12 #include <libcryptsetup.h>
15 #include "../config.h"
17 #include "cryptsetup.h"
19 static int opt_verbose = 0;
20 static int opt_debug = 0;
21 static char *opt_cipher = NULL;
22 static char *opt_hash = NULL;
23 static int opt_verify_passphrase = 0;
24 static char *opt_key_file = NULL;
25 static char *opt_master_key_file = NULL;
26 static char *opt_header_backup_file = NULL;
27 static char *opt_uuid = NULL;
28 static unsigned int opt_key_size = 0;
29 static unsigned int opt_keyfile_size = 0;
30 static unsigned int opt_new_keyfile_size = 0;
31 static int opt_key_slot = CRYPT_ANY_SLOT;
32 static uint64_t opt_size = 0;
33 static uint64_t opt_offset = 0;
34 static uint64_t opt_skip = 0;
35 static int opt_readonly = 0;
36 static int opt_iteration_time = 1000;
37 static int opt_batch_mode = 0;
38 static int opt_version_mode = 0;
39 static int opt_timeout = 0;
40 static int opt_tries = 3;
41 static int opt_align_payload = 0;
42 static int opt_random = 0;
43 static int opt_urandom = 0;
44 static int opt_dump_master_key = 0;
46 static const char **action_argv;
47 static int action_argc;
49 static int action_create(int arg);
50 static int action_remove(int arg);
51 static int action_resize(int arg);
52 static int action_status(int arg);
53 static int action_luksFormat(int arg);
54 static int action_luksOpen(int arg);
55 static int action_luksAddKey(int arg);
56 static int action_luksKillSlot(int arg);
57 static int action_luksRemoveKey(int arg);
58 static int action_isLuks(int arg);
59 static int action_luksUUID(int arg);
60 static int action_luksDump(int arg);
61 static int action_luksSuspend(int arg);
62 static int action_luksResume(int arg);
63 static int action_luksBackup(int arg);
64 static int action_luksRestore(int arg);
65 static int action_loopaesOpen(int arg);
67 static struct action_type {
71 int required_action_argc;
76 { "create", action_create, 0, 2, 1, N_("<name> <device>"),N_("create device") },
77 { "remove", action_remove, 0, 1, 1, N_("<name>"), N_("remove device") },
78 { "resize", action_resize, 0, 1, 1, N_("<name>"), N_("resize active device") },
79 { "status", action_status, 0, 1, 0, N_("<name>"), N_("show device status") },
80 { "luksFormat", action_luksFormat, 0, 1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
81 { "luksOpen", action_luksOpen, 0, 2, 1, N_("<device> <name> "), N_("open LUKS device as mapping <name>") },
82 { "luksAddKey", action_luksAddKey, 0, 1, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
83 { "luksRemoveKey",action_luksRemoveKey, 0, 1, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
84 { "luksKillSlot", action_luksKillSlot, 0, 2, 1, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") },
85 { "luksUUID", action_luksUUID, 0, 1, 0, N_("<device>"), N_("print UUID of LUKS device") },
86 { "isLuks", action_isLuks, 0, 1, 0, N_("<device>"), N_("tests <device> for LUKS partition header") },
87 { "luksClose", action_remove, 0, 1, 1, N_("<name>"), N_("remove LUKS mapping") },
88 { "luksDump", action_luksDump, 0, 1, 0, N_("<device>"), N_("dump LUKS partition information") },
89 { "luksSuspend",action_luksSuspend, 0, 1, 1, N_("<device>"), N_("Suspend LUKS device and wipe key (all IOs are frozen).") },
90 { "luksResume", action_luksResume, 0, 1, 1, N_("<device>"), N_("Resume suspended LUKS device.") },
91 { "luksHeaderBackup",action_luksBackup, 0, 1, 1, N_("<device>"), N_("Backup LUKS device header and keyslots") },
92 { "luksHeaderRestore",action_luksRestore,0,1, 1, N_("<device>"), N_("Restore LUKS device header and keyslots") },
93 { "loopaesOpen",action_loopaesOpen, 0, 2, 1, N_("<device> <name> "), N_("open loop-AES device as mapping <name>") },
94 { "loopaesClose",action_remove, 0, 1, 1, N_("<name>"), N_("remove loop-AES mapping") },
95 { NULL, NULL, 0, 0, 0, NULL, NULL }
98 static void clogger(struct crypt_device *cd, int level, const char *file,
99 int line, const char *format, ...)
