Set 1.7.3 version.

It is possible to overflow integers during memory allocation with
insanely large "key bytes" specified in a LUKS header.

Although it could be argued to properly validate LUKS headers while
parsing them, it's still a good idea to fix any form of possible
overflow attacks against cryptsetup in these allocation functions.

AUTHORS

@@ -1,3 +1,3 @@
-Christophe Saout <christophe@saout.de>
+Jana Saout <jana@saout.de>
 Clemens Fruhwirth <clemens@endorphin.org>
 Milan Broz <gmazyland@gmail.com>

ChangeLog

@@ -3,4 +3,4 @@ Since version 1.6 this file is no longer maintained.
 See docs/*ReleaseNotes for release changes documentation.
 
 See version control history for full commit messages.
-  http://code.google.com/p/cryptsetup/source/list
+  https://gitlab.com/cryptsetup/cryptsetup/commits/master

README

@@ -5,11 +5,11 @@ setup cryptographic volumes for dm-crypt (including LUKS extension)
 
 WEB PAGE:
 
-      http://code.google.com/p/cryptsetup/
+      https://gitlab.com/cryptsetup/cryptsetup/
 
 FAQ:
 
-      http://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
+      https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions
 
 MAILING LIST:
 
@@ -22,8 +22,8 @@ DOWNLOAD:
 
 SOURCE CODE:
 
-      URL: http://code.google.com/p/cryptsetup/source/browse/
-      Checkout: git clone https://code.google.com/p/cryptsetup/
+      URL: https://gitlab.com/cryptsetup/cryptsetup/tree/master
+      Checkout: git clone https://gitlab.com/cryptsetup/cryptsetup.git
 
 NLS (PO TRANSLATIONS):
 

README.md

@@ -0,0 +1,87 @@
+![LUKS logo](https://gitlab.com/cryptsetup/cryptsetup/wikis/luks-logo.png)
+
+What the ...?
+=============
+**Cryptsetup** is utility used to conveniently setup disk encryption based
+on [DMCrypt](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt) kernel module.
+
+These include **plain** **dm-crypt** volumes, **LUKS** volumes, **loop-AES**
+and **TrueCrypt** (including **VeraCrypt** extension) format.
+
+Project also includes **veritysetup** utility used to conveniently setup
+[DMVerity](https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity) block integrity checking kernel module.
+
+LUKS Design
+-----------
+**LUKS** is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not  
+only facilitate compatibility among distributions, but also provides secure management of multiple user passwords.  
+In contrast to existing solution, LUKS stores all setup necessary setup information in the partition header,  
+enabling the user to transport or migrate his data seamlessly.
+
+Why LUKS?
+---------
+ * compatiblity via standardization,
+ * secure against low entropy attacks,
+ * support for multiple keys,
+ * effective passphrase revocation,
+ * free.
+
+[Project home page](https://gitlab.com/cryptsetup/cryptsetup/).
+-----------------
+
+[Frequently asked questions (FAQ)](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions)
+--------------------------------
+
+Download
+--------
+All release tarballs and release notes are hosted on [kernel.org](https://www.kernel.org/pub/linux/utils/cryptsetup/).
+
+**The latest cryptsetup version is 1.7.2**
+  * [cryptsetup-1.7.2.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.2.tar.xz)
+  * Signature [cryptsetup-1.7.2.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.2.tar.sign)
+    _(You need to decompress file first to check signature.)_
+  * [Cryptsetup 1.7.2 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.2-ReleaseNotes).
+
+Previous versions
+ * [Version 1.7.1](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.1.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.1.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.1-ReleaseNotes).
+ * [Version 1.7.0](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.0.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.0.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/v1.7.0-ReleaseNotes).
+ * [Version 1.6.8](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.8.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.8.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/v1.6.8-ReleaseNotes).
+ * [Version 1.6.7](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.7.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.7.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/v1.6.7-ReleaseNotes).
+ * [Version 1.6.6](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.6.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.6.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/v1.6.6-ReleaseNotes).
+ * [Version 1.6.5](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.5.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.5.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/v1.6.5-ReleaseNotes).
+ * [Version 1.6.4](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.4.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.4.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/v1.6.4-ReleaseNotes).
+
+Source and API docs
+-------------------
+For development version code, please refer to [source](https://gitlab.com/cryptsetup/cryptsetup/tree/master) page,
+mirror on [kernel.org](https://git.kernel.org/cgit/utils/cryptsetup/cryptsetup.git/) or [GitHub](https://github.com/mbroz/cryptsetup).
+
+For libcryptsetup documentation see [libcryptsetup API](https://gitlab.com/cryptsetup/cryptsetup/wikis/API/index.html) page.
+
+The libcryptsetup API/ABI changes are tracked in [compatibility report](https://gitlab.com/cryptsetup/cryptsetup/wikis/ABI-tracker/timeline/libcryptsetup/index.html).
+
+NLS PO files are maintained by [TranslationProject](http://translationproject.org/domain/cryptsetup.html).
+
+Help!
+-----
+Please always read [FAQ](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions) first.
+For cryptsetup and LUKS related questions, please use the dm-crypt mailing list, [dm-crypt@saout.de](mailto:dm-crypt@saout.de).
+
+If you want to subscribe just send an empty mail to [dm-crypt-subscribe@saout.de](mailto:dm-crypt-subscribe@saout.de).
+
+You can also browse [list archive](http://www.saout.de/pipermail/dm-crypt/) or read it through
+[web interface](http://news.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt).

TODO

@@ -4,13 +4,5 @@ Version 1.7:
 - TRIM for keyslots
 - Do we need crypt_data_path() - path to data device (if differs)?
 - Resync ETA time is not accurate, calculate it better (last minute window?).
-- Crypt benchmark cannot test ECB mode.
-- crypto backend should initialise itself only once (debug log)
-- Some crypt backends are inefective fo PBKDF2 (missing fast key reset)
-  Add optimisation to internal PBKDF2 (hash HMAC key in advance).
-- Kernel backend doesn't allow PBKDF2 key size > 20480 bytes
-  (should be fixed with optimisation above).
-- Add test vectors to internal PBKDF2 code.
-- Add support for Nettle PBKDF2.
 - Extend existing LUKS header to use another KDF? (https://password-hashing.net/)
 - Fix all crazy automake warnings (or switch to Cmake).

configure.ac

@@ -1,13 +1,11 @@
 AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[1.6.4])
+AC_INIT([cryptsetup],[1.7.3])
 
 dnl library version from <major>.<minor>.<release>[-<suffix>]
 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
-LIBCRYPTSETUP_VERSION_INFO=9:0:5
-dnl library file name for FIPS selfcheck
-LIBCRYPTSETUP_VERSION_FIPS="libcryptsetup.so.4"
-FIPS_MODULE_FILE="/etc/system-fips"
+LIBCRYPTSETUP_VERSION_INFO=11:0:7
 
+AM_SILENT_RULES([yes])
 AC_CONFIG_SRCDIR(src/cryptsetup.c)
 AC_CONFIG_MACRO_DIR([m4])
 
@@ -17,8 +15,8 @@ AC_CONFIG_HEADERS([config.h:config.h.in])
 # http://lists.gnu.org/archive/html/automake/2013-01/msg00060.html
 
 # For old automake use this
-#AM_INIT_AUTOMAKE(dist-bzip2)
-AM_INIT_AUTOMAKE([dist-bzip2 1.12 serial-tests])
+#AM_INIT_AUTOMAKE(dist-xz)
+AM_INIT_AUTOMAKE([dist-xz 1.12 serial-tests])
 
 if test "x$prefix" = "xNONE"; then
 	sysconfdir=/etc
@@ -39,7 +37,7 @@ PKG_PROG_PKG_CONFIG
 AC_HEADER_DIRENT
 AC_HEADER_STDC
 AC_CHECK_HEADERS(fcntl.h malloc.h inttypes.h sys/ioctl.h sys/mman.h \
-	ctype.h unistd.h locale.h byteswap.h endian.h)
+	sys/sysmacros.h ctype.h unistd.h locale.h byteswap.h endian.h)
 
 AC_CHECK_HEADERS(uuid/uuid.h,,[AC_MSG_ERROR([You need the uuid library.])])
 AC_CHECK_HEADER(libdevmapper.h,,[AC_MSG_ERROR([You need the device-mapper library.])])
@@ -62,6 +60,7 @@ AC_TYPE_OFF_T
 AC_SYS_LARGEFILE
 AC_FUNC_FSEEKO
 AC_PROG_GCC_TRADITIONAL
+AC_FUNC_STRERROR_R
 
 dnl ==========================================================================
 
@@ -77,27 +76,17 @@ AC_SUBST(POPT_LIBS, $LIBS)
 LIBS=$saved_LIBS
 
 dnl ==========================================================================
-dnl FIPS extensions
+dnl FIPS extensions (only for RHEL)
 AC_ARG_ENABLE([fips], AS_HELP_STRING([--enable-fips],[enable FIPS mode restrictions]),
 [with_fips=$enableval],
 [with_fips=no])
 
 if test "x$with_fips" = "xyes"; then
 	AC_DEFINE(ENABLE_FIPS, 1, [Enable FIPS mode restrictions])
-	AC_DEFINE_UNQUOTED(LIBCRYPTSETUP_VERSION_FIPS, ["$LIBCRYPTSETUP_VERSION_FIPS"],
-		[library file name for FIPS selfcheck])
-	AC_DEFINE_UNQUOTED(FIPS_MODULE_FILE, ["$FIPS_MODULE_FILE"],
-		[file checked to determine if running in FIPS mode])
 
 	if test "x$enable_static" = "xyes" -o "x$enable_static_cryptsetup" = "xyes" ; then
 		AC_MSG_ERROR([Static build is not compatible with FIPS.])
 	fi
-
-	saved_LIBS=$LIBS
-	AC_CHECK_LIB(fipscheck, FIPSCHECK_verify, ,[AC_MSG_ERROR([You need the fipscheck library.])])
-	AC_SUBST(FIPSCHECK_LIBS, $LIBS)
-	LIBS=$saved_LIBS
-
 fi
 
 AC_DEFUN([NO_FIPS], [
@@ -108,12 +97,14 @@ AC_DEFUN([NO_FIPS], [
 
 dnl ==========================================================================
 dnl pwquality library (cryptsetup CLI only)
-AC_ARG_ENABLE([pwquality], AS_HELP_STRING([--enable-pwquality],[enable password quality checking]),
-[with_pwquality=$enableval],
-[with_pwquality=no])
+AC_ARG_ENABLE([pwquality],
+	      AS_HELP_STRING([--enable-pwquality],
+			     [enable password quality checking using pwquality library]),
+	      [with_pwquality=$enableval],
+	      [with_pwquality=no])
 
 if test "x$with_pwquality" = "xyes"; then
-	AC_DEFINE(ENABLE_PWQUALITY, 1, [Enable password quality checking])
+	AC_DEFINE(ENABLE_PWQUALITY, 1, [Enable password quality checking using pwquality library])
 	PKG_CHECK_MODULES([PWQUALITY], [pwquality >= 1.0.0],,
 		AC_MSG_ERROR([You need pwquality library.]))
 
@@ -121,6 +112,31 @@ if test "x$with_pwquality" = "xyes"; then
 	PWQUALITY_STATIC_LIBS="$PWQUALITY_LIBS -lcrack -lz"
 fi
 
+dnl ==========================================================================
+dnl passwdqc library (cryptsetup CLI only)
+AC_ARG_ENABLE([passwdqc],
+	      AS_HELP_STRING([--enable-passwdqc@<:@=CONFIG_PATH@:>@],
+			     [enable password quality checking using passwdqc library (optionally with CONFIG_PATH)]),
+	      [enable_passwdqc=$enableval],
+	      [enable_passwdqc=no])
+
+case "$enable_passwdqc" in
+	yes|no) use_passwdqc_config="" ;;
+	/*) use_passwdqc_config="$enable_passwdqc"; enable_passwdqc=yes ;;
+	*) AC_MSG_ERROR([Unrecognized --enable-passwdqc parameter.]) ;;
+esac
+AC_DEFINE_UNQUOTED([PASSWDQC_CONFIG_FILE], ["$use_passwdqc_config"], [passwdqc library config file])
+
+if test "x$enable_passwdqc" = "xyes"; then
+	AC_DEFINE(ENABLE_PASSWDQC, 1, [Enable password quality checking using passwdqc library])
+
+	PASSWDQC_LIBS="-lpasswdqc"
+fi
+
+if test "x$with_pwquality$enable_passwdqc" = "xyesyes"; then
+	AC_MSG_ERROR([--enable-pwquality and --enable-passwdqc are mutually incompatible.])
+fi
+
 dnl ==========================================================================
 dnl Crypto backend functions
 
@@ -140,6 +156,14 @@ AC_DEFUN([CONFIGURE_GCRYPT], [
 		[AM_PATH_LIBGCRYPT([1.6.1], [use_internal_pbkdf2=0], [use_internal_pbkdf2=1])])
 	AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])
 
+	AC_MSG_CHECKING([if internal cryptsetup PBKDF2 is compiled-in])
+	if test $use_internal_pbkdf2 = 0; then
+		AC_MSG_RESULT([no])
+	else
+		AC_MSG_RESULT([yes])
+		NO_FIPS([])
+	fi
+
 	if test x$enable_static_cryptsetup = xyes; then
 		saved_LIBS=$LIBS
 		LIBS="$saved_LIBS $LIBGCRYPT_LIBS -static"
@@ -210,13 +234,13 @@ AC_DEFUN([CONFIGURE_NETTLE], [
 		[AC_MSG_ERROR([You need Nettle cryptographic library.])])
 
 	saved_LIBS=$LIBS
-	AC_CHECK_LIB(nettle, nettle_ripemd160_init,,
-		[AC_MSG_ERROR([You need Nettle library version 2.4 or more recent.])])
+	AC_CHECK_LIB(nettle, nettle_pbkdf2_hmac_sha256,,
+		[AC_MSG_ERROR([You need Nettle library version 2.6 or more recent.])])
 	CRYPTO_LIBS=$LIBS
 	LIBS=$saved_LIBS
 
 	CRYPTO_STATIC_LIBS=$CRYPTO_LIBS
-	use_internal_pbkdf2=1
+	use_internal_pbkdf2=0
 	NO_FIPS([])
 ])
 
@@ -348,14 +372,14 @@ AC_SUBST([DEVMAPPER_STATIC_LIBS])
 AC_SUBST([PWQUALITY_LIBS])
 AC_SUBST([PWQUALITY_STATIC_LIBS])
 
+AC_SUBST([PASSWDQC_LIBS])
+
 AC_SUBST([CRYPTO_CFLAGS])
 AC_SUBST([CRYPTO_LIBS])
 AC_SUBST([CRYPTO_STATIC_LIBS])
 
 AC_SUBST([LIBCRYPTSETUP_VERSION])
 AC_SUBST([LIBCRYPTSETUP_VERSION_INFO])
-AC_SUBST([LIBCRYPTSETUP_VERSION_FIPS])
-AC_SUBST([FIPS_MODULE_FILE])
 
 dnl ==========================================================================
 AC_ARG_ENABLE([dev-random], AS_HELP_STRING([--enable-dev-random],
@@ -386,15 +410,27 @@ AC_ARG_ENABLE([python], AS_HELP_STRING([--enable-python],[enable Python bindings
 [with_python=$enableval],
 [with_python=no])
 
-if test "x$with_python" = "xyes"; then
-	AM_PATH_PYTHON([2.4])
+AC_ARG_WITH([python_version],
+	AS_HELP_STRING([--with-python_version=VERSION], [required Python version [2.6]]),
+	[PYTHON_VERSION=$withval], [PYTHON_VERSION=2.6])
 
-	if ! test -x "$PYTHON-config" ; then
-            AC_MSG_ERROR([Cannot find python development packages to build bindings])
+if test "x$with_python" = "xyes"; then
+	AM_PATH_PYTHON([$PYTHON_VERSION])
+
+	AC_PATH_PROGS([PYTHON_CONFIG], [python${PYTHON_VERSION}-config python-config], [no])
+	if test "${PYTHON_CONFIG}" = "no"; then
+		AC_MSG_ERROR([cannot find python${PYTHON_VERSION}-config or python-config in PATH])
 	fi
 
-	PYTHON_INCLUDES=$($PYTHON-config --includes)
+	AC_MSG_CHECKING(for python headers using $PYTHON_CONFIG --includes)
+	PYTHON_INCLUDES=$($PYTHON_CONFIG --includes)
+	AC_MSG_RESULT($PYTHON_INCLUDES)
 	AC_SUBST(PYTHON_INCLUDES)
+
+	AC_MSG_CHECKING(for python libraries using $PYTHON_CONFIG --libs)
+	PYTHON_LIBS=$($PYTHON_CONFIG --libs)
+	AC_MSG_RESULT($PYTHON_LIBS)
+	AC_SUBST(PYTHON_LIBS)
 fi
 AM_CONDITIONAL([PYTHON_CRYPTSETUP], [test "x$with_python" = "xyes"])
 
@@ -404,11 +440,11 @@ CS_STR_WITH([plain-cipher], [cipher for plain mode], [aes])
 CS_STR_WITH([plain-mode],   [cipher mode for plain mode], [cbc-essiv:sha256])
 CS_NUM_WITH([plain-keybits],[key length in bits for plain mode], [256])
 
-CS_STR_WITH([luks1-hash],   [hash function for LUKS1 header], [sha1])
+CS_STR_WITH([luks1-hash],   [hash function for LUKS1 header], [sha256])
 CS_STR_WITH([luks1-cipher], [cipher for LUKS1], [aes])
 CS_STR_WITH([luks1-mode],   [cipher mode for LUKS1], [xts-plain64])
 CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256])
-CS_NUM_WITH([luks1-iter-time],[PBKDF2 iteration time for LUKS1 (in ms)], [1000])
+CS_NUM_WITH([luks1-iter-time],[PBKDF2 iteration time for LUKS1 (in ms)], [2000])
 
 CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes])
 CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256])

docs/ChangeLog.old

@@ -834,16 +834,16 @@
 	* lib/utils.c: Add read|write_blockwise functions, to use in
 	O_DIRECT file accesses. 
 
-2004-03-11 Thursday 15:52   Christophe Saout <christophe@saout.de>
+2004-03-11 Thursday 15:52   Jana Saout <jana@saout.de>
 
 	* lib/blockdev.h: BLKGETSIZE64 really uses size_t as third
 	  argument, the rest is wrong.
 
-2004-03-10 Wednesday 17:50   Christophe Saout <christophe@saout.de>
+2004-03-10 Wednesday 17:50   Jana Saout <jana@saout.de>
 
 	* lib/: libcryptsetup.h, libdevmapper.c: Small fixes.
 
-2004-03-09 Tuesday 21:41   Christophe Saout <christophe@saout.de>
+2004-03-09 Tuesday 21:41   Jana Saout <jana@saout.de>
 
 	* lib/internal.h, lib/libcryptsetup.h, lib/libdevmapper.c,
 	  lib/setup.c, po/de.po, src/cryptsetup.c: Added internal flags to
@@ -851,7 +851,7 @@
 	  add a function to free the memory. Also add a readonly flag to
 	  libcryptsetup.
 
-2004-03-09 Tuesday 16:03   Christophe Saout <christophe@saout.de>
+2004-03-09 Tuesday 16:03   Jana Saout <jana@saout.de>
 
 	* ChangeLog, configure.in, setup-gettext, lib/Makefile.am,
 	  lib/backends.c, lib/blockdev.h, lib/gcrypt.c, lib/internal.h,
@@ -859,7 +859,7 @@
 	  lib/utils.c, po/de.po, src/Makefile.am, src/cryptsetup.c: More
 	  reorganization work.
 
-2004-03-08 Monday 01:38   Christophe Saout <christophe@saout.de>
+2004-03-08 Monday 01:38   Jana Saout <jana@saout.de>
 
 	* ChangeLog, Makefile.am, acinclude.m4, configure.in,
 	  lib/Makefile.am, lib/backends.c, lib/blockdev.h, lib/gcrypt.c,
@@ -867,19 +867,19 @@
 	  src/Makefile.am: BLKGETSIZE64 fixes and started modularity
 	  enhancements
 
-2004-03-04 Thursday 21:06   Christophe Saout <christophe@saout.de>
+2004-03-04 Thursday 21:06   Jana Saout <jana@saout.de>
 
 	* Makefile.am, po/de.po, src/cryptsetup.c, src/cryptsetup.h: First
 	  backward compatible working version.
 
-2004-03-04 Thursday 00:42   Christophe Saout <christophe@saout.de>
+2004-03-04 Thursday 00:42   Jana Saout <jana@saout.de>
 
 	* NEWS, AUTHORS, ChangeLog, Makefile.am, README, autogen.sh,
 	  configure.in, setup-gettext, po/ChangeLog, po/LINGUAS,
 	  po/POTFILES.in, po/de.po, src/cryptsetup.c, src/cryptsetup.h,
 	  src/Makefile.am (utags: initial): Initial checkin.
 
-2004-03-04 Thursday 00:42   Christophe Saout <christophe@saout.de>
+2004-03-04 Thursday 00:42   Jana Saout <jana@saout.de>
 
 	* NEWS, AUTHORS, ChangeLog, Makefile.am, README, autogen.sh,
 	  configure.in, setup-gettext, po/ChangeLog, po/LINGUAS,

docs/doxygen_index

@@ -56,7 +56,7 @@
  *			in a persistent way on the device. Keyslot area is an array beyond LUKS header, where
  *			volume key is stored in the encrypted form using user input passphrase. For more info about
  *			LUKS keyslots and how it's actually protected, please look at
- *			<A HREF="http://code.google.com/p/cryptsetup/wiki/Specification">LUKS specification</A>.
+ *			<A HREF="https://gitlab.com/cryptsetup/cryptsetup/wikis/Specification">LUKS specification</A>.
  *			There are two basic methods to create a new keyslot:
  *
  *			@subsection ckeyslot_vol crypt_keyslot_add_by_volume_key()

docs/v1.6.5-ReleaseNotes

@@ -0,0 +1,54 @@
+Cryptsetup 1.6.5 Release Notes
+==============================
+
+Changes since version 1.6.4
+
+* Allow LUKS header operation handling without requiring root privilege.
+  It means that you can manipulate with keyslots as a regular user, only
+  write access to device (or image) is required.
+
+  This requires kernel crypto wrapper (similar to TrueCrypt device handling)
+  to be available (CRYPTO_USER_API_SKCIPHER kernel option).
+  If this kernel interface is not available, code fallbacks to old temporary
+  keyslot device creation (where root privilege is required).
+
+  Note that activation, deactivation, resize and suspend operations still
+  need root privilege (limitation of kernel device-mapper backend).
+
+* Fix internal PBKDF2 key derivation function implementation for alternative
+  crypto backends (kernel, NSS) which do not support PBKDF2 directly and have
+  issues with longer HMAC keys.
+
+  This fixes the problem for long keyfiles where either calculation is too slow
+  (because of internal rehashing in every iteration) or there is a limit
+  (kernel backend seems to not support HMAC key longer than 20480 bytes).
+
+  (Note that for recent version of gcrypt, nettle or openssl the internal
+  PBKDF2 code is not compiled in and crypto library internal functions are
+  used instead.)
+
+* Support for Python3 for simple Python binding.
+  Python >= 2.6 is now required. You can set Python compiled version by setting
+  --with-python_version configure option (together with --enable-python).
+
+* Use internal PBKDF2 in Nettle library for Nettle crypto backend.
+  Cryptsetup compilation requires Nettle >= 2.6 (if using Nettle crypto backend).
+
+* Allow simple status of crypt device without providing metadata header.
+  The command "cryptsetup status" will print basic info, even if you
+  do not provide detached header argument.
+
+* Allow to specify ECB mode in cryptsetup benchmark.
+
+* Add some LUKS images for regression testing.
+  Note that if image with Whirlpool fails, the most probable cause is that
+  you have old gcrypt library with flawed whirlpool hash.
+  Read FAQ section 8.3 for more info.
+
+Cryptsetup API NOTE:
+The direct terminal handling for passphrase entry will be removed from
+libcryptsetup in next major version (application should handle it itself).
+
+It means that you have to always either provide password in buffer or set
+your own password callback function trhough crypt_set_password_callback().
+See API documentation (or libcryptsetup.h) for more info.

docs/v1.6.6-ReleaseNotes

@@ -0,0 +1,29 @@
+Cryptsetup 1.6.6 Release Notes
+==============================
+
+Changes since version 1.6.5
+
+* LUKS: Fix keyslot device access for devices which
+  do not support direct IO operations. (Regression in 1.6.5.)
+
+* LUKS: Fallback to old temporary keyslot device mapping method
+  if hash (for ESSIV) is not supported by userspace crypto
+  library. (Regression in 1.6.5.)
+
+* Properly activate device with discard (TRIM for SSDs)
+  if requested even if dm_crypt module is not yet loaded.
+  Only if discard is not supported by the old kernel then
+  the discard option is ignored.
+
+* Fix some static analysis build warnings (scan-build).
+
+* Report crypto lib version only once (and always add kernel
+  version) in debug output.
+
+Cryptsetup API NOTE:
+The direct terminal handling for passphrase entry will be removed from
+libcryptsetup in next major version (application should handle it itself).
+
+It means that you have to always either provide password in buffer or set
+your own password callback function through crypt_set_password_callback().
+See API documentation (or libcryptsetup.h) for more info.

docs/v1.6.7-ReleaseNotes

@@ -0,0 +1,84 @@
+Cryptsetup 1.6.7 Release Notes
+==============================
+
+Changes since version 1.6.6
+
+* Cryptsetup git and wiki are now hosted on GitLab.
+  https://gitlab.com/cryptsetup/cryptsetup
+
+  Repository of stable releases remains on kernel.org site
+  https://www.kernel.org/pub/linux/utils/cryptsetup/
+
+  For more info please see README file.
+
+* Cryptsetup TCRYPT mode now supports VeraCrypt devices (TrueCrypt extension).
+
+  The VeraCrypt extension only increases iteration count for the key
+  derivation function (on-disk format is the same as TrueCrypt format).
+
+  Note that unlocking of a VeraCrypt device can take very long time if used
+  on slow machines.
+
+  To use this extension, add --veracrypt option, for example
+    cryptsetup open --type tcrypt --veracrypt <container> <name>
+
+  For use through libcryptsetup, just add CRYPT_TCRYPT_VERA_MODES flag.
+
+* Support keyfile-offset and keyfile-size options even for plain volumes.
+
+* Support keyfile option for luksAddKey if the master key is specified.
+
+* For historic reasons, hashing in the plain mode is not used
+  if keyfile is specified (with exception of --key-file=-).
+  Print a warning if these parameters are ignored.
+
+* Support permanent device decryption for cryptsetup-reencrypt.
+  To remove LUKS encryption from a device, you can now use --decrypt option.
+
+* Allow to use --header option in all LUKS commands.
+  The --header always takes precedence over positional device argument.
+
+* Allow luksSuspend without need to specify a detached header.
+
+* Detect if O_DIRECT is usable on a device allocation.
+  There are some strange storage stack configurations which wrongly allows
+  to open devices with direct-io but fails on all IO operations later.
+
+  Cryptsetup now tries to read the device first sector to ensure it can use
+  direct-io.
+
+*  Add low-level performance options tuning for dmcrypt (for Linux 4.0 and later).
+
+   Linux kernel 4.0 contains rewritten dmcrypt code which tries to better utilize
+   encryption on parallel CPU cores.
+
+   While tests show that this change increases performance on most configurations,
+   dmcrypt now provides some switches to change its new behavior.
+
+   You can use them (per-device) with these cryptsetup switches:
+      --perf-same_cpu_crypt
+      --perf-submit_from_crypt_cpus
+
+  Please use these only in the case of serious performance problems.
+  Refer to the cryptsetup man page and dm-crypt documentation
+  (for same_cpu_crypt and submit_from_crypt_cpus options).
+  https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
+
+* Get rid of libfipscheck library.
+  (Note that this option was used only for Red Hat and derived distributions.)
+  With recent FIPS changes we do not need to link to this FIPS monster anymore.
+  Also drop some no longer needed FIPS mode checks.
+
+* Many fixes and clarifications to man pages.
+
+* Prevent compiler to optimize-out zeroing of buffers for on-stack variables.
+
+* Fix a crash if non-GNU strerror_r is used.
+
+Cryptsetup API NOTE:
+The direct terminal handling for passphrase entry will be removed from
+libcryptsetup in next major version (application should handle it itself).
+
+It means that you have to always either provide password in buffer or set
+your own password callback function through crypt_set_password_callback().
+See API documentation (or libcryptsetup.h) for more info.

docs/v1.6.8-ReleaseNotes

@@ -0,0 +1,47 @@
+Cryptsetup 1.6.8 Release Notes
+==============================
+
+Changes since version 1.6.7
+
+* If the null cipher (no encryption) is used, allow only empty password for LUKS.
+  (Previously cryptsetup accepted any password in this case.)
+
+  The null cipher can be used only for testing and it is used temporarily during
+  offline encrypting not yet encrypted device (cryptsetup-reencrypt tool).
+
+  Accepting only empty password prevents situation when someone adds another
+  LUKS device using the same UUID (UUID of existing LUKS device) with faked
+  header containing null cipher.
+  This could force user to use different LUKS device (with no encryption)
+  without noticing.
+  (IOW it prevents situation when attacker intentionally forces
+  user to boot into different system just by LUKS header manipulation.)
+
+  Properly configured systems should have an additional integrity protection
+  in place here (LUKS here provides only confidentiality) but it is better
+  to not allow this situation in the first place.
+
+  (For more info see QubesOS Security Bulletin QSB-019-2015.)
+
+* Properly support stdin "-" handling for luksAddKey for both new and old
+  keyfile parameters.
+
+* If encrypted device is file-backed (it uses underlying loop device),
+  cryptsetup resize will try to resize underlying loop device as well.
+  (It can be used to grow up file-backed device in one step.)
+
+* Cryptsetup now allows to use empty password through stdin pipe.
+  (Intended only for testing in scripts.)
+
+Cryptsetup API NOTE:
+
+Direct terminal handling and password calling callback for passphrase
+entry will be removed from libcryptsetup in next major (2.x) version
+(application should handle it itself).
+It means that application have to always provide password in API calls.
+
+Functions returning last error will be removed in next major version (2.x).
+These functions did not work properly for early initialization errors
+and application can implement better function easily using own error callback.
+
+See comments in libcryptsetup.h for more info about deprecated functions.

docs/v1.7.0-ReleaseNotes

@@ -0,0 +1,81 @@
+Cryptsetup 1.7.0 Release Notes
+==============================
+
+The cryptsetup 1.7 release changes defaults for LUKS,
+there are no API changes.
+
+Changes since version 1.6.8
+
+* Default hash function is now SHA256 (used in key derivation function
+  and anti-forensic splitter).
+
+  Note that replacing SHA1 with SHA256 is not for security reasons.
+  (LUKS does not have problems even if collisions are found for SHA1,
+  for details see FAQ item 5.20).
+
+  Using SHA256 as default is mainly to prevent compatibility problems
+  on hardened systems where SHA1 is already be phased out.
+
+  Note that all checks (kernel crypto API availability check) now uses
+  SHA256 as well.
+
+* Default iteration time for PBKDF2 is now 2 seconds.
+
+  Increasing iteration time is in combination with PBKDF2 benchmark
+  fixes a try to keep PBKDF2 iteration count still high enough and
+  also still acceptable for users.
+
+  N.B. Long term is to replace PBKDF2 algorithm with Password Hashing
+  Competition winner - Argon2.
+
+  Distributions can still change these defaults in compilation time.
+
+  You can change iteration time and used hash function in existing LUKS
+  header with cryptsetup-reencrypt utility even without full reencryption
+  of device (see --keep-key option).
+
+* Fix PBKDF2 iteration benchmark for longer key sizes.
+
+  The previous PBKDF2 benchmark code did not take into account
+  output key length properly.
+
+  For SHA1 (with 160-bits output) and 256-bit keys (and longer)
+  it means that the final iteration value was higher than it should be.
+
+  For other hash algorithms (like SHA256 or SHA512) it caused
+  that iteration count was lower (in comparison to SHA1) than
+  expected for the requested time period.
+
+  The PBKDF2 benchmark code is now fixed to use the key size for
+  the formatted device (or default LUKS key size if running in informational
+  benchmark mode).
+
+  Thanks to A.Visconti, S.Bossi, A.Calo and H.Ragab
+  (http://www.club.di.unimi.it/) for point this out.
+  (Based on "What users should know about Full Disk Encryption
+  based on LUKS" paper to be presented on CANS2015).
+
+* Remove experimental warning for reencrypt tool.
+  The strong request for full backup before using reencryption utility
+  still applies :)
+
+* Add optional libpasswdqc support for new LUKS passwords.
+
+  If password is entered through terminal (no keyfile specified) and
+  cryptsetup is compiled with --enable-passwdqc[=/etc/passwdqc.conf],
+  configured system passwdqc settings are used to check password quality.
+
+* Update FAQ document.
+
+Cryptsetup API NOTE:
+
+Direct terminal handling and password calling callback for passphrase
+entry will be removed from libcryptsetup in next major (2.x) version
+(application should handle it itself).
+It means that application have to always provide password in API calls.
+
+Functions returning last error will be removed in next major version (2.x).
+These functions did not work properly for early initialization errors
+and application can implement better function easily using own error callback.
+
+See comments in libcryptsetup.h for more info about deprecated functions.

docs/v1.7.1-ReleaseNotes

@@ -0,0 +1,36 @@
+Cryptsetup 1.7.1 Release Notes
+==============================
+
+Changes since version 1.7.0
+
+* Code now uses kernel crypto API backend according to new
+  changes introduced in mainline kernel
+
+  While mainline kernel should contain backward compatible
+  changes, some stable series kernels do not contain fully
+  backported compatibility patches.
+  Without these patches  most of cryptsetup operations
+  (like unlocking device) fail.
+
+  This change in cryptsetup ensures that all operations using
+  kernel crypto API works even on these kernels.
+
+* The cryptsetup-reencrypt utility now properly detects removal
+  of underlying link to block device and does not remove
+  ongoing re-encryption log.
+  This allows proper recovery (resume) of reencrypt operation later.
+
+  NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility,
+  this link disappears once the device metadata is temporarily
+  removed from device.
+
+* Cryptsetup now allows special "-" (standard input) keyfile handling
+  even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices.
+
+* Cryptsetup now fails if there are more keyfiles specified
+  for non-TCRYPT device.
+
+* The luksKillSlot command now does not suppress provided password
+  in batch mode (if password is wrong slot is not destroyed).
+  Note that not providing password in batch mode means that keyslot
+  is destroyed unconditionally.

docs/v1.7.2-ReleaseNotes

@@ -0,0 +1,37 @@
+Cryptsetup 1.7.2 Release Notes
+==============================
+
+Changes since version 1.7.1
+
+* Update LUKS documentation format.
+  Clarify fixed sector size and keyslots alignment.
+
+* Support activation options for error handling modes in Linux kernel
+  dm-verity module:
+
+  --ignore-corruption - dm-verity just logs detected corruption
+
+  --restart-on-corruption - dm-verity restarts the kernel if corruption is detected
+
+  If the options above are not specified, default behavior for dm-verity remains.
+  Default is that I/O operation fails with I/O error if corrupted block is detected.
+
+  --ignore-zero-blocks - Instructs dm-verity to not verify blocks that are expected
+  to contain zeroes and always return zeroes directly instead.
+
+  NOTE that these options could have security or functional impacts,
+  do not use them without assessing the risks!
+
+* Fix help text for cipher benchmark specification (mention --cipher option).
+
+* Fix off-by-one error in maximum keyfile size.
+  Allow keyfiles up to compiled-in default and not that value minus one.
+
+* Support resume of interrupted decryption in cryptsetup-reencrypt utility.
+  To resume decryption, LUKS device UUID (--uuid option) option must be used.
+
+* Do not use direct-io for LUKS header with unaligned keyslots.
+  Such headers were used only by the first cryptsetup-luks-1.0.0 release (2005).
+
+* Fix device block size detection to properly work on particular file-based
+  containers over underlying devices with 4k sectors.

docs/v1.7.3-ReleaseNotes

@@ -0,0 +1,24 @@
+Cryptsetup 1.7.3 Release Notes
+==============================
+
+Changes since version 1.7.2
+
+* Fix device access to hash offsets located beyond the 2GB device boundary in veritysetup.
+
+* Set configured (compile-time) default iteration time for devices created directly through
+  libcryptsetup (default was hardcoded 1 second, the configured value applied only
+  for cryptsetup application).
+
+* Fix PBKDF2 benchmark to not double iteration count for specific corner case.
+  If the measurement function returns exactly 500 ms, the iteration calculation loop
+  doubled iteration count but instead of repeating measurement it used this value directly.
+
+* Verify passphrase in cryptsetup-reencrypt when encrypting a new drive.
+
+* OpenSSL backend: fix memory leak if hash context was repeatedly reused.
+
+* OpenSSL backend: add support for OpenSSL 1.1.0.
+
+* Fix several minor spelling errors.
+
+* Properly check maximal buffer size when parsing UUID from /dev/disk/.

lib/Makefile.am

@@ -39,7 +39,6 @@ libcryptsetup_la_LIBADD = \
 	@UUID_LIBS@				\
 	@DEVMAPPER_LIBS@			\
 	@CRYPTO_LIBS@				\
-	@FIPSCHECK_LIBS@			\
 	$(common_ldadd)
 
 

lib/crypt_plain.c

@@ -1,7 +1,7 @@
 /*
  * cryptsetup plain device helper functions
  *
- * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2010-2012 Red Hat, Inc. All rights reserved.
  * Copyright (C) 2010-2012, Milan Broz
  *

lib/crypto_backend/Makefile.am

@@ -5,7 +5,7 @@ noinst_LTLIBRARIES = libcrypto_backend.la
 libcrypto_backend_la_CFLAGS = $(AM_CFLAGS) -Wall @CRYPTO_CFLAGS@
 
 libcrypto_backend_la_SOURCES = crypto_backend.h \
-	crypto_cipher_kernel.c pbkdf_check.c crc32.c
+	crypto_cipher_kernel.c crypto_storage.c pbkdf_check.c crc32.c
 
 if CRYPTO_BACKEND_GCRYPT
 libcrypto_backend_la_SOURCES += crypto_gcrypt.c

lib/crypto_backend/crypto_backend.h

@@ -2,7 +2,7 @@
  * crypto backend implementation
  *
  * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2012, Milan Broz
+ * Copyright (C) 2010-2014, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -28,6 +28,7 @@ struct crypt_device;
 struct crypt_hash;
 struct crypt_hmac;
 struct crypt_cipher;
+struct crypt_storage;
 
 int crypt_backend_init(struct crypt_device *ctx);
 
@@ -57,9 +58,9 @@ int crypt_backend_rng(char *buffer, size_t length, int quality, int fips);
 
 /* PBKDF*/
 int crypt_pbkdf_check(const char *kdf, const char *hash,
-		      const char *password, size_t password_size,
-		      const char *salt, size_t salt_size,
-		      uint64_t *iter_secs);
+		      const char *password, size_t password_length,
+		      const char *salt, size_t salt_length,
+		      size_t key_length, uint64_t *iter_secs);
 int crypt_pbkdf(const char *kdf, const char *hash,
 		const char *password, size_t password_length,
 		const char *salt, size_t salt_length,
@@ -72,13 +73,15 @@ int pkcs5_pbkdf2(const char *hash,
 		 const char *P, size_t Plen,
 		 const char *S, size_t Slen,
 		 unsigned int c,
-		 unsigned int dkLen,char *DK);
+		 unsigned int dkLen, char *DK,
+		 unsigned int hash_block_size);
 #endif
 
 /* CRC32 */
 uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len);
 
 /* ciphers */
+int crypt_cipher_blocksize(const char *name);
 int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 		    const char *mode, const void *buffer, size_t length);
 int crypt_cipher_destroy(struct crypt_cipher *ctx);
@@ -89,4 +92,21 @@ int crypt_cipher_decrypt(struct crypt_cipher *ctx,
 			 const char *in, char *out, size_t length,
 			 const char *iv, size_t iv_length);
 
+/* storage encryption wrappers */
+int crypt_storage_init(struct crypt_storage **ctx, uint64_t sector_start,
+		       const char *cipher, const char *cipher_mode,
+		       char *key, size_t key_length);
+int crypt_storage_destroy(struct crypt_storage *ctx);
+int crypt_storage_decrypt(struct crypt_storage *ctx, uint64_t sector,
+			  size_t count, char *buffer);
+int crypt_storage_encrypt(struct crypt_storage *ctx, uint64_t sector,
+			  size_t count, char *buffer);
+
+/* Memzero helper (memset on stack can be optimized out) */
+static inline void crypt_backend_memzero(void *s, size_t n)
+{
+	volatile uint8_t *p = (volatile uint8_t *)s;
+	while(n--) *p++ = 0;
+}
+
 #endif /* _CRYPTO_BACKEND_H */

lib/crypto_backend/crypto_cipher_kernel.c

@@ -2,7 +2,7 @@
  * Linux kernel userspace API crypto backend implementation (skcipher)
  *
  * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012, Milan Broz
+ * Copyright (C) 2012-2016, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -44,33 +44,52 @@ struct crypt_cipher {
 	int opfd;
 };
 
-/* Shared with hash kernel backend */
-int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd);
+struct cipher_alg {
+	const char *name;
+	int blocksize;
+};
 
-int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd)
+/* FIXME: Getting block size should be dynamic from cipher backend. */
+static struct cipher_alg cipher_algs[] = {
+	{ "cipher_null", 16 },
+	{ "aes",         16 },
+	{ "serpent",     16 },
+	{ "twofish",     16 },
+	{ "anubis",      16 },
+	{ "blowfish",     8 },
+	{ "camellia",    16 },
+	{ "cast5",        8 },
+	{ "cast6",       16 },
+	{ "des",          8 },
+	{ "des3_ede",     8 },
+	{ "khazad",       8 },
+	{ "seed",        16 },
+	{ "tea",          8 },
+	{ "xtea",         8 },
+	{ NULL,           0 }
+};
+
+static struct cipher_alg *_get_alg(const char *name)
 {
-	*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
-	if (*tfmfd == -1)
-		return -ENOTSUP;
+	int i = 0;
 
-	if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) == -1) {
-		close(*tfmfd);
-		*tfmfd = -1;
-		return -ENOENT;
+	while (name && cipher_algs[i].name) {
+		if (!strcasecmp(name, cipher_algs[i].name))
+			return &cipher_algs[i];
+		i++;
 	}
+	return NULL;
+}
 
-	*opfd = accept(*tfmfd, NULL, 0);
-	if (*opfd == -1) {
-		close(*tfmfd);
-		*tfmfd = -1;
-		return -EINVAL;
-	}
+int crypt_cipher_blocksize(const char *name)
+{
+	struct cipher_alg *ca = _get_alg(name);
 
-	return 0;
+	return ca ? ca->blocksize : -EINVAL;
 }
 
 /*
- *ciphers
+ * ciphers
  *
  * ENOENT - algorithm not available
  * ENOTSUP - AF_ALG family not available
@@ -84,7 +103,6 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 		.salg_family = AF_ALG,
 		.salg_type = "skcipher",
 	};
-	int r;
 
 	h = malloc(sizeof(*h));
 	if (!h)
@@ -93,13 +111,28 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 	snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
 		 "%s(%s)", mode, name);
 
-	r = crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd);
-	if (r < 0) {
-		free(h);
-		return r;
+	h->opfd = -1;
+	h->tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+	if (h->tfmfd < 0) {
+		crypt_cipher_destroy(h);
+		return -ENOTSUP;
 	}
 
-	if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) {
+	if (bind(h->tfmfd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
+		crypt_cipher_destroy(h);
+		return -ENOENT;
+	}
+
+	if (!strcmp(name, "cipher_null"))
+		length = 0;
+
+	if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) < 0) {
+		crypt_cipher_destroy(h);
+		return -EINVAL;
+	}
+
+	h->opfd = accept(h->tfmfd, NULL, 0);
+	if (h->opfd < 0) {
 		crypt_cipher_destroy(h);
 		return -EINVAL;
 	}
@@ -142,6 +175,9 @@ static int crypt_cipher_crypt(struct crypt_cipher *ctx,
 
 	/* Set encrypt/decrypt operation */
 	header = CMSG_FIRSTHDR(&msg);
+	if (!header)
+		return -EINVAL;
+
 	header->cmsg_level = SOL_ALG;
 	header->cmsg_type = ALG_SET_OP;
 	header->cmsg_len = CMSG_LEN(sizeof(*type));
@@ -169,7 +205,7 @@ static int crypt_cipher_crypt(struct crypt_cipher *ctx,
 	if (len != (ssize_t)length)
 		r = -EIO;
 bad:
-	memset(buffer, 0, sizeof(buffer));
+	crypt_backend_memzero(buffer, sizeof(buffer));
 	return r;
 }
 
@@ -191,9 +227,9 @@ int crypt_cipher_decrypt(struct crypt_cipher *ctx,
 
 int crypt_cipher_destroy(struct crypt_cipher *ctx)
 {
-	if (ctx->tfmfd != -1)
+	if (ctx->tfmfd >= 0)
 		close(ctx->tfmfd);
-	if (ctx->opfd != -1)
+	if (ctx->opfd >= 0)
 		close(ctx->opfd);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);
@@ -202,6 +238,11 @@ int crypt_cipher_destroy(struct crypt_cipher *ctx)
 
