* Add crypt_set_uuid() to API.

[platform/upstream/cryptsetup.git] / lib / setup.c
diff --git a/lib/setup.c b/lib/setup.c

index 13db12f..af179fd 100644 (file)
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -13,11 +13,12 @@ struct crypt_device {
         char *type;
  
         char *device;
-       struct luks_masterkey *volume_key;
+       struct volume_key *volume_key;
         uint64_t timeout;
         uint64_t iteration_time;
         int tries;
         int password_verify;
+       int rng_type;
  
         /* used in CRYPT_LUKS1 */
         struct luks_phdr hdr;
@@ -30,7 +31,7 @@ struct crypt_device {
         char *plain_uuid;
  
         /* callbacks definitions */
-       void (*log)(int class, const char *msg, void *usrptr);
+       void (*log)(int level, const char *msg, void *usrptr);
         void *log_usrptr;
         int (*confirm)(const char *msg, void *usrptr);
         void *confirm_usrptr;
@@ -39,7 +40,7 @@ struct crypt_device {
  };
  
  /* Log helper */
-static void (*_default_log)(int class, const char *msg, void *usrptr) = NULL;
+static void (*_default_log)(int level, const char *msg, void *usrptr) = NULL;
  static int _debug_level = 0;
  
  void crypt_set_debug_level(int level)
@@ -47,15 +48,20 @@ void crypt_set_debug_level(int level)
         _debug_level = level;
  }
  
-void crypt_log(struct crypt_device *cd, int class, const char *msg)
+int crypt_get_debug_level()
+{
+       return _debug_level;
+}
+
+void crypt_log(struct crypt_device *cd, int level, const char *msg)
  {
         if (cd && cd->log)
-               cd->log(class, msg, cd->log_usrptr);
+               cd->log(level, msg, cd->log_usrptr);
         else if (_default_log)
-               _default_log(class, msg, NULL);
+               _default_log(level, msg, NULL);
  }
  
-void logger(struct crypt_device *cd, int class, const char *file,
+void logger(struct crypt_device *cd, int level, const char *file,
             int line, const char *format, ...)
  {
         va_list argp;
@@ -64,8 +70,8 @@ void logger(struct crypt_device *cd, int class, const char *file,
         va_start(argp, format);
  
         if (vasprintf(&target, format, argp) > 0) {
-               if (class >= 0) {
-                       crypt_log(cd, class, target);
+               if (level >= 0) {
+                       crypt_log(cd, level, target);
  #ifdef CRYPT_DEBUG
                 } else if (_debug_level)
                         printf("# %s:%d %s\n", file ?: "?", line, target);
@@ -89,7 +95,7 @@ static char *process_key(struct crypt_device *cd, const char *hash_name,
                          const char *key_file, size_t key_size,
                          const char *pass, size_t passLen)
  {
-       char *key = safe_alloc(key_size);
+       char *key = crypt_safe_alloc(key_size);
         memset(key, 0, key_size);
  
         /* key is coming from binary file */
@@ -97,7 +103,7 @@ static char *process_key(struct crypt_device *cd, const char *hash_name,
                 if(passLen < key_size) {
                         log_err(cd, _("Cannot not read %d bytes from key file %s.\n"),
                                 key_size, key_file);
-                       safe_free(key);
+                       crypt_safe_free(key);
                         return NULL;
                 }
                 memcpy(key, pass, key_size);
@@ -107,8 +113,9 @@ static char *process_key(struct crypt_device *cd, const char *hash_name,
         /* key is coming from tty, fd or binary stdin */
         if (hash_name) {
                 if (hash(NULL, hash_name, key, key_size, pass, passLen) < 0) {
-                       log_err(cd, _("Key processing error.\n"));
-                       safe_free(key);
+                       log_err(cd, _("Key processing error (using hash algorithm %s).\n"),
+                               hash_name);
+                       crypt_safe_free(key);
                         return NULL;
                 }
         } else if (passLen > key_size) {
@@ -120,31 +127,6 @@ static char *process_key(struct crypt_device *cd, const char *hash_name,
         return key;
  }
  
-int parse_into_name_and_mode(const char *nameAndMode, char *name, char *mode)
-{
-/* Token content stringification, see info cpp/stringification */
-#define str(s) #s
-#define xstr(s) str(s)
-#define scanpattern1 "%" xstr(LUKS_CIPHERNAME_L) "[^-]-%" xstr(LUKS_CIPHERMODE_L)  "s"
-#define scanpattern2 "%" xstr(LUKS_CIPHERNAME_L) "[^-]"
-
-       int r;
-
-       if(sscanf(nameAndMode,scanpattern1, name, mode) != 2) {
-               if((r = sscanf(nameAndMode,scanpattern2,name)) == 1)
-                       strncpy(mode,"cbc-plain",10);
-               else
-                       return -EINVAL;
-       }
-
-       return 0;
-
-#undef scanpattern1
-#undef scanpattern2
-#undef str
-#undef xstr
-}
-
  static int isPLAIN(const char *type)
  {
         return (type && !strcmp(CRYPT_PLAIN, type));
@@ -167,11 +149,11 @@ static int keyslot_verify_or_find_empty(struct crypt_device *cd, int *keyslot)
         }
  
         switch (LUKS_keyslot_info(&cd->hdr, *keyslot)) {
-               case SLOT_INVALID:
+               case CRYPT_SLOT_INVALID:
                         log_err(cd, _("Key slot %d is invalid, please select between 0 and %d.\n"),
                                 *keyslot, LUKS_NUMKEYS - 1);
                         return -EINVAL;
-               case SLOT_INACTIVE:
+               case CRYPT_SLOT_INACTIVE:
                         break;
                 default:
                         log_err(cd, _("Key slot %d is full, please select another one.\n"),
@@ -184,59 +166,57 @@ static int keyslot_verify_or_find_empty(struct crypt_device *cd, int *keyslot)
  
  static int verify_other_keyslot(struct crypt_device *cd,
                                 const char *key_file,
-                               unsigned int flags,
                                 int keyIndex)
  {
-       struct luks_masterkey *mk;
+       struct volume_key *vk;
         crypt_keyslot_info ki;
         int openedIndex;
         char *password = NULL;
         unsigned int passwordLen;
  
-       get_key(_("Enter any remaining LUKS passphrase: "), &password,
-               &passwordLen, 0, key_file, cd->timeout, flags, cd);
+       crypt_get_key(_("Enter any remaining LUKS passphrase: "), &password,
+                     &passwordLen, 0, key_file, cd->timeout, cd->password_verify, cd);
         if(!password)
                 return -EINVAL;
  
         ki = crypt_keyslot_status(cd, keyIndex);
-       if (ki == SLOT_ACTIVE) /* Not last slot */
+       if (ki == CRYPT_SLOT_ACTIVE) /* Not last slot */
                 LUKS_keyslot_set(&cd->hdr, keyIndex, 0);
  
         openedIndex = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT,
                                              password, passwordLen,
-                                            &cd->hdr, &mk, cd);
+                                            &cd->hdr, &vk, cd);
  
