12 #include <libcryptsetup.h>
15 #include "../config.h"
17 #include "cryptsetup.h"
19 static int opt_verbose = 0;
20 static int opt_debug = 0;
21 static char *opt_cipher = NULL;
22 static char *opt_hash = NULL;
23 static int opt_verify_passphrase = 0;
24 static char *opt_key_file = NULL;
25 static char *opt_master_key_file = NULL;
26 static char *opt_header_backup_file = NULL;
27 static char *opt_uuid = NULL;
28 static unsigned int opt_key_size = 0;
29 static unsigned int opt_keyfile_size = 0;
30 static unsigned int opt_new_keyfile_size = 0;
31 static int opt_key_slot = CRYPT_ANY_SLOT;
32 static uint64_t opt_size = 0;
33 static uint64_t opt_offset = 0;
34 static uint64_t opt_skip = 0;
35 static int opt_readonly = 0;
36 static int opt_iteration_time = 1000;
37 static int opt_batch_mode = 0;
38 static int opt_version_mode = 0;
39 static int opt_timeout = 0;
40 static int opt_tries = 3;
41 static int opt_align_payload = 0;
42 static int opt_random = 0;
43 static int opt_urandom = 0;
44 static int opt_dump_master_key = 0;
46 static const char **action_argv;
47 static int action_argc;
49 static int action_create(int arg);
50 static int action_remove(int arg);
51 static int action_resize(int arg);
52 static int action_status(int arg);
53 static int action_luksFormat(int arg);
54 static int action_luksOpen(int arg);
55 static int action_luksAddKey(int arg);
56 static int action_luksKillSlot(int arg);
57 static int action_luksRemoveKey(int arg);
58 static int action_isLuks(int arg);
59 static int action_luksUUID(int arg);
60 static int action_luksDump(int arg);
61 static int action_luksSuspend(int arg);
62 static int action_luksResume(int arg);
63 static int action_luksBackup(int arg);
64 static int action_luksRestore(int arg);
66 static struct action_type {
70 int required_action_argc;
75 { "create", action_create, 0, 2, 1, N_("<name> <device>"),N_("create device") },
76 { "remove", action_remove, 0, 1, 1, N_("<name>"), N_("remove device") },
77 { "resize", action_resize, 0, 1, 1, N_("<name>"), N_("resize active device") },
78 { "status", action_status, 0, 1, 0, N_("<name>"), N_("show device status") },
79 { "luksFormat", action_luksFormat, 0, 1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
80 { "luksOpen", action_luksOpen, 0, 2, 1, N_("<device> <name> "), N_("open LUKS device as mapping <name>") },
81 { "luksAddKey", action_luksAddKey, 0, 1, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
82 { "luksRemoveKey",action_luksRemoveKey, 0, 1, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
83 { "luksKillSlot", action_luksKillSlot, 0, 2, 1, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") },
84 { "luksUUID", action_luksUUID, 0, 1, 0, N_("<device>"), N_("print UUID of LUKS device") },
85 { "isLuks", action_isLuks, 0, 1, 0, N_("<device>"), N_("tests <device> for LUKS partition header") },
86 { "luksClose", action_remove, 0, 1, 1, N_("<name>"), N_("remove LUKS mapping") },
87 { "luksDump", action_luksDump, 0, 1, 0, N_("<device>"), N_("dump LUKS partition information") },
88 { "luksSuspend",action_luksSuspend, 0, 1, 1, N_("<device>"), N_("Suspend LUKS device and wipe key (all IOs are frozen).") },
89 { "luksResume", action_luksResume, 0, 1, 1, N_("<device>"), N_("Resume suspended LUKS device.") },
90 { "luksHeaderBackup",action_luksBackup, 0, 1, 1, N_("<device>"), N_("Backup LUKS device header and keyslots") },
91 { "luksHeaderRestore",action_luksRestore,0,1, 1, N_("<device>"), N_("Restore LUKS device header and keyslots") },
92 { NULL, NULL, 0, 0, 0, NULL, NULL }
95 static void clogger(struct crypt_device *cd, int level, const char *file,
96 int line, const char *format, ...)
