12 #include <libcryptsetup.h>
15 #include "../config.h"
17 #include "cryptsetup.h"
19 static int opt_verbose = 0;
20 static int opt_debug = 0;
21 static char *opt_cipher = NULL;
22 static char *opt_hash = NULL;
23 static int opt_verify_passphrase = 0;
24 static char *opt_key_file = NULL;
25 static char *opt_master_key_file = NULL;
26 static char *opt_header_backup_file = NULL;
27 static char *opt_uuid = NULL;
28 static unsigned int opt_key_size = 0;
29 static unsigned int opt_keyfile_size = 0;
30 static unsigned int opt_new_keyfile_size = 0;
31 static int opt_key_slot = CRYPT_ANY_SLOT;
32 static uint64_t opt_size = 0;
33 static uint64_t opt_offset = 0;
34 static uint64_t opt_skip = 0;
35 static int opt_readonly = 0;
36 static int opt_iteration_time = 1000;
37 static int opt_batch_mode = 0;
38 static int opt_version_mode = 0;
39 static int opt_timeout = 0;
40 static int opt_tries = 3;
41 static int opt_align_payload = 0;
42 static int opt_random = 0;
43 static int opt_urandom = 0;
44 static int opt_dump_master_key = 0;
46 static const char **action_argv;
47 static int action_argc;
49 static int action_create(int arg);
50 static int action_remove(int arg);
51 static int action_resize(int arg);
52 static int action_status(int arg);
53 static int action_luksFormat(int arg);
54 static int action_luksOpen(int arg);
55 static int action_luksAddKey(int arg);
56 static int action_luksKillSlot(int arg);
57 static int action_luksRemoveKey(int arg);
58 static int action_isLuks(int arg);
59 static int action_luksUUID(int arg);
60 static int action_luksDump(int arg);
61 static int action_luksSuspend(int arg);
62 static int action_luksResume(int arg);
63 static int action_luksBackup(int arg);
64 static int action_luksRestore(int arg);
65 static int action_loopaesOpen(int arg);
67 static struct action_type {
71 int required_action_argc;
76 { "create", action_create, 0, 2, 1, N_("<name> <device>"),N_("create device") },
77 { "remove", action_remove, 0, 1, 1, N_("<name>"), N_("remove device") },
78 { "resize", action_resize, 0, 1, 1, N_("<name>"), N_("resize active device") },
79 { "status", action_status, 0, 1, 0, N_("<name>"), N_("show device status") },
80 { "luksFormat", action_luksFormat, 0, 1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
81 { "luksOpen", action_luksOpen, 0, 2, 1, N_("<device> <name> "), N_("open LUKS device as mapping <name>") },
82 { "luksAddKey", action_luksAddKey, 0, 1, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
83 { "luksRemoveKey",action_luksRemoveKey, 0, 1, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
84 { "luksKillSlot", action_luksKillSlot, 0, 2, 1, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") },
85 { "luksUUID", action_luksUUID, 0, 1, 0, N_("<device>"), N_("print UUID of LUKS device") },
86 { "isLuks", action_isLuks, 0, 1, 0, N_("<device>"), N_("tests <device> for LUKS partition header") },
87 { "luksClose", action_remove, 0, 1, 1, N_("<name>"), N_("remove LUKS mapping") },
88 { "luksDump", action_luksDump, 0, 1, 0, N_("<device>"), N_("dump LUKS partition information") },
89 { "luksSuspend",action_luksSuspend, 0, 1, 1, N_("<device>"), N_("Suspend LUKS device and wipe key (all IOs are frozen).") },
90 { "luksResume", action_luksResume, 0, 1, 1, N_("<device>"), N_("Resume suspended LUKS device.") },
91 { "luksHeaderBackup",action_luksBackup, 0, 1, 1, N_("<device>"), N_("Backup LUKS device header and keyslots") },
92 { "luksHeaderRestore",action_luksRestore,0,1, 1, N_("<device>"), N_("Restore LUKS device header and keyslots") },
93 { "loopaesOpen",action_loopaesOpen, 0, 2, 1, N_("<device> <name> "), N_("open loop-AES device as mapping <name>") },
94 { "loopaesClose",action_remove, 0, 1, 1, N_("<name>"), N_("remove loop-AES mapping") },
95 { NULL, NULL, 0, 0, 0, NULL, NULL }
98 static void clogger(struct crypt_device *cd, int level, const char *file,
99 int line, const char *format, ...)
