12 #include <libcryptsetup.h>
15 #include "../config.h"
17 #include "cryptsetup.h"
19 static int opt_verbose = 0;
20 static int opt_debug = 0;
21 static char *opt_cipher = NULL;
22 static char *opt_hash = NULL;
23 static int opt_verify_passphrase = 0;
24 static char *opt_key_file = NULL;
25 static char *opt_master_key_file = NULL;
26 static char *opt_header_backup_file = NULL;
27 static char *opt_uuid = NULL;
28 static unsigned int opt_key_size = 0;
29 static unsigned int opt_keyfile_size = 0;
30 static unsigned int opt_new_keyfile_size = 0;
31 static int opt_key_slot = CRYPT_ANY_SLOT;
32 static uint64_t opt_size = 0;
33 static uint64_t opt_offset = 0;
34 static uint64_t opt_skip = 0;
35 static int opt_readonly = 0;
36 static int opt_iteration_time = 1000;
37 static int opt_batch_mode = 0;
38 static int opt_version_mode = 0;
39 static int opt_timeout = 0;
40 static int opt_tries = 3;
41 static int opt_align_payload = 0;
42 static int opt_random = 0;
43 static int opt_urandom = 0;
44 static int opt_dump_master_key = 0;
46 static const char **action_argv;
47 static int action_argc;
49 static int action_create(int arg);
50 static int action_remove(int arg);
51 static int action_resize(int arg);
52 static int action_status(int arg);
53 static int action_luksFormat(int arg);
54 static int action_luksOpen(int arg);
55 static int action_luksAddKey(int arg);
56 static int action_luksKillSlot(int arg);
57 static int action_luksRemoveKey(int arg);
58 static int action_isLuks(int arg);
59 static int action_luksUUID(int arg);
60 static int action_luksDump(int arg);
61 static int action_luksSuspend(int arg);
62 static int action_luksResume(int arg);
63 static int action_luksBackup(int arg);
64 static int action_luksRestore(int arg);
66 static struct action_type {
70 int required_action_argc;
75 { "create", action_create, 0, 2, 1, N_("<name> <device>"),N_("create device") },
76 { "remove", action_remove, 0, 1, 1, N_("<name>"), N_("remove device") },
77 { "resize", action_resize, 0, 1, 1, N_("<name>"), N_("resize active device") },
78 { "status", action_status, 0, 1, 0, N_("<name>"), N_("show device status") },
79 { "luksFormat", action_luksFormat, 0, 1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
80 { "luksOpen", action_luksOpen, 0, 2, 1, N_("<device> <name> "), N_("open LUKS device as mapping <name>") },
81 { "luksAddKey", action_luksAddKey, 0, 1, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
82 { "luksRemoveKey",action_luksRemoveKey, 0, 1, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
83 { "luksKillSlot", action_luksKillSlot, 0, 2, 1, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") },
84 { "luksUUID", action_luksUUID, 0, 1, 0, N_("<device>"), N_("print UUID of LUKS device") },
85 { "isLuks", action_isLuks, 0, 1, 0, N_("<device>"), N_("tests <device> for LUKS partition header") },
86 { "luksClose", action_remove, 0, 1, 1, N_("<name>"), N_("remove LUKS mapping") },
87 { "luksDump", action_luksDump, 0, 1, 0, N_("<device>"), N_("dump LUKS partition information") },
88 { "luksSuspend",action_luksSuspend, 0, 1, 1, N_("<device>"), N_("Suspend LUKS device and wipe key (all IOs are frozen).") },
89 { "luksResume", action_luksResume, 0, 1, 1, N_("<device>"), N_("Resume suspended LUKS device.") },
90 { "luksHeaderBackup",action_luksBackup, 0, 1, 1, N_("<device>"), N_("Backup LUKS device header and keyslots") },
91 { "luksHeaderRestore",action_luksRestore,0,1, 1, N_("<device>"), N_("Restore LUKS device header and keyslots") },
92 { NULL, NULL, 0, 0, 0, NULL, NULL }
95 static void clogger(struct crypt_device *cd, int level, const char *file,
96 int line, const char *format, ...)