101 va_start(argp, format);
103 if (vasprintf(&target, format, argp) > 0) {
105 crypt_log(cd, level, target);
107 } else if (opt_debug)
108 printf("# %s:%d %s\n", file ?: "?", line, target);
110 } else if (opt_debug)
111 printf("# %s\n", target);
119 static int _yesDialog(const char *msg, void *usrptr)
125 if(isatty(0) && !opt_batch_mode) {
126 log_std("\nWARNING!\n========\n");
127 log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg);
128 if(getline(&answer, &size, stdin) == -1) {
133 if(strcmp(answer, "YES\n"))
141 static void _log(int level, const char *msg, void *usrptr)
145 case CRYPT_LOG_NORMAL:
148 case CRYPT_LOG_VERBOSE:
152 case CRYPT_LOG_ERROR:
156 fprintf(stderr, "Internal error on logging class for msg: %s", msg);
161 static void show_status(int errcode)
163 char error[256], *error_;
169 log_std(_("Command successful.\n"));
173 crypt_get_error(error, sizeof(error));
176 error_ = strerror_r(-errcode, error, sizeof(error));
177 if (error_ != error) {
178 strncpy(error, error_, sizeof(error));
179 error[sizeof(error) - 1] = '\0';
183 log_err(_("Command failed with code %i"), -errcode);
185 log_err(": %s\n", error);
190 static int action_create(int arg)
192 struct crypt_device *cd = NULL;
193 char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
194 struct crypt_params_plain params = {
195 .hash = opt_hash ?: DEFAULT_PLAIN_HASH,
197 .offset = opt_offset,
199 char *password = NULL;
200 unsigned int passwordLen;
201 unsigned int key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8;
204 if (params.hash && !strcmp(params.hash, "plain"))
207 /* FIXME: temporary hack */
208 if (opt_key_file && strcmp(opt_key_file, "-"))
211 r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(PLAIN),
212 cipher, NULL, cipher_mode);
214 log_err("No known cipher specification pattern detected.\n");
218 if ((r = crypt_init(&cd, action_argv[1])))
221 crypt_set_timeout(cd, opt_timeout);
222 crypt_set_password_retry(cd, opt_tries);
224 r = crypt_format(cd, CRYPT_PLAIN,
233 r = crypt_activate_by_keyfile(cd, action_argv[0],
234 CRYPT_ANY_SLOT, opt_key_file, key_size,
235 opt_readonly ? CRYPT_ACTIVATE_READONLY : 0);
237 r = crypt_get_key(_("Enter passphrase: "),
238 &password, &passwordLen, 0, NULL,
240 opt_batch_mode ? 0 : opt_verify_passphrase,
245 r = crypt_activate_by_passphrase(cd, action_argv[0],
246 CRYPT_ANY_SLOT, password, passwordLen,
247 opt_readonly ? CRYPT_ACTIVATE_READONLY : 0);
251 crypt_safe_free(password);
256 static int action_remove(int arg)
258 struct crypt_device *cd = NULL;
261 r = crypt_init_by_name(&cd, action_argv[0]);
263 r = crypt_deactivate(cd, action_argv[0]);
269 static int action_resize(int arg)
271 struct crypt_device *cd = NULL;
274 r = crypt_init_by_name(&cd, action_argv[0]);
276 r = crypt_resize(cd, action_argv[0], opt_size);
282 static int action_status(int arg)
284 crypt_status_info ci;
285 struct crypt_active_device cad;
286 struct crypt_device *cd = NULL;
289 ci = crypt_status(NULL, action_argv[0]);
295 log_std("%s/%s is inactive.\n", crypt_get_dir(), action_argv[0]);
299 log_std("%s/%s is active%s.\n", crypt_get_dir(), action_argv[0],
300 ci == CRYPT_BUSY ? " and is in use" : "");
301 r = crypt_init_by_name(&cd, action_argv[0]);
302 if (r < 0 || !crypt_get_type(cd))
305 log_std(" type: %s\n", crypt_get_type(cd));
307 r = crypt_get_active_device(cd, action_argv[0], &cad);
311 log_std(" cipher: %s-%s\n", crypt_get_cipher(cd), crypt_get_cipher_mode(cd));
312 log_std(" keysize: %d bits\n", crypt_get_volume_key_size(cd) * 8);
313 log_std(" device: %s\n", crypt_get_device_name(cd));
314 log_std(" offset: %" PRIu64 " sectors\n", cad.offset);
315 log_std(" size: %" PRIu64 " sectors\n", cad.size);
317 log_std(" skipped: %" PRIu64 " sectors\n", cad.iv_offset);
318 log_std(" mode: %s\n", cad.flags & CRYPT_ACTIVATE_READONLY ?
