Add 2.1. release notes.

Preserve LUKS2 mdata & keyslots sizes after reencryption.
Add missing crypt_free() in api test.
2025-12-08 09:20:11 +01:00 · 2019-02-08 15:08:04 +01:00 · 2019-02-08 12:00:24 +01:00 · 2019-02-08 11:56:52 +01:00 · 2019-02-07 18:42:17 +01:00 · 2019-02-07 18:41:06 +01:00
170 changed files with 20878 additions and 9760 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -45,3 +45,12 @@ scripts/cryptsetup.conf
 stamp-h1
 veritysetup
 tests/valglog.*
+*/*.dirstamp
+*-debug-luks2-backup*
+tests/api-test
+tests/api-test-2
+tests/differ
+tests/luks1-images
+tests/tcrypt-images
+tests/unit-utils-io
+tests/vectors-test
--- a/.travis-functions.sh
+++ b/.travis-functions.sh
@@ -36,7 +36,6 @@ function check_nonroot
 	[ -z "$cfg_opts" ] && return

 	configure_travis \
-		--enable-python \
 		--enable-cryptsetup-reencrypt \
 		--enable-internal-sse-argon2 \
 		"$cfg_opts" \
@@ -54,7 +53,6 @@ function check_root
 	[ -z "$cfg_opts" ] && return

    configure_travis \
-		--enable-python \
 		--enable-cryptsetup-reencrypt \
 		--enable-internal-sse-argon2 \
 		"$cfg_opts" \
@@ -73,7 +71,6 @@ function check_nonroot_compile_only
 	[ -z "$cfg_opts" ] && return

 	configure_travis \
-		--enable-python \
 		--enable-cryptsetup-reencrypt \
 		--enable-internal-sse-argon2 \
 		"$cfg_opts" \
@@ -87,7 +84,6 @@ function travis_install_script
 	# install some packages from Ubuntu's default sources
 	sudo apt-get -qq update
 	sudo apt-get install -qq >/dev/null \
-		python-dev \
 		sharutils \
 		libgcrypt20-dev \
 		libssl-dev \
@@ -140,6 +136,13 @@ function travis_script
 	openssl_compile)
 		check_nonroot_compile_only "--with-crypto_backend=openssl"
 		;;
+	kernel)
+		check_nonroot "--with-crypto_backend=kernel" && \
+		check_root "--with-crypto_backend=kernel"
+		;;
+	kernel_compile)
+		check_nonroot_compile_only "--with-crypto_backend=kernel"
+		;;
 	*)
 		echo "error, check environment (travis.yml)" >&2
 		false
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,11 +9,13 @@ compiler:
 env:
  - MAKE_CHECK="gcrypt"
  - MAKE_CHECK="openssl"
+  - MAKE_CHECK="kernel"

 branches:
  only:
    - master
    - wip-luks2
+    - v2_0_x

 before_install:
  - uname -a
--- a/2
+++ b/2
@@ -976,7 +976,7 @@ A. Contributors

  In order to find out whether a key-slot is damaged one has to look
  for "non-random looking" data in it.  There is a tool that
-  automatizes this in the cryptsetup distribution from version 1.6.0
+  automates this in the cryptsetup distribution from version 1.6.0
  onwards.  It is located in misc/keyslot_checker/.  Instructions how
  to use and how to interpret results are in the README file.  Note
  that this tool requires a libcryptsetup from cryptsetup 1.6.0 or
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,5 @@
 EXTRA_DIST = COPYING.LGPL FAQ docs misc
 SUBDIRS = po tests
-TESTS =
 CLEANFILES =
 DISTCLEAN_TARGETS =

@@ -25,8 +24,6 @@ tmpfilesd_DATA =

 include man/Makemodule.am

-include python/Makemodule.am
-
 include scripts/Makemodule.am

 if CRYPTO_INTERNAL_ARGON2
@@ -40,7 +37,6 @@ include src/Makemodule.am
 ACLOCAL_AMFLAGS = -I m4

 DISTCHECK_CONFIGURE_FLAGS = 	\
-	--enable-python		\
 	--with-tmpfilesdir=$$dc_install_base/usr/lib/tmpfiles.d \
 	--enable-internal-argon2 --enable-internal-sse-argon2

--- a/README.md
+++ b/README.md
@@ -41,13 +41,16 @@ Download
 --------
 All release tarballs and release notes are hosted on [kernel.org](https://www.kernel.org/pub/linux/utils/cryptsetup/).

-**The latest cryptsetup version is 2.0.5**
-  * [cryptsetup-2.0.5.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-2.0.5.tar.xz)
-  * Signature [cryptsetup-2.0.5.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-2.0.5.tar.sign)
+**The latest cryptsetup version is 2.0.6**
+  * [cryptsetup-2.0.6.tar.xz](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-2.0.6.tar.xz)
+  * Signature [cryptsetup-2.0.6.tar.sign](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-2.0.6.tar.sign)
    _(You need to decompress file first to check signature.)_
-  * [Cryptsetup 2.0.5 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/v2.0.5-ReleaseNotes).
+  * [Cryptsetup 2.0.6 Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/v2.0.6-ReleaseNotes).

 Previous versions
+ * [Version 2.0.5](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-2.0.5.tar.xz) -
+   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-2.0.5.tar.sign) -
+   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/v2.0.5-ReleaseNotes).
 * [Version 2.0.4](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-2.0.4.tar.xz) -
   [Signature](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-2.0.4.tar.sign) -
   [Release Notes](https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/v2.0.4-ReleaseNotes).
@@ -87,7 +90,7 @@ Source and API docs
 For development version code, please refer to [source](https://gitlab.com/cryptsetup/cryptsetup/tree/master) page,
 mirror on [kernel.org](https://git.kernel.org/cgit/utils/cryptsetup/cryptsetup.git/) or [GitHub](https://github.com/mbroz/cryptsetup).

-For libcryptsetup documentation see [libcryptsetup API](https://gitlab.com/cryptsetup/cryptsetup/wikis/API/index.html) page.
+For libcryptsetup documentation see [libcryptsetup API](https://mbroz.fedorapeople.org/libcryptsetup_API/) page.

 The libcryptsetup API/ABI changes are tracked in [compatibility report](https://abi-laboratory.pro/tracker/timeline/cryptsetup/).

--- a/configure.ac
+++ b/configure.ac
@@ -1,9 +1,9 @@
 AC_PREREQ([2.67])
-AC_INIT([cryptsetup],[2.0.5])
+AC_INIT([cryptsetup],[2.1.0])

 dnl library version from <major>.<minor>.<release>[-<suffix>]
 LIBCRYPTSETUP_VERSION=$(echo $PACKAGE_VERSION | cut -f1 -d-)
-LIBCRYPTSETUP_VERSION_INFO=15:0:3
+LIBCRYPTSETUP_VERSION_INFO=16:0:4

 AM_SILENT_RULES([yes])
 AC_CONFIG_SRCDIR(src/cryptsetup.c)
@@ -185,8 +185,12 @@ AC_DEFUN([CONFIGURE_GCRYPT], [
 	else
 		GCRYPT_REQ_VERSION=1.1.42
 	fi
-	dnl Check if we can use gcrypt PBKDF2 (1.6.0 supports empty password)
+
+	dnl libgcrypt rejects to use pkgconfig, use AM_PATH_LIBGCRYPT from gcrypt-devel here.
+	dnl Do not require gcrypt-devel if other crypto backend is used.
+	m4_ifdef([AM_PATH_LIBGCRYPT],[
 	AC_ARG_ENABLE([gcrypt-pbkdf2],
+		dnl Check if we can use gcrypt PBKDF2 (1.6.0 supports empty password)
 		AS_HELP_STRING([--enable-gcrypt-pbkdf2], [force enable internal gcrypt PBKDF2]),
 		if test "x$enableval" = "xyes"; then
 			[use_internal_pbkdf2=0]
@@ -194,7 +198,8 @@ AC_DEFUN([CONFIGURE_GCRYPT], [
 			[use_internal_pbkdf2=1]
 		fi,
 		[AM_PATH_LIBGCRYPT([1.6.1], [use_internal_pbkdf2=0], [use_internal_pbkdf2=1])])
-	AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])
+	AM_PATH_LIBGCRYPT($GCRYPT_REQ_VERSION,,[AC_MSG_ERROR([You need the gcrypt library.])])],
+	AC_MSG_ERROR([Missing support for gcrypt: install gcrypt and regenerate configure.]))

 	AC_MSG_CHECKING([if internal cryptsetup PBKDF2 is compiled-in])
 	if test $use_internal_pbkdf2 = 0; then
@@ -271,6 +276,7 @@ AC_DEFUN([CONFIGURE_KERNEL], [
 AC_DEFUN([CONFIGURE_NETTLE], [
 	AC_CHECK_HEADERS(nettle/sha.h,,
 		[AC_MSG_ERROR([You need Nettle cryptographic library.])])
+	AC_CHECK_HEADERS(nettle/version.h)

 	saved_LIBS=$LIBS
 	AC_CHECK_LIB(nettle, nettle_pbkdf2_hmac_sha256,,
@@ -352,11 +358,12 @@ LIBS=$saved_LIBS

 dnl Check for JSON-C used in LUKS2
 PKG_CHECK_MODULES([JSON_C], [json-c])
+AC_CHECK_DECLS([json_object_object_add_ex], [], [], [#include <json-c/json.h>])

 dnl Crypto backend configuration.
 AC_ARG_WITH([crypto_backend],
-	AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [gcrypt]]),
-	[], [with_crypto_backend=gcrypt])
+	AS_HELP_STRING([--with-crypto_backend=BACKEND], [crypto backend (gcrypt/openssl/nss/kernel/nettle) [openssl]]),
+	[], [with_crypto_backend=openssl])

 dnl Kernel crypto API backend needed for benchmark and tcrypt
 AC_ARG_ENABLE([kernel_crypto],
@@ -546,35 +553,6 @@ AC_DEFUN([CS_ABSPATH], [
 	esac
 ])

-dnl ==========================================================================
-dnl Python bindings
-AC_ARG_ENABLE([python],
-	AS_HELP_STRING([--enable-python], [enable Python bindings]))
-
-AC_ARG_WITH([python_version],
-	AS_HELP_STRING([--with-python_version=VERSION], [required Python version [2.6]]),
-	[PYTHON_VERSION=$withval], [PYTHON_VERSION=2.6])
-
-if test "x$enable_python" = "xyes"; then
-	AM_PATH_PYTHON([$PYTHON_VERSION])
-
-	AC_PATH_PROGS([PYTHON_CONFIG], [python${PYTHON_VERSION}-config python-config], [no])
-	if test "${PYTHON_CONFIG}" = "no"; then
-		AC_MSG_ERROR([cannot find python${PYTHON_VERSION}-config or python-config in PATH])
-	fi
-
-	AC_MSG_CHECKING(for python headers using $PYTHON_CONFIG --includes)
-	PYTHON_INCLUDES=$($PYTHON_CONFIG --includes)
-	AC_MSG_RESULT($PYTHON_INCLUDES)
-	AC_SUBST(PYTHON_INCLUDES)
-
-	AC_MSG_CHECKING(for python libraries using $PYTHON_CONFIG --libs)
-	PYTHON_LIBS=$($PYTHON_CONFIG --libs)
-	AC_MSG_RESULT($PYTHON_LIBS)
-	AC_SUBST(PYTHON_LIBS)
-fi
-AM_CONDITIONAL([PYTHON_CRYPTSETUP], [test "x$enable_python" = "xyes"])
-
 dnl ==========================================================================
 CS_STR_WITH([plain-hash],   [password hashing function for plain mode], [ripemd160])
 CS_STR_WITH([plain-cipher], [cipher for plain mode], [aes])
@@ -586,12 +564,22 @@ CS_STR_WITH([luks1-cipher], [cipher for LUKS1], [aes])
 CS_STR_WITH([luks1-mode],   [cipher mode for LUKS1], [xts-plain64])
 CS_NUM_WITH([luks1-keybits],[key length in bits for LUKS1], [256])

+AC_ARG_ENABLE([luks_adjust_xts_keysize], AS_HELP_STRING([--disable-luks-adjust-xts-keysize],
+	[XTS mode requires two keys, double default LUKS keysize if needed]),
+	[], [enable_luks_adjust_xts_keysize=yes])
+if test "x$enable_luks_adjust_xts_keysize" = "xyes"; then
+	AC_DEFINE(ENABLE_LUKS_ADJUST_XTS_KEYSIZE, 1, [XTS mode - double default LUKS keysize if needed])
+fi
+
 CS_STR_WITH([luks2-pbkdf],           [Default PBKDF algorithm (pbkdf2 or argon2i/argon2id) for LUKS2], [argon2i])
 CS_NUM_WITH([luks1-iter-time],       [PBKDF2 iteration time for LUKS1 (in ms)], [2000])
 CS_NUM_WITH([luks2-iter-time],       [Argon2 PBKDF iteration time for LUKS2 (in ms)], [2000])
 CS_NUM_WITH([luks2-memory-kb],       [Argon2 PBKDF memory cost for LUKS2 (in kB)], [1048576])
 CS_NUM_WITH([luks2-parallel-threads],[Argon2 PBKDF max parallel cost for LUKS2 (if CPUs available)], [4])

+CS_STR_WITH([luks2-keyslot-cipher], [fallback cipher for LUKS2 keyslot (if data encryption is incompatible)], [aes-xts-plain64])
+CS_NUM_WITH([luks2-keyslot-keybits],[fallback key size for LUKS2 keyslot (if data encryption is incompatible)], [512])
+
 CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes])
 CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256])

@@ -626,8 +614,8 @@ AC_SUBST(DEFAULT_LUKS2_LOCK_DIR_PERMS)

 dnl Override default LUKS format version (for cryptsetup or cryptsetup-reencrypt format actions only).
 AC_ARG_WITH([default_luks_format],
-	AS_HELP_STRING([--with-default-luks-format=FORMAT], [default LUKS format version (LUKS1/LUKS2) [LUKS1]]),
-	[], [with_default_luks_format=LUKS1])
+	AS_HELP_STRING([--with-default-luks-format=FORMAT], [default LUKS format version (LUKS1/LUKS2) [LUKS2]]),
+	[], [with_default_luks_format=LUKS2])

 case $with_default_luks_format in
 	LUKS1) default_luks=CRYPT_LUKS1 ;;
--- a/docs/ChangeLog.old
+++ b/docs/ChangeLog.old
@@ -195,7 +195,7 @@

 2011-03-05  Milan Broz  <mbroz@redhat.com>
 	* Add exception to COPYING for binary distribution linked with OpenSSL library.
-	* Set secure data flag (wipe all ioclt buffers) if devmapper library supports it.
+	* Set secure data flag (wipe all ioctl buffers) if devmapper library supports it.

 2011-01-29  Milan Broz  <mbroz@redhat.com>
 	* Fix mapping removal if device disappeared but node still exists.
@@ -636,7 +636,7 @@

 2006-03-15  Clemens Fruhwirth  <clemens@endorphin.org>

-	* configure.in: 1.0.3-rc3. Most unplease release ever. 
+	* configure.in: 1.0.3-rc3. Most displease release ever. 
 	* lib/setup.c (__crypt_create_device): More verbose error message.

 2006-02-26  Clemens Fruhwirth  <clemens@endorphin.org>
--- a/docs/examples/crypt_log_usage.c
+++ b/docs/examples/crypt_log_usage.c
@@ -1,7 +1,7 @@
 /*
 * An example of using logging through libcryptsetup API
 *
- * Copyright (C) 2011-2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2019 Red Hat, Inc. All rights reserved.
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/docs/examples/crypt_luks_usage.c
+++ b/docs/examples/crypt_luks_usage.c
@@ -1,7 +1,7 @@
 /*
 * An example of using LUKS device through libcryptsetup API
 *
- * Copyright (C) 2011-2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2019 Red Hat, Inc. All rights reserved.
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/docs/on-disk-format-luks2.pdf
+++ b/docs/on-disk-format-luks2.pdf
--- a/docs/v2.0.6-ReleaseNotes
+++ b/docs/v2.0.6-ReleaseNotes
@@ -0,0 +1,97 @@
+Cryptsetup 2.0.6 Release Notes
+==============================
+Stable bug-fix release.
+All users of cryptsetup 2.0.x should upgrade to this version.
+
+Cryptsetup 2.x version introduces a new on-disk LUKS2 format.
+
+The legacy LUKS (referenced as LUKS1) will be fully supported
+forever as well as a traditional and fully backward compatible format.
+
+Please note that authenticated disk encryption, non-cryptographic
+data integrity protection (dm-integrity), use of Argon2 Password-Based
+Key Derivation Function and the LUKS2 on-disk format itself are new
+features and can contain some bugs.
+
+Please do not use LUKS2 without properly configured backup or in
+production systems that need to be compatible with older systems.
+
+Changes since version 2.0.5
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* Fix support of larger metadata areas in LUKS2 header.
+
+  This release properly supports all specified metadata areas, as documented
+  in LUKS2 format description (see docs/on-disk-format-luks2.pdf in archive).
+
+  Currently, only default metadata area size is used (in format or convert).
+  Later cryptsetup versions will allow increasing this metadata area size.
+
+* If AEAD (authenticated encryption) is used, cryptsetup now tries to check
+  if the requested AEAD algorithm with specified key size is available
+  in kernel crypto API.
+  This change avoids formatting a device that cannot be later activated.
+
+  For this function, the kernel must be compiled with the
+  CONFIG_CRYPTO_USER_API_AEAD option enabled.
+  Note that kernel user crypto API options (CONFIG_CRYPTO_USER_API and
+  CONFIG_CRYPTO_USER_API_SKCIPHER) are already mandatory for LUKS2.
+
+* Fix setting of integrity no-journal flag.
+  Now you can store this flag to metadata using --persistent option.
+
+* Fix cryptsetup-reencrypt to not keep temporary reencryption headers
+  if interrupted during initial password prompt.
+
+* Adds early check to plain and LUKS2 formats to disallow device format
+  if device size is not aligned to requested sector size.
+  Previously it was possible, and the device was rejected to activate by
+  kernel later.
+
+* Fix checking of hash algorithms availability for PBKDF early.
+  Previously LUKS2 format allowed non-existent hash algorithm with
+  invalid keyslot preventing the device from activation.
+
+* Allow Adiantum cipher construction (a non-authenticated length-preserving
+  fast encryption scheme), so it can be used both for data encryption and
+  keyslot encryption in LUKS1/2 devices.
+
+  For benchmark, use:
+    # cryptsetup benchmark -c xchacha12,aes-adiantum
+    # cryptsetup benchmark -c xchacha20,aes-adiantum
+
+  For LUKS format:
+    # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 <device>
+
+  The support for Adiantum will be merged in Linux kernel 4.21.
+  For more info see the paper https://eprint.iacr.org/2018/720.
+
+Unfinished things & TODO for next releases
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+* Authenticated encryption should use new algorithms from CAESAR competition
+  https://competitions.cr.yp.to/caesar-submissions.html.
+  AEGIS and MORUS are already available in kernel 4.18.
+
+  For more info about LUKS2 authenticated encryption, please see our paper
+  https://arxiv.org/abs/1807.00309
+
+  Please note that authenticated encryption is still an experimental feature
+  and can have performance problems for high-speed devices and device
+  with larger IO blocks (like RAID).
+
+* Authenticated encryption do not set encryption for a dm-integrity journal.
+
+  While it does not influence data confidentiality or integrity protection,
+  an attacker can get some more information from data journal or cause that
+  system will corrupt sectors after journal replay. (That corruption will be
+  detected though.)
+
+* There are examples of user-defined tokens inside misc/luks2_keyslot_example
+  directory (like a simple external program that uses libssh to unlock LUKS2
+  using remote keyfile).
+
+* The python binding (pycryptsetup) contains only basic functionality for LUKS1
+  (it is not updated for new features) and will be REMOVED in version 2.1
+  in favor of python bindings to the libblockdev library.
+  See https://github.com/storaged-project/libblockdev/releases that
+  already supports LUKS2 and VeraCrypt devices handling through libcryptsetup.
--- a/docs/v2.1.0-ReleaseNotes
+++ b/docs/v2.1.0-ReleaseNotes
@@ -0,0 +1,210 @@
+Cryptsetup 2.1.0 Release Notes
+==============================
+Stable release with new features and bug fixes.
+
+Cryptsetup 2.1 version uses a new on-disk LUKS2 format as the default
+LUKS format and increases default LUKS2 header size.
+
+The legacy LUKS (referenced as LUKS1) will be fully supported forever
+as well as a traditional and fully backward compatible format.
+
+When upgrading a stable distribution, please use configure option
+--with-default-luks-format=LUKS1 to maintain backward compatibility.
+
+This release also switches to OpenSSL as a default cryptographic
+backend for LUKS header processing. Use --with-crypto_backend=gcrypt
+configure option if you need to preserve legacy libgcrypt backend.
+
+Please do not use LUKS2 without properly configured backup or
+in production systems that need to be compatible with older systems.
+
+Changes since version 2.0.6
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* The default for cryptsetup LUKS format action is now LUKS2.
+  You can use LUKS1 with cryptsetup option --type luks1.
+
+* The default size of the LUKS2 header is increased to 16 MB.
+  It includes metadata and the area used for binary keyslots;
+  it means that LUKS header backup is now 16MB in size.
+
+  Note, that used keyslot area is much smaller, but this increase
+  of reserved space allows implementation of later extensions
+  (like online reencryption).
+  It is fully compatible with older cryptsetup 2.0.x versions.
+  If you require to create LUKS2 header with the same size as
+  in the 2.0.x version, use --offset 8192 option for luksFormat
+  (units are in 512-bytes sectors; see notes below).
+
+* Cryptsetup now doubles LUKS default key size if XTS mode is used
+  (XTS mode uses two internal keys). This does not apply if key size
+  is explicitly specified on the command line and it does not apply
+  for the plain mode.
+  This fixes a confusion with AES and 256bit key in XTS mode where
+  code used AES128 and not AES256 as often expected.
+
+  Also, the default keyslot encryption algorithm (if cannot be derived
+  from data encryption algorithm) is now available as configure
+  options --with-luks2-keyslot-cipher and --with-luks2-keyslot-keybits.
+  The default is aes-xts-plain64 with 2 * 256-bits key.
+
+* Default cryptographic backend used for LUKS header processing is now
+  OpenSSL. For years, OpenSSL provided better performance for PBKDF.
+
+  NOTE: Cryptsetup/libcryptsetup supports several cryptographic
+  library backends. The fully supported are libgcrypt, OpenSSL and
+  kernel crypto API. FIPS mode extensions are maintained only for
+  libgcrypt and OpenSSL. Nettle and NSS are usable only for some
+  subset of algorithms and cannot provide full backward compatibility.
+  You can always switch to other backends by using a configure switch,
+  for libgcrypt (compatibility for older distributions) use:
+  --with-crypto_backend=gcrypt
+
+* The Python bindings are no longer supported and the code was removed
+  from cryptsetup distribution. Please use the libblockdev project
+  that already covers most of the libcryptsetup functionality
+  including LUKS2.
+
+* Cryptsetup now allows using --offset option also for luksFormat.
+  It means that the specified offset value is used for data offset.
+  LUKS2 header areas are automatically adjusted according to this value.
+  (Note units are in 512-byte sectors due to the previous definition
+  of this option in plain mode.)
+  This option can replace --align-payload with absolute alignment value.
+
+* Cryptsetup now supports new refresh action (that is the alias for
+  "open --refresh").
+  It allows changes of parameters for an active device (like root
+  device mapping), for example, it can enable or disable TRIM support
+  on-the-fly.
+  It is supported for LUKS1, LUKS2, plain and loop-AES devices.
+
+* Integritysetup now supports mode with detached data device through
+  new --data-device option.
+  Since kernel 4.18 there is a possibility to specify external data
+  device for dm-integrity that stores all integrity tags.
+
+* Integritysetup now supports automatic integrity recalculation
+  through new --integrity-recalculate option.
+  Linux kernel since version 4.18 supports automatic background
+  recalculation of integrity tags for dm-integrity.
+
+Other changes and fixes
+~~~~~~~~~~~~~~~~~~~~~~~
+
+* Fix for crypt_wipe call to allocate space if the header is backed
+  by a file. This means that if you use detached header file, it will
+  now have always the full size after luksFormat, even if only
+  a few keyslots are used.
+
+* Fixes to offline cryptsetup-reencrypt to preserve LUKS2 keyslots
+  area sizes after reencryption and fixes for some other issues when
+  creating temporary reencryption headers.
+
+* Added some FIPS mode workarounds. We cannot (yet) use Argon2 in
+  FIPS mode, libcryptsetup now fallbacks to use PBKDF2 in FIPS mode.
+
+* Rejects conversion to LUKS1 if PBKDF2 hash algorithms
+  in keyslots differ.
+
+* The hash setting on command line now applies also to LUKS2 PBKDF2
+  digest. In previous versions, the LUKS2 key digest used PBKDF2-SHA256
+  (except for converted headers).
+
+* Allow LUKS2 keyslots area to increase if data offset allows it.
+  Cryptsetup can fine-tune LUKS2 metadata area sizes through
+  --luks2-metadata-size=BYTES and --luks2-keyslots-size=BYTES.
+  Please DO NOT use these low-level options until you need it for
+  some very specific additional feature.
+  Also, the code now prints these LUKS2 header area sizes in dump
+  command.
+
+* For LUKS2, keyslot can use different encryption that data with
+  new options --keyslot-key-size=BITS and --keyslot-cipher=STRING
+  in all commands that create new LUKS keyslot.
+  Please DO NOT use these low-level options until you need it for
+  some very specific additional feature.
+
+* Code now avoids data flush when reading device status through
+  device-mapper.
+
+* The Nettle crypto backend and the userspace kernel crypto API
+  backend were enhanced to allow more available hash functions
+  (like SHA3 variants).
+
+* Upstream code now does not require libgcrypt-devel
+  for autoconfigure, because OpenSSL is the default.
+  The libgcrypt does not use standard pkgconfig detection and
+  requires specific macro (part of libgcrypt development files)
+  to be always present during autoconfigure.
+  With other crypto backends, like OpenSSL, this makes no sense,
+  so this part of autoconfigure is now optional.
+
+* Cryptsetup now understands new --debug-json option that allows
+  an additional dump of some JSON information. These are no longer
+  present in standard debug output because it could contain some
+  specific LUKS header parameters.
+
+* The luksDump contains the hash algorithm used in Anti-Forensic
+  function.
+
+* All debug messages are now sent through configured log callback
+  functions, so an application can easily use own debug messages
+  handling. In previous versions debug messages were printed directly
+  to standard output.)
+
+Libcryptsetup API additions
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+These new calls are now exported, for details see libcryptsetup.h:
+
+ * crypt_init_data_device
+ * crypt_get_metadata_device_name
+     functions to init devices with separate metadata and data device
+     before a format function is called.
+
+ * crypt_set_data_offset
+     sets the data offset for LUKS to the specified value
+     in 512-byte sectors.
+     It should replace alignment calculation in LUKS param structures.
+
+ * crypt_get_metadata_size
+ * crypt_set_metadata_size
+     allows to set/get area sizes in LUKS header
+     (according to specification).
+
+ * crypt_get_default_type
+     get default compiled-in LUKS type (version).
+
+ * crypt_get_pbkdf_type_params
+     allows to get compiled-in PBKDF parameters.
+
+ * crypt_keyslot_set_encryption
+ * crypt_keyslot_get_encryption
+     allows to set/get per-keyslot encryption algorithm for LUKS2.
+
+ * crypt_keyslot_get_pbkdf
+     allows to get PBKDF parameters per-keyslot.
+
+ and these new defines:
+ * CRYPT_LOG_DEBUG_JSON (message type for JSON debug)
+ * CRYPT_DEBUG_JSON (log level for JSON debug)
+ * CRYPT_ACTIVATE_RECALCULATE (dm-integrity recalculate flag)
+ * CRYPT_ACTIVATE_REFRESH (new open with refresh flag)
+
+All existing API calls should remain backward compatible.
+
+Unfinished things & TODO for next releases
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+* Optional authenticated encryption is still an experimental feature
+  and can have performance problems for high-speed devices and device
+  with larger IO blocks (like RAID).
+
+* Authenticated encryption does not use encryption for a dm-integrity
+  journal. While it does not influence data confidentiality or
+  integrity protection, an attacker can get some more information
+  from data journal or cause that system will corrupt sectors after
+  journal replay. (That corruption will be detected though.)
+
+* The LUKS2 metadata area increase is mainly needed for the new online
+  reencryption as the major feature for the next release.
--- a/lib/crypt_plain.c
+++ b/lib/crypt_plain.c
@@ -1,9 +1,9 @@
 /*
 * cryptsetup plain device helper functions
 *
- * Copyright (C) 2004, Jana Saout <jana@saout.de>
- * Copyright (C) 2010-2018 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2018, Milan Broz
+ * Copyright (C) 2004 Jana Saout <jana@saout.de>
+ * Copyright (C) 2010-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -64,7 +64,7 @@ static int hash(const char *hash_name, size_t key_size, char *key,

 #define PLAIN_HASH_LEN_MAX 256

-int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)),
+int crypt_plain_hash(struct crypt_device *cd,
 		     const char *hash_name,
 		     char *key, size_t key_size,
 		     const char *passphrase, size_t passphrase_size)
@@ -73,7 +73,7 @@ int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)),
 	size_t hash_size, pad_size;
 	int r;

-	log_dbg("Plain: hashing passphrase using %s.", hash_name);
+	log_dbg(cd, "Plain: hashing passphrase using %s.", hash_name);

 	if (strlen(hash_name) >= PLAIN_HASH_LEN_MAX)
 		return -EINVAL;
@@ -85,11 +85,11 @@ int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)),
 		*s = '\0';
 		s++;
 		if (!*s || sscanf(s, "%zd", &hash_size) != 1) {
-			log_dbg("Hash length is not a number");
+			log_dbg(cd, "Hash length is not a number");
 			return -EINVAL;
 		}
 		if (hash_size > key_size) {
-			log_dbg("Hash length %zd > key length %zd",
+			log_dbg(cd, "Hash length %zd > key length %zd",
 				hash_size, key_size);
 			return -EINVAL;
 		}
@@ -102,7 +102,7 @@ int crypt_plain_hash(struct crypt_device *ctx __attribute__((unused)),
 	/* No hash, copy passphrase directly */
 	if (!strcmp(hash_name_buf, "plain")) {
 		if (passphrase_size < hash_size) {
-			log_dbg("Too short plain passphrase.");
+			log_dbg(cd, "Too short plain passphrase.");
 			return -EINVAL;
 		}
 		memcpy(key, passphrase, hash_size);
--- a/lib/crypto_backend/argon2/argon2.c
+++ b/lib/crypto_backend/argon2/argon2.c
@@ -274,6 +274,7 @@ int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
    }

    /* No field can be longer than the encoded length */
+    /* coverity[strlen_assign] */
    max_field_len = (uint32_t)encoded_len;

    ctx.saltlen = max_field_len;
--- a/lib/crypto_backend/argon2_generic.c
+++ b/lib/crypto_backend/argon2_generic.c
@@ -1,8 +1,8 @@
 /*
 * Argon2 PBKDF2 library wrapper
 *
- * Copyright (C) 2016-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2018, Milan Broz
+ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/lib/crypto_backend/cipher_generic.c
+++ b/lib/crypto_backend/cipher_generic.c
@@ -1,8 +1,8 @@
 /*
 * Linux kernel cipher generic utilities
 *
- * Copyright (C) 2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2018, Milan Broz
+ * Copyright (C) 2018-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -26,53 +26,58 @@

 struct cipher_alg {
 	const char *name;
+	const char *mode;
 	int blocksize;
 	bool wrapped_key;
 };

 /* FIXME: Getting block size should be dynamic from cipher backend. */
 static const struct cipher_alg cipher_algs[] = {
-	{ "cipher_null", 16, false },
-	{ "aes",         16, false },
-	{ "serpent",     16, false },
-	{ "twofish",     16, false },
-	{ "anubis",      16, false },
-	{ "blowfish",     8, false },
-	{ "camellia",    16, false },
-	{ "cast5",        8, false },
-	{ "cast6",       16, false },
-	{ "des",          8, false },
-	{ "des3_ede",     8, false },
-	{ "khazad",       8, false },
-	{ "seed",        16, false },
-	{ "tea",          8, false },
-	{ "xtea",         8, false },
-	{ "paes",        16,  true }, /* protected AES, s390 wrapped key scheme */
-	{ NULL,           0, false }
+	{ "cipher_null", NULL, 16, false },
+	{ "aes",         NULL, 16, false },
+	{ "serpent",     NULL, 16, false },
+	{ "twofish",     NULL, 16, false },
+	{ "anubis",      NULL, 16, false },
+	{ "blowfish",    NULL,  8, false },
+	{ "camellia",    NULL, 16, false },
+	{ "cast5",       NULL,  8, false },
+	{ "cast6",       NULL, 16, false },
+	{ "des",         NULL,  8, false },
+	{ "des3_ede",    NULL,  8, false },
+	{ "khazad",      NULL,  8, false },
+	{ "seed",        NULL, 16, false },
+	{ "tea",         NULL,  8, false },
+	{ "xtea",        NULL,  8, false },
+	{ "paes",        NULL, 16,  true }, /* protected AES, s390 wrapped key scheme */
+	{ "xchacha12,aes", "adiantum", 32, false },
+	{ "xchacha20,aes", "adiantum", 32, false },
+	{ NULL,          NULL,  0, false }
 };

-static const struct cipher_alg *_get_alg(const char *name)
+static const struct cipher_alg *_get_alg(const char *name, const char *mode)
 {
 	int i = 0;

 	while (name && cipher_algs[i].name) {
 		if (!strcasecmp(name, cipher_algs[i].name))
-			return &cipher_algs[i];
+			if (!mode || !cipher_algs[i].mode ||
+			    !strncasecmp(mode, cipher_algs[i].mode, strlen(cipher_algs[i].mode)))
+				return &cipher_algs[i];
 		i++;
 	}
 	return NULL;
 }

-int crypt_cipher_blocksize(const char *name)
+int crypt_cipher_ivsize(const char *name, const char *mode)
 {
-	const struct cipher_alg *ca = _get_alg(name);
+	const struct cipher_alg *ca = _get_alg(name, mode);

 	return ca ? ca->blocksize : -EINVAL;
 }

-int crypt_cipher_wrapped_key(const char *name)
+int crypt_cipher_wrapped_key(const char *name, const char *mode)
 {
-	const struct cipher_alg *ca = _get_alg(name);
+	const struct cipher_alg *ca = _get_alg(name, mode);

 	return ca ? (int)ca->wrapped_key : 0;
 }
--- a/lib/crypto_backend/crypto_backend.h
+++ b/lib/crypto_backend/crypto_backend.h
@@ -1,8 +1,8 @@
 /*
 * crypto backend implementation
 *
- * Copyright (C) 2010-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2018, Milan Broz
+ * Copyright (C) 2010-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -99,8 +99,8 @@ int argon2(const char *type, const char *password, size_t password_length,
 uint32_t crypt_crc32(uint32_t seed, const unsigned char *buf, size_t len);

 /* ciphers */
-int crypt_cipher_blocksize(const char *name);
-int crypt_cipher_wrapped_key(const char *name);
+int crypt_cipher_ivsize(const char *name, const char *mode);
+int crypt_cipher_wrapped_key(const char *name, const char *mode);
 int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 		    const char *mode, const void *key, size_t key_length);
 void crypt_cipher_destroy(struct crypt_cipher *ctx);
@@ -111,6 +111,10 @@ int crypt_cipher_decrypt(struct crypt_cipher *ctx,
 			 const char *in, char *out, size_t length,
 			 const char *iv, size_t iv_length);

+/* Check availability of a cipher */
+int crypt_cipher_check(const char *name, const char *mode,
+		       const char *integrity, size_t key_length);
+
 /* storage encryption wrappers */
 int crypt_storage_init(struct crypt_storage **ctx, uint64_t sector_start,
 		       const char *cipher, const char *cipher_mode,
--- a/lib/crypto_backend/crypto_cipher_kernel.c
+++ b/lib/crypto_backend/crypto_cipher_kernel.c
@@ -1,8 +1,8 @@
 /*
 * Linux kernel userspace API crypto backend implementation (skcipher)
 *
- * Copyright (C) 2012-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2018, Milan Broz
+ * Copyright (C) 2012-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -22,6 +22,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <stdio.h>
+#include <stdbool.h>
 #include <errno.h>
 #include <unistd.h>
 #include <sys/socket.h>
@@ -51,22 +52,16 @@ struct crypt_cipher {
 * ENOTSUP - AF_ALG family not available
 * (but cannot check specifically for skcipher API)
 */
-int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
-		    const char *mode, const void *key, size_t key_length)
+static int _crypt_cipher_init(struct crypt_cipher **ctx,
+			      const void *key, size_t key_length,
+			      struct sockaddr_alg *sa)
 {
 	struct crypt_cipher *h;
-	struct sockaddr_alg sa = {
-		.salg_family = AF_ALG,
-		.salg_type = "skcipher",
-	};

 	h = malloc(sizeof(*h));
 	if (!h)
 		return -ENOMEM;

-	snprintf((char *)sa.salg_name, sizeof(sa.salg_name),
-		 "%s(%s)", mode, name);
-
 	h->opfd = -1;
 	h->tfmfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
 	if (h->tfmfd < 0) {
@@ -74,14 +69,11 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 		return -ENOTSUP;
 	}

-	if (bind(h->tfmfd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
+	if (bind(h->tfmfd, (struct sockaddr *)sa, sizeof(*sa)) < 0) {
 		crypt_cipher_destroy(h);
 		return -ENOENT;
 	}

-	if (!strcmp(name, "cipher_null"))
-		key_length = 0;
-
 	if (setsockopt(h->tfmfd, SOL_ALG, ALG_SET_KEY, key, key_length) < 0) {
 		crypt_cipher_destroy(h);
 		return -EINVAL;
@@ -97,6 +89,22 @@ int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 	return 0;
 }

+int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
+		      const char *mode, const void *key, size_t key_length)
+{
+	struct sockaddr_alg sa = {
+		.salg_family = AF_ALG,
+		.salg_type = "skcipher",
+	};
+
+	if (!strcmp(name, "cipher_null"))
+		key_length = 0;
+
+	snprintf((char *)sa.salg_name, sizeof(sa.salg_name), "%s(%s)", mode, name);
+
+	return _crypt_cipher_init(ctx, key, key_length, &sa);
+}
+
 /* The in/out should be aligned to page boundary */
 static int crypt_cipher_crypt(struct crypt_cipher *ctx,
 			 const char *in, char *out, size_t length,
@@ -191,6 +199,66 @@ void crypt_cipher_destroy(struct crypt_cipher *ctx)
 	free(ctx);
 }

+int crypt_cipher_check(const char *name, const char *mode,
+		       const char *integrity, size_t key_length)
+{
+	struct crypt_cipher *c = NULL;
+	char mode_name[64], tmp_salg_name[180], *real_mode = NULL, *cipher_iv = NULL, *key;
+	const char *salg_type;
+	bool aead;
+	int r;
+	struct sockaddr_alg sa = {
+		.salg_family = AF_ALG,
+	};
+
+	aead = integrity && strcmp(integrity, "none");
+
+	/* Remove IV if present */
+	if (mode) {
+		strncpy(mode_name, mode, sizeof(mode_name));
+		mode_name[sizeof(mode_name) - 1] = 0;
+		cipher_iv = strchr(mode_name, '-');
+		if (cipher_iv) {
+			*cipher_iv = '\0';
+			real_mode = mode_name;
+		}
+	}
+
+	salg_type = aead ? "aead" : "skcipher";
+	snprintf((char *)sa.salg_type, sizeof(sa.salg_type), "%s", salg_type);
+	memset(tmp_salg_name, 0, sizeof(tmp_salg_name));
+
+	/* FIXME: this is duplicating a part of devmapper backend */
+	if (aead && !strcmp(integrity, "poly1305"))
+		r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "rfc7539(%s,%s)", name, integrity);
+	else if (!real_mode)
+		r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "%s", name);
+	else if (aead && !strcmp(real_mode, "ccm"))
+		r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "rfc4309(%s(%s))", real_mode, name);
+	else
+		r = snprintf(tmp_salg_name, sizeof(tmp_salg_name), "%s(%s)", real_mode, name);
+
+	if (r <= 0 || r > (int)(sizeof(sa.salg_name) - 1))
+		return -EINVAL;
+
+	memcpy(sa.salg_name, tmp_salg_name, sizeof(sa.salg_name));
+
+	key = malloc(key_length);
+	if (!key)
+		return -ENOMEM;
+
+	/* We cannot use RNG yet, any key works here, tweak the first part if it is split key (XTS). */
+	memset(key, 0xab, key_length);
+	*key = 0xef;
+
+	r = _crypt_cipher_init(&c, key, key_length, &sa);
+	if (c)
+		crypt_cipher_destroy(c);
+	free(key);
+
+	return r;
+}
+
 #else /* ENABLE_AF_ALG */
 int crypt_cipher_init(struct crypt_cipher **ctx, const char *name,
 		    const char *mode, const void *buffer, size_t length)
@@ -215,4 +283,9 @@ int crypt_cipher_decrypt(struct crypt_cipher *ctx,
 {
 	return -EINVAL;
 }
+int crypt_cipher_check(const char *name, const char *mode,
+		       const char *integrity, size_t key_length)
+{
+	return 0;
+}
 #endif
--- a/lib/crypto_backend/crypto_gcrypt.c
+++ b/lib/crypto_backend/crypto_gcrypt.c
@@ -1,8 +1,8 @@
 /*
 * GCRYPT crypto backend implementation
 *
- * Copyright (C) 2010-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2018, Milan Broz
+ * Copyright (C) 2010-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/lib/crypto_backend/crypto_kernel.c
+++ b/lib/crypto_backend/crypto_kernel.c
@@ -1,8 +1,8 @@
 /*
 * Linux kernel userspace API crypto backend implementation
 *
- * Copyright (C) 2010-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2018, Milan Broz
+ * Copyright (C) 2010-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -48,12 +48,21 @@ struct hash_alg {
 };

 static struct hash_alg hash_algs[] = {
-	{ "sha1",      "sha1",   20,  64 },
-	{ "sha256",    "sha256", 32,  64 },
-	{ "sha512",    "sha512", 64, 128 },
-	{ "ripemd160", "rmd160", 20,  64 },
-	{ "whirlpool", "wp512",  64,  64 },
-	{ NULL,        NULL,      0,   0 }
+	{ "sha1",      "sha1",        20,  64 },
+	{ "sha224",    "sha224",      28,  64 },
+	{ "sha256",    "sha256",      32,  64 },
+	{ "sha384",    "sha384",      48, 128 },
+	{ "sha512",    "sha512",      64, 128 },
+	{ "ripemd160", "rmd160",      20,  64 },
+	{ "whirlpool", "wp512",       64,  64 },
+	{ "sha3-224",  "sha3-224",    28, 144 },
+	{ "sha3-256",  "sha3-256",    32, 136 },
+	{ "sha3-384",  "sha3-384",    48, 104 },
+	{ "sha3-512",  "sha3-512",    64,  72 },
+	{ "stribog256","streebog256", 32,  64 },
+	{ "stribog512","streebog512", 64,  64 },
+	{ "sm3",       "sm3",         32,  64 },
+	{ NULL,        NULL,           0,   0 }
 };

 struct crypt_hash {
@@ -181,7 +190,7 @@ int crypt_hash_init(struct crypt_hash **ctx, const char *name)
 	}
 	h->hash_len = ha->length;

-	strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name));
+	strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name)-1);

 	if (crypt_kernel_socket_init(&sa, &h->tfmfd, &h->opfd, NULL, 0) < 0) {
 		free(h);
--- a/lib/crypto_backend/crypto_nettle.c
+++ b/lib/crypto_backend/crypto_nettle.c
@@ -1,8 +1,8 @@
 /*
 * Nettle crypto backend implementation
 *
- * Copyright (C) 2011-2018 Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2018, Milan Broz
+ * Copyright (C) 2011-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -23,11 +23,19 @@
 #include <string.h>
 #include <errno.h>
 #include <nettle/sha.h>
+#include <nettle/sha3.h>
 #include <nettle/hmac.h>
 #include <nettle/pbkdf2.h>
 #include "crypto_backend.h"

