File: _cryptsetup

package info (click to toggle)
zsh 5.9-8
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 23,856 kB
  • sloc: ansic: 108,138; sh: 6,976; makefile: 722; perl: 687; awk: 291; sed: 16
file content (166 lines) | stat: -rw-r--r-- 9,004 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
 
#compdef cryptsetup

local curcontext="$curcontext" ign ret=1
local -a actions state line expl

(( $#words > 2 )) && ign='!'
_arguments -s \
  '(-v --verbose)'{-v,--verbose}'[enable verbose mode]' \
  '--debug[show debug messages]' \
  '--debug-json[show debug messages including JSON metadata]' \
  '(-c --cipher)'{-c+,--cipher=}'[set cipher]:cipher specification' \
  '(-h --hash)'{-h+,--hash=}'[hash algorithm]:hash algorithm' \
  '(-y --verify-passphrase)'{-y,--verify-passphrase}'[query for password twice]' \
  '(-d --key-file)'{-d+,--key-file=}'[set keyfile]:key file:_files' \
  '--master-key-file=[set master key]:key file:_files' \
  '--dump-master-key[dump luks master key]' \
  '(-s --key-size)'{-s+,--key-size=}'[set key size]:size (bits)' \
  '(-l --keyfile-size)'{-l+,--keyfile-size=}'[set keyfile size]:size (bytes)' \
  '--keyfile-offset=[specify number of bytes to skip in keyfile]:offset (bytes)' \
  '--new-keyfile-size=[set new keyfile size (luksAddKey)]:size (bytes)' \
  '--new-keyfile-offset=[specify number of bytes to skip in newly added keyfile]:offset (bytes)' \
  '(-S --key-slot)'{-S+,--key-slot=}'[select key slot]:key slot' \
  '(-b --size)'{-b+,--size=}'[force device size]:sectors' \
  '--device-size=[use only specified device size (ignore rest of device)]:size (bytes)' \
  '(-o --offset)'{-o+,--offset=}'[set start offset]:sectors' \
  '(-p --skip)'{-p+,--skip=}'[data to skip at beginning]:sectors' \
  '(-r --readonly)'{-r,--readonly}'[create a read-only mapping]' \
  '(-i --iter-time)'{-i+,--iter-time=}'[set password processing duration]:duration (milliseconds)' \
  '(-q --batch-mode)'{-q,--batch-mode}"[don't ask for confirmation]" \
  '(-t --timeout)'{-t+,--timeout=}'[set password prompt timeout]:timeout (seconds)' \
  '--progress-frequency=[specify progress line update interval]:interval (seconds)' \
  '(-T --tries)'{-T+,--tries=}'[set maximum number of retries]:number of retries' \
  '--align-payload=[set payload alignment]:sectors' \
  '--header-backup-file=[specify file with LUKS header and keyslots backup]:file:_files' \
  '(--use-urandom)--use-random[use /dev/random to generate volume key]' \
  '(--use-random)--use-urandom[use /dev/urandom to generate volume key]' \
  '--shared[share device with another non-overlapping crypt segment]' \
  '--uuid=[set device UUID]:uuid' \
  '--allow-discards[allow discard (aka TRIM) requests for device]' \
  '--header=[device or file with separated LUKS header]:file:_files' \
  '--test-passphrase[do not activate device, just check passphrase]' \
  '--tcrypt-hidden[use hidden header (hidden TCRYPT device)]' \
  '--tcrypt-system[device is system TCRYPT drive (with bootloader)]' \
  '--tcrypt-backup[use backup (secondary) TCRYPT header]' \
  '--veracrypt[scan also for VeraCrypt compatible device]' \
  '--veracrypt-pim=[specify personal iteration multiplier for VeraCrypt compatible device]:multiplier' \
  '--veracrypt-query-pim[query personal iteration multiplier for VeraCrypt compatible device]' \
  '(-M --type)'{-M+,--type=}'[specify type of device metadata]:type:(luks luks1 luks2 plain loopaes tcrypt bitlk)' \
  '--force-password[disable password quality check (if enabled)]' \
  '--perf-same_cpu_crypt[use dm-crypt same_cpu_crypt performance compatibility option]' \
  '--perf-submit_from_crypt_cpus[use dm-crypt submit_from_crypt_cpus performance compatibility option]' \
  '--perf-no_read_workqueue[bypass dm-crypt workqueue and process read requests synchronously]' \
  '--perf-no_write_workqueue[bypass dm-crypt workqueue and process write requests synchronously]' \
  '--deferred[device removal is deferred until the last user closes it]' \
  '--serialize-memory-hard-pbkdf[use global lock to serialize memory]' \
  '--pbkdf=[specify PBKDF algorithm for LUKS2]:algorithm:(argon2i argon2id pbkdf2)' \
  '--pbkdf-memory=[specify PBKDF memory cost limit]:limit (kilobytes)' \
  '--pbkdf-parallel=[specify PBKDF parallel cost]:threads' \
  '--pbkdf-force-iterations=[specify PBKDF iterations cost]:cost' \
  '--priority=[specify keyslot priority]:priority:(ignore normal prefer)' \
  '--disable-locks[disable locking of on-disk metadata]' \
  '--disable-keyring[disable loading volume keys via kernel keyring]' \
  '(-I --integrity)'{-I+,--integrity=}'[specify data integrity algorithm (LUKS2 only)]:algorithm' \
  '--integrity-no-journal[disable journal for integrity device]' \
  "--integrity-no-wipe[don't wipe device after format]" \
  '--integrity-legacy-padding[use inefficient legacy padding (old kernels)]' \
  "--token-only[don't ask for passphrase if activation by token fails]" \
  '--token-id=[specify token number]:number [any]' \
  '--key-description=[specify key description]:description' \
  '--sector-size=[specify encryption sector size]:size [512 bytes]' \
  '--iv-large-sectors[use IV counted in sector size (not in 512 bytes)]' \
  '--persistent[set activation flags persistent for device]' \
  '--label=[set label for the LUKS2 device]:label' \
  '--subsystem=[set subsystem label for the LUKS2 device]:subsystem' \
  '--unbound[create or dump unbound (no assigned data segment) LUKS2 keyslot]' \
  '--json-file=[read or write token to json file]:json file:_files -g "*.json(-.)"' \
  '--luks2-metadata-size=[specify LUKS2 header metadata area size]:size (bytes)' \
  '--luks2-keyslots-size=[specify LUKS2 header keyslots area size]:size (bytes)' \
  '--refresh[refresh (reactivate) device with new parameters]' \
  '--keyslot-key-size=[specify size of the encryption key]:size (bits)' \
  '--keyslot-cipher=[specify cipher used for LUKS2 keyslot encryption]:cipher' \
  '--encrypt[Encrypt LUKS2 device (in-place encryption)]' \
  '--decrypt[decrypt LUKS2 device (remove encryption)]' \
  '--init-only[initialize LUKS2 reencryption in metadata only]' \
  '--resume-only[resume initialized LUKS2 reencryption only]' \
  '--reduce-device-size=[reduce data device size (move data offset)]:size (bytes)' \
  '--hotzone-size=[specify maximal reencryption hotzone size]:size (bytes)' \
  '--resilience=[specify reencryption hotzone resilience type]:resilience type:(checksum journal none)' \
  '--resilience-hash=[specify reencryption hotzone checksums hash]:string' \
  '--active-name=[override device autodetection of dm device to be reencrypted]:string' \
  "${ign}(- : *)"{-V,--version}'[show version information]' \
  "${ign}(- : *)"{-\?,--help}'[display help information]' \
  "${ign}(- : *)--usage[display brief usage]" \
  ':action:->actions' \
  '*::arguments:->action-arguments' && ret=0