101 va_start(argp, format);
103 if (vasprintf(&target, format, argp) > 0) {
105 crypt_log(cd, level, target);
107 } else if (opt_debug)
108 printf("# %s:%d %s\n", file ?: "?", line, target);
110 } else if (opt_debug)
111 printf("# %s\n", target);
119 static int _yesDialog(const char *msg, void *usrptr)
125 if(isatty(0) && !opt_batch_mode) {
126 log_std("\nWARNING!\n========\n");
127 log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg);
128 if(getline(&answer, &size, stdin) == -1) {
133 if(strcmp(answer, "YES\n"))
141 static void _log(int level, const char *msg, void *usrptr)
145 case CRYPT_LOG_NORMAL:
148 case CRYPT_LOG_VERBOSE:
152 case CRYPT_LOG_ERROR:
156 fprintf(stderr, "Internal error on logging class for msg: %s", msg);
161 static void show_status(int errcode)
163 char error[256], *error_;
169 log_std(_("Command successful.\n"));
173 crypt_get_error(error, sizeof(error));
176 error_ = strerror_r(-errcode, error, sizeof(error));
177 if (error_ != error) {
178 strncpy(error, error_, sizeof(error));
179 error[sizeof(error) - 1] = '\0';
183 log_err(_("Command failed with code %i"), -errcode);
185 log_err(": %s\n", error);
190 static int action_create(int arg)
192 struct crypt_device *cd = NULL;
193 char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
194 struct crypt_params_plain params = {
195 .hash = opt_hash ?: DEFAULT_PLAIN_HASH,
197 .offset = opt_offset,
199 char *password = NULL;
200 unsigned int passwordLen;
203 if (params.hash && !strcmp(params.hash, "plain"))
206 r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(PLAIN),
207 cipher, cipher_mode);
209 log_err("No known cipher specification pattern detected.\n");
213 if ((r = crypt_init(&cd, action_argv[1])))
216 crypt_set_timeout(cd, opt_timeout);
217 crypt_set_password_retry(cd, opt_tries);
219 r = crypt_format(cd, CRYPT_PLAIN,
222 (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8,
227 r = crypt_get_key(_("Enter passphrase: "), &password, &passwordLen,
228 opt_keyfile_size, opt_key_file, opt_timeout,
229 opt_batch_mode ? 0 : opt_verify_passphrase, cd);
233 r = crypt_activate_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
234 password, passwordLen,
235 opt_readonly ? CRYPT_ACTIVATE_READONLY : 0);
238 crypt_safe_free(password);
240 return (r < 0) ? r : 0;
243 static int action_remove(int arg)
245 struct crypt_device *cd = NULL;
248 r = crypt_init_by_name(&cd, action_argv[0]);
250 r = crypt_deactivate(cd, action_argv[0]);
256 static int action_resize(int arg)
258 struct crypt_device *cd = NULL;
261 r = crypt_init_by_name(&cd, action_argv[0]);
263 r = crypt_resize(cd, action_argv[0], opt_size);
269 static int action_status(int arg)
271 crypt_status_info ci;
272 struct crypt_active_device cad;
273 struct crypt_device *cd = NULL;
276 ci = crypt_status(NULL, action_argv[0]);
282 log_std("%s/%s is inactive.\n", crypt_get_dir(), action_argv[0]);
286 log_std("%s/%s is active%s.\n", crypt_get_dir(), action_argv[0],
287 ci == CRYPT_BUSY ? " and is in use" : "");
288 r = crypt_init_by_name(&cd, action_argv[0]);
289 if (r < 0 || !crypt_get_type(cd))
292 log_std(" type: %s\n", crypt_get_type(cd));
294 r = crypt_get_active_device(cd, action_argv[0], &cad);
298 log_std(" cipher: %s-%s\n", crypt_get_cipher(cd), crypt_get_cipher_mode(cd));
299 log_std(" keysize: %d bits\n", crypt_get_volume_key_size(cd) * 8);
300 log_std(" device: %s\n", crypt_get_device_name(cd));
301 log_std(" offset: %" PRIu64 " sectors\n", cad.offset);
302 log_std(" size: %" PRIu64 " sectors\n", cad.size);
304 log_std(" skipped: %" PRIu64 " sectors\n", cad.iv_offset);
305 log_std(" mode: %s\n", cad.flags & CRYPT_ACTIVATE_READONLY ?