-static char *version = "Nettle";
+#if HAVE_NETTLE_VERSION_H
+#include <nettle/version.h>
+#define VSTR(s) STR(s)
+#define STR(s) #s
+static const char *version = "Nettle "VSTR(NETTLE_VERSION_MAJOR)"."VSTR(NETTLE_VERSION_MINOR);
+#else
+static const char *version = "Nettle";
+#endif

 typedef void (*init_func) (void *);
 typedef void (*update_func) (void *, size_t, const uint8_t *);
@@ -45,6 +53,24 @@ struct hash_alg {
 	set_key_func hmac_set_key;
 };

+/* Missing HMAC wrappers in Nettle */
+#define HMAC_FCE(xxx) \
+struct xhmac_##xxx##_ctx HMAC_CTX(struct xxx##_ctx); \
+static void xhmac_##xxx##_set_key(struct xhmac_##xxx##_ctx *ctx, \
+size_t key_length, const uint8_t *key) \
+{HMAC_SET_KEY(ctx, &nettle_##xxx, key_length, key);} \
+static void xhmac_##xxx##_update(struct xhmac_##xxx##_ctx *ctx, \
+size_t length, const uint8_t *data) \
+{xxx##_update(&ctx->state, length, data);} \
+static void xhmac_##xxx##_digest(struct xhmac_##xxx##_ctx *ctx, \
+size_t length, uint8_t *digest) \
+{HMAC_DIGEST(ctx, &nettle_##xxx, length, digest);}
+
+HMAC_FCE(sha3_224);
+HMAC_FCE(sha3_256);
+HMAC_FCE(sha3_384);
+HMAC_FCE(sha3_512);
+
 static struct hash_alg hash_algs[] = {
 	{ "sha1", SHA1_DIGEST_SIZE,
 		(init_func) sha1_init,
@@ -94,6 +120,41 @@ static struct hash_alg hash_algs[] = {
 		(digest_func) hmac_ripemd160_digest,
 		(set_key_func) hmac_ripemd160_set_key,
 	},
+/* Nettle prior to version 3.2 has incompatible SHA3 implementation */
+#if NETTLE_SHA3_FIPS202
+	{ "sha3-224", SHA3_224_DIGEST_SIZE,
+		(init_func) sha3_224_init,
+		(update_func) sha3_224_update,
+		(digest_func) sha3_224_digest,
+		(update_func) xhmac_sha3_224_update,
+		(digest_func) xhmac_sha3_224_digest,
+		(set_key_func) xhmac_sha3_224_set_key,
+	},
+	{ "sha3-256", SHA3_256_DIGEST_SIZE,
+		(init_func) sha3_256_init,
+		(update_func) sha3_256_update,
+		(digest_func) sha3_256_digest,
+		(update_func) xhmac_sha3_256_update,
+		(digest_func) xhmac_sha3_256_digest,
+		(set_key_func) xhmac_sha3_256_set_key,
+	},
+	{ "sha3-384", SHA3_384_DIGEST_SIZE,
+		(init_func) sha3_384_init,
+		(update_func) sha3_384_update,
+		(digest_func) sha3_384_digest,
+		(update_func) xhmac_sha3_384_update,
+		(digest_func) xhmac_sha3_384_digest,
+		(set_key_func) xhmac_sha3_384_set_key,
+	},
+	{ "sha3-512", SHA3_512_DIGEST_SIZE,
+		(init_func) sha3_512_init,
+		(update_func) sha3_512_update,
+		(digest_func) sha3_512_digest,
+		(update_func) xhmac_sha3_512_update,
+		(digest_func) xhmac_sha3_512_digest,
+		(set_key_func) xhmac_sha3_512_set_key,
+	},
+#endif
 	{ NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, }
 };

@@ -105,6 +166,11 @@ struct crypt_hash {
 		struct sha256_ctx sha256;
 		struct sha384_ctx sha384;
 		struct sha512_ctx sha512;
+		struct ripemd160_ctx ripemd160;
+		struct sha3_224_ctx sha3_224;
+		struct sha3_256_ctx sha3_256;
+		struct sha3_384_ctx sha3_384;
+		struct sha3_512_ctx sha3_512;
 	} nettle_ctx;
 };

@@ -116,6 +182,11 @@ struct crypt_hmac {
 		struct hmac_sha256_ctx sha256;
 		struct hmac_sha384_ctx sha384;
 		struct hmac_sha512_ctx sha512;
+		struct hmac_ripemd160_ctx ripemd160;
+		struct xhmac_sha3_224_ctx sha3_224;
+		struct xhmac_sha3_256_ctx sha3_256;
+		struct xhmac_sha3_384_ctx sha3_384;
+		struct xhmac_sha3_512_ctx sha3_512;
 	} nettle_ctx;
 	size_t key_length;
 	uint8_t *key;
@@ -299,8 +370,8 @@ int crypt_pbkdf(const char *kdf, const char *hash,
 		if (r < 0)
 			return r;

-		nettle_pbkdf2(&h->nettle_ctx, h->hash->nettle_hmac_update,
-			      h->hash->nettle_hmac_digest, h->hash->length, iterations,
+		nettle_pbkdf2(&h->nettle_ctx, h->hash->hmac_update,
+			      h->hash->hmac_digest, h->hash->length, iterations,
 			      salt_length, (const uint8_t *)salt, key_length,
 			      (uint8_t *)key);
 		crypt_hmac_destroy(h);
--- a/lib/crypto_backend/crypto_nss.c
+++ b/lib/crypto_backend/crypto_nss.c
@@ -1,8 +1,8 @@
 /*
 * NSS crypto backend implementation
 *
- * Copyright (C) 2010-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2018, Milan Broz
+ * Copyright (C) 2010-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/lib/crypto_backend/crypto_openssl.c
+++ b/lib/crypto_backend/crypto_openssl.c
@@ -1,8 +1,8 @@
 /*
 * OPENSSL crypto backend implementation
 *
- * Copyright (C) 2010-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2010-2018, Milan Broz
+ * Copyright (C) 2010-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -324,7 +324,7 @@ int crypt_pbkdf(const char *kdf, const char *hash,
 			return -EINVAL;

 		if (!PKCS5_PBKDF2_HMAC(password, (int)password_length,
-		    (unsigned char *)salt, (int)salt_length,
+		    (const unsigned char *)salt, (int)salt_length,
 	            (int)iterations, hash_id, (int)key_length, (unsigned char *)key))
 			return -EINVAL;
 		return 0;
--- a/lib/crypto_backend/crypto_storage.c
+++ b/lib/crypto_backend/crypto_storage.c
@@ -2,7 +2,7 @@
 * Generic wrapper for storage encryption modes and Initial Vectors
 * (reimplementation of some functions from Linux dm-crypt kernel)
 *
- * Copyright (C) 2014-2018, Milan Broz
+ * Copyright (C) 2014-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -60,7 +60,7 @@ static int crypt_sector_iv_init(struct crypt_sector_iv *ctx,
 {
 	memset(ctx, 0, sizeof(*ctx));

-	ctx->iv_size = crypt_cipher_blocksize(cipher_name);
+	ctx->iv_size = crypt_cipher_ivsize(cipher_name, mode_name);
 	if (ctx->iv_size < 8)
 		return -ENOENT;

--- a/lib/crypto_backend/pbkdf2_generic.c
+++ b/lib/crypto_backend/pbkdf2_generic.c
@@ -4,8 +4,8 @@
 * Copyright (C) 2004 Free Software Foundation
 *
 * cryptsetup related changes
- * Copyright (C) 2012-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2018, Milan Broz
+ * Copyright (C) 2012-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/lib/crypto_backend/pbkdf_check.c
+++ b/lib/crypto_backend/pbkdf_check.c
@@ -1,8 +1,8 @@
 /*
 * PBKDF performance check
- * Copyright (C) 2012-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2018, Milan Broz
- * Copyright (C) 2016-2018, Ondrej Mosnacek
+ * Copyright (C) 2012-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2019 Milan Broz
+ * Copyright (C) 2016-2019 Ondrej Mosnacek
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -48,7 +48,7 @@ int crypt_pbkdf_get_limits(const char *kdf, struct crypt_pbkdf_limits *limits)
 		limits->min_parallel   = 0; /* N/A */
 		limits->max_parallel   = 0; /* N/A */
 		return 0;
-	} else if (!strncmp(kdf, "argon2", 6)) {
+	} else if (!strcmp(kdf, "argon2i") || !strcmp(kdf, "argon2id")) {
 		limits->min_iterations = 4;
 		limits->max_iterations = UINT32_MAX;
 		limits->min_memory     = 32;
@@ -202,7 +202,7 @@ static int next_argon2_params(uint32_t *t_cost, uint32_t *m_cost,
 static int crypt_argon2_check(const char *kdf, const char *password,
 			      size_t password_length, const char *salt,
 			      size_t salt_length, size_t key_length,
-			      uint32_t min_t_cost, uint32_t max_m_cost,
+			      uint32_t min_t_cost, uint32_t min_m_cost, uint32_t max_m_cost,
 			      uint32_t parallel, uint32_t target_ms,
 			      uint32_t *out_t_cost, uint32_t *out_m_cost,
 			      int (*progress)(uint32_t time_ms, void *usrptr),
@@ -210,7 +210,7 @@ static int crypt_argon2_check(const char *kdf, const char *password,
 {
 	int r = 0;
 	char *key = NULL;
-	uint32_t t_cost, m_cost, min_m_cost = 8 * parallel;
+	uint32_t t_cost, m_cost;
 	long ms;
 	long ms_atleast = (long)target_ms * BENCH_PERCENT_ATLEAST / 100;
 	long ms_atmost = (long)target_ms * BENCH_PERCENT_ATMOST / 100;
@@ -218,6 +218,9 @@ static int crypt_argon2_check(const char *kdf, const char *password,
 	if (key_length <= 0 || target_ms <= 0)
 		return -EINVAL;

+	if (min_m_cost < (parallel * 8))
+		min_m_cost = parallel * 8;
+
 	if (max_m_cost < min_m_cost)
 		return -EINVAL;

@@ -403,6 +406,7 @@ int crypt_pbkdf_perf(const char *kdf, const char *hash,
 	if (!kdf || !iterations_out || !memory_out)
 		return -EINVAL;

+	/* FIXME: whole limits propagation should be more clear here */
 	r = crypt_pbkdf_get_limits(kdf, &pbkdf_limits);
 	if (r < 0)
 		return r;
@@ -418,7 +422,9 @@ int crypt_pbkdf_perf(const char *kdf, const char *hash,
 	else if (!strncmp(kdf, "argon2", 6))
 		r = crypt_argon2_check(kdf, password, password_size,
 				       salt, salt_size, volume_key_size,
-				       pbkdf_limits.min_iterations, max_memory_kb,
+				       pbkdf_limits.min_iterations,
+				       pbkdf_limits.min_memory,
+				       max_memory_kb,
 				       parallel_threads, time_ms, iterations_out,
 				       memory_out, progress, usrptr);
 	return r;
--- a/lib/integrity/integrity.c
+++ b/lib/integrity/integrity.c
@@ -1,7 +1,7 @@
 /*
 * Integrity volume handling
 *
- * Copyright (C) 2016-2018, Milan Broz
+ * Copyright (C) 2016-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -34,12 +34,12 @@ static int INTEGRITY_read_superblock(struct crypt_device *cd,
 {
 	int devfd, r;

-	devfd = device_open(device, O_RDONLY);
+	devfd = device_open(cd, device, O_RDONLY);
 	if(devfd < 0) {
 		return -EINVAL;
 	}

-	if (read_lseek_blockwise(devfd, device_block_size(device),
+	if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 		device_alignment(device), sb, sizeof(*sb), offset) != sizeof(*sb) ||
 	    memcmp(sb->magic, SB_MAGIC, sizeof(sb->magic)) ||
 	    (sb->version != SB_VERSION_1 && sb->version != SB_VERSION_2)) {
@@ -64,7 +64,7 @@ int INTEGRITY_read_sb(struct crypt_device *cd, struct crypt_params_integrity *pa
 	struct superblock sb;
 	int r;

-	r = INTEGRITY_read_superblock(cd, crypt_data_device(cd), 0, &sb);
+	r = INTEGRITY_read_superblock(cd, crypt_metadata_device(cd), 0, &sb);
 	if (r)
 		return r;

@@ -180,6 +180,69 @@ int INTEGRITY_tag_size(struct crypt_device *cd,
 	return iv_tag_size + auth_tag_size;
 }

+int INTEGRITY_create_dmd_device(struct crypt_device *cd,
+		       const struct crypt_params_integrity *params,
+		       struct volume_key *vk,
+		       struct volume_key *journal_crypt_key,
+		       struct volume_key *journal_mac_key,
+		       struct crypt_dm_active_device *dmd,
+		       uint32_t flags)
+{
+	int r;
+
+	if (!dmd)
+		return -EINVAL;
+
+	*dmd = (struct crypt_dm_active_device) {
+		.flags = flags,
+	};
+
+	r = INTEGRITY_data_sectors(cd, crypt_metadata_device(cd),
+				   crypt_get_data_offset(cd) * SECTOR_SIZE, &dmd->size);
+	if (r < 0)
+		return r;
+
+	return dm_integrity_target_set(&dmd->segment, 0, dmd->size,
+			crypt_metadata_device(cd), crypt_data_device(cd),
+			crypt_get_integrity_tag_size(cd), crypt_get_data_offset(cd),
+			crypt_get_sector_size(cd), vk, journal_crypt_key,
+			journal_mac_key, params);
+}
+
+int INTEGRITY_activate_dmd_device(struct crypt_device *cd,
+		       const char *name,
+		       struct crypt_dm_active_device *dmd)
+{
+	int r;
+	uint32_t dmi_flags;
+	struct dm_target *tgt = &dmd->segment;
+
+	if (!single_segment(dmd) || tgt->type != DM_INTEGRITY)
+		return -EINVAL;
+
+	log_dbg(cd, "Trying to activate INTEGRITY device on top of %s, using name %s, tag size %d, provided sectors %" PRIu64".",
+		device_path(tgt->data_device), name, tgt->u.integrity.tag_size, dmd->size);
+
+	r = device_block_adjust(cd, tgt->data_device, DEV_EXCL,
+				tgt->u.integrity.offset, NULL, &dmd->flags);
+	if (r)
+		return r;
+
+	if (tgt->u.integrity.meta_device) {
+		r = device_block_adjust(cd, tgt->u.integrity.meta_device, DEV_EXCL, 0, NULL, NULL);
+		if (r)
+			return r;
+	}
+
+	r = dm_create_device(cd, name, "INTEGRITY", dmd);
+	if (r < 0 && (dm_flags(cd, DM_INTEGRITY, &dmi_flags) || !(dmi_flags & DM_INTEGRITY_SUPPORTED))) {
+		log_err(cd, _("Kernel doesn't support dm-integrity mapping."));
+		return -ENOTSUP;
+	}
+
+	return r;
+}
+
 int INTEGRITY_activate(struct crypt_device *cd,
 		       const char *name,
 		       const struct crypt_params_integrity *params,
@@ -188,52 +251,14 @@ int INTEGRITY_activate(struct crypt_device *cd,
 		       struct volume_key *journal_mac_key,
 		       uint32_t flags)
 {
-	uint32_t dmi_flags;
-	struct crypt_dm_active_device dmdi = {
-		.target      = DM_INTEGRITY,
-		.data_device = crypt_data_device(cd),
-		.flags = flags,
-		.u.integrity = {
-			.offset = crypt_get_data_offset(cd),
-			.tag_size = crypt_get_integrity_tag_size(cd),
-			.sector_size = crypt_get_sector_size(cd),
-			.vk = vk,
-			.journal_crypt_key = journal_crypt_key,
-			.journal_integrity_key = journal_mac_key,
-		}
-	};
-	int r;
+	struct crypt_dm_active_device dmd = {};
+	int r = INTEGRITY_create_dmd_device(cd, params, vk, journal_crypt_key, journal_mac_key, &dmd, flags);

-	r = INTEGRITY_data_sectors(cd, dmdi.data_device,
-				   dmdi.u.integrity.offset * SECTOR_SIZE, &dmdi.size);
 	if (r < 0)
 		return r;

-	if (params) {
-		dmdi.u.integrity.journal_size = params->journal_size;
-		dmdi.u.integrity.journal_watermark = params->journal_watermark;
-		dmdi.u.integrity.journal_commit_time = params->journal_commit_time;
-		dmdi.u.integrity.interleave_sectors = params->interleave_sectors;
-		dmdi.u.integrity.buffer_sectors = params->buffer_sectors;
-		dmdi.u.integrity.integrity = params->integrity;
-		dmdi.u.integrity.journal_integrity = params->journal_integrity;
-		dmdi.u.integrity.journal_crypt = params->journal_crypt;
-	}
-
-	log_dbg("Trying to activate INTEGRITY device on top of %s, using name %s, tag size %d, provided sectors %" PRIu64".",
-		device_path(dmdi.data_device), name, dmdi.u.integrity.tag_size, dmdi.size);
-
-	r = device_block_adjust(cd, dmdi.data_device, DEV_EXCL,
-				dmdi.u.integrity.offset, NULL, &dmdi.flags);
-	if (r)
-		return r;
-
-	r = dm_create_device(cd, name, "INTEGRITY", &dmdi, 0);
-	if (r < 0 && (dm_flags(DM_INTEGRITY, &dmi_flags) || !(dmi_flags & DM_INTEGRITY_SUPPORTED))) {
-		log_err(cd, _("Kernel doesn't support dm-integrity mapping."));
-		return -ENOTSUP;
-	}
-
+	r = INTEGRITY_activate_dmd_device(cd, name, &dmd);
+	dm_targets_free(cd, &dmd);
 	return r;
 }

@@ -245,55 +270,56 @@ int INTEGRITY_format(struct crypt_device *cd,
 	uint32_t dmi_flags;
 	char tmp_name[64], tmp_uuid[40];
 	struct crypt_dm_active_device dmdi = {
-		.target      = DM_INTEGRITY,
-		.data_device = crypt_data_device(cd),
 		.size = 8,
 		.flags = CRYPT_ACTIVATE_PRIVATE, /* We always create journal but it can be unused later */
-		.u.integrity = {
-			.offset = crypt_get_data_offset(cd),
-			.tag_size = crypt_get_integrity_tag_size(cd),
-			.sector_size = crypt_get_sector_size(cd),
-			.journal_crypt_key = journal_crypt_key,
-			.journal_integrity_key = journal_mac_key,
-		}
 	};
+	struct dm_target *tgt = &dmdi.segment;
 	int r;
 	uuid_t tmp_uuid_bin;
-
-	if (params) {
-		dmdi.u.integrity.journal_size = params->journal_size;
-		dmdi.u.integrity.journal_watermark = params->journal_watermark;
-		dmdi.u.integrity.journal_commit_time = params->journal_commit_time;
-		dmdi.u.integrity.interleave_sectors = params->interleave_sectors;
-		dmdi.u.integrity.buffer_sectors = params->buffer_sectors;
-		dmdi.u.integrity.journal_integrity = params->journal_integrity;
-		dmdi.u.integrity.journal_crypt = params->journal_crypt;
-		dmdi.u.integrity.integrity = params->integrity;
-	}
+	struct volume_key *vk = NULL;

 	uuid_generate(tmp_uuid_bin);
 	uuid_unparse(tmp_uuid_bin, tmp_uuid);

 	snprintf(tmp_name, sizeof(tmp_name), "temporary-cryptsetup-%s", tmp_uuid);

-	log_dbg("Trying to format INTEGRITY device on top of %s, tmp name %s, tag size %d.",
-		device_path(dmdi.data_device), tmp_name, dmdi.u.integrity.tag_size);
-
-	r = device_block_adjust(cd, dmdi.data_device, DEV_EXCL, dmdi.u.integrity.offset, NULL, NULL);
-	if (r < 0 && (dm_flags(DM_INTEGRITY, &dmi_flags) || !(dmi_flags & DM_INTEGRITY_SUPPORTED))) {
-		log_err(cd, _("Kernel doesn't support dm-integrity mapping."));
-		return -ENOTSUP;
-	}
-	if (r)
-		return r;
-
 	/* There is no data area, we can actually use fake zeroed key */
 	if (params && params->integrity_key_size)
-		dmdi.u.integrity.vk = crypt_alloc_volume_key(params->integrity_key_size, NULL);
+		vk = crypt_alloc_volume_key(params->integrity_key_size, NULL);

-	r = dm_create_device(cd, tmp_name, "INTEGRITY", &dmdi, 0);
+	r = dm_integrity_target_set(tgt, 0, dmdi.size, crypt_metadata_device(cd),
+			crypt_data_device(cd), crypt_get_integrity_tag_size(cd),
+			crypt_get_data_offset(cd), crypt_get_sector_size(cd), vk,
+			journal_crypt_key, journal_mac_key, params);
+	if (r < 0) {
+		crypt_free_volume_key(vk);
+		return r;
+	}

-	crypt_free_volume_key(dmdi.u.integrity.vk);
+	log_dbg(cd, "Trying to format INTEGRITY device on top of %s, tmp name %s, tag size %d.",
+		device_path(tgt->data_device), tmp_name, tgt->u.integrity.tag_size);
+
+	r = device_block_adjust(cd, tgt->data_device, DEV_EXCL, tgt->u.integrity.offset, NULL, NULL);
+	if (r < 0 && (dm_flags(cd, DM_INTEGRITY, &dmi_flags) || !(dmi_flags & DM_INTEGRITY_SUPPORTED))) {
+		log_err(cd, _("Kernel doesn't support dm-integrity mapping."));
+		r = -ENOTSUP;
+	}
+	if (r) {
+		dm_targets_free(cd, &dmdi);
+		return r;
+	}
+
+	if (tgt->u.integrity.meta_device) {
+		r = device_block_adjust(cd, tgt->u.integrity.meta_device, DEV_EXCL, 0, NULL, NULL);
+		if (r) {
+			dm_targets_free(cd, &dmdi);
+			return r;
+		}
+	}
+
+	r = dm_create_device(cd, tmp_name, "INTEGRITY", &dmdi);
+	crypt_free_volume_key(vk);
+	dm_targets_free(cd, &dmdi);
 	if (r)
 		return r;

--- a/lib/integrity/integrity.h
+++ b/lib/integrity/integrity.h
@@ -1,7 +1,7 @@
 /*
 * Integrity header defitinion
 *
- * Copyright (C) 2016-2018, Milan Broz
+ * Copyright (C) 2016-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -27,6 +27,7 @@ struct crypt_device;
 struct device;
 struct crypt_params_integrity;
 struct volume_key;
+struct crypt_dm_active_device;

 /* dm-integrity helper */
 #define SB_MAGIC	"integrt"
@@ -75,4 +76,16 @@ int INTEGRITY_activate(struct crypt_device *cd,
 		       struct volume_key *journal_crypt_key,
 		       struct volume_key *journal_mac_key,
 		       uint32_t flags);
+
+int INTEGRITY_create_dmd_device(struct crypt_device *cd,
+		       const struct crypt_params_integrity *params,
+		       struct volume_key *vk,
+		       struct volume_key *journal_crypt_key,
+		       struct volume_key *journal_mac_key,
+		       struct crypt_dm_active_device *dmd,
+		       uint32_t flags);
+
+int INTEGRITY_activate_dmd_device(struct crypt_device *cd,
+		       const char *name,
+		       struct crypt_dm_active_device *dmd);
 #endif
--- a/lib/internal.h
+++ b/lib/internal.h
@@ -1,10 +1,10 @@
 /*
 * libcryptsetup - cryptsetup library internal
 *
- * Copyright (C) 2004, Jana Saout <jana@saout.de>
- * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2018, Milan Broz
+ * Copyright (C) 2004 Jana Saout <jana@saout.de>
+ * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -65,6 +65,13 @@
 # define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
 #endif

+#define MOVE_REF(x, y) \
+	do { \
+		typeof (x) *_px = &(x), *_py = &(y); \
+		*_px = *_py; \
+		*_py = NULL; \
+	} while (0)
+
 struct crypt_device;

 struct volume_key {
@@ -87,38 +94,43 @@ int verify_pbkdf_params(struct crypt_device *cd,
 int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
 				   struct crypt_pbkdf_type *pbkdf,
 				   size_t volume_key_size);
+const char *crypt_get_cipher_spec(struct crypt_device *cd);

 /* Device backend */
 struct device;
-int device_alloc(struct device **device, const char *path);
+int device_alloc(struct crypt_device *cd, struct device **device, const char *path);
 int device_alloc_no_check(struct device **device, const char *path);
-void device_free(struct device *device);
+void device_free(struct crypt_device *cd, struct device *device);
 const char *device_path(const struct device *device);
 const char *device_dm_name(const struct device *device);
 const char *device_block_path(const struct device *device);
-void device_topology_alignment(struct device *device,
-			    unsigned long *required_alignment, /* bytes */
-			    unsigned long *alignment_offset,   /* bytes */
-			    unsigned long default_alignment);
-size_t device_block_size(struct device *device);
+void device_topology_alignment(struct crypt_device *cd,
+			       struct device *device,
+			       unsigned long *required_alignment, /* bytes */
+			       unsigned long *alignment_offset,   /* bytes */
+			       unsigned long default_alignment);
+size_t device_block_size(struct crypt_device *cd, struct device *device);
 int device_read_ahead(struct device *device, uint32_t *read_ahead);
 int device_size(struct device *device, uint64_t *size);
-int device_open(struct device *device, int flags);
+int device_open(struct crypt_device *cd, struct device *device, int flags);
 void device_disable_direct_io(struct device *device);
 int device_is_identical(struct device *device1, struct device *device2);
 int device_is_rotational(struct device *device);
 size_t device_alignment(struct device *device);
 int device_direct_io(const struct device *device);
 int device_fallocate(struct device *device, uint64_t size);
-void device_sync(struct device *device, int devfd);
+void device_sync(struct crypt_device *cd, struct device *device, int devfd);
+int device_check_size(struct crypt_device *cd,
+		      struct device *device,
+		      uint64_t req_offset, int falloc);

-int device_open_locked(struct device *device, int flags);
+int device_open_locked(struct crypt_device *cd, struct device *device, int flags);
 int device_read_lock(struct crypt_device *cd, struct device *device);
 int device_write_lock(struct crypt_device *cd, struct device *device);
-void device_read_unlock(struct device *device);
-void device_write_unlock(struct device *device);
+void device_read_unlock(struct crypt_device *cd, struct device *device);
+void device_write_unlock(struct crypt_device *cd, struct device *device);

-enum devcheck { DEV_OK = 0, DEV_EXCL = 1, DEV_SHARED = 2 };
+enum devcheck { DEV_OK = 0, DEV_EXCL = 1 };
 int device_check_access(struct crypt_device *cd,
 			struct device *device,
 			enum devcheck device_check);
@@ -130,6 +142,13 @@ int device_block_adjust(struct crypt_device *cd,
 			uint32_t *flags);
 size_t size_round_up(size_t size, size_t block);

+int create_or_reload_device(struct crypt_device *cd, const char *name,
+		     const char *type, struct crypt_dm_active_device *dmd);
+
+int create_or_reload_device_with_integrity(struct crypt_device *cd, const char *name,
+		     const char *type, struct crypt_dm_active_device *dmd,
+		     struct crypt_dm_active_device *dmdi);
+
 /* Receive backend devices from context helpers */
 struct device *crypt_metadata_device(struct crypt_device *cd);
 struct device *crypt_data_device(struct crypt_device *cd);
@@ -152,7 +171,7 @@ uint64_t crypt_getphysmemory_kb(void);
 int init_crypto(struct crypt_device *ctx);

 void logger(struct crypt_device *cd, int level, const char *file, int line, const char *format, ...) __attribute__ ((format (printf, 5, 6)));
-#define log_dbg(x...) logger(NULL, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
+#define log_dbg(c, x...) logger(c, CRYPT_LOG_DEBUG, __FILE__, __LINE__, x)
 #define log_std(c, x...) logger(c, CRYPT_LOG_NORMAL, __FILE__, __LINE__, x)
 #define log_verbose(c, x...) logger(c, CRYPT_LOG_VERBOSE, __FILE__, __LINE__, x)
 #define log_err(c, x...) logger(c, CRYPT_LOG_ERROR, __FILE__, __LINE__, x)
@@ -169,7 +188,7 @@ int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int qualit
 void crypt_random_exit(void);
 int crypt_random_default_key_rng(void);

-int crypt_plain_hash(struct crypt_device *ctx,
+int crypt_plain_hash(struct crypt_device *cd,
 		     const char *hash_name,
 		     char *key, size_t key_size,
 		     const char *passphrase, size_t passphrase_size);
@@ -198,7 +217,7 @@ int crypt_get_integrity_tag_size(struct crypt_device *cd);
 int crypt_key_in_keyring(struct crypt_device *cd);
 void crypt_set_key_in_keyring(struct crypt_device *cd, unsigned key_in_keyring);
 int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key *vk);
-int crypt_use_keyring_for_vk(const struct crypt_device *cd);
+int crypt_use_keyring_for_vk(struct crypt_device *cd);
 void crypt_drop_keyring_key(struct crypt_device *cd, const char *key_description);

 static inline uint64_t version(uint16_t major, uint16_t minor, uint16_t patch, uint16_t release)
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -1,10 +1,10 @@
 /*
 * libcryptsetup - cryptsetup library
 *
- * Copyright (C) 2004, Jana Saout <jana@saout.de>
- * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2018, Milan Broz
+ * Copyright (C) 2004 Jana Saout <jana@saout.de>
+ * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -64,6 +64,23 @@ struct crypt_device; /* crypt device handle */
 */
 int crypt_init(struct crypt_device **cd, const char *device);

+/**
+ * Initialize crypt device handle with optional data device and check
+ * if devices exist.
+ *
+ * @param cd Returns pointer to crypt device handle
+ * @param device Path to the backing device or detached header.
+ * @param data_device Path to the data device or @e NULL.
+ *
+ * @return @e 0 on success or negative errno value otherwise.
+ *
+ * @note Note that logging is not initialized here, possible messages use
+ * 	 default log function.
+ */
+int crypt_init_data_device(struct crypt_device **cd,
+	const char *device,
+	const char *data_device);
+
 /**
 * Initialize crypt device handle from provided active device name,
 * and, optionally, from separate metadata (header) device
@@ -131,8 +148,29 @@ void crypt_set_confirm_callback(struct crypt_device *cd,
 * @param cd crypt device handle
 * @param device path to device
 *
+ * @returns 0 on success or negative errno value otherwise.
 */
 int crypt_set_data_device(struct crypt_device *cd, const char *device);
+
+/**
+ * Set data device offset in 512-byte sectors.
+ * Used for LUKS.
+ * This function is replacement for data alignment fields in LUKS param struct.
+ * If set to 0 (default), old behaviour is preserved.
+ * This value is reset on @link crypt_load @endlink.
+ *
+ * @param cd crypt device handle
+ * @param data_offset data offset in bytes
+ *
+ * @returns 0 on success or negative errno value otherwise.
+ *
+ * @note Data offset must be aligned to multiple of 8 (alignment to 4096-byte sectors)
+ * and must be big enough to accommodate the whole LUKS header with all keyslots.
+ * @note Data offset is enforced by this function, device topology
+ * information is no longer used after calling this function.
+ */
+int crypt_set_data_offset(struct crypt_device *cd, uint64_t data_offset);
+
 /** @} */

 /**
@@ -151,6 +189,8 @@ int crypt_set_data_device(struct crypt_device *cd, const char *device);
 #define CRYPT_LOG_VERBOSE  2
 /** debug log level - always on stdout */
 #define CRYPT_LOG_DEBUG -1
+/** debug log level - additional JSON output (for LUKS2) */
+#define CRYPT_LOG_DEBUG_JSON -2

 /**
 * Set log function.
@@ -246,6 +286,16 @@ struct crypt_pbkdf_type {
 int crypt_set_pbkdf_type(struct crypt_device *cd,
 	 const struct crypt_pbkdf_type *pbkdf);

+/**
+ * Get PBKDF (Password-Based Key Derivation Algorithm) parameters.
+ *
+ * @param pbkdf_type type of PBKDF
+ *
+ * @return struct on success or NULL value otherwise.
+ *
+ */
+const struct crypt_pbkdf_type *crypt_get_pbkdf_type_params(const char *pbkdf_type);
+
 /**
 * Get default PBKDF (Password-Based Key Derivation Algorithm) settings for keyslots.
 * Works only with LUKS device handles (both versions).
@@ -307,6 +357,39 @@ int crypt_memory_lock(struct crypt_device *cd, int lock);
 * 	 In current version locking can be only switched off and cannot be switched on later.
 */
 int crypt_metadata_locking(struct crypt_device *cd, int enable);
+
+/**
+ * Set metadata header area sizes. This applies only to LUKS2.
+ * These values limit amount of metadata anf number of supportable keyslots.
+ *
+ * @param cd crypt device handle, can be @e NULL
+ * @param metadata_size size in bytes of JSON area + 4k binary header
+ * @param keyslots_size size in bytes of binary keyslots area
+ *
+ * @returns @e 0 on success or negative errno value otherwise.
+ *
+ * @note The metadata area is stored twice and both copies contain 4k binary header.
+ * Only 16,32,64,128,256,512,1024,2048 and 4096 kB value is allowed (see LUKS2 specification).
+ * @note Keyslots area size must be multiple of 4k with maximum 128MB.
+ */
+int crypt_set_metadata_size(struct crypt_device *cd,
+	uint64_t metadata_size,
+	uint64_t keyslots_size);
+
+/**
+ * Get metadata header area sizes. This applies only to LUKS2.
+ * These values limit amount of metadata anf number of supportable keyslots.
+ *
+ * @param cd crypt device handle
+ * @param metadata_size size in bytes of JSON area + 4k binary header
+ * @param keyslots_size size in bytes of binary keyslots area
+ *
+ * @returns @e 0 on success or negative errno value otherwise.
+ */
+int crypt_get_metadata_size(struct crypt_device *cd,
+	uint64_t *metadata_size,
+	uint64_t *keyslots_size);
+
 /** @} */

 /**
@@ -343,6 +426,13 @@ int crypt_metadata_locking(struct crypt_device *cd, int enable);
 */
 const char *crypt_get_type(struct crypt_device *cd);

+/**
+ * Get device default LUKS type
+ *
+ * @return string according to device type (CRYPT_LUKS1 or CRYPT_LUKS2).
+ */
+const char *crypt_get_default_type(void);
+
 /**
 *
 * Structure used as parameter for PLAIN device type.
@@ -960,6 +1050,10 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
 #define CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE (1 << 15)
 /** allow activation check including unbound keyslots (keyslots without segments) */
 #define CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY (1 << 16)
+/** dm-integrity: activate automatic recalculation */
+#define CRYPT_ACTIVATE_RECALCULATE (1 << 17)
+/** reactivate existing and update flags, input only */
+#define CRYPT_ACTIVATE_REFRESH	(1 << 18)

 /**
 * Active device runtime attributes
@@ -1317,6 +1411,16 @@ const char *crypt_get_uuid(struct crypt_device *cd);
 */
 const char *crypt_get_device_name(struct crypt_device *cd);

+/**
+ * Get path to detached metadata device or @e NULL if it is not detached.
+ *
+ * @param cd crypt device handle
+ *
+ * @return path to underlaying device name
+ *
+ */
+const char *crypt_get_metadata_device_name(struct crypt_device *cd);
+
 /**
 * Get device offset in 512-bytes sectors where real data starts (on underlying device).
 *
@@ -1528,7 +1632,7 @@ int crypt_keyslot_area(struct crypt_device *cd,
 	uint64_t *length);

 /**
- * Get size (in bytes) of key for particular keyslot.
+ * Get size (in bytes) of stored key in particular keyslot.
 * Use for LUKS2 unbound keyslots, for other keyslots it is the same as @ref crypt_get_volume_key_size
 *
 * @param cd crypt device handle
@@ -1539,6 +1643,50 @@ int crypt_keyslot_area(struct crypt_device *cd,
 */
 int crypt_keyslot_get_key_size(struct crypt_device *cd, int keyslot);

+/**
+ * Get cipher and key size for keyslot encryption.
+ * Use for LUKS2 keyslot to set different encryption type than for data encryption.
+ * Parameters will be used for next keyslot operations.
+ *
+ * @param cd crypt device handle
+ * @param keyslot keyslot number of CRYPT_ANY_SLOT for default
+ * @param key_size encryption key size (in bytes)
+ *
+ * @return cipher specification on success or @e NULL.
+ *
+ * @note This is the encryption of keyslot itself, not the data encryption algorithm!
+ */
+const char *crypt_keyslot_get_encryption(struct crypt_device *cd, int keyslot, size_t *key_size);
+
+/**
+ * Get PBKDF parameters for keyslot.
+ *
+ * @param cd crypt device handle
+ * @param keyslot keyslot number
+ * @param pbkdf struct with returned PBKDF parameters
+ *
+ * @return @e 0 on success or negative errno value otherwise.
+ */
+int crypt_keyslot_get_pbkdf(struct crypt_device *cd, int keyslot, struct crypt_pbkdf_type *pbkdf);
+
+/**
+ * Set encryption for keyslot.
+ * Use for LUKS2 keyslot to set different encryption type than for data encryption.
+ * Parameters will be used for next keyslot operations that create or change a keyslot.
+ *
+ * @param cd crypt device handle
+ * @param cipher (e.g. "aes-xts-plain64")
+ * @param key_size encryption key size (in bytes)
+ *
+ * @return @e 0 on success or negative errno value otherwise.
+ *
+ * @note To reset to default keyslot encryption (the same as for data)
+ *       set cipher to NULL and key size to 0.
+ */
+int crypt_keyslot_set_encryption(struct crypt_device *cd,
+	const char *cipher,
+	size_t key_size);
+
 /**
 * Get directory where mapped crypt devices are created
 *
@@ -1591,6 +1739,8 @@ int crypt_header_restore(struct crypt_device *cd,

 /** Debug all */
 #define CRYPT_DEBUG_ALL  -1
+/** Debug all with adidtional JSON dump (for LUKS2) */
+#define CRYPT_DEBUG_JSON  -2
 /** Debug none */
 #define CRYPT_DEBUG_NONE  0

--- a/lib/libcryptsetup.sym
+++ b/lib/libcryptsetup.sym
@@ -1,6 +1,7 @@
 CRYPTSETUP_2.0 {
 	global:
 		crypt_init;
+		crypt_init_data_device;
 		crypt_init_by_name;
 		crypt_init_by_name_and_header;

@@ -68,14 +69,19 @@ CRYPTSETUP_2.0 {
 		crypt_get_cipher_mode;
 		crypt_get_integrity_info;
 		crypt_get_uuid;
+		crypt_set_data_offset;
 		crypt_get_data_offset;
 		crypt_get_iv_offset;
 		crypt_get_volume_key_size;
 		crypt_get_device_name;
+		crypt_get_metadata_device_name;
+		crypt_get_metadata_size;
+		crypt_set_metadata_size;
 		crypt_get_verity_info;
 		crypt_get_sector_size;

 		crypt_get_type;
+		crypt_get_default_type;
 		crypt_get_active_device;
 		crypt_get_active_integrity_failures;
 		crypt_persistent_flags_set;
@@ -85,12 +91,17 @@ CRYPTSETUP_2.0 {
 		crypt_get_rng_type;
 		crypt_set_pbkdf_type;
 		crypt_get_pbkdf_type;
+		crypt_get_pbkdf_type_params;
 		crypt_get_pbkdf_default;

 		crypt_keyslot_max;
 		crypt_keyslot_area;
 		crypt_keyslot_status;
 		crypt_keyslot_get_key_size;
+		crypt_keyslot_set_encryption;
+		crypt_keyslot_get_encryption;
+		crypt_keyslot_get_pbkdf;
+
 		crypt_get_dir;
 		crypt_set_debug_level;
 		crypt_log;
--- a/lib/libdevmapper.c
+++ b/lib/libdevmapper.c
--- a/lib/loopaes/loopaes.c
+++ b/lib/loopaes/loopaes.c
@@ -1,8 +1,8 @@
 /*
 * loop-AES compatible volume handling
 *
- * Copyright (C) 2011-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2018, Milan Broz
+ * Copyright (C) 2011-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -137,13 +137,13 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
 	unsigned int key_lengths[LOOPAES_KEYS_MAX];
 	unsigned int i, key_index, key_len, offset;

-	log_dbg("Parsing loop-AES keyfile of size %zu.", buffer_len);
+	log_dbg(cd, "Parsing loop-AES keyfile of size %zu.", buffer_len);

 	if (!buffer_len)
 		return -EINVAL;

 	if (keyfile_is_gpg(buffer, buffer_len)) {
-		log_err(cd, _("Detected not yet supported GPG encrypted keyfile.\n"));
+		log_err(cd, _("Detected not yet supported GPG encrypted keyfile."));
 		log_std(cd, _("Please use gpg --decrypt <KEYFILE> | cryptsetup --keyfile=- ...\n"));
 		return -EINVAL;
 	}
@@ -164,7 +164,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
 			key_lengths[key_index]++;
 		}
 		if (offset == buffer_len) {
-			log_dbg("Unterminated key #%d in keyfile.", key_index);
+			log_dbg(cd, "Unterminated key #%d in keyfile.", key_index);
 			log_err(cd, _("Incompatible loop-AES keyfile detected."));
 			return -EINVAL;
 		}
@@ -177,7 +177,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
 	key_len = key_lengths[0];
 	for (i = 0; i < key_index; i++)
 		if (!key_lengths[i] || (key_lengths[i] != key_len)) {
-			log_dbg("Unexpected length %d of key #%d (should be %d).",
+			log_dbg(cd, "Unexpected length %d of key #%d (should be %d).",
 				key_lengths[i], i, key_len);
 			key_len = 0;
 			break;
@@ -189,7 +189,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
 		return -EINVAL;
 	}

-	log_dbg("Keyfile: %d keys of length %d.", key_index, key_len);
+	log_dbg(cd, "Keyfile: %d keys of length %d.", key_index, key_len);

 	*keys_count = key_index;
 	return hash_keys(cd, vk, hash, keys, key_index,
@@ -203,25 +203,15 @@ int LOOPAES_activate(struct crypt_device *cd,
 		     struct volume_key *vk,
 		     uint32_t flags)
 {
-	char *cipher = NULL;
-	uint32_t req_flags, dmc_flags;
 	int r;
+	uint32_t req_flags, dmc_flags;
+	char *cipher = NULL;
 	struct crypt_dm_active_device dmd = {
-		.target = DM_CRYPT,
-		.size   = 0,
-		.flags  = flags,
-		.data_device = crypt_data_device(cd),
-		.u.crypt  = {
-			.cipher = NULL,
-			.vk     = vk,
-			.offset = crypt_get_data_offset(cd),
-			.iv_offset = crypt_get_iv_offset(cd),
-			.sector_size = crypt_get_sector_size(cd),
-		}
+		.flags = flags,
 	};

-	r = device_block_adjust(cd, dmd.data_device, DEV_EXCL,
-				dmd.u.crypt.offset, &dmd.size, &dmd.flags);
+	r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL,
+				crypt_get_data_offset(cd), &dmd.size, &dmd.flags);
 	if (r)
 		return r;

@@ -235,18 +225,29 @@ int LOOPAES_activate(struct crypt_device *cd,
 	if (r < 0)
 		return -ENOMEM;

-	dmd.u.crypt.cipher = cipher;
-	log_dbg("Trying to activate loop-AES device %s using cipher %s.",
-		name, dmd.u.crypt.cipher);
+	r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd),
+			vk, cipher, crypt_get_iv_offset(cd),
+			crypt_get_data_offset(cd), crypt_get_integrity(cd),
+			crypt_get_integrity_tag_size(cd), crypt_get_sector_size(cd));

-	r = dm_create_device(cd, name, CRYPT_LOOPAES, &dmd, 0);
+	if (r) {
+		free(cipher);
+		return r;
+	}

-	if (r < 0 && !dm_flags(DM_CRYPT, &dmc_flags) &&
+	log_dbg(cd, "Trying to activate loop-AES device %s using cipher %s.",
+		name, cipher);
+
+	r = dm_create_device(cd, name, CRYPT_LOOPAES, &dmd);
+
+	if (r < 0 && !dm_flags(cd, DM_CRYPT, &dmc_flags) &&
 	    (dmc_flags & req_flags) != req_flags) {
 		log_err(cd, _("Kernel doesn't support loop-AES compatible mapping."));
 		r = -ENOTSUP;
 	}