-       if (ki == SLOT_ACTIVE)
+       if (ki == CRYPT_SLOT_ACTIVE)
                 LUKS_keyslot_set(&cd->hdr, keyIndex, 1);
-       LUKS_dealloc_masterkey(mk);
-       safe_free(password);
+       crypt_free_volume_key(vk);
+       crypt_safe_free(password);
  
         if (openedIndex < 0)
                 return -EPERM;
  
-       log_std(cd, _("Key slot %d verified.\n"), openedIndex);
+       log_verbose(cd, _("Key slot %d verified.\n"), openedIndex);
         return 0;
  }
  
  static int find_keyslot_by_passphrase(struct crypt_device *cd,
                                       const char *key_file,
-                                     unsigned int flags,
                                       char *message)
  {
-       struct luks_masterkey *mk;
+       struct volume_key *vk;
         char *password = NULL;
         unsigned int passwordLen;
         int keyIndex;
  
-       get_key(message,&password,&passwordLen, 0, key_file,
-               cd->timeout, flags, cd);
+       crypt_get_key(message,&password,&passwordLen, 0, key_file,
+                     cd->timeout, cd->password_verify, cd);
         if(!password)
                 return -EINVAL;
  
         keyIndex = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT, password,
-                                         passwordLen, &cd->hdr, &mk, cd);
-       LUKS_dealloc_masterkey(mk);
-       safe_free(password);
+                                         passwordLen, &cd->hdr, &vk, cd);
+       crypt_free_volume_key(vk);
+       crypt_safe_free(password);
  
         return keyIndex;
  }
@@ -248,8 +228,9 @@ static int device_check_and_adjust(struct crypt_device *cd,
  {
         struct device_infos infos;
  
-       if (get_device_infos(device, &infos, cd) < 0) {
-               log_err(cd, _("Cannot get info about device %s.\n"), device);
+       if (!device || get_device_infos(device, &infos, cd) < 0) {
+               log_err(cd, _("Cannot get info about device %s.\n"),
+                       device ?: "[none]");
                 return -ENOTBLK;
         }
  
@@ -284,30 +265,30 @@ static int luks_remove_helper(struct crypt_device *cd,
         int r = -EINVAL;
  
         if (key_slot == CRYPT_ANY_SLOT) {
-               key_slot = find_keyslot_by_passphrase(cd, key_file, 0,
+               key_slot = find_keyslot_by_passphrase(cd, key_file,
                                 _("Enter LUKS passphrase to be deleted: "));
                 if(key_slot < 0) {
                         r = -EPERM;
                         goto out;
                 }
  
-               log_std(cd, _("key slot %d selected for deletion.\n"), key_slot);
+               log_std(cd, _("Key slot %d selected for deletion.\n"), key_slot);
         }
  
         ki = crypt_keyslot_status(cd, key_slot);
-       if (ki == SLOT_INVALID) {
+       if (ki == CRYPT_SLOT_INVALID) {
                 log_err(cd, _("Key slot %d is invalid, please select between 0 and %d.\n"),
                         key_slot, LUKS_NUMKEYS - 1);
                 r = -EINVAL;
                 goto out;
         }
-       if (ki <= SLOT_INACTIVE) {
+       if (ki <= CRYPT_SLOT_INACTIVE) {
                 log_err(cd, _("Key %d not active. Can't wipe.\n"), key_slot);
                 r = -EINVAL;
                 goto out;
         }
  
-       if (ki == SLOT_ACTIVE_LAST && cd->confirm &&
+       if (ki == CRYPT_SLOT_ACTIVE_LAST && cd->confirm &&
             !(cd->confirm(_("This is the last keyslot."
                             " Device will become unusable after purging this key."),
                          cd->confirm_usrptr))) {
@@ -316,7 +297,7 @@ static int luks_remove_helper(struct crypt_device *cd,
         }
  
         if(verify)
-               r = verify_other_keyslot(cd, other_key_file, 0, key_slot);
+               r = verify_other_keyslot(cd, other_key_file, key_slot);
         else
                 r = 0;
  
@@ -348,14 +329,17 @@ static int create_device_helper(struct crypt_device *cd,
         char *processed_key = NULL;
         int r;
  
+       if (!name)
+               return -EINVAL;
+
         ci = crypt_status(cd, name);
-       if (ci == INVALID)
+       if (ci == CRYPT_INVALID)
                 return -EINVAL;
  
-       if (reload && ci < ACTIVE)
+       if (reload && ci < CRYPT_ACTIVE)
                 return -EINVAL;
  
-       if (!reload && ci >= ACTIVE) {
+       if (!reload && ci >= CRYPT_ACTIVE) {
                 log_err(cd, _("Device %s already exists.\n"), name);
                 return -EEXIST;
         }
@@ -380,12 +364,12 @@ static int create_device_helper(struct crypt_device *cd,
                              key_size, processed_key, read_only, reload);
  
         free(dm_cipher);
-       safe_free(processed_key);
+       crypt_safe_free(processed_key);
         return r;
  }
  
-static int open_from_hdr_and_mk(struct crypt_device *cd,
-                               struct luks_masterkey *mk,
+static int open_from_hdr_and_vk(struct crypt_device *cd,
+                               struct volume_key *vk,
                                 const char *name,
                                 uint32_t flags)
  {
@@ -408,16 +392,16 @@ static int open_from_hdr_and_mk(struct crypt_device *cd,
         else
                 r = dm_create_device(name, cd->device, cipher, cd->type,
                                      no_uuid ? NULL : crypt_get_uuid(cd),
-                                    size, 0, offset, mk->keyLength, mk->key,
+                                    size, 0, offset, vk->keylength, vk->key,
                                      read_only, 0);
         free(cipher);
         return r;
  }
  
-static void log_wrapper(int class, const char *msg, void *usrptr)
+static void log_wrapper(int level, const char *msg, void *usrptr)
  {
-       void (*xlog)(int class, char *msg) = usrptr;
-       xlog(class, (char *)msg);
+       void (*xlog)(int level, char *msg) = usrptr;
+       xlog(level, (char *)msg);
  }
  
  static int yesDialog_wrapper(const char *msg, void *usrptr)
@@ -437,27 +421,25 @@ int crypt_confirm(struct crypt_device *cd, const char *msg)
  static void key_from_terminal(struct crypt_device *cd, char *msg, char **key,
                               unsigned int *key_len, int force_verify)
  {
-       int r, flags = 0;
+       int r;
  
         if (cd->password) {
-               *key = safe_alloc(MAX_TTY_PASSWORD_LEN);
+               *key = crypt_safe_alloc(MAX_TTY_PASSWORD_LEN);
                 if (*key)
                         return;
                 r = cd->password(msg, *key, (size_t)key_len, cd->password_usrptr);
                 if (r < 0) {
-                       safe_free(*key);
+                       crypt_safe_free(*key);
                         *key = NULL;
                 } else
                         *key_len = r;
-       } else {
-               if (force_verify || cd->password_verify)
-                       flags |= CRYPT_FLAG_VERIFY_IF_POSSIBLE;
-               get_key(msg, key, key_len, 0, NULL, cd->timeout, flags, cd);
-       }
+       } else
+               crypt_get_key(msg, key, key_len, 0, NULL, cd->timeout,
+                             (force_verify || cd->password_verify), cd);
  }
  
  static int volume_key_by_terminal_passphrase(struct crypt_device *cd, int keyslot,
-                                            struct luks_masterkey **mk)
+                                            struct volume_key **vk)
  {
         char *prompt = NULL, *passphrase_read = NULL;
         unsigned int passphrase_size_read;
@@ -466,11 +448,11 @@ static int volume_key_by_terminal_passphrase(struct crypt_device *cd, int keyslo
         if(asprintf(&prompt, _("Enter passphrase for %s: "), cd->device) < 0)
                 return -ENOMEM;
  
