rbd: add additional space for encrypted volumes

issue: when a block-mode pvc is created with encryption enabled
there is some space reserved for the encryption metadata.
Which doesn't allows users to write extact amount of data that
they have requested for.

solution: create pvc with extra space needed for the encryption
metadata.

The extra space is added during the CreateVolume and ExpandVolume
operations. And while returning the response remove the extra space
so the client/user gets the requested size reported.

Signed-off-by: Praveen M <m.praveen@ibm.com>

internal/util/cryptsetup/cryptsetup.go

@@ -30,6 +30,8 @@ import (
 	"github.com/ceph/ceph-csi/internal/util/file"
 	"github.com/ceph/ceph-csi/internal/util/log"
 	"github.com/ceph/ceph-csi/internal/util/stripsecrets"
+
+	"k8s.io/cloud-provider/volume/helpers"
 )
 
 const (
@@ -37,7 +39,10 @@ const (
 	ExecutionTimeout = 2*time.Minute + 30*time.Second
 
 	// Limit memory used by Argon2i PBKDF to 32 MiB.
-	pkdbfMemoryLimit = 32 << 10 // 32768 KiB
+	cryptsetupPBKDFMemoryLimit = 32 << 10 // 32768 KiB
+	luks2MetadataSize          = 32 << 7  // 4096 KiB
+	luks2KeySlotsSize          = 32 << 8  // 8192 KiB
+	Luks2HeaderSize            = uint64((((2 * luks2MetadataSize) + luks2KeySlotsSize) * helpers.KiB))
 )
 
 // LuksWrapper is a struct that provides a context-aware wrapper around cryptsetup commands.
@@ -74,8 +79,12 @@ func (l *luksWrapper) Format(devicePath, passphrase string) (string, string, err
 		"luks2",
 		"--hash",
 		"sha256",
+		"--luks2-metadata-size",
+		strconv.Itoa(luks2MetadataSize)+"k",
+		"--luks2-keyslots-size",
+		strconv.Itoa(luks2KeySlotsSize)+"k",
 		"--pbkdf-memory",
-		strconv.Itoa(pkdbfMemoryLimit),
+		strconv.Itoa(cryptsetupPBKDFMemoryLimit),
 		devicePath,
 		"-d",
 		"/dev/stdin")