104 va_start(argp, format);
106 if (vasprintf(&target, format, argp) > 0) {
108 crypt_log(cd, level, target);
110 } else if (opt_debug)
111 printf("# %s:%d %s\n", file ?: "?", line, target);
113 } else if (opt_debug)
114 printf("# %s\n", target);
122 static int _yesDialog(const char *msg, void *usrptr)
128 if(isatty(0) && !opt_batch_mode) {
129 log_std("\nWARNING!\n========\n");
130 log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg);
131 if(getline(&answer, &size, stdin) == -1) {
136 if(strcmp(answer, "YES\n"))
144 static void _log(int level, const char *msg, void *usrptr)
148 case CRYPT_LOG_NORMAL:
151 case CRYPT_LOG_VERBOSE:
155 case CRYPT_LOG_ERROR:
159 fprintf(stderr, "Internal error on logging class for msg: %s", msg);
164 static void show_status(int errcode)
166 char error[256], *error_;
172 log_std(_("Command successful.\n"));
176 crypt_get_error(error, sizeof(error));
179 error_ = strerror_r(-errcode, error, sizeof(error));
180 if (error_ != error) {
181 strncpy(error, error_, sizeof(error));
182 error[sizeof(error) - 1] = '\0';
186 log_err(_("Command failed with code %i"), -errcode);
188 log_err(": %s\n", error);
193 static int action_create(int arg)
195 struct crypt_device *cd = NULL;
196 char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
197 struct crypt_params_plain params = {
198 .hash = opt_hash ?: DEFAULT_PLAIN_HASH,
200 .offset = opt_offset,
202 char *password = NULL;
203 unsigned int passwordLen;
204 unsigned int key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8;
207 if (params.hash && !strcmp(params.hash, "plain"))
210 /* FIXME: temporary hack */
211 if (opt_key_file && strcmp(opt_key_file, "-"))
214 r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(PLAIN),
215 cipher, NULL, cipher_mode);
217 log_err("No known cipher specification pattern detected.\n");
221 if ((r = crypt_init(&cd, action_argv[1])))
224 crypt_set_timeout(cd, opt_timeout);
225 crypt_set_password_retry(cd, opt_tries);
227 r = crypt_format(cd, CRYPT_PLAIN,
236 r = crypt_activate_by_keyfile(cd, action_argv[0],
237 CRYPT_ANY_SLOT, opt_key_file, key_size,
238 opt_readonly ? CRYPT_ACTIVATE_READONLY : 0);
240 r = crypt_get_key(_("Enter passphrase: "),
241 &password, &passwordLen, 0, NULL,
243 opt_batch_mode ? 0 : opt_verify_passphrase,
248 r = crypt_activate_by_passphrase(cd, action_argv[0],
249 CRYPT_ANY_SLOT, password, passwordLen,
250 opt_readonly ? CRYPT_ACTIVATE_READONLY : 0);
254 crypt_safe_free(password);
259 static int action_loopaesOpen(int arg)
261 struct crypt_device *cd = NULL;
262 struct crypt_params_loopaes params = {
263 .hash = opt_hash ?: NULL, // FIXME
264 .offset = opt_offset,
266 unsigned int key_size = (opt_key_size ?: 128) / 8;
270 log_err(_("Option --key-file is required.\n"));
274 if ((r = crypt_init(&cd, action_argv[1])))
277 r = crypt_format(cd, CRYPT_LOOPAES, NULL, NULL, NULL, NULL,
282 r = crypt_activate_by_keyfile(cd, action_argv[0],
283 CRYPT_ANY_SLOT, opt_key_file, 0,
284 opt_readonly ? CRYPT_ACTIVATE_READONLY : 0);
291 static int action_remove(int arg)
293 struct crypt_device *cd = NULL;
296 r = crypt_init_by_name(&cd, action_argv[0]);
298 r = crypt_deactivate(cd, action_argv[0]);
304 static int action_resize(int arg)
306 struct crypt_device *cd = NULL;
