		r = LUKS_open_key(i, password, passwordLen, hdr, *vk, ctx);
 		if(r == 0)
 			return i;

@@ -937,15 +940,15 @@ int LUKS_open_key_with_hdr(const char *device,
 	return -EPERM;
 }

-int LUKS_del_key(const char *device,
-		 unsigned int keyIndex,
+int LUKS_del_key(unsigned int keyIndex,
 		 struct luks_phdr *hdr,
 		 struct crypt_device *ctx)
 {
-	unsigned int startOffset, endOffset, stripesLen;
+	struct device *device = crypt_metadata_device(ctx);
+	unsigned int startOffset, endOffset;
 	int r;

-	r = LUKS_read_phdr(device, hdr, 1, 0, ctx);
+	r = LUKS_read_phdr(hdr, 1, 0, ctx);
 	if (r)
 		return r;

@@ -958,14 +961,19 @@ int LUKS_del_key(const char *device,

 	/* secure deletion of key material */
 	startOffset = hdr->keyblock[keyIndex].keyMaterialOffset;
-	stripesLen = hdr->keyBytes * hdr->keyblock[keyIndex].stripes;
-	endOffset = startOffset + div_round_up(stripesLen, SECTOR_SIZE);
+	endOffset = startOffset + AF_split_sectors(hdr->keyBytes, hdr->keyblock[keyIndex].stripes);

 	r = crypt_wipe(device, startOffset * SECTOR_SIZE,
 		       (endOffset - startOffset) * SECTOR_SIZE,
 		       CRYPT_WIPE_DISK, 0);
 	if (r) {
-		log_err(ctx, _("Cannot wipe device %s.\n"), device);
+		if (r == -EACCES) {
+			log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
+				device_path(device));
+			r = -EINVAL;
+		} else
+			log_err(ctx, _("Cannot wipe device %s.\n"),
+				device_path(device));
 		return r;
 	}

@@ -973,7 +981,7 @@ int LUKS_del_key(const char *device,
 	memset(&hdr->keyblock[keyIndex].passwordSalt, 0, LUKS_SALTSIZE);
 	hdr->keyblock[keyIndex].passwordIterations = 0;

-	r = LUKS_write_phdr(device, hdr, ctx);
+	r = LUKS_write_phdr(hdr, ctx);

 	return r;
 }
@@ -1048,7 +1056,7 @@ int LUKS1_activate(struct crypt_device *cd,
 		.uuid   = crypt_get_uuid(cd),
 		.flags  = flags,
 		.size   = 0,
-		.data_device = crypt_get_device_name(cd),
+		.data_device = crypt_data_device(cd),
 		.u.crypt = {
 			.cipher = NULL,
 			.vk     = vk,
@@ -1062,9 +1070,8 @@ int LUKS1_activate(struct crypt_device *cd,
 	else
 		device_check = DEV_EXCL;

-	r = device_check_and_adjust(cd, dmd.data_device, device_check,
-				    &dmd.size, &dmd.u.crypt.offset,
-				    &dmd.flags);
+	r = device_block_adjust(cd, dmd.data_device, device_check,
+				 dmd.u.crypt.offset, &dmd.size, &dmd.flags);
 	if (r)
 		return r;

@@ -1073,7 +1080,7 @@ int LUKS1_activate(struct crypt_device *cd,
 		return -ENOMEM;

 	dmd.u.crypt.cipher = dm_cipher;
-	r = dm_create_device(name, CRYPT_LUKS1, &dmd, 0);
+	r = dm_create_device(cd, name, CRYPT_LUKS1, &dmd, 0);

 	free(dm_cipher);
 	return r;
--- a/lib/luks1/luks.h
+++ b/lib/luks1/luks.h
@@ -6,7 +6,8 @@
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -51,8 +52,6 @@
 #define LUKS_MAGIC {'L','U','K','S', 0xba, 0xbe};
 #define LUKS_MAGIC_L 6

-#define LUKS_PHDR_SIZE (sizeof(struct luks_phdr)/SECTOR_SIZE+1)
-
 /* Actually we need only 37, but we don't want struct autoaligning to kick in */
 #define UUID_STRING_L 40

@@ -63,6 +62,7 @@
 converted */

 struct volume_key;
+struct device_backend;

 struct luks_phdr {
 	char		magic[LUKS_MAGIC_L];
@@ -108,11 +108,10 @@ int LUKS_generate_phdr(
 	unsigned int alignOffset,
 	uint32_t iteration_time_ms,
 	uint64_t *PBKDF2_per_sec,
-	const char *metadata_device,
+	int detached_metadata_device,
 	struct crypt_device *ctx);

 int LUKS_read_phdr(
-	const char *device,
 	struct luks_phdr *hdr,
 	int require_luks_device,
 	int repair,
@@ -120,36 +119,30 @@ int LUKS_read_phdr(

 int LUKS_read_phdr_backup(
 	const char *backup_file,
-	const char *device,
 	struct luks_phdr *hdr,
 	int require_luks_device,
 	struct crypt_device *ctx);

 int LUKS_hdr_uuid_set(
-	const char *device,
 	struct luks_phdr *hdr,
 	const char *uuid,
 	struct crypt_device *ctx);

 int LUKS_hdr_backup(
 	const char *backup_file,
-	const char *device,
 	struct luks_phdr *hdr,
 	struct crypt_device *ctx);

 int LUKS_hdr_restore(
 	const char *backup_file,
-	const char *device,
 	struct luks_phdr *hdr,
 	struct crypt_device *ctx);

 int LUKS_write_phdr(
-	const char *device,
 	struct luks_phdr *hdr,
 	struct crypt_device *ctx);

 int LUKS_set_key(
-	const char *device,
 	unsigned int keyIndex,
 	const char *password,
 	size_t passwordLen,
@@ -160,7 +153,6 @@ int LUKS_set_key(
 	struct crypt_device *ctx);

 int LUKS_open_key_with_hdr(
-	const char *device,
 	int keyIndex,
 	const char *password,
 	size_t passwordLen,
@@ -169,7 +161,6 @@ int LUKS_open_key_with_hdr(
 	struct crypt_device *ctx);

 int LUKS_del_key(
-	const char *device,
 	unsigned int keyIndex,
 	struct luks_phdr *hdr,
 	struct crypt_device *ctx);
@@ -178,20 +169,24 @@ crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
 int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
 int LUKS_keyslot_active_count(struct luks_phdr *hdr);
 int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable);
+int LUKS_keyslot_area(struct luks_phdr *hdr,
+	int keyslot,
+	uint64_t *offset,
+	uint64_t *length);

 int LUKS_encrypt_to_storage(
 	char *src, size_t srcLength,
-	struct luks_phdr *hdr,
+	const char *cipher,
+	const char *cipher_mode,
 	struct volume_key *vk,
-	const char *device,
 	unsigned int sector,
 	struct crypt_device *ctx);

 int LUKS_decrypt_from_storage(
 	char *dst, size_t dstLength,
-	struct luks_phdr *hdr,
+	const char *cipher,
+	const char *cipher_mode,
 	struct volume_key *vk,
-	const char *device,
 	unsigned int sector,
 	struct crypt_device *ctx);

--- a/lib/luks1/pbkdf.h
+++ b/lib/luks1/pbkdf.h
@@ -1,40 +0,0 @@
-/*
- * Implementation of Password-Based Cryptography as per PKCS#5
- * Copyright (C) 2002,2003 Simon Josefsson
- * Copyright (C) 2004 Free Software Foundation
- *
- * LUKS code
- * Copyright (C) 2004, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- *
- * This file is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- */
-
-#ifndef INCLUDED_CRYPTSETUP_LUKS_PBKDF_H
-#define INCLUDED_CRYPTSETUP_LUKS_PBKDF_H
-
-#include <stddef.h>
-
-int PBKDF2_HMAC(const char *hash,
-		const char *password, size_t passwordLen,
-		const char *salt, size_t saltLen, unsigned int iterations,
-		char *dKey, size_t dKeyLen);
-
-
-int PBKDF2_performance_check(const char *hash, uint64_t *iter);
-int PBKDF2_HMAC_ready(const char *hash);
-
-#endif
--- a/lib/random.c
+++ b/lib/random.c
@@ -5,7 +5,8 @@
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -22,6 +23,7 @@
 #include <fcntl.h>
 #include <errno.h>
 #include <assert.h>
+#include <sys/select.h>

 #include "libcryptsetup.h"
 #include "internal.h"
--- a/lib/setup.c
+++ b/lib/setup.c
--- a/lib/tcrypt/Makefile.am
+++ b/lib/tcrypt/Makefile.am
@@ -0,0 +1,16 @@
+moduledir = $(libdir)/cryptsetup
+
+noinst_LTLIBRARIES = libtcrypt.la
+
+libtcrypt_la_CFLAGS = -Wall @CRYPTO_CFLAGS@
+
+libtcrypt_la_SOURCES = \
+	tcrypt.c \
+	tcrypt.h
+
+AM_CPPFLAGS = -D_GNU_SOURCE			\
+	-D_LARGEFILE64_SOURCE                   \
+	-D_FILE_OFFSET_BITS=64                  \
+        -I$(top_srcdir)/lib			\
+        -I$(top_srcdir)/lib/crypto_backend
+
--- a/lib/tcrypt/tcrypt.c
+++ b/lib/tcrypt/tcrypt.c
@@ -0,0 +1,969 @@
+/*
+ * TCRYPT (TrueCrypt-compatible) volume handling
+ *
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2013, Milan Broz
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <fcntl.h>
+#include <assert.h>
+
+#include "libcryptsetup.h"
+#include "tcrypt.h"
+#include "internal.h"
+
+/* TCRYPT PBKDF variants */
+static struct {
+	unsigned int legacy:1;
+	const char *name;
+	const char *hash;
+	unsigned int iterations;
+} tcrypt_kdf[] = {
+	{ 0, "pbkdf2", "ripemd160", 2000 },
+	{ 0, "pbkdf2", "ripemd160", 1000 },
+	{ 0, "pbkdf2", "sha512",    1000 },
+	{ 0, "pbkdf2", "whirlpool", 1000 },
+	{ 1, "pbkdf2", "sha1",      2000 },
+	{ 0, NULL,     NULL,           0 }
+};
+
+struct tcrypt_alg {
+		const char *name;
+		unsigned int key_size;
+		unsigned int iv_size;
+		unsigned int key_offset;
+		unsigned int iv_offset; /* or tweak key offset */
+};
+
+struct tcrypt_algs {
+	unsigned int legacy:1;
+	unsigned int chain_count;
+	unsigned int chain_key_size;
+	const char *long_name;
+	const char *mode;
+	struct tcrypt_alg cipher[3];
+};
+
+/* TCRYPT cipher variants */
+static struct tcrypt_algs tcrypt_cipher[] = {
+/* XTS mode */
+{0,1,64,"aes","xts-plain64",
+	{{"aes",    64,16,0,32}}},
+{0,1,64,"serpent","xts-plain64",
+	{{"serpent",64,16,0,32}}},
+{0,1,64,"twofish","xts-plain64",
+	{{"twofish",64,16,0,32}}},
+{0,2,128,"twofish-aes","xts-plain64",
+	{{"twofish",64,16, 0,64},
+	 {"aes",    64,16,32,96}}},
+{0,3,192,"serpent-twofish-aes","xts-plain64",
+	{{"serpent",64,16, 0, 96},
+	 {"twofish",64,16,32,128},
+	 {"aes",    64,16,64,160}}},
+{0,2,128,"aes-serpent","xts-plain64",
+	{{"aes",    64,16, 0,64},
+	 {"serpent",64,16,32,96}}},
+{0,3,192,"aes-twofish-serpent","xts-plain64",
+	{{"aes",    64,16, 0, 96},
+	 {"twofish",64,16,32,128},
+	 {"serpent",64,16,64,160}}},
+{0,2,128,"serpent-twofish","xts-plain64",
+	{{"serpent",64,16, 0,64},
+	 {"twofish",64,16,32,96}}},
+/* LRW mode */
+{0,1,48,"aes","lrw-benbi",
+	{{"aes",    48,16,32,0}}},
+{0,1,48,"serpent","lrw-benbi",
+	{{"serpent",48,16,32,0}}},
+{0,1,48,"twofish","lrw-benbi",
+	{{"twofish",48,16,32,0}}},
+{0,2,96,"twofish-aes","lrw-benbi",
+	{{"twofish",48,16,32,0},
+	 {"aes",    48,16,64,0}}},
+{0,3,144,"serpent-twofish-aes","lrw-benbi",
+	{{"serpent",48,16,32,0},
+	 {"twofish",48,16,64,0},
+	 {"aes",    48,16,96,0}}},
+{0,2,96,"aes-serpent","lrw-benbi",
+	{{"aes",    48,16,32,0},
+	 {"serpent",48,16,64,0}}},
+{0,3,144,"aes-twofish-serpent","lrw-benbi",
+	{{"aes",    48,16,32,0},
+	 {"twofish",48,16,64,0},
+	 {"serpent",48,16,96,0}}},
+{0,2,96,"serpent-twofish", "lrw-benbi",
+	{{"serpent",48,16,32,0},
+	 {"twofish",48,16,64,0}}},
+/* Kernel LRW block size is fixed to 16 bytes for GF(2^128)
+ * thus cannot be used with blowfish where block is 8 bytes.
+ * There also no GF(2^64) support.
+{1,1,64,"blowfish_le","lrw-benbi",
+	 {{"blowfish_le",64,8,32,0}}},
+{1,2,112,"blowfish_le-aes","lrw-benbi",
+	 {{"blowfish_le",64, 8,32,0},
+	  {"aes",        48,16,88,0}}},
+{1,3,160,"serpent-blowfish_le-aes","lrw-benbi",
+	  {{"serpent",    48,16, 32,0},
+	   {"blowfish_le",64, 8, 64,0},
+	   {"aes",        48,16,120,0}}},*/
+/* CBC + "outer" CBC (both with whitening) */
+{1,1,32,"aes","cbc-tcrypt",
+	{{"aes",    32,16,32,0}}},
+{1,1,32,"serpent","cbc-tcrypt",
+	{{"serpent",32,16,32,0}}},
+{1,1,32,"twofish","cbc-tcrypt",
+	{{"twofish",32,16,32,0}}},
+{1,2,64,"twofish-aes","cbci-tcrypt",
+	{{"twofish",32,16,32,0},
+	 {"aes",    32,16,64,0}}},
+{1,3,96,"serpent-twofish-aes","cbci-tcrypt",
+	{{"serpent",32,16,32,0},
+	 {"twofish",32,16,64,0},
+	 {"aes",    32,16,96,0}}},
+{1,2,64,"aes-serpent","cbci-tcrypt",
+	{{"aes",    32,16,32,0},
+	 {"serpent",32,16,64,0}}},
+{1,3,96,"aes-twofish-serpent", "cbci-tcrypt",
+	{{"aes",    32,16,32,0},
+	 {"twofish",32,16,64,0},
+	 {"serpent",32,16,96,0}}},
+{1,2,64,"serpent-twofish", "cbci-tcrypt",
+	{{"serpent",32,16,32,0},
+	 {"twofish",32,16,64,0}}},
+{1,1,16,"cast5","cbc-tcrypt",
+	{{"cast5",   16,8,32,0}}},
+{1,1,24,"des3_ede","cbc-tcrypt",
+	{{"des3_ede",24,8,32,0}}},
+{1,1,56,"blowfish_le","cbc-tcrypt",
+	{{"blowfish_le",56,8,32,0}}},
+{1,2,88,"blowfish_le-aes","cbc-tcrypt",
+	{{"blowfish_le",56, 8,32,0},
+	 {"aes",        32,16,88,0}}},
+{1,3,120,"serpent-blowfish_le-aes","cbc-tcrypt",
+	{{"serpent",    32,16, 32,0},
+	 {"blowfish_le",56, 8, 64,0},
+	 {"aes",        32,16,120,0}}},
+{}
+};
+
+static int TCRYPT_hdr_from_disk(struct tcrypt_phdr *hdr,
+				struct crypt_params_tcrypt *params,
+				int kdf_index, int cipher_index)
+{
+	uint32_t crc32;
+	size_t size;
+
+	/* Check CRC32 of header */
+	size = TCRYPT_HDR_LEN - sizeof(hdr->d.keys) - sizeof(hdr->d.header_crc32);
+	crc32 = crypt_crc32(~0, (unsigned char*)&hdr->d, size) ^ ~0;
+	if (be16_to_cpu(hdr->d.version) > 3 &&
+	    crc32 != be32_to_cpu(hdr->d.header_crc32)) {
+		log_dbg("TCRYPT header CRC32 mismatch.");
+		return -EINVAL;
+	}
+
+	/* Check CRC32 of keys */
+	crc32 = crypt_crc32(~0, (unsigned char*)hdr->d.keys, sizeof(hdr->d.keys)) ^ ~0;
+	if (crc32 != be32_to_cpu(hdr->d.keys_crc32)) {
+		log_dbg("TCRYPT keys CRC32 mismatch.");
+		return -EINVAL;
+	}
+
+	/* Convert header to cpu format */
+	hdr->d.version  =  be16_to_cpu(hdr->d.version);
+	hdr->d.version_tc = le16_to_cpu(hdr->d.version_tc);
+
+	hdr->d.keys_crc32 = be32_to_cpu(hdr->d.keys_crc32);
+
+	hdr->d.hidden_volume_size = be64_to_cpu(hdr->d.hidden_volume_size);
+	hdr->d.volume_size        = be64_to_cpu(hdr->d.volume_size);
+
+	hdr->d.mk_offset = be64_to_cpu(hdr->d.mk_offset);
+	if (!hdr->d.mk_offset)
+		hdr->d.mk_offset = 512;
+
+	hdr->d.mk_size = be64_to_cpu(hdr->d.mk_size);
+
+	hdr->d.flags = be32_to_cpu(hdr->d.flags);
+
+	hdr->d.sector_size = be32_to_cpu(hdr->d.sector_size);
+	if (!hdr->d.sector_size)
+		hdr->d.sector_size = 512;
+
+	hdr->d.header_crc32 = be32_to_cpu(hdr->d.header_crc32);
+
+	/* Set params */
+	params->passphrase = NULL;
+	params->passphrase_size = 0;
+	params->hash_name  = tcrypt_kdf[kdf_index].hash;
+	params->key_size = tcrypt_cipher[cipher_index].chain_key_size;
+	params->cipher = tcrypt_cipher[cipher_index].long_name;
+	params->mode = tcrypt_cipher[cipher_index].mode;
+
+	return 0;
+}
+
+/*
+ * Kernel implements just big-endian version of blowfish, hack it here
+ */
+static void TCRYPT_swab_le(char *buf)
+{
+	uint32_t *l = (uint32_t*)&buf[0];
+	uint32_t *r = (uint32_t*)&buf[4];
+	*l = swab32(*l);
+	*r = swab32(*r);
+}
+
+static int decrypt_blowfish_le_cbc(struct tcrypt_alg *alg,
+				   const char *key, char *buf)
+{
+	int bs = alg->iv_size;
+	char iv[bs], iv_old[bs];
+	struct crypt_cipher *cipher = NULL;
+	int i, j, r;
+
+	assert(bs == 2*sizeof(uint32_t));
+
+	r = crypt_cipher_init(&cipher, "blowfish", "ecb",
+			      &key[alg->key_offset], alg->key_size);
+	if (r < 0)
+		return r;
+
+	memcpy(iv, &key[alg->iv_offset], alg->iv_size);
+	for (i = 0; i < TCRYPT_HDR_LEN; i += bs) {
+		memcpy(iv_old, &buf[i], bs);
+		TCRYPT_swab_le(&buf[i]);
+		r = crypt_cipher_decrypt(cipher, &buf[i], &buf[i],
+					  bs, NULL, 0);
+		TCRYPT_swab_le(&buf[i]);
+		if (r < 0)
+			break;
+		for (j = 0; j < bs; j++)
+			buf[i + j] ^= iv[j];
+		memcpy(iv, iv_old, bs);
+	}
+
+	crypt_cipher_destroy(cipher);
+	memset(iv, 0, bs);
+	memset(iv_old, 0, bs);
+	return r;
+}
+
+static void TCRYPT_remove_whitening(char *buf, const char *key)
+{
+	int j;
+
+	for (j = 0; j < TCRYPT_HDR_LEN; j++)
+		buf[j] ^= key[j % 8];
+}
+
+static void TCRYPT_copy_key(struct tcrypt_alg *alg, const char *mode,
+			     char *out_key, const char *key)
+{
+	int ks2;
+	if (!strncmp(mode, "xts", 3)) {
+		ks2 = alg->key_size / 2;
+		memcpy(out_key, &key[alg->key_offset], ks2);
+		memcpy(&out_key[ks2], &key[alg->iv_offset], ks2);
+	} else if (!strncmp(mode, "lrw", 3)) {
+		ks2 = alg->key_size - TCRYPT_LRW_IKEY_LEN;
+		memcpy(out_key, &key[alg->key_offset], ks2);
+		memcpy(&out_key[ks2], key, TCRYPT_LRW_IKEY_LEN);
+	} else if (!strncmp(mode, "cbc", 3)) {
+		memcpy(out_key, &key[alg->key_offset], alg->key_size);
+	}
+}
+
+static int TCRYPT_decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode,
+				   const char *key,struct tcrypt_phdr *hdr)
+{
+	char backend_key[TCRYPT_HDR_KEY_LEN];
+	char iv[TCRYPT_HDR_IV_LEN] = {};
+	char mode_name[MAX_CIPHER_LEN];
+	struct crypt_cipher *cipher;
+	char *c, *buf = (char*)&hdr->e;
+	int r;
+
+	/* Remove IV if present */
+	strncpy(mode_name, mode, MAX_CIPHER_LEN);
+	c = strchr(mode_name, '-');
+	if (c)
+		*c = '\0';
+
+	if (!strncmp(mode, "lrw", 3))
+		iv[alg->iv_size - 1] = 1;
+	else if (!strncmp(mode, "cbc", 3)) {
+		TCRYPT_remove_whitening(buf, &key[8]);
+		if (!strcmp(alg->name, "blowfish_le"))
+			return decrypt_blowfish_le_cbc(alg, key, buf);
+		memcpy(iv, &key[alg->iv_offset], alg->iv_size);
+	}
+
+	TCRYPT_copy_key(alg, mode, backend_key, key);
+	r = crypt_cipher_init(&cipher, alg->name, mode_name,
+			      backend_key, alg->key_size);
+	if (!r) {
+		r = crypt_cipher_decrypt(cipher, buf, buf, TCRYPT_HDR_LEN,
+					 iv, alg->iv_size);
+		crypt_cipher_destroy(cipher);
+	}
+
+	memset(backend_key, 0, sizeof(backend_key));
+	memset(iv, 0, TCRYPT_HDR_IV_LEN);
+	return r;
+}
+
+/*
+ * For chanined ciphers and CBC mode we need "outer" decryption.
+ * Backend doesn't provide this, so implement it here directly using ECB.
+ */
+static int TCRYPT_decrypt_cbci(struct tcrypt_algs *ciphers,
+				const char *key, struct tcrypt_phdr *hdr)
+{
+	struct crypt_cipher *cipher[ciphers->chain_count];
+	unsigned int bs = ciphers->cipher[0].iv_size;
+	char *buf = (char*)&hdr->e, iv[bs], iv_old[bs];
+	unsigned int i, j;
+	int r = -EINVAL;
+
+	TCRYPT_remove_whitening(buf, &key[8]);
+
+	memcpy(iv, &key[ciphers->cipher[0].iv_offset], bs);
+
+	/* Initialize all ciphers in chain in ECB mode */
+	for (j = 0; j < ciphers->chain_count; j++)
+		cipher[j] = NULL;
+	for (j = 0; j < ciphers->chain_count; j++) {
+		r = crypt_cipher_init(&cipher[j], ciphers->cipher[j].name, "ecb",
+				      &key[ciphers->cipher[j].key_offset],
+				      ciphers->cipher[j].key_size);
+		if (r < 0)
+			goto out;
+	}
+
+	/* Implements CBC with chained ciphers in loop inside */
+	for (i = 0; i < TCRYPT_HDR_LEN; i += bs) {
+		memcpy(iv_old, &buf[i], bs);
+		for (j = ciphers->chain_count; j > 0; j--) {
+			r = crypt_cipher_decrypt(cipher[j - 1], &buf[i], &buf[i],
+						  bs, NULL, 0);
+			if (r < 0)
+				goto out;
+		}
+		for (j = 0; j < bs; j++)
+			buf[i + j] ^= iv[j];
+		memcpy(iv, iv_old, bs);
+	}
+out:
+	for (j = 0; j < ciphers->chain_count; j++)
+		if (cipher[j])
+			crypt_cipher_destroy(cipher[j]);
+
+	memset(iv, 0, bs);
+	memset(iv_old, 0, bs);
+	return r;
+}
+
+static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
+			       const char *key, int legacy_modes)
+{
+	struct tcrypt_phdr hdr2;
+	int i, j, r = -EINVAL;
+
+	for (i = 0; tcrypt_cipher[i].chain_count; i++) {
+		if (!legacy_modes && tcrypt_cipher[i].legacy)
+			continue;
+		log_dbg("TCRYPT:  trying cipher %s-%s",
+			tcrypt_cipher[i].long_name, tcrypt_cipher[i].mode);
+
+		memcpy(&hdr2.e, &hdr->e, TCRYPT_HDR_LEN);
+
+		if (!strncmp(tcrypt_cipher[i].mode, "cbci", 4))
+			r = TCRYPT_decrypt_cbci(&tcrypt_cipher[i], key, &hdr2);
+		else for (j = tcrypt_cipher[i].chain_count - 1; j >= 0 ; j--) {
+			if (!tcrypt_cipher[i].cipher[j].name)
+				continue;
+			r = TCRYPT_decrypt_hdr_one(&tcrypt_cipher[i].cipher[j],
+					    tcrypt_cipher[i].mode, key, &hdr2);
+			if (r < 0)
+				break;
+		}
+
+		if (r < 0) {
+			log_dbg("TCRYPT:   returned error %d, skipped.", r);
+			if (r == -ENOTSUP)
+				break;
+			r = -ENOENT;
+			continue;
+		}
+
+		if (!strncmp(hdr2.d.magic, TCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) {
+			log_dbg("TCRYPT: Signature magic detected.");
+			memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
+			r = i;
+			break;
+		}
+		r = -EPERM;
+	}
+
+	memset(&hdr2, 0, sizeof(hdr2));
+	return r;
+}
+
+static int TCRYPT_pool_keyfile(struct crypt_device *cd,
+				unsigned char pool[TCRYPT_KEY_POOL_LEN],
+				const char *keyfile)
+{
+	unsigned char data[TCRYPT_KEYFILE_LEN];
+	int i, j, fd, data_size;
+	uint32_t crc;
+
+	log_dbg("TCRYPT: using keyfile %s.", keyfile);
+
+	fd = open(keyfile, O_RDONLY);
+	if (fd < 0) {
+		log_err(cd, _("Failed to open key file.\n"));
+		return -EIO;
+	}
+
+	/* FIXME: add while */
+	data_size = read(fd, data, TCRYPT_KEYFILE_LEN);
+	close(fd);
+	if (data_size < 0) {
+		log_err(cd, _("Error reading keyfile %s.\n"), keyfile);
+		return -EIO;
+	}
+
+	for (i = 0, j = 0, crc = ~0U; i < data_size; i++) {
+		crc = crypt_crc32(crc, &data[i], 1);
+		pool[j++] += (unsigned char)(crc >> 24);
+		pool[j++] += (unsigned char)(crc >> 16);
+		pool[j++] += (unsigned char)(crc >>  8);
+		pool[j++] += (unsigned char)(crc);
+		j %= TCRYPT_KEY_POOL_LEN;
+	}
+
+	memset(&crc, 0, sizeof(crc));
+	memset(data, 0, TCRYPT_KEYFILE_LEN);
+
+	return 0;
+}
+
+static int TCRYPT_init_hdr(struct crypt_device *cd,
+			   struct tcrypt_phdr *hdr,
+			   struct crypt_params_tcrypt *params)
+{
+	unsigned char pwd[TCRYPT_KEY_POOL_LEN] = {};
+	size_t passphrase_size;
+	char *key;
+	unsigned int i, skipped = 0;
+	int r = -EINVAL, legacy_modes;
+
+	if (posix_memalign((void*)&key, crypt_getpagesize(), TCRYPT_HDR_KEY_LEN))
+		return -ENOMEM;
+
+	if (params->keyfiles_count)
+		passphrase_size = TCRYPT_KEY_POOL_LEN;
+	else
+		passphrase_size = params->passphrase_size;
+
+	if (params->passphrase_size > TCRYPT_KEY_POOL_LEN) {
+		log_err(cd, _("Maximum TCRYPT passphrase length (%d) exceeded.\n"),
+			      TCRYPT_KEY_POOL_LEN);
+		return -EPERM;
+	}
+
+	/* Calculate pool content from keyfiles */
+	for (i = 0; i < params->keyfiles_count; i++) {
+		r = TCRYPT_pool_keyfile(cd, pwd, params->keyfiles[i]);
+		if (r < 0)
+			goto out;
+	}
+
+	/* If provided password, combine it with pool */
+	for (i = 0; i < params->passphrase_size; i++)
+		pwd[i] += params->passphrase[i];
+
+	legacy_modes = params->flags & CRYPT_TCRYPT_LEGACY_MODES ? 1 : 0;
+	for (i = 0; tcrypt_kdf[i].name; i++) {
+		if (!legacy_modes && tcrypt_kdf[i].legacy)
+			continue;
+		/* Derive header key */
+		log_dbg("TCRYPT: trying KDF: %s-%s-%d.",
+			tcrypt_kdf[i].name, tcrypt_kdf[i].hash, tcrypt_kdf[i].iterations);
+		r = crypt_pbkdf(tcrypt_kdf[i].name, tcrypt_kdf[i].hash,
+				(char*)pwd, passphrase_size,
+				hdr->salt, TCRYPT_HDR_SALT_LEN,
+				key, TCRYPT_HDR_KEY_LEN,
+				tcrypt_kdf[i].iterations);
+		if (r < 0 && crypt_hash_size(tcrypt_kdf[i].hash) < 0) {
+			log_verbose(cd, _("PBKDF2 hash algorithm %s not available, skipping.\n"),
+				      tcrypt_kdf[i].hash);
+			continue;
+		}
+		if (r < 0)
+			break;
+
+		/* Decrypt header */
+		r = TCRYPT_decrypt_hdr(cd, hdr, key, legacy_modes);
+		if (r == -ENOENT) {
+			skipped++;
+			continue;
+		}
+		if (r != -EPERM)
+			break;
+	}
+
+	if ((skipped && skipped == i) || r == -ENOTSUP) {
+		log_err(cd, _("Required kernel crypto interface not available.\n"));
+#ifdef ENABLE_AF_ALG
+		log_err(cd, _("Ensure you have algif_skcipher kernel module loaded.\n"));
+#endif
+	}
+	if (r < 0)
+		goto out;
+
+	r = TCRYPT_hdr_from_disk(hdr, params, i, r);
+	if (!r) {
+		log_dbg("TCRYPT: Header version: %d, req. %d, sector %d"
+			", mk_offset %" PRIu64 ", hidden_size %" PRIu64
+			", volume size %" PRIu64, (int)hdr->d.version,
+			(int)hdr->d.version_tc, (int)hdr->d.sector_size,
+			hdr->d.mk_offset, hdr->d.hidden_volume_size, hdr->d.volume_size);
+		log_dbg("TCRYPT: Header cipher %s-%s, key size %d",
+			params->cipher, params->mode, params->key_size);
+	}
+out:
+	memset(pwd, 0, TCRYPT_KEY_POOL_LEN);
+	if (key)
+		memset(key, 0, TCRYPT_HDR_KEY_LEN);
+	free(key);
+	return r;
+}
+
+int TCRYPT_read_phdr(struct crypt_device *cd,
+		     struct tcrypt_phdr *hdr,
+		     struct crypt_params_tcrypt *params)
+{
+	struct device *device = crypt_metadata_device(cd);
+	ssize_t hdr_size = sizeof(struct tcrypt_phdr);
+	int devfd = 0, r, bs;
+
+	assert(sizeof(struct tcrypt_phdr) == 512);
+
+	log_dbg("Reading TCRYPT header of size %d bytes from device %s.",
+		hdr_size, device_path(device));
+
+	bs = device_block_size(device);
+	if (bs < 0)
+		return bs;
+
+	devfd = device_open(device, O_RDONLY);
+	if (devfd == -1) {
+		log_err(cd, _("Cannot open device %s.\n"), device_path(device));
+		return -EINVAL;
+	}
+
+	r = -EIO;
+	if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) {
+		if (lseek(devfd, TCRYPT_HDR_SYSTEM_OFFSET, SEEK_SET) >= 0 &&
+		    read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size)
+			r = TCRYPT_init_hdr(cd, hdr, params);
+	} else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) {
+		if (params->flags & CRYPT_TCRYPT_BACKUP_HEADER) {
+			if (lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET_BCK, SEEK_END) >= 0 &&
+			    read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size)
+				r = TCRYPT_init_hdr(cd, hdr, params);
+		} else {
+			if (lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET, SEEK_SET) >= 0 &&
+			    read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size)
+				r = TCRYPT_init_hdr(cd, hdr, params);
+			if (r &&
+			    lseek(devfd, TCRYPT_HDR_HIDDEN_OFFSET_OLD, SEEK_END) >= 0 &&
+			    read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size)
+				r = TCRYPT_init_hdr(cd, hdr, params);
+		}
+	} else if (params->flags & CRYPT_TCRYPT_BACKUP_HEADER) {
+		if (lseek(devfd, TCRYPT_HDR_OFFSET_BCK, SEEK_END) >= 0 &&
+			    read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size)
+			r = TCRYPT_init_hdr(cd, hdr, params);
+	} else if (read_blockwise(devfd, bs, hdr, hdr_size) == hdr_size)
+		r = TCRYPT_init_hdr(cd, hdr, params);
+
+	close(devfd);
+	if (r < 0)
+		memset(hdr, 0, sizeof (*hdr));
+	return r;
+}
+
+static struct tcrypt_algs *TCRYPT_get_algs(const char *cipher, const char *mode)
+{
+	int i;
+
+	if (!cipher || !mode)
+		return NULL;
+
+	for (i = 0; tcrypt_cipher[i].chain_count; i++)
+		if (!strcmp(tcrypt_cipher[i].long_name, cipher) &&
+		    !strcmp(tcrypt_cipher[i].mode, mode))
+		    return &tcrypt_cipher[i];
+
+	return NULL;
+}
+
+int TCRYPT_activate(struct crypt_device *cd,
+		     const char *name,
+		     struct tcrypt_phdr *hdr,
+		     struct crypt_params_tcrypt *params,
+		     uint32_t flags)
+{
+	char cipher[MAX_CIPHER_LEN], dm_name[PATH_MAX], dm_dev_name[PATH_MAX];
+	struct device *device = NULL;
+	unsigned int i;
+	int r;
+	struct tcrypt_algs *algs;
+	struct crypt_dm_active_device dmd = {
+		.target = DM_CRYPT,
+		.size   = 0,
+		.data_device = crypt_data_device(cd),
+		.u.crypt  = {
+			.cipher = cipher,
+			.offset = crypt_get_data_offset(cd),
+			.iv_offset = crypt_get_iv_offset(cd),
+		}
+	};
+
+	if (!hdr->d.version) {
+		log_dbg("TCRYPT: this function is not supported without encrypted header load.");
+		return -ENOTSUP;
+	}
+
+	if (hdr->d.sector_size && hdr->d.sector_size != SECTOR_SIZE) {
+		log_err(cd, _("Activation is not supported for %d sector size.\n"),
+			hdr->d.sector_size);
+		return -ENOTSUP;
+	}
+
+	if (strstr(params->mode, "-tcrypt")) {
+		log_err(cd, _("Kernel doesn't support activation for this TCRYPT legacy mode.\n"));
+		return -ENOTSUP;
+	}
+
+	algs = TCRYPT_get_algs(params->cipher, params->mode);
+	if (!algs)
+		return -EINVAL;
+
+	if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER)
+		dmd.size = hdr->d.hidden_volume_size / hdr->d.sector_size;
+	else
+		dmd.size = hdr->d.volume_size / hdr->d.sector_size;
+
+	r = device_block_adjust(cd, dmd.data_device, DEV_EXCL,
+				dmd.u.crypt.offset, &dmd.size, &dmd.flags);
+	if (r)
+		return r;
+
+	/* Frome here, key size for every cipher must be the same */
+	dmd.u.crypt.vk = crypt_alloc_volume_key(algs->cipher[0].key_size, NULL);
+	if (!dmd.u.crypt.vk)
+		return -ENOMEM;
+
+	for (i = algs->chain_count; i > 0; i--) {
+		if (i == 1) {
+			strncpy(dm_name, name, sizeof(dm_name));
+			dmd.flags = flags;
+		} else {
+			snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i-1);
+			dmd.flags = flags | CRYPT_ACTIVATE_PRIVATE;
+		}
+
+		snprintf(cipher, sizeof(cipher), "%s-%s",
+			 algs->cipher[i-1].name, algs->mode);
+
+		TCRYPT_copy_key(&algs->cipher[i-1], algs->mode,
+				dmd.u.crypt.vk->key, hdr->d.keys);
+
+		if (algs->chain_count != i) {
+			snprintf(dm_dev_name, sizeof(dm_dev_name), "%s/%s_%d",
+				 dm_get_dir(), name, i);
+			r = device_alloc(&device, dm_dev_name);
+			if (r)
+				break;
+			dmd.data_device = device;
+			dmd.u.crypt.offset = 0;
+		}
+
+		log_dbg("Trying to activate TCRYPT device %s using cipher %s.",
+			dm_name, dmd.u.crypt.cipher);
+		r = dm_create_device(cd, dm_name, CRYPT_TCRYPT, &dmd, 0);
+
+		device_free(device);
+		device = NULL;
+
+		if (r)
+			break;
+	}
+
+	if (r < 0 && !(dm_flags() & DM_PLAIN64_SUPPORTED)) {
+		log_err(cd, _("Kernel doesn't support plain64 IV.\n"));
+		r = -ENOTSUP;
+	}
+
+	crypt_free_volume_key(dmd.u.crypt.vk);
+	return r;
+}
+
+static int TCRYPT_remove_one(struct crypt_device *cd, const char *name,
+		      const char *base_uuid, int index)
+{
+	struct crypt_dm_active_device dmd = {};
+	char dm_name[PATH_MAX];
+	int r;
+
+	if (snprintf(dm_name, sizeof(dm_name), "%s_%d", name, index) < 0)
+		return -ENOMEM;
+
+	r = dm_status_device(cd, dm_name);
+	if (r < 0)
+		return r;
+
+	r = dm_query_device(cd, dm_name, DM_ACTIVE_UUID, &dmd);
+	if (!r && !strncmp(dmd.uuid, base_uuid, strlen(base_uuid)))
+		r = dm_remove_device(cd, dm_name, 0, 0);
+
+	free(CONST_CAST(void*)dmd.uuid);
+	return r;
+}
+
+int TCRYPT_deactivate(struct crypt_device *cd, const char *name)
+{
+	struct crypt_dm_active_device dmd = {};
+	int r;
+
+	r = dm_query_device(cd, name, DM_ACTIVE_UUID, &dmd);
+	if (r < 0)
+		return r;
+	if (!dmd.uuid)
+		return -EINVAL;
+
+	r = dm_remove_device(cd, name, 0, 0);
+	if (r < 0)
+		goto out;
+
+	r = TCRYPT_remove_one(cd, name, dmd.uuid, 1);
+	if (r < 0)
+		goto out;
+
+	r = TCRYPT_remove_one(cd, name, dmd.uuid, 2);
+	if (r < 0)
+		goto out;
+out:
+	free(CONST_CAST(void*)dmd.uuid);
+	return (r == -ENODEV) ? 0 : r;
+}
+
+static int TCRYPT_status_one(struct crypt_device *cd, const char *name,
+			      const char *base_uuid, int index,
+			      size_t *key_size, char *cipher,
+			      uint64_t *data_offset, struct device **device)
+{
+	struct crypt_dm_active_device dmd = {};
+	char dm_name[PATH_MAX], *c;
+	int r;
+
+	if (snprintf(dm_name, sizeof(dm_name), "%s_%d", name, index) < 0)
+		return -ENOMEM;
+
+	r = dm_status_device(cd, dm_name);
+	if (r < 0)
+		return r;
+
+	r = dm_query_device(cd, dm_name, DM_ACTIVE_DEVICE |
+					  DM_ACTIVE_UUID |
+					  DM_ACTIVE_CRYPT_CIPHER |
+					  DM_ACTIVE_CRYPT_KEYSIZE, &dmd);
+	if (r > 0)
+		r = 0;
+	if (!r && !strncmp(dmd.uuid, base_uuid, strlen(base_uuid))) {
+		if ((c = strchr(dmd.u.crypt.cipher, '-')))
+			*c = '\0';
+		strcat(cipher, "-");
+		strncat(cipher, dmd.u.crypt.cipher, MAX_CIPHER_LEN);
+		*key_size += dmd.u.crypt.vk->keylength;
+		*data_offset = dmd.u.crypt.offset * SECTOR_SIZE;
+		device_free(*device);
+		*device = dmd.data_device;
+	} else {
+		device_free(dmd.data_device);
+		r = -ENODEV;
+	}
+
+	free(CONST_CAST(void*)dmd.uuid);
+	free(CONST_CAST(void*)dmd.u.crypt.cipher);
+	crypt_free_volume_key(dmd.u.crypt.vk);
+	return r;
+}
+
+int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
+			const struct crypt_dm_active_device *dmd,
+			struct device **device,
+			struct crypt_params_tcrypt *tcrypt_params,
+			struct tcrypt_phdr *tcrypt_hdr)
+{
+	struct tcrypt_algs *algs;
+	char cipher[MAX_CIPHER_LEN * 4], mode[MAX_CIPHER_LEN], *tmp;
+	size_t key_size;
+	int r;
+
+	memset(tcrypt_params, 0, sizeof(*tcrypt_params));
+	memset(tcrypt_hdr, 0, sizeof(*tcrypt_hdr));
+	tcrypt_hdr->d.sector_size = SECTOR_SIZE;
+	tcrypt_hdr->d.mk_offset = dmd->u.crypt.offset * SECTOR_SIZE;
+
+	strncpy(cipher, dmd->u.crypt.cipher, MAX_CIPHER_LEN);
+	tmp = strchr(cipher, '-');
+	if (!tmp)
+		return -EINVAL;
+	*tmp = '\0';
+	strncpy(mode, ++tmp, MAX_CIPHER_LEN);
+
+	key_size = dmd->u.crypt.vk->keylength;
+	r = TCRYPT_status_one(cd, name, dmd->uuid, 1, &key_size,
+			      cipher, &tcrypt_hdr->d.mk_offset, device);
+	if (!r)
+		r = TCRYPT_status_one(cd, name, dmd->uuid, 2, &key_size,
+				      cipher, &tcrypt_hdr->d.mk_offset, device);
+
+	if (r < 0 && r != -ENODEV)
+		return r;
+
+	algs = TCRYPT_get_algs(cipher, mode);
+	if (!algs || key_size != algs->chain_key_size)
+		return -EINVAL;
+
+	tcrypt_params->key_size = algs->chain_key_size;
+	tcrypt_params->cipher = algs->long_name;
+	tcrypt_params->mode = algs->mode;
+	return 0;
+}
+
+uint64_t TCRYPT_get_data_offset(struct crypt_device *cd,
+				 struct tcrypt_phdr *hdr,
+				 struct crypt_params_tcrypt *params)
+{
+	uint64_t size;
+
+	/* No real header loaded, initialized by active device */
+	if (!hdr->d.version)
+		goto hdr_offset;
+
+	/* Mapping through whole device, not partition! */
+	if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER)
+		goto hdr_offset;
+
+	if (params->mode && !strncmp(params->mode, "xts", 3)) {
+		if (hdr->d.version < 3)
+			return 1;
+
+		if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) {
+			if (hdr->d.version > 3)
+				return (hdr->d.mk_offset / hdr->d.sector_size);
+			if (device_size(crypt_metadata_device(cd), &size) < 0)
+				return 0;
+			return (size - hdr->d.hidden_volume_size +
+				(TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / hdr->d.sector_size;
+		}
+		goto hdr_offset;
+	}
+
+	if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) {
+		if (device_size(crypt_metadata_device(cd), &size) < 0)
+			return 0;
+		return (size - hdr->d.hidden_volume_size +
+			(TCRYPT_HDR_HIDDEN_OFFSET_OLD)) / hdr->d.sector_size;
+	}
+
+hdr_offset:
+	return hdr->d.mk_offset / hdr->d.sector_size;
+}
+
+uint64_t TCRYPT_get_iv_offset(struct crypt_device *cd,
+			      struct tcrypt_phdr *hdr,
+			      struct crypt_params_tcrypt *params
+)
+{
+	if (params->mode && !strncmp(params->mode, "xts", 3))
+		return TCRYPT_get_data_offset(cd, hdr, params);
+	else if (params->mode && !strncmp(params->mode, "lrw", 3))
+		return 0;
+
+	return hdr->d.mk_offset / hdr->d.sector_size;
+}
+
+int TCRYPT_get_volume_key(struct crypt_device *cd,
+			  struct tcrypt_phdr *hdr,
+			  struct crypt_params_tcrypt *params,
+			  struct volume_key **vk)
+{
+	struct tcrypt_algs *algs;
+	unsigned int i, key_index;
+
+	if (!hdr->d.version) {
+		log_err(cd, _("This function is not supported without TCRYPT header load."));
+		return -ENOTSUP;
+	}
+
+	algs = TCRYPT_get_algs(params->cipher, params->mode);
+	if (!algs)
+		return -EINVAL;
+
+	*vk = crypt_alloc_volume_key(params->key_size, NULL);
+	if (!*vk)
+		return -ENOMEM;
+
+	for (i = 0, key_index = 0; i < algs->chain_count; i++) {
+		TCRYPT_copy_key(&algs->cipher[i], algs->mode,
+				&(*vk)->key[key_index], hdr->d.keys);
+		key_index += algs->cipher[i].key_size;
+	}
+
+	return 0;
+}
+
+int TCRYPT_dump(struct crypt_device *cd,
+		struct tcrypt_phdr *hdr,
+		struct crypt_params_tcrypt *params)
+{
+	log_std(cd, "TCRYPT header information for %s\n",
+		device_path(crypt_metadata_device(cd)));
+	if (hdr->d.version) {
+		log_std(cd, "Version:       \t%d\n", hdr->d.version);
+		log_std(cd, "Driver req.:\t%d\n", hdr->d.version_tc);
+
+		log_std(cd, "Sector size:\t%" PRIu32 "\n", hdr->d.sector_size);
+		log_std(cd, "MK offset:\t%" PRIu64 "\n", hdr->d.mk_offset);
+		log_std(cd, "PBKDF2 hash:\t%s\n", params->hash_name);
+	}
+	log_std(cd, "Cipher chain:\t%s\n", params->cipher);
+	log_std(cd, "Cipher mode:\t%s\n", params->mode);
+	log_std(cd, "MK bits:       \t%d\n", params->key_size * 8);
+	return 0;
+}
--- a/lib/tcrypt/tcrypt.h
+++ b/lib/tcrypt/tcrypt.h
@@ -0,0 +1,114 @@
+/*
+ * TCRYPT (TrueCrypt-compatible)  header defitinion
+ *
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2013, Milan Broz
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "libcryptsetup.h"
+
+#ifndef _CRYPTSETUP_TCRYPT_H
+#define _CRYPTSETUP_TCRYPT_H
+
+#define TCRYPT_HDR_SALT_LEN 64
+#define TCRYPT_HDR_IV_LEN   16
+#define TCRYPT_HDR_LEN     448
+#define TCRYPT_HDR_KEY_LEN 192
+#define TCRYPT_HDR_MAGIC "TRUE"
+#define TCRYPT_HDR_MAGIC_LEN 4
+
+#define TCRYPT_HDR_HIDDEN_OFFSET_OLD -1536
+#define TCRYPT_HDR_HIDDEN_OFFSET 65536
+
+#define TCRYPT_HDR_HIDDEN_OFFSET_BCK -65536
+#define TCRYPT_HDR_OFFSET_BCK -131072
+
+#define TCRYPT_HDR_SYSTEM_OFFSET 31744
+
+#define TCRYPT_LRW_IKEY_LEN 16
+#define TCRYPT_KEY_POOL_LEN 64
+#define TCRYPT_KEYFILE_LEN  1048576
+
+#define TCRYPT_HDR_FLAG_SYSTEM    (1 << 0)
+#define TCRYPT_HDR_FLAG_NONSYSTEM (1 << 1)
+
+struct tcrypt_phdr {
+	char salt[TCRYPT_HDR_SALT_LEN];
+
+	/* encrypted part, TCRYPT_HDR_LEN bytes */
+	union {
+	struct __attribute__((__packed__)) {
+		char     magic[TCRYPT_HDR_MAGIC_LEN];
+		uint16_t version;
+		uint16_t version_tc;
+		uint32_t keys_crc32;
+		uint64_t _reserved1[2]; /* data/header ctime */
+		uint64_t hidden_volume_size;
+		uint64_t volume_size;
+		uint64_t mk_offset;
+		uint64_t mk_size;
+		uint32_t flags;
+		uint32_t sector_size;
+		uint8_t  _reserved2[120];
+		uint32_t header_crc32;
+		char     keys[256];
+	} d;
+	char e[TCRYPT_HDR_LEN];
+	};
+} __attribute__((__packed__));
+
+struct crypt_dm_active_device;
+struct volume_key;
+struct device;
+
+int TCRYPT_read_phdr(struct crypt_device *cd,
+		     struct tcrypt_phdr *hdr,
+		     struct crypt_params_tcrypt *params);
+
+int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
+			const struct crypt_dm_active_device *dmd,
+			struct device **device,
+			struct crypt_params_tcrypt *tcrypt_params,
+			struct tcrypt_phdr *tcrypt_hdr);
+
+int TCRYPT_activate(struct crypt_device *cd,
+		     const char *name,
+		     struct tcrypt_phdr *hdr,
+		     struct crypt_params_tcrypt *params,
+		     uint32_t flags);
+
+int TCRYPT_deactivate(struct crypt_device *cd,
+		      const char *name);
+
+uint64_t TCRYPT_get_data_offset(struct crypt_device *cd,
+				struct tcrypt_phdr *hdr,
+				struct crypt_params_tcrypt *params);
+
+uint64_t TCRYPT_get_iv_offset(struct crypt_device *cd,
+			      struct tcrypt_phdr *hdr,
+			      struct crypt_params_tcrypt *params);
+
+int TCRYPT_get_volume_key(struct crypt_device *cd,
+			  struct tcrypt_phdr *hdr,
+			  struct crypt_params_tcrypt *params,
+			  struct volume_key **vk);
+
+int TCRYPT_dump(struct crypt_device *cd,
+		struct tcrypt_phdr *hdr,
+		struct crypt_params_tcrypt *params);
+
+#endif
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -4,10 +4,12 @@
 * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
 * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
 * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -22,25 +24,16 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include <stddef.h>
-#include <stdarg.h>
 #include <errno.h>
-#include <linux/fs.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/ioctl.h>
-#include <fcntl.h>
 #include <sys/mman.h>
 #include <sys/resource.h>