306 "readonly" : "read/write");
313 static int _read_mk(const char *file, char **key, int keysize)
317 *key = crypt_safe_alloc(keysize);
321 fd = open(file, O_RDONLY);
323 log_err("Cannot read keyfile %s.\n", file);
326 if ((read(fd, *key, keysize) != keysize)) {
327 log_err("Cannot read %d bytes from keyfile %s.\n", keysize, file);
334 crypt_safe_free(*key);
339 static int action_luksFormat(int arg)
341 int r = -EINVAL, keysize;
342 char *msg = NULL, *key = NULL, cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
343 char *password = NULL;
344 unsigned int passwordLen;
345 struct crypt_device *cd = NULL;
346 struct crypt_params_luks1 params = {
347 .hash = opt_hash ?: DEFAULT_LUKS1_HASH,
348 .data_alignment = opt_align_payload,
351 if(asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]) == -1) {
352 log_err(_("memory allocation error in action_luksFormat"));
356 r = _yesDialog(msg, NULL) ? 0 : -EINVAL;
361 r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(LUKS1),
362 cipher, cipher_mode);
364 log_err("No known cipher specification pattern detected.\n");
368 if ((r = crypt_init(&cd, action_argv[0])))
371 keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8;
373 crypt_set_password_verify(cd, 1);
374 crypt_set_timeout(cd, opt_timeout);
375 if (opt_iteration_time)
376 crypt_set_iterarion_time(cd, opt_iteration_time);
379 crypt_set_rng_type(cd, CRYPT_RNG_RANDOM);
380 else if (opt_urandom)
381 crypt_set_rng_type(cd, CRYPT_RNG_URANDOM);
383 r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
384 opt_keyfile_size, opt_key_file, opt_timeout,
385 opt_batch_mode ? 0 : 1 /* always verify */, cd);
389 if (opt_master_key_file) {
390 r = _read_mk(opt_master_key_file, &key, keysize);
395 r = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode,
396 opt_uuid, key, keysize, ¶ms);
400 r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot,
402 password, passwordLen);
405 crypt_safe_free(key);
406 crypt_safe_free(password);
408 return (r < 0) ? r : 0;
411 static int action_luksOpen(int arg)
413 struct crypt_device *cd = NULL;
417 if ((r = crypt_init(&cd, action_argv[0])))
420 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
423 crypt_set_timeout(cd, opt_timeout);
424 crypt_set_password_retry(cd, opt_tries);
426 if (opt_iteration_time)
427 crypt_set_iterarion_time(cd, opt_iteration_time);
429 flags |= CRYPT_ACTIVATE_READONLY;
432 crypt_set_password_retry(cd, 1);
433 r = crypt_activate_by_keyfile(cd, action_argv[1],
434 CRYPT_ANY_SLOT, opt_key_file, opt_keyfile_size,
437 r = crypt_activate_by_passphrase(cd, action_argv[1],
438 CRYPT_ANY_SLOT, NULL, 0, flags);
441 return (r < 0) ? r : 0;
444 static int verify_keyslot(struct crypt_device *cd, int key_slot,
445 char *msg_last, char *msg_pass,
446 const char *key_file, int keyfile_size)
448 crypt_keyslot_info ki;
449 char *password = NULL;
450 unsigned int passwordLen, i;
453 ki = crypt_keyslot_status(cd, key_slot);
454 if (ki == CRYPT_SLOT_ACTIVE_LAST && msg_last && !_yesDialog(msg_last, NULL))
457 r = crypt_get_key(msg_pass, &password, &passwordLen,
458 keyfile_size, key_file, opt_timeout,
459 opt_batch_mode ? 0 : opt_verify_passphrase, cd);
463 if (ki == CRYPT_SLOT_ACTIVE_LAST) {
464 /* check the last keyslot */
465 r = crypt_activate_by_passphrase(cd, NULL, key_slot,
466 password, passwordLen, 0);
468 /* try all other keyslots */
469 for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS1); i++) {
472 ki = crypt_keyslot_status(cd, key_slot);
473 if (ki == CRYPT_SLOT_ACTIVE)
474 r = crypt_activate_by_passphrase(cd, NULL, i,
475 password, passwordLen, 0);
482 log_err(_("No key available with this passphrase.\n"));
484 crypt_safe_free(password);
