12 #include <libcryptsetup.h>
15 #include "../config.h"
17 #include "cryptsetup.h"
19 static int opt_verbose = 0;
20 static int opt_debug = 0;
21 static char *opt_cipher = NULL;
22 static char *opt_hash = NULL;
23 static int opt_verify_passphrase = 0;
24 static char *opt_key_file = NULL;
25 static char *opt_master_key_file = NULL;
26 static char *opt_header_backup_file = NULL;
27 static char *opt_uuid = NULL;
28 static unsigned int opt_key_size = 0;
29 static unsigned int opt_keyfile_size = 0;
30 static unsigned int opt_new_keyfile_size = 0;
31 static int opt_key_slot = CRYPT_ANY_SLOT;
32 static uint64_t opt_size = 0;
33 static uint64_t opt_offset = 0;
34 static uint64_t opt_skip = 0;
35 static int opt_readonly = 0;
36 static int opt_iteration_time = 1000;
37 static int opt_batch_mode = 0;
38 static int opt_version_mode = 0;
39 static int opt_timeout = 0;
40 static int opt_tries = 3;
41 static int opt_align_payload = 0;
42 static int opt_random = 0;
43 static int opt_urandom = 0;
44 static int opt_dump_master_key = 0;
46 static const char **action_argv;
47 static int action_argc;
49 static int action_create(int arg);
50 static int action_remove(int arg);
51 static int action_resize(int arg);
52 static int action_status(int arg);
53 static int action_luksFormat(int arg);
54 static int action_luksOpen(int arg);
55 static int action_luksAddKey(int arg);
56 static int action_luksKillSlot(int arg);
57 static int action_luksRemoveKey(int arg);
58 static int action_isLuks(int arg);
59 static int action_luksUUID(int arg);
60 static int action_luksDump(int arg);
61 static int action_luksSuspend(int arg);
62 static int action_luksResume(int arg);
63 static int action_luksBackup(int arg);
64 static int action_luksRestore(int arg);
66 static struct action_type {
70 int required_action_argc;
75 { "create", action_create, 0, 2, 1, N_("<name> <device>"),N_("create device") },
76 { "remove", action_remove, 0, 1, 1, N_("<name>"), N_("remove device") },
77 { "resize", action_resize, 0, 1, 1, N_("<name>"), N_("resize active device") },
78 { "status", action_status, 0, 1, 0, N_("<name>"), N_("show device status") },
79 { "luksFormat", action_luksFormat, 0, 1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
80 { "luksOpen", action_luksOpen, 0, 2, 1, N_("<device> <name> "), N_("open LUKS device as mapping <name>") },
81 { "luksAddKey", action_luksAddKey, 0, 1, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
82 { "luksRemoveKey",action_luksRemoveKey, 0, 1, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
83 { "luksKillSlot", action_luksKillSlot, 0, 2, 1, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") },
84 { "luksUUID", action_luksUUID, 0, 1, 0, N_("<device>"), N_("print UUID of LUKS device") },
85 { "isLuks", action_isLuks, 0, 1, 0, N_("<device>"), N_("tests <device> for LUKS partition header") },
86 { "luksClose", action_remove, 0, 1, 1, N_("<name>"), N_("remove LUKS mapping") },
87 { "luksDump", action_luksDump, 0, 1, 0, N_("<device>"), N_("dump LUKS partition information") },
88 { "luksSuspend",action_luksSuspend, 0, 1, 1, N_("<device>"), N_("Suspend LUKS device and wipe key (all IOs are frozen).") },
89 { "luksResume", action_luksResume, 0, 1, 1, N_("<device>"), N_("Resume suspended LUKS device.") },
90 { "luksHeaderBackup",action_luksBackup, 0, 1, 1, N_("<device>"), N_("Backup LUKS device header and keyslots") },
91 { "luksHeaderRestore",action_luksRestore,0,1, 1, N_("<device>"), N_("Restore LUKS device header and keyslots") },
92 { NULL, NULL, 0, 0, 0, NULL, NULL }
95 static void clogger(struct crypt_device *cd, int level, const char *file,
96 int line, const char *format, ...)