104 va_start(argp, format);
106 if (vasprintf(&target, format, argp) > 0) {
108 crypt_log(cd, level, target);
110 } else if (opt_debug)
111 printf("# %s:%d %s\n", file ?: "?", line, target);
113 } else if (opt_debug)
114 printf("# %s\n", target);
122 static int _yesDialog(const char *msg, void *usrptr)
128 if(isatty(0) && !opt_batch_mode) {
129 log_std("\nWARNING!\n========\n");
130 log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg);
131 if(getline(&answer, &size, stdin) == -1) {
136 if(strcmp(answer, "YES\n"))
144 static void _log(int level, const char *msg, void *usrptr)
148 case CRYPT_LOG_NORMAL:
151 case CRYPT_LOG_VERBOSE:
155 case CRYPT_LOG_ERROR:
159 fprintf(stderr, "Internal error on logging class for msg: %s", msg);
164 static void show_status(int errcode)
166 char error[256], *error_;
172 log_std(_("Command successful.\n"));
176 crypt_get_error(error, sizeof(error));
179 error_ = strerror_r(-errcode, error, sizeof(error));
180 if (error_ != error) {
181 strncpy(error, error_, sizeof(error));
182 error[sizeof(error) - 1] = '\0';
186 log_err(_("Command failed with code %i"), -errcode);
188 log_err(": %s\n", error);
193 static int action_create(int arg)
195 struct crypt_device *cd = NULL;
196 char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
197 struct crypt_params_plain params = {
198 .hash = opt_hash ?: DEFAULT_PLAIN_HASH,
200 .offset = opt_offset,
202 char *password = NULL;
203 unsigned int passwordLen;
204 unsigned int key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8;
207 if (params.hash && !strcmp(params.hash, "plain"))
210 /* FIXME: temporary hack */
211 if (opt_key_file && strcmp(opt_key_file, "-"))
214 r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(PLAIN),
215 cipher, NULL, cipher_mode);
217 log_err("No known cipher specification pattern detected.\n");
221 if ((r = crypt_init(&cd, action_argv[1])))
224 crypt_set_timeout(cd, opt_timeout);
225 crypt_set_password_retry(cd, opt_tries);
227 r = crypt_format(cd, CRYPT_PLAIN,
236 r = crypt_activate_by_keyfile(cd, action_argv[0],
237 CRYPT_ANY_SLOT, opt_key_file, key_size,
238 opt_readonly ? CRYPT_ACTIVATE_READONLY : 0);
240 r = crypt_get_key(_("Enter passphrase: "),
241 &password, &passwordLen, 0, NULL,
243 opt_batch_mode ? 0 : opt_verify_passphrase,
248 r = crypt_activate_by_passphrase(cd, action_argv[0],
249 CRYPT_ANY_SLOT, password, passwordLen,
250 opt_readonly ? CRYPT_ACTIVATE_READONLY : 0);
254 crypt_safe_free(password);
259 static int action_loopaesOpen(int arg)
261 struct crypt_device *cd = NULL;
262 struct crypt_params_loopaes params = {
263 .hash = opt_hash ?: NULL, // FIXME
264 .offset = opt_offset,
266 unsigned int key_size = (opt_key_size ?: 128) / 8;
270 log_err(_("Option --key-file is required.\n"));
274 if ((r = crypt_init(&cd, action_argv[1])))
277 r = crypt_format(cd, CRYPT_LOOPAES, NULL, NULL, NULL, NULL,
282 r = crypt_activate_by_keyfile(cd, action_argv[0],
283 CRYPT_ANY_SLOT, opt_key_file, 0,
284 opt_readonly ? CRYPT_ACTIVATE_READONLY : 0);
291 static int action_remove(int arg)
293 struct crypt_device *cd = NULL;
296 r = crypt_init_by_name(&cd, action_argv[0]);
298 r = crypt_deactivate(cd, action_argv[0]);
304 static int action_resize(int arg)
306 struct crypt_device *cd = NULL;