319 "readonly" : "read/write");
326 static int _read_mk(const char *file, char **key, int keysize)
330 *key = crypt_safe_alloc(keysize);
334 fd = open(file, O_RDONLY);
336 log_err("Cannot read keyfile %s.\n", file);
339 if ((read(fd, *key, keysize) != keysize)) {
340 log_err("Cannot read %d bytes from keyfile %s.\n", keysize, file);
347 crypt_safe_free(*key);
352 static int action_luksFormat(int arg)
354 int r = -EINVAL, keysize;
355 char *msg = NULL, *key = NULL, cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
356 char *password = NULL;
357 unsigned int passwordLen;
358 struct crypt_device *cd = NULL;
359 struct crypt_params_luks1 params = {
360 .hash = opt_hash ?: DEFAULT_LUKS1_HASH,
361 .data_alignment = opt_align_payload,
364 if(asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]) == -1) {
365 log_err(_("memory allocation error in action_luksFormat"));
369 r = _yesDialog(msg, NULL) ? 0 : -EINVAL;
374 r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(LUKS1),
375 cipher, NULL, cipher_mode);
377 log_err("No known cipher specification pattern detected.\n");
381 if ((r = crypt_init(&cd, action_argv[0])))
384 keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8;
386 crypt_set_password_verify(cd, 1);
387 crypt_set_timeout(cd, opt_timeout);
388 if (opt_iteration_time)
389 crypt_set_iterarion_time(cd, opt_iteration_time);
392 crypt_set_rng_type(cd, CRYPT_RNG_RANDOM);
393 else if (opt_urandom)
394 crypt_set_rng_type(cd, CRYPT_RNG_URANDOM);
396 r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
397 opt_keyfile_size, opt_key_file, opt_timeout,
398 opt_batch_mode ? 0 : 1 /* always verify */, cd);
402 if (opt_master_key_file) {
403 r = _read_mk(opt_master_key_file, &key, keysize);
408 r = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode,
409 opt_uuid, key, keysize, ¶ms);
413 r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot,
415 password, passwordLen);
418 crypt_safe_free(key);
419 crypt_safe_free(password);
424 static int action_luksOpen(int arg)
426 struct crypt_device *cd = NULL;
430 if ((r = crypt_init(&cd, action_argv[0])))
433 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
436 crypt_set_timeout(cd, opt_timeout);
437 crypt_set_password_retry(cd, opt_tries);
439 if (opt_iteration_time)
440 crypt_set_iterarion_time(cd, opt_iteration_time);
442 flags |= CRYPT_ACTIVATE_READONLY;
445 crypt_set_password_retry(cd, 1);
446 r = crypt_activate_by_keyfile(cd, action_argv[1],
447 CRYPT_ANY_SLOT, opt_key_file, opt_keyfile_size,
450 r = crypt_activate_by_passphrase(cd, action_argv[1],
451 CRYPT_ANY_SLOT, NULL, 0, flags);
457 static int verify_keyslot(struct crypt_device *cd, int key_slot,
458 char *msg_last, char *msg_pass,
459 const char *key_file, int keyfile_size)
461 crypt_keyslot_info ki;
462 char *password = NULL;
463 unsigned int passwordLen, i;
466 ki = crypt_keyslot_status(cd, key_slot);
467 if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !_yesDialog(msg_last, NULL))
470 r = crypt_get_key(msg_pass, &password, &passwordLen,
471 keyfile_size, key_file, opt_timeout,
472 opt_batch_mode ? 0 : opt_verify_passphrase, cd);
476 if (ki == CRYPT_SLOT_ACTIVE_LAST) {
477 /* check the last keyslot */
478 r = crypt_activate_by_passphrase(cd, NULL, key_slot,
479 password, passwordLen, 0);
481 /* try all other keyslots */
482 for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS1); i++) {
485 ki = crypt_keyslot_status(cd, key_slot);
486 if (ki == CRYPT_SLOT_ACTIVE)
487 r = crypt_activate_by_passphrase(cd, NULL, i,
488 password, passwordLen, 0);
495 log_err(_("No key available with this passphrase.\n"));
497 crypt_safe_free(password);
501 static int action_luksKillSlot(int arg)