488 static int action_luksKillSlot(int arg)
490 struct crypt_device *cd = NULL;
493 if ((r = crypt_init(&cd, action_argv[0])))
496 crypt_set_confirm_callback(cd, _yesDialog, NULL);
497 crypt_set_timeout(cd, opt_timeout);
499 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
502 switch (crypt_keyslot_status(cd, opt_key_slot)) {
503 case CRYPT_SLOT_ACTIVE_LAST:
504 case CRYPT_SLOT_ACTIVE:
505 log_verbose(_("Key slot %d selected for deletion.\n"), opt_key_slot);
507 case CRYPT_SLOT_INACTIVE:
508 log_err(_("Key %d not active. Can't wipe.\n"), opt_key_slot);
509 case CRYPT_SLOT_INVALID:
513 if (!opt_batch_mode) {
514 r = verify_keyslot(cd, opt_key_slot,
515 _("This is the last keyslot. Device will become unusable after purging this key."),
516 _("Enter any remaining LUKS passphrase: "),
517 opt_key_file, opt_keyfile_size);
522 r = crypt_keyslot_destroy(cd, opt_key_slot);
526 return (r < 0) ? r : 0;
529 static int action_luksRemoveKey(int arg)
531 struct crypt_device *cd = NULL;
532 char *password = NULL;
533 unsigned int passwordLen;
536 if ((r = crypt_init(&cd, action_argv[0])))
539 crypt_set_confirm_callback(cd, _yesDialog, NULL);
540 crypt_set_timeout(cd, opt_timeout);
542 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
545 r = crypt_get_key(_("Enter LUKS passphrase to be deleted: "),
546 &password, &passwordLen,
547 opt_keyfile_size, opt_key_file,
549 opt_batch_mode ? 0 : opt_verify_passphrase,
554 r = crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT,
555 password, passwordLen, 0);
560 log_verbose(_("Key slot %d selected for deletion.\n"), opt_key_slot);
562 if (crypt_keyslot_status(cd, opt_key_slot) == CRYPT_SLOT_ACTIVE_LAST &&
563 !_yesDialog(_("This is the last keyslot. "
564 "Device will become unusable after purging this key."),
570 r = crypt_keyslot_destroy(cd, opt_key_slot);
572 crypt_safe_free(password);
575 return (r < 0) ? r : 0;
578 static int action_luksAddKey(int arg)
580 int r = -EINVAL, keysize = 0;
582 const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL);
583 struct crypt_device *cd = NULL;
585 if ((r = crypt_init(&cd, action_argv[0])))
588 crypt_set_confirm_callback(cd, _yesDialog, NULL);
590 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
593 keysize = crypt_get_volume_key_size(cd);
594 crypt_set_password_verify(cd, opt_verify_passphrase ? 1 : 0);
595 crypt_set_timeout(cd, opt_timeout);
596 if (opt_iteration_time)
597 crypt_set_iterarion_time(cd, opt_iteration_time);
599 if (opt_master_key_file) {
600 if (_read_mk(opt_master_key_file, &key, keysize) < 0)
603 r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot,
604 key, keysize, NULL, 0);
605 } else if (opt_key_file || opt_new_key_file) {
606 r = crypt_keyslot_add_by_keyfile(cd, opt_key_slot,
607 opt_key_file, opt_keyfile_size,
608 opt_new_key_file, opt_new_keyfile_size);
610 r = crypt_keyslot_add_by_passphrase(cd, opt_key_slot,
615 crypt_safe_free(key);
617 return (r < 0) ? r : 0;
620 static int action_isLuks(int arg)
622 struct crypt_device *cd = NULL;
625 if ((r = crypt_init(&cd, action_argv[0])))
628 r = crypt_load(cd, CRYPT_LUKS1, NULL);
634 static int action_luksUUID(int arg)
636 struct crypt_device *cd = NULL;
637 const char *existing_uuid = NULL;
640 if ((r = crypt_init(&cd, action_argv[0])))
643 crypt_set_confirm_callback(cd, _yesDialog, NULL);
645 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
649 r = crypt_set_uuid(cd, opt_uuid);
651 existing_uuid = crypt_get_uuid(cd);
652 log_std("%s\n", existing_uuid ?: "");
653 r = existing_uuid ? 0 : 1;
661 static int luksDump_with_volume_key(struct crypt_device *cd)
663 char *vk = NULL, *password = NULL;
664 unsigned int passwordLen = 0;
668 crypt_set_confirm_callback(cd, _yesDialog, NULL);