309 r = crypt_init_by_name(&cd, action_argv[0]);
311 r = crypt_resize(cd, action_argv[0], opt_size);
317 static int action_status(int arg)
319 crypt_status_info ci;
320 struct crypt_active_device cad;
321 struct crypt_device *cd = NULL;
324 ci = crypt_status(NULL, action_argv[0]);
330 log_std("%s/%s is inactive.\n", crypt_get_dir(), action_argv[0]);
334 log_std("%s/%s is active%s.\n", crypt_get_dir(), action_argv[0],
335 ci == CRYPT_BUSY ? " and is in use" : "");
336 r = crypt_init_by_name(&cd, action_argv[0]);
337 if (r < 0 || !crypt_get_type(cd))
340 log_std(" type: %s\n", crypt_get_type(cd));
342 r = crypt_get_active_device(cd, action_argv[0], &cad);
346 log_std(" cipher: %s-%s\n", crypt_get_cipher(cd), crypt_get_cipher_mode(cd));
347 log_std(" keysize: %d bits\n", crypt_get_volume_key_size(cd) * 8);
348 log_std(" device: %s\n", crypt_get_device_name(cd));
349 log_std(" offset: %" PRIu64 " sectors\n", cad.offset);
350 log_std(" size: %" PRIu64 " sectors\n", cad.size);
352 log_std(" skipped: %" PRIu64 " sectors\n", cad.iv_offset);
353 log_std(" mode: %s\n", cad.flags & CRYPT_ACTIVATE_READONLY ?
354 "readonly" : "read/write");
361 static int _read_mk(const char *file, char **key, int keysize)
365 *key = crypt_safe_alloc(keysize);
369 fd = open(file, O_RDONLY);
371 log_err("Cannot read keyfile %s.\n", file);
374 if ((read(fd, *key, keysize) != keysize)) {
375 log_err("Cannot read %d bytes from keyfile %s.\n", keysize, file);
382 crypt_safe_free(*key);
387 static int action_luksFormat(int arg)
389 int r = -EINVAL, keysize;
390 char *msg = NULL, *key = NULL, cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
391 char *password = NULL;
392 unsigned int passwordLen;
393 struct crypt_device *cd = NULL;
394 struct crypt_params_luks1 params = {
395 .hash = opt_hash ?: DEFAULT_LUKS1_HASH,
396 .data_alignment = opt_align_payload,
399 if(asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]) == -1) {
400 log_err(_("memory allocation error in action_luksFormat"));
404 r = _yesDialog(msg, NULL) ? 0 : -EINVAL;
409 r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(LUKS1),
410 cipher, NULL, cipher_mode);
412 log_err("No known cipher specification pattern detected.\n");
416 if ((r = crypt_init(&cd, action_argv[0])))
419 keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8;
421 crypt_set_password_verify(cd, 1);
422 crypt_set_timeout(cd, opt_timeout);
423 if (opt_iteration_time)
424 crypt_set_iterarion_time(cd, opt_iteration_time);
427 crypt_set_rng_type(cd, CRYPT_RNG_RANDOM);
428 else if (opt_urandom)
429 crypt_set_rng_type(cd, CRYPT_RNG_URANDOM);
431 r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
432 opt_keyfile_size, opt_key_file, opt_timeout,
433 opt_batch_mode ? 0 : 1 /* always verify */, cd);
437 if (opt_master_key_file) {
438 r = _read_mk(opt_master_key_file, &key, keysize);
443 r = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode,
444 opt_uuid, key, keysize, ¶ms);
448 r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot,
450 password, passwordLen);
453 crypt_safe_free(key);
454 crypt_safe_free(password);
459 static int action_luksOpen(int arg)
461 struct crypt_device *cd = NULL;
465 if ((r = crypt_init(&cd, action_argv[0])))
468 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
471 crypt_set_timeout(cd, opt_timeout);
