summary refs log tree commit diff
path: root/crypt.awk
blob: c0c2f9e2e6731630e3844a6f63c4712199f7b626 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
/^#/ || /^$/ { next }
NF>4 { print "a valid crypttab has max 4 cols not " NF >"/dev/stderr"; next }
{
    # decode the src variants
    split($2, o_src, "=")
    if (o_src[1] == "UUID" || o_src[1] == "PARTUUID") ("blkid -l -o device -t " $2) | getline src;
    else src=o_src[1];

    # no password or none is given, ask fo it
    if ( NF == 2 ) {
        ccmd="cryptsetup luksOpen " src " " $1;
        system(ccmd);
        ccmd="";
    }
    else if (NF == 3 ) {
        dest=$1
        key=$3
        split($3, po, "=");
        if ( po[1] == "none") ccmd="cryptsetup luksOpen " src " " dest;
        else ccmd="cryptsetup luksOpen -d " key " " src" " dest;
        system(ccmd);
        ccmd="";
    }
    else {
    # the option field is not empty parse the options
        dest=$1
        key=$3
        split($4, opts, ",");
        commonopts="";
        swapopts="";
        luksopts="";
        for(i in opts) {
            split(opts[i], para, "=");
            par=para[1];
            val=para[2];
            if ( par == "readonly" || par == "read-only") commonopts=commonopts "-r ";
            else if ( par == "discard" ) commonopts=commonopts "--allow-discards ";
            else if ( par == "tries" ) commonopts=commonopts "-T " val " ";
            else if ( par == "swap" ) makeswap="y";
            else if ( par == "cipher" ) swapopts=swapopts "-c " val " ";
            else if ( par == "size" ) swapopts=swapopts "-s " val " ";
            else if ( par == "hash" ) swapopts=swapopts "-h " val " ";
            else if ( par == "offset" ) swapopts=swapopts "-o " val " ";
            else if ( par == "skip" ) swapopts=swapopts "-p " val " ";
            else if ( par == "verify" ) swapopts=swapopts "-y ";
            #else if ( par == "noauto" )
            #else if ( par == "nofail" )
            #else if ( par == "plain" )
            #else if ( par == "timeout" )
            #else if ( par == "tmp" )
            else if ( par == "luks" ) use_luks="y";
            else if ( par == "keyscript" ) {use_keyscript="y"; keyscript=val;}
            else if ( par == "keyslot" || par == "key-slot" ) luksopts=luksopts "-S " val " ";
            else if ( par == "keyfile-size" ) luksopts=luksopts "-l " val " ";
            else if ( par == "keyfile-offset" ) luksopts=luksopts "-keyfile-offset=" val " ";
            else if ( par == "header" ) luksopts=luksopts "--header=" val " ";
            else {
                print "option: " par " not supported " >"/dev/stderr";
                makeswap="";
                use_luks="";
                use_keyscript="";
                next;
            }
        }
        if ( makeswap == "y" && use_luks != "y" ) {
            ccmd="cryptsetup " swapopts commonopts "-d " key " create " dest " " src;
            ccmd_2="mkswap /dev/mapper/" dest;
            makeswap="";
            use_luks=""; 
            use_keyscript="";
            system(ccmd);
            system(ccmd_2);
            ccmd="";
            ccmd_2="";
            next;
        }
        if ( use_luks == "y" && makeswap != "y" ){
            if ( use_keyscript == "y") {
                ccmd=keyscript " | cryptsetup " luksopts commonopts "luksOpen -d - " src " " dest;
                use_keyscript="";
            }
            else {
                if ( key == "none" ){
                    ccmd="cryptsetup " luksopts commonopts "luksOpen " src " " dest;
                }
                else {
                    ccmd="cryptsetup " luksopts commonopts "luksOpen -d " key " " src " " dest;
                }
            }
        }
        else {
            print "use swap OR luks as option" >"/dev/stderr";
            ccmd="";
        }
        makeswap="";
        use_luks="";
        use_keyscript="";
        if ( ccmd != ""){
            system(ccmd);
            ccmd=""
        }
    }
}