-       *mk = NULL;
+       *vk = NULL;
         do {
-               if (*mk)
-                       LUKS_dealloc_masterkey(*mk);
-               *mk = NULL;
+               if (*vk)
+                       crypt_free_volume_key(*vk);
+               *vk = NULL;
  
                 key_from_terminal(cd, prompt, &passphrase_read,
                                   &passphrase_size_read, 0);
@@ -480,14 +462,14 @@ static int volume_key_by_terminal_passphrase(struct crypt_device *cd, int keyslo
                 }
  
                 r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase_read,
-                                          passphrase_size_read, &cd->hdr, mk, cd);
-               safe_free(passphrase_read);
+                                          passphrase_size_read, &cd->hdr, vk, cd);
+               crypt_safe_free(passphrase_read);
                 passphrase_read = NULL;
         } while (r == -EPERM && (--tries > 0));
  
-       if (r < 0 && *mk) {
-               LUKS_dealloc_masterkey(*mk);
-               *mk = NULL;
+       if (r < 0 && *vk) {
+               crypt_free_volume_key(*vk);
+               *vk = NULL;
         }
         free(prompt);
  
@@ -499,7 +481,7 @@ static void key_from_file(struct crypt_device *cd, char *msg,
                           char **key, unsigned int *key_len,
                           const char *key_file, size_t key_size)
  {
-       get_key(msg, key, key_len, key_size, key_file, cd->timeout, 0, cd);
+       crypt_get_key(msg, key, key_len, key_size, key_file, cd->timeout, 0, cd);
  }
  
  static int _crypt_init(struct crypt_device **cd,
@@ -551,7 +533,7 @@ static int _crypt_init(struct crypt_device **cd,
  }
  
  void crypt_set_log_callback(struct crypt_device *cd,
-       void (*log)(int class, const char *msg, void *usrptr),
+       void (*log)(int level, const char *msg, void *usrptr),
         void *usrptr)
  {
         if (!cd)
@@ -581,7 +563,7 @@ void crypt_set_password_callback(struct crypt_device *cd,
  /* OPTIONS: name, cipher, device, hash, key_file, key_size, key_slot,
   *          offset, size, skip, timeout, tries, passphrase_fd (ignored),
   *          flags, icb */
-int crypt_create_device(struct crypt_options *options)
+static int crypt_create_and_update_device(struct crypt_options *options, int update)
  {
         struct crypt_device *cd = NULL;
         char *key = NULL;
@@ -592,8 +574,8 @@ int crypt_create_device(struct crypt_options *options)
         if (r)
                 return r;
  
-       get_key(_("Enter passphrase: "), &key, &keyLen, options->key_size,
-               options->key_file, cd->timeout, options->flags, cd);
+       crypt_get_key(_("Enter passphrase: "), &key, &keyLen, options->key_size,
+                     options->key_file, cd->timeout, cd->password_verify, cd);
         if (!key)
                 r = -ENOENT;
         else
@@ -601,39 +583,21 @@ int crypt_create_device(struct crypt_options *options)
                         options->cipher, NULL, options->key_file, key, keyLen,
                         options->key_size, options->size, options->skip,
                         options->offset, NULL, options->flags & CRYPT_FLAG_READONLY,
-                       options->flags, 0);
+                       options->flags, update);
  
-       safe_free(key);
+       crypt_safe_free(key);
         crypt_free(cd);
         return r;
  }
  
-/* OPTIONS: same as create above */
-int crypt_update_device(struct crypt_options *options)
+int crypt_create_device(struct crypt_options *options)
  {
-       struct crypt_device *cd = NULL;
-       char *key = NULL;
-       unsigned int keyLen;
-       int r;
-
-       r = _crypt_init(&cd, CRYPT_PLAIN, options, 1, 1);
-       if (r)
-               return r;
-
-       get_key(_("Enter passphrase: "), &key, &keyLen, options->key_size,
-               options->key_file, cd->timeout, options->flags, cd);
-       if (!key)
-               r = -ENOENT;
-       else
-               r = create_device_helper(cd, options->name, options->hash,
-                       options->cipher, NULL, options->key_file, key, keyLen,
-                       options->key_size, options->size, options->skip,
-                       options->offset, NULL, options->flags & CRYPT_FLAG_READONLY,
-                       options->flags, 1);
+       return crypt_create_and_update_device(options, 0);
+}
  
-       safe_free(key);
-       crypt_free(cd);
-       return r;
+int crypt_update_device(struct crypt_options *options)
+{
+       return crypt_create_and_update_device(options, 1);
  }
  
  /* OPTIONS: name, size, icb */
@@ -684,7 +648,7 @@ int crypt_resize_device(struct crypt_options *options)
                              crypt_get_uuid(cd), size, skip, offset,
                              key_size, key, read_only, 1);
  out:
-       safe_free(key);
+       crypt_safe_free(key);
         free(cipher);
         if (options->device == device)
                 options->device = NULL;
@@ -706,26 +670,27 @@ int crypt_query_device(struct crypt_options *options)
                 return -ENOSYS;
  
         r = dm_status_device(options->name);
-       if (r == -ENODEV) {
-               dm_exit();
-               return 0;
-       }
+       if (r < 0)
+               goto out;
  
         r = dm_query_device(options->name, (char **)&options->device, &options->size,
                             &options->skip, &options->offset, (char **)&options->cipher,
                             &options->key_size, NULL, &read_only, NULL, NULL);
+       if (r >= 0) {
+               if (read_only)
+                       options->flags |= CRYPT_FLAG_READONLY;
  
-       dm_exit();
-       if (r < 0)
-               return r;
-
-       if (read_only)
-               options->flags |= CRYPT_FLAG_READONLY;
+               options->flags |= CRYPT_FLAG_FREE_DEVICE;
+               options->flags |= CRYPT_FLAG_FREE_CIPHER;
  
-       options->flags |= CRYPT_FLAG_FREE_DEVICE;
-       options->flags |= CRYPT_FLAG_FREE_CIPHER;
+               r = 1;
+       }
+out:
+       if (r == -ENODEV)
+               r = 0;
  