 #else /* ENABLE_AF_ALG */
 
+int crypt_cipher_blocksize(const char *name)
+{
+	return -EINVAL;
+}
+
 int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 		    const char *mode, const void *buffer, size_t length)
 {

lib/crypto_backend/crypto_gcrypt.c

@@ -2,7 +2,7 @@
  * GCRYPT crypto backend implementation
  *
  * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2012, Milan Broz
+ * Copyright (C) 2010-2014, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -331,7 +331,7 @@ int crypt_pbkdf(const char *kdf, const char *hash,
 		return -EINVAL;
 
 	return pkcs5_pbkdf2(hash_name, password, password_length, salt, salt_length,
-			    iterations, key_length, key);
+			    iterations, key_length, key, 0);
 
 #else /* USE_INTERNAL_PBKDF2 */
 	int hash_id = gcry_md_map_name(hash_name);

lib/crypto_backend/crypto_kernel.c

@@ -2,7 +2,7 @@
  * Linux kernel userspace API crypto backend implementation
  *
  * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2012, Milan Broz
+ * Copyright (C) 2010-2016, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -44,15 +44,16 @@ struct hash_alg {
 	const char *name;
 	const char *kernel_name;
 	int length;
+	unsigned int block_length;
 };
 
 static struct hash_alg hash_algs[] = {
-	{ "sha1", "sha1", 20 },
-	{ "sha256", "sha256", 32 },
-	{ "sha512", "sha512", 64 },
-	{ "ripemd160", "rmd160", 20 },
-	{ "whirlpool", "wp512", 64 },
-	{ NULL, NULL, 0 }
+	{ "sha1",      "sha1",   20,  64 },
+	{ "sha256",    "sha256", 32,  64 },
+	{ "sha512",    "sha512", 64, 128 },
+	{ "ripemd160", "rmd160", 20,  64 },
+	{ "whirlpool", "wp512",  64,  64 },
+	{ NULL,        NULL,      0,   0 }
 };
 
 struct crypt_hash {
@@ -67,8 +68,34 @@ struct crypt_hmac {
 	int hash_len;
 };
 
-/* Defined in crypt_kernel_ciphers.c */
-extern int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd);
+static int crypt_kernel_socket_init(struct sockaddr_alg *sa, int *tfmfd, int *opfd,
+				    const void *key, size_t key_length)
+{
+	*tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+	if (*tfmfd < 0)
+		return -ENOTSUP;
+
+	if (bind(*tfmfd, (struct sockaddr *)sa, sizeof(*sa)) < 0) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -ENOENT;
+	}
+
+	if (key && setsockopt(*tfmfd, SOL_ALG, ALG_SET_KEY, key, key_length) < 0) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -EINVAL;
+	}
+
+	*opfd = accept(*tfmfd, NULL, 0);
+	if (*opfd < 0) {
+		close(*tfmfd);
+		*tfmfd = -1;
+		return -EINVAL;
+	}
+
+	return 0;
+}
 
 int crypt_backend_init(struct crypt_device *ctx)
 {
@@ -76,7 +103,7 @@ int crypt_backend_init(struct crypt_device *ctx)
 	struct sockaddr_alg sa = {
 		.salg_family = AF_ALG,
 		.salg_type = "hash",
-		.salg_name = "sha1",
+		.salg_name = "sha256",
 	};
 	int tfmfd = -1, opfd = -1;
 
@@ -86,7 +113,7 @@ int crypt_backend_init(struct crypt_device *ctx)
 	if (uname(&uts) == -1 || strcmp(uts.sysname, "Linux"))
 		return -EINVAL;
 
-	if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd) < 0)
+	if (crypt_kernel_socket_init(&sa, &tfmfd, &opfd, NULL, 0) < 0)
 		return -EINVAL;
 
 	close(tfmfd);
@@ -151,7 +178,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
 
 	strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name));
 
-	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
+	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, NULL, 0) < 0) {
 		free(h);
 		return -EINVAL;
 	}
@@ -187,9 +214,9 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
 
 int crypt_hash_destroy(struct crypt_hash *ctx)
 {
-	if (ctx->tfmfd != -1)
+	if (ctx->tfmfd >= 0)
 		close(ctx->tfmfd);
-	if (ctx->opfd != -1)
+	if (ctx->opfd >= 0)
 		close(ctx->opfd);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);
@@ -226,16 +253,11 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 	snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
 		 "hmac(%s)", ha->kernel_name);
 
-	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd) < 0) {
+	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, buffer, length) < 0) {
 		free(h);
 		return -EINVAL;
 	}
 
-	if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, buffer, length) == -1) {
-		crypt_hmac_destroy(h);
-		return -EINVAL;
-	}
-
 	*ctx = h;
 	return 0;
 }
@@ -267,9 +289,9 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
 
 int crypt_hmac_destroy(struct crypt_hmac *ctx)
 {
-	if (ctx->tfmfd != -1)
+	if (ctx->tfmfd >= 0)
 		close(ctx->tfmfd);
-	if (ctx->opfd != -1)
+	if (ctx->opfd >= 0)
 		close(ctx->opfd);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);
@@ -289,9 +311,11 @@ int crypt_pbkdf(const char *kdf, const char *hash,
 		char *key, size_t key_length,
 		unsigned int iterations)
 {
-	if (!kdf || strncmp(kdf, "pbkdf2", 6))
+	struct hash_alg *ha = _get_alg(hash);
+
+	if (!ha || !kdf || strncmp(kdf, "pbkdf2", 6))
 		return -EINVAL;
 
 	return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
-			    iterations, key_length, key);
+			    iterations, key_length, key, ha->block_length);
 }

lib/crypto_backend/crypto_nettle.c

@@ -1,8 +1,8 @@
 /*
  * Nettle crypto backend implementation
  *
- * Copyright (C) 2011-2012 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2012, Milan Broz
+ * Copyright (C) 2011-2016 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2016, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -24,14 +24,15 @@
 #include <errno.h>
 #include <nettle/sha.h>
 #include <nettle/hmac.h>
+#include <nettle/pbkdf2.h>
 #include "crypto_backend.h"
 
 static char *version = "Nettle";
 
 typedef void (*init_func) (void *);
-typedef void (*update_func) (void *, unsigned, const uint8_t *);
-typedef void (*digest_func) (void *, unsigned, uint8_t *);
-typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
+typedef void (*update_func) (void *, size_t, const uint8_t *);
+typedef void (*digest_func) (void *, size_t, uint8_t *);
+typedef void (*set_key_func) (void *, size_t, const uint8_t *);
 
 struct hash_alg {
 	const char *name;
@@ -284,10 +285,21 @@ int crypt_pbkdf(const char *kdf, const char *hash,
 		char *key, size_t key_length,
 		unsigned int iterations)
 {
+	struct crypt_hmac *h;
+	int r;
+
 	if (!kdf || strncmp(kdf, "pbkdf2", 6))
 		return -EINVAL;
 
-	/* FIXME: switch to internal implementation in Nettle 2.6 */
-	return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
-			    iterations, key_length, key);
+	r = crypt_hmac_init(&h, hash, password, password_length);
+	if (r < 0)
+		return r;
+
+	nettle_pbkdf2(&h->nettle_ctx, h->hash->nettle_hmac_update,
+		      h->hash->nettle_hmac_digest, h->hash->length, iterations,
+		      salt_length, (const uint8_t *)salt, key_length,
+		      (uint8_t *)key);
+	crypt_hmac_destroy(h);
+
+	return 0;
 }

lib/crypto_backend/crypto_nss.c

@@ -2,7 +2,7 @@
  * NSS crypto backend implementation
  *
  * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2012, Milan Broz
+ * Copyright (C) 2010-2014, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -35,14 +35,15 @@ struct hash_alg {
 	SECOidTag oid;
 	CK_MECHANISM_TYPE ck_type;
 	int length;
+	unsigned int block_length;
 };
 
 static struct hash_alg hash_algs[] = {
-	{ "sha1", SEC_OID_SHA1, CKM_SHA_1_HMAC, 20 },
-	{ "sha256", SEC_OID_SHA256, CKM_SHA256_HMAC, 32 },
-	{ "sha384", SEC_OID_SHA384, CKM_SHA384_HMAC, 48 },
-	{ "sha512", SEC_OID_SHA512, CKM_SHA512_HMAC, 64 },
-//	{ "ripemd160", SEC_OID_RIPEMD160, CKM_RIPEMD160_HMAC, 20 },
+	{ "sha1",   SEC_OID_SHA1,   CKM_SHA_1_HMAC,  20,  64 },
+	{ "sha256", SEC_OID_SHA256, CKM_SHA256_HMAC, 32,  64 },
+	{ "sha384", SEC_OID_SHA384, CKM_SHA384_HMAC, 48, 128 },
+	{ "sha512", SEC_OID_SHA512, CKM_SHA512_HMAC, 64, 128 },
+//	{ "ripemd160", SEC_OID_RIPEMD160, CKM_RIPEMD160_HMAC, 20, 64 },
 	{ NULL, 0, 0, 0 }
 };
 
@@ -163,7 +164,7 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
 		return -EINVAL;
 
 	memcpy(buffer, tmp, length);
-	memset(tmp, 0, sizeof(tmp));
+	crypt_backend_memzero(tmp, sizeof(tmp));
 
 	if (tmp_len < length)
 		return -EINVAL;
@@ -265,7 +266,7 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
 		return -EINVAL;
 
 	memcpy(buffer, tmp, length);
-	memset(tmp, 0, sizeof(tmp));
+	crypt_backend_memzero(tmp, sizeof(tmp));
 
 	if (tmp_len < length)
 		return -EINVAL;
@@ -308,9 +309,11 @@ int crypt_pbkdf(const char *kdf, const char *hash,
 		char *key, size_t key_length,
 		unsigned int iterations)
 {
-	if (!kdf || strncmp(kdf, "pbkdf2", 6))
+	struct hash_alg *ha = _get_alg(hash);
+
+	if (!ha || !kdf || strncmp(kdf, "pbkdf2", 6))
 		return -EINVAL;
 
 	return pkcs5_pbkdf2(hash, password, password_length, salt, salt_length,
-			    iterations, key_length, key);
+			    iterations, key_length, key, ha->block_length);
 }

lib/crypto_backend/crypto_openssl.c

@@ -1,8 +1,8 @@
 /*
  * OPENSSL crypto backend implementation
  *
- * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2012, Milan Broz
+ * Copyright (C) 2010-2016, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2016, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -38,13 +38,13 @@
 static int crypto_backend_initialised = 0;
 
 struct crypt_hash {
-	EVP_MD_CTX md;
+	EVP_MD_CTX *md;
 	const EVP_MD *hash_id;
 	int hash_len;
 };
 
 struct crypt_hmac {
-	HMAC_CTX md;
+	HMAC_CTX *md;
 	const EVP_MD *hash_id;
 	int hash_len;
 };
@@ -70,6 +70,43 @@ const char *crypt_backend_version(void)
 	return SSLeay_version(SSLEAY_VERSION);
 }
 
+/*
+ * Compatible wrappers for OpenSSL < 1.1.0
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+static EVP_MD_CTX *EVP_MD_CTX_new(void)
+{
+	EVP_MD_CTX *md = malloc(sizeof(*md));
+
+	if (md)
+		EVP_MD_CTX_init(md);
+
+	return md;
+}
+
+static void EVP_MD_CTX_free(EVP_MD_CTX *md)
+{
+	EVP_MD_CTX_cleanup(md);
+	free(md);
+}
+
+static HMAC_CTX *HMAC_CTX_new(void)
+{
+	HMAC_CTX *md = malloc(sizeof(*md));
+
+	if (md)
+		HMAC_CTX_init(md);
+
+	return md;
+}
+
+static void HMAC_CTX_free(HMAC_CTX *md)
+{
+	HMAC_CTX_cleanup(md);
+	free(md);
+}
+#endif
+
 /* HASH */
 int crypt_hash_size(const char *name)
 {
@@ -89,13 +126,21 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
 	if (!h)
 		return -ENOMEM;
 
+	h->md = EVP_MD_CTX_new();
+	if (!h->md) {
+		free(h);
+		return -ENOMEM;
+	}
+
 	h->hash_id = EVP_get_digestbyname(name);
 	if (!h->hash_id) {
+		EVP_MD_CTX_free(h->md);
 		free(h);
 		return -EINVAL;
 	}
 
-	if (EVP_DigestInit(&h->md, h->hash_id) != 1) {
+	if (EVP_DigestInit_ex(h->md, h->hash_id, NULL) != 1) {
+		EVP_MD_CTX_free(h->md);
 		free(h);
 		return -EINVAL;
 	}
@@ -107,7 +152,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
 
 static int crypt_hash_restart(struct crypt_hash *ctx)
 {
-	if (EVP_DigestInit(&ctx->md, ctx->hash_id) != 1)
+	if (EVP_DigestInit_ex(ctx->md, ctx->hash_id, NULL) != 1)
 		return -EINVAL;
 
 	return 0;
@@ -115,7 +160,7 @@ static int crypt_hash_restart(struct crypt_hash *ctx)
 
 int crypt_hash_write(struct crypt_hash *ctx, const char *buffer, size_t length)
 {
-	if (EVP_DigestUpdate(&ctx->md, buffer, length) != 1)
+	if (EVP_DigestUpdate(ctx->md, buffer, length) != 1)
 		return -EINVAL;
 
 	return 0;
@@ -129,11 +174,11 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
 	if (length > (size_t)ctx->hash_len)
 		return -EINVAL;
 
-	if (EVP_DigestFinal_ex(&ctx->md, tmp, &tmp_len) != 1)
+	if (EVP_DigestFinal_ex(ctx->md, tmp, &tmp_len) != 1)
 		return -EINVAL;
 
 	memcpy(buffer, tmp, length);
-	memset(tmp, 0, sizeof(tmp));
+	crypt_backend_memzero(tmp, sizeof(tmp));
 
 	if (tmp_len < length)
 		return -EINVAL;
@@ -146,7 +191,7 @@ int crypt_hash_final(struct crypt_hash *ctx, char *buffer, size_t length)
 
 int crypt_hash_destroy(struct crypt_hash *ctx)
 {
-	EVP_MD_CTX_cleanup(&ctx->md);
+	EVP_MD_CTX_free(ctx->md);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);
 	return 0;
@@ -167,14 +212,20 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 	if (!h)
 		return -ENOMEM;
 
+	h->md = HMAC_CTX_new();
+	if (!h->md) {
+		free(h);
+		return -ENOMEM;
+	}
+
 	h->hash_id = EVP_get_digestbyname(name);
 	if (!h->hash_id) {
+		HMAC_CTX_free(h->md);
 		free(h);
 		return -EINVAL;
 	}
 
-	HMAC_CTX_init(&h->md);
-	HMAC_Init_ex(&h->md, buffer, length, h->hash_id, NULL);
+	HMAC_Init_ex(h->md, buffer, length, h->hash_id, NULL);
 
 	h->hash_len = EVP_MD_size(h->hash_id);
 	*ctx = h;
@@ -183,12 +234,12 @@ int crypt_hmac_init(struct crypt_hmac **ctx, const char *name,
 
 static void crypt_hmac_restart(struct crypt_hmac *ctx)
 {
-	HMAC_Init_ex(&ctx->md, NULL, 0, ctx->hash_id, NULL);
+	HMAC_Init_ex(ctx->md, NULL, 0, ctx->hash_id, NULL);
 }
 
 int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length)
 {
-	HMAC_Update(&ctx->md, (const unsigned char *)buffer, length);
+	HMAC_Update(ctx->md, (const unsigned char *)buffer, length);
 	return 0;
 }
 
@@ -200,10 +251,10 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
 	if (length > (size_t)ctx->hash_len)
 		return -EINVAL;
 
-	HMAC_Final(&ctx->md, tmp, &tmp_len);
+	HMAC_Final(ctx->md, tmp, &tmp_len);
 
 	memcpy(buffer, tmp, length);
-	memset(tmp, 0, sizeof(tmp));
+	crypt_backend_memzero(tmp, sizeof(tmp));
 
 	if (tmp_len < length)
 		return -EINVAL;
@@ -215,7 +266,7 @@ int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length)
 
 int crypt_hmac_destroy(struct crypt_hmac *ctx)
 {
-	HMAC_CTX_cleanup(&ctx->md);
+	HMAC_CTX_free(ctx->md);
 	memset(ctx, 0, sizeof(*ctx));
 	free(ctx);
 	return 0;
@@ -250,7 +301,7 @@ int crypt_pbkdf(const char *kdf, const char *hash,
 		return -EINVAL;
 
 	if (!PKCS5_PBKDF2_HMAC(password, (int)password_length,
-	    (unsigned char *)salt, (int)salt_length,
+	    (const unsigned char *)salt, (int)salt_length,
             (int)iterations, hash_id, (int)key_length, (unsigned char *)key))
 		return -EINVAL;
 

lib/crypto_backend/crypto_storage.c

@@ -0,0 +1,293 @@
+/*
+ * Generic wrapper for storage encryption modes and Initial Vectors
+ * (reimplementation of some functions from Linux dm-crypt kernel)
+ *
+ * Copyright (C) 2014, Milan Broz
+ *
+ * This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this file; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include "bitops.h"
+#include "crypto_backend.h"
+
+#define SECTOR_SHIFT	9
+#define SECTOR_SIZE	(1 << SECTOR_SHIFT)
+
+/*
+ * Internal IV helper
+ * IV documentation: https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
+ */
+struct crypt_sector_iv {
+	enum { IV_NONE, IV_NULL, IV_PLAIN, IV_PLAIN64, IV_ESSIV, IV_BENBI } type;
+	int iv_size;
+	char *iv;
+	struct crypt_cipher *essiv_cipher;
+	int benbi_shift;
+};
+
+/* Block encryption storage context */
+struct crypt_storage {
+	uint64_t sector_start;
+	struct crypt_cipher *cipher;
+	struct crypt_sector_iv cipher_iv;
+};
+
+static int int_log2(unsigned int x)
+{
+	int r = 0;
+	for (x >>= 1; x > 0; x >>= 1)
+		r++;
+	return r;
+}
+
+static int crypt_sector_iv_init(struct crypt_sector_iv *ctx,
+			 const char *cipher_name, const char *mode_name,
+			 const char *iv_name, char *key, size_t key_length)
+{
+	memset(ctx, 0, sizeof(*ctx));
+
+	ctx->iv_size = crypt_cipher_blocksize(cipher_name);
+	if (ctx->iv_size < 0)
+		return -ENOENT;
+
+	if (!iv_name ||
+	    !strcmp(cipher_name, "cipher_null") ||
+	    !strcmp(mode_name, "ecb")) {
+		ctx->type = IV_NONE;
+		ctx->iv_size = 0;
+		return 0;
+	} else if (!strcasecmp(iv_name, "null")) {
+		ctx->type = IV_NULL;
+	} else if (!strcasecmp(iv_name, "plain64")) {
+		ctx->type = IV_PLAIN64;
+	} else if (!strcasecmp(iv_name, "plain")) {
+		ctx->type = IV_PLAIN;
+	} else if (!strncasecmp(iv_name, "essiv:", 6)) {
+		struct crypt_hash *h = NULL;
+		char *hash_name = strchr(iv_name, ':');
+		int hash_size;
+		char tmp[256];
+		int r;
+
+		if (!hash_name)
+			return -EINVAL;
+
+		hash_size = crypt_hash_size(++hash_name);
+		if (hash_size < 0)
+			return -ENOENT;
+
+		if ((unsigned)hash_size > sizeof(tmp))
+			return -EINVAL;
+
+		if (crypt_hash_init(&h, hash_name))
+			return -EINVAL;
+
+		r = crypt_hash_write(h, key, key_length);
+		if (r) {
+			crypt_hash_destroy(h);
+			return r;
+		}
+
+		r = crypt_hash_final(h, tmp, hash_size);
+		crypt_hash_destroy(h);
+		if (r) {
+			crypt_backend_memzero(tmp, sizeof(tmp));
+			return r;
+		}
+
+		r = crypt_cipher_init(&ctx->essiv_cipher, cipher_name, "ecb",
+				      tmp, hash_size);
+		crypt_backend_memzero(tmp, sizeof(tmp));
+		if (r)
+			return r;
+
+		ctx->type = IV_ESSIV;
+	} else if (!strncasecmp(iv_name, "benbi", 5)) {
+		int log = int_log2(ctx->iv_size);
+		if (log > SECTOR_SHIFT)
+			return -EINVAL;
+
+		ctx->type = IV_BENBI;
+		ctx->benbi_shift = SECTOR_SHIFT - log;
+	} else
+		return -ENOENT;
+
+	ctx->iv = malloc(ctx->iv_size);
+	if (!ctx->iv)
+		return -ENOMEM;
+
+	return 0;
+}
+
+static int crypt_sector_iv_generate(struct crypt_sector_iv *ctx, uint64_t sector)
+{
+	uint64_t val;
+
+	switch (ctx->type) {
+	case IV_NONE:
+		break;
+	case IV_NULL:
+		memset(ctx->iv, 0, ctx->iv_size);
+		break;
+	case IV_PLAIN:
+		memset(ctx->iv, 0, ctx->iv_size);
+		*(uint32_t *)ctx->iv = cpu_to_le32(sector & 0xffffffff);
+		break;
+	case IV_PLAIN64:
+		memset(ctx->iv, 0, ctx->iv_size);
+		*(uint64_t *)ctx->iv = cpu_to_le64(sector);
+		break;
+	case IV_ESSIV:
+		memset(ctx->iv, 0, ctx->iv_size);
+		*(uint64_t *)ctx->iv = cpu_to_le64(sector);
+		return crypt_cipher_encrypt(ctx->essiv_cipher,
+			ctx->iv, ctx->iv, ctx->iv_size, NULL, 0);
+		break;
+	case IV_BENBI:
+		memset(ctx->iv, 0, ctx->iv_size);
+		val = cpu_to_be64((sector << ctx->benbi_shift) + 1);
+		memcpy(ctx->iv + ctx->iv_size - sizeof(val), &val, sizeof(val));
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+static int crypt_sector_iv_destroy(struct crypt_sector_iv *ctx)
+{
+	if (ctx->type == IV_ESSIV)
+		crypt_cipher_destroy(ctx->essiv_cipher);
+
+	if (ctx->iv) {
+		memset(ctx->iv, 0, ctx->iv_size);
+		free(ctx->iv);
+	}
+
+	memset(ctx, 0, sizeof(*ctx));
+	return 0;
+}
+
+/* Block encryption storage wrappers */
+
+int crypt_storage_init(struct crypt_storage **ctx,
+		       uint64_t sector_start,
+		       const char *cipher,
+		       const char *cipher_mode,
+		       char *key, size_t key_length)
+{
+	struct crypt_storage *s;
+	char mode_name[64];
+	char *cipher_iv = NULL;
+	int r = -EIO;
+
+	s = malloc(sizeof(*s));
+	if (!s)
+		return -ENOMEM;
+	memset(s, 0, sizeof(*s));
+
+	/* Remove IV if present */
+	strncpy(mode_name, cipher_mode, sizeof(mode_name));
+	mode_name[sizeof(mode_name) - 1] = 0;
+	cipher_iv = strchr(mode_name, '-');
+	if (cipher_iv) {
+		*cipher_iv = '\0';
+		cipher_iv++;
+	}
+
+	r = crypt_cipher_init(&s->cipher, cipher, mode_name, key, key_length);
+	if (r) {
+		crypt_storage_destroy(s);
+		return r;
+	}
+
+	r = crypt_sector_iv_init(&s->cipher_iv, cipher, mode_name, cipher_iv, key, key_length);
+	if (r) {
+		crypt_storage_destroy(s);
+		return r;
+	}
+
+	s->sector_start = sector_start;
+
+	*ctx = s;
+	return 0;
+}
+
+int crypt_storage_decrypt(struct crypt_storage *ctx,
+		       uint64_t sector, size_t count,
+		       char *buffer)
+{
+	unsigned int i;
+	int r = 0;
+
+	for (i = 0; i < count; i++) {
+		r = crypt_sector_iv_generate(&ctx->cipher_iv, sector + i);
+		if (r)
+			break;
+		r = crypt_cipher_decrypt(ctx->cipher,
+					 &buffer[i * SECTOR_SIZE],
+					 &buffer[i * SECTOR_SIZE],
+					 SECTOR_SIZE,
+					 ctx->cipher_iv.iv,
+					 ctx->cipher_iv.iv_size);
+		if (r)
+			break;
+	}
+
+	return r;
+}
+
+int crypt_storage_encrypt(struct crypt_storage *ctx,
+		       uint64_t sector, size_t count,
+		       char *buffer)
+{
+	unsigned int i;
+	int r = 0;
+
+	for (i = 0; i < count; i++) {
+		r = crypt_sector_iv_generate(&ctx->cipher_iv, sector + i);
+		if (r)
+			break;
+		r = crypt_cipher_encrypt(ctx->cipher,
+					 &buffer[i * SECTOR_SIZE],
+					 &buffer[i * SECTOR_SIZE],
+					 SECTOR_SIZE,
+					 ctx->cipher_iv.iv,
+					 ctx->cipher_iv.iv_size);
+		if (r)
+			break;
+	}
+
+	return r;
+}
+
+int crypt_storage_destroy(struct crypt_storage *ctx)
+{
+	if (!ctx)
+		return 0;
+
+	crypt_sector_iv_destroy(&ctx->cipher_iv);
+
+	if (ctx->cipher)
+		crypt_cipher_destroy(ctx->cipher);
+
+	memset(ctx, 0, sizeof(*ctx));
+	free(ctx);
+
+	return 0;
+}

lib/crypto_backend/pbkdf2_generic.c

@@ -5,6 +5,7 @@
  *
  * cryptsetup related changes
  * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2014, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -26,6 +27,25 @@
 #include <alloca.h>
 #include "crypto_backend.h"
 
+static int hash_buf(const char *src, size_t src_len,
+		    char *dst, size_t dst_len,
+		    const char *hash_name)
+{
+	struct crypt_hash *hd = NULL;
+	int r;
+
+	if (crypt_hash_init(&hd, hash_name))
+		return -EINVAL;
+
+	r = crypt_hash_write(hd, src, src_len);
+
+	if (!r)
+		r = crypt_hash_final(hd, dst, dst_len);
+
+	crypt_hash_destroy(hd);
+	return r;
+}
+
 /*
  * 5.2 PBKDF2
  *
@@ -52,17 +72,26 @@
  *  Output:         DK         derived key, a dkLen-octet string
  */
 
+/*
+ * if hash_block_size is not zero, the HMAC key is pre-hashed
+ * inside this function.
+ * This prevents situation when crypto backend doesn't support
+ * long HMAC keys or it tries hash long key in every iteration
+ * (because of crypt_final() cannot do simple key reset.
+ */
+
 #define MAX_PRF_BLOCK_LEN 80
 
 int pkcs5_pbkdf2(const char *hash,
 			const char *P, size_t Plen,
 			const char *S, size_t Slen,
 			unsigned int c, unsigned int dkLen,
-			char *DK)
+			char *DK, unsigned int hash_block_size)
 {
 	struct crypt_hmac *hmac;
 	char U[MAX_PRF_BLOCK_LEN];
 	char T[MAX_PRF_BLOCK_LEN];
+	char P_hash[MAX_PRF_BLOCK_LEN];
 	int i, k, rc = -EINVAL;
 	unsigned int u, hLen, l, r;
 	size_t tmplen = Slen + 4;
@@ -152,8 +181,18 @@ int pkcs5_pbkdf2(const char *hash,
 	 *
 	 */
 
-	if (crypt_hmac_init(&hmac, hash, P, Plen))
-		return -EINVAL;
+	/* If hash_block_size is provided, hash password in advance. */
+	if (hash_block_size > 0 && Plen > hash_block_size) {
+		if (hash_buf(P, Plen, P_hash, hLen, hash))
+			return -EINVAL;
+
+		if (crypt_hmac_init(&hmac, hash, P_hash, hLen))
+			return -EINVAL;
+		crypt_backend_memzero(P_hash, sizeof(P_hash));
+	} else {
+		if (crypt_hmac_init(&hmac, hash, P, Plen))
+			return -EINVAL;
+	}
 
 	for (i = 1; (unsigned int) i <= l; i++) {
 		memset(T, 0, hLen);
@@ -185,5 +224,203 @@ int pkcs5_pbkdf2(const char *hash,
 	rc = 0;
 out:
 	crypt_hmac_destroy(hmac);
+	crypt_backend_memzero(U, sizeof(U));
+	crypt_backend_memzero(T, sizeof(T));
+	crypt_backend_memzero(tmp, tmplen);
+
 	return rc;
 }
+
+#if 0
+#include <stdio.h>
+
+struct test_vector {
+	const char *hash;
+	unsigned int hash_block_length;
+	unsigned int iterations;
+	const char *password;
+	unsigned int password_length;
+	const char *salt;
+	unsigned int salt_length;
+	const char *output;
+	unsigned int output_length;
+};
+
+struct test_vector test_vectors[] = {
+	/* RFC 3962 */
+	{
+		"sha1", 64, 1,
+		"password", 8,
+		"ATHENA.MIT.EDUraeburn", 21,
+		"\xcd\xed\xb5\x28\x1b\xb2\xf8\x01"
+		"\x56\x5a\x11\x22\xb2\x56\x35\x15"
+		"\x0a\xd1\xf7\xa0\x4b\xb9\xf3\xa3"
+		"\x33\xec\xc0\xe2\xe1\xf7\x08\x37", 32
+	}, {
+		"sha1", 64, 2,
+		"password", 8,
+		"ATHENA.MIT.EDUraeburn", 21,
+		"\x01\xdb\xee\x7f\x4a\x9e\x24\x3e"
+		"\x98\x8b\x62\xc7\x3c\xda\x93\x5d"
+		"\xa0\x53\x78\xb9\x32\x44\xec\x8f"
+		"\x48\xa9\x9e\x61\xad\x79\x9d\x86", 32
+	}, {
+		"sha1", 64, 1200,
+		"password", 8,
+		"ATHENA.MIT.EDUraeburn", 21,
+		"\x5c\x08\xeb\x61\xfd\xf7\x1e\x4e"
+		"\x4e\xc3\xcf\x6b\xa1\xf5\x51\x2b"
+		"\xa7\xe5\x2d\xdb\xc5\xe5\x14\x2f"
+		"\x70\x8a\x31\xe2\xe6\x2b\x1e\x13", 32
+	}, {
+		"sha1", 64, 5,
+		"password", 8,
+		"\0224VxxV4\022", 8, // "\x1234567878563412
+		"\xd1\xda\xa7\x86\x15\xf2\x87\xe6"
+		"\xa1\xc8\xb1\x20\xd7\x06\x2a\x49"
+		"\x3f\x98\xd2\x03\xe6\xbe\x49\xa6"
+		"\xad\xf4\xfa\x57\x4b\x6e\x64\xee", 32
+	}, {
+		"sha1", 64, 1200,
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 64,
+		"pass phrase equals block size", 29,
+		"\x13\x9c\x30\xc0\x96\x6b\xc3\x2b"
+		"\xa5\x5f\xdb\xf2\x12\x53\x0a\xc9"
+		"\xc5\xec\x59\xf1\xa4\x52\xf5\xcc"
+		"\x9a\xd9\x40\xfe\xa0\x59\x8e\xd1", 32
+	}, {
+		"sha1", 64, 1200,
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 65,
+		"pass phrase exceeds block size", 30,
+		"\x9c\xca\xd6\xd4\x68\x77\x0c\xd5"
+		"\x1b\x10\xe6\xa6\x87\x21\xbe\x61"
+		"\x1a\x8b\x4d\x28\x26\x01\xdb\x3b"
+		"\x36\xbe\x92\x46\x91\x5e\xc8\x2a", 32
+	}, {
+		"sha1", 64, 50,
+		"\360\235\204\236", 4, // g-clef ("\xf09d849e)
+		"EXAMPLE.COMpianist", 18,
+		"\x6b\x9c\xf2\x6d\x45\x45\x5a\x43"
+		"\xa5\xb8\xbb\x27\x6a\x40\x3b\x39"
+		"\xe7\xfe\x37\xa0\xc4\x1e\x02\xc2"
+		"\x81\xff\x30\x69\xe1\xe9\x4f\x52", 32
+	}, {
+	/* RFC-6070 */
+		"sha1", 64, 1,
+		"password", 8,
+		"salt", 4,
+		"\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9"
+		"\xb5\x24\xaf\x60\x12\x06\x2f\xe0\x37\xa6", 20
+	}, {
+		"sha1", 64, 2,
+		"password", 8,
+		"salt", 4,
+		"\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e"
+		"\xd9\x2a\xce\x1d\x41\xf0\xd8\xde\x89\x57", 20
+	}, {
+		"sha1", 64, 4096,
+		"password", 8,
+		"salt", 4,
+		"\x4b\x00\x79\x01\xb7\x65\x48\x9a\xbe\xad"
+		"\x49\xd9\x26\xf7\x21\xd0\x65\xa4\x29\xc1", 20
+	}, {
+		"sha1", 64, 16777216,
+		"password", 8,
+		"salt", 4,
+		"\xee\xfe\x3d\x61\xcd\x4d\xa4\xe4\xe9\x94"
+		"\x5b\x3d\x6b\xa2\x15\x8c\x26\x34\xe9\x84", 20
+	}, {
+		"sha1", 64, 4096,
+		"passwordPASSWORDpassword", 24,
+		"saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
+		"\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8"
+		"\xd8\x36\x62\xc0\xe4\x4a\x8b\x29\x1a\x96"
+		"\x4c\xf2\xf0\x70\x38", 25
+	}, {
+		"sha1", 64, 4096,
+		"pass\0word", 9,
+		"sa\0lt", 5,
+		"\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37"
+		"\xd7\xf0\x34\x25\xe0\xc3", 16
+	}, {
+	/* empty password test */
+		"sha1", 64, 2,
+		"", 0,
+		"salt", 4,
+		"\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2"
+		"\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97", 20
+	}, {
+	/* Password exceeds block size test */
+		"sha256", 64, 1200,
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 65,
+		"pass phrase exceeds block size", 30,
+		"\x22\x34\x4b\xc4\xb6\xe3\x26\x75"
+		"\xa8\x09\x0f\x3e\xa8\x0b\xe0\x1d"
+		"\x5f\x95\x12\x6a\x2c\xdd\xc3\xfa"
+		"\xcc\x4a\x5e\x6d\xca\x04\xec\x58", 32
+	}, {
+		"sha512", 128, 1200,
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 129,
+		"pass phrase exceeds block size", 30,
+		"\x0f\xb2\xed\x2c\x0e\x6e\xfb\x7d"
+		"\x7d\x8e\xdd\x58\x01\xb4\x59\x72"
+		"\x99\x92\x16\x30\x5e\xa4\x36\x8d"
+		"\x76\x14\x80\xf3\xe3\x7a\x22\xb9", 32
+	}, {
+		"whirlpool", 64, 1200,
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+		"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 65,
+		"pass phrase exceeds block size", 30,
+		"\x9c\x1c\x74\xf5\x88\x26\xe7\x6a"
+		"\x53\x58\xf4\x0c\x39\xe7\x80\x89"
+		"\x07\xc0\x31\x19\x9a\x50\xa2\x48"
+		"\xf1\xd9\xfe\x78\x64\xe5\x84\x50", 32
+	}
+};
+
+static void printhex(const char *s, const char *buf, size_t len)
+{
+	size_t i;
+
+	printf("%s: ", s);
+	for (i = 0; i < len; i++)
+		printf("\\x%02x", (unsigned char)buf[i]);
+	printf("\n");
+	fflush(stdout);
+}
+
+static int pkcs5_pbkdf2_test_vectors(void)
+{
+	char result[64];
+	unsigned int i, j;
+	struct test_vector *vec;
+
+	for (i = 0; i < (sizeof(test_vectors) / sizeof(*test_vectors)); i++) {
+		vec = &test_vectors[i];
+		for (j = 1; j <= vec->output_length; j++) {
+			if (pkcs5_pbkdf2(vec->hash,
+			    vec->password, vec->password_length,
+			    vec->salt, vec->salt_length,
+			    vec->iterations,
+			    j, result, vec->hash_block_length)) {
+				printf("pbkdf2 failed, vector %d\n", i);
+				return -EINVAL;
+			}
+			if (memcmp(result, vec->output, j) != 0) {
+				printf("vector %u\n", i);
+				printhex(" got", result, j);
+				printhex("want", vec->output, j);
+				return -EINVAL;
+			}
+			memset(result, 0, sizeof(result));
+		}
+	}
+	return 0;
+}
+#endif

lib/crypto_backend/pbkdf_check.c

@@ -1,7 +1,7 @@
 /*
  * PBKDF performance check
  * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012, Milan Broz
+ * Copyright (C) 2012-2014, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -18,6 +18,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
+#include <stdlib.h>
 #include <errno.h>
 #include <sys/time.h>
 #include <sys/resource.h>
@@ -52,31 +53,39 @@ static long time_ms(struct rusage *start, struct rusage *end)
 
 /* This code benchmarks PBKDF and returns iterations/second using specified hash */
 int crypt_pbkdf_check(const char *kdf, const char *hash,
-		      const char *password, size_t password_size,
-		      const char *salt, size_t salt_size,
-		      uint64_t *iter_secs)
+		      const char *password, size_t password_length,
+		      const char *salt, size_t salt_length,
+		      size_t key_length, uint64_t *iter_secs)
 {
 	struct rusage rstart, rend;
 	int r = 0, step = 0;
 	long ms = 0;
-	char buf;
+	char *key = NULL;
 	unsigned int iterations;
 
-	if (!kdf || !hash)
+	if (!kdf || !hash || key_length <= 0)
 		return -EINVAL;
 
+	key = malloc(key_length);
+	if (!key)
+		return -ENOMEM;
+
 	iterations = 1 << 15;
-	while (ms < 500) {
-		if (getrusage(RUSAGE_SELF, &rstart) < 0)
-			return -EINVAL;
+	while (1) {
+		if (getrusage(RUSAGE_SELF, &rstart) < 0) {
+			r = -EINVAL;
+			goto out;
+		}
 
-		r = crypt_pbkdf(kdf, hash, password, password_size, salt,
-				salt_size, &buf, 1, iterations);
+		r = crypt_pbkdf(kdf, hash, password, password_length, salt,
+				salt_length, key, key_length, iterations);
 		if (r < 0)
-			return r;
+			goto out;
 
-		if (getrusage(RUSAGE_SELF, &rend) < 0)
-			return -EINVAL;
+		if (getrusage(RUSAGE_SELF, &rend) < 0) {
+			r = -EINVAL;
+			goto out;
+		}
 
 		ms = time_ms(&rstart, &rend);
 		if (ms > 500)
@@ -91,11 +100,18 @@ int crypt_pbkdf_check(const char *kdf, const char *hash,
 		else
 			iterations <<= 1;
 
-		if (++step > 10 || !iterations)
-			return -EINVAL;
+		if (++step > 10 || !iterations) {
+			r = -EINVAL;
+			goto out;
+		}
 	}
 
 	if (iter_secs)
 		*iter_secs = (iterations * 1000) / ms;
+out:
+	if (key) {
+		crypt_backend_memzero(key, key_length);
+		free(key);
+	}
 	return r;
 }

lib/internal.h

@@ -1,7 +1,7 @@
 /*
  * libcryptsetup - cryptsetup library internal
  *
- * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2012, Milan Broz
@@ -57,8 +57,8 @@ struct volume_key {
 	char key[];
 };
 
-struct volume_key *crypt_alloc_volume_key(unsigned keylength, const char *key);
-struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, unsigned keylength);
+struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key);
+struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, size_t keylength);
 void crypt_free_volume_key(struct volume_key *vk);
 
 /* Device backend */
@@ -75,6 +75,8 @@ int device_block_size(struct device *device);
 int device_read_ahead(struct device *device, uint32_t *read_ahead);
 int device_size(struct device *device, uint64_t *size);
 int device_open(struct device *device, int flags);
+void device_disable_direct_io(struct device *device);
+
 
 enum devcheck { DEV_OK = 0, DEV_EXCL = 1, DEV_SHARED = 2 };
 int device_block_adjust(struct crypt_device *cd,
@@ -105,7 +107,7 @@ ssize_t write_lseek_blockwise(int fd, int bsize, char *buf, size_t count, off_t
 unsigned crypt_getpagesize(void);
 int init_crypto(struct crypt_device *ctx);
 
-void logger(struct crypt_device *cd, int class, const char *file, int line, const char *format, ...);
+void logger(struct crypt_device *cd, int class, const char *file, int line, const char *format, ...) __attribute__ ((format (printf, 5, 6)));
 #define log_dbg(x...) logger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
 #define log_std(c, x...) logger(c, CRYPT_LOG_NORMAL, __FILE__, __LINE__, x)
 #define log_verbose(c, x...) logger(c, CRYPT_LOG_VERBOSE, __FILE__, __LINE__, x)

lib/libcryptsetup.h

@@ -1,10 +1,10 @@
 /*
  * libcryptsetup - cryptsetup library
  *
- * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2014, Milan Broz
+ * Copyright (C) 2009-2016, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -136,7 +136,7 @@ void crypt_log(struct crypt_device *cd, int level, const char *msg);
 /** @} */
 
 /**
- * Set confirmation callback (yes/no)
+ * Set confirmation callback (yes/no).
  *
  * If code need confirmation (like resetting uuid or restoring LUKS header from file)
  * this function is called. If not defined, everything is confirmed.
@@ -156,7 +156,7 @@ void crypt_set_confirm_callback(struct crypt_device *cd,
 	void *usrptr);
 
 /**
- * Set password query callback.
+ * Set password query callback. DEPRECATED
  *
  * If code need @e _interactive_ query for password, this callback is called.
  * If not defined, compiled-in default is called (uses terminal input).
@@ -176,6 +176,7 @@ void crypt_set_confirm_callback(struct crypt_device *cd,
  * @note Only zero terminated passwords can be entered this way, for complex
  *   use API functions directly.
  * @note Maximal length of password is limited to @e length @e - @e 1 (minimal 511 chars)
+ * @note This function is DEPRECATED and will be removed in future versions.
  *
  * @see Callback function is used in these call provided, that certain conditions are met:
  * @li crypt_keyslot_add_by_passphrase
@@ -192,7 +193,7 @@ void crypt_set_password_callback(struct crypt_device *cd,
 
 /**
  * Set timeout for interactive password entry using default
- * password callback
+ * password callback. DEPRECATED
  *
  * @param cd crypt device handle
  * @param timeout_sec timeout in seconds
@@ -200,16 +201,18 @@ void crypt_set_password_callback(struct crypt_device *cd,
 void crypt_set_timeout(struct crypt_device *cd, uint64_t timeout_sec);
 
 /**
- * Set number of retries in case password input has been incorrect
+ * Set number of retries in case password input has been incorrect. DEPRECATED.
  *
  * @param cd crypt device handle
  * @param tries the number
+ *
+ * @note This function is DEPRECATED and will be removed in future versions.
  */
 void crypt_set_password_retry(struct crypt_device *cd, int tries);
 
 /**
  * Set how long should cryptsetup iterate in PBKDF2 function.
- * Default value heads towards the iterations which takes around 1 second
+ * Default value heads towards the iterations which takes around 1 second.
  *
  * @param cd crypt device handle
  * @param iteration_time_ms the time in ms
@@ -220,10 +223,12 @@ void crypt_set_iterarion_time(struct crypt_device *cd, uint64_t iteration_time_m
 
 /**
  * Set whether passphrase will be verified on input
- * (user has to input same passphrase twice)
+ * (user has to input same passphrase twice). DEPRECATED
  *
  * @param cd crypt device handle
  * @param password_verify @e 0 = false, @e !0 true
+ *
+ * @note This function is DEPRECATED and will be removed in future versions.
  */
 void crypt_set_password_verify(struct crypt_device *cd, int password_verify);
 
@@ -261,7 +266,7 @@ int crypt_set_data_device(struct crypt_device *cd, const char *device);
 void crypt_set_rng_type(struct crypt_device *cd, int rng_type);
 
 /**
- * Get which RNG (random number generator) is used for generating long term key
+ * Get which RNG (random number generator) is used for generating long term key.
  *
  * @param cd crypt device handle
  * @return RNG type on success or negative errno value otherwise.
@@ -272,7 +277,7 @@ int crypt_get_rng_type(struct crypt_device *cd);
 /** @} */
 
 /**
- * Helper to lock/unlock memory to avoid swap sensitive data to disk
+ * Helper to lock/unlock memory to avoid swap sensitive data to disk.
  *
  * @param cd crypt device handle, can be @e NULL
  * @param lock 0 to unlock otherwise lock memory
@@ -304,7 +309,7 @@ int crypt_memory_lock(struct crypt_device *cd, int lock);
 #define CRYPT_LOOPAES "LOOPAES"
 /** dm-verity mode */
 #define CRYPT_VERITY "VERITY"
-/** TCRYPT (TrueCrypt-compatible) mode */
+/** TCRYPT (TrueCrypt-compatible and VeraCrypt-compatible) mode */
 #define CRYPT_TCRYPT "TCRYPT"
 
 /**
@@ -317,7 +322,7 @@ const char *crypt_get_type(struct crypt_device *cd);
 
 /**
  *
- * Structure used as parameter for PLAIN device type
+ * Structure used as parameter for PLAIN device type.
  *
  * @see crypt_format
  */
@@ -329,7 +334,7 @@ struct crypt_params_plain {
 };
 
 /**
- * Structure used as parameter for LUKS device type
+ * Structure used as parameter for LUKS device type.
  *
  * @see crypt_format, crypt_load
  *
@@ -345,7 +350,7 @@ struct crypt_params_luks1 {
 