-#include "libcryptsetup.h"
 #include "internal.h"

 unsigned crypt_getpagesize(void)
 {
-	return (unsigned)sysconf(_SC_PAGESIZE);
+	long r = sysconf(_SC_PAGESIZE);
+	return r < 0 ? DEFAULT_MEM_ALIGNMENT : r;
 }

 static int get_alignment(int fd)
@@ -74,52 +67,15 @@ static void *aligned_malloc(void **base, int size, int alignment)
 #endif
 }

-int device_read_ahead(const char *dev, uint32_t *read_ahead)
-{
-	int fd, r = 0;
-	long read_ahead_long;
-
-	if ((fd = open(dev, O_RDONLY)) < 0)
-		return 0;
-
-	r = ioctl(fd, BLKRAGET, &read_ahead_long) ? 0 : 1;
-	close(fd);
-
-	if (r)
-		*read_ahead = (uint32_t) read_ahead_long;
-
-	return r;
-}
-
-static int sector_size(int fd) 
-{
-	int bsize;
-	if (ioctl(fd,BLKSSZGET, &bsize) < 0)
-		return -EINVAL;
-	else
-		return bsize;
-}
-
-int sector_size_for_device(const char *device)
-{
-	int fd = open(device, O_RDONLY);
-	int r;
-	if(fd < 0)
-		return -EINVAL;
-	r = sector_size(fd);
-	close(fd);
-	return r;
-}
-
-ssize_t write_blockwise(int fd, void *orig_buf, size_t count)
+ssize_t write_blockwise(int fd, int bsize, void *orig_buf, size_t count)
 {
 	void *hangover_buf, *hangover_buf_base = NULL;
 	void *buf, *buf_base = NULL;
-	int r, hangover, solid, bsize, alignment;
+	int r, hangover, solid, alignment;
 	ssize_t ret = -1;

-	if ((bsize = sector_size(fd)) < 0)
-		return bsize;
+	if (fd == -1 || !orig_buf || bsize <= 0)
+		return -1;

 	hangover = count % bsize;
 	solid = count - hangover;
@@ -143,16 +99,19 @@ ssize_t write_blockwise(int fd, void *orig_buf, size_t count)
 			goto out;

 		r = read(fd, hangover_buf, bsize);
-		if (r < 0 || r != bsize)
+		if (r < 0 || r < hangover)
 			goto out;

+		if (r < bsize)
+			bsize = r;
+
 		r = lseek(fd, -bsize, SEEK_CUR);
 		if (r < 0)
 			goto out;
 		memcpy(hangover_buf, (char*)buf + solid, hangover);

 		r = write(fd, hangover_buf, bsize);
-		if (r < 0 || r != bsize)
+		if (r < 0 || r < hangover)
 			goto out;
 	}
 	ret = count;
@@ -163,14 +122,14 @@ out:
 	return ret;
 }

-ssize_t read_blockwise(int fd, void *orig_buf, size_t count) {
+ssize_t read_blockwise(int fd, int bsize, void *orig_buf, size_t count) {
 	void *hangover_buf, *hangover_buf_base = NULL;
 	void *buf, *buf_base = NULL;
-	int r, hangover, solid, bsize, alignment;
+	int r, hangover, solid, alignment;
 	ssize_t ret = -1;

-	if ((bsize = sector_size(fd)) < 0)
-		return bsize;
+	if (fd == -1 || !orig_buf || bsize <= 0)
+		return -1;

 	hangover = count % bsize;
 	solid = count - hangover;
@@ -192,7 +151,7 @@ ssize_t read_blockwise(int fd, void *orig_buf, size_t count) {
 		if (!hangover_buf)
 			goto out;
 		r = read(fd, hangover_buf, bsize);
-		if (r <  0 || r != bsize)
+		if (r <  0 || r < hangover)
 			goto out;

 		memcpy((char *)buf + solid, hangover_buf, hangover);
@@ -213,15 +172,15 @@ out:
 * is implicitly included in the read/write offset, which can not be set to non-aligned
 * boundaries. Hence, we combine llseek with write.
 */
-ssize_t write_lseek_blockwise(int fd, char *buf, size_t count, off_t offset) {
+ssize_t write_lseek_blockwise(int fd, int bsize, char *buf, size_t count, off_t offset) {
 	char *frontPadBuf;
 	void *frontPadBuf_base = NULL;
-	int r, bsize, frontHang;
+	int r, frontHang;
 	size_t innerCount = 0;
 	ssize_t ret = -1;

-	if ((bsize = sector_size(fd)) < 0)
-		return bsize;
+	if (fd == -1 || !buf || bsize <= 0)
+		return -1;

 	frontHang = offset % bsize;

@@ -255,7 +214,7 @@ ssize_t write_lseek_blockwise(int fd, char *buf, size_t count, off_t offset) {
 		count -= innerCount;
 	}

-	ret = count ? write_blockwise(fd, buf, count) : 0;
+	ret = count ? write_blockwise(fd, bsize, buf, count) : 0;
 	if (ret >= 0)
 		ret += innerCount;
 out:
@@ -264,171 +223,6 @@ out:
 	return ret;
 }

-int device_ready(struct crypt_device *cd, const char *device, int mode)
-{
-	int devfd, r = 0;
-	ssize_t s;
-	struct stat st;
-	char buf[512];
-
-	if(stat(device, &st) < 0) {
-		log_err(cd, _("Device %s doesn't exist or access denied.\n"), device);
-		return -EINVAL;
-	}
-
-	if (!S_ISBLK(st.st_mode))
-		return -ENOTBLK;
-
-	log_dbg("Trying to open and read device %s.", device);
-	devfd = open(device, mode | O_DIRECT | O_SYNC);
-	if(devfd < 0) {
-		log_err(cd, _("Cannot open device %s for %s%s access.\n"), device,
-			(mode & O_EXCL) ? _("exclusive ") : "",
-			(mode & O_RDWR) ? _("writable") : _("read-only"));
-		return -EINVAL;
-	}
-
-	 /* Try to read first sector */
-	s = read_blockwise(devfd, buf, sizeof(buf));
-	if (s < 0 || s != sizeof(buf)) {
-		log_verbose(cd, _("Cannot read device %s.\n"), device);
-		r = -EIO;
-	}
-
-	memset(buf, 0, sizeof(buf));
-	close(devfd);
-
-	return r;
-}
-
-int device_size(const char *device, uint64_t *size)
-{
-	int devfd, r = 0;
-
-	devfd = open(device, O_RDONLY);
-	if(devfd == -1)
-		return -EINVAL;
-
-	if (ioctl(devfd, BLKGETSIZE64, size) < 0)
-		r = -EINVAL;
-
-	close(devfd);
-	return r;
-}
-
-static int get_device_infos(const char *device, enum devcheck device_check,
-			    int *readonly, uint64_t *size)
-{
-	struct stat st;
-	unsigned long size_small;
-	int fd, r = -1;
-	int flags = 0;
-
-	*readonly = 0;
-	*size = 0;
-
-	if (stat(device, &st) < 0)
-		return -EINVAL;
-
-	/* never wipe header on mounted device */
-	if (device_check == DEV_EXCL && S_ISBLK(st.st_mode))
-		flags |= O_EXCL;
-
-	/* Try to open read-write to check whether it is a read-only device */
-	fd = open(device, O_RDWR | flags);
-	if (fd == -1 && errno == EROFS) {
-		*readonly = 1;
-		fd = open(device, O_RDONLY | flags);
-	}
-
-	if (fd == -1 && device_check == DEV_EXCL && errno == EBUSY)
-		return -EBUSY;
-
-	if (fd == -1)
-		return -EINVAL;
-
-	/* If the device can be opened read-write, i.e. readonly is still 0, then
-	 * check whether BKROGET says that it is read-only. E.g. read-only loop
-	 * devices may be openend read-write but are read-only according to BLKROGET
-	 */
-	if (*readonly == 0 && (r = ioctl(fd, BLKROGET, readonly)) < 0)
-		goto out;
-
-	if (ioctl(fd, BLKGETSIZE64, size) >= 0) {
-		*size >>= SECTOR_SHIFT;
-		r = 0;
-		goto out;
-	}
-
-	if (ioctl(fd, BLKGETSIZE, &size_small) >= 0) {
-		*size = (uint64_t)size_small;
-		r = 0;
-		goto out;
-	}
-
-	r = -EINVAL;
-out:
-	close(fd);
-	return r;
-}
-
-int device_check_and_adjust(struct crypt_device *cd,
-			    const char *device,
-			    enum devcheck device_check,
-			    uint64_t *size,
-			    uint64_t *offset,
-			    uint32_t *flags)
-{
-	int r, real_readonly;
-	uint64_t real_size;
-
-	if (!device)
-		return -ENOTBLK;
-
-	r = get_device_infos(device, device_check, &real_readonly, &real_size);
-	if (r < 0) {
-		if (r == -EBUSY)
-			log_err(cd, _("Cannot use device %s which is in use "
-				      "(already mapped or mounted).\n"),
-				      device);
-		else
-			log_err(cd, _("Cannot get info about device %s.\n"),
-				device);
-		return r;
-	}
-
-	if (*offset >= real_size) {
-		log_err(cd, _("Requested offset is beyond real size of device %s.\n"),
-			device);
-		return -EINVAL;
-	}
-
-	if (!*size) {
-		*size = real_size;
-		if (!*size) {
-			log_err(cd, _("Device %s has zero size.\n"), device);
-			return -ENOTBLK;
-		}
-		*size -= *offset;
-	}
-
-	/* in case of size is set by parameter */
-	if ((real_size - *offset) < *size) {
-		log_dbg("Device %s: offset = %" PRIu64 " requested size = %" PRIu64
-			", backing device size = %" PRIu64,
-			device, *offset, *size, real_size);
-		log_err(cd, _("Device %s is too small.\n"), device);
-		return -EINVAL;
-	}
-
-	if (real_readonly)
-		*flags |= CRYPT_ACTIVATE_READONLY;
-
-	log_dbg("Calculated device size is %" PRIu64 " sectors (%s), offset %" PRIu64 ".",
-		*size, real_readonly ? "RO" : "RW", *offset);
-	return 0;
-}
-
 /* MEMLOCK */
 #define DEFAULT_PROCESS_PRIORITY -18