472 crypt_set_password_retry(cd, opt_tries);
474 if (opt_iteration_time)
475 crypt_set_iterarion_time(cd, opt_iteration_time);
477 flags |= CRYPT_ACTIVATE_READONLY;
480 crypt_set_password_retry(cd, 1);
481 r = crypt_activate_by_keyfile(cd, action_argv[1],
482 CRYPT_ANY_SLOT, opt_key_file, opt_keyfile_size,
485 r = crypt_activate_by_passphrase(cd, action_argv[1],
486 CRYPT_ANY_SLOT, NULL, 0, flags);
492 static int verify_keyslot(struct crypt_device *cd, int key_slot,
493 char *msg_last, char *msg_pass,
494 const char *key_file, int keyfile_size)
496 crypt_keyslot_info ki;
497 char *password = NULL;
498 unsigned int passwordLen, i;
501 ki = crypt_keyslot_status(cd, key_slot);
502 if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !_yesDialog(msg_last, NULL))
505 r = crypt_get_key(msg_pass, &password, &passwordLen,
506 keyfile_size, key_file, opt_timeout,
507 opt_batch_mode ? 0 : opt_verify_passphrase, cd);
511 if (ki == CRYPT_SLOT_ACTIVE_LAST) {
512 /* check the last keyslot */
513 r = crypt_activate_by_passphrase(cd, NULL, key_slot,
514 password, passwordLen, 0);
516 /* try all other keyslots */
517 for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS1); i++) {
520 ki = crypt_keyslot_status(cd, key_slot);
521 if (ki == CRYPT_SLOT_ACTIVE)
522 r = crypt_activate_by_passphrase(cd, NULL, i,
523 password, passwordLen, 0);
530 log_err(_("No key available with this passphrase.\n"));
532 crypt_safe_free(password);
536 static int action_luksKillSlot(int arg)
538 struct crypt_device *cd = NULL;
541 if ((r = crypt_init(&cd, action_argv[0])))
544 crypt_set_confirm_callback(cd, _yesDialog, NULL);
545 crypt_set_timeout(cd, opt_timeout);
547 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
550 switch (crypt_keyslot_status(cd, opt_key_slot)) {
551 case CRYPT_SLOT_ACTIVE_LAST:
552 case CRYPT_SLOT_ACTIVE:
553 log_verbose(_("Key slot %d selected for deletion.\n"), opt_key_slot);
555 case CRYPT_SLOT_INACTIVE:
556 log_err(_("Key %d not active. Can't wipe.\n"), opt_key_slot);
557 case CRYPT_SLOT_INVALID:
561 if (!opt_batch_mode) {
562 r = verify_keyslot(cd, opt_key_slot,
563 _("This is the last keyslot. Device will become unusable after purging this key."),
564 _("Enter any remaining LUKS passphrase: "),
565 opt_key_file, opt_keyfile_size);
570 r = crypt_keyslot_destroy(cd, opt_key_slot);
576 static int action_luksRemoveKey(int arg)
578 struct crypt_device *cd = NULL;
579 char *password = NULL;
580 unsigned int passwordLen;
583 if ((r = crypt_init(&cd, action_argv[0])))
586 crypt_set_confirm_callback(cd, _yesDialog, NULL);
587 crypt_set_timeout(cd, opt_timeout);
589 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
592 r = crypt_get_key(_("Enter LUKS passphrase to be deleted: "),
593 &password, &passwordLen,
594 opt_keyfile_size, opt_key_file,
596 opt_batch_mode ? 0 : opt_verify_passphrase,
601 r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT,
602 password, passwordLen, 0);
607 log_verbose(_("Key slot %d selected for deletion.\n"), opt_key_slot);
609 if (crypt_keyslot_status(cd, opt_key_slot) == CRYPT_SLOT_ACTIVE_LAST &&
610 !_yesDialog(_("This is the last keyslot. "
611 "Device will become unusable after purging this key."),
617 r = crypt_keyslot_destroy(cd, opt_key_slot);