670 _("LUKS header dump with volume key is sensitive information\n"
671 "which allows access to encrypted partition without passphrase.\n"
672 "This dump should be always stored encrypted on safe place."),
676 vk_size = crypt_get_volume_key_size(cd);
677 vk = crypt_safe_alloc(vk_size);
681 r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
682 opt_keyfile_size, opt_key_file, opt_timeout, 0, cd);
686 r = crypt_volume_key_get(cd, CRYPT_ANY_SLOT, vk, &vk_size,
687 password, passwordLen);
691 log_std("LUKS header information for %s\n", crypt_get_device_name(cd));
692 log_std("Cipher name: \t%s\n", crypt_get_cipher(cd));
693 log_std("Cipher mode: \t%s\n", crypt_get_cipher_mode(cd));
694 log_std("Payload offset:\t%d\n", crypt_get_data_offset(cd));
695 log_std("UUID: \t%s\n", crypt_get_uuid(cd));
696 log_std("MK bits: \t%d\n", vk_size * 8);
697 log_std("MK dump:\t");
699 for(i = 0; i < vk_size; i++) {
702 log_std("%02hhx ", (char)vk[i]);
707 crypt_safe_free(password);
712 static int action_luksDump(int arg)
714 struct crypt_device *cd = NULL;
717 if ((r = crypt_init(&cd, action_argv[0])))
720 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
723 if (opt_dump_master_key)
724 r = luksDump_with_volume_key(cd);
732 static int action_luksSuspend(int arg)
734 struct crypt_device *cd = NULL;
737 r = crypt_init_by_name(&cd, action_argv[0]);
739 r = crypt_suspend(cd, action_argv[0]);
745 static int action_luksResume(int arg)
747 struct crypt_device *cd = NULL;
750 if ((r = crypt_init_by_name(&cd, action_argv[0])))
753 if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
757 r = crypt_resume_by_keyfile(cd, action_argv[0], CRYPT_ANY_SLOT,
758 opt_key_file, opt_keyfile_size);
760 r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
767 static int action_luksBackup(int arg)
769 struct crypt_device *cd = NULL;
772 if (!opt_header_backup_file) {
773 log_err(_("Option --header-backup-file is required.\n"));
777 if ((r = crypt_init(&cd, action_argv[0])))
780 crypt_set_confirm_callback(cd, _yesDialog, NULL);
782 r = crypt_header_backup(cd, CRYPT_LUKS1, opt_header_backup_file);
788 static int action_luksRestore(int arg)
790 struct crypt_device *cd = NULL;
793 if (!opt_header_backup_file) {
794 log_err(_("Option --header-backup-file is required.\n"));
798 if ((r = crypt_init(&cd, action_argv[0])))
801 crypt_set_confirm_callback(cd, _yesDialog, NULL);
802 r = crypt_header_restore(cd, CRYPT_LUKS1, opt_header_backup_file);
808 static void usage(poptContext popt_context, int exitcode,
809 const char *error, const char *more)
811 poptPrintUsage(popt_context, stderr, 0);
813 log_err("%s: %s\n", more, error);
817 static void help(poptContext popt_context, enum poptCallbackReason reason,
818 struct poptOption *key, const char * arg, void *data)
820 if (key->shortName == '?') {
821 struct action_type *action;
823 log_std("%s\n",PACKAGE_STRING);
825 poptPrintHelp(popt_context, stdout, 0);
828 "<action> is one of:\n"));
830 for(action = action_types; action->type; action++)
831 log_std("\t%s %s - %s\n", action->type, _(action->arg_desc), _(action->desc));
834 "<name> is the device to create under %s\n"
835 "<device> is the encrypted device\n"
836 "<key slot> is the LUKS key slot number to modify\n"
837 "<key file> optional key file for the new key for luksAddKey action\n"),
840 log_std(_("\nDefault compiled-in device cipher parameters:\n"
841 "\tplain: %s, Key: %d bits, Password hashing: %s\n"
842 "\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s, RNG: %s\n"),
843 DEFAULT_CIPHER(PLAIN), DEFAULT_PLAIN_KEYBITS, DEFAULT_PLAIN_HASH,
844 DEFAULT_CIPHER(LUKS1), DEFAULT_LUKS1_KEYBITS, DEFAULT_LUKS1_HASH,