101 va_start(argp, format);
103 if (vasprintf(&target, format, argp) > 0) {
105 crypt_log(cd, level, target);
107 } else if (opt_debug)
108 printf("# %s:%d %s\n", file ?: "?", line, target);
110 } else if (opt_debug)
111 printf("# %s\n", target);
119 static int _yesDialog(const char *msg, void *usrptr)
125 if(isatty(0) && !opt_batch_mode) {
126 log_std("\nWARNING!\n========\n");
127 log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg);
128 if(getline(&answer, &size, stdin) == -1) {
133 if(strcmp(answer, "YES\n"))
141 static void _log(int level, const char *msg, void *usrptr)
145 case CRYPT_LOG_NORMAL:
148 case CRYPT_LOG_VERBOSE:
152 case CRYPT_LOG_ERROR:
156 fprintf(stderr, "Internal error on logging class for msg: %s", msg);
161 static void show_status(int errcode)
163 char error[256], *error_;
169 log_std(_("Command successful.\n"));
173 crypt_get_error(error, sizeof(error));
176 error_ = strerror_r(-errcode, error, sizeof(error));
177 if (error_ != error) {
178 strncpy(error, error_, sizeof(error));
179 error[sizeof(error) - 1] = '\0';
183 log_err(_("Command failed with code %i"), -errcode);
185 log_err(": %s\n", error);
190 static int action_create(int arg)
192 struct crypt_device *cd = NULL;
193 char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
194 struct crypt_params_plain params = {
195 .hash = opt_hash ?: DEFAULT_PLAIN_HASH,
197 .offset = opt_offset,
199 char *password = NULL;
200 unsigned int passwordLen;
203 if (params.hash && !strcmp(params.hash, "plain"))
206 r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(PLAIN),
207 cipher, cipher_mode);
209 log_err("No known cipher specification pattern detected.\n");
213 if ((r = crypt_init(&cd, action_argv[1])))
216 crypt_set_timeout(cd, opt_timeout);
217 crypt_set_password_retry(cd, opt_tries);
219 r = crypt_format(cd, CRYPT_PLAIN,
222 (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8,
227 r = crypt_get_key(_("Enter passphrase: "), &password, &passwordLen,
228 opt_keyfile_size, opt_key_file, opt_timeout,
229 opt_batch_mode ? 0 : opt_verify_passphrase, cd);
233 r = crypt_activate_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
234 password, passwordLen,
235 opt_readonly ? CRYPT_ACTIVATE_READONLY : 0);
238 crypt_safe_free(password);
243 static int action_remove(int arg)
245 struct crypt_device *cd = NULL;
248 r = crypt_init_by_name(&cd, action_argv[0]);
250 r = crypt_deactivate(cd, action_argv[0]);
256 static int action_resize(int arg)
258 struct crypt_device *cd = NULL;
261 r = crypt_init_by_name(&cd, action_argv[0]);
263 r = crypt_resize(cd, action_argv[0], opt_size);
269 static int action_status(int arg)
271 crypt_status_info ci;
272 struct crypt_active_device cad;
273 struct crypt_device *cd = NULL;
276 ci = crypt_status(NULL, action_argv[0]);
282 log_std("%s/%s is inactive.\n", crypt_get_dir(), action_argv[0]);
286 log_std("%s/%s is active%s.\n", crypt_get_dir(), action_argv[0],
287 ci == CRYPT_BUSY ? " and is in use" : "");
288 r = crypt_init_by_name(&cd, action_argv[0]);
289 if (r < 0 || !crypt_get_type(cd))
292 log_std(" type: %s\n", crypt_get_type(cd));
294 r = crypt_get_active_device(cd, action_argv[0], &cad);
298 log_std(" cipher: %s-%s\n", crypt_get_cipher(cd), crypt_get_cipher_mode(cd));
299 log_std(" keysize: %d bits\n", crypt_get_volume_key_size(cd) * 8);
300 log_std(" device: %s\n", crypt_get_device_name(cd));
301 log_std(" offset: %" PRIu64 " sectors\n", cad.offset);
302 log_std(" size: %" PRIu64 " sectors\n", cad.size);
304 log_std(" skipped: %" PRIu64 " sectors\n", cad.iv_offset);
305 log_std(" mode: %s\n", cad.flags & CRYPT_ACTIVATE_READONLY ?