@@ -441,7 +235,7 @@ int crypt_memlock_inc(struct crypt_device *ctx)
 	if (!_memlock_count++) {
 		log_dbg("Locking memory.");
 		if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) {
-			log_err(ctx, _("WARNING!!! Possibly insecure memory. Are you root?\n"));
+			log_dbg("Cannot lock memory with mlockall.");
 			_memlock_count--;
 			return 0;
 		}
@@ -450,7 +244,7 @@ int crypt_memlock_inc(struct crypt_device *ctx)
 			log_err(ctx, _("Cannot get process priority.\n"));
 		else
 			if (setpriority(PRIO_PROCESS, 0, DEFAULT_PROCESS_PRIORITY))
-				log_err(ctx, _("setpriority %d failed: %s\n"),
+				log_dbg("setpriority %d failed: %s",
 					DEFAULT_PROCESS_PRIORITY, strerror(errno));
 	}
 	return _memlock_count ? 1 : 0;
@@ -463,64 +257,7 @@ int crypt_memlock_dec(struct crypt_device *ctx)
 		if (munlockall() == -1)
 			log_err(ctx, _("Cannot unlock memory.\n"));
 		if (setpriority(PRIO_PROCESS, 0, _priority))
-			log_err(ctx, _("setpriority %d failed: %s\n"), _priority, strerror(errno));
+			log_dbg("setpriority %d failed: %s", _priority, strerror(errno));
 	}
 	return _memlock_count ? 1 : 0;
 }
-
-/* DEVICE TOPOLOGY */
-
-/* block device topology ioctls, introduced in 2.6.32 */
-#ifndef BLKIOMIN
-#define BLKIOMIN    _IO(0x12,120)
-#define BLKIOOPT    _IO(0x12,121)
-#define BLKALIGNOFF _IO(0x12,122)
-#endif
-
-void get_topology_alignment(const char *device,
-			    unsigned long *required_alignment, /* bytes */
-			    unsigned long *alignment_offset,   /* bytes */
-			    unsigned long default_alignment)
-{
-	int dev_alignment_offset = 0;
-	unsigned int min_io_size = 0, opt_io_size = 0;
-	unsigned long temp_alignment = 0;
-	int fd;
-
-	*required_alignment = default_alignment;
-	*alignment_offset = 0;
-
-	fd = open(device, O_RDONLY);
-	if (fd == -1)
-		return;
-
-	/* minimum io size */
-	if (ioctl(fd, BLKIOMIN, &min_io_size) == -1) {
-		log_dbg("Topology info for %s not supported, using default offset %lu bytes.",
-			device, default_alignment);
-		goto out;
-	}
-
-	/* optimal io size */
-	if (ioctl(fd, BLKIOOPT, &opt_io_size) == -1)
-		opt_io_size = min_io_size;
-
-	/* alignment offset, bogus -1 means misaligned/unknown */
-	if (ioctl(fd, BLKALIGNOFF, &dev_alignment_offset) == -1 || dev_alignment_offset < 0)
-		dev_alignment_offset = 0;
-	*alignment_offset = (unsigned long)dev_alignment_offset;
-
-	temp_alignment = (unsigned long)min_io_size;
-
-	if (temp_alignment < (unsigned long)opt_io_size)
-		temp_alignment = (unsigned long)opt_io_size;
-
-	/* If calculated alignment is multiple of default, keep default */
-	if (temp_alignment && (default_alignment % temp_alignment))
-		*required_alignment = temp_alignment;
-
-	log_dbg("Topology: IO (%u/%u), offset = %lu; Required alignment is %lu bytes.",
-		min_io_size, opt_io_size, *alignment_offset, *required_alignment);
-out:
-	(void)close(fd);
-}
--- a/lib/utils_benchmark.c
+++ b/lib/utils_benchmark.c
@@ -0,0 +1,248 @@
+/*
+ * libcryptsetup - cryptsetup library, cipher bechmark
+ *
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012, Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+#include "internal.h"
+
+/*
+ * This is not simulating storage, so using disk block causes extreme overhead.
+ * Let's use some fixed block size where results are more reliable...
+ */
+#define CIPHER_BLOCK_BYTES 65536
+
+/*
+ * The whole test depends on Linux kernel usermode crypto API for now.
+ * (The same implementations are used in dm-crypt though.)
+ */
+
+struct cipher_perf {
+	char name[32];
+	char mode[32];
+	char *key;
+	size_t key_length;
+	char *iv;
+	size_t iv_length;
+	size_t buffer_size;
+};
+
+static long time_ms(struct rusage *start, struct rusage *end)
+{
+	long ms = 0;
+
+	/* For kernel backend, we need to measure only tim in kernel.
+	ms = (end->ru_utime.tv_sec - start->ru_utime.tv_sec) * 1000;
+	ms += (end->ru_utime.tv_usec - start->ru_utime.tv_usec) / 1000;
+	*/
+
+	ms += (end->ru_stime.tv_sec - start->ru_stime.tv_sec) * 1000;
+	ms += (end->ru_stime.tv_usec - start->ru_stime.tv_usec) / 1000;
+
+	return ms;
+}
+
+static int cipher_perf_one(struct cipher_perf *cp, char *buf,
+			   size_t buf_size, int enc)
+{
+	struct crypt_cipher *cipher = NULL;
+	size_t done = 0, block = CIPHER_BLOCK_BYTES;
+	int r;
+
+	if (buf_size < block)
+		block = buf_size;
+
+	r = crypt_cipher_init(&cipher, cp->name, cp->mode, cp->key, cp->key_length);
+	if (r < 0) {
+		log_dbg("Cannot initialise cipher %s, mode %s.", cp->name, cp->mode);
+		return r;
+	}
+
+	while (done < buf_size) {
+		if ((done + block) > buf_size)
+			block = buf_size - done;
+
+		if (enc)
+			r = crypt_cipher_encrypt(cipher, &buf[done], &buf[done],
+						 block, cp->iv, cp->iv_length);
+		else
+			r = crypt_cipher_decrypt(cipher, &buf[done], &buf[done],
+						 block, cp->iv, cp->iv_length);
+		if (r < 0)
+			break;
+
+		done += block;
+	}
+
+	crypt_cipher_destroy(cipher);
+
+	return r;
+}
+static long cipher_measure(struct cipher_perf *cp, char *buf,
+			   size_t buf_size, int encrypt)
+{
+	struct rusage rstart, rend;
+	int r;
+
+	if (getrusage(RUSAGE_SELF, &rstart) < 0)
+		return -EINVAL;
+
+	r = cipher_perf_one(cp, buf, buf_size, encrypt);
+	if (r < 0)
+		return r;
+
+	if (getrusage(RUSAGE_SELF, &rend) < 0)
+		return -EINVAL;
+
+	return time_ms(&rstart, &rend);
+}
+
+static double speed_mbs(unsigned long bytes, unsigned long ms)
+{
+	double speed = bytes, s = ms / 1000.;
+
+	return speed / (1024 * 1024) / s;
+}
+
+static int cipher_perf(struct cipher_perf *cp,
+	double *encryption_mbs, double *decryption_mbs)
+{
+	long ms_enc, ms_dec, ms;
+	int repeat_enc, repeat_dec;
+	void *buf = NULL;
+
+	if (posix_memalign(&buf, crypt_getpagesize(), cp->buffer_size))
+		return -ENOMEM;
+
+	ms_enc = 0;
+	repeat_enc = 1;
+	while (ms_enc < 1000) {
+		ms = cipher_measure(cp, buf, cp->buffer_size, 1);
+		if (ms < 0) {
+			free(buf);
+			return (int)ms;
+		}
+		ms_enc += ms;
+		repeat_enc++;
+	}
+
+	ms_dec = 0;
+	repeat_dec = 1;
+	while (ms_dec < 1000) {
+		ms = cipher_measure(cp, buf, cp->buffer_size, 0);
+		if (ms < 0) {
+			free(buf);
+			return (int)ms;
+		}
+		ms_dec += ms;
+		repeat_dec++;
+	}
+
+	free(buf);
+
+	*encryption_mbs = speed_mbs(cp->buffer_size * repeat_enc, ms_enc);
+	*decryption_mbs = speed_mbs(cp->buffer_size * repeat_dec, ms_dec);
+
+	return  0;
+}
+
+int crypt_benchmark(struct crypt_device *cd,
+	const char *cipher,
+	const char *cipher_mode,
+	size_t volume_key_size,
+	size_t iv_size,
+	size_t buffer_size,
+	double *encryption_mbs,
+	double *decryption_mbs)
+{
+	struct cipher_perf cp = {
+		.key_length = volume_key_size,
+		.iv_length = iv_size,
+		.buffer_size = buffer_size,
+	};
+	char *c;
+	int r;
+
+	if (!cipher || !cipher_mode || !volume_key_size)
+		return -EINVAL;
+
+	r = init_crypto(cd);
+	if (r < 0)
+		return r;
+
+	r = -ENOMEM;
+	if (iv_size) {
+		cp.iv = malloc(iv_size);
+		if (!cp.iv)
+			goto out;
+		crypt_random_get(cd, cp.iv, iv_size, CRYPT_RND_NORMAL);
+	}
+
+	cp.key = malloc(volume_key_size);
+	if (!cp.key)
+		goto out;
+
+	crypt_random_get(cd, cp.key, volume_key_size, CRYPT_RND_NORMAL);
+	strncpy(cp.name, cipher, sizeof(cp.name)-1);
+	strncpy(cp.mode, cipher_mode, sizeof(cp.mode)-1);
+
+	/* Ignore IV generator */
+	if ((c  = strchr(cp.mode, '-')))
+		*c = '\0';
+
+	r = cipher_perf(&cp, encryption_mbs, decryption_mbs);
+out:
+	free(cp.key);
+	free(cp.iv);
+	return r;
+}
+
+int crypt_benchmark_kdf(struct crypt_device *cd,
+	const char *kdf,
+	const char *hash,
+	const char *password,
+	size_t password_size,
+	const char *salt,
+	size_t salt_size,
+	uint64_t *iterations_sec)
+{
+	int r;
+
+	if (!iterations_sec)
+		return -EINVAL;
+
+	r = init_crypto(cd);
+	if (r < 0)
+		return r;
+
+	if (!strncmp(kdf, "pbkdf2", 6))
+		r = crypt_pbkdf_check(kdf, hash, password, password_size,
+				      salt, salt_size, iterations_sec);
+	else
+		r = -EINVAL;
+
+	if (!r)
+		log_dbg("KDF %s, hash %s: %" PRIu64 " iterations per second.",
+			kdf, hash, *iterations_sec);
+	return r;
+}
--- a/lib/utils_crypt.c
+++ b/lib/utils_crypt.c
@@ -3,10 +3,12 @@
 *
 * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
 * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -92,7 +94,9 @@ void *crypt_safe_alloc(size_t size)
 		return NULL;

 	alloc->size = size;
+	memset(&alloc->data, 0, size);

+	/* coverity[leaked_storage] */
 	return &alloc->data;
 }

@@ -261,6 +265,49 @@ out_err:
 	return r;
 }

+/*
+ * A simple call to lseek(3) might not be possible for some inputs (e.g.
+ * reading from a pipe), so this function instead reads of up to BUFSIZ bytes
+ * at a time until the specified number of bytes. It returns -1 on read error
+ * or when it reaches EOF before the requested number of bytes have been
+ * discarded.
+ */
+static int keyfile_seek(int fd, size_t bytes)
+{
+	char tmp[BUFSIZ];
+	size_t next_read;
+	ssize_t bytes_r;
+	off_t r;
+
+	r = lseek(fd, bytes, SEEK_CUR);
+	if (r > 0)
+		return 0;
+	if (r < 0 && errno != ESPIPE)
+		return -1;
+
+	while (bytes > 0) {
+		/* figure out how much to read */
+		next_read = bytes > sizeof(tmp) ? sizeof(tmp) : bytes;
+
+		bytes_r = read(fd, tmp, next_read);
+		if (bytes_r < 0) {
+			if (errno == EINTR)
+				continue;
+
+			/* read error */
+			return -1;
+		}
+
+		if (bytes_r == 0)
+			/* EOF */
+			break;
+
+		bytes -= bytes_r;
+	}
+
+	return bytes == 0 ? 0 : -1;
+}
+
 /*
 * Note: --key-file=- is interpreted as a read from a binary file (stdin)
 * key_size_max == 0 means detect maximum according to input type (tty/file)
@@ -274,7 +321,7 @@ int crypt_get_key(const char *prompt,
 {
 	int fd, regular_file, read_stdin, char_read, unlimited_read = 0;
 	int r = -EINVAL;
-	char *pass = NULL, tmp;
+	char *pass = NULL;
 	size_t buflen, i, file_read_size;
 	struct stat st;

@@ -342,11 +389,10 @@ int crypt_get_key(const char *prompt,
 	}

 	/* Discard keyfile_offset bytes on input */
-	for(i = 0; i < keyfile_offset; i++)
-		if (read(fd, &tmp, 1) != 1) {
-			log_err(cd, _("Cannot seek to requested keyfile offset.\n"));
-			goto out_err;
-		}
+	if (keyfile_offset && keyfile_seek(fd, keyfile_offset) < 0) {
+		log_err(cd, _("Cannot seek to requested keyfile offset.\n"));
+		goto out_err;
+	}

 	for(i = 0; i < keyfile_size_max; i++) {
 		if(i == buflen) {
@@ -467,10 +513,13 @@ int crypt_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size)
 		break;
 	case 't':
 	case 'T': mult *= mult_base;
+		 /* Fall through */
 	case 'g':
 	case 'G': mult *= mult_base;
+		 /* Fall through */
 	case 'm':
 	case 'M': mult *= mult_base;
+		 /* Fall through */
 	case 'k':
 	case 'K': mult *= mult_base;
 		break;
--- a/lib/utils_crypt.h
+++ b/lib/utils_crypt.h
@@ -3,10 +3,12 @@
 *
 * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
 * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -26,6 +28,7 @@

 #define MAX_CIPHER_LEN		32
 #define MAX_CIPHER_LEN_STR	"32"
+#define MAX_KEYFILES		32

 struct crypt_device;

--- a/lib/utils_device.c
+++ b/lib/utils_device.c
@@ -0,0 +1,442 @@
+/*
+ * device backend utilities
+ *
+ * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <linux/fs.h>
+#include <unistd.h>
+#include "internal.h"
+
+struct device {
+	char *path;
+
+	char *file_path;
+	int loop_fd;
+
+	int init_done:1;
+};
+
+static int device_ready(const char *device)
+{
+	int devfd, r = 0;
+	struct stat st;
+
+	log_dbg("Trying to open and read device %s.", device);
+	devfd = open(device, O_RDONLY);
+	if (devfd < 0) {
+		log_err(NULL, _("Device %s doesn't exist or access denied.\n"), device);
+		return -EINVAL;
+	}
+	if (fstat(devfd, &st) < 0)
+		r = -EINVAL;
+	else if (!S_ISBLK(st.st_mode))
+		r = S_ISREG(st.st_mode) ? -ENOTBLK : -EINVAL;
+
+	close(devfd);
+	return r;
+}
+
+int device_open(struct device *device, int flags)
+{
+	int devfd;
+
+	devfd = open(device_path(device), flags | O_DIRECT | O_SYNC);
+	if (devfd < 0 && errno == EINVAL) {
+		log_dbg("Trying to open device %s without direct-io.",
+			device_path(device));
+		devfd = open(device_path(device), flags | O_SYNC);
+	}
+
+	return devfd;
+}
+
+int device_alloc(struct device **device, const char *path)
+{
+	struct device *dev;
+	int r;
+
+	if (!path) {
+		*device = NULL;
+		return 0;
+	}
+
+	dev = malloc(sizeof(struct device));
+	if (!dev)
+		return -ENOMEM;
+
+	memset(dev, 0, sizeof(struct device));
+	dev->loop_fd = -1;
+
+	r = device_ready(path);
+	if (!r) {
+		dev->init_done = 1;
+	} else if (r == -ENOTBLK) {
+		/* alloc loop later */
+	} else if (r < 0) {
+		free(dev);
+		return -ENOTBLK;
+	}
+
+	dev->path = strdup(path);
+	if (!dev->path) {
+		free(dev);
+		return -ENOMEM;
+	}
+
+	*device = dev;
+	return 0;
+}
+
+void device_free(struct device *device)
+{
+	if (!device)
+		return;
+
+	if (device->loop_fd != -1) {
+		log_dbg("Closed loop %s (%s).", device->path, device->file_path);
+		close(device->loop_fd);
+	}
+
+	free(device->file_path);
+	free(device->path);
+	free(device);
+}
+
+/* Get block device path */
+const char *device_block_path(const struct device *device)
+{
+	if (!device || !device->init_done)
+		return NULL;
+
+	return device->path;
+}
+
+/* Get path to device / file */
+const char *device_path(const struct device *device)
+{
+	if (!device)
+		return NULL;
+
+	if (device->file_path)
+		return device->file_path;
+
+	return device->path;
+}
+
+/* block device topology ioctls, introduced in 2.6.32 */
+#ifndef BLKIOMIN
+#define BLKIOMIN    _IO(0x12,120)
+#define BLKIOOPT    _IO(0x12,121)
+#define BLKALIGNOFF _IO(0x12,122)
+#endif
+
+void device_topology_alignment(struct device *device,
+			    unsigned long *required_alignment, /* bytes */
+			    unsigned long *alignment_offset,   /* bytes */
+			    unsigned long default_alignment)
+{
+	int dev_alignment_offset = 0;
+	unsigned int min_io_size = 0, opt_io_size = 0;
+	unsigned long temp_alignment = 0;
+	int fd;
+
+	*required_alignment = default_alignment;
+	*alignment_offset = 0;
+
+	if (!device || !device->path) //FIXME
+		return;
+
+	fd = open(device->path, O_RDONLY);
+	if (fd == -1)
+		return;
+
+	/* minimum io size */
+	if (ioctl(fd, BLKIOMIN, &min_io_size) == -1) {
+		log_dbg("Topology info for %s not supported, using default offset %lu bytes.",
+			device->path, default_alignment);
+		goto out;
+	}
+
+	/* optimal io size */
+	if (ioctl(fd, BLKIOOPT, &opt_io_size) == -1)
+		opt_io_size = min_io_size;
+
+	/* alignment offset, bogus -1 means misaligned/unknown */
+	if (ioctl(fd, BLKALIGNOFF, &dev_alignment_offset) == -1 || dev_alignment_offset < 0)
+		dev_alignment_offset = 0;
+	*alignment_offset = (unsigned long)dev_alignment_offset;
+
+	temp_alignment = (unsigned long)min_io_size;
+
+	if (temp_alignment < (unsigned long)opt_io_size)
+		temp_alignment = (unsigned long)opt_io_size;
+
+	/* If calculated alignment is multiple of default, keep default */
+	if (temp_alignment && (default_alignment % temp_alignment))
+		*required_alignment = temp_alignment;
+
+	log_dbg("Topology: IO (%u/%u), offset = %lu; Required alignment is %lu bytes.",
+		min_io_size, opt_io_size, *alignment_offset, *required_alignment);
+out:
+	(void)close(fd);
+}
+
+int device_block_size(struct device *device)
+{
+	struct stat st;
+	int fd, bsize = 0, r = -EINVAL;
+
+	if (!device)
+		return 0;
+
+	fd = open(device->path, O_RDONLY);
+	if(fd < 0)
+		return -EINVAL;
+
+	if (fstat(fd, &st) < 0)
+		goto out;
+
+	if (S_ISREG(st.st_mode)) {
+		r = (int)crypt_getpagesize();
+		goto out;
+	}
+
+	if (ioctl(fd, BLKSSZGET, &bsize) >= 0)
+		r = bsize;
+out:
+	close(fd);
+	return r;
+}
+
+int device_read_ahead(struct device *device, uint32_t *read_ahead)
+{
+	int fd, r = 0;
+	long read_ahead_long;
+
+	if (!device)
+		return 0;
+
+	if ((fd = open(device->path, O_RDONLY)) < 0)
+		return 0;
+
+	r = ioctl(fd, BLKRAGET, &read_ahead_long) ? 0 : 1;
+	close(fd);
+
+	if (r)
+		*read_ahead = (uint32_t) read_ahead_long;
+
+	return r;
+}
+
+/* Get data size in bytes */
+int device_size(struct device *device, uint64_t *size)
+{
+	struct stat st;
+	int devfd, r = -EINVAL;
+
+	devfd = open(device->path, O_RDONLY);
+	if(devfd == -1)
+		return -EINVAL;
+
+	if (fstat(devfd, &st) < 0)
+		goto out;
+
+	if (S_ISREG(st.st_mode)) {
+		*size = (uint64_t)st.st_size;
+		r = 0;
+	} else if (ioctl(devfd, BLKGETSIZE64, size) >= 0)
+		r = 0;
+out:
+	close(devfd);
+	return r;
+}
+
+static int device_info(struct device *device,
+			enum devcheck device_check,
+			int *readonly, uint64_t *size)
+{
+	struct stat st;
+	int fd, r = -EINVAL, flags = 0;
+
+	*readonly = 0;
+	*size = 0;
+
+	if (stat(device->path, &st) < 0)
+		return -EINVAL;
+
+	/* never wipe header on mounted device */
+	if (device_check == DEV_EXCL && S_ISBLK(st.st_mode))
+		flags |= O_EXCL;
+
+	/* Try to open read-write to check whether it is a read-only device */
+	/* coverity[toctou] */
+	fd = open(device->path, O_RDWR | flags);
+	if (fd == -1 && errno == EROFS) {
+		*readonly = 1;
+		fd = open(device->path, O_RDONLY | flags);
+	}
+
+	if (fd == -1 && device_check == DEV_EXCL && errno == EBUSY)
+		return -EBUSY;
+
+	if (fd == -1)
+		return -EINVAL;
+
+	if (S_ISREG(st.st_mode)) {
+		//FIXME: add readonly check
+		*size = (uint64_t)st.st_size;
+		*size >>= SECTOR_SHIFT;
+	} else {
+		/* If the device can be opened read-write, i.e. readonly is still 0, then
+		 * check whether BKROGET says that it is read-only. E.g. read-only loop
+		 * devices may be openend read-write but are read-only according to BLKROGET
+		 */
+		if (*readonly == 0 && (r = ioctl(fd, BLKROGET, readonly)) < 0)
+			goto out;
+
+		if (ioctl(fd, BLKGETSIZE64, size) >= 0) {
+			*size >>= SECTOR_SHIFT;
+			r = 0;
+			goto out;
+		}
+	}
+	r = -EINVAL;
+out:
+	close(fd);
+	return r;
+}
+
+static int device_internal_prepare(struct crypt_device *cd, struct device *device)
+{
+	char *loop_device;
+	int r, loop_fd, readonly = 0;
+
+	if (device->init_done)
+		return 0;
+
+	log_dbg("Allocating a free loop device.");
+	loop_device = crypt_loop_get_device();
+	if (!loop_device) {
+		if (getuid() || geteuid())
+			log_err(cd, _("Cannot use a loopback device, "
+				      "running as non-root user.\n"));
+		else
+			log_err(cd, _("Cannot find a free loopback device.\n"));
+		return -ENOTSUP;
+	}
+
+	/* Keep the loop open, dettached on last close. */
+	loop_fd = crypt_loop_attach(loop_device, device->path, 0, 1, &readonly);
+	if (loop_fd == -1) {
+		log_err(cd, _("Attaching loopback device failed "
+			"(loop device with autoclear flag is required).\n"));
+		free(loop_device);
+		return -EINVAL;
+	}
+
+	r = device_ready(loop_device);
+	if (r < 0) {
+		free(loop_device);
+		return r;
+	}
+
+	device->loop_fd = loop_fd;
+	device->file_path = device->path;
+	device->path = loop_device;
+	device->init_done = 1;
+
+	return 0;
+}
+
+int device_block_adjust(struct crypt_device *cd,
+			struct device *device,
+			enum devcheck device_check,
+			uint64_t device_offset,
+			uint64_t *size,
+			uint32_t *flags)
+{
+	int r, real_readonly;
+	uint64_t real_size;
+
+	if (!device)
+		return -ENOTBLK;
+
+	r = device_internal_prepare(cd, device);
+	if (r)
+		return r;
+
+	r = device_info(device, device_check, &real_readonly, &real_size);
+	if (r < 0) {
+		if (r == -EBUSY)
+			log_err(cd, _("Cannot use device %s which is in use "
+				      "(already mapped or mounted).\n"),
+				      device->path);
+		else
+			log_err(cd, _("Cannot get info about device %s.\n"),
+				device->path);
+		return r;
+	}
+
+	if (device_offset >= real_size) {
+		log_err(cd, _("Requested offset is beyond real size of device %s.\n"),
+			device->path);
+		return -EINVAL;
+	}
+
+	if (size && !*size) {
+		*size = real_size;
+		if (!*size) {
+			log_err(cd, _("Device %s has zero size.\n"), device->path);
+			return -ENOTBLK;
+		}
+		*size -= device_offset;
+	}
+
+	/* in case of size is set by parameter */
+	if (size && ((real_size - device_offset) < *size)) {
+		log_dbg("Device %s: offset = %" PRIu64 " requested size = %" PRIu64
+			", backing device size = %" PRIu64,
+			device->path, device_offset, *size, real_size);
+		log_err(cd, _("Device %s is too small.\n"), device->path);
+		return -EINVAL;
+	}
+
+	if (flags && real_readonly)
+		*flags |= CRYPT_ACTIVATE_READONLY;
+
+	if (size)
+		log_dbg("Calculated device size is %" PRIu64" sectors (%s), offset %" PRIu64 ".",
+		*size, real_readonly ? "RO" : "RW", device_offset);
+	return 0;
+}
+
+size_t size_round_up(size_t size, unsigned int block)
+{
+	size_t s = (size + (block - 1)) / block;
+	return s * block;
+}
--- a/lib/utils_devpath.c
+++ b/lib/utils_devpath.c
@@ -4,10 +4,12 @@
 * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
 * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
 * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2013, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -26,12 +28,12 @@
 #include <dirent.h>
 #include <fcntl.h>
 #include <errno.h>
+#include <limits.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include "utils_dm.h"

 char *crypt_lookup_dev(const char *dev_id);
-int crypt_sysfs_check_crypt_segment(const char *device, uint64_t offset, uint64_t size);
 int crypt_sysfs_get_rotational(int major, int minor, int *rotational);

 static char *__lookup_dev(char *path, dev_t dev, int dir_level, const int max_level)
@@ -135,7 +137,7 @@ char *crypt_lookup_dev(const char *dev_id)
 	if (snprintf(path, sizeof(path), "/sys/dev/block/%s", dev_id) < 0)
 		return NULL;

-	len = readlink(path, link, sizeof(link));
+	len = readlink(path, link, sizeof(link) - 1);
 	if (len < 0) {
 		/* Without /sys use old scan */
 		if (stat("/sys/dev/block", &st) < 0)
@@ -168,82 +170,6 @@ char *crypt_lookup_dev(const char *dev_id)
 	return devpath;
 }

-static int crypt_sysfs_get_major_minor(const char *kname, int *major, int *minor)
-{
-	char path[PATH_MAX], tmp[64] = {0};
-	int fd, r = 0;
-
-	if (snprintf(path, sizeof(path), "/sys/block/%s/dev", kname) < 0)
-		return 0;
-
-	if ((fd = open(path, O_RDONLY)) < 0)
-		return 0;
-	r = read(fd, tmp, sizeof(tmp));
-	close(fd);
-
-	if (r <= 0)
-		return 0;
-
-	tmp[63] = '\0';
-	if (sscanf(tmp, "%d:%d", major, minor) != 2)
-		return 0;
-
-	return 1;
-}
-
-static int crypt_sysfs_get_holders_dir(const char *device, char *path, int size)
-{
-	struct stat st;
-
-	if (stat(device, &st) < 0 || !S_ISBLK(st.st_mode))
-		return 0;
-
-	if (snprintf(path, size, "/sys/dev/block/%d:%d/holders",
-		     major(st.st_rdev), minor(st.st_rdev)) < 0)
-		return 0;
-
-	return 1;
-}
-
-int crypt_sysfs_check_crypt_segment(const char *device, uint64_t offset, uint64_t size)
-{
-	DIR *dir;
-	struct dirent *d;
-	char path[PATH_MAX], *dmname;
-	int major, minor, r = 0;
-
-	if (!crypt_sysfs_get_holders_dir(device, path, sizeof(path)))
-		return -EINVAL;
-
-	if (!(dir = opendir(path)))
-		return -EINVAL;
-
-	while (!r && (d = readdir(dir))) {
-		if (!strcmp(d->d_name, ".") || !strcmp(d->d_name, ".."))
-			continue;
-
-		if (!dm_is_dm_kernel_name(d->d_name)) {
-			r = -EBUSY;
-			break;
-		}
-
-		if (!crypt_sysfs_get_major_minor(d->d_name, &major, &minor)) {
-			r = -EINVAL;
-			break;
-		}
-
-		if (!(dmname = dm_device_path(NULL, major, minor))) {
-			r = -EINVAL;
-			break;
-		}
-		r = dm_check_segment(dmname, offset, size);
-		free(dmname);
-	}
-	closedir(dir);
-
-	return r;
-}
-
 int crypt_sysfs_get_rotational(int major, int minor, int *rotational)
 {
 	char path[PATH_MAX], tmp[64] = {0};
--- a/lib/utils_dm.h
+++ b/lib/utils_dm.h
@@ -4,10 +4,12 @@
 * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
 * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
 * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -28,6 +30,7 @@
 struct crypt_device;
 struct volume_key;
 struct crypt_params_verity;
+struct device;

 /* Device mapper backend - kernel support flags */
 #define DM_KEY_WIPE_SUPPORTED (1 << 0)	/* key wipe message */
@@ -54,7 +57,7 @@ struct crypt_dm_active_device {
 	uint64_t size;		/* active device size */
 	uint32_t flags;		/* activation flags */
 	const char *uuid;
-	const char *data_device;
+	struct device *data_device;
 	union {
 	struct {
 		const char *cipher;
@@ -67,7 +70,7 @@ struct crypt_dm_active_device {
 		uint64_t iv_offset;	/* IV initilisation sector */
 	} crypt;
 	struct {
-		const char *hash_device;
+		struct device *hash_device;

 		const char *root_hash;
 		uint32_t root_hash_size;
@@ -78,26 +81,28 @@ struct crypt_dm_active_device {
 	} u;
 };

+void dm_backend_init(void);
+void dm_backend_exit(void);
+
+int dm_remove_device(struct crypt_device *cd, const char *name,
+		     int force, uint64_t size);
+int dm_status_device(struct crypt_device *cd, const char *name);
+int dm_status_suspended(struct crypt_device *cd, const char *name);
+int dm_status_verity_ok(struct crypt_device *cd, const char *name);
+int dm_query_device(struct crypt_device *cd, const char *name,
+		    uint32_t get_flags, struct crypt_dm_active_device *dmd);
+int dm_create_device(struct crypt_device *cd, const char *name,
+		     const char *type, struct crypt_dm_active_device *dmd,
+		     int reload);
+int dm_suspend_and_wipe_key(struct crypt_device *cd, const char *name);
+int dm_resume_and_reinstate_key(struct crypt_device *cd, const char *name,
+				size_t key_size, const char *key);
+
 const char *dm_get_dir(void);
-int dm_init(struct crypt_device *context, int check_kernel);
-void dm_exit(void);
-int dm_remove_device(const char *name, int force, uint64_t size);
-int dm_status_device(const char *name);
-int dm_status_suspended(const char *name);
-int dm_status_verity_ok(const char *name);
-int dm_query_device(const char *name, uint32_t get_flags,
-		    struct crypt_dm_active_device *dmd);
-int dm_create_device(const char *name,
-		      const char *type,
-		      struct crypt_dm_active_device *dmd,
-		      int reload);
-int dm_suspend_and_wipe_key(const char *name);
-int dm_resume_and_reinstate_key(const char *name,
-				size_t key_size,
-				const char *key);
-char *dm_device_path(const char *prefix, int major, int minor);
+
+/* These are DM helpers used only by utils_devpath file */
 int dm_is_dm_device(int major, int minor);
 int dm_is_dm_kernel_name(const char *name);
-int dm_check_segment(const char *name, uint64_t offset, uint64_t size);
+char *dm_device_path(const char *prefix, int major, int minor);

 #endif /* _UTILS_DM_H */
--- a/lib/utils_fips.c
+++ b/lib/utils_fips.c
@@ -5,7 +5,8 @@
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/lib/utils_fips.h
+++ b/lib/utils_fips.h
@@ -5,7 +5,8 @@
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/lib/utils_loop.c
+++ b/lib/utils_loop.c
@@ -2,10 +2,12 @@
 * loopback block device utilities
 *
 * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -25,6 +27,7 @@
 #include <limits.h>
 #include <sys/ioctl.h>
 #include <sys/stat.h>
+#include <sys/types.h>
 #include <linux/loop.h>

 #include "utils_loop.h"
@@ -43,13 +46,10 @@ static char *crypt_loop_get_device_old(void)
 {
 	char dev[20];
 	int i, loop_fd;
-	struct stat st;
 	struct loop_info64 lo64 = {0};

 	for (i = 0; i < 256; i++) {
 		sprintf(dev, "/dev/loop%d", i);
-		if (stat(dev, &st) || !S_ISBLK(st.st_mode))
-			return NULL;

 		loop_fd = open(dev, O_RDONLY);
 		if (loop_fd < 0)
--- a/lib/utils_loop.h
+++ b/lib/utils_loop.h
@@ -5,7 +5,8 @@
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/lib/utils_wipe.c
+++ b/lib/utils_wipe.c
@@ -3,10 +3,12 @@
 *
 * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
 * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -34,18 +36,20 @@

 #define MAXIMUM_WIPE_BYTES	1024 * 1024 * 32 /* 32 MiB */

-static ssize_t _crypt_wipe_zero(int fd, char *buffer, uint64_t offset, uint64_t size)
+static ssize_t _crypt_wipe_zero(int fd, int bsize, char *buffer,
+				uint64_t offset, uint64_t size)
 {
 	memset(buffer, 0, size);
-	return write_lseek_blockwise(fd, buffer, size, offset);
+	return write_lseek_blockwise(fd, bsize, buffer, size, offset);
 }

-static ssize_t _crypt_wipe_random(int fd, char *buffer, uint64_t offset, uint64_t size)
+static ssize_t _crypt_wipe_random(int fd, int bsize, char *buffer,
+				  uint64_t offset, uint64_t size)
 {
 	if (crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL) < 0)
 		return -EINVAL;

-	return write_lseek_blockwise(fd, buffer, size, offset);
+	return write_lseek_blockwise(fd, bsize, buffer, size, offset);
 }

 /*
@@ -74,7 +78,8 @@ static void wipeSpecial(char *buffer, size_t buffer_size, unsigned int turn)
 	}
 }

-static ssize_t _crypt_wipe_disk(int fd, char *buffer, uint64_t offset, uint64_t size)
+static ssize_t _crypt_wipe_disk(int fd, int bsize, char *buffer,
+				uint64_t offset, uint64_t size)
 {
 	int r;
 	unsigned int i;
@@ -95,22 +100,23 @@ static ssize_t _crypt_wipe_disk(int fd, char *buffer, uint64_t offset, uint64_t
 		if (r < 0)
 			return r;

-		written = write_lseek_blockwise(fd, buffer, size, offset);
+		written = write_lseek_blockwise(fd, bsize, buffer, size, offset);
 		if (written < 0 || written != (ssize_t)size)
 			return written;
 	}

 	/* Rewrite it finally with random */
-	return _crypt_wipe_random(fd, buffer, offset, size);
+	return _crypt_wipe_random(fd, bsize, buffer, offset, size);
 }

-static ssize_t _crypt_wipe_ssd(int fd, char *buffer, uint64_t offset, uint64_t size)
+static ssize_t _crypt_wipe_ssd(int fd, int bsize, char *buffer,
+			       uint64_t offset, uint64_t size)
 {
 	// FIXME: for now just rewrite it by random
-	return _crypt_wipe_random(fd, buffer, offset, size);
+	return _crypt_wipe_random(fd, bsize, buffer, offset, size);
 }

