Use hardcoded CEEM value instead of configure script parameter (#81)

The default CEEM (check external encryption mode) parameter is undocumented, and default of 0 makes behavior vendor-specific. The standard allows for a drive to report an error when trying to read a block that was pre-encrypted before written to the drive, such as is done with a keyless copy of a tape. This sounds like a very rare scenario to need to support. For the widest compatibility with data sources, this should be set to 1 for general-purpose use.

configure.ac

@@ -31,29 +31,12 @@ AC_ARG_WITH([scsi-debug],
 	     AC_MSG_RESULT(yes)],
 	    [AC_MSG_RESULT(no)])
 
-AC_MSG_CHECKING(max tape read blocks for volume status)
-AC_ARG_WITH([max-tape-read-blocks],
-            [AS_HELP_STRING([--with-max-tape-read-blocks=<number>],[how many blocks the tape drive will seek to determine the encryption status on the volume.  Defaults to 100])],
-	    [AC_DEFINE_UNQUOTED([MAX_TAPE_READ_BLOCKS],$withval,"") AC_MSG_RESULT($withval)],
-	    [AC_DEFINE([MAX_TAPE_READ_BLOCKS],100,"") AC_MSG_RESULT(100)])
-
 AC_MSG_CHECKING(default encryption algorithm index to use)
 AC_ARG_WITH([default-algorithm],
             [AS_HELP_STRING([--with-default-algorithm=<number>],[the default algorithm index to set for encryption.  Defaults to 0])],
 	    [AC_DEFINE_UNQUOTED([DEFAULT_ALGORITHM],$withval,"") AC_MSG_RESULT($withval)],
 	    [AC_DEFINE([DEFAULT_ALGORITHM],0,"") AC_MSG_RESULT(0)])
 
-AC_MSG_CHECKING(default CEEM flag to use)
-AC_ARG_WITH([default-ceem],
-            [AS_HELP_STRING([--with-default-ceem=<number>],[the default CEEM flag when setting options.  Defaults to 0])],
-	    [AC_DEFINE_UNQUOTED([DEFAULT_CEEM],$withval,"") AC_MSG_RESULT($withval)],
-	    [AC_DEFINE([DEFAULT_CEEM],0,"") AC_MSG_RESULT(0)])
-AC_MSG_CHECKING(default key size to use)
-AC_ARG_WITH([default-key-size],
-            [AS_HELP_STRING([--with-default-key-size=<bytes>],[the default key size for your drive.  Only used when turning off encryption.  Defaults to 32 (256 bit)])],
-	    [AC_DEFINE_UNQUOTED([DEFAULT_KEYSIZE],$withval,"") AC_MSG_RESULT($withval)],
-	    [AC_DEFINE([DEFAULT_KEYSIZE],32,"") AC_MSG_RESULT(32)])
-
 AC_MSG_CHECKING(your OS)
 system=`uname`
 case $system in

src/scsiencrypt.cpp

@@ -250,7 +250,8 @@ make_sde(encrypt_mode enc_mode, decrypt_mode dec_mode,
   page.length = htons(length - sizeof(page_header));
   page.control = std::byte {2u}
                  << page_sde::control_scope_pos; // all IT nexus = 10b
-  page.flags |= std::byte {DEFAULT_CEEM} << page_sde::flags_ceem_pos;
+  // no external encryption mode check for widest compatibility of reads
+  page.flags |= std::byte {1u} << page_sde::flags_ceem_pos;
   page.flags |= std::byte {static_cast<std::underlying_type_t<sde_rdmc>>(rdmc)};
   if (ckod) {
     page.flags |= page_sde::flags_ckod_mask;

tests/output.cpp

@@ -34,7 +34,7 @@ TEST_CASE("Test key_from_hex_chars", "[output]")
  */
 TEST_CASE("Test SCSI inquiry output", "[output]")
 {
-  const uint8_t response[] {
+  const std::uint8_t response[] {
       0x01, 0x80, 0x00, 0x02, 0x5b, 0x00, 0x00, 0x02, 0x41, 0x43, 0x4d, 0x45,
       0x20, 0x20, 0x20, 0x20, 0x55, 0x6c, 0x74, 0x72, 0x69, 0x75, 0x6d, 0x2d,
       0x31, 0x30, 0x30, 0x30, 0x20, 0x20, 0x20, 0x20, 0x31, 0x32, 0x33, 0x34,
@@ -57,7 +57,7 @@ Product Revision:        1234\n"s};
 
 TEST_CASE("SCSI get device encryption status output 1", "[output]")
 {
-  const uint8_t page[] {
+  const std::uint8_t page[] {
       0x00, 0x20, 0x00, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
   };
@@ -74,7 +74,7 @@ Key Instance Counter:    0\n"s};
 
 TEST_CASE("SCSI get device encryption status output 2", "[output]")
 {
-  const uint8_t page[] {
+  const std::uint8_t page[] {
       0x00, 0x20, 0x00, 0x24, 0x42, 0x02, 0x02, 0x01, 0x00, 0x00,
       0x00, 0x01, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0c, 0x48, 0x65,
@@ -95,7 +95,7 @@ Drive Key Desc.(uKAD):   Hello world!\n"s};
 
 TEST_CASE("Test SCSI get next block encryption status output 1", "[output]")
 {
-  const uint8_t page[] {
+  const std::uint8_t page[] {
       0x00, 0x21, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
   };
@@ -108,7 +108,7 @@ Volume Encryption:       Not encrypted\n"s};
 
 TEST_CASE("Test SCSI get next block encryption status output 2", "[output]")
 {
-  const uint8_t page[] {
+  const std::uint8_t page[] {
       0x00, 0x21, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
       0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x0c, 0x48, 0x65,
       0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64, 0x21,

tests/scsi.cpp

@@ -22,7 +22,7 @@ TEST_CASE("Disable encryption command", "[scsi]")
     0x00, 0x10, // page code
     0x00, 0x10, // page length
     0x40, // scope
-    DEFAULT_CEEM << 6, // CEEM, CKOD, RDMC, et al.
+    0x40, // CEEM, CKOD, RDMC, et al.
     0x00, // encyption mode
     0x00, // decryption mode
     0x01, // algorithm index
@@ -50,7 +50,7 @@ TEST_CASE("Enable encryption command", "[scsi]")
     0x00, 0x10, // page code
     0x00, 0x30, // page length
     0x40, // scope
-    DEFAULT_CEEM << 6, // CEEM, CKOD, RDMC, et al.
+    0x40, // CEEM, CKOD, RDMC, et al.
     0x02, // encyption mode
     0x02, // decryption mode
     0x01, // algorithm index
@@ -86,7 +86,7 @@ TEST_CASE("Enable encryption command with options", "[scsi]")
     0x00, 0x10, // page code
     0x00, 0x30, // page length
     0x40, // scope
-    DEFAULT_CEEM << 6 | 0x24, // CEEM, CKOD, RDMC, et al.
+    0x64, // CEEM, CKOD, RDMC, et al.
     0x02, // encyption mode
     0x02, // decryption mode
     0x01, // algorithm index
@@ -122,7 +122,7 @@ TEST_CASE("Enable encryption command with key name", "[scsi]")
     0x00, 0x10, // page code
     0x00, 0x40, // page length
     0x40, // scope
-    DEFAULT_CEEM << 6, // CEEM, CKOD, RDMC, et al.
+    0x40, // CEEM, CKOD, RDMC, et al.
     0x02, // encyption mode
     0x02, // decryption mode
     0x01, // algorithm index