306 "readonly" : "read/write");
313 static int _read_mk(const char *file, char **key, int keysize)
317 *key = crypt_safe_alloc(keysize);
321 fd = open(file, O_RDONLY);
323 log_err("Cannot read keyfile %s.\n", file);
326 if ((read(fd, *key, keysize) != keysize)) {
327 log_err("Cannot read %d bytes from keyfile %s.\n", keysize, file);
334 crypt_safe_free(*key);
339 static int action_luksFormat(int arg)
341 int r = -EINVAL, keysize;
342 char *msg = NULL, *key = NULL, cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
343 char *password = NULL;
344 unsigned int passwordLen;
345 struct crypt_device *cd = NULL;
346 struct crypt_params_luks1 params = {
347 .hash = opt_hash ?: DEFAULT_LUKS1_HASH,
348 .data_alignment = opt_align_payload,
351 if(asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]) == -1) {
352 log_err(_("memory allocation error in action_luksFormat"));
356 r = _yesDialog(msg, NULL) ? 0 : -EINVAL;
361 r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(LUKS1),
362 cipher, cipher_mode);
364 log_err("No known cipher specification pattern detected.\n");
368 if ((r = crypt_init(&cd, action_argv[0])))
371 keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8;
373 crypt_set_password_verify(cd, 1);
374 crypt_set_timeout(cd, opt_timeout);
375 if (opt_iteration_time)
376 crypt_set_iterarion_time(cd, opt_iteration_time);
379 crypt_set_rng_type(cd, CRYPT_RNG_RANDOM);
380 else if (opt_urandom)
381 crypt_set_rng_type(cd, CRYPT_RNG_URANDOM);
383 r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
384 opt_keyfile_size, opt_key_file, opt_timeout,
385 opt_batch_mode ? 0 : 1 /* always verify */, cd);
389 if (opt_master_key_file) {
390 r = _read_mk(opt_master_key_file, &key, keysize);
395 r = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode,
396 opt_uuid, key, keysize, ¶ms);
400 r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot,
402 password, passwordLen);
405 crypt_safe_free(key);
406 crypt_safe_free(password);
411 static int action_luksOpen(int arg)
413 struct crypt_device *cd = NULL;
417 if ((r = crypt_init(&cd, action_argv[0])))
420 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
423 crypt_set_timeout(cd, opt_timeout);
424 crypt_set_password_retry(cd, opt_tries);
426 if (opt_iteration_time)
427 crypt_set_iterarion_time(cd, opt_iteration_time);
429 flags |= CRYPT_ACTIVATE_READONLY;
432 crypt_set_password_retry(cd, 1);
433 r = crypt_activate_by_keyfile(cd, action_argv[1],
434 CRYPT_ANY_SLOT, opt_key_file, opt_keyfile_size,
437 r = crypt_activate_by_passphrase(cd, action_argv[1],
438 CRYPT_ANY_SLOT, NULL, 0, flags);
444 static int verify_keyslot(struct crypt_device *cd, int key_slot,
445 char *msg_last, char *msg_pass,
446 const char *key_file, int keyfile_size)
448 crypt_keyslot_info ki;
449 char *password = NULL;
450 unsigned int passwordLen, i;
453 ki = crypt_keyslot_status(cd, key_slot);
454 if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !_yesDialog(msg_last, NULL))
457 r = crypt_get_key(msg_pass, &password, &passwordLen,
458 keyfile_size, key_file, opt_timeout,
459 opt_batch_mode ? 0 : opt_verify_passphrase, cd);
463 if (ki == CRYPT_SLOT_ACTIVE_LAST) {
464 /* check the last keyslot */
465 r = crypt_activate_by_passphrase(cd, NULL, key_slot,
466 password, passwordLen, 0);
468 /* try all other keyslots */
469 for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS1); i++) {
472 ki = crypt_keyslot_status(cd, key_slot);
473 if (ki == CRYPT_SLOT_ACTIVE)
474 r = crypt_activate_by_passphrase(cd, NULL, i,
475 password, passwordLen, 0);
482 log_err(_("No key available with this passphrase.\n"));
484 crypt_safe_free(password);
488 static int action_luksKillSlot(int arg)