309 r = crypt_init_by_name(&cd, action_argv[0]);
311 r = crypt_resize(cd, action_argv[0], opt_size);
317 static int action_status(int arg)
319 crypt_status_info ci;
320 struct crypt_active_device cad;
321 struct crypt_device *cd = NULL;
324 ci = crypt_status(NULL, action_argv[0]);
330 log_std("%s/%s is inactive.\n", crypt_get_dir(), action_argv[0]);
334 log_std("%s/%s is active%s.\n", crypt_get_dir(), action_argv[0],
335 ci == CRYPT_BUSY ? " and is in use" : "");
336 r = crypt_init_by_name(&cd, action_argv[0]);
337 if (r < 0 || !crypt_get_type(cd))
340 log_std(" type: %s\n", crypt_get_type(cd));
342 r = crypt_get_active_device(cd, action_argv[0], &cad);
346 log_std(" cipher: %s-%s\n", crypt_get_cipher(cd), crypt_get_cipher_mode(cd));
347 log_std(" keysize: %d bits\n", crypt_get_volume_key_size(cd) * 8);
348 log_std(" device: %s\n", crypt_get_device_name(cd));
349 log_std(" offset: %" PRIu64 " sectors\n", cad.offset);
350 log_std(" size: %" PRIu64 " sectors\n", cad.size);
352 log_std(" skipped: %" PRIu64 " sectors\n", cad.iv_offset);
353 log_std(" mode: %s\n", cad.flags & CRYPT_ACTIVATE_READONLY ?
354 "readonly" : "read/write");
361 static int _read_mk(const char *file, char **key, int keysize)
365 *key = crypt_safe_alloc(keysize);
369 fd = open(file, O_RDONLY);
371 log_err("Cannot read keyfile %s.\n", file);
374 if ((read(fd, *key, keysize) != keysize)) {
375 log_err("Cannot read %d bytes from keyfile %s.\n", keysize, file);
382 crypt_safe_free(*key);
387 static int action_luksFormat(int arg)
389 int r = -EINVAL, keysize;
390 char *msg = NULL, *key = NULL, cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
391 char *password = NULL;
392 unsigned int passwordLen;
393 struct crypt_device *cd = NULL;
394 struct crypt_params_luks1 params = {
395 .hash = opt_hash ?: DEFAULT_LUKS1_HASH,
396 .data_alignment = opt_align_payload,
399 if(asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]) == -1) {
400 log_err(_("memory allocation error in action_luksFormat"));
404 r = _yesDialog(msg, NULL) ? 0 : -EINVAL;
409 r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(LUKS1),
410 cipher, NULL, cipher_mode);
412 log_err("No known cipher specification pattern detected.\n");
416 if ((r = crypt_init(&cd, action_argv[0])))
419 keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8;
421 crypt_set_password_verify(cd, 1);
422 crypt_set_timeout(cd, opt_timeout);
423 if (opt_iteration_time)
424 crypt_set_iterarion_time(cd, opt_iteration_time);
427 crypt_set_rng_type(cd, CRYPT_RNG_RANDOM);
428 else if (opt_urandom)
429 crypt_set_rng_type(cd, CRYPT_RNG_URANDOM);
431 r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
432 opt_keyfile_size, opt_key_file, opt_timeout,
433 opt_batch_mode ? 0 : 1 /* always verify */, cd);
437 if (opt_master_key_file) {
438 r = _read_mk(opt_master_key_file, &key, keysize);
443 r = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode,
444 opt_uuid, key, keysize, ¶ms);
448 r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot,
450 password, passwordLen);
453 crypt_safe_free(key);
454 crypt_safe_free(password);
459 static int action_luksOpen(int arg)
461 struct crypt_device *cd = NULL;
465 if ((r = crypt_init(&cd, action_argv[0])))
468 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
471 crypt_set_timeout(cd, opt_timeout);