503 struct crypt_device *cd = NULL;
506 if ((r = crypt_init(&cd, action_argv[0])))
509 crypt_set_confirm_callback(cd, _yesDialog, NULL);
510 crypt_set_timeout(cd, opt_timeout);
512 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
515 switch (crypt_keyslot_status(cd, opt_key_slot)) {
516 case CRYPT_SLOT_ACTIVE_LAST:
517 case CRYPT_SLOT_ACTIVE:
518 log_verbose(_("Key slot %d selected for deletion.\n"), opt_key_slot);
520 case CRYPT_SLOT_INACTIVE:
521 log_err(_("Key %d not active. Can't wipe.\n"), opt_key_slot);
522 case CRYPT_SLOT_INVALID:
526 if (!opt_batch_mode) {
527 r = verify_keyslot(cd, opt_key_slot,
528 _("This is the last keyslot. Device will become unusable after purging this key."),
529 _("Enter any remaining LUKS passphrase: "),
530 opt_key_file, opt_keyfile_size);
535 r = crypt_keyslot_destroy(cd, opt_key_slot);
541 static int action_luksRemoveKey(int arg)
543 struct crypt_device *cd = NULL;
544 char *password = NULL;
545 unsigned int passwordLen;
548 if ((r = crypt_init(&cd, action_argv[0])))
551 crypt_set_confirm_callback(cd, _yesDialog, NULL);
552 crypt_set_timeout(cd, opt_timeout);
554 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
557 r = crypt_get_key(_("Enter LUKS passphrase to be deleted: "),
558 &password, &passwordLen,
559 opt_keyfile_size, opt_key_file,
561 opt_batch_mode ? 0 : opt_verify_passphrase,
566 r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT,
567 password, passwordLen, 0);
572 log_verbose(_("Key slot %d selected for deletion.\n"), opt_key_slot);
574 if (crypt_keyslot_status(cd, opt_key_slot) == CRYPT_SLOT_ACTIVE_LAST &&
575 !_yesDialog(_("This is the last keyslot. "
576 "Device will become unusable after purging this key."),
582 r = crypt_keyslot_destroy(cd, opt_key_slot);
584 crypt_safe_free(password);
589 static int action_luksAddKey(int arg)
591 int r = -EINVAL, keysize = 0;
593 const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL);
594 struct crypt_device *cd = NULL;
596 if ((r = crypt_init(&cd, action_argv[0])))
599 crypt_set_confirm_callback(cd, _yesDialog, NULL);
601 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
604 keysize = crypt_get_volume_key_size(cd);
605 crypt_set_password_verify(cd, opt_verify_passphrase ? 1 : 0);
606 crypt_set_timeout(cd, opt_timeout);
607 if (opt_iteration_time)
608 crypt_set_iterarion_time(cd, opt_iteration_time);
610 if (opt_master_key_file) {
611 if (_read_mk(opt_master_key_file, &key, keysize) < 0)
614 r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot,
615 key, keysize, NULL, 0);
616 } else if (opt_key_file || opt_new_key_file) {
617 r = crypt_keyslot_add_by_keyfile(cd, opt_key_slot,
618 opt_key_file, opt_keyfile_size,
619 opt_new_key_file, opt_new_keyfile_size);
621 r = crypt_keyslot_add_by_passphrase(cd, opt_key_slot,
626 crypt_safe_free(key);
630 static int action_isLuks(int arg)
632 struct crypt_device *cd = NULL;
635 if ((r = crypt_init(&cd, action_argv[0])))
638 r = crypt_load(cd, CRYPT_LUKS1, NULL);
644 static int action_luksUUID(int arg)
646 struct crypt_device *cd = NULL;
647 const char *existing_uuid = NULL;
650 if ((r = crypt_init(&cd, action_argv[0])))
653 crypt_set_confirm_callback(cd, _yesDialog, NULL);
655 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
659 r = crypt_set_uuid(cd, opt_uuid);
661 existing_uuid = crypt_get_uuid(cd);
662 log_std("%s\n", existing_uuid ?: "");
663 r = existing_uuid ? 0 : 1;
670 static int luksDump_with_volume_key(struct crypt_device *cd)
672 char *vk = NULL, *password = NULL;
673 unsigned int passwordLen = 0;
677 crypt_set_confirm_callback(cd, _yesDialog, NULL);
679 _("LUKS header dump with volume key is sensitive information\n"
680 "which allows access to encrypted partition without passphrase.\n"