 /**
  *
- * Structure used as parameter for loop-AES device type
+ * Structure used as parameter for loop-AES device type.
  *
  * @see crypt_format
  *
@@ -358,7 +363,7 @@ struct crypt_params_loopaes {
 
 /**
  *
- * Structure used as parameter for dm-verity device type
+ * Structure used as parameter for dm-verity device type.
  *
  * @see crypt_format, crypt_load
  *
@@ -386,7 +391,7 @@ struct crypt_params_verity {
 
 /**
  *
- * Structure used as parameter for TCRYPT device type
+ * Structure used as parameter for TCRYPT device type.
  *
  * @see crypt_load
  *
@@ -403,7 +408,7 @@ struct crypt_params_tcrypt {
 	uint32_t flags;            /**< CRYPT_TCRYPT* flags */
 };
 
-/** Include legacy modes ehn scannig for header*/
+/** Include legacy modes when scanning for header */
 #define CRYPT_TCRYPT_LEGACY_MODES    (1 << 0)
 /** Try to load hidden header (describing hidden device) */
 #define CRYPT_TCRYPT_HIDDEN_HEADER   (1 << 1)
@@ -411,11 +416,16 @@ struct crypt_params_tcrypt {
 #define CRYPT_TCRYPT_BACKUP_HEADER   (1 << 2)
 /** Device contains encrypted system (with boot loader) */
 #define CRYPT_TCRYPT_SYSTEM_HEADER   (1 << 3)
+/** Include VeraCrypt modes when scanning for header,
+ *  all other TCRYPT flags applies as well.
+ *  VeraCrypt device is reported as TCRYPT type.
+ */
+#define CRYPT_TCRYPT_VERA_MODES      (1 << 4)
 
 /** @} */
 
 /**
- * Create (format) new crypt device (and possible header on-disk) but not activates it.
+ * Create (format) new crypt device (and possible header on-disk) but do not activate it.
  *
  * @pre @e cd contains initialized and not formatted device context (device type must @b not be set)
  *
@@ -445,7 +455,7 @@ int crypt_format(struct crypt_device *cd,
 	void *params);
 
 /**
- * Set new UUID for already existing device
+ * Set new UUID for already existing device.
  *
  * @param cd crypt device handle
  * @param uuid requested UUID or @e NULL if it should be generated
@@ -458,7 +468,7 @@ int crypt_set_uuid(struct crypt_device *cd,
 		   const char *uuid);
 
 /**
- * Load crypt device parameters from on-disk header
+ * Load crypt device parameters from on-disk header.
  *
  * @param cd crypt device handle
  * @param requested_type @link crypt_type @endlink or @e NULL for all known
@@ -477,7 +487,7 @@ int crypt_load(struct crypt_device *cd,
 	       void *params);
 
 /**
- * Try to repair crypt device on-disk header if invalid
+ * Try to repair crypt device on-disk header if invalid.
  *
  * @param cd crypt device handle
  * @param requested_type @link crypt_type @endlink or @e NULL for all known
@@ -491,7 +501,7 @@ int crypt_repair(struct crypt_device *cd,
 		 void *params);
 
 /**
- * Resize crypt device
+ * Resize crypt device.
  *
  * @param cd - crypt device handle
  * @param name - name of device to resize
@@ -504,7 +514,7 @@ int crypt_resize(struct crypt_device *cd,
 		 uint64_t new_size);
 
 /**
- * Suspends crypt device.
+ * Suspend crypt device.
  *
  * @param cd crypt device handle, can be @e NULL
  * @param name name of device to suspend
@@ -518,7 +528,7 @@ int crypt_suspend(struct crypt_device *cd,
 		  const char *name);
 
 /**
- * Resumes crypt device using passphrase.
+ * Resume crypt device using passphrase.
  *
  *
  * @param cd crypt device handle
@@ -530,6 +540,8 @@ int crypt_suspend(struct crypt_device *cd,
  * @return unlocked key slot number or negative errno otherwise.
  *
  * @note Only LUKS device type is supported
+ * @note If passphrase is @e NULL always use crypt_set_password_callback.
+ * Internal terminal password query is DEPRECATED and will be removed in next version.
  */
 int crypt_resume_by_passphrase(struct crypt_device *cd,
 	const char *name,
@@ -538,7 +550,7 @@ int crypt_resume_by_passphrase(struct crypt_device *cd,
 	size_t passphrase_size);
 
 /**
- * Resumes crypt device using key file.
+ * Resume crypt device using key file.
  *
  * @param cd crypt device handle
  * @param name name of device to resume
@@ -548,6 +560,9 @@ int crypt_resume_by_passphrase(struct crypt_device *cd,
  * @param keyfile_offset number of bytes to skip at start of keyfile
  *
  * @return unlocked key slot number or negative errno otherwise.
+ *
+ * @note If passphrase is @e NULL always use crypt_set_password_callback.
+ * Internal terminal password query is DEPRECATED and will be removed in next version.
  */
 int crypt_resume_by_keyfile_offset(struct crypt_device *cd,
 	const char *name,
@@ -565,7 +580,7 @@ int crypt_resume_by_keyfile(struct crypt_device *cd,
 	size_t keyfile_size);
 
 /**
- * Releases crypt device context and used memory.
+ * Release crypt device context and used memory.
  *
  * @param cd crypt device handle
  */
@@ -582,7 +597,7 @@ void crypt_free(struct crypt_device *cd);
 #define CRYPT_ANY_SLOT -1
 
 /**
- * Add key slot using provided passphrase
+ * Add key slot using provided passphrase.
  *
  * @pre @e cd contains initialized and formatted LUKS device context
  *
@@ -594,6 +609,9 @@ void crypt_free(struct crypt_device *cd);
  * @param new_passphrase_size size of @e new_passphrase (binary data)
  *
  * @return allocated key slot number or negative errno otherwise.
+ *
+ * @note If passphrase is @e NULL always use crypt_set_password_callback.
+ * Internal terminal password query is DEPRECATED and will be removed in next version.
  */
 int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
 	int keyslot,
@@ -603,7 +621,7 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
 	size_t new_passphrase_size);
 
 /**
- * Change defined key slot using provided passphrase
+ * Change defined key slot using provided passphrase.
  *
  * @pre @e cd contains initialized and formatted LUKS device context
  *
@@ -620,6 +638,9 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
  * @note This function is just internal implementation of luksChange
  * command to avoid reading of volume key outside libcryptsetup boundary
  * in FIPS mode.
+ *
+ * @note If passphrase is @e NULL always use crypt_set_password_callback.
+ * Internal terminal password query is DEPRECATED and will be removed in next version.
  */
 int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
 	int keyslot_old,
@@ -630,7 +651,7 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
 	size_t new_passphrase_size);
 
 /**
-* Add key slot using provided key file path
+* Add key slot using provided key file path.
  *
  * @pre @e cd contains initialized and formatted LUKS device context
  *
@@ -645,8 +666,8 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
  *
  * @return allocated key slot number or negative errno otherwise.
  *
- * @note Note that @e keyfile can be "-" for STDIN
- *
+ * @note Note that @e keyfile can be "-" for STDIN. This special handling is DEPRECATED
+ * and will be removed in next version.
  */
 int crypt_keyslot_add_by_keyfile_offset(struct crypt_device *cd,
 	int keyslot,
@@ -667,7 +688,7 @@ int crypt_keyslot_add_by_keyfile(struct crypt_device *cd,
 	size_t new_keyfile_size);
 
 /**
- * Add key slot using provided volume key
+ * Add key slot using provided volume key.
  *
  * @pre @e cd contains initialized and formatted LUKS device context
  *
@@ -680,6 +701,8 @@ int crypt_keyslot_add_by_keyfile(struct crypt_device *cd,
  *
  * @return allocated key slot number or negative errno otherwise.
  *
+ * @note If passphrase is @e NULL always use crypt_set_password_callback.
+ * Internal terminal password query is DEPRECATED and will be removed in next version.
  */
 int crypt_keyslot_add_by_volume_key(struct crypt_device *cd,
 	int keyslot,
@@ -689,7 +712,7 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd,
 	size_t passphrase_size);
 
 /**
- * Destroy (and disable) key slot
+ * Destroy (and disable) key slot.
  *
  * @pre @e cd contains initialized and formatted LUKS device context
  *
@@ -725,6 +748,17 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
 #define CRYPT_ACTIVATE_PRIVATE (1 << 4)
 /** corruption detected (verity), output only */
 #define CRYPT_ACTIVATE_CORRUPTED (1 << 5)
+/** use same_cpu_crypt option for dm-crypt */
+#define CRYPT_ACTIVATE_SAME_CPU_CRYPT (1 << 6)
+/** use submit_from_crypt_cpus for dm-crypt */
+#define CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS (1 << 7)
+/** dm-verity: ignore_corruption flag - ignore corruption, log it only */
+#define CRYPT_ACTIVATE_IGNORE_CORRUPTION (1 << 8)
+/** dm-verity: restart_on_corruption flag - restart kernel on corruption */
+#define CRYPT_ACTIVATE_RESTART_ON_CORRUPTION (1 << 9)
+/** dm-verity: ignore_zero_blocks - do not verify zero blocks */
+#define CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS (1 << 10)
+
 
 /**
  * Active device runtime attributes
@@ -737,7 +771,7 @@ struct crypt_active_device {
 };
 
 /**
- * Receives runtime attributes of active crypt device
+ * Receive runtime attributes of active crypt device.
  *
  * @param cd crypt device handle (can be @e NULL)
  * @param name name of active device
@@ -753,7 +787,7 @@ int crypt_get_active_device(struct crypt_device *cd,
 /** @} */
 
 /**
- * Activate device or check passphrase
+ * Activate device or check passphrase.
  *
  * @param cd crypt device handle
  * @param name name of device to create, if @e NULL only check passphrase
@@ -763,6 +797,9 @@ int crypt_get_active_device(struct crypt_device *cd,
  * @param flags activation flags
  *
  * @return unlocked key slot number or negative errno otherwise.
+ *
+ * @note If passphrase is @e NULL always use crypt_set_password_callback.
+ * Internal terminal password query is DEPRECATED and will be removed in next version.
  */
 int crypt_activate_by_passphrase(struct crypt_device *cd,
 	const char *name,
@@ -772,7 +809,7 @@ int crypt_activate_by_passphrase(struct crypt_device *cd,
 	uint32_t flags);
 
 /**
- * Activate device or check using key file
+ * Activate device or check using key file.
  *
  * @param cd crypt device handle
  * @param name name of device to create, if @e NULL only check keyfile
@@ -802,7 +839,7 @@ int crypt_activate_by_keyfile(struct crypt_device *cd,
 	uint32_t flags);
 
 /**
- * Activate device using provided volume key
+ * Activate device using provided volume key.
  *
  *
  * @param cd crypt device handle
@@ -842,7 +879,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
 int crypt_deactivate(struct crypt_device *cd, const char *name);
 
 /**
- * Get volume key from of crypt device
+ * Get volume key from crypt device.
  *
  * @param cd crypt device handle
  * @param keyslot use this keyslot or @e CRYPT_ANY_SLOT
@@ -865,7 +902,7 @@ int crypt_volume_key_get(struct crypt_device *cd,
 	size_t passphrase_size);
 
 /**
- * Verify that provided volume key is valid for crypt device
+ * Verify that provided volume key is valid for crypt device.
  *
  * @param cd crypt device handle
  * @param volume_key provided volume key
@@ -894,7 +931,7 @@ typedef enum {
 } crypt_status_info;
 
 /**
- * Get status info about device name
+ * Get status info about device name.
  *
  * @param cd crypt device handle, can be @e NULL
  * @param name crypt device name
@@ -905,7 +942,7 @@ typedef enum {
 crypt_status_info crypt_status(struct crypt_device *cd, const char *name);
 
 /**
- * Dump text-formatted information about crypt or verity device to log output
+ * Dump text-formatted information about crypt or verity device to log output.
  *
  * @param cd crypt device handle
  *
@@ -914,7 +951,7 @@ crypt_status_info crypt_status(struct crypt_device *cd, const char *name);
 int crypt_dump(struct crypt_device *cd);
 
 /**
- * Get cipher used in device
+ * Get cipher used in device.
  *
  * @param cd crypt device handle
  *
@@ -924,7 +961,7 @@ int crypt_dump(struct crypt_device *cd);
 const char *crypt_get_cipher(struct crypt_device *cd);
 
 /**
- * Get cipher mode used in device
+ * Get cipher mode used in device.
  *
  * @param cd crypt device handle
  *
@@ -934,7 +971,7 @@ const char *crypt_get_cipher(struct crypt_device *cd);
 const char *crypt_get_cipher_mode(struct crypt_device *cd);
 
 /**
- * Get device UUID
+ * Get device UUID.
  *
  * @param cd crypt device handle
  *
@@ -944,7 +981,7 @@ const char *crypt_get_cipher_mode(struct crypt_device *cd);
 const char *crypt_get_uuid(struct crypt_device *cd);
 
 /**
- * Get path to underlaying device
+ * Get path to underlaying device.
  *
  * @param cd crypt device handle
  *
@@ -954,7 +991,7 @@ const char *crypt_get_uuid(struct crypt_device *cd);
 const char *crypt_get_device_name(struct crypt_device *cd);
 
 /**
- * Get device offset in sectors where real data starts on underlying device)
+ * Get device offset in sectors where real data starts (on underlying device).
  *
  * @param cd crypt device handle
  *
@@ -964,7 +1001,7 @@ const char *crypt_get_device_name(struct crypt_device *cd);
 uint64_t crypt_get_data_offset(struct crypt_device *cd);
 
 /**
- * Get IV offset in sectors (skip)
+ * Get IV offset in sectors (skip).
  *
  * @param cd crypt device handle
  *
@@ -974,7 +1011,7 @@ uint64_t crypt_get_data_offset(struct crypt_device *cd);
 uint64_t crypt_get_iv_offset(struct crypt_device *cd);
 
 /**
- * Get size (in bytes) of volume key for crypt device
+ * Get size (in bytes) of volume key for crypt device.
  *
  * @param cd crypt device handle
  *
@@ -984,7 +1021,7 @@ uint64_t crypt_get_iv_offset(struct crypt_device *cd);
 int crypt_get_volume_key_size(struct crypt_device *cd);
 
 /**
- * Get device parameters for VERITY device
+ * Get device parameters for VERITY device.
  *
  * @param cd crypt device handle
  * @param vp verity device info
@@ -1007,7 +1044,7 @@ int crypt_get_verity_info(struct crypt_device *cd,
  */
 
 /**
- * Informational benchmark for ciphers
+ * Informational benchmark for ciphers.
  *
  * @param cd crypt device handle
  * @param cipher (e.g. "aes")
@@ -1033,7 +1070,7 @@ int crypt_benchmark(struct crypt_device *cd,
 	double *decryption_mbs);
 
 /**
- * Informational benchmark for KDF
+ * Informational benchmark for KDF.
  *
  * @param cd crypt device handle
  * @param kdf Key derivation function (e.g. "pbkdf2")
@@ -1074,7 +1111,7 @@ typedef enum {
 } crypt_keyslot_info;
 
 /**
- * Get information about particular key slot
+ * Get information about particular key slot.
  *
  *
  * @param cd crypt device handle
@@ -1097,7 +1134,7 @@ crypt_keyslot_info crypt_keyslot_status(struct crypt_device *cd, int keyslot);
 int crypt_keyslot_max(const char *type);
 
 /**
- * Get keyslot area pointers (relative to metadata device)
+ * Get keyslot area pointers (relative to metadata device).
  *
  * @param cd crypt device handle
  * @param keyslot keyslot number
@@ -1113,7 +1150,7 @@ int crypt_keyslot_area(struct crypt_device *cd,
 	uint64_t *length);
 
 /**
- * Backup header and keyslots to file
+ * Backup header and keyslots to file.
  *
  * @param cd crypt device handle
  * @param requested_type @link crypt_type @endlink or @e NULL for all known
@@ -1127,7 +1164,7 @@ int crypt_header_backup(struct crypt_device *cd,
 	const char *backup_file);
 
 /**
- * Restore header and keyslots from backup file
+ * Restore header and keyslots from backup file.
  *
  *
  * @param cd crypt device handle
@@ -1142,14 +1179,14 @@ int crypt_header_restore(struct crypt_device *cd,
 	const char *backup_file);
 
 /**
- * Receives last reported error
+ * Receive last reported error, DEPRECATED.
  *
  * @param cd crypt device handle
  * @param buf buffef for message
  * @param size size of buffer
  *
- * @note Note that this is old API function using global context.
- * All error messages are reported also through log callback.
+ * @note This function is DEPRECATED and will be removed in future versions.
+ * @note All error messages are reported also through log callback.
  */
 void crypt_last_error(struct crypt_device *cd, char *buf, size_t size);
 
@@ -1159,8 +1196,7 @@ void crypt_last_error(struct crypt_device *cd, char *buf, size_t size);
  * @param buf buffef for message
  * @param size size of buffer
  *
- * @note Note that this is old API function using global context.
- * All error messages are reported also through log callback.
+ * @note This function is DEPRECATED and will be removed in future versions.
  */
 void crypt_get_error(char *buf, size_t size);
 

lib/libdevmapper.c

@@ -1,10 +1,10 @@
 /*
  * libdevmapper - device-mapper backend for cryptsetup
  *
- * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2012, Milan Broz
+ * Copyright (C) 2009-2016, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -28,7 +28,7 @@
 #include <fcntl.h>
 #include <linux/fs.h>
 #include <uuid/uuid.h>
-#include <sys/utsname.h>
+#include <sys/stat.h>
 
 #include "internal.h"
 
@@ -86,12 +86,12 @@ static void set_dm_error(int level,
 	va_start(va, f);
 	if (vasprintf(&msg, f, va) > 0) {
 		if (level < 4 && !_quiet_log) {
-			log_err(_context, msg);
+			log_err(_context, "%s", msg);
 			log_err(_context, "\n");
 		} else {
 			/* We do not use DM visual stack backtrace here */
 			if (strncmp(msg, "<backtrace>", 11))
-				log_dbg(msg);
+				log_dbg("%s", msg);
 		}
 	}
 	free(msg);
@@ -144,6 +144,11 @@ static void _dm_set_crypt_compat(const char *dm_version, unsigned crypt_maj,
 	if (_dm_satisfies_version(1, 13, crypt_maj, crypt_min))
 		_dm_crypt_flags |= DM_TCW_SUPPORTED;
 
+	if (_dm_satisfies_version(1, 14, crypt_maj, crypt_min)) {
+		_dm_crypt_flags |= DM_SAME_CPU_CRYPT_SUPPORTED;
+		_dm_crypt_flags |= DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED;
+	}
+
 	/* Repeat test if dm-crypt is not present */
 	if (crypt_maj > 0)
 		_dm_crypt_checked = 1;
@@ -154,21 +159,20 @@ static void _dm_set_verity_compat(const char *dm_version, unsigned verity_maj,
 {
 	if (verity_maj > 0)
 		_dm_crypt_flags |= DM_VERITY_SUPPORTED;
+	else
+		return;
+	/*
+	 * ignore_corruption, restart_on corruption is available since 1.2 (kernel 4.1)
+	 * ignore_zero_blocks since 1.3 (kernel 4.5)
+	 * (but some dm-verity targets 1.2 don't support it)
+	 */
+	if (_dm_satisfies_version(1, 3, verity_maj, verity_min))
+		_dm_crypt_flags |= DM_VERITY_ON_CORRUPTION_SUPPORTED;
 
 	log_dbg("Detected dm-verity version %i.%i.%i.",
 		verity_maj, verity_min, verity_patch);
 }
 
-static void _dm_kernel_info(void)
-{
-	struct utsname uts;
-
-	if (!uname(&uts))
-		log_dbg("Detected kernel %s %s %s.",
-			uts.sysname, uts.release, uts.machine);
-
-}
-
 static int _dm_check_versions(void)
 {
 	struct dm_task *dmt;
@@ -179,8 +183,6 @@ static int _dm_check_versions(void)
 	if (_dm_crypt_checked)
 		return 1;
 
-	_dm_kernel_info();
-
 	/* Shut up DM while checking */
 	_quiet_log = 1;
 
@@ -305,23 +307,30 @@ static void hex_key(char *hexkey, size_t key_size, const char *key)
 		sprintf(&hexkey[i * 2], "%02x", (unsigned char)key[i]);
 }
 
-/* http://code.google.com/p/cryptsetup/wiki/DMCrypt */
-static char *get_dm_crypt_params(struct crypt_dm_active_device *dmd)
+/* https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt */
+static char *get_dm_crypt_params(struct crypt_dm_active_device *dmd, uint32_t flags)
 {
-	int r, max_size, null_cipher = 0;
+	int r, max_size, null_cipher = 0, num_options = 0;
 	char *params, *hexkey;
-	const char *features = "";
+	char features[256];
 
 	if (!dmd)
 		return NULL;
 
-	if (dmd->flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) {
-		if (dm_flags() & DM_DISCARDS_SUPPORTED) {
-			features = " 1 allow_discards";
-			log_dbg("Discard/TRIM is allowed.");
-		} else
-			log_dbg("Discard/TRIM is not supported by the kernel.");
-	}
+	if (flags & CRYPT_ACTIVATE_ALLOW_DISCARDS)
+		num_options++;
+	if (flags & CRYPT_ACTIVATE_SAME_CPU_CRYPT)
+		num_options++;
+	if (flags & CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS)
+		num_options++;
+
+	if (num_options)
+		snprintf(features, sizeof(features)-1, " %d%s%s%s", num_options,
+		(flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) ? " allow_discards" : "",
+		(flags & CRYPT_ACTIVATE_SAME_CPU_CRYPT) ? " same_cpu_crypt" : "",
+		(flags & CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) ? " submit_from_crypt_cpus" : "");
+	else
+		*features = '\0';
 
 	if (!strncmp(dmd->u.crypt.cipher, "cipher_null-", 12))
 		null_cipher = 1;
@@ -355,16 +364,37 @@ out:
 	return params;
 }
 
-/* http://code.google.com/p/cryptsetup/wiki/DMVerity */
+/* https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity */
 static char *get_dm_verity_params(struct crypt_params_verity *vp,
-				   struct crypt_dm_active_device *dmd)
+				   struct crypt_dm_active_device *dmd, uint32_t flags)
 {
-	int max_size, r;
+	int max_size, r, num_options = 0;
 	char *params = NULL, *hexroot = NULL, *hexsalt = NULL;
+	char features[256];
 
 	if (!vp || !dmd)
 		return NULL;
 
+	/* These flags are not compatible */
+	if ((flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) &&
+	    (flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION))
+		flags &= ~CRYPT_ACTIVATE_IGNORE_CORRUPTION;
+
+	if (flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION)
+		num_options++;
+	if (flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION)
+		num_options++;
+	if (flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS)
+		num_options++;
+
+	if (num_options)
+		snprintf(features, sizeof(features)-1, " %d%s%s%s", num_options,
+		(flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? " ignore_corruption" : "",
+		(flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? " restart_on_corruption" : "",
+		(flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? " ignore_zero_blocks" : "");
+	else
+		*features = '\0';
+
 	hexroot = crypt_safe_alloc(dmd->u.verity.root_hash_size * 2 + 1);
 	if (!hexroot)
 		goto out;
@@ -388,12 +418,12 @@ static char *get_dm_verity_params(struct crypt_params_verity *vp,
 		goto out;
 
 	r = snprintf(params, max_size,
-		     "%u %s %s %u %u %" PRIu64 " %" PRIu64 " %s %s %s",
+		     "%u %s %s %u %u %" PRIu64 " %" PRIu64 " %s %s %s %s",
 		     vp->hash_type, device_block_path(dmd->data_device),
 		     device_block_path(dmd->u.verity.hash_device),
 		     vp->data_block_size, vp->hash_block_size,
 		     vp->data_size, dmd->u.verity.hash_offset,
-		     vp->hash_name, hexroot, hexsalt);
+		     vp->hash_name, hexroot, hexsalt, features);
 	if (r < 0 || r >= max_size) {
 		crypt_safe_free(params);
 		params = NULL;
@@ -434,7 +464,7 @@ static int _dm_simple(int task, const char *name, int udev_wait)
 	if (udev_wait)
 		(void)_dm_udev_wait(cookie);
 
-      out:
+out:
 	dm_task_destroy(dmt);
 	return r;
 }
@@ -566,6 +596,9 @@ static int _dm_create_device(const char *name, const char *type,
 	uint32_t cookie = 0;
 	uint16_t udev_flags = 0;
 
+	if (!params)
+		return -EINVAL;
+
 	if (flags & CRYPT_ACTIVATE_PRIVATE)
 		udev_flags = CRYPT_TEMP_UDEV_FLAGS;
 
@@ -588,9 +621,6 @@ static int _dm_create_device(const char *name, const char *type,
 
 		if (!dm_task_set_uuid(dmt, dev_uuid))
 			goto out_no_removal;
-
-		if (_dm_use_udev() && !_dm_task_set_cookie(dmt, &cookie, udev_flags))
-			goto out_no_removal;
 	}
 
 	if ((dm_flags() & DM_SECURE_SUPPORTED) && !dm_task_secure_data(dmt))
@@ -607,6 +637,9 @@ static int _dm_create_device(const char *name, const char *type,
 	    !dm_task_set_read_ahead(dmt, read_ahead, DM_READ_AHEAD_MINIMUM_FLAG))
 		goto out_no_removal;
 #endif
+	/* do not set cookie for DM_DEVICE_RELOAD task */
+	if (!reload && _dm_use_udev() && !_dm_task_set_cookie(dmt, &cookie, udev_flags))
+		goto out_no_removal;
 
 	if (!dm_task_run(dmt))
 		goto out_no_removal;
@@ -642,12 +675,14 @@ out_no_removal:
 	if (cookie && _dm_use_udev())
 		(void)_dm_udev_wait(cookie);
 
-	if (params)
-		crypt_safe_free(params);
 	if (dmt)
 		dm_task_destroy(dmt);
 
 	dm_task_update_nodes();
+
+	/* If code just loaded target module, update versions */
+	_dm_check_versions();
+
 	return r;
 }
 
@@ -657,7 +692,8 @@ int dm_create_device(struct crypt_device *cd, const char *name,
 		     int reload)
 {
 	char *table_params = NULL;
-	int r = -EINVAL;
+	uint32_t dmd_flags;
+	int r;
 
 	if (!type)
 		return -EINVAL;
@@ -665,15 +701,40 @@ int dm_create_device(struct crypt_device *cd, const char *name,
 	if (dm_init_context(cd))
 		return -ENOTSUP;
 
-	if (dmd->target == DM_CRYPT)
-		table_params = get_dm_crypt_params(dmd);
-	else if (dmd->target == DM_VERITY)
-		table_params = get_dm_verity_params(dmd->u.verity.vp, dmd);
+	dmd_flags = dmd->flags;
 
-	if (table_params)
-		r = _dm_create_device(name, type, dmd->data_device,
-				      dmd->flags, dmd->uuid, dmd->size,
-				      table_params, reload);
+	if (dmd->target == DM_CRYPT)
+		table_params = get_dm_crypt_params(dmd, dmd_flags);
+	else if (dmd->target == DM_VERITY)
+		table_params = get_dm_verity_params(dmd->u.verity.vp, dmd, dmd_flags);
+
+	r = _dm_create_device(name, type, dmd->data_device, dmd_flags,
+			      dmd->uuid, dmd->size, table_params, reload);
+
+	/* If discard not supported try to load without discard */
+	if (!reload && r && dmd->target == DM_CRYPT &&
+	    (dmd->flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) &&
+	    !(dm_flags() & DM_DISCARDS_SUPPORTED)) {
+		log_dbg("Discard/TRIM is not supported, retrying activation.");
+		dmd_flags = dmd_flags & ~CRYPT_ACTIVATE_ALLOW_DISCARDS;
+		crypt_safe_free(table_params);
+		table_params = get_dm_crypt_params(dmd, dmd_flags);
+		r = _dm_create_device(name, type, dmd->data_device, dmd_flags,
+				      dmd->uuid, dmd->size, table_params, reload);
+	}
+
+	if (r == -EINVAL &&
+	    dmd_flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT|CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) &&
+	    !(dm_flags() & (DM_SAME_CPU_CRYPT_SUPPORTED|DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED)))
+		log_err(cd, _("Requested dm-crypt performance options are not supported.\n"));
+
+	if (r == -EINVAL && dmd_flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION|
+					  CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|
+					  CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) &&
+	    !(dm_flags() & DM_VERITY_ON_CORRUPTION_SUPPORTED))
+		log_err(cd, _("Requested dm-verity data corruption handling options are not supported.\n"));
+
+	crypt_safe_free(table_params);
 	dm_exit_context();
 	return r;
 }
@@ -860,11 +921,15 @@ static int _dm_query_crypt(uint32_t get_flags,
 			arg = strsep(&params, " ");
 			if (!strcasecmp(arg, "allow_discards"))
 				dmd->flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
+			else if (!strcasecmp(arg, "same_cpu_crypt"))
+				dmd->flags |= CRYPT_ACTIVATE_SAME_CPU_CRYPT;
+			else if (!strcasecmp(arg, "submit_from_crypt_cpus"))
+				dmd->flags |= CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS;
 			else /* unknown option */
 				return -EINVAL;
 		}
 
-		/* All parameters shold be processed */
+		/* All parameters should be processed */
 		if (params)
 			return -EINVAL;
 	}
@@ -907,7 +972,8 @@ static int _dm_query_verity(uint32_t get_flags,
 	uint32_t val32;
 	uint64_t val64;
 	ssize_t len;
-	char *str, *str2;
+	char *str, *str2, *arg;
+	unsigned int i;
 	int r;
 
 	if (get_flags & DM_ACTIVE_VERITY_PARAMS)
@@ -1003,8 +1069,6 @@ static int _dm_query_verity(uint32_t get_flags,
 
 	/* salt */
 	str = strsep(&params, " ");
-	if (params)
-		return -EINVAL;
 	if (vp) {
 		if (!strcmp(str, "-")) {
 			vp->salt_size = 0;
@@ -1018,6 +1082,33 @@ static int _dm_query_verity(uint32_t get_flags,
 		}
 	}
 
+	/* Features section, available since verity target version 1.3 */
+	if (params) {
+		/* Number of arguments */
+		val64 = strtoull(params, &params, 10);
+		if (*params != ' ')
+			return -EINVAL;
+		params++;
+
+		for (i = 0; i < val64; i++) {
+			if (!params)
+				return -EINVAL;
+			arg = strsep(&params, " ");
+			if (!strcasecmp(arg, "ignore_corruption"))
+				dmd->flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION;
+			else if (!strcasecmp(arg, "restart_on_corruption"))
+				dmd->flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
+			else if (!strcasecmp(arg, "ignore_zero_blocks"))
+				dmd->flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
+			else /* unknown option */
+				return -EINVAL;
+		}
+
+		/* All parameters should be processed */
+		if (params)
+			return -EINVAL;
+	}
+
 	return 0;
 }
 

lib/loopaes/loopaes.c

@@ -137,7 +137,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
 	unsigned int key_lengths[LOOPAES_KEYS_MAX];
 	unsigned int i, key_index, key_len, offset;
 
-	log_dbg("Parsing loop-AES keyfile of size %d.", buffer_len);
+	log_dbg("Parsing loop-AES keyfile of size %zu.", buffer_len);
 
 	if (!buffer_len)
 		return -EINVAL;

lib/luks1/keyencryption.c

@@ -3,6 +3,7 @@
  *
  * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2014, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -26,8 +27,13 @@
 #include "internal.h"
 
 static void _error_hint(struct crypt_device *ctx, const char *device,
-			const char *cipher_spec, const char *mode, size_t keyLength)
+			const char *cipher, const char *mode, size_t keyLength)
 {
+	char cipher_spec[MAX_CIPHER_LEN * 3];
+
+	if (snprintf(cipher_spec, sizeof(cipher_spec), "%s-%s", cipher, mode) < 0)
+		return;
+
 	log_err(ctx, _("Failed to setup dm-crypt key mapping for device %s.\n"
 			"Check that kernel supports %s cipher (check syslog for more info).\n"),
 			device, cipher_spec);
@@ -60,6 +66,8 @@ static int LUKS_endec_template(char *src, size_t srcLength,
 	};
 	int r, bsize, devfd = -1;
 
+	log_dbg("Using dmcrypt to access keyslot area.");
+
 	bsize = device_block_size(dmd.data_device);
 	if (bsize <= 0)
 		return -EINVAL;
@@ -94,7 +102,7 @@ static int LUKS_endec_template(char *src, size_t srcLength,
 	if (r < 0) {
 		if (r != -EACCES && r != -ENOTSUP)
 			_error_hint(ctx, device_path(dmd.data_device),
-				    cipher_spec, cipher_mode, vk->keylength * 8);
+				    cipher, cipher_mode, vk->keylength * 8);
 		return -EIO;
 	}
 
@@ -125,8 +133,64 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength,
 			    unsigned int sector,
 			    struct crypt_device *ctx)
 {
-	return LUKS_endec_template(src, srcLength, cipher, cipher_mode,
-				   vk, sector, write_blockwise, O_RDWR, ctx);
+
+	struct device *device = crypt_metadata_device(ctx);
+	struct crypt_storage *s;
+	int devfd = -1, bsize, r = 0;
+
+	/* Only whole sector writes supported */
+	if (srcLength % SECTOR_SIZE)
+		return -EINVAL;
+
+	/* Encrypt buffer */
+	r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength);
+
+	if (r)
+		log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).",
+			cipher, cipher_mode, r);
+
+	/* Fallback to old temporary dmcrypt device */
+	if (r == -ENOTSUP || r == -ENOENT)
+		return LUKS_endec_template(src, srcLength, cipher, cipher_mode,
+					   vk, sector, write_blockwise, O_RDWR, ctx);
+
+	if (r) {
+		_error_hint(ctx, device_path(device), cipher, cipher_mode,
+			    vk->keylength * 8);
+		return r;
+	}
+
+	log_dbg("Using userspace crypto wrapper to access keyslot area.");
+
+	r = crypt_storage_encrypt(s, 0, srcLength / SECTOR_SIZE, src);
+	crypt_storage_destroy(s);
+
+	if (r)
+		return r;
+
+	r = -EIO;
+
+	/* Write buffer to device */
+	bsize = device_block_size(device);
+	if (bsize <= 0)
+		goto out;
+
+	devfd = device_open(device, O_RDWR);
+	if (devfd == -1)
+		goto out;
+
+	if (lseek(devfd, sector * SECTOR_SIZE, SEEK_SET) == -1 ||
+	    write_blockwise(devfd, bsize, src, srcLength) == -1)
+		goto out;
+
+	r = 0;
+out:
+	if(devfd != -1)
+		close(devfd);
+	if (r)
+		log_err(ctx, _("IO error while encrypting keyslot.\n"));
+
+	return r;
 }
 
 int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
@@ -136,6 +200,61 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
 			      unsigned int sector,
 			      struct crypt_device *ctx)
 {
-	return LUKS_endec_template(dst, dstLength, cipher, cipher_mode,
-				   vk, sector, read_blockwise, O_RDONLY, ctx);
+	struct device *device = crypt_metadata_device(ctx);
+	struct crypt_storage *s;
+	int devfd = -1, bsize, r = 0;
+
+	/* Only whole sector reads supported */
+	if (dstLength % SECTOR_SIZE)
+		return -EINVAL;
+
+	r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength);
+
+	if (r)
+		log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).",
+			cipher, cipher_mode, r);
+
+	/* Fallback to old temporary dmcrypt device */
+	if (r == -ENOTSUP || r == -ENOENT)
+		return LUKS_endec_template(dst, dstLength, cipher, cipher_mode,
+					   vk, sector, read_blockwise, O_RDONLY, ctx);
+
+	if (r) {
+		_error_hint(ctx, device_path(device), cipher, cipher_mode,
+			    vk->keylength * 8);
+		return r;
+	}
+
+	log_dbg("Using userspace crypto wrapper to access keyslot area.");
+
+	r = -EIO;
+
+	/* Read buffer from device */
+	bsize = device_block_size(device);
+	if (bsize <= 0)
+		goto bad;
+
+	devfd = device_open(device, O_RDONLY);
+	if (devfd == -1)
+		goto bad;
+
+	if (lseek(devfd, sector * SECTOR_SIZE, SEEK_SET) == -1 ||
+	    read_blockwise(devfd, bsize, dst, dstLength) == -1)
+		goto bad;
+
+	close(devfd);
+
+	/* Decrypt buffer */
+	r = crypt_storage_decrypt(s, 0, dstLength / SECTOR_SIZE, dst);
+	crypt_storage_destroy(s);
+
+	return r;
+bad:
+	if(devfd != -1)
+		close(devfd);
+
+	log_err(ctx, _("IO error while decrypting keyslot.\n"));
+	crypt_storage_destroy(s);
+
+	return r;
 }

lib/luks1/keymanage.c

@@ -3,7 +3,7 @@
  *
  * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2013, Milan Broz
+ * Copyright (C) 2013-2014, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -62,7 +62,7 @@ int LUKS_keyslot_area(struct luks_phdr *hdr,
 	if(keyslot >= LUKS_NUMKEYS || keyslot < 0)
 		return -EINVAL;
 
-	*offset = hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE;
+	*offset = (uint64_t)hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE;
 	*length = AF_split_sectors(hdr->keyBytes, LUKS_STRIPES) * SECTOR_SIZE;
 
 	return 0;
@@ -83,11 +83,12 @@ static int LUKS_check_device_size(struct crypt_device *ctx, size_t keyLength)
 
 	dev_sectors >>= SECTOR_SHIFT;
 	hdr_sectors = LUKS_device_sectors(keyLength);
-	log_dbg("Key length %u, device size %" PRIu64 " sectors, header size %"
+	log_dbg("Key length %zu, device size %" PRIu64 " sectors, header size %"
 		PRIu64 " sectors.",keyLength, dev_sectors, hdr_sectors);
 
 	if (hdr_sectors > dev_sectors) {
-		log_err(ctx, _("Device %s is too small.\n"), device_path(device));
+		log_err(ctx, _("Device %s is too small. (LUKS requires at least %" PRIu64 " bytes.)\n"),
+			device_path(device), hdr_sectors * SECTOR_SIZE);
 		return -EINVAL;
 	}
 
@@ -147,22 +148,20 @@ static const char *dbg_slot_state(crypt_keyslot_info ki)
 	}
 }
 
-int LUKS_hdr_backup(
-	const char *backup_file,
-	struct luks_phdr *hdr,
-	struct crypt_device *ctx)
+int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx)
 {
 	struct device *device = crypt_metadata_device(ctx);
+	struct luks_phdr hdr;
 	int r = 0, devfd = -1;
 	ssize_t hdr_size;
 	ssize_t buffer_size;
 	char *buffer = NULL;
 
-	r = LUKS_read_phdr(hdr, 1, 0, ctx);
+	r = LUKS_read_phdr(&hdr, 1, 0, ctx);
 	if (r)
 		return r;
 
-	hdr_size = LUKS_device_sectors(hdr->keyBytes) << SECTOR_SHIFT;
+	hdr_size = LUKS_device_sectors(hdr.keyBytes) << SECTOR_SHIFT;
 	buffer_size = size_round_up(hdr_size, crypt_getpagesize());
 
 	buffer = crypt_safe_alloc(buffer_size);
@@ -171,10 +170,10 @@ int LUKS_hdr_backup(
 		goto out;
 	}
 
-	log_dbg("Storing backup of header (%u bytes) and keyslot area (%u bytes).",
-		sizeof(*hdr), hdr_size - LUKS_ALIGN_KEYSLOTS);
+	log_dbg("Storing backup of header (%zu bytes) and keyslot area (%zu bytes).",
+		sizeof(hdr), hdr_size - LUKS_ALIGN_KEYSLOTS);
 
-	log_dbg("Output backup file size: %u bytes.", buffer_size);
+	log_dbg("Output backup file size: %zu bytes.", buffer_size);
 
 	devfd = device_open(device, O_RDONLY);
 	if(devfd == -1) {
@@ -190,8 +189,8 @@ int LUKS_hdr_backup(
 	close(devfd);
 
 	/* Wipe unused area, so backup cannot contain old signatures */
-	if (hdr->keyblock[0].keyMaterialOffset * SECTOR_SIZE == LUKS_ALIGN_KEYSLOTS)
-		memset(buffer + sizeof(*hdr), 0, LUKS_ALIGN_KEYSLOTS - sizeof(*hdr));
+	if (hdr.keyblock[0].keyMaterialOffset * SECTOR_SIZE == LUKS_ALIGN_KEYSLOTS)
+		memset(buffer + sizeof(hdr), 0, LUKS_ALIGN_KEYSLOTS - sizeof(hdr));
 
 	devfd = open(backup_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
 	if (devfd == -1) {
@@ -207,12 +206,12 @@ int LUKS_hdr_backup(
 		r = -EIO;
 		goto out;
 	}
-	close(devfd);
 
 	r = 0;
 out:
 	if (devfd != -1)
 		close(devfd);
+	crypt_memzero(&hdr, sizeof(hdr));
 	crypt_safe_free(buffer);
 	return r;
 }
@@ -260,6 +259,7 @@ int LUKS_hdr_restore(
 		goto out;
 	}
 	close(devfd);
+	devfd = -1;
 
 	r = LUKS_read_phdr(hdr, 0, 0, ctx);
 	if (r == 0) {
@@ -287,7 +287,7 @@ int LUKS_hdr_restore(
 		goto out;
 	}
 
-	log_dbg("Storing backup of header (%u bytes) and keyslot area (%u bytes) to device %s.",
+	log_dbg("Storing backup of header (%zu bytes) and keyslot area (%zu bytes) to device %s.",
 		sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS, device_path(device));
 
 	devfd = device_open(device, O_RDWR);
@@ -306,6 +306,7 @@ int LUKS_hdr_restore(
 		goto out;
 	}
 	close(devfd);
+	devfd = -1;
 
 	/* Be sure to reload new data */
 	r = LUKS_read_phdr(hdr, 1, 0, ctx);
@@ -398,7 +399,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
 	}
 out:
 	crypt_free_volume_key(vk);
-	memset(&temp_phdr, 0, sizeof(temp_phdr));
+	crypt_memzero(&temp_phdr, sizeof(temp_phdr));
 	return r;
 }
 
@@ -471,6 +472,13 @@ static void LUKS_fix_header_compatible(struct luks_phdr *header)
 	/* Old cryptsetup expects "sha1", gcrypt allows case insensistive names,
 	 * so always convert hash to lower case in header */
 	_to_lower(header->hashSpec, LUKS_HASHSPEC_L);
+
+	/* ECB mode does not use IV but dmcrypt silently allows it.
+	 * Drop any IV here if ECB is used (that is not secure anyway).*/
+	if (!strncmp(header->cipherMode, "ecb-", 4)) {
+		memset(header->cipherMode, 0, LUKS_CIPHERMODE_L);
+		strcpy(header->cipherMode, "ecb");
+	}
 }
 
 int LUKS_read_phdr_backup(const char *backup_file,
@@ -520,7 +528,7 @@ int LUKS_read_phdr(struct luks_phdr *hdr,
 	if (repair && !require_luks_device)
 		return -EINVAL;
 
-	log_dbg("Reading LUKS header of size %d from device %s",
+	log_dbg("Reading LUKS header of size %zu from device %s",
 		hdr_size, device_path(device));
 
 	devfd = device_open(device, O_RDONLY);
@@ -538,6 +546,16 @@ int LUKS_read_phdr(struct luks_phdr *hdr,
 	if (!r)
 		r = LUKS_check_device_size(ctx, hdr->keyBytes);
 
+	/*
+	 * Cryptsetup 1.0.0 did not align keyslots to 4k (very rare version).
+	 * Disable direct-io to avoid possible IO errors if underlying device
+	 * has bigger sector size.
+	 */
+	if (!r && hdr->keyblock[0].keyMaterialOffset * SECTOR_SIZE < LUKS_ALIGN_KEYSLOTS) {
+		log_dbg("Old unaligned LUKS keyslot detected, disabling direct-io.");
+		device_disable_direct_io(device);
+	}
+
 	close(devfd);
 	return r;
 }
@@ -552,7 +570,7 @@ int LUKS_write_phdr(struct luks_phdr *hdr,
 	struct luks_phdr convHdr;
 	int r;
 
-	log_dbg("Updating LUKS header of size %d on device %s",
+	log_dbg("Updating LUKS header of size %zu on device %s",
 		sizeof(struct luks_phdr), device_path(device));
 
 	r = LUKS_check_device_size(ctx, hdr->keyBytes);
@@ -618,7 +636,7 @@ static int LUKS_check_cipher(struct luks_phdr *hdr, struct crypt_device *ctx)
 				      empty_key, 0, ctx);
 
 	crypt_free_volume_key(empty_key);
-	memset(buf, 0, sizeof(buf));
+	crypt_memzero(buf, sizeof(buf));
 	return r;
 }
 
@@ -667,9 +685,9 @@ int LUKS_generate_phdr(struct luks_phdr *header,
 	/* Set Magic */
 	memcpy(header->magic,luksMagic,LUKS_MAGIC_L);
 	header->version=1;
-	strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L);
-	strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L);
-	strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L);
+	strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L-1);
+	strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L-1);
+	strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L-1);
 
 	header->keyBytes=vk->keylength;
 
