1 #include <string.h>
2 #include <stdio.h>
3 #include <stdlib.h>
4 #include <stdint.h>
5 #include <stdarg.h>
6 #include <inttypes.h>
7 #include <errno.h>
8 #include <unistd.h>
9 #include <fcntl.h>
10 #include <assert.h>
11 #include <getopt.h>
12 
13 #include <libcryptsetup.h>
14 
15 #include "config.h"
16 
17 #include "cryptsetup.h"
18 
19 static int opt_verbose = 0;
20 static int opt_debug = 0;
21 static char *opt_cipher = NULL;
22 static char *opt_hash = NULL;
23 static int opt_verify_passphrase = 0;
24 static char *opt_key_file = NULL;
25 static char *opt_master_key_file = NULL;
26 static char *opt_header_backup_file = NULL;
27 static unsigned int opt_key_size = 0;
28 static int opt_key_slot = CRYPT_ANY_SLOT;
29 static uint64_t opt_size = 0;
30 static uint64_t opt_offset = 0;
31 static uint64_t opt_skip = 0;
32 static int opt_readonly = 0;
33 static int opt_iteration_time = 1000;
34 static int opt_batch_mode = 0;
35 static int opt_version_mode = 0;
36 static int opt_timeout = 0;
37 static int opt_tries = 3;
38 static int opt_align_payload = 0;
39 static int opt_non_exclusive = 0;
40 
41 static const char **action_argv;
42 static int action_argc;
43 
44 static int action_create(int arg);
45 static int action_remove(int arg);
46 static int action_resize(int arg);
47 static int action_status(int arg);
48 static int action_luksFormat(int arg);
49 static int action_luksOpen(int arg);
50 static int action_luksAddKey(int arg);
51 static int action_luksDelKey(int arg);
52 static int action_luksKillSlot(int arg);
53 static int action_luksRemoveKey(int arg);
54 static int action_isLuks(int arg);
55 static int action_luksUUID(int arg);
56 static int action_luksDump(int arg);
57 static int action_luksSuspend(int arg);
58 static int action_luksResume(int arg);
59 static int action_luksBackup(int arg);
60 static int action_luksRestore(int arg);
61 
62 static struct action_type {
63 	const char *type;
64 	int (*handler)(int);
65 	int arg;
66 	int required_action_argc;
67 	int required_memlock;
68 	const char *arg_desc;
69 	const char *desc;
70 } action_types[] = {
71 	{ "create",	action_create,		0, 2, 1, N_("<name> <device>"),N_("create device") },
72 	{ "remove",	action_remove,		0, 1, 1, N_("<name>"), N_("remove device") },
73 	{ "resize",	action_resize,		0, 1, 1, N_("<name>"), N_("resize active device") },
74 	{ "status",	action_status,		0, 1, 0, N_("<name>"), N_("show device status") },
75 	{ "luksFormat", action_luksFormat,	0, 1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
76 	{ "luksOpen",	action_luksOpen,	0, 2, 1, N_("<device> <name> "), N_("open LUKS device as mapping <name>") },
77 	{ "luksAddKey",	action_luksAddKey,	0, 1, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
78 	{ "luksRemoveKey",action_luksRemoveKey,	0, 1, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
79 	{ "luksKillSlot",  action_luksKillSlot, 0, 2, 1, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") },
80 	{ "luksUUID",	action_luksUUID,	0, 1, 0, N_("<device>"), N_("print UUID of LUKS device") },
81 	{ "isLuks",	action_isLuks,		0, 1, 0, N_("<device>"), N_("tests <device> for LUKS partition header") },
82 	{ "luksClose",	action_remove,		0, 1, 1, N_("<name>"), N_("remove LUKS mapping") },
83 	{ "luksDump",	action_luksDump,	0, 1, 0, N_("<device>"), N_("dump LUKS partition information") },
84 	{ "luksSuspend",action_luksSuspend,	0, 1, 1, N_("<device>"), N_("Suspend LUKS device and wipe key (all IOs are frozen).") },
85 	{ "luksResume",	action_luksResume,	0, 1, 1, N_("<device>"), N_("Resume suspended LUKS device.") },
86 	{ "luksHeaderBackup",action_luksBackup,	0, 1, 1, N_("<device>"), N_("Backup LUKS device header and keyslots") },
87 	{ "luksHeaderRestore",action_luksRestore,0,1, 1, N_("<device>"), N_("Restore LUKS device header and keyslots") },
88 	{ "luksDelKey", action_luksDelKey,	0, 2, 1, N_("<device> <key slot>"), N_("identical to luksKillSlot - DEPRECATED - see man page") },
89 	{ "reload",	action_create,		1, 2, 1, N_("<name> <device>"), N_("modify active device - DEPRECATED - see man page") },
90 	{ NULL, NULL, 0, 0, 0, NULL, NULL }
91 };
92 
clogger(struct crypt_device * cd,int level,const char * file,int line,const char * format,...)93 static void clogger(struct crypt_device *cd, int level, const char *file,
94 		   int line, const char *format, ...)