472 crypt_set_password_retry(cd, opt_tries);
474 if (opt_iteration_time)
475 crypt_set_iterarion_time(cd, opt_iteration_time);
477 flags |= CRYPT_ACTIVATE_READONLY;
480 crypt_set_password_retry(cd, 1);
481 r = crypt_activate_by_keyfile(cd, action_argv[1],
482 CRYPT_ANY_SLOT, opt_key_file, opt_keyfile_size,
485 r = crypt_activate_by_passphrase(cd, action_argv[1],
486 CRYPT_ANY_SLOT, NULL, 0, flags);
492 static int verify_keyslot(struct crypt_device *cd, int key_slot,
493 char *msg_last, char *msg_pass,
494 const char *key_file, int keyfile_size)
496 crypt_keyslot_info ki;
497 char *password = NULL;
498 unsigned int passwordLen, i;
501 ki = crypt_keyslot_status(cd, key_slot);
502 if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !_yesDialog(msg_last, NULL))
505 r = crypt_get_key(msg_pass, &password, &passwordLen,
506 keyfile_size, key_file, opt_timeout,
507 opt_batch_mode ? 0 : opt_verify_passphrase, cd);
511 if (ki == CRYPT_SLOT_ACTIVE_LAST) {
512 /* check the last keyslot */
513 r = crypt_activate_by_passphrase(cd, NULL, key_slot,
514 password, passwordLen, 0);
516 /* try all other keyslots */
517 for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS1); i++) {
520 ki = crypt_keyslot_status(cd, key_slot);
521 if (ki == CRYPT_SLOT_ACTIVE)
522 r = crypt_activate_by_passphrase(cd, NULL, i,
523 password, passwordLen, 0);
530 log_err(_("No key available with this passphrase.\n"));
532 crypt_safe_free(password);
536 static int action_luksKillSlot(int arg)
538 struct crypt_device *cd = NULL;
541 if ((r = crypt_init(&cd, action_argv[0])))
544 crypt_set_confirm_callback(cd, _yesDialog, NULL);
545 crypt_set_timeout(cd, opt_timeout);
547 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
550 switch (crypt_keyslot_status(cd, opt_key_slot)) {
551 case CRYPT_SLOT_ACTIVE_LAST:
552 case CRYPT_SLOT_ACTIVE:
553 log_verbose(_("Key slot %d selected for deletion.\n"), opt_key_slot);
555 case CRYPT_SLOT_INACTIVE:
556 log_err(_("Key %d not active. Can't wipe.\n"), opt_key_slot);
557 case CRYPT_SLOT_INVALID:
561 if (!opt_batch_mode) {
562 r = verify_keyslot(cd, opt_key_slot,
563 _("This is the last keyslot. Device will become unusable after purging this key."),
564 _("Enter any remaining LUKS passphrase: "),
565 opt_key_file, opt_keyfile_size);
570 r = crypt_keyslot_destroy(cd, opt_key_slot);
576 static int action_luksRemoveKey(int arg)
578 struct crypt_device *cd = NULL;
579 char *password = NULL;
580 unsigned int passwordLen;
583 if ((r = crypt_init(&cd, action_argv[0])))
586 crypt_set_confirm_callback(cd, _yesDialog, NULL);
587 crypt_set_timeout(cd, opt_timeout);
589 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
592 r = crypt_get_key(_("Enter LUKS passphrase to be deleted: "),
593 &password, &passwordLen,
594 opt_keyfile_size, opt_key_file,
596 opt_batch_mode ? 0 : opt_verify_passphrase,
601 r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT,
602 password, passwordLen, 0);
607 log_verbose(_("Key slot %d selected for deletion.\n"), opt_key_slot);
609 if (crypt_keyslot_status(cd, opt_key_slot) == CRYPT_SLOT_ACTIVE_LAST &&
610 !_yesDialog(_("This is the last keyslot. "
611 "Device will become unusable after purging this key."),
617 r = crypt_keyslot_destroy(cd, opt_key_slot);
619 crypt_safe_free(password);