681 "This dump should be always stored encrypted on safe place."),
685 vk_size = crypt_get_volume_key_size(cd);
686 vk = crypt_safe_alloc(vk_size);
690 r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
691 opt_keyfile_size, opt_key_file, opt_timeout, 0, cd);
695 r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size,
696 password, passwordLen);
700 log_std("LUKS header information for %s\n", crypt_get_device_name(cd));
701 log_std("Cipher name: \t%s\n", crypt_get_cipher(cd));
702 log_std("Cipher mode: \t%s\n", crypt_get_cipher_mode(cd));
703 log_std("Payload offset:\t%d\n", crypt_get_data_offset(cd));
704 log_std("UUID: \t%s\n", crypt_get_uuid(cd));
705 log_std("MK bits: \t%d\n", vk_size * 8);
706 log_std("MK dump:\t");
708 for(i = 0; i < vk_size; i++) {
711 log_std("%02hhx ", (char)vk[i]);
716 crypt_safe_free(password);
721 static int action_luksDump(int arg)
723 struct crypt_device *cd = NULL;
726 if ((r = crypt_init(&cd, action_argv[0])))
729 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
732 if (opt_dump_master_key)
733 r = luksDump_with_volume_key(cd);
741 static int action_luksSuspend(int arg)
743 struct crypt_device *cd = NULL;
746 r = crypt_init_by_name(&cd, action_argv[0]);
748 r = crypt_suspend(cd, action_argv[0]);
754 static int action_luksResume(int arg)
756 struct crypt_device *cd = NULL;
759 if ((r = crypt_init_by_name(&cd, action_argv[0])))
762 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
766 r = crypt_resume_by_keyfile(cd, action_argv[0], CRYPT_ANY_SLOT,
767 opt_key_file, opt_keyfile_size);
769 r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
776 static int action_luksBackup(int arg)
778 struct crypt_device *cd = NULL;
781 if (!opt_header_backup_file) {
782 log_err(_("Option --header-backup-file is required.\n"));
786 if ((r = crypt_init(&cd, action_argv[0])))
789 crypt_set_confirm_callback(cd, _yesDialog, NULL);
791 r = crypt_header_backup(cd, CRYPT_LUKS1, opt_header_backup_file);
797 static int action_luksRestore(int arg)
799 struct crypt_device *cd = NULL;
802 if (!opt_header_backup_file) {
803 log_err(_("Option --header-backup-file is required.\n"));
807 if ((r = crypt_init(&cd, action_argv[0])))
810 crypt_set_confirm_callback(cd, _yesDialog, NULL);
811 r = crypt_header_restore(cd, CRYPT_LUKS1, opt_header_backup_file);
817 static __attribute__ ((noreturn)) void usage(poptContext popt_context,
818 int exitcode, const char *error,
821 poptPrintUsage(popt_context, stderr, 0);
823 log_err("%s: %s\n", more, error);
827 static void help(poptContext popt_context, enum poptCallbackReason reason,
828 struct poptOption *key, const char * arg, void *data)
830 if (key->shortName == '?') {
831 struct action_type *action;
833 log_std("%s\n",PACKAGE_STRING);
835 poptPrintHelp(popt_context, stdout, 0);
838 "<action> is one of:\n"));
840 for(action = action_types; action->type; action++)
841 log_std("\t%s %s - %s\n", action->type, _(action->arg_desc), _(action->desc));
844 "<name> is the device to create under %s\n"
845 "<device> is the encrypted device\n"
846 "<key slot> is the LUKS key slot number to modify\n"
847 "<key file> optional key file for the new key for luksAddKey action\n"),
850 log_std(_("\nDefault compiled-in device cipher parameters:\n"
851 "\tplain: %s, Key: %d bits, Password hashing: %s\n"
852 "\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"),
853 DEFAULT_CIPHER(PLAIN), DEFAULT_PLAIN_KEYBITS, DEFAULT_PLAIN_HASH,
854 DEFAULT_CIPHER(LUKS1), DEFAULT_LUKS1_KEYBITS, DEFAULT_LUKS1_HASH,
858 usage(popt_context, EXIT_SUCCESS, NULL, NULL);
861 static void _dbg_version_and_cmd(int argc, char **argv)
865 log_std("# %s %s processing \"", PACKAGE_NAME, PACKAGE_VERSION);