@@ -797,14 +815,14 @@ int LUKS_set_key(unsigned int keyIndex,
 	 * Avoid floating point operation
 	 * Final iteration count is at least LUKS_SLOT_ITERATIONS_MIN
 	 */
-	PBKDF2_temp = (*PBKDF2_per_sec / 2) * (uint64_t)iteration_time_ms;
+	PBKDF2_temp = *PBKDF2_per_sec * (uint64_t)iteration_time_ms;
 	PBKDF2_temp /= 1024;
 	if (PBKDF2_temp > UINT32_MAX)
 		PBKDF2_temp = UINT32_MAX;
 	hdr->keyblock[keyIndex].passwordIterations = at_least((uint32_t)PBKDF2_temp,
 							      LUKS_SLOT_ITERATIONS_MIN);
 
-	log_dbg("Key slot %d use %d password iterations.", keyIndex, hdr->keyblock[keyIndex].passwordIterations);
+	log_dbg("Key slot %d use %" PRIu32 " password iterations.", keyIndex, hdr->keyblock[keyIndex].passwordIterations);
 
 	derived_key = crypt_alloc_volume_key(hdr->keyBytes, NULL);
 	if (!derived_key)
@@ -939,6 +957,11 @@ static int LUKS_open_key(unsigned int keyIndex,
 		goto out;
 
 	r = LUKS_verify_volume_key(hdr, vk);
+
+	/* Allow only empty passphrase with null cipher */
+	if (!r && !strcmp(hdr->cipherName, "cipher_null") && passwordLen)
+		r = -EPERM;
+
 	if (!r)
 		log_verbose(ctx, _("Key slot %d unlocked.\n"), keyIndex);
 out:

lib/luks1/luks.h

@@ -130,7 +130,6 @@ int LUKS_hdr_uuid_set(
 
 int LUKS_hdr_backup(
 	const char *backup_file,
-	struct luks_phdr *hdr,
 	struct crypt_device *ctx);
 
 int LUKS_hdr_restore(

lib/random.c

@@ -162,6 +162,9 @@ int crypt_random_init(struct crypt_device *ctx)
 	if(random_fd == -1)
 		goto fail;
 
+	if (crypt_fips_mode())
+		log_verbose(ctx, _("Running in FIPS mode.\n"));
+
 	random_initialised = 1;
 	return 0;
 fail:
@@ -231,9 +234,11 @@ void crypt_random_exit(void)
 
 int crypt_random_default_key_rng(void)
 {
+	/* coverity[pointless_string_compare] */
 	if (!strcmp(DEFAULT_RNG, RANDOM_DEVICE))
 		return CRYPT_RNG_RANDOM;
 
+	/* coverity[pointless_string_compare] */
 	if (!strcmp(DEFAULT_RNG, URANDOM_DEVICE))
 		return CRYPT_RNG_URANDOM;
 

lib/setup.c

@@ -1,10 +1,10 @@
 /*
  * libcryptsetup - cryptsetup library
  *
- * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2014, Milan Broz
+ * Copyright (C) 2009-2016, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -25,6 +25,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <stdarg.h>
+#include <sys/utsname.h>
 #include <fcntl.h>
 #include <errno.h>
 
@@ -78,6 +79,13 @@ struct crypt_device {
 		struct crypt_params_tcrypt params;
 		struct tcrypt_phdr hdr;
 	} tcrypt;
+	struct { /* used if initialized without header by name */
+		char *active_name;
+		/* buffers, must refresh from kernel on every query */
+		char cipher[MAX_CIPHER_LEN];
+		char cipher_mode[MAX_CIPHER_LEN];
+		unsigned int key_size;
+	} none;
 	} u;
 
 	/* callbacks definitions */
@@ -92,6 +100,9 @@ struct crypt_device {
 	char error[MAX_ERROR_LENGTH];
 };
 
+/* Just to suppress redundant messages about crypto backend */
+static int _crypto_logged = 0;
+
 /* Global error */
 /* FIXME: not thread safe, remove this later */
 static char global_error[MAX_ERROR_LENGTH] = {0};
@@ -181,6 +192,7 @@ struct device *crypt_data_device(struct crypt_device *cd)
 
 int init_crypto(struct crypt_device *ctx)
 {
+	struct utsname uts;
 	int r;
 
 	r = crypt_random_init(ctx);
@@ -193,7 +205,15 @@ int init_crypto(struct crypt_device *ctx)
 	if (r < 0)
 		log_err(ctx, _("Cannot initialize crypto backend.\n"));
 
-	log_dbg("Crypto backend (%s) initialized.", crypt_backend_version());
+	if (!r && !_crypto_logged) {
+		log_dbg("Crypto backend (%s) initialized in cryptsetup library version %s.",
+			crypt_backend_version(), PACKAGE_VERSION);
+		if (!uname(&uts))
+			log_dbg("Detected kernel %s %s %s.",
+				uts.sysname, uts.release, uts.machine);
+		_crypto_logged = 1;
+	}
+
 	return r;
 }
 
@@ -273,6 +293,24 @@ static int onlyLUKS(struct crypt_device *cd)
 	return r;
 }
 
+static void crypt_set_null_type(struct crypt_device *cd)
+{
+	if (!cd->type)
+		return;
+
+	free(cd->type);
+	cd->type = NULL;
+	cd->u.none.active_name = NULL;
+}
+
+static void crypt_reset_null_type(struct crypt_device *cd)
+{
+	if (cd->type)
+		return;
+
+	free(cd->u.none.active_name);
+	cd->u.none.active_name = NULL;
+}
 
 /* keyslot helpers */
 static int keyslot_verify_or_find_empty(struct crypt_device *cd, int *keyslot)
@@ -331,6 +369,36 @@ static int crypt_uuid_cmp(const char *dm_uuid, const char *hdr_uuid)
 	return 0;
 }
 
+/*
+ * compares type of active device to provided string (only if there is no explicit type)
+ */
+static int crypt_uuid_type_cmp(struct crypt_device *cd, const char *type)
+{
+	struct crypt_dm_active_device dmd = {};
+	size_t len;
+	int r;
+
+	/* Must user header-on-disk if we know type here */
+	if (cd->type || !cd->u.none.active_name)
+		return -EINVAL;
+
+	log_dbg("Checking if active device %s without header has UUID type %s.",
+		cd->u.none.active_name, type);
+
+	r = dm_query_device(cd, cd->u.none.active_name, DM_ACTIVE_UUID, &dmd);
+	if (r < 0)
+		return r;
+
+	r = -ENODEV;
+	len = strlen(type);
+	if (dmd.uuid && strlen(dmd.uuid) > len &&
+	    !strncmp(dmd.uuid, type, len) && dmd.uuid[len] == '-')
+		r = 0;
+
+	free(CONST_CAST(void*)dmd.uuid);
+	return r;
+}
+
 int PLAIN_activate(struct crypt_device *cd,
 		     const char *name,
 		     struct volume_key *vk,
@@ -558,7 +626,7 @@ int crypt_init(struct crypt_device **cd, const char *device)
 
 	dm_backend_init();
 
-	h->iteration_time = 1000;
+	h->iteration_time = DEFAULT_LUKS1_ITER_TIME;
 	h->password_verify = 0;
 	h->tries = 3;
 	h->rng_type = crypt_random_default_key_rng();
@@ -753,8 +821,7 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name)
 			r = _crypt_load_luks1(cd, 0, 0);
 			if (r < 0) {
 				log_dbg("LUKS device header does not match active device.");
-				free(cd->type);
-				cd->type = NULL;
+				crypt_set_null_type(cd);
 				r = 0;
 				goto out;
 			}
@@ -763,14 +830,12 @@ static int _init_by_name_crypt(struct crypt_device *cd, const char *name)
 			if (r < 0) {
 				log_dbg("LUKS device header uuid: %s mismatches DM returned uuid %s",
 					cd->u.luks1.hdr.uuid, dmd.uuid);
-				free(cd->type);
-				cd->type = NULL;
+				crypt_set_null_type(cd);
 				r = 0;
 			}
 		} else {
 			log_dbg("LUKS device header not available.");
-			free(cd->type);
-			cd->type = NULL;
+			crypt_set_null_type(cd);
 			r = 0;
 		}
 	} else if (isTCRYPT(cd->type)) {
@@ -904,7 +969,11 @@ out:
 	if (r < 0) {
 		crypt_free(*cd);
 		*cd = NULL;
+	} else if (!(*cd)->type) {
+		/* For anonymous device (no header found) remember initialized name */
+		(*cd)->u.none.active_name = strdup(name);
 	}
+
 	device_free(dmd.data_device);
 	free(CONST_CAST(void*)dmd.uuid);
 	return r;
@@ -1004,13 +1073,8 @@ static int _crypt_format_luks1(struct crypt_device *cd,
 				       &required_alignment,
 				       &alignment_offset, DEFAULT_DISK_ALIGNMENT);
 
-	/* Check early if we cannot allocate block device for key slot access */
-	r = device_block_adjust(cd, cd->device, DEV_OK, 0, NULL, NULL);
-	if(r < 0)
-		return r;
-
 	r = LUKS_generate_phdr(&cd->u.luks1.hdr, cd->volume_key, cipher, cipher_mode,
-			       (params && params->hash) ? params->hash : "sha1",
+			       (params && params->hash) ? params->hash : DEFAULT_LUKS1_HASH,
 			       uuid, LUKS_STRIPES,
 			       required_alignment / SECTOR_SIZE,
 			       alignment_offset / SECTOR_SIZE,
@@ -1202,6 +1266,8 @@ int crypt_format(struct crypt_device *cd,
 
 	log_dbg("Formatting device %s as type %s.", mdata_device_path(cd) ?: "(none)", type);
 
+	crypt_reset_null_type(cd);
+
 	r = init_crypto(cd);
 	if (r < 0)
 		return r;
@@ -1222,8 +1288,7 @@ int crypt_format(struct crypt_device *cd,
 	}
 
 	if (r < 0) {
-		free(cd->type);
-		cd->type = NULL;
+		crypt_set_null_type(cd);
 		crypt_free_volume_key(cd->volume_key);
 		cd->volume_key = NULL;
 	}
@@ -1243,6 +1308,8 @@ int crypt_load(struct crypt_device *cd,
 	if (!crypt_metadata_device(cd))
 		return -EINVAL;
 
+	crypt_reset_null_type(cd);
+
 	if (!requested_type || isLUKS(requested_type)) {
 		if (cd->type && !isLUKS(cd->type)) {
 			log_dbg("Context is already initialised to type %s", cd->type);
@@ -1291,10 +1358,8 @@ int crypt_repair(struct crypt_device *cd,
 
 	/* cd->type and header must be set in context */
 	r = crypt_check_data_device_size(cd);
-	if (r < 0) {
-		free(cd->type);
-		cd->type = NULL;
-	}
+	if (r < 0)
+		crypt_set_null_type(cd);
 
 	return r;
 }
@@ -1323,6 +1388,14 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size)
 		goto out;
 	}
 
+	if (crypt_loop_device(crypt_get_device_name(cd))) {
+		log_dbg("Trying to resize underlying loop device %s.",
+			crypt_get_device_name(cd));
+		/* Here we always use default size not new_size */
+		if (crypt_loop_resize(crypt_get_device_name(cd)))
+			log_err(NULL, _("Cannot resize loop device.\n"));
+	}
+
 	r = device_block_adjust(cd, dmd.data_device, DEV_OK,
 				dmd.u.crypt.offset, &new_size, &dmd.flags);
 	if (r)
@@ -1383,6 +1456,9 @@ int crypt_header_backup(struct crypt_device *cd,
 	if ((requested_type && !isLUKS(requested_type)) || !backup_file)
 		return -EINVAL;
 
+	if (cd->type && !isLUKS(cd->type))
+		return -EINVAL;
+
 	r = init_crypto(cd);
 	if (r < 0)
 		return r;
@@ -1390,13 +1466,15 @@ int crypt_header_backup(struct crypt_device *cd,
 	log_dbg("Requested header backup of device %s (%s) to "
 		"file %s.", mdata_device_path(cd), requested_type, backup_file);
 
-	return LUKS_hdr_backup(backup_file, &cd->u.luks1.hdr, cd);
+	r = LUKS_hdr_backup(backup_file, cd);
+	return r;
 }
 
 int crypt_header_restore(struct crypt_device *cd,
 			 const char *requested_type,
 			 const char *backup_file)
 {
+	struct luks_phdr hdr;
 	int r;
 
 	if (requested_type && !isLUKS(requested_type))
@@ -1412,7 +1490,10 @@ int crypt_header_restore(struct crypt_device *cd,
 	log_dbg("Requested header restore to device %s (%s) from "
 		"file %s.", mdata_device_path(cd), requested_type, backup_file);
 
-	return LUKS_hdr_restore(backup_file, &cd->u.luks1.hdr, cd);
+	r = LUKS_hdr_restore(backup_file, isLUKS(cd->type) ? &cd->u.luks1.hdr : &hdr, cd);
+
+	crypt_memzero(&hdr, sizeof(hdr));
+	return r;
 }
 
 void crypt_free(struct crypt_device *cd)
@@ -1438,11 +1519,13 @@ void crypt_free(struct crypt_device *cd)
 			free(CONST_CAST(void*)cd->u.verity.hdr.salt);
 			free(cd->u.verity.root_hash);
 			free(cd->u.verity.uuid);
+		} else if (!cd->type) {
+			free(cd->u.none.active_name);
 		}
 
 		free(cd->type);
 		/* Some structures can contain keys (TCRYPT), wipe it */
-		memset(cd, 0, sizeof(*cd));
+		crypt_memzero(cd, sizeof(*cd));
 		free(cd);
 	}
 }
@@ -1455,7 +1538,14 @@ int crypt_suspend(struct crypt_device *cd,
 
 	log_dbg("Suspending volume %s.", name);
 
-	r = onlyLUKS(cd);
+	if (cd->type) {
+		r = onlyLUKS(cd);
+	} else {
+		r = crypt_uuid_type_cmp(cd, CRYPT_LUKS1);
+		if (r < 0)
+			log_err(cd, _("This operation is supported only for LUKS device.\n"));
+	}
+
 	if (r < 0)
 		return r;
 
@@ -2125,7 +2215,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
 		}
 
 		r = VERITY_activate(cd, name, volume_key, volume_key_size,
-				    &cd->u.verity.hdr, CRYPT_ACTIVATE_READONLY);
+				    &cd->u.verity.hdr, flags|CRYPT_ACTIVATE_READONLY);
 
 		if (r == -EPERM) {
 			free(cd->u.verity.root_hash);
@@ -2276,7 +2366,7 @@ void crypt_set_password_retry(struct crypt_device *cd, int tries)
 
 void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_ms)
 {
-	log_dbg("Iteration time set to %" PRIu64 " miliseconds.", iteration_time_ms);
+	log_dbg("Iteration time set to %" PRIu64 " milliseconds.", iteration_time_ms);
 	cd->iteration_time = iteration_time_ms;
 }
 void crypt_set_iterarion_time(struct crypt_device *cd, uint64_t iteration_time_ms)
@@ -2350,12 +2440,12 @@ static int _luks_dump(struct crypt_device *cd)
 	int i;
 
 	log_std(cd, "LUKS header information for %s\n\n", mdata_device_path(cd));
-	log_std(cd, "Version:       \t%d\n", cd->u.luks1.hdr.version);
+	log_std(cd, "Version:       \t%" PRIu16 "\n", cd->u.luks1.hdr.version);
 	log_std(cd, "Cipher name:   \t%s\n", cd->u.luks1.hdr.cipherName);
 	log_std(cd, "Cipher mode:   \t%s\n", cd->u.luks1.hdr.cipherMode);
 	log_std(cd, "Hash spec:     \t%s\n", cd->u.luks1.hdr.hashSpec);
-	log_std(cd, "Payload offset:\t%d\n", cd->u.luks1.hdr.payloadOffset);
-	log_std(cd, "MK bits:       \t%d\n", cd->u.luks1.hdr.keyBytes * 8);
+	log_std(cd, "Payload offset:\t%" PRIu32 "\n", cd->u.luks1.hdr.payloadOffset);
+	log_std(cd, "MK bits:       \t%" PRIu32 "\n", cd->u.luks1.hdr.keyBytes * 8);
 	log_std(cd, "MK digest:     \t");
 	hexprint(cd, cd->u.luks1.hdr.mkDigest, LUKS_DIGESTSIZE, " ");
 	log_std(cd, "\n");
@@ -2364,12 +2454,12 @@ static int _luks_dump(struct crypt_device *cd)
 	log_std(cd, "\n               \t");
 	hexprint(cd, cd->u.luks1.hdr.mkDigestSalt+LUKS_SALTSIZE/2, LUKS_SALTSIZE/2, " ");
 	log_std(cd, "\n");
-	log_std(cd, "MK iterations: \t%d\n", cd->u.luks1.hdr.mkDigestIterations);
+	log_std(cd, "MK iterations: \t%" PRIu32 "\n", cd->u.luks1.hdr.mkDigestIterations);
 	log_std(cd, "UUID:          \t%s\n\n", cd->u.luks1.hdr.uuid);
 	for(i = 0; i < LUKS_NUMKEYS; i++) {
 		if(cd->u.luks1.hdr.keyblock[i].active == LUKS_KEY_ENABLED) {
 			log_std(cd, "Key Slot %d: ENABLED\n",i);
-			log_std(cd, "\tIterations:         \t%d\n",
+			log_std(cd, "\tIterations:         \t%" PRIu32 "\n",
 				cd->u.luks1.hdr.keyblock[i].passwordIterations);
 			log_std(cd, "\tSalt:               \t");
 			hexprint(cd, cd->u.luks1.hdr.keyblock[i].passwordSalt,
@@ -2379,9 +2469,9 @@ static int _luks_dump(struct crypt_device *cd)
 				 LUKS_SALTSIZE/2, LUKS_SALTSIZE/2, " ");
 			log_std(cd, "\n");
 
-			log_std(cd, "\tKey material offset:\t%d\n",
+			log_std(cd, "\tKey material offset:\t%" PRIu32 "\n",
 				cd->u.luks1.hdr.keyblock[i].keyMaterialOffset);
-			log_std(cd, "\tAF stripes:            \t%d\n",
+			log_std(cd, "\tAF stripes:            \t%" PRIu32 "\n",
 				cd->u.luks1.hdr.keyblock[i].stripes);
 		}
 		else 
@@ -2426,6 +2516,31 @@ int crypt_dump(struct crypt_device *cd)
 	return -EINVAL;
 }
 
+
+static int _init_by_name_crypt_none(struct crypt_device *cd)
+{
+	struct crypt_dm_active_device dmd = {};
+	int r;
+
+	if (cd->type || !cd->u.none.active_name)
+		return -EINVAL;
+
+	r = dm_query_device(cd, cd->u.none.active_name,
+			DM_ACTIVE_CRYPT_CIPHER |
+			DM_ACTIVE_CRYPT_KEYSIZE, &dmd);
+	if (r >= 0)
+		r = crypt_parse_name_and_mode(dmd.u.crypt.cipher,
+					      cd->u.none.cipher, NULL,
+					      cd->u.none.cipher_mode);
+
+	if (!r)
+		cd->u.none.key_size = dmd.u.crypt.vk->keylength;
+
+	crypt_free_volume_key(dmd.u.crypt.vk);
+	free(CONST_CAST(void*)dmd.u.crypt.cipher);
+	return r;
+}
+
 const char *crypt_get_cipher(struct crypt_device *cd)
 {
 	if (isPLAIN(cd->type))
@@ -2440,6 +2555,9 @@ const char *crypt_get_cipher(struct crypt_device *cd)
 	if (isTCRYPT(cd->type))
 		return cd->u.tcrypt.params.cipher;
 
+	if (!cd->type && !_init_by_name_crypt_none(cd))
+		return cd->u.none.cipher;
+
 	return NULL;
 }
 
@@ -2457,6 +2575,9 @@ const char *crypt_get_cipher_mode(struct crypt_device *cd)
 	if (isTCRYPT(cd->type))
 		return cd->u.tcrypt.params.mode;
 
+	if (!cd->type && !_init_by_name_crypt_none(cd))
+		return cd->u.none.cipher_mode;
+
 	return NULL;
 }
 
@@ -2498,6 +2619,9 @@ int crypt_get_volume_key_size(struct crypt_device *cd)
 	if (isTCRYPT(cd->type))
 		return cd->u.tcrypt.params.key_size;
 
+	if (!cd->type && !_init_by_name_crypt_none(cd))
+		return cd->u.none.key_size;
+
 	return 0;
 }
 
@@ -2612,8 +2736,3 @@ int crypt_get_active_device(struct crypt_device *cd, const char *name,
 
 	return 0;
 }
-
-static void __attribute__((constructor)) libcryptsetup_ctor(void)
-{
-	crypt_fips_libcryptsetup_check();
-}

lib/tcrypt/tcrypt.c

@@ -1,8 +1,8 @@
 /*
- * TCRYPT (TrueCrypt-compatible) volume handling
+ * TCRYPT (TrueCrypt-compatible) and VeraCrypt volume handling
  *
  * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2014, Milan Broz
+ * Copyright (C) 2012-2015, Milan Broz
  *
  * This file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -33,16 +33,23 @@
 /* TCRYPT PBKDF variants */
 static struct {
 	unsigned int legacy:1;
+	unsigned int veracrypt:1;
 	const char *name;
 	const char *hash;
 	unsigned int iterations;
 } tcrypt_kdf[] = {
-	{ 0, "pbkdf2", "ripemd160", 2000 },
-	{ 0, "pbkdf2", "ripemd160", 1000 },
-	{ 0, "pbkdf2", "sha512",    1000 },
-	{ 0, "pbkdf2", "whirlpool", 1000 },
-	{ 1, "pbkdf2", "sha1",      2000 },
-	{ 0, NULL,     NULL,           0 }
+	{ 0, 0, "pbkdf2", "ripemd160", 2000 },
+	{ 0, 0, "pbkdf2", "ripemd160", 1000 },
+	{ 0, 0, "pbkdf2", "sha512",    1000 },
+	{ 0, 0, "pbkdf2", "whirlpool", 1000 },
+	{ 1, 0, "pbkdf2", "sha1",      2000 },
+	{ 0, 1, "pbkdf2", "sha512",    500000 },
+	{ 0, 1, "pbkdf2", "ripemd160", 655331 },
+	{ 0, 1, "pbkdf2", "ripemd160", 327661 }, // boot only
+	{ 0, 1, "pbkdf2", "whirlpool", 500000 },
+	{ 0, 1, "pbkdf2", "sha256",    500000 }, // VeraCrypt 1.0f
+	{ 0, 1, "pbkdf2", "sha256",    200000 }, // boot only
+	{ 0, 0, NULL,     NULL,        0 }
 };
 
 struct tcrypt_alg {
@@ -196,7 +203,7 @@ static int TCRYPT_hdr_from_disk(struct tcrypt_phdr *hdr,
 
 	/* Convert header to cpu format */
 	hdr->d.version  =  be16_to_cpu(hdr->d.version);
-	hdr->d.version_tc = le16_to_cpu(hdr->d.version_tc);
+	hdr->d.version_tc = be16_to_cpu(hdr->d.version_tc);
 
 	hdr->d.keys_crc32 = be32_to_cpu(hdr->d.keys_crc32);
 
@@ -269,8 +276,8 @@ static int decrypt_blowfish_le_cbc(struct tcrypt_alg *alg,
 	}
 
 	crypt_cipher_destroy(cipher);
-	memset(iv, 0, bs);
-	memset(iv_old, 0, bs);
+	crypt_memzero(iv, bs);
+	crypt_memzero(iv_old, bs);
 	return r;
 }
 
@@ -307,12 +314,13 @@ static int TCRYPT_decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode,
 {
 	char backend_key[TCRYPT_HDR_KEY_LEN];
 	char iv[TCRYPT_HDR_IV_LEN] = {};
-	char mode_name[MAX_CIPHER_LEN];
+	char mode_name[MAX_CIPHER_LEN + 1];
 	struct crypt_cipher *cipher;
 	char *c, *buf = (char*)&hdr->e;
 	int r;
 
 	/* Remove IV if present */
+	mode_name[MAX_CIPHER_LEN] = '\0';
 	strncpy(mode_name, mode, MAX_CIPHER_LEN);
 	c = strchr(mode_name, '-');
 	if (c)
@@ -336,8 +344,8 @@ static int TCRYPT_decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode,
 		crypt_cipher_destroy(cipher);
 	}
 
-	memset(backend_key, 0, sizeof(backend_key));
-	memset(iv, 0, TCRYPT_HDR_IV_LEN);
+	crypt_memzero(backend_key, sizeof(backend_key));
+	crypt_memzero(iv, TCRYPT_HDR_IV_LEN);
 	return r;
 }
 
@@ -387,19 +395,19 @@ out:
 		if (cipher[j])
 			crypt_cipher_destroy(cipher[j]);
 
-	memset(iv, 0, bs);
-	memset(iv_old, 0, bs);
+	crypt_memzero(iv, bs);
+	crypt_memzero(iv_old, bs);
 	return r;
 }
 
 static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
-			       const char *key, int legacy_modes)
+			       const char *key, uint32_t flags)
 {
 	struct tcrypt_phdr hdr2;
 	int i, j, r = -EINVAL;
 
 	for (i = 0; tcrypt_cipher[i].chain_count; i++) {
-		if (!legacy_modes && tcrypt_cipher[i].legacy)
+		if (!(flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_cipher[i].legacy)
 			continue;
 		log_dbg("TCRYPT:  trying cipher %s-%s",
 			tcrypt_cipher[i].long_name, tcrypt_cipher[i].mode);
@@ -431,10 +439,17 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
 			r = i;
 			break;
 		}
+		if ((flags & CRYPT_TCRYPT_VERA_MODES) &&
+		     !strncmp(hdr2.d.magic, VCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) {
+			log_dbg("TCRYPT: Signature magic detected (Veracrypt).");
+			memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
+			r = i;
+			break;
+		}
 		r = -EPERM;
 	}
 
-	memset(&hdr2, 0, sizeof(hdr2));
+	crypt_memzero(&hdr2, sizeof(hdr2));
 	return r;
 }
 
@@ -471,8 +486,8 @@ static int TCRYPT_pool_keyfile(struct crypt_device *cd,
 		j %= TCRYPT_KEY_POOL_LEN;
 	}
 
-	memset(&crc, 0, sizeof(crc));
-	memset(data, 0, TCRYPT_KEYFILE_LEN);
+	crypt_memzero(&crc, sizeof(crc));
+	crypt_memzero(data, TCRYPT_KEYFILE_LEN);
 
 	return 0;
 }
@@ -485,7 +500,7 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
 	size_t passphrase_size;
 	char *key;
 	unsigned int i, skipped = 0;
-	int r = -EINVAL, legacy_modes;
+	int r = -EPERM;
 
 	if (posix_memalign((void*)&key, crypt_getpagesize(), TCRYPT_HDR_KEY_LEN))
 		return -ENOMEM;
@@ -498,7 +513,7 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
 	if (params->passphrase_size > TCRYPT_KEY_POOL_LEN) {
 		log_err(cd, _("Maximum TCRYPT passphrase length (%d) exceeded.\n"),
 			      TCRYPT_KEY_POOL_LEN);
-		return -EPERM;
+		goto out;
 	}
 
 	/* Calculate pool content from keyfiles */
@@ -512,9 +527,10 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
 	for (i = 0; i < params->passphrase_size; i++)
 		pwd[i] += params->passphrase[i];
 
-	legacy_modes = params->flags & CRYPT_TCRYPT_LEGACY_MODES ? 1 : 0;
 	for (i = 0; tcrypt_kdf[i].name; i++) {
-		if (!legacy_modes && tcrypt_kdf[i].legacy)
+		if (!(params->flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_kdf[i].legacy)
+			continue;
+		if (!(params->flags & CRYPT_TCRYPT_VERA_MODES) && tcrypt_kdf[i].veracrypt)
 			continue;
 		/* Derive header key */
 		log_dbg("TCRYPT: trying KDF: %s-%s-%d.",
@@ -533,7 +549,7 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
 			break;
 
 		/* Decrypt header */
-		r = TCRYPT_decrypt_hdr(cd, hdr, key, legacy_modes);
+		r = TCRYPT_decrypt_hdr(cd, hdr, key, params->flags);
 		if (r == -ENOENT) {
 			skipped++;
 			r = -EPERM;
@@ -553,18 +569,19 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
 
 	r = TCRYPT_hdr_from_disk(hdr, params, i, r);
 	if (!r) {
-		log_dbg("TCRYPT: Header version: %d, req. %d, sector %d"
+		log_dbg("TCRYPT: Magic: %s, Header version: %d, req. %d, sector %d"
 			", mk_offset %" PRIu64 ", hidden_size %" PRIu64
-			", volume size %" PRIu64, (int)hdr->d.version,
-			(int)hdr->d.version_tc, (int)hdr->d.sector_size,
+			", volume size %" PRIu64, tcrypt_kdf[i].veracrypt ?
+			VCRYPT_HDR_MAGIC : TCRYPT_HDR_MAGIC,
+			(int)hdr->d.version, (int)hdr->d.version_tc, (int)hdr->d.sector_size,
 			hdr->d.mk_offset, hdr->d.hidden_volume_size, hdr->d.volume_size);
-		log_dbg("TCRYPT: Header cipher %s-%s, key size %d",
+		log_dbg("TCRYPT: Header cipher %s-%s, key size %zu",
 			params->cipher, params->mode, params->key_size);
 	}
 out:
-	memset(pwd, 0, TCRYPT_KEY_POOL_LEN);
+	crypt_memzero(pwd, TCRYPT_KEY_POOL_LEN);
 	if (key)
-		memset(key, 0, TCRYPT_HDR_KEY_LEN);
+		crypt_memzero(key, TCRYPT_HDR_KEY_LEN);
 	free(key);
 	return r;
 }
@@ -580,7 +597,7 @@ int TCRYPT_read_phdr(struct crypt_device *cd,
 
 	assert(sizeof(struct tcrypt_phdr) == 512);
 
-	log_dbg("Reading TCRYPT header of size %d bytes from device %s.",
+	log_dbg("Reading TCRYPT header of size %zu bytes from device %s.",
 		hdr_size, device_path(device));
 
 	bs = device_block_size(device);
@@ -596,10 +613,10 @@ int TCRYPT_read_phdr(struct crypt_device *cd,
 			return -EINVAL;
 
 		r = device_alloc(&base_device, base_device_path);
+		free(base_device_path);
 		if (r < 0)
 			return r;
 		devfd = device_open(base_device, O_RDONLY);
-		free(base_device_path);
 		device_free(base_device);
 	} else
 		devfd = device_open(device, O_RDONLY);
@@ -707,6 +724,9 @@ int TCRYPT_activate(struct crypt_device *cd,
 	if (!algs)
 		return -EINVAL;
 
+	if (hdr->d.sector_size == 0)
+		return -EINVAL;
+
 	if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER)
 		dmd.size = 0;
 	else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER)
@@ -741,18 +761,23 @@ int TCRYPT_activate(struct crypt_device *cd,
 
 	r = device_block_adjust(cd, dmd.data_device, device_check,
 				dmd.u.crypt.offset, &dmd.size, &dmd.flags);
-	if (r)
+	if (r) {
+		device_free(part_device);
 		return r;
+	}
 
 	/* Frome here, key size for every cipher must be the same */
 	dmd.u.crypt.vk = crypt_alloc_volume_key(algs->cipher[0].key_size +
 						algs->cipher[0].key_extra_size, NULL);
-	if (!dmd.u.crypt.vk)
+	if (!dmd.u.crypt.vk) {
+		device_free(part_device);
 		return -ENOMEM;
+	}
 
 	for (i = algs->chain_count; i > 0; i--) {
 		if (i == 1) {
-			strncpy(dm_name, name, sizeof(dm_name));
+			dm_name[sizeof(dm_name)-1] = '\0';
+			strncpy(dm_name, name, sizeof(dm_name)-1);
 			dmd.flags = flags;
 		} else {
 			snprintf(dm_name, sizeof(dm_name), "%s_%d", name, i-1);
@@ -894,7 +919,7 @@ int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
 			struct tcrypt_phdr *tcrypt_hdr)
 {
 	struct tcrypt_algs *algs;
-	char cipher[MAX_CIPHER_LEN * 4], mode[MAX_CIPHER_LEN], *tmp;
+	char cipher[MAX_CIPHER_LEN * 4], mode[MAX_CIPHER_LEN+1], *tmp;
 	size_t key_size;
 	int r;
 
@@ -908,6 +933,7 @@ int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
 	if (!tmp)
 		return -EINVAL;
 	*tmp = '\0';
+	mode[MAX_CIPHER_LEN] = '\0';
 	strncpy(mode, ++tmp, MAX_CIPHER_LEN);
 
 	key_size = dmd->u.crypt.vk->keylength;
@@ -1026,11 +1052,13 @@ int TCRYPT_dump(struct crypt_device *cd,
 		struct tcrypt_phdr *hdr,
 		struct crypt_params_tcrypt *params)
 {
-	log_std(cd, "TCRYPT header information for %s\n",
+	log_std(cd, "%s header information for %s\n",
+		hdr->d.magic[0] == 'T' ? "TCRYPT" : "VERACRYPT",
 		device_path(crypt_metadata_device(cd)));
 	if (hdr->d.version) {
 		log_std(cd, "Version:       \t%d\n", hdr->d.version);
-		log_std(cd, "Driver req.:\t%d\n", hdr->d.version_tc);
+		log_std(cd, "Driver req.:\t%x.%x\n", hdr->d.version_tc >> 8,
+						    hdr->d.version_tc & 0xFF);
 
 		log_std(cd, "Sector size:\t%" PRIu32 "\n", hdr->d.sector_size);
 		log_std(cd, "MK offset:\t%" PRIu64 "\n", hdr->d.mk_offset);
@@ -1038,6 +1066,6 @@ int TCRYPT_dump(struct crypt_device *cd,
 	}
 	log_std(cd, "Cipher chain:\t%s\n", params->cipher);
 	log_std(cd, "Cipher mode:\t%s\n", params->mode);
-	log_std(cd, "MK bits:       \t%d\n", params->key_size * 8);
+	log_std(cd, "MK bits:       \t%zu\n", params->key_size * 8);
 	return 0;
 }

lib/tcrypt/tcrypt.h

@@ -29,6 +29,7 @@
 #define TCRYPT_HDR_LEN     448
 #define TCRYPT_HDR_KEY_LEN 192
 #define TCRYPT_HDR_MAGIC "TRUE"
+#define VCRYPT_HDR_MAGIC "VERA"
 #define TCRYPT_HDR_MAGIC_LEN 4
 
 #define TCRYPT_HDR_HIDDEN_OFFSET_OLD -1536

lib/utils.c

@@ -1,7 +1,7 @@
 /*
  * utils - miscellaneous device utilities for cryptsetup
  *
- * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2012, Milan Broz
@@ -105,9 +105,9 @@ ssize_t write_blockwise(int fd, int bsize, void *orig_buf, size_t count)
 		if (r < bsize)
 			bsize = r;
 
-		r = lseek(fd, -bsize, SEEK_CUR);
-		if (r < 0)
+		if (lseek(fd, -bsize, SEEK_CUR) < 0)
 			goto out;
+
 		memcpy(hangover_buf, (char*)buf + solid, hangover);
 
 		r = write(fd, hangover_buf, bsize);

lib/utils_benchmark.c

@@ -240,7 +240,7 @@ int crypt_benchmark_kdf(struct crypt_device *cd,
 	size_t salt_size,
 	uint64_t *iterations_sec)
 {
-	int r;
+	int r, key_length = 0;
 
 	if (!iterations_sec)
 		return -EINVAL;
@@ -249,14 +249,21 @@ int crypt_benchmark_kdf(struct crypt_device *cd,
 	if (r < 0)
 		return r;
 
+	// FIXME: this should be in KDF check API parameters later
+	if (cd)
+		key_length = crypt_get_volume_key_size(cd);
+
+	if (key_length == 0)
+		key_length = DEFAULT_LUKS1_KEYBITS / 8;
+
 	if (!strncmp(kdf, "pbkdf2", 6))
 		r = crypt_pbkdf_check(kdf, hash, password, password_size,
-				      salt, salt_size, iterations_sec);
+				      salt, salt_size, key_length, iterations_sec);
 	else
 		r = -EINVAL;
 
 	if (!r)
-		log_dbg("KDF %s, hash %s: %" PRIu64 " iterations per second.",
-			kdf, hash, *iterations_sec);
+		log_dbg("KDF %s, hash %s: %" PRIu64 " iterations per second (%d-bits key).",
+			kdf, hash, *iterations_sec, key_length * 8);
 	return r;
 }

lib/utils_crypt.c

@@ -22,6 +22,7 @@
 
 #include <stdlib.h>
 #include <stddef.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <string.h>
 #include <errno.h>
@@ -81,12 +82,24 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
 	return -EINVAL;
 }
 
+/*
+ * Replacement for memset(s, 0, n) on stack that can be optimized out
+ * Also used in safe allocations for explicit memory wipe.
+ */
+void crypt_memzero(void *s, size_t n)
+{
+	volatile uint8_t *p = (volatile uint8_t *)s;
+
+	while(n--)
+		*p++ = 0;
+}
+
 /* safe allocations */
 void *crypt_safe_alloc(size_t size)
 {
 	struct safe_allocation *alloc;
 
-	if (!size)
+	if (!size || size > (SIZE_MAX - offsetof(struct safe_allocation, data)))
 		return NULL;
 
 	alloc = malloc(size + offsetof(struct safe_allocation, data));
@@ -94,7 +107,7 @@ void *crypt_safe_alloc(size_t size)
 		return NULL;
 
 	alloc->size = size;
-	memset(&alloc->data, 0, size);
+	crypt_memzero(&alloc->data, size);
 
 	/* coverity[leaked_storage] */
 	return &alloc->data;
@@ -110,7 +123,7 @@ void crypt_safe_free(void *data)
 	alloc = (struct safe_allocation *)
 		((char *)data - offsetof(struct safe_allocation, data));
 
-	memset(data, 0, alloc->size);
+	crypt_memzero(data, alloc->size);
 
 	alloc->size = 0x55aa55aa;
 	free(alloc);
@@ -157,7 +170,7 @@ static int untimed_read(int fd, char *pass, size_t maxlen)
 static int timed_read(int fd, char *pass, size_t maxlen, long timeout)
 {
 	struct timeval t;
-	fd_set fds;
+	fd_set fds = {}; /* Just to avoid scan-build false report for FD_SET */
 	int failed = -1;
 
 	FD_ZERO(&fds);
@@ -176,16 +189,18 @@ static int interactive_pass(const char *prompt, char *pass, size_t maxlen,
 {
 	struct termios orig, tmp;
 	int failed = -1;
-	int infd = STDIN_FILENO, outfd;
+	int infd, outfd;
 
 	if (maxlen < 1)
-		goto out_err;
+		return failed;
 
 	/* Read and write to /dev/tty if available */
-	if ((infd = outfd = open("/dev/tty", O_RDWR)) == -1) {
+	infd = open("/dev/tty", O_RDWR);
+	if (infd == -1) {
 		infd = STDIN_FILENO;
 		outfd = STDERR_FILENO;
-	}
+	} else
+		outfd = infd;
 
 	if (tcgetattr(infd, &orig))
 		goto out_err;
@@ -320,7 +335,7 @@ int crypt_get_key(const char *prompt,
 		  struct crypt_device *cd)
 {
 	int fd, regular_file, read_stdin, char_read, unlimited_read = 0;
-	int r = -EINVAL;
+	int r = -EINVAL, newline;
 	char *pass = NULL;
 	size_t buflen, i, file_read_size;
 	struct stat st;
@@ -346,7 +361,7 @@ int crypt_get_key(const char *prompt,
 
 	/* If not requsted otherwise, we limit input to prevent memory exhaustion */
 	if (keyfile_size_max == 0) {
-		keyfile_size_max = DEFAULT_KEYFILE_SIZE_MAXKB * 1024;
+		keyfile_size_max = DEFAULT_KEYFILE_SIZE_MAXKB * 1024 + 1;
 		unlimited_read = 1;
 	}
 
@@ -394,7 +409,7 @@ int crypt_get_key(const char *prompt,
 		goto out_err;
 	}
 
-	for(i = 0; i < keyfile_size_max; i++) {
+	for(i = 0, newline = 0; i < keyfile_size_max; i++) {
 		if(i == buflen) {
 			buflen += 4096;
 			pass = crypt_safe_realloc(pass, buflen);
@@ -412,12 +427,17 @@ int crypt_get_key(const char *prompt,
 		}
 
 		/* Stop on newline only if not requested read from keyfile */
-		if(char_read == 0 || (!key_file && pass[i] == '\n'))
+		if (char_read == 0)
 			break;
+		if (!key_file && pass[i] == '\n') {
+			newline = 1;
+			pass[i] = '\0';
+			break;
+		}
 	}
 
 	/* Fail if piped input dies reading nothing */
-	if(!i && !regular_file) {
+	if(!i && !regular_file && !newline) {
 		log_dbg("Nothing read on input.");
 		r = -EPIPE;
 		goto out_err;
@@ -471,68 +491,3 @@ ssize_t crypt_hex_to_bytes(const char *hex, char **result, int safe_alloc)
 	*result = bytes;
 	return i;
 }
-
-/*
- * Device size string parsing, suffixes:
- * s|S - 512 bytes sectors
- * k  |K  |m  |M  |g  |G  |t  |T   - 1024 base
- * kiB|KiB|miB|MiB|giB|GiB|tiB|TiB - 1024 base
- * kb |KB |mM |MB |gB |GB |tB |TB  - 1000 base
- */
-int crypt_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size)
-{
-	char *endp = NULL;
-	size_t len;
-	uint64_t mult_base, mult, tmp;
-
-	*size = strtoull(s, &endp, 10);
-	if (!isdigit(s[0]) ||
-	    (errno == ERANGE && *size == ULLONG_MAX) ||
-	    (errno != 0 && *size == 0))
-		return -EINVAL;
-
-	if (!endp || !*endp)
-		return 0;
-
-	len = strlen(endp);
-	/* Allow "B" and "iB" suffixes */
-	if (len > 3 ||
-	   (len == 3 && (endp[1] != 'i' || endp[2] != 'B')) ||
-	   (len == 2 && endp[1] != 'B'))
-		return -EINVAL;
-
-	if (len == 1 || len == 3)
-		mult_base = 1024;
-	else
-		mult_base = 1000;
-
-	mult = 1;
-	switch (endp[0]) {
-	case 's':
-	case 'S': mult = 512;
-		break;
-	case 't':
-	case 'T': mult *= mult_base;
-		 /* Fall through */
-	case 'g':
-	case 'G': mult *= mult_base;
-		 /* Fall through */
-	case 'm':
-	case 'M': mult *= mult_base;
-		 /* Fall through */
-	case 'k':
-	case 'K': mult *= mult_base;
-		break;
-	default:
-		return -EINVAL;
-	}
-
-	tmp = *size * mult;
-	if ((tmp / *size) != mult) {
-		log_dbg("Device size overflow.");
-		return -EINVAL;
-	}
-
-	*size = tmp;
-	return 0;
-}

lib/utils_crypt.h

@@ -45,7 +45,8 @@ void *crypt_safe_alloc(size_t size);
 void crypt_safe_free(void *data);
 void *crypt_safe_realloc(void *data, size_t size);
 
+void crypt_memzero(void *s, size_t n);
+
 ssize_t crypt_hex_to_bytes(const char *hex, char **result, int safe_alloc);
-int crypt_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size);
 
 #endif /* _UTILS_CRYPT_H */

lib/utils_device.c

@@ -1,10 +1,10 @@
 /*
  * device backend utilities
  *
- * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2012, Milan Broz
+ * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2015, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -38,20 +38,108 @@ struct device {
 	char *file_path;
 	int loop_fd;
 
+	int o_direct:1;
 	int init_done:1;
 };
 
-static int device_ready(const char *device)
+static int device_block_size_fd(int fd, size_t *min_size)
 {
-	int devfd, r = 0;
+	struct stat st;
+	int bsize = 0, r = -EINVAL;
+
+	if (fstat(fd, &st) < 0)
+		return -EINVAL;
+
+	if (S_ISREG(st.st_mode)) {
+		r = (int)crypt_getpagesize();
+		bsize = r;
+	}
+	else if (ioctl(fd, BLKSSZGET, &bsize) >= 0)
+		r = bsize;
+	else
+		r = -EINVAL;
+
+	if (r < 0 || !min_size)
+		return r;
+
+	if (S_ISREG(st.st_mode)) {
+		/* file can be empty as well */
+		if (st.st_size > bsize)
+			*min_size = bsize;
+		else
+			*min_size = st.st_size;
+	} else {
+		/* block device must have at least one block */
+		*min_size = bsize;
+	}
+
+	return bsize;
+}
+
+static int device_read_test(int devfd)
+{
+	char buffer[512];
+	int blocksize, r = -EIO;
+	size_t minsize = 0;
+
+	blocksize = device_block_size_fd(devfd, &minsize);
+
+	if (blocksize < 0)
+		return -EINVAL;
+
+	if (minsize == 0)
+		return 0;
+
+	if (minsize > sizeof(buffer))
+		minsize = sizeof(buffer);
+
+	if (read_blockwise(devfd, blocksize, buffer, minsize) == (ssize_t)minsize)
+		r = 0;
+
+	crypt_memzero(buffer, sizeof(buffer));
+	return r;
+}
+
+/*
+ * The direct-io is always preferred. The header is usually mapped to the same
+ * device and can be accessed when the rest of device is mapped to data device.
+ * Using dirct-io encsures that we do not mess with data in cache.
+ * (But proper alignment should prevent this in the first place.)
+ * The read test is needed to detect broken configurations (seen with remote
+ * block devices) that allow open with direct-io but then fails on read.
+ */
+static int device_ready(struct device *device, int check_directio)
+{
+	int devfd = -1, r = 0;
 	struct stat st;
 