-       return 1;
+       dm_exit();
+       return r;
  }
  
  /* OPTIONS: name, icb */
@@ -735,10 +700,8 @@ int crypt_remove_device(struct crypt_options *options)
         int r;
  
         r = crypt_init_by_name(&cd, options->name);
-       if (r)
-               return r;
-
-       r = crypt_deactivate(cd, options->name);
+       if (r == 0)
+               r = crypt_deactivate(cd, options->name);
  
         crypt_free(cd);
         return r;
@@ -753,14 +716,14 @@ int crypt_luksFormat(struct crypt_options *options)
         char cipherMode[LUKS_CIPHERMODE_L];
         char *password=NULL;
         unsigned int passwordLen;
-       struct crypt_device *cd;
+       struct crypt_device *cd = NULL;
         struct crypt_params_luks1 cp = {
                 .hash = options->hash,
                 .data_alignment = options->align_payload
         };
         int r;
  
-       r = parse_into_name_and_mode(options->cipher, cipherName, cipherMode);
+       r = crypt_parse_name_and_mode(options->cipher, cipherName, cipherMode);
         if(r < 0) {
                 log_err(cd, _("No known cipher specification pattern detected.\n"));
                 return r;
@@ -776,8 +739,8 @@ int crypt_luksFormat(struct crypt_options *options)
                 goto out;
         }
  
-       get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, 0,
-               options->new_key_file, options->timeout, options->flags, cd);
+       crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen, 0,
+                     options->new_key_file, cd->timeout, cd->password_verify, cd);
  
         if(!password) {
                 r = -EINVAL;
@@ -794,7 +757,7 @@ int crypt_luksFormat(struct crypt_options *options)
                                             password, passwordLen);
  out:
         crypt_free(cd);
-       safe_free(password);
+       crypt_safe_free(password);
         return (r < 0) ? r : 0;
  }
  
@@ -916,6 +879,10 @@ int crypt_isLuks(struct crypt_options *options)
  
         log_dbg("Check device %s for LUKS header.", options->device);
  
+       r = init_crypto(cd);
+       if (r < 0)
+               return r;
+
         r = crypt_init(&cd, options->device);
         if (r < 0)
                 return -EINVAL;
@@ -1015,6 +982,7 @@ int crypt_init(struct crypt_device **cd, const char *device)
         h->iteration_time = 1000;
         h->password_verify = 0;
         h->tries = 3;
+       h->rng_type = crypt_random_default_key_rng();
         *cd = h;
         return 0;
  }
@@ -1028,16 +996,22 @@ int crypt_init_by_name(struct crypt_device **cd, const char *name)
         log_dbg("Allocating crypt device context by device %s.", name);
  
         ci = crypt_status(NULL, name);
-       if (ci == INVALID)
+       if (ci == CRYPT_INVALID)
                 return -ENODEV;
  
-       if (ci < ACTIVE) {
+       if (ci < CRYPT_ACTIVE) {
                 log_err(NULL, _("Device %s is not active.\n"), name);
                 return -ENODEV;
         }
  
         r = dm_query_device(name, &device, NULL, NULL, NULL,
                             NULL, NULL, NULL, NULL, NULL, NULL);
+
+       /* Underlying device disappeared but mapping still active */
+       if (r >= 0 && !device)
+               log_verbose(NULL, _("Underlying device for crypt device %s disappeared.\n"),
+                           name);
+
         if (r >= 0)
                 r = crypt_init(cd, device);
  
@@ -1049,32 +1023,36 @@ static int _crypt_format_plain(struct crypt_device *cd,
                                const char *cipher,
                                const char *cipher_mode,
                                const char *uuid,
+                              size_t volume_key_size,
                                struct crypt_params_plain *params)
  {
-       if (!cipher || !cipher_mode || !params || !params->hash) {
+       if (!cipher || !cipher_mode) {
                 log_err(cd, _("Invalid plain crypt parameters.\n"));
                 return -EINVAL;
         }
  
-       if (cd->volume_key->keyLength > 1024) {
+       if (volume_key_size > 1024) {
                 log_err(cd, _("Invalid key size.\n"));
                 return -EINVAL;
         }
  
+       cd->volume_key = crypt_alloc_volume_key(volume_key_size, NULL);
+       if (!cd->volume_key)
+               return -ENOMEM;
+
         cd->plain_cipher = strdup(cipher);
         cd->plain_cipher_mode = strdup(cipher_mode);
  
         if (uuid)
                 cd->plain_uuid = strdup(uuid);
  
-       if (params->hash)
+       if (params && params->hash)
                 cd->plain_hdr.hash = strdup(params->hash);
  
-       cd->plain_hdr.offset = params->offset;
-       cd->plain_hdr.skip = params->skip;
+       cd->plain_hdr.offset = params ? params->offset : 0;
+       cd->plain_hdr.skip = params ? params->skip : 0;
  
-       if ((params->hash && !cd->plain_hdr.hash) ||
-           !cd->plain_cipher || !cd->plain_cipher_mode)
+       if (!cd->plain_cipher || !cd->plain_cipher_mode)
                 return -ENOMEM;
  
         return 0;
@@ -1084,19 +1062,40 @@ static int _crypt_format_luks1(struct crypt_device *cd,
                                const char *cipher,
                                const char *cipher_mode,
                                const char *uuid,
+                              const char *volume_key,
+                              size_t volume_key_size,
                                struct crypt_params_luks1 *params)
  {
         int r;
+       unsigned long required_alignment = DEFAULT_DISK_ALIGNMENT;
+       unsigned long alignment_offset = 0;
  
         if (!cd->device) {
                 log_err(cd, _("Can't format LUKS without device.\n"));
                 return -EINVAL;
         }
  
+       if (volume_key)
+               cd->volume_key = crypt_alloc_volume_key(volume_key_size,
+                                                     volume_key);
+       else
+               cd->volume_key = crypt_generate_volume_key(cd, volume_key_size);
+
+       if(!cd->volume_key)
+               return -ENOMEM;
+
+       if (params && params->data_alignment)
+               required_alignment = params->data_alignment * SECTOR_SIZE;
+       else
+               get_topology_alignment(cd->device, &required_alignment,
+                                      &alignment_offset, DEFAULT_DISK_ALIGNMENT);
+
         r = LUKS_generate_phdr(&cd->hdr, cd->volume_key, cipher, cipher_mode,
                                (params && params->hash) ? params->hash : "sha1",
                                uuid, LUKS_STRIPES,
-                              params ? params->data_alignment: DEFAULT_ALIGNMENT, cd);
+                              required_alignment / SECTOR_SIZE,
+                              alignment_offset / SECTOR_SIZE,
+                              cd->iteration_time, &cd->PBKDF2_per_sec, cd);
         if(r < 0)
                 return r;
  
@@ -1128,24 +1127,19 @@ int crypt_format(struct crypt_device *cd,
         if (!type)
                 return -EINVAL;
  
