1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
#compdef cryptsetup
local curcontext="$curcontext" ret=1
local -a actions state line expl
_arguments -s \
'(-v --verbose)'{-v,--verbose}'[enable verbose mode]' \
'--debug[enable debug mode]' \
'(-c --cipher)'{-c+,--cipher=}'[set cipher]:cipher specification' \
'(-h --hash)'{-h+,--hash=}'[hash algorithm]:hash algorithm' \
'(-y --verify-passphrase)'{-y,--verify-passphrase}'[query for password twice]' \
'(-d --key-file)'{-d+,--key-file=}'[set keyfile]:key file:_files' \
'--master-key-file=[set master key]:key file:_files' \
'--dump-master-key[dump luks master key]' \
'(-s --key-size)'{-s+,--key-size=}'[set key size]:size (bits)' \
'(-l --keyfile-size)'{-l+,--keyfile-size=}'[set keyfile size]:size (bytes)' \
'--keyfile-offset=[specify number of bytes to skip in keyfile]:offset (bytes)' \
'--new-keyfile-size=[set new keyfile size (luksAddKey)]:size (bytes)' \
'--new-keyfile-offset=[specify number of bytes to skip in newly added keyfile]:offset (bytes)' \
'(-S --key-slot)'{-S+,--key-slot=}'[select key slot]:key slot' \
'(-b --size)'{-b+,--size=}'[force device size]:sectors' \
'(-o --offset)'{-o+,--offset=}'[set start offset]:sectors' \
'(-p --skip)'{-p+,--skip=}'[data to skip at beginning]:sectors' \
'(-r --readonly)'{-r,--readonly}'[create a read-only mapping]' \
'(-i --iter-time)'{-i+,--iter-time=}'[set password processing duration]:duration (milliseconds)' \
'(-q --batch-mode)'{-q,--batch-mode}"[don't ask for confirmation]" \
'(-t --timeout)'{-t+,--timeout=}'[set password prompt timeout]:timeout (seconds)' \
'--progress-frequency=[specify progress line update interval]:interval (seconds)' \
'(-T --tries)'{-T+,--tries=}'[set maximum number of retries]:number of retries' \
'--align-payload=[set payload alignment]:sectors' \
'--header-backup-file=[specify file with LUKS header and keyslots backup]:file:_files' \
'(--use-urandom)--use-random[use /dev/random to generate volume key]' \
'(--use-random)--use-urandom[use /dev/urandom to generate volume key]' \
'--shared[share device with another non-overlapping crypt segment]' \
'--uuid=[set device UUID]:uuid' \
'--allow-discards[allow discard (aka TRIM) requests for device]' \
'--header=[device or file with separated LUKS header]:file:_files' \
'--test-passphrase[do not activate device, just check passphrase]' \
'--tcrypt-hidden[use hidden header (hidden TCRYPT device)]' \
'--tcrypt-system[device is system TCRYPT drive (with bootloader)]' \
'--tcrypt-backup[use backup (secondary) TCRYPT header]' \
'--veracrypt[scan also for VeraCrypt compatible device]' \
'--veracrypt-pim=[specify personal iteration multiplier for VeraCrypt compatible device]:multiplier' \
'--veracrypt-query-pim[query personal iteration multiplier for VeraCrypt compatible device]' \
'(-M --type)'{-M+,--type=}'[specify type of device metadata]:type:(luks plain loopaes tcrypt)' \
'--force-password[disable password quality check (if enabled)]' \
'--perf-same_cpu_crypt[use dm-crypt same_cpu_crypt performance compatibility option]' \
'--perf-submit_from_crypt_cpus[use dm-crypt submit_from_crypt_cpus performance compatibility option]' \
'--deferred[device removal is deferred until the last user closes it]' \
'--pbkdf=[specify PBKDF algorithm for LUKS2]:algorithm:(argon2i argon2id pbkdf2)' \
'--pbkdf-memory=[specify PBKDF memory cost limit]:limit (kilobytes)' \
'--pbkdf-parallel=[specify PBKDF parallel cost]:threads' \
'--pbkdf-force-iterations=[specify PBKDF iterations cost]:cost' \
'--priority=[specify keyslot priority]:priority:(ignore normal prefer)' \
'--disable-locks[disable locking of on-disk metadata]' \
'--disable-keyring[disable loading volume keys via kernel keyring]' \
'(-I --integrity)'{-I+,--integrity=}'[specify data integrity algorithm (LUKS2 only)]:algorithm' \
'--integrity-no-journal[disable journal for integrity device]' \
"--integrity-no-wipe[don't wipe device after format]" \
"--token-only[don't ask for passphrase if activation by token fails]" \
'--token-id=[specify token number]:number [any]' \
'--key-description=[specify key description]:description' \
'--sector-size=[specify encryption sector size]:size [512 bytes]' \
'--persistent[set activation flags persistent for device]' \
'--label=[set label for the LUKS2 device]:label' \
'--subsystem=[set subsystem label for the LUKS2 device]:subsystem' \
'--unbound[create unbound (no assigned data segment) LUKS2 keyslot]' \
'(- : *)--version[show version information]' \
'(- : *)'{-\?,--help}'[display help information]' \
'(- : *)--usage[display brief usage]' \
':action:->actions' \
'*::arguments:->action-arguments' && ret=0
case $state in
actions)
actions=(
'open:open device with named mapping'
'close:close device (remove mapping)'
'status:report mapping status'
'resize:resize an active mapping'
'benchmark:benchmark cipher'
'repair:try to repair on-disk metadata'
'erase:erase all keyslots'
'convert:convert LUKS from/to LUKS2 format'
'config:set permanent configuration options for LUKS2'
'luksFormat:initialize a LUKS partition'
'luksAddKey:add a new key'
'luksRemoveKey:remove a key'
'luksChangeKey:change a key'
'luksConvertKey:convert a key to new pbkdf parameters'
'luksKillSlot:wipe key from slot'
'luksUUID:print/change device UUID'
'isLuks:check if device is a LUKS partition'
'luksDump:dump header information'
'tcryptDump:dump TCRYPT device information'
'luksSuspend:suspend LUKS device and wipe key'
'luksResume:resume suspended LUKS device'
'luksHeaderBackup:store binary backup of headers'
'luksHeaderRestore:restore header backup'
)
_describe action actions && ret=0
;;
action-arguments)
local -a args
local mapping=':mapping:_path_files -W /dev/mapper'
local device=':device:_files'
case ${words[1]} in
create) args=( $mapping $device '--type=:type' );;
open) args=( $device $mapping '--type=:type' );;
(plain|luks|loopaes|tcrypt)Open) args=( $device $mapping '--type=:type' );;
benchmark) args=( '--cipher=:cipher' );;
luksKillSlot) args=( $device ':key slot number' );;
remove|status|resize|*lose|luksSuspend|luksResume) args=( $mapping );;
erase|convert|config|repair|(luks(AddKey|Erase|RemoveKey|DelKey|UUID|Dump)|isLuks))
args=( $device )
;;
luks(Format|AddKey|RemoveKey|ChangeKey|ConvertKey))
args=( $device ':key file:_files' )
;;
luksHeader*) args=( $device '--header-backup-file:file:_files' );;
*)
_default && ret=0
;;
esac
_arguments $args && ret=0
;;
esac
return ret
|