95 {
96 	va_list argp;
97 	char *target = NULL;
98 
99 	va_start(argp, format);
100 
101 	if (vasprintf(&target, format, argp) > 0) {
102 		if (level >= 0) {
103 			crypt_log(cd, level, target);
104 #ifdef CRYPT_DEBUG
105 		} else if (opt_debug)
106 			printf("# %s:%d %s\n", file ?: "?", line, target);
107 #else
108 		} else if (opt_debug)
109 			printf("# %s\n", target);
110 #endif
111 	}
112 
113 	va_end(argp);
114 	free(target);
115 }
116 
117 /* Interface Callbacks */
yesDialog(char * msg)118 static int yesDialog(char *msg)
119 {
120 	char *answer = NULL;
121 	size_t size = 0;
122 	int r = 1;
123 
124 	if(isatty(0) && !opt_batch_mode) {
125 		log_std("\nWARNING!\n========\n");
126 		log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg);
127 		if(getline(&answer, &size, stdin) == -1) {
128 			perror("getline");
129 			free(answer);
130 			return 0;
131 		}
132 		if(strcmp(answer, "YES\n"))
133 			r = 0;
134 		free(answer);
135 	}
136 
137 	return r;
138 }
139 
cmdLineLog(int level,char * msg)140 static void cmdLineLog(int level, char *msg) {
141 	switch(level) {
142 
143 	case CRYPT_LOG_NORMAL:
144 		fputs(msg, stdout);
145 		break;
146 	case CRYPT_LOG_VERBOSE:
147 		if (opt_verbose)
148 			fputs(msg, stdout);
149 		break;
150 	case CRYPT_LOG_ERROR:
151 		fputs(msg, stderr);
152 		break;
153 	default:
154 		fprintf(stderr, "Internal error on logging class for msg: %s", msg);
155 		break;
156 	}
157 }
158 
159 static struct interface_callbacks cmd_icb = {
160 	.yesDialog = yesDialog,
161 	.log = cmdLineLog,
162 };
163 
_log(int level,const char * msg,void * usrptr)164 static void _log(int level, const char *msg, void *usrptr)
165 {
166 	cmdLineLog(level, (char *)msg);
167 }
168 
_yesDialog(const char * msg,void * usrptr)169 static int _yesDialog(const char *msg, void *usrptr)
170 {
171 	return yesDialog((char*)msg);
172 }
173 
174 /* End ICBs */
175 
show_status(int errcode)176 static void show_status(int errcode)
177 {
178 	char error[256];
179 	int ret;
180 
181 	if(!opt_verbose)
182 		return;
183 
184 	if(!errcode) {
185 		log_std(_("Command successful.\n"));
186 		return;
187 	}
188 
189 	crypt_get_error(error, sizeof(error));
190 
191 	if (!error[0]) {
192 		ret = strerror_r(-errcode, error, sizeof(error));
193 	}
194 
195 	log_err(_("Command failed with code %i"), -errcode);
196 	if (*error)
197 		log_err(": %s\n", error);
198 	else
199 		log_err(".\n");
200 }
201 
action_create(int reload)202 static int action_create(int reload)
203 {
204 	struct crypt_options options = {
205 		.name = action_argv[0],
206 		.device = action_argv[1],
207 		.cipher = opt_cipher ? opt_cipher : DEFAULT_CIPHER(PLAIN),
208 		.hash = opt_hash ?: DEFAULT_PLAIN_HASH,
209 		.key_file = opt_key_file,
210 		.key_size = (opt_key_size ?: DEFAULT_PLAIN_KEYBITS) / 8,
211 		.key_slot = opt_key_slot,
212 		.flags = 0,
213 		.size = opt_size,
214 		.offset = opt_offset,
215 		.skip = opt_skip,
216 		.timeout = opt_timeout,
217 		.tries = opt_tries,
218 		.icb = &cmd_icb,
219 	};
220 	int r;
221 
222         if(reload)
223                 log_err(_("The reload action is deprecated. Please use \"dmsetup reload\" in case you really need this functionality.\nWARNING: do not use reload to touch LUKS devices. If that is the case, hit Ctrl-C now.\n"));
224 
225 	if (options.hash && strcmp(options.hash, "plain") == 0)
226 		options.hash = NULL;