-       if (volume_key)
-               cd->volume_key = LUKS_alloc_masterkey(volume_key_size, 
-                                                     volume_key);
-       else
-               cd->volume_key = LUKS_generate_masterkey(volume_key_size);
-
-       if(!cd->volume_key)
-               return -ENOMEM;
+       r = init_crypto(cd);
+       if (r < 0)
+               return r;
  
         if (isPLAIN(type))
                 r = _crypt_format_plain(cd, cipher, cipher_mode,
-                                       uuid, params);
+                                       uuid, volume_key_size, params);
         else if (isLUKS(type))
                 r = _crypt_format_luks1(cd, cipher, cipher_mode,
-                                       uuid, params);
+                                       uuid, volume_key, volume_key_size, params);
         else {
                 /* FIXME: allow plugins here? */
-               log_err(cd, _("Unkown crypt device type %s requesed.\n"), type);
+               log_err(cd, _("Unknown crypt device type %s requested.\n"), type);
                 r = -EINVAL;
         }
  
@@ -1153,7 +1147,7 @@ int crypt_format(struct crypt_device *cd,
                 r = -ENOMEM;
  
         if (r < 0) {
-               LUKS_dealloc_masterkey(cd->volume_key);
+               crypt_free_volume_key(cd->volume_key);
                 cd->volume_key = NULL;
         }
  
@@ -1176,13 +1170,11 @@ int crypt_load(struct crypt_device *cd,
         if (requested_type && !isLUKS(requested_type))
                 return -EINVAL;
  
-       /* Some hash functions need initialized gcrypt library */
-       if (init_crypto()) {
-               log_err(cd, _("Cannot initialize crypto backend.\n"));
-               return -ENOSYS;
-       }
+       r = init_crypto(cd);
+       if (r < 0)
+               return r;
  
-       r = LUKS_read_phdr(cd->device, &hdr, 0, cd);
+       r = LUKS_read_phdr(cd->device, &hdr, 1, cd);
  
         if (!r) {
                 memcpy(&cd->hdr, &hdr, sizeof(hdr));
@@ -1194,13 +1186,43 @@ int crypt_load(struct crypt_device *cd,
         return r;
  }
  
+int crypt_set_uuid(struct crypt_device *cd, const char *uuid)
+{
+       if (!isLUKS(cd->type)) {
+               log_err(cd, _("This operation is not supported for this device type.\n"));
+               return  -EINVAL;
+       }
+
+       if (uuid && !strncmp(uuid, cd->hdr.uuid, sizeof(cd->hdr.uuid))) {
+               log_dbg("UUID is the same as requested (%s) for device %s.",
+                       uuid, cd->device);
+               return 0;
+       }
+
+       if (uuid)
+               log_dbg("Requested new UUID change to %s for %s.", uuid, cd->device);
+       else
+               log_dbg("Requested new UUID refresh for %s.", cd->device);
+
+       if (!crypt_confirm(cd, _("Do you really want to change UUID of device?")))
+               return -EPERM;
+
+       return LUKS_hdr_uuid_set(cd->device, &cd->hdr, uuid, cd);
+}
+
  int crypt_header_backup(struct crypt_device *cd,
                         const char *requested_type,
                         const char *backup_file)
  {
+       int r;
+
         if ((requested_type && !isLUKS(requested_type)) || !backup_file)
                 return -EINVAL;
  
+       r = init_crypto(cd);
+       if (r < 0)
+               return r;
+
         log_dbg("Requested header backup of device %s (%s) to "
                 "file %s.", cd->device, requested_type, backup_file);
  
@@ -1211,9 +1233,16 @@ int crypt_header_restore(struct crypt_device *cd,
                          const char *requested_type,
                          const char *backup_file)
  {
+       int r;
+
         if (requested_type && !isLUKS(requested_type))
                 return -EINVAL;
  
+       /* Some hash functions need initialized gcrypt library */
+       r = init_crypto(cd);
+       if (r < 0)
+               return r;
+
         log_dbg("Requested header restore to device %s (%s) from "
                 "file %s.", cd->device, requested_type, backup_file);
  
@@ -1227,7 +1256,7 @@ void crypt_free(struct crypt_device *cd)
  
                 dm_exit();
                 if (cd->volume_key)
-                       LUKS_dealloc_masterkey(cd->volume_key);
+                       crypt_free_volume_key(cd->volume_key);
  
                 free(cd->device);
                 free(cd->type);
@@ -1251,7 +1280,7 @@ int crypt_suspend(struct crypt_device *cd,
         log_dbg("Suspending volume %s.", name);
  
         ci = crypt_status(NULL, name);
-       if (ci < ACTIVE) {
+       if (ci < CRYPT_ACTIVE) {
                 log_err(cd, _("Volume %s is not active.\n"), name);
                 return -EINVAL;
         }
@@ -1271,7 +1300,9 @@ int crypt_suspend(struct crypt_device *cd,
         }
  
         r = dm_suspend_and_wipe_key(name);
-       if (r)
+       if (r == -ENOTSUP)
+               log_err(cd, "Suspend is not supported for device %s.\n", name);
+       else if (r)
                 log_err(cd, "Error during suspending device %s.\n", name);
  out:
         if (!cd)
@@ -1285,7 +1316,7 @@ int crypt_resume_by_passphrase(struct crypt_device *cd,
                                const char *passphrase,
                                size_t passphrase_size)
  {
-       struct luks_masterkey *mk = NULL;
+       struct volume_key *vk = NULL;
         int r, suspended = 0;
  
         log_dbg("Resuming volume %s.", name);
@@ -1308,19 +1339,21 @@ int crypt_resume_by_passphrase(struct crypt_device *cd,
  
         if (passphrase) {
                 r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase,
-                                          passphrase_size, &cd->hdr, &mk, cd);
+                                          passphrase_size, &cd->hdr, &vk, cd);
         } else
-               r = volume_key_by_terminal_passphrase(cd, keyslot, &mk);
+               r = volume_key_by_terminal_passphrase(cd, keyslot, &vk);
  
         if (r >= 0) {
                 keyslot = r;
-               r = dm_resume_and_reinstate_key(name, mk->keyLength, mk->key);
-               if (r)
+               r = dm_resume_and_reinstate_key(name, vk->keylength, vk->key);
+               if (r == -ENOTSUP)
+                       log_err(cd, "Resume is not supported for device %s.\n", name);
+               else if (r)
                         log_err(cd, "Error during resuming device %s.\n", name);
         } else
                 r = keyslot;
  out:
-       LUKS_dealloc_masterkey(mk);
+       crypt_free_volume_key(vk);
         return r < 0 ? r : keyslot;
  }
  