624 static int action_luksAddKey(int arg)
626 int r = -EINVAL, keysize = 0;
628 const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL);
629 struct crypt_device *cd = NULL;
631 if ((r = crypt_init(&cd, action_argv[0])))
634 crypt_set_confirm_callback(cd, _yesDialog, NULL);
636 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
639 keysize = crypt_get_volume_key_size(cd);
640 crypt_set_password_verify(cd, opt_verify_passphrase ? 1 : 0);
641 crypt_set_timeout(cd, opt_timeout);
642 if (opt_iteration_time)
643 crypt_set_iterarion_time(cd, opt_iteration_time);
645 if (opt_master_key_file) {
646 r = _read_mk(opt_master_key_file, &key, keysize);
649 //FIXME: process keyfile arg
650 r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot,
651 key, keysize, NULL, 0);
652 } else if (opt_key_file || opt_new_key_file) {
653 r = crypt_keyslot_add_by_keyfile(cd, opt_key_slot,
654 opt_key_file, opt_keyfile_size,
655 opt_new_key_file, opt_new_keyfile_size);
657 r = crypt_keyslot_add_by_passphrase(cd, opt_key_slot,
662 crypt_safe_free(key);
666 static int action_isLuks(int arg)
668 struct crypt_device *cd = NULL;
671 if ((r = crypt_init(&cd, action_argv[0])))
674 r = crypt_load(cd, CRYPT_LUKS1, NULL);
680 static int action_luksUUID(int arg)
682 struct crypt_device *cd = NULL;
683 const char *existing_uuid = NULL;
686 if ((r = crypt_init(&cd, action_argv[0])))
689 crypt_set_confirm_callback(cd, _yesDialog, NULL);
691 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
695 r = crypt_set_uuid(cd, opt_uuid);
697 existing_uuid = crypt_get_uuid(cd);
698 log_std("%s\n", existing_uuid ?: "");
699 r = existing_uuid ? 0 : 1;
706 static int luksDump_with_volume_key(struct crypt_device *cd)
708 char *vk = NULL, *password = NULL;
709 unsigned int passwordLen = 0;
713 crypt_set_confirm_callback(cd, _yesDialog, NULL);
715 _("LUKS header dump with volume key is sensitive information\n"
716 "which allows access to encrypted partition without passphrase.\n"
717 "This dump should be always stored encrypted on safe place."),
721 vk_size = crypt_get_volume_key_size(cd);
722 vk = crypt_safe_alloc(vk_size);
726 r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
727 opt_keyfile_size, opt_key_file, opt_timeout, 0, cd);
731 r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size,
732 password, passwordLen);
736 log_std("LUKS header information for %s\n", crypt_get_device_name(cd));
737 log_std("Cipher name: \t%s\n", crypt_get_cipher(cd));
738 log_std("Cipher mode: \t%s\n", crypt_get_cipher_mode(cd));
739 log_std("Payload offset:\t%d\n", crypt_get_data_offset(cd));
740 log_std("UUID: \t%s\n", crypt_get_uuid(cd));
741 log_std("MK bits: \t%d\n", vk_size * 8);
742 log_std("MK dump:\t");
744 for(i = 0; i < vk_size; i++) {
747 log_std("%02hhx ", (char)vk[i]);
752 crypt_safe_free(password);
757 static int action_luksDump(int arg)
759 struct crypt_device *cd = NULL;
762 if ((r = crypt_init(&cd, action_argv[0])))
765 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
768 if (opt_dump_master_key)
769 r = luksDump_with_volume_key(cd);
777 static int action_luksSuspend(int arg)
779 struct crypt_device *cd = NULL;
782 r = crypt_init_by_name(&cd, action_argv[0]);
784 r = crypt_suspend(cd, action_argv[0]);
790 static int action_luksResume(int arg)