+	dm_targets_free(cd, &dmd);
 	free(cipher);
+
 	return r;
 }
--- a/lib/loopaes/loopaes.h
+++ b/lib/loopaes/loopaes.h
@@ -1,8 +1,8 @@
 /*
 * loop-AES compatible volume handling
 *
- * Copyright (C) 2011-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2011-2018, Milan Broz
+ * Copyright (C) 2011-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/lib/luks1/af.c
+++ b/lib/luks1/af.c
@@ -1,8 +1,8 @@
 /*
 * AFsplitter - Anti forensic information splitter
 *
- * Copyright (C) 2004, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
 *
 * AFsplitter diffuses information over a large stripe of data,
 * therefore supporting secure data destruction.
@@ -25,7 +25,6 @@
 #include <stddef.h>
 #include <stdlib.h>
 #include <string.h>
-#include <netinet/in.h>
 #include <errno.h>
 #include "internal.h"
 #include "af.h"
@@ -34,7 +33,7 @@ static void XORblock(const char *src1, const char *src2, char *dst, size_t n)
 {
 	size_t j;

-	for(j = 0; j < n; ++j)
+	for (j = 0; j < n; j++)
 		dst[j] = src1[j] ^ src2[j];
 }

@@ -45,7 +44,7 @@ static int hash_buf(const char *src, char *dst, uint32_t iv,
 	char *iv_char = (char *)&iv;
 	int r;

-	iv = htonl(iv);
+	iv = be32_to_cpu(iv);
 	if (crypt_hash_init(&hd, hash_name))
 		return -EINVAL;

@@ -61,34 +60,38 @@ out:
 	return r;
 }

-/* diffuse: Information spreading over the whole dataset with
+/*
+ * diffuse: Information spreading over the whole dataset with
 * the help of hash function.
 */
-
 static int diffuse(char *src, char *dst, size_t size, const char *hash_name)
 {
-	int hash_size = crypt_hash_size(hash_name);
+	int r, hash_size = crypt_hash_size(hash_name);
 	unsigned int digest_size;
 	unsigned int i, blocks, padding;

 	if (hash_size <= 0)
-		return 1;
+		return -EINVAL;
 	digest_size = hash_size;

 	blocks = size / digest_size;
 	padding = size % digest_size;

-	for (i = 0; i < blocks; i++)
-		if(hash_buf(src + digest_size * i,
+	for (i = 0; i < blocks; i++) {
+		r = hash_buf(src + digest_size * i,
 			    dst + digest_size * i,
-			    i, (size_t)digest_size, hash_name))
-			return 1;
+			    i, (size_t)digest_size, hash_name);
+		if (r < 0)
+			return r;
+	}

-	if(padding)
-		if(hash_buf(src + digest_size * i,
+	if (padding) {
+		r = hash_buf(src + digest_size * i,
 			    dst + digest_size * i,
-			    i, (size_t)padding, hash_name))
-			return 1;
+			    i, (size_t)padding, hash_name);
+		if (r < 0)
+			return r;
+	}

 	return 0;
 }
@@ -98,53 +101,57 @@ static int diffuse(char *src, char *dst, size_t size, const char *hash_name)
 * blocknumbers. The same blocksize and blocknumbers values
 * must be supplied to AF_merge to recover information.
 */
-
-int AF_split(const char *src, char *dst, size_t blocksize,
-	     unsigned int blocknumbers, const char *hash)
+int AF_split(struct crypt_device *ctx, const char *src, char *dst,
+	     size_t blocksize, unsigned int blocknumbers, const char *hash)
 {
 	unsigned int i;
 	char *bufblock;
-	int r = -EINVAL;
+	int r;

-	if((bufblock = calloc(blocksize, 1)) == NULL) return -ENOMEM;
+	bufblock = crypt_safe_alloc(blocksize);
+	if (!bufblock)
+		return -ENOMEM;

 	/* process everything except the last block */
-	for(i=0; i<blocknumbers-1; i++) {
-		r = crypt_random_get(NULL, dst+(blocksize*i), blocksize, CRYPT_RND_NORMAL);
-		if(r < 0) goto out;
+	for (i = 0; i < blocknumbers - 1; i++) {
+		r = crypt_random_get(ctx, dst + blocksize * i, blocksize, CRYPT_RND_NORMAL);
+		if (r < 0)
+			goto out;

-		XORblock(dst+(blocksize*i),bufblock,bufblock,blocksize);
-		if(diffuse(bufblock, bufblock, blocksize, hash))
+		XORblock(dst + blocksize * i, bufblock, bufblock, blocksize);
+		r = diffuse(bufblock, bufblock, blocksize, hash);
+		if (r < 0)
 			goto out;
 	}
 	/* the last block is computed */
-	XORblock(src,bufblock,dst+(i*blocksize),blocksize);
+	XORblock(src, bufblock, dst + blocksize * i, blocksize);
 	r = 0;
 out:
-	free(bufblock);
+	crypt_safe_free(bufblock);
 	return r;
 }

-int AF_merge(const char *src, char *dst, size_t blocksize,
-	     unsigned int blocknumbers, const char *hash)
+int AF_merge(struct crypt_device *ctx __attribute__((unused)), const char *src, char *dst,
+	     size_t blocksize, unsigned int blocknumbers, const char *hash)
 {
 	unsigned int i;
 	char *bufblock;
-	int r = -EINVAL;
+	int r;

-	if((bufblock = calloc(blocksize, 1)) == NULL)
+	bufblock = crypt_safe_alloc(blocksize);
+	if (!bufblock)
 		return -ENOMEM;

-	memset(bufblock,0,blocksize);
-	for(i=0; i<blocknumbers-1; i++) {
-		XORblock(src+(blocksize*i),bufblock,bufblock,blocksize);
-		if(diffuse(bufblock, bufblock, blocksize, hash))
+	for(i = 0; i < blocknumbers - 1; i++) {
+		XORblock(src + blocksize * i, bufblock, bufblock, blocksize);
+		r = diffuse(bufblock, bufblock, blocksize, hash);
+		if (r < 0)
 			goto out;
 	}
 	XORblock(src + blocksize * i, bufblock, dst, blocksize);
 	r = 0;
 out:
-	free(bufblock);
+	crypt_safe_free(bufblock);
 	return r;
 }

--- a/lib/luks1/af.h
+++ b/lib/luks1/af.h
@@ -1,8 +1,8 @@
 /*
 * AFsplitter - Anti forensic information splitter
 *
- * Copyright (C) 2004, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2004 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
 *
 * AFsplitter diffuses information over a large stripe of data,
 * therefore supporting secure data destruction.
@@ -39,8 +39,10 @@
 * On error, both functions return -1, 0 otherwise.
 */

-int AF_split(const char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash);
-int AF_merge(const char *src, char *dst, size_t blocksize, unsigned int blocknumbers, const char *hash);
+int AF_split(struct crypt_device *ctx, const char *src, char *dst,
+	     size_t blocksize, unsigned int blocknumbers, const char *hash);
+int AF_merge(struct crypt_device *ctx, const char *src, char *dst, size_t blocksize,
+	     unsigned int blocknumbers, const char *hash);
 size_t AF_split_sectors(size_t blocksize, unsigned int blocknumbers);

 int LUKS_encrypt_to_storage(
--- a/lib/luks1/keyencryption.c
+++ b/lib/luks1/keyencryption.c
@@ -1,9 +1,9 @@
 /*
 * LUKS - Linux Unified Key Setup
 *
- * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2018, Milan Broz
+ * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -58,25 +58,15 @@ static int LUKS_endec_template(char *src, size_t srcLength,
 	char name[PATH_MAX], path[PATH_MAX];
 	char cipher_spec[MAX_CIPHER_LEN * 3];
 	struct crypt_dm_active_device dmd = {
-		.target = DM_CRYPT,
-		.uuid   = NULL,
-		.flags  = CRYPT_ACTIVATE_PRIVATE,
-		.data_device = crypt_metadata_device(ctx),
-		.u.crypt = {
-			.cipher = cipher_spec,
-			.vk     = vk,
-			.offset = sector,
-			.iv_offset = 0,
-			.sector_size = SECTOR_SIZE,
-		}
+		.flags = CRYPT_ACTIVATE_PRIVATE,
 	};
 	int r, devfd = -1;
 	size_t bsize, keyslot_alignment, alignment;

-	log_dbg("Using dmcrypt to access keyslot area.");
+	log_dbg(ctx, "Using dmcrypt to access keyslot area.");

-	bsize = device_block_size(dmd.data_device);
-	alignment = device_alignment(dmd.data_device);
+	bsize = device_block_size(ctx, crypt_metadata_device(ctx));
+	alignment = device_alignment(crypt_metadata_device(ctx));
 	if (!bsize || !alignment)
 		return -EINVAL;

@@ -96,26 +86,33 @@ static int LUKS_endec_template(char *src, size_t srcLength,
 	if (snprintf(cipher_spec, sizeof(cipher_spec), "%s-%s", cipher, cipher_mode) < 0)
 		return -ENOMEM;

-	r = device_block_adjust(ctx, dmd.data_device, DEV_OK,
-				dmd.u.crypt.offset, &dmd.size, &dmd.flags);
+	r = device_block_adjust(ctx, crypt_metadata_device(ctx), DEV_OK,
+				sector, &dmd.size, &dmd.flags);
 	if (r < 0) {
 		log_err(ctx, _("Device %s doesn't exist or access denied."),
-			device_path(dmd.data_device));
+			device_path(crypt_metadata_device(ctx)));
 		return -EIO;
 	}

 	if (mode != O_RDONLY && dmd.flags & CRYPT_ACTIVATE_READONLY) {
 		log_err(ctx, _("Cannot write to device %s, permission denied."),
-			device_path(dmd.data_device));
+			device_path(crypt_metadata_device(ctx)));
 		return -EACCES;
 	}

-	r = dm_create_device(ctx, name, "TEMP", &dmd, 0);
+	r = dm_crypt_target_set(&dmd.segment, 0, dmd.size,
+			crypt_metadata_device(ctx), vk, cipher_spec, 0, sector,
+			NULL, 0, SECTOR_SIZE);
+	if (r)
+		goto out;
+
+	r = dm_create_device(ctx, name, "TEMP", &dmd);
 	if (r < 0) {
 		if (r != -EACCES && r != -ENOTSUP)
-			_error_hint(ctx, device_path(dmd.data_device),
+			_error_hint(ctx, device_path(crypt_metadata_device(ctx)),
 				    cipher, cipher_mode, vk->keylength * 8);
-		return -EIO;
+		r = -EIO;
+		goto out;
 	}

 	devfd = open(path, mode | O_DIRECT | O_SYNC);
@@ -132,6 +129,7 @@ static int LUKS_endec_template(char *src, size_t srcLength,
 	} else
 		r = 0;
 out:
+	dm_targets_free(ctx, &dmd);
 	if (devfd != -1)
 		close(devfd);
 	dm_remove_device(ctx, name, CRYPT_DEACTIVATE_FORCE);
@@ -158,7 +156,7 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength,
 	r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength);

 	if (r)
-		log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).",
+		log_dbg(ctx, "Userspace crypto wrapper cannot use %s-%s (%d).",
 			cipher, cipher_mode, r);

 	/* Fallback to old temporary dmcrypt device */
@@ -172,7 +170,7 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength,
 		return r;
 	}

-	log_dbg("Using userspace crypto wrapper to access keyslot area.");
+	log_dbg(ctx, "Using userspace crypto wrapper to access keyslot area.");

 	r = crypt_storage_encrypt(s, 0, srcLength / SECTOR_SIZE, src);
 	crypt_storage_destroy(s);
@@ -183,11 +181,11 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength,
 	r = -EIO;

 	/* Write buffer to device */
-	devfd = device_open(device, O_RDWR);
+	devfd = device_open(ctx, device, O_RDWR);
 	if (devfd < 0)
 		goto out;

-	if (write_lseek_blockwise(devfd, device_block_size(device),
+	if (write_lseek_blockwise(devfd, device_block_size(ctx, device),
 				  device_alignment(device), src, srcLength,
 				  sector * SECTOR_SIZE) < 0)
 		goto out;
@@ -195,7 +193,7 @@ int LUKS_encrypt_to_storage(char *src, size_t srcLength,
 	r = 0;
 out:
 	if (devfd >= 0) {
-		device_sync(device, devfd);
+		device_sync(ctx, device, devfd);
 		close(devfd);
 	}
 	if (r)
@@ -223,7 +221,7 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
 	r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength);

 	if (r)
-		log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).",
+		log_dbg(ctx, "Userspace crypto wrapper cannot use %s-%s (%d).",
 			cipher, cipher_mode, r);

 	/* Fallback to old temporary dmcrypt device */
@@ -237,17 +235,17 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
 		return r;
 	}

-	log_dbg("Using userspace crypto wrapper to access keyslot area.");
+	log_dbg(ctx, "Using userspace crypto wrapper to access keyslot area.");

 	/* Read buffer from device */
-	devfd = device_open(device, O_RDONLY);
+	devfd = device_open(ctx, device, O_RDONLY);
 	if (devfd < 0) {
 		log_err(ctx, _("Cannot open device %s."), device_path(device));
 		crypt_storage_destroy(s);
 		return -EIO;
 	}

-	if (read_lseek_blockwise(devfd, device_block_size(device),
+	if (read_lseek_blockwise(devfd, device_block_size(ctx, device),
 				 device_alignment(device), dst, dstLength,
 				 sector * SECTOR_SIZE) < 0) {
 		if (!fstat(devfd, &st) && (st.st_size < (off_t)dstLength))
--- a/lib/luks1/keymanage.c
+++ b/lib/luks1/keymanage.c
@@ -1,9 +1,9 @@
 /*
 * LUKS - Linux Unified Key Setup
 *
- * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2013-2018, Milan Broz
+ * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2013-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -37,23 +37,6 @@
 #include "af.h"
 #include "internal.h"

-/* Get size of struct luks_phdr with all keyslots material space */
-static size_t LUKS_calculate_device_sectors(size_t keyLen)
-{
-	size_t keyslot_sectors, sector;
-	int i;
-
-	keyslot_sectors = AF_split_sectors(keyLen, LUKS_STRIPES);
-	sector = LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE;
-
-	for (i = 0; i < LUKS_NUMKEYS; i++) {
-		sector = size_round_up(sector, LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
-		sector += keyslot_sectors;
-	}
-
-	return sector;
-}
-
 int LUKS_keyslot_area(const struct luks_phdr *hdr,
 	int keyslot,
 	uint64_t *offset,
@@ -111,13 +94,13 @@ static int LUKS_check_device_size(struct crypt_device *ctx, const struct luks_ph
 		return -EINVAL;

 	if (device_size(device, &dev_sectors)) {
-		log_dbg("Cannot get device size for device %s.", device_path(device));
+		log_dbg(ctx, "Cannot get device size for device %s.", device_path(device));
 		return -EIO;
 	}

 	dev_sectors >>= SECTOR_SHIFT;
 	hdr_sectors = LUKS_device_sectors(hdr);
-	log_dbg("Key length %u, device size %" PRIu64 " sectors, header size %"
+	log_dbg(ctx, "Key length %u, device size %" PRIu64 " sectors, header size %"
 		PRIu64 " sectors.", hdr->keyBytes, dev_sectors, hdr_sectors);

 	if (hdr_sectors > dev_sectors) {
@@ -144,7 +127,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr
 	for (i = 0; i < LUKS_NUMKEYS; i++) {
 		/* enforce stripes == 4000 */
 		if (phdr->keyblock[i].stripes != LUKS_STRIPES) {
-			log_dbg("Invalid stripes count %u in keyslot %u.",
+			log_dbg(ctx, "Invalid stripes count %u in keyslot %u.",
 				phdr->keyblock[i].stripes, i);
 			log_err(ctx, _("LUKS keyslot %u is invalid."), i);
 			return -1;
@@ -152,7 +135,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr

 		/* First sectors is the header itself */
 		if (phdr->keyblock[i].keyMaterialOffset * SECTOR_SIZE < sizeof(*phdr)) {
-			log_dbg("Invalid offset %u in keyslot %u.",
+			log_dbg(ctx, "Invalid offset %u in keyslot %u.",
 				phdr->keyblock[i].keyMaterialOffset, i);
 			log_err(ctx, _("LUKS keyslot %u is invalid."), i);
 			return -1;
@@ -163,7 +146,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr
 			continue;

 		if (phdr->payloadOffset <= phdr->keyblock[i].keyMaterialOffset) {
-			log_dbg("Invalid offset %u in keyslot %u (beyond data area offset %u).",
+			log_dbg(ctx, "Invalid offset %u in keyslot %u (beyond data area offset %u).",
 				phdr->keyblock[i].keyMaterialOffset, i,
 				phdr->payloadOffset);
 			log_err(ctx, _("LUKS keyslot %u is invalid."), i);
@@ -171,7 +154,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr
 		}

 		if (phdr->payloadOffset < (phdr->keyblock[i].keyMaterialOffset + secs_per_stripes)) {
-			log_dbg("Invalid keyslot size %u (offset %u, stripes %u) in "
+			log_dbg(ctx, "Invalid keyslot size %u (offset %u, stripes %u) in "
 				"keyslot %u (beyond data area offset %u).",
 				secs_per_stripes,
 				phdr->keyblock[i].keyMaterialOffset,
@@ -188,7 +171,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr
 		next = sorted_areas[i];
 		if (phdr->keyblock[next].keyMaterialOffset <
 		    (phdr->keyblock[prev].keyMaterialOffset + secs_per_stripes)) {
-			log_dbg("Not enough space in LUKS keyslot %d.", prev);
+			log_dbg(ctx, "Not enough space in LUKS keyslot %d.", prev);
 			log_err(ctx, _("LUKS keyslot %u is invalid."), prev);
 			return -1;
 		}
@@ -235,19 +218,19 @@ int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx)
 		goto out;
 	}

-	log_dbg("Storing backup of header (%zu bytes) and keyslot area (%zu bytes).",
+	log_dbg(ctx, "Storing backup of header (%zu bytes) and keyslot area (%zu bytes).",
 		sizeof(hdr), hdr_size - LUKS_ALIGN_KEYSLOTS);

-	log_dbg("Output backup file size: %zu bytes.", buffer_size);
+	log_dbg(ctx, "Output backup file size: %zu bytes.", buffer_size);

-	devfd = device_open(device, O_RDONLY);
+	devfd = device_open(ctx, device, O_RDONLY);
 	if (devfd < 0) {
 		log_err(ctx, _("Device %s is not a valid LUKS device."), device_path(device));
 		r = -EINVAL;
 		goto out;
 	}

-	if (read_blockwise(devfd, device_block_size(device), device_alignment(device),
+	if (read_blockwise(devfd, device_block_size(ctx, device), device_alignment(device),
 			   buffer, hdr_size) < (ssize_t)hdr_size) {
 		r = -EIO;
 		goto out;
@@ -329,7 +312,7 @@ int LUKS_hdr_restore(

 	r = LUKS_read_phdr(hdr, 0, 0, ctx);
 	if (r == 0) {
-		log_dbg("Device %s already contains LUKS header, checking UUID and offset.", device_path(device));
+		log_dbg(ctx, "Device %s already contains LUKS header, checking UUID and offset.", device_path(device));
 		if(hdr->payloadOffset != hdr_file.payloadOffset ||
 		   hdr->keyBytes != hdr_file.keyBytes) {
 			log_err(ctx, _("Data offset or key size differs on device and backup, restore failed."));
@@ -353,10 +336,10 @@ int LUKS_hdr_restore(
 		goto out;
 	}

-	log_dbg("Storing backup of header (%zu bytes) and keyslot area (%zu bytes) to device %s.",
+	log_dbg(ctx, "Storing backup of header (%zu bytes) and keyslot area (%zu bytes) to device %s.",
 		sizeof(*hdr), buffer_size - LUKS_ALIGN_KEYSLOTS, device_path(device));

-	devfd = device_open(device, O_RDWR);
+	devfd = device_open(ctx, device, O_RDWR);
 	if (devfd < 0) {
 		if (errno == EACCES)
 			log_err(ctx, _("Cannot write to device %s, permission denied."),
@@ -367,7 +350,7 @@ int LUKS_hdr_restore(
 		goto out;
 	}

-	if (write_blockwise(devfd, device_block_size(device), device_alignment(device),
+	if (write_blockwise(devfd, device_block_size(ctx, device), device_alignment(device),
 			    buffer, buffer_size) < buffer_size) {
 		r = -EIO;
 		goto out;
@@ -379,7 +362,7 @@ int LUKS_hdr_restore(
 	r = LUKS_read_phdr(hdr, 1, 0, ctx);
 out:
 	if (devfd >= 0) {
-		device_sync(device, devfd);
+		device_sync(ctx, device, devfd);
 		close(devfd);
 	}
 	crypt_safe_free(buffer);
@@ -412,19 +395,18 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)

 	log_verbose(ctx, _("Repairing keyslots."));

-	log_dbg("Generating second header with the same parameters for check.");
+	log_dbg(ctx, "Generating second header with the same parameters for check.");
 	/* cipherName, cipherMode, hashSpec, uuid are already null terminated */
 	/* payloadOffset - cannot check */
 	r = LUKS_generate_phdr(&temp_phdr, vk, phdr->cipherName, phdr->cipherMode,
-			       phdr->hashSpec,phdr->uuid, LUKS_STRIPES,
-			       phdr->payloadOffset, 0,
-			       1, ctx);
+			       phdr->hashSpec, phdr->uuid,
+			       phdr->payloadOffset * SECTOR_SIZE, 0, 0, ctx);
 	if (r < 0)
 		goto out;

 	for(i = 0; i < LUKS_NUMKEYS; ++i) {
 		if (phdr->keyblock[i].active == LUKS_KEY_ENABLED)  {
-			log_dbg("Skipping repair for active keyslot %i.", i);
+			log_dbg(ctx, "Skipping repair for active keyslot %i.", i);
 			continue;
 		}

@@ -491,7 +473,7 @@ static int _check_and_convert_hdr(const char *device,
 	char luksMagic[] = LUKS_MAGIC;

 	if(memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */
-		log_dbg("LUKS header not detected.");
+		log_dbg(ctx, "LUKS header not detected.");
 		if (require_luks_device)
 			log_err(ctx, _("Device %s is not a valid LUKS device."), device);
 		return -EINVAL;
@@ -565,7 +547,7 @@ int LUKS_read_phdr_backup(const char *backup_file,
 	ssize_t hdr_size = sizeof(struct luks_phdr);
 	int devfd = 0, r = 0;

-	log_dbg("Reading LUKS header of size %d from backup file %s",
+	log_dbg(ctx, "Reading LUKS header of size %d from backup file %s",
 		(int)hdr_size, backup_file);

 	devfd = open(backup_file, O_RDONLY);
@@ -604,16 +586,16 @@ int LUKS_read_phdr(struct luks_phdr *hdr,
 	if (repair && !require_luks_device)
 		return -EINVAL;

-	log_dbg("Reading LUKS header of size %zu from device %s",
+	log_dbg(ctx, "Reading LUKS header of size %zu from device %s",
 		hdr_size, device_path(device));

-	devfd = device_open(device, O_RDONLY);
+	devfd = device_open(ctx, device, O_RDONLY);
 	if (devfd < 0) {
 		log_err(ctx, _("Cannot open device %s."), device_path(device));
 		return -EINVAL;
 	}

-	if (read_blockwise(devfd, device_block_size(device), device_alignment(device),
+	if (read_blockwise(devfd, device_block_size(ctx, device), device_alignment(device),
 			   hdr, hdr_size) < hdr_size)
 		r = -EIO;
 	else
@@ -629,7 +611,7 @@ int LUKS_read_phdr(struct luks_phdr *hdr,
 	 * has bigger sector size.
 	 */
 	if (!r && hdr->keyblock[0].keyMaterialOffset * SECTOR_SIZE < LUKS_ALIGN_KEYSLOTS) {
-		log_dbg("Old unaligned LUKS keyslot detected, disabling direct-io.");
+		log_dbg(ctx, "Old unaligned LUKS keyslot detected, disabling direct-io.");
 		device_disable_direct_io(device);
 	}

@@ -647,14 +629,14 @@ int LUKS_write_phdr(struct luks_phdr *hdr,
 	struct luks_phdr convHdr;
 	int r;

-	log_dbg("Updating LUKS header of size %zu on device %s",
+	log_dbg(ctx, "Updating LUKS header of size %zu on device %s",
 		sizeof(struct luks_phdr), device_path(device));

 	r = LUKS_check_device_size(ctx, hdr, 1);
 	if (r)
 		return r;

-	devfd = device_open(device, O_RDWR);
+	devfd = device_open(ctx, device, O_RDWR);
 	if (devfd < 0) {
 		if (errno == EACCES)
 			log_err(ctx, _("Cannot write to device %s, permission denied."),
@@ -679,12 +661,12 @@ int LUKS_write_phdr(struct luks_phdr *hdr,
 		convHdr.keyblock[i].stripes            = htonl(hdr->keyblock[i].stripes);
 	}

-	r = write_blockwise(devfd, device_block_size(device), device_alignment(device),
+	r = write_blockwise(devfd, device_block_size(ctx, device), device_alignment(device),
 			    &convHdr, hdr_size) < hdr_size ? -EIO : 0;
 	if (r)
 		log_err(ctx, _("Error during update of LUKS header on device %s."), device_path(device));

-	device_sync(device, devfd);
+	device_sync(ctx, device, devfd);
 	close(devfd);

 	/* Re-read header from disk to be sure that in-memory and on-disk data are the same. */
@@ -705,7 +687,7 @@ int LUKS_check_cipher(struct crypt_device *ctx, size_t keylength, const char *ci
 	struct volume_key *empty_key;
 	char buf[SECTOR_SIZE];

-	log_dbg("Checking if cipher %s-%s is usable.", cipher, cipher_mode);
+	log_dbg(ctx, "Checking if cipher %s-%s is usable.", cipher, cipher_mode);

 	empty_key = crypt_alloc_volume_key(keylength, NULL);
 	if (!empty_key)
@@ -722,30 +704,53 @@ int LUKS_check_cipher(struct crypt_device *ctx, size_t keylength, const char *ci
 }

 int LUKS_generate_phdr(struct luks_phdr *header,
-		       const struct volume_key *vk,
-		       const char *cipherName, const char *cipherMode, const char *hashSpec,
-		       const char *uuid, unsigned int stripes,
-		       unsigned int alignPayload,
-		       unsigned int alignOffset,
-		       int detached_metadata_device,
-		       struct crypt_device *ctx)
+	const struct volume_key *vk,
+	const char *cipherName,
+	const char *cipherMode,
+	const char *hashSpec,
+	const char *uuid,
+	uint64_t data_offset,        /* in bytes */
+	uint64_t align_offset,       /* in bytes */
+	uint64_t required_alignment, /* in bytes */
+	struct crypt_device *ctx)
 {
-	unsigned int i = 0, hdr_sectors = LUKS_calculate_device_sectors(vk->keylength);
-	size_t blocksPerStripeSet, currentSector;
-	int r;
+	int i, r;
+	size_t keyslot_sectors, header_sectors;
 	uuid_t partitionUuid;
 	struct crypt_pbkdf_type *pbkdf;
 	double PBKDF2_temp;
 	char luksMagic[] = LUKS_MAGIC;

-	/* For separate metadata device allow zero alignment */
-	if (alignPayload == 0 && !detached_metadata_device)
-		alignPayload = DEFAULT_DISK_ALIGNMENT / SECTOR_SIZE;
+	if (data_offset % SECTOR_SIZE || align_offset % SECTOR_SIZE ||
+	    required_alignment % SECTOR_SIZE)
+		return -EINVAL;

-	if (alignPayload && detached_metadata_device && alignPayload < hdr_sectors) {
-		log_err(ctx, _("Data offset for detached LUKS header must be "
-			       "either 0 or higher than header size (%d sectors)."),
-			       hdr_sectors);
+	memset(header, 0, sizeof(struct luks_phdr));
+
+	keyslot_sectors = AF_split_sectors(vk->keylength, LUKS_STRIPES);
+	header_sectors = LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE;
+
+	for (i = 0; i < LUKS_NUMKEYS; i++) {
+		header->keyblock[i].active = LUKS_KEY_DISABLED;
+		header->keyblock[i].keyMaterialOffset = header_sectors;
+		header->keyblock[i].stripes = LUKS_STRIPES;
+		header_sectors = size_round_up(header_sectors + keyslot_sectors,
+					       LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
+	}
+	/* In sector is now size of all keyslot material space */
+
+	/* Data offset has priority */
+	if (data_offset)
+		header->payloadOffset = data_offset / SECTOR_SIZE;
+	else if (required_alignment) {
+		header->payloadOffset = size_round_up(header_sectors, (required_alignment / SECTOR_SIZE));
+		header->payloadOffset += (align_offset / SECTOR_SIZE);
+	} else
+		header->payloadOffset = 0;
+
+	if (header->payloadOffset && header->payloadOffset < header_sectors) {
+		log_err(ctx, _("Data offset for LUKS header must be "
+			       "either 0 or higher than header size."));
 		return -EINVAL;
 	}

@@ -761,8 +766,6 @@ int LUKS_generate_phdr(struct luks_phdr *header,
 	if (!uuid)
 		uuid_generate(partitionUuid);

-	memset(header,0,sizeof(struct luks_phdr));
-
 	/* Set Magic */
 	memcpy(header->magic,luksMagic,LUKS_MAGIC_L);
 	header->version=1;
@@ -774,7 +777,7 @@ int LUKS_generate_phdr(struct luks_phdr *header,

 	LUKS_fix_header_compatible(header);

-	log_dbg("Generating LUKS header version %d using hash %s, %s, %s, MK %d bytes",
+	log_dbg(ctx, "Generating LUKS header version %d using hash %s, %s, %s, MK %d bytes",
 		header->version, header->hashSpec ,header->cipherName, header->cipherMode,
 		header->keyBytes);

@@ -800,34 +803,15 @@ int LUKS_generate_phdr(struct luks_phdr *header,
 			header->mkDigestSalt, LUKS_SALTSIZE,
 			header->mkDigest,LUKS_DIGESTSIZE,
 			header->mkDigestIterations, 0, 0);
-	if(r < 0) {
+	if (r < 0) {
 		log_err(ctx, _("Cannot create LUKS header: header digest failed (using hash %s)."),
 			header->hashSpec);
 		return r;
 	}

-	currentSector = LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE;
-	blocksPerStripeSet = AF_split_sectors(vk->keylength, stripes);
-	for(i = 0; i < LUKS_NUMKEYS; ++i) {
-		header->keyblock[i].active = LUKS_KEY_DISABLED;
-		header->keyblock[i].keyMaterialOffset = currentSector;
-		header->keyblock[i].stripes = stripes;
-		currentSector = size_round_up(currentSector + blocksPerStripeSet,
-						LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE);
-	}
-
-	if (detached_metadata_device) {
-		/* for separate metadata device use alignPayload directly */
-		header->payloadOffset = alignPayload;
-	} else {
-		/* alignOffset - offset from natural device alignment provided by topology info */
-		currentSector = size_round_up(currentSector, alignPayload);
-		header->payloadOffset = currentSector + alignOffset;
-	}
-
        uuid_unparse(partitionUuid, header->uuid);

-	log_dbg("Data offset %d, UUID %s, digest iterations %" PRIu32,
+	log_dbg(ctx, "Data offset %d, UUID %s, digest iterations %" PRIu32,
 		header->payloadOffset, header->uuid, header->mkDigestIterations);

 	return 0;
@@ -875,7 +859,7 @@ int LUKS_set_key(unsigned int keyIndex,
 	         return -EINVAL;
 	}

-	log_dbg("Calculating data for key slot %d", keyIndex);
+	log_dbg(ctx, "Calculating data for key slot %d", keyIndex);
 	pbkdf = crypt_get_pbkdf(ctx);
 	r = crypt_benchmark_pbkdf_internal(ctx, pbkdf, vk->keylength);
 	if (r < 0)
@@ -887,7 +871,7 @@ int LUKS_set_key(unsigned int keyIndex,
 	 */
 	hdr->keyblock[keyIndex].passwordIterations =
 		at_least(pbkdf->iterations, LUKS_SLOT_ITERATIONS_MIN);
-	log_dbg("Key slot %d use %" PRIu32 " password iterations.", keyIndex,
+	log_dbg(ctx, "Key slot %d use %" PRIu32 " password iterations.", keyIndex,
 		hdr->keyblock[keyIndex].passwordIterations);

 	derived_key = crypt_alloc_volume_key(hdr->keyBytes, NULL);
@@ -917,13 +901,13 @@ int LUKS_set_key(unsigned int keyIndex,
 		goto out;
 	}

-	log_dbg("Using hash %s for AF in key slot %d, %d stripes",
+	log_dbg(ctx, "Using hash %s for AF in key slot %d, %d stripes",
 		hdr->hashSpec, keyIndex, hdr->keyblock[keyIndex].stripes);
-	r = AF_split(vk->key,AfKey,vk->keylength,hdr->keyblock[keyIndex].stripes,hdr->hashSpec);
+	r = AF_split(ctx, vk->key, AfKey, vk->keylength, hdr->keyblock[keyIndex].stripes, hdr->hashSpec);
 	if (r < 0)
 		goto out;

-	log_dbg("Updating key slot %d [0x%04x] area.", keyIndex,
+	log_dbg(ctx, "Updating key slot %d [0x%04x] area.", keyIndex,
 		hdr->keyblock[keyIndex].keyMaterialOffset << 9);
 	/* Encryption via dm */
 	r = LUKS_encrypt_to_storage(AfKey,
@@ -936,7 +920,7 @@ int LUKS_set_key(unsigned int keyIndex,
 		goto out;

 	/* Mark the key as active in phdr */
-	r = LUKS_keyslot_set(hdr, (int)keyIndex, 1);
+	r = LUKS_keyslot_set(hdr, (int)keyIndex, 1, ctx);
 	if (r < 0)
 		goto out;

@@ -983,7 +967,7 @@ static int LUKS_open_key(unsigned int keyIndex,
 	size_t AFEKSize;
 	int r;

-	log_dbg("Trying to open key slot %d [%s].", keyIndex,
+	log_dbg(ctx, "Trying to open key slot %d [%s].", keyIndex,
 		dbg_slot_state(ki));

 	if (ki < CRYPT_SLOT_ACTIVE)
@@ -1008,7 +992,7 @@ static int LUKS_open_key(unsigned int keyIndex,
 	if (r < 0)
 		goto out;

-	log_dbg("Reading key slot %d area.", keyIndex);
+	log_dbg(ctx, "Reading key slot %d area.", keyIndex);
 	r = LUKS_decrypt_from_storage(AfKey,
 				      AFEKSize,
 				      hdr->cipherName, hdr->cipherMode,
@@ -1018,7 +1002,7 @@ static int LUKS_open_key(unsigned int keyIndex,
 	if (r < 0)
 		goto out;

-	r = AF_merge(AfKey,vk->key,vk->keylength,hdr->keyblock[keyIndex].stripes,hdr->hashSpec);
+	r = AF_merge(ctx, AfKey, vk->key, vk->keylength, hdr->keyblock[keyIndex].stripes, hdr->hashSpec);
 	if (r < 0)
 		goto out;

@@ -1076,7 +1060,7 @@ int LUKS_del_key(unsigned int keyIndex,
 	if (r)
 		return r;

-	r = LUKS_keyslot_set(hdr, keyIndex, 0);
+	r = LUKS_keyslot_set(hdr, keyIndex, 0, ctx);
 	if (r) {
 		log_err(ctx, _("Key slot %d is invalid, please select keyslot between 0 and %d."),
 			keyIndex, LUKS_NUMKEYS - 1);
@@ -1155,7 +1139,7 @@ int LUKS_keyslot_active_count(struct luks_phdr *hdr)
 	return num;
 }

-int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable)
+int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable, struct crypt_device *ctx)
 {
 	crypt_keyslot_info ki = LUKS_keyslot_info(hdr, keyslot);

@@ -1163,7 +1147,7 @@ int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable)
 		return -EINVAL;

 	hdr->keyblock[keyslot].active = enable ? LUKS_KEY_ENABLED : LUKS_KEY_DISABLED;
-	log_dbg("Key slot %d was %s in LUKS header.", keyslot, enable ? "enabled" : "disabled");
+	log_dbg(ctx, "Key slot %d was %s in LUKS header.", keyslot, enable ? "enabled" : "disabled");
 	return 0;
 }

@@ -1173,41 +1157,20 @@ int LUKS1_activate(struct crypt_device *cd,
 		   uint32_t flags)
 {
 	int r;
-	char *dm_cipher = NULL;
-	enum devcheck device_check;
 	struct crypt_dm_active_device dmd = {
-		.target = DM_CRYPT,
-		.uuid   = crypt_get_uuid(cd),
-		.flags  = flags,
-		.size   = 0,
-		.data_device = crypt_data_device(cd),
-		.u.crypt = {
-			.cipher = NULL,
-			.vk     = vk,
-			.offset = crypt_get_data_offset(cd),
-			.iv_offset = 0,
-			.sector_size = crypt_get_sector_size(cd),
-		}
+		.flags = flags,
+		.uuid = crypt_get_uuid(cd),
 	};

-	if (dmd.flags & CRYPT_ACTIVATE_SHARED)
-		device_check = DEV_SHARED;
-	else
-		device_check = DEV_EXCL;
+	r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd),
+			vk, crypt_get_cipher_spec(cd), crypt_get_iv_offset(cd),
+			crypt_get_data_offset(cd), crypt_get_integrity(cd),
+			crypt_get_integrity_tag_size(cd), crypt_get_sector_size(cd));
+	if (!r)
+		r = create_or_reload_device(cd, name, CRYPT_LUKS1, &dmd);

-	r = device_block_adjust(cd, dmd.data_device, device_check,
-				 dmd.u.crypt.offset, &dmd.size, &dmd.flags);
-	if (r)
-		return r;
+	dm_targets_free(cd, &dmd);

-	r = asprintf(&dm_cipher, "%s-%s", crypt_get_cipher(cd), crypt_get_cipher_mode(cd));
-	if (r < 0)
-		return -ENOMEM;
-
-	dmd.u.crypt.cipher = dm_cipher;
-	r = dm_create_device(cd, name, CRYPT_LUKS1, &dmd, 0);
-
-	free(dm_cipher);
 	return r;
 }

@@ -1229,7 +1192,7 @@ int LUKS_wipe_header_areas(struct luks_phdr *hdr,
 		wipe_block = 4096;
 	}

-	log_dbg("Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.",
+	log_dbg(ctx, "Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.",
 		offset, length + offset);

 	r = crypt_wipe_device(ctx, crypt_metadata_device(ctx), CRYPT_WIPE_ZERO,
@@ -1252,7 +1215,7 @@ int LUKS_wipe_header_areas(struct luks_phdr *hdr,
 		if (length == 0 || offset < 4096)
 			return -EINVAL;

-		log_dbg("Wiping keyslot %i area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.",
+		log_dbg(ctx, "Wiping keyslot %i area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.",
 			i, offset, length + offset);

 		r = crypt_wipe_device(ctx, crypt_metadata_device(ctx), CRYPT_WIPE_RANDOM,
@@ -1263,3 +1226,18 @@ int LUKS_wipe_header_areas(struct luks_phdr *hdr,

 	return r;
 }
+
+int LUKS_keyslot_pbkdf(struct luks_phdr *hdr, int keyslot, struct crypt_pbkdf_type *pbkdf)
+{
+	if (keyslot >= LUKS_NUMKEYS || keyslot < 0)
+		return -EINVAL;
+
+	pbkdf->type = CRYPT_KDF_PBKDF2;
+	pbkdf->hash = hdr->hashSpec;
+	pbkdf->iterations = hdr->keyblock[keyslot].passwordIterations;
+	pbkdf->max_memory_kb = 0;
+	pbkdf->parallel_threads = 0;
+	pbkdf->time_ms = 0;
+	pbkdf->flags = 0;
+	return 0;
+}
--- a/lib/luks1/luks.h
+++ b/lib/luks1/luks.h
@@ -1,8 +1,8 @@
 /*
 * LUKS - Linux Unified Key Setup
 *
- * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -107,17 +107,15 @@ int LUKS_check_cipher(struct crypt_device *ctx,
 		      const char *cipher,
 		      const char *cipher_mode);

-int LUKS_generate_phdr(
-	struct luks_phdr *header,
+int LUKS_generate_phdr(struct luks_phdr *header,
 	const struct volume_key *vk,
 	const char *cipherName,
 	const char *cipherMode,
 	const char *hashSpec,
 	const char *uuid,
-	unsigned int stripes,
-	unsigned int alignPayload,
-	unsigned int alignOffset,
-	int detached_metadata_device,
+	uint64_t data_offset,
+	uint64_t align_offset,
+	uint64_t required_alignment,
 	struct crypt_device *ctx);

 int LUKS_read_phdr(
@@ -177,13 +175,16 @@ int LUKS_wipe_header_areas(struct luks_phdr *hdr,
 crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
 int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
 int LUKS_keyslot_active_count(struct luks_phdr *hdr);
-int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable);
+int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable,
+		     struct crypt_device *ctx);
 int LUKS_keyslot_area(const struct luks_phdr *hdr,
 	int keyslot,
 	uint64_t *offset,
 	uint64_t *length);
 size_t LUKS_device_sectors(const struct luks_phdr *hdr);
 size_t LUKS_keyslots_offset(const struct luks_phdr *hdr);
+int LUKS_keyslot_pbkdf(struct luks_phdr *hdr, int keyslot,
+		       struct crypt_pbkdf_type *pbkdf);

 int LUKS1_activate(struct crypt_device *cd,
 		   const char *name,
--- a/lib/luks2/luks2.h
+++ b/lib/luks2/luks2.h
@@ -1,8 +1,8 @@
 /*
 * LUKS - Linux Unified Key Setup v2
 *
- * Copyright (C) 2015-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2018, Milan Broz. All rights reserved.
+ * Copyright (C) 2015-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -125,13 +125,16 @@ struct luks2_keyslot_params {

 #define LUKS2_HDR_BIN_LEN sizeof(struct luks2_hdr_disk)

-#define LUKS2_HDR_DEFAULT_LEN 0x400000 /* 4 MiB */
+//#define LUKS2_DEFAULT_HDR_SIZE 0x400000  /* 4 MiB */
+#define LUKS2_DEFAULT_HDR_SIZE 0x1000000 /* 16 MiB */

 #define LUKS2_MAX_KEYSLOTS_SIZE 0x8000000 /* 128 MiB */

+#define LUKS2_HDR_OFFSET_MAX 0x400000 /* 4 MiB */
+
 /* Offsets for secondary header (for scan if primary header is corrupted). */
 #define LUKS2_HDR2_OFFSETS { 0x04000, 0x008000, 0x010000, 0x020000, \
-                             0x40000, 0x080000, 0x100000, 0x200000, 0x400000 }
+                             0x40000, 0x080000, 0x100000, 0x200000, LUKS2_HDR_OFFSET_MAX }

 int LUKS2_hdr_version_unlocked(struct crypt_device *cd,
 	const char *backup_file);
@@ -150,7 +153,7 @@ int LUKS2_hdr_labels(struct crypt_device *cd,
 	const char *subsystem,
 	int commit);

-void LUKS2_hdr_free(struct luks2_hdr *hdr);
+void LUKS2_hdr_free(struct crypt_device *cd, struct luks2_hdr *hdr);

 int LUKS2_hdr_backup(struct crypt_device *cd,
 		     struct luks2_hdr *hdr,
@@ -161,8 +164,9 @@ int LUKS2_hdr_restore(struct crypt_device *cd,

 uint64_t LUKS2_hdr_and_areas_size(json_object *jobj);
 uint64_t LUKS2_keyslots_size(json_object *jobj);
+uint64_t LUKS2_metadata_size(json_object *jobj);

-int LUKS2_keyslot_cipher_incompatible(struct crypt_device *cd);
+int LUKS2_keyslot_cipher_incompatible(struct crypt_device *cd, const char *cipher_spec);

 /*
 * Generic LUKS2 keyslot
@@ -261,9 +265,7 @@ int LUKS2_tokens_count(struct luks2_hdr *hdr);
 /*
 * Generic LUKS2 digest
 */
-int LUKS2_digest_by_segment(struct crypt_device *cd,
-	struct luks2_hdr *hdr,
-	int segment);
+int LUKS2_digest_by_segment(struct luks2_hdr *hdr, int segment);

 int LUKS2_digest_verify_by_segment(struct crypt_device *cd,
 	struct luks2_hdr *hdr,
@@ -295,9 +297,7 @@ int LUKS2_digest_segment_assign(struct crypt_device *cd,
 	int assign,
 	int commit);