227 	if (opt_verify_passphrase)
228 		options.flags |= CRYPT_FLAG_VERIFY;
229 	if (opt_readonly)
230 		options.flags |= CRYPT_FLAG_READONLY;
231 
232 	if (reload)
233 		r = crypt_update_device(&options);
234 	else
235 		r = crypt_create_device(&options);
236 
237 	return r;
238 }
239 
action_remove(int arg)240 static int action_remove(int arg)
241 {
242 	struct crypt_options options = {
243 		.name = action_argv[0],
244 		.icb = &cmd_icb,
245 	};
246 
247 	return crypt_remove_device(&options);
248 }
249 
action_resize(int arg)250 static int action_resize(int arg)
251 {
252 	struct crypt_options options = {
253 		.name = action_argv[0],
254 		.size = opt_size,
255 		.icb = &cmd_icb,
256 	};
257 
258 	return crypt_resize_device(&options);
259 }
260 
action_status(int arg)261 static int action_status(int arg)
262 {
263 	struct crypt_options options = {
264 		.name = action_argv[0],
265 		.icb = &cmd_icb,
266 	};
267 	int r;
268 
269 	r = crypt_query_device(&options);
270 	if (r < 0)
271 		return r;
272 
273 	if (r == 0) {
274 		/* inactive */
275 		log_std("%s/%s is inactive.\n", crypt_get_dir(), options.name);
276 		r = 1;
277 	} else {
278 		/* active */
279 		log_std("%s/%s is active:\n", crypt_get_dir(), options.name);
280 		log_std("  cipher:  %s\n", options.cipher);
281 		log_std("  keysize: %d bits\n", options.key_size * 8);
282 		log_std("  device:  %s\n", options.device ?: "");
283 		log_std("  offset:  %" PRIu64 " sectors\n", options.offset);
284 		log_std("  size:    %" PRIu64 " sectors\n", options.size);
285 		if (options.skip)
286 			log_std("  skipped: %" PRIu64 " sectors\n", options.skip);
287 		log_std("  mode:    %s\n", (options.flags & CRYPT_FLAG_READONLY)
288 		                           ? "readonly" : "read/write");
289 		crypt_put_options(&options);
290 		r = 0;
291 	}
292 	return r;
293 }
294 
_action_luksFormat_generateMK()295 static int _action_luksFormat_generateMK()
296 {
297 	struct crypt_options options = {
298 		.key_size = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8,
299 		.key_slot = opt_key_slot,
300 		.device = action_argv[0],
301 		.cipher = opt_cipher ?: DEFAULT_CIPHER(LUKS1),
302 		.hash = opt_hash ?: DEFAULT_LUKS1_HASH,
303 		.new_key_file = opt_key_file ?: (action_argc > 1 ? action_argv[1] : NULL),
304 		.flags = opt_verify_passphrase ? CRYPT_FLAG_VERIFY : (!opt_batch_mode?CRYPT_FLAG_VERIFY_IF_POSSIBLE :  0),
305 		.iteration_time = opt_iteration_time,
306 		.timeout = opt_timeout,
307 		.align_payload = opt_align_payload,
308 		.icb = &cmd_icb,
309 	};
310 
311 	return crypt_luksFormat(&options);
312 }
313 
_read_mk(const char * file,char ** key,int keysize)314 static int _read_mk(const char *file, char **key, int keysize)
315 {
316 	int fd;
317 
318 	*key = malloc(keysize);
319 	if (!*key)
320 		return -ENOMEM;
321 
322 	fd = open(file, O_RDONLY);
323 	if (fd == -1) {
324 		log_err("Cannot read keyfile %s.\n", file);
325 		return -EINVAL;
326 	}
327 	if ((read(fd, *key, keysize) != keysize)) {
328 		log_err("Cannot read %d bytes from keyfile %s.\n", keysize, file);
329 		close(fd);
330 		memset(*key, 0, keysize);
331 		free(*key);
332 		return -EINVAL;
333 	}
334 	close(fd);
335 	return 0;
336 }
337 
_action_luksFormat_useMK()338 static int _action_luksFormat_useMK()
339 {
340 	int r = -EINVAL, keysize;
341 	char *key = NULL, cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