792 struct crypt_device *cd = NULL;
795 if ((r = crypt_init_by_name(&cd, action_argv[0])))
798 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
802 r = crypt_resume_by_keyfile(cd, action_argv[0], CRYPT_ANY_SLOT,
803 opt_key_file, opt_keyfile_size);
805 r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
812 static int action_luksBackup(int arg)
814 struct crypt_device *cd = NULL;
817 if (!opt_header_backup_file) {
818 log_err(_("Option --header-backup-file is required.\n"));
822 if ((r = crypt_init(&cd, action_argv[0])))
825 crypt_set_confirm_callback(cd, _yesDialog, NULL);
827 r = crypt_header_backup(cd, CRYPT_LUKS1, opt_header_backup_file);
833 static int action_luksRestore(int arg)
835 struct crypt_device *cd = NULL;
838 if (!opt_header_backup_file) {
839 log_err(_("Option --header-backup-file is required.\n"));
843 if ((r = crypt_init(&cd, action_argv[0])))
846 crypt_set_confirm_callback(cd, _yesDialog, NULL);
847 r = crypt_header_restore(cd, CRYPT_LUKS1, opt_header_backup_file);
853 static __attribute__ ((noreturn)) void usage(poptContext popt_context,
854 int exitcode, const char *error,
857 poptPrintUsage(popt_context, stderr, 0);
859 log_err("%s: %s\n", more, error);
863 static void help(poptContext popt_context, enum poptCallbackReason reason,
864 struct poptOption *key, const char * arg, void *data)
866 if (key->shortName == '?') {
867 struct action_type *action;
869 log_std("%s\n",PACKAGE_STRING);
871 poptPrintHelp(popt_context, stdout, 0);
874 "<action> is one of:\n"));
876 for(action = action_types; action->type; action++)
877 log_std("\t%s %s - %s\n", action->type, _(action->arg_desc), _(action->desc));
880 "<name> is the device to create under %s\n"
881 "<device> is the encrypted device\n"
882 "<key slot> is the LUKS key slot number to modify\n"
883 "<key file> optional key file for the new key for luksAddKey action\n"),
886 log_std(_("\nDefault compiled-in device cipher parameters:\n"
887 "\tplain: %s, Key: %d bits, Password hashing: %s\n"
888 "\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"),
889 DEFAULT_CIPHER(PLAIN), DEFAULT_PLAIN_KEYBITS, DEFAULT_PLAIN_HASH,
890 DEFAULT_CIPHER(LUKS1), DEFAULT_LUKS1_KEYBITS, DEFAULT_LUKS1_HASH,
894 usage(popt_context, EXIT_SUCCESS, NULL, NULL);
897 static void _dbg_version_and_cmd(int argc, char **argv)
901 log_std("# %s %s processing \"", PACKAGE_NAME, PACKAGE_VERSION);
902 for (i = 0; i < argc; i++) {
910 static int run_action(struct action_type *action)
914 log_dbg("Running command %s.", action->type);
916 if (action->required_memlock)
917 crypt_memory_lock(NULL, 1);
919 r = action->handler(action->arg);
921 if (action->required_memlock)
922 crypt_memory_lock(NULL, 0);
924 /* Some functions returns keyslot # */
930 /* Translate exit code to simple codes */
932 case 0: r = EXIT_SUCCESS; break;
934 case -EBUSY: r = 5; break;
936 case -ENODEV: r = 4; break;
937 case -ENOMEM: r = 3; break;
938 case -EPERM: r = 2; break;
942 default: r = EXIT_FAILURE;
947 int main(int argc, char **argv)
949 static char *popt_tmp;
950 static struct poptOption popt_help_options[] = {
951 { NULL, '\0', POPT_ARG_CALLBACK, help, 0, NULL, NULL },
952 { "help", '?', POPT_ARG_NONE, NULL, 0, N_("Show this help message"), NULL },
953 { "usage", '\0', POPT_ARG_NONE, NULL, 0, N_("Display brief usage"), NULL },
