| #!/bin/bash |
| |
| # Try to get LUKS info and master key from active mapping and prepare parameters for cryptsetup. |
| # |
| # Copyright (C) 2010,2011,2012 Milan Broz <gmazyland@gmail.com> |
| # |
| # This copyrighted material is made available to anyone wishing to use, |
| # modify, copy, or redistribute it subject to the terms and conditions |
| # of the GNU General Public License v.2. |
| # |
| # You should have received a copy of the GNU General Public License |
| # along with this program; if not, write to the Free Software Foundation, |
| # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| # |
| umask 0077 |
| |
| fail() { echo -e $1 ; exit 1 ; } |
| field() { echo $(dmsetup table --target crypt --showkeys $DEVICE | sed 's/.*: //' | cut -d' ' -f$1) ; } |
| field_uuid() { echo $(dmsetup info $1 --noheadings -c -o uuid) ; } |
| field_device() { |
| TEMP=$(readlink /sys/dev/block/$1 | sed -e 's/.*\///') |
| if [ ${TEMP:0:3} = "dm-" -a -e /sys/block/$TEMP/dm/name ] ; then |
| TEMP=/dev/mapper/$(cat /sys/block/$TEMP/dm/name) |
| else |
| TEMP=/dev/$TEMP |
| fi |
| echo $TEMP |
| } |
| |
| which readlink >/dev/null || fail "You need readlink (part of coreutils package)." |
| which xxd >/dev/null || fail "You need xxd (part of vim package) installed to convert key." |
| |
| [ -z "$2" ] && fail "Recover LUKS header from active mapping, use:\n $0 crypt_mapped_device mk_file_name" |
| |
| DEVICE=$1 |
| MK_FILE=$2 |
| |
| [ -z "$(field 4)" ] && fail "Mapping $1 not active or it is not crypt target." |
| |
| CIPHER=$(field 4) |
| OFFSET=$(field 8) |
| SYS_DEVICE=$(field 7) |
| REAL_DEVICE=$(field_device $SYS_DEVICE) |
| KEY=$(field 5) |
| KEY_SIZE=$(( ${#KEY} / 2 * 8 )) |
| SYS_UUID=$(field_uuid $DEVICE) |
| UUID="${SYS_UUID:12:8}-${SYS_UUID:20:4}-${SYS_UUID:24:4}-${SYS_UUID:28:4}-${SYS_UUID:32:12}" |
| |
| #echo "CIPHER=$CIPHER OFFSET=$OFFSET SYS_DEVICE=$SYS_DEVICE REAL_DEVICE=$REAL_DEVICE KEY_SIZE=$KEY_SIZE KEY=$KEY UUID=$UUID SYS_UUID=$SYS_UUID" |
| |
| [ -z "$CIPHER" -o -z "$OFFSET" -o "$OFFSET" -le 383 -o \ |
| -z "$KEY" -o -z "$UUID" -o -z "$REAL_DEVICE" -o "${SYS_UUID:0:12}" != "CRYPT-LUKS1-" ] && \ |
| fail "Incompatible device, sorry." |
| |
| echo "Generating master key to file $MK_FILE." |
| echo -E -n $KEY| xxd -r -p >$MK_FILE |
| |
| echo "You can now try to reformat LUKS device using:" |
| echo " cryptsetup luksFormat -c $CIPHER -s $KEY_SIZE --align-payload=$OFFSET --master-key-file=$MK_FILE --uuid=$UUID $REAL_DEVICE" |