The command line key-size is in bits but the libcryptsetup API expects bytes.
Note that the modulo 8 check is in the original cryptsetup binary as well, so
it's no new limitation.
(v2: changed the point at which the /= 8 is performed, rebased, removed tabs)
return 0;
}
+ if (arg_key_size % 8) {
+ log_error("size= not a multiple of 8, ignoring.");
+ return 0;
+ }
+
+ arg_key_size /= 8;
+
} else if (startswith(option, "key-slot=")) {
arg_type = CRYPT_LUKS1;
/* for CRYPT_PLAIN limit reads
* from keyfile to key length, and
* ignore keyfile-size */
- arg_keyfile_size = arg_key_size / 8;
+ arg_keyfile_size = arg_key_size;
/* In contrast to what the name
* crypt_setup() might suggest this
else
until = 0;
- arg_key_size = (arg_key_size > 0 ? arg_key_size : 256);
+ arg_key_size = (arg_key_size > 0 ? arg_key_size : (256 / 8));
if (key_file) {
struct stat st;