956 static struct poptOption popt_options[] = {
957 { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
958 { "version", '\0', POPT_ARG_NONE, &opt_version_mode, 0, N_("Print package version"), NULL },
959 { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL },
960 { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL },
961 { "cipher", 'c', POPT_ARG_STRING, &opt_cipher, 0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL },
962 { "hash", 'h', POPT_ARG_STRING, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL },
963 { "verify-passphrase", 'y', POPT_ARG_NONE, &opt_verify_passphrase, 0, N_("Verifies the passphrase by asking for it twice"), NULL },
964 { "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 0, N_("Read the key from a file."), NULL },
965 { "master-key-file", '\0', POPT_ARG_STRING, &opt_master_key_file, 0, N_("Read the volume (master) key from file."), NULL },
966 { "dump-master-key", '\0', POPT_ARG_NONE, &opt_dump_master_key, 0, N_("Dump volume (master) key instead of keyslots info."), NULL },
967 { "key-size", 's', POPT_ARG_INT, &opt_key_size, 0, N_("The size of the encryption key"), N_("BITS") },
968 { "keyfile-size", 'l', POPT_ARG_INT, &opt_keyfile_size, 0, N_("Limits the read from keyfile"), N_("bytes") },
969 { "new-keyfile-size", '\0', POPT_ARG_INT, &opt_new_keyfile_size, 0, N_("Limits the read from newly added keyfile"), N_("bytes") },
970 { "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Slot number for new key (default is first free)"), NULL },
971 { "size", 'b', POPT_ARG_STRING, &popt_tmp, 1, N_("The size of the device"), N_("SECTORS") },
972 { "offset", 'o', POPT_ARG_STRING, &popt_tmp, 2, N_("The start offset in the backend device"), N_("SECTORS") },
973 { "skip", 'p', POPT_ARG_STRING, &popt_tmp, 3, N_("How many sectors of the encrypted data to skip at the beginning"), N_("SECTORS") },
974 { "readonly", 'r', POPT_ARG_NONE, &opt_readonly, 0, N_("Create a readonly mapping"), NULL },
975 { "iter-time", 'i', POPT_ARG_INT, &opt_iteration_time, 0, N_("PBKDF2 iteration time for LUKS (in ms)"), N_("msecs") },
976 { "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL },
977 { "timeout", 't', POPT_ARG_INT, &opt_timeout, 0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") },
978 { "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL },
979 { "align-payload", '\0', POPT_ARG_INT, &opt_align_payload, 0, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS") },
980 { "header-backup-file",'\0', POPT_ARG_STRING, &opt_header_backup_file, 0, N_("File with LUKS header and keyslots backup."), NULL },
981 { "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key."), NULL },
982 { "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key."), NULL },
983 { "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use."), NULL },
986 poptContext popt_context;
987 struct action_type *action;
990 const char *null_action_argv[] = {NULL};
992 crypt_set_log_callback(NULL, _log, NULL);
994 setlocale(LC_ALL, "");
995 bindtextdomain(PACKAGE, LOCALEDIR);
998 popt_context = poptGetContext(PACKAGE, argc, (const char **)argv,
1000 poptSetOtherOptionHelp(popt_context,
1001 N_("[OPTION...] <action> <action-specific>]"));
1003 while((r = poptGetNextOpt(popt_context)) > 0) {