-int crypt_wipe(const char *device,
+int crypt_wipe(struct device *device,
 	       uint64_t offset,
 	       uint64_t size,
 	       crypt_wipe_type type,
@@ -118,21 +124,22 @@ int crypt_wipe(const char *device,
 {
 	struct stat st;
 	char *buffer;
-	int devfd, flags, rotational;
+	int devfd, flags, rotational, bsize;
 	ssize_t written;

 	if (!size || size % SECTOR_SIZE || (size > MAXIMUM_WIPE_BYTES)) {
 		log_dbg("Unsuported wipe size for device %s: %ld.",
-			device, (unsigned long)size);
+			device_path(device), (unsigned long)size);
 		return -EINVAL;
 	}

-	if (stat(device, &st) < 0) {
-		log_dbg("Device %s not found.", device);
+	if (stat(device_path(device), &st) < 0) {
+		log_dbg("Device %s not found.", device_path(device));
 		return -EINVAL;
 	}

-	if (type == CRYPT_WIPE_DISK) {
+	if (type == CRYPT_WIPE_DISK && S_ISBLK(st.st_mode)) {
+		rotational = 0;
 		if (!crypt_sysfs_get_rotational(major(st.st_rdev),
 						minor(st.st_rdev),
 						&rotational))
@@ -142,35 +149,40 @@ int crypt_wipe(const char *device,
 			type = CRYPT_WIPE_SSD;
 	}

+	bsize = device_block_size(device);
+	if (bsize <= 0)
+		return -EINVAL;
+
 	buffer = malloc(size);
 	if (!buffer)
 		return -ENOMEM;

-	flags = O_RDWR | O_DIRECT | O_SYNC;
+	flags = O_RDWR;

 	/* use O_EXCL only for block devices */
 	if (exclusive && S_ISBLK(st.st_mode))
 		flags |= O_EXCL;

-	devfd = open(device, flags);
+	/* coverity[toctou] */
+	devfd = device_open(device, flags);
 	if (devfd == -1) {
 		free(buffer);
-		return errno == EBUSY ? -EBUSY : -EINVAL;
+		return errno ? -errno : -EINVAL;
 	}

 	// FIXME: use fixed block size and loop here
 	switch (type) {
 		case CRYPT_WIPE_ZERO:
-			written = _crypt_wipe_zero(devfd, buffer, offset, size);
+			written = _crypt_wipe_zero(devfd, bsize, buffer, offset, size);
 			break;
 		case CRYPT_WIPE_DISK:
-			written = _crypt_wipe_disk(devfd, buffer, offset, size);
+			written = _crypt_wipe_disk(devfd, bsize, buffer, offset, size);
 			break;
 		case CRYPT_WIPE_SSD:
-			written = _crypt_wipe_ssd(devfd, buffer, offset, size);
+			written = _crypt_wipe_ssd(devfd, bsize, buffer, offset, size);
 			break;
 		case CRYPT_WIPE_RANDOM:
-			written = _crypt_wipe_random(devfd, buffer, offset, size);
+			written = _crypt_wipe_random(devfd, bsize, buffer, offset, size);
 			break;
 		default:
 			log_dbg("Unsuported wipe type requested: (%d)", type);
--- a/lib/verity/Makefile.am
+++ b/lib/verity/Makefile.am
@@ -9,7 +9,7 @@ libverity_la_SOURCES = \
 	verity.c \
 	verity.h

-INCLUDES = -D_GNU_SOURCE			\
+AM_CPPFLAGS = -D_GNU_SOURCE			\
 	-D_LARGEFILE64_SOURCE                   \
 	-D_FILE_OFFSET_BITS=64                  \
        -I$(top_srcdir)/lib			\
--- a/lib/verity/verity.c
+++ b/lib/verity/verity.c
@@ -3,17 +3,18 @@
 *
 * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

@@ -52,20 +53,22 @@ struct verity_sb {

 /* Read verity superblock from disk */
 int VERITY_read_sb(struct crypt_device *cd,
-		   const char *device,
 		   uint64_t sb_offset,
 		   char **uuid_string,
 		   struct crypt_params_verity *params)
 {
+	struct device *device = crypt_metadata_device(cd);
+	int bsize = device_block_size(device);
 	struct verity_sb sb = {};
 	ssize_t hdr_size = sizeof(struct verity_sb);
 	int devfd = 0, sb_version;

 	log_dbg("Reading VERITY header of size %u on device %s, offset %" PRIu64 ".",
-		sizeof(struct verity_sb), device, sb_offset);
+		sizeof(struct verity_sb), device_path(device), sb_offset);

 	if (params->flags & CRYPT_VERITY_NO_HEADER) {
-		log_err(cd, _("Verity device doesn't use on-disk header.\n"), device);
+		log_err(cd, _("Verity device doesn't use on-disk header.\n"),
+			device_path(device));
 		return -EINVAL;
 	}

@@ -74,21 +77,22 @@ int VERITY_read_sb(struct crypt_device *cd,
 		return -EINVAL;
 	}

-	devfd = open(device ,O_RDONLY | O_DIRECT);
+	devfd = device_open(device, O_RDONLY);
 	if(devfd == -1) {
-		log_err(cd, _("Cannot open device %s.\n"), device);
+		log_err(cd, _("Cannot open device %s.\n"), device_path(device));
 		return -EINVAL;
 	}

 	if(lseek(devfd, sb_offset, SEEK_SET) < 0 ||
-	   read_blockwise(devfd, &sb, hdr_size) < hdr_size) {
+	   read_blockwise(devfd, bsize, &sb, hdr_size) < hdr_size) {
 		close(devfd);
 		return -EIO;
 	}
 	close(devfd);

 	if (memcmp(sb.signature, VERITY_SIGNATURE, sizeof(sb.signature))) {
-		log_err(cd, _("Device %s is not a valid VERITY device.\n"), device);
+		log_err(cd, _("Device %s is not a valid VERITY device.\n"),
+			device_path(device));
 		return -EINVAL;
 	}

@@ -144,32 +148,35 @@ int VERITY_read_sb(struct crypt_device *cd,

 /* Write verity superblock to disk */
 int VERITY_write_sb(struct crypt_device *cd,
-		   const char *device,
 		   uint64_t sb_offset,
 		   const char *uuid_string,
 		   struct crypt_params_verity *params)
 {
+	struct device *device = crypt_metadata_device(cd);
+	int bsize = device_block_size(device);
 	struct verity_sb sb = {};
 	ssize_t hdr_size = sizeof(struct verity_sb);
 	uuid_t uuid;
 	int r, devfd = 0;

 	log_dbg("Updating VERITY header of size %u on device %s, offset %" PRIu64 ".",
-		sizeof(struct verity_sb), device, sb_offset);
+		sizeof(struct verity_sb), device_path(device), sb_offset);

 	if (!uuid_string || uuid_parse(uuid_string, uuid) == -1) {
-		log_err(cd, _("Wrong VERITY UUID format provided.\n"), device);
+		log_err(cd, _("Wrong VERITY UUID format provided.\n"),
+			device_path(device));
 		return -EINVAL;
 	}

 	if (params->flags & CRYPT_VERITY_NO_HEADER) {
-		log_err(cd, _("Verity device doesn't use on-disk header.\n"), device);
+		log_err(cd, _("Verity device doesn't use on-disk header.\n"),
+			device_path(device));
 		return -EINVAL;
 	}

-	devfd = open(device, O_RDWR | O_DIRECT);
+	devfd = device_open(device, O_RDWR);
 	if(devfd == -1) {
-		log_err(cd, _("Cannot open device %s.\n"), device);
+		log_err(cd, _("Cannot open device %s.\n"), device_path(device));
 		return -EINVAL;
 	}

@@ -184,9 +191,10 @@ int VERITY_write_sb(struct crypt_device *cd,
 	memcpy(sb.salt, params->salt, params->salt_size);
 	memcpy(sb.uuid, uuid, sizeof(sb.uuid));

-	r = write_lseek_blockwise(devfd, (char*)&sb, hdr_size, sb_offset) < hdr_size ? -EIO : 0;
+	r = write_lseek_blockwise(devfd, bsize, (char*)&sb, hdr_size, sb_offset) < hdr_size ? -EIO : 0;
 	if (r)
-		log_err(cd, _("Error during update of verity header on device %s.\n"), device);
+		log_err(cd, _("Error during update of verity header on device %s.\n"),
+			device_path(device));
 	close(devfd);

 	return r;
@@ -220,14 +228,12 @@ int VERITY_UUID_generate(struct crypt_device *cd, char **uuid_string)
 /* Activate verity device in kernel device-mapper */
 int VERITY_activate(struct crypt_device *cd,
 		     const char *name,
-		     const char *hash_device,
 		     const char *root_hash,
 		     size_t root_hash_size,
 		     struct crypt_params_verity *verity_hdr,
 		     uint32_t activation_flags)
 {
 	struct crypt_dm_active_device dmd;
-	uint64_t offset = 0;
 	int r;

 	log_dbg("Trying to activate VERITY device %s using hash %s.",
@@ -236,7 +242,6 @@ int VERITY_activate(struct crypt_device *cd,
 	if (verity_hdr->flags & CRYPT_VERITY_CHECK_HASH) {
 		log_dbg("Verification of data in userspace required.");
 		r = VERITY_verify(cd, verity_hdr,
-				  crypt_get_device_name(cd), hash_device,
 				  root_hash, root_hash_size);
 		if (r < 0)
 			return r;
@@ -246,8 +251,8 @@ int VERITY_activate(struct crypt_device *cd,
 		return 0;

 	dmd.target = DM_VERITY;
-	dmd.data_device = crypt_get_device_name(cd);
-	dmd.u.verity.hash_device = hash_device;
+	dmd.data_device = crypt_data_device(cd);
+	dmd.u.verity.hash_device = crypt_metadata_device(cd);
 	dmd.u.verity.root_hash = root_hash;
 	dmd.u.verity.root_hash_size = root_hash_size;
 	dmd.u.verity.hash_offset = VERITY_hash_offset_block(verity_hdr),
@@ -256,20 +261,25 @@ int VERITY_activate(struct crypt_device *cd,
 	dmd.uuid = crypt_get_uuid(cd);
 	dmd.u.verity.vp = verity_hdr;

-	r = device_check_and_adjust(cd, dmd.data_device, DEV_EXCL,
-				    &dmd.size, &offset, &dmd.flags);
+	r = device_block_adjust(cd, dmd.u.verity.hash_device, DEV_OK,
+				0, NULL, NULL);
 	if (r)
 		return r;

-	r = dm_create_device(name, CRYPT_VERITY, &dmd, 0);
-	if (!r && !(dm_flags() & DM_VERITY_SUPPORTED)) {
+	r = device_block_adjust(cd, dmd.data_device, DEV_EXCL,
+				0, &dmd.size, &dmd.flags);
+	if (r)
+		return r;
+
+	r = dm_create_device(cd, name, CRYPT_VERITY, &dmd, 0);
+	if (r < 0 && !(dm_flags() & DM_VERITY_SUPPORTED)) {
 		log_err(cd, _("Kernel doesn't support dm-verity mapping.\n"));
 		return -ENOTSUP;
 	}
 	if (r < 0)
 		return r;

-	r = dm_status_verity_ok(name);
+	r = dm_status_verity_ok(cd, name);
 	if (r < 0)
 		return r;

--- a/lib/verity/verity.h
+++ b/lib/verity/verity.h
@@ -3,17 +3,18 @@
 *
 * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

@@ -31,20 +32,17 @@ struct crypt_device;
 struct crypt_params_verity;

 int VERITY_read_sb(struct crypt_device *cd,
-		   const char *device,
 		   uint64_t sb_offset,
 		   char **uuid,
 		   struct crypt_params_verity *params);

 int VERITY_write_sb(struct crypt_device *cd,
-		   const char *device,
 		   uint64_t sb_offset,
 		   const char *uuid_string,
 		   struct crypt_params_verity *params);

 int VERITY_activate(struct crypt_device *cd,
 		     const char *name,
-		     const char *hash_device,
 		     const char *root_hash,
 		     size_t root_hash_size,
 		     struct crypt_params_verity *verity_hdr,
@@ -52,15 +50,11 @@ int VERITY_activate(struct crypt_device *cd,

 int VERITY_verify(struct crypt_device *cd,
 		struct crypt_params_verity *verity_hdr,
-		const char *data_device,
-		const char *hash_device,
 		const char *root_hash,
 		size_t root_hash_size);

 int VERITY_create(struct crypt_device *cd,
 		  struct crypt_params_verity *verity_hdr,
-		  const char *data_device,
-		  const char *hash_device,
 		  char *root_hash,
 		  size_t root_hash_size);

--- a/lib/verity/verity_hash.c
+++ b/lib/verity/verity_hash.c
@@ -3,17 +3,18 @@
 *
 * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
 *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
 *
- * This program is distributed in the hope that it will be useful,
+ * This file is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
 *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

@@ -202,8 +203,8 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
 	int verify,
 	int version,
 	const char *hash_name,
-	const char *hash_device,
-	const char *data_device,
+	struct device *hash_device,
+	struct device *data_device,
 	size_t hash_block_size,
 	size_t data_block_size,
 	off_t data_blocks,
@@ -227,7 +228,8 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
 	log_dbg("Hash %s %s, data device %s, data blocks %" PRIu64
 		", hash_device %s, offset %" PRIu64 ".",
 		verify ? "verification" : "creation", hash_name,
-		data_device, data_blocks, hash_device, hash_position);
+		device_path(data_device), data_blocks,
+		device_path(hash_device), hash_position);

 	if (data_blocks < 0 || hash_position < 0) {
 		log_err(cd, _("Invalid size parameters for verity device.\n"));
@@ -272,9 +274,8 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
 		s = data_file_blocks >> (i * hash_per_block_bits);
 		s = (s + hash_per_block - 1) / hash_per_block;
 		hash_level_size[i] = s;
-		if (hash_position + s < hash_position ||
-		    (hash_position + s) < 0 ||
-		    (hash_position + s) != hash_position + s) {
+		if ((hash_position + s) < hash_position ||
+		    (hash_position + s) < 0) {
 			log_err(cd, _("Device offset overflow.\n"));
 			return -EINVAL;
 		}
@@ -288,18 +289,21 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,

 	log_dbg("Data device size required: %" PRIu64 " bytes.",
 		data_device_size);
-	data_file = fopen(data_device, "r");
+	data_file = fopen(device_path(data_device), "r");
 	if (!data_file) {
-		log_err(cd, _("Cannot open device %s.\n"), data_device);
+		log_err(cd, _("Cannot open device %s.\n"),
+			device_path(data_device)
+		);
 		r = -EIO;
 		goto out;
 	}

 	log_dbg("Hash device size required: %" PRIu64 " bytes.",
 		hash_device_size);
-	hash_file = fopen(hash_device, verify ? "r" : "r+");
+	hash_file = fopen(device_path(hash_device), verify ? "r" : "r+");
 	if (!hash_file) {
-		log_err(cd, _("Cannot open device %s.\n"), hash_device);
+		log_err(cd, _("Cannot open device %s.\n"),
+			device_path(hash_device));
 		r = -EIO;
 		goto out;
 	}
@@ -316,9 +320,10 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
 			if (r)
 				goto out;
 		} else {
-			hash_file_2 = fopen(hash_device, "r");
+			hash_file_2 = fopen(device_path(hash_device), "r");
 			if (!hash_file_2) {
-				log_err(cd, _("Cannot open device %s.\n"), hash_device);
+				log_err(cd, _("Cannot open device %s.\n"),
+					device_path(hash_device));
 				r = -EIO;
 				goto out;
 			}
@@ -378,16 +383,14 @@ out:
 /* Verify verity device using userspace crypto backend */
 int VERITY_verify(struct crypt_device *cd,
 		  struct crypt_params_verity *verity_hdr,
-		  const char *data_device,
-		  const char *hash_device,
 		  const char *root_hash,
 		  size_t root_hash_size)
 {
 	return VERITY_create_or_verify_hash(cd, 1,
 		verity_hdr->hash_type,
 		verity_hdr->hash_name,
-		hash_device,
-		data_device,
+		crypt_metadata_device(cd),
+		crypt_data_device(cd),
 		verity_hdr->hash_block_size,
 		verity_hdr->data_block_size,
 		verity_hdr->data_size,
@@ -401,8 +404,6 @@ int VERITY_verify(struct crypt_device *cd,
 /* Create verity hash */
 int VERITY_create(struct crypt_device *cd,
 		  struct crypt_params_verity *verity_hdr,
-		  const char *data_device,
-		  const char *hash_device,
 		  char *root_hash,
 		  size_t root_hash_size)
 {
@@ -418,8 +419,8 @@ int VERITY_create(struct crypt_device *cd,
 	return VERITY_create_or_verify_hash(cd, 0,
 		verity_hdr->hash_type,
 		verity_hdr->hash_name,
-		hash_device,
-		data_device,
+		crypt_metadata_device(cd),
+		crypt_data_device(cd),
 		verity_hdr->hash_block_size,
 		verity_hdr->data_block_size,
 		verity_hdr->data_size,
--- a/lib/volumekey.c
+++ b/lib/volumekey.c
@@ -6,7 +6,8 @@
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/man/cryptsetup.8
+++ b/man/cryptsetup.8
--- a/man/veritysetup.8
+++ b/man/veritysetup.8
@@ -23,9 +23,8 @@ by \-\-hash\-offset option.
 Note you need to provide root hash string for device verification
 or activation. Root hash must be trusted.

-If data or hash device argument points to regular file, veritysetup
-allocates loopback device. In this case, hash file size must be enough
-to store the hash area.
+The data or hash device argument can be block device or file image.
+If hash device path doesn't exist, it will be created as file.

 \fB<options>\fR can be [\-\-hash, \-\-no-superblock, \-\-format,
 \-\-data-block-size, \-\-hash-block-size, \-\-data-blocks, \-\-hash-offset,
--- a/misc/dict_search/Makefile
+++ b/misc/dict_search/Makefile
@@ -0,0 +1,17 @@
+TARGET=crypt_dict
+CFLAGS=-O2 -g -Wall -D_GNU_SOURCE
+LDLIBS=-lcryptsetup
+CC=gcc
+
+SOURCES=$(wildcard *.c)
+OBJECTS=$(SOURCES:.c=.o)
+
+all: $(TARGET)
+
+$(TARGET): $(OBJECTS)
+	$(CC) -o $@ $^ $(LDLIBS)
+
+clean:
+	rm -f *.o *~ core $(TARGET)
+
+.PHONY: clean
--- a/misc/dict_search/README
+++ b/misc/dict_search/README
@@ -0,0 +1,22 @@
+Simple example how to use libcryptsetup
+for password search.
+
+Run: crypt_dict luks|tcrypt <device|image> <dictionary> [cpus]
+
+luks|tcrypt specified device type (LUKS or TrueCrypt)
+
+<device|image> is LUKS or TrueCrypt device or image
+
+<dictionary> is list of passphrases to try
+(note trailing EOL is stripped)
+
+cpus - number of processes to start in parallel
+
+Format of dictionary file is simple one password per line,
+if first char on line s # it is skiped as comment.
+
+For LUKS, you have it run as root (device-mapper cannot
+create dmcrypt devices as nrmal user. Code need
+to map keyslots as temporary dmcrypt device.)
+
+For TrueCrypt devices root privilege is not required.
--- a/misc/dict_search/crypt_dict.c
+++ b/misc/dict_search/crypt_dict.c
@@ -0,0 +1,158 @@
+/*
+ * Example of LUKS/TrueCrypt password dictionary search
+ *
+ * Copyright (C) 2012 Milan Broz <gmazyland@gmail.com>
+ *
+ * Run this (for LUKS as root),
+ * e.g. ./crypt_dict test.img /usr/share/john/password.lst 4
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/prctl.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <libcryptsetup.h>
+
+#define MAX_LEN 512
+
+static enum { LUKS, TCRYPT } device_type;
+
+static void check(struct crypt_device *cd, const char *pwd_file, unsigned my_id, unsigned max_id)
+{
+	FILE *f;
+	int len, r = -1;
+	unsigned long line = 0;
+	char pwd[MAX_LEN];
+
+	if (fork())
+		return;
+
+	/* open password file, now in separate process */
+	f = fopen(pwd_file, "r");
+	if (!f) {
+		printf("Cannot open %s.\n", pwd_file);
+		exit(EXIT_FAILURE);
+	}
+
+	while (fgets(pwd, MAX_LEN, f)) {
+
+		/* every process tries N-th line, skip others */
+		if (line++ % max_id != my_id)
+			continue;
+
+		len = strlen(pwd);
+
+		/* strip EOL - this is like a input from tty */
+		if (len && pwd[len - 1] == '\n') {
+			pwd[len - 1] = '\0';
+			len--;
+		}
+
+		/* lines starting "#!comment" are comments */
+		if (len >= 9 && !strncmp(pwd, "#!comment", 9)) {
+			/* printf("skipping %s\n", pwd); */
+			continue;
+		}
+
+		/* printf("%d: checking %s\n", my_id, pwd); */
+		if (device_type == LUKS)
+			r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, pwd, len, 0);
+		else if (device_type == TCRYPT) {
+			struct crypt_params_tcrypt params = {
+				.flags = CRYPT_TCRYPT_LEGACY_MODES,
+				.passphrase = pwd,
+				.passphrase_size = len,
+			};
+			r = crypt_load(cd, CRYPT_TCRYPT, &params);
+		}
+		if (r >= 0) {
+			printf("Found passphrase for slot %d: \"%s\"\n", r, pwd);
+			break;
+		}
+	}
+
+	fclose(f);
+	crypt_free(cd);
+	exit(r >= 0 ? 2 : EXIT_SUCCESS);
+}
+
+int main(int argc, char *argv[])
+{
+	int i, status, procs = 4;
+	struct crypt_device *cd;
+
+	if (argc < 4 || argc > 5) {
+		printf("Use: %s luks|tcrypt <device|file> <password file> [#processes] %d\n", argv[0], argc);
+		exit(EXIT_FAILURE);
+	}
+
+	if (argc == 5 && (sscanf(argv[4], "%i", &procs) != 1 || procs < 1)) {
+		printf("Wrong number of processes.\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if (!strcmp(argv[1], "luks"))
+		device_type = LUKS;
+	else if (!strcmp(argv[1], "tcrypt"))
+		device_type = TCRYPT;
+	else {
+		printf("Wrong device type %s.\n", argv[1]);
+		exit(EXIT_FAILURE);
+	}
+
+	/* crypt_set_debug_level(CRYPT_DEBUG_ALL); */
+
+	/*
+	 * Need to create temporary keyslot device-mapper devices and allocate loop if needed,
+	 * so root is requried here.
+	 */
+	if (getuid() != 0) {
+		printf("You must be root to run this program.\n");
+                exit(EXIT_FAILURE);
+	}
+
+	/* signal all children if anything happens */
+	prctl(PR_SET_PDEATHSIG, SIGHUP);
+	setpriority(PRIO_PROCESS, 0, -5);
+
+	/* we are not going to modify anything, so common init is ok */
+	if (crypt_init(&cd, argv[2]) ||
+	    (device_type == LUKS && crypt_load(cd, CRYPT_LUKS1, NULL))) {
+		printf("Cannot open %s.\n", argv[2]);
+		exit(EXIT_FAILURE);
+	}
+
+	/* run scan in separate processes, it is up to scheduler to assign CPUs inteligently */
+	for (i = 0; i < procs; i++)
+		check(cd, argv[3], i, procs);
+
+	/* wait until at least one finishes with error or status 2 (key found) */
+	while (wait(&status) != -1 && WIFEXITED(status)) {
+		if (WEXITSTATUS(status) == EXIT_SUCCESS)
+			continue;
+		/* kill rest of processes */
+		kill(0, SIGHUP);
+		/* not reached */
+		break;
+	}
+	exit(0);
+}
--- a/misc/dracut_90reencrypt/README
+++ b/misc/dracut_90reencrypt/README
@@ -12,7 +12,7 @@ will be reencrypted (default is whole device).
 Note that reencryption context is stored in ramdisk, any
 fail can mean complete lost of data!

-Copyright (C) 2012 Milan Broz <asi@ucw.cz>
+Copyright (C) 2012 Milan Broz <gmazyland@gmail.com>

 This copyrighted material is made available to anyone wishing to use,
 modify, copy, or redistribute it subject to the terms and conditions
--- a/misc/dracut_90reencrypt/parse-reencrypt.sh
+++ b/misc/dracut_90reencrypt/parse-reencrypt.sh
@@ -4,6 +4,11 @@ REENC=$(getargs rd_REENCRYPT=)
 REENC_DEV=$(echo $REENC | sed 's/:.*//')
 REENC_SIZE=$(echo $REENC | sed -n 's/.*://p')

+REENC_KEY=$(getargs rd_REENCRYPT_KEY=)
+if [ -z "$REENC_KEY" ] ; then
+    REENC_KEY=none
+fi
+
 if [ -n "$REENC_DEV" ] ; then
 {
   printf 'SUBSYSTEM!="block", GOTO="reenc_end"\n'
@@ -11,7 +16,7 @@ if [ -n "$REENC_DEV" ] ; then
   printf 'KERNEL!="%s", GOTO="reenc_end"\n' $REENC_DEV
   printf 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="/sbin/initqueue \
           --unique --onetime --name crypt-reencrypt-%%k \
-           /sbin/reencrypt $env{DEVNAME} %s"\n' "$REENC_SIZE"
+           /sbin/reencrypt $env{DEVNAME} %s"\n' "$REENC_KEY $REENC_SIZE"
   printf 'LABEL="reenc_end"\n'
 } > /etc/udev/rules.d/69-reencryption.rules
 fi
--- a/misc/dracut_90reencrypt/reencrypt.sh
+++ b/misc/dracut_90reencrypt/reencrypt.sh
@@ -1,4 +1,7 @@
 #!/bin/sh
+#
+# $1=$device [$2=keyfile|none [$3=size]]
+#

 [ -d /sys/module/dm_crypt ] || modprobe dm_crypt

@@ -14,18 +17,39 @@ else
 fi

 PARAMS="$device -T 1 --use-fsync -B 32"
-if [ -n "$2" ]; then
-    PARAMS="$PARAMS --device-size $2"
+if [ -n "$3" ]; then
+    PARAMS="$PARAMS --device-size $3"
 fi

+reenc_readkey() {
+    local keypath="${1#*:}"
+    local keydev="${1%%:*}"
+
+    local mntp="/tmp/reencrypted-mount-tmp"
+    mkdir "$mntp"
+    mount -r "$keydev" "$mntp" && cat "$mntp/$keypath"
+    umount "$mntp"
+    rm -r "$mntp"
+}
+
+reenc_run() {
+    local cwd=$(pwd)
+    cd /tmp
+    if [ "$1" = "none" ] ; then
+        /bin/plymouth ask-for-password \
+        --prompt "LUKS password for REENCRYPTING $device" \
+        --command="/sbin/cryptsetup-reencrypt $PARAMS"
+    else
+        info "REENCRYPT using key $1"
+        reenc_readkey "$1" | /sbin/cryptsetup-reencrypt -d - $PARAMS
+    fi
+    cd $cwd
+}
+
 info "REENCRYPT $device requested"
 # flock against other interactive activities
 { flock -s 9;
-    CURR=$(pwd)
-    cd /tmp
-    /bin/plymouth ask-for-password --prompt "LUKS password for REENCRYPTING $device" \
-      --command="/sbin/cryptsetup-reencrypt $PARAMS"
-    cd $CURR
+    reenc_run $2
 } 9>/.console.lock