490 struct crypt_device *cd = NULL;
493 if ((r = crypt_init(&cd, action_argv[0])))
496 crypt_set_confirm_callback(cd, _yesDialog, NULL);
497 crypt_set_timeout(cd, opt_timeout);
499 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
502 switch (crypt_keyslot_status(cd, opt_key_slot)) {
503 case CRYPT_SLOT_ACTIVE_LAST:
504 case CRYPT_SLOT_ACTIVE:
505 log_verbose(_("Key slot %d selected for deletion.\n"), opt_key_slot);
507 case CRYPT_SLOT_INACTIVE:
508 log_err(_("Key %d not active. Can't wipe.\n"), opt_key_slot);
509 case CRYPT_SLOT_INVALID:
513 if (!opt_batch_mode) {
514 r = verify_keyslot(cd, opt_key_slot,
515 _("This is the last keyslot. Device will become unusable after purging this key."),
516 _("Enter any remaining LUKS passphrase: "),
517 opt_key_file, opt_keyfile_size);
522 r = crypt_keyslot_destroy(cd, opt_key_slot);
528 static int action_luksRemoveKey(int arg)
530 struct crypt_device *cd = NULL;
531 char *password = NULL;
532 unsigned int passwordLen;
535 if ((r = crypt_init(&cd, action_argv[0])))
538 crypt_set_confirm_callback(cd, _yesDialog, NULL);
539 crypt_set_timeout(cd, opt_timeout);
541 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
544 r = crypt_get_key(_("Enter LUKS passphrase to be deleted: "),
545 &password, &passwordLen,
546 opt_keyfile_size, opt_key_file,
548 opt_batch_mode ? 0 : opt_verify_passphrase,
553 r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT,
554 password, passwordLen, 0);
559 log_verbose(_("Key slot %d selected for deletion.\n"), opt_key_slot);
561 if (crypt_keyslot_status(cd, opt_key_slot) == CRYPT_SLOT_ACTIVE_LAST &&
562 !_yesDialog(_("This is the last keyslot. "
563 "Device will become unusable after purging this key."),
569 r = crypt_keyslot_destroy(cd, opt_key_slot);
571 crypt_safe_free(password);
576 static int action_luksAddKey(int arg)
578 int r = -EINVAL, keysize = 0;
580 const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL);
581 struct crypt_device *cd = NULL;
583 if ((r = crypt_init(&cd, action_argv[0])))
586 crypt_set_confirm_callback(cd, _yesDialog, NULL);
588 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
591 keysize = crypt_get_volume_key_size(cd);
592 crypt_set_password_verify(cd, opt_verify_passphrase ? 1 : 0);
593 crypt_set_timeout(cd, opt_timeout);
594 if (opt_iteration_time)
595 crypt_set_iterarion_time(cd, opt_iteration_time);
597 if (opt_master_key_file) {
598 if (_read_mk(opt_master_key_file, &key, keysize) < 0)
601 r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot,
602 key, keysize, NULL, 0);
603 } else if (opt_key_file || opt_new_key_file) {
604 r = crypt_keyslot_add_by_keyfile(cd, opt_key_slot,
605 opt_key_file, opt_keyfile_size,
606 opt_new_key_file, opt_new_keyfile_size);
608 r = crypt_keyslot_add_by_passphrase(cd, opt_key_slot,
613 crypt_safe_free(key);
617 static int action_isLuks(int arg)
619 struct crypt_device *cd = NULL;
622 if ((r = crypt_init(&cd, action_argv[0])))
625 r = crypt_load(cd, CRYPT_LUKS1, NULL);
631 static int action_luksUUID(int arg)
633 struct crypt_device *cd = NULL;
634 const char *existing_uuid = NULL;
637 if ((r = crypt_init(&cd, action_argv[0])))
640 crypt_set_confirm_callback(cd, _yesDialog, NULL);
642 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
646 r = crypt_set_uuid(cd, opt_uuid);
648 existing_uuid = crypt_get_uuid(cd);
649 log_std("%s\n", existing_uuid ?: "");
650 r = existing_uuid ? 0 : 1;
657 static int luksDump_with_volume_key(struct crypt_device *cd)
659 char *vk = NULL, *password = NULL;
660 unsigned int passwordLen = 0;
664 crypt_set_confirm_callback(cd, _yesDialog, NULL);
666 _("LUKS header dump with volume key is sensitive information\n"
667 "which allows access to encrypted partition without passphrase.\n"
