66 lines
2.6 KiB
Bash
Executable file
66 lines
2.6 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# Try to get LUKS info and master key from active mapping and prepare parameters for cryptsetup.
|
|
# WARNING: this script is no longer compatible with current cryptsetup & dm-crypt
|
|
#
|
|
# Copyright (C) 2010,2011,2012 Milan Broz <gmazyland@gmail.com>
|
|
#
|
|
# This file is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
# License as published by the Free Software Foundation; either
|
|
# version 2.1 of the License, or (at your option) any later version.
|
|
#
|
|
# This file is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
# License along with this file; if not, write to the Free Software
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
#
|
|
umask 0077
|
|
|
|
fail() { echo -e $1 ; exit 1 ; }
|
|
field() { echo $(dmsetup table --target crypt --showkeys $DEVICE | sed 's/.*: //' | cut -d' ' -f$1) ; }
|
|
field_uuid() { echo $(dmsetup info $1 --noheadings -c -o uuid) ; }
|
|
field_device() {
|
|
TEMP=$(readlink /sys/dev/block/$1 | sed -e 's/.*\///')
|
|
if [ ${TEMP:0:3} = "dm-" -a -e /sys/block/$TEMP/dm/name ] ; then
|
|
TEMP=/dev/mapper/$(cat /sys/block/$TEMP/dm/name)
|
|
else
|
|
TEMP=/dev/$TEMP
|
|
fi
|
|
echo $TEMP
|
|
}
|
|
|
|
which readlink >/dev/null || fail "You need readlink (part of coreutils package)."
|
|
which xxd >/dev/null || fail "You need xxd (part of vim package) installed to convert key."
|
|
|
|
[ -z "$2" ] && fail "Recover LUKS header from active mapping, use:\n $0 crypt_mapped_device mk_file_name"
|
|
|
|
DEVICE=$1
|
|
MK_FILE=$2
|
|
|
|
[ -z "$(field 4)" ] && fail "Mapping $1 not active or it is not crypt target."
|
|
|
|
CIPHER=$(field 4)
|
|
OFFSET=$(field 8)
|
|
SYS_DEVICE=$(field 7)
|
|
REAL_DEVICE=$(field_device $SYS_DEVICE)
|
|
KEY=$(field 5)
|
|
KEY_SIZE=$(( ${#KEY} / 2 * 8 ))
|
|
SYS_UUID=$(field_uuid $DEVICE)
|
|
UUID="${SYS_UUID:12:8}-${SYS_UUID:20:4}-${SYS_UUID:24:4}-${SYS_UUID:28:4}-${SYS_UUID:32:12}"
|
|
|
|
#echo "CIPHER=$CIPHER OFFSET=$OFFSET SYS_DEVICE=$SYS_DEVICE REAL_DEVICE=$REAL_DEVICE KEY_SIZE=$KEY_SIZE KEY=$KEY UUID=$UUID SYS_UUID=$SYS_UUID"
|
|
|
|
[ -z "$CIPHER" -o -z "$OFFSET" -o "$OFFSET" -le 383 -o \
|
|
-z "$KEY" -o -z "$UUID" -o -z "$REAL_DEVICE" -o "${SYS_UUID:0:12}" != "CRYPT-LUKS1-" ] && \
|
|
fail "Incompatible device, sorry."
|
|
|
|
echo "Generating master key to file $MK_FILE."
|
|
echo -E -n $KEY| xxd -r -p >$MK_FILE
|
|
|
|
echo "You can now try to reformat LUKS device using:"
|
|
echo " cryptsetup luksFormat -c $CIPHER -s $KEY_SIZE --align-payload=$OFFSET --master-key-file=$MK_FILE --uuid=$UUID $REAL_DEVICE"
|