-int LUKS2_digest_by_keyslot(struct crypt_device *cd,
-	struct luks2_hdr *hdr,
-	int keyslot);
+int LUKS2_digest_by_keyslot(struct luks2_hdr *hdr, int keyslot);

 int LUKS2_digest_create(struct crypt_device *cd,
 	const char *type,
@@ -327,9 +327,14 @@ int LUKS2_generate_hdr(
 	const char *integrity,
 	const char *uuid,
 	unsigned int sector_size,
-	unsigned int alignPayload,
-	unsigned int alignOffset,
-	int detached_metadata_device);
+	uint64_t data_offset,
+	uint64_t align_offset,
+	uint64_t required_alignment,
+	uint64_t metadata_size,
+	uint64_t keyslots_size);
+
+int LUKS2_check_metadata_area_size(uint64_t metadata_size);
+int LUKS2_check_keyslots_area_size(uint64_t keyslots_size);

 int LUKS2_wipe_header_areas(struct crypt_device *cd,
 	struct luks2_hdr *hdr);
@@ -339,11 +344,10 @@ int LUKS2_get_sector_size(struct luks2_hdr *hdr);
 const char *LUKS2_get_cipher(struct luks2_hdr *hdr, int segment);
 const char *LUKS2_get_integrity(struct luks2_hdr *hdr, int segment);
 int LUKS2_keyslot_params_default(struct crypt_device *cd, struct luks2_hdr *hdr,
-	size_t key_size, struct luks2_keyslot_params *params);
-int LUKS2_get_keyslot_params(struct luks2_hdr *hdr, int keyslot,
-	struct luks2_keyslot_params *params);
+	 struct luks2_keyslot_params *params);
 int LUKS2_get_volume_key_size(struct luks2_hdr *hdr, int segment);
-int LUKS2_get_keyslot_key_size(struct luks2_hdr *hdr, int keyslot);
+int LUKS2_get_keyslot_stored_key_size(struct luks2_hdr *hdr, int keyslot);
+const char *LUKS2_get_keyslot_cipher(struct luks2_hdr *hdr, int keyslot, size_t *key_size);
 int LUKS2_keyslot_find_empty(struct luks2_hdr *hdr, const char *type);
 int LUKS2_keyslot_active_count(struct luks2_hdr *hdr, int segment);
 int LUKS2_keyslot_for_segment(struct luks2_hdr *hdr, int keyslot, int segment);
@@ -352,6 +356,8 @@ int LUKS2_keyslot_area(struct luks2_hdr *hdr,
 	int keyslot,
 	uint64_t *offset,
 	uint64_t *length);
+int LUKS2_keyslot_pbkdf(struct luks2_hdr *hdr, int keyslot, struct crypt_pbkdf_type *pbkdf);
+
 /*
 * Permanent activation flags stored in header
 */
--- a/lib/luks2/luks2_digest.c
+++ b/lib/luks2/luks2_digest.c
@@ -1,8 +1,8 @@
 /*
 * LUKS - Linux Unified Key Setup v2, digest handling
 *
- * Copyright (C) 2015-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2018, Milan Broz. All rights reserved.
+ * Copyright (C) 2015-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -86,14 +86,12 @@ int LUKS2_digest_create(struct crypt_device *cd,
 	if (digest < 0)
 		return -EINVAL;

-	log_dbg("Creating new digest %d (%s).", digest, type);
+	log_dbg(cd, "Creating new digest %d (%s).", digest, type);

 	return dh->store(cd, digest, vk->key, vk->keylength) ?: digest;
 }

-int LUKS2_digest_by_keyslot(struct crypt_device *cd,
-	struct luks2_hdr *hdr,
-	int keyslot)
+int LUKS2_digest_by_keyslot(struct luks2_hdr *hdr, int keyslot)
 {
 	char keyslot_name[16];
 	json_object *jobj_digests, *jobj_digest_keyslots;
@@ -120,18 +118,18 @@ int LUKS2_digest_verify(struct crypt_device *cd,
 	const digest_handler *h;
 	int digest, r;

-	digest = LUKS2_digest_by_keyslot(cd, hdr, keyslot);
+	digest = LUKS2_digest_by_keyslot(hdr, keyslot);
 	if (digest < 0)
 		return digest;

-	log_dbg("Verifying key from keyslot %d, digest %d.", keyslot, digest);
+	log_dbg(cd, "Verifying key from keyslot %d, digest %d.", keyslot, digest);
 	h = LUKS2_digest_handler(cd, digest);
 	if (!h)
 		return -EINVAL;

 	r = h->verify(cd, digest, vk->key, vk->keylength);
 	if (r < 0) {
-		log_dbg("Digest %d (%s) verify failed with %d.", digest, h->name, r);
+		log_dbg(cd, "Digest %d (%s) verify failed with %d.", digest, h->name, r);
 		return r;
 	}

@@ -156,11 +154,11 @@ int LUKS2_digest_verify_by_segment(struct crypt_device *cd,
 	const digest_handler *h;
 	int digest, r;

-	digest = LUKS2_digest_by_segment(cd, hdr, segment);
+	digest = LUKS2_digest_by_segment(hdr, segment);
 	if (digest < 0)
 		return digest;

-	log_dbg("Verifying key digest %d.", digest);
+	log_dbg(cd, "Verifying key digest %d.", digest);

 	h = LUKS2_digest_handler(cd, digest);
 	if (!h)
@@ -168,7 +166,7 @@ int LUKS2_digest_verify_by_segment(struct crypt_device *cd,

 	r = h->verify(cd, digest, vk->key, vk->keylength);
 	if (r < 0) {
-		log_dbg("Digest %d (%s) verify failed with %d.", digest, h->name, r);
+		log_dbg(cd, "Digest %d (%s) verify failed with %d.", digest, h->name, r);
 		return r;
 	}

@@ -176,9 +174,7 @@ int LUKS2_digest_verify_by_segment(struct crypt_device *cd,
 }

 /* FIXME: segment can have more digests */
-int LUKS2_digest_by_segment(struct crypt_device *cd,
-	struct luks2_hdr *hdr,
-	int segment)
+int LUKS2_digest_by_segment(struct luks2_hdr *hdr, int segment)
 {
 	char segment_name[16];
 	json_object *jobj_digests, *jobj_digest_segments;
@@ -205,7 +201,7 @@ static int assign_one_digest(struct crypt_device *cd, struct luks2_hdr *hdr,
 	json_object *jobj1, *jobj_digest, *jobj_digest_keyslots;
 	char num[16];

-	log_dbg("Keyslot %i %s digest %i.", keyslot, assign ? "assigned to" : "unassigned from", digest);
+	log_dbg(cd, "Keyslot %i %s digest %i.", keyslot, assign ? "assigned to" : "unassigned from", digest);

 	jobj_digest = LUKS2_get_digest_jobj(hdr, digest);
 	if (!jobj_digest)
@@ -260,7 +256,7 @@ static int assign_one_segment(struct crypt_device *cd, struct luks2_hdr *hdr,
 	json_object *jobj1, *jobj_digest, *jobj_digest_segments;
 	char num[16];

-	log_dbg("Segment %i %s digest %i.", segment, assign ? "assigned to" : "unassigned from", digest);
+	log_dbg(cd, "Segment %i %s digest %i.", segment, assign ? "assigned to" : "unassigned from", digest);

 	jobj_digest = LUKS2_get_digest_jobj(hdr, digest);
 	if (!jobj_digest)
@@ -335,7 +331,7 @@ void LUKS2_digests_erase_unused(struct crypt_device *cd,

 	json_object_object_foreach(jobj_digests, key, val) {
 		if (digest_unused(val)) {
-			log_dbg("Erasing unused digest %d.", atoi(key));
+			log_dbg(cd, "Erasing unused digest %d.", atoi(key));
 			json_object_object_del(jobj_digests, key);
 		}
 	}
@@ -374,7 +370,7 @@ static char *get_key_description_by_digest(struct crypt_device *cd, int digest)
 int LUKS2_key_description_by_segment(struct crypt_device *cd,
 		struct luks2_hdr *hdr, struct volume_key *vk, int segment)
 {
-	char *desc = get_key_description_by_digest(cd, LUKS2_digest_by_segment(cd, hdr, segment));
+	char *desc = get_key_description_by_digest(cd, LUKS2_digest_by_segment(hdr, segment));
 	int r;

 	r = crypt_volume_key_set_description(vk, desc);
@@ -385,7 +381,7 @@ int LUKS2_key_description_by_segment(struct crypt_device *cd,
 int LUKS2_volume_key_load_in_keyring_by_keyslot(struct crypt_device *cd,
 		struct luks2_hdr *hdr, struct volume_key *vk, int keyslot)
 {
-	char *desc = get_key_description_by_digest(cd, LUKS2_digest_by_keyslot(cd, hdr, keyslot));
+	char *desc = get_key_description_by_digest(cd, LUKS2_digest_by_keyslot(hdr, keyslot));
 	int r;

 	r = crypt_volume_key_set_description(vk, desc);
--- a/lib/luks2/luks2_digest_pbkdf2.c
+++ b/lib/luks2/luks2_digest_pbkdf2.c
@@ -1,8 +1,8 @@
 /*
 * LUKS - Linux Unified Key Setup v2, PBKDF2 digest handler (LUKS1 compatible)
 *
- * Copyright (C) 2015-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2018, Milan Broz. All rights reserved.
+ * Copyright (C) 2015-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -94,18 +94,25 @@ static int PBKDF2_digest_store(struct crypt_device *cd,
 	size_t volume_key_len)
 {
 	json_object *jobj_digest, *jobj_digests;
-	char salt[LUKS_SALTSIZE], digest_raw[128], num[16];
+	char salt[LUKS_SALTSIZE], digest_raw[128];
 	int hmac_size, r;
 	char *base64_str;
 	struct luks2_hdr *hdr;
 	struct crypt_pbkdf_limits pbkdf_limits;
+	const struct crypt_pbkdf_type *pbkdf_cd;
 	struct crypt_pbkdf_type pbkdf = {
 		.type = CRYPT_KDF_PBKDF2,
-		.hash = "sha256",
 		.time_ms = LUKS_MKD_ITERATIONS_MS,
 	};

-	log_dbg("Setting PBKDF2 type key digest %d.", digest);
+	/* Inherit hash from PBKDF setting */
+	pbkdf_cd = crypt_get_pbkdf_type(cd);
+	if (pbkdf_cd)
+		pbkdf.hash = pbkdf_cd->hash;
+	if (!pbkdf.hash)
+		pbkdf.hash = DEFAULT_LUKS1_HASH;
+
+	log_dbg(cd, "Setting PBKDF2 type key digest %d.", digest);

 	r = crypt_random_get(cd, salt, LUKS_SALTSIZE, CRYPT_RND_SALT);
 	if (r < 0)
@@ -163,12 +170,10 @@ static int PBKDF2_digest_store(struct crypt_device *cd,
 	json_object_object_add(jobj_digest, "digest", json_object_new_string(base64_str));
 	free(base64_str);

-	if (jobj_digests) {
-		snprintf(num, sizeof(num), "%d", digest);
-		json_object_object_add(jobj_digests, num, jobj_digest);
-	}
+	if (jobj_digests)
+		json_object_object_add_by_uint(jobj_digests, digest, jobj_digest);

-	JSON_DBG(jobj_digest, "Digest JSON");
+	JSON_DBG(cd, jobj_digest, "Digest JSON:");
 	return 0;
 }

--- a/lib/luks2/luks2_disk_metadata.c
+++ b/lib/luks2/luks2_disk_metadata.c
@@ -1,8 +1,8 @@
 /*
 * LUKS - Linux Unified Key Setup v2
 *
- * Copyright (C) 2015-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2018, Milan Broz. All rights reserved.
+ * Copyright (C) 2015-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -26,34 +26,37 @@
 /*
 * Helper functions
 */
-json_object *parse_json_len(const char *json_area, int length, int *end_offset)
+json_object *parse_json_len(struct crypt_device *cd, const char *json_area,
+			    uint64_t max_length, int *json_len)
 {
 	json_object *jobj;
 	struct json_tokener *jtok;

-	if (!json_area || length <= 0)
+	 /* INT32_MAX is internal (json-c) json_tokener_parse_ex() limit */
+	if (!json_area || max_length > INT32_MAX)
 		return NULL;

 	jtok = json_tokener_new();
 	if (!jtok) {
-		log_dbg("ERROR: Failed to init json tokener");
+		log_dbg(cd, "ERROR: Failed to init json tokener");
 		return NULL;
 	}

-	jobj = json_tokener_parse_ex(jtok, json_area, length);
+	jobj = json_tokener_parse_ex(jtok, json_area, max_length);
 	if (!jobj)
-		log_dbg("ERROR: Failed to parse json data (%d): %s",
+		log_dbg(cd, "ERROR: Failed to parse json data (%d): %s",
 			json_tokener_get_error(jtok),
 			json_tokener_error_desc(json_tokener_get_error(jtok)));
 	else
-		*end_offset = jtok->char_offset;
+		*json_len = jtok->char_offset;

 	json_tokener_free(jtok);

 	return jobj;
 }

-static void log_dbg_checksum(const uint8_t *csum, const char *csum_alg, const char *info)
+static void log_dbg_checksum(struct crypt_device *cd,
+			     const uint8_t *csum, const char *csum_alg, const char *info)
 {
 	char csum_txt[2*LUKS2_CHECKSUM_L+1];
 	int i;
@@ -62,7 +65,7 @@ static void log_dbg_checksum(const uint8_t *csum, const char *csum_alg, const ch
 		snprintf(&csum_txt[i*2], 3, "%02hhx", (const char)csum[i]);
 	csum_txt[i*2+1] = '\0'; /* Just to be safe, sprintf should write \0 there. */

-	log_dbg("Checksum:%s (%s)", &csum_txt[0], info);
+	log_dbg(cd, "Checksum:%s (%s)", &csum_txt[0], info);
 }

 /*
@@ -97,7 +100,8 @@ static int hdr_checksum_calculate(const char *alg, struct luks2_hdr_disk *hdr_di
 /*
 * Compare hash (checksum) of on-disk and in-memory header.
 */
-static int hdr_checksum_check(const char *alg, struct luks2_hdr_disk *hdr_disk,
+static int hdr_checksum_check(struct crypt_device *cd,
+			      const char *alg, struct luks2_hdr_disk *hdr_disk,
 			      const char *json_area, size_t json_len)
 {
 	struct luks2_hdr_disk hdr_tmp;
@@ -115,8 +119,8 @@ static int hdr_checksum_check(const char *alg, struct luks2_hdr_disk *hdr_disk,
 	if (r < 0)
 		return r;

-	log_dbg_checksum(hdr_disk->csum, alg, "on-disk");
-	log_dbg_checksum(hdr_tmp.csum, alg, "in-memory");
+	log_dbg_checksum(cd, hdr_disk->csum, alg, "on-disk");
+	log_dbg_checksum(cd, hdr_tmp.csum, alg, "in-memory");

 	if (memcmp(hdr_tmp.csum, hdr_disk->csum, (size_t)hash_size))
 		return -EINVAL;
@@ -186,7 +190,8 @@ static void hdr_to_disk(struct luks2_hdr *hdr,
 /*
 * Sanity checks before checksum is validated
 */
-static int hdr_disk_sanity_check_pre(struct luks2_hdr_disk *hdr,
+static int hdr_disk_sanity_check_pre(struct crypt_device *cd,
+				     struct luks2_hdr_disk *hdr,
 				     size_t *hdr_json_size, int secondary,
 				     uint64_t offset)
 {
@@ -194,19 +199,25 @@ static int hdr_disk_sanity_check_pre(struct luks2_hdr_disk *hdr,
 		return -EINVAL;

 	if (be16_to_cpu(hdr->version) != 2) {
-		log_dbg("Unsupported LUKS2 header version %u.", be16_to_cpu(hdr->version));
+		log_dbg(cd, "Unsupported LUKS2 header version %u.", be16_to_cpu(hdr->version));
 		return -EINVAL;
 	}

 	if (offset != be64_to_cpu(hdr->hdr_offset)) {
-		log_dbg("LUKS2 offset 0x%04x on device differs to expected offset 0x%04x.",
+		log_dbg(cd, "LUKS2 offset 0x%04x on device differs to expected offset 0x%04x.",
 			(unsigned)be64_to_cpu(hdr->hdr_offset), (unsigned)offset);
 		return -EINVAL;
 	}

+	if (secondary && (offset != be64_to_cpu(hdr->hdr_size))) {
+		log_dbg(cd, "LUKS2 offset 0x%04x in secondary header doesn't match size 0x%04x.",
+			(unsigned)offset, (unsigned)be64_to_cpu(hdr->hdr_size));
+		return -EINVAL;
+	}
+
 	/* FIXME: sanity check checksum alg. */

-	log_dbg("LUKS2 header version %u of size %u bytes, checksum %s.",
+	log_dbg(cd, "LUKS2 header version %u of size %u bytes, checksum %s.",
 		(unsigned)be16_to_cpu(hdr->version), (unsigned)be64_to_cpu(hdr->hdr_size),
 		hdr->checksum_alg);

@@ -217,16 +228,17 @@ static int hdr_disk_sanity_check_pre(struct luks2_hdr_disk *hdr,
 /*
 * Read LUKS2 header from disk at specific offset.
 */
-static int hdr_read_disk(struct device *device, struct luks2_hdr_disk *hdr_disk,
+static int hdr_read_disk(struct crypt_device *cd,
+			 struct device *device, struct luks2_hdr_disk *hdr_disk,
 			 char **json_area, uint64_t offset, int secondary)
 {
 	size_t hdr_json_size = 0;
 	int devfd = -1, r;

-	log_dbg("Trying to read %s LUKS2 header at offset 0x%" PRIx64 ".",
+	log_dbg(cd, "Trying to read %s LUKS2 header at offset 0x%" PRIx64 ".",
 		secondary ? "secondary" : "primary", offset);

-	devfd = device_open_locked(device, O_RDONLY);
+	devfd = device_open_locked(cd, device, O_RDONLY);
 	if (devfd < 0)
 		return devfd == -1 ? -EIO : devfd;

@@ -234,14 +246,14 @@ static int hdr_read_disk(struct device *device, struct luks2_hdr_disk *hdr_disk,
 	 * Read binary header and run sanity check before reading
 	 * JSON area and validating checksum.
 	 */
-	if (read_lseek_blockwise(devfd, device_block_size(device),
+	if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 				 device_alignment(device), hdr_disk,
 				 LUKS2_HDR_BIN_LEN, offset) != LUKS2_HDR_BIN_LEN) {
 		close(devfd);
 		return -EIO;
 	}

-	r = hdr_disk_sanity_check_pre(hdr_disk, &hdr_json_size, secondary, offset);
+	r = hdr_disk_sanity_check_pre(cd, hdr_disk, &hdr_json_size, secondary, offset);
 	if (r < 0) {
 		close(devfd);
 		return r;
@@ -256,7 +268,7 @@ static int hdr_read_disk(struct device *device, struct luks2_hdr_disk *hdr_disk,
 		return -ENOMEM;
 	}

-	if (read_lseek_blockwise(devfd, device_block_size(device),
+	if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 				 device_alignment(device), *json_area, hdr_json_size,
 				 offset + LUKS2_HDR_BIN_LEN) != (ssize_t)hdr_json_size) {
 		close(devfd);
@@ -270,9 +282,9 @@ static int hdr_read_disk(struct device *device, struct luks2_hdr_disk *hdr_disk,
 	/*
 	 * Calculate and validate checksum and zero it afterwards.
 	 */
-	if (hdr_checksum_check(hdr_disk->checksum_alg, hdr_disk,
+	if (hdr_checksum_check(cd, hdr_disk->checksum_alg, hdr_disk,
 				*json_area, hdr_json_size)) {
-		log_dbg("LUKS2 header checksum error (offset %" PRIu64 ").", offset);
+		log_dbg(cd, "LUKS2 header checksum error (offset %" PRIu64 ").", offset);
 		r = -EINVAL;
 	}
 	memset(hdr_disk->csum, 0, LUKS2_CHECKSUM_L);
@@ -283,20 +295,21 @@ static int hdr_read_disk(struct device *device, struct luks2_hdr_disk *hdr_disk,
 /*
 * Write LUKS2 header to disk at specific offset.
 */
-static int hdr_write_disk(struct device *device, struct luks2_hdr *hdr,
-		   const char *json_area, int secondary)
+static int hdr_write_disk(struct crypt_device *cd,
+			  struct device *device, struct luks2_hdr *hdr,
+			  const char *json_area, int secondary)
 {
 	struct luks2_hdr_disk hdr_disk;
 	uint64_t offset = secondary ? hdr->hdr_size : 0;
 	size_t hdr_json_len;
 	int devfd = -1, r;

-	log_dbg("Trying to write LUKS2 header (%zu bytes) at offset %" PRIu64 ".",
+	log_dbg(cd, "Trying to write LUKS2 header (%zu bytes) at offset %" PRIu64 ".",
 		hdr->hdr_size, offset);

 	/* FIXME: read-only device silent fail? */

-	devfd = device_open_locked(device, O_RDWR);
+	devfd = device_open_locked(cd, device, O_RDWR);
 	if (devfd < 0)
 		return devfd == -1 ? -EINVAL : devfd;

@@ -307,7 +320,7 @@ static int hdr_write_disk(struct device *device, struct luks2_hdr *hdr,
 	/*
 	 * Write header without checksum but with proper seqid.
 	 */
-	if (write_lseek_blockwise(devfd, device_block_size(device),
+	if (write_lseek_blockwise(devfd, device_block_size(cd, device),
 				  device_alignment(device), (char *)&hdr_disk,
 				  LUKS2_HDR_BIN_LEN, offset) < (ssize_t)LUKS2_HDR_BIN_LEN) {
 		close(devfd);
@@ -317,7 +330,7 @@ static int hdr_write_disk(struct device *device, struct luks2_hdr *hdr,
 	/*
 	 * Write json area.
 	 */
-	if (write_lseek_blockwise(devfd, device_block_size(device),
+	if (write_lseek_blockwise(devfd, device_block_size(cd, device),
 				  device_alignment(device),
 				  CONST_CAST(char*)json_area, hdr_json_len,
 				  LUKS2_HDR_BIN_LEN + offset) < (ssize_t)hdr_json_len) {
@@ -334,44 +347,18 @@ static int hdr_write_disk(struct device *device, struct luks2_hdr *hdr,
 		close(devfd);
 		return r;
 	}
-	log_dbg_checksum(hdr_disk.csum, hdr_disk.checksum_alg, "in-memory");
+	log_dbg_checksum(cd, hdr_disk.csum, hdr_disk.checksum_alg, "in-memory");

-	if (write_lseek_blockwise(devfd, device_block_size(device),
+	if (write_lseek_blockwise(devfd, device_block_size(cd, device),
 				  device_alignment(device), (char *)&hdr_disk,
 				  LUKS2_HDR_BIN_LEN, offset) < (ssize_t)LUKS2_HDR_BIN_LEN)
 		r = -EIO;

-	device_sync(device, devfd);
+	device_sync(cd, device, devfd);
 	close(devfd);
 	return r;
 }

-static int LUKS2_check_device_size(struct crypt_device *cd, struct device *device,
-				   uint64_t hdr_size, int falloc)
-{
-	uint64_t dev_size;
-
-	if (device_size(device, &dev_size)) {
-		log_dbg("Cannot get device size for device %s.", device_path(device));
-		return -EIO;
-	}
-
-	log_dbg("Device size %" PRIu64 ", header size %"
-		PRIu64 ".", dev_size, hdr_size);
-
-	if (hdr_size > dev_size) {
-		/* If it is header file, increase its size */
-		if (falloc && !device_fallocate(device, hdr_size))
-			return 0;
-
-		log_err(cd, _("Device %s is too small. (LUKS2 requires at least %" PRIu64 " bytes.)"),
-			device_path(device), hdr_size);
-		return -EINVAL;
-	}
-
-	return 0;
-}
-
 /*
 * Convert in-memory LUKS2 header and write it to disk.
 * This will increase sequence id, write both header copies and calculate checksum.
@@ -384,16 +371,11 @@ int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr, struct
 	int r;

 	if (hdr->version != 2) {
-		log_dbg("Unsupported LUKS2 header version (%u).", hdr->version);
+		log_dbg(cd, "Unsupported LUKS2 header version (%u).", hdr->version);
 		return -EINVAL;
 	}

-	if (hdr->hdr_size != LUKS2_HDR_16K_LEN) {
-		log_dbg("Unsupported LUKS2 header size (%zu).", hdr->hdr_size);
-		return -EINVAL;
-	}
-
-	r = LUKS2_check_device_size(cd, crypt_metadata_device(cd), LUKS2_hdr_and_areas_size(hdr->jobj), 1);
+	r = device_check_size(cd, crypt_metadata_device(cd), LUKS2_hdr_and_areas_size(hdr->jobj), 1);
 	if (r)
 		return r;

@@ -412,12 +394,12 @@ int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr, struct
 	json_text = json_object_to_json_string_ext(hdr->jobj,
 			JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE);
 	if (!json_text || !*json_text) {
-		log_dbg("Cannot parse JSON object to text representation.");
+		log_dbg(cd, "Cannot parse JSON object to text representation.");
 		free(json_area);
 		return -ENOMEM;
 	}
 	if (strlen(json_text) > (json_area_len - 1)) {
-		log_dbg("JSON is too large (%zu > %zu).", strlen(json_text), json_area_len);
+		log_dbg(cd, "JSON is too large (%zu > %zu).", strlen(json_text), json_area_len);
 		free(json_area);
 		return -EINVAL;
 	}
@@ -434,95 +416,96 @@ int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr, struct
 	}

 	/* Write primary and secondary header */
-	r = hdr_write_disk(device, hdr, json_area, 0);
+	r = hdr_write_disk(cd, device, hdr, json_area, 0);
 	if (!r)
-		r = hdr_write_disk(device, hdr, json_area, 1);
+		r = hdr_write_disk(cd, device, hdr, json_area, 1);

 	if (r)
-		log_dbg("LUKS2 header write failed (%d).", r);
+		log_dbg(cd, "LUKS2 header write failed (%d).", r);

-	device_write_unlock(device);
+	device_write_unlock(cd, device);

 	/* FIXME: try recovery here? */

 	free(json_area);
 	return r;
 }
-
-static int validate_json_area(const char *json_area, int start, int length)
+static int validate_json_area(struct crypt_device *cd, const char *json_area,
+			      uint64_t json_len, uint64_t max_length)
 {
 	char c;

 	/* Enforce there are no needless opening bytes */
 	if (*json_area != '{') {
-		log_dbg("ERROR: Opening character must be left curly bracket: '{'.");
+		log_dbg(cd, "ERROR: Opening character must be left curly bracket: '{'.");
 		return -EINVAL;
 	}

-	if (start >= length) {
-		log_dbg("ERROR: Missing trailing null byte beyond parsed json data string.");
+	if (json_len >= max_length) {
+		log_dbg(cd, "ERROR: Missing trailing null byte beyond parsed json data string.");
 		return -EINVAL;
 	}

 	/*
 	 * TODO:
 	 *	validate there are legal json format characters between
-	 *	'json_area' and 'json_area + start'
+	 *	'json_area' and 'json_area + json_len'
 	 */

 	do {
-		c = *(json_area + start);
+		c = *(json_area + json_len);
 		if (c != '\0') {
-			log_dbg("ERROR: Forbidden ascii code 0x%02hhx found beyond json data string at offset %d.",
-				c, start);
+			log_dbg(cd, "ERROR: Forbidden ascii code 0x%02hhx found beyond json data string at offset %" PRIu64,
+				c, json_len);
 			return -EINVAL;
 		}
-	} while (++start < length);
+	} while (++json_len < max_length);

 	return 0;
 }

-static int validate_luks2_json_object(json_object *jobj_hdr)
+static int validate_luks2_json_object(struct crypt_device *cd, json_object *jobj_hdr, uint64_t length)
 {
 	int r;

 	/* we require top level object to be of json_type_object */
 	r = !json_object_is_type(jobj_hdr, json_type_object);
 	if (r) {
-		log_dbg("ERROR: Resulting object is not a json object type");
+		log_dbg(cd, "ERROR: Resulting object is not a json object type");
 		return r;
 	}

-	r = LUKS2_hdr_validate(jobj_hdr);
+	r = LUKS2_hdr_validate(cd, jobj_hdr, length);
 	if (r) {
-		log_dbg("Repairing JSON metadata.");
+		log_dbg(cd, "Repairing JSON metadata.");
 		/* try to correct known glitches */
-		LUKS2_hdr_repair(jobj_hdr);
+		LUKS2_hdr_repair(cd, jobj_hdr);

 		/* run validation again */
-		r = LUKS2_hdr_validate(jobj_hdr);
+		r = LUKS2_hdr_validate(cd, jobj_hdr, length);
 	}

 	if (r)
-		log_dbg("ERROR: LUKS2 validation failed");
+		log_dbg(cd, "ERROR: LUKS2 validation failed");

 	return r;
 }

-static json_object *parse_and_validate_json(const char *json_area, int length)
+static json_object *parse_and_validate_json(struct crypt_device *cd,
+					    const char *json_area, uint64_t max_length)
 {
-	int offset, r;
-	json_object *jobj = parse_json_len(json_area, length, &offset);
+	int json_len, r;
+	json_object *jobj = parse_json_len(cd, json_area, max_length, &json_len);

 	if (!jobj)
 		return NULL;

 	/* successful parse_json_len must not return offset <= 0 */
-	assert(offset > 0);
+	assert(json_len > 0);

-	r = validate_json_area(json_area, offset, length);
+	r = validate_json_area(cd, json_area, json_len, max_length);
 	if (!r)
-		r = validate_luks2_json_object(jobj);
+		r = validate_luks2_json_object(cd, jobj, max_length);

 	if (r) {
 		json_object_put(jobj);
@@ -532,19 +515,19 @@ static json_object *parse_and_validate_json(const char *json_area, int length)
 	return jobj;
 }

-static int detect_device_signatures(const char *path)
+static int detect_device_signatures(struct crypt_device *cd, const char *path)
 {
 	blk_probe_status prb_state;
 	int r;
 	struct blkid_handle *h;

 	if (!blk_supported()) {
-		log_dbg("Blkid probing of device signatures disabled.");
+		log_dbg(cd, "Blkid probing of device signatures disabled.");
 		return 0;
 	}

 	if ((r = blk_init_by_path(&h, path))) {
-		log_dbg("Failed to initialize blkid_handle by path.");
+		log_dbg(cd, "Failed to initialize blkid_handle by path.");
 		return -EINVAL;
 	}

@@ -558,22 +541,22 @@ static int detect_device_signatures(const char *path)

 	switch (prb_state) {
 	case PRB_AMBIGUOUS:
-		log_dbg("Blkid probe couldn't decide device type unambiguously.");
+		log_dbg(cd, "Blkid probe couldn't decide device type unambiguously.");
 		/* fall through */
 	case PRB_FAIL:
-		log_dbg("Blkid probe failed.");
+		log_dbg(cd, "Blkid probe failed.");
 		r = -EINVAL;
 		break;
 	case PRB_OK: /* crypto_LUKS type is filtered out */
 		r = -EINVAL;

 		if (blk_is_partition(h))
-			log_dbg("Blkid probe detected partition type '%s'", blk_get_partition_type(h));
+			log_dbg(cd, "Blkid probe detected partition type '%s'", blk_get_partition_type(h));
 		else if (blk_is_superblock(h))
-			log_dbg("blkid probe detected superblock type '%s'", blk_get_superblock_type(h));
+			log_dbg(cd, "blkid probe detected superblock type '%s'", blk_get_superblock_type(h));
 		break;
 	case PRB_EMPTY:
-		log_dbg("Blkid probe detected no foreign device signature.");
+		log_dbg(cd, "Blkid probe detected no foreign device signature.");
 	}
 	blk_free(h);
 	return r;
@@ -598,16 +581,16 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
 	/* Skip auto-recovery if locks are disabled and we're not doing LUKS2 explicit repair */
 	if (do_recovery && do_blkprobe && !crypt_metadata_locking_enabled()) {
 		do_recovery = 0;
-		log_dbg("Disabling header auto-recovery due to locking being disabled.");
+		log_dbg(cd, "Disabling header auto-recovery due to locking being disabled.");
 	}

 	/*
 	 * Read primary LUKS2 header (offset 0).
 	 */
 	state_hdr1 = HDR_FAIL;
-	r = hdr_read_disk(device, &hdr_disk1, &json_area1, 0, 0);
+	r = hdr_read_disk(cd, device, &hdr_disk1, &json_area1, 0, 0);
 	if (r == 0) {
-		jobj_hdr1 = parse_and_validate_json(json_area1, be64_to_cpu(hdr_disk1.hdr_size) - LUKS2_HDR_BIN_LEN);
+		jobj_hdr1 = parse_and_validate_json(cd, json_area1, be64_to_cpu(hdr_disk1.hdr_size) - LUKS2_HDR_BIN_LEN);
 		state_hdr1 = jobj_hdr1 ? HDR_OK : HDR_OBSOLETE;
 	} else if (r == -EIO)
 		state_hdr1 = HDR_FAIL_IO;
@@ -617,9 +600,9 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
 	 */
 	state_hdr2 = HDR_FAIL;
 	if (state_hdr1 != HDR_FAIL && state_hdr1 != HDR_FAIL_IO) {
-		r = hdr_read_disk(device, &hdr_disk2, &json_area2, be64_to_cpu(hdr_disk1.hdr_size), 1);
+		r = hdr_read_disk(cd, device, &hdr_disk2, &json_area2, be64_to_cpu(hdr_disk1.hdr_size), 1);
 		if (r == 0) {
-			jobj_hdr2 = parse_and_validate_json(json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN);
+			jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN);
 			state_hdr2 = jobj_hdr2 ? HDR_OK : HDR_OBSOLETE;
 		} else if (r == -EIO)
 			state_hdr2 = HDR_FAIL_IO;
@@ -628,10 +611,10 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
 		 * No header size, check all known offsets.
 		 */
 		for (r = -EINVAL,i = 0; r < 0 && i < ARRAY_SIZE(hdr2_offsets); i++)
-			r = hdr_read_disk(device, &hdr_disk2, &json_area2, hdr2_offsets[i], 1);
+			r = hdr_read_disk(cd, device, &hdr_disk2, &json_area2, hdr2_offsets[i], 1);

 		if (r == 0) {
-			jobj_hdr2 = parse_and_validate_json(json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN);
+			jobj_hdr2 = parse_and_validate_json(cd, json_area2, be64_to_cpu(hdr_disk2.hdr_size) - LUKS2_HDR_BIN_LEN);
 			state_hdr2 = jobj_hdr2 ? HDR_OK : HDR_OBSOLETE;
 		} else if (r == -EIO)
 			state_hdr2 = HDR_FAIL_IO;
@@ -657,7 +640,7 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
 		goto err;
 	}

-	r = LUKS2_check_device_size(cd, device, hdr_size, 0);
+	r = device_check_size(cd, device, hdr_size, 0);
 	if (r)
 		goto err;

@@ -665,9 +648,9 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
 	 * Try to rewrite (recover) bad header. Always regenerate salt for bad header.
 	 */
 	if (state_hdr1 == HDR_OK && state_hdr2 != HDR_OK) {
-		log_dbg("Secondary LUKS2 header requires recovery.");
+		log_dbg(cd, "Secondary LUKS2 header requires recovery.");

-		if (do_blkprobe && (r = detect_device_signatures(device_path(device)))) {
+		if (do_blkprobe && (r = detect_device_signatures(cd, device_path(device)))) {
 			log_err(cd, _("Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
 				      "Please run \"cryptsetup repair\" for recovery."));
 			goto err;
@@ -675,20 +658,20 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,

 		if (do_recovery) {
 			memcpy(&hdr_disk2, &hdr_disk1, LUKS2_HDR_BIN_LEN);
-			r = crypt_random_get(NULL, (char*)hdr_disk2.salt, sizeof(hdr_disk2.salt), CRYPT_RND_SALT);
+			r = crypt_random_get(cd, (char*)hdr_disk2.salt, sizeof(hdr_disk2.salt), CRYPT_RND_SALT);
 			if (r)
-				log_dbg("Cannot generate master salt.");
+				log_dbg(cd, "Cannot generate master salt.");
 			else {
 				hdr_from_disk(&hdr_disk1, &hdr_disk2, hdr, 0);
-				r = hdr_write_disk(device, hdr, json_area1, 1);
+				r = hdr_write_disk(cd, device, hdr, json_area1, 1);
 			}
 			if (r)
-				log_dbg("Secondary LUKS2 header recovery failed.");
+				log_dbg(cd, "Secondary LUKS2 header recovery failed.");
 		}
 	} else if (state_hdr1 != HDR_OK && state_hdr2 == HDR_OK) {
-		log_dbg("Primary LUKS2 header requires recovery.");
+		log_dbg(cd, "Primary LUKS2 header requires recovery.");

-		if (do_blkprobe && (r = detect_device_signatures(device_path(device)))) {
+		if (do_blkprobe && (r = detect_device_signatures(cd, device_path(device)))) {
 			log_err(cd, _("Device contains ambiguous signatures, cannot auto-recover LUKS2.\n"
 				      "Please run \"cryptsetup repair\" for recovery."));
 			goto err;
@@ -696,15 +679,15 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,

 		if (do_recovery) {
 			memcpy(&hdr_disk1, &hdr_disk2, LUKS2_HDR_BIN_LEN);
-			r = crypt_random_get(NULL, (char*)hdr_disk1.salt, sizeof(hdr_disk1.salt), CRYPT_RND_SALT);
+			r = crypt_random_get(cd, (char*)hdr_disk1.salt, sizeof(hdr_disk1.salt), CRYPT_RND_SALT);
 			if (r)
-				log_dbg("Cannot generate master salt.");
+				log_dbg(cd, "Cannot generate master salt.");
 			else {
 				hdr_from_disk(&hdr_disk2, &hdr_disk1, hdr, 1);
-				r = hdr_write_disk(device, hdr, json_area2, 0);
+				r = hdr_write_disk(cd, device, hdr, json_area2, 0);
 			}
 			if (r)
-				log_dbg("Primary LUKS2 header recovery failed.");
+				log_dbg(cd, "Primary LUKS2 header recovery failed.");
 		}
 	}

@@ -736,7 +719,7 @@ int LUKS2_disk_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr,
 	 */
 	return 0;
 err:
-	log_dbg("LUKS2 header read failed (%d).", r);
+	log_dbg(cd, "LUKS2 header read failed (%d).", r);

 	free(json_area1);
 	free(json_area2);
@@ -757,7 +740,7 @@ int LUKS2_hdr_version_unlocked(struct crypt_device *cd, const char *backup_file)

 	if (!backup_file)
 		device = crypt_metadata_device(cd);
-	else if (device_alloc(&device, backup_file) < 0)
+	else if (device_alloc(cd, &device, backup_file) < 0)
 		return 0;

 	if (!device)
@@ -771,7 +754,7 @@ int LUKS2_hdr_version_unlocked(struct crypt_device *cd, const char *backup_file)
 	if (devfd < 0)
 		goto err;

-	if ((read_lseek_blockwise(devfd, device_block_size(device),
+	if ((read_lseek_blockwise(devfd, device_block_size(cd, device),
 	     device_alignment(device), &hdr, sizeof(hdr), 0) == sizeof(hdr)) &&
 	    !memcmp(hdr.magic, LUKS2_MAGIC_1ST, LUKS2_MAGIC_L))
 		r = (int)be16_to_cpu(hdr.version);
@@ -780,7 +763,7 @@ err:
 		close(devfd);

 	if (backup_file)
-		device_free(device);
+		device_free(cd, device);

 	return r;
 }
--- a/lib/luks2/luks2_internal.h
+++ b/lib/luks2/luks2_internal.h
@@ -1,8 +1,8 @@
 /*
 * LUKS - Linux Unified Key Setup v2
 *
- * Copyright (C) 2015-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2018, Milan Broz. All rights reserved.
+ * Copyright (C) 2015-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -58,32 +58,37 @@ json_object *LUKS2_get_tokens_jobj(struct luks2_hdr *hdr);
 void hexprint_base64(struct crypt_device *cd, json_object *jobj,
 		     const char *sep, const char *line_sep);

-json_object *parse_json_len(const char *json_area, int length, int *end_offset);
+json_object *parse_json_len(struct crypt_device *cd, const char *json_area,
+			    uint64_t max_length, int *json_len);
 uint64_t json_object_get_uint64(json_object *jobj);
 uint32_t json_object_get_uint32(json_object *jobj);
 json_object *json_object_new_uint64(uint64_t value);
+int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val);
+void json_object_object_del_by_uint(json_object *jobj, unsigned key);

-void JSON_DBG(json_object *jobj, const char *desc);
+void JSON_DBG(struct crypt_device *cd, json_object *jobj, const char *desc);

 /*
 * LUKS2 JSON validation
 */

 /* validation helper */
-json_object *json_contains(json_object *jobj, const char *name, const char *section,
-		      const char *key, json_type type);
+json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name,
+			   const char *section, const char *key, json_type type);

-int LUKS2_hdr_validate(json_object *hdr_jobj);
-int LUKS2_keyslot_validate(json_object *hdr_jobj, json_object *hdr_keyslot, const char *key);
-int LUKS2_check_json_size(const struct luks2_hdr *hdr);
-int LUKS2_token_validate(json_object *hdr_jobj, json_object *jobj_token, const char *key);
+int LUKS2_hdr_validate(struct crypt_device *cd, json_object *hdr_jobj, uint64_t json_size);
+int LUKS2_keyslot_validate(struct crypt_device *cd, json_object *hdr_jobj,
+			   json_object *hdr_keyslot, const char *key);
+int LUKS2_check_json_size(struct crypt_device *cd, const struct luks2_hdr *hdr);
+int LUKS2_token_validate(struct crypt_device *cd, json_object *hdr_jobj,
+			 json_object *jobj_token, const char *key);
 void LUKS2_token_dump(struct crypt_device *cd, int token);

 /*
 * LUKS2 JSON repair for known glitches
 */
-void LUKS2_hdr_repair(json_object *jobj_hdr);
-void LUKS2_keyslots_repair(json_object *jobj_hdr);
+void LUKS2_hdr_repair(struct crypt_device *cd, json_object *jobj_hdr);
+void LUKS2_keyslots_repair(struct crypt_device *cd, json_object *jobj_hdr);

 /*
 * JSON array helpers
@@ -122,7 +127,7 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
 	size_t volume_key_len);

 /* validate all keyslot implementations in hdr json */
-int LUKS2_keyslots_validate(json_object *hdr_jobj);
+int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj);

 typedef struct  {
 	const char *name;
--- a/lib/luks2/luks2_json_format.c
+++ b/lib/luks2/luks2_json_format.c
@@ -1,8 +1,8 @@
 /*
 * LUKS - Linux Unified Key Setup v2, LUKS2 header format code
 *
- * Copyright (C) 2015-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2018, Milan Broz. All rights reserved.
+ * Copyright (C) 2015-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -21,6 +21,7 @@

 #include "luks2_internal.h"
 #include <uuid/uuid.h>
+#include <assert.h>

 struct area {
 	uint64_t offset;
@@ -100,7 +101,7 @@ int LUKS2_find_area_gap(struct crypt_device *cd, struct luks2_hdr *hdr,
 		return -EINVAL;
 	}

-	log_dbg("Found area %zu -> %zu", offset, length + offset);
+	log_dbg(cd, "Found area %zu -> %zu", offset, length + offset);
 /*
 	log_dbg("Area offset min: %zu, max %zu, slots max %u",
 	       get_min_offset(hdr), get_max_offset(cd), LUKS2_KEYSLOTS_MAX);
@@ -114,6 +115,22 @@ int LUKS2_find_area_gap(struct crypt_device *cd, struct luks2_hdr *hdr,
 	return 0;
 }