case $state in
  actions)
    actions=(
      'open:open device with named mapping'
      'close:close device (remove mapping)'
      'status:report mapping status'
      'resize:resize an active mapping'
      'benchmark:benchmark cipher'
      'repair:try to repair on-disk metadata'
      'reencrypt:reencrypt LUKS2 device'
      'erase:erase all keyslots'
      'convert:convert LUKS from/to LUKS2 format'
      'config:set permanent configuration options for LUKS2'
      'luksFormat:initialize a LUKS partition'
      'luksAddKey:add a new key'
      'luksRemoveKey:remove a key'
      'luksChangeKey:change a key'
      'luksConvertKey:convert a key to new pbkdf parameters'
      'luksKillSlot:wipe key from slot'
      'luksUUID:print/change device UUID'
      'isLuks:check if device is a LUKS partition'
      'luksDump:dump header information'
      'tcryptDump:dump TCRYPT device information'
      'bitlkDump:dump BITLK device information'
      'luksSuspend:suspend LUKS device and wipe key'
      'luksResume:resume suspended LUKS device'
      'luksHeaderBackup:store binary backup of headers'
      'luksHeaderRestore:restore header backup'
      'token:manipulate auto-activation token of the device'
    )
    _describe action actions && ret=0
  ;;
  action-arguments)
    local -a args
    local mapping=':mapping:_path_files -W /dev/mapper'
    local device=':device:_files'
    case ${words[1]} in
      create) args=( $mapping $device '--type=:type' );;
      open) args=( $device $mapping '--type=:type' );;
      (plain|luks|loopaes|tcrypt)Open) args=( $device $mapping '--type=:type' );;
      benchmark) args=( '--cipher=:cipher' );;
      luksKillSlot) args=( $device ':key slot number' );;
      remove|status|resize|*lose|luksSuspend|luksResume) args=( $mapping );;
      erase|convert|config|repair|reencrypt|(luks(AddKey|Erase|RemoveKey|DelKey|UUID|Dump)|isLuks))
	args=( $device )
      ;;
      luks(Format|AddKey|RemoveKey|ChangeKey|ConvertKey))
	args=( $device ':key file:_files' )
      ;;
      luksHeader*) args=( $device '--header-backup-file:file:_files' );;
      token)
	args=(
	  ':action:((
	    add\:create\ a\ new\ keyring
	    remove\:remove\ any\ token\ from\ slot
	    import\:store\ arbitrary\ valid\ token\ json\ in\ LUKS2\ header
	    export\:write\ requested\ token\ json\ to\ a\ file
	  ))'
	  $device
	)
      ;;
      *)
        _default && ret=0
      ;;
    esac
    _arguments $args && ret=0
  ;;
esac

return ret