342 	struct crypt_device *cd = NULL;
343 	struct crypt_params_luks1 params = {
344 		.hash = opt_hash ?: DEFAULT_LUKS1_HASH,
345 		.data_alignment = opt_align_payload,
346 	};
347 
348 	if (sscanf(opt_cipher ?: DEFAULT_CIPHER(LUKS1),
349 		   "%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s",
350 		   cipher, cipher_mode) != 2) {
351 		log_err("No known cipher specification pattern detected.\n");
352 		return -EINVAL;
353 	}
354 
355 	keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8;
356 	if (_read_mk(opt_master_key_file, &key, keysize) < 0)
357 		return -EINVAL;
358 
359 	if ((r = crypt_init(&cd, action_argv[0])))
360 		goto out;
361 
362 	crypt_set_password_verify(cd, 1);
363 	crypt_set_timeout(cd, opt_timeout);
364 	if (opt_iteration_time)
365 		crypt_set_iterarion_time(cd, opt_iteration_time);
366 
367 	if ((r = crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, keysize, &params)))
368 		goto out;
369 
370 	r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot, key, keysize, NULL, 0);
371 out:
372 
373 	crypt_free(cd);
374 	if (key) {
375 		memset(key, 0, keysize);
376 		free(key);
377 	}
378 	return r;
379 }
380 
action_luksFormat(int arg)381 static int action_luksFormat(int arg)
382 {
383 	int r = 0; char *msg = NULL;
384 
385 	/* Avoid overwriting possibly wrong part of device than user requested by rejecting these options */
386 	if (opt_offset || opt_skip) {
387 		log_err("Options --offset and --skip are not supported for luksFormat.\n");
388 		return -EINVAL;
389 	}
390 
391 	if (action_argc > 1 && opt_key_file)
392 		log_err(_("Option --key-file takes precedence over specified key file argument.\n"));
393 
394 	if(asprintf(&msg, _("This will overwrite data on %s irrevocably."), action_argv[0]) == -1) {
395 		log_err(_("memory allocation error in action_luksFormat"));
396 		return -ENOMEM;
397 	}
398 	r = yesDialog(msg);
399 	free(msg);
400 
401 	if (!r)
402 		return -EINVAL;
403 
404 	if (opt_master_key_file)
405 		return _action_luksFormat_useMK();
406 	else
407 		return _action_luksFormat_generateMK();
408 }
409 
action_luksOpen(int arg)410 static int action_luksOpen(int arg)
411 {
412 	struct crypt_options options = {
413 		.name = action_argv[1],
414 		.device = action_argv[0],
415 		.key_file = opt_key_file,
416 		.key_size = opt_key_file ? (opt_key_size / 8) : 0, /* limit bytes read from keyfile */
417 		.timeout = opt_timeout,
418 		.tries = opt_key_file ? 1 : opt_tries, /* verify is usefull only for tty */
419 		.icb = &cmd_icb,
420 	};
421 
422 	if (opt_readonly)
423 		options.flags |= CRYPT_FLAG_READONLY;
424 	if (opt_non_exclusive)
425 		log_err(_("Obsolete option --non-exclusive is ignored.\n"));
426 
427 	return crypt_luksOpen(&options);
428 }
429 
action_luksDelKey(int arg)430 static int action_luksDelKey(int arg)
431 {
432 	log_err("luksDelKey is a deprecated action name.\nPlease use luksKillSlot.\n");
433 	return action_luksKillSlot(arg);
434 }
435 
action_luksKillSlot(int arg)436 static int action_luksKillSlot(int arg)
437 {
438 	struct crypt_options options = {
439 		.device = action_argv[0],
440 		.key_slot = atoi(action_argv[1]),
441 		.key_file = opt_key_file,
442 		.timeout = opt_timeout,
443 		.flags = !opt_batch_mode?CRYPT_FLAG_VERIFY_ON_DELKEY : 0,
444 		.icb = &cmd_icb,
445 	};
446 
447 	return crypt_luksKillSlot(&options);
448 }
449 