 # do not ask again
--- a/misc/keyslot_checker/Makefile
+++ b/misc/keyslot_checker/Makefile
@@ -0,0 +1,14 @@
+TARGETS=chk_luks_keyslots
+CFLAGS=-O0 -g -Wall -D_GNU_SOURCE
+LDLIBS=-lcryptsetup -lm
+CC=gcc
+
+all: $(TARGETS)
+
+chk_luks_keyslots: chk_luks_keyslots.o
+	$(CC) -o $@ $^ $(LDLIBS)
+
+clean:
+	rm -f *.o *~ core $(TARGETS)
+
+.PHONY: clean
--- a/misc/keyslot_checker/README
+++ b/misc/keyslot_checker/README
@@ -0,0 +1,120 @@
+Purpose
+=======
+
+chk_luks_keyslots is a tool that searches the keyslot area of a
+LUKS container for positions where entropy is low and hence
+there is a high probability of damage from overwrites of parts
+of the key-slot with data such as a RAID superblock or a partition
+table.
+
+
+Installation
+============
+
+1. Install the version of cryptsetup the tool came with.
+2. Compile with "make"
+   
+Manual compile can be done with
+   gcc -lm -lcryptsetup chk_luks_keyslots.c -o chk_luks_keyslots
+
+Usage
+=====
+
+Call chk_luks_keyslots without arguments for an option summary.
+
+
+Example of a good keyslot area with keys 0 and 2 in use:
+--------------------------------------------------------
+
+root> ./chk_luks_keyslots /dev/loop0
+
+parameters (commandline and LUKS header):
+  sector size: 512
+  threshold:   0.900000
+
+- processing keyslot 0:  start: 0x001000   end: 0x020400
+- processing keyslot 1:  keyslot not in use
+- processing keyslot 2:  start: 0x041000   end: 0x060400
+- processing keyslot 3:  keyslot not in use
+- processing keyslot 4:  keyslot not in use
+- processing keyslot 5:  keyslot not in use
+- processing keyslot 6:  keyslot not in use
+- processing keyslot 7:  keyslot not in use
+
+
+Same example of a fault in slot 2 at offset 0x50000:
+----------------------------------------------------
+
+root>./chk_luks_keyslots /dev/loop2
+
+parameters (commandline and LUKS header):
+  sector size: 512
+  threshold:   0.900000
+
+- processing keyslot 0:  start: 0x001000   end: 0x020400
+- processing keyslot 1:  keyslot not in use
+- processing keyslot 2:  start: 0x041000   end: 0x060400
+  low entropy at: 0x050000    entropy: 0.549165
+- processing keyslot 3:  keyslot not in use
+- processing keyslot 4:  keyslot not in use
+- processing keyslot 5:  keyslot not in use
+- processing keyslot 6:  keyslot not in use
+- processing keyslot 7:  keyslot not in use
+
+
+Same as last, but verbose:
+--------------------------
+root>./chk_luks_keyslots  -v /dev/loop2
+
+parameters (commandline and LUKS header):
+  sector size: 512
+  threshold:   0.900000
+
+- processing keyslot 0:  start: 0x001000   end: 0x020400
+- processing keyslot 1:  keyslot not in use
+- processing keyslot 2:  start: 0x041000   end: 0x060400
+  low entropy at: 0x050000    entropy: 0.549165
+  Binary dump:
+  0x050000  54 68 69 73 20 69 73 20  61 20 74 65 73 74 2D 73  This is a test-s
+  0x050010  65 63 74 6F 72 20 66 6F  72 20 63 68 6B 5F 6C 75  ector for chk_lu
+  0x050020  6B 73 5F 6B 65 79 73 6C  6F 74 73 20 74 68 65 20  ks_keyslots the
+  0x050030  71 75 69 63 6B 20 62 72  6F 77 6E 20 66 6F 78 20  quick brown fox
+  0x050040  6A 75 6D 70 73 20 6F 76  65 72 20 74 68 65 20 6C  jumps over the l
+  0x050050  61 7A 79 20 64 6F 67 20  74 68 65 20 71 75 69 63  azy dog the quic
+  0x050060  6B 20 62 72 6F 77 6E 20  66 6F 78 20 6A 75 6D 70  k brown fox jump
+  0x050070  73 20 6F 76 65 72 20 74  68 65 20 6C 61 7A 79 20  s over the lazy
+  0x050080  64 6F 67 20 74 68 65 20  71 75 69 63 6B 20 62 72  dog the quick br
+  0x050090  6F 77 6E 20 66 6F 78 20  6A 75 6D 70 73 20 6F 76  own fox jumps ov
+  0x0500a0  65 72 20 74 68 65 20 6C  61 7A 79 20 64 6F 67 20  er the lazy dog
+  0x0500b0  74 68 65 20 71 75 69 63  6B 20 62 72 6F 77 6E 20  the quick brown
+  0x0500c0  66 6F 78 20 6A 75 6D 70  73 20 6F 76 65 72 20 74  fox jumps over t
+  0x0500d0  68 65 20 6C 61 7A 79 20  64 6F 67 20 74 68 65 20  he lazy dog the
+  0x0500e0  71 75 69 63 6B 20 62 72  6F 77 6E 20 66 6F 78 20  quick brown fox
+  0x0500f0  6A 75 6D 70 73 20 6F 76  65 72 20 74 68 65 20 6C  jumps over the l
+  0x050100  61 7A 79 20 64 6F 67 20  74 68 65 20 71 75 69 63  azy dog the quic
+  0x050110  6B 20 62 72 6F 77 6E 20  66 6F 78 20 6A 75 6D 70  k brown fox jump
+  0x050120  73 20 6F 76 65 72 20 74  68 65 20 6C 61 7A 79 20  s over the lazy
+  0x050130  64 6F 67 20 74 68 65 20  71 75 69 63 6B 20 62 72  dog the quick br
+  0x050140  6F 77 6E 20 66 6F 78 20  6A 75 6D 70 73 20 6F 76  own fox jumps ov
+  0x050150  65 72 20 74 68 65 20 6C  61 7A 79 20 64 6F 67 20  er the lazy dog
+  0x050160  74 68 65 20 71 75 69 63  6B 20 62 72 6F 77 6E 20  the quick brown
+  0x050170  66 6F 78 20 6A 75 6D 70  73 20 6F 76 65 72 20 74  fox jumps over t
+  0x050180  68 65 20 6C 61 7A 79 20  64 6F 67 20 74 68 65 20  he lazy dog the
+  0x050190  71 75 69 63 6B 20 62 72  6F 77 6E 20 66 6F 78 20  quick brown fox
+  0x0501a0  6A 75 6D 70 73 20 6F 76  65 72 20 74 68 65 20 6C  jumps over the l
+  0x0501b0  61 7A 79 20 64 6F 67 20  74 68 65 20 71 75 69 63  azy dog the quic
+  0x0501c0  6B 20 62 72 6F 77 6E 20  66 6F 78 20 6A 75 6D 70  k brown fox jump
+  0x0501d0  73 20 6F 76 65 72 20 74  68 65 20 6C 61 7A 79 20  s over the lazy
+  0x0501e0  64 6F 67 20 74 68 65 20  71 75 69 63 6B 20 62 72  dog the quick br
+  0x0501f0  6F 77 6E 20 66 6F 78 20  6A 75 6D 70 73 20 6F 76  own fox jumps ov
+
+- processing keyslot 3:  keyslot not in use
+- processing keyslot 4:  keyslot not in use
+- processing keyslot 5:  keyslot not in use
+- processing keyslot 6:  keyslot not in use
+- processing keyslot 7:  keyslot not in use
+
+----
+Copyright (C) 2012, Arno Wagner <arno@wagner.name>
+This file is free documentation; the author gives
+unlimited permission to copy, distribute and modify it.
--- a/misc/keyslot_checker/chk_luks_keyslots.c
+++ b/misc/keyslot_checker/chk_luks_keyslots.c
@@ -0,0 +1,371 @@
+/*
+ * LUKS keyslot entropy tester. Works only for header version 1.
+ *
+ * Functionality: Determines sample entropy (symbols: bytes) for
+ * each (by default) 512B sector in each used keyslot. If it
+ * is lower than a threshold, the sector address is printed
+ * as it is suspected of having non-"random" data in it, indicating
+ * damage by overwriting. This can obviously not find overwriting
+ * with random or random-like data (encrypted, compressed).
+ *
+ * Version history:
+ *    v0.1: 09.09.2012 Initial release
+ *    v0.2: 08.10.2012 Converted to use libcryptsetup
+ *
+ * Copyright (C) 2012, Arno Wagner <arno@wagner.name>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <ctype.h>
+#include <math.h>
+#include <fcntl.h>
+#include <inttypes.h>
+#include <libcryptsetup.h>
+
+const char *help =
+"Version 0.2 [8.10.2012]\n"
+"\n"
+"    chk_luks_keyslots [options] luks-device \n"
+"\n"
+"This tool checks all keyslots of a LUKS device for \n"
+"low entropy sections. If any are found, they are reported. \n"
+"This allows to find areas damaged by things like filesystem \n"
+"creation or RAID superblocks. \n"
+"\n"
+"Options: \n"
+"  -t <num>  Entropy threshold. Possible values 0.0 ... 1.0 \n"
+"            Default: 0.90, which works well for 512B sectors.\n"
+"            For 512B sectors, you will get frequent misdetections\n"
+"            at thresholds around 0.94\n"
+"            Higher value: more sensitive but more false detections.\n"
+"  -s <num>  Sector size. Must divide keyslot-size.\n"
+"            Default: 512 Bytes.\n"
+"            Values smaller than 128 are generally not very useful.\n"
+"            For values smaller than the default, you need to adjust\n"
+"            the threshold down to reduce misdetection. For values\n"
+"            larger than the default you need to adjust the threshold\n"
+"            up to retain sensitivity.\n"
+"  -v        Print found suspicuous sectors verbosely. \n"
+"  -d        Print decimal addresses instead of hex ones.\n"
+"\n";
+
+
+/* Config defaults */
+
+static int sector_size = 512;
+static double threshold = 0.90;
+static int print_decimal = 0;
+static int verbose = 0;
+
+/* tools */
+
+/* Calculates and returns sample entropy on byte level for
+ * The argument.
+ */
+static double ent_samp(unsigned char * buf, int len)
+{
+	int freq[256];   /* stores symbol frequencies */
+	int i;
+	double e, f;
+
+	/* 0. Plausibility checks */
+	if (len <= 0)
+		return 0.0;
+
+	/* 1. count all frequencies */
+	for (i = 0; i < 256; i++) {
+		freq[i] = 0.0;
+	}
+
+	for (i = 0; i < len; i ++)
+		freq[buf[i]]++;
+
+	/* 2. calculate sample entropy */
+	e = 0.0;
+	for (i = 0; i < 256; i++) {
+		f = freq[i];
+		if (f > 0) {
+			f =  f / (double)len;
+			e += f * log2(f);
+		}
+	}
+
+	if (e != 0.0)
+		e = -1.0 * e;
+
+	e = e / 8.0;
+	return e;
+}
+
+static void print_address(FILE *out, uint64_t value)
+{
+	if (print_decimal) {
+		fprintf(out,"%08" PRIu64 " ", value);
+	} else {
+		fprintf(out,"%#08" PRIx64 " ", value);
+	}
+}
+
+/* uses default "hd" style, i.e. 16 bytes followed by ASCII */
+static void hexdump_line(FILE *out, uint64_t address, unsigned char *buf) {
+	int i;
+	static char tbl[16] = "0123456789ABCDEF";
+
+	fprintf(out,"  ");
+	print_address(out, address);
+	fprintf(out," ");
+
+	/* hex */
+	for (i = 0; i < 16; i++) {
+		fprintf(out, "%c%c",
+			tbl[(unsigned char)buf[i]>> 4],
+			tbl[(unsigned char)buf[i] & 0x0f]);
+		fprintf(out," ");
+		if (i == 7)
+			fprintf(out," ");
+	}
+
+	fprintf(out," ");
+
+	/* ascii */
+	for (i = 0; i < 16; i++) {
+		if (isprint(buf[i])) {
+			fprintf(out, "%c", buf[i]);
+		} else {
+			fprintf(out, ".");
+		}
+	}
+	fprintf(out, "\n");
+}
+
+static void hexdump_sector(FILE *out, unsigned char *buf, uint64_t address, int len)
+{
+	int done;
+
+	done = 0;
+	while (len - done >= 16) {
+		hexdump_line(out, address + done, buf + done);
+		done += 16;
+	}
+}
+
+static int check_keyslots(FILE *out, struct crypt_device *cd, int f_luks)
+{
+	int i;
+	double ent;
+	off_t ofs;
+	uint64_t start, length, end;
+	crypt_keyslot_info ki;
+	unsigned char buffer[sector_size];
+
+	for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS1) ; i++) {
+		fprintf(out, "- processing keyslot %d:", i);
+		ki = crypt_keyslot_status(cd, i);
+		if (ki == CRYPT_SLOT_INACTIVE) {
+			fprintf(out, "  keyslot not in use\n");
+			continue;
+		}
+
+		if (ki == CRYPT_SLOT_INVALID) {
+			fprintf(out, "\nError: keyslot invalid.\n");
+			return EXIT_FAILURE;
+		}
+
+		if (crypt_keyslot_area(cd, i, &start, &length) < 0) {
+			fprintf(stderr,"\nError: querying keyslot area failed for slot %d\n", i);
+			perror(NULL);
+			return EXIT_FAILURE;
+		}
+		end = start + length;
+
+		fprintf(out, "  start: ");
+		print_address(out, start);
+		fprintf(out, "  end: ");
+		print_address(out, end);
+		fprintf(out, "\n");
+
+		/* check whether sector-size divides size */
+		if (length % sector_size != 0) {
+			fprintf(stderr,"\nError: Argument to -s does not divide keyslot size\n");
+			return EXIT_FAILURE;
+		}
+
+		for (ofs = start; (uint64_t)ofs < end; ofs += sector_size) {
+			if (lseek(f_luks, ofs, SEEK_SET) != ofs) {
+				fprintf(stderr,"\nCannot seek to keyslot area.\n");
+				return EXIT_FAILURE;
+			}
+			if (read(f_luks, buffer, sector_size) != sector_size) {
+				fprintf(stderr,"\nCannot read keyslot area.\n");
+				return EXIT_FAILURE;
+			}
+			ent = ent_samp(buffer, sector_size);
+			if (ent < threshold) {
+				fprintf(out, "  low entropy at: ");
+				print_address(out, ofs);
+				fprintf(out, "   entropy: %f\n", ent);
+				if (verbose) {
+					fprintf(out, "  Binary dump:\n");
+					hexdump_sector(out, buffer, (uint64_t)ofs, sector_size);
+					fprintf(out,"\n");
+				}
+			}
+		}
+	}
+
+	return EXIT_SUCCESS;
+}
+
+/* Main */
+int main(int argc, char **argv)
+{
+	/* for option processing */
+	int c, r;
+	char *device;
+
+	/* for use of libcryptsetup */
+	struct crypt_device *cd;
+
+	/* Other vars */
+	int f_luks;   /* device file for the luks device */
+	FILE *out;
+
+	/* temporary helper vars */
+	int res;
+
+	/* getopt values */
+	char *s, *end;
+	double tvalue;
+	int svalue;
+
+	/* global initializations */
+	out = stdout;
+
+	/* get commandline parameters */
+	while ((c = getopt (argc, argv, "t:s:vd")) != -1) {
+		switch (c) {
+		case 't':
+			s = optarg;
+			tvalue = strtod(s, &end);
+			if (s == end) {
+				fprintf(stderr, "\nError: Parsing of argument to -t failed.\n");
+				exit(EXIT_FAILURE);
+			}
+
+			if (tvalue < 0.0 || tvalue > 1.0) {
+				fprintf(stderr,"\nError: Argument to -t must be in 0.0 ... 1.0\n");
+				exit(EXIT_FAILURE);
+			}
+			threshold = tvalue;
+			break;
+		case 's':
+			s = optarg;
+			svalue = strtol(s, &end, 10);
+			if (s == end) {
+				fprintf(stderr, "\nError: Parsing of argument to -s failed.\n");
+				exit(EXIT_FAILURE);
+			}
+
+			if (svalue < 1) {
+				fprintf(stderr,"\nError: Argument to -s must be >= 1 \n");
+				exit(EXIT_FAILURE);
+			}
+			sector_size = svalue;
+			break;
+		case 'v':
+			verbose = 1;
+			break;
+		case 'd':
+			print_decimal = 1;
+			break;
+		case '?':
+			if (optopt == 't' || optopt == 's')
+				fprintf (stderr,"\nError: Option -%c requires an argument.\n",
+					 optopt);
+			else if (isprint (optopt)) {
+				fprintf(stderr,"\nError: Unknown option `-%c'.\n", optopt);
+				fprintf(stderr,"\n\n%s", help);
+			} else {
+				fprintf (stderr, "\nError: Unknown option character `\\x%x'.\n",
+					 optopt);
+				fprintf(stderr,"\n\n%s", help);
+			}
+			exit(EXIT_SUCCESS);
+		default:
+			exit(EXIT_FAILURE);
+		}
+	}
+
+	/* parse non-option stuff. Should be exactly one, the device. */
+	if (optind+1 != argc) {
+		fprintf(stderr,"\nError: exactly one non-option argument expected!\n");
+		fprintf(stderr,"\n\n%s", help);
+		exit(EXIT_FAILURE);
+	}
+	device = argv[optind];
+
+	/* test whether we can open and read device */
+	/* This is neded as we are reading the actual data
+	* in the keyslots dirtectly from the LUKS container.
+	*/
+	f_luks = open(device, O_RDONLY);
+	if (f_luks == -1) {
+		fprintf(stderr,"\nError: Opening of device %s failed:\n", device);
+		perror(NULL);
+		exit(EXIT_FAILURE);
+	}
+
+	/* now get the parameters we need via libcryptsetup */
+	/* Basically we need all active keyslots and their placement on disk */
+
+	/* first init. This does the following:
+	 *   - gets us a crypt_device struct with some values filled in
+	 *     Note: This does some init stuff we do not need, but that
+	 *     should not cause trouble.
+	 */
+
+	res = crypt_init(&cd, device);
+	if (res < 0) {
+		fprintf(stderr, "crypt_init() failed. Maybe not running as root?\n");
+		close(f_luks);
+		exit(EXIT_FAILURE);
+	}
+
+	/* now load LUKS header into the crypt_device
+	 * This should also make sure a valid LUKS1 header is on disk
+	 * and hence we should be able to skip magic and version checks.
+	 */
+	res = crypt_load(cd, CRYPT_LUKS1, NULL);
+	if (res < 0) {
+		fprintf(stderr, "crypt_load() failed. LUKS header too broken/absent?\n");
+		crypt_free(cd);
+		close(f_luks);
+		exit(EXIT_FAILURE);
+	}
+
+	fprintf(out, "\nparameters (commandline and LUKS header):\n");
+	fprintf(out, "  sector size: %d\n", sector_size);
+	fprintf(out, "  threshold:   %0f\n\n", threshold);
+
+	r = check_keyslots(out, cd, f_luks);
+
+	crypt_free(cd);
+	close(f_luks);
+	return r;
+}
--- a/misc/luks-header-from-active
+++ b/misc/luks-header-from-active
@@ -2,7 +2,7 @@

 # Try to get LUKS info and master key from active mapping and prepare parameters for cryptsetup.
 #
-# Copyright (C) 2010,2011,2012 Milan Broz <asi@ucw.cz>
+# Copyright (C) 2010,2011,2012 Milan Broz <gmazyland@gmail.com>
 #
 # This copyrighted material is made available to anyone wishing to use,
 # modify, copy, or redistribute it subject to the terms and conditions
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -6,13 +6,16 @@ lib/crypt_plain.c
 lib/utils_crypt.c
 lib/utils_loop.c
 lib/utils_fips.c
+lib/utils_device.c
 lib/luks1/af.c
 lib/luks1/keyencryption.c
 lib/luks1/keymanage.c
-lib/luks1/pbkdf.c
 lib/loopaes/loopaes.c
+lib/tcrypt/tcrypt.c
 lib/verity/verity.c
 lib/verity/verity_hash.c
 src/cryptsetup.c
 src/veritysetup.c
 src/cryptsetup_reencrypt.c
+src/utils_tools.c
+src/utils_password.c
--- a/po/cs.po
+++ b/po/cs.po
--- a/po/de.po
+++ b/po/de.po
--- a/po/fi.po
+++ b/po/fi.po
--- a/po/fr.po
+++ b/po/fr.po
--- a/po/nl.po
+++ b/po/nl.po
--- a/po/pl.po
+++ b/po/pl.po
--- a/po/uk.po
+++ b/po/uk.po
--- a/po/vi.po
+++ b/po/vi.po
--- a/python/Makefile.am
+++ b/python/Makefile.am
@@ -1,4 +1,4 @@
-INCLUDES = -I$(top_srcdir)/lib $(PYTHON_INCLUDES)
+AM_CPPFLAGS = -I$(top_srcdir)/lib $(PYTHON_INCLUDES)
 EXTRA_DIST = pycryptsetup-test.py
 CLEANFILES = *.img

--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,4 +1,4 @@
-INCLUDES = \
+AM_CPPFLAGS = \
 	-I$(top_srcdir)				\
 	-I$(top_srcdir)/lib			\
 	-DDATADIR=\""$(datadir)"\"		\
@@ -14,13 +14,16 @@ cryptsetup_SOURCES = \
 	$(top_builddir)/lib/utils_crypt.c	\
 	$(top_builddir)/lib/utils_loop.c	\
 	$(top_builddir)/lib/utils_fips.c	\
+	utils_tools.c				\
+	utils_password.c			\
 	cryptsetup.c				\
 	cryptsetup.h

 cryptsetup_LDADD = \
 	$(top_builddir)/lib/libcryptsetup.la	\
 	@POPT_LIBS@				\
-	@FIPSCHECK_LIBS@
+	@FIPSCHECK_LIBS@			\
+	@PWQUALITY_LIBS@

 cryptsetup_CFLAGS = -Wall

@@ -33,6 +36,7 @@ cryptsetup_static_CFLAGS = $(cryptsetup_CFLAGS)
 cryptsetup_static_LDFLAGS = -all-static
 cryptsetup_static_LDADD = $(cryptsetup_LDADD)	\
 	@CRYPTO_STATIC_LIBS@			\
+	@PWQUALITY_STATIC_LIBS@			\
 	@DEVMAPPER_STATIC_LIBS@			\
 	@UUID_LIBS@
 endif
@@ -43,6 +47,7 @@ if VERITYSETUP
 veritysetup_SOURCES = \
 	$(top_builddir)/lib/utils_crypt.c	\
 	$(top_builddir)/lib/utils_loop.c	\
+	utils_tools.c				\
 	veritysetup.c				\
 	cryptsetup.h

@@ -70,6 +75,7 @@ endif
 if REENCRYPT
 cryptsetup_reencrypt_SOURCES = \
 	$(top_builddir)/lib/utils_crypt.c	\
+	utils_tools.c				\
 	cryptsetup_reencrypt.c			\
 	cryptsetup.h

--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
--- a/src/cryptsetup.h
+++ b/src/cryptsetup.h
@@ -4,10 +4,12 @@
 * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
 * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
 * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2013, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -22,8 +24,25 @@
 #ifndef CRYPTSETUP_H
 #define CRYPTSETUP_H

+#define _LARGEFILE64_SOURCE
+#define _FILE_OFFSET_BITS 64
+
 #include <config.h>

+#include <string.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <errno.h>
+#include <unistd.h>
+#include <inttypes.h>
+#include <limits.h>
+#include <ctype.h>
+#include <fcntl.h>
+#include <popt.h>
+#include <sys/stat.h>
+
 #include "lib/nls.h"
 #include "lib/utils_crypt.h"
 #include "lib/utils_loop.h"
@@ -32,9 +51,43 @@
 #include "libcryptsetup.h"

 #define CONST_CAST(x) (x)(uintptr_t)
-
 #define DEFAULT_CIPHER(type)	(DEFAULT_##type##_CIPHER "-" DEFAULT_##type##_MODE)
+#define SECTOR_SIZE 512
+#define ROUND_SECTOR(x) (((x) + SECTOR_SIZE - 1) / SECTOR_SIZE)

+extern int opt_debug;
+extern int opt_verbose;
+extern int opt_batch_mode;
+extern int opt_force_password;
+
+/* Common tools */
+void clogger(struct crypt_device *cd, int level, const char *file, int line,
+	     const char *format, ...);
+void tool_log(int level, const char *msg, void *usrptr __attribute__((unused)));
+void quiet_log(int level, const char *msg, void *usrptr);
+
+int yesDialog(const char *msg, void *usrptr __attribute__((unused)));
+void show_status(int errcode);
+const char *uuid_or_device(const char *spec);
+__attribute__ ((noreturn)) \
+void usage(poptContext popt_context, int exitcode, const char *error, const char *more);
+void dbg_version_and_cmd(int argc, const char **argv);
+int translate_errno(int r);
+
+extern volatile int quit;
+void set_int_block(int block);
+void set_int_handler(int block);
+void check_signal(int *r);
+int tools_signals_blocked(void);
+
+int tools_get_key(const char *prompt,
+		  char **key, size_t *key_size,
+		  size_t keyfile_offset, size_t keyfile_size_max,
+		  const char *key_file,
+		  int timeout, int verify, int pwquality,
+		  struct crypt_device *cd);
+
+/* Log */
 #define log_dbg(x...) clogger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
 #define log_std(x...) clogger(NULL, CRYPT_LOG_NORMAL, __FILE__, __LINE__, x)
 #define log_verbose(x...) clogger(NULL, CRYPT_LOG_VERBOSE, __FILE__, __LINE__, x)
--- a/src/cryptsetup_reencrypt.c
+++ b/src/cryptsetup_reencrypt.c
@@ -1,12 +1,13 @@
 /*
 * cryptsetup-reencrypt - crypt utility for offline re-encryption
 *
- * Copyright (C) 2012, Milan Broz All rights reserved.
 * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2013, Milan Broz All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -18,43 +19,23 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

-#define PACKAGE_REENC "crypt_reencrypt"
-
-#define _LARGEFILE64_SOURCE
-#define _FILE_OFFSET_BITS 64
-#define SECTOR_SIZE 512
-#define ROUND_SECTOR(x) (((x) + SECTOR_SIZE - 1) / SECTOR_SIZE)
-#define NO_UUID "cafecafe-cafe-cafe-cafe-cafecafeeeee"
-#define MAX_BCK_SECTORS 8192
-
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <stdarg.h>
-#include <inttypes.h>
-#include <errno.h>
-#include <unistd.h>
-#include <sys/stat.h>
+#include "cryptsetup.h"
 #include <sys/ioctl.h>
 #include <sys/time.h>
 #include <linux/fs.h>
 #include <arpa/inet.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <popt.h>

-#include "cryptsetup.h"
+#define PACKAGE_REENC "crypt_reencrypt"
+
+#define NO_UUID "cafecafe-cafe-cafe-cafe-cafecafeeeee"
+#define MAX_BCK_SECTORS 8192

-static int opt_verbose = 0;
-static int opt_debug = 0;
 static const char *opt_cipher = NULL;
 static const char *opt_hash = NULL;
 static const char *opt_key_file = NULL;
 static long opt_keyfile_size = 0;
 static long opt_keyfile_offset = 0;
 static int opt_iteration_time = 1000;
-static int opt_batch_mode = 0;
 static int opt_version_mode = 0;
 static int opt_random = 0;
 static int opt_urandom = 0;
@@ -75,8 +56,6 @@ static uint64_t opt_device_size = 0;

 static const char **action_argv;

-static volatile int quit = 0;
-
 #define MAX_SLOT 8
 struct reenc_ctx {
 	char *device;
@@ -119,81 +98,11 @@ typedef enum {
 	CHECK_OPEN,
 } header_magic;

-__attribute__((format(printf, 5, 6)))
-static void clogger(struct crypt_device *cd, int level, const char *file,
-		   int line, const char *format, ...)
-{
-	va_list argp;
-	char *target = NULL;
-
-	va_start(argp, format);
-
-	if (vasprintf(&target, format, argp) > 0) {
-		if (level >= 0) {
-			crypt_log(cd, level, target);
-		} else if (opt_debug)
-			printf("# %s\n", target);
-	}
-
-	va_end(argp);
-	free(target);
-}
-
-static void _log(int level, const char *msg, void *usrptr __attribute__((unused)))
-{
-	switch(level) {
-
-	case CRYPT_LOG_NORMAL:
-		fputs(msg, stdout);
-		break;
-	case CRYPT_LOG_VERBOSE:
-		if (opt_verbose)
-			fputs(msg, stdout);
-		break;
-	case CRYPT_LOG_ERROR:
-		fputs(msg, stderr);
-		break;
-	case CRYPT_LOG_DEBUG:
-		if (opt_debug)
-			printf("# %s\n", msg);
-		break;
-	default:
-		fprintf(stderr, "Internal error on logging class for msg: %s", msg);
-		break;
-	}
-}
-
 static void _quiet_log(int level, const char *msg, void *usrptr)
 {
 	if (!opt_debug)
 		return;
-	_log(level, msg, usrptr);
-}
-
-static void int_handler(int sig __attribute__((__unused__)))
-{
-	quit++;
-}
-
-static void set_int_block(int block)
-{
-	sigset_t signals_open;
-
-	sigemptyset(&signals_open);
-	sigaddset(&signals_open, SIGINT);
-	sigaddset(&signals_open, SIGTERM);
-	sigprocmask(block ? SIG_SETMASK : SIG_UNBLOCK, &signals_open, NULL);
-}
-
-static void set_int_handler(void)
-{
-	struct sigaction sigaction_open;
-
-	memset(&sigaction_open, 0, sizeof(struct sigaction));
-	sigaction_open.sa_handler = int_handler;
-	sigaction(SIGINT, &sigaction_open, 0);
-	sigaction(SIGTERM, &sigaction_open, 0);
-	set_int_block(0);
+	tool_log(level, msg, usrptr);
 }

 /* The difference in seconds between two times in "timeval" format. */
@@ -246,8 +155,8 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic)
 	s = read(devfd, buf, SECTOR_SIZE);
 	if (s < 0 || s != SECTOR_SIZE) {
 		log_err(_("Cannot read device %s.\n"), rc->device);
-		close(devfd);
-		return -EIO;
+		r = -EIO;
+		goto out;
 	}

 	/* Be sure that we do not process new version of header */
@@ -353,7 +262,9 @@ static int write_log(struct reenc_ctx *rc)
 		1, rc->device_uuid, rc->reencrypt_direction,
 		rc->device_offset, rc->device_shift);

-	lseek(rc->log_fd, 0, SEEK_SET);
+	if (lseek(rc->log_fd, 0, SEEK_SET) == -1)
+		return -EIO;
+
 	r = write(rc->log_fd, rc->log_buf, SECTOR_SIZE);
 	if (r < 0 || r != SECTOR_SIZE) {
 		log_err(_("Cannot write reencryption log file.\n"));
@@ -438,38 +349,27 @@ static void close_log(struct reenc_ctx *rc)

 static int open_log(struct reenc_ctx *rc)
 {
-	int flags, create_new;
-	struct stat st;
+	int flags = opt_directio ? O_DIRECT : 0;

-	if (!stat(rc->log_file, &st))
-		create_new = 0;
-	else if (errno == ENOENT)
-		create_new = 1;
-	else
-		return -EINVAL;
-
-	if (create_new) {
-		log_dbg("Creating LUKS reencryption log file %s.", rc->log_file);
-		flags = opt_directio ? O_RDWR|O_CREAT|O_DIRECT : O_RDWR|O_CREAT;
-		rc->log_fd = open(rc->log_file, flags, S_IRUSR|S_IWUSR);
-		if (rc->log_fd == -1)
-			return -EINVAL;
-	} else {
+	rc->log_fd = open(rc->log_file, O_RDWR|O_EXCL|O_CREAT|flags, S_IRUSR|S_IWUSR);
+	if (rc->log_fd != -1) {
+		log_dbg("Created LUKS reencryption log file %s.", rc->log_file);
+	} else if (errno == EEXIST) {
 		log_std(_("Log file %s exists, resuming reencryption.\n"), rc->log_file);
-		flags = opt_directio ? O_RDWR|O_DIRECT : O_RDWR;
-		rc->log_fd = open(rc->log_file, flags);
-		if (rc->log_fd == -1)
-			return -EINVAL;
+		rc->log_fd = open(rc->log_file, O_RDWR|flags);
 		rc->in_progress = 1;
 	}

+	if (rc->log_fd == -1)
+		return -EINVAL;
+
 	if (posix_memalign((void *)&rc->log_buf, alignment(rc->log_fd), SECTOR_SIZE)) {
 		log_err(_("Allocation of aligned memory failed.\n"));
 		close_log(rc);
 		return -ENOMEM;
 	}

-	if (create_new && write_log(rc) < 0) {
+	if (!rc->in_progress && write_log(rc) < 0) {
 		close_log(rc);
 		return -EIO;
 	}
@@ -490,6 +390,7 @@ static int activate_luks_headers(struct reenc_ctx *rc)
 	    (r = crypt_set_data_device(cd, rc->device)))
 		goto out;

+	log_verbose(_("Activating temporary device using old LUKS header.\n"));
 	if ((r = crypt_activate_by_passphrase(cd, rc->header_file_org,
 		opt_key_slot, rc->p[rc->keyslot].password, rc->p[rc->keyslot].passwordLen,
 		CRYPT_ACTIVATE_READONLY|CRYPT_ACTIVATE_PRIVATE)) < 0)
@@ -500,6 +401,7 @@ static int activate_luks_headers(struct reenc_ctx *rc)
 	    (r = crypt_set_data_device(cd_new, rc->device)))
 		goto out;

+	log_verbose(_("Activating temporary device using new LUKS header.\n"));
 	if ((r = crypt_activate_by_passphrase(cd_new, rc->header_file_new,
 		opt_key_slot, rc->p[rc->keyslot].password, rc->p[rc->keyslot].passwordLen,
 		CRYPT_ACTIVATE_SHARED|CRYPT_ACTIVATE_PRIVATE)) < 0)
@@ -719,6 +621,7 @@ static void print_progress(struct reenc_ctx *rc, uint64_t bytes, int final)
 	if (!mib)
 		return;

+	/* FIXME: calculate this from last minute only and remaining space */
 	eta = (unsigned long long)(rc->device_size / 1024 / 1024 / mib - tdiff);

 	/* vt100 code clear line */
@@ -885,7 +788,7 @@ static int copy_data(struct reenc_ctx *rc)
 		goto out;
 	}

-	set_int_handler();
+	set_int_handler(0);
 	gettimeofday(&rc->start_time, NULL);

 	if (rc->reencrypt_direction == FORWARD)
@@ -947,7 +850,7 @@ static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd,

 	retry_count = opt_tries ?: 1;
 	while (retry_count--) {
-		set_int_handler();
+		set_int_handler(0);
 		r = crypt_get_key(msg, &rc->p[slot].password,
 			&rc->p[slot].passwordLen,
 			0, 0, NULL /*opt_key_file*/,
@@ -1028,7 +931,7 @@ static int initialize_passphrase(struct reenc_ctx *rc, const char *device)
 	log_dbg("Passhrases initialization.");

 	if (opt_new && !rc->in_progress) {
-		r = init_passphrase1(rc, cd, _("Enter new LUKS passphrase: "), 0, 0);
+		r = init_passphrase1(rc, cd, _("Enter new passphrase: "), 0, 0);
 		return r > 0 ? 0 : r;
 	}

@@ -1042,14 +945,14 @@ static int initialize_passphrase(struct reenc_ctx *rc, const char *device)
 	if (opt_key_file) {
 		r = init_keyfile(rc, cd, opt_key_slot);
 	} else if (rc->in_progress) {
-		r = init_passphrase1(rc, cd, _("Enter any LUKS passphrase: "),
+		r = init_passphrase1(rc, cd, _("Enter any existing passphrase: "),
 				     CRYPT_ANY_SLOT, 1);
 	} else for (i = 0; i < MAX_SLOT; i++) {
 		ki = crypt_keyslot_status(cd, i);
 		if (ki != CRYPT_SLOT_ACTIVE && ki != CRYPT_SLOT_ACTIVE_LAST)
 			continue;

-		snprintf(msg, sizeof(msg), _("Enter LUKS passphrase for key slot %u: "), i);
+		snprintf(msg, sizeof(msg), _("Enter passphrase for key slot %u: "), i);
 		r = init_passphrase1(rc, cd, msg, i, 1);
 		if (r < 0)
 			break;
@@ -1175,17 +1078,6 @@ out:
 	return r;
 }

-static __attribute__ ((noreturn)) void usage(poptContext popt_context,
-					     int exitcode, const char *error,
-					     const char *more)
-{
-	poptPrintUsage(popt_context, stderr, 0);
-	if (error)
-		log_err("%s: %s\n", more, error);
-	poptFreeContext(popt_context);
-	exit(exitcode);
-}
-
 static void help(poptContext popt_context,
 		 enum poptCallbackReason reason __attribute__((unused)),
 		 struct poptOption *key,
@@ -1200,19 +1092,6 @@ static void help(poptContext popt_context,
 		usage(popt_context, EXIT_SUCCESS, NULL, NULL);
 }

-static void _dbg_version_and_cmd(int argc, const char **argv)
-{
-	int i;
-
-	log_std("# %s %s processing \"", PACKAGE_REENC, PACKAGE_VERSION);
-	for (i = 0; i < argc; i++) {
-		if (i)
-			log_std(" ");
-		log_std("%s", argv[i]);
-	}
-	log_std("\"\n");
-}
-
 int main(int argc, const char **argv)
 {
 	static struct poptOption popt_help_options[] = {
@@ -1250,7 +1129,7 @@ int main(int argc, const char **argv)
 	poptContext popt_context;
 	int r;

-	crypt_set_log_callback(NULL, _log, NULL);
+	crypt_set_log_callback(NULL, tool_log, NULL);

 	set_int_block(1);

@@ -1338,23 +1217,12 @@ int main(int argc, const char **argv)
 	if (opt_debug) {
 		opt_verbose = 1;
 		crypt_set_debug_level(-1);
-		_dbg_version_and_cmd(argc, argv);
+		dbg_version_and_cmd(argc, argv);
 	}

 	r = run_reencrypt(action_argv[0]);

 	poptFreeContext(popt_context);