@@ -1330,7 +1363,7 @@ int crypt_resume_by_keyfile(struct crypt_device *cd,
                             const char *keyfile,
                             size_t keyfile_size)
  {
-       struct luks_masterkey *mk = NULL;
+       struct volume_key *vk = NULL;
         char *passphrase_read = NULL;
         unsigned int passphrase_size_read;
         int r, suspended = 0;
@@ -1363,19 +1396,19 @@ int crypt_resume_by_keyfile(struct crypt_device *cd,
                 r = -EINVAL;
         else {
                 r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase_read,
-                                          passphrase_size_read, &cd->hdr, &mk, cd);
-               safe_free(passphrase_read);
+                                          passphrase_size_read, &cd->hdr, &vk, cd);
+               crypt_safe_free(passphrase_read);
         }
  
         if (r >= 0) {
                 keyslot = r;
-               r = dm_resume_and_reinstate_key(name, mk->keyLength, mk->key);
+               r = dm_resume_and_reinstate_key(name, vk->keylength, vk->key);
                 if (r)
                         log_err(cd, "Error during resuming device %s.\n", name);
         } else
                 r = keyslot;
  out:
-       LUKS_dealloc_masterkey(mk);
+       crypt_free_volume_key(vk);
         return r < 0 ? r : keyslot;
  }
  
@@ -1387,7 +1420,7 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
         const char *new_passphrase, // NULL -> terminal
         size_t new_passphrase_size)
  {
-       struct luks_masterkey *mk = NULL;
+       struct volume_key *vk = NULL;
         char *password = NULL, *new_password = NULL;
         unsigned int passwordLen, new_passwordLen;
         int r;
@@ -1408,8 +1441,8 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
         if (!LUKS_keyslot_active_count(&cd->hdr)) {
                 /* No slots used, try to use pre-generated key in header */
                 if (cd->volume_key) {
-                       mk = LUKS_alloc_masterkey(cd->volume_key->keyLength, cd->volume_key->key);
-                       r = mk ? 0 : -ENOMEM;
+                       vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key);
+                       r = vk ? 0 : -ENOMEM;
                 } else {
                         log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided.\n"));
                         return -EINVAL;
@@ -1417,7 +1450,7 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
         } else if (passphrase) {
                 /* Passphrase provided, use it to unlock existing keyslot */
                 r = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT, passphrase,
-                                          passphrase_size, &cd->hdr, &mk, cd);
+                                          passphrase_size, &cd->hdr, &vk, cd);
         } else {
                 /* Passphrase not provided, ask first and use it to unlock existing keyslot */
                 key_from_terminal(cd, _("Enter any passphrase: "),
@@ -1428,8 +1461,8 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
                 }
  
                 r = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT, password,
-                                          passwordLen, &cd->hdr, &mk, cd);
-               safe_free(password);
+                                          passwordLen, &cd->hdr, &vk, cd);
+               crypt_safe_free(password);
         }
  
         if(r < 0)
@@ -1448,14 +1481,14 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
         }
  
         r = LUKS_set_key(cd->device, keyslot, new_password, new_passwordLen,
-                        &cd->hdr, mk, cd->iteration_time, &cd->PBKDF2_per_sec, cd);
+                        &cd->hdr, vk, cd->iteration_time, &cd->PBKDF2_per_sec, cd);
         if(r < 0) goto out;
  
         r = 0;
  out:
         if (!new_passphrase)
-               safe_free(new_password);
-       LUKS_dealloc_masterkey(mk);
+               crypt_safe_free(new_password);
+       crypt_free_volume_key(vk);
         return r ?: keyslot;
  }
  
@@ -1466,7 +1499,7 @@ int crypt_keyslot_add_by_keyfile(struct crypt_device *cd,
         const char *new_keyfile,
         size_t new_keyfile_size)
  {
-       struct luks_masterkey *mk=NULL;
+       struct volume_key *vk=NULL;
         char *password=NULL; unsigned int passwordLen;
         char *new_password = NULL; unsigned int new_passwordLen;
         int r;
@@ -1486,8 +1519,8 @@ int crypt_keyslot_add_by_keyfile(struct crypt_device *cd,
         if (!LUKS_keyslot_active_count(&cd->hdr)) {
                 /* No slots used, try to use pre-generated key in header */
                 if (cd->volume_key) {
-                       mk = LUKS_alloc_masterkey(cd->volume_key->keyLength, cd->volume_key->key);
-                       r = mk ? 0 : -ENOMEM;
+                       vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key);
+                       r = vk ? 0 : -ENOMEM;
                 } else {
                         log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided.\n"));
                         return -EINVAL;
@@ -1499,14 +1532,14 @@ int crypt_keyslot_add_by_keyfile(struct crypt_device *cd,
                                       keyfile, keyfile_size);
                 else
                         key_from_terminal(cd, _("Enter any passphrase: "),
-                                       &password, &passwordLen, 1);
+                                       &password, &passwordLen, 0);
  
                 if (!password)
                         return -EINVAL;
  
                 r = LUKS_open_key_with_hdr(cd->device, CRYPT_ANY_SLOT, password, passwordLen,
-                                          &cd->hdr, &mk, cd);
-               safe_free(password);
+                                          &cd->hdr, &vk, cd);
+               crypt_safe_free(password);
         }
  
         if(r < 0)
@@ -1526,10 +1559,10 @@ int crypt_keyslot_add_by_keyfile(struct crypt_device *cd,
         }
  
         r = LUKS_set_key(cd->device, keyslot, new_password, new_passwordLen,
-                        &cd->hdr, mk, cd->iteration_time, &cd->PBKDF2_per_sec, cd);
+                        &cd->hdr, vk, cd->iteration_time, &cd->PBKDF2_per_sec, cd);
  out:
-       safe_free(new_password);
-       LUKS_dealloc_masterkey(mk);
+       crypt_safe_free(new_password);
+       crypt_free_volume_key(vk);
         return r < 0 ? r : keyslot;
  }
  
@@ -1540,7 +1573,7 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd,
         const char *passphrase,
         size_t passphrase_size)
  {
-       struct luks_masterkey *mk = NULL;
+       struct volume_key *vk = NULL;
         int r = -EINVAL;
         char *new_password = NULL; unsigned int new_passwordLen;
  
@@ -1552,14 +1585,14 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd,
         }
  
         if (volume_key)
-               mk = LUKS_alloc_masterkey(volume_key_size, volume_key);
+               vk = crypt_alloc_volume_key(volume_key_size, volume_key);
         else if (cd->volume_key)
-               mk = LUKS_alloc_masterkey(cd->volume_key->keyLength, cd->volume_key->key);
+               vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key);
  
-       if (!mk)
+       if (!vk)
                 return -ENOMEM;
  
-       r = LUKS_verify_master_key(&cd->hdr, mk);
+       r = LUKS_verify_volume_key(&cd->hdr, vk);
         if (r < 0) {
                 log_err(cd, _("Volume key does not match the volume.\n"));
                 goto out;
@@ -1577,11 +1610,11 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd,
         }
  
         r = LUKS_set_key(cd->device, keyslot, passphrase, passphrase_size,
-                        &cd->hdr, mk, cd->iteration_time, &cd->PBKDF2_per_sec, cd);
+                        &cd->hdr, vk, cd->iteration_time, &cd->PBKDF2_per_sec, cd);
  out:
         if (new_password)
-               safe_free(new_password);
-       LUKS_dealloc_masterkey(mk);
+               crypt_safe_free(new_password);
+       crypt_free_volume_key(vk);
         return r ?: keyslot;
  }
  