action_luksRemoveKey(int arg)450 static int action_luksRemoveKey(int arg)
451 {
452 	struct crypt_options options = {
453 		.device = action_argv[0],
454 		.new_key_file = action_argc>1?action_argv[1]:NULL,
455 		.key_file = opt_key_file,
456 		.timeout = opt_timeout,
457 		.flags = !opt_batch_mode?CRYPT_FLAG_VERIFY_ON_DELKEY : 0,
458 		.icb = &cmd_icb,
459 	};
460 
461 	return crypt_luksRemoveKey(&options);
462 }
463 
_action_luksAddKey_useMK()464 static int _action_luksAddKey_useMK()
465 {
466 	int r = -EINVAL, keysize = 0;
467 	char *key = NULL;
468 	struct crypt_device *cd = NULL;
469 
470 	if ((r = crypt_init(&cd, action_argv[0])))
471 		goto out;
472 
473 	if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
474 		goto out;
475 
476 	keysize = crypt_get_volume_key_size(cd);
477 	crypt_set_password_verify(cd, 1);
478 	crypt_set_timeout(cd, opt_timeout);
479 	if (opt_iteration_time)
480 		crypt_set_iterarion_time(cd, opt_iteration_time);
481 
482 	if (_read_mk(opt_master_key_file, &key, keysize) < 0)
483 		goto out;
484 
485 	r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot, key, keysize, NULL, 0);
486 out:
487 	crypt_free(cd);
488 	if (key) {
489 		memset(key, 0, keysize);
490 		free(key);
491 	}
492 	return r;
493 }
494 
action_luksAddKey(int arg)495 static int action_luksAddKey(int arg)
496 {
497 	struct crypt_options options = {
498 		.device = action_argv[0],
499 		.new_key_file = action_argc>1?action_argv[1]:NULL,
500 		.key_file = opt_key_file,
501 		.key_slot = opt_key_slot,
502 		.flags = opt_verify_passphrase ? CRYPT_FLAG_VERIFY : (!opt_batch_mode?CRYPT_FLAG_VERIFY_IF_POSSIBLE : 0),
503 		.iteration_time = opt_iteration_time,
504 		.timeout = opt_timeout,
505 		.icb = &cmd_icb,
506 	};
507 
508 	if (opt_master_key_file)
509 		return _action_luksAddKey_useMK();
510 	else
511 		return crypt_luksAddKey(&options);
512 }
513 
action_isLuks(int arg)514 static int action_isLuks(int arg)
515 {
516 	struct crypt_options options = {
517 		.device = action_argv[0],
518 		.icb = &cmd_icb,
519 	};
520 
521 	return crypt_isLuks(&options);
522 }
523 
action_luksUUID(int arg)524 static int action_luksUUID(int arg)
525 {
526 	struct crypt_options options = {
527 		.device = action_argv[0],
528 		.icb = &cmd_icb,
529 	};
530 
531 	return crypt_luksUUID(&options);
532 }
533 
action_luksDump(int arg)534 static int action_luksDump(int arg)
535 {
536 	struct crypt_options options = {
537 		.device = action_argv[0],
538 		.icb = &cmd_icb,
539 	};
540 
541 	return crypt_luksDump(&options);
542 }
543 
action_luksSuspend(int arg)544 static int action_luksSuspend(int arg)
545 {
546 	struct crypt_device *cd = NULL;
547 	int r;
548 
549 	r = crypt_init_by_name(&cd, action_argv[0]);
550 	if (!r)
551 		r = crypt_suspend(cd, action_argv[0]);
552 
553 	crypt_free(cd);
554 	return r;
555 }
556 
action_luksResume(int arg)557 static int action_luksResume(int arg)
558 {
559 	struct crypt_device *cd = NULL;
560 	int r;
561 
562 	if ((r = crypt_init_by_name(&cd, action_argv[0])))
563 		goto out;
564 
565 	if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
566 		goto out;
567 
568 	if (opt_key_file)
569 		r = crypt_resume_by_keyfile(cd, action_argv[0], CRYPT_ANY_SLOT,
570 					    opt_key_file, opt_key_size / 8);
571 	else
572 		r = crypt_resume_by_passphrase(cd, action_argv[0], CRYPT_ANY_SLOT,
573 					       NULL, 0);
574 out:
575 	crypt_free(cd);
576 	return r;