-	/* Translate exit code to simple codes */
-	switch (r) {
-	case 0: 	r = EXIT_SUCCESS; break;
-	case -EEXIST:
-	case -EBUSY:	r = 5; break;
-	case -ENOTBLK:
-	case -ENODEV:	r = 4; break;
-	case -ENOMEM:	r = 3; break;
-	case -EPERM:	r = 2; break;
-	default:	r = EXIT_FAILURE;
-	}
-	return r;
+	return translate_errno(r);
 }
--- a/src/utils_password.c
+++ b/src/utils_password.c
@@ -0,0 +1,91 @@
+/*
+ * Password quality check wrapper
+ *
+ * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012, Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "cryptsetup.h"
+
+int opt_force_password = 0;
+
+#if ENABLE_PWQUALITY
+#include <pwquality.h>
+
+static int tools_check_pwquality(const char *password)
+{
+	int r;
+	void *auxerror;
+	pwquality_settings_t *pwq; 
+
+	log_dbg("Checking new password using default pwquality settings.");
+	pwq = pwquality_default_settings();
+	if (!pwq)
+		return -EINVAL;
+
+	r = pwquality_read_config(pwq, NULL, &auxerror);
+	if (r) {
+		log_err(_("Cannot check password quality: %s\n"),
+			pwquality_strerror(NULL, 0, r, auxerror));
+		pwquality_free_settings(pwq);
+		return -EINVAL;
+	}
+
+	r = pwquality_check(pwq, password, NULL, NULL, &auxerror);
+	if (r < 0) {
+		log_err(_("Password quality check failed:\n %s\n"),
+			pwquality_strerror(NULL, 0, r, auxerror));
+		r = -EPERM;
+	} else {
+		log_dbg("New password libpwquality score is %d.", r);
+		r = 0;
+	}
+
+	pwquality_free_settings(pwq);
+	return r;
+}
+#else /* ENABLE_PWQUALITY */
+static int tools_check_pwquality(const char *password)
+{
+	return 0;
+}
+#endif /* ENABLE_PWQUALITY */
+
+int tools_get_key(const char *prompt,
+		  char **key, size_t *key_size,
+		  size_t keyfile_offset, size_t keyfile_size_max,
+		  const char *key_file,
+		  int timeout, int verify, int pwquality,
+		  struct crypt_device *cd)
+{
+	int r, block;
+
+	block = tools_signals_blocked();
+	if (block)
+		set_int_block(0);
+
+	r = crypt_get_key(prompt, key, key_size, keyfile_offset,
+			  keyfile_size_max, key_file, timeout, verify, cd);
+	if (block && !quit)
+		set_int_block(1);
+
+	/* Check pwquality for password (not keyfile) */
+	if (pwquality && !opt_force_password && !key_file && !r)
+		r = tools_check_pwquality(*key);
+
+	return r;
+}
--- a/src/utils_tools.c
+++ b/src/utils_tools.c
@@ -0,0 +1,259 @@
+/*
+ * cryptsetup - setup cryptographic volumes for dm-crypt
+ *
+ * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "cryptsetup.h"
+#include <signal.h>
+
+int opt_verbose = 0;
+int opt_debug = 0;
+int opt_batch_mode = 0;
+
+/* interrupt handling */
+volatile int quit = 0;
+static int signals_blocked = 0;
+
+static void int_handler(int sig __attribute__((__unused__)))
+{
+	quit++;
+}
+
+int tools_signals_blocked(void)
+{
+	return signals_blocked;
+}
+
+void set_int_block(int block)
+{
+	sigset_t signals_open;
+
+	log_dbg("%slocking interruption on signal.", block ? "B" : "Unb");
+
+	sigemptyset(&signals_open);
+	sigaddset(&signals_open, SIGINT);
+	sigaddset(&signals_open, SIGTERM);
+	sigprocmask(block ? SIG_SETMASK : SIG_UNBLOCK, &signals_open, NULL);
+	signals_blocked = block;
+	quit = 0;
+}
+
+void set_int_handler(int block)
+{
+	struct sigaction sigaction_open;
+
+	log_dbg("Installing SIGINT/SIGTERM handler.");
+	memset(&sigaction_open, 0, sizeof(struct sigaction));
+	sigaction_open.sa_handler = int_handler;
+	sigaction(SIGINT, &sigaction_open, 0);
+	sigaction(SIGTERM, &sigaction_open, 0);
+	set_int_block(block);
+}
+
+void check_signal(int *r)
+{
+	if (quit && !*r)
+		*r = -EINTR;
+}
+
+__attribute__((format(printf, 5, 6)))
+void clogger(struct crypt_device *cd, int level, const char *file, int line,
+	     const char *format, ...)
+{
+	va_list argp;
+	char *target = NULL;
+
+	va_start(argp, format);
+
+	if (vasprintf(&target, format, argp) > 0) {
+		if (level >= 0) {
+			crypt_log(cd, level, target);
+#ifdef CRYPT_DEBUG
+		} else if (opt_debug)
+			printf("# %s:%d %s\n", file ?: "?", line, target);
+#else
+		} else if (opt_debug)
+			printf("# %s\n", target);
+#endif
+	}
+
+	va_end(argp);
+	free(target);
+}
+
+void tool_log(int level, const char *msg, void *usrptr __attribute__((unused)))
+{
+	switch(level) {
+
+	case CRYPT_LOG_NORMAL:
+		fputs(msg, stdout);
+		break;
+	case CRYPT_LOG_VERBOSE:
+		if (opt_verbose)
+			fputs(msg, stdout);
+		break;
+	case CRYPT_LOG_ERROR:
+		fputs(msg, stderr);
+		break;
+	case CRYPT_LOG_DEBUG:
+		if (opt_debug)
+			printf("# %s\n", msg);
+		break;
+	default:
+		fprintf(stderr, "Internal error on logging class for msg: %s", msg);
+		break;
+	}
+}
+
+void quiet_log(int level, const char *msg, void *usrptr)
+{
+	if (!opt_verbose && (level == CRYPT_LOG_ERROR || level == CRYPT_LOG_NORMAL))
+		level = CRYPT_LOG_VERBOSE;
+	tool_log(level, msg, usrptr);
+}
+
+int yesDialog(const char *msg, void *usrptr __attribute__((unused)))
+{
+	char *answer = NULL;
+	size_t size = 0;
+	int r = 1, block;
+
+	block = tools_signals_blocked();
+	if (block)
+		set_int_block(0);
+
+	if(isatty(STDIN_FILENO) && !opt_batch_mode) {
+		log_std("\nWARNING!\n========\n");
+		log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg);
+		if(getline(&answer, &size, stdin) == -1) {
+			r = 0;
+			/* Aborted by signal */
+			if (!quit)
+				log_err(_("Error reading response from terminal.\n"));
+			else
+				log_dbg("Query interrupted on signal.");
+		} else if(strcmp(answer, "YES\n"))
+			r = 0;
+	}
+
+	if (block && !quit)
+		set_int_block(1);
+
+	free(answer);
+	return r;
+}
+
+void show_status(int errcode)
+{
+	char error[256], *error_;
+
+	if(!opt_verbose)
+		return;
+
+	if(!errcode) {
+		log_std(_("Command successful.\n"));
+		return;
+	}
+
+	crypt_get_error(error, sizeof(error));
+
+	if (!error[0]) {
+		error_ = strerror_r(-errcode, error, sizeof(error));
+		if (error_ != error) {
+			strncpy(error, error_, sizeof(error));
+			error[sizeof(error) - 1] = '\0';
+		}
+	}
+
+	log_err(_("Command failed with code %i"), -errcode);
+	if (*error)
+		log_err(": %s\n", error);
+	else
+		log_err(".\n");
+}
+
+const char *uuid_or_device(const char *spec)
+{
+	static char device[PATH_MAX];
+	char s, *ptr;
+	int i = 0, uuid_len = 5;
+
+	/* Check if it is correct UUID=<LUKS_UUID> format */
+	if (spec && !strncmp(spec, "UUID=", uuid_len)) {
+		strcpy(device, "/dev/disk/by-uuid/");
+		ptr = &device[strlen(device)];
+		i = uuid_len;
+		while ((s = spec[i++]) && i < PATH_MAX) {
+			if (!isxdigit(s) && s != '-')
+				return spec; /* Bail it out */
+			if (isalpha(s))
+				s = tolower(s);
+			*ptr++ = s;
+		}
+		*ptr = '\0';
+		return device;
+	}
+
+	return spec;
+}
+
+__attribute__ ((noreturn)) void usage(poptContext popt_context,
+					     int exitcode, const char *error,
+					     const char *more)
+{
+	poptPrintUsage(popt_context, stderr, 0);
+	if (error)
+		log_err("%s: %s\n", more, error);
+	poptFreeContext(popt_context);
+	exit(exitcode);
+}
+
+void dbg_version_and_cmd(int argc, const char **argv)
+{
+	int i;
+
+	log_std("# %s %s processing \"", PACKAGE_NAME, PACKAGE_VERSION);
+	for (i = 0; i < argc; i++) {
+		if (i)
+			log_std(" ");
+		log_std("%s", argv[i]);
+	}
+	log_std("\"\n");
+}
+
+/* Translate exit code to simple codes */
+int translate_errno(int r)
+{
+	switch (r) {
+	case 0: 	r = EXIT_SUCCESS; break;
+	case -EEXIST:
+	case -EBUSY:	r = 5; break;
+	case -ENOTBLK:
+	case -ENODEV:	r = 4; break;
+	case -ENOMEM:	r = 3; break;
+	case -EPERM:	r = 2; break;
+	case -EINVAL:
+	case -ENOENT:
+	case -ENOSYS:
+	default:	r = EXIT_FAILURE;
+	}
+	return r;
+}
--- a/src/veritysetup.c
+++ b/src/veritysetup.c
@@ -5,7 +5,8 @@
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -17,17 +18,6 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <errno.h>
-#include <string.h>
-#include <ctype.h>
-#include <inttypes.h>
-#include <popt.h>
-#include <limits.h>
-#include <sys/stat.h>
-
 #include "cryptsetup.h"

 #define PACKAGE_VERITY "veritysetup"
@@ -43,62 +33,11 @@ static const char *salt_string = NULL;
 static uint64_t hash_offset = 0;
 static const char *opt_uuid = NULL;

-static int opt_verbose = 0;
-static int opt_debug = 0;
 static int opt_version_mode = 0;

 static const char **action_argv;
 static int action_argc;

-__attribute__((format(printf, 5, 6)))
-static void clogger(struct crypt_device *cd, int level, const char *file,
-		   int line, const char *format, ...)
-{
-	va_list argp;
-	char *target = NULL;
-
-	va_start(argp, format);
-
-	if (vasprintf(&target, format, argp) > 0) {
-		if (level >= 0) {
-			crypt_log(cd, level, target);
-#ifdef CRYPT_DEBUG
-		} else if (opt_debug)
-			printf("# %s:%d %s\n", file ?: "?", line, target);
-#else
-		} else if (opt_debug)
-			printf("# %s\n", target);
-#endif
-	}
-
-	va_end(argp);
-	free(target);
-}
-
-static void _log(int level, const char *msg, void *usrptr __attribute__((unused)))
-{
-	switch(level) {
-
-	case CRYPT_LOG_NORMAL:
-		fputs(msg, stdout);
-		break;
-	case CRYPT_LOG_VERBOSE:
-		if (opt_verbose)
-			fputs(msg, stdout);
-		break;
-	case CRYPT_LOG_ERROR:
-		fputs(msg, stderr);
-		break;
-	case CRYPT_LOG_DEBUG:
-		if (opt_debug)
-			printf("# %s\n", msg);
-		break;
-	default:
-		fprintf(stderr, "Internal error on logging class for msg: %s", msg);
-		break;
-	}
-}
-
 static int _prepare_format(struct crypt_params_verity *params,
 			   const char *data_device,
 			   uint32_t flags)
@@ -142,6 +81,16 @@ static int action_format(int arg)
 	uint32_t flags = CRYPT_VERITY_CREATE_HASH;
 	int r;

+	/* Try to create hash image if doesn't exist */
+	r = open(action_argv[1], O_WRONLY | O_EXCL | O_CREAT, S_IRUSR | S_IWUSR);
+	if (r < 0 && errno != EEXIST) {
+		log_err(_("Cannot create hash image %s for writing.\n"), action_argv[1]);
+		return -EINVAL;
+	} else if (r >= 0) {
+		log_dbg("Created hash image %s.", action_argv[1]);
+		close(r);
+	}
+
 	if ((r = crypt_init(&cd, action_argv[1])))
 		goto out;

@@ -348,30 +297,6 @@ static int action_dump(int arg)
 	return r;
 }

-static __attribute__ ((noreturn)) void usage(poptContext popt_context,
-					     int exitcode, const char *error,
-					     const char *more)
-{
-	poptPrintUsage(popt_context, stderr, 0);
-	if (error)
-		log_err("%s: %s\n", more, error);
-	poptFreeContext(popt_context);
-	exit(exitcode);
-}
-
-static void _dbg_version_and_cmd(int argc, const char **argv)
-{
-	int i;
-
-	log_std("# %s %s processing \"", PACKAGE_VERITY, PACKAGE_VERSION);
-	for (i = 0; i < argc; i++) {
-		if (i)
-			log_std(" ");
-		log_std("%s", argv[i]);
-	}
-	log_std("\"\n");
-}
-
 static struct action_type {
 	const char *type;
 	int (*handler)(int);
@@ -421,35 +346,6 @@ static void help(poptContext popt_context,
 		usage(popt_context, EXIT_SUCCESS, NULL, NULL);
 }

-static void show_status(int errcode)
-{
-	char error[256], *error_;
-
-	if(!opt_verbose)
-		return;
-
-	if(!errcode) {
-		log_std(_("Command successful.\n"));
-		return;
-	}
-
-	crypt_get_error(error, sizeof(error));
-
-	if (!error[0]) {
-		error_ = strerror_r(-errcode, error, sizeof(error));
-		if (error_ != error) {
-			strncpy(error, error_, sizeof(error));
-			error[sizeof(error) - 1] = '\0';
-		}
-	}
-
-	log_err(_("Command failed with code %i"), -errcode);
-	if (*error)
-		log_err(": %s\n", error);
-	else
-		log_err(".\n");
-}
-
 static int run_action(struct action_type *action)
 {
 	int r;
@@ -459,22 +355,7 @@ static int run_action(struct action_type *action)
 	r = action->handler(0);

 	show_status(r);
-
-	/* Translate exit code to simple codes */
-	switch (r) {
-	case 0: 	r = EXIT_SUCCESS; break;
-	case -EEXIST:
-	case -EBUSY:	r = 5; break;
-	case -ENOTBLK:
-	case -ENODEV:	r = 4; break;
-	case -ENOMEM:	r = 3; break;
-	case -EPERM:	r = 2; break;
-	case -EINVAL:
-	case -ENOENT:
-	case -ENOSYS:
-	default:	r = EXIT_FAILURE;
-	}
-	return r;
+	return translate_errno(r);
 }

 int main(int argc, const char **argv)
@@ -509,7 +390,7 @@ int main(int argc, const char **argv)
 	const char *aname;
 	int r;

-	crypt_set_log_callback(NULL, _log, NULL);
+	crypt_set_log_callback(NULL, tool_log, NULL);

 	setlocale(LC_ALL, "");
 	bindtextdomain(PACKAGE, LOCALEDIR);
@@ -589,7 +470,7 @@ int main(int argc, const char **argv)
 	if (opt_debug) {
 		opt_verbose = 1;
 		crypt_set_debug_level(-1);
-		_dbg_version_and_cmd(argc, argv);
+		dbg_version_and_cmd(argc, argv);
 	}

 	r = run_action(action);
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -1,4 +1,11 @@
-TESTS = api-test compat-test loopaes-test align-test discards-test mode-test password-hash-test
+TESTS = api-test \
+	compat-test \
+	loopaes-test \
+	align-test \
+	discards-test \
+	mode-test \
+	password-hash-test \
+	tcrypt-compat-test

 if VERITYSETUP
 TESTS += verity-compat-test
@@ -8,17 +15,22 @@ if REENCRYPT
 TESTS += reencryption-compat-test
 endif

-EXTRA_DIST = compatimage.img.bz2 valid_header_file.bz2 \
+EXTRA_DIST = compatimage.img.bz2 compatv10image.img.bz2 \
+	valid_header_file.bz2 \
 	evil_hdr-payload_overwrite.bz2 \
 	evil_hdr-stripes_payload_dmg.bz2 \
 	evil_hdr-luks_hdr_damage.bz2 \
 	evil_hdr-small_luks_device.bz2 \
+	tcrypt-images.tar.bz2 \
 	compat-test loopaes-test align-test discards-test mode-test password-hash-test \
 	verity-compat-test \
 	reencryption-compat-test \
+	tcrypt-compat-test \
 	cryptsetup-valg-supps valg.sh valg-api.sh

 CLEANFILES = cryptsetup-tst* valglog*
+clean-local:
+	-rm -rf tcrypt-images

 differ_SOURCES = differ.c
 differ_CFLAGS = -Wall -O2
--- a/tests/align-test
+++ b/tests/align-test
@@ -3,6 +3,8 @@
 CRYPTSETUP="../src/cryptsetup"
 DEV=""
 DEV_STACKED="luks0xbabe"
+PWD1="93R4P4pIqAH8"
+PWD2="mymJeD8ivEhE"

 cleanup() {
 	udevadm settle >/dev/null 2>&1
@@ -13,6 +15,7 @@ cleanup() {

 fail()
 {
+	echo "FAIL"
 	[ -n "$1" ] && echo "$1"
 	cleanup
 	exit 100
@@ -38,42 +41,65 @@ add_device() {
 	[ -b $DEV ] || fail "Cannot find $DEV."
 }

-
 format() # key_bits expected [forced]
 {
 	if [ -z "$3" ] ; then
-		echo -n "Formatting using topology info ($1 bits key)...."
-		echo xxx| $CRYPTSETUP luksFormat $DEV -q -i1 -c aes-cbc-essiv:sha256 -s $1
+		echo -n "Formatting using topology info ($1 bits key)..."
+		echo $PWD1 | $CRYPTSETUP luksFormat $DEV -q -i1 -c aes-cbc-essiv:sha256 -s $1
 	else
 		echo -n "Formatting using forced sector alignment $3 ($1 bits key)..."
-		echo xxx| $CRYPTSETUP luksFormat $DEV -q -i1 -s $1 -c aes-cbc-essiv:sha256 --align-payload=$2
+		echo $PWD1 | $CRYPTSETUP luksFormat $DEV -q -i1 -s $1 -c aes-cbc-essiv:sha256 --align-payload=$2
 	fi

 	ALIGN=$($CRYPTSETUP luksDump $DEV |grep "Payload offset" | sed -e s/.*\\t//)
 	#echo "ALIGN = $ALIGN"

-	if [ -z "$ALIGN" ] ; then
-		fail "FAIL"
-	elif [ $ALIGN -ne $2 ] ; then
-		echo "FAIL"
-		fail "Expected alignment differs: expected $2 != detected $ALIGN"
-	fi
+	[ -z "$ALIGN" ] && fail
+	[ $ALIGN -ne $2 ] && fail "Expected alignment differs: expected $2 != detected $ALIGN"

 	# test some operation, just in case
-	echo -e "xxx\naaa" | $CRYPTSETUP luksAddKey $DEV -i1 --key-slot 1
-	if [ $? -ne 0 ] ; then
-		echo "FAIL"
-		fail "Keyslot add failed."
-	fi
+	echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV -i1 --key-slot 1
+	[ $? -ne 0 ] && fail "Keyslot add failed."
+
 	$CRYPTSETUP -q luksKillSlot $DEV 1
-	if [ $? -ne 0 ] ; then
-		echo "FAIL"
-		fail "Keyslot removal failed."
-	fi
+	[ $? -ne 0 ] && fail "Keyslot removal failed."

 	echo "PASSED"
 }

+get_offsets()
+{
+	$CRYPTSETUP luksDump $DEV | grep "$1" | cut -s -d ':' -f 2 | sed  -e 's/\s//g' -e :a -e N -e 's/\n/:/g' -e 's/\s//g' -e ta
+}
+
+format_null()
+{
+	if [ $3 -eq 0 ] ; then
+		echo -n "Formatting using topology info ($1 bits key) [slot 0"
+		echo $PWD1 | $CRYPTSETUP luksFormat $DEV -q -i1 -c null -s $1
+	else
+		echo -n "Formatting using forced sector alignment $3 ($1 bits key) [slot 0"
+		echo $PWD1 | $CRYPTSETUP luksFormat $DEV -q -i1 -c null -s $1 --align-payload=$3
+	fi
+
+	POFF=$(get_offsets "Payload offset")
+	[ -z "$POFF" ] && fail
+	[ $POFF != $2 ] && fail "Expected data offset differs: expected $2 != detected $POFF"
+	if [ -n "$4" ] ; then
+		for j in 1 2 3 4 5 6 7 ; do
+			echo -e "$PWD1\n$PWD2$j" | $CRYPTSETUP luksAddKey $DEV -q -i1 --key-slot $j -c null $PARAMS
+			echo -n $j
+			[ $? -ne 0 ] && fail
+		done
+
+		KOFF=$(get_offsets "Key material offset")
+		[ -z "$KOFF" ] && fail
+		[ $KOFF != $4 ] && fail "Expected keyslots offsets differ: expected $4 != detected $KOFF"
+	fi
+
+	echo "]...PASSED"
+}
+
 if [ $(id -u) != 0 ]; then
 	echo "WARNING: You must be root to run this test, test skipped."
 	exit 0
@@ -111,7 +137,7 @@ format 128 2048
 format 128 1536 8
 cleanup

-echo "# Create classic 512b drive and stack dm-linear"
+echo "# Create classic 512B drive and stack dm-linear"
 echo "# (logical_block_size=512, physical_block_size=512, alignment_offset=0)"
 add_device dev_size_mb=16 sector_size=512 num_tgts=1
 DEV2=$DEV
@@ -123,3 +149,52 @@ format 128 2048
 format 128 1088 8
 format 128 8192 8192
 cleanup
+
+echo "# Offset check: 512B sector drive"
+add_device dev_size_mb=16 sector_size=512 num_tgts=1
+#           |k| expO reqO expected slot offsets
+format_null  64 2048    0 8:72:136:200:264:328:392:456
+format_null  64  520    1
+format_null  64  520    8
+format_null  64  640  128
+format_null  64 2048 2048
+format_null 128 2048    0 8:136:264:392:520:648:776:904
+format_null 128 1032    1
+format_null 128 1032    8
+format_null 128 1152  128
+format_null 128 2048 2048
+format_null 256 4096    0 8:264:520:776:1032:1288:1544:1800
+format_null 256 2056    1
+format_null 256 2056    8
+format_null 256 2176  128
+format_null 256 4096 2048
+format_null 512 4096    0 8:512:1016:1520:2024:2528:3032:3536
+format_null 512 4040    1
+format_null 512 4040    8
+format_null 512 4096  128
+format_null 512 4096 2048
+cleanup
+
+echo "# Offset check: 4096B sector drive"
+add_device dev_size_mb=16 sector_size=4096 num_tgts=1
+format_null  64 2048    0 8:72:136:200:264:328:392:456
+format_null  64  520    1
+format_null  64  520    8
+format_null  64  640  128
+format_null  64 2048 2048
+format_null 128 2048    0 8:136:264:392:520:648:776:904
+format_null 128 1032    1
+format_null 128 1032    8
+format_null 128 1152  128
+format_null 128 2048 2048
+format_null 256 4096    0 8:264:520:776:1032:1288:1544:1800
+format_null 256 2056    1
+format_null 256 2056    8
+format_null 256 2176  128
+format_null 256 4096 2048
+format_null 512 4096    0 8:512:1016:1520:2024:2528:3032:3536
+format_null 512 4040    1
+format_null 512 4040    8
+format_null 512 4096  128
+format_null 512 4096 2048
+cleanup
--- a/tests/api-test.c
+++ b/tests/api-test.c
@@ -2,10 +2,12 @@
 * cryptsetup library API check functions
 *
 * Copyright (C) 2009-2012 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2013, Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -25,6 +27,7 @@
 #include <linux/fs.h>
 #include <errno.h>
 #include <assert.h>
+#include <signal.h>
 #include <sys/stat.h>
 #include <sys/ioctl.h>
 #include <libdevmapper.h>
@@ -82,6 +85,9 @@

 static int _debug   = 0;
 static int _verbose = 1;
+static int _fips_mode = 0;
+
+static int _quit = 0;

 static char global_log[4096];
 static int global_lines = 0;
@@ -112,6 +118,24 @@ static int device_size(const char *device, uint64_t *size)
 	return r;
 }

+static int fips_mode(void)
+{
+	int fd;
+	char buf = 0;
+
+	fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);
+
+	if (fd < 0)
+		return 0;
+
+	if (read(fd, &buf, 1) != 1)
+		buf = '0';
+
+	close(fd);
+
+	return (buf == '1');
+}
+
 static int get_luks_offsets(int metadata_device,
 			    size_t keylength,
 			    unsigned int alignpayload_sec,
@@ -271,6 +295,8 @@ static void cmdLineLog(int level, const char *msg)

 static void new_log(int level, const char *msg, void *usrptr)
 {
+	if (_debug)
+		printf("LOG: %s", msg);
 	cmdLineLog(level, msg);
 }

@@ -283,6 +309,8 @@ static void reset_log(void)
 static int _system(const char *command, int warn)
 {
 	int r;
+	if (_debug)
+		printf("Running system: %s\n", command);
 	if ((r=system(command)) < 0 && warn)
 		printf("System command failed: %s", command);
 	return r;
@@ -376,7 +404,7 @@ static int _setup(void)
 		return 1;
 	}
 	close(fd);
-	snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d",
+	snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
 		 test_loop_file, SECTOR_SIZE, TST_LOOP_FILE_SIZE);
 	if (_system(cmd, 1))
 		return 1;
@@ -398,7 +426,7 @@ static int _setup(void)
 		return 1;
 	}
 	close(fd);
-	snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d",
+	snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=%s bs=%d count=%d 2>/dev/null",
 		 tmp_file_1, SECTOR_SIZE, 10);
 	if (_system(cmd, 1))
 		return 1;
@@ -423,7 +451,7 @@ static int _setup(void)
 		return 1;
 	}
 	if (crypt_loop_device(DEVICE_2)) {
-		_system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=4", 1);
+		_system("dd if=/dev/zero of=" IMAGE_EMPTY " bs=1M count=4 2>/dev/null", 1);
 		fd = crypt_loop_attach(DEVICE_2, IMAGE_EMPTY, 0, 0, &ro);
 		close(fd);
 	}
@@ -440,6 +468,16 @@ static int _setup(void)
 	 * volume_key = bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a */
 	_system(" [ ! -e " VALID_HEADER " ] && bzip2 -dk " VALID_HEADER ".bz2", 1);

+	/* Prepare tcrypt images */
+	_system(" [ ! -d tcrypt-images ] && tar xjf tcrypt-images.tar.bz2 2>/dev/null", 1);
+
+	_system("modprobe dm-crypt", 0);
+	_system("modprobe dm-verity", 0);
+
+	_fips_mode = fips_mode();
+	if (_debug)
+		printf("FIPS MODE: %d\n", _fips_mode);
+
 	return 0;
 }

@@ -485,6 +523,12 @@ static void xlog(const char *msg, const char *tst, const char *func, int line, c
 		else
 			printf(" [%s,%s:%d] %s\n", msg, func, line, tst);
 	}
+	if (_quit) {
+		if (_verbose)
+			printf("Interrupted by a signal.\n");
+		_cleanup();
+		exit(-1);
+	}
 }

 /* crypt_device context must be "cd" to parse error properly here */
@@ -689,7 +733,7 @@ static void AddDevicePlain(void)
 		EQ_(r_size, size);

 	// size overlaps
-	FAIL_(crypt_resize(cd, CDEVICE_1, ULLONG_MAX),"Backing device is too small");
+	FAIL_(crypt_resize(cd, CDEVICE_1, (uint64_t)-1),"Backing device is too small");
 	FAIL_(crypt_resize(cd, CDEVICE_1, (size>>SECTOR_SHIFT)+1),"crypt device overlaps backing device");

 	// resize ok
@@ -749,14 +793,16 @@ static void AddDevicePlain(void)
 	EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);

 	// retrieve volume key check
-	memset(key2, 0, key_size);
-	key_size--;
-	// small buffer
-	FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)), "small buffer");
-	key_size++;
-	OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
+	if (!_fips_mode) {
+		memset(key2, 0, key_size);
+		key_size--;
+		// small buffer
+		FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)), "small buffer");
+		key_size++;
+		OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));

-	OK_(memcmp(key, key2, key_size));
+		OK_(memcmp(key, key2, key_size));
+	}
 	OK_(strcmp(cipher, crypt_get_cipher(cd)));
 	OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
 	EQ_((int)key_size, crypt_get_volume_key_size(cd));
@@ -888,16 +934,18 @@ static void UseLuksDevice(void)
 	EQ_((int)key_size, crypt_get_volume_key_size(cd));
 	EQ_(1032, crypt_get_data_offset(cd));

-	EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
-	OK_(crypt_volume_key_verify(cd, key, key_size));
-	OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
-	OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
-	EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
-	OK_(crypt_deactivate(cd, CDEVICE_1));
+	if (!_fips_mode) {
+		EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
+		OK_(crypt_volume_key_verify(cd, key, key_size));
+		OK_(crypt_activate_by_volume_key(cd, NULL, key, key_size, 0));
+		OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0));
+		EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+		OK_(crypt_deactivate(cd, CDEVICE_1));

-	key[1] = ~key[1];
-	FAIL_(crypt_volume_key_verify(cd, key, key_size), "key mismatch");
-	FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "key mismatch");
+		key[1] = ~key[1];
+		FAIL_(crypt_volume_key_verify(cd, key, key_size), "key mismatch");
+		FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "key mismatch");
+	}
 	crypt_free(cd);
 }

@@ -944,7 +992,7 @@ static void AddDeviceLuks(void)
 	};
 	char key[128], key2[128];

-	const char *passphrase = "blabla";
+	const char *passphrase = "blabla", *passphrase2 = "nsdkFI&Y#.sd";
 	const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
 	size_t key_size = strlen(mk_hex) / 2;
 	const char *cipher = "aes";
@@ -1052,7 +1100,7 @@ static void AddDeviceLuks(void)
 	// there we've got uuid mismatch
 	OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
 	EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
-	OK_((int)crypt_get_type(cd));
+	OK_(!!crypt_get_type(cd));
 	FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device is active");
 	FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, key, key_size, 0), "Device is active");
 	EQ_(crypt_status(cd, CDEVICE_2), CRYPT_INACTIVE);
@@ -1114,10 +1162,17 @@ static void AddDeviceLuks(void)
 	EQ_(CRYPT_SLOT_INACTIVE, crypt_keyslot_status(cd, 7));
 	EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 6));

-	EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
-	OK_(crypt_volume_key_verify(cd, key2, key_size));
+	EQ_(7, crypt_keyslot_change_by_passphrase(cd, 6, 7, passphrase, strlen(passphrase), passphrase2, strlen(passphrase2)));
+	EQ_(CRYPT_SLOT_ACTIVE_LAST, crypt_keyslot_status(cd, 7));
+	EQ_(7, crypt_activate_by_passphrase(cd, NULL, 7, passphrase2, strlen(passphrase2), 0));
+	EQ_(6, crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 6, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase)));