619 crypt_safe_free(password);
624 static int action_luksAddKey(int arg)
626 int r = -EINVAL, keysize = 0;
628 const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL);
629 struct crypt_device *cd = NULL;
631 if ((r = crypt_init(&cd, action_argv[0])))
634 crypt_set_confirm_callback(cd, _yesDialog, NULL);
636 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
639 keysize = crypt_get_volume_key_size(cd);
640 crypt_set_password_verify(cd, opt_verify_passphrase ? 1 : 0);
641 crypt_set_timeout(cd, opt_timeout);
642 if (opt_iteration_time)
643 crypt_set_iterarion_time(cd, opt_iteration_time);
645 if (opt_master_key_file) {
646 if (_read_mk(opt_master_key_file, &key, keysize) < 0)
649 r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot,
650 key, keysize, NULL, 0);
651 } else if (opt_key_file || opt_new_key_file) {
652 r = crypt_keyslot_add_by_keyfile(cd, opt_key_slot,
653 opt_key_file, opt_keyfile_size,
654 opt_new_key_file, opt_new_keyfile_size);
656 r = crypt_keyslot_add_by_passphrase(cd, opt_key_slot,
661 crypt_safe_free(key);
665 static int action_isLuks(int arg)
667 struct crypt_device *cd = NULL;
670 if ((r = crypt_init(&cd, action_argv[0])))
673 r = crypt_load(cd, CRYPT_LUKS1, NULL);
679 static int action_luksUUID(int arg)
681 struct crypt_device *cd = NULL;
682 const char *existing_uuid = NULL;
685 if ((r = crypt_init(&cd, action_argv[0])))
688 crypt_set_confirm_callback(cd, _yesDialog, NULL);
690 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
694 r = crypt_set_uuid(cd, opt_uuid);
696 existing_uuid = crypt_get_uuid(cd);
697 log_std("%s\n", existing_uuid ?: "");
698 r = existing_uuid ? 0 : 1;
705 static int luksDump_with_volume_key(struct crypt_device *cd)
707 char *vk = NULL, *password = NULL;
708 unsigned int passwordLen = 0;
712 crypt_set_confirm_callback(cd, _yesDialog, NULL);
714 _("LUKS header dump with volume key is sensitive information\n"
715 "which allows access to encrypted partition without passphrase.\n"
716 "This dump should be always stored encrypted on safe place."),
720 vk_size = crypt_get_volume_key_size(cd);
721 vk = crypt_safe_alloc(vk_size);
725 r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
726 opt_keyfile_size, opt_key_file, opt_timeout, 0, cd);
730 r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size,
731 password, passwordLen);
735 log_std("LUKS header information for %s\n", crypt_get_device_name(cd));
736 log_std("Cipher name: \t%s\n", crypt_get_cipher(cd));
737 log_std("Cipher mode: \t%s\n", crypt_get_cipher_mode(cd));
738 log_std("Payload offset:\t%d\n", crypt_get_data_offset(cd));
739 log_std("UUID: \t%s\n", crypt_get_uuid(cd));
740 log_std("MK bits: \t%d\n", vk_size * 8);
741 log_std("MK dump:\t");
743 for(i = 0; i < vk_size; i++) {
746 log_std("%02hhx ", (char)vk[i]);
751 crypt_safe_free(password);
756 static int action_luksDump(int arg)
758 struct crypt_device *cd = NULL;
761 if ((r = crypt_init(&cd, action_argv[0])))
764 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
767 if (opt_dump_master_key)
768 r = luksDump_with_volume_key(cd);
776 static int action_luksSuspend(int arg)
778 struct crypt_device *cd = NULL;
781 r = crypt_init_by_name(&cd, action_argv[0]);
783 r = crypt_suspend(cd, action_argv[0]);
789 static int action_luksResume(int arg)