-	log_dbg("Trying to open and read device %s.", device);
-	devfd = open(device, O_RDONLY);
+	device->o_direct = 0;
+	if (check_directio) {
+		log_dbg("Trying to open and read device %s with direct-io.",
+			device_path(device));
+		devfd = open(device_path(device), O_RDONLY | O_DIRECT);
+		if (devfd >= 0) {
+			if (device_read_test(devfd) == 0) {
+				device->o_direct = 1;
+			} else {
+				close(devfd);
+				devfd = -1;
+			}
+		}
+	}
+
 	if (devfd < 0) {
-		log_err(NULL, _("Device %s doesn't exist or access denied.\n"), device);
+		log_dbg("Trying to open device %s without direct-io.",
+			device_path(device));
+		devfd = open(device_path(device), O_RDONLY);
+	}
+
+	if (devfd < 0) {
+		log_err(NULL, _("Device %s doesn't exist or access denied.\n"),
+			device_path(device));
 		return -EINVAL;
 	}
+
 	if (fstat(devfd, &st) < 0)
 		r = -EINVAL;
 	else if (!S_ISBLK(st.st_mode))
@@ -65,12 +153,14 @@ int device_open(struct device *device, int flags)
 {
 	int devfd;
 
-	devfd = open(device_path(device), flags | O_DIRECT | O_SYNC);
-	if (devfd < 0 && errno == EINVAL) {
-		log_dbg("Trying to open device %s without direct-io.",
-			device_path(device));
-		devfd = open(device_path(device), flags | O_SYNC);
-	}
+	flags |= O_SYNC;
+	if (device->o_direct)
+		flags |= O_DIRECT;
+
+	devfd = open(device_path(device), flags);
+
+	if (devfd < 0)
+		log_dbg("Cannot open device %s.", device_path(device));
 
 	return devfd;
 }
@@ -90,24 +180,24 @@ int device_alloc(struct device **device, const char *path)
 		return -ENOMEM;
 
 	memset(dev, 0, sizeof(struct device));
+	dev->path = strdup(path);
+	if (!dev->path) {
+		free(dev);
+		return -ENOMEM;
+	}
 	dev->loop_fd = -1;
 
-	r = device_ready(path);
+	r = device_ready(dev, 1);
 	if (!r) {
 		dev->init_done = 1;
 	} else if (r == -ENOTBLK) {
 		/* alloc loop later */
 	} else if (r < 0) {
+		free(dev->path);
 		free(dev);
 		return -ENOTBLK;
 	}
 
-	dev->path = strdup(path);
-	if (!dev->path) {
-		free(dev);
-		return -ENOMEM;
-	}
-
 	*device = dev;
 	return 0;
 }
@@ -208,27 +298,23 @@ out:
 
 int device_block_size(struct device *device)
 {
-	struct stat st;
-	int fd, bsize = 0, r = -EINVAL;
+	int fd, r = -EINVAL;
 
 	if (!device)
 		return 0;
 
+	if (device->file_path)
+		return (int)crypt_getpagesize();
+
 	fd = open(device->path, O_RDONLY);
 	if(fd < 0)
 		return -EINVAL;
 
-	if (fstat(fd, &st) < 0)
-		goto out;
+	r = device_block_size_fd(fd, NULL);
 
-	if (S_ISREG(st.st_mode) || device->file_path) {
-		r = (int)crypt_getpagesize();
-		goto out;
-	}
+	if (r <= 0)
+		log_dbg("Cannot get block size for device %s.", device_path(device));
 
-	if (ioctl(fd, BLKSSZGET, &bsize) >= 0)
-		r = bsize;
-out:
 	close(fd);
 	return r;
 }
@@ -333,7 +419,7 @@ out:
 
 static int device_internal_prepare(struct crypt_device *cd, struct device *device)
 {
-	char *loop_device;
+	char *loop_device, *file_path = NULL;
 	int r, loop_fd, readonly = 0;
 
 	if (device->init_done)
@@ -359,15 +445,19 @@ static int device_internal_prepare(struct crypt_device *cd, struct device *devic
 		return -EINVAL;
 	}
 
-	r = device_ready(loop_device);
+	file_path = device->path;
+	device->path = loop_device;
+
+	r = device_ready(device, device->o_direct);
 	if (r < 0) {
+		device->path = file_path;
+		crypt_loop_detach(loop_device);
 		free(loop_device);
 		return r;
 	}
 
 	device->loop_fd = loop_fd;
-	device->file_path = device->path;
-	device->path = loop_device;
+	device->file_path = file_path;
 	device->init_done = 1;
 
 	return 0;
@@ -440,3 +530,8 @@ size_t size_round_up(size_t size, unsigned int block)
 	size_t s = (size + (block - 1)) / block;
 	return s * block;
 }
+
+void device_disable_direct_io(struct device *device)
+{
+	device->o_direct = 0;
+}

lib/utils_devpath.c

@@ -1,7 +1,7 @@
 /*
  * devname - search for device name
  *
- * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2013, Milan Broz
@@ -31,6 +31,9 @@
 #include <limits.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+# include <sys/sysmacros.h>     /* for major, minor */
+#endif
 #include "internal.h"
 
 static char *__lookup_dev(char *path, dev_t dev, int dir_level, const int max_level)
@@ -276,24 +279,30 @@ char *crypt_get_partition_device(const char *dev_path, uint64_t offset, uint64_t
 		major(st.st_rdev), minor(st.st_rdev)) < 0)
 		return NULL;
 
-	len = readlink(path, link, sizeof(link) - 1);
-	if (len < 0)
+	dir = opendir(path);
+	if (!dir)
 		return NULL;
 
+	len = readlink(path, link, sizeof(link) - 1);
+	if (len < 0) {
+		closedir(dir);
+		return NULL;
+	}
+
 	/* Get top level disk name for sysfs search */
 	link[len] = '\0';
 	devname = strrchr(link, '/');
-	if (!devname)
+	if (!devname) {
+		closedir(dir);
 		return NULL;
+	}
 	devname++;
 
 	/* DM devices do not use kernel partitions. */
-	if (dm_is_dm_kernel_name(devname))
-		return NULL;
-
-	dir = opendir(path);
-	if (!dir)
+	if (dm_is_dm_kernel_name(devname)) {
+		closedir(dir);
 		return NULL;
+	}
 
 	devname_len = strlen(devname);
 	while((entry = readdir(dir))) {

lib/utils_dm.h

@@ -1,10 +1,10 @@
 /*
  * libdevmapper - device-mapper backend for cryptsetup
  *
- * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2012, Milan Broz
+ * Copyright (C) 2009-2016, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -40,6 +40,10 @@ struct device;
 #define DM_DISCARDS_SUPPORTED (1 << 4)	/* discards/TRIM option is supported */
 #define DM_VERITY_SUPPORTED   (1 << 5)	/* dm-verity target supported */
 #define DM_TCW_SUPPORTED      (1 << 6)	/* tcw (TCRYPT CBC with whitening) */
+#define DM_SAME_CPU_CRYPT_SUPPORTED (1 << 7) /* same_cpu_crypt */
+#define DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED (1 << 8) /* submit_from_crypt_cpus */
+#define DM_VERITY_ON_CORRUPTION_SUPPORTED (1 << 9) /* ignore/restart_on_corruption, ignore_zero_block */
+
 uint32_t dm_flags(void);
 
 #define DM_ACTIVE_DEVICE	(1 << 0)

lib/utils_fips.c

@@ -1,7 +1,7 @@
 /*
  * FIPS mode utilities
  *
- * Copyright (C) 2011-2013, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2015, Red Hat, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -18,36 +18,29 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#include <stdlib.h>
-#include <stdio.h>
 #include <unistd.h>
-#include "nls.h"
+#include <fcntl.h>
+#include <errno.h>
 #include "utils_fips.h"
 
 #if !ENABLE_FIPS
 int crypt_fips_mode(void) { return 0; }
-void crypt_fips_libcryptsetup_check(void) {}
 #else
-#include <fipscheck.h>
+static int kernel_fips_mode(void)
+{
+	int fd;
+	char buf[1] = "";
+
+	if ((fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY)) >= 0) {
+		while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
+		close(fd);
+	}
+
+	return (buf[0] == '1') ? 1 : 0;
+}
 
 int crypt_fips_mode(void)
 {
-	return FIPSCHECK_kernel_fips_mode() && !access(FIPS_MODULE_FILE, F_OK);
-}
-
-static void crypt_fips_verify(const char *name, const char *function)
-{
-	if (!crypt_fips_mode())
-		return;
-
-	if (!FIPSCHECK_verify(name, function)) {
-		fputs(_("FIPS checksum verification failed.\n"), stderr);
-		_exit(EXIT_FAILURE);
-	}
-}
-
-void crypt_fips_libcryptsetup_check(void)
-{
-	crypt_fips_verify(LIBCRYPTSETUP_VERSION_FIPS, "crypt_init");
+	return kernel_fips_mode() && !access("/etc/system-fips", F_OK);
 }
 #endif /* ENABLE_FIPS */

lib/utils_fips.h

@@ -1,7 +1,7 @@
 /*
  * FIPS mode utilities
  *
- * Copyright (C) 2011-2013, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2015, Red Hat, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -21,9 +21,6 @@
 #ifndef _UTILS_FIPS_H
 #define _UTILS_FIPS_H
 
-struct crypt_device;
-
 int crypt_fips_mode(void);
-void crypt_fips_libcryptsetup_check(void);
 
 #endif /* _UTILS_FIPS_H */

lib/utils_loop.c

@@ -1,8 +1,8 @@
 /*
  * loopback block device utilities
  *
- * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2012, Milan Broz
+ * Copyright (C) 2011-2015, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2015, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -28,6 +28,9 @@
 #include <sys/ioctl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+# include <sys/sysmacros.h>     /* for major, minor */
+#endif
 #include <linux/loop.h>
 
 #include "utils_loop.h"
@@ -42,6 +45,10 @@
 #define LOOP_CTL_GET_FREE 0x4C82
 #endif
 
+#ifndef LOOP_SET_CAPACITY
+#define LOOP_SET_CAPACITY 0x4C07
+#endif
+
 static char *crypt_loop_get_device_old(void)
 {
 	char dev[20];
@@ -96,6 +103,7 @@ int crypt_loop_attach(const char *loop, const char *file, int offset,
 		      int autoclear, int *readonly)
 {
 	struct loop_info64 lo64 = {0};
+	char *lo_file_name;
 	int loop_fd = -1, file_fd = -1, r = 1;
 
 	file_fd = open(file, (*readonly ? O_RDONLY : O_RDWR) | O_EXCL);
@@ -110,7 +118,9 @@ int crypt_loop_attach(const char *loop, const char *file, int offset,
 	if (loop_fd < 0)
 		goto out;
 
-	strncpy((char*)lo64.lo_file_name, file, LO_NAME_SIZE);
+	lo_file_name = (char*)lo64.lo_file_name;
+	lo_file_name[LO_NAME_SIZE-1] = '\0';
+	strncpy(lo_file_name, file, LO_NAME_SIZE-1);
 	lo64.lo_offset = offset;
 	if (autoclear)
 		lo64.lo_flags |= LO_FLAGS_AUTOCLEAR;
@@ -157,6 +167,21 @@ int crypt_loop_detach(const char *loop)
 	return r;
 }
 
+int crypt_loop_resize(const char *loop)
+{
+	int loop_fd = -1, r = 1;
+
+	loop_fd = open(loop, O_RDONLY);
+	if (loop_fd < 0)
+                return 1;
+
+	if (!ioctl(loop_fd, LOOP_SET_CAPACITY, 0))
+		r = 0;
+
+	close(loop_fd);
+	return r;
+}
+
 static char *_ioctl_backing_file(const char *loop)
 {
 	struct loop_info64 lo64 = {0};

lib/utils_loop.h

@@ -1,7 +1,8 @@
 /*
  * loopback block device utilities
  *
- * Copyright (C) 2011-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2015, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2015, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -29,5 +30,6 @@ int crypt_loop_device(const char *loop);
 int crypt_loop_attach(const char *loop, const char *file, int offset,
 		      int autoclear, int *readonly);
 int crypt_loop_detach(const char *loop);
+int crypt_loop_resize(const char *loop);
 
 #endif /* _UTILS_LOOP_H */

lib/utils_wipe.c

@@ -29,6 +29,9 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/ioctl.h>
+#ifdef HAVE_SYS_SYSMACROS_H
+# include <sys/sysmacros.h>     /* for major, minor */
+#endif
 #include <fcntl.h>
 
 #include "libcryptsetup.h"
@@ -128,7 +131,7 @@ int crypt_wipe(struct device *device,
 	ssize_t written;
 
 	if (!size || size % SECTOR_SIZE || (size > MAXIMUM_WIPE_BYTES)) {
-		log_dbg("Unsuported wipe size for device %s: %ld.",
+		log_dbg("Unsupported wipe size for device %s: %ld.",
 			device_path(device), (unsigned long)size);
 		return -EINVAL;
 	}
@@ -183,7 +186,7 @@ int crypt_wipe(struct device *device,
 			written = _crypt_wipe_random(devfd, bsize, buffer, offset, size);
 			break;
 		default:
-			log_dbg("Unsuported wipe type requested: (%d)", type);
+			log_dbg("Unsupported wipe type requested: (%d)", type);
 			written = -1;
 	}
 

lib/verity/verity.c

@@ -35,7 +35,7 @@
 
 #define VERITY_SIGNATURE "verity\0\0"
 
-/* http://code.google.com/p/cryptsetup/wiki/DMVerity#Verity_superblock_format */
+/* https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity#verity-superblock-format */
 struct verity_sb {
 	uint8_t  signature[8];	/* "verity\0\0" */
 	uint32_t version;	/* superblock version */
@@ -63,11 +63,11 @@ int VERITY_read_sb(struct crypt_device *cd,
 	ssize_t hdr_size = sizeof(struct verity_sb);
 	int devfd = 0, sb_version;
 
-	log_dbg("Reading VERITY header of size %u on device %s, offset %" PRIu64 ".",
+	log_dbg("Reading VERITY header of size %zu on device %s, offset %" PRIu64 ".",
 		sizeof(struct verity_sb), device_path(device), sb_offset);
 
 	if (params->flags & CRYPT_VERITY_NO_HEADER) {
-		log_err(cd, _("Verity device doesn't use on-disk header.\n"),
+		log_err(cd, _("Verity device %s doesn't use on-disk header.\n"),
 			device_path(device));
 		return -EINVAL;
 	}
@@ -156,20 +156,21 @@ int VERITY_write_sb(struct crypt_device *cd,
 	int bsize = device_block_size(device);
 	struct verity_sb sb = {};
 	ssize_t hdr_size = sizeof(struct verity_sb);
+	char *algorithm;
 	uuid_t uuid;
 	int r, devfd = 0;
 
-	log_dbg("Updating VERITY header of size %u on device %s, offset %" PRIu64 ".",
+	log_dbg("Updating VERITY header of size %zu on device %s, offset %" PRIu64 ".",
 		sizeof(struct verity_sb), device_path(device), sb_offset);
 
 	if (!uuid_string || uuid_parse(uuid_string, uuid) == -1) {
-		log_err(cd, _("Wrong VERITY UUID format provided.\n"),
+		log_err(cd, _("Wrong VERITY UUID format provided on device %s.\n"),
 			device_path(device));
 		return -EINVAL;
 	}
 
 	if (params->flags & CRYPT_VERITY_NO_HEADER) {
-		log_err(cd, _("Verity device doesn't use on-disk header.\n"),
+		log_err(cd, _("Verity device %s doesn't use on-disk header.\n"),
 			device_path(device));
 		return -EINVAL;
 	}
@@ -187,7 +188,9 @@ int VERITY_write_sb(struct crypt_device *cd,
 	sb.hash_block_size = cpu_to_le32(params->hash_block_size);
 	sb.salt_size       = cpu_to_le16(params->salt_size);
 	sb.data_blocks     = cpu_to_le64(params->data_size);
-	strncpy((char *)sb.algorithm, params->hash_name, sizeof(sb.algorithm));
+	algorithm = (char *)sb.algorithm;
+	algorithm[sizeof(sb.algorithm)-1] = '\0';
+	strncpy(algorithm, params->hash_name, sizeof(sb.algorithm)-1);
 	memcpy(sb.salt, params->salt, params->salt_size);
 	memcpy(sb.uuid, uuid, sizeof(sb.uuid));
 

lib/volumekey.c

@@ -20,22 +20,31 @@
  */
 
 #include <string.h>
+#include <stdint.h>
 #include <stdlib.h>
 
 #include "internal.h"
 
-struct volume_key *crypt_alloc_volume_key(unsigned keylength, const char *key)
+struct volume_key *crypt_alloc_volume_key(size_t keylength, const char *key)
 {
-	struct volume_key *vk = malloc(sizeof(*vk) + keylength);
+	struct volume_key *vk;
 
+	if (keylength > (SIZE_MAX - sizeof(*vk)))
+		return NULL;
+
+	vk = malloc(sizeof(*vk) + keylength);
 	if (!vk)
 		return NULL;
 
 	vk->keylength = keylength;
-	if (key)
-		memcpy(&vk->key, key, keylength);
-	else
-		memset(&vk->key, 0, keylength);
+
+	/* keylength 0 is valid => no key */
+	if (vk->keylength) {
+		if (key)
+			memcpy(&vk->key, key, keylength);
+		else
+			crypt_memzero(&vk->key, keylength);
+	}
 
 	return vk;
 }
@@ -43,13 +52,13 @@ struct volume_key *crypt_alloc_volume_key(unsigned keylength, const char *key)
 void crypt_free_volume_key(struct volume_key *vk)
 {
 	if (vk) {
-		memset(vk->key, 0, vk->keylength);
+		crypt_memzero(vk->key, vk->keylength);
 		vk->keylength = 0;
 		free(vk);
 	}
 }
 
-struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, unsigned keylength)
+struct volume_key *crypt_generate_volume_key(struct crypt_device *cd, size_t keylength)
 {
 	int r;
 	struct volume_key *vk;

man/cryptsetup-reencrypt.8

@@ -1,4 +1,4 @@
-.TH CRYPTSETUP-REENCRYPT "8" "December 2013" "cryptsetup-reencrypt" "Maintenance Commands"
+.TH CRYPTSETUP-REENCRYPT "8" "January 2015" "cryptsetup-reencrypt" "Maintenance Commands"
 .SH NAME
 cryptsetup-reencrypt - tool for offline LUKS device re-encryption
 .SH SYNOPSIS
@@ -19,8 +19,6 @@ or kernel failures during reencryption (you can lose you data in this case).
 
 \fIALWAYS BE SURE YOU HAVE RELIABLE BACKUP BEFORE USING THIS TOOL.\fR
 .br
-\fITHIS TOOL IS EXPERIMENTAL.\fR
-
 The reencryption can be temporarily suspended (by TERM signal or by
 using ctrl+c) but you need to retain temporary files named LUKS-<uuid>.[log|org|new].
 LUKS device is unavailable until reencryption is finished though.
@@ -36,9 +34,16 @@ To start (or continue) re-encryption for <device> use:
 .PP
 \fIcryptsetup-reencrypt\fR <device>
 
-\fB<options>\fR can be [\-\-block-size, \-\-cipher, \-\-hash, \-\-iter-time,
-\-\-use-random | \-\-use-urandom, \-\-key-file, \-\-key-slot, \-\-keyfile-offset,
-\-\-keyfile-size, \-\-tries, \-\-use-directio, \-\-use-fsync, \-\-write-log]
+\fB<options>\fR can be [\-\-batch-mode, \-\-block-size, \-\-cipher, \-\-debug,
+\-\-device-size, \-\-hash, \-\-iter-time, \-\-use-random | \-\-use-urandom,
+\-\-keep-key, \-\-key-size, \-\-key-file, \-\-key-slot, \-\-keyfile-offset,
+\-\-keyfile-size, \-\-tries, \-\-use-directio, \-\-use-fsync, \-\-verbose, \-\-write-log,
+\-\-uuid]
+
+To encrypt data on (not yet encrypted) device, use \fI\-\-new\fR with combination
+with \fI\-\-reduce-device-size\fR.
+
+To remove encryption from device, use \fI\-\-decrypt\fR.
 
 For detailed description of encryption and key file options see \fIcryptsetup(8)\fR
 man page.
@@ -68,7 +73,7 @@ you can destructively shrink device with \-\-reduce-device-size option.
 .B "\-\-hash, \-h \fI<hash-spec>\fR"
 Specifies the hash used in the LUKS key setup scheme and volume key digest.
 
-NOTE: if this parameter is not specified, default hash algorithm is always used
+\fBNOTE:\fR if this parameter is not specified, default hash algorithm is always used
 for new device header.
 .TP
 .B "\-\-iter-time, \-i \fI<milliseconds>\fR"
@@ -83,7 +88,7 @@ Define which kernel random number generator will be used to create the volume ke
 .B "\-\-key-file, \-d \fIname\fR"
 Read the passphrase from file.
 
-WARNING: \-\-key-file option can be used only if there only one active keyslot,
+\fBWARNING:\fR \-\-key-file option can be used only if there only one active keyslot,
 or alternatively, also if \-\-key-slot option is specified (then all other keyslots
 will be disabled in new LUKS device).
 
@@ -93,7 +98,7 @@ passphrases.
 .B "\-\-key-slot, \-S <0-7>"
 Specify which key slot is used.
 
-WARNING: All other keyslots will be disabled if this option is used.
+\fBWARNING:\fR All other keyslots will be disabled if this option is used.
 .TP
 .B "\-\-keyfile-offset \fIvalue\fR"
 Skip \fIvalue\fR bytes at the beginning of the key file.
@@ -123,14 +128,14 @@ Instead of real device size, use specified value.
 It means that only specified area (from the start of the device
 to the specified size) will be reencrypted.
 
-WARNING: This is destructive operation.
+\fBWARNING:\fR This is destructive operation.
 
 If no unit suffix is specified, the size is in bytes.
 
 Unit suffix can be S for 512 byte sectors, K/M/G/T (or KiB,MiB,GiB,TiB)
 for units with 1024 base or KB/MB/GB/TB for 1000 base (SI scale).
 
-WARNING: This is destructive operation.
+\fBWARNING:\fR This is destructive operation.
 .TP
 .B "\-\-reduce-device-size \fIsize[units]\fR"
 Enlarge data offset to specified value by shrinking device size.
@@ -139,37 +144,49 @@ This means that last sectors on the original device will be lost,
 ciphertext data will be effectively shifted by specified
 number of sectors.
 
-It can be usefull if you e.g. added some space to underlying
+It can be useful if you e.g. added some space to underlying
 partition (so last sectors contains no data).
 
 For units suffix see \-\-device-size parameter description.
 
-WARNING: This is destructive operation and cannot be reverted.
+\fBWARNING:\fR This is destructive operation and cannot be reverted.
 Use with extreme care - shrinked filesystems are usually unrecoverable.
 
 You cannot shrink device more than by 64 MiB (131072 sectors).
 .TP
-.B "\-\-new, N"
+.B "\-\-new, \-N"
 Create new header (encrypt not yet encrypted device).
 
 This option must be used together with \-\-reduce-device-size.
 
-WARNING: This is destructive operation and cannot be reverted.
+\fBWARNING:\fR This is destructive operation and cannot be reverted.
+.TP
+.B "\-\-decrypt"
+Remove encryption (decrypt already encrypted device and remove LUKS header).
 
+\fBWARNING:\fR This is destructive operation and cannot be reverted.
 .TP
 .B "\-\-use-directio"
-Use direct-io (O_DIRECT) for all read/write data operations.
+Use direct-io (O_DIRECT) for all read/write data operations related
+to block device undergoing reencryption.
 
-Usefull if direct-io operations perform better than normal buffered
+Useful if direct-io operations perform better than normal buffered
 operations (e.g. in virtual environments).
 .TP
 .B "\-\-use-fsync"
-Use fsync call after every written block.
+Use fsync call after every written block. This applies for reencryption
+log files as well.
 .TP
 .B "\-\-write-log"
 Update log file after every block write. This can slow down reencryption
 but will minimize data loss in the case of system crash.
 .TP
+.B "\-\-uuid" \fI<uuid>\fR
+Use only while resuming an interrupted decryption process (see \-\-decrypt).
+
+To find out what \fI<uuid>\fR to pass look for temporary files LUKS-<uuid>.[|log|org|new]
+of the interrupted decryption process.
+.TP
 .B "\-\-batch-mode, \-q"
 Suppresses all warnings and reencryption progress output.
 .TP
@@ -187,18 +204,24 @@ Reencrypt /dev/sdb1 (change volume key)
 cryptsetup-reencrypt /dev/sdb1
 .TP
 Reencrypt and also change cipher and cipher mode
-cryptsetup-reencrypt /dev/sdb1 -c aes-xts-plain64
+cryptsetup-reencrypt /dev/sdb1 \-c aes-xts-plain64
 .TP
 Add LUKS encryption to not yet encrypted device
 
 First, be sure you have space added to disk.
+
 Or alternatively shrink filesystem in advance.
 .br
 Here we need 4096 512-bytes sectors (enough for 2x128 bit key).
 
-fdisk -u /dev/sdb # move sdb1 partition end + 4096 sectors
+fdisk \-u /dev/sdb # move sdb1 partition end + 4096 sectors
+(or use resize2fs or tool for your filesystem and shrink it)
 
-cryptsetup-reencrypt /dev/sdb1 --new --reduce-device-size 4096
+cryptsetup-reencrypt /dev/sdb1 \-\-new \-\-reduce-device-size 4096S
+.TP
+Remove LUKS encryption completely
+
+cryptsetup-reencrypt /dev/sdb1 \-\-decrypt
 
 .SH REPORTING BUGS
 Report bugs, including ones in the documentation, on
@@ -209,11 +232,11 @@ Please attach the output of the failed command with the
 .SH AUTHORS
 Cryptsetup-reencrypt was written by Milan Broz <gmazyland@gmail.com>.
 .SH COPYRIGHT
-Copyright \(co 2012-2014 Milan Broz
+Copyright \(co 2012-2015 Milan Broz
 .br
 Copyright \(co 2012-2013 Red Hat, Inc.
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 .SH SEE ALSO
-The project website at \fBhttp://code.google.com/p/cryptsetup/\fR
+The project website at \fBhttps://gitlab.com/cryptsetup/cryptsetup\fR

man/cryptsetup.8

@@ -12,7 +12,7 @@ and can hence offer more features than plain dm-crypt. On the other
 hand, the header is visible and vulnerable to damage.
 
 In addition, cryptsetup provides limited support for the use of
-historic loopaes volumes and for TruerCrypt compatible volumes.
+historic loopaes volumes and for TrueCrypt compatible volumes.
 
 .SH PLAIN DM-CRYPT OR LUKS?
 .PP
@@ -131,7 +131,7 @@ Opens (creates a mapping with) <name> backed by device <device>.
 \-\-key-file, \-\-keyfile-offset, \-\-key-size, \-\-offset, \-\-skip, \-\-size,
 \-\-readonly, \-\-shared, \-\-allow-discards]
 
-Example: 'cryptsetup open --type plain /dev/sda10 e1' maps the raw
+Example: 'cryptsetup open \-\-type plain /dev/sda10 e1' maps the raw
 encrypted device /dev/sda10 to the mapped (decrypted) device
 /dev/mapper/e1, which can then be mounted, fsck-ed or have a
 filesystem created on it.
@@ -160,6 +160,14 @@ Key operations that do not specify a slot affect the first slot
 that matches the supplied passphrase or the first empty slot if
 a new passphrase is added.
 
+The \fB<device>\fR parameter can be also specified by a LUKS UUID in the
+format UUID=<uuid>. Translation to real device name uses symlinks
+in /dev/disk/by-uuid directory.
+
+To specify a detached header, the \fB\-\-header\fR parameter can be used
+in all LUKS commands and always takes precedence over positional \fB<device>\fR
+parameter.
+
 The following are valid LUKS actions:
 
 \fIluksFormat\fR <device> [<key file>]
@@ -196,9 +204,6 @@ successful verification of the supplied passphrase.
 If the passphrase is not supplied via \-\-key-file, the command
 prompts for it interactively.
 
-The <device> parameter can be also specified by LUKS UUID in the
-format UUID=<uuid>, which uses the symlinks in /dev/disk/by-uuid.
-
 \fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
 \-\-keyfile\-size, \-\-readonly, \-\-test\-passphrase,
 \-\-allow\-discards, \-\-header, \-\-key-slot, \-\-master\-key\-file].
@@ -235,7 +240,7 @@ or read from the file given as positional argument.
 \fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
 \-\-keyfile\-size, \-\-new\-keyfile\-offset,
 \-\-new\-keyfile\-size, \-\-key\-slot, \-\-master\-key\-file,
-\-\-iter\-time, \-\-force\-password].
+\-\-iter\-time, \-\-force\-password, \-\-header].
 .PP
 \fIluksRemoveKey\fR <device> [<key file with passphrase to be removed>]
 .IP
@@ -244,11 +249,11 @@ passphrase to be removed can be specified interactively,
 as positional argument or via \-\-key-file.
 
 \fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
-\-\-keyfile\-size]
+\-\-keyfile\-size, \-\-header]
 
 \fBWARNING:\fR If you read the passphrase from stdin
 (without further argument or with '-' as argument
-to \-\-key\-file), batch-mode (-q) will be implicitely
+to \-\-key\-file), batch-mode (\-q) will be implicitly
 switched on and no warning will be given when you remove the
 last remaining passphrase from a LUKS container. Removing
 the last passphrase makes the LUKS container permanently
@@ -277,26 +282,32 @@ inaccessible.
 
 \fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
 \-\-keyfile\-size, \-\-new\-keyfile\-offset,
-\-\-new\-keyfile\-size, \-\-key\-slot, \-\-force\-password].
+\-\-new\-keyfile\-size, \-\-key\-slot, \-\-force\-password, \-\-header].
 .PP
 \fIluksKillSlot\fR <device> <key slot number>
 .IP
-Wipe the key-slot number <key slot> from the LUKS device. A remaining
-passphrase must be supplied, either interactively or via \-\-key-file.
+Wipe the key-slot number <key slot> from the LUKS device. Except running
+in batch-mode (\-q) a remaining passphrase must be supplied,
+either interactively or via \-\-key-file.
 This command can remove the last remaining key-slot, but requires
 an interactive confirmation when doing so. Removing the last
 passphrase makes a LUKS container permanently inaccessible.
 
 \fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
-\-\-keyfile\-size].
+\-\-keyfile\-size, \-\-header].
 
 \fBWARNING:\fR If you read the passphrase from stdin
 (without further argument or with '-' as argument
-to \-\-key-file), batch-mode (-q) will be implicitely
+to \-\-key-file), batch-mode (\-q) will be implicitly
 switched on and no warning will be given when you remove the
 last remaining passphrase from a LUKS container. Removing
 the last passphrase makes the LUKS container permanently
 inaccessible.
+
+\fBNOTE:\fR If there is no passphrase provided (on stdin or through
+\-\-key-file argument) and batch-mode (\-q) is active, the
+key-slot is removed without any other warning.
+
 .PP
 \fIerase\fR <device>
 .br
@@ -334,7 +345,7 @@ In order to dump the master key, a passphrase has to be supplied,
 either interactively or via \-\-key\-file.
 
 \fB<options>\fR can be [\-\-dump\-master\-key, \-\-key\-file,
-\-\-keyfile\-offset, \-\-keyfile\-size].
+\-\-keyfile\-offset, \-\-keyfile\-size, \-\-header].
 
 \fBWARNING:\fR If \-\-dump\-master\-key is used with \-\-key\-file
 and the argument to \-\-key\-file is '-', no validation question
@@ -387,6 +398,14 @@ If the key file is encrypted with GnuPG, then you have to use
 gpg \-\-decrypt <keyfile> | cryptsetup loopaesOpen \-\-key\-file=\-
 <device> <name>
 
+\fBWARNING:\fR The loop-AES extension cannot use direct input of key file
+on real terminal because the keys are separated by end-of-line and only part
+of the multi-key file would be read.
+.br
+If you need it in script, just use the pipe redirection:
+.br
+echo $keyfile | cryptsetup loopaesOpen \-\-key\-file=\- <device> <name>
+
 Use \fB\-\-keyfile\-size\fR to specify the proper key length if needed.
 
 Use \fB\-\-offset\fR to specify device offset. Note that the units
@@ -406,8 +425,9 @@ size).
 .PP
 See also section 7 of the FAQ and \fBhttp://loop-aes.sourceforge.net\fR
 for more information regarding loop-AES.
-.SH TCRYPT (TrueCrypt-compatible) EXTENSION
-cryptsetup supports mapping of TrueCrypt or tcplay encrypted partition
+.SH TCRYPT (TrueCrypt-compatible and VeraCrypt) EXTENSION
+cryptsetup supports mapping of TrueCrypt, tcplay or VeraCrypt
+(with \fB\-\-veracrypt\fR option) encrypted partition
 using a native Linux kernel API.
 Header formatting and TCRYPT header change is not supported, cryptsetup
 never changes TCRYPT header on-device.
@@ -425,6 +445,11 @@ Cryptsetup should recognize all header variants, except legacy cipher chains
 using LRW encryption mode with 64 bits encryption block (namely Blowfish
 in LRW mode is not recognized, this is limitation of kernel crypto API).
 
+To recognize VeraCrypt device  use \fB\-\-veracrypt\fR option.
+VeraCrypt is just extension of TrueCrypt header with increased
+iteration count so unlocking can take quite a lot of time (in comparison
+with TCRYPT device).
+
 \fBNOTE:\fR Activation with \fBtcryptOpen\fR is supported only for cipher chains
 using LRW or XTS encryption modes.
 
@@ -438,7 +463,7 @@ device, not image in file), then only this partition is mapped.
 
 If you have whole TCRYPT device as a file image and you want to map multiple
 partition encrypted with system encryption, please create loopback mapping
-with partitions first (\fBlosetup -P\fR, see \fPlosetup(8)\fR man page for more info),
+with partitions first (\fBlosetup \-P\fR, see \fPlosetup(8)\fR man page for more info),
 and use loop partition as the device parameter.
 
 If you use whole base device as parameter, one device for the whole system
@@ -574,7 +599,7 @@ The current default in the distributed sources is
 "aes-cbc-essiv:sha256" for plain dm-crypt and
 "aes-xts-plain64" for LUKS.
 
-If a hash is part of the cipher spefification, then it is
+If a hash is part of the cipher specification, then it is
 used as part of the IV generation. For example, ESSIV
 needs a hash function, while "plain64" does not and
 hence none is specified.
@@ -657,7 +682,7 @@ master key which will compromise security.
 For \fIluksAddKey\fR this allows adding a new passphrase
 without having to know an exiting one.
 
-For \fIopen\fR this allows to open the LUKS device
+For \fIopen\fR this allows one to open the LUKS device
 without giving a passphrase.
 .TP
 .B "\-\-dump\-master\-key"
@@ -795,11 +820,33 @@ because it can make filesystem-level operations visible on
 the physical device. For example, information leaking
 filesystem type, used space, etc. may be extractable from
 the physical device if the discarded blocks can be located
-later. If in doubt, do no use it.
+later. If in doubt, do not use it.
 
 A kernel version of 3.1 or later is needed. For earlier kernels
 this option is ignored.
 .TP
+.B "\-\-perf\-same_cpu_crypt\fR"
+Perform encryption using the same cpu that IO was submitted on.
+The default is to use an unbound workqueue so that encryption work
+is automatically balanced between available CPUs.
+This option is only relevant for \fIopen\fR action.
+
+\fBNOTE:\fR This option is available only for low-level dm-crypt
+performance tuning, use only if you need a change to default dm-crypt
+behaviour. Needs kernel 4.0 or later.
+.TP
+.B "\-\-perf\-submit_from_crypt_cpus\fR"
+Disable offloading writes to a separate thread after encryption.
+There are some situations where offloading write bios from the
+encryption threads to a single thread degrades performance
+significantly.  The default is to offload write bios to the same
+thread.
+This option is only relevant for \fIopen\fR action.
+
+\fBNOTE:\fR This option is available only for low-level dm-crypt
+performance tuning, use only if you need a change to default dm-crypt
+behaviour. Needs kernel 4.0 or later.
+.TP
 .B "\-\-test\-passphrase\fR"
 Do not activate device, just verify passphrase.
 This option is only relevant for \fIopen\fR action (the device
@@ -807,7 +854,7 @@ mapping name is not mandatory if this option is used).
 .TP
 .B "\-\-header\fR <device or file storing the LUKS header>"
 Use a detached (separated) metadata device or file where the
-LUKS header is stored. This options allows to store ciphertext
+LUKS header is stored. This options allows one to store ciphertext
 and LUKS header on different devices.
 
 This option is only relevant for LUKS devices and can be
@@ -838,7 +885,7 @@ This option applies only to \fIluksFormat\fR, \fIluksAddKey\fR and
 password quality checking support.
 
 For more info about password quality check, see manual page
-for \fBpwquality.conf(5)\fR.
+for \fBpwquality.conf(5)\fR and \fBpasswdqc.conf(5)\fR.
 .TP
 .B "\-\-version"
 Show the program version.
@@ -869,12 +916,12 @@ of the used cipher, or the size specified with \-s.
 \fBFrom stdin\fR: Reading will continue until a newline (or until
 the maximum input size is reached), with the trailing newline
 stripped. The maximum input size is defined by the same
-compiled-in default as for the maximum key file size and  can
+compiled-in default as for the maximum key file size and can
 be overwritten using \-\-keyfile-size option.
 
 The data read will be hashed with the default hash
 or the hash specified with \-\-hash.
-The has result will be truncated to the key size
+The hash result will be truncated to the key size
 of the used cipher, or the size specified with \-s.
 
 Note that if \-\-key-file=- is used for reading the key
@@ -891,8 +938,16 @@ less than the key size.
 \fBFrom a key file\fR: It will be truncated to the
 key size of the used cipher or the size given by \-s
 and directly used as binary key.
-if the key file is shorter than the key, cryptsetup
+
+\fBWARNING\fR: The \-\-hash argument is being ignored.
+The \-\-hash option is usable only for stdin input in plain mode.
+
+If the key file is shorter than the key, cryptsetup
 will quit with an error.
+The maximum input size is defined by the same
+compiled-in default as for the maximum key file size and can
+be overwritten using \-\-keyfile-size option.
+
 
 .SH NOTES ON PASSPHRASE PROCESSING FOR LUKS
 LUKS uses PBKDF2 to protect against dictionary attacks
@@ -1003,7 +1058,7 @@ or in the 'Issues' section on LUKS website.
 Please attach the output of the failed command with the
 \-\-debug option added.
 .SH AUTHORS
-cryptsetup originally written by Christophe Saout <christophe@saout.de>
+cryptsetup originally written by Jana Saout <jana@saout.de>
 .br
 The LUKS extensions and original man page were written by
 Clemens Fruhwirth <clemens@endorphin.org>.
@@ -1012,26 +1067,26 @@ Man page extensions by Milan Broz <gmazyland@gmail.com>.
 .br
 Man page rewrite and extension by Arno Wagner <arno@wagner.name>.
 .SH COPYRIGHT
-Copyright \(co 2004 Christophe Saout
+Copyright \(co 2004 Jana Saout
 .br
 Copyright \(co 2004-2006 Clemens Fruhwirth
 .br
-Copyright \(co 2009-2012 Red Hat, Inc.
+Copyright \(co 2009-2015 Red Hat, Inc.
 .br
-Copyright \(co 2009-2014 Milan Broz
+Copyright \(co 2009-2015 Milan Broz
 .br
 Copyright \(co 2012-2014 Arno Wagner
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 .SH SEE ALSO
-The LUKS website at \fBhttp://code.google.com/p/cryptsetup/\fR
+The LUKS website at \fBhttps://gitlab.com/cryptsetup/cryptsetup/\fR
 
 The cryptsetup FAQ, contained in the distribution package and
 online at
-\fBhttp://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions\fR
+\fBhttps://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions\fR
 
 The cryptsetup mailing list and list archive, see FAQ entry 1.6.
 
 The LUKS on-disk format specification available at
-\fBhttp://code.google.com/p/cryptsetup/wiki/Specification\fR
+\fBhttps://gitlab.com/cryptsetup/cryptsetup/wikis/Specification\fR

man/veritysetup.8

@@ -37,7 +37,8 @@ Creates a mapping with <name> backed by device <data_device> and using
 
 The <root_hash> is a hexadecimal string.
 
-\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock]
+\fB<options>\fR can be [\-\-hash-offset, \-\-no-superblock,
+\-\-ignore-corruption or \-\-restart-on-corruption, \-\-ignore-zero-blocks]
 
 If option \-\-no-superblock is used, you have to use as the same options
 as in initial format operation.
@@ -82,7 +83,7 @@ Create or use dm-verity without permanent on-disk superblock.
 .TP
 .B "\-\-format=number"
 Specifies the hash version type.
-Format type 0 is original Chrome OS verion. Format type 1 is current version.
+Format type 0 is original Chrome OS version. Format type 1 is current version.
 .TP
 .B "\-\-data-block-size=bytes"
 Used block size for the data device.
@@ -110,6 +111,24 @@ Use the provided UUID for format command instead of generating new one.
 The UUID must be provided in standard UUID format,
 e.g. 12345678-1234-1234-1234-123456789abc.
 .TP
+.B "\-\-ignore-corruption", "\-\-restart-on-corruption"
+Defines what to do if data integrity problem is detected (data corruption).
+
+Without these options kernel fails the IO operation with I/O error.
+With \-\-ignore-corruption option the corruption is only logged.
+With \-\-restart-on-corruption the kernel is restarted immediatelly.
+(You have to provide way how to avoid restart loops.)
+
+\fBWARNING:\fR Use these options only for very specific cases.
+These options are available since Linux kernel version 4.1.
+.TP
+.B "\-\-ignore-zero-blocks"
+Instruct kernel to not verify blocks that are expected to contain zeroes
+and always directly return zeroes instead.
+
+\fBWARNING:\fR Use this option only in very specific cases.
+This option is available since Linux kernel version 4.5.
+.TP
 .B "\-\-version"
 Show the program version.
 .SH RETURN CODES
@@ -130,14 +149,14 @@ The first implementation of veritysetup was written by Chrome OS authors.
 This version is based on verification code written by Mikulas Patocka <mpatocka@redhat.com>
 and rewritten for libcryptsetup by Milan Broz <gmazyland@gmail.com>.
 .SH COPYRIGHT
-Copyright \(co 2012-2013 Red Hat, Inc.
+Copyright \(co 2012-2016 Red Hat, Inc.
 .br
-Copyright \(co 2012-2013 Milan Broz
+Copyright \(co 2012-2016 Milan Broz
 
 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 .SH SEE ALSO
-The project website at \fBhttp://code.google.com/p/cryptsetup/\fR
+The project website at \fBhttps://gitlab.com/cryptsetup/cryptsetup\fR
 
 The verity on-disk format specification available at
-\fBhttp://code.google.com/p/cryptsetup/wiki/DMVerity\fR
+\fBhttps://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity\fR

misc/dracut_90reencrypt/README

@@ -11,9 +11,11 @@ e.g. rd.luks.reencrypt=sda2:52G means only 52G of device
 will be reencrypted (default is whole device).
 (Name is kernel name of device.)
 
-Also, you may specify keyslot which you want to use for reencryption,
-rd.luks.reencrypt_keyslot=<keyslot_number>. Bear in mind that if you
-use this option, all other keyslots will be deactivated.
+If there's more than single active keyslot in the target luks device
+you're required to select one keyslot explicitly for reencryption via
+rd.luks.reencrypt_keyslot=<keyslot_number> option. Bear in mind that
+if you use this option, all other keyslots will get deactivated in the
+process.
 