577 }
578 
action_luksBackup(int arg)579 static int action_luksBackup(int arg)
580 {
581 	struct crypt_device *cd = NULL;
582 	int r;
583 
584 	if (!opt_header_backup_file) {
585 		log_err(_("Option --header-backup-file is required.\n"));
586 		return -EINVAL;
587 	}
588 
589 	if ((r = crypt_init(&cd, action_argv[0])))
590 		goto out;
591 
592 	crypt_set_log_callback(cd, _log, NULL);
593 	crypt_set_confirm_callback(cd, _yesDialog, NULL);
594 
595 	r = crypt_header_backup(cd, CRYPT_LUKS1, opt_header_backup_file);
596 out:
597 	crypt_free(cd);
598 	return r;
599 }
600 
action_luksRestore(int arg)601 static int action_luksRestore(int arg)
602 {
603 	struct crypt_device *cd = NULL;
604 	int r = 0;
605 
606 	if (!opt_header_backup_file) {
607 		log_err(_("Option --header-backup-file is required.\n"));
608 		return -EINVAL;
609 	}
610 
611 	if ((r = crypt_init(&cd, action_argv[0])))
612 		goto out;
613 
614 	crypt_set_log_callback(cd, _log, NULL);
615 	crypt_set_confirm_callback(cd, _yesDialog, NULL);
616 	r = crypt_header_restore(cd, CRYPT_LUKS1, opt_header_backup_file);
617 out:
618 	crypt_free(cd);
619 	return r;
620 }
621 
usage(const char * msg)622 static void usage(const char *msg)
623 {
624 	log_err("Usage: cryptsetup [-?vyrq] [-?|--help] [--usage] [-v|--verbose]\n"
625 	    "        [--debug] [-c|--cipher=STRING] [-h|--hash=STRING]\n"
626 	    "        [-y|--verify-passphrase] [-d|--key-file=STRING]\n"
627 	    "        [--master-key-file=STRING] [-s|--key-size=BITS] [-S|--key-slot=INT]\n"
628             "        [-b|--size=SECTORS] [-o|--offset=SECTORS] [-p|--skip=SECTORS]\n"
629             "        [-r|--readonly] [-i|--iter-time=msecs] [-q|--batch-mode] [--version]\n"
630             "        [-t|--timeout=secs] [-T|--tries=INT] [--align-payload=SECTORS]\n"
631             "        [--non-exclusive] [--header-backup-file=STRING] [OPTION...]\n"
632             "        <action> <action-specific>]\n");
633 
634 	if (msg)
635 		log_err("%s\n", msg);
636 
637 	exit(1);
638 }
639 
help()640 static void help()
641 {
642 	struct action_type *action;
643 
644 	log_std("%s\n",PACKAGE_STRING);
645 	log_std("Usage: cryptsetup [OPTION...] <action> <action-specific>]\n"
646 	    "  -v, --verbose                       Shows more detailed error messages\n"
647 	    "      --debug                         Show debug messages\n"
648 	    "  -c, --cipher=STRING                 The cipher used to encrypt the disk (see /proc/crypto)\n"
649 	    "  -h, --hash=STRING                   The hash used to create the encryption key from the passphrase\n"
650 	    "  -y, --verify-passphrase             Verifies the passphrase by asking for it twice\n"
651 	    "  -d, --key-file=STRING               Read the key from a file (can be /dev/random)\n"
652 	    "      --master-key-file=STRING        Read the volume (master) key from file.\n"
653 	    "  -s, --key-size=BITS                 The size of the encryption key\n"
654 	    "  -S, --key-slot=INT                  Slot number for new key (default is first free)\n"
655 	    "  -b, --size=SECTORS                  The size of the device\n"
656 	    "  -o, --offset=SECTORS                The start offset in the backend device\n"
657 	    "  -p, --skip=SECTORS                  How many sectors of the encrypted data to skip at the beginning\n"
658 	    "  -r, --readonly                      Create a readonly mapping\n"