@@ -1597,12 +1630,12 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot)
         }
  
         ki = crypt_keyslot_status(cd, keyslot);
-       if (ki == SLOT_INVALID) {
+       if (ki == CRYPT_SLOT_INVALID) {
                 log_err(cd, _("Key slot %d is invalid.\n"), keyslot);
                 return -EINVAL;
         }
  
-       if (ki == SLOT_INACTIVE) {
+       if (ki == CRYPT_SLOT_INACTIVE) {
                 log_err(cd, _("Key slot %d is not used.\n"), keyslot);
                 return -EINVAL;
         }
@@ -1619,7 +1652,7 @@ int crypt_activate_by_passphrase(struct crypt_device *cd,
         uint32_t flags)
  {
         crypt_status_info ci;
-       struct luks_masterkey *mk = NULL;
+       struct volume_key *vk = NULL;
         char *prompt = NULL;
         int r;
  
@@ -1627,21 +1660,18 @@ int crypt_activate_by_passphrase(struct crypt_device *cd,
                 name ? "Activating" : "Checking", name ?: "",
                 keyslot, passphrase ? "" : "[none] ");
  
-       if (!name)
-               return -EINVAL;
-
         /* plain, use hashed passphrase */
         if (isPLAIN(cd->type))
                 return create_device_helper(cd, name, cd->plain_hdr.hash,
                         cd->plain_cipher, cd->plain_cipher_mode, NULL, passphrase, passphrase_size,
-                       cd->volume_key->keyLength, 0, cd->plain_hdr.skip,
+                       cd->volume_key->keylength, 0, cd->plain_hdr.skip,
                         cd->plain_hdr.offset, cd->plain_uuid, flags & CRYPT_ACTIVATE_READONLY, 0, 0);
  
         if (name) {
                 ci = crypt_status(NULL, name);
-               if (ci == INVALID)
+               if (ci == CRYPT_INVALID)
                         return -EINVAL;
-               else if (ci >= ACTIVE) {
+               else if (ci >= CRYPT_ACTIVE) {
                         log_err(cd, _("Device %s already exists.\n"), name);
                         return -EEXIST;
                 }
@@ -1653,17 +1683,17 @@ int crypt_activate_by_passphrase(struct crypt_device *cd,
         /* provided passphrase, do not retry */
         if (passphrase) {
                 r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase,
-                                          passphrase_size, &cd->hdr, &mk, cd);
+                                          passphrase_size, &cd->hdr, &vk, cd);
         } else
-               r = volume_key_by_terminal_passphrase(cd, keyslot, &mk);
+               r = volume_key_by_terminal_passphrase(cd, keyslot, &vk);
  
         if (r >= 0) {
                 keyslot = r;
                 if (name)
-                       r = open_from_hdr_and_mk(cd, mk, name, flags);
+                       r = open_from_hdr_and_vk(cd, vk, name, flags);
         }
  
-       LUKS_dealloc_masterkey(mk);
+       crypt_free_volume_key(vk);
         free(prompt);
  
         return r < 0  ? r : keyslot;
@@ -1677,13 +1707,13 @@ int crypt_activate_by_keyfile(struct crypt_device *cd,
         uint32_t flags)
  {
         crypt_status_info ci;
-       struct luks_masterkey *mk = NULL;
+       struct volume_key *vk = NULL;
         char *passphrase_read = NULL;
         unsigned int passphrase_size_read;
         int r;
  
         log_dbg("Activating volume %s [keyslot %d] using keyfile %s.",
-               name, keyslot, keyfile ?: "[none]");
+               name ?: "", keyslot, keyfile ?: "[none]");
  
         if (!isLUKS(cd->type)) {
                 log_err(cd, _("This operation is supported only for LUKS device.\n"));
@@ -1692,9 +1722,9 @@ int crypt_activate_by_keyfile(struct crypt_device *cd,
  
         if (name) {
                 ci = crypt_status(NULL, name);
-               if (ci == INVALID)
+               if (ci == CRYPT_INVALID)
                         return -EINVAL;
-               else if (ci >= ACTIVE) {
+               else if (ci >= CRYPT_ACTIVE) {
                         log_err(cd, _("Device %s already exists.\n"), name);
                         return -EEXIST;
                 }
@@ -1709,16 +1739,17 @@ int crypt_activate_by_keyfile(struct crypt_device *cd,
                 r = -EINVAL;
         else {
                 r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase_read,
-                                          passphrase_size_read, &cd->hdr, &mk, cd);
-               safe_free(passphrase_read);
+                                          passphrase_size_read, &cd->hdr, &vk, cd);
+               crypt_safe_free(passphrase_read);
         }
  
         if (r >= 0) {
                 keyslot = r;
-               r = open_from_hdr_and_mk(cd, mk, name, flags);
+               if (name)
+                       r = open_from_hdr_and_vk(cd, vk, name, flags);
         }
  
-       LUKS_dealloc_masterkey(mk);
+       crypt_free_volume_key(vk);
  
         return r < 0 ? r : keyslot;
  }
@@ -1730,7 +1761,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
         uint32_t flags)
  {
         crypt_status_info ci;
-       struct luks_masterkey *mk;
+       struct volume_key *vk;
         int r;
  
         log_dbg("Activating volume %s by volume key.", name);
@@ -1739,7 +1770,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
         if (isPLAIN(cd->type))
                 return create_device_helper(cd, name, NULL,
                         cd->plain_cipher, cd->plain_cipher_mode, NULL, volume_key, volume_key_size,
-                       cd->volume_key->keyLength, 0, cd->plain_hdr.skip,
+                       cd->volume_key->keylength, 0, cd->plain_hdr.skip,
                         cd->plain_hdr.offset, cd->plain_uuid, flags & CRYPT_ACTIVATE_READONLY, 0, 0);
  
         if (!isLUKS(cd->type)) {
@@ -1749,26 +1780,26 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
  
         if (name) {
                 ci = crypt_status(NULL, name);
-               if (ci == INVALID)
+               if (ci == CRYPT_INVALID)
                         return -EINVAL;
-               else if (ci >= ACTIVE) {
+               else if (ci >= CRYPT_ACTIVE) {
                         log_err(cd, _("Device %s already exists.\n"), name);
                         return -EEXIST;
                 }
         }
  
-       mk = LUKS_alloc_masterkey(volume_key_size, volume_key);
-       if (!mk)
+       vk = crypt_alloc_volume_key(volume_key_size, volume_key);
+       if (!vk)
                 return -ENOMEM;
-       r = LUKS_verify_master_key(&cd->hdr, mk);
+       r = LUKS_verify_volume_key(&cd->hdr, vk);
  
         if (r == -EPERM)
                 log_err(cd, _("Volume key does not match the volume.\n"));
  
         if (!r && name)
-               r = open_from_hdr_and_mk(cd, mk, name, flags);
+               r = open_from_hdr_and_vk(cd, vk, name, flags);
  
