about summary refs log tree commit diff
path: root/Completion/Linux/Command/_cryptsetup
blob: ddb2ad3a9d4d49abb266a832aa5eb492e7b609e9 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
#compdef cryptsetup

local curcontext="$curcontext" ign ret=1
local -a actions state line expl

(( $#words > 2 )) && ign='!'
_arguments -s \
  '(-v --verbose)'{-v,--verbose}'[enable verbose mode]' \
  '--debug[enable debug mode]' \
  '(-c --cipher)'{-c+,--cipher=}'[set cipher]:cipher specification' \
  '(-h --hash)'{-h+,--hash=}'[hash algorithm]:hash algorithm' \
  '(-y --verify-passphrase)'{-y,--verify-passphrase}'[query for password twice]' \
  '(-d --key-file)'{-d+,--key-file=}'[set keyfile]:key file:_files' \
  '--master-key-file=[set master key]:key file:_files' \
  '--dump-master-key[dump luks master key]' \
  '(-s --key-size)'{-s+,--key-size=}'[set key size]:size (bits)' \
  '(-l --keyfile-size)'{-l+,--keyfile-size=}'[set keyfile size]:size (bytes)' \
  '--keyfile-offset=[specify number of bytes to skip in keyfile]:offset (bytes)' \
  '--new-keyfile-size=[set new keyfile size (luksAddKey)]:size (bytes)' \
  '--new-keyfile-offset=[specify number of bytes to skip in newly added keyfile]:offset (bytes)' \
  '(-S --key-slot)'{-S+,--key-slot=}'[select key slot]:key slot' \
  '(-b --size)'{-b+,--size=}'[force device size]:sectors' \
  '(-o --offset)'{-o+,--offset=}'[set start offset]:sectors' \
  '(-p --skip)'{-p+,--skip=}'[data to skip at beginning]:sectors' \
  '(-r --readonly)'{-r,--readonly}'[create a read-only mapping]' \
  '(-i --iter-time)'{-i+,--iter-time=}'[set password processing duration]:duration (milliseconds)' \
  '(-q --batch-mode)'{-q,--batch-mode}"[don't ask for confirmation]" \
  '(-t --timeout)'{-t+,--timeout=}'[set password prompt timeout]:timeout (seconds)' \
  '--progress-frequency=[specify progress line update interval]:interval (seconds)' \
  '(-T --tries)'{-T+,--tries=}'[set maximum number of retries]:number of retries' \
  '--align-payload=[set payload alignment]:sectors' \
  '--header-backup-file=[specify file with LUKS header and keyslots backup]:file:_files' \
  '(--use-urandom)--use-random[use /dev/random to generate volume key]' \
  '(--use-random)--use-urandom[use /dev/urandom to generate volume key]' \
  '--shared[share device with another non-overlapping crypt segment]' \
  '--uuid=[set device UUID]:uuid' \
  '--allow-discards[allow discard (aka TRIM) requests for device]' \
  '--header=[device or file with separated LUKS header]:file:_files' \
  '--test-passphrase[do not activate device, just check passphrase]' \
  '--tcrypt-hidden[use hidden header (hidden TCRYPT device)]' \
  '--tcrypt-system[device is system TCRYPT drive (with bootloader)]' \
  '--tcrypt-backup[use backup (secondary) TCRYPT header]' \
  '--veracrypt[scan also for VeraCrypt compatible device]' \
  '--veracrypt-pim=[specify personal iteration multiplier for VeraCrypt compatible device]:multiplier' \
  '--veracrypt-query-pim[query personal iteration multiplier for VeraCrypt compatible device]' \
  '(-M --type)'{-M+,--type=}'[specify type of device metadata]:type:(luks plain loopaes tcrypt)' \
  '--force-password[disable password quality check (if enabled)]' \
  '--perf-same_cpu_crypt[use dm-crypt same_cpu_crypt performance compatibility option]' \
  '--perf-submit_from_crypt_cpus[use dm-crypt submit_from_crypt_cpus performance compatibility option]' \
  '--deferred[device removal is deferred until the last user closes it]' \
  '--pbkdf=[specify PBKDF algorithm for LUKS2]:algorithm:(argon2i argon2id pbkdf2)' \
  '--pbkdf-memory=[specify PBKDF memory cost limit]:limit (kilobytes)' \
  '--pbkdf-parallel=[specify PBKDF parallel cost]:threads' \
  '--pbkdf-force-iterations=[specify PBKDF iterations cost]:cost' \
  '--priority=[specify keyslot priority]:priority:(ignore normal prefer)' \
  '--disable-locks[disable locking of on-disk metadata]' \
  '--disable-keyring[disable loading volume keys via kernel keyring]' \
  '(-I --integrity)'{-I+,--integrity=}'[specify data integrity algorithm (LUKS2 only)]:algorithm' \
  '--integrity-no-journal[disable journal for integrity device]' \
  "--integrity-no-wipe[don't wipe device after format]" \
  "--token-only[don't ask for passphrase if activation by token fails]" \
  '--token-id=[specify token number]:number [any]' \
  '--key-description=[specify key description]:description' \
  '--sector-size=[specify encryption sector size]:size [512 bytes]' \
  '--persistent[set activation flags persistent for device]' \
  '--label=[set label for the LUKS2 device]:label' \
  '--subsystem=[set subsystem label for the LUKS2 device]:subsystem' \
  '--unbound[create unbound (no assigned data segment) LUKS2 keyslot]' \
  '--json-file=[read or write token to json file]:json file:_files -g "*.json(-.)"' \
  "${ign}(- : *)--version[show version information]" \
  "${ign}(- : *)"{-\?,--help}'[display help information]' \
  "${ign}(- : *)--usage[display brief usage]" \
  ':action:->actions' \
  '*::arguments:->action-arguments' && ret=0