1004 unsigned long long ull_value;
1007 ull_value = strtoull(popt_tmp, &endp, 0);
1008 if (*endp || !*popt_tmp)
1009 r = POPT_ERROR_BADNUMBER;
1013 opt_size = ull_value;
1016 opt_offset = ull_value;
1019 opt_skip = ull_value;
1028 usage(popt_context, EXIT_FAILURE, poptStrerror(r),
1029 poptBadOption(popt_context, POPT_BADOPTION_NOALIAS));
1030 if (opt_version_mode) {
1031 log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
1035 if (!(aname = (char *)poptGetArg(popt_context)))
1036 usage(popt_context, EXIT_FAILURE, _("Argument <action> missing."),
1037 poptGetInvocationName(popt_context));
1038 for(action = action_types; action->type; action++)
1039 if (strcmp(action->type, aname) == 0)
1042 usage(popt_context, EXIT_FAILURE, _("Unknown action."),
1043 poptGetInvocationName(popt_context));
1046 action_argv = poptGetArgs(popt_context);
1047 /* Make return values of poptGetArgs more consistent in case of remaining argc = 0 */
1049 action_argv = null_action_argv;
1051 /* Count args, somewhat unnice, change? */
1052 while(action_argv[action_argc] != NULL)
1055 if(action_argc < action->required_action_argc) {
1057 snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc);
1058 usage(popt_context, EXIT_FAILURE, buf,
1059 poptGetInvocationName(popt_context));
1062 /* FIXME: rewrite this from scratch */
1065 strcmp(aname, "luksFormat") &&
1066 strcmp(aname, "create") &&
1067 strcmp(aname, "loopaesOpen")) {
1068 usage(popt_context, EXIT_FAILURE,
1069 _("Option --key-size is allowed only for luksFormat, create and loopaesOpen.\n"
1070 "To limit read from keyfile use --keyfile-size=(bytes)."),
1071 poptGetInvocationName(popt_context));
1074 if (opt_key_size % 8)
1075 usage(popt_context, EXIT_FAILURE,
1076 _("Key size must be a multiple of 8 bits"),
1077 poptGetInvocationName(popt_context));
1079 if (!strcmp(aname, "luksKillSlot") && action_argc > 1)
1080 opt_key_slot = atoi(action_argv[1]);
1081 if (opt_key_slot != CRYPT_ANY_SLOT &&
1082 (opt_key_slot < 0 || opt_key_slot > crypt_keyslot_max(CRYPT_LUKS1)))
1083 usage(popt_context, EXIT_FAILURE, _("Key slot is invalid."),
1084 poptGetInvocationName(popt_context));
1086 if ((!strcmp(aname, "luksRemoveKey") ||
1087 !strcmp(aname, "luksFormat")) &&
1090 log_err(_("Option --key-file takes precedence over specified key file argument.\n"));
1092 opt_key_file = (char*)action_argv[1];
1095 if (opt_random && opt_urandom)
1096 usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."),
1097 poptGetInvocationName(popt_context));
1098 if ((opt_random || opt_urandom) && strcmp(aname, "luksFormat"))
1099 usage(popt_context, EXIT_FAILURE, _("Option --use-[u]random is allowed only for luksFormat."),
1100 poptGetInvocationName(popt_context));
1102 if (opt_uuid && strcmp(aname, "luksFormat") && strcmp(aname, "luksUUID"))
1103 usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only for luksFormat and luksUUID."),
1104 poptGetInvocationName(popt_context));
1106 if ((opt_offset || opt_skip) && strcmp(aname, "create"))
1107 usage(popt_context, EXIT_FAILURE, _("Options --offset and --skip are supported only for create command.\n"),
1108 poptGetInvocationName(popt_context));
1112 crypt_set_debug_level(-1);
1113 _dbg_version_and_cmd(argc, argv);
1116 return run_action(action);