848 usage(popt_context, 0, NULL, NULL);
851 void set_debug_level(int level);
853 static void _dbg_version_and_cmd(int argc, char **argv)
857 log_std("# %s %s processing \"", PACKAGE_NAME, PACKAGE_VERSION);
858 for (i = 0; i < argc; i++) {
866 static int run_action(struct action_type *action)
870 if (action->required_memlock)
871 crypt_memory_lock(NULL, 1);
873 r = action->handler(action->arg);
875 if (action->required_memlock)
876 crypt_memory_lock(NULL, 0);
883 int main(int argc, char **argv)
885 static char *popt_tmp;
886 static struct poptOption popt_help_options[] = {
887 { NULL, '\0', POPT_ARG_CALLBACK, help, 0, NULL, NULL },
888 { "help", '?', POPT_ARG_NONE, NULL, 0, N_("Show this help message"), NULL },
889 { "usage", '\0', POPT_ARG_NONE, NULL, 0, N_("Display brief usage"), NULL },
892 static struct poptOption popt_options[] = {
893 { NULL, '\0', POPT_ARG_INCLUDE_TABLE, popt_help_options, 0, N_("Help options:"), NULL },
894 { "version", '\0', POPT_ARG_NONE, &opt_version_mode, 0, N_("Print package version"), NULL },
895 { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL },
896 { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL },
897 { "cipher", 'c', POPT_ARG_STRING, &opt_cipher, 0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL },
898 { "hash", 'h', POPT_ARG_STRING, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL },
899 { "verify-passphrase", 'y', POPT_ARG_NONE, &opt_verify_passphrase, 0, N_("Verifies the passphrase by asking for it twice"), NULL },
900 { "key-file", 'd', POPT_ARG_STRING, &opt_key_file, 0, N_("Read the key from a file."), NULL },
901 { "master-key-file", '\0', POPT_ARG_STRING, &opt_master_key_file, 0, N_("Read the volume (master) key from file."), NULL },
902 { "dump-master-key", '\0', POPT_ARG_NONE, &opt_dump_master_key, 0, N_("Dump volume (master) key instead of keyslots info."), NULL },
903 { "key-size", 's', POPT_ARG_INT, &opt_key_size, 0, N_("The size of the encryption key"), N_("BITS") },
904 { "keyfile-size", 'l', POPT_ARG_INT, &opt_keyfile_size, 0, N_("Limits the read from keyfile"), N_("bytes") },
905 { "new-keyfile-size", '\0', POPT_ARG_INT, &opt_new_keyfile_size, 0, N_("Limits the read from newly added keyfile"), N_("bytes") },
906 { "key-slot", 'S', POPT_ARG_INT, &opt_key_slot, 0, N_("Slot number for new key (default is first free)"), NULL },
907 { "size", 'b', POPT_ARG_STRING, &popt_tmp, 1, N_("The size of the device"), N_("SECTORS") },
908 { "offset", 'o', POPT_ARG_STRING, &popt_tmp, 2, N_("The start offset in the backend device"), N_("SECTORS") },
909 { "skip", 'p', POPT_ARG_STRING, &popt_tmp, 3, N_("How many sectors of the encrypted data to skip at the beginning"), N_("SECTORS") },
910 { "readonly", 'r', POPT_ARG_NONE, &opt_readonly, 0, N_("Create a readonly mapping"), NULL },
911 { "iter-time", 'i', POPT_ARG_INT, &opt_iteration_time, 0, N_("PBKDF2 iteration time for LUKS (in ms)"), N_("msecs") },
912 { "batch-mode", 'q', POPT_ARG_NONE, &opt_batch_mode, 0, N_("Do not ask for confirmation"), NULL },
913 { "timeout", 't', POPT_ARG_INT, &opt_timeout, 0, N_("Timeout for interactive passphrase prompt (in seconds)"), N_("secs") },
914 { "tries", 'T', POPT_ARG_INT, &opt_tries, 0, N_("How often the input of the passphrase can be retried"), NULL },
915 { "align-payload", '\0', POPT_ARG_INT, &opt_align_payload, 0, N_("Align payload at <n> sector boundaries - for luksFormat"), N_("SECTORS") },
916 { "header-backup-file",'\0', POPT_ARG_STRING, &opt_header_backup_file, 0, N_("File with LUKS header and keyslots backup."), NULL },
917 { "use-random", '\0', POPT_ARG_NONE, &opt_random, 0, N_("Use /dev/random for generating volume key."), NULL },