668 "This dump should be always stored encrypted on safe place."),
672 vk_size = crypt_get_volume_key_size(cd);
673 vk = crypt_safe_alloc(vk_size);
677 r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
678 opt_keyfile_size, opt_key_file, opt_timeout, 0, cd);
682 r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size,
683 password, passwordLen);
687 log_std("LUKS header information for %s\n", crypt_get_device_name(cd));
688 log_std("Cipher name: \t%s\n", crypt_get_cipher(cd));
689 log_std("Cipher mode: \t%s\n", crypt_get_cipher_mode(cd));
690 log_std("Payload offset:\t%d\n", crypt_get_data_offset(cd));
691 log_std("UUID: \t%s\n", crypt_get_uuid(cd));
692 log_std("MK bits: \t%d\n", vk_size * 8);
693 log_std("MK dump:\t");
695 for(i = 0; i < vk_size; i++) {
698 log_std("%02hhx ", (char)vk[i]);
703 crypt_safe_free(password);
708 static int action_luksDump(int arg)
710 struct crypt_device *cd = NULL;
713 if ((r = crypt_init(&cd, action_argv[0])))
716 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
719 if (opt_dump_master_key)
720 r = luksDump_with_volume_key(cd);
728 static int action_luksSuspend(int arg)
730 struct crypt_device *cd = NULL;
733 r = crypt_init_by_name(&cd, action_argv[0]);
735 r = crypt_suspend(cd, action_argv[0]);
741 static int action_luksResume(int arg)
743 struct crypt_device *cd = NULL;
746 if ((r = crypt_init_by_name(&cd, action_argv[0])))
749 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
753 r = crypt_resume_by_keyfile(cd, action_argv[0], CRYPT_ANY_SLOT,
754 opt_key_file, opt_keyfile_size);
756 r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
763 static int action_luksBackup(int arg)
765 struct crypt_device *cd = NULL;
768 if (!opt_header_backup_file) {
769 log_err(_("Option --header-backup-file is required.\n"));
773 if ((r = crypt_init(&cd, action_argv[0])))
776 crypt_set_confirm_callback(cd, _yesDialog, NULL);
778 r = crypt_header_backup(cd, CRYPT_LUKS1, opt_header_backup_file);
784 static int action_luksRestore(int arg)
786 struct crypt_device *cd = NULL;
789 if (!opt_header_backup_file) {
790 log_err(_("Option --header-backup-file is required.\n"));
794 if ((r = crypt_init(&cd, action_argv[0])))
797 crypt_set_confirm_callback(cd, _yesDialog, NULL);
798 r = crypt_header_restore(cd, CRYPT_LUKS1, opt_header_backup_file);
804 static __attribute__ ((noreturn)) void usage(poptContext popt_context,
805 int exitcode, const char *error,
808 poptPrintUsage(popt_context, stderr, 0);
810 log_err("%s: %s\n", more, error);
814 static void help(poptContext popt_context, enum poptCallbackReason reason,
815 struct poptOption *key, const char * arg, void *data)
817 if (key->shortName == '?') {
818 struct action_type *action;
820 log_std("%s\n",PACKAGE_STRING);
822 poptPrintHelp(popt_context, stdout, 0);
825 "<action> is one of:\n"));
827 for(action = action_types; action->type; action++)
828 log_std("\t%s %s - %s\n", action->type, _(action->arg_desc), _(action->desc));
831 "<name> is the device to create under %s\n"
832 "<device> is the encrypted device\n"
833 "<key slot> is the LUKS key slot number to modify\n"
834 "<key file> optional key file for the new key for luksAddKey action\n"),
837 log_std(_("\nDefault compiled-in device cipher parameters:\n"
838 "\tplain: %s, Key: %d bits, Password hashing: %s\n"
839 "\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"),
840 DEFAULT_CIPHER(PLAIN), DEFAULT_PLAIN_KEYBITS, DEFAULT_PLAIN_HASH,
841 DEFAULT_CIPHER(LUKS1), DEFAULT_LUKS1_KEYBITS, DEFAULT_LUKS1_HASH,
845 usage(popt_context, EXIT_SUCCESS, NULL, NULL);
848 static void _dbg_version_and_cmd(int argc, char **argv)
852 log_std("# %s %s processing \"", PACKAGE_NAME, PACKAGE_VERSION);