791 struct crypt_device *cd = NULL;
794 if ((r = crypt_init_by_name(&cd, action_argv[0])))
797 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
801 r = crypt_resume_by_keyfile(cd, action_argv[0], CRYPT_ANY_SLOT,
802 opt_key_file, opt_keyfile_size);
804 r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
811 static int action_luksBackup(int arg)
813 struct crypt_device *cd = NULL;
816 if (!opt_header_backup_file) {
817 log_err(_("Option --header-backup-file is required.\n"));
821 if ((r = crypt_init(&cd, action_argv[0])))
824 crypt_set_confirm_callback(cd, _yesDialog, NULL);
826 r = crypt_header_backup(cd, CRYPT_LUKS1, opt_header_backup_file);
832 static int action_luksRestore(int arg)
834 struct crypt_device *cd = NULL;
837 if (!opt_header_backup_file) {
838 log_err(_("Option --header-backup-file is required.\n"));
842 if ((r = crypt_init(&cd, action_argv[0])))
845 crypt_set_confirm_callback(cd, _yesDialog, NULL);
846 r = crypt_header_restore(cd, CRYPT_LUKS1, opt_header_backup_file);
852 static __attribute__ ((noreturn)) void usage(poptContext popt_context,
853 int exitcode, const char *error,
856 poptPrintUsage(popt_context, stderr, 0);
858 log_err("%s: %s\n", more, error);
862 static void help(poptContext popt_context, enum poptCallbackReason reason,
863 struct poptOption *key, const char * arg, void *data)
865 if (key->shortName == '?') {
866 struct action_type *action;
868 log_std("%s\n",PACKAGE_STRING);
870 poptPrintHelp(popt_context, stdout, 0);
873 "<action> is one of:\n"));
875 for(action = action_types; action->type; action++)
876 log_std("\t%s %s - %s\n", action->type, _(action->arg_desc), _(action->desc));
879 "<name> is the device to create under %s\n"
880 "<device> is the encrypted device\n"
881 "<key slot> is the LUKS key slot number to modify\n"
882 "<key file> optional key file for the new key for luksAddKey action\n"),
885 log_std(_("\nDefault compiled-in device cipher parameters:\n"
886 "\tplain: %s, Key: %d bits, Password hashing: %s\n"
887 "\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"),
888 DEFAULT_CIPHER(PLAIN), DEFAULT_PLAIN_KEYBITS, DEFAULT_PLAIN_HASH,
889 DEFAULT_CIPHER(LUKS1), DEFAULT_LUKS1_KEYBITS, DEFAULT_LUKS1_HASH,
893 usage(popt_context, EXIT_SUCCESS, NULL, NULL);
896 static void _dbg_version_and_cmd(int argc, char **argv)
900 log_std("# %s %s processing \"", PACKAGE_NAME, PACKAGE_VERSION);
901 for (i = 0; i < argc; i++) {
909 static int run_action(struct action_type *action)
913 log_dbg("Running command %s.", action->type);
915 if (action->required_memlock)
916 crypt_memory_lock(NULL, 1);
918 r = action->handler(action->arg);
920 if (action->required_memlock)
921 crypt_memory_lock(NULL, 0);
923 /* Some functions returns keyslot # */
929 /* Translate exit code to simple codes */
931 case 0: r = EXIT_SUCCESS; break;
933 case -EBUSY: r = 5; break;
935 case -ENODEV: r = 4; break;
936 case -ENOMEM: r = 3; break;
937 case -EPERM: r = 2; break;
941 default: r = EXIT_FAILURE;
946 int main(int argc, char **argv)
948 static char *popt_tmp;
949 static struct poptOption popt_help_options[] = {
950 { NULL, '\0', POPT_ARG_CALLBACK, help, 0, NULL, NULL },
951 { "help", '?', POPT_ARG_NONE, NULL, 0, N_("Show this help message"), NULL },
952 { "usage", '\0', POPT_ARG_NONE, NULL, 0, N_("Display brief usage"), NULL },