 Another argument, rd.luks.reencrypt_key=/dev/sda:/path/to/keyfile
 can be used to read password for specific keyslot from device containing

misc/dracut_90reencrypt/module-setup.sh

@@ -24,6 +24,8 @@ install() {
 
     dracut_install cryptsetup-reencrypt
 
+    # moddir variable is assigned in dracut general shell lib
+    # shellcheck disable=SC2154
     inst_hook cmdline 30 "$moddir/parse-reencrypt.sh"
     inst_simple "$moddir"/reencrypt.sh /sbin/reencrypt
 }

misc/dracut_90reencrypt/reencrypt.sh

@@ -39,7 +39,8 @@ reenc_readkey() {
 }
 
 reenc_run() {
-    local cwd=$(pwd)
+    local cwd
+    cwd=$(pwd)
     local _prompt="LUKS password for REENCRYPTING $device"
     cd /tmp
     if [ "$1" = "none" ] ; then

po/LINGUAS

@@ -1,4 +1,5 @@
 cs
+da
 de
 es
 fi
@@ -7,6 +8,9 @@ id
 it
 nl
 pl
+pt_BR
+sr
 sv
 uk
 vi
+zh_CN

po/id.po

@@ -11,6 +11,7 @@ msgstr ""
 "PO-Revision-Date: 2010-01-27 07:30+0700\n"
 "Last-Translator: Arif E. Nugroho <arif_endro@yahoo.com>\n"
 "Language-Team: Indonesian <translation-team-id@lists.sourceforge.net>\n"
+"X-Bugs: Report translation errors to the Language-Team address.\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=ISO-8859-1\n"
 "Content-Transfer-Encoding: 8bit\n"

python/Makefile.am

@@ -10,7 +10,7 @@ pyexec_LTLIBRARIES = pycryptsetup.la
 pycryptsetup_la_SOURCES = pycryptsetup.c
 pycryptsetup_la_CPPFLAGS = $(AM_CPPFLAGS) $(PYTHON_CPPFLAGS) -fno-strict-aliasing
 pycryptsetup_la_LDFLAGS = -avoid-version -module -shared -export-dynamic
-pycryptsetup_la_LIBADD = $(top_builddir)/lib/libcryptsetup.la -lpython$(PYTHON_VERSION)
+pycryptsetup_la_LIBADD = $(top_builddir)/lib/libcryptsetup.la $(PYTHON_LIBS)
 else
 all:
 endif

python/pycryptsetup-test.py

@@ -2,7 +2,7 @@
 #
 # Python bindings to libcryptsetup test
 #
-# Copyright (C) 2011, Red Hat, Inc. All rights reserved.
+# Copyright (C) 2011-2014, Red Hat, Inc. All rights reserved.
 #
 # This file is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -18,6 +18,8 @@
 # License along with this file; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
+from __future__ import print_function
+
 import sys
 import os
 
@@ -31,11 +33,11 @@ DEVICE = "pycryptsetup_test_dev"
 
 def log(level, txt):
     if level == pycryptsetup.CRYPT_LOG_ERROR:
-        print txt,
+        print(txt,end="")
     return
 
 def askyes(txt):
-    print "Question:", txt
+    print("Question:", txt)
     return 1
 
 def askpassword(txt):
@@ -43,17 +45,17 @@ def askpassword(txt):
 
 def print_status(c):
     r = c.status()
-    print "status  :",
+    print("status  :",end="")
     if r == pycryptsetup.CRYPT_ACTIVE:
-        print "ACTIVE"
+        print("ACTIVE")
     elif r == pycryptsetup.CRYPT_INACTIVE:
-        print "INACTIVE"
+        print("INACTIVE")
     else:
-       print "ERROR"
+       print("ERROR")
     return
 
 if os.geteuid() != 0:
-	print "WARNING: You must be root to run this test, test skipped."
+	print("WARNING: You must be root to run this test, test skipped.")
 	sys.exit(0)
 
 os.system("dd if=/dev/zero of=" + IMG + " bs=1M count=32 >/dev/null 2>&1")
@@ -69,36 +71,36 @@ c = pycryptsetup.CryptSetup(
 c.debugLevel(pycryptsetup.CRYPT_DEBUG_NONE);
 c.iterationTime(1)
 r =  c.isLuks()
-print "isLuks  :", r
+print("isLuks  :", r)
 c.askyes(message = "Is there anybody out there?")
 c.log(priority = pycryptsetup.CRYPT_LOG_ERROR, message = "Nobody there...\n")
 c.luksFormat(cipher = "aes", cipherMode= "xts-plain64", keysize = 512)
-print "isLuks  :", c.isLuks()
-print "luksUUID:", c.luksUUID()
-print "addKeyVK:", c.addKeyByVolumeKey(newPassphrase = PASSWORD, slot = 2)
-print "addKeyP :", c.addKeyByPassphrase(passphrase = PASSWORD,
-					newPassphrase = PASSWORD2, slot = 3)
-print "removeP :", c.removePassphrase(passphrase = PASSWORD2)
-print "addKeyP :", c.addKeyByPassphrase(PASSWORD, PASSWORD2)
+print("isLuks  :", c.isLuks())
+print("luksUUID:", c.luksUUID())
+print("addKeyVK:", c.addKeyByVolumeKey(newPassphrase = PASSWORD, slot = 2))
+print("addKeyP :", c.addKeyByPassphrase(passphrase = PASSWORD,
+					newPassphrase = PASSWORD2, slot = 3))
+print("removeP :", c.removePassphrase(passphrase = PASSWORD2))
+print("addKeyP :", c.addKeyByPassphrase(PASSWORD, PASSWORD2))
 # original api required wrong passphrase parameter here
 # print "killSlot:", c.killSlot(passphrase = "xxx", slot = 0)
-print "killSlot:", c.killSlot(slot = 0)
-print "activate:", c.activate(name = DEVICE, passphrase = PASSWORD)
-print "suspend :", c.suspend()
+print("killSlot:", c.killSlot(slot = 0))
+print("activate:", c.activate(name = DEVICE, passphrase = PASSWORD))
+print("suspend :", c.suspend())
 # os.system("dmsetup info -c " + DEVICE)
-print "resume  :", c.resume(passphrase = PASSWORD)
+print("resume  :", c.resume(passphrase = PASSWORD))
 print_status(c)
 info = c.info()
-print "cipher  :", info["cipher"]
-print "cmode   :", info["cipher_mode"]
-print "keysize :", info["keysize"]
-print "dir     :", info["dir"]
-print "device  :", info["device"]
-print "offset  :", info["offset"]
-print "name    :", info["name"]
-print "uuid    :", info["uuid"]
+print("cipher  :", info["cipher"])
+print("cmode   :", info["cipher_mode"])
+print("keysize :", info["keysize"])
+print("dir     :", info["dir"])
+print("device  :", info["device"])
+print("offset  :", info["offset"])
+print("name    :", info["name"])
+print("uuid    :", info["uuid"])
 # os.system("cryptsetup luksDump " + info["device"])
-print "deact.  :", c.deactivate()
+print("deact.  :", c.deactivate())
 
 del c
 
@@ -109,7 +111,7 @@ c = pycryptsetup.CryptSetup(
         logFunc = log,
         passwordDialog = askpassword)
 
-print "activate:", c.activate(name = DEVICE, passphrase = PASSWORD)
+print("activate:", c.activate(name = DEVICE, passphrase = PASSWORD))
 
 c2 = pycryptsetup.CryptSetup(
         name = DEVICE,
@@ -118,13 +120,13 @@ c2 = pycryptsetup.CryptSetup(
         passwordDialog = askpassword)
 
 info = c2.info()
-print "cipher  :", info["cipher"]
-print "cmode   :", info["cipher_mode"]
-print "keysize :", info["keysize"]
+print("cipher  :", info["cipher"])
+print("cmode   :", info["cipher_mode"])
+print("keysize :", info["keysize"])
 
-print "deact.  :", c.deactivate()
+print("deact.  :", c.deactivate())
 r = c2.deactivate()
-print "deact.  :", r
+print("deact.  :", r)
 del c
 del c2
 

python/pycryptsetup.c

@@ -1,7 +1,7 @@
 /*
  * Python bindings to libcryptsetup
  *
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2014, Red Hat, Inc. All rights reserved.
  * Written by Martin Sivak
  *
  * This file is free software; you can redistribute it and/or
@@ -25,6 +25,29 @@
 
 #include "libcryptsetup.h"
 
+/* Python API use char* where const char* should be used... */
+#define CONST_CAST(x) (x)(uintptr_t)
+
+#if PY_MAJOR_VERSION < 3
+  #define MOD_ERROR_VAL
+  #define MOD_SUCCESS_VAL(val)
+  #define MOD_INIT(name) void init##name(void)
+  #define MOD_DEF(ob, name, doc, methods) \
+          ob = Py_InitModule3(name, methods, doc);
+#else
+  #define PyInt_AsLong PyLong_AsLong
+  #define PyInt_Check PyLong_Check
+  #define MOD_ERROR_VAL NULL
+  #define MOD_SUCCESS_VAL(val) val
+  #define MOD_INIT(name) PyMODINIT_FUNC PyInit_##name(void)
+  #define MOD_DEF(ob, name, doc, methods) \
+          static struct PyModuleDef moduledef = { \
+            PyModuleDef_HEAD_INIT, name, doc, -1, methods, }; \
+          ob = PyModule_Create(&moduledef);
+#endif
+
+MOD_INIT(pycryptsetup);
+
 typedef struct {
 	PyObject_HEAD
 
@@ -128,7 +151,7 @@ static void CryptSetup_dealloc(CryptSetupObject* self)
 	crypt_free(self->device);
 
 	/* free self */
-	self->ob_type->tp_free((PyObject*)self);
+	Py_TYPE(self)->tp_free((PyObject*)self);
 }
 
 static PyObject *CryptSetup_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
@@ -155,17 +178,19 @@ static PyObject *PyObjectResult(int is)
 	return result;
 }
 
-#define CryptSetup_HELP "CryptSetup object\n\n\
+static char
+CryptSetup_HELP[] =
+"CryptSetup object\n\n\
 constructor takes one to five arguments:\n\
   __init__(device, name, yesDialog, passwordDialog, logFunc)\n\n\
   yesDialog - python function with func(text) signature, \n\
               which asks the user question text and returns 1\n\
               of the answer was positive or 0 if not\n\
-  logFunc   - python function with func(level, text) signature to log stuff somewhere"
+  logFunc   - python function with func(level, text) signature to log stuff somewhere";
 
 static int CryptSetup_init(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
-	static char *kwlist[] = {"device", "name", "yesDialog", "passwordDialog", "logFunc", NULL};
+	static const char *kwlist[] = {"device", "name", "yesDialog", "passwordDialog", "logFunc", NULL};
 	PyObject *yesDialogCB = NULL,
 		 *passwordDialogCB = NULL,
 		 *cmdLineLogCB = NULL,
@@ -173,7 +198,7 @@ static int CryptSetup_init(CryptSetupObject* self, PyObject *args, PyObject *kwd
 	char *device = NULL, *deviceName = NULL;
 	int r;
 
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zzOOO", kwlist, &device, &deviceName,
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zzOOO", CONST_CAST(char**)kwlist, &device, &deviceName,
 					 &yesDialogCB, &passwordDialogCB, &cmdLineLogCB))
 		return -1;
 
@@ -229,16 +254,18 @@ static int CryptSetup_init(CryptSetupObject* self, PyObject *args, PyObject *kwd
 	return 0;
 }
 
-#define CryptSetup_activate_HELP "Activate LUKS device\n\n\
-  activate(name)"
+static char
+CryptSetup_activate_HELP[] =
+"Activate LUKS device\n\n\
+  activate(name)";
 
 static PyObject *CryptSetup_activate(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
-	static char *kwlist[] = {"name", "passphrase", NULL};
+	static const char *kwlist[] = {"name", "passphrase", NULL};
 	char *name = NULL, *passphrase = NULL;
 	int is;
 
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "s|s", kwlist, &name, &passphrase))
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "s|s", CONST_CAST(char**)kwlist, &name, &passphrase))
 		return NULL;
 
 	// FIXME: allow keyfile and \0 in passphrase
@@ -253,8 +280,10 @@ static PyObject *CryptSetup_activate(CryptSetupObject* self, PyObject *args, PyO
 	return PyObjectResult(is);
 }
 
-#define CryptSetup_deactivate_HELP "Dectivate LUKS device\n\n\
-  deactivate()"
+static char
+CryptSetup_deactivate_HELP[] =
+"Dectivate LUKS device\n\n\
+  deactivate()";
 
 static PyObject *CryptSetup_deactivate(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
@@ -268,15 +297,17 @@ static PyObject *CryptSetup_deactivate(CryptSetupObject* self, PyObject *args, P
 	return PyObjectResult(is);
 }
 
-#define CryptSetup_askyes_HELP "Asks a question using the configured dialog CB\n\n\
-  int askyes(message)"
+static char
+CryptSetup_askyes_HELP[] =
+"Asks a question using the configured dialog CB\n\n\
+  int askyes(message)";
 
 static PyObject *CryptSetup_askyes(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
-	static char *kwlist[] = {"message", NULL};
+	static const char *kwlist[] = {"message", NULL};
 	PyObject *message = NULL, *result, *arglist;
 
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "O", kwlist, &message))
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "O", CONST_CAST(char**)kwlist, &message))
 		return NULL;
 
 	Py_INCREF(message);
@@ -294,15 +325,17 @@ static PyObject *CryptSetup_askyes(CryptSetupObject* self, PyObject *args, PyObj
 	return result;
 }
 
-#define CryptSetup_log_HELP "Logs a string using the configured log CB\n\n\
-  log(int level, message)"
+static char
+CryptSetup_log_HELP[] =
+"Logs a string using the configured log CB\n\n\
+  log(int level, message)";
 
 static PyObject *CryptSetup_log(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
-	static char *kwlist[] = {"priority", "message", NULL};
+	static const char *kwlist[] = {"priority", "message", NULL};
 	PyObject *message = NULL, *priority = NULL, *result, *arglist;
 
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "OO", kwlist, &message, &priority))
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "OO", CONST_CAST(char**)kwlist, &message, &priority))
 		return NULL;
 
 	Py_INCREF(message);
@@ -322,8 +355,10 @@ static PyObject *CryptSetup_log(CryptSetupObject* self, PyObject *args, PyObject
 	return result;
 }
 
-#define CryptSetup_luksUUID_HELP "Get UUID of the LUKS device\n\n\
-  luksUUID()"
+static char
+CryptSetup_luksUUID_HELP[] =
+"Get UUID of the LUKS device\n\n\
+  luksUUID()";
 
 static PyObject *CryptSetup_luksUUID(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
@@ -336,17 +371,21 @@ static PyObject *CryptSetup_luksUUID(CryptSetupObject* self, PyObject *args, PyO
 	return result;
 }
 
-#define CryptSetup_isLuks_HELP "Is the device LUKS?\n\n\
-  isLuks()"
+static char
+CryptSetup_isLuks_HELP[] =
+"Is the device LUKS?\n\n\
+  isLuks()";
 
 static PyObject *CryptSetup_isLuks(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
 	return PyObjectResult(crypt_load(self->device, CRYPT_LUKS1, NULL));
 }
 
-#define CryptSetup_Info_HELP "Returns dictionary with info about opened device\nKeys:\n\
+static char
+CryptSetup_Info_HELP[] =
+"Returns dictionary with info about opened device\nKeys:\n\
   dir\n  name\n  uuid\n  cipher\n  cipher_mode\n  keysize\n  device\n\
-  offset\n  size\n  skip\n  mode\n"
+  offset\n  size\n  skip\n  mode\n";
 
 static PyObject *CryptSetup_Info(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
@@ -371,20 +410,22 @@ static PyObject *CryptSetup_Info(CryptSetupObject* self, PyObject *args, PyObjec
 	return result;
 }
 
-#define CryptSetup_luksFormat_HELP "Format device to enable LUKS\n\n\
+static char
+CryptSetup_luksFormat_HELP[] =
+"Format device to enable LUKS\n\n\
   luksFormat(cipher = 'aes', cipherMode = 'cbc-essiv:sha256', keysize = 256)\n\n\
   cipher - cipher specification, e.g. aes, serpent\n\
   cipherMode - cipher mode specification, e.g. cbc-essiv:sha256, xts-plain64\n\
-  keysize - key size in bits"
+  keysize - key size in bits";
 
 static PyObject *CryptSetup_luksFormat(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
-	static char *kwlist[] = {"cipher", "cipherMode", "keysize", NULL};
+	static const char *kwlist[] = {"cipher", "cipherMode", "keysize", NULL};
 	char *cipher_mode = NULL, *cipher = NULL;
 	int keysize = 256;
 	PyObject *keysize_object = NULL;
 
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zzO", kwlist, 
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "|zzO", CONST_CAST(char**)kwlist,
 					&cipher, &cipher_mode, &keysize_object))
 		return NULL;
 
@@ -408,20 +449,22 @@ static PyObject *CryptSetup_luksFormat(CryptSetupObject* self, PyObject *args, P
 				NULL, NULL, keysize / 8, NULL));
 }
 
-#define CryptSetup_addKeyByPassphrase_HELP "Initialize keyslot using passphrase\n\n\
+static char
+CryptSetup_addKeyByPassphrase_HELP[] =
+"Initialize keyslot using passphrase\n\n\
   addKeyByPassphrase(passphrase, newPassphrase, slot)\n\n\
   passphrase - string or none to ask the user\n\
   newPassphrase - passphrase to add\n\
-  slot - which slot to use (optional)"
+  slot - which slot to use (optional)";
 
 static PyObject *CryptSetup_addKeyByPassphrase(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
-	static char *kwlist[] = {"passphrase", "newPassphrase", "slot", NULL};
+	static const char *kwlist[] = {"passphrase", "newPassphrase", "slot", NULL};
 	char *passphrase = NULL, *newpassphrase = NULL;
 	size_t passphrase_len = 0, newpassphrase_len = 0;
 	int slot = CRYPT_ANY_SLOT;
 
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "ss|i", kwlist, &passphrase, &newpassphrase, &slot))
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "ss|i", CONST_CAST(char**)kwlist, &passphrase, &newpassphrase, &slot))
 		return NULL;
 
 	if(passphrase)
@@ -435,19 +478,21 @@ static PyObject *CryptSetup_addKeyByPassphrase(CryptSetupObject* self, PyObject
 					newpassphrase, newpassphrase_len));
 }
 
-#define CryptSetup_addKeyByVolumeKey_HELP "Initialize keyslot using cached volume key\n\n\
+static char
+CryptSetup_addKeyByVolumeKey_HELP[] =
+"Initialize keyslot using cached volume key\n\n\
   addKeyByVolumeKey(passphrase, newPassphrase, slot)\n\n\
   newPassphrase - passphrase to add\n\
-  slot - which slot to use (optional)"
+  slot - which slot to use (optional)";
 
 static PyObject *CryptSetup_addKeyByVolumeKey(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
-	static char *kwlist[] = {"newPassphrase", "slot", NULL};
+	static const char *kwlist[] = {"newPassphrase", "slot", NULL};
 	char *newpassphrase = NULL;
 	size_t newpassphrase_len = 0;
 	int slot = CRYPT_ANY_SLOT;
 
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "s|i", kwlist, &newpassphrase, &slot))
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "s|i", CONST_CAST(char**)kwlist, &newpassphrase, &slot))
 		return NULL;
 
 	if (newpassphrase)
@@ -457,18 +502,20 @@ static PyObject *CryptSetup_addKeyByVolumeKey(CryptSetupObject* self, PyObject *
 					NULL, 0, newpassphrase, newpassphrase_len));
 }
 
-#define CryptSetup_removePassphrase_HELP "Destroy keyslot using passphrase\n\n\
+static char
+CryptSetup_removePassphrase_HELP[] =
+"Destroy keyslot using passphrase\n\n\
   removePassphrase(passphrase)\n\n\
-  passphrase - string or none to ask the user"
+  passphrase - string or none to ask the user";
 
 static PyObject *CryptSetup_removePassphrase(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
-	static char *kwlist[] = {"passphrase", NULL};
+	static const char *kwlist[] = {"passphrase", NULL};
 	char *passphrase = NULL;
 	size_t passphrase_len = 0;
 	int is;
 
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "s", kwlist, &passphrase))
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "s", CONST_CAST(char**)kwlist, &passphrase))
 		return NULL;
 
 	if (passphrase)
@@ -482,16 +529,18 @@ static PyObject *CryptSetup_removePassphrase(CryptSetupObject* self, PyObject *a
 	return PyObjectResult(crypt_keyslot_destroy(self->device, is));
 }
 
-#define CryptSetup_killSlot_HELP "Destroy keyslot\n\n\
+static char
+CryptSetup_killSlot_HELP[] =
+"Destroy keyslot\n\n\
   killSlot(slot)\n\n\
-  slot - the slot to remove"
+  slot - the slot to remove";
 
 static PyObject *CryptSetup_killSlot(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
-	static char *kwlist[] = {"slot", NULL};
+	static const char *kwlist[] = {"slot", NULL};
 	int slot = CRYPT_ANY_SLOT;
 
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "i", kwlist, &slot))
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "i", CONST_CAST(char**)kwlist, &slot))
 		return NULL;
 
 	switch (crypt_keyslot_status(self->device, slot)) {
@@ -511,8 +560,10 @@ static PyObject *CryptSetup_killSlot(CryptSetupObject* self, PyObject *args, PyO
 	return NULL;
 }
 
-#define CryptSetup_Status_HELP "Status of LUKS device\n\n\
-  luksStatus()"
+static char
+CryptSetup_Status_HELP[] =
+"Status of LUKS device\n\n\
+  luksStatus()";
 
 static PyObject *CryptSetup_Status(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
@@ -524,13 +575,15 @@ static PyObject *CryptSetup_Status(CryptSetupObject* self, PyObject *args, PyObj
 	return PyObjectResult(crypt_status(self->device, self->activated_as));
 }
 
-#define CryptSetup_Resume_HELP "Resume LUKS device\n\n\
+static char
+CryptSetup_Resume_HELP[] =
+"Resume LUKS device\n\n\
   luksOpen(passphrase)\n\n\
-  passphrase - string or none to ask the user"
+  passphrase - string or none to ask the user";
 
 static PyObject *CryptSetup_Resume(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
-	static char *kwlist[] = {"passphrase", NULL};
+	static const char *kwlist[] = {"passphrase", NULL};
 	char* passphrase = NULL;
 	size_t passphrase_len = 0;
 
@@ -539,7 +592,7 @@ static PyObject *CryptSetup_Resume(CryptSetupObject* self, PyObject *args, PyObj
 		return NULL;
 	}
 
-	if (! PyArg_ParseTupleAndKeywords(args, kwds, "|s", kwlist, &passphrase))
+	if (! PyArg_ParseTupleAndKeywords(args, kwds, "|s", CONST_CAST(char**)kwlist, &passphrase))
 		return NULL;
 
 	if (passphrase)
@@ -549,8 +602,10 @@ static PyObject *CryptSetup_Resume(CryptSetupObject* self, PyObject *args, PyObj
 					CRYPT_ANY_SLOT, passphrase, passphrase_len));
 }
 
-#define CryptSetup_Suspend_HELP "Suspend LUKS device\n\n\
-  luksSupsend()"
+static char
+CryptSetup_Suspend_HELP[] =
+"Suspend LUKS device\n\n\
+  luksSupsend()";
 
 static PyObject *CryptSetup_Suspend(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
@@ -562,16 +617,18 @@ static PyObject *CryptSetup_Suspend(CryptSetupObject* self, PyObject *args, PyOb
 	return PyObjectResult(crypt_suspend(self->device, self->activated_as));
 }
 
-#define CryptSetup_debugLevel_HELP "Set debug level\n\n\
+static char
+CryptSetup_debugLevel_HELP[] =
+"Set debug level\n\n\
   debugLevel(level)\n\n\
-  level - debug level"
+  level - debug level";
 
 static PyObject *CryptSetup_debugLevel(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
-	static char *kwlist[] = {"level", NULL};
+	static const char *kwlist[] = {"level", NULL};
 	int level = 0;
 
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "i", kwlist, &level))
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "i", CONST_CAST(char**)kwlist, &level))
 		return NULL;
 
 	crypt_set_debug_level(level);
@@ -579,16 +636,18 @@ static PyObject *CryptSetup_debugLevel(CryptSetupObject* self, PyObject *args, P
 	Py_RETURN_NONE;
 }
 
-#define CryptSetup_iterationTime_HELP "Set iteration time\n\n\
+static char
+CryptSetup_iterationTime_HELP[] =
+"Set iteration time\n\n\
   iterationTime(time_ms)\n\n\
-  time_ms - time in miliseconds"
+  time_ms - time in milliseconds";
 
 static PyObject *CryptSetup_iterationTime(CryptSetupObject* self, PyObject *args, PyObject *kwds)
 {
-	static char *kwlist[] = {"time_ms", NULL};
+	static const char *kwlist[] = {"time_ms", NULL};
 	uint64_t time_ms = 0;
 
-	if (!PyArg_ParseTupleAndKeywords(args, kwds, "K", kwlist, &time_ms))
+	if (!PyArg_ParseTupleAndKeywords(args, kwds, "K", CONST_CAST(char**)kwlist, &time_ms))
 		return NULL;
 
 	crypt_set_iteration_time(self->device, time_ms);
@@ -597,9 +656,9 @@ static PyObject *CryptSetup_iterationTime(CryptSetupObject* self, PyObject *args
 }
 
 static PyMemberDef CryptSetup_members[] = {
-	{"yesDialogCB", T_OBJECT_EX, offsetof(CryptSetupObject, yesDialogCB), 0, "confirmation dialog callback"},
-	{"cmdLineLogCB", T_OBJECT_EX, offsetof(CryptSetupObject, cmdLineLogCB), 0, "logging callback"},
-	{"passwordDialogCB", T_OBJECT_EX, offsetof(CryptSetupObject, passwordDialogCB), 0, "password dialog callback"},
+	{CONST_CAST(char*)"yesDialogCB", T_OBJECT_EX, offsetof(CryptSetupObject, yesDialogCB), 0, CONST_CAST(char*)"confirmation dialog callback"},
+	{CONST_CAST(char*)"cmdLineLogCB", T_OBJECT_EX, offsetof(CryptSetupObject, cmdLineLogCB), 0, CONST_CAST(char*)"logging callback"},
+	{CONST_CAST(char*)"passwordDialogCB", T_OBJECT_EX, offsetof(CryptSetupObject, passwordDialogCB), 0, CONST_CAST(char*)"password dialog callback"},
 	{NULL}
 };
 
@@ -615,7 +674,7 @@ static PyMethodDef CryptSetup_methods[] = {
 	/* cryptsetup info entrypoints */
 	{"luksUUID", (PyCFunction)CryptSetup_luksUUID, METH_NOARGS, CryptSetup_luksUUID_HELP},
 	{"isLuks", (PyCFunction)CryptSetup_isLuks, METH_NOARGS, CryptSetup_isLuks_HELP},
-	{"info", (PyCFunction)CryptSetup_Info, METH_NOARGS, CryptSetup_Info_HELP},  
+	{"info", (PyCFunction)CryptSetup_Info, METH_NOARGS, CryptSetup_Info_HELP},
 	{"status", (PyCFunction)CryptSetup_Status, METH_NOARGS, CryptSetup_Status_HELP},
 
 	/* cryptsetup mgmt entrypoints */
@@ -637,8 +696,7 @@ static PyMethodDef CryptSetup_methods[] = {
 };
 
 static PyTypeObject CryptSetupType = {
-	PyObject_HEAD_INIT(NULL)
-	0, /*ob_size*/
+	PyVarObject_HEAD_INIT(NULL, 0)
 	"pycryptsetup.CryptSetup", /*tp_name*/
 	sizeof(CryptSetupObject), /*tp_basicsize*/
 	0, /*tp_itemsize*/
@@ -682,15 +740,14 @@ static PyMethodDef pycryptsetup_methods[] = {
 	{NULL} /* Sentinel */
 };
 
-PyMODINIT_FUNC initpycryptsetup(void);
-PyMODINIT_FUNC initpycryptsetup(void)
+MOD_INIT(pycryptsetup)
 {
 	PyObject *m;
 
 	if (PyType_Ready(&CryptSetupType) < 0)
-		return;
+		return MOD_ERROR_VAL;
 
-	m = Py_InitModule3("pycryptsetup", pycryptsetup_methods, "CryptSetup pythonized API.");
+	MOD_DEF(m, "pycryptsetup", "CryptSetup pythonized API.", pycryptsetup_methods);
 	Py_INCREF(&CryptSetupType);
 
 	PyModule_AddObject(m, "CryptSetup", (PyObject *)&CryptSetupType);
@@ -710,4 +767,6 @@ PyMODINIT_FUNC initpycryptsetup(void)
 	PyModule_AddIntConstant(m, "CRYPT_INACTIVE", CRYPT_INACTIVE);
 	PyModule_AddIntConstant(m, "CRYPT_ACTIVE", CRYPT_ACTIVE);
 	PyModule_AddIntConstant(m, "CRYPT_BUSY", CRYPT_BUSY);
+
+	return MOD_SUCCESS_VAL(m);
 }

src/Makefile.am

@@ -12,7 +12,6 @@ AM_CPPFLAGS = -include config.h \
 cryptsetup_SOURCES = \
 	$(top_builddir)/lib/utils_crypt.c	\
 	$(top_builddir)/lib/utils_loop.c	\
-	$(top_builddir)/lib/utils_fips.c	\
 	utils_tools.c				\
 	utils_password.c			\
 	cryptsetup.c				\
@@ -21,8 +20,8 @@ cryptsetup_SOURCES = \
 cryptsetup_LDADD = \
 	$(top_builddir)/lib/libcryptsetup.la	\
 	@POPT_LIBS@				\
-	@FIPSCHECK_LIBS@			\
-	@PWQUALITY_LIBS@
+	@PWQUALITY_LIBS@			\
+	@PASSWDQC_LIBS@
 
 cryptsetup_CFLAGS = $(AM_CFLAGS) -Wall
 
@@ -78,7 +77,8 @@ cryptsetup_reencrypt_SOURCES = \
 	cryptsetup_reencrypt.c			\
 	cryptsetup.h
 
-cryptsetup_reencrypt_LDADD = $(cryptsetup_LDADD)
+cryptsetup_reencrypt_LDADD = $(cryptsetup_LDADD) \
+	@UUID_LIBS@
 cryptsetup_reencrypt_CFLAGS = $(cryptsetup_CFLAGS)
 
 sbin_PROGRAMS += cryptsetup-reencrypt

src/cryptsetup.c

@@ -1,10 +1,10 @@
 /*
  * cryptsetup - setup cryptographic volumes for dm-crypt
  *
- * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2014, Milan Broz
+ * Copyright (C) 2009-2015, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2015, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -28,6 +28,7 @@ static const char *opt_hash = NULL;
 static int opt_verify_passphrase = 0;
 
 static const char *opt_key_file = NULL;
+static const char *opt_keyfile_stdin = NULL;
 static int opt_keyfiles_count = 0;
 static const char *opt_keyfiles[MAX_KEYFILES];
 
@@ -57,15 +58,26 @@ static int opt_urandom = 0;
 static int opt_dump_master_key = 0;
 static int opt_shared = 0;
 static int opt_allow_discards = 0;
+static int opt_perf_same_cpu_crypt = 0;
+static int opt_perf_submit_from_crypt_cpus = 0;
 static int opt_test_passphrase = 0;
 static int opt_tcrypt_hidden = 0;
 static int opt_tcrypt_system = 0;
 static int opt_tcrypt_backup = 0;
+static int opt_veracrypt = 0;
 
 static const char **action_argv;
 static int action_argc;
 static const char *null_action_argv[] = {NULL, NULL};
 
+static const char *uuid_or_device_header(const char **data_device)
+{
+	if (data_device)
+		*data_device = opt_header_device ? action_argv[0] : NULL;
+
+	return uuid_or_device(opt_header_device ?: action_argv[0]);
+}
+
 static int _verify_passphrase(int def)
 {
 	/* Batch mode switch off verify - if not overrided by -y */
@@ -84,6 +96,21 @@ static int _verify_passphrase(int def)
 	return def;
 }
 
+static void _set_activation_flags(uint32_t *flags)
+{
+	if (opt_readonly)
+		*flags |= CRYPT_ACTIVATE_READONLY;
+
+	if (opt_allow_discards)
+		*flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
+
+	if (opt_perf_same_cpu_crypt)
+		*flags |= CRYPT_ACTIVATE_SAME_CPU_CRYPT;
+
+	if (opt_perf_submit_from_crypt_cpus)
+		*flags |= CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS;
+}
+
 static int action_open_plain(void)
 {
 	struct crypt_device *cd = NULL;
@@ -95,22 +122,11 @@ static int action_open_plain(void)
 		.size = opt_size,
 	};
 	char *password = NULL;
-	size_t passwordLen;
+	size_t passwordLen, key_size_max;
 	size_t key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8;
 	uint32_t activate_flags = 0;
 	int r;
 
-	if (params.hash && !strcmp(params.hash, "plain"))
-		params.hash = NULL;
-
-	/* FIXME: temporary hack */
-	if (opt_key_file && strcmp(opt_key_file, "-"))
-		params.hash = NULL;
-
-	if ((opt_keyfile_offset || opt_keyfile_size) && opt_key_file)
-		log_std(_("Ignoring keyfile offset and size options, keyfile read "
-			 "size is always the same as encryption key size.\n"));
-
 	r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(PLAIN),
 				      cipher, NULL, cipher_mode);
 	if (r < 0) {
@@ -118,6 +134,21 @@ static int action_open_plain(void)
 		goto out;
 	}
 
+	/* FIXME: temporary hack, no hashing for keyfiles in plain mode */
+	if (opt_key_file && !tools_is_stdin(opt_key_file)) {
+		params.hash = NULL;
+		if (!opt_batch_mode && opt_hash)
+			log_std(_("WARNING: The --hash parameter is being ignored "
+				 "in plain mode with keyfile specified.\n"));
+	}
+
+	if (params.hash && !strcmp(params.hash, "plain"))
+		params.hash = NULL;
+
+	if (!opt_batch_mode && !params.hash && opt_key_file && !tools_is_stdin(opt_key_file) && opt_keyfile_size)
+		log_std(_("WARNING: The --keyfile-size option is being ignored, "
+			 "the read size is the same as the encryption key size.\n"));
+
 	if ((r = crypt_init(&cd, action_argv[0])))
 		goto out;
 
@@ -133,28 +164,28 @@ static int action_open_plain(void)
 	if (r < 0)
 		goto out;
 
-	if (opt_readonly)
-		activate_flags |= CRYPT_ACTIVATE_READONLY;
-
 	if (opt_shared)
 		activate_flags |= CRYPT_ACTIVATE_SHARED;
 
-	if (opt_allow_discards)
-		activate_flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
+	_set_activation_flags(&activate_flags);
 
-	if (opt_key_file)
-		/* With hashing, read the whole keyfile */
+	if (!tools_is_stdin(opt_key_file)) {
+		/* If no hash, key is read directly, read size is always key_size
+		 * (possible opt_keyfile_size is ignored.
+		 * If hash is specified, opt_keyfile_size is applied.
+		 * The opt_keyfile_offset is applied always.
+		 */
+		key_size_max = params.hash ? (size_t)opt_keyfile_size : key_size;
 		r = crypt_activate_by_keyfile_offset(cd, action_argv[1],
-			CRYPT_ANY_SLOT, opt_key_file,
-			params.hash ? 0 : key_size, 0,
-			activate_flags);
-	else {
+			CRYPT_ANY_SLOT, opt_key_file, key_size_max,
+			opt_keyfile_offset, activate_flags);
+	} else {
+		key_size_max = (opt_key_file && !params.hash) ? key_size : (size_t)opt_keyfile_size;
 		r = tools_get_key(_("Enter passphrase: "),
 				  &password, &passwordLen,
-				  opt_keyfile_offset, opt_keyfile_size,
-				  NULL, opt_timeout,
-				  _verify_passphrase(0), 0,
-				  cd);
+				  opt_keyfile_offset, key_size_max,
+				  opt_key_file, opt_timeout,
+				  _verify_passphrase(0), 0, cd);
 		if (r < 0)
 			goto out;
 
@@ -185,11 +216,7 @@ static int action_open_loopaes(void)
 		return -EINVAL;
 	}
 
-	if (opt_readonly)
-		activate_flags |= CRYPT_ACTIVATE_READONLY;
-
-	if (opt_allow_discards)
-		activate_flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
+	_set_activation_flags(&activate_flags);
 
 	if ((r = crypt_init(&cd, action_argv[0])))
 		goto out;
@@ -202,7 +229,7 @@ static int action_open_loopaes(void)
 
 	r = crypt_activate_by_keyfile_offset(cd, action_argv[1], CRYPT_ANY_SLOT,
 				      opt_key_file, opt_keyfile_size,
-				      opt_keyfile_size, activate_flags);
+				      opt_keyfile_offset, activate_flags);
 out:
 	crypt_free(cd);
 
@@ -213,11 +240,14 @@ static int tcrypt_load(struct crypt_device *cd, struct crypt_params_tcrypt *para
 {
 	int r, tries = opt_tries, eperm = 0;
 
+	if (opt_keyfile_stdin)
+		tries = 1;
+
 	do {
 		/* TCRYPT header is encrypted, get passphrase now */
 		r = tools_get_key(_("Enter passphrase: "),
 				  CONST_CAST(char**)&params->passphrase,
-				  &params->passphrase_size, 0, 0, NULL, opt_timeout,
+				  &params->passphrase_size, 0, 0, opt_keyfile_stdin, opt_timeout,
 				 _verify_passphrase(0), 0, cd);
 		if (r < 0)
 			continue;
@@ -259,10 +289,11 @@ static int action_open_tcrypt(void)
 	struct crypt_params_tcrypt params = {
 		.keyfiles = opt_keyfiles,
 		.keyfiles_count = opt_keyfiles_count,
-		.flags = CRYPT_TCRYPT_LEGACY_MODES,
+		.flags = CRYPT_TCRYPT_LEGACY_MODES |
+			 (opt_veracrypt ? CRYPT_TCRYPT_VERA_MODES : 0),
 	};
 	const char *activated_name;
-	uint32_t flags = 0;
+	uint32_t activate_flags = 0;
 	int r;
 
 	activated_name = opt_test_passphrase ? NULL : action_argv[1];
@@ -274,14 +305,10 @@ static int action_open_tcrypt(void)
 	if (r < 0)
 		goto out;
 
-	if (opt_readonly)
-		flags |= CRYPT_ACTIVATE_READONLY;
-
-	if (opt_allow_discards)
-		flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
+	_set_activation_flags(&activate_flags);
 
 	if (activated_name)
-		r = crypt_activate_by_volume_key(cd, activated_name, NULL, 0, flags);
+		r = crypt_activate_by_volume_key(cd, activated_name, NULL, 0, activate_flags);
 out:
 	crypt_free(cd);
 	crypt_safe_free(CONST_CAST(char*)params.passphrase);
@@ -336,7 +363,8 @@ static int action_tcryptDump(void)
 	struct crypt_params_tcrypt params = {
 		.keyfiles = opt_keyfiles,
 		.keyfiles_count = opt_keyfiles_count,
-		.flags = CRYPT_TCRYPT_LEGACY_MODES,
+		.flags = CRYPT_TCRYPT_LEGACY_MODES |
+			 (opt_veracrypt ? CRYPT_TCRYPT_VERA_MODES : 0),
 	};
 	int r;
 
@@ -418,10 +446,10 @@ static int action_status(void)
 				ci == CRYPT_BUSY ? " and is in use" : "");
 
 		r = crypt_init_by_name_and_header(&cd, action_argv[0], opt_header_device);
-		if (r < 0 || !crypt_get_type(cd))
+		if (r < 0)
 			goto out;
 
-		log_std("  type:    %s\n", crypt_get_type(cd));
+		log_std("  type:    %s\n", crypt_get_type(cd) ?: "n/a");
 
 		r = crypt_get_active_device(cd, action_argv[0], &cad);
 		if (r < 0)
@@ -442,8 +470,13 @@ static int action_status(void)
 			log_std("  skipped: %" PRIu64 " sectors\n", cad.iv_offset);
 		log_std("  mode:    %s\n", cad.flags & CRYPT_ACTIVATE_READONLY ?
 					   "readonly" : "read/write");
-		if (cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS)
-			log_std("  flags:   discards\n");
+		if (cad.flags & (CRYPT_ACTIVATE_ALLOW_DISCARDS|
+				 CRYPT_ACTIVATE_ALLOW_DISCARDS|
+				 CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS))
+			log_std("  flags:   %s%s%s\n",
+				(cad.flags & CRYPT_ACTIVATE_ALLOW_DISCARDS) ? "discards " : "",
+				(cad.flags & CRYPT_ACTIVATE_SAME_CPU_CRYPT) ? "same_cpu_crypt " : "",
+				(cad.flags & CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) ? "submit_from_crypt_cpus" : "");
 	}
 out:
 	crypt_free(cd);
@@ -462,8 +495,8 @@ static int action_benchmark_kdf(const char *hash)
 	if (r < 0)
 		log_std("PBKDF2-%-9s     N/A\n", hash);
 	else
-		log_std("PBKDF2-%-9s %7" PRIu64 " iterations per second\n",
-			hash, kdf_iters);
+		log_std("PBKDF2-%-9s %7" PRIu64 " iterations per second for %d-bit key\n",
+			hash, kdf_iters, DEFAULT_LUKS1_KEYBITS);
 	return r;
 }
 
@@ -540,6 +573,9 @@ static int action_benchmark(void)
 		    strstr(cipher, "cast5"))
 			iv_size = 8;
 
+		if (!strcmp(cipher_mode, "ecb"))
+			iv_size = 0;
+
 		r = benchmark_cipher_loop(cipher, cipher_mode,
 					  key_size / 8, iv_size,
 					  &enc_mbr, &dec_mbr);
@@ -571,10 +607,10 @@ static int action_benchmark(void)
 			snprintf(cipher, MAX_CIPHER_LEN, "%s-%s",
 				 bciphers[i].cipher, bciphers[i].mode);
 			if (!r)
-				log_std("%12s  %4db  %6.1f MiB/s  %6.1f MiB/s\n",
+				log_std("%12s  %4zub  %6.1f MiB/s  %6.1f MiB/s\n",
 					cipher, bciphers[i].key_size*8, enc_mbr, dec_mbr);
 			else
-				log_std("%12s  %4db %13s %13s\n", cipher,
+				log_std("%12s  %4zub %13s %13s\n", cipher,
 					bciphers[i].key_size*8, _("N/A"), _("N/A"));
 		}
 		if (skipped && skipped == i)
@@ -676,6 +712,10 @@ static int action_luksFormat(void)
 		goto out;
 	}
 
+	/* Never call pwquality if using null cipher */
+	if (tools_is_cipher_null(cipher))
+		opt_force_password = 1;
+
 	if ((r = crypt_init(&cd, header_device))) {
 		if (opt_header_device)
 			log_err(_("Cannot use %s as on-disk header.\n"), header_device);
@@ -727,16 +767,10 @@ static int action_open_luks(void)
 	struct crypt_device *cd = NULL;
 	const char *data_device, *header_device, *activated_name;
 	char *key = NULL;
-	uint32_t flags = 0;
+	uint32_t activate_flags = 0;
 	int r, keysize;
 
-	if (opt_header_device) {
-		header_device = uuid_or_device(opt_header_device);
-		data_device = action_argv[0];
-	} else {
-		header_device = uuid_or_device(action_argv[0]);
-		data_device = NULL;
-	}
+	header_device = uuid_or_device_header(&data_device);
 
 	activated_name = opt_test_passphrase ? NULL : action_argv[1];
 
@@ -763,11 +797,7 @@ static int action_open_luks(void)
 	if (opt_iteration_time)
 		crypt_set_iteration_time(cd, opt_iteration_time);
 
-	if (opt_readonly)
-		flags |= CRYPT_ACTIVATE_READONLY;
-
-	if (opt_allow_discards)
-		flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
+	_set_activation_flags(&activate_flags);
 
 	if (opt_master_key_file) {
 		keysize = crypt_get_volume_key_size(cd);
@@ -775,15 +805,15 @@ static int action_open_luks(void)
 		if (r < 0)
 			goto out;
 		r = crypt_activate_by_volume_key(cd, activated_name,
-						 key, keysize, flags);
+						 key, keysize, activate_flags);
 	} else if (opt_key_file) {
 		crypt_set_password_retry(cd, 1);
 		r = crypt_activate_by_keyfile_offset(cd, activated_name,
 			opt_key_slot, opt_key_file, opt_keyfile_size,
-			opt_keyfile_offset, flags);
+			opt_keyfile_offset, activate_flags);
 	} else
 		r = crypt_activate_by_passphrase(cd, activated_name,
-			opt_key_slot, NULL, 0, flags);
+			opt_key_slot, NULL, 0, activate_flags);
 out:
 	crypt_safe_free(key);
 	crypt_free(cd);
@@ -801,7 +831,8 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
 	int i, r;
 
 	ki = crypt_keyslot_status(cd, key_slot);
-	if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !yesDialog(msg_last, NULL))
+	if (ki == CRYPT_SLOT_ACTIVE_LAST && !opt_batch_mode && !key_file &&
+	    msg_last && !yesDialog(msg_last, NULL))
 		return -EPERM;
 
 	r = tools_get_key(msg_pass, &password, &passwordLen,
@@ -828,6 +859,10 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
 		}
 	}
 
+	/* Handle inactive keyslots the same as bad password here */
+	if (r == -ENOENT)
+		r = -EPERM;
+
 	if (r == -EPERM)
 		log_err(_("No key available with this passphrase.\n"));
 out:
@@ -840,7 +875,7 @@ static int action_luksKillSlot(void)
 	struct crypt_device *cd = NULL;
 	int r;
 
-	if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
+	if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
 		goto out;
 
 	crypt_set_confirm_callback(cd, yesDialog, NULL);
@@ -861,7 +896,7 @@ static int action_luksKillSlot(void)
 		goto out;
 	}
 
-	if (!opt_batch_mode) {
+	if (!opt_batch_mode || opt_key_file || !isatty(STDIN_FILENO)) {
 		r = verify_keyslot(cd, opt_key_slot,
 			_("This is the last keyslot. Device will become unusable after purging this key."),
 			_("Enter any remaining passphrase: "),
@@ -883,7 +918,7 @@ static int action_luksRemoveKey(void)
 	size_t passwordLen;
 	int r;
 
-	if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
+	if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
 		goto out;
 
 	crypt_set_confirm_callback(cd, yesDialog, NULL);
@@ -934,7 +969,7 @@ static int action_luksAddKey(void)
 	size_t password_size = 0, password_new_size = 0;
 	struct crypt_device *cd = NULL;
 
-	if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
+	if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
 		goto out;
 
 	crypt_set_confirm_callback(cd, yesDialog, NULL);
@@ -942,6 +977,10 @@ static int action_luksAddKey(void)
 	if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
 		goto out;
 