853 for (i = 0; i < argc; i++) {
861 static int run_action(struct action_type *action)
865 if (action->required_memlock)
866 crypt_memory_lock(NULL, 1);
868 r = action->handler(action->arg);
870 if (action->required_memlock)
871 crypt_memory_lock(NULL, 0);
873 /* Some functions returns keyslot # */
879 /* Translate exit code to simple codes */
881 case 0: r = EXIT_SUCCESS; break;
883 case -EBUSY: r = 5; break;
885 case -ENODEV: r = 4; break;
886 case -ENOMEM: r = 3; break;
887 case -EPERM: r = 2; break;
891 default: r = EXIT_FAILURE;
896 int main(int argc, char **argv)
898 static char *popt_tmp;
899 static struct poptOption popt_help_options[] = {
900 { NULL, '\0', POPT_ARG_CALLBACK, help, 0, NULL, NULL },
901 { "help", '?', POPT_ARG_NONE, NULL, 0, N_("Show this help message"), NULL },
902 { "usage", '\0', POPT_ARG_NONE, NULL, 0, N_("Display brief usage"), NULL },
905 static struct poptOption popt_options[] = {
906 { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
907 { "version", '\0', POPT_ARG_NONE, &opt_version_mode, 0, N_("Print package version"), NULL },
908 { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL },
909 { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL },
910 { "cipher", 'c', POPT_ARG_STRING, &opt_cipher, 0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL },
911 { "hash", 'h', POPT_ARG_STRING, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL },
912 { "verify-passphrase", 'y', POPT_ARG_NONE, &opt_verify_passphrase, 0, N_("Verifies the passphrase by asking for it twice"), NULL },
913 { "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 0, N_("Read the key from a file."), NULL },
914 { "master-key-file", '\0', POPT_ARG_STRING, &opt_master_key_file, 0, N_("Read the volume (master) key from file."), NULL },
915 { "dump-master-key", '\0', POPT_ARG_NONE, &opt_dump_master_key, 0, N_("Dump volume (master) key instead of keyslots info."), NULL },
916 { "key-size", 's', POPT_ARG_INT, &opt_key_size, 0, N_("The size of the encryption key"), N_("BITS") },
917 { "keyfile-size", 'l', POPT_ARG_INT, &opt_keyfile_size, 0, N_("Limits the read from keyfile"), N_("bytes") },
918 { "new-keyfile-size", '\0', POPT_ARG_INT, &opt_new_keyfile_size, 0, N_("Limits the read from newly added keyfile"), N_("bytes") },
919 { "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Slot number for new key (default is first free)"), NULL },
920 { "size", 'b', POPT_ARG_STRING, &popt_tmp, 1, N_("The size of the device"), N_("SECTORS") },
921 { "offset", 'o', POPT_ARG_STRING, &popt_tmp, 2, N_("The start offset in the backend device"), N_("SECTORS") },
922 { "skip", 'p', POPT_ARG_STRING, &popt_tmp, 3, N_("How many sectors of the encrypted data to skip at the beginning"), N_("SECTORS") },
923 { "readonly", 'r', POPT_ARG_NONE, &opt_readonly, 0, N_("Create a readonly mapping"), NULL },
924 { "iter-time", 'i', POPT_ARG_INT, &opt_iteration_time, 0, N_("PBKDF2 iteration time for LUKS (in ms)"), N_("msecs") },
925 { "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL },
926 { "timeout", 't', POPT_ARG_INT, &opt_timeout, 0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") },
927 { "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL },
928 { "align-payload", '\0', POPT_ARG_INT, &opt_align_payload, 0, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS") },
929 { "header-backup-file",'\0', POPT_ARG_STRING, &opt_header_backup_file, 0, N_("File with LUKS header and keyslots backup."), NULL },
930 { "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key."), NULL },
931 { "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key."), NULL },
932 { "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use."), NULL },