659 	    "  -i, --iter-time=msecs               PBKDF2 iteration time for LUKS (in ms)\n"
660 	    "  -q, --batch-mode                    Do not ask for confirmation\n"
661 	    "      --version                       Print package version\n"
662 	    "  -t, --timeout=secs                  Timeout for interactive passphrase prompt (in seconds)\n"
663 	    "  -T, --tries=INT                     How often the input of the passphrase can be retried\n"
664 	    "      --align-payload=SECTORS         Align payload at <n> sector boundaries - for luksFormat\n"
665 	    "      --non-exclusive                 (Obsoleted, see man page.)\n"
666 	    "      --header-backup-file=STRING     File with LUKS header and keyslots backup.\n"
667 	    "\n"
668 	    "Help options:\n"
669 	    "  -?, --help                          Show this help message\n"
670 	    "      --usage                         Display brief usage\n" );
671 
672 	log_std(_("\n"
673 		 "<action> is one of:\n"));
674 
675 	for(action = action_types; action->type; action++)
676 		log_std("\t%s %s - %s\n", action->type, _(action->arg_desc), _(action->desc));
677 
678 	log_std(_("\n"
679 		 "<name> is the device to create under %s\n"
680 		 "<device> is the encrypted device\n"
681 		 "<key slot> is the LUKS key slot number to modify\n"
682 		 "<key file> optional key file for the new key for luksAddKey action\n"),
683 		crypt_get_dir());
684 
685 	log_std(_("\nDefault compiled-in device cipher parameters:\n"
686 		 "\tplain: %s, Key: %d bits, Password hashing: %s\n"
687 		 "\tLUKS1: %s, Key: %d bits, LUKS header hashing: %s\n"),
688 		 DEFAULT_CIPHER(PLAIN), DEFAULT_PLAIN_KEYBITS, DEFAULT_PLAIN_HASH,
689 		 DEFAULT_CIPHER(LUKS1), DEFAULT_LUKS1_KEYBITS, DEFAULT_LUKS1_HASH);
690 	exit(0);
691 
692 }
693 
694 void set_debug_level(int level);
695 
_dbg_version_and_cmd(int argc,char ** argv)696 static void _dbg_version_and_cmd(int argc, char **argv)
697 {
698 	int i;
699 
700 	log_std("# %s %s processing \"", PACKAGE_NAME, PACKAGE_VERSION);
701 	for (i = 0; i < argc; i++) {
702 		if (i)
703 			log_std(" ");
704 		log_std(argv[i]);
705 	}
706 	log_std("\"\n");
707 }
708 
run_action(struct action_type * action)709 static int run_action(struct action_type *action)
710 {
711 	int r;
712 
713 	if (action->required_memlock)
714 		crypt_memory_lock(NULL, 1);
715 
716 	r = action->handler(action->arg);
717 
718 	if (action->required_memlock)
719 		crypt_memory_lock(NULL, 0);
720 
721 	show_status(r);
722 
723 	return r;
724 }
725 
main(int argc,char ** argv)726 int main(int argc, char **argv)
727 {
728 	static struct option options[] = {
729 		{ "help",  	       no_argument, 		NULL, '?' },
730 		{ "usage", 	       no_argument, 		NULL, 'u' },
731 		{ "verbose",           no_argument, 		NULL, 'v' },
732 		{ "debug",             no_argument, 		&opt_debug, 1 },
733 		{ "cipher",            required_argument, 	NULL, 'c' },
734 		{ "hash",              required_argument, 	NULL, 'h' },
735 		{ "verify-passphrase", no_argument, 		NULL, 'y' },
736 		{ "key-file",          required_argument, 	NULL, 'd' },
737 		{ "master-key-file",   required_argument, 	NULL, 'm' },
738 		{ "key-size",          required_argument, 	NULL, 's' },
739 		{ "key-slot",          required_argument, 	NULL, 'S' },
740 		{ "size",              required_argument, 	NULL, 'b' },