-	OK_(memcmp(key, key2, key_size));
+	if (!_fips_mode) {
+		EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
+		OK_(crypt_volume_key_verify(cd, key2, key_size));
+
+		OK_(memcmp(key, key2, key_size));
+	}
 	OK_(strcmp(cipher, crypt_get_cipher(cd)));
 	OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
 	EQ_((int)key_size, crypt_get_volume_key_size(cd));
@@ -1242,7 +1297,7 @@ static void LuksHeaderRestore(void)
 	FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, EVL_HEADER_4), "Header too small");
 	OK_(crypt_header_restore(cd, CRYPT_LUKS1, VALID_HEADER));
 	// wipe valid luks header
-	snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 count=%" PRIu64, r_payload_offset);
+	snprintf(cmd, sizeof(cmd), "dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 count=%" PRIu64 " 2>/dev/null", r_payload_offset);
 	OK_(_system(cmd, 1));
 	FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, EVL_HEADER_1), "Header corrupted");
 	FAIL_(crypt_header_restore(cd, CRYPT_LUKS1, EVL_HEADER_2), "Header corrupted");
@@ -1302,7 +1357,7 @@ static void LuksHeaderLoad(void)
 	//OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_payload_offset - 1));
 	OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, 2050 - 1)); //FIXME
 	//snprintf(cmd, sizeof(cmd), "dd if=" EVL_HEADER_4 " of=" DMDIR H_DEVICE_WRONG " bs=512 count=%" PRIu64, r_payload_offset - 1);
-	snprintf(cmd, sizeof(cmd), "dd if=" EVL_HEADER_4 " of=" DMDIR H_DEVICE_WRONG " bs=512 count=%" PRIu64, 2050ULL - 1);
+	snprintf(cmd, sizeof(cmd), "dd if=" EVL_HEADER_4 " of=" DMDIR H_DEVICE_WRONG " bs=512 count=%d 2>/dev/null", 2050 - 1);
 	OK_(_system(cmd, 1));
 	// some device
 	OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
@@ -1328,7 +1383,7 @@ static void LuksHeaderLoad(void)
 	// bad header: device too small (payloadOffset > device_size)
 	OK_(crypt_init(&cd, DMDIR H_DEVICE_WRONG));
 	FAIL_(crypt_load(cd, CRYPT_LUKS1, NULL), "Device too small");
-	OK_((int)crypt_get_type(cd));
+	OK_(!!crypt_get_type(cd));
 	crypt_free(cd);

 	// 0 secs for encrypted data area
@@ -1345,7 +1400,7 @@ static void LuksHeaderLoad(void)
 	crypt_free(cd);

 	// damaged header
-	OK_(_system("dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 count=8", 1));
+	OK_(_system("dd if=/dev/zero of=" DMDIR L_DEVICE_OK " bs=512 count=8 2>/dev/null", 1));
 	OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
 	FAIL_(crypt_load(cd, CRYPT_LUKS1, NULL), "Header not found");
 	crypt_free(cd);
@@ -1649,7 +1704,6 @@ static void VerityTest(void)
 	OK_(crypt_set_data_device(cd, DEVICE_1));
 	FAIL_(crypt_activate_by_volume_key(cd, NULL, root_hash, 32, 0), "Data corrupted");;

-	_system("modprobe dm-verity", 0);
 	OK_(crypt_set_data_device(cd, DEVICE_EMPTY));
 	if (crypt_activate_by_volume_key(cd, CDEVICE_1, root_hash, 32,
 	    CRYPT_ACTIVATE_READONLY) == -ENOTSUP) {
@@ -1682,6 +1736,106 @@ static void VerityTest(void)
 	crypt_free(cd);
 }

+static void TcryptTest(void)
+{
+	struct crypt_device *cd = NULL;
+	struct crypt_active_device cad;
+	const char *passphrase = "aaaaaaaaaaaa";
+	const char *kf1 = "tcrypt-images/keyfile1";
+	const char *kf2 = "tcrypt-images/keyfile2";
+	const char *keyfiles[] = { kf1, kf2 };
+	struct crypt_params_tcrypt params = {
+		.passphrase = passphrase,
+		.passphrase_size = strlen(passphrase),
+		.keyfiles = keyfiles,
+		.keyfiles_count = 2,
+	};
+	double enc_mbr = 0, dec_mbr = 0;
+	const char *tcrypt_dev = "tcrypt-images/tck_5-sha512-xts-aes";
+	const char *tcrypt_dev2 = "tcrypt-images/tc_5-sha512-xts-serpent-twofish-aes";
+	size_t key_size = 64;
+	char key[key_size], key_def[key_size];
+	const char *key_hex =
+		"98dee64abe44bbf41d171c1f7b3e8eacda6d6b01f459097459a167f8c2872a96"
+		"3979531d1cdc18af62757cf22286f16f8583d848524f128d7594ac2082668c73";
+	int r;
+
+	crypt_decode_key(key_def, key_hex, strlen(key_hex) / 2);
+
+	// First ensure we can use af_alg skcipher interface
+	r = crypt_benchmark(NULL, "aes", "xts", 512, 16, 1024, &enc_mbr, &dec_mbr);
+	if (r == -ENOTSUP || r == -ENOENT) {
+		printf("WARNING: algif_skcipher interface not present, skipping test.\n");
+		return;
+	}
+
+	OK_(crypt_init(&cd, tcrypt_dev));
+	params.passphrase_size--;
+	FAIL_(crypt_load(cd, CRYPT_TCRYPT, &params), "Wrong passphrase");
+	params.passphrase_size++;
+	OK_(crypt_load(cd, CRYPT_TCRYPT, &params));
+
+	// check params after load
+	OK_(strcmp("xts-plain64", crypt_get_cipher_mode(cd)));
+	OK_(strcmp("aes", crypt_get_cipher(cd)));
+	EQ_(key_size, crypt_get_volume_key_size(cd));
+	EQ_(256, crypt_get_iv_offset(cd));
+	EQ_(256, crypt_get_data_offset(cd));
+
+	memset(key, 0, key_size);
+	if (!_fips_mode) {
+		key_size--;
+		// small buffer
+		FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, NULL, 0), "small buffer");
+		key_size++;
+		OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, NULL, 0));
+		OK_(memcmp(key, key_def, key_size));
+	}
+
+	reset_log();
+	crypt_set_log_callback(cd, &new_log, NULL);
+	OK_(crypt_dump(cd));
+	OK_(!(global_lines != 0));
+	crypt_set_log_callback(cd, NULL, NULL);
+	reset_log();
+
+	OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, NULL, 0, CRYPT_ACTIVATE_READONLY));
+	crypt_free(cd);
+
+	OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, NULL));
+	EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+
+	FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, NULL, 0), "Need crypt_load");
+
+	// check params after init_by_name
+	OK_(strcmp("xts-plain64", crypt_get_cipher_mode(cd)));
+	OK_(strcmp("aes", crypt_get_cipher(cd)));
+	EQ_(key_size, crypt_get_volume_key_size(cd));
+	EQ_(256, crypt_get_iv_offset(cd));
+	EQ_(256, crypt_get_data_offset(cd));
+
+	OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+	EQ_(CRYPT_ACTIVATE_READONLY, cad.flags);
+	EQ_(256, cad.offset);
+	EQ_(256, cad.iv_offset);
+	EQ_(72, cad.size);
+
+	OK_(crypt_deactivate(cd, CDEVICE_1));
+	crypt_free(cd);
+
+	OK_(crypt_init(&cd, tcrypt_dev2));
+	params.keyfiles = NULL;
+	params.keyfiles_count = 0;
+	OK_(crypt_load(cd, CRYPT_TCRYPT, &params));
+	OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, NULL, 0, CRYPT_ACTIVATE_READONLY));
+	crypt_free(cd);
+
+	// Deactivate the whole chain
+	EQ_(crypt_status(NULL, CDEVICE_1 "_1"), CRYPT_BUSY);
+	OK_(crypt_deactivate(NULL, CDEVICE_1));
+	EQ_(crypt_status(NULL, CDEVICE_1 "_1"), CRYPT_INACTIVE);
+}
+
 // Check that gcrypt is properly initialised in format
 static void NonFIPSAlg(void)
 {
@@ -1717,8 +1871,14 @@ static void NonFIPSAlg(void)
 	crypt_free(cd);
 }

+static void int_handler(int sig __attribute__((__unused__)))
+{
+	_quit++;
+}
+
 int main(int argc, char *argv[])
 {
+	struct sigaction sa = { .sa_handler = int_handler };
 	int i;

 	if (getuid() != 0) {
@@ -1733,6 +1893,10 @@ int main(int argc, char *argv[])
 			_debug = _verbose = 1;
 	}

+	/* Handle interrupt properly */
+	sigaction(SIGINT, &sa, NULL);
+	sigaction(SIGTERM, &sa, NULL);
+
 	_cleanup();
 	if (_setup())
 		goto out;
@@ -1752,6 +1916,7 @@ int main(int argc, char *argv[])
 	RUN_(UseTempVolumes, "Format and use temporary encrypted device");
 	RUN_(CallbacksTest, "API callbacks test");
 	RUN_(VerityTest, "DM verity test");
+	RUN_(TcryptTest, "Tcrypt API test");
 out:
 	_cleanup();
 	return 0;
--- a/tests/compat-test
+++ b/tests/compat-test
@@ -1,5 +1,6 @@
 #!/bin/bash

+PS4='$LINENO:'
 CRYPTSETUP=../src/cryptsetup

 CRYPTSETUP_VALGRIND=../src/.libs/cryptsetup
@@ -10,11 +11,17 @@ DEV_NAME2=dummy2
 DEV_NAME3=dummy3
 ORIG_IMG=luks-test-orig
 IMG=luks-test
+IMG10=luks-test-v10
 HEADER_IMG=luks-header
 KEY1=key1
 KEY2=key2
 KEY5=key5
 KEYE=keye
+PWD0="compatkey"
+PWD1="93R4P4pIqAH8"
+PWD2="mymJeD8ivEhE"
+PWD3="ocMakf3fAcQO"
+PWDW="rUkL4RUryBom"

 LUKS_HEADER="S0-5 S6-7 S8-39 S40-71 S72-103 S104-107 S108-111 R112-131 R132-163 S164-167 S168-207 A0-591"
 KEY_SLOT0="S208-211 S212-215 R216-247 A248-251 A251-255"
@@ -32,6 +39,7 @@ KEY_MATERIAL5_EXT="S331776-395264"
 TEST_UUID="12345678-1234-1234-1234-123456789abc"

 LOOPDEV=$(losetup -f 2>/dev/null)
+FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)

 function remove_mapping()
 {
@@ -39,7 +47,7 @@ function remove_mapping()
 	[ -b /dev/mapper/$DEV_NAME2 ] && dmsetup remove $DEV_NAME2
 	[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
 	losetup -d $LOOPDEV >/dev/null 2>&1
-	rm -f $ORIG_IMG $IMG $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG >/dev/null 2>&1
+	rm -f $ORIG_IMG $IMG $IMG10 $KEY1 $KEY2 $KEY5 $KEYE $HEADER_IMG >/dev/null 2>&1
 }

 function force_uevent()
@@ -56,9 +64,16 @@ function fail()
 	exit 2
 }

+function can_fail_fips()
+{
+        # Ignore this fail if running in FIPS mode
+        [ -z "$FIPS_MODE" -o "$FIPS_MODE" -eq 0 ] && fail $1
+}
+
 function skip()
 {
 	[ -n "$1" ] && echo "$1"
+	remove_mapping
 	exit 0
 }

@@ -76,13 +91,18 @@ function prepare()
 	new)
 		remove_mapping
 		bzip2 -cd compatimage.img.bz2 > $IMG
+		# FIXME: switch to internal loop (no losetup at all)
+		echo "bad" | $CRYPTSETUP luksOpen --key-slot 0 --test-passphrase $IMG 2>&1 | \
+			grep "autoclear flag" && skip "WARNING: Too old kernel, test skipped."
 		losetup $LOOPDEV $IMG
+		bzip2 -cd compatv10image.img.bz2 > $IMG10
 		;;
 	reuse | *)
 		if [ ! -e $IMG ]; then
 			bzip2 -cd compatimage.img.bz2 > $IMG
 			losetup $LOOPDEV $IMG
 		fi
+		[ ! -e $IMG10 ] && bzip2 -cd compatv10image.img.bz2 > $IMG10
 		;;
 	esac

@@ -132,46 +152,69 @@ function valgrind_run()
 }

 [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
-[ -z "$LOOPDEV" ] && skip "Cannot find free loop device, test skipped."
+[ -z "$LOOPDEV" ] && skip "WARNING: Cannot find free loop device, test skipped."

 [ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run

 # LUKS tests

 prepare	"[1] open - compat image - acceptance check" new
-echo "compatkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
+echo $PWD0 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
 check_exists
 ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
 [ "$ORG_SHA1" = 676062b66ebf36669dab705442ea0762dfc091b0 ] || fail
+$CRYPTSETUP -q luksClose  $DEV_NAME || fail
+
+# Check it can be opened from header backup as well
+$CRYPTSETUP luksHeaderBackup $IMG --header-backup-file $HEADER_IMG || fail
+echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME --header $HEADER_IMG || fail
+check_exists
+$CRYPTSETUP -q luksClose  $DEV_NAME || fail
+# Check restore
+$CRYPTSETUP luksHeaderRestore -q $IMG --header-backup-file $HEADER_IMG || fail
+
+# Repeat for V1.0 header - not aligned first keyslot
+echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME || fail
+check_exists
+ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
+[ "$ORG_SHA1" = 51b48c2471a7593ceaf14dc5e66bca86ed05f6cc ] || fail
+$CRYPTSETUP -q luksClose  $DEV_NAME || fail
+
+rm -f $HEADER_IMG
+$CRYPTSETUP luksHeaderBackup $IMG10 --header-backup-file $HEADER_IMG
+echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME --header $HEADER_IMG || fail
+check_exists
+$CRYPTSETUP -q luksClose  $DEV_NAME || fail

 prepare "[2] open - compat image - denial check" new
-echo "wrongkey" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
+echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
+echo $PWDW | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME 2>/dev/null && fail
 check

 # All headers items and first key material section must change
 prepare "[3] format" wipe
-echo "key0" | $CRYPTSETUP -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -i 1000 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail
 check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"

 prepare "[4] format using hash sha512" wipe
-echo "key0" | $CRYPTSETUP -i 1000 -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -i 1000 -h sha512 -c aes-cbc-essiv:sha256 -s 128 luksFormat $LOOPDEV || fail
 check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"

 prepare "[5] open"
-echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase || fail
-echo "blah" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase 2>/dev/null && fail
-echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase || fail
+echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME --test-passphrase 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
 check_exists

 # Key Slot 1 and key material section 1 must change, the rest must not.
 prepare "[6] add key"
-echo -e "key0\nkey1" | $CRYPTSETUP luksAddKey $LOOPDEV || fail
+echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $LOOPDEV || fail
 check "$KEY_SLOT1 $KEY_MATERIAL1"
-echo "key1" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
+echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail

 # Unsuccessful Key Delete - nothing may change
 prepare "[7] unsuccessful delete"
-echo "invalid" | $CRYPTSETUP luksKillSlot $LOOPDEV 1 2>/dev/null && fail
+echo $PWDW | $CRYPTSETUP luksKillSlot $LOOPDEV 1 2>/dev/null && fail
 $CRYPTSETUP -q luksKillSlot $LOOPDEV 8 2>/dev/null && fail
 $CRYPTSETUP -q luksKillSlot $LOOPDEV 7 2>/dev/null && fail
 check
@@ -181,12 +224,12 @@ check
 prepare "[8] successful delete"
 $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail
 check "$KEY_SLOT1 $KEY_MATERIAL1_EXT"
-echo "key1" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2> /dev/null && fail
-echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
+echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2> /dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail

 # Key Slot 1 and key material section 1 must change, the rest must not
 prepare "[9] add key test for key files"
-echo "key0" | $CRYPTSETUP luksAddKey $LOOPDEV $KEY1 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV $KEY1 || fail
 check "$KEY_SLOT1 $KEY_MATERIAL1"
 $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail

@@ -194,14 +237,14 @@ $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail
 prepare "[10] delete key test with key1 as remaining key"
 $CRYPTSETUP -d $KEY1 luksKillSlot $LOOPDEV 0 || fail
 check "$KEY_SLOT0 $KEY_MATERIAL0_EXT"
-echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail

 # Delete last slot
 prepare "[11] delete last key" wipe
-echo "key0" | $CRYPTSETUP luksFormat $LOOPDEV || fail
-echo "key0" | $CRYPTSETUP luksKillSlot $LOOPDEV 0 || fail
-echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksFormat $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP luksKillSlot $LOOPDEV 0 || fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail

 # Format test for ESSIV, and some other parameters.
 prepare "[12] parameter variation test" wipe
@@ -210,42 +253,42 @@ check "$LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0"
 $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail

 prepare	"[13] open/close - stacked devices" wipe
-echo "key0" | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
-echo "key0" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
-echo "key0" | $CRYPTSETUP -q luksFormat /dev/mapper/$DEV_NAME || fail
-echo "key0" | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat /dev/mapper/$DEV_NAME || fail
+echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME2 || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail

 prepare	"[14] format/open - passphrase on stdin & new line" wipe
 # stdin defined by "-" must take even newline
-#echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail
-echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksFormat $LOOPDEV || fail
-echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
+#echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail
+echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksFormat $LOOPDEV || fail
+echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
-echo -n $'foo\nbar' | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
+echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
 # now also try --key-file
-echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV --key-file=- || fail
-echo -n $'foo\nbar' | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
+echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksFormat $LOOPDEV --key-file=- || fail
+echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
 # process newline if from stdin
-echo -n $'foo\nbar' | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
-echo 'foo' | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
+echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
+echo "$PWD1" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail

 prepare "[15] UUID - use and report provided UUID" wipe
-echo "key0" | $CRYPTSETUP -q luksFormat --uuid blah $LOOPDEV 2>/dev/null && fail
-echo "key0" | $CRYPTSETUP -q luksFormat --uuid $TEST_UUID $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat --uuid blah $LOOPDEV 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat --uuid $TEST_UUID $LOOPDEV || fail
 tst=$($CRYPTSETUP -q luksUUID $LOOPDEV)
 [ "$tst"x = "$TEST_UUID"x ] || fail
-echo "key0" | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
 $CRYPTSETUP -q luksUUID --uuid $TEST_UUID $LOOPDEV || fail
 tst=$($CRYPTSETUP -q luksUUID $LOOPDEV)
 [ "$tst"x = "$TEST_UUID"x ] || fail

 prepare "[16] luksFormat" wipe
-echo "key0" | $CRYPTSETUP -q luksFormat --master-key-file /dev/urandom $LOOPDEV || fail
-echo "key0" | $CRYPTSETUP -q luksFormat --master-key-file /dev/urandom $LOOPDEV -d $KEY1 || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat --master-key-file /dev/urandom $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat --master-key-file /dev/urandom $LOOPDEV -d $KEY1 || fail
 $CRYPTSETUP -q luksFormat --master-key-file /dev/urandom -s 256 --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
@@ -259,19 +302,19 @@ $CRYPTSETUP -q luksFormat $LOOPDEV $KEYE || fail
 $CRYPTSETUP luksOpen -d $KEYE $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
 # open by volume key
-echo "key0" | $CRYPTSETUP -q luksFormat -s 256 --master-key-file $KEY1 $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat -s 256 --master-key-file $KEY1 $LOOPDEV || fail
 $CRYPTSETUP luksOpen --master-key-file /dev/urandom $LOOPDEV $DEV_NAME 2>/dev/null && fail
 $CRYPTSETUP luksOpen --master-key-file $KEY1 $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail

 prepare "[17] AddKey volume key, passphrase and keyfile" wipe
 # masterkey
-echo "key0" | $CRYPTSETUP -q luksFormat $LOOPDEV --master-key-file /dev/zero --key-slot 3 || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV --master-key-file /dev/zero --key-slot 3 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
-echo "key1" | $CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/zero --key-slot 4 || fail
+echo $PWD2 | $CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/zero --key-slot 4 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
-echo "key2" | $CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/null --key-slot 5 2>/dev/null && fail
-# [0]key0 [1]key1 [2]$KEY1/1 [3]$KEY1 [4]$KEY2
+echo $PWD3 | $CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/null --key-slot 5 2>/dev/null && fail
+# [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2
 $CRYPTSETUP -q luksFormat $LOOPDEV $KEY1 --key-slot 3 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail
@@ -279,13 +322,13 @@ $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail
 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 --key-slot 4 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
 # passphrase/keyfile
-echo "key0" | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 --key-slot 0 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 --key-slot 0 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail
 # passphrase/passphrase
-echo -e "key0\nkey1\n" | $CRYPTSETUP luksAddKey $LOOPDEV --key-slot 1 || fail
+echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey $LOOPDEV --key-slot 1 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail
 # keyfile/passphrase
-echo -e "key1\n" | $CRYPTSETUP luksAddKey $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 1 || fail
+echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 1 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail

 prepare "[18] RemoveKey passphrase and keyfile" reuse
@@ -296,18 +339,18 @@ $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: DISABLED" || fail
 # kill slot using passphrase from 1
-echo "key1" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 || fail
+echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: DISABLED" || fail
 # remove key0 / slot 0
-echo "key0" | $CRYPTSETUP luksRemoveKey $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: DISABLED" || fail
 # last keyslot, in batch mode no passphrase needed...
 $CRYPTSETUP luksKillSlot -q $LOOPDEV 1 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail

 prepare "[19] create & status & resize" wipe
-echo "key0" | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash xxx 2>/dev/null && fail
-echo "key0" | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --cipher aes-cbc-essiv:sha256 --offset 3 --skip 4 --readonly || fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash xxx 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --cipher aes-cbc-essiv:sha256 --offset 3 --skip 4 --readonly || fail
 $CRYPTSETUP -q status  $DEV_NAME | grep "offset:" | grep -q "3 sectors" || fail
 $CRYPTSETUP -q status  $DEV_NAME | grep "skipped:" | grep -q "4 sectors" || fail
 $CRYPTSETUP -q status  $DEV_NAME | grep "mode:" | grep -q "readonly" || fail
@@ -317,15 +360,15 @@ $CRYPTSETUP -q resize  $DEV_NAME || fail
 $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "19997 sectors" || fail
 $CRYPTSETUP -q remove  $DEV_NAME || fail
 $CRYPTSETUP -q status  $DEV_NAME >/dev/null && fail
-echo "key0" | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
 $CRYPTSETUP -q remove  $DEV_NAME || fail
-echo "key0" | $CRYPTSETUP -q create $DEV_NAME --hash sha1 $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha1 $LOOPDEV || fail
 $CRYPTSETUP -q remove  $DEV_NAME || fail
-echo "key0" | $CRYPTSETUP -q create $DEV_NAME --hash sha1 --size 100 $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha1 --size 100 $LOOPDEV || fail
 $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
 $CRYPTSETUP -q remove  $DEV_NAME || fail
 # verify is ignored on non-tty input
-echo "key0" | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --verify-passphrase 2>/dev/null || fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --verify-passphrase 2>/dev/null || fail
 $CRYPTSETUP -q remove  $DEV_NAME || fail
 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size 255 2>/dev/null && fail
 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size -1 2>/dev/null && fail
@@ -341,26 +384,26 @@ prepare "[20] Disallow open/create if already mapped." wipe
 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 || fail
 $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 2>/dev/null && fail
 $CRYPTSETUP create $DEV_NAME2 $LOOPDEV -d $KEY1 2>/dev/null && fail
-echo "key0" | $CRYPTSETUP -q luksFormat $LOOPDEV 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV 2>/dev/null && fail
 $CRYPTSETUP remove  $DEV_NAME || fail
-echo "key0" | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
-echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
-echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME2 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME2 2>/dev/null && fail
 $CRYPTSETUP  luksClose  $DEV_NAME || fail

 prepare "[21] luksDump" wipe
-echo "key0" | $CRYPTSETUP -q luksFormat --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
-echo "key0" | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q $TEST_UUID || fail
-echo "bad" | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key 2>/dev/null && fail
-echo "key0" | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key | grep -q "MK dump:" || fail
-$CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key -d $KEY1 | grep -q "MK dump:" || fail
+echo $PWDW | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key | grep -q "MK dump:" || can_fail_fips
+$CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key -d $KEY1 | grep -q "MK dump:" || can_fail_fips

 prepare "[22] remove disappeared device" wipe
 dmsetup create $DEV_NAME --table "0 5000 linear $LOOPDEV 2" || fail
-echo "key0" | $CRYPTSETUP -q -i 0 luksFormat /dev/mapper/$DEV_NAME || fail
-echo "key0" | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
+echo $PWD1 | $CRYPTSETUP -q -i 0 luksFormat /dev/mapper/$DEV_NAME || fail
+echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
 # underlying device now returns error but node is still present
 dmsetup load $DEV_NAME --table "0 5000 error" || fail
 dmsetup resume $DEV_NAME || fail
@@ -370,16 +413,16 @@ dmsetup remove $DEV_NAME || fail
 prepare "[23] ChangeKey passphrase and keyfile" wipe
 # [0]$KEY1 [1]key0
 $CRYPTSETUP -q luksFormat $LOOPDEV $KEY1 --key-slot 0 || fail
-echo "key0" | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 --key-slot 1 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 --key-slot 1 || fail
 # keyfile [0] / keyfile [0]
 $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 --key-slot 0 || fail
 # passphrase [1] / passphrase [1]
-echo -e "key0\nkey1\n" | $CRYPTSETUP luksChangeKey $LOOPDEV --key-slot 1 || fail
+echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $LOOPDEV --key-slot 1 || fail
 # keyfile [0] / keyfile [new]
 $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY2 $KEY1 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: DISABLED" || fail
 # passphrase [1] / passphrase [new]
-echo -e "key1\nkey0\n" | $CRYPTSETUP luksChangeKey $LOOPDEV || fail
+echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey $LOOPDEV || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail
 # use all slots
 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -i 1 || fail
@@ -412,11 +455,11 @@ $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 2>/dev/null && fail
 $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 -l 14 2>/dev/null && fail
 $CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 -i1 -l 13 || fail
 # -l is ignored for stdin if _only_ passphrase is used
-echo "key0" | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY2 -i1 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY2 -i1 || fail
 # this is stupid, but expected
-echo "key0" | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 2 2>/dev/null && fail
-echo "key01" | $CRYPTSETUP luksRemoveKey $LOOPDEV -d 4 2>/dev/null && fail
-echo -e "key0\n" | $CRYPTSETUP luksRemoveKey $LOOPDEV -d- -l 4 || fail
+echo $PWD1 | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 11 2>/dev/null && fail
+echo $PWDW"0" | $CRYPTSETUP luksRemoveKey $LOOPDEV -l 12 2>/dev/null && fail
+echo -e "$PWD1\n" | $CRYPTSETUP luksRemoveKey $LOOPDEV -d- -l 12 || fail
 # offset
 $CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY1 --key-slot 0 -l 13 --keyfile-offset 16 || fail
 $CRYPTSETUP --key-file=$KEY1 -l 13 --keyfile-offset 15 luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
@@ -431,42 +474,42 @@ $CRYPTSETUP luksOpen -d $KEY2 $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP luksClose $DEV_NAME || fail

 prepare "[25] Create shared segments" wipe
-echo "key0" | $CRYPTSETUP create $DEV_NAME $LOOPDEV  --hash sha1 --offset   0 --size 256 || fail
-echo "key0" | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha1 --offset 512 --size 256 2>/dev/null && fail
-echo "key0" | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha1 --offset 512 --size 256 --shared || fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV  --hash sha1 --offset   0 --size 256 || fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha1 --offset 512 --size 256 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha1 --offset 512 --size 256 --shared || fail
 $CRYPTSETUP -q remove  $DEV_NAME2 || fail
 $CRYPTSETUP -q remove  $DEV_NAME || fail

 prepare "[26] Suspend/Resume" wipe
 # only LUKS is supported
-echo "key0" | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
 $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail
 $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
 $CRYPTSETUP -q remove  $DEV_NAME || fail
 $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail
 # LUKS
-echo "key0" | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
-echo "key0" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP luksSuspend $DEV_NAME || fail
 $CRYPTSETUP -q resize  $DEV_NAME 2>/dev/null && fail
-echo "xxx" | $CRYPTSETUP luksResume $DEV_NAME -T 1 2>/dev/null && fail
-echo "key0" | $CRYPTSETUP luksResume $DEV_NAME  || fail
+echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME -T 1 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME  || fail
 $CRYPTSETUP -q luksClose $DEV_NAME || fail

 prepare "[27] luksOpen with specified key slot number" wipe
 # first, let's try passphrase option
-echo "key5" | $CRYPTSETUP luksFormat -S 5 $LOOPDEV || fail
+echo $PWD3 | $CRYPTSETUP luksFormat -S 5 $LOOPDEV || fail
 check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5
-echo "key5" | $CRYPTSETUP luksOpen -S 4 $LOOPDEV $DEV_NAME && fail
+echo $PWD3 | $CRYPTSETUP luksOpen -S 4 $LOOPDEV $DEV_NAME && fail
 [ -b /dev/mapper/$DEV_NAME ] && fail
-echo "key5" | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail
+echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail
 check_exists
 $CRYPTSETUP luksClose $DEV_NAME || fail
-echo -e "key5\nkey0" | $CRYPTSETUP luksAddKey -S 0 $LOOPDEV || fail
+echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey -S 0 $LOOPDEV || fail
 check $LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0
-echo "key5" | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME && fail
+echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME && fail
 [ -b /dev/mapper/$DEV_NAME ] && fail
-echo "key0" | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME && fail
+echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME && fail
 [ -b /dev/mapper/$DEV_NAME ] && fail
 # second, try it with keyfiles
 $CRYPTSETUP luksFormat -q -S 5 -d $KEY5 $LOOPDEV || fail
@@ -483,13 +526,13 @@ $CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOPDEV $DEV_NAME && fail

 prepare "[28] Detached LUKS header" wipe
 dd if=/dev/zero of=$HEADER_IMG bs=1M count=4 >/dev/null 2>&1
-echo "key0" | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG || fail
-echo "key0" | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail
-echo "key0" | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
+echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG || fail
+echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG --align-payload 0 || fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
 $CRYPTSETUP -q resize  $DEV_NAME --size 100 --header $HEADER_IMG || fail
 $CRYPTSETUP -q status  $DEV_NAME --header $HEADER_IMG | grep "size:" | grep -q "100 sectors" || fail
 $CRYPTSETUP luksSuspend $DEV_NAME --header $HEADER_IMG || fail
-echo "key0" | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail
+echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail
 $CRYPTSETUP luksClose $DEV_NAME || fail

 prepare "[29] Repair metadata" wipe
--- a/tests/compatv10image.img.bz2
+++ b/tests/compatv10image.img.bz2
--- a/tests/differ.c
+++ b/tests/differ.c
@@ -5,7 +5,8 @@
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
--- a/tests/discards-test
+++ b/tests/discards-test
@@ -3,6 +3,7 @@
 CRYPTSETUP="../src/cryptsetup"
 DEV_NAME="discard-t3st"
 DEV=""
+PWD1="93R4P4pIqAH8"

 cleanup() {
 	[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
@@ -62,8 +63,8 @@ add_device dev_size_mb=16 sector_size=512 num_tgts=1 lbpu=1
 # for now just check that flag is enabled

 echo "[1] Allowing discards for LUKS device"
-echo xxx | $CRYPTSETUP luksFormat $DEV -q -i1 || fail
-echo xxx | $CRYPTSETUP luksOpen $DEV $DEV_NAME --allow-discards || fail
+echo $PWD1 | $CRYPTSETUP luksFormat $DEV -q -i1 || fail
+echo $PWD1 | $CRYPTSETUP luksOpen $DEV $DEV_NAME --allow-discards || fail
 $CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail
 $CRYPTSETUP resize $DEV_NAME --size 100 || fail
 $CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail
@@ -71,7 +72,7 @@ dmsetup table $DEV_NAME | grep allow_discards >/dev/null || fail
 $CRYPTSETUP luksClose $DEV_NAME || fail

 echo "[2] Allowing discards for plain device"
-echo xxx | $CRYPTSETUP create $DEV_NAME $DEV --hash sha1 --allow-discards || fail
+echo $PWD1 | $CRYPTSETUP create $DEV_NAME $DEV --hash sha1 --allow-discards || fail
 $CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail
 $CRYPTSETUP resize $DEV_NAME --size 100 || fail
 $CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail
--- a/tests/loopaes-test
+++ b/tests/loopaes-test
@@ -152,7 +152,10 @@ for key_size in $KEY_SIZES ; do
    for key in $KEY_FILES ; do
        for offset in $DEV_OFFSET ; do
 		prepare "Open loop-AES $key / AES-$key_size / offset $offset"
-		$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME -s $key_size --key-file $key $(get_offset_params $offset) || fail
+		$CRYPTSETUP loopaesOpen $LOOPDEV $DEV_NAME \
+			-s $key_size --key-file $key $(get_offset_params $offset) \
+			2>/dev/null
+		[ $? -ne 0 ] && echo "[SKIPPED]" && continue
 		check_exists
 		check_sum $key $key_size $offset
 		$CRYPTSETUP loopaesClose $DEV_NAME || fail
--- a/tests/reencryption-compat-test
+++ b/tests/reencryption-compat-test
@@ -7,6 +7,7 @@ DEV_NAME=reenc9768
 DEV_NAME2=reenc1273
 IMG=reenc-data
 KEY1=key1
+PWD1="93R4P4pIqAH8"

 function remove_mapping()
 {
@@ -90,34 +91,34 @@ HASH3=e4e5749032a5163c45125eccf3e8598ba5ed840df442c97e1d5ad4ad84359605

 echo "[1] Reencryption"
 prepare 8192 
-echo "key0" | $CRYPTSETUP -q luksFormat -s 128 -c aes-cbc-plain -i 1 --align-payload 4096 $LOOPDEV1 || fail
-wipe "key0"
-check_hash "key0" $HASH1
-echo "key0" | $REENC $LOOPDEV1 -q
-check_hash "key0" $HASH1
-echo "key0" | $REENC $LOOPDEV1 -q -s 256
-check_hash "key0" $HASH1
-echo "key0" | $REENC $LOOPDEV1 -q -s 256 -c aes-xts-plain64 -h sha256
-check_hash "key0" $HASH1
-echo "key0" | $REENC $LOOPDEV1 -q --use-directio
-check_hash "key0" $HASH1
+echo $PWD1 | $CRYPTSETUP -q luksFormat -s 128 -c aes-cbc-plain -i 1 --align-payload 4096 $LOOPDEV1 || fail
+wipe $PWD1
+check_hash $PWD1 $HASH1
+echo $PWD1 | $REENC $LOOPDEV1 -q
+check_hash $PWD1 $HASH1
+echo $PWD1 | $REENC $LOOPDEV1 -q -s 256
+check_hash $PWD1 $HASH1
+echo $PWD1 | $REENC $LOOPDEV1 -q -s 256 -c aes-xts-plain64 -h sha256
+check_hash $PWD1 $HASH1
+echo $PWD1 | $REENC $LOOPDEV1 -q --use-directio
+check_hash $PWD1 $HASH1

 echo "[2] Reencryption with data shift"
-echo "key0" | $CRYPTSETUP -q luksFormat -s 128 -i 1 --align-payload 2048 $LOOPDEV1 || fail
-wipe "key0"
-echo "key0" | $REENC $LOOPDEV1 -q -s 256 --reduce-device-size 1024S || fail
-check_hash "key0" $HASH2
-echo "key0" | $REENC $LOOPDEV1 -q -i 1 || fail
-check_hash "key0" $HASH2
+echo $PWD1 | $CRYPTSETUP -q luksFormat -c aes-cbc-essiv:sha256 -s 128 -i 1 --align-payload 2048 $LOOPDEV1 || fail
+wipe $PWD1
+echo $PWD1 | $REENC $LOOPDEV1 -q -s 256 --reduce-device-size 1024S || fail
+check_hash $PWD1 $HASH2
+echo $PWD1 | $REENC $LOOPDEV1 -q -i 1 || fail
+check_hash $PWD1 $HASH2

 echo "[3] Reencryption with keyfile"
-echo "key0" | $CRYPTSETUP -q luksFormat -d key1 -s 128 -i 1 --align-payload 4096 $LOOPDEV1 || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat -d key1 -c aes-cbc-essiv:sha256 -s 128 -i 1 --align-payload 4096 $LOOPDEV1 || fail
 wipe
 check_hash "" $HASH1
-echo "key0" | $CRYPTSETUP -q luksAddKey -d key1 $LOOPDEV1 || fail
+echo $PWD1 | $CRYPTSETUP -q luksAddKey -d key1 $LOOPDEV1 || fail
 $REENC $LOOPDEV1 -d key1 -S 0 -i 1 -q || fail
 check_hash "" $HASH1
-# FIXME echo "key0" | $REENC ...
+# FIXME echo $PWD1 | $REENC ...