866 for (i = 0; i < argc; i++) {
874 static int run_action(struct action_type *action)
878 log_dbg("Running command %s.", action->type);
880 if (action->required_memlock)
881 crypt_memory_lock(NULL, 1);
883 r = action->handler(action->arg);
885 if (action->required_memlock)
886 crypt_memory_lock(NULL, 0);
888 /* Some functions returns keyslot # */
894 /* Translate exit code to simple codes */
896 case 0: r = EXIT_SUCCESS; break;
898 case -EBUSY: r = 5; break;
900 case -ENODEV: r = 4; break;
901 case -ENOMEM: r = 3; break;
902 case -EPERM: r = 2; break;
906 default: r = EXIT_FAILURE;
911 int main(int argc, char **argv)
913 static char *popt_tmp;
914 static struct poptOption popt_help_options[] = {
915 { NULL, '\0', POPT_ARG_CALLBACK, help, 0, NULL, NULL },
916 { "help", '?', POPT_ARG_NONE, NULL, 0, N_("Show this help message"), NULL },
917 { "usage", '\0', POPT_ARG_NONE, NULL, 0, N_("Display brief usage"), NULL },
920 static struct poptOption popt_options[] = {
921 { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
922 { "version", '\0', POPT_ARG_NONE, &opt_version_mode, 0, N_("Print package version"), NULL },
923 { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL },
924 { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL },
925 { "cipher", 'c', POPT_ARG_STRING, &opt_cipher, 0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL },
926 { "hash", 'h', POPT_ARG_STRING, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL },
927 { "verify-passphrase", 'y', POPT_ARG_NONE, &opt_verify_passphrase, 0, N_("Verifies the passphrase by asking for it twice"), NULL },
928 { "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 0, N_("Read the key from a file."), NULL },
929 { "master-key-file", '\0', POPT_ARG_STRING, &opt_master_key_file, 0, N_("Read the volume (master) key from file."), NULL },
930 { "dump-master-key", '\0', POPT_ARG_NONE, &opt_dump_master_key, 0, N_("Dump volume (master) key instead of keyslots info."), NULL },
931 { "key-size", 's', POPT_ARG_INT, &opt_key_size, 0, N_("The size of the encryption key"), N_("BITS") },
932 { "keyfile-size", 'l', POPT_ARG_INT, &opt_keyfile_size, 0, N_("Limits the read from keyfile"), N_("bytes") },
933 { "new-keyfile-size", '\0', POPT_ARG_INT, &opt_new_keyfile_size, 0, N_("Limits the read from newly added keyfile"), N_("bytes") },
934 { "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Slot number for new key (default is first free)"), NULL },
935 { "size", 'b', POPT_ARG_STRING, &popt_tmp, 1, N_("The size of the device"), N_("SECTORS") },
936 { "offset", 'o', POPT_ARG_STRING, &popt_tmp, 2, N_("The start offset in the backend device"), N_("SECTORS") },
937 { "skip", 'p', POPT_ARG_STRING, &popt_tmp, 3, N_("How many sectors of the encrypted data to skip at the beginning"), N_("SECTORS") },
938 { "readonly", 'r', POPT_ARG_NONE, &opt_readonly, 0, N_("Create a readonly mapping"), NULL },
939 { "iter-time", 'i', POPT_ARG_INT, &opt_iteration_time, 0, N_("PBKDF2 iteration time for LUKS (in ms)"), N_("msecs") },
940 { "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL },
941 { "timeout", 't', POPT_ARG_INT, &opt_timeout, 0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") },
942 { "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL },
943 { "align-payload", '\0', POPT_ARG_INT, &opt_align_payload, 0, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS") },
944 { "header-backup-file",'\0', POPT_ARG_STRING, &opt_header_backup_file, 0, N_("File with LUKS header and keyslots backup."), NULL },
945 { "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key."), NULL },
946 { "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key."), NULL },