+	/* Never call pwquality if using null cipher */
+	if (tools_is_cipher_null(crypt_get_cipher(cd)))
+		opt_force_password = 1;
+
 	keysize = crypt_get_volume_key_size(cd);
 	/* FIXME: lib cannot properly set verification for new/old passphrase */
 	crypt_set_password_verify(cd, _verify_passphrase(0));
@@ -953,16 +992,31 @@ static int action_luksAddKey(void)
 		r = _read_mk(opt_master_key_file, &key, keysize);
 		if (r < 0)
 			goto out;
-		//FIXME: process keyfile arg
-		r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot,
-						    key, keysize, NULL, 0);
-	} else if (opt_key_file || opt_new_key_file) {
+
+		r = crypt_volume_key_verify(cd, key, keysize);
+		check_signal(&r);
+		if (r < 0)
+			goto out;
+
+		r = tools_get_key(_("Enter new passphrase for key slot: "),
+				  &password_new, &password_new_size,
+				  opt_new_keyfile_offset, opt_new_keyfile_size,
+				  opt_new_key_file, opt_timeout,
+				  _verify_passphrase(1), 1, cd);
+		if (r < 0)
+			goto out;
+
+		r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot, key, keysize,
+						    password_new, password_new_size);
+	} else if (opt_key_file && !tools_is_stdin(opt_key_file) &&
+		   opt_new_key_file && !tools_is_stdin(opt_new_key_file)) {
 		r = crypt_keyslot_add_by_keyfile_offset(cd, opt_key_slot,
 			opt_key_file, opt_keyfile_size, opt_keyfile_offset,
 			opt_new_key_file, opt_new_keyfile_size, opt_new_keyfile_offset);
 	} else {
 		r = tools_get_key(_("Enter any existing passphrase: "),
-			      &password, &password_size, 0, 0, NULL,
+			      &password, &password_size,
+			      opt_keyfile_offset, opt_keyfile_size, opt_key_file,
 			      opt_timeout, _verify_passphrase(0), 0, cd);
 
 		if (r < 0)
@@ -976,8 +1030,9 @@ static int action_luksAddKey(void)
 			goto out;
 
 		r = tools_get_key(_("Enter new passphrase for key slot: "),
-				  &password_new, &password_new_size, 0, 0, NULL,
-				  opt_timeout, _verify_passphrase(1), 1, cd);
+				  &password_new, &password_new_size,
+				  opt_new_keyfile_offset, opt_new_keyfile_size, opt_new_key_file,
+				  opt_timeout, _verify_passphrase(1), opt_new_key_file ? 0 : 1, cd);
 		if (r < 0)
 			goto out;
 
@@ -1001,12 +1056,16 @@ static int action_luksChangeKey(void)
 	size_t password_size = 0, password_new_size = 0;
 	int r;
 
-	if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
+	if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
 		goto out;
 
 	if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
 		goto out;
 
+	/* Never call pwquality if using null cipher */
+	if (tools_is_cipher_null(crypt_get_cipher(cd)))
+		opt_force_password = 1;
+
 	if (opt_iteration_time)
 		crypt_set_iteration_time(cd, opt_iteration_time);
 
@@ -1052,7 +1111,7 @@ static int action_isLuks(void)
 		return -ENODEV;
 	}
 
-	if ((r = crypt_init(&cd, action_argv[0])))
+	if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
 		goto out;
 
 	crypt_set_log_callback(cd, quiet_log, NULL);
@@ -1068,7 +1127,7 @@ static int action_luksUUID(void)
 	const char *existing_uuid = NULL;
 	int r;
 
-	if ((r = crypt_init(&cd, action_argv[0])))
+	if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
 		goto out;
 
 	crypt_set_confirm_callback(cd, yesDialog, NULL);
@@ -1147,7 +1206,7 @@ static int action_luksDump(void)
 	struct crypt_device *cd = NULL;
 	int r;
 
-	if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
+	if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
 		goto out;
 
 	if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
@@ -1167,7 +1226,7 @@ static int action_luksSuspend(void)
 	struct crypt_device *cd = NULL;
 	int r;
 
-	r = crypt_init_by_name_and_header(&cd, action_argv[0], opt_header_device);
+	r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(opt_header_device));
 	if (!r)
 		r = crypt_suspend(cd, action_argv[0]);
 
@@ -1180,7 +1239,7 @@ static int action_luksResume(void)
 	struct crypt_device *cd = NULL;
 	int r;
 
-	if ((r = crypt_init_by_name_and_header(&cd, action_argv[0], opt_header_device)))
+	if ((r = crypt_init_by_name_and_header(&cd, action_argv[0], uuid_or_device(opt_header_device))))
 		goto out;
 
 	crypt_set_timeout(cd, opt_timeout);
@@ -1208,7 +1267,7 @@ static int action_luksBackup(void)
 		return -EINVAL;
 	}
 
-	if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
+	if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
 		goto out;
 
 	crypt_set_confirm_callback(cd, yesDialog, NULL);
@@ -1229,7 +1288,7 @@ static int action_luksRestore(void)
 		return -EINVAL;
 	}
 
-	if ((r = crypt_init(&cd, action_argv[0])))
+	if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
 		goto out;
 
 	crypt_set_confirm_callback(cd, yesDialog, NULL);
@@ -1276,7 +1335,7 @@ static int action_luksErase(void)
 	char *msg = NULL;
 	int i, r;
 
-	if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
+	if ((r = crypt_init(&cd, uuid_or_device_header(NULL))))
 		goto out;
 
 	crypt_set_confirm_callback(cd, yesDialog, NULL);
@@ -1286,7 +1345,7 @@ static int action_luksErase(void)
 
 	if(asprintf(&msg, _("This operation will erase all keyslots on device %s.\n"
 			    "Device will become unusable after this operation."),
-			    uuid_or_device(action_argv[0])) == -1) {
+			    uuid_or_device_header(NULL)) == -1) {
 		r = -ENOMEM;
 		goto out;
 	}
@@ -1322,7 +1381,7 @@ static struct action_type {
 	{ "close",        action_close,        1, 1, N_("<name>"), N_("close device (remove mapping)") },
 	{ "resize",       action_resize,       1, 1, N_("<name>"), N_("resize active device") },
 	{ "status",       action_status,       1, 0, N_("<name>"), N_("show device status") },
-	{ "benchmark",    action_benchmark,    0, 0, N_("<name>"), N_("benchmark cipher") },
+	{ "benchmark",    action_benchmark,    0, 0, N_("[--cipher <cipher>]"), N_("benchmark cipher") },
 	{ "repair",       action_luksRepair,   1, 1, N_("<device>"), N_("try to repair on-disk metadata") },
 	{ "erase",        action_luksErase ,   1, 1, N_("<device>"), N_("erase all keyslots (remove encryption key)") },
 	{ "luksFormat",   action_luksFormat,   1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
@@ -1469,14 +1528,17 @@ int main(int argc, const char **argv)
 		{ "tcrypt-hidden",     '\0', POPT_ARG_NONE, &opt_tcrypt_hidden,         0, N_("Use hidden header (hidden TCRYPT device)."), NULL },
 		{ "tcrypt-system",     '\0', POPT_ARG_NONE, &opt_tcrypt_system,         0, N_("Device is system TCRYPT drive (with bootloader)."), NULL },
 		{ "tcrypt-backup",     '\0', POPT_ARG_NONE, &opt_tcrypt_backup,         0, N_("Use backup (secondary) TCRYPT header."), NULL },
+		{ "veracrypt",         '\0', POPT_ARG_NONE, &opt_veracrypt,             0, N_("Scan also for VeraCrypt compatible device."), NULL },
 		{ "type",               'M', POPT_ARG_STRING, &opt_type,                0, N_("Type of device metadata: luks, plain, loopaes, tcrypt."), NULL },
 		{ "force-password",    '\0', POPT_ARG_NONE, &opt_force_password,        0, N_("Disable password quality check (if enabled)."), NULL },
+		{ "perf-same_cpu_crypt",'\0', POPT_ARG_NONE, &opt_perf_same_cpu_crypt,  0, N_("Use dm-crypt same_cpu_crypt performance compatibility option."), NULL },
+		{ "perf-submit_from_crypt_cpus",'\0', POPT_ARG_NONE, &opt_perf_submit_from_crypt_cpus,0,N_("Use dm-crypt submit_from_crypt_cpus performance compatibility option."), NULL },
 		POPT_TABLEEND
 	};
 	poptContext popt_context;
 	struct action_type *action;
 	const char *aname;
-	int r;
+	int r, total_keyfiles = 0;
 
 	crypt_set_log_callback(NULL, tool_log, NULL);
 
@@ -1484,20 +1546,21 @@ int main(int argc, const char **argv)
 	bindtextdomain(PACKAGE, LOCALEDIR);
 	textdomain(PACKAGE);
 
-	if (crypt_fips_mode())
-		crypt_log(NULL, CRYPT_LOG_VERBOSE, _("Running in FIPS mode.\n"));
-
 	popt_context = poptGetContext(PACKAGE, argc, argv, popt_options, 0);
 	poptSetOtherOptionHelp(popt_context,
 	                       _("[OPTION...] <action> <action-specific>"));
 
 	while((r = poptGetNextOpt(popt_context)) > 0) {
 		unsigned long long ull_value;
-		char *endp;
+		char *endp, *kf;
 
 		if (r == 5) {
-			if (opt_keyfiles_count < MAX_KEYFILES)
-				opt_keyfiles[opt_keyfiles_count++] = poptGetOptArg(popt_context);
+			kf = poptGetOptArg(popt_context);
+			if (tools_is_stdin(kf))
+				opt_keyfile_stdin = kf;
+			else if (opt_keyfiles_count < MAX_KEYFILES)
+				opt_keyfiles[opt_keyfiles_count++] = kf;
+			total_keyfiles++;
 			continue;
 		}
 
@@ -1528,6 +1591,7 @@ int main(int argc, const char **argv)
 	if (r < -1)
 		usage(popt_context, EXIT_FAILURE, poptStrerror(r),
 		      poptBadOption(popt_context, POPT_BADOPTION_NOALIAS));
+
 	if (opt_version_mode) {
 		log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
 		poptFreeContext(popt_context);
@@ -1570,6 +1634,8 @@ int main(int argc, const char **argv)
 	} else if (!strcmp(aname, "tcryptOpen")) {
 		aname = "open";
 		opt_type = "tcrypt";
+	} else if (!strcmp(aname, "tcryptDump")) {
+		opt_type = "tcrypt";
 	} else if (!strcmp(aname, "remove") ||
 		   !strcmp(aname, "plainClose") ||
 		   !strcmp(aname, "luksClose") ||
@@ -1646,6 +1712,10 @@ int main(int argc, const char **argv)
 		      _("Negative number for option not permitted."),
 		      poptGetInvocationName(popt_context));
 
+	if (total_keyfiles > 1 && strcmp(opt_type, "tcrypt"))
+		usage(popt_context, EXIT_FAILURE, _("Only one --key-file argument is allowed."),
+		      poptGetInvocationName(popt_context));
+
 	if (opt_random && opt_urandom)
 		usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."),
 		      poptGetInvocationName(popt_context));
@@ -1685,6 +1755,11 @@ int main(int argc, const char **argv)
 		_("Option --tcrypt-hidden cannot be combined with --allow-discards.\n"),
 		poptGetInvocationName(popt_context));
 
+	if (opt_veracrypt && strcmp(opt_type, "tcrypt"))
+		usage(popt_context, EXIT_FAILURE,
+		_("Option --veracrypt is supported only for TCRYPT device type.\n"),
+		poptGetInvocationName(popt_context));
+
 	if (opt_debug) {
 		opt_verbose = 1;
 		crypt_set_debug_level(-1);

src/cryptsetup.h

@@ -1,7 +1,7 @@
 /*
  * cryptsetup - setup cryptographic volumes for dm-crypt
  *
- * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2014, Milan Broz
@@ -57,7 +57,7 @@ extern int opt_force_password;
 
 /* Common tools */
 void clogger(struct crypt_device *cd, int level, const char *file, int line,
-	     const char *format, ...);
+	     const char *format, ...)  __attribute__ ((format (printf, 5, 6)));
 void tool_log(int level, const char *msg, void *usrptr __attribute__((unused)));
 void quiet_log(int level, const char *msg, void *usrptr);
 
@@ -81,6 +81,9 @@ int tools_get_key(const char *prompt,
 		  const char *key_file,
 		  int timeout, int verify, int pwquality,
 		  struct crypt_device *cd);
+int tools_is_stdin(const char *key_file);
+int tools_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size);
+int tools_is_cipher_null(const char *cipher);
 
 /* Log */
 #define log_dbg(x...) clogger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)

src/cryptsetup_reencrypt.c

@@ -1,8 +1,8 @@
 /*
  * cryptsetup-reencrypt - crypt utility for offline re-encryption
  *
- * Copyright (C) 2012, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2014, Milan Broz All rights reserved.
+ * Copyright (C) 2012-2016, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2015, Milan Broz All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -24,6 +24,7 @@
 #include <sys/time.h>
 #include <linux/fs.h>
 #include <arpa/inet.h>
+#include <uuid/uuid.h>
 
 #define PACKAGE_REENC "crypt_reencrypt"
 
@@ -33,6 +34,7 @@
 static const char *opt_cipher = NULL;
 static const char *opt_hash = NULL;
 static const char *opt_key_file = NULL;
+static const char *opt_uuid = NULL;
 static long opt_keyfile_size = 0;
 static long opt_keyfile_offset = 0;
 static int opt_iteration_time = 1000;
@@ -48,6 +50,7 @@ static int opt_key_slot = CRYPT_ANY_SLOT;
 static int opt_key_size = 0;
 static int opt_new = 0;
 static int opt_keep_key = 0;
+static int opt_decrypt = 0;
 
 static const char *opt_reduce_size_str = NULL;
 static uint64_t opt_reduce_size = 0;
@@ -62,12 +65,15 @@ struct reenc_ctx {
 	char *device;
 	char *device_uuid;
 	uint64_t device_size; /* overrided by parameter */
-	uint64_t device_size_real;
+	uint64_t device_size_new_real;
+	uint64_t device_size_org_real;
 	uint64_t device_offset;
 	uint64_t device_shift;
 
+	int stained:1;
 	int in_progress:1;
 	enum { FORWARD = 0, BACKWARD = 1 } reencrypt_direction;
+	enum { REENCRYPT = 0, ENCRYPT = 1, DECRYPT = 2 } reencrypt_mode;
 
 	char header_file_org[PATH_MAX];
 	char header_file_new[PATH_MAX];
@@ -76,7 +82,7 @@ struct reenc_ctx {
 	char crypt_path_org[PATH_MAX];
 	char crypt_path_new[PATH_MAX];
 	int log_fd;
-	char *log_buf;
+	char log_buf[SECTOR_SIZE];
 
 	struct {
 		char *password;
@@ -145,7 +151,7 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic)
 				rc->device);
 			return -EBUSY;
 		}
-		log_err(_("Cannot open device %s\n"), rc->device);
+		log_err(_("Cannot open device %s.\n"), rc->device);
 		return -EINVAL;
 	}
 
@@ -161,7 +167,7 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic)
 	}
 
 	s = read(devfd, buf, buf_size);
-	if (s < 0 || s != buf_size) {
+	if (s < 0 || s != (ssize_t)buf_size) {
 		log_err(_("Cannot read device %s.\n"), rc->device);
 		r = -EIO;
 		goto out;
@@ -176,11 +182,6 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic)
 		log_verbose(_("Marking LUKS device %s unusable.\n"), rc->device);
 		memcpy(buf, NOMAGIC, MAGIC_L);
 		r = 0;
-	} else if (set_magic == MAKE_USABLE && !memcmp(buf, NOMAGIC, MAGIC_L) &&
-		   version == 1) {
-		log_verbose(_("Marking LUKS device %s usable.\n"), rc->device);
-		memcpy(buf, MAGIC, MAGIC_L);
-		r = 0;
 	} else if (set_magic == CHECK_UNUSABLE && version == 1) {
 		r = memcmp(buf, NOMAGIC, MAGIC_L) ? -EINVAL : 0;
 		if (!r)
@@ -193,10 +194,12 @@ static int device_check(struct reenc_ctx *rc, header_magic set_magic)
 		if (lseek(devfd, 0, SEEK_SET) == -1)
 			goto out;
 		s = write(devfd, buf, buf_size);
-		if (s < 0 || s != buf_size) {
+		if (s < 0 || s != (ssize_t)buf_size) {
 			log_err(_("Cannot write device %s.\n"), rc->device);
 			r = -EIO;
 		}
+		if (s > 0 && set_magic == MAKE_UNUSABLE)
+			rc->stained = 1;
 	} else
 		log_dbg("LUKS signature check failed for %s.", rc->device);
 out:
@@ -265,9 +268,9 @@ static int write_log(struct reenc_ctx *rc)
 
 	memset(rc->log_buf, 0, SECTOR_SIZE);
 	snprintf(rc->log_buf, SECTOR_SIZE, "# LUKS reencryption log, DO NOT EDIT OR DELETE.\n"
-		"version = %d\nUUID = %s\ndirection = %d\n"
+		"version = %d\nUUID = %s\ndirection = %d\nmode = %d\n"
 		"offset = %" PRIu64 "\nshift = %" PRIu64 "\n# EOF\n",
-		1, rc->device_uuid, rc->reencrypt_direction,
+		2, rc->device_uuid, rc->reencrypt_direction, rc->reencrypt_mode,
 		rc->device_offset, rc->device_shift);
 
 	if (lseek(rc->log_fd, 0, SEEK_SET) == -1)
@@ -293,7 +296,7 @@ static int parse_line_log(struct reenc_ctx *rc, const char *line)
 		return 0;
 
 	if (sscanf(line, "version = %d", &i) == 1) {
-		if (i != 1) {
+		if (i < 1 || i > 2) {
 			log_dbg("Log: Unexpected version = %i", i);
 			return -EINVAL;
 		}
@@ -311,6 +314,13 @@ static int parse_line_log(struct reenc_ctx *rc, const char *line)
 	} else if (sscanf(line, "shift = %" PRIu64, &u64) == 1) {
 		log_dbg("Log: shift = %" PRIu64, u64);
 		rc->device_shift = u64;
+	} else if (sscanf(line, "mode = %d", &i) == 1) { /* added in v2 */
+		log_dbg("Log: mode = %i", i);
+		rc->reencrypt_mode = i;
+		if (rc->reencrypt_mode != REENCRYPT &&
+		    rc->reencrypt_mode != ENCRYPT &&
+		    rc->reencrypt_mode != DECRYPT)
+			return -EINVAL;
 	} else
 		return -EINVAL;
 
@@ -351,17 +361,16 @@ static void close_log(struct reenc_ctx *rc)
 	log_dbg("Closing LUKS reencryption log file %s.", rc->log_file);
 	if (rc->log_fd != -1)
 		close(rc->log_fd);
-	free(rc->log_buf);
-	rc->log_buf = NULL;
 }
 
 static int open_log(struct reenc_ctx *rc)
 {
-	int flags = opt_directio ? O_DIRECT : 0;
+	int flags = opt_fsync ? O_SYNC : 0;
 
 	rc->log_fd = open(rc->log_file, O_RDWR|O_EXCL|O_CREAT|flags, S_IRUSR|S_IWUSR);
 	if (rc->log_fd != -1) {
 		log_dbg("Created LUKS reencryption log file %s.", rc->log_file);
+		rc->stained = 0;
 	} else if (errno == EEXIST) {
 		log_std(_("Log file %s exists, resuming reencryption.\n"), rc->log_file);
 		rc->log_fd = open(rc->log_file, O_RDWR|flags);
@@ -371,12 +380,6 @@ static int open_log(struct reenc_ctx *rc)
 	if (rc->log_fd == -1)
 		return -EINVAL;
 
-	if (posix_memalign((void *)&rc->log_buf, alignment(rc->log_fd), SECTOR_SIZE)) {
-		log_err(_("Allocation of aligned memory failed.\n"));
-		close_log(rc);
-		return -ENOMEM;
-	}
-
 	if (!rc->in_progress && write_log(rc) < 0) {
 		close_log(rc);
 		return -EIO;
@@ -389,10 +392,31 @@ static int open_log(struct reenc_ctx *rc)
 static int activate_luks_headers(struct reenc_ctx *rc)
 {
 	struct crypt_device *cd = NULL, *cd_new = NULL;
+	const char *pwd_old, *pwd_new, pwd_empty[] = "";
+	size_t pwd_old_len, pwd_new_len;
 	int r;
 
 	log_dbg("Activating LUKS devices from headers.");
 
+	/* Never use real password for empty header processing */
+	if (rc->reencrypt_mode == REENCRYPT) {
+		pwd_old = rc->p[rc->keyslot].password;
+		pwd_old_len = rc->p[rc->keyslot].passwordLen;
+		pwd_new = pwd_old;
+		pwd_new_len = pwd_old_len;
+	} else if (rc->reencrypt_mode == DECRYPT) {
+		pwd_old = rc->p[rc->keyslot].password;
+		pwd_old_len = rc->p[rc->keyslot].passwordLen;
+		pwd_new = pwd_empty;
+		pwd_new_len = 0;
+	} else if (rc->reencrypt_mode == ENCRYPT) {
+		pwd_old = pwd_empty;
+		pwd_old_len = 0;
+		pwd_new = rc->p[rc->keyslot].password;
+		pwd_new_len = rc->p[rc->keyslot].passwordLen;
+	} else
+		return -EINVAL;
+
 	if ((r = crypt_init(&cd, rc->header_file_org)) ||
 	    (r = crypt_load(cd, CRYPT_LUKS1, NULL)) ||
 	    (r = crypt_set_data_device(cd, rc->device)))
@@ -400,7 +424,7 @@ static int activate_luks_headers(struct reenc_ctx *rc)
 
 	log_verbose(_("Activating temporary device using old LUKS header.\n"));
 	if ((r = crypt_activate_by_passphrase(cd, rc->header_file_org,
-		opt_key_slot, rc->p[rc->keyslot].password, rc->p[rc->keyslot].passwordLen,
+		opt_key_slot, pwd_old, pwd_old_len,
 		CRYPT_ACTIVATE_READONLY|CRYPT_ACTIVATE_PRIVATE)) < 0)
 		goto out;
 
@@ -411,7 +435,7 @@ static int activate_luks_headers(struct reenc_ctx *rc)
 
 	log_verbose(_("Activating temporary device using new LUKS header.\n"));
 	if ((r = crypt_activate_by_passphrase(cd_new, rc->header_file_new,
-		opt_key_slot, rc->p[rc->keyslot].password, rc->p[rc->keyslot].passwordLen,
+		opt_key_slot, pwd_new, pwd_new_len,
 		CRYPT_ACTIVATE_SHARED|CRYPT_ACTIVATE_PRIVATE)) < 0)
 		goto out;
 	r = 0;
@@ -481,6 +505,10 @@ static int backup_luks_headers(struct reenc_ctx *rc)
 		goto out;
 	log_verbose(_("LUKS header backup of device %s created.\n"), rc->device);
 
+	/* For decrypt, new header will be fake one, so we are done here. */
+	if (rc->reencrypt_mode == DECRYPT)
+		goto out;
+
 	if ((r = create_empty_header(rc->header_file_new, rc->header_file_org,
 		crypt_get_data_offset(cd))))
 		goto out;
@@ -533,10 +561,13 @@ static int backup_fake_header(struct reenc_ctx *rc)
 	struct crypt_device *cd_new = NULL;
 	struct crypt_params_luks1 params = {0};
 	char cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
-
+	const char *header_file_fake;
 	int r;
 
-	log_dbg("Creating fake (cipher_null) header for original device.");
+	log_dbg("Creating fake (cipher_null) header for %s device.",
+		(rc->reencrypt_mode == DECRYPT) ? "new" : "original");
+
+	header_file_fake = (rc->reencrypt_mode == DECRYPT) ? rc->header_file_new : rc->header_file_org;
 
 	if (!opt_key_size)
 		opt_key_size = DEFAULT_LUKS1_KEYBITS;
@@ -549,7 +580,7 @@ static int backup_fake_header(struct reenc_ctx *rc)
 		}
 	}
 
-	r = create_empty_header(rc->header_file_org, NULL, 0);
+	r = create_empty_header(header_file_fake, NULL, MAX_BCK_SECTORS);
 	if (r < 0)
 		return r;
 
@@ -557,7 +588,7 @@ static int backup_fake_header(struct reenc_ctx *rc)
 	params.data_alignment = 0;
 	params.data_device = rc->device;
 
-	r = crypt_init(&cd_new, rc->header_file_org);
+	r = crypt_init(&cd_new, header_file_fake);
 	if (r < 0)
 		return r;
 
@@ -571,6 +602,10 @@ static int backup_fake_header(struct reenc_ctx *rc)
 	if (r < 0)
 		goto out;
 
+	/* The real header is backup header created in backup_luks_headers() */
+	if (rc->reencrypt_mode == DECRYPT)
+		goto out;
+
 	r = create_empty_header(rc->header_file_new, rc->header_file_org, 0);
 	if (r < 0)
 		goto out;
@@ -619,8 +654,10 @@ static int restore_luks_header(struct reenc_ctx *rc)
 	crypt_free(cd);
 	if (r)
 		log_err(_("Cannot restore LUKS header on device %s.\n"), rc->device);
-	else
+	else {
 		log_verbose(_("LUKS header on device %s restored.\n"), rc->device);
+		rc->stained = 0;
+	}
 	return r;
 }
 
@@ -660,6 +697,29 @@ static void print_progress(struct reenc_ctx *rc, uint64_t bytes, int final)
 		final ? "\n" :"");
 }
 
+static ssize_t read_buf(int fd, void *buf, size_t count)
+{
+	size_t read_size = 0;
+	ssize_t s;
+
+	do {
+		/* This expects that partial read is aligned in buffer */
+		s = read(fd, buf, count - read_size);
+		if (s == -1 && errno != EINTR)
+			return s;
+		if (s == 0)
+			return (ssize_t)read_size;
+		if (s > 0) {
+			if (s != (ssize_t)count)
+				log_dbg("Partial read %zd / %zu.", s, count);
+			read_size += (size_t)s;
+			buf = (uint8_t*)buf + s;
+		}
+	} while (read_size != count);
+
+	return (ssize_t)count;
+}
+
 static int copy_data_forward(struct reenc_ctx *rc, int fd_old, int fd_new,
 			     size_t block_size, void *buf, uint64_t *bytes)
 {
@@ -679,11 +739,11 @@ static int copy_data_forward(struct reenc_ctx *rc, int fd_old, int fd_new,
 		return -EIO;
 
 	while (!quit && rc->device_offset < rc->device_size) {
-		s1 = read(fd_old, buf, block_size);
+		s1 = read_buf(fd_old, buf, block_size);
 		if (s1 < 0 || ((size_t)s1 != block_size &&
 		    (rc->device_offset + s1) != rc->device_size)) {
-			log_dbg("Read error, expecting %d, got %d.",
-				(int)block_size, (int)s1);
+			log_dbg("Read error, expecting %zu, got %zd.",
+				block_size, s1);
 			return -EIO;
 		}
 
@@ -693,8 +753,8 @@ static int copy_data_forward(struct reenc_ctx *rc, int fd_old, int fd_new,
 
 		s2 = write(fd_new, buf, s1);
 		if (s2 < 0) {
-			log_dbg("Write error, expecting %d, got %d.",
-				(int)block_size, (int)s2);
+			log_dbg("Write error, expecting %zu, got %zd.",
+				block_size, s2);
 			return -EIO;
 		}
 
@@ -734,6 +794,9 @@ static int copy_data_backward(struct reenc_ctx *rc, int fd_old, int fd_new,
 	if (write_log(rc) < 0)
 		return -EIO;
 
+	/* dirty the device during ENCRYPT mode */
+	rc->stained = 1;
+
 	while (!quit && rc->device_offset) {
 		if (rc->device_offset < block_size) {
 			working_offset = 0;
@@ -749,17 +812,17 @@ static int copy_data_backward(struct reenc_ctx *rc, int fd_old, int fd_new,
 			return -EIO;
 		}
 
-		s1 = read(fd_old, buf, working_block);
+		s1 = read_buf(fd_old, buf, working_block);
 		if (s1 < 0 || (s1 != working_block)) {
-			log_dbg("Read error, expecting %d, got %d.",
-				(int)block_size, (int)s1);
+			log_dbg("Read error, expecting %zu, got %zd.",
+				block_size, s1);
 			return -EIO;
 		}
 
 		s2 = write(fd_new, buf, working_block);
 		if (s2 < 0) {
-			log_dbg("Write error, expecting %d, got %d.",
-				(int)block_size, (int)s2);
+			log_dbg("Write error, expecting %zu, got %zd.",
+				block_size, s2);
 			return -EIO;
 		}
 
@@ -779,6 +842,41 @@ static int copy_data_backward(struct reenc_ctx *rc, int fd_old, int fd_new,
 	return quit ? -EAGAIN : 0;
 }
 
+static void zero_rest_of_device(int fd, size_t block_size, void *buf,
+				uint64_t *bytes, uint64_t offset)
+{
+	ssize_t s1, s2;
+
+	log_dbg("Zeroing rest of device.");
+
+	if (lseek64(fd, offset, SEEK_SET) < 0) {
+		log_dbg(_("Cannot seek to device offset.\n"));
+		return;
+	}
+
+	memset(buf, 0, block_size);
+	s1 = block_size;
+
+	while (!quit && *bytes) {
+		if (*bytes < (uint64_t)s1)
+			s1 = *bytes;
+
+		s2 = write(fd, buf, s1);
+		if (s2 < 0) {
+			log_dbg("Write error, expecting %zu, got %zd.",
+				block_size, s2);
+			return;
+		}
+
+		if (opt_fsync && fsync(fd) < 0) {
+			log_dbg("Write error, fsync.");
+			return;
+		}
+
+		*bytes -= s2;
+	}
+}
+
 static int copy_data(struct reenc_ctx *rc)
 {
 	size_t block_size = opt_bsize * 1024 * 1024;
@@ -791,23 +889,32 @@ static int copy_data(struct reenc_ctx *rc)
 
 	fd_old = open(rc->crypt_path_org, O_RDONLY | (opt_directio ? O_DIRECT : 0));
 	if (fd_old == -1) {
-		log_err(_("Cannot open temporary LUKS header file.\n"));
+		log_err(_("Cannot open temporary LUKS device.\n"));
 		goto out;
 	}
 
 	fd_new = open(rc->crypt_path_new, O_WRONLY | (opt_directio ? O_DIRECT : 0));
 	if (fd_new == -1) {
-		log_err(_("Cannot open temporary LUKS header file.\n"));
+		log_err(_("Cannot open temporary LUKS device.\n"));
 		goto out;
 	}
 
-	/* Check size */
-	if (ioctl(fd_new, BLKGETSIZE64, &rc->device_size_real) < 0) {
+	if (ioctl(fd_old, BLKGETSIZE64, &rc->device_size_org_real) < 0) {
 		log_err(_("Cannot get device size.\n"));
 		goto out;
 	}
 
-	rc->device_size = opt_device_size ?: rc->device_size_real;
+	if (ioctl(fd_new, BLKGETSIZE64, &rc->device_size_new_real) < 0) {
+		log_err(_("Cannot get device size.\n"));
+		goto out;
+	}
+
+	if (opt_device_size)
+		rc->device_size = opt_device_size;
+	else if (rc->reencrypt_mode == DECRYPT)
+		rc->device_size = rc->device_size_org_real;
+	else
+		rc->device_size = rc->device_size_new_real;
 
 	if (posix_memalign((void *)&buf, alignment(fd_new), block_size)) {
 		log_err(_("Allocation of aligned memory failed.\n"));
@@ -823,9 +930,18 @@ static int copy_data(struct reenc_ctx *rc)
 	else
 		r = copy_data_backward(rc, fd_old, fd_new, block_size, buf, &bytes);
 
-	set_int_block(1);
 	print_progress(rc, bytes, 1);
 
+	/* Zero (wipe) rest of now plain-only device when decrypting.
+	 * (To not leave any sign of encryption here.) */
+	if (!r && rc->reencrypt_mode == DECRYPT &&
+	    rc->device_size_new_real > rc->device_size_org_real) {
+		bytes = rc->device_size_new_real - rc->device_size_org_real;
+		zero_rest_of_device(fd_new, block_size, buf, &bytes, rc->device_size_org_real);
+	}
+
+	set_int_block(1);
+
 	if (r == -EAGAIN)
 		 log_err(_("Interrupted by a signal.\n"));
 	else if (r < 0)
@@ -845,6 +961,7 @@ static int initialize_uuid(struct reenc_ctx *rc)
 {
 	struct crypt_device *cd = NULL;
 	int r;
+	uuid_t device_uuid;
 
 	log_dbg("Initialising UUID.");
 
@@ -853,6 +970,16 @@ static int initialize_uuid(struct reenc_ctx *rc)
 		return 0;
 	}
 
+	if (opt_decrypt && opt_uuid) {
+		r = uuid_parse(opt_uuid, device_uuid);
+		if (!r)
+			rc->device_uuid = strdup(opt_uuid);
+		else
+			log_err(_("Provided UUID is invalid.\n"));
+
+		return r;
+	}
+
 	/* Try to load LUKS from device */
 	if ((r = crypt_init(&cd, rc->device)))
 		return r;
@@ -869,7 +996,7 @@ static int initialize_uuid(struct reenc_ctx *rc)
 }
 
 static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd,
-			    const char *msg, int slot_to_check, int check)
+			    const char *msg, int slot_to_check, int check, int verify)
 {
 	char *password;
 	int r = -EINVAL, retry_count;
@@ -880,11 +1007,15 @@ static int init_passphrase1(struct reenc_ctx *rc, struct crypt_device *cd,
 		set_int_handler(0);
 		r = crypt_get_key(msg, &password, &passwordLen,
 			0, 0, NULL /*opt_key_file*/,
-			0, 0, cd);
+			0, verify, cd);
 		if (r < 0)
 			return r;
-		if (quit)
+		if (quit) {
+			crypt_safe_free(password);
+			password = NULL;
+			passwordLen = 0;
 			return -EAGAIN;
+		}
 
 		/* library uses sigint internally, until it is fixed...*/
 		set_int_block(1);
@@ -966,8 +1097,8 @@ static int initialize_passphrase(struct reenc_ctx *rc, const char *device)
 
 	log_dbg("Passhrases initialization.");
 
-	if (opt_new && !rc->in_progress) {
-		r = init_passphrase1(rc, cd, _("Enter new passphrase: "), opt_key_slot, 0);
+	if (rc->reencrypt_mode == ENCRYPT && !rc->in_progress) {
+		r = init_passphrase1(rc, cd, _("Enter new passphrase: "), opt_key_slot, 0, 1);
 		return r > 0 ? 0 : r;
 	}
 
@@ -986,15 +1117,17 @@ static int initialize_passphrase(struct reenc_ctx *rc, const char *device)
 
 	if (opt_key_file) {
 		r = init_keyfile(rc, cd, opt_key_slot);
-	} else if (rc->in_progress || opt_key_slot != CRYPT_ANY_SLOT) {
-		r = init_passphrase1(rc, cd, msg, opt_key_slot, 1);
+	} else if (rc->in_progress ||
+		   opt_key_slot != CRYPT_ANY_SLOT ||
+		   rc->reencrypt_mode == DECRYPT) {
+		r = init_passphrase1(rc, cd, msg, opt_key_slot, 1, 0);
 	} else for (i = 0; i < MAX_SLOT; i++) {
 		ki = crypt_keyslot_status(cd, i);
 		if (ki != CRYPT_SLOT_ACTIVE && ki != CRYPT_SLOT_ACTIVE_LAST)
 			continue;
 
 		snprintf(msg, sizeof(msg), _("Enter passphrase for key slot %u: "), i);
-		r = init_passphrase1(rc, cd, msg, i, 1);
+		r = init_passphrase1(rc, cd, msg, i, 1, 0);
 		if (r < 0)
 			break;
 	}
@@ -1007,7 +1140,7 @@ static int initialize_context(struct reenc_ctx *rc, const char *device)
 {
 	log_dbg("Initialising reencryption context.");
 
-	rc->log_fd =-1;
+	rc->log_fd = -1;
 
 	if (!(rc->device = strndup(device, PATH_MAX)))
 		return -ENOMEM;
@@ -1047,12 +1180,25 @@ static int initialize_context(struct reenc_ctx *rc, const char *device)
 	}
 
 	if (!rc->in_progress) {
+		if (opt_uuid) {
+			log_err(_("No decryption in progress, provided UUID can "
+			"be used only to resume suspended decryption process.\n"));
+			return -EINVAL;
+		}
+
 		if (!opt_reduce_size)
 			rc->reencrypt_direction = FORWARD;
 		else {
 			rc->reencrypt_direction = BACKWARD;
 			rc->device_offset = (uint64_t)~0;
 		}
+
+		if (opt_new)
+			rc->reencrypt_mode = ENCRYPT;
+		else if (opt_decrypt)
+			rc->reencrypt_mode = DECRYPT;
+		else
+			rc->reencrypt_mode = REENCRYPT;
 	}
 
 	return 0;
@@ -1067,10 +1213,7 @@ static void destroy_context(struct reenc_ctx *rc)
 	close_log(rc);
 	remove_headers(rc);
 
-	if ((rc->reencrypt_direction == FORWARD &&
-	     rc->device_offset == rc->device_size) ||
-	    (rc->reencrypt_direction == BACKWARD &&
-	     (rc->device_offset == 0 || rc->device_offset == (uint64_t)~0))) {
+	if (!rc->stained) {
 		unlink(rc->log_file);
 		unlink(rc->header_file_org);
 		unlink(rc->header_file_new);
@@ -1086,7 +1229,9 @@ static void destroy_context(struct reenc_ctx *rc)
 static int run_reencrypt(const char *device)
 {
 	int r = -EINVAL;
-	struct reenc_ctx rc = {};
+	static struct reenc_ctx rc = {
+		.stained = 1
+	};
 
 	if (initialize_context(&rc, device))
 		goto out;
@@ -1094,16 +1239,25 @@ static int run_reencrypt(const char *device)
 	log_dbg("Running reencryption.");
 
 	if (!rc.in_progress) {
-		if (opt_new) {
-			if ((r = initialize_passphrase(&rc, rc.device)) ||
+		if ((r = initialize_passphrase(&rc, rc.device)))
+			goto out;
+
+		if (rc.reencrypt_mode == ENCRYPT) {
+			/* Create fake header for exising device */
+			if ((r = backup_fake_header(&rc)))
+				goto out;
+		} else {
+			if ((r = backup_luks_headers(&rc)))
+				goto out;
+			/* Create fake header for decrypted device */
+			if (rc.reencrypt_mode == DECRYPT &&
 			    (r = backup_fake_header(&rc)))
-			goto out;
-		} else if ((r = initialize_passphrase(&rc, rc.device)) ||
-			   (r = backup_luks_headers(&rc)) ||
-			   (r = device_check(&rc, MAKE_UNUSABLE)))
-			goto out;
+				goto out;
+			if ((r = device_check(&rc, MAKE_UNUSABLE)))
+				goto out;
+		}
 	} else {
-		if ((r = initialize_passphrase(&rc, rc.header_file_new)))
+		if ((r = initialize_passphrase(&rc, opt_decrypt ? rc.header_file_org : rc.header_file_new)))
 			goto out;
 	}
 
@@ -1117,7 +1271,11 @@ static int run_reencrypt(const char *device)
 	} else
 		log_dbg("Keeping existing key, skipping data area reencryption.");
 
-	r = restore_luks_header(&rc);
+	// FIXME: fix error path above to not skip this
+	if (rc.reencrypt_mode != DECRYPT)
+		r = restore_luks_header(&rc);
+	else
+		rc.stained = 0;
 out:
 	destroy_context(&rc);
 	return r;
@@ -1161,7 +1319,7 @@ int main(int argc, const char **argv)
 		{ "tries",             'T',  POPT_ARG_INT, &opt_tries,                  0, N_("How often the input of the passphrase can be retried"), NULL },
 		{ "use-random",        '\0', POPT_ARG_NONE, &opt_random,                0, N_("Use /dev/random for generating volume key."), NULL },
 		{ "use-urandom",       '\0', POPT_ARG_NONE, &opt_urandom,               0, N_("Use /dev/urandom for generating volume key."), NULL },
-		{ "use-directio",      '\0', POPT_ARG_NONE, &opt_directio,              0, N_("Use direct-io when accesing devices."), NULL },
+		{ "use-directio",      '\0', POPT_ARG_NONE, &opt_directio,              0, N_("Use direct-io when accessing devices."), NULL },
 		{ "use-fsync",         '\0', POPT_ARG_NONE, &opt_fsync,                 0, N_("Use fsync after each block."), NULL },
 		{ "write-log",         '\0', POPT_ARG_NONE, &opt_write_log,             0, N_("Update log file after every block."), NULL },
 		{ "key-slot",          'S',  POPT_ARG_INT, &opt_key_slot,               0, N_("Use only this slot (others will be disabled)."), NULL },
@@ -1169,7 +1327,9 @@ int main(int argc, const char **argv)
 		{ "keyfile-size",      'l',  POPT_ARG_LONG, &opt_keyfile_size,          0, N_("Limits the read from keyfile"), N_("bytes") },
 		{ "reduce-device-size",'\0', POPT_ARG_STRING, &opt_reduce_size_str,     0, N_("Reduce data device size (move data offset). DANGEROUS!"), N_("bytes") },
 		{ "device-size",       '\0', POPT_ARG_STRING, &opt_device_size_str,     0, N_("Use only specified device size (ignore rest of device). DANGEROUS!"), N_("bytes") },
-		{ "new",               'N',  POPT_ARG_NONE,&opt_new,                    0, N_("Create new header on not encrypted device."), NULL },
+		{ "new",               'N',  POPT_ARG_NONE, &opt_new,                   0, N_("Create new header on not encrypted device."), NULL },
+		{ "decrypt",           '\0', POPT_ARG_NONE, &opt_decrypt,               0, N_("Permanently decrypt device (remove encryption)."), NULL },
+		{ "uuid",              '\0', POPT_ARG_STRING, &opt_uuid,                0, N_("The uuid used to resume decryption."), NULL },
 		POPT_TABLEEND
 	};
 	poptContext popt_context;
@@ -1198,12 +1358,10 @@ int main(int argc, const char **argv)
 		exit(EXIT_SUCCESS);
 	}
 
-	if (!opt_batch_mode) {
-		log_std(_("WARNING: this is experimental code, it can completely break your data.\n"));
+	if (!opt_batch_mode)
 		log_verbose(_("Reencryption will change: volume key%s%s%s%s.\n"),
 			opt_hash   ? _(", set hash to ")  : "", opt_hash   ?: "",
 			opt_cipher ? _(", set cipher to "): "", opt_cipher ?: "");
-	}
 
 	action_argv = poptGetArgs(popt_context);
 	if(!action_argv)
@@ -1241,12 +1399,12 @@ int main(int argc, const char **argv)
 		      poptGetInvocationName(popt_context));
 
 	if (opt_device_size_str &&
-	    crypt_string_to_size(NULL, opt_device_size_str, &opt_device_size))
+	    tools_string_to_size(NULL, opt_device_size_str, &opt_device_size))
 		usage(popt_context, EXIT_FAILURE, _("Invalid device size specification."),
 		      poptGetInvocationName(popt_context));
 
 	if (opt_reduce_size_str &&
-	    crypt_string_to_size(NULL, opt_reduce_size_str, &opt_reduce_size))
+	    tools_string_to_size(NULL, opt_reduce_size_str, &opt_reduce_size))
 		usage(popt_context, EXIT_FAILURE, _("Invalid device size specification."),
 		      poptGetInvocationName(popt_context));
 	if (opt_reduce_size > 64 * 1024 * 1024)
@@ -1264,6 +1422,18 @@ int main(int argc, const char **argv)
 		usage(popt_context, EXIT_FAILURE, _("Option --keep-key can be used only with --hash or --iter-time."),
 		      poptGetInvocationName(popt_context));
 
+	if (opt_new && opt_decrypt)
+		usage(popt_context, EXIT_FAILURE, _("Option --new cannot be used together with --decrypt."),
+		      poptGetInvocationName(popt_context));
+
+	if (opt_decrypt && (opt_cipher || opt_hash || opt_reduce_size || opt_keep_key || opt_device_size))
+		usage(popt_context, EXIT_FAILURE, _("Option --decrypt is incompatible with specified parameters."),
+		      poptGetInvocationName(popt_context));
+
+	if (opt_uuid && !opt_decrypt)
+		usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only together with --decrypt."),
+		      poptGetInvocationName(popt_context));
+
 	if (opt_debug) {
 		opt_verbose = 1;
 		crypt_set_debug_level(-1);

src/utils_password.c

@@ -23,7 +23,7 @@
 
 int opt_force_password = 0;
 