+int LUKS2_check_metadata_area_size(uint64_t metadata_size)
+{
+	/* see LUKS2_HDR2_OFFSETS */
+	return (metadata_size != 0x004000 &&
+		metadata_size != 0x008000 && metadata_size != 0x010000 &&
+		metadata_size != 0x020000 && metadata_size != 0x040000 &&
+		metadata_size != 0x080000 && metadata_size != 0x100000 &&
+		metadata_size != 0x200000 && metadata_size != 0x400000);
+}
+
+int LUKS2_check_keyslots_area_size(uint64_t keyslots_size)
+{
+	return (MISALIGNED_4K(keyslots_size) ||
+		keyslots_size > LUKS2_MAX_KEYSLOTS_SIZE);
+}
+
 int LUKS2_generate_hdr(
 	struct crypt_device *cd,
 	struct luks2_hdr *hdr,
@@ -123,23 +140,71 @@ int LUKS2_generate_hdr(
 	const char *integrity,
 	const char *uuid,
 	unsigned int sector_size,  /* in bytes */
-	unsigned int alignPayload, /* in bytes */
-	unsigned int alignOffset,  /* in bytes */
-	int detached_metadata_device)
+	uint64_t data_offset,      /* in bytes */
+	uint64_t align_offset,     /* in bytes */
+	uint64_t required_alignment,
+	uint64_t metadata_size,
+	uint64_t keyslots_size)
 {
 	struct json_object *jobj_segment, *jobj_integrity, *jobj_keyslots, *jobj_segments, *jobj_config;
-	char num[24], cipher[128];
-	uint64_t offset, json_size, keyslots_size;
+	char cipher[128];
 	uuid_t partitionUuid;
 	int digest;

-	hdr->hdr_size = LUKS2_HDR_16K_LEN;
+	if (!metadata_size)
+		metadata_size = LUKS2_HDR_16K_LEN;
+	hdr->hdr_size = metadata_size;
+
+	if (data_offset && data_offset < get_min_offset(hdr)) {
+		log_err(cd, _("Requested data offset is too small."));
+		return -EINVAL;
+	}
+
+	/* Increase keyslot size according to data offset */
+	if (!keyslots_size && data_offset)
+		keyslots_size = data_offset - get_min_offset(hdr);
+
+	/* keyslots size has to be 4 KiB aligned */
+	keyslots_size -= (keyslots_size % 4096);
+
+	if (keyslots_size > LUKS2_MAX_KEYSLOTS_SIZE)
+		keyslots_size = LUKS2_MAX_KEYSLOTS_SIZE;
+
+	if (!keyslots_size) {
+		assert(LUKS2_DEFAULT_HDR_SIZE > 2 * LUKS2_HDR_OFFSET_MAX);
+		keyslots_size = LUKS2_DEFAULT_HDR_SIZE - get_min_offset(hdr);
+	}
+
+	/* Decrease keyslots_size if we have smaller data_offset */
+	if (data_offset && (keyslots_size + get_min_offset(hdr)) > data_offset) {
+		keyslots_size = data_offset - get_min_offset(hdr);
+		log_dbg(cd, "Decreasing keyslot area size to %" PRIu64
+			" bytes due to the requested data offset %"
+			PRIu64 " bytes.", keyslots_size, data_offset);
+	}
+
+	/* Data offset has priority */
+	if (!data_offset && required_alignment) {
+		data_offset = size_round_up(get_min_offset(hdr) + keyslots_size,
+					    (size_t)required_alignment);
+		data_offset += align_offset;
+	}
+
+	log_dbg(cd, "Formatting LUKS2 with JSON metadata area %" PRIu64
+		" bytes and keyslots area %" PRIu64 " bytes.",
+		metadata_size - LUKS2_HDR_BIN_LEN, keyslots_size);
+
+	if (keyslots_size < (LUKS2_HDR_OFFSET_MAX - 2*LUKS2_HDR_16K_LEN))
+		log_std(cd, _("WARNING: keyslots area (%" PRIu64 " bytes) is very small,"
+			" available LUKS2 keyslot count is very limited.\n"),
+			keyslots_size);
+
 	hdr->seqid = 1;
 	hdr->version = 2;
 	memset(hdr->label, 0, LUKS2_LABEL_L);
 	strcpy(hdr->checksum_alg, "sha256");
-	crypt_random_get(NULL, (char*)hdr->salt1, LUKS2_SALT_L, CRYPT_RND_SALT);
-	crypt_random_get(NULL, (char*)hdr->salt2, LUKS2_SALT_L, CRYPT_RND_SALT);
+	crypt_random_get(cd, (char*)hdr->salt1, LUKS2_SALT_L, CRYPT_RND_SALT);
+	crypt_random_get(cd, (char*)hdr->salt2, LUKS2_SALT_L, CRYPT_RND_SALT);

 	if (uuid && uuid_parse(uuid, partitionUuid) == -1) {
 		log_err(cd, _("Wrong LUKS UUID format provided."));
@@ -181,16 +246,7 @@ int LUKS2_generate_hdr(

 	jobj_segment = json_object_new_object();
 	json_object_object_add(jobj_segment, "type", json_object_new_string("crypt"));
-	if (detached_metadata_device)
-		offset = (uint64_t)alignPayload;
-	else {
-		//FIXME
-		//offset = size_round_up(areas[7].offset + areas[7].length, alignPayload * SECTOR_SIZE);
-		offset = size_round_up(LUKS2_HDR_DEFAULT_LEN, (size_t)alignPayload);
-		offset += alignOffset;
-	}
-
-	json_object_object_add(jobj_segment, "offset", json_object_new_uint64(offset));
+	json_object_object_add(jobj_segment, "offset", json_object_new_uint64(data_offset));
 	json_object_object_add(jobj_segment, "iv_tweak", json_object_new_string("0"));
 	json_object_object_add(jobj_segment, "size", json_object_new_string("dynamic"));
 	json_object_object_add(jobj_segment, "encryption", json_object_new_string(cipher));
@@ -204,29 +260,12 @@ int LUKS2_generate_hdr(
 		json_object_object_add(jobj_segment, "integrity", jobj_integrity);
 	}

-	snprintf(num, sizeof(num), "%u", CRYPT_DEFAULT_SEGMENT);
-	json_object_object_add(jobj_segments, num, jobj_segment);
-
-	json_size = hdr->hdr_size - LUKS2_HDR_BIN_LEN;
-	json_object_object_add(jobj_config, "json_size", json_object_new_uint64(json_size));
-
-	/* for detached metadata device compute reasonable keyslot areas size */
-	// FIXME: this is coupled with FIXME above
-	if (detached_metadata_device && !offset)
-		keyslots_size = LUKS2_HDR_DEFAULT_LEN - get_min_offset(hdr);
-	else
-		keyslots_size = offset - get_min_offset(hdr);
-
-	/* keep keyslots_size reasonable for custom data alignments */
-	if (keyslots_size > LUKS2_MAX_KEYSLOTS_SIZE)
-		keyslots_size = LUKS2_MAX_KEYSLOTS_SIZE;
-
-	/* keyslots size has to be 4 KiB aligned */
-	keyslots_size -= (keyslots_size % 4096);
+	json_object_object_add_by_uint(jobj_segments, CRYPT_DEFAULT_SEGMENT, jobj_segment);

+	json_object_object_add(jobj_config, "json_size", json_object_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN));
 	json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size));

-	JSON_DBG(hdr->jobj, "Header JSON");
+	JSON_DBG(cd, hdr->jobj, "Header JSON:");
 	return 0;
 }

@@ -242,7 +281,7 @@ int LUKS2_wipe_header_areas(struct crypt_device *cd,
 	length = LUKS2_get_data_offset(hdr) * SECTOR_SIZE;
 	wipe_block = 1024 * 1024;

-	if (LUKS2_hdr_validate(hdr->jobj))
+	if (LUKS2_hdr_validate(cd, hdr->jobj, hdr->hdr_size - LUKS2_HDR_BIN_LEN))
 		return -EINVAL;

 	/* On detached header wipe at least the first 4k */
@@ -251,7 +290,7 @@ int LUKS2_wipe_header_areas(struct crypt_device *cd,
 		wipe_block = 4096;
 	}

-	log_dbg("Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.",
+	log_dbg(cd, "Wiping LUKS areas (0x%06" PRIx64 " - 0x%06" PRIx64") with zeroes.",
 		offset, length + offset);

 	r = crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO,
@@ -264,7 +303,7 @@ int LUKS2_wipe_header_areas(struct crypt_device *cd,
 	offset = get_min_offset(hdr);
 	length = LUKS2_keyslots_size(hdr->jobj);

-	log_dbg("Wiping keyslots area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.",
+	log_dbg(cd, "Wiping keyslots area (0x%06" PRIx64 " - 0x%06" PRIx64") with random data.",
 		offset, length + offset);

 	return crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_RANDOM,
--- a/lib/luks2/luks2_json_metadata.c
+++ b/lib/luks2/luks2_json_metadata.c
--- a/lib/luks2/luks2_keyslot.c
+++ b/lib/luks2/luks2_keyslot.c
@@ -1,8 +1,8 @@
 /*
 * LUKS - Linux Unified Key Setup v2, keyslot handling
 *
- * Copyright (C) 2015-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2018, Milan Broz. All rights reserved.
+ * Copyright (C) 2015-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -83,11 +83,11 @@ int LUKS2_keyslot_for_segment(struct luks2_hdr *hdr, int keyslot, int segment)
 	if (segment == CRYPT_ANY_SEGMENT)
 		return 0;

-	keyslot_digest = LUKS2_digest_by_keyslot(NULL, hdr, keyslot);
+	keyslot_digest = LUKS2_digest_by_keyslot(hdr, keyslot);
 	if (keyslot_digest < 0)
 		return -EINVAL;

-	segment_digest = LUKS2_digest_by_segment(NULL, hdr, segment);
+	segment_digest = LUKS2_digest_by_segment(hdr, segment);
 	if (segment_digest < 0)
 		return segment_digest;

@@ -111,61 +111,101 @@ int LUKS2_keyslot_active_count(struct luks2_hdr *hdr, int segment)
 	return num;
 }

-int LUKS2_keyslot_cipher_incompatible(struct crypt_device *cd)
+int LUKS2_keyslot_cipher_incompatible(struct crypt_device *cd, const char *cipher_spec)
 {
-	const char *cipher = crypt_get_cipher(cd);
+	char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
+
+	if (!cipher_spec || !strcmp(cipher_spec, "null") || !strcmp(cipher_spec, "cipher_null"))
+		return 1;
+
+	if (crypt_parse_name_and_mode(cipher_spec, cipher, NULL, cipher_mode) < 0)
+		return 1;

 	/* Keyslot is already authenticated; we cannot use integrity tags here */
-	if (crypt_get_integrity_tag_size(cd) || !cipher)
+	if (crypt_get_integrity_tag_size(cd))
 		return 1;

 	/* Wrapped key schemes cannot be used for keyslot encryption */
-	if (crypt_cipher_wrapped_key(cipher))
+	if (crypt_cipher_wrapped_key(cipher, cipher_mode))
+		return 1;
+
+	/* Check if crypto backend can use the cipher */
+	if (crypt_cipher_ivsize(cipher, cipher_mode) < 0)
 		return 1;

 	return 0;
 }

 int LUKS2_keyslot_params_default(struct crypt_device *cd, struct luks2_hdr *hdr,
-	size_t key_size, struct luks2_keyslot_params *params)
+				 struct luks2_keyslot_params *params)
 {
-	int r, integrity_key_size = crypt_get_integrity_key_size(cd);
 	const struct crypt_pbkdf_type *pbkdf = crypt_get_pbkdf_type(cd);
+	const char *cipher_spec;
+	size_t key_size;
+	int r;

 	if (!hdr || !pbkdf || !params)
 		return -EINVAL;

-	params->af_type   = LUKS2_KEYSLOT_AF_LUKS1;
+	/*
+	 * set keyslot area encryption parameters
+	 */
 	params->area_type = LUKS2_KEYSLOT_AREA_RAW;
-
-	/* set keyslot AF parameters */
-	/* currently we use hash for AF from pbkdf settings */
-	r = snprintf(params->af.luks1.hash, sizeof(params->af.luks1.hash),
-		     "%s", pbkdf->hash);
-	if (r < 0 || (size_t)r >= sizeof(params->af.luks1.hash))
+	cipher_spec = crypt_keyslot_get_encryption(cd, CRYPT_ANY_SLOT, &key_size);
+	if (!cipher_spec || !key_size)
 		return -EINVAL;

-	params->af.luks1.stripes = 4000;
-
-	/* set keyslot area encryption parameters */
-	/* short circuit authenticated encryption hardcoded defaults */
-	if (LUKS2_keyslot_cipher_incompatible(cd) || key_size == 0) {
-		// FIXME: fixed cipher and key size can be wrong
-		snprintf(params->area.raw.encryption, sizeof(params->area.raw.encryption),
-			 "aes-xts-plain64");
-		params->area.raw.key_size = 32;
-		return 0;
-	}
-
-	r = snprintf(params->area.raw.encryption, sizeof(params->area.raw.encryption),
-		     "%s", LUKS2_get_cipher(hdr, CRYPT_DEFAULT_SEGMENT));
+	params->area.raw.key_size = key_size;
+	r = snprintf(params->area.raw.encryption, sizeof(params->area.raw.encryption), "%s", cipher_spec);
 	if (r < 0 || (size_t)r >= sizeof(params->area.raw.encryption))
 		return -EINVAL;

-	/* Slot encryption tries to use the same key size as for the main algorithm */
-	if ((size_t)integrity_key_size > key_size)
+	/*
+	 * set keyslot AF parameters
+	 */
+	params->af_type = LUKS2_KEYSLOT_AF_LUKS1;
+	/* currently we use hash for AF from pbkdf settings */
+	r = snprintf(params->af.luks1.hash, sizeof(params->af.luks1.hash), "%s", pbkdf->hash);
+	if (r < 0 || (size_t)r >= sizeof(params->af.luks1.hash))
 		return -EINVAL;
-	params->area.raw.key_size = key_size - integrity_key_size;
+	params->af.luks1.stripes = 4000;
+
+	return 0;
+}
+
+int LUKS2_keyslot_pbkdf(struct luks2_hdr *hdr, int keyslot, struct crypt_pbkdf_type *pbkdf)
+{
+	json_object *jobj_keyslot, *jobj_kdf, *jobj;
+
+	if (!hdr || !pbkdf)
+		return -EINVAL;
+
+	if (LUKS2_keyslot_info(hdr, keyslot) == CRYPT_SLOT_INVALID)
+		return -EINVAL;
+
+	jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
+	if (!jobj_keyslot)
+		return -ENOENT;
+
+	if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf))
+		return -EINVAL;
+
+	if (!json_object_object_get_ex(jobj_kdf, "type", &jobj))
+		return -EINVAL;
+
+	memset(pbkdf, 0, sizeof(*pbkdf));
+
+	pbkdf->type = json_object_get_string(jobj);
+	if (json_object_object_get_ex(jobj_kdf, "hash", &jobj))
+		pbkdf->hash = json_object_get_string(jobj);
+	if (json_object_object_get_ex(jobj_kdf, "iterations", &jobj))
+		pbkdf->iterations = json_object_get_int(jobj);
+	if (json_object_object_get_ex(jobj_kdf, "time", &jobj))
+		pbkdf->iterations = json_object_get_int(jobj);
+	if (json_object_object_get_ex(jobj_kdf, "memory", &jobj))
+		pbkdf->max_memory_kb = json_object_get_int(jobj);
+	if (json_object_object_get_ex(jobj_kdf, "cpus", &jobj))
+		pbkdf->parallel_threads = json_object_get_int(jobj);

 	return 0;
 }
@@ -173,7 +213,7 @@ int LUKS2_keyslot_params_default(struct crypt_device *cd, struct luks2_hdr *hdr,
 static int LUKS2_keyslot_unbound(struct luks2_hdr *hdr, int keyslot)
 {
 	json_object *jobj_digest, *jobj_segments;
-	int digest = LUKS2_digest_by_keyslot(NULL, hdr, keyslot);
+	int digest = LUKS2_digest_by_keyslot(hdr, keyslot);

 	if (digest < 0)
 		return 0;
@@ -251,20 +291,20 @@ static int LUKS2_open_and_verify(struct crypt_device *cd,

 	r = h->validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot));
 	if (r) {
-		log_dbg("Keyslot %d validation failed.", keyslot);
+		log_dbg(cd, "Keyslot %d validation failed.", keyslot);
 		return r;
 	}

 	r = LUKS2_keyslot_for_segment(hdr, keyslot, segment);
 	if (r) {
 		if (r == -ENOENT)
-			log_dbg("Keyslot %d unusable for segment %d.", keyslot, segment);
+			log_dbg(cd, "Keyslot %d unusable for segment %d.", keyslot, segment);
 		return r;
 	}

 	key_size = LUKS2_get_volume_key_size(hdr, segment);
 	if (key_size < 0)
-		key_size = LUKS2_get_keyslot_key_size(hdr, keyslot);
+		key_size = LUKS2_get_keyslot_stored_key_size(hdr, keyslot);
 	if (key_size < 0)
 		return -EINVAL;

@@ -274,7 +314,7 @@ static int LUKS2_open_and_verify(struct crypt_device *cd,

 	r = h->open(cd, keyslot, password, password_len, (*vk)->key, (*vk)->keylength);
 	if (r < 0)
-		log_dbg("Keyslot %d (%s) open failed with %d.", keyslot, h->name, r);
+		log_dbg(cd, "Keyslot %d (%s) open failed with %d.", keyslot, h->name, r);
 	else
 		r = LUKS2_digest_verify(cd, hdr, *vk, keyslot);

@@ -308,7 +348,7 @@ static int LUKS2_keyslot_open_priority(struct crypt_device *cd,

 		keyslot = atoi(slot);
 		if (slot_priority != priority) {
-			log_dbg("Keyslot %d priority %d != %d (required), skipped.",
+			log_dbg(cd, "Keyslot %d priority %d != %d (required), skipped.",
 				keyslot, slot_priority, priority);
 			continue;
 		}
@@ -384,14 +424,14 @@ int LUKS2_keyslot_store(struct crypt_device *cd,

 		r = h->update(cd, keyslot, params);
 		if (r) {
-			log_dbg("Failed to update keyslot %d json.", keyslot);
+			log_dbg(cd, "Failed to update keyslot %d json.", keyslot);
 			return r;
 		}
 	}

 	r = h->validate(cd, LUKS2_get_keyslot_jobj(hdr, keyslot));
 	if (r) {
-		log_dbg("Keyslot validation failed.");
+		log_dbg(cd, "Keyslot validation failed.");
 		return r;
 	}

@@ -406,7 +446,6 @@ int LUKS2_keyslot_wipe(struct crypt_device *cd,
 {
 	struct device *device = crypt_metadata_device(cd);
 	uint64_t area_offset, area_length;
-	char num[16];
 	int r;
 	json_object *jobj_keyslot, *jobj_keyslots;
 	const keyslot_handler *h;
@@ -421,7 +460,7 @@ int LUKS2_keyslot_wipe(struct crypt_device *cd,
 		return -ENOENT;

 	if (wipe_area_only)
-		log_dbg("Wiping keyslot %d area only.", keyslot);
+		log_dbg(cd, "Wiping keyslot %d area only.", keyslot);

 	/* Just check that nobody uses the metadata now */
 	r = device_write_lock(cd, device);
@@ -430,7 +469,7 @@ int LUKS2_keyslot_wipe(struct crypt_device *cd,
 			device_path(device));
 		return r;
 	}
-	device_write_unlock(device);
+	device_write_unlock(cd, device);

 	/* secure deletion of possible key material in keyslot area */
 	r = crypt_keyslot_area(cd, keyslot, &area_offset, &area_length);
@@ -461,10 +500,9 @@ int LUKS2_keyslot_wipe(struct crypt_device *cd,
 		if (r < 0)
 			return r;
 	} else
-		log_dbg("Wiping keyslot %d without specific-slot handler loaded.", keyslot);
+		log_dbg(cd, "Wiping keyslot %d without specific-slot handler loaded.", keyslot);

-	snprintf(num, sizeof(num), "%d", keyslot);
-	json_object_object_del(jobj_keyslots, num);
+	json_object_object_del_by_uint(jobj_keyslots, keyslot);

 	return LUKS2_hdr_write(cd, hdr);
 }
@@ -518,10 +556,9 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
 	size_t volume_key_len)
 {
 	struct luks2_hdr *hdr;
-	char num[16];
 	json_object *jobj_keyslots, *jobj_keyslot, *jobj_area;

-	log_dbg("Allocating placeholder keyslot %d for LUKS1 down conversion.", keyslot);
+	log_dbg(cd, "Allocating placeholder keyslot %d for LUKS1 down conversion.", keyslot);

 	if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
 		return -EINVAL;
@@ -550,9 +587,7 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
 	json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
 	json_object_object_add(jobj_keyslot, "area", jobj_area);

-	snprintf(num, sizeof(num), "%d", keyslot);
-
-	json_object_object_add(jobj_keyslots, num, jobj_keyslot);
+	json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);

 	return 0;
 }
@@ -580,7 +615,7 @@ static unsigned LUKS2_get_keyslot_digests_count(json_object *hdr_jobj, int keysl
 }

 /* run only on header that passed basic format validation */
-int LUKS2_keyslots_validate(json_object *hdr_jobj)
+int LUKS2_keyslots_validate(struct crypt_device *cd, json_object *hdr_jobj)
 {
 	const keyslot_handler *h;
 	int keyslot;
@@ -592,16 +627,16 @@ int LUKS2_keyslots_validate(json_object *hdr_jobj)
 	json_object_object_foreach(jobj_keyslots, slot, val) {
 		keyslot = atoi(slot);
 		json_object_object_get_ex(val, "type", &jobj_type);
-		h = LUKS2_keyslot_handler_type(NULL, json_object_get_string(jobj_type));
+		h = LUKS2_keyslot_handler_type(cd, json_object_get_string(jobj_type));
 		if (!h)
 			continue;
-		if (h->validate && h->validate(NULL, val)) {
-			log_dbg("Keyslot type %s validation failed on keyslot %d.", h->name, keyslot);
+		if (h->validate && h->validate(cd, val)) {
+			log_dbg(cd, "Keyslot type %s validation failed on keyslot %d.", h->name, keyslot);
 			return -EINVAL;
 		}

 		if (!strcmp(h->name, "luks2") && LUKS2_get_keyslot_digests_count(hdr_jobj, keyslot) != 1) {
-			log_dbg("Keyslot %d is not assigned to exactly 1 digest.", keyslot);
+			log_dbg(cd, "Keyslot %d is not assigned to exactly 1 digest.", keyslot);
 			return -EINVAL;
 		}
 	}
@@ -609,7 +644,7 @@ int LUKS2_keyslots_validate(json_object *hdr_jobj)
 	return 0;
 }

-void LUKS2_keyslots_repair(json_object *jobj_keyslots)
+void LUKS2_keyslots_repair(struct crypt_device *cd, json_object *jobj_keyslots)
 {
 	const keyslot_handler *h;
 	json_object *jobj_type;
@@ -621,8 +656,8 @@ void LUKS2_keyslots_repair(json_object *jobj_keyslots)
 		    !json_object_is_type(jobj_type, json_type_string))
 			continue;

-		h = LUKS2_keyslot_handler_type(NULL, json_object_get_string(jobj_type));
+		h = LUKS2_keyslot_handler_type(cd, json_object_get_string(jobj_type));
 		if (h && h->repair)
-			h->repair(NULL, val);
+			h->repair(cd, val);
 	}
 }
--- a/lib/luks2/luks2_keyslot_luks2.c
+++ b/lib/luks2/luks2_keyslot_luks2.c
@@ -1,8 +1,8 @@
 /*
 * LUKS - Linux Unified Key Setup v2, LUKS2 type keyslot handler
 *
- * Copyright (C) 2015-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2018, Milan Broz. All rights reserved.
+ * Copyright (C) 2015-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -41,7 +41,7 @@ static int luks2_encrypt_to_storage(char *src, size_t srcLength,
 		return r;
 	}
 	r = LUKS_encrypt_to_storage(src, srcLength, cipher, cipher_mode, vk, sector, cd);
-	device_write_unlock(crypt_metadata_device(cd));
+	device_write_unlock(cd, crypt_metadata_device(cd));
 	return r;
 #else
 	struct crypt_storage *s;
@@ -54,7 +54,7 @@ static int luks2_encrypt_to_storage(char *src, size_t srcLength,
 	/* Encrypt buffer */
 	r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength);
 	if (r) {
-		log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).",
+		log_dbg(cd, "Userspace crypto wrapper cannot use %s-%s (%d).",
 			cipher, cipher_mode, r);
 		return r;
 	}
@@ -71,21 +71,21 @@ static int luks2_encrypt_to_storage(char *src, size_t srcLength,
 		return r;
 	}

-	devfd = device_open_locked(device, O_RDWR);
+	devfd = device_open_locked(cd, device, O_RDWR);
 	if (devfd >= 0) {
-		if (write_lseek_blockwise(devfd, device_block_size(device),
+		if (write_lseek_blockwise(devfd, device_block_size(cd, device),
 					  device_alignment(device), src,
 					  srcLength, sector * SECTOR_SIZE) < 0)
 			r = -EIO;
 		else
 			r = 0;

-		device_sync(device, devfd);
+		device_sync(cd, device, devfd);
 		close(devfd);
 	} else
 		r = -EIO;

-	device_write_unlock(device);
+	device_write_unlock(cd, device);

 	if (r)
 		log_err(cd, _("IO error while encrypting keyslot."));
@@ -106,7 +106,7 @@ static int luks2_decrypt_from_storage(char *dst, size_t dstLength,
 		return r;
 	}
 	r = LUKS_decrypt_from_storage(dst, dstLength, cipher, cipher_mode, vk, sector, cd);
-	device_read_unlock(crypt_metadata_device(cd));
+	device_read_unlock(cd, crypt_metadata_device(cd));
 	return r;
 #else
 	struct crypt_storage *s;
@@ -118,7 +118,7 @@ static int luks2_decrypt_from_storage(char *dst, size_t dstLength,

 	r = crypt_storage_init(&s, 0, cipher, cipher_mode, vk->key, vk->keylength);
 	if (r) {
-		log_dbg("Userspace crypto wrapper cannot use %s-%s (%d).",
+		log_dbg(cd, "Userspace crypto wrapper cannot use %s-%s (%d).",
 			cipher, cipher_mode, r);
 		return r;
 	}
@@ -131,9 +131,9 @@ static int luks2_decrypt_from_storage(char *dst, size_t dstLength,
 		return r;
 	}

-	devfd = device_open_locked(device, O_RDONLY);
+	devfd = device_open_locked(cd, device, O_RDONLY);
 	if (devfd >= 0) {
-		if (read_lseek_blockwise(devfd, device_block_size(device),
+		if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 					 device_alignment(device), dst,
 					 dstLength, sector * SECTOR_SIZE) < 0)
 			r = -EIO;
@@ -143,7 +143,7 @@ static int luks2_decrypt_from_storage(char *dst, size_t dstLength,
 	} else
 		r = -EIO;

-	device_read_unlock(device);
+	device_read_unlock(cd, device);

 	/* Decrypt buffer */
 	if (!r)
@@ -281,10 +281,10 @@ static int luks2_keyslot_set_key(struct crypt_device *cd,
 		return -ENOMEM;
 	}

-	r = AF_split(volume_key, AfKey, volume_key_len, LUKS_STRIPES, af_hash);
+	r = AF_split(cd, volume_key, AfKey, volume_key_len, LUKS_STRIPES, af_hash);

 	if (r == 0) {
-		log_dbg("Updating keyslot area [0x%04x].", (unsigned)area_offset);
+		log_dbg(cd, "Updating keyslot area [0x%04x].", (unsigned)area_offset);
 		/* FIXME: sector_offset should be size_t, fix LUKS_encrypt... accordingly */
 		r = luks2_encrypt_to_storage(AfKey, AFEKSize, cipher, cipher_mode,
 				    derived_key, (unsigned)(area_offset / SECTOR_SIZE), cd);
@@ -362,14 +362,14 @@ static int luks2_keyslot_get_key(struct crypt_device *cd,
 			pbkdf.parallel_threads);

 	if (r == 0) {
-		log_dbg("Reading keyslot area [0x%04x].", (unsigned)area_offset);
+		log_dbg(cd, "Reading keyslot area [0x%04x].", (unsigned)area_offset);
 		/* FIXME: sector_offset should be size_t, fix LUKS_decrypt... accordingly */
 		r = luks2_decrypt_from_storage(AfKey, AFEKSize, cipher, cipher_mode,
 				      derived_key, (unsigned)(area_offset / SECTOR_SIZE), cd);
 	}

 	if (r == 0)
-		r = AF_merge(AfKey, volume_key, volume_key_len, LUKS_STRIPES, af_hash);
+		r = AF_merge(cd, AfKey, volume_key, volume_key_len, LUKS_STRIPES, af_hash);

 	crypt_free_volume_key(derived_key);
 	crypt_safe_free(AfKey);
@@ -388,27 +388,25 @@ static int luks2_keyslot_update_json(struct crypt_device *cd,
 	const struct luks2_keyslot_params *params)
 {
 	const struct crypt_pbkdf_type *pbkdf;
-	json_object *jobj_af, *jobj_area, *jobj_kdf, *jobj1;
+	json_object *jobj_af, *jobj_area, *jobj_kdf;
 	char salt[LUKS_SALTSIZE], *salt_base64 = NULL;
-	int r, keyslot_key_len;
+	int r;

 	/* jobj_keyslot is not yet validated */

 	if (!json_object_object_get_ex(jobj_keyslot, "af", &jobj_af) ||
-	    !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area) ||
-	    !json_object_object_get_ex(jobj_area, "key_size", &jobj1))
+	    !json_object_object_get_ex(jobj_keyslot, "area", &jobj_area))
 		return -EINVAL;

-	/* we do not allow any 'area' object modifications yet */
-	keyslot_key_len = json_object_get_int(jobj1);
-	if (keyslot_key_len < 0)
-		return -EINVAL;
+	/* update area encryption parameters */
+	json_object_object_add(jobj_area, "encryption", json_object_new_string(params->area.raw.encryption));
+	json_object_object_add(jobj_area, "key_size", json_object_new_int(params->area.raw.key_size));

 	pbkdf = crypt_get_pbkdf_type(cd);
 	if (!pbkdf)
 		return -EINVAL;

-	r = crypt_benchmark_pbkdf_internal(cd, CONST_CAST(struct crypt_pbkdf_type *)pbkdf, keyslot_key_len);
+	r = crypt_benchmark_pbkdf_internal(cd, CONST_CAST(struct crypt_pbkdf_type *)pbkdf, params->area.raw.key_size);
 	if (r < 0)
 		return r;

@@ -442,7 +440,7 @@ static int luks2_keyslot_update_json(struct crypt_device *cd,
 	/* update 'af' hash */
 	json_object_object_add(jobj_af, "hash", json_object_new_string(params->af.luks1.hash));

-	JSON_DBG(jobj_keyslot, "Keyslot JSON");
+	JSON_DBG(cd, jobj_keyslot, "Keyslot JSON:");
 	return 0;
 }

@@ -452,16 +450,15 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
 	const struct luks2_keyslot_params *params)
 {
 	struct luks2_hdr *hdr;
-	char num[16];
 	uint64_t area_offset, area_length;
 	json_object *jobj_keyslots, *jobj_keyslot, *jobj_af, *jobj_area;
 	int r;

-	log_dbg("Trying to allocate LUKS2 keyslot %d.", keyslot);
+	log_dbg(cd, "Trying to allocate LUKS2 keyslot %d.", keyslot);

 	if (!params || params->area_type != LUKS2_KEYSLOT_AREA_RAW ||
 	    params->af_type != LUKS2_KEYSLOT_AF_LUKS1) {
-		log_dbg("Invalid LUKS2 keyslot parameters.");
+		log_dbg(cd, "Invalid LUKS2 keyslot parameters.");
 		return -EINVAL;
 	}

@@ -475,7 +472,7 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
 		return -ENOMEM;

 	if (LUKS2_get_keyslot_jobj(hdr, keyslot)) {
-		log_dbg("Cannot modify already active keyslot %d.", keyslot);
+		log_dbg(cd, "Cannot modify already active keyslot %d.", keyslot);
 		return -EINVAL;
 	}

@@ -499,25 +496,21 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
 	/* Area object */
 	jobj_area = json_object_new_object();
 	json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
-	json_object_object_add(jobj_area, "encryption", json_object_new_string(params->area.raw.encryption));
-	json_object_object_add(jobj_area, "key_size", json_object_new_int(params->area.raw.key_size));
 	json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
 	json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
 	json_object_object_add(jobj_keyslot, "area", jobj_area);

-	snprintf(num, sizeof(num), "%d", keyslot);
-
-	json_object_object_add(jobj_keyslots, num, jobj_keyslot);
+	json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);

 	r = luks2_keyslot_update_json(cd, jobj_keyslot, params);

-	if (!r && LUKS2_check_json_size(hdr)) {
-		log_dbg("Not enough space in header json area for new keyslot.");
+	if (!r && LUKS2_check_json_size(cd, hdr)) {
+		log_dbg(cd, "Not enough space in header json area for new keyslot.");
 		r = -ENOSPC;
 	}

 	if (r)
-		json_object_object_del(jobj_keyslots, num);
+		json_object_object_del_by_uint(jobj_keyslots, keyslot);

 	return r;
 }
@@ -532,7 +525,7 @@ static int luks2_keyslot_open(struct crypt_device *cd,
 	struct luks2_hdr *hdr;
 	json_object *jobj_keyslot;

-	log_dbg("Trying to open LUKS2 keyslot %d.", keyslot);
+	log_dbg(cd, "Trying to open LUKS2 keyslot %d.", keyslot);

 	if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
 		return -EINVAL;
@@ -561,7 +554,7 @@ static int luks2_keyslot_store(struct crypt_device *cd,
 	json_object *jobj_keyslot;
 	int r;

-	log_dbg("Calculating attributes for LUKS2 keyslot %d.", keyslot);
+	log_dbg(cd, "Calculating attributes for LUKS2 keyslot %d.", keyslot);

 	if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
 		return -EINVAL;
@@ -613,6 +606,9 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
 	json_object_object_get_ex(jobj_area, "encryption", &jobj1);
 	log_std(cd, "\tCipher:     %s\n", json_object_get_string(jobj1));

+	json_object_object_get_ex(jobj_area, "key_size", &jobj1);
+	log_std(cd, "\tCipher key: %u bits\n", json_object_get_uint32(jobj1) * 8);
+
 	json_object_object_get_ex(jobj_kdf, "type", &jobj1);
 	log_std(cd, "\tPBKDF:      %s\n", json_object_get_string(jobj1));

@@ -640,6 +636,9 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
 	json_object_object_get_ex(jobj_af, "stripes", &jobj1);
 	log_std(cd, "\tAF stripes: %u\n", json_object_get_int(jobj1));

+	json_object_object_get_ex(jobj_af, "hash", &jobj1);
+	log_std(cd, "\tAF hash:    %s\n", json_object_get_string(jobj1));
+
 	json_object_object_get_ex(jobj_area, "offset", &jobj1);
 	log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));

@@ -665,31 +664,31 @@ static int luks2_keyslot_validate(struct crypt_device *cd, json_object *jobj_key

 	count = json_object_object_length(jobj_kdf);

-	jobj1 = json_contains(jobj_kdf, "", "kdf section", "type", json_type_string);
+	jobj1 = json_contains(cd, jobj_kdf, "", "kdf section", "type", json_type_string);
 	if (!jobj1)
 		return -EINVAL;
 	type = json_object_get_string(jobj1);

 	if (!strcmp(type, CRYPT_KDF_PBKDF2)) {
 		if (count != 4 || /* type, salt, hash, iterations only */
-		    !json_contains(jobj_kdf, "kdf type", type, "hash", json_type_string) ||
-		    !json_contains(jobj_kdf, "kdf type", type, "iterations", json_type_int) ||
-		    !json_contains(jobj_kdf, "kdf type", type, "salt", json_type_string))
+		    !json_contains(cd, jobj_kdf, "kdf type", type, "hash", json_type_string) ||
+		    !json_contains(cd, jobj_kdf, "kdf type", type, "iterations", json_type_int) ||
+		    !json_contains(cd, jobj_kdf, "kdf type", type, "salt", json_type_string))
 			return -EINVAL;
 	} else if (!strcmp(type, CRYPT_KDF_ARGON2I) || !strcmp(type, CRYPT_KDF_ARGON2ID)) {
 		if (count != 5 || /* type, salt, time, memory, cpus only */
-		    !json_contains(jobj_kdf, "kdf type", type, "time", json_type_int) ||
-		    !json_contains(jobj_kdf, "kdf type", type, "memory", json_type_int) ||
-		    !json_contains(jobj_kdf, "kdf type", type, "cpus", json_type_int) ||
-		    !json_contains(jobj_kdf, "kdf type", type, "salt", json_type_string))
+		    !json_contains(cd, jobj_kdf, "kdf type", type, "time", json_type_int) ||
+		    !json_contains(cd, jobj_kdf, "kdf type", type, "memory", json_type_int) ||
+		    !json_contains(cd, jobj_kdf, "kdf type", type, "cpus", json_type_int) ||
+		    !json_contains(cd, jobj_kdf, "kdf type", type, "salt", json_type_string))
 			return -EINVAL;
 	}

 	if (!json_object_object_get_ex(jobj_af, "type", &jobj1))
 		return -EINVAL;
 	if (!strcmp(json_object_get_string(jobj1), "luks1")) {
-		if (!json_contains(jobj_af, "", "luks1 af", "hash", json_type_string) ||
-		    !json_contains(jobj_af, "", "luks1 af", "stripes", json_type_int))
+		if (!json_contains(cd, jobj_af, "", "luks1 af", "hash", json_type_string) ||
+		    !json_contains(cd, jobj_af, "", "luks1 af", "stripes", json_type_int))
 			return -EINVAL;
 	} else
 		return -EINVAL;
@@ -698,10 +697,10 @@ static int luks2_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
 	if (!json_object_object_get_ex(jobj_area, "type", &jobj1))
 		return -EINVAL;
 	if (!strcmp(json_object_get_string(jobj1), "raw")) {
-		if (!json_contains(jobj_area, "area", "raw type", "encryption", json_type_string) ||
-		    !json_contains(jobj_area, "area", "raw type", "key_size", json_type_int) ||
-		    !json_contains(jobj_area, "area", "raw type", "offset", json_type_string) ||
-		    !json_contains(jobj_area, "area", "raw type", "size", json_type_string))
+		if (!json_contains(cd, jobj_area, "area", "raw type", "encryption", json_type_string) ||
+		    !json_contains(cd, jobj_area, "area", "raw type", "key_size", json_type_int) ||
+		    !json_contains(cd, jobj_area, "area", "raw type", "offset", json_type_string) ||
+		    !json_contains(cd, jobj_area, "area", "raw type", "size", json_type_string))
 			return -EINVAL;
 	} else
 		return -EINVAL;
@@ -717,7 +716,7 @@ static int luks2_keyslot_update(struct crypt_device *cd,
 	json_object *jobj_keyslot;
 	int r;

-	log_dbg("Updating LUKS2 keyslot %d.", keyslot);
+	log_dbg(cd, "Updating LUKS2 keyslot %d.", keyslot);

 	if (!(hdr = crypt_get_hdr(cd, CRYPT_LUKS2)))
 		return -EINVAL;
@@ -728,8 +727,8 @@ static int luks2_keyslot_update(struct crypt_device *cd,

 	r = luks2_keyslot_update_json(cd, jobj_keyslot, params);

-	if (!r && LUKS2_check_json_size(hdr)) {
-		log_dbg("Not enough space in header json area for updated keyslot %d.", keyslot);
+	if (!r && LUKS2_check_json_size(cd, hdr)) {
+		log_dbg(cd, "Not enough space in header json area for updated keyslot %d.", keyslot);
 		r = -ENOSPC;
 	}

--- a/lib/luks2/luks2_luks1_convert.c
+++ b/lib/luks2/luks2_luks1_convert.c
@@ -1,9 +1,9 @@
 /*
 * LUKS - Linux Unified Key Setup v2, LUKS1 conversion code
 *
- * Copyright (C) 2015-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2015-2018, Ondrej Kozina. All rights reserved.
- * Copyright (C) 2015-2018, Milan Broz. All rights reserved.
+ * Copyright (C) 2015-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015-2019 Ondrej Kozina
+ * Copyright (C) 2015-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -93,24 +93,22 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc

 static int json_luks1_keyslots(const struct luks_phdr *hdr_v1, struct json_object **keyslots_object)
 {
-	char keyslot_str[2];
-	int key_slot, r;
+	int keyslot, r;
 	struct json_object *keyslot_obj, *field;

 	keyslot_obj = json_object_new_object();
 	if (!keyslot_obj)
 		return -ENOMEM;

-	for (key_slot = 0; key_slot < LUKS_NUMKEYS; key_slot++) {
-		if (hdr_v1->keyblock[key_slot].active != LUKS_KEY_ENABLED)
+	for (keyslot = 0; keyslot < LUKS_NUMKEYS; keyslot++) {
+		if (hdr_v1->keyblock[keyslot].active != LUKS_KEY_ENABLED)
 			continue;
-		r = json_luks1_keyslot(hdr_v1, key_slot, &field);
+		r = json_luks1_keyslot(hdr_v1, keyslot, &field);
 		if (r) {
 			json_object_put(keyslot_obj);
 			return r;
 		}
-		(void) snprintf(keyslot_str, sizeof(keyslot_str), "%d", key_slot);
-		json_object_object_add(keyslot_obj, keyslot_str, field);
+		json_object_object_add_by_uint(keyslot_obj, keyslot, field);
 	}

 	*keyslots_object = keyslot_obj;
@@ -190,7 +188,6 @@ static int json_luks1_segment(const struct luks_phdr *hdr_v1, struct json_object

 static int json_luks1_segments(const struct luks_phdr *hdr_v1, struct json_object **segments_object)
 {
-	char num[16];
 	int r;
 	struct json_object *segments_obj, *field;

@@ -203,8 +200,7 @@ static int json_luks1_segments(const struct luks_phdr *hdr_v1, struct json_objec
 		json_object_put(segments_obj);
 		return r;
 	}
-	snprintf(num, sizeof(num), "%u", CRYPT_DEFAULT_SEGMENT);
-	json_object_object_add(segments_obj, num, field);
+	json_object_object_add_by_uint(segments_obj, CRYPT_DEFAULT_SEGMENT, field);

 	*segments_object = segments_obj;
 	return 0;
@@ -427,13 +423,13 @@ static int move_keyslot_areas(struct crypt_device *cd, off_t offset_from,
 	void *buf = NULL;
 	int r = -EIO, devfd = -1;

-	log_dbg("Moving keyslot areas of size %zu from %jd to %jd.",
+	log_dbg(cd, "Moving keyslot areas of size %zu from %jd to %jd.",
 		buf_size, (intmax_t)offset_from, (intmax_t)offset_to);

 	if (posix_memalign(&buf, crypt_getpagesize(), buf_size))
 		return -ENOMEM;

-	devfd = device_open(device, O_RDWR);
+	devfd = device_open(cd, device, O_RDWR);
 	if (devfd == -1) {
 		free(buf);
 		return -EIO;
@@ -441,27 +437,27 @@ static int move_keyslot_areas(struct crypt_device *cd, off_t offset_from,

 	/* This can safely fail (for block devices). It only allocates space if it is possible. */
 	if (posix_fallocate(devfd, offset_to, buf_size))
-		log_dbg("Preallocation (fallocate) of new keyslot area not available.");
+		log_dbg(cd, "Preallocation (fallocate) of new keyslot area not available.");

 	/* Try to read *new* area to check that area is there (trimmed backup). */
-	if (read_lseek_blockwise(devfd, device_block_size(device),
+	if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 				 device_alignment(device), buf, buf_size,
 				 offset_to)!= (ssize_t)buf_size)
 		goto out;

-	if (read_lseek_blockwise(devfd, device_block_size(device),
+	if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 				 device_alignment(device), buf, buf_size,
 				 offset_from)!= (ssize_t)buf_size)
 		goto out;

-	if (write_lseek_blockwise(devfd, device_block_size(device),
+	if (write_lseek_blockwise(devfd, device_block_size(cd, device),
 				  device_alignment(device), buf, buf_size,
 				  offset_to) != (ssize_t)buf_size)
 		goto out;

 	r = 0;
 out:
-	device_sync(device, devfd);
+	device_sync(cd, device, devfd);
 	close(devfd);
 	crypt_memzero(buf, buf_size);
 	free(buf);
@@ -473,7 +469,7 @@ static int luks_header_in_use(struct crypt_device *cd)
 {
 	int r;

-	r = lookup_dm_dev_by_uuid(crypt_get_uuid(cd), crypt_get_type(cd));
+	r = lookup_dm_dev_by_uuid(cd, crypt_get_uuid(cd), crypt_get_type(cd));
 	if (r < 0)
 		log_err(cd, _("Can not check status of device with uuid: %s."), crypt_get_uuid(cd));