947 { "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use."), NULL },
950 poptContext popt_context;
951 struct action_type *action;
954 const char *null_action_argv[] = {NULL};
956 crypt_set_log_callback(NULL, _log, NULL);
958 setlocale(LC_ALL, "");
959 bindtextdomain(PACKAGE, LOCALEDIR);
962 popt_context = poptGetContext(PACKAGE, argc, (const char **)argv,
964 poptSetOtherOptionHelp(popt_context,
965 N_("[OPTION...] <action> <action-specific>]"));
967 while((r = poptGetNextOpt(popt_context)) > 0) {
968 unsigned long long ull_value;
971 ull_value = strtoull(popt_tmp, &endp, 0);
972 if (*endp || !*popt_tmp)
973 r = POPT_ERROR_BADNUMBER;
977 opt_size = ull_value;
980 opt_offset = ull_value;
983 opt_skip = ull_value;
992 usage(popt_context, EXIT_FAILURE, poptStrerror(r),
993 poptBadOption(popt_context, POPT_BADOPTION_NOALIAS));
994 if (opt_version_mode) {
995 log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
999 if (!(aname = (char *)poptGetArg(popt_context)))
1000 usage(popt_context, EXIT_FAILURE, _("Argument <action> missing."),
1001 poptGetInvocationName(popt_context));
1002 for(action = action_types; action->type; action++)
1003 if (strcmp(action->type, aname) == 0)
1006 usage(popt_context, EXIT_FAILURE, _("Unknown action."),
1007 poptGetInvocationName(popt_context));
1010 action_argv = poptGetArgs(popt_context);
1011 /* Make return values of poptGetArgs more consistent in case of remaining argc = 0 */
1013 action_argv = null_action_argv;
1015 /* Count args, somewhat unnice, change? */
1016 while(action_argv[action_argc] != NULL)
1019 if(action_argc < action->required_action_argc) {
1021 snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc);
1022 usage(popt_context, EXIT_FAILURE, buf,
1023 poptGetInvocationName(popt_context));
1026 /* FIXME: rewrite this from scratch */
1029 strcmp(aname, "luksFormat") &&
1030 strcmp(aname, "create")) {
1031 usage(popt_context, EXIT_FAILURE,
1032 _("Option --key-size is allowed only for luksFormat and create.\n"
1033 "To limit read from keyfile use --keyfile-size=(bytes)."),
1034 poptGetInvocationName(popt_context));
1037 if (opt_key_size % 8)
1038 usage(popt_context, EXIT_FAILURE,
1039 _("Key size must be a multiple of 8 bits"),
1040 poptGetInvocationName(popt_context));
1042 if (!strcmp(aname, "luksKillSlot") && action_argc > 1)
1043 opt_key_slot = atoi(action_argv[1]);
1044 if (opt_key_slot != CRYPT_ANY_SLOT &&
1045 (opt_key_slot < 0 || opt_key_slot > crypt_keyslot_max(CRYPT_LUKS1)))
1046 usage(popt_context, EXIT_FAILURE, _("Key slot is invalid."),
1047 poptGetInvocationName(popt_context));
1049 if ((!strcmp(aname, "luksRemoveKey") ||
1050 !strcmp(aname, "luksFormat")) &&
1053 log_err(_("Option --key-file takes precedence over specified key file argument.\n"));
1055 opt_key_file = (char*)action_argv[1];
1058 if (opt_random && opt_urandom)
1059 usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."),
1060 poptGetInvocationName(popt_context));
1061 if ((opt_random || opt_urandom) && strcmp(aname, "luksFormat"))
1062 usage(popt_context, EXIT_FAILURE, _("Option --use-[u]random is allowed only for luksFormat."),
1063 poptGetInvocationName(popt_context));
1065 if (opt_uuid && strcmp(aname, "luksFormat") && strcmp(aname, "luksUUID"))
1066 usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only for luksFormat and luksUUID."),
1067 poptGetInvocationName(popt_context));
1069 if ((opt_offset || opt_skip) && strcmp(aname, "create"))
1070 usage(popt_context, EXIT_FAILURE, _("Options --offset and --skip are supported only for create command.\n"),
1071 poptGetInvocationName(popt_context));
1075 crypt_set_debug_level(-1);
1076 _dbg_version_and_cmd(argc, argv);
1079 return run_action(action);