918 { "use-urandom", '\0', POPT_ARG_NONE, &opt_urandom, 0, N_("Use /dev/urandom for generating volume key."), NULL },
919 { "uuid", '\0', POPT_ARG_STRING, &opt_uuid, 0, N_("UUID for device to use."), NULL },
922 poptContext popt_context;
923 struct action_type *action;
926 const char *null_action_argv[] = {NULL};
928 crypt_set_log_callback(NULL, _log, NULL);
930 setlocale(LC_ALL, "");
931 bindtextdomain(PACKAGE, LOCALEDIR);
934 popt_context = poptGetContext(PACKAGE, argc, (const char **)argv,
936 poptSetOtherOptionHelp(popt_context,
937 N_("[OPTION...] <action> <action-specific>]"));
939 while((r = poptGetNextOpt(popt_context)) > 0) {
940 unsigned long long ull_value;
943 ull_value = strtoull(popt_tmp, &endp, 0);
944 if (*endp || !*popt_tmp)
945 r = POPT_ERROR_BADNUMBER;
949 opt_size = ull_value;
952 opt_offset = ull_value;
955 opt_skip = ull_value;
964 usage(popt_context, 1, poptStrerror(r),
965 poptBadOption(popt_context, POPT_BADOPTION_NOALIAS));
966 if (opt_version_mode) {
967 log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
971 if (!(aname = (char *)poptGetArg(popt_context)))
972 usage(popt_context, 1, _("Argument <action> missing."),
973 poptGetInvocationName(popt_context));
974 for(action = action_types; action->type; action++)
975 if (strcmp(action->type, aname) == 0)
978 usage(popt_context, 1, _("Unknown action."),
979 poptGetInvocationName(popt_context));
982 action_argv = poptGetArgs(popt_context);
983 /* Make return values of poptGetArgs more consistent in case of remaining argc = 0 */
985 action_argv = null_action_argv;
987 /* Count args, somewhat unnice, change? */
988 while(action_argv[action_argc] != NULL)
991 if(action_argc < action->required_action_argc) {
993 snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc);
994 usage(popt_context, 1, buf,
995 poptGetInvocationName(popt_context));
998 /* FIXME: rewrite this from scratch */
1001 strcmp(aname, "luksFormat") &&
1002 strcmp(aname, "create")) {
1003 usage(popt_context, 1,
1004 _("Option --key-size is allowed only for luksFormat and create.\n"
1005 "To limit read from keyfile use --keyfile-size=(bytes)."),
1006 poptGetInvocationName(popt_context));
1009 if (opt_key_size % 8)
1010 usage(popt_context, 1,
1011 _("Key size must be a multiple of 8 bits"),
1012 poptGetInvocationName(popt_context));
1014 if (!strcmp(aname, "luksKillSlot"))
1015 opt_key_slot = atoi(action_argv[1]);
1016 if (opt_key_slot != CRYPT_ANY_SLOT &&
1017 (opt_key_slot < 0 || opt_key_slot > crypt_keyslot_max(CRYPT_LUKS1)))
1018 usage(popt_context, 1, _("Key slot is invalid."),
1019 poptGetInvocationName(popt_context));
1021 if ((!strcmp(aname, "luksRemoveKey") ||
1022 !strcmp(aname, "luksFormat")) &&
1025 log_err(_("Option --key-file takes precedence over specified key file argument.\n"));
1027 opt_key_file = (char*)action_argv[1];
1030 if (opt_random && opt_urandom)
1031 usage(popt_context, 1, _("Only one of --use-[u]random options is allowed."),
1032 poptGetInvocationName(popt_context));
1033 if ((opt_random || opt_urandom) && strcmp(aname, "luksFormat"))
1034 usage(popt_context, 1, _("Option --use-[u]random is allowed only for luksFormat."),
1035 poptGetInvocationName(popt_context));
1037 if (opt_uuid && strcmp(aname, "luksFormat") && strcmp(aname, "luksUUID"))
1038 usage(popt_context, 1, _("Option --uuid is allowed only for luksFormat and luksUUID."),
1039 poptGetInvocationName(popt_context));
1041 if ((opt_offset || opt_skip) && strcmp(aname, "create"))
1042 usage(popt_context, 1, _("Options --offset and --skip are supported only for create command.\n"),
1043 poptGetInvocationName(popt_context));
1047 crypt_set_debug_level(-1);
1048 _dbg_version_and_cmd(argc, argv);
1051 return run_action(action);