@@ -491,14 +487,14 @@ static int luksmeta_header_present(struct crypt_device *cd, off_t luks1_size)
 	if (posix_memalign(&buf, crypt_getpagesize(), sizeof(LM_MAGIC)))
 		return -ENOMEM;

-	devfd = device_open(device, O_RDONLY);
+	devfd = device_open(cd, device, O_RDONLY);
 	if (devfd == -1) {
 		free(buf);
 		return -EIO;
 	}

 	/* Note: we must not detect failure as problem here, header can be trimmed. */
-	if (read_lseek_blockwise(devfd, device_block_size(device), device_alignment(device),
+	if (read_lseek_blockwise(devfd, device_block_size(cd, device), device_alignment(device),
 		buf, sizeof(LM_MAGIC), luks1_size) == (ssize_t)sizeof(LM_MAGIC) &&
 		!memcmp(LM_MAGIC, buf, sizeof(LM_MAGIC))) {
 			log_err(cd, _("Unable to convert header with LUKSMETA additional metadata."));
@@ -528,14 +524,14 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct
 		return -EINVAL;

 	if (LUKS_keyslots_offset(hdr1) != (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) {
-		log_dbg("Unsupported keyslots material offset: %zu.", LUKS_keyslots_offset(hdr1));
+		log_dbg(cd, "Unsupported keyslots material offset: %zu.", LUKS_keyslots_offset(hdr1));
 		return -EINVAL;
 	}

 	if (luksmeta_header_present(cd, luks1_size))
 		return -EINVAL;

-	log_dbg("Max size: %" PRIu64 ", LUKS1 (full) header size %zu , required shift: %zu",
+	log_dbg(cd, "Max size: %" PRIu64 ", LUKS1 (full) header size %zu , required shift: %zu",
 		max_size, luks1_size, luks1_shift);
 	if ((max_size - luks1_size) < luks1_shift) {
 		log_err(cd, _("Unable to move keyslot area. Not enough space."));
@@ -585,16 +581,18 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct
 	// Write JSON hdr2
 	r = LUKS2_hdr_write(cd, hdr2);
 out:
-	LUKS2_hdr_free(hdr2);
+	LUKS2_hdr_free(cd, hdr2);

 	return r;
 }

-static int keyslot_LUKS1_compatible(struct luks2_hdr *hdr, int keyslot, uint32_t key_size)
+static int keyslot_LUKS1_compatible(struct crypt_device *cd, struct luks2_hdr *hdr,
+				    int keyslot, uint32_t key_size, const char *hash)
 {
 	json_object *jobj_keyslot, *jobj, *jobj_kdf, *jobj_af;
 	uint64_t l2_offset, l2_length;
-	int ks_key_size;
+	size_t ks_key_size;
+	const char *ks_cipher, *data_cipher;

 	jobj_keyslot = LUKS2_get_keyslot_jobj(hdr, keyslot);
 	if (!jobj_keyslot)
@@ -608,7 +606,9 @@ static int keyslot_LUKS1_compatible(struct luks2_hdr *hdr, int keyslot, uint32_t
 	jobj = NULL;
 	if (!json_object_object_get_ex(jobj_keyslot, "kdf", &jobj_kdf) ||
 	    !json_object_object_get_ex(jobj_kdf, "type", &jobj) ||
-	    strcmp(json_object_get_string(jobj), CRYPT_KDF_PBKDF2))
+	    strcmp(json_object_get_string(jobj), CRYPT_KDF_PBKDF2) ||
+	    !json_object_object_get_ex(jobj_kdf, "hash", &jobj) ||
+	    strcmp(json_object_get_string(jobj), hash))
 		return 0;

 	jobj = NULL;
@@ -619,14 +619,16 @@ static int keyslot_LUKS1_compatible(struct luks2_hdr *hdr, int keyslot, uint32_t

 	jobj = NULL;
 	if (!json_object_object_get_ex(jobj_af, "hash", &jobj) ||
-	    crypt_hash_size(json_object_get_string(jobj)) < 0)
+	    (crypt_hash_size(json_object_get_string(jobj)) < 0) ||
+	    strcmp(json_object_get_string(jobj), hash))
 		return 0;

 	/* FIXME: should this go to validation code instead (aka invalid luks2 header if assigned to segment 0)? */
 	/* FIXME: check all keyslots are assigned to segment id 0, and segments count == 1 */
-	ks_key_size = LUKS2_get_keyslot_key_size(hdr, keyslot);
-	if (ks_key_size < 0 || (int)key_size != LUKS2_get_keyslot_key_size(hdr, keyslot)) {
-		log_dbg("Key length in keyslot %d is different from volume key length", keyslot);
+	ks_cipher = LUKS2_get_keyslot_cipher(hdr, keyslot, &ks_key_size);
+	data_cipher = LUKS2_get_cipher(hdr, CRYPT_DEFAULT_SEGMENT);
+	if (!ks_cipher || !data_cipher || key_size != ks_key_size || strcmp(ks_cipher, data_cipher)) {
+		log_dbg(cd, "Cipher in keyslot %d is different from volume key encryption.", keyslot);
 		return 0;
 	}

@@ -634,7 +636,7 @@ static int keyslot_LUKS1_compatible(struct luks2_hdr *hdr, int keyslot, uint32_t
 		return 0;

 	if (l2_length != (size_round_up(AF_split_sectors(key_size, LUKS_STRIPES) * SECTOR_SIZE, 4096))) {
-		log_dbg("Area length in LUKS2 keyslot (%d) is not compatible with LUKS1", keyslot);
+		log_dbg(cd, "Area length in LUKS2 keyslot (%d) is not compatible with LUKS1", keyslot);
 		return 0;
 	}

@@ -647,6 +649,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
 	size_t buf_size, buf_offset;
 	char cipher[LUKS_CIPHERNAME_L-1], cipher_mode[LUKS_CIPHERMODE_L-1];
 	char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE];
+	const char *hash;
 	size_t len;
 	json_object *jobj_keyslot, *jobj_digest, *jobj_segment, *jobj_kdf, *jobj_area, *jobj1, *jobj2;
 	uint32_t key_size;
@@ -669,12 +672,15 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
 		log_err(cd, _("Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."));
 		return -EINVAL;
 	}
+	if (!json_object_object_get_ex(jobj_digest, "hash", &jobj2))
+		return -EINVAL;
+	hash = json_object_get_string(jobj2);

 	r = crypt_parse_name_and_mode(LUKS2_get_cipher(hdr2, CRYPT_DEFAULT_SEGMENT), cipher, NULL, cipher_mode);
 	if (r < 0)
 		return r;

-	if (crypt_cipher_wrapped_key(cipher)) {
+	if (crypt_cipher_wrapped_key(cipher, cipher_mode)) {
 		log_err(cd, _("Cannot convert to LUKS1 format - device uses wrapped key cipher %s."), cipher);
 		return -EINVAL;
 	}
@@ -706,7 +712,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
 			return -EINVAL;
 		}

-		if (!keyslot_LUKS1_compatible(hdr2, i, key_size)) {
+		if (!keyslot_LUKS1_compatible(cd, hdr2, i, key_size, hash)) {
 			log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."), i);
 			return -EINVAL;
 		}
--- a/lib/luks2/luks2_token.c
+++ b/lib/luks2/luks2_token.c
@@ -1,8 +1,8 @@
 /*
 * LUKS - Linux Unified Key Setup v2, token handling
 *
- * Copyright (C) 2016-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2018, Milan Broz. All rights reserved.
+ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -45,21 +45,19 @@ int crypt_token_register(const crypt_token_handler *handler)
 	int i;

 	if (is_builtin_candidate(handler->name)) {
-		log_dbg("'" LUKS2_BUILTIN_TOKEN_PREFIX "' is reserved prefix for builtin tokens.");
+		log_dbg(NULL, "'" LUKS2_BUILTIN_TOKEN_PREFIX "' is reserved prefix for builtin tokens.");
 		return -EINVAL;
 	}

 	for (i = 0; i < LUKS2_TOKENS_MAX && token_handlers[i].h; i++) {
 		if (!strcmp(token_handlers[i].h->name, handler->name)) {
-			log_dbg("Keyslot handler %s is already registered.", handler->name);
+			log_dbg(NULL, "Keyslot handler %s is already registered.", handler->name);
 			return -EINVAL;
 		}
 	}

-	if (i == LUKS2_TOKENS_MAX) {
-		log_dbg("No more space for another token handler.");
+	if (i == LUKS2_TOKENS_MAX)
 		return -EINVAL;
-	}

 	token_handlers[i].h = handler;
 	return 0;
@@ -149,21 +147,20 @@ int LUKS2_token_create(struct crypt_device *cd,
 	if (!json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens))
 		return -EINVAL;

+	snprintf(num, sizeof(num), "%d", token);
+
 	/* Remove token */
-	if (!json) {
-		snprintf(num, sizeof(num), "%d", token);
+	if (!json)
 		json_object_object_del(jobj_tokens, num);
-	} else {
+	else {

 		jobj = json_tokener_parse_verbose(json, &jerr);
 		if (!jobj) {
-			log_dbg("Token JSON parse failed.");
+			log_dbg(cd, "Token JSON parse failed.");
 			return -EINVAL;
 		}

-		snprintf(num, sizeof(num), "%d", token);
-
-		if (LUKS2_token_validate(hdr->jobj, jobj, num)) {
+		if (LUKS2_token_validate(cd, hdr->jobj, jobj, num)) {
 			json_object_put(jobj);
 			return -EINVAL;
 		}
@@ -172,7 +169,7 @@ int LUKS2_token_create(struct crypt_device *cd,
 		if (is_builtin_candidate(json_object_get_string(jobj_type))) {
 			th = LUKS2_token_handler_type_internal(cd, json_object_get_string(jobj_type));
 			if (!th || !th->set) {
-				log_dbg("%s is builtin token candidate with missing handler", json_object_get_string(jobj_type));
+				log_dbg(cd, "%s is builtin token candidate with missing handler", json_object_get_string(jobj_type));
 				json_object_put(jobj);
 				return -EINVAL;
 			}
@@ -182,13 +179,13 @@ int LUKS2_token_create(struct crypt_device *cd,

 		if (h && h->validate && h->validate(cd, json)) {
 			json_object_put(jobj);
-			log_dbg("Token type %s validation failed.", h->name);
+			log_dbg(cd, "Token type %s validation failed.", h->name);
 			return -EINVAL;
 		}

 		json_object_object_add(jobj_tokens, num, jobj);
-		if (LUKS2_check_json_size(hdr)) {
-			log_dbg("Not enough space in header json area for new token.");
+		if (LUKS2_check_json_size(cd, hdr)) {
+			log_dbg(cd, "Not enough space in header json area for new token.");
 			json_object_object_del(jobj_tokens, num);
 			return -ENOSPC;
 		}
@@ -252,7 +249,6 @@ int LUKS2_builtin_token_create(struct crypt_device *cd,
 	int commit)
 {
 	const token_handler *th;
-	char num[16];
 	int r;
 	json_object *jobj_token, *jobj_tokens;

@@ -267,7 +263,6 @@ int LUKS2_builtin_token_create(struct crypt_device *cd,
 	}
 	if (token < 0 || token >= LUKS2_TOKENS_MAX)
 		return -EINVAL;
-	snprintf(num, sizeof(num), "%u", token);

 	r = th->set(&jobj_token, params);
 	if (r) {
@@ -276,17 +271,17 @@ int LUKS2_builtin_token_create(struct crypt_device *cd,
 	}

 	// builtin tokens must produce valid json
-	r = LUKS2_token_validate(hdr->jobj, jobj_token, "new");
+	r = LUKS2_token_validate(cd, hdr->jobj, jobj_token, "new");
 	assert(!r);
 	r = th->h->validate(cd, json_object_to_json_string_ext(jobj_token,
 		JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE));
 	assert(!r);

 	json_object_object_get_ex(hdr->jobj, "tokens", &jobj_tokens);
-	json_object_object_add(jobj_tokens, num, jobj_token);
-	if (LUKS2_check_json_size(hdr)) {
-		log_dbg("Not enough space in header json area for new %s token.", type);
-		json_object_object_del(jobj_tokens, num);
+	json_object_object_add_by_uint(jobj_tokens, token, jobj_token);
+	if (LUKS2_check_json_size(cd, hdr)) {
+		log_dbg(cd, "Not enough space in header json area for new %s token.", type);
+		json_object_object_del_by_uint(jobj_tokens, token);
 		return -ENOSPC;
 	}

@@ -315,14 +310,14 @@ static int LUKS2_token_open(struct crypt_device *cd,
 			return -EINVAL;

 		if (h->validate(cd, json)) {
-			log_dbg("Token %d (%s) validation failed.", token, h->name);
+			log_dbg(cd, "Token %d (%s) validation failed.", token, h->name);
 			return -EINVAL;
 		}
 	}

 	r = h->open(cd, token, buffer, buffer_len, usrptr);
 	if (r < 0)
-		log_dbg("Token %d (%s) open failed with %d.", token, h->name, r);
+		log_dbg(cd, "Token %d (%s) open failed with %d.", token, h->name, r);

 	return r;
 }
@@ -371,7 +366,7 @@ static int LUKS2_keyslot_open_by_token(struct crypt_device *cd,
 	for (i = 0; i < (int) json_object_array_length(jobj_token_keyslots) && r < 0; i++) {
 		jobj = json_object_array_get_idx(jobj_token_keyslots, i);
 		num = json_object_get_string(jobj);
-		log_dbg("Trying to open keyslot %s with token %d (type %s).", num, token, h->name);
+		log_dbg(cd, "Trying to open keyslot %s with token %d (type %s).", num, token, h->name);
 		r = LUKS2_keyslot_open(cd, atoi(num), segment, buffer, buffer_len, vk);
 	}

@@ -501,7 +496,7 @@ static int assign_one_keyslot(struct crypt_device *cd, struct luks2_hdr *hdr,
 	json_object *jobj1, *jobj_token, *jobj_token_keyslots;
 	char num[16];

-	log_dbg("Keyslot %i %s token %i.", keyslot, assign ? "assigned to" : "unassigned from", token);
+	log_dbg(cd, "Keyslot %i %s token %i.", keyslot, assign ? "assigned to" : "unassigned from", token);

 	jobj_token = LUKS2_get_token_jobj(hdr, token);
 	if (!jobj_token)
--- a/lib/luks2/luks2_token_keyring.c
+++ b/lib/luks2/luks2_token_keyring.c
@@ -1,8 +1,8 @@
 /*
 * LUKS - Linux Unified Key Setup v2, kernel keyring token
 *
- * Copyright (C) 2016-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2018, Ondrej Kozina. All rights reserved.
+ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2019 Ondrej Kozina
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -44,10 +44,10 @@ static int keyring_open(struct crypt_device *cd,

 	r = keyring_get_passphrase(json_object_get_string(jobj_key), buffer, buffer_len);
 	if (r == -ENOTSUP) {
-		log_dbg("Kernel keyring features disabled.");
+		log_dbg(cd, "Kernel keyring features disabled.");
 		return -EINVAL;
 	} else if (r < 0) {
-		log_dbg("keyring_get_passphrase failed (error %d)", r);
+		log_dbg(cd, "keyring_get_passphrase failed (error %d)", r);
 		return -EINVAL;
 	}

@@ -61,26 +61,26 @@ static int keyring_validate(struct crypt_device *cd __attribute__((unused)),
 	json_object *jobj_token, *jobj_key;
 	int r = 1;

-	log_dbg("Validating keyring token json");
+	log_dbg(cd, "Validating keyring token json");

 	jobj_token = json_tokener_parse_verbose(json, &jerr);
 	if (!jobj_token) {
-		log_dbg("Keyring token JSON parse failed.");
+		log_dbg(cd, "Keyring token JSON parse failed.");
 		return r;
 	}

 	if (json_object_object_length(jobj_token) != 3) {
-		log_dbg("Keyring token is expected to have exactly 3 fields.");
+		log_dbg(cd, "Keyring token is expected to have exactly 3 fields.");
 		goto out;
 	}

 	if (!json_object_object_get_ex(jobj_token, "key_description", &jobj_key)) {
-		log_dbg("missing key_description field.");
+		log_dbg(cd, "missing key_description field.");
 		goto out;
 	}

 	if (!json_object_is_type(jobj_key, json_type_string)) {
-		log_dbg("key_description is not a string.");
+		log_dbg(cd, "key_description is not a string.");
 		goto out;
 	}

--- a/lib/random.c
+++ b/lib/random.c
@@ -1,7 +1,7 @@
 /*
 * cryptsetup kernel RNG access functions
 *
- * Copyright (C) 2010-2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2019 Red Hat, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/setup.c
+++ b/lib/setup.c
--- a/lib/tcrypt/tcrypt.c
+++ b/lib/tcrypt/tcrypt.c
@@ -1,8 +1,8 @@
 /*
 * TCRYPT (TrueCrypt-compatible) and VeraCrypt volume handling
 *
- * Copyright (C) 2012-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2018, Milan Broz
+ * Copyright (C) 2012-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -202,7 +202,8 @@ static struct tcrypt_algs tcrypt_cipher[] = {
 {}
 };

-static int TCRYPT_hdr_from_disk(struct tcrypt_phdr *hdr,
+static int TCRYPT_hdr_from_disk(struct crypt_device *cd,
+				struct tcrypt_phdr *hdr,
 				struct crypt_params_tcrypt *params,
 				int kdf_index, int cipher_index)
 {
@@ -214,14 +215,14 @@ static int TCRYPT_hdr_from_disk(struct tcrypt_phdr *hdr,
 	crc32 = crypt_crc32(~0, (unsigned char*)&hdr->d, size) ^ ~0;
 	if (be16_to_cpu(hdr->d.version) > 3 &&
 	    crc32 != be32_to_cpu(hdr->d.header_crc32)) {
-		log_dbg("TCRYPT header CRC32 mismatch.");
+		log_dbg(cd, "TCRYPT header CRC32 mismatch.");
 		return -EINVAL;
 	}

 	/* Check CRC32 of keys */
 	crc32 = crypt_crc32(~0, (unsigned char*)hdr->d.keys, sizeof(hdr->d.keys)) ^ ~0;
 	if (crc32 != be32_to_cpu(hdr->d.keys_crc32)) {
-		log_dbg("TCRYPT keys CRC32 mismatch.");
+		log_dbg(cd, "TCRYPT keys CRC32 mismatch.");
 		return -EINVAL;
 	}

@@ -433,7 +434,7 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
 	for (i = 0; tcrypt_cipher[i].chain_count; i++) {
 		if (!(flags & CRYPT_TCRYPT_LEGACY_MODES) && tcrypt_cipher[i].legacy)
 			continue;
-		log_dbg("TCRYPT:  trying cipher %s-%s",
+		log_dbg(cd, "TCRYPT:  trying cipher %s-%s",
 			tcrypt_cipher[i].long_name, tcrypt_cipher[i].mode);

 		memcpy(&hdr2.e, &hdr->e, TCRYPT_HDR_LEN);
@@ -450,7 +451,7 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
 		}

 		if (r < 0) {
-			log_dbg("TCRYPT:   returned error %d, skipped.", r);
+			log_dbg(cd, "TCRYPT:   returned error %d, skipped.", r);
 			if (r == -ENOTSUP)
 				break;
 			r = -ENOENT;
@@ -458,14 +459,14 @@ static int TCRYPT_decrypt_hdr(struct crypt_device *cd, struct tcrypt_phdr *hdr,
 		}

 		if (!strncmp(hdr2.d.magic, TCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) {
-			log_dbg("TCRYPT: Signature magic detected.");
+			log_dbg(cd, "TCRYPT: Signature magic detected.");
 			memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
 			r = i;
 			break;
 		}
 		if ((flags & CRYPT_TCRYPT_VERA_MODES) &&
 		     !strncmp(hdr2.d.magic, VCRYPT_HDR_MAGIC, TCRYPT_HDR_MAGIC_LEN)) {
-			log_dbg("TCRYPT: Signature magic detected (Veracrypt).");
+			log_dbg(cd, "TCRYPT: Signature magic detected (Veracrypt).");
 			memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
 			r = i;
 			break;
@@ -485,7 +486,7 @@ static int TCRYPT_pool_keyfile(struct crypt_device *cd,
 	int i, j, fd, data_size, r = -EIO;
 	uint32_t crc;

-	log_dbg("TCRYPT: using keyfile %s.", keyfile);
+	log_dbg(cd, "TCRYPT: using keyfile %s.", keyfile);

 	data = malloc(TCRYPT_KEYFILE_LEN);
 	if (!data)
@@ -573,7 +574,7 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
 			iterations = tcrypt_kdf[i].iterations;

 		/* Derive header key */
-		log_dbg("TCRYPT: trying KDF: %s-%s-%d%s.",
+		log_dbg(cd, "TCRYPT: trying KDF: %s-%s-%d%s.",
 			tcrypt_kdf[i].name, tcrypt_kdf[i].hash, tcrypt_kdf[i].iterations,
 			params->veracrypt_pim && tcrypt_kdf[i].veracrypt ? "-PIM" : "");
 		r = crypt_pbkdf(tcrypt_kdf[i].name, tcrypt_kdf[i].hash,
@@ -608,15 +609,15 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
 	if (r < 0)
 		goto out;

-	r = TCRYPT_hdr_from_disk(hdr, params, i, r);
+	r = TCRYPT_hdr_from_disk(cd, hdr, params, i, r);
 	if (!r) {
-		log_dbg("TCRYPT: Magic: %s, Header version: %d, req. %d, sector %d"
+		log_dbg(cd, "TCRYPT: Magic: %s, Header version: %d, req. %d, sector %d"
 			", mk_offset %" PRIu64 ", hidden_size %" PRIu64
 			", volume size %" PRIu64, tcrypt_kdf[i].veracrypt ?
 			VCRYPT_HDR_MAGIC : TCRYPT_HDR_MAGIC,
 			(int)hdr->d.version, (int)hdr->d.version_tc, (int)hdr->d.sector_size,
 			hdr->d.mk_offset, hdr->d.hidden_volume_size, hdr->d.volume_size);
-		log_dbg("TCRYPT: Header cipher %s-%s, key size %zu",
+		log_dbg(cd, "TCRYPT: Header cipher %s-%s, key size %zu",
 			params->cipher, params->mode, params->key_size);
 	}
 out:
@@ -638,25 +639,25 @@ int TCRYPT_read_phdr(struct crypt_device *cd,

 	assert(sizeof(struct tcrypt_phdr) == 512);

-	log_dbg("Reading TCRYPT header of size %zu bytes from device %s.",
+	log_dbg(cd, "Reading TCRYPT header of size %zu bytes from device %s.",
 		hdr_size, device_path(device));

 	if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER &&
 	    crypt_dev_is_partition(device_path(device))) {
 		base_device_path = crypt_get_base_device(device_path(device));

-		log_dbg("Reading TCRYPT system header from device %s.", base_device_path ?: "?");
+		log_dbg(cd, "Reading TCRYPT system header from device %s.", base_device_path ?: "?");
 		if (!base_device_path)
 			return -EINVAL;

-		r = device_alloc(&base_device, base_device_path);
+		r = device_alloc(cd, &base_device, base_device_path);
 		free(base_device_path);
 		if (r < 0)
 			return r;
-		devfd = device_open(base_device, O_RDONLY);
-		device_free(base_device);
+		devfd = device_open(cd, base_device, O_RDONLY);
+		device_free(cd, base_device);
 	} else
-		devfd = device_open(device, O_RDONLY);
+		devfd = device_open(cd, device, O_RDONLY);

 	if (devfd < 0) {
 		log_err(cd, _("Cannot open device %s."), device_path(device));
@@ -665,33 +666,33 @@ int TCRYPT_read_phdr(struct crypt_device *cd,

 	r = -EIO;
 	if (params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) {
-		if (read_lseek_blockwise(devfd, device_block_size(device),
+		if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 			device_alignment(device), hdr, hdr_size,
 			TCRYPT_HDR_SYSTEM_OFFSET) == hdr_size) {
 			r = TCRYPT_init_hdr(cd, hdr, params);
 		}
 	} else if (params->flags & CRYPT_TCRYPT_HIDDEN_HEADER) {
 		if (params->flags & CRYPT_TCRYPT_BACKUP_HEADER) {
-			if (read_lseek_blockwise(devfd, device_block_size(device),
+			if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 				device_alignment(device), hdr, hdr_size,
 				TCRYPT_HDR_HIDDEN_OFFSET_BCK) == hdr_size)
 				r = TCRYPT_init_hdr(cd, hdr, params);
 		} else {
-			if (read_lseek_blockwise(devfd, device_block_size(device),
+			if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 				device_alignment(device), hdr, hdr_size,
 				TCRYPT_HDR_HIDDEN_OFFSET) == hdr_size)
 				r = TCRYPT_init_hdr(cd, hdr, params);
-			if (r && read_lseek_blockwise(devfd, device_block_size(device),
+			if (r && read_lseek_blockwise(devfd, device_block_size(cd, device),
 				device_alignment(device), hdr, hdr_size,
 				TCRYPT_HDR_HIDDEN_OFFSET_OLD) == hdr_size)
 				r = TCRYPT_init_hdr(cd, hdr, params);
 		}
 	} else if (params->flags & CRYPT_TCRYPT_BACKUP_HEADER) {
-		if (read_lseek_blockwise(devfd, device_block_size(device),
+		if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 			device_alignment(device), hdr, hdr_size,
 			TCRYPT_HDR_OFFSET_BCK) == hdr_size)
 			r = TCRYPT_init_hdr(cd, hdr, params);
-	} else if (read_blockwise(devfd, device_block_size(device),
+	} else if (read_blockwise(devfd, device_block_size(cd, device),
 			device_alignment(device), hdr, hdr_size) == hdr_size)
 		r = TCRYPT_init_hdr(cd, hdr, params);

@@ -722,28 +723,22 @@ int TCRYPT_activate(struct crypt_device *cd,
 		     struct crypt_params_tcrypt *params,
 		     uint32_t flags)
 {
-	char cipher[MAX_CIPHER_LEN], dm_name[PATH_MAX], dm_dev_name[PATH_MAX];
+	char dm_name[PATH_MAX], dm_dev_name[PATH_MAX], cipher_spec[MAX_CIPHER_LEN*2+1];
 	char *part_path;
-	struct device *device = NULL, *part_device = NULL;
 	unsigned int i;
 	int r;
 	uint32_t req_flags, dmc_flags;
 	struct tcrypt_algs *algs;
 	enum devcheck device_check;
+	uint64_t offset = crypt_get_data_offset(cd);
+	struct volume_key *vk = NULL;
+	struct device  *ptr_dev = crypt_data_device(cd), *device = NULL, *part_device = NULL;
 	struct crypt_dm_active_device dmd = {
-		.target = DM_CRYPT,
-		.size   = 0,
-		.data_device = crypt_data_device(cd),
-		.u.crypt  = {
-			.cipher = cipher,
-			.offset = crypt_get_data_offset(cd),
-			.iv_offset = crypt_get_iv_offset(cd),
-			.sector_size = crypt_get_sector_size(cd),
-		}
+		.flags = flags
 	};

 	if (!hdr->d.version) {
-		log_dbg("TCRYPT: this function is not supported without encrypted header load.");
+		log_dbg(cd, "TCRYPT: this function is not supported without encrypted header load.");
 		return -ENOTSUP;
 	}

@@ -778,20 +773,20 @@ int TCRYPT_activate(struct crypt_device *cd,
 		dmd.size = hdr->d.volume_size / hdr->d.sector_size;

 	if (dmd.flags & CRYPT_ACTIVATE_SHARED)
-		device_check = DEV_SHARED;
+		device_check = DEV_OK;
 	else
 		device_check = DEV_EXCL;

 	if ((params->flags & CRYPT_TCRYPT_SYSTEM_HEADER) &&
-	     !crypt_dev_is_partition(device_path(dmd.data_device))) {
-		part_path = crypt_get_partition_device(device_path(dmd.data_device),
-						       dmd.u.crypt.offset, dmd.size);
+	     !crypt_dev_is_partition(device_path(crypt_data_device(cd)))) {
+		part_path = crypt_get_partition_device(device_path(crypt_data_device(cd)),
+						       crypt_get_data_offset(cd), dmd.size);
 		if (part_path) {
-			if (!device_alloc(&part_device, part_path)) {
+			if (!device_alloc(cd, &part_device, part_path)) {
 				log_verbose(cd, _("Activating TCRYPT system encryption for partition %s."),
 					    part_path);
-				dmd.data_device = part_device;
-				dmd.u.crypt.offset = 0;
+				ptr_dev = part_device;
+				offset = 0;
 			}
 			free(part_path);
 		} else
@@ -799,22 +794,20 @@ int TCRYPT_activate(struct crypt_device *cd,
 			 * System encryption use the whole device mapping, there can
 			 * be active partitions.
 			 */
-			device_check = DEV_SHARED;
+			device_check = DEV_OK;
 	}

-	r = device_block_adjust(cd, dmd.data_device, device_check,
-				dmd.u.crypt.offset, &dmd.size, &dmd.flags);
-	if (r) {
-		device_free(part_device);
-		return r;
-	}
+	r = device_block_adjust(cd, ptr_dev, device_check,
+				offset, &dmd.size, &dmd.flags);
+	if (r)
+		goto out;

 	/* From here, key size for every cipher must be the same */
-	dmd.u.crypt.vk = crypt_alloc_volume_key(algs->cipher[0].key_size +
-						algs->cipher[0].key_extra_size, NULL);
-	if (!dmd.u.crypt.vk) {
-		device_free(part_device);
-		return -ENOMEM;
+	vk = crypt_alloc_volume_key(algs->cipher[0].key_size +
+				    algs->cipher[0].key_extra_size, NULL);
+	if (!vk) {
+		r = -ENOMEM;
+		goto out;
 	}

 	for (i = algs->chain_count; i > 0; i--) {
@@ -827,27 +820,39 @@ int TCRYPT_activate(struct crypt_device *cd,
 			dmd.flags = flags | CRYPT_ACTIVATE_PRIVATE;
 		}

-		snprintf(cipher, sizeof(cipher), "%s-%s",
-			 algs->cipher[i-1].name, algs->mode);
-
 		TCRYPT_copy_key(&algs->cipher[i-1], algs->mode,
-				dmd.u.crypt.vk->key, hdr->d.keys);
+				vk->key, hdr->d.keys);

 		if (algs->chain_count != i) {
 			snprintf(dm_dev_name, sizeof(dm_dev_name), "%s/%s_%d",
 				 dm_get_dir(), name, i);
-			r = device_alloc(&device, dm_dev_name);
+			r = device_alloc(cd, &device, dm_dev_name);
 			if (r)
 				break;
-			dmd.data_device = device;
-			dmd.u.crypt.offset = 0;
+			ptr_dev = device;
+			offset = 0;
 		}

-		log_dbg("Trying to activate TCRYPT device %s using cipher %s.",
-			dm_name, dmd.u.crypt.cipher);
-		r = dm_create_device(cd, dm_name, CRYPT_TCRYPT, &dmd, 0);
+		r = snprintf(cipher_spec, sizeof(cipher_spec), "%s-%s", algs->cipher[i-1].name, algs->mode);
+		if (r < 0 || (size_t)r >= sizeof(cipher_spec)) {
+			r = -ENOMEM;
+			break;
+		}

-		device_free(device);
+		r = dm_crypt_target_set(&dmd.segment, 0, dmd.size, ptr_dev, vk,
+				cipher_spec, crypt_get_iv_offset(cd), offset,
+				crypt_get_integrity(cd),
+				crypt_get_integrity_tag_size(cd),
+				crypt_get_sector_size(cd));
+		if (r)
+			break;
+
+		log_dbg(cd, "Trying to activate TCRYPT device %s using cipher %s.",
+			dm_name, dmd.segment.u.crypt.cipher);
+		r = dm_create_device(cd, dm_name, CRYPT_TCRYPT, &dmd);
+
+		dm_targets_free(cd, &dmd);
+		device_free(cd, device);
 		device = NULL;

 		if (r)
@@ -855,20 +860,22 @@ int TCRYPT_activate(struct crypt_device *cd,
 	}

 	if (r < 0 &&
-	    (dm_flags(DM_CRYPT, &dmc_flags) || ((dmc_flags & req_flags) != req_flags))) {
+	    (dm_flags(cd, DM_CRYPT, &dmc_flags) || ((dmc_flags & req_flags) != req_flags))) {
 		log_err(cd, _("Kernel doesn't support TCRYPT compatible mapping."));
 		r = -ENOTSUP;
 	}

-	device_free(part_device);
-	crypt_free_volume_key(dmd.u.crypt.vk);
+out:
+	crypt_free_volume_key(vk);
+	device_free(cd, device);
+	device_free(cd, part_device);
 	return r;
 }

 static int TCRYPT_remove_one(struct crypt_device *cd, const char *name,
 		      const char *base_uuid, int index, uint32_t flags)
 {
-	struct crypt_dm_active_device dmd = {};
+	struct crypt_dm_active_device dmd;
 	char dm_name[PATH_MAX];
 	int r;

@@ -889,7 +896,7 @@ static int TCRYPT_remove_one(struct crypt_device *cd, const char *name,

 int TCRYPT_deactivate(struct crypt_device *cd, const char *name, uint32_t flags)
 {
-	struct crypt_dm_active_device dmd = {};
+	struct crypt_dm_active_device dmd;
 	int r;

 	r = dm_query_device(cd, name, DM_ACTIVE_UUID, &dmd);
@@ -907,8 +914,6 @@ int TCRYPT_deactivate(struct crypt_device *cd, const char *name, uint32_t flags)
 		goto out;

 	r = TCRYPT_remove_one(cd, name, dmd.uuid, 2, flags);
-	if (r < 0)
-		goto out;
 out:
 	free(CONST_CAST(void*)dmd.uuid);
 	return (r == -ENODEV) ? 0 : r;
@@ -919,7 +924,8 @@ static int TCRYPT_status_one(struct crypt_device *cd, const char *name,
 			      size_t *key_size, char *cipher,
 			      uint64_t *data_offset, struct device **device)
 {
-	struct crypt_dm_active_device dmd = {};
+	struct crypt_dm_active_device dmd;
+	struct dm_target *tgt = &dmd.segment;
 	char dm_name[PATH_MAX], *c;
 	int r;

@@ -934,30 +940,35 @@ static int TCRYPT_status_one(struct crypt_device *cd, const char *name,
 					  DM_ACTIVE_UUID |
 					  DM_ACTIVE_CRYPT_CIPHER |
 					  DM_ACTIVE_CRYPT_KEYSIZE, &dmd);
-	if (r > 0)
-		r = 0;
-	if (!r && !strncmp(dmd.uuid, base_uuid, strlen(base_uuid))) {
-		if ((c = strchr(dmd.u.crypt.cipher, '-')))
-			*c = '\0';
-		strcat(cipher, "-");
-		strncat(cipher, dmd.u.crypt.cipher, MAX_CIPHER_LEN);
-		*key_size += dmd.u.crypt.vk->keylength;
-		*data_offset = dmd.u.crypt.offset * SECTOR_SIZE;
-		device_free(*device);
-		*device = dmd.data_device;
-	} else {
-		device_free(dmd.data_device);
-		r = -ENODEV;
+	if (r < 0)
+		return r;
+	if (!single_segment(&dmd) || tgt->type != DM_CRYPT) {
+		r = -ENOTSUP;
+		goto out;
 	}

+	r = 0;
+
+	if (!strncmp(dmd.uuid, base_uuid, strlen(base_uuid))) {
+		if ((c = strchr(tgt->u.crypt.cipher, '-')))
+			*c = '\0';
+		strcat(cipher, "-");
+		strncat(cipher, tgt->u.crypt.cipher, MAX_CIPHER_LEN);
+		*key_size += tgt->u.crypt.vk->keylength;
+		*data_offset = tgt->u.crypt.offset * SECTOR_SIZE;
+		device_free(cd, *device);
+		MOVE_REF(*device, tgt->data_device);
+	} else
+		r = -ENODEV;
+out:
+	dm_targets_free(cd, &dmd);
 	free(CONST_CAST(void*)dmd.uuid);
-	free(CONST_CAST(void*)dmd.u.crypt.cipher);
-	crypt_free_volume_key(dmd.u.crypt.vk);
 	return r;
 }

 int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
-			const struct crypt_dm_active_device *dmd,
+			const char *uuid,
+			const struct dm_target *tgt,
 			struct device **device,
 			struct crypt_params_tcrypt *tcrypt_params,
 			struct tcrypt_phdr *tcrypt_hdr)
@@ -970,9 +981,9 @@ int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
 	memset(tcrypt_params, 0, sizeof(*tcrypt_params));
 	memset(tcrypt_hdr, 0, sizeof(*tcrypt_hdr));
 	tcrypt_hdr->d.sector_size = SECTOR_SIZE;
-	tcrypt_hdr->d.mk_offset = dmd->u.crypt.offset * SECTOR_SIZE;
+	tcrypt_hdr->d.mk_offset = tgt->u.crypt.offset * SECTOR_SIZE;

-	strncpy(cipher, dmd->u.crypt.cipher, MAX_CIPHER_LEN);
+	strncpy(cipher, tgt->u.crypt.cipher, MAX_CIPHER_LEN);
 	tmp = strchr(cipher, '-');
 	if (!tmp)
 		return -EINVAL;
@@ -980,11 +991,11 @@ int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
 	mode[MAX_CIPHER_LEN] = '\0';
 	strncpy(mode, ++tmp, MAX_CIPHER_LEN);

-	key_size = dmd->u.crypt.vk->keylength;
-	r = TCRYPT_status_one(cd, name, dmd->uuid, 1, &key_size,
+	key_size = tgt->u.crypt.vk->keylength;
+	r = TCRYPT_status_one(cd, name, uuid, 1, &key_size,
 			      cipher, &tcrypt_hdr->d.mk_offset, device);
 	if (!r)
-		r = TCRYPT_status_one(cd, name, dmd->uuid, 2, &key_size,
+		r = TCRYPT_status_one(cd, name, uuid, 2, &key_size,
 				      cipher, &tcrypt_hdr->d.mk_offset, device);

 	if (r < 0 && r != -ENODEV)
--- a/lib/tcrypt/tcrypt.h
+++ b/lib/tcrypt/tcrypt.h
@@ -1,8 +1,8 @@
 /*
 * TCRYPT (TrueCrypt-compatible)  header defitinion
 *
- * Copyright (C) 2012-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2018, Milan Broz
+ * Copyright (C) 2012-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2019 Milan Broz
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -75,6 +75,7 @@ struct tcrypt_phdr {
 struct crypt_device;
 struct crypt_params_tcrypt;
 struct crypt_dm_active_device;
+struct dm_target;
 struct volume_key;
 struct device;

@@ -83,7 +84,8 @@ int TCRYPT_read_phdr(struct crypt_device *cd,
 		     struct crypt_params_tcrypt *params);

 int TCRYPT_init_by_name(struct crypt_device *cd, const char *name,
-			const struct crypt_dm_active_device *dmd,
+			const char *uuid,
+			const struct dm_target *tgt,
 			struct device **device,
 			struct crypt_params_tcrypt *tcrypt_params,
 			struct tcrypt_phdr *tcrypt_hdr);
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -1,10 +1,10 @@
 /*
 * utils - miscellaneous device utilities for cryptsetup
 *
- * Copyright (C) 2004, Jana Saout <jana@saout.de>
- * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2018, Milan Broz
+ * Copyright (C) 2004 Jana Saout <jana@saout.de>
+ * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -70,9 +70,9 @@ static int _memlock_count = 0;
 int crypt_memlock_inc(struct crypt_device *ctx)
 {
 	if (!_memlock_count++) {
-		log_dbg("Locking memory.");
+		log_dbg(ctx, "Locking memory.");
 		if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) {
-			log_dbg("Cannot lock memory with mlockall.");
+			log_dbg(ctx, "Cannot lock memory with mlockall.");
 			_memlock_count--;
 			return 0;
 		}
@@ -81,7 +81,7 @@ int crypt_memlock_inc(struct crypt_device *ctx)
 			log_err(ctx, _("Cannot get process priority."));
 		else
 			if (setpriority(PRIO_PROCESS, 0, DEFAULT_PROCESS_PRIORITY))
-				log_dbg("setpriority %d failed: %s",
+				log_dbg(ctx, "setpriority %d failed: %s",
 					DEFAULT_PROCESS_PRIORITY, strerror(errno));
 	}
 	return _memlock_count ? 1 : 0;
@@ -90,11 +90,11 @@ int crypt_memlock_inc(struct crypt_device *ctx)
 int crypt_memlock_dec(struct crypt_device *ctx)
 {
 	if (_memlock_count && (!--_memlock_count)) {
-		log_dbg("Unlocking memory.");
+		log_dbg(ctx, "Unlocking memory.");
 		if (munlockall() == -1)
 			log_err(ctx, _("Cannot unlock memory."));
 		if (setpriority(PRIO_PROCESS, 0, _priority))
-			log_dbg("setpriority %d failed: %s", _priority, strerror(errno));
+			log_dbg(ctx, "setpriority %d failed: %s", _priority, strerror(errno));
 	}
 	return _memlock_count ? 1 : 0;
 }
--- a/lib/utils_benchmark.c
+++ b/lib/utils_benchmark.c
@@ -1,8 +1,8 @@
 /*
 * libcryptsetup - cryptsetup library, cipher benchmark
 *
- * Copyright (C) 2012-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2012-2018, Milan Broz
+ * Copyright (C) 2012-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -63,7 +63,8 @@ static int time_ms(struct timespec *start, struct timespec *end, double *ms)
 	return 0;
 }

-static int cipher_perf_one(struct cipher_perf *cp, char *buf,
+static int cipher_perf_one(struct crypt_device *cd,
+			   struct cipher_perf *cp, char *buf,
 			   size_t buf_size, int enc)
 {
 	struct crypt_cipher *cipher = NULL;
@@ -75,7 +76,7 @@ static int cipher_perf_one(struct cipher_perf *cp, char *buf,

 	r = crypt_cipher_init(&cipher, cp->name, cp->mode, cp->key, cp->key_length);
 	if (r < 0) {
-		log_dbg("Cannot initialise cipher %s, mode %s.", cp->name, cp->mode);
+		log_dbg(cd, "Cannot initialise cipher %s, mode %s.", cp->name, cp->mode);
 		return r;
 	}

@@ -99,7 +100,8 @@ static int cipher_perf_one(struct cipher_perf *cp, char *buf,

 	return r;
 }
-static int cipher_measure(struct cipher_perf *cp, char *buf,
+static int cipher_measure(struct crypt_device *cd,
+			  struct cipher_perf *cp, char *buf,
 			  size_t buf_size, int encrypt, double *ms)
 {
 	struct timespec start, end;
@@ -112,7 +114,7 @@ static int cipher_measure(struct cipher_perf *cp, char *buf,
 	if (clock_gettime(CLOCK_MONOTONIC, &start) < 0)
 		return -EINVAL;

-	r = cipher_perf_one(cp, buf, buf_size, encrypt);
+	r = cipher_perf_one(cd, cp, buf, buf_size, encrypt);
 	if (r < 0)
 		return r;

@@ -124,7 +126,7 @@ static int cipher_measure(struct cipher_perf *cp, char *buf,
 		return r;

 	if (*ms < CIPHER_TIME_MIN_MS) {
-		log_dbg("Measured cipher runtime (%1.6f) is too low.", *ms);
+		log_dbg(cd, "Measured cipher runtime (%1.6f) is too low.", *ms);
 		return -ERANGE;
 	}

@@ -138,7 +140,7 @@ static double speed_mbs(unsigned long bytes, double ms)
 	return speed / (1024 * 1024) / s;
 }

-static int cipher_perf(struct cipher_perf *cp,
+static int cipher_perf(struct crypt_device *cd, struct cipher_perf *cp,
 	double *encryption_mbs, double *decryption_mbs)
 {
 	double ms_enc, ms_dec, ms;
@@ -151,7 +153,7 @@ static int cipher_perf(struct cipher_perf *cp,
 	ms_enc = 0.0;
 	repeat_enc = 1;
 	while (ms_enc < 1000.0) {
-		r = cipher_measure(cp, buf, cp->buffer_size, 1, &ms);
+		r = cipher_measure(cd, cp, buf, cp->buffer_size, 1, &ms);
 		if (r < 0) {
 			free(buf);
 			return r;
@@ -163,7 +165,7 @@ static int cipher_perf(struct cipher_perf *cp,
 	ms_dec = 0.0;
 	repeat_dec = 1;
 	while (ms_dec < 1000.0) {
-		r = cipher_measure(cp, buf, cp->buffer_size, 0, &ms);
+		r = cipher_measure(cd, cp, buf, cp->buffer_size, 0, &ms);
 		if (r < 0) {
 			free(buf);
 			return r;
@@ -224,7 +226,7 @@ int crypt_benchmark(struct crypt_device *cd,
 	if ((c  = strchr(cp.mode, '-')))
 		*c = '\0';