935 poptContext popt_context;
936 struct action_type *action;
939 const char *null_action_argv[] = {NULL};
941 crypt_set_log_callback(NULL, _log, NULL);
943 setlocale(LC_ALL, "");
944 bindtextdomain(PACKAGE, LOCALEDIR);
947 popt_context = poptGetContext(PACKAGE, argc, (const char **)argv,
949 poptSetOtherOptionHelp(popt_context,
950 N_("[OPTION...] <action> <action-specific>]"));
952 while((r = poptGetNextOpt(popt_context)) > 0) {
953 unsigned long long ull_value;
956 ull_value = strtoull(popt_tmp, &endp, 0);
957 if (*endp || !*popt_tmp)
958 r = POPT_ERROR_BADNUMBER;
962 opt_size = ull_value;
965 opt_offset = ull_value;
968 opt_skip = ull_value;
977 usage(popt_context, EXIT_FAILURE, poptStrerror(r),
978 poptBadOption(popt_context, POPT_BADOPTION_NOALIAS));
979 if (opt_version_mode) {
980 log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
984 if (!(aname = (char *)poptGetArg(popt_context)))
985 usage(popt_context, EXIT_FAILURE, _("Argument <action> missing."),
986 poptGetInvocationName(popt_context));
987 for(action = action_types; action->type; action++)
988 if (strcmp(action->type, aname) == 0)
991 usage(popt_context, EXIT_FAILURE, _("Unknown action."),
992 poptGetInvocationName(popt_context));
995 action_argv = poptGetArgs(popt_context);
996 /* Make return values of poptGetArgs more consistent in case of remaining argc = 0 */
998 action_argv = null_action_argv;
1000 /* Count args, somewhat unnice, change? */
1001 while(action_argv[action_argc] != NULL)
1004 if(action_argc < action->required_action_argc) {
1006 snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc);
1007 usage(popt_context, EXIT_FAILURE, buf,
1008 poptGetInvocationName(popt_context));
1011 /* FIXME: rewrite this from scratch */
1014 strcmp(aname, "luksFormat") &&
1015 strcmp(aname, "create")) {
1016 usage(popt_context, EXIT_FAILURE,
1017 _("Option --key-size is allowed only for luksFormat and create.\n"
1018 "To limit read from keyfile use --keyfile-size=(bytes)."),
1019 poptGetInvocationName(popt_context));
1022 if (opt_key_size % 8)
1023 usage(popt_context, EXIT_FAILURE,
1024 _("Key size must be a multiple of 8 bits"),
1025 poptGetInvocationName(popt_context));
1027 if (!strcmp(aname, "luksKillSlot") && action_argc > 1)
1028 opt_key_slot = atoi(action_argv[1]);
1029 if (opt_key_slot != CRYPT_ANY_SLOT &&
1030 (opt_key_slot < 0 || opt_key_slot > crypt_keyslot_max(CRYPT_LUKS1)))
1031 usage(popt_context, EXIT_FAILURE, _("Key slot is invalid."),
1032 poptGetInvocationName(popt_context));
1034 if ((!strcmp(aname, "luksRemoveKey") ||
1035 !strcmp(aname, "luksFormat")) &&
1038 log_err(_("Option --key-file takes precedence over specified key file argument.\n"));
1040 opt_key_file = (char*)action_argv[1];
1043 if (opt_random && opt_urandom)
1044 usage(popt_context, EXIT_FAILURE, _("Only one of --use-[u]random options is allowed."),
1045 poptGetInvocationName(popt_context));
1046 if ((opt_random || opt_urandom) && strcmp(aname, "luksFormat"))
1047 usage(popt_context, EXIT_FAILURE, _("Option --use-[u]random is allowed only for luksFormat."),
1048 poptGetInvocationName(popt_context));
1050 if (opt_uuid && strcmp(aname, "luksFormat") && strcmp(aname, "luksUUID"))
1051 usage(popt_context, EXIT_FAILURE, _("Option --uuid is allowed only for luksFormat and luksUUID."),
1052 poptGetInvocationName(popt_context));
1054 if ((opt_offset || opt_skip) && strcmp(aname, "create"))
1055 usage(popt_context, EXIT_FAILURE, _("Options --offset and --skip are supported only for create command.\n"),
1056 poptGetInvocationName(popt_context));
1060 crypt_set_debug_level(-1);
1061 _dbg_version_and_cmd(argc, argv);
1064 return run_action(action);