955 static struct poptOption popt_options[] = {
956 { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
957 { "version", '\0', POPT_ARG_NONE, &opt_version_mode, 0, N_("Print package version"), NULL },
958 { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL },
959 { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL },
960 { "cipher", 'c', POPT_ARG_STRING, &opt_cipher, 0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL },
961 { "hash", 'h', POPT_ARG_STRING, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL },
962 { "verify-passphrase", 'y', POPT_ARG_NONE, &opt_verify_passphrase, 0, N_("Verifies the passphrase by asking for it twice"), NULL },
963 { "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 0, N_("Read the key from a file."), NULL },
964 { "master-key-file", '\0', POPT_ARG_STRING, &opt_master_key_file, 0, N_("Read the volume (master) key from file."), NULL },
965 { "dump-master-key", '\0', POPT_ARG_NONE, &opt_dump_master_key, 0, N_("Dump volume (master) key instead of keyslots info."), NULL },
966 { "key-size", 's', POPT_ARG_INT, &opt_key_size, 0, N_("The size of the encryption key"), N_("BITS") },
967 { "keyfile-size", 'l', POPT_ARG_INT, &opt_keyfile_size, 0, N_("Limits the read from keyfile"), N_("bytes") },
968 { "new-keyfile-size", '\0', POPT_ARG_INT, &opt_new_keyfile_size, 0, N_("Limits the read from newly added keyfile"), N_("bytes") },
969 { "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Slot number for new key (default is first free)"), NULL },
970 { "size", 'b', POPT_ARG_STRING, &popt_tmp, 1, N_("The size of the device"), N_("SECTORS") },
971 { "offset", 'o', POPT_ARG_STRING, &popt_tmp, 2, N_("The start offset in the backend device"), N_("SECTORS") },
972 { "skip", 'p', POPT_ARG_STRING, &popt_tmp, 3, N_("How many sectors of the encrypted data to skip at the beginning"), N_("SECTORS") },
973 { "readonly", 'r', POPT_ARG_NONE, &opt_readonly, 0, N_("Create a readonly mapping"), NULL },
974 { "iter-time", 'i', POPT_ARG_INT, &opt_iteration_time, 0, N_("PBKDF2 iteration time for LUKS (in ms)"), N_("msecs") },
975 { "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL },
976 { "timeout", 't', POPT_ARG_INT, &opt_timeout, 0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") },
977 { "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL },
978 { "align-payload", '\0', POPT_ARG_INT, &opt_align_payload, 0, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS") },
979 { "header-backup-file",'\0', POPT_ARG_STRING, &opt_header_backup_file, 0, N_("File with LUKS header and keyslots backup."), NULL },
980 { "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key."), NULL },
981 { "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key."), NULL },
982 { "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use."), NULL },
985 poptContext popt_context;
986 struct action_type *action;
989 const char *null_action_argv[] = {NULL};
991 crypt_set_log_callback(NULL, _log, NULL);
993 setlocale(LC_ALL, "");
994 bindtextdomain(PACKAGE, LOCALEDIR);
997 popt_context = poptGetContext(PACKAGE, argc, (const char **)argv,
999 poptSetOtherOptionHelp(popt_context,
1000 N_("[OPTION...] <action> <action-specific>]"));
1002 while((r = poptGetNextOpt(popt_context)) > 0) {