741 		{ "offset",            required_argument, 	NULL, 'o' },
742 		{ "skip",              required_argument,	NULL, 'p' },
743 		{ "readonly",          no_argument, 		NULL, 'r' },
744 		{ "iter-time",         required_argument,	NULL, 'i' },
745 		{ "batch-mode",        no_argument,		NULL, 'q' },
746 		{ "version",           no_argument, 		&opt_version_mode, 1 },
747 		{ "timeout",           required_argument, 	NULL, 't' },
748 		{ "tries",             required_argument, 	NULL, 'T' },
749 		{ "align-payload",     required_argument, 	NULL, 'a' },
750 		{ "header-backup-file",required_argument, 	NULL, 'x' },
751 		{ NULL,			0,			NULL, 0 }
752 	};
753 	struct action_type *action;
754 	char *aname;
755 	int r;
756 	const char *null_action_argv[] = {NULL};
757 
758 	crypt_set_log_callback(NULL, _log, NULL);
759 
760 	setlocale(LC_ALL, "");
761 	bindtextdomain(PACKAGE, LOCALEDIR);
762 	textdomain(PACKAGE);
763 
764 	while((r = getopt_long(argc, argv, "?vc:h:yd:m:s:S:b:o:p:ri:qt:T:", options, NULL)) != -1)
765 	{
766 		switch (r) {
767 		case 'u':
768 			usage(NULL);
769 			break;
770 		case 'v':
771 			opt_verbose = 1;
772 			break;
773 		case 'c':
774 			opt_cipher = optarg;
775 			break;
776 		case 'h':
777 			opt_hash = optarg;
778 			break;
779 		case 'y':
780 			opt_verify_passphrase = 1;
781 			break;
782 		case 'd':
783 			opt_key_file = optarg;
784 			break;
785 		case 'm':
786 			opt_master_key_file = optarg;
787 			break;
788 		case 's':
789 			opt_key_size = atoi(optarg);
790 			break;
791 		case 'S':
792 			opt_key_slot = atoi(optarg);
793 			break;
794 		case 'b':
795 			opt_size = strtoull(optarg, NULL, 0);
796 			break;
797 		case 'o':
798 			opt_offset = strtoull(optarg, NULL, 0);
799 			break;
800 		case 'p':
801 			opt_skip = strtoull(optarg, NULL, 0);
802 			break;
803 		case 'r':
804 			opt_readonly = 1;
805 			break;
806 		case 'i':
807 			opt_iteration_time = atoi(optarg);
808 			break;
809 		case 'q':
810 			opt_batch_mode = 1;
811 			break;
812 		case 't':
813 			opt_timeout = atoi(optarg);
814 			break;
815 		case 'T':
816 			opt_tries = atoi(optarg);
817 			break;
818 		case 'a':
819 			opt_align_payload = atoi(optarg);
820 			break;
821 		case 'x':
822 			opt_header_backup_file = optarg;
823 			break;
824 		case '?':
825 			help();
826 			break;
827 		case 0:
828 			if (opt_version_mode) {
829 				log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
830 				exit(0);
831 			}
832 			break;
833 		}
834 	}
835 
836 	if (opt_key_size % 8)
837 		usage(_("Key size must be a multiple of 8 bits"));
838 
839 	argc -= optind;
840 	argv += optind;
841 
842 	if (argc == 0) {
843 		usage(_("Argument <action> missing."));
844 		/* NOTREACHED */
845 	}
846 
847 	aname = argv[0];
848 	for(action = action_types; action->type; action++)
849 		if (strcmp(action->type, aname) == 0)
850 			break;
851 	if (!action->type) {
852 		usage( _("Unknown action."));
853 		/* NOTREACHED */
854 	}
855 
856 	action_argc = argc-1;
857 	action_argv = (void *)&argv[1];
858 
859 	if(action_argc < action->required_action_argc) {
860 		char buf[128];
861 		snprintf(buf, 128,_("%s: requires %s as arguments"), action->type, action->arg_desc);
862 		usage(buf);
863 		/* NOTREACHED */
864 	}
865 
866 	if (opt_debug) {
867 		opt_verbose = 1;
868 		crypt_set_debug_level(-1);
869 		_dbg_version_and_cmd(argc, argv);
870 	}
871 
872 	return run_action(action);
873 }
874