case $state in
  actions)
    actions=(
      'open:open device with named mapping'
      'close:close device (remove mapping)'
      'status:report mapping status'
      'resize:resize an active mapping'
      'benchmark:benchmark cipher'
      'repair:try to repair on-disk metadata'
      'erase:erase all keyslots'
      'convert:convert LUKS from/to LUKS2 format'
      'config:set permanent configuration options for LUKS2'
      'luksFormat:initialize a LUKS partition'
      'luksAddKey:add a new key'
      'luksRemoveKey:remove a key'
      'luksChangeKey:change a key'
      'luksConvertKey:convert a key to new pbkdf parameters'
      'luksKillSlot:wipe key from slot'
      'luksUUID:print/change device UUID'
      'isLuks:check if device is a LUKS partition'
      'luksDump:dump header information'
      'tcryptDump:dump TCRYPT device information'
      'luksSuspend:suspend LUKS device and wipe key'
      'luksResume:resume suspended LUKS device'
      'luksHeaderBackup:store binary backup of headers'
      'luksHeaderRestore:restore header backup'
      'token:manipulate auto-activation token of the device'
    )
    _describe action actions && ret=0
  ;;
  action-arguments)
    local -a args
    local mapping=':mapping:_path_files -W /dev/mapper'
    local device=':device:_files'
    case ${words[1]} in
      create) args=( $mapping $device '--type=:type' );;
      open) args=( $device $mapping '--type=:type' );;
      (plain|luks|loopaes|tcrypt)Open) args=( $device $mapping '--type=:type' );;
      benchmark) args=( '--cipher=:cipher' );;
      luksKillSlot) args=( $device ':key slot number' );;
      remove|status|resize|*lose|luksSuspend|luksResume) args=( $mapping );;
      erase|convert|config|repair|(luks(AddKey|Erase|RemoveKey|DelKey|UUID|Dump)|isLuks))
	args=( $device )
      ;;
      luks(Format|AddKey|RemoveKey|ChangeKey|ConvertKey))
	args=( $device ':key file:_files' )
      ;;
      luksHeader*) args=( $device '--header-backup-file:file:_files' );;
      token)
	args=(
	  ':action:((
	    add\:create\ a\ new\ keyring
	    remove\:remove\ any\ token\ from\ slot
	    import\:store\ arbitrary\ valid\ token\ json\ in\ LUKS2\ header
	    export\:write\ requested\ token\ json\ to\ a\ file
	  ))'
	  $device
	)
      ;;
      *)
        _default && ret=0
      ;;
    esac
    _arguments $args && ret=0
  ;;
esac

return ret