1003 unsigned long long ull_value;
1006 ull_value = strtoull(popt_tmp, &endp, 0);
1007 if (*endp || !*popt_tmp)
1008 r = POPT_ERROR_BADNUMBER;
1012 opt_size = ull_value;
1015 opt_offset = ull_value;
1018 opt_skip = ull_value;
1027 usage(popt_context, EXIT_FAILURE, poptStrerror(r),
1028 poptBadOption(popt_context, POPT_BADOPTION_NOALIAS));
1029 if (opt_version_mode) {
1030 log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
1034 if (!(aname = (char *)poptGetArg(popt_context)))
1035 usage(popt_context, EXIT_FAILURE, _("Argument <action> missing."),
1036 poptGetInvocationName(popt_context));
1037 for(action = action_types; action->type; action++)
1038 if (strcmp(action->type, aname) == 0)
1041 usage(popt_context, EXIT_FAILURE, _("Unknown action."),
1042 poptGetInvocationName(popt_context));
1045 action_argv = poptGetArgs(popt_context);
1046 /* Make return values of poptGetArgs more consistent in case of remaining argc = 0 */
1048 action_argv = null_action_argv;
1050 /* Count args, somewhat unnice, change? */
1051 while(action_argv[action_argc] != NULL)
1054 if(action_argc < action->required_action_argc) {
1056 snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc);
1057 usage(popt_context, EXIT_FAILURE, buf,
1058 poptGetInvocationName(popt_context));
1061 /* FIXME: rewrite this from scratch */
1064 strcmp(aname, "luksFormat") &&
1065 strcmp(aname, "create") &&
1066 strcmp(aname, "loopaesOpen")) {
1067 usage(popt_context, EXIT_FAILURE,
1068 _("Option --key-size is allowed only for luksFormat, create and loopaesOpen.\n"
1069 "To limit read from keyfile use --keyfile-size=(bytes)."),
1070 poptGetInvocationName(popt_context));
1073 if (opt_key_size % 8)
1074 usage(popt_context, EXIT_FAILURE,
1075 _("Key size must be a multiple of 8 bits"),
1076 poptGetInvocationName(popt_context));
1078 if (!strcmp(aname, "luksKillSlot") && action_argc > 1)
1079 opt_key_slot = atoi(action_argv[1]);
1080 if (opt_key_slot != CRYPT_ANY_SLOT &&
1081 (opt_key_slot < 0 || opt_key_slot > crypt_keyslot_max(CRYPT_LUKS1)))
1082 usage(popt_context, EXIT_FAILURE, _("Key slot is invalid."),
1083 poptGetInvocationName(popt_context));
1085 if ((!strcmp(aname, "luksRemoveKey") ||
1086 !strcmp(aname, "luksFormat")) &&
1089 log_err(_("Option --key-file takes precedence over specified key file argument.\n"));
1091 opt_key_file = (char*)action_argv[1];
1094 if (opt_random && opt_urandom)
1095 usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."),
1096 poptGetInvocationName(popt_context));
1097 if ((opt_random || opt_urandom) && strcmp(aname, "luksFormat"))
1098 usage(popt_context, EXIT_FAILURE, _("Option --use-[u]random is allowed only for luksFormat."),
1099 poptGetInvocationName(popt_context));
1101 if (opt_uuid && strcmp(aname, "luksFormat") && strcmp(aname, "luksUUID"))
1102 usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only for luksFormat and luksUUID."),
1103 poptGetInvocationName(popt_context));
1105 if ((opt_offset || opt_skip) && strcmp(aname, "create"))
1106 usage(popt_context, EXIT_FAILURE, _("Options --offset and --skip are supported only for create command.\n"),
1107 poptGetInvocationName(popt_context));
1111 crypt_set_debug_level(-1);
1112 _dbg_version_and_cmd(argc, argv);
1115 return run_action(action);