-	r = cipher_perf(&cp, encryption_mbs, decryption_mbs);
+	r = cipher_perf(cd, &cp, encryption_mbs, decryption_mbs);
 out:
 	free(cp.key);
 	free(cp.iv);
@@ -253,7 +255,7 @@ int crypt_benchmark_pbkdf(struct crypt_device *cd,

 	kdf_opt = !strcmp(pbkdf->type, CRYPT_KDF_PBKDF2) ? pbkdf->hash : "";

-	log_dbg("Running %s(%s) benchmark.", pbkdf->type, kdf_opt);
+	log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt);

 	r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size,
 			     salt, salt_size, volume_key_size, pbkdf->time_ms,
@@ -261,19 +263,24 @@ int crypt_benchmark_pbkdf(struct crypt_device *cd,
 			     &pbkdf->iterations, &pbkdf->max_memory_kb, progress, usrptr);

 	if (!r)
-		log_dbg("Benchmark returns %s(%s) %u iterations, %u memory, %u threads (for %zu-bits key).",
+		log_dbg(cd, "Benchmark returns %s(%s) %u iterations, %u memory, %u threads (for %zu-bits key).",
 			pbkdf->type, kdf_opt, pbkdf->iterations, pbkdf->max_memory_kb,
 			pbkdf->parallel_threads, volume_key_size * 8);
 	return r;
 }

+struct benchmark_usrptr {
+	struct crypt_device *cd;
+	struct crypt_pbkdf_type *pbkdf;
+};
+
 static int benchmark_callback(uint32_t time_ms, void *usrptr)
 {
-	struct crypt_pbkdf_type *pbkdf = usrptr;
+	struct benchmark_usrptr *u = usrptr;

-	log_dbg("PBKDF benchmark: memory cost = %u, iterations = %u, "
-		"threads = %u (took %u ms)", pbkdf->max_memory_kb,
-		pbkdf->iterations, pbkdf->parallel_threads, time_ms);
+	log_dbg(u->cd, "PBKDF benchmark: memory cost = %u, iterations = %u, "
+		"threads = %u (took %u ms)", u->pbkdf->max_memory_kb,
+		u->pbkdf->iterations, u->pbkdf->parallel_threads, time_ms);

 	return 0;
 }
@@ -293,6 +300,10 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
 	double PBKDF2_tmp;
 	uint32_t ms_tmp;
 	int r = -EINVAL;
+	struct benchmark_usrptr u = {
+		.cd = cd,
+		.pbkdf = pbkdf
+	};

 	r = crypt_pbkdf_get_limits(pbkdf->type, &pbkdf_limits);
 	if (r)
@@ -300,7 +311,7 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,

 	if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK) {
 		if (pbkdf->iterations) {
-			log_dbg("Reusing PBKDF values (no benchmark flag is set).");
+			log_dbg(cd, "Reusing PBKDF values (no benchmark flag is set).");
 			return 0;
 		}
 		log_err(cd, _("PBKDF benchmark disabled but iterations not set."));
@@ -319,7 +330,7 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
 		pbkdf->max_memory_kb = 0; /* N/A in PBKDF2 */

 		r = crypt_benchmark_pbkdf(cd, pbkdf, "foo", 3, "bar", 3,
-					volume_key_size, &benchmark_callback, pbkdf);
+					volume_key_size, &benchmark_callback, &u);
 		pbkdf->time_ms = ms_tmp;
 		if (r < 0) {
 			log_err(cd, _("Not compatible PBKDF2 options (using hash algorithm %s)."),
@@ -334,13 +345,13 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
 	} else {
 		/* Already benchmarked */
 		if (pbkdf->iterations) {
-			log_dbg("Reusing PBKDF values.");
+			log_dbg(cd, "Reusing PBKDF values.");
 			return 0;
 		}

 		r = crypt_benchmark_pbkdf(cd, pbkdf, "foo", 3,
 			"0123456789abcdef0123456789abcdef", 32,
-			volume_key_size, &benchmark_callback, pbkdf);
+			volume_key_size, &benchmark_callback, &u);
 		if (r < 0)
 			log_err(cd, _("Not compatible PBKDF options."));
 	}
--- a/lib/utils_blkid.c
+++ b/lib/utils_blkid.c
@@ -1,7 +1,7 @@
 /*
 * blkid probe utilities
 *
- * Copyright (C) 2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2019 Red Hat, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/utils_blkid.h
+++ b/lib/utils_blkid.h
@@ -1,7 +1,7 @@
 /*
 * blkid probe utilities
 *
- * Copyright (C) 2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2018-2019 Red Hat, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/utils_crypt.c
+++ b/lib/utils_crypt.c
@@ -1,9 +1,9 @@
 /*
 * utils_crypt - cipher utilities for cryptsetup
 *
- * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2018, Milan Broz
+ * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/utils_crypt.h
+++ b/lib/utils_crypt.h
@@ -1,9 +1,9 @@
 /*
 * utils_crypt - cipher utilities for cryptsetup
 *
- * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2018, Milan Broz
+ * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/utils_device.c
+++ b/lib/utils_device.c
@@ -1,10 +1,10 @@
 /*
 * device backend utilities
 *
- * Copyright (C) 2004, Jana Saout <jana@saout.de>
- * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2018, Milan Broz
+ * Copyright (C) 2004 Jana Saout <jana@saout.de>
+ * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -49,7 +49,7 @@ struct device {
 	struct crypt_lock_handle *lh;

 	unsigned int o_direct:1;
-	unsigned int init_done:1;
+	unsigned int init_done:1; /* path is bdev or loop already initialized */

 	/* cached values */
 	size_t alignment;
@@ -153,14 +153,14 @@ static int device_read_test(int devfd)
 * The read test is needed to detect broken configurations (seen with remote
 * block devices) that allow open with direct-io but then fails on read.
 */
-static int device_ready(struct device *device)
+static int device_ready(struct crypt_device *cd, struct device *device)
 {
 	int devfd = -1, r = 0;
 	struct stat st;
 	size_t tmp_size;

 	if (device->o_direct) {
-		log_dbg("Trying to open and read device %s with direct-io.",
+		log_dbg(cd, "Trying to open and read device %s with direct-io.",
 			device_path(device));
 		device->o_direct = 0;
 		devfd = open(device_path(device), O_RDONLY | O_DIRECT);
@@ -175,13 +175,13 @@ static int device_ready(struct device *device)
 	}

 	if (devfd < 0) {
-		log_dbg("Trying to open device %s without direct-io.",
+		log_dbg(cd, "Trying to open device %s without direct-io.",
 			device_path(device));
 		devfd = open(device_path(device), O_RDONLY);
 	}

 	if (devfd < 0) {
-		log_err(NULL, _("Device %s doesn't exist or access denied."),
+		log_err(cd, _("Device %s doesn't exist or access denied."),
 			device_path(device));
 		return -EINVAL;
 	}
@@ -191,7 +191,7 @@ static int device_ready(struct device *device)
 	else if (!S_ISBLK(st.st_mode))
 		r = S_ISREG(st.st_mode) ? -ENOTBLK : -EINVAL;
 	if (r == -EINVAL) {
-		log_err(NULL, _("Device %s is not compatible."),
+		log_err(cd, _("Device %s is not compatible."),
 			device_path(device));
 		close(devfd);
 		return r;
@@ -210,14 +210,14 @@ static int device_ready(struct device *device)
 	return r;
 }

-static int _open_locked(struct device *device, int flags)
+static int _open_locked(struct crypt_device *cd, struct device *device, int flags)
 {
 	int fd;

-	log_dbg("Opening locked device %s", device_path(device));
+	log_dbg(cd, "Opening locked device %s", device_path(device));

 	if ((flags & O_ACCMODE) != O_RDONLY && device_locked_readonly(device->lh)) {
-		log_dbg("Can not open locked device %s in write mode. Read lock held.", device_path(device));
+		log_dbg(cd, "Can not open locked device %s in write mode. Read lock held.", device_path(device));
 		return -EAGAIN;
 	}

@@ -225,10 +225,10 @@ static int _open_locked(struct device *device, int flags)
 	if (fd < 0)
 		return -errno;

-	if (device_locked_verify(fd, device->lh)) {
+	if (device_locked_verify(cd, fd, device->lh)) {
 		/* fd doesn't correspond to a locked resource */
 		close(fd);
-		log_dbg("Failed to verify lock resource for device %s.", device_path(device));
+		log_dbg(cd, "Failed to verify lock resource for device %s.", device_path(device));
 		return -EINVAL;
 	}

@@ -239,10 +239,10 @@ static int _open_locked(struct device *device, int flags)
 * Common wrapper for device sync.
 * FIXME: file descriptor will be in struct later.
 */
-void device_sync(struct device *device, int devfd)
+void device_sync(struct crypt_device *cd, struct device *device, int devfd)
 {
 	if (fsync(devfd) == -1)
-		log_dbg("Cannot sync device %s.", device_path(device));
+		log_dbg(cd, "Cannot sync device %s.", device_path(device));
 }

 /*
@@ -254,7 +254,7 @@ void device_sync(struct device *device, int devfd)
 * 	-EINVAL : invalid lock fd state
 * 	-1	: all other errors
 */
-static int device_open_internal(struct device *device, int flags)
+static int device_open_internal(struct crypt_device *cd, struct device *device, int flags)
 {
 	int devfd;

@@ -262,28 +262,28 @@ static int device_open_internal(struct device *device, int flags)
 		flags |= O_DIRECT;

 	if (device_locked(device->lh))
-		devfd = _open_locked(device, flags);
+		devfd = _open_locked(cd, device, flags);
 	else
 		devfd = open(device_path(device), flags);

 	if (devfd < 0)
-		log_dbg("Cannot open device %s%s.",
+		log_dbg(cd, "Cannot open device %s%s.",
 			device_path(device),
 			(flags & O_ACCMODE) != O_RDONLY ? " for write" : "");

 	return devfd;
 }

-int device_open(struct device *device, int flags)
+int device_open(struct crypt_device *cd, struct device *device, int flags)
 {
 	assert(!device_locked(device->lh));
-	return device_open_internal(device, flags);
+	return device_open_internal(cd, device, flags);
 }

-int device_open_locked(struct device *device, int flags)
+int device_open_locked(struct crypt_device *cd, struct device *device, int flags)
 {
 	assert(!crypt_metadata_locking_enabled() || device_locked(device->lh));
-	return device_open_internal(device, flags);
+	return device_open_internal(cd, device, flags);
 }

 /* Avoid any read from device, expects direct-io to work. */
@@ -313,7 +313,7 @@ int device_alloc_no_check(struct device **device, const char *path)
 	return 0;
 }

-int device_alloc(struct device **device, const char *path)
+int device_alloc(struct crypt_device *cd, struct device **device, const char *path)
 {
 	struct device *dev;
 	int r;
@@ -323,7 +323,7 @@ int device_alloc(struct device **device, const char *path)
 		return r;

 	if (dev) {
-		r = device_ready(dev);
+		r = device_ready(cd, dev);
 		if (!r) {
 			dev->init_done = 1;
 		} else if (r == -ENOTBLK) {
@@ -339,13 +339,13 @@ int device_alloc(struct device **device, const char *path)
 	return 0;
 }

-void device_free(struct device *device)
+void device_free(struct crypt_device *cd, struct device *device)
 {
 	if (!device)
 		return;

 	if (device->loop_fd != -1) {
-		log_dbg("Closed loop %s (%s).", device->path, device->file_path);
+		log_dbg(cd, "Closed loop %s (%s).", device->path, device->file_path);
 		close(device->loop_fd);
 	}

@@ -399,10 +399,11 @@ const char *device_path(const struct device *device)
 #define BLKALIGNOFF _IO(0x12,122)
 #endif

-void device_topology_alignment(struct device *device,
-			    unsigned long *required_alignment, /* bytes */
-			    unsigned long *alignment_offset,   /* bytes */
-			    unsigned long default_alignment)
+void device_topology_alignment(struct crypt_device *cd,
+			       struct device *device,
+			       unsigned long *required_alignment, /* bytes */
+			       unsigned long *alignment_offset,   /* bytes */
+			       unsigned long default_alignment)
 {
 	int dev_alignment_offset = 0;
 	unsigned int min_io_size = 0, opt_io_size = 0;
@@ -421,7 +422,7 @@ void device_topology_alignment(struct device *device,

 	/* minimum io size */
 	if (ioctl(fd, BLKIOMIN, &min_io_size) == -1) {
-		log_dbg("Topology info for %s not supported, using default offset %lu bytes.",
+		log_dbg(cd, "Topology info for %s not supported, using default offset %lu bytes.",
 			device->path, default_alignment);
 		goto out;
 	}
@@ -446,13 +447,13 @@ void device_topology_alignment(struct device *device,
 	if (temp_alignment && (default_alignment % temp_alignment))
 		*required_alignment = temp_alignment;

-	log_dbg("Topology: IO (%u/%u), offset = %lu; Required alignment is %lu bytes.",
+	log_dbg(cd, "Topology: IO (%u/%u), offset = %lu; Required alignment is %lu bytes.",
 		min_io_size, opt_io_size, *alignment_offset, *required_alignment);
 out:
 	(void)close(fd);
 }

-size_t device_block_size(struct device *device)
+size_t device_block_size(struct crypt_device *cd, struct device *device)
 {
 	int fd;

@@ -469,7 +470,7 @@ size_t device_block_size(struct device *device)
 	}

 	if (!device->block_size)
-		log_dbg("Cannot get block size for device %s.", device_path(device));
+		log_dbg(cd, "Cannot get block size for device %s.", device_path(device));

 	return device->block_size;
 }
@@ -524,11 +525,11 @@ int device_fallocate(struct device *device, uint64_t size)
 	int devfd, r = -EINVAL;

 	devfd = open(device_path(device), O_RDWR);
-	if(devfd == -1)
+	if (devfd == -1)
 		return -EINVAL;

 	if (!fstat(devfd, &st) && S_ISREG(st.st_mode) &&
-	    !posix_fallocate(devfd, 0, size)) {
+	    ((uint64_t)st.st_size >= size || !posix_fallocate(devfd, 0, size))) {
 		r = 0;
 		if (device->file_path && crypt_loop_resize(device->path))
 			r = -EINVAL;
@@ -538,6 +539,32 @@ int device_fallocate(struct device *device, uint64_t size)
 	return r;
 }

+int device_check_size(struct crypt_device *cd,
+		      struct device *device,
+		      uint64_t req_offset, int falloc)
+{
+	uint64_t dev_size;
+
+	if (device_size(device, &dev_size)) {
+		log_dbg(cd, "Cannot get device size for device %s.", device_path(device));
+		return -EIO;
+	}
+
+	log_dbg(cd, "Device size %" PRIu64 ", offset %" PRIu64 ".", dev_size, req_offset);
+
+	if (req_offset > dev_size) {
+		/* If it is header file, increase its size */
+		if (falloc && !device_fallocate(device, req_offset))
+			return 0;
+
+		log_err(cd, _("Device %s is too small. Need at least %" PRIu64 " bytes."),
+			device_path(device), req_offset);
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
 static int device_info(struct crypt_device *cd,
 		       struct device *device,
 		       enum devcheck device_check,
@@ -646,7 +673,7 @@ static int device_internal_prepare(struct crypt_device *cd, struct device *devic
 		return -ENOTSUP;
 	}

-	log_dbg("Allocating a free loop device.");
+	log_dbg(cd, "Allocating a free loop device.");

 	/* Keep the loop open, dettached on last close. */
 	loop_fd = crypt_loop_attach(&loop_device, device->path, 0, 1, &readonly);
@@ -660,7 +687,7 @@ static int device_internal_prepare(struct crypt_device *cd, struct device *devic
 	file_path = device->path;
 	device->path = loop_device;

-	r = device_ready(device);
+	r = device_ready(cd, device);
 	if (r < 0) {
 		device->path = file_path;
 		crypt_loop_detach(loop_device);
@@ -713,7 +740,7 @@ int device_block_adjust(struct crypt_device *cd,

 	/* in case of size is set by parameter */
 	if (size && ((real_size - device_offset) < *size)) {
-		log_dbg("Device %s: offset = %" PRIu64 " requested size = %" PRIu64
+		log_dbg(cd, "Device %s: offset = %" PRIu64 " requested size = %" PRIu64
 			", backing device size = %" PRIu64,
 			device->path, device_offset, *size, real_size);
 		log_err(cd, _("Device %s is too small."), device_path(device));
@@ -724,7 +751,7 @@ int device_block_adjust(struct crypt_device *cd,
 		*flags |= CRYPT_ACTIVATE_READONLY;

 	if (size)
-		log_dbg("Calculated device size is %" PRIu64" sectors (%s), offset %" PRIu64 ".",
+		log_dbg(cd, "Calculated device size is %" PRIu64" sectors (%s), offset %" PRIu64 ".",
 		*size, real_readonly ? "RO" : "RW", device_offset);
 	return 0;
 }
@@ -745,15 +772,29 @@ int device_direct_io(const struct device *device)
 	return device->o_direct;
 }

+static dev_t device_devno(const struct device *device)
+{
+	struct stat st;
+
+	if (stat(device->path, &st) || !S_ISBLK(st.st_mode))
+		return 0;
+
+	return st.st_rdev;
+}
+
 int device_is_identical(struct device *device1, struct device *device2)
 {
+	if (!device1 || !device2)
+		return 0;
+
 	if (device1 == device2)
 		return 1;

-	if (!device1 || !device2 || !device_path(device1) || !device_path(device2))
+	if (device1->init_done && device2->init_done)
+		return (device_devno(device1) == device_devno(device2));
+	else if (device1->init_done || device2->init_done)
 		return 0;

-	/* This should be better check - major/minor for block device etc */
 	if (!strcmp(device_path(device1), device_path(device2)))
 		return 1;

@@ -798,7 +839,7 @@ int device_read_lock(struct crypt_device *cd, struct device *device)
 	device->lh = device_read_lock_handle(cd, device_path(device));

 	if (device_locked(device->lh)) {
-		log_dbg("Device %s READ lock taken.", device_path(device));
+		log_dbg(cd, "Device %s READ lock taken.", device_path(device));
 		return 0;
 	}

@@ -815,37 +856,37 @@ int device_write_lock(struct crypt_device *cd, struct device *device)
 	device->lh = device_write_lock_handle(cd, device_path(device));

 	if (device_locked(device->lh)) {
-		log_dbg("Device %s WRITE lock taken.", device_path(device));
+		log_dbg(cd, "Device %s WRITE lock taken.", device_path(device));
 		return 0;
 	}

 	return -EBUSY;
 }

-void device_read_unlock(struct device *device)
+void device_read_unlock(struct crypt_device *cd, struct device *device)
 {
 	if (!crypt_metadata_locking_enabled())
 		return;

 	assert(device_locked(device->lh) && device_locked_readonly(device->lh));

-	device_unlock_handle(device->lh);
+	device_unlock_handle(cd, device->lh);

-	log_dbg("Device %s READ lock released.", device_path(device));
+	log_dbg(cd, "Device %s READ lock released.", device_path(device));

 	device->lh = NULL;
 }

-void device_write_unlock(struct device *device)
+void device_write_unlock(struct crypt_device *cd, struct device *device)
 {
 	if (!crypt_metadata_locking_enabled())
 		return;

 	assert(device_locked(device->lh) && !device_locked_readonly(device->lh));

-	device_unlock_handle(device->lh);
+	device_unlock_handle(cd, device->lh);

-	log_dbg("Device %s WRITE lock released.", device_path(device));
+	log_dbg(cd, "Device %s WRITE lock released.", device_path(device));

 	device->lh = NULL;
 }
--- a/lib/utils_device_locking.c
+++ b/lib/utils_device_locking.c
@@ -1,8 +1,8 @@
 /*
 * Metadata on-disk locking for processes serialization
 *
- * Copyright (C) 2016-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2018, Ondrej Kozina. All rights reserved.
+ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2019 Ondrej Kozina
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -75,7 +75,7 @@ static int open_lock_dir(struct crypt_device *cd, const char *dir, const char *b

 	dirfd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
 	if (dirfd < 0) {
-		log_dbg("Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno));
+		log_dbg(cd, "Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno));
 		if (errno == ENOTDIR || errno == ENOENT)
 			log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."), dir, base);
 		return -EINVAL;
@@ -88,11 +88,11 @@ static int open_lock_dir(struct crypt_device *cd, const char *dir, const char *b

 			/* success or failure w/ errno == EEXIST either way just try to open the 'base' directory again */
 			if (mkdirat(dirfd, base, DEFAULT_LUKS2_LOCK_DIR_PERMS) && errno != EEXIST)
-				log_dbg("Failed to create directory %s in %s (%d: %s).", base, dir, errno, strerror(errno));
+				log_dbg(cd, "Failed to create directory %s in %s (%d: %s).", base, dir, errno, strerror(errno));
 			else
 				lockdfd = openat(dirfd, base, O_RDONLY | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
 		} else {
-			log_dbg("Failed to open directory %s/%s: (%d: %s)", dir, base, errno, strerror(errno));
+			log_dbg(cd, "Failed to open directory %s/%s: (%d: %s)", dir, base, errno, strerror(errno));
 			if (errno == ENOTDIR || errno == ELOOP)
 				log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."), dir, base, base);
 		}
@@ -112,7 +112,7 @@ static int open_resource(struct crypt_device *cd, const char *res)
 	if (lockdir_fd < 0)
 		return -EINVAL;

-	log_dbg("Opening lock resource file %s/%s", DEFAULT_LUKS2_LOCK_PATH, res);
+	log_dbg(cd, "Opening lock resource file %s/%s", DEFAULT_LUKS2_LOCK_PATH, res);
 	r = openat(lockdir_fd, res, O_CREAT | O_NOFOLLOW | O_RDWR | O_CLOEXEC, 0777);
 	err = errno;

@@ -169,7 +169,7 @@ static int acquire_lock_handle(struct crypt_device *cd, const char *device_path,
 	return 0;
 }

-static void release_lock_handle(struct crypt_lock_handle *h)
+static void release_lock_handle(struct crypt_device *cd, struct crypt_lock_handle *h)
 {
 	char res[PATH_MAX];
 	struct stat buf_a, buf_b;
@@ -182,11 +182,11 @@ static void release_lock_handle(struct crypt_lock_handle *h)
 	    same_inode(buf_a, buf_b)) { /* is it same id as the one referenced by fd? */
 		/* coverity[toctou] */
 		if (unlink(res)) /* yes? unlink the file */
-			log_dbg("Failed to unlink resource file: %s", res);
+			log_dbg(cd, "Failed to unlink resource file: %s", res);
 	}

 	if (close(h->flock_fd))
-		log_dbg("Failed to close resource fd (%d).", h->flock_fd);
+		log_dbg(cd, "Failed to close resource fd (%d).", h->flock_fd);
 }

 int device_locked(struct crypt_lock_handle *h)
@@ -230,16 +230,16 @@ struct crypt_lock_handle *device_read_lock_handle(struct crypt_device *cd, const
 		if (r)
 			break;

-		log_dbg("Acquiring read lock for device %s.", device_path);
+		log_dbg(cd, "Acquiring read lock for device %s.", device_path);

 		if (flock(h->flock_fd, LOCK_SH)) {
-			log_dbg("Shared flock failed with errno %d.", errno);
+			log_dbg(cd, "Shared flock failed with errno %d.", errno);
 			r = -EINVAL;
-			release_lock_handle(h);
+			release_lock_handle(cd, h);
 			break;
 		}

-		log_dbg("Verifying read lock handle for device %s.", device_path);
+		log_dbg(cd, "Verifying read lock handle for device %s.", device_path);

 		/*
 		 * check whether another libcryptsetup process removed resource file before this
@@ -248,8 +248,8 @@ struct crypt_lock_handle *device_read_lock_handle(struct crypt_device *cd, const
 		r = verify_lock_handle(device_path, h);
 		if (r) {
 			flock(h->flock_fd, LOCK_UN);
-			release_lock_handle(h);
-			log_dbg("Read lock handle verification failed.");
+			release_lock_handle(cd, h);
+			log_dbg(cd, "Read lock handle verification failed.");
 		}
 	} while (r == -EAGAIN);

@@ -276,16 +276,16 @@ struct crypt_lock_handle *device_write_lock_handle(struct crypt_device *cd, cons
 		if (r)
 			break;

-		log_dbg("Acquiring write lock for device %s.", device_path);
+		log_dbg(cd, "Acquiring write lock for device %s.", device_path);

 		if (flock(h->flock_fd, LOCK_EX)) {
-			log_dbg("Exclusive flock failed with errno %d.", errno);
+			log_dbg(cd, "Exclusive flock failed with errno %d.", errno);
 			r = -EINVAL;
-			release_lock_handle(h);
+			release_lock_handle(cd, h);
 			break;
 		}

-		log_dbg("Verifying write lock handle for device %s.", device_path);
+		log_dbg(cd, "Verifying write lock handle for device %s.", device_path);

 		/*
 		 * check whether another libcryptsetup process removed resource file before this
@@ -294,8 +294,8 @@ struct crypt_lock_handle *device_write_lock_handle(struct crypt_device *cd, cons
 		r = verify_lock_handle(device_path, h);
 		if (r) {
 			flock(h->flock_fd, LOCK_UN);
-			release_lock_handle(h);
-			log_dbg("Write lock handle verification failed.");
+			release_lock_handle(cd, h);
+			log_dbg(cd, "Write lock handle verification failed.");
 		}
 	} while (r == -EAGAIN);

@@ -309,17 +309,17 @@ struct crypt_lock_handle *device_write_lock_handle(struct crypt_device *cd, cons
 	return h;
 }

-void device_unlock_handle(struct crypt_lock_handle *h)
+void device_unlock_handle(struct crypt_device *cd, struct crypt_lock_handle *h)
 {
 	if (flock(h->flock_fd, LOCK_UN))
-		log_dbg("flock on fd %d failed.", h->flock_fd);
+		log_dbg(cd, "flock on fd %d failed.", h->flock_fd);

-	release_lock_handle(h);
+	release_lock_handle(cd, h);

 	free(h);
 }

-int device_locked_verify(int dev_fd, struct crypt_lock_handle *h)
+int device_locked_verify(struct crypt_device *cd, int dev_fd, struct crypt_lock_handle *h)
 {
 	char res[PATH_MAX];
 	struct stat dev_st, lck_st, st;
@@ -329,11 +329,11 @@ int device_locked_verify(int dev_fd, struct crypt_lock_handle *h)

 	/* if device handle is regular file the handle must match the lock handle */
 	if (S_ISREG(dev_st.st_mode)) {
-		log_dbg("Veryfing locked device handle (regular file)");
+		log_dbg(cd, "Veryfing locked device handle (regular file)");
 		if (!same_inode(dev_st, lck_st))
 			return 1;
 	} else if (S_ISBLK(dev_st.st_mode)) {
-		log_dbg("Veryfing locked device handle (bdev)");
+		log_dbg(cd, "Veryfing locked device handle (bdev)");
 		if (resource_by_devno(res, sizeof(res), dev_st.st_rdev, 1) ||
 		    stat(res, &st) ||
 		    !same_inode(lck_st, st))
--- a/lib/utils_device_locking.h
+++ b/lib/utils_device_locking.h
@@ -1,8 +1,8 @@
 /*
 * Metadata on-disk locking for processes serialization
 *
- * Copyright (C) 2016-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2018, Ondrej Kozina. All rights reserved.
+ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2019 Ondrej Kozina
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -30,8 +30,8 @@ int device_locked(struct crypt_lock_handle *h);

 struct crypt_lock_handle *device_read_lock_handle(struct crypt_device *cd, const char *device_path);
 struct crypt_lock_handle *device_write_lock_handle(struct crypt_device *cd, const char *device_path);
-void device_unlock_handle(struct crypt_lock_handle *h);
+void device_unlock_handle(struct crypt_device *cd, struct crypt_lock_handle *h);

-int device_locked_verify(int fd, struct crypt_lock_handle *h);
+int device_locked_verify(struct crypt_device *cd, int fd, struct crypt_lock_handle *h);

 #endif
--- a/lib/utils_devpath.c
+++ b/lib/utils_devpath.c
@@ -1,10 +1,10 @@
 /*
 * devname - search for device name
 *
- * Copyright (C) 2004, Jana Saout <jana@saout.de>
- * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2018, Milan Broz
+ * Copyright (C) 2004 Jana Saout <jana@saout.de>
+ * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/utils_dm.h
+++ b/lib/utils_dm.h
@@ -1,10 +1,10 @@
 /*
 * libdevmapper - device-mapper backend for cryptsetup
 *
- * Copyright (C) 2004, Jana Saout <jana@saout.de>
- * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2018, Milan Broz
+ * Copyright (C) 2004 Jana Saout <jana@saout.de>
+ * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -31,6 +31,7 @@ struct crypt_device;
 struct volume_key;
 struct crypt_params_verity;
 struct device;
+struct crypt_params_integrity;

 /* Device mapper backend - kernel support flags */
 #define DM_KEY_WIPE_SUPPORTED (1 << 0)	/* key wipe message */
@@ -49,10 +50,12 @@ struct device;
 #define DM_SECTOR_SIZE_SUPPORTED (1 << 13) /* support for sector size setting in dm-crypt/dm-integrity */
 #define DM_CAPI_STRING_SUPPORTED (1 << 14) /* support for cryptoapi format cipher definition */
 #define DM_DEFERRED_SUPPORTED (1 << 15) /* deferred removal of device */
+#define DM_INTEGRITY_RECALC_SUPPORTED (1 << 16) /* dm-integrity automatic recalculation supported */

-typedef enum { DM_CRYPT = 0, DM_VERITY, DM_INTEGRITY, DM_UNKNOWN } dm_target_type;
+typedef enum { DM_CRYPT = 0, DM_VERITY, DM_INTEGRITY, DM_LINEAR, DM_UNKNOWN } dm_target_type;
+enum tdirection { TARGET_SET = 1, TARGET_QUERY };

-int dm_flags(dm_target_type target, uint32_t *flags);
+int dm_flags(struct crypt_device *cd, dm_target_type target, uint32_t *flags);

 #define DM_ACTIVE_DEVICE	(1 << 0)
 #define DM_ACTIVE_UUID		(1 << 1)
@@ -68,18 +71,16 @@ int dm_flags(dm_target_type target, uint32_t *flags);

 #define DM_ACTIVE_INTEGRITY_PARAMS	(1 << 9)

-struct crypt_dm_active_device {
-	dm_target_type target;
-	uint64_t size;		/* active device size */
-	uint32_t flags;		/* activation flags */
-	const char *uuid;
+struct dm_target {
+	dm_target_type type;
+	enum tdirection direction;
+	uint64_t offset;
+	uint64_t size;
 	struct device *data_device;
-	unsigned holders:1;
 	union {
 	struct {
 		const char *cipher;
 		const char *integrity;
-		char *key_description;

 		/* Active key for device */
 		struct volume_key *vk;
@@ -122,12 +123,55 @@ struct crypt_dm_active_device {

 		const char *journal_crypt;
 		struct volume_key *journal_crypt_key;
+
+		struct device *meta_device;
 	} integrity;
+	struct {
+		uint64_t offset;
+	} linear;
 	} u;
+
+	char *params;
+	struct dm_target *next;
 };

-void dm_backend_init(void);
-void dm_backend_exit(void);
+struct crypt_dm_active_device {
+	uint64_t size;		/* active device size */
+	uint32_t flags;		/* activation flags */
+	const char *uuid;
+
+	unsigned holders:1;	/* device holders detected (on query only) */
+
+	struct dm_target segment;
+};
+
+static inline bool single_segment(const struct crypt_dm_active_device *dmd)
+{
+	return dmd && !dmd->segment.next;
+}
+
+void dm_backend_init(struct crypt_device *cd);
+void dm_backend_exit(struct crypt_device *cd);
+
+int dm_targets_allocate(struct dm_target *first, unsigned count);
+void dm_targets_free(struct crypt_device *cd, struct crypt_dm_active_device *dmd);
+
+int dm_crypt_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
+	struct device *data_device, struct volume_key *vk, const char *cipher,
+	size_t iv_offset, size_t data_offset, const char *integrity,
+	uint32_t tag_size, uint32_t sector_size);
+int dm_verity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
+	struct device *data_device, struct device *hash_device, struct device *fec_device,
+	const char *root_hash, uint32_t root_hash_size, uint64_t hash_offset_block,
+	uint64_t hash_blocks, struct crypt_params_verity *vp);
+int dm_integrity_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
+	struct device *meta_device,
+	struct device *data_device, uint64_t tag_size, uint64_t offset, uint32_t sector_size,
+	struct volume_key *vk,
+	struct volume_key *journal_crypt_key, struct volume_key *journal_mac_key,
+	const struct crypt_params_integrity *ip);
+int dm_linear_target_set(struct dm_target *tgt, size_t seg_offset, size_t seg_size,
+	struct device *data_device, size_t data_offset);

 int dm_remove_device(struct crypt_device *cd, const char *name, uint32_t flags);
 int dm_status_device(struct crypt_device *cd, const char *name);
@@ -137,16 +181,20 @@ int dm_status_integrity_failures(struct crypt_device *cd, const char *name, uint
 int dm_query_device(struct crypt_device *cd, const char *name,
 		    uint32_t get_flags, struct crypt_dm_active_device *dmd);
 int dm_create_device(struct crypt_device *cd, const char *name,
-		     const char *type, struct crypt_dm_active_device *dmd,
-		     int reload);
+		     const char *type, struct crypt_dm_active_device *dmd);
+int dm_reload_device(struct crypt_device *cd, const char *name,
+		     struct crypt_dm_active_device *dmd, unsigned resume);
 int dm_suspend_device(struct crypt_device *cd, const char *name);
 int dm_suspend_and_wipe_key(struct crypt_device *cd, const char *name);
+int dm_resume_device(struct crypt_device *cd, const char *name, uint32_t flags);
 int dm_resume_and_reinstate_key(struct crypt_device *cd, const char *name,
 				const struct volume_key *vk);
+int dm_error_device(struct crypt_device *cd, const char *name);
+int dm_clear_device(struct crypt_device *cd, const char *name);

 const char *dm_get_dir(void);

-int lookup_dm_dev_by_uuid(const char *uuid, const char *type);
+int lookup_dm_dev_by_uuid(struct crypt_device *cd, const char *uuid, const char *type);

 /* These are DM helpers used only by utils_devpath file */
 int dm_is_dm_device(int major, int minor);
--- a/lib/utils_fips.c
+++ b/lib/utils_fips.c
@@ -1,7 +1,7 @@
 /*
 * FIPS mode utilities
 *
- * Copyright (C) 2011-2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2019 Red Hat, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/utils_fips.h
+++ b/lib/utils_fips.h
@@ -1,7 +1,7 @@
 /*
 * FIPS mode utilities
 *
- * Copyright (C) 2011-2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2011-2019 Red Hat, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/utils_io.c
+++ b/lib/utils_io.c
@@ -1,10 +1,10 @@
 /*
 * utils - miscellaneous I/O utilities for cryptsetup
 *
- * Copyright (C) 2004, Jana Saout <jana@saout.de>
- * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2018, Milan Broz
+ * Copyright (C) 2004 Jana Saout <jana@saout.de>
+ * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/utils_io.h
+++ b/lib/utils_io.h
@@ -1,10 +1,10 @@
 /*
 * utils - miscellaneous I/O utilities for cryptsetup
 *
- * Copyright (C) 2004, Jana Saout <jana@saout.de>
- * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2018, Milan Broz
+ * Copyright (C) 2004 Jana Saout <jana@saout.de>
+ * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/utils_keyring.c
+++ b/lib/utils_keyring.c
@@ -1,8 +1,8 @@
 /*
 * kernel keyring utilities
 *
- * Copyright (C) 2016-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2018, Ondrej Kozina. All rights reserved.
+ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2019 Ondrej Kozina
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/utils_keyring.h
+++ b/lib/utils_keyring.h
@@ -1,8 +1,8 @@
 /*
 * kernel keyring syscall wrappers
 *
- * Copyright (C) 2016-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2016-2018, Ondrej Kozina. All rights reserved.
+ * Copyright (C) 2016-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2016-2019 Ondrej Kozina
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/utils_loop.c
+++ b/lib/utils_loop.c
@@ -1,8 +1,8 @@
 /*
 * loopback block device utilities
 *
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2018, Milan Broz
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/utils_loop.h
+++ b/lib/utils_loop.h
@@ -1,8 +1,8 @@
 /*
 * loopback block device utilities
 *
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2018, Milan Broz
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/lib/utils_pbkdf.c
+++ b/lib/utils_pbkdf.c
@@ -1,8 +1,8 @@
 /*
- * utils_pbkdf - PBKDF ssettings for libcryptsetup
+ * utils_pbkdf - PBKDF settings for libcryptsetup
 *
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2018, Milan Broz
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -24,20 +24,43 @@

 #include "internal.h"

-const struct crypt_pbkdf_type default_luks2 = {
-	.type = DEFAULT_LUKS2_PBKDF,
+const struct crypt_pbkdf_type default_pbkdf2 = {
+	.type = CRYPT_KDF_PBKDF2,
+	.hash = DEFAULT_LUKS1_HASH,
+	.time_ms = DEFAULT_LUKS1_ITER_TIME
+};
+
+const struct crypt_pbkdf_type default_argon2i = {
+	.type = CRYPT_KDF_ARGON2I,
 	.hash = DEFAULT_LUKS1_HASH,
 	.time_ms = DEFAULT_LUKS2_ITER_TIME,
 	.max_memory_kb = DEFAULT_LUKS2_MEMORY_KB,
 	.parallel_threads = DEFAULT_LUKS2_PARALLEL_THREADS
 };

-const struct crypt_pbkdf_type default_luks1 = {
-	.type = CRYPT_KDF_PBKDF2,
+const struct crypt_pbkdf_type default_argon2id = {
+	.type = CRYPT_KDF_ARGON2ID,
 	.hash = DEFAULT_LUKS1_HASH,
-	.time_ms = DEFAULT_LUKS1_ITER_TIME
+	.time_ms = DEFAULT_LUKS2_ITER_TIME,
+	.max_memory_kb = DEFAULT_LUKS2_MEMORY_KB,
+	.parallel_threads = DEFAULT_LUKS2_PARALLEL_THREADS
 };

+const struct crypt_pbkdf_type *crypt_get_pbkdf_type_params(const char *pbkdf_type)
+{
+	if (!pbkdf_type)
+		return NULL;
+
+	if (!strcmp(pbkdf_type, CRYPT_KDF_PBKDF2))
+		return &default_pbkdf2;
+	else if (!strcmp(pbkdf_type, CRYPT_KDF_ARGON2I))
+		return &default_argon2i;
+	else if (!strcmp(pbkdf_type, CRYPT_KDF_ARGON2ID))
+		return &default_argon2id;
+
+	return NULL;
+}
+
 static uint32_t adjusted_phys_memory(void)
 {
 	uint64_t memory_kb = crypt_getphysmemory_kb();
@@ -63,7 +86,11 @@ int verify_pbkdf_params(struct crypt_device *cd,
 {
 	struct crypt_pbkdf_limits pbkdf_limits;
 	const char *pbkdf_type;
-	int r = 0;
+	int r;
+
+	r = init_crypto(cd);
+	if (r < 0)
+		return r;

 	if (!pbkdf->type ||
 	    (!pbkdf->hash && !strcmp(pbkdf->type, "pbkdf2")))
@@ -74,13 +101,17 @@ int verify_pbkdf_params(struct crypt_device *cd,
 		return -EINVAL;
 	}

-	/* TODO: initialise crypto and check the hash and pbkdf are both available */
 	r = crypt_parse_pbkdf(pbkdf->type, &pbkdf_type);
 	if (r < 0) {
 		log_err(cd, _("Unknown PBKDF type %s."), pbkdf->type);
 		return r;
 	}

+	if (pbkdf->hash && crypt_hash_size(pbkdf->hash) < 0) {
+		log_err(cd, _("Requested hash %s is not supported."), pbkdf->hash);
+		return -EINVAL;
+	}
+
 	r = crypt_pbkdf_get_limits(pbkdf->type, &pbkdf_limits);
 	if (r < 0)
 		return r;
@@ -148,10 +179,19 @@ int init_pbkdf_type(struct crypt_device *cd,
 	uint32_t old_flags, memory_kb;
 	int r;

+	if (crypt_fips_mode()) {
+		if (pbkdf && strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)) {
+			log_err(cd, "Only PBKDF2 is supported in FIPS mode.");
+			return -EINVAL;
+		}
+		if (!pbkdf)
+			pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_PBKDF2);
+	}
+
 	if (!pbkdf && dev_type && !strcmp(dev_type, CRYPT_LUKS2))
-		pbkdf = &default_luks2;
+		pbkdf = crypt_get_pbkdf_type_params(DEFAULT_LUKS2_PBKDF);
 	else if (!pbkdf)
-		pbkdf = &default_luks1;
+		pbkdf = crypt_get_pbkdf_type_params(CRYPT_KDF_PBKDF2);

 	r = verify_pbkdf_params(cd, pbkdf);
 	if (r)
@@ -161,11 +201,6 @@ int init_pbkdf_type(struct crypt_device *cd,
 	if (r < 0)
 		return r;

-	/*
-	 * Crypto backend may be not initialized here,
-	 * cannot check if algorithms are really available.
-	 * It will fail later anyway :-)
-	 */
 	type = strdup(pbkdf->type);
 	hash = pbkdf->hash ? strdup(pbkdf->hash) : NULL;

@@ -198,7 +233,7 @@ int init_pbkdf_type(struct crypt_device *cd,
 	cd_pbkdf->parallel_threads = pbkdf->parallel_threads;

 	if (cd_pbkdf->parallel_threads > pbkdf_limits.max_parallel) {
-		log_dbg("Maximum PBKDF threads is %d (requested %d).",
+		log_dbg(cd, "Maximum PBKDF threads is %d (requested %d).",
 			pbkdf_limits.max_parallel, cd_pbkdf->parallel_threads);
 		cd_pbkdf->parallel_threads = pbkdf_limits.max_parallel;
 	}
@@ -206,7 +241,7 @@ int init_pbkdf_type(struct crypt_device *cd,
 	if (cd_pbkdf->parallel_threads) {
 		cpus = crypt_cpusonline();
 		if (cd_pbkdf->parallel_threads > cpus) {
-			log_dbg("Only %u active CPUs detected, "
+			log_dbg(cd, "Only %u active CPUs detected, "
 				"PBKDF threads decreased from %d to %d.",
 				cpus, cd_pbkdf->parallel_threads, cpus);
 			cd_pbkdf->parallel_threads = cpus;
@@ -216,14 +251,14 @@ int init_pbkdf_type(struct crypt_device *cd,
 	if (cd_pbkdf->max_memory_kb) {
 		memory_kb = adjusted_phys_memory();
 		if (cd_pbkdf->max_memory_kb > memory_kb) {
-			log_dbg("Not enough physical memory detected, "
+			log_dbg(cd, "Not enough physical memory detected, "
 				"PBKDF max memory decreased from %dkB to %dkB.",
 				cd_pbkdf->max_memory_kb, memory_kb);
 			cd_pbkdf->max_memory_kb = memory_kb;
 		}
 	}

-	log_dbg("PBKDF %s, hash %s, time_ms %u (iterations %u), max_memory_kb %u, parallel_threads %u.",
+	log_dbg(cd, "PBKDF %s, hash %s, time_ms %u (iterations %u), max_memory_kb %u, parallel_threads %u.",
 		cd_pbkdf->type ?: "(none)", cd_pbkdf->hash ?: "(none)", cd_pbkdf->time_ms,
 		cd_pbkdf->iterations, cd_pbkdf->max_memory_kb, cd_pbkdf->parallel_threads);

@@ -238,7 +273,7 @@ int crypt_set_pbkdf_type(struct crypt_device *cd, const struct crypt_pbkdf_type
 		return -EINVAL;

 	if (!pbkdf)
-		log_dbg("Resetting pbkdf type to default");
+		log_dbg(cd, "Resetting pbkdf type to default");

 	crypt_get_pbkdf(cd)->flags = 0;