 echo "[4] Encryption of not yet encrypted device"
 # well, movin' zeroes :-)
@@ -127,8 +128,8 @@ wipe_dev $LOOPDEV1
 dmsetup create $DEV_NAME2 --table "0 $(($SIZE - $OFFSET)) linear $LOOPDEV1 0" || fail
 check_hash_dev /dev/mapper/$DEV_NAME2 $HASH3
 dmsetup remove $DEV_NAME2 || fail
-echo "key0" | $REENC $LOOPDEV1 -s 128 --new --reduce-device-size "$OFFSET"S -q
-check_hash "key0" $HASH3
+echo $PWD1 | $REENC $LOOPDEV1 -c aes-cbc-essiv:sha256 -s 128 --new --reduce-device-size "$OFFSET"S -q
+check_hash $PWD1 $HASH3

 remove_mapping
 exit 0
--- a/tests/tcrypt-compat-test
+++ b/tests/tcrypt-compat-test
@@ -0,0 +1,118 @@
+#!/bin/bash
+
+# check tcrypt images parsing
+
+CRYPTSETUP=../src/cryptsetup
+TST_DIR=tcrypt-images
+MAP=tctst
+PASSWORD="aaaaaaaaaaaa"
+PASSWORD_HIDDEN="bbbbbbbbbbbb"
+
+function remove_mapping()
+{
+	[ -b /dev/mapper/$MAP ] && dmsetup remove $MAP
+	[ -b /dev/mapper/"$MAP"_1 ] && dmsetup remove "$MAP"_1
+	[ -b /dev/mapper/"$MAP"_2 ] && dmsetup remove "$MAP"_2
+}
+
+function fail()
+{
+	[ -n "$1" ] && echo "$1"
+	echo " [FAILED]"
+	remove_mapping
+	exit 2
+}
+
+function skip()
+{
+	[ -n "$1" ] && echo "$1"
+	echo "Test skipped."
+	exit 0
+}
+
+function test_one()
+{
+	$CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || skip
+}
+
+function test_required()
+{
+	which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required."
+
+	echo "REQUIRED KDF TEST"
+	$CRYPTSETUP benchmark -h ripemd160 | grep "N/A" && skip
+	$CRYPTSETUP benchmark -h whirlpool | grep "N/A" && skip
+
+	echo "REQUIRED CIPHERS TEST"
+	echo "#  Algorithm | Key |  Encryption |  Decryption"
+
+	test_one aes-cbc 256
+	test_one aes-lrw 384
+	test_one aes-xts 512
+
+	test_one twofish-cbc 256
+	test_one twofish-lrw 384
+	test_one twofish-xts 512
+
+	test_one serpent-cbc 256
+	test_one serpent-lrw 384
+	test_one serpent-xts 512
+
+	test_one blowfish-cbc 256
+
+	test_one des3_ede-cbc 192
+	test_one cast5 128
+}
+
+test_required
+
+[ ! -d $TST_DIR ] && tar xjf tcrypt-images.tar.bz2
+
+echo "HEADER CHECK"
+for file in $(ls $TST_DIR/tc_*) ; do
+	echo -n " $file"
+	echo $PASSWORD | $CRYPTSETUP tcryptDump $file >/dev/null || fail
+	echo " [OK]"
+done
+
+echo "HEADER CHECK (HIDDEN)"
+for file in $(ls $TST_DIR/tc_*-hidden) ; do
+	echo -n " $file (hidden)"
+	echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptDump --tcrypt-hidden $file >/dev/null || fail
+	echo " [OK]"
+done
+
+echo "HEADER KEYFILES CHECK"
+for file in $(ls $TST_DIR/tck_*) ; do
+	echo -n " $file"
+	echo $PASSWORD | $CRYPTSETUP tcryptDump -d $TST_DIR/keyfile1 -d $TST_DIR/keyfile2 $file >/dev/null || fail
+	echo " [OK]"
+done
+
+
+if [ $(id -u) != 0 ]; then
+	echo "WARNING: You must be root to run activation part of test, test skipped."
+	exit 0
+fi
+
+echo "ACTIVATION FS UUID CHECK (LRW/XTS modes only)"
+for file in $(ls $TST_DIR/tc_*-lrw-* $TST_DIR/tc_*-xts-*) ; do
+	echo -n " $file"
+	echo $PASSWORD | $CRYPTSETUP tcryptOpen -r $file $MAP || fail
+	$CRYPTSETUP status $MAP >/dev/null || fail
+	$CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
+	UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
+	$CRYPTSETUP remove $MAP || fail
+	[ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
+	echo " [OK]"
+done
+
+echo "ACTIVATION FS UUID (HIDDEN) CHECK (LRW/XTS modes only)"
+for file in $(ls $TST_DIR/tc_*-lrw-*-hidden $TST_DIR/tc_*-xts-*-hidden) ; do
+	echo -n " $file"
+	echo $PASSWORD_HIDDEN | $CRYPTSETUP tcryptOpen -r $file $MAP --tcrypt-hidden || fail
+	UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
+	$CRYPTSETUP remove $MAP || fail
+	[ "$UUID" != "CAFE-BABE" ] && fail "UUID check failed."
+	echo " [OK]"
+done
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Milan Broz	2a2444b961	Fix gcc signed/unsigned warning for key length. And always use unsigned int declaration.	2013-03-31 11:24:26 +02:00
Milan Broz	2526ec92bd	Update vi.po.	2013-03-26 21:19:03 +01:00
Milan Broz	9bddc52601	Update po files.	2013-03-24 23:36:26 +01:00
Milan Broz	1b96e93f91	Add 1.6.1 release notes.	2013-03-24 10:02:19 +01:00
Milan Broz	6127b6959f	Update copyright year on changed files.	2013-03-24 09:05:33 +01:00
Milan Broz	330007beb2	Fix loop-AES keyfile parsing. Loop-AES keyfile should be text keyfile, properly check that keys are terminated and of the same length. Fixes issue#153.	2013-03-23 18:10:46 +01:00
wagner	cbfd48d949	Fixed the buit instruction Improved example	2013-03-23 16:00:58 +01:00
Milan Broz	f64064fe71	Fix deactivation of device when failed underlying node disappeared If underlying device disappears (failed drive, removed flash drive etc) cryptsetup cannot report LUKS parameters (header no longer available). Fix return code of init_by name in this situation (crypt context is NULL). Report visible error if deactivation fails and device is still busy. Fixes issue#149.	2013-03-17 20:54:04 +01:00
Milan Broz	f2521889c2	Deactivate whole device TCRYPT tree if context is NULL API (unfortunately) supports NULL argument for crypt_deactivate, with new chained TCRYPT devices it must deactivate all chained devices as well. Fixes issue#147.	2013-03-17 19:20:42 +01:00
Milan Broz	642d41970d	Update nl.po.	2013-03-17 17:34:41 +01:00
Milan Broz	acd069fd27	Update de.po.	2013-03-10 16:09:00 +01:00
Milan Broz	c810b0514e	Return EPERM instead EINVAL for too long TCRYPT passphrase.	2013-02-15 09:52:22 +01:00
Milan Broz	e600024908	Fix passphrase pool overflow for TCRYPT device id passphrase > pool size. TCRYPT format limits passphrase length to max. 64 characters so simply error in this case.	2013-02-14 14:37:50 +01:00
Milan Broz	fd5b88449a	Make passphrase prompts more consistent. Also see http://code.google.com/p/cryptsetup/issues/detail?id=145	2013-02-11 14:53:49 +01:00
John Spencer	433758e4cb	Fix missing headers 2 header inclusions were missing, one for PATH_MAX (limits.h) and one for FD_ZERO, FD_SET, ... (sys/select.h) on glibc, those headers are erroneusly (namespace pollution) pulled in through other headers, so the author didnt notice. Signed-Off-By: John Spencer <maillist-cryptsetup@barfooze.de>	2013-02-01 08:39:12 +01:00
wagner	5b8f762ab2	sync with wiki	2013-02-01 05:35:36 +01:00
Milan Broz	72db6e4de2	Do not support user uuid for plain & loopaes devices. This function was not documented. So now crypt_get_uuid() returns only on-disk UUID.	2013-01-22 16:20:09 +01:00
Milan Broz	2780ccdd62	Properly cleanup on interrupt in api-test.	2013-01-16 15:28:12 +01:00
Milan Broz	fdcabdfd28	Support test run in kernel FIPS mode.	2013-01-15 14:53:19 +01:00
Milan Broz	40b876f550	Set devel version.	2013-01-14 12:49:04 +01:00
Milan Broz	5cb5aeba36	Fix doxygen doc for libcryptsetup.h.	2013-01-14 00:22:50 +01:00
Milan Broz	6a1f49c244	Fix tcrypt test header.	2013-01-13 23:53:35 +01:00
Milan Broz	8613651f18	Use tabs in script.	2013-01-13 20:45:55 +01:00
Milan Broz	be4fea1928	Update po files.	2013-01-13 19:29:12 +01:00
Milan Broz	2c4542a590	Update bitops.h (stolen from util-linux:).	2013-01-13 19:28:36 +01:00
Milan Broz	3ce5359523	Update po files.	2013-01-11 13:03:05 +01:00
Milan Broz	fe4175b551	Fix some extended compile warning.	2013-01-10 17:26:19 +01:00
Milan Broz	310bf08568	Do not include pbkdf2 prototype in header if code is not compiled in.	2013-01-10 16:48:47 +01:00
Milan Broz	c040b4821d	Fix null blocks in kernel backend.	2013-01-10 15:37:26 +01:00
Milan Broz	20149281a4	Fix tests to work with pwquality compiled in.	2013-01-10 15:34:11 +01:00
Milan Broz	87f1017f80	Allow to overwrite gcrypt PBKDF2 use for configure.	2013-01-09 18:46:38 +01:00
Milan Broz	664eff9e76	Prepare 1.6.0 release.	2013-01-09 13:23:34 +01:00
Milan Broz	36eb33bc86	Skip test for kernel wihtout autoclear flag.	2013-01-08 18:44:02 +01:00
Milan Broz	df8fb84723	Workaround api-test compilation on some very old systems.	2013-01-08 17:41:06 +01:00
Milan Broz	4de648a77a	Properly specify cipher in tests.	2013-01-08 14:45:39 +01:00
Milan Broz	929dc47be4	Fix displaying of error messages for mising kernel features.	2013-01-08 14:19:31 +01:00
Milan Broz	5f222517f0	Change LUKS default cipher to aes-xts-plain64 (AES128-XTS).	2013-01-08 12:21:30 +01:00
Milan Broz	940690be82	Update po files.	2013-01-05 12:51:58 +01:00
Milan Broz	37ec687237	Properly initialize pkg-config in autoconf.	2013-01-05 12:51:21 +01:00
Milan Broz	ca75cd940f	Prepare supported PBKDF2 implementation autodetection for gcrypt.	2013-01-03 14:11:52 +01:00
Milan Broz	607fd2b977	Update pl.po.	2013-01-02 22:46:32 +01:00
Milan Broz	e689eb4a0a	Fix benchmark alignment (wider columns).	2013-01-02 21:53:49 +01:00
Milan Broz	b6a63c8d5c	Update po files.	2013-01-02 13:25:07 +01:00
Yuri Chornoivan	209f1db984	Fix typo	2012-12-31 18:33:33 +01:00
Milan Broz	dd3fddb0e9	Fix autogen script to handle configure.ac.	2012-12-30 18:39:48 +01:00
Dave Reisner	ab080ab544	build: use AM_CPPFLAGS instead of INCLUDES The latter is marked as deprecated as of automake 1.12.4: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')	2012-12-30 18:36:46 +01:00
Dave Reisner	d1466f23ed	build: rename configure.in to configure.ac With automake 1.13, configure.in is no longer honored.	2012-12-30 18:36:12 +01:00
Milan Broz	918c1a6de1	Allow repair of 512bits key header.	2012-12-30 18:32:10 +01:00
Milan Broz	37d52bf01b	Require lsblk for tcrypt test.	2012-12-30 12:35:35 +01:00
Milan Broz	46de69d0e6	Add kernel userspace header detection. Add --disable-kernel_crypto to allow compilation with old kernel.	2012-12-30 12:28:30 +01:00
Milan Broz	0946c704bf	Fix status of device if path argument is used. Fix double path prefix for non-existent device path.	2012-12-30 11:48:30 +01:00
wagner	90853cc3ab	added warning that previously used containers should be wiped before use as LUKS or plain dm-crypt containers.	2012-12-30 11:39:08 +01:00
Milan Broz	521184ba8b	Fix typos in changelog.	2012-12-29 22:37:21 +01:00
Milan Broz	05da2ed2c2	Skip TCRYPT KDF if hash is not available.	2012-12-29 20:23:52 +01:00
Milan Broz	d4ecc8e24a	Add note about pbkdf2 benchmark.	2012-12-29 17:40:46 +01:00
Milan Broz	6ae0d725d3	Prepare version 1.6.0-rc1.	2012-12-29 17:21:58 +01:00
Milan Broz	6190ad928d	Support device/file images if O_DIRECT cannot be used (1.5.1). On some filesystems (like tmpfs) O_DIRECT cannot be used. So just try to open device without O_DIRECT in the second try.	2012-12-29 15:33:20 +01:00
Arno Wagner	0451e1c23a	Added wipefs as option for fast FS removal in section 2.1	2012-12-29 12:49:16 +01:00
Milan Broz	7eccb7ff50	Change License for sub-libraries from GPLv2 only to LGPLv2.1+ ("or any later") This includes crypto, loopaes, tcrypt handling code I have written myself and verity code written originally by Mikulas Patocka and modified by me, copyright by Red Hat. Other part of library have to stay GPLv2+ only for now (no agreement from all authors).	2012-12-29 11:47:28 +01:00
Milan Broz	29f21208a0	Change License from GPLv2 only to GPLv2+ ("or any later"). Agreed by all copyright authors.	2012-12-29 11:33:54 +01:00
Milan Broz	099a2b9d17	Add TCRYPT password search example.	2012-12-29 11:12:29 +01:00
Milan Broz	3b4424226f	Fix non-translated messages.	2012-12-29 11:11:23 +01:00
wagner	f4a582e3e2	Synced with WIKI version	2012-12-29 07:58:00 +01:00
Milan Broz	e4c4049741	Add basic support for system TCRYPT device. Rename option hidden to tcrypt-hidden.	2012-12-22 22:34:09 +01:00
Milan Broz	83f02e6682	Add copyright line for files I have written or modified.	2012-12-21 16:40:33 +01:00
Milan Broz	069ba220d2	Add crypt_keyslot_change_by_passphrase() api test.	2012-12-21 16:27:55 +01:00
Milan Broz	54dab83a9e	Update fi.po (1.5.1).	2012-12-21 15:16:04 +01:00
Milan Broz	caf1f06bcb	Update TODO.	2012-12-21 15:13:36 +01:00
Milan Broz	c7dde8f0e8	Do not maintain ChangeLog anymore, see git log.	2012-12-21 15:08:35 +01:00
Milan Broz	546f0fd0bc	Add utils_password.c to po files list.	2012-12-19 18:54:00 +01:00
Milan Broz	9163bcef4b	Fix static build with pwquality (until it provides proper pkgconfig).	2012-12-19 18:49:50 +01:00
Milan Broz	e030e3bd15	Add optional libpwquality support for new LUKS passwords. If password is entered through terminal (no keyfile specified) and cryptsetup is compiled with --enable-pwquality, default system pwquality settings are used to check password quality.	2012-12-19 17:25:11 +01:00
Milan Broz	c950cf265f	Prepare cryptsetup functions for pwquality check.	2012-12-19 15:27:29 +01:00
Milan Broz	9ae7b7d1be	Fix regression in header backup (1.5.1). Access to backup file must handle write to regular files too.	2012-12-19 13:19:05 +01:00
Milan Broz	0bd8b9823a	Fix time of check/use Coverity report in cryptsetup-reencrypt.	2012-12-17 16:10:39 +01:00
Milan Broz	b86c5a93b3	Fix time of check/use Coverity report in veritysetup.	2012-12-17 15:50:42 +01:00
Milan Broz	1e3ba81613	Fix time of check/use Coverity report (and ignore another) in loop/wipe utils.	2012-12-17 15:35:33 +01:00
Milan Broz	a83cc1dbf4	Fix time of check/use Coverity report (and ignore another) in device utils.	2012-12-17 15:19:57 +01:00
Milan Broz	94d732b411	Do not use stat for backup commands.	2012-12-17 14:05:45 +01:00
Milan Broz	50be50c521	Add fixme for ETA calculation.	2012-12-17 09:54:10 +01:00
Milan Broz	b16feb6853	Add verbose messages during reencryption to avoid confusion.	2012-12-14 14:48:36 +01:00
Milan Broz	32c578729c	Handle signals in tool context.	2012-12-11 19:01:46 +01:00
Milan Broz	710aad20d3	Move signal handling into common utils code.	2012-12-11 15:40:42 +01:00
Milan Broz	d742e01a32	Remove signal handling from LUKS keyencryption and simplify code.	2012-12-11 15:39:47 +01:00
Milan Broz	50d5cfa8bc	Get page size should never fail (in the works case it fails later with wrong alignment).	2012-12-10 17:47:06 +01:00
Milan Broz	80d21c039e	Fix some problems found by Coverity scan.	2012-12-10 17:28:52 +01:00
Milan Broz	549ab64358	TCRYPT: properly wipe all buffers; use prefix for all functions.	2012-12-10 16:36:22 +01:00
Milan Broz	e8d09733d4	Require params for crypt_load & TCRYPT type.	2012-12-08 01:31:38 +01:00
Milan Broz	5f05949425	Merge branch 'master' of https://code.google.com/p/cryptsetup	2012-12-07 15:57:00 +01:00
Milan Broz	5dc654433c	Disallow header restore if context is nonLUKS device.	2012-12-07 15:55:56 +01:00
Milan Broz	05af3a3383	Move change key into library (add crypt_keyslot_change_by_passphrase). This change is useful mainly in FIPS mode, where we cannot extract volume key directly from libcryptsetup.	2012-12-07 15:33:47 +01:00
wagner	2eab3e6402	synced with web-version	2012-12-06 16:24:16 +01:00
Milan Broz	16c82312f3	Add man page description for KDF benchmark.	2012-12-05 20:43:06 +01:00
Milan Broz	bd494d23c5	Add PBKDF2 benchmark.	2012-12-05 20:35:42 +01:00
Milan Broz	95daec798b	Use union instead of replicated attributes.	2012-12-03 16:17:43 +01:00
Milan Broz	ef21960600	Document new basic commands open/close (and old syntax aliases).	2012-12-03 13:23:14 +01:00
Milan Broz	a4585423fd	Remove some gcc extra warnings (signed/unsigned problems etc).	2012-12-02 23:13:59 +01:00
Milan Broz	5aef0809d4	Add TCRYPT documentation,	2012-12-02 21:32:49 +01:00
Milan Broz	4d9c7d39f4	Add master key dump option for tcryptDump.	2012-12-02 20:27:45 +01:00
Milan Broz	6a532cb1b5	cryptsetup: remove useless arg for action functions.	2012-12-02 20:11:10 +01:00
Milan Broz	d93e4212cd	Add new commands open/close and make aliases. open aliases : create, plainOpen, luksOpen, loopaesOpen, tcryptOpen close aliases: remove, plainClose, luksClose, loopaesClose, tcryptClose	2012-12-02 20:03:05 +01:00
Milan Broz	72c111bac4	Fix (stupid) crc32 keyfile endianess bug.	2012-12-01 14:32:01 +01:00
Milan Broz	d05f020d5a	Add keyfiles tcrypt test.	2012-12-01 13:43:59 +01:00
Milan Broz	dde57477fc	And skip tcrypt api test if there is no af_alf kernel interface.	2012-11-30 18:53:32 +01:00
Milan Broz	ffb6ecc488	Add TCRYPT api test, fix some minor problems found.	2012-11-30 18:41:10 +01:00
Milan Broz	6123541d80	Add missing pbkdf check file.	2012-11-30 17:05:03 +01:00
Milan Broz	e510dd9c60	Add sys/types.h for loop wrapper (required on new systems).	2012-11-30 15:08:39 +01:00
Milan Broz	0461d9e822	Better tcrypt test options.	2012-11-30 15:03:01 +01:00
Milan Broz	4f7262aa96	And fix previous comment once more... :)	2012-11-30 13:52:03 +01:00
Milan Broz	eac953c6e4	Fix skcipher failure handling.	2012-11-30 13:37:14 +01:00
Milan Broz	d7fc953fa2	Handle kernel crypto api init failure better.	2012-11-29 18:01:02 +01:00
Milan Broz	f35f34b909	Fix po files.	2012-11-27 19:18:05 +01:00
Milan Broz	34a2176689	TCRYPT: add simple test and image archive.	2012-11-27 19:08:10 +01:00
Milan Broz	21756a1969	TCRYPT: fix activation and hidden device offsets.	2012-11-27 17:13:53 +01:00
Milan Broz	17a8e85cb8	TCRYPT: add backup header option.	2012-11-26 13:15:08 +01:00
Milan Broz	1b191e14d0	Remove test dir during cleanup.	2012-11-25 23:43:14 +01:00
Milan Broz	98db3bc0bf	Fix blockwise read/write for end writes near end of device. Ignore setpriority failure (will be remoced later anyway).	2012-11-25 22:57:32 +01:00
Milan Broz	46cf1c6ce0	TCRYPT: simplify code, support blowfish chains for header	2012-11-25 22:52:47 +01:00
Milan Broz	fbf4c5daf3	Remove trailing spaces from manpage, add usage and help option.	2012-11-23 17:31:41 +01:00
Milan Broz	c81260b3c3	TCRYPT: add dump command	2012-11-23 17:10:57 +01:00
Milan Broz	8d69e19ac1	TCRYPT: support crypt_volume_key_get	2012-11-23 15:20:46 +01:00
Milan Broz	6ab93841e9	TCRYPT: show proper device in status for chained mode	2012-11-23 13:46:23 +01:00
Milan Broz	52cbbdaf38	TCRYPT: move all header handling into library. Add warning about unsupported modes.	2012-11-23 13:01:43 +01:00
Milan Broz	0996a43dbb	TCRYPT: parse cipher chain on init.	2012-11-22 17:28:03 +01:00
Milan Broz	3faaa8b227	TCRYPT: support proper device removal	2012-11-22 14:19:43 +01:00
Daniel Kahn Gillmor	c26bb0f38a	make default LUKS PBKDF2 iteration time configurable	2012-11-20 21:23:05 +01:00
Milan Broz	911ffe81f0	TCRYPT: implement (most of) legacy modes support.	2012-11-19 21:25:57 +01:00
Milan Broz	ecf993834c	TCRYPT: support keyfiles	2012-11-19 21:25:26 +01:00
Milan Broz	3cbb43a73a	Add basic TCRYPT library.	2012-11-19 21:24:59 +01:00
Milan Broz	db97d3d8c8	Add simple cipher benchmarking.	2012-11-19 21:22:43 +01:00
Milan Broz	7199662fbb	Add kernel skcipher backend.	2012-11-19 21:21:40 +01:00
Milan Broz	a14a2137e7	Add CRC32 implementation.	2012-11-19 21:18:18 +01:00
Milan Broz	16ac703008	Move PBKDF2 into crypto backend wrapper. Implement new KDF bechmark check. Use internal openssl kdf (and prepare gcrypt one).	2012-11-19 21:17:55 +01:00
Milan Broz	24e2ee5812	Add devel version.	2012-10-16 22:35:14 +02:00
Milan Broz	b0d8815dab	Relnote addition.	2012-10-16 22:00:19 +02:00
Milan Broz	831a0af508	Update some po files.	2012-10-14 21:11:20 +02:00
Milan Broz	488202feee	Version 1.5.1.	2012-10-12 14:18:56 +02:00
Milan Broz	193402ad41	Check read & seek return codes, use uint64 offset. Signed-off-by: Arno Wagner <wagner.arno@gmail.com> Signed-off-by: Milan Broz <gmazyland@gmail.com>	2012-10-12 13:18:22 +02:00
Arno Wagner	1b86b7cb4b	added keyslot checker Redesigned to only use public definitions Signed-off-by: Arno Wagner <wagner.arno@gmail.com>	2012-10-11 18:07:35 +02:00
Milan Broz	e5dc991ffd	Increase library and package version.	2012-09-19 15:57:56 +02:00
Milan Broz	89e09afdf6	Fix some problems found by Coverity static analysis.	2012-09-19 13:58:00 +02:00
Arno Wagner	bec7fcb14a	synced with wiki	2012-09-18 23:30:38 +02:00
Milan Broz	f45d4d0755	Add crypt_keyslot_area() API call. Useful if you want to analyze/wipe area of disk used for keyslot from external tool.	2012-09-11 11:59:06 +02:00
Arno Wagner	64558a57e3	fixed typeo 94 -> 95 printable ASCII chars	2012-09-09 02:51:58 +02:00
Milan Broz	29e4414c35	Fix luksHeaderBackup for v1.0 (very old) headers and add some basic test.	2012-08-30 15:39:30 +02:00
Milan Broz	c2e12440d2	Add some offset/keyslot offset checks.	2012-08-30 14:08:34 +02:00
Milan Broz	1685aa5978	Proper handle error in device block get.	2012-08-28 13:30:17 +02:00
Milan Broz	6874f564c1	Remove unused includes.	2012-08-28 13:16:03 +02:00
Milan Broz	4882f70040	Replace round_up macro with function.	2012-08-28 13:11:02 +02:00
Milan Broz	1aca317c77	Move LUKS AF data sector alignment to AF helper function.	2012-08-27 16:52:19 +02:00
Milan Broz	af2730fe2a	Always zero memory in crypt_safe_alloc.	2012-08-27 16:28:00 +02:00
Milan Broz	a6d64d1d44	Use AF_split_size() to calculate split data size.	2012-08-27 15:26:22 +02:00
Milan Broz	d15dd89bb7	Get rid of confusing LUKS_PHDR_SIZE macro.	2012-08-27 14:45:21 +02:00
Dave Reisner	961682aa6b	lib/utils_crypt: optimize seek to keyfile-offset Avoid using unbuffered reads when "seeking" to a keyfile offset. This is abysmally slow when the key is hidden at the end of a large device. Instead, try to actually call lseek, falling back on reading in chunks of BUFSIZ bytes until the desired offset is reached. Command line: cryptsetup luksOpen /dev/vdc1 home \ --keyfile /dev/vdd --keyfile-size 4096 --keyfile-offset 123456789 Before: real 0m25.589s user 0m7.030s sys 0m18.479s After: real 0m4.464s user 0m4.253s sys 0m0.157s	2012-08-27 13:10:00 +02:00
Milan Broz	2f37cfe569	Do not scan rotational flag for non-block devices / file images.	2012-08-27 12:42:15 +02:00
Arno Wagner	5b5c6dccc0	added prominent note to use LUKS (not plain dm-crypt) unless understanding the crypto well.	2012-08-24 19:00:47 +02:00
Arno Wagner	d58a5c8cae	synced with wiki	2012-08-24 17:02:59 +02:00
Milan Broz	1d5788f779	Set context for DM log for all DM backend entries. Try to handle error if run as non-root user better.	2012-08-14 19:17:13 +02:00
Milan Broz	97224b072a	Add context to DM helpers. (To be used later.)	2012-08-14 16:25:21 +02:00
Milan Broz	15442c1747	Modprobe kernel modules early in api-test.	2012-08-14 15:54:31 +02:00
Milan Broz	ff9db165eb	Use common utils_tools.c for all tools. Unify tool environment and deduplicate code.	2012-08-13 18:31:26 +02:00
Milan Broz	48332d248f	Remove debug line.	2012-08-13 17:16:37 +02:00
Milan Broz	07815c24cd	Print better error message if device is read-only etc.	2012-08-13 16:54:41 +02:00
Milan Broz	49b018c765	Create hash image if doesn't exist in veritysetup format.	2012-08-12 23:42:41 +02:00
Milan Broz	65f975655c	New device access backend. Allocate loop device late (only when real block device needed). Rework underlying device/file access functions. Move all device (and ioctl) access to utils_device.c. Allows using file where appropriate without allocation loop device.	2012-08-12 22:00:17 +02:00
Milan Broz	0c1efd1f8a	Fix dracut example.	2012-08-03 15:27:59 +02:00
Arno Wagner	bc1cbd8065	update to current WIKI version	2012-08-02 15:58:36 +02:00
Milan Broz	50a2d89add	Fix some issues in dict example.	2012-08-02 12:51:28 +02:00
Milan Broz	99643a82ae	Be sure verity module is loaded in test.	2012-07-23 15:00:28 +02:00
Milan Broz	fcc35f459c	Better define comment lines for for dict example.	2012-07-20 15:36:16 +02:00
Milan Broz	a5aa91ed99	Clear dict example a little bit.	2012-07-20 14:51:51 +02:00
Milan Broz	d83b872c55	Add example of dictionary search.	2012-07-20 00:15:20 +02:00
Milan Broz	8ec2651ad7	Use fixed dir (old dracut lib...)	2012-07-12 21:15:37 +02:00
Milan Broz	53e269c5f1	Add key option to dracut example.	2012-07-12 19:21:22 +02:00
Milan Broz	8b8e206c07	Skip multikey if not supported (e.g. FIPS mode - md5 for IV not available).	2012-07-12 12:53:26 +02:00