*
* Copyright (C) 2004, Christophe Saout <christophe@saout.de>
* Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
- * Copyright (C) 2009-2011, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
#include <fcntl.h>
#include <assert.h>
#include <limits.h>
-#include <libcryptsetup.h>
#include <popt.h>
#include "cryptsetup.h"
static int opt_dump_master_key = 0;
static int opt_shared = 0;
static int opt_allow_discards = 0;
+static int opt_test_passphrase = 0;
static const char **action_argv;
static int action_argc;
}
out:
crypt_free(cd);
+ if (r == -ENOTSUP)
+ r = 0;
return r;
}
static int action_luksOpen(int arg __attribute__((unused)))
{
struct crypt_device *cd = NULL;
- const char *data_device, *header_device;
+ const char *data_device, *header_device, *activated_name;
char *key = NULL;
uint32_t flags = 0;
int r, keysize;
data_device = NULL;
}
+ activated_name = opt_test_passphrase ? NULL : action_argv[1];
+
if ((r = crypt_init(&cd, header_device)))
goto out;
r = _read_mk(opt_master_key_file, &key, keysize);
if (r < 0)
goto out;
- r = crypt_activate_by_volume_key(cd, action_argv[1],
+ r = crypt_activate_by_volume_key(cd, activated_name,
key, keysize, flags);
} else if (opt_key_file) {
crypt_set_password_retry(cd, 1);
- r = crypt_activate_by_keyfile_offset(cd, action_argv[1],
+ r = crypt_activate_by_keyfile_offset(cd, activated_name,
opt_key_slot, opt_key_file, opt_keyfile_size,
opt_keyfile_offset, flags);
} else
- r = crypt_activate_by_passphrase(cd, action_argv[1],
+ r = crypt_activate_by_passphrase(cd, activated_name,
opt_key_slot, NULL, 0, flags);
out:
crypt_safe_free(key);
{ "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use."), NULL },
{ "allow-discards", '\0', POPT_ARG_NONE, &opt_allow_discards, 0, N_("Allow discards (aka TRIM) requests for device."), NULL },
{ "header", '\0', POPT_ARG_STRING, &opt_header_device, 0, N_("Device or file with separated LUKS header."), NULL },
+ { "test-passphrase", '\0', POPT_ARG_NONE, &opt_test_passphrase, 0, N_("Do not activate device, just check passphrase."), NULL },
POPT_TABLEEND
};
poptContext popt_context;
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
+ crypt_fips_self_check(NULL);
+
popt_context = poptGetContext(PACKAGE, argc, argv, popt_options, 0);
poptSetOtherOptionHelp(popt_context,
- N_("[OPTION...] <action> <action-specific>]"));
+ N_("[OPTION...] <action> <action-specific>"));
while((r = poptGetNextOpt(popt_context)) > 0) {
unsigned long long ull_value;
/* FIXME: rewrite this from scratch */
- if (opt_shared && strcmp(aname, "create")) {
+ if (opt_shared && strcmp(aname, "create"))
usage(popt_context, EXIT_FAILURE,
_("Option --shared is allowed only for create operation.\n"),
poptGetInvocationName(popt_context));
- }
if (opt_allow_discards &&
strcmp(aname, "luksOpen") &&
strcmp(aname, "create") &&
- strcmp(aname, "loopaesOpen")) {
+ strcmp(aname, "loopaesOpen"))
usage(popt_context, EXIT_FAILURE,
_("Option --allow-discards is allowed only for luksOpen, loopaesOpen and create operation.\n"),
poptGetInvocationName(popt_context));
- }
if (opt_key_size &&
strcmp(aname, "luksFormat") &&
strcmp(aname, "create") &&
- strcmp(aname, "loopaesOpen")) {
+ strcmp(aname, "loopaesOpen"))
usage(popt_context, EXIT_FAILURE,
_("Option --key-size is allowed only for luksFormat, create and loopaesOpen.\n"
"To limit read from keyfile use --keyfile-size=(bytes)."),
poptGetInvocationName(popt_context));
- }
+
+ if (opt_test_passphrase &&
+ strcmp(aname, "luksOpen"))
+ usage(popt_context, EXIT_FAILURE,
+ _("Option --test-passphrase is allowed only for luksOpen.\n"),
+ poptGetInvocationName(popt_context));
if (opt_key_size % 8)
usage(popt_context, EXIT_FAILURE,
}
if (opt_keyfile_size < 0 || opt_new_keyfile_size < 0 || opt_key_size < 0 ||
- opt_keyfile_offset < 0 || opt_new_keyfile_offset < 0) {
+ opt_keyfile_offset < 0 || opt_new_keyfile_offset < 0)
usage(popt_context, EXIT_FAILURE,
_("Negative number for option not permitted."),
poptGetInvocationName(popt_context));
- }
if (opt_random && opt_urandom)
usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."),