-       LUKS_dealloc_masterkey(mk);
+       crypt_free_volume_key(vk);
  
         return r;
  }
@@ -1786,16 +1817,20 @@ int crypt_deactivate(struct crypt_device *cd, const char *name)
                 return -ENOSYS;
  
         switch (crypt_status(cd, name)) {
-               case ACTIVE:    r = dm_remove_device(name, 0, 0);
-                               break;
-               case BUSY:      log_err(cd, _("Device %s is busy.\n"), name);
-                               r = -EBUSY;
-                               break;
-               case INACTIVE:  log_err(cd, _("Device %s is not active.\n"), name);
-                               r = -ENODEV;
-                               break;
-               default:        log_err(cd, _("Invalid device %s.\n"), name);
-                               r = -EINVAL;
+               case CRYPT_ACTIVE:
+                       r = dm_remove_device(name, 0, 0);
+                       break;
+               case CRYPT_BUSY:
+                       log_err(cd, _("Device %s is busy.\n"), name);
+                       r = -EBUSY;
+                       break;
+               case CRYPT_INACTIVE:
+                       log_err(cd, _("Device %s is not active.\n"), name);
+                       r = -ENODEV;
+                       break;
+               default:
+                       log_err(cd, _("Invalid device %s.\n"), name);
+                       r = -EINVAL;
         }
  
         if (!cd)
@@ -1812,7 +1847,7 @@ int crypt_volume_key_get(struct crypt_device *cd,
         const char *passphrase,
         size_t passphrase_size)
  {
-       struct luks_masterkey *mk;
+       struct volume_key *vk;
         char *processed_key = NULL;
         int r, key_len;
  
@@ -1822,7 +1857,7 @@ int crypt_volume_key_get(struct crypt_device *cd,
                 return -ENOMEM;
         }
  
-       if (isPLAIN(cd->type)) {
+       if (isPLAIN(cd->type) && cd->plain_hdr.hash) {
                 processed_key = process_key(cd, cd->plain_hdr.hash, NULL, key_len,
                                             passphrase, passphrase_size);
                 if (!processed_key) {
@@ -1831,20 +1866,20 @@ int crypt_volume_key_get(struct crypt_device *cd,
                 }
                 memcpy(volume_key, processed_key, key_len);
                 *volume_key_size = key_len;
-               safe_free(processed_key);
+               crypt_safe_free(processed_key);
                 return 0;
         }
  
         if (isLUKS(cd->type)) {
                 r = LUKS_open_key_with_hdr(cd->device, keyslot, passphrase,
-                                       passphrase_size, &cd->hdr, &mk, cd);
+                                       passphrase_size, &cd->hdr, &vk, cd);
  
                 if (r >= 0) {
-                       memcpy(volume_key, mk->key, mk->keyLength);
-                       *volume_key_size = mk->keyLength;
+                       memcpy(volume_key, vk->key, vk->keylength);
+                       *volume_key_size = vk->keylength;
                 }
  
-               LUKS_dealloc_masterkey(mk);
+               crypt_free_volume_key(vk);
                 return r;
         }
  
@@ -1856,7 +1891,7 @@ int crypt_volume_key_verify(struct crypt_device *cd,
         const char *volume_key,
         size_t volume_key_size)
  {
-       struct luks_masterkey *mk;
+       struct volume_key *vk;
         int r;
  
         if (!isLUKS(cd->type)) {
@@ -1864,16 +1899,16 @@ int crypt_volume_key_verify(struct crypt_device *cd,
                 return -EINVAL;
         }
  
-       mk = LUKS_alloc_masterkey(volume_key_size, volume_key);
-       if (!mk)
+       vk = crypt_alloc_volume_key(volume_key_size, volume_key);
+       if (!vk)
                 return -ENOMEM;
  
-       r = LUKS_verify_master_key(&cd->hdr, mk);
+       r = LUKS_verify_volume_key(&cd->hdr, vk);
  
         if (r == -EPERM)
                 log_err(cd, _("Volume key does not match the volume.\n"));
  
-       LUKS_dealloc_masterkey(mk);
+       crypt_free_volume_key(vk);
  
         return r;
  }
@@ -1902,6 +1937,24 @@ void crypt_set_password_verify(struct crypt_device *cd, int password_verify)
         cd->password_verify = password_verify ? 1 : 0;
  }
  
+void crypt_set_rng_type(struct crypt_device *cd, int rng_type)
+{
+       switch (rng_type) {
+       case CRYPT_RNG_URANDOM:
+       case CRYPT_RNG_RANDOM:
+               log_dbg("RNG set to %d (%s).", rng_type, rng_type ? "random" : "urandom");
+               cd->rng_type = rng_type;
+       }
+}
+
+int crypt_get_rng_type(struct crypt_device *cd)
+{
+       if (!cd)
+               return -EINVAL;
+
+       return cd->rng_type;
+}
+
  int crypt_memory_lock(struct crypt_device *cd, int lock)
  {
         return lock ? crypt_memlock_inc(cd) : crypt_memlock_dec(cd);
@@ -1913,7 +1966,7 @@ crypt_status_info crypt_status(struct crypt_device *cd, const char *name)
         int r;
  
         if (!cd && dm_init(NULL, 1) < 0)
-               return INVALID;
+               return CRYPT_INVALID;
  
         r = dm_status_device(name);
  
@@ -1921,15 +1974,15 @@ crypt_status_info crypt_status(struct crypt_device *cd, const char *name)
                 dm_exit();
  
         if (r < 0 && r != -ENODEV)
-               return INVALID;
+               return CRYPT_INVALID;
  
         if (r == 0)
-               return ACTIVE;
+               return CRYPT_ACTIVE;
  
         if (r > 0)
-               return BUSY;
+               return CRYPT_BUSY;
  
-       return INACTIVE;
+       return CRYPT_INACTIVE;
  }
  
  static void hexprintICB(struct crypt_device *cd, char *d, int n)
@@ -1985,6 +2038,7 @@ int crypt_dump(struct crypt_device *cd)
                 else 
                         log_std(cd, "Key Slot %d: DISABLED\n", i);
         }
+
         return 0;
  }
  
@@ -2018,10 +2072,15 @@ const char *crypt_get_uuid(struct crypt_device *cd)
         return NULL;
  }
  
+const char *crypt_get_device_name(struct crypt_device *cd)
+{
+       return cd->device;
+}
+
  int crypt_get_volume_key_size(struct crypt_device *cd)
  {
         if (isPLAIN(cd->type))
-               return cd->volume_key->keyLength;
+               return cd->volume_key->keylength;
  
         if (isLUKS(cd->type))
                 return cd->hdr.keyBytes;
@@ -2044,7 +2103,7 @@ crypt_keyslot_info crypt_keyslot_status(struct crypt_device *cd, int keyslot)
  {
         if (!isLUKS(cd->type)) {
                 log_err(cd, _("This operation is supported only for LUKS device.\n"));
-               return SLOT_INVALID;
+               return CRYPT_SLOT_INVALID;
         }
  
         return LUKS_keyslot_info(&cd->hdr, keyslot);