-#if ENABLE_PWQUALITY
+#if defined ENABLE_PWQUALITY
 #include <pwquality.h>
 
 static int tools_check_pwquality(const char *password)
@@ -58,12 +58,59 @@ static int tools_check_pwquality(const char *password)
 	pwquality_free_settings(pwq);
 	return r;
 }
-#else /* ENABLE_PWQUALITY */
+#elif defined ENABLE_PASSWDQC
+#include <passwdqc.h>
+
+static int tools_check_pwquality(const char *password)
+{
+	passwdqc_params_t params;
+	char *parse_reason;
+	const char *check_reason;
+	const char *config = PASSWDQC_CONFIG_FILE;
+
+	passwdqc_params_reset(&params);
+
+	if (*config && passwdqc_params_load(&params, &parse_reason, config)) {
+		log_err(_("Cannot check password quality: %s\n"),
+			(parse_reason ? parse_reason : "Out of memory"));
+		free(parse_reason);
+		return -EINVAL;
+	}
+
+	check_reason = passwdqc_check(&params.qc, password, NULL, NULL);
+	if (check_reason) {
+		log_err(_("Password quality check failed: Bad passphrase (%s)\n"),
+			check_reason);
+		return -EPERM;
+	}
+
+	return 0;
+}
+#else /* !(ENABLE_PWQUALITY || ENABLE_PASSWDQC) */
 static int tools_check_pwquality(const char *password)
 {
 	return 0;
 }
-#endif /* ENABLE_PWQUALITY */
+#endif /* ENABLE_PWQUALITY || ENABLE_PASSWDQC */
+
+int tools_is_cipher_null(const char *cipher)
+{
+	if (!cipher)
+		return 0;
+
+	return !strcmp(cipher, "cipher_null") ? 1 : 0;
+}
+
+/*
+ * Keyfile - is standard input treated as a binary file (no EOL handling).
+ */
+int tools_is_stdin(const char *key_file)
+{
+	if (!key_file)
+		return 1;
+
+	return strcmp(key_file, "-") ? 0 : 1;
+}
 
 int tools_get_key(const char *prompt,
 		  char **key, size_t *key_size,

src/utils_tools.c

@@ -1,7 +1,7 @@
 /*
  * cryptsetup - setup cryptographic volumes for dm-crypt
  *
- * Copyright (C) 2004, Christophe Saout <christophe@saout.de>
+ * Copyright (C) 2004, Jana Saout <jana@saout.de>
  * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
  * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
  * Copyright (C) 2009-2014, Milan Broz
@@ -143,6 +143,7 @@ int yesDialog(const char *msg, void *usrptr __attribute__((unused)))
 	if(isatty(STDIN_FILENO) && !opt_batch_mode) {
 		log_std("\nWARNING!\n========\n");
 		log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg);
+		fflush(stdout);
 		if(getline(&answer, &size, stdin) == -1) {
 			r = 0;
 			/* Aborted by signal */
@@ -163,7 +164,7 @@ int yesDialog(const char *msg, void *usrptr __attribute__((unused)))
 
 void show_status(int errcode)
 {
-	char error[256], *error_;
+	char error[256];
 
 	if(!opt_verbose)
 		return;
@@ -175,12 +176,16 @@ void show_status(int errcode)
 
 	crypt_get_error(error, sizeof(error));
 
-	if (!error[0]) {
-		error_ = strerror_r(-errcode, error, sizeof(error));
-		if (error_ != error) {
+	if (*error) {
+#ifdef STRERROR_R_CHAR_P /* GNU-specific strerror_r */
+		char *error_ = strerror_r(-errcode, error, sizeof(error));
+		if (error_ != error)
 			strncpy(error, error_, sizeof(error));
-			error[sizeof(error) - 1] = '\0';
-		}
+#else /* POSIX strerror_r variant */
+		if (strerror_r(-errcode, error, sizeof(error)))
+			*error = '\0';
+#endif
+		error[sizeof(error) - 1] = '\0';
 	}
 
 	log_err(_("Command failed with code %i"), -errcode);
@@ -201,7 +206,7 @@ const char *uuid_or_device(const char *spec)
 		strcpy(device, "/dev/disk/by-uuid/");
 		ptr = &device[strlen(device)];
 		i = uuid_len;
-		while ((s = spec[i++]) && i < PATH_MAX) {
+		while ((s = spec[i++]) && i < (PATH_MAX - 13)) {
 			if (!isxdigit(s) && s != '-')
 				return spec; /* Bail it out */
 			if (isalpha(s))
@@ -257,3 +262,68 @@ int translate_errno(int r)
 	}
 	return r;
 }
+
+/*
+ * Device size string parsing, suffixes:
+ * s|S - 512 bytes sectors
+ * k  |K  |m  |M  |g  |G  |t  |T   - 1024 base
+ * kiB|KiB|miB|MiB|giB|GiB|tiB|TiB - 1024 base
+ * kb |KB |mM |MB |gB |GB |tB |TB  - 1000 base
+ */
+int tools_string_to_size(struct crypt_device *cd, const char *s, uint64_t *size)
+{
+	char *endp = NULL;
+	size_t len;
+	uint64_t mult_base, mult, tmp;
+
+	*size = strtoull(s, &endp, 10);
+	if (!isdigit(s[0]) ||
+	    (errno == ERANGE && *size == ULLONG_MAX) ||
+	    (errno != 0 && *size == 0))
+		return -EINVAL;
+
+	if (!endp || !*endp)
+		return 0;
+
+	len = strlen(endp);
+	/* Allow "B" and "iB" suffixes */
+	if (len > 3 ||
+	   (len == 3 && (endp[1] != 'i' || endp[2] != 'B')) ||
+	   (len == 2 && endp[1] != 'B'))
+		return -EINVAL;
+
+	if (len == 1 || len == 3)
+		mult_base = 1024;
+	else
+		mult_base = 1000;
+
+	mult = 1;
+	switch (endp[0]) {
+	case 's':
+	case 'S': mult = 512;
+		break;
+	case 't':
+	case 'T': mult *= mult_base;
+		 /* Fall through */
+	case 'g':
+	case 'G': mult *= mult_base;
+		 /* Fall through */
+	case 'm':
+	case 'M': mult *= mult_base;
+		 /* Fall through */
+	case 'k':
+	case 'K': mult *= mult_base;
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	tmp = *size * mult;
+	if (*size && (tmp / *size) != mult) {
+		log_dbg("Device size overflow.");
+		return -EINVAL;
+	}
+
+	*size = tmp;
+	return 0;
+}

src/veritysetup.c

@@ -1,8 +1,8 @@
 /*
  * veritysetup - setup cryptographic volumes for dm-verity
  *
- * Copyright (C) 2012-2013, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2013, Milan Broz
+ * Copyright (C) 2012-2016, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2016, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -33,6 +33,9 @@ static uint64_t data_blocks = 0;
 static const char *salt_string = NULL;
 static uint64_t hash_offset = 0;
 static const char *opt_uuid = NULL;
+static int opt_restart_on_corruption = 0;
+static int opt_ignore_corruption = 0;
+static int opt_ignore_zero_blocks = 0;
 
 static int opt_version_mode = 0;
 
@@ -127,6 +130,13 @@ static int _activate(const char *dm_device,
 	if ((r = crypt_init(&cd, hash_device)))
 		goto out;
 
+	if (opt_ignore_corruption)
+		activate_flags |= CRYPT_ACTIVATE_IGNORE_CORRUPTION;
+	if (opt_restart_on_corruption)
+		activate_flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
+	if (opt_ignore_zero_blocks)
+		activate_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
+
 	if (use_superblock) {
 		params.flags = flags;
 		params.hash_area_offset = hash_offset;
@@ -273,6 +283,14 @@ static int action_status(int arg)
 		}
 		log_std("  hash offset: %" PRIu64 " sectors\n",
 			vp.hash_area_offset * vp.hash_block_size / 512);
+
+		if (cad.flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION|
+				 CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|
+				 CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS))
+			log_std("  flags:       %s%s%s\n",
+				(cad.flags & CRYPT_ACTIVATE_IGNORE_CORRUPTION) ? "ignore_corruption " : "",
+				(cad.flags & CRYPT_ACTIVATE_RESTART_ON_CORRUPTION) ? "restart_on_corruption " : "",
+				(cad.flags & CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS) ? "ignore_zero_blocks" : "");
 	}
 out:
 	crypt_free(cd);
@@ -383,6 +401,9 @@ int main(int argc, const char **argv)
 		{ "hash",            'h',  POPT_ARG_STRING, &hash_algorithm, 0, N_("Hash algorithm"), N_("string") },
 		{ "salt",            's',  POPT_ARG_STRING, &salt_string,    0, N_("Salt"), N_("hex string") },
 		{ "uuid",            '\0', POPT_ARG_STRING, &opt_uuid,       0, N_("UUID for device to use."), NULL },
+		{ "restart-on-corruption", 0,POPT_ARG_NONE,&opt_restart_on_corruption, 0, N_("Restart kernel if corruption is detected"), NULL },
+		{ "ignore-corruption", 0,  POPT_ARG_NONE, &opt_ignore_corruption,  0, N_("Ignore corruption, log it only"), NULL },
+		{ "ignore-zero-blocks", 0, POPT_ARG_NONE, &opt_ignore_zero_blocks, 0, N_("Do not verify zeroed blocks"), NULL },
 		POPT_TABLEEND
 	};
 
@@ -468,6 +489,16 @@ int main(int argc, const char **argv)
 		      poptGetInvocationName(popt_context));
 	}
 
+	if ((opt_ignore_corruption || opt_restart_on_corruption || opt_ignore_zero_blocks) && strcmp(aname, "create"))
+		usage(popt_context, EXIT_FAILURE,
+		_("Option --ignore-corruption, --restart-on-corruption or --ignore-zero-blocks is allowed only for create operation.\n"),
+		poptGetInvocationName(popt_context));
+
+	if (opt_ignore_corruption && opt_restart_on_corruption)
+		usage(popt_context, EXIT_FAILURE,
+		_("Option --ignore-corruption and --restart-on-corruption cannot be used together.\n"),
+		poptGetInvocationName(popt_context));
+
 	if (opt_debug) {
 		opt_verbose = 1;
 		crypt_set_debug_level(-1);

tests/Makefile.am

@@ -5,7 +5,9 @@ TESTS = api-test \
 	discards-test \
 	mode-test \
 	password-hash-test \
-	tcrypt-compat-test
+	tcrypt-compat-test \
+	luks1-compat-test \
+	device-test
 
 if VERITYSETUP
 TESTS += verity-compat-test
@@ -16,22 +18,25 @@ TESTS += reencryption-compat-test
 endif
 
 EXTRA_DIST = compatimage.img.bz2 compatv10image.img.bz2 \
-	img_fs_ext4.img.bz2 img_fs_xfs.img.bz2 \
+	img_fs_ext4.img.bz2 img_fs_vfat.img.bz2 img_fs_xfs.img.bz2 \
 	valid_header_file.bz2 \
 	evil_hdr-payload_overwrite.bz2 \
 	evil_hdr-stripes_payload_dmg.bz2 \
 	evil_hdr-luks_hdr_damage.bz2 \
 	evil_hdr-small_luks_device.bz2 \
 	tcrypt-images.tar.bz2 \
+	luks1-images.tar.bz2 \
 	compat-test loopaes-test align-test discards-test mode-test password-hash-test \
 	verity-compat-test \
 	reencryption-compat-test \
 	tcrypt-compat-test \
+	luks1-compat-test \
+	device-test \
 	cryptsetup-valg-supps valg.sh valg-api.sh
 
 CLEANFILES = cryptsetup-tst* valglog*
 clean-local:
-	-rm -rf tcrypt-images
+	-rm -rf tcrypt-images luks1-images
 
 differ_SOURCES = differ.c
 differ_CFLAGS = $(AM_CFLAGS) -Wall -O2

tests/align-test

@@ -14,8 +14,10 @@ cleanup() {
 	    rmdir $MNT_DIR 2>/dev/null
 	fi
 	[ -b /dev/mapper/$DEV_STACKED ] && dmsetup remove $DEV_STACKED >/dev/null 2>&1
+	# FIXME scsi_debug sometimes in-use here
+	sleep 1
 	rmmod scsi_debug 2>/dev/null
-	sleep 2
+	sleep 1
 }
 
 fail()
@@ -40,7 +42,7 @@ add_device() {
 	fi
 
 	sleep 2
-	DEV=$(grep scsi_debug /sys/block/*/device/model | cut -f4 -d /)
+	DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
 
 	if [ ! -e /sys/block/$DEV/alignment_offset ] ; then
 		echo "This kernel seems to not support topology info, test skipped."
@@ -87,10 +89,10 @@ format_null()
 {
 	if [ $3 -eq 0 ] ; then
 		echo -n "Formatting using topology info ($1 bits key) [slot 0"
-		echo $PWD1 | $CRYPTSETUP luksFormat $DEV -q -i1 -c null -s $1
+		echo | $CRYPTSETUP luksFormat $DEV -q -i1 -c null -s $1
 	else
 		echo -n "Formatting using forced sector alignment $3 ($1 bits key) [slot 0"
-		echo $PWD1 | $CRYPTSETUP luksFormat $DEV -q -i1 -c null -s $1 --align-payload=$3
+		echo | $CRYPTSETUP luksFormat $DEV -q -i1 -c null -s $1 --align-payload=$3
 	fi
 
 	POFF=$(get_offsets "Payload offset")
@@ -98,7 +100,7 @@ format_null()
 	[ $POFF != $2 ] && fail "Expected data offset differs: expected $2 != detected $POFF"
 	if [ -n "$4" ] ; then
 		for j in 1 2 3 4 5 6 7 ; do
-			echo -e "$PWD1\n$PWD2$j" | $CRYPTSETUP luksAddKey $DEV -q -i1 --key-slot $j -c null $PARAMS
+			echo -e "\n" | $CRYPTSETUP luksAddKey $DEV -q -i1 --key-slot $j -c null $PARAMS
 			echo -n $j
 			[ $? -ne 0 ] && fail
 		done
@@ -141,7 +143,7 @@ cleanup
 
 echo "# Create enterprise-class 4K drive"
 echo "# (logical_block_size=4096, physical_block_size=4096, alignment_offset=0)"
-add_device dev_size_mb=16 sector_size=4096 num_tgts=1
+add_device dev_size_mb=16 sector_size=4096 num_tgts=1 opt_blks=64
 format 256 4096
 format 256 2560 8
 format 128 2048
@@ -187,7 +189,7 @@ format_null 512 4096 2048
 cleanup
 
 echo "# Offset check: 4096B sector drive"
-add_device dev_size_mb=16 sector_size=4096 num_tgts=1
+add_device dev_size_mb=16 sector_size=4096 num_tgts=1 opt_blks=64
 format_null  64 2048    0 8:72:136:200:264:328:392:456
 format_null  64  520    1
 format_null  64  520    8
@@ -213,7 +215,7 @@ cleanup
 echo "# Create enterprise-class 4K drive with fs and LUKS images."
 # loop device here presents 512 block but images have 4k block
 # cryptsetup should properly use 4k block on direct-io
-add_device dev_size_mb=16 sector_size=4096 physblk_exp=0 num_tgts=1
+add_device dev_size_mb=16 sector_size=4096 physblk_exp=0 num_tgts=1 opt_blks=64
 for file in $(ls img_fs_*.img.bz2) ; do
     echo "Format using fs image $file."
     bzip2 -d -c $file | dd of=$DEV bs=1M 2>/dev/null || fail "bad image"

tests/api-test.c

@@ -2,7 +2,7 @@
  * cryptsetup library API check functions
  *
  * Copyright (C) 2009-2013 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2013, Milan Broz
+ * Copyright (C) 2009-2014, Milan Broz
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -975,8 +975,11 @@ static void SuspendDevice(void)
 	suspend_status = crypt_suspend(cd, CDEVICE_1);
 	if (suspend_status == -ENOTSUP) {
 		printf("WARNING: Suspend/Resume not supported, skipping test.\n");
-		goto out;
+		OK_(crypt_deactivate(cd, CDEVICE_1));
+		crypt_free(cd);
+		return;
 	}
+
 	OK_(suspend_status);
 	FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
 
@@ -990,10 +993,30 @@ static void SuspendDevice(void)
 	FAIL_(crypt_resume_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 1, 0), "wrong key");
 	OK_(crypt_resume_by_keyfile_offset(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0, 0));
 	FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1, 0), "not suspended");
-	_remove_keyfiles();
-out:
 	OK_(crypt_deactivate(cd, CDEVICE_1));
 	crypt_free(cd);
+
+	/* create LUKS device with detached header */
+	OK_(crypt_init(&cd, DEVICE_1));
+	OK_(crypt_load(cd, CRYPT_LUKS1, NULL));
+	OK_(crypt_set_data_device(cd, DEVICE_2));
+	OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
+	crypt_free(cd);
+
+	/* Should be able to suspend but not resume if not header specified */
+	OK_(crypt_init_by_name(&cd, CDEVICE_1));
+	OK_(crypt_suspend(cd, CDEVICE_1));
+	FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
+	FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "no header");
+	crypt_free(cd);
+
+	OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DEVICE_1));
+	OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
+
+	OK_(crypt_deactivate(cd, CDEVICE_1));
+	crypt_free(cd);
+
+	_remove_keyfiles();
 }
 
 static void AddDeviceLuks(void)
@@ -1095,6 +1118,14 @@ static void AddDeviceLuks(void)
 	OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
 	FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params), "Context is already formated");
 	EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+	crypt_free(cd);
+	// check active status without header
+	OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, NULL));
+	EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
+	OK_(!!crypt_get_type(cd));
+	OK_(strcmp(cipher, crypt_get_cipher(cd)));
+	OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
+	EQ_((int)key_size, crypt_get_volume_key_size(cd));
 	OK_(crypt_deactivate(cd, CDEVICE_1));
 	crypt_free(cd);
 
@@ -1777,6 +1808,8 @@ static void VerityTest(void)
 	/* hash fail */
 	root_hash[1] = ~root_hash[1];
 	OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, root_hash, 32, CRYPT_ACTIVATE_READONLY));
+	/* Be sure there was some read activity to mark device corrupted. */
+	_system("blkid " DMDIR CDEVICE_1, 0);
 	OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 	EQ_(CRYPT_ACTIVATE_READONLY|CRYPT_ACTIVATE_CORRUPTED, cad.flags);
 	OK_(crypt_deactivate(cd, CDEVICE_1));
@@ -1785,6 +1818,7 @@ static void VerityTest(void)
 	/* data fail */
 	OK_(crypt_set_data_device(cd, DEVICE_1));
 	OK_(crypt_activate_by_volume_key(cd, CDEVICE_1, root_hash, 32, CRYPT_ACTIVATE_READONLY));
+	_system("blkid " DMDIR CDEVICE_1, 0);
 	OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
 	EQ_(CRYPT_ACTIVATE_READONLY|CRYPT_ACTIVATE_CORRUPTED, cad.flags);
 	OK_(crypt_deactivate(cd, CDEVICE_1));

tests/compat-test

@@ -229,7 +229,7 @@ echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
 
 # Key Slot 1 and key material section 1 must change, the rest must not
 prepare "[9] add key test for key files"
-echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV $KEY1 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV $KEY1 || fail
 check "$KEY_SLOT1 $KEY_MATERIAL1"
 $CRYPTSETUP -d $KEY1 luksOpen $LOOPDEV $DEV_NAME || fail
 
@@ -263,33 +263,33 @@ $CRYPTSETUP -q luksClose  $DEV_NAME || fail
 prepare	"[14] format/open - passphrase on stdin & new line" wipe
 # stdin defined by "-" must take even newline
 #echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksFormat $LOOPDEV - || fail
-echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksFormat $LOOPDEV || fail
+echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -i1 -q --key-file=- luksFormat $LOOPDEV || fail
 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
 # now also try --key-file
-echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksFormat $LOOPDEV --key-file=- || fail
+echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -i1 -q luksFormat $LOOPDEV --key-file=- || fail
 echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q --key-file=- luksOpen $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
 # process newline if from stdin
-echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
+echo -n -e "$PWD1\n$PWD2" | $CRYPTSETUP -i1 -q luksFormat $LOOPDEV || fail
 echo "$PWD1" | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
 
 prepare "[15] UUID - use and report provided UUID" wipe
-echo $PWD1 | $CRYPTSETUP -q luksFormat --uuid blah $LOOPDEV 2>/dev/null && fail
-echo $PWD1 | $CRYPTSETUP -q luksFormat --uuid $TEST_UUID $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat -i1 --uuid blah $LOOPDEV 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat -i1 --uuid $TEST_UUID $LOOPDEV || fail
 tst=$($CRYPTSETUP -q luksUUID $LOOPDEV)
 [ "$tst"x = "$TEST_UUID"x ] || fail
-echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat -i1 $LOOPDEV || fail
 $CRYPTSETUP -q luksUUID --uuid $TEST_UUID $LOOPDEV || fail
 tst=$($CRYPTSETUP -q luksUUID $LOOPDEV)
 [ "$tst"x = "$TEST_UUID"x ] || fail
 
 prepare "[16] luksFormat" wipe
-echo $PWD1 | $CRYPTSETUP -q luksFormat --master-key-file /dev/urandom $LOOPDEV || fail
-echo $PWD1 | $CRYPTSETUP -q luksFormat --master-key-file /dev/urandom $LOOPDEV -d $KEY1 || fail
-$CRYPTSETUP -q luksFormat --master-key-file /dev/urandom -s 256 --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat -i1 --master-key-file /dev/urandom $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat -i1 --master-key-file /dev/urandom $LOOPDEV -d $KEY1 || fail
+$CRYPTSETUP -q luksFormat -i1 --master-key-file /dev/urandom -s 256 --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
 $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
 # open by UUID
@@ -298,37 +298,56 @@ $CRYPTSETUP luksOpen -d $KEY1 UUID=X$TEST_UUID $DEV_NAME 2>/dev/null && fail
 $CRYPTSETUP luksOpen -d $KEY1 UUID=$TEST_UUID $DEV_NAME || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
 # empty keyfile
-$CRYPTSETUP -q luksFormat $LOOPDEV $KEYE || fail
+$CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEYE || fail
 $CRYPTSETUP luksOpen -d $KEYE $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
 # open by volume key
-echo $PWD1 | $CRYPTSETUP -q luksFormat -s 256 --master-key-file $KEY1 $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat -i1 -s 256 --master-key-file $KEY1 $LOOPDEV || fail
 $CRYPTSETUP luksOpen --master-key-file /dev/urandom $LOOPDEV $DEV_NAME 2>/dev/null && fail
 $CRYPTSETUP luksOpen --master-key-file $KEY1 $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP -q luksClose  $DEV_NAME || fail
 
 prepare "[17] AddKey volume key, passphrase and keyfile" wipe
 # masterkey
-echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV --master-key-file /dev/zero --key-slot 3 || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat -i1 $LOOPDEV --master-key-file /dev/zero --key-slot 3 || fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
-echo $PWD2 | $CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/zero --key-slot 4 || fail
+echo $PWD2 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV --master-key-file /dev/zero --key-slot 4 || fail
+echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 4 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
-echo $PWD3 | $CRYPTSETUP luksAddKey $LOOPDEV --master-key-file /dev/null --key-slot 5 2>/dev/null && fail
+echo $PWD3 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV --master-key-file /dev/null --key-slot 5 2>/dev/null && fail
+$CRYPTSETUP luksAddKey -i1 $LOOPDEV --master-key-file /dev/zero --key-slot 5 $KEY1 || fail
+$CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 5 -d $KEY1 || fail
+$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail
+
+# special "-" handling
+$CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY1 --key-slot 3 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV -d $KEY1 - || fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - --test-passphrase || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV -d - $KEY2 || fail
+$CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase || fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d - -d $KEY1 --test-passphrase 2>/dev/null && fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV -d $KEY1 -d $KEY1 --test-passphrase 2>/dev/null && fail
+
 # [0]PWD1 [1]PWD2 [2]$KEY1/1 [3]$KEY1 [4]$KEY2
-$CRYPTSETUP -q luksFormat $LOOPDEV $KEY1 --key-slot 3 || fail
+$CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY1 --key-slot 3 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 3: ENABLED" || fail
-$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail
+$CRYPTSETUP luksAddKey $LOOPDEV -i1 -d $KEY1 $KEY2 --key-slot 3 2>/dev/null && fail
 # keyfile/keyfile
-$CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 --key-slot 4 || fail
+$CRYPTSETUP luksAddKey $LOOPDEV -i1 -d $KEY1 $KEY2 --key-slot 4 || fail
+$CRYPTSETUP luksOpen $LOOPDEV -d $KEY2 --test-passphrase --key-slot 4 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: ENABLED" || fail
 # passphrase/keyfile
-echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 --key-slot 0 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV -d $KEY1 --key-slot 0 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail
+echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 || fail
 # passphrase/passphrase
-echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey $LOOPDEV --key-slot 1 || fail
+echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksAddKey -i1 $LOOPDEV --key-slot 1 || fail
+echo $PWD2 | $CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 1 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail
 # keyfile/passphrase
-echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 1 || fail
+echo -e "$PWD2\n" | $CRYPTSETUP luksAddKey -i1 $LOOPDEV $KEY1 --key-slot 2 --new-keyfile-size 1 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail
 
 prepare "[18] RemoveKey passphrase and keyfile" reuse
@@ -338,6 +357,12 @@ $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY1 2>/dev/null && fail
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 --keyfile-size 1 2>/dev/null && fail
 $CRYPTSETUP luksRemoveKey $LOOPDEV $KEY2 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 4: DISABLED" || fail
+# if password or keyfile is provided, batch mode must not suppress it
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 2>/dev/null && fail
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 -q 2>/dev/null && fail
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- 2>/dev/null && fail
+echo "badpw" | $CRYPTSETUP luksKillSlot $LOOPDEV 2 --key-file=- -q 2>/dev/null && fail
+$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: ENABLED" || fail
 # kill slot using passphrase from 1
 echo $PWD2 | $CRYPTSETUP luksKillSlot $LOOPDEV 2 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 2: DISABLED" || fail
@@ -358,6 +383,10 @@ $CRYPTSETUP -q resize  $DEV_NAME --size 100 || fail
 $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
 $CRYPTSETUP -q resize  $DEV_NAME || fail
 $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "19997 sectors" || fail
+# Resize underlying loop device as well
+truncate -s 16M $IMG || fail
+$CRYPTSETUP -q resize  $DEV_NAME || fail
+$CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "32765 sectors" || fail
 $CRYPTSETUP -q remove  $DEV_NAME || fail
 $CRYPTSETUP -q status  $DEV_NAME >/dev/null && fail
 echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
@@ -392,8 +421,8 @@ echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME2 2>/dev/null && fail
 $CRYPTSETUP  luksClose  $DEV_NAME || fail
 
 prepare "[21] luksDump" wipe
-echo $PWD1 | $CRYPTSETUP -q luksFormat --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
-echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat -i1 --uuid $TEST_UUID $LOOPDEV $KEY1 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -i1 $LOOPDEV -d $KEY1 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: ENABLED" || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q $TEST_UUID || fail
 echo $PWDW | $CRYPTSETUP luksDump $LOOPDEV --dump-master-key 2>/dev/null && fail
@@ -402,7 +431,7 @@ $CRYPTSETUP luksDump -q $LOOPDEV --dump-master-key -d $KEY1 | grep -q "MK dump:"
 
 prepare "[22] remove disappeared device" wipe
 dmsetup create $DEV_NAME --table "0 5000 linear $LOOPDEV 2" || fail
-echo $PWD1 | $CRYPTSETUP -q -i 0 luksFormat /dev/mapper/$DEV_NAME || fail
+echo $PWD1 | $CRYPTSETUP -q -i1 luksFormat /dev/mapper/$DEV_NAME || fail
 echo $PWD1 | $CRYPTSETUP -q luksOpen /dev/mapper/$DEV_NAME $DEV_NAME2 || fail
 # underlying device now returns error but node is still present
 dmsetup load $DEV_NAME --table "0 5000 error" || fail
@@ -412,17 +441,17 @@ dmsetup remove $DEV_NAME || fail
 
 prepare "[23] ChangeKey passphrase and keyfile" wipe
 # [0]$KEY1 [1]key0
-$CRYPTSETUP -q luksFormat $LOOPDEV $KEY1 --key-slot 0 || fail
-echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 --key-slot 1 || fail
+$CRYPTSETUP -q luksFormat $LOOPDEV $KEY1 -i1 --key-slot 0 || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey $LOOPDEV -i1 -d $KEY1 --key-slot 1 || fail
 # keyfile [0] / keyfile [0]
-$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 --key-slot 0 || fail
+$CRYPTSETUP luksChangeKey $LOOPDEV -i1 -d $KEY1 $KEY2 --key-slot 0 || fail
 # passphrase [1] / passphrase [1]
-echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $LOOPDEV --key-slot 1 || fail
+echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $LOOPDEV -i1 --key-slot 1 || fail
 # keyfile [0] / keyfile [new]
-$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY2 $KEY1 || fail
+$CRYPTSETUP luksChangeKey $LOOPDEV -i1 -d $KEY2 $KEY1 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 0: DISABLED" || fail
 # passphrase [1] / passphrase [new]
-echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey $LOOPDEV || fail
+echo -e "$PWD2\n$PWD1\n" | $CRYPTSETUP luksChangeKey -i1 $LOOPDEV || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail
 # use all slots
 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -i 1 || fail
@@ -432,8 +461,8 @@ $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -i 1 || fail
 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -i 1 || fail
 $CRYPTSETUP luksAddKey $LOOPDEV -d $KEY1 $KEY2 -i 1 || fail
 # still allows replace
-$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 || fail
-$CRYPTSETUP luksChangeKey $LOOPDEV -d $KEY1 $KEY2 2>/dev/null && fail
+$CRYPTSETUP luksChangeKey $LOOPDEV -i1 -d $KEY1 $KEY2 || fail
+$CRYPTSETUP luksChangeKey $LOOPDEV -i1 -d $KEY1 $KEY2 2>/dev/null && fail
 
 prepare "[24] Keyfile limit" wipe
 $CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY1 --key-slot 0 -l 13 || fail
@@ -488,7 +517,7 @@ $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
 $CRYPTSETUP -q remove  $DEV_NAME || fail
 $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail
 # LUKS
-echo $PWD1 | $CRYPTSETUP -q luksFormat $LOOPDEV || fail
+echo $PWD1 | $CRYPTSETUP -q luksFormat -i1 $LOOPDEV || fail
 echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP luksSuspend $DEV_NAME || fail
 $CRYPTSETUP -q resize  $DEV_NAME 2>/dev/null && fail
@@ -498,14 +527,14 @@ $CRYPTSETUP -q luksClose $DEV_NAME || fail
 
 prepare "[27] luksOpen with specified key slot number" wipe
 # first, let's try passphrase option
-echo $PWD3 | $CRYPTSETUP luksFormat -S 5 $LOOPDEV || fail
+echo $PWD3 | $CRYPTSETUP luksFormat -i1 -S 5 $LOOPDEV || fail
 check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5
 echo $PWD3 | $CRYPTSETUP luksOpen -S 4 $LOOPDEV $DEV_NAME && fail
 [ -b /dev/mapper/$DEV_NAME ] && fail
 echo $PWD3 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME || fail
 check_exists
 $CRYPTSETUP luksClose $DEV_NAME || fail
-echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey -S 0 $LOOPDEV || fail
+echo -e "$PWD3\n$PWD1" | $CRYPTSETUP luksAddKey -i1 -S 0 $LOOPDEV || fail
 check $LUKS_HEADER $KEY_SLOT0 $KEY_MATERIAL0
 echo $PWD3 | $CRYPTSETUP luksOpen -S 0 $LOOPDEV $DEV_NAME && fail
 [ -b /dev/mapper/$DEV_NAME ] && fail
@@ -514,7 +543,7 @@ echo $PWD1 | $CRYPTSETUP luksOpen -S 5 $LOOPDEV $DEV_NAME && fail
 # second, try it with keyfiles
 $CRYPTSETUP luksFormat -q -S 5 -d $KEY5 $LOOPDEV || fail
 check $LUKS_HEADER $KEY_SLOT5 $KEY_MATERIAL5
-$CRYPTSETUP luksAddKey -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
+$CRYPTSETUP luksAddKey -i1 -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
 check $LUKS_HEADER $KEY_SLOT1 $KEY_MATERIAL1
 $CRYPTSETUP luksOpen -S 5 -d $KEY5 $LOOPDEV $DEV_NAME || fail
 check_exists
@@ -533,9 +562,15 @@ echo $PWD1 | $CRYPTSETUP luksFormat -i1 $LOOPDEV --header $HEADER_IMG --align-pa
 echo $PWD1 | $CRYPTSETUP luksOpen $LOOPDEV --header $HEADER_IMG $DEV_NAME || fail
 $CRYPTSETUP -q resize  $DEV_NAME --size 100 --header $HEADER_IMG || fail
 $CRYPTSETUP -q status  $DEV_NAME --header $HEADER_IMG | grep "size:" | grep -q "100 sectors" || fail
+$CRYPTSETUP -q status  $DEV_NAME | grep "type:" | grep -q "n/a" || fail
+$CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
 $CRYPTSETUP luksSuspend $DEV_NAME --header $HEADER_IMG || fail
 echo $PWD1 | $CRYPTSETUP luksResume $DEV_NAME --header $HEADER_IMG || fail
 $CRYPTSETUP luksClose $DEV_NAME || fail
+echo $PWD1 | $CRYPTSETUP luksAddKey -i1 -S 5 _fakedev_ --header $HEADER_IMG $KEY5 || fail
+$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: ENABLED" || fail
+$CRYPTSETUP luksKillSlot -q _fakedev_ --header $HEADER_IMG 5 || fail
+$CRYPTSETUP luksDump _fakedev_ --header $HEADER_IMG | grep -q "Key Slot 5: DISABLED" || fail
 
 prepare "[29] Repair metadata" wipe
 $CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY1 --key-slot 0 || fail
@@ -548,7 +583,7 @@ $CRYPTSETUP luksClose $DEV_NAME || fail
 
 prepare "[30] LUKS erase" wipe
 $CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY5 --key-slot 5 || fail
-$CRYPTSETUP luksAddKey -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
+$CRYPTSETUP luksAddKey -i1 -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail
 $CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail
 $CRYPTSETUP luksErase -q $LOOPDEV || fail

tests/device-test

@@ -0,0 +1,86 @@
+#!/bin/bash
+
+CRYPTSETUP="../src/cryptsetup"
+MNT_DIR="./mnt_luks"
+DEV_NAME="dummy"
+PWD1="93R4P4pIqAH8"
+PWD2="mymJeD8ivEhE"
+
+cleanup() {
+	[ -b /dev/mapper/$DEV_NAME ] && dmsetup remove $DEV_NAME
+	udevadm settle >/dev/null 2>&1
+	if [ -d "$MNT_DIR" ] ; then
+	    umount -f $MNT_DIR 2>/dev/null
+	    rmdir $MNT_DIR 2>/dev/null
+	fi
+	sleep 2
+}
+
+fail()
+{
+	if [ -n "$1" ] ; then echo "FAIL $1" ; else echo "FAIL" ; fi
+	cleanup
+	exit 100
+}
+
+skip()
+{
+	echo "TEST SKIPPED: $1"
+	cleanup
+	exit 0
+}
+
+format() # key_bits expected [forced]
+{
+	dd if=/dev/zero of=$DEV bs=1M count=5 >/dev/null 2>&1
+
+	echo $PWD1 | $CRYPTSETUP luksFormat $DEV -q -i1 -c aes-cbc-essiv:sha256
+	[ $? -ne 0 ] && fail "Format failed."
+
+	# test some operation, just in case
+	echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $DEV -i1 --key-slot 1
+	[ $? -ne 0 ] && fail "Keyslot add failed."
+
+	$CRYPTSETUP -q luksKillSlot $DEV 1
+	[ $? -ne 0 ] && fail "Keyslot removal failed."
+}
+
+if [ $(id -u) != 0 ]; then
+	echo "WARNING: You must be root to run this test, test skipped."
+	exit 0
+fi
+
+[ ! -d $MNT_DIR ] && mkdir $MNT_DIR
+
+echo "[1] Using tmpfs for image"
+DEV="$MNT_DIR/test.img"
+mount -t tmpfs none $MNT_DIR || skip "Mounting tmpfs not available."
+format
+
+echo "[2] Kernel dmcrypt performace options"
+echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt >/dev/null 2>&1
+if [ $? -ne 0 ] ; then
+	echo "TEST SKIPPED: dmcrypt options not available"
+else
+	$CRYPTSETUP close $DEV_NAME || fail
+	# plain
+	echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
+	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+	$CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
+	$CRYPTSETUP close $DEV_NAME || fail
+	echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
+	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+	$CRYPTSETUP status $DEV_NAME | grep -q discards || fail
+	$CRYPTSETUP close $DEV_NAME || fail
+	# LUKS
+	echo -e "$PWD1" | $CRYPTSETUP open --type luks1 $DEV $DEV_NAME --perf-same_cpu_crypt --perf-submit_from_crypt_cpus || fail
+	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+	$CRYPTSETUP status $DEV_NAME | grep -q submit_from_crypt_cpus || fail
+	$CRYPTSETUP close $DEV_NAME || fail
+	echo -e "$PWD1" | $CRYPTSETUP open --type luks1 $DEV $DEV_NAME --perf-same_cpu_crypt --allow-discards || fail
+	$CRYPTSETUP status $DEV_NAME | grep -q same_cpu_crypt || fail
+	$CRYPTSETUP status $DEV_NAME | grep -q discards || fail
+	$CRYPTSETUP close $DEV_NAME || fail
+fi
+
+cleanup

tests/discards-test

@@ -27,7 +27,7 @@ add_device() {
 	fi
 
 	sleep 2
-	DEV=$(grep scsi_debug /sys/block/*/device/model | cut -f4 -d /)
+	DEV=$(grep -l -e scsi_debug /sys/block/*/device/model | cut -f4 -d /)
 
 	DEV="/dev/$DEV"
 	[ -b $DEV ] || fail "Cannot find $DEV."

tests/luks1-compat-test

@@ -0,0 +1,84 @@
+#!/bin/bash
+
+# check luks1 images parsing
+
+# NOTE: if image with whirlpool hash fails, check
+# that you are not using old gcrypt with flawed whirlpool
+# (see cryptsetup debug output)
+
+CRYPTSETUP=../src/cryptsetup
+TST_DIR=luks1-images
+MAP=luks1tst
+KEYFILE=keyfile1
+
+function remove_mapping()
+{
+	[ -b /dev/mapper/$MAP ] && dmsetup remove $MAP
+}
+
+function fail()
+{
+	[ -n "$1" ] && echo "$1"
+	echo " [FAILED]"
+	remove_mapping
+	exit 2
+}
+
+function skip()
+{
+	[ -n "$1" ] && echo "$1"
+	echo "Test skipped."
+	exit 0
+}
+
+function test_one()
+{
+	$CRYPTSETUP benchmark -c "$1" -s "$2" | grep -v "#" || skip
+}
+
+function test_required()
+{
+	which lsblk >/dev/null 2>&1 || skip "WARNING: lsblk tool required."
+
+	echo "REQUIRED KDF TEST"
+	$CRYPTSETUP benchmark -h whirlpool | grep "N/A" && skip
+
+	echo "REQUIRED CIPHERS TEST"
+	echo "#  Algorithm | Key |  Encryption |  Decryption"
+
+	test_one aes-xts 256
+	test_one twofish-xts 256
+	test_one serpent-xts 256
+	test_one aes-cbc 256
+	test_one aes-lrw 256
+}
+
+export LANG=C
+
+if [ $(id -u) != 0 ]; then
+	echo "WARNING: You must be root to run activation part of test, test skipped."
+	exit 0
+fi
+
+test_required
+[ ! -d $TST_DIR ] && tar xjf luks1-images.tar.bz2 --no-same-owner
+
+echo "ACTIVATION FS UUID CHECK"
+for file in $(ls $TST_DIR/luks1_*) ; do
+	echo -n " $file"
+	$CRYPTSETUP luksOpen -d $TST_DIR/$KEYFILE $file $MAP 2>/dev/null
+	ret=$?
+	# ignore missing whirlpool (pwd failed is exit code 2)
+	[ $ret -eq 1 ] && (echo $file | grep -q -e "whirlpool") && echo " [N/A]" && continue
+	# ignore flawed whirlpool (pwd failed is exit code 2)
+	[ $ret -eq 2 ] && (echo $file | grep -q -e "whirlpool") && \
+		($CRYPTSETUP luksDump $file --debug | grep -q -e "flawed whirlpool") && \
+		echo " [IGNORED (flawed Whirlpool library)]" && continue
+	[ $ret -ne 0 ] && fail
+	$CRYPTSETUP status $MAP >/dev/null || fail
+	$CRYPTSETUP status /dev/mapper/$MAP >/dev/null || fail
+	UUID=$(lsblk -n -o UUID /dev/mapper/$MAP)
+	$CRYPTSETUP remove $MAP || fail
+	[ "$UUID" != "DEAD-BABE" ] && fail "UUID check failed."
+	echo " [OK]"
+done

tests/mode-test

@@ -6,6 +6,7 @@ CRYPTSETUP=../src/cryptsetup
 DEV_NAME=dmc_test
 HEADER_IMG=mode-test.img
 PASSWORD=3xrododenron
+PASSWORD1=$PASSWORD
 
 # cipher-chainmode-ivopts:ivmode
 CIPHERS="aes twofish serpent"
@@ -52,7 +53,7 @@ add_device() {
 dmcrypt_check() # device outstring
 {
 	X=$(dmsetup table $1 2>/dev/null | sed 's/.*: //' | cut -d' '  -f 4)
-	if [ $X = $2 ] ; then
+	if [ "$X" = $2 ] ; then
 		echo -n "[table OK]"
 	else
 		echo "[table FAIL]"
@@ -65,7 +66,7 @@ dmcrypt_check() # device outstring
 		echo -n "[status OK]"
 	else
 		echo "[status FAIL]"
-		echo " Expecting $2 got $X."
+		echo " Expecting $2 got \"$X\"."
 		fail
 	fi
 
@@ -134,10 +135,12 @@ dmcrypt aes aes-cbc-plain
 dmcrypt aes-plain aes-cbc-plain
 
 # empty cipher
+PASSWORD=""
 dmcrypt null cipher_null-ecb
 dmcrypt cipher_null cipher_null-cbc-plain
 dmcrypt cipher_null-ecb
 
+PASSWORD=$PASSWORD1
 # codebook doesn't support IV at all
 for cipher in $CIPHERS ; do
 	dmcrypt "$cipher-ecb"

tests/password-hash-test

@@ -26,13 +26,14 @@ function fail()
         cleanup 2
 }
 
-crypt_key() # hash keysize pwd/file name outkey [limit]
+crypt_key() # hash keysize pwd/file name outkey [limit] [offset]
 {
 	DEV2=$DEV_NAME"_x"
 	LIMIT=""
 	MODE=aes-cbc-essiv:sha256
 	[ $2 -gt 256 ] && MODE=aes-xts-plain
 	[ -n "$6" ] && LIMIT="-l $6"
+	[ -n "$7" ] && LIMIT="$LIMIT --keyfile-offset $7"
 
 	echo -n "HASH: $1 KSIZE: $2 / $3"
 	case "$3" in
@@ -52,8 +53,12 @@ crypt_key() # hash keysize pwd/file name outkey [limit]
 		cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
 		ret=$?
 		;;
+	cat-)
+		cat $4 | $CRYPTSETUP create -c $MODE -h $1 -s $2 $LIMIT $DEV2 -d - /dev/mapper/$DEV_NAME 2>/dev/null
+		ret=$?
+		;;
 	file)
-		$CRYPTSETUP create -c $MODE -d $4 -h $1 -s $2 $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
+		$CRYPTSETUP create -q -c $MODE -d $4 -h $1 -s $2 $DEV2 /dev/mapper/$DEV_NAME 2>/dev/null
 		ret=$?
 		;;
 	failpwd)
@@ -126,6 +131,7 @@ echo -n -e "0123456789abcdef\n\x01\x00\x03\xff\xff\r\xff\xff\n\r" \
 	   "2352j3rkjhadcfasc823rqaw7e1 3dq sdq3d 2dkjqw3h2=====" >$KEY_FILE
 KEY_FILE_HEX="303132333435363738396162636465660a010003ffff0dffff0a0d20323335326a33726b6a686164636661736338323372716177376531203364712073647133"
 
+# ignore hash if keyfile is specified
 crypt_key ripemd160 256 file $KEY_FILE ${KEY_FILE_HEX:0:64}
 crypt_key sha256    256 file $KEY_FILE ${KEY_FILE_HEX:0:64}
 crypt_key sha256    128 file $KEY_FILE ${KEY_FILE_HEX:0:32}
@@ -134,8 +140,22 @@ crypt_key sha256    512 file $KEY_FILE $KEY_FILE_HEX
 # stdin can be limited
 crypt_key plain     128 cat /dev/zero 00000000000000000000000000000000 16
 crypt_key plain     128 cat /dev/zero 00000000000000000000000000000000 17
+
+# read key only up to \n
 crypt_key plain     128 cat $KEY_FILE ${KEY_FILE_HEX:0:28}0000 14
 
+# read full key, ignore keyfile length
+crypt_key plain     128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32}
+crypt_key plain     128 cat- $KEY_FILE ${KEY_FILE_HEX:0:32} 14
+
+# but do not ignore hash if keysgfile is "-"
+crypt_key sha256    128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5
+crypt_key sha256    128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 0
+crypt_key sha256    128 cat- $KEY_FILE f3b827c8a6f159ad8c8ed5bd5ab3f8c5 80
+crypt_key sha256    128 cat- $KEY_FILE a82c9227cc54c7475620ce85ba1fca1e 14
+crypt_key sha256    128 cat- $KEY_FILE 7df3f4a41a33805596be85c781cac3b4 14 2
+crypt_key sha256    128 cat- $KEY_FILE ebbe65a178e886ddbb778e0a5538db72 40 40
+
 # limiting plain (no hash)
 crypt_key plain   256     pwd "xxxxxxxx" 7878787878787878000000000000000000000000000000000000000000000000
 crypt_key plain:2 256     pwd "xxxxxxxx" 7878000000000000000000000000000000000000000000000000000000000000