@@ -258,10 +293,10 @@ const struct crypt_pbkdf_type *crypt_get_pbkdf_default(const char *type)
 	if (!type)
 		return NULL;

-	if (!strcmp(type, CRYPT_LUKS1))
-		return &default_luks1;
+	if (!strcmp(type, CRYPT_LUKS1) || crypt_fips_mode())
+		return crypt_get_pbkdf_type_params(CRYPT_KDF_PBKDF2);
 	else if (!strcmp(type, CRYPT_LUKS2))
-		return &default_luks2;
+		return crypt_get_pbkdf_type_params(DEFAULT_LUKS2_PBKDF);

 	return NULL;
 }
@@ -280,7 +315,7 @@ void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_m

 	if (pbkdf->type && verify_pbkdf_params(cd, pbkdf)) {
 		pbkdf->time_ms = old_time_ms;
-		log_dbg("Invalid iteration time.");
+		log_dbg(cd, "Invalid iteration time.");
 		return;
 	}

@@ -290,5 +325,5 @@ void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_m
 	pbkdf->flags &= ~(CRYPT_PBKDF_NO_BENCHMARK);
 	pbkdf->iterations = 0;

-	log_dbg("Iteration time set to %" PRIu64 " milliseconds.", iteration_time_ms);
+	log_dbg(cd, "Iteration time set to %" PRIu64 " milliseconds.", iteration_time_ms);
 }
--- a/lib/utils_wipe.c
+++ b/lib/utils_wipe.c
@@ -1,9 +1,9 @@
 /*
 * utils_wipe - wipe a device
 *
- * Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2018, Red Hat, Inc. All rights reserved.
- * Copyright (C) 2009-2018, Milan Broz
+ * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2019 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2019 Milan Broz
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
@@ -52,7 +52,8 @@ static void wipeSpecial(char *buffer, size_t buffer_size, unsigned int turn)
 	}
 }

-static int crypt_wipe_special(int fd, size_t bsize, size_t alignment, char *buffer,
+static int crypt_wipe_special(struct crypt_device *cd, int fd, size_t bsize,
+			      size_t alignment, char *buffer,
 			      uint64_t offset, size_t size)
 {
 	int r;
@@ -61,12 +62,12 @@ static int crypt_wipe_special(int fd, size_t bsize, size_t alignment, char *buff

 	for (i = 0; i < 39; ++i) {
 		if (i <  5) {
-			r = crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL);
+			r = crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL);
 		} else if (i >=  5 && i < 32) {
 			wipeSpecial(buffer, size, i - 5);
 			r = 0;
 		} else if (i >= 32 && i < 38) {
-			r = crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL);
+			r = crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL);
 		} else if (i >= 38 && i < 39) {
 			memset(buffer, 0xFF, size);
 			r = 0;
@@ -81,7 +82,7 @@ static int crypt_wipe_special(int fd, size_t bsize, size_t alignment, char *buff
 	}

 	/* Rewrite it finally with random */
-	if (crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL) < 0)
+	if (crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL) < 0)
 		return -EIO;

 	written = write_lseek_blockwise(fd, bsize, alignment, buffer, size, offset);
@@ -91,14 +92,14 @@ static int crypt_wipe_special(int fd, size_t bsize, size_t alignment, char *buff
 	return 0;
 }

-static int wipe_block(int devfd, crypt_wipe_pattern pattern, char *sf,
-		      size_t device_block_size, size_t alignment,
+static int wipe_block(struct crypt_device *cd, int devfd, crypt_wipe_pattern pattern,
+		      char *sf, size_t device_block_size, size_t alignment,
 		      size_t wipe_block_size, uint64_t offset, bool *need_block_init)
 {
 	int r;

 	if (pattern == CRYPT_WIPE_SPECIAL)
-		return crypt_wipe_special(devfd, device_block_size, alignment,
+		return crypt_wipe_special(cd, devfd, device_block_size, alignment,
 					  sf, offset, wipe_block_size);

 	if (*need_block_init) {
@@ -107,12 +108,12 @@ static int wipe_block(int devfd, crypt_wipe_pattern pattern, char *sf,
 			*need_block_init = false;
 			r = 0;
 		} else if (pattern == CRYPT_WIPE_RANDOM) {
-			r = crypt_random_get(NULL, sf, wipe_block_size,
+			r = crypt_random_get(cd, sf, wipe_block_size,
 					     CRYPT_RND_NORMAL) ? -EIO : 0;
 			*need_block_init = true;
 		} else if (pattern == CRYPT_WIPE_ENCRYPTED_ZERO) {
 			// FIXME
-			r = crypt_random_get(NULL, sf, wipe_block_size,
+			r = crypt_random_get(cd, sf, wipe_block_size,
 					     CRYPT_RND_NORMAL) ? -EIO : 0;
 			*need_block_init = true;
 		} else
@@ -145,7 +146,7 @@ int crypt_wipe_device(struct crypt_device *cd,
 	bool need_block_init = true;

 	/* Note: LUKS1 calls it with wipe_block not aligned to multiple of bsize */
-	bsize = device_block_size(device);
+	bsize = device_block_size(cd, device);
 	alignment = device_alignment(device);
 	if (!bsize || !alignment || !wipe_block_size)
 		return -EINVAL;
@@ -156,23 +157,21 @@ int crypt_wipe_device(struct crypt_device *cd,
 	if (MISALIGNED_512(offset) || MISALIGNED_512(length) || MISALIGNED_512(wipe_block_size))
 		return -EINVAL;

-	devfd = device_open(device, O_RDWR);
+	devfd = device_open(cd, device, O_RDWR);
 	if (devfd < 0)
 		return errno ? -errno : -EINVAL;

-	r = device_size(device, &dev_size);
-	if (r || dev_size == 0)
-		goto out;
+	if (length)
+		dev_size = offset + length;
+	else {
+		r = device_size(device, &dev_size);
+		if (r)
+			goto out;

-	if (dev_size < length)
-		length = 0;
-
-	if (length) {
-		if ((dev_size <= offset) || (dev_size - offset) < length) {
+		if (dev_size <= offset) {
 			r = -EINVAL;
 			goto out;
 		}
-		dev_size = offset + length;
 	}

 	r = posix_memalign((void **)&sf, alignment, wipe_block_size);
@@ -191,7 +190,7 @@ int crypt_wipe_device(struct crypt_device *cd,
 	}

 	if (pattern == CRYPT_WIPE_SPECIAL && !device_is_rotational(device)) {
-		log_dbg("Non-rotational device, using random data wipe mode.");
+		log_dbg(cd, "Non-rotational device, using random data wipe mode.");
 		pattern = CRYPT_WIPE_RANDOM;
 	}

@@ -201,7 +200,7 @@ int crypt_wipe_device(struct crypt_device *cd,

 		//log_dbg("Wipe %012" PRIu64 "-%012" PRIu64 " bytes", offset, offset + wipe_block_size);

-		r = wipe_block(devfd, pattern, sf, bsize, alignment,
+		r = wipe_block(cd, devfd, pattern, sf, bsize, alignment,
 			       wipe_block_size, offset, &need_block_init);
 		if (r) {
 			log_err(cd, "Device wipe error, offset %" PRIu64 ".", offset);
@@ -216,7 +215,7 @@ int crypt_wipe_device(struct crypt_device *cd,
 		}
 	}

-	device_sync(device, devfd);
+	device_sync(cd, device, devfd);
 out:
 	close(devfd);
 	free(sf);
@@ -253,14 +252,14 @@ int crypt_wipe(struct crypt_device *cd,
 	if (!wipe_block_size)
 		wipe_block_size = 1024*1024;

-	log_dbg("Wipe [%u] device %s, offset %" PRIu64 ", length %" PRIu64 ", block %zu.",
+	log_dbg(cd, "Wipe [%u] device %s, offset %" PRIu64 ", length %" PRIu64 ", block %zu.",
 		(unsigned)pattern, device_path(device), offset, length, wipe_block_size);

 	r = crypt_wipe_device(cd, device, pattern, offset, length,
 			      wipe_block_size, progress, usrptr);

 	if (dev_path)
-		device_free(device);
+		device_free(cd, device);

 	return r;
 }
--- a/lib/verity/rs.h
+++ b/lib/verity/rs.h
@@ -3,7 +3,7 @@
 *
 * Copyright (C) 2004 Phil Karn, KA9Q
 * libcryptsetup modifications
- *   Copyright (C) 2017-2018, Red Hat, Inc. All rights reserved.
+ *   Copyright (C) 2017-2019 Red Hat, Inc. All rights reserved.
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/lib/verity/rs_decode_char.c
+++ b/lib/verity/rs_decode_char.c
@@ -3,7 +3,7 @@
 *
 * Copyright (C) 2002, Phil Karn, KA9Q
 * libcryptsetup modifications
- *   Copyright (C) 2017-2018, Red Hat, Inc. All rights reserved.
+ *   Copyright (C) 2017-2019 Red Hat, Inc. All rights reserved.
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/lib/verity/rs_encode_char.c
+++ b/lib/verity/rs_encode_char.c
@@ -3,7 +3,7 @@
 *
 * Copyright (C) 2002, Phil Karn, KA9Q
 * libcryptsetup modifications
- *   Copyright (C) 2017-2018, Red Hat, Inc. All rights reserved.
+ *   Copyright (C) 2017-2019 Red Hat, Inc. All rights reserved.
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/lib/verity/verity.c
+++ b/lib/verity/verity.c
@@ -1,7 +1,7 @@
 /*
 * dm-verity volume handling
 *
- * Copyright (C) 2012-2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2019 Red Hat, Inc. All rights reserved.
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -62,7 +62,7 @@ int VERITY_read_sb(struct crypt_device *cd,
 	ssize_t hdr_size = sizeof(struct verity_sb);
 	int devfd = 0, sb_version;

-	log_dbg("Reading VERITY header of size %zu on device %s, offset %" PRIu64 ".",
+	log_dbg(cd, "Reading VERITY header of size %zu on device %s, offset %" PRIu64 ".",
 		sizeof(struct verity_sb), device_path(device), sb_offset);

 	if (params->flags & CRYPT_VERITY_NO_HEADER) {
@@ -76,13 +76,13 @@ int VERITY_read_sb(struct crypt_device *cd,
 		return -EINVAL;
 	}

-	devfd = device_open(device, O_RDONLY);
+	devfd = device_open(cd, device, O_RDONLY);
 	if (devfd < 0) {
 		log_err(cd, _("Cannot open device %s."), device_path(device));
 		return -EINVAL;
 	}

-	if (read_lseek_blockwise(devfd, device_block_size(device),
+	if (read_lseek_blockwise(devfd, device_block_size(cd, device),
 				 device_alignment(device), &sb, hdr_size,
 				 sb_offset) < hdr_size) {
 		close(devfd);
@@ -162,7 +162,7 @@ int VERITY_write_sb(struct crypt_device *cd,
 	uuid_t uuid;
 	int r, devfd = 0;

-	log_dbg("Updating VERITY header of size %zu on device %s, offset %" PRIu64 ".",
+	log_dbg(cd, "Updating VERITY header of size %zu on device %s, offset %" PRIu64 ".",
 		sizeof(struct verity_sb), device_path(device), sb_offset);

 	if (!uuid_string || uuid_parse(uuid_string, uuid) == -1) {
@@ -177,7 +177,7 @@ int VERITY_write_sb(struct crypt_device *cd,
 		return -EINVAL;
 	}

-	devfd = device_open(device, O_RDWR);
+	devfd = device_open(cd, device, O_RDWR);
 	if (devfd < 0) {
 		log_err(cd, _("Cannot open device %s."), device_path(device));
 		return -EINVAL;
@@ -196,13 +196,13 @@ int VERITY_write_sb(struct crypt_device *cd,
 	memcpy(sb.salt, params->salt, params->salt_size);
 	memcpy(sb.uuid, uuid, sizeof(sb.uuid));

-	r = write_lseek_blockwise(devfd, device_block_size(device), device_alignment(device),
+	r = write_lseek_blockwise(devfd, device_block_size(cd, device), device_alignment(device),
 				  (char*)&sb, hdr_size, sb_offset) < hdr_size ? -EIO : 0;
 	if (r)
 		log_err(cd, _("Error during update of verity header on device %s."),
 			device_path(device));

-	device_sync(device, devfd);
+	device_sync(cd, device, devfd);
 	close(devfd);

 	return r;
@@ -226,7 +226,8 @@ int VERITY_UUID_generate(struct crypt_device *cd, char **uuid_string)
 {
 	uuid_t uuid;

-	if (!(*uuid_string = malloc(40)))
+	*uuid_string = malloc(40);
+	if (!*uuid_string)
 		return -ENOMEM;
 	uuid_generate(uuid);
 	uuid_unparse(uuid, *uuid_string);
@@ -242,20 +243,24 @@ int VERITY_activate(struct crypt_device *cd,
 		     struct crypt_params_verity *verity_hdr,
 		     uint32_t activation_flags)
 {
-	struct crypt_dm_active_device dmd;
 	uint32_t dmv_flags;
 	unsigned int fec_errors = 0;
 	int r;
+	struct crypt_dm_active_device dmd = {
+		.size = verity_hdr->data_size * verity_hdr->data_block_size / 512,
+		.flags = activation_flags,
+		.uuid = crypt_get_uuid(cd),
+	};

-	log_dbg("Trying to activate VERITY device %s using hash %s.",
+	log_dbg(cd, "Trying to activate VERITY device %s using hash %s.",
 		name ?: "[none]", verity_hdr->hash_name);

 	if (verity_hdr->flags & CRYPT_VERITY_CHECK_HASH) {
-		log_dbg("Verification of data in userspace required.");
+		log_dbg(cd, "Verification of data in userspace required.");
 		r = VERITY_verify(cd, verity_hdr, root_hash, root_hash_size);

 		if (r == -EPERM && fec_device) {
-			log_dbg("Verification failed, trying to repair with FEC device.");
+			log_dbg(cd, "Verification failed, trying to repair with FEC device.");
 			r = VERITY_FEC_process(cd, verity_hdr, fec_device, 1, &fec_errors);
 			if (r < 0)
 				log_err(cd, _("Errors cannot be repaired with FEC device."));
@@ -271,50 +276,48 @@ int VERITY_activate(struct crypt_device *cd,
 	if (!name)
 		return 0;

-	dmd.target = DM_VERITY;
-	dmd.data_device = crypt_data_device(cd);
-	dmd.u.verity.hash_device = crypt_metadata_device(cd);
-	dmd.u.verity.fec_device = fec_device;
-	dmd.u.verity.root_hash = root_hash;
-	dmd.u.verity.root_hash_size = root_hash_size;
-	dmd.u.verity.hash_offset = VERITY_hash_offset_block(verity_hdr);
-	dmd.u.verity.fec_offset = verity_hdr->fec_area_offset / verity_hdr->hash_block_size;
-	dmd.u.verity.hash_blocks = VERITY_hash_blocks(cd, verity_hdr);
-	dmd.flags = activation_flags;
-	dmd.size = verity_hdr->data_size * verity_hdr->data_block_size / 512;
-	dmd.uuid = crypt_get_uuid(cd);
-	dmd.u.verity.vp = verity_hdr;
-
-	r = device_block_adjust(cd, dmd.u.verity.hash_device, DEV_OK,
+	r = device_block_adjust(cd, crypt_metadata_device(cd), DEV_OK,
 				0, NULL, NULL);
 	if (r)
 		return r;

-	r = device_block_adjust(cd, dmd.data_device, DEV_EXCL,
+	r = device_block_adjust(cd, crypt_data_device(cd), DEV_EXCL,
 				0, &dmd.size, &dmd.flags);
 	if (r)
 		return r;

-	if (dmd.u.verity.fec_device) {
-		r = device_block_adjust(cd, dmd.u.verity.fec_device, DEV_OK,
+	if (fec_device) {
+		r = device_block_adjust(cd, fec_device, DEV_OK,
 					0, NULL, NULL);
 		if (r)
 			return r;
 	}

-	r = dm_create_device(cd, name, CRYPT_VERITY, &dmd, 0);
-	if (r < 0 && (dm_flags(DM_VERITY, &dmv_flags) || !(dmv_flags & DM_VERITY_SUPPORTED))) {
+	r = dm_verity_target_set(&dmd.segment, 0, dmd.size, crypt_data_device(cd),
+			crypt_metadata_device(cd), fec_device, root_hash,
+			root_hash_size, VERITY_hash_offset_block(verity_hdr),
+			VERITY_hash_blocks(cd, verity_hdr), verity_hdr);
+
+	if (r)
+		return r;
+
+	r = dm_create_device(cd, name, CRYPT_VERITY, &dmd);
+	if (r < 0 && (dm_flags(cd, DM_VERITY, &dmv_flags) || !(dmv_flags & DM_VERITY_SUPPORTED))) {
 		log_err(cd, _("Kernel doesn't support dm-verity mapping."));
-		return -ENOTSUP;
+		r = -ENOTSUP;
 	}
 	if (r < 0)
-		return r;
+		goto out;

 	r = dm_status_verity_ok(cd, name);
 	if (r < 0)
-		return r;
+		goto out;

 	if (!r)
 		log_err(cd, _("Verity device detected corruption after activation."));
-	return 0;
+
+	r = 0;
+out:
+	dm_targets_free(cd, &dmd);
+	return r;
 }
--- a/lib/verity/verity.h
+++ b/lib/verity/verity.h
@@ -1,7 +1,7 @@
 /*
 * dm-verity volume handling
 *
- * Copyright (C) 2012-2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2019 Red Hat, Inc. All rights reserved.
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
--- a/lib/verity/verity_fec.c
+++ b/lib/verity/verity_fec.c
@@ -1,8 +1,8 @@
 /*
 * dm-verity Forward Error Correction (FEC) support
 *
- * Copyright (C) 2015, Google, Inc. All rights reserved.
- * Copyright (C) 2017-2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2015 Google, Inc. All rights reserved.
+ * Copyright (C) 2017-2019 Red Hat, Inc. All rights reserved.
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -244,7 +244,7 @@ int VERITY_FEC_process(struct crypt_device *cd,
 	}

 	if (lseek(fd, params->fec_area_offset, SEEK_SET) < 0) {
-		log_dbg("Cannot seek to requested position in FEC device.");
+		log_dbg(cd, "Cannot seek to requested position in FEC device.");
 		goto out;
 	}

--- a/lib/verity/verity_hash.c
+++ b/lib/verity/verity_hash.c
@@ -1,7 +1,7 @@
 /*
 * dm-verity volume handling
 *
- * Copyright (C) 2012-2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2012-2019 Red Hat, Inc. All rights reserved.
 *
 * This file is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
@@ -51,7 +51,7 @@ static int verify_zero(struct crypt_device *cd, FILE *wr, size_t bytes)
 	size_t i;

 	if (fread(block, bytes, 1, wr) != 1) {
-		log_dbg("EIO while reading spare area.");
+		log_dbg(cd, "EIO while reading spare area.");
 		return -EIO;
 	}
 	for (i = 0; i < bytes; i++)
@@ -162,12 +162,12 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
 	}

 	if (fseeko(rd, seek_rd, SEEK_SET)) {
-		log_dbg("Cannot seek to requested position in data device.");
+		log_dbg(cd, "Cannot seek to requested position in data device.");
 		return -EIO;
 	}

 	if (wr && fseeko(wr, seek_wr, SEEK_SET)) {
-		log_dbg("Cannot seek to requested position in hash device.");
+		log_dbg(cd, "Cannot seek to requested position in hash device.");
 		return -EIO;
 	}

@@ -179,7 +179,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
 				break;
 			blocks--;
 			if (fread(data_buffer, data_block_size, 1, rd) != 1) {
-				log_dbg("Cannot read data device block.");
+				log_dbg(cd, "Cannot read data device block.");
 				return -EIO;
 			}

@@ -193,7 +193,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
 				break;
 			if (verify) {
 				if (fread(read_digest, digest_size, 1, wr) != 1) {
-					log_dbg("Cannot read digest form hash device.");
+					log_dbg(cd, "Cannot read digest form hash device.");
 					return -EIO;
 				}
 				if (memcmp(read_digest, calculated_digest, digest_size)) {
@@ -203,7 +203,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
 				}
 			} else {
 				if (fwrite(calculated_digest, digest_size, 1, wr) != 1) {
-					log_dbg("Cannot write digest to hash device.");
+					log_dbg(cd, "Cannot write digest to hash device.");
 					return -EIO;
 				}
 			}
@@ -216,7 +216,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
 						if (r)
 							return r;
 					} else if (fwrite(left_block, digest_size_full - digest_size, 1, wr) != 1) {
-						log_dbg("Cannot write spare area to hash device.");
+						log_dbg(cd, "Cannot write spare area to hash device.");
 						return -EIO;
 					}
 				}
@@ -229,7 +229,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
 				if (r)
 					return r;
 			} else if (fwrite(left_block, left_bytes, 1, wr) != 1) {
-				log_dbg("Cannot write remaining spare area to hash device.");
+				log_dbg(cd, "Cannot write remaining spare area to hash device.");
 				return -EIO;
 			}
 		}
@@ -263,7 +263,7 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
 	uint64_t dev_size;
 	int levels, i, r;

-	log_dbg("Hash %s %s, data device %s, data blocks %" PRIu64
+	log_dbg(cd, "Hash %s %s, data device %s, data blocks %" PRIu64
 		", hash_device %s, offset %" PRIu64 ".",
 		verify ? "verification" : "creation", hash_name,
 		device_path(data_device), data_blocks,
@@ -294,14 +294,14 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
 		return -EINVAL;
 	}

-	log_dbg("Using %d hash levels.", levels);
+	log_dbg(cd, "Using %d hash levels.", levels);

 	if (mult_overflow(&hash_device_size, hash_position, hash_block_size)) {
 		log_err(cd, _("Device offset overflow."));
 		return -EINVAL;
 	}

-	log_dbg("Data device size required: %" PRIu64 " bytes.",
+	log_dbg(cd, "Data device size required: %" PRIu64 " bytes.",
 		data_device_size);
 	data_file = fopen(device_path(data_device), "r");
 	if (!data_file) {
@@ -312,7 +312,7 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
 		goto out;
 	}

-	log_dbg("Hash device size required: %" PRIu64 " bytes.",
+	log_dbg(cd, "Hash device size required: %" PRIu64 " bytes.",
 		hash_device_size);
 	hash_file = fopen(device_path(hash_device), verify ? "r" : "r+");
 	if (!hash_file) {
@@ -369,12 +369,12 @@ out:
 		if (r)
 			log_err(cd, _("Verification of data area failed."));
 		else {
-			log_dbg("Verification of data area succeeded.");
+			log_dbg(cd, "Verification of data area succeeded.");
 			r = memcmp(root_hash, calculated_digest, digest_size) ? -EPERM : 0;
 			if (r)
 				log_err(cd, _("Verification of root hash failed."));
 			else
-				log_dbg("Verification of root hash succeeded.");
+				log_dbg(cd, "Verification of root hash succeeded.");
 		}
 	} else {
 		if (r == -EIO)
--- a/lib/volumekey.c
+++ b/lib/volumekey.c
@@ -1,8 +1,8 @@
 /*
 * cryptsetup volume key implementation
 *
- * Copyright (C) 2004-2006, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2010-2018, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2004-2006 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2010-2019 Red Hat, Inc. All rights reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
--- a/man/cryptsetup-reencrypt.8
+++ b/man/cryptsetup-reencrypt.8
@@ -1,4 +1,4 @@
-.TH CRYPTSETUP-REENCRYPT "8" "January 2018" "cryptsetup-reencrypt" "Maintenance Commands"
+.TH CRYPTSETUP-REENCRYPT "8" "January 2019" "cryptsetup-reencrypt" "Maintenance Commands"
 .SH NAME
 cryptsetup-reencrypt - tool for offline LUKS device re-encryption
 .SH SYNOPSIS
@@ -281,9 +281,9 @@ Please attach the output of the failed command with the
 .SH AUTHORS
 Cryptsetup-reencrypt was written by Milan Broz <gmazyland@gmail.com>.
 .SH COPYRIGHT
-Copyright \(co 2012-2018 Milan Broz
+Copyright \(co 2012-2019 Milan Broz
 .br
-Copyright \(co 2012-2018 Red Hat, Inc.
+Copyright \(co 2012-2019 Red Hat, Inc.

 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
--- a/man/cryptsetup.8
+++ b/man/cryptsetup.8
@@ -1,4 +1,4 @@
-.TH CRYPTSETUP "8" "January 2018" "cryptsetup" "Maintenance Commands"
+.TH CRYPTSETUP "8" "January 2019" "cryptsetup" "Maintenance Commands"
 .SH NAME
 cryptsetup - manage plain dm-crypt and LUKS encrypted volumes
 .SH SYNOPSIS
@@ -130,6 +130,36 @@ With LUKS2 device additional \fB<options>\fR can be [\-\-token\-id, \-\-token\-o
 \-\-key\-slot, \-\-key\-file, \-\-keyfile\-size, \-\-keyfile\-offset, \-\-timeout,
 \-\-disable\-locks, \-\-disable\-keyring].

+.PP
+\fIrefresh\fR <name>
+.IP
+Refreshes parameters of active mapping <name>.
+
+Updates parameters of active device <name> without need to deactivate the device
+(and umount filesystem). Currently it supports parameters refresh on following
+devices: LUKS1, LUKS2 (including authenticated encryption), plain crypt
+and loopaes.
+
+Mandatory parametrs are identical to those of an open action for respective
+device type.
+
+You may change following parameters on all devices \-\-perf\-same_cpu_crypt,
+\-\-perf\-submit_from_crypt_cpus and \-\-allow\-discards.
+
+Refreshing device without any optional parameter will refresh the device
+with default setting (respective to device type).
+
+\fBLUKS2 only:\fR
+
+\-\-integrity\-no\-journal parameter affects only LUKS2 devices with
+underlying dm-integrity device.
+
+Adding option \-\-persistent stores any combination of device parameters
+above in LUKS2 metadata (only after successful refresh operation).
+
+\-\-disable\-keyring parameter refreshes a device with volume key passed
+in dm-crypt driver.
+
 .SH PLAIN MODE
 Plain dm-crypt encrypts the device sector-by-sector with a
 single, non-salted hash of the passphrase. No checks
@@ -148,7 +178,8 @@ Opens (creates a mapping with) <name> backed by device <device>.

 \fB<options>\fR can be [\-\-hash, \-\-cipher, \-\-verify-passphrase,
 \-\-sector\-size, \-\-key-file, \-\-keyfile-offset, \-\-key-size,
-\-\-offset, \-\-skip, \-\-size, \-\-readonly, \-\-shared, \-\-allow\-discards]
+\-\-offset, \-\-skip, \-\-size, \-\-readonly, \-\-shared, \-\-allow\-discards,
+\-\-refresh]

 Example: 'cryptsetup open \-\-type plain /dev/sda10 e1' maps the raw
 encrypted device /dev/sda10 to the mapped (decrypted) device
@@ -223,7 +254,9 @@ For LUKS2, additional \fB<options>\fR can be
 [\-\-integrity, \-\-integrity\-no\-wipe, \-\-sector\-size,
 \-\-label, \-\-subsystem,
 \-\-pbkdf, \-\-pbkdf\-memory, \-\-pbkdf\-parallel,
-\-\-disable\-locks, \-\-disable\-keyring].
+\-\-disable\-locks, \-\-disable\-keyring,
+\-\-luks2\-metadata\-size, \-\-luks2\-keyslots\-size,
+\-\-keyslot\-cipher, \-\-keyslot\-key\-size].

 \fBWARNING:\fR Doing a luksFormat on an existing LUKS container will
 make all data the old container permanently irretrievable unless
@@ -243,7 +276,7 @@ the command prompts for it interactively.
 \fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
 \-\-keyfile\-size, \-\-readonly, \-\-test\-passphrase,
 \-\-allow\-discards, \-\-header, \-\-key-slot, \-\-master\-key\-file, \-\-token\-id,
-\-\-token\-only, \-\-disable\-keyring, \-\-disable\-locks, \-\-type].
+\-\-token\-only, \-\-disable\-keyring, \-\-disable\-locks, \-\-type, \-\-refresh].
 .PP
 \fIluksSuspend\fR <name>
 .IP
@@ -285,7 +318,7 @@ is not required.
 \-\-keyfile\-size, \-\-new\-keyfile\-offset,
 \-\-new\-keyfile\-size, \-\-key\-slot, \-\-master\-key\-file,
 \-\-iter\-time, \-\-force\-password, \-\-header, \-\-disable\-locks,
-\-\-unbound, \-\-type].
+\-\-unbound, \-\-type, \-\-keyslot\-cipher, \-\-keyslot\-key\-size].
 .PP
 \fIluksRemoveKey\fR <device> [<key file with passphrase to be removed>]
 .IP
@@ -328,7 +361,7 @@ inaccessible.
 \fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
 \-\-keyfile\-size, \-\-new\-keyfile\-offset,
 \-\-new\-keyfile\-size, \-\-key\-slot, \-\-force\-password, \-\-header,
-\-\-disable\-locks, \-\-type].
+\-\-disable\-locks, \-\-type, \-\-keyslot\-cipher, \-\-keyslot\-key\-size].
 .PP
 .PP
 \fIluksConvertKey\fR <device>
@@ -352,7 +385,8 @@ parameters have been wiped and make the LUKS container inaccessible.
 \fB<options>\fR can be [\-\-key\-file, \-\-keyfile\-offset,
 \-\-keyfile\-size, \-\-key\-slot, \-\-header, \-\-disable\-locks,
 \-\-iter-time, \-\-pbkdf, \-\-pbkdf\-force\-iterations,
-\-\-pbkdf\-memory, \-\-pbkdf\-parallel].
+\-\-pbkdf\-memory, \-\-pbkdf\-parallel,
+\-\-keyslot\-cipher, \-\-keyslot\-key\-size].
 .PP
 \fIluksKillSlot\fR <device> <key slot number>
 .IP
@@ -551,7 +585,7 @@ passphrase hashing (otherwise it is detected according to key
 size).

 \fB<options>\fR can be [\-\-key\-file, \-\-key\-size, \-\-offset, \-\-skip,
-\-\-hash, \-\-readonly, \-\-allow\-discards].
+\-\-hash, \-\-readonly, \-\-allow\-discards, \-\-refresh].
 .PP
 See also section 7 of the FAQ and \fBhttp://loop-aes.sourceforge.net\fR
 for more information regarding loop-AES.
@@ -706,9 +740,10 @@ If you are configuring kernel yourself, enable
 .B "\-\-verbose, \-v"
 Print more information on command execution.
 .TP
-.B "\-\-debug"
+.B "\-\-debug or \-\-debug\-json"
 Run in debug mode with full diagnostic logs. Debug output
 lines are always prefixed by '#'.
+If \-\-debug\-json is used, additional LUKS2 JSON data structures are printed.
 .TP
 .B "\-\-type <device-type>
 Specifies required device type, for more info
@@ -892,7 +927,11 @@ actions.
 .B "\-\-offset, \-o <number of 512 byte sectors>"
 Start offset in the backend device in 512-byte sectors.
 This option is only relevant for the \fIopen\fR action with plain
-or loopaes device types.
+or loopaes device types or for LUKS devices in \fIluksFormat\fR.
+
+For LUKS, the \-\-offset option sets the data offset (payload) of data
+device and must be be aligned to 4096-byte sectors (must be multiple of 8).
+This option cannot be combined with \-\-align\-payload option.
 .TP
 .B "\-\-skip, \-p <number of 512 byte sectors>"
 Start offset used in IV calculation in 512-byte sectors
@@ -1014,6 +1053,11 @@ data is by default aligned to a 1MiB boundary (i.e. 2048 512-byte sectors).

 For a detached LUKS header, this option specifies the offset on the
 data device. See also the \-\-header option.
+
+\fBWARNING:\fR This option is DEPRECATED and has often unexpected impact
+to the data offset and keyslot area size (for LUKS2) due to the complex rounding.
+For fixed data device offset use \fI\-\-offset\fR option instead.
+
 .TP
 .B "\-\-uuid=\fIUUID\fR"
 Use the provided \fIUUID\fR for the \fIluksFormat\fR command
@@ -1164,6 +1208,10 @@ Only \fI\-\-allow-discards\fR, \fI\-\-perf\-same_cpu_crypt\fR,
 \fI\-\-perf\-submit_from_crypt_cpus\fR and \fI\-\-integrity\-no\-journal\fR
 can be stored persistently.
 .TP
+.B "\-\-refresh"
+Refreshes an active device with new set of parameters. See action \fIrefresh\fR description
+for more details.
+.TP
 .B "\-\-label <LABEL>"
 .B "\-\-subsystem <SUBSYSTEM>"
 Set label and subsystem description for LUKS2 device, can be used
@@ -1176,8 +1224,31 @@ Specify integrity algorithm to be used for authenticated disk encryption in LUKS

 \fBWARNING: This extension is EXPERIMENTAL\fR and requires dm-integrity
 kernel target (available since kernel version 4.12).
+For native AEAD modes, also enable "User-space interface for AEAD cipher algorithms"
+in "Cryptographic API" section (CONFIG_CRYPTO_USER_API_AEAD .config option).
+
 For more info, see \fIAUTHENTICATED DISK ENCRYPTION\fR section.
 .TP
+.B "\-\-luks2\-metadata\-size <size>"
+This option can be used to enlarge the LUKS2 metadata (JSON) area.
+The size includes 4096 bytes for binary metadata (usable JSON area is smaller
+of the binary area).
+According to LUKS2 specification, only these values are valid:
+16, 32, 64, 128, 256, 512, 1024, 2048 and 4096 kB
+The <size> can be specified with unit suffix (for example 128k).
+.TP
+.B "\-\-luks2\-keyslots\-size <size>"
+This option can be used to set specific size of the LUKS2 binary keyslot area
+(key material is encrypted there). The value must be aligned to multiple
+of 4096 bytes with maximum size 128MB.
+The <size> can be specified with unit suffix (for example 128k).
+.TP
+.B "\-\-keyslot\-cipher <cipher\-spec>"
+This option can be used to set specific cipher encryption for the LUKS2 keyslot area.
+.TP
+.B "\-\-keyslot\-key\-size <bits>"
+This option can be used to set specific key size for the LUKS2 keyslot area.
+.TP
 .B "\-\-integrity\-no\-journal"
 Activate device with integrity protection without using data journal (direct
 write of data and integrity tags).
@@ -1443,11 +1514,11 @@ Copyright \(co 2004 Jana Saout
 .br
 Copyright \(co 2004-2006 Clemens Fruhwirth
 .br
-Copyright \(co 2009-2018 Red Hat, Inc.
-.br
-Copyright \(co 2009-2018 Milan Broz
-.br
 Copyright \(co 2012-2014 Arno Wagner
+.br
+Copyright \(co 2009-2019 Red Hat, Inc.
+.br
+Copyright \(co 2009-2019 Milan Broz

 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
--- a/man/integritysetup.8
+++ b/man/integritysetup.8
@@ -1,4 +1,4 @@
-.TH INTEGRITYSETUP "8" "January 2018" "integritysetup" "Maintenance Commands"
+.TH INTEGRITYSETUP "8" "January 2019" "integritysetup" "Maintenance Commands"
 .SH NAME
 integritysetup - manage dm-integrity (block level integrity) volumes
 .SH SYNOPSIS
@@ -19,9 +19,9 @@ Integritysetup supports these operations:
 .IP
 Formats <device> (calculates space and dm-integrity superblock and wipes the device).

-\fB<options>\fR can be [\-\-batch\-mode, \-\-no\-wipe, \-\-journal\-size, \-\-interleave\-sectors,
-\-\-tag\-size, \-\-integrity, \-\-integrity\-key\-size, \-\-integrity\-key\-file, \-\-sector\-size,
-\-\-progress-frequency]
+\fB<options>\fR can be [\-\-data\-device, \-\-batch\-mode, \-\-no\-wipe, \-\-journal\-size,
+\-\-interleave\-sectors, \-\-tag\-size, \-\-integrity, \-\-integrity\-key\-size,
+\-\-integrity\-key\-file, \-\-sector\-size, \-\-progress-frequency]

 .PP
 \fIopen\fR <device> <name>
@@ -30,9 +30,10 @@ Formats <device> (calculates space and dm-integrity superblock and wipes the dev
 .IP
 Open a mapping with <name> backed by device <device>.

-\fB<options>\fR can be [\-\-batch\-mode, \-\-journal\-watermark, \-\-journal\-commit\-time,
-\-\-buffer\-sectors, \-\-integrity, \-\-integrity\-key\-size, \-\-integrity\-key\-file,
-\-\-integrity\-no\-journal, \-\-integrity\-recovery\-mode]
+\fB<options>\fR can be [\-\-data\-device, \-\-batch\-mode, \-\-journal\-watermark,
+\-\-journal\-commit\-time, \-\-buffer\-sectors, \-\-integrity, \-\-integrity\-key\-size,
+\-\-integrity\-key\-file, \-\-integrity\-no\-journal, \-\-integrity\-recalculate,
+\-\-integrity\-recovery\-mode]

 .PP
 \fIclose\fR <name>
@@ -77,6 +78,12 @@ Size of the journal.
 .B "\-\-interleave\-sectors SECTORS"
 The number of interleaved sectors.
 .TP
+.B "\-\-integrity\-recalculate"
+Automatically recalculate integrity tags in kernel on activation.
+The device can be used during automatic integrity recalculation but becomes fully
+integrity protected only after the background operation is finished.
+This option is available since the Linux kernel version 4.19.
+.TP
 .B "\-\-journal\-watermark PERCENT"
 Journal watermark in percents. When the size of the journal exceeds this watermark,
 the journal flush will be started.
@@ -91,6 +98,10 @@ Size of the integrity tag per-sector (here the integrity function will store aut
 \fBNOTE:\fR The size can be smaller that output size of the hash function, in that case only
 part of the hash will be stored.
 .TP
+.B "\-\-data\-device"
+Specify a separate data device that contains existing data. The <device> then will contain
+calculated integrity tags and journal for this data device.
+.TP
 .B "\-\-sector\-size, \-s BYTES"
 Sector size (power of two: 512, 1024, 2048, 4096).
 .TP
@@ -197,9 +208,9 @@ Please attach the output of the failed command with the
 The integritysetup tool is written by Milan Broz <gmazyland@gmail.com>
 and is part of the cryptsetup project.
 .SH COPYRIGHT
-Copyright \(co 2016-2018 Red Hat, Inc.
+Copyright \(co 2016-2019 Red Hat, Inc.
 .br
-Copyright \(co 2016-2018 Milan Broz
+Copyright \(co 2016-2019 Milan Broz

 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
--- a/man/veritysetup.8
+++ b/man/veritysetup.8
@@ -1,4 +1,4 @@
-.TH VERITYSETUP "8" "January 2018" "veritysetup" "Maintenance Commands"
+.TH VERITYSETUP "8" "January 2019" "veritysetup" "Maintenance Commands"
 .SH NAME
 veritysetup - manage dm-verity (block level verification) volumes
 .SH SYNOPSIS
@@ -215,9 +215,9 @@ The first implementation of veritysetup was written by Chrome OS authors.
 This version is based on verification code written by Mikulas Patocka <mpatocka@redhat.com>
 and rewritten for libcryptsetup by Milan Broz <gmazyland@gmail.com>.
 .SH COPYRIGHT
-Copyright \(co 2012-2018 Red Hat, Inc.
+Copyright \(co 2012-2019 Red Hat, Inc.
 .br
-Copyright \(co 2012-2018 Milan Broz
+Copyright \(co 2012-2019 Milan Broz

 This is free software; see the source for copying conditions.  There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
--- a/misc/dracut_90reencrypt/parse-reencrypt.sh
+++ b/misc/dracut_90reencrypt/parse-reencrypt.sh
@@ -1,7 +1,9 @@
 #!/bin/sh

 REENC=$(getargs rd.luks.reencrypt=)
+# shellcheck disable=SC2086
 REENC_DEV=$(echo $REENC | sed 's/:.*//')
+# shellcheck disable=SC2086
 REENC_SIZE=$(echo $REENC | sed -n 's/.*://p')

 REENC_KEY=$(getargs rd.luks.reencrypt_key=)
@@ -14,6 +16,9 @@ if [ -z "$REENC_SLOT" ] ; then
    REENC_SLOT=any
 fi

+# shellcheck disable=SC2086
+# shellcheck disable=SC1004
+# shellcheck disable=SC2016
 if [ -n "$REENC_DEV" ] ; then
 {
   printf 'SUBSYSTEM!="block", GOTO="reenc_end"\n'
--- a/misc/dracut_90reencrypt/reencrypt-verbose.sh
+++ b/misc/dracut_90reencrypt/reencrypt-verbose.sh
@@ -2,4 +2,5 @@

 # Route stdout to stderr in initrd. Otherwise output is invisible
 # unless we run in debug mode.
+# shellcheck disable=SC2068
 /sbin/cryptsetup-reencrypt $@ 1>&2
--- a/misc/dracut_90reencrypt/reencrypt.sh
+++ b/misc/dracut_90reencrypt/reencrypt.sh
@@ -28,20 +28,21 @@ if [ -n "$4" ]; then
 fi

 reenc_readkey() {
-    local keypath="${1#*:}"
-    local keydev="${1%%:*}"
+    keypath="${1#*:}"
+    keydev="${1%%:*}"

-    local mntp="/tmp/reencrypted-mount-tmp"
+    mntp="/tmp/reencrypted-mount-tmp"
    mkdir "$mntp"
    mount -r "$keydev" "$mntp" && cat "$mntp/$keypath"
    umount "$mntp"
    rm -r "$mntp"
 }

+# shellcheck disable=SC2086
+# shellcheck disable=SC2164
 reenc_run() {
-    local cwd
    cwd=$(pwd)
-    local _prompt="LUKS password for REENCRYPTING $device"
+    _prompt="LUKS password for REENCRYPTING $device"
    cd /tmp
    udevadm settle
    if [ "$1" = "none" ] ; then
@@ -61,12 +62,14 @@ reenc_run() {

 info "REENCRYPT $device requested"
 # flock against other interactive activities
+# shellcheck disable=SC2086
 { flock -s 9;
    reenc_run $2 $3
 } 9>/.console_lock

 if [ $_ret -eq 0 ]; then
    # do not ask again
+    # shellcheck disable=SC2188
    >> /tmp/reencrypted
    warn "Reencryption of device $device has finished successfully. Use previous"
    warn "initramfs image (without reencrypt module) to boot the system. When"
--- a/misc/luks2_keyslot_example/keyslot_test.c
+++ b/misc/luks2_keyslot_example/keyslot_test.c
@@ -1,7 +1,7 @@
 /*
 * Example of LUKS2 kesylot handler (EXAMPLE)
 *
- * Copyright (C) 2016-2018 Milan Broz <gmazyland@gmail.com>
+ * Copyright (C) 2016-2019 Milan Broz <gmazyland@gmail.com>
 *
 * Use:
 *  - generate LUKS device
--- a/misc/luks2_keyslot_example/keyslot_test_remote_pass.c
+++ b/misc/luks2_keyslot_example/keyslot_test_remote_pass.c
@@ -1,7 +1,7 @@
 /*
 * Example of LUKS2 token storing third party metadata (EXAMPLE)
 *
- * Copyright (C) 2016-2018 Milan Broz <gmazyland@gmail.com>
+ * Copyright (C) 2016-2019 Milan Broz <gmazyland@gmail.com>
 *
 * Use:
 *  - generate LUKS device
--- a/po/LINGUAS
+++ b/po/LINGUAS
@@ -9,6 +9,7 @@ it
 nl
 pl
 pt_BR
+ru
 sr
 sv
 uk
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -14,6 +14,8 @@ lib/utils_benchmark.c
 lib/utils_device_locking.c
 lib/utils_wipe.c
 lib/utils_keyring.c
+lib/utils_blkid.c
+lib/utils_io.c
 lib/luks1/af.c
 lib/luks1/keyencryption.c
 lib/luks1/keymanage.c
@@ -39,3 +41,4 @@ src/integritysetup.c
 src/cryptsetup_reencrypt.c
 src/utils_tools.c
 src/utils_password.c
+src/utils_luks2.c
--- a/po/cs.po
+++ b/po/cs.po
--- a/po/da.po
+++ b/po/da.po
--- a/po/de.po
+++ b/po/de.po
--- a/po/es.po
+++ b/po/es.po
--- a/Show More
+++ b/Show More