diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h index f1cd6e40..fb839543 100644 --- a/lib/libcryptsetup.h +++ b/lib/libcryptsetup.h @@ -189,6 +189,8 @@ int crypt_set_data_offset(struct crypt_device *cd, uint64_t data_offset); #define CRYPT_LOG_VERBOSE 2 /** debug log level - always on stdout */ #define CRYPT_LOG_DEBUG -1 +/** debug log level - additional JSON output (for LUKS2) */ +#define CRYPT_LOG_DEBUG_JSON -2 /** * Set log function. @@ -1726,6 +1728,8 @@ int crypt_header_restore(struct crypt_device *cd, /** Debug all */ #define CRYPT_DEBUG_ALL -1 +/** Debug all with adidtional JSON dump (for LUKS2) */ +#define CRYPT_DEBUG_JSON -2 /** Debug none */ #define CRYPT_DEBUG_NONE 0 diff --git a/lib/luks2/luks2_digest_pbkdf2.c b/lib/luks2/luks2_digest_pbkdf2.c index 03a5afa9..8f1e8d10 100644 --- a/lib/luks2/luks2_digest_pbkdf2.c +++ b/lib/luks2/luks2_digest_pbkdf2.c @@ -166,7 +166,7 @@ static int PBKDF2_digest_store(struct crypt_device *cd, if (jobj_digests) json_object_object_add_by_uint(jobj_digests, digest, jobj_digest); - JSON_DBG(cd, jobj_digest, "Digest JSON"); + JSON_DBG(cd, jobj_digest, "Digest JSON:"); return 0; } diff --git a/lib/luks2/luks2_json_format.c b/lib/luks2/luks2_json_format.c index bce6e9b4..313e9f51 100644 --- a/lib/luks2/luks2_json_format.c +++ b/lib/luks2/luks2_json_format.c @@ -233,7 +233,7 @@ int LUKS2_generate_hdr( json_object_object_add(jobj_config, "json_size", json_object_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN)); json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size)); - JSON_DBG(cd, hdr->jobj, "Header JSON"); + JSON_DBG(cd, hdr->jobj, "Header JSON:"); return 0; } diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c index 0d40e9f3..e0fc8136 100644 --- a/lib/luks2/luks2_json_metadata.c +++ b/lib/luks2/luks2_json_metadata.c @@ -56,10 +56,9 @@ void hexprint_base64(struct crypt_device *cd, json_object *jobj, void JSON_DBG(struct crypt_device *cd, json_object *jobj, const char *desc) { - /* FIXME: make this conditional and disable for stable release. */ if (desc) - log_dbg(cd, "%s:", desc); - log_dbg(cd, "%s", json_object_to_json_string_ext(jobj, + crypt_log(cd, CRYPT_LOG_DEBUG_JSON, desc); + crypt_log(cd, CRYPT_LOG_DEBUG_JSON, json_object_to_json_string_ext(jobj, JSON_C_TO_STRING_PRETTY | JSON_C_TO_STRING_NOSLASHESCAPE)); } diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c index 96ba6bcd..d7f066d7 100644 --- a/lib/luks2/luks2_keyslot_luks2.c +++ b/lib/luks2/luks2_keyslot_luks2.c @@ -440,7 +440,7 @@ static int luks2_keyslot_update_json(struct crypt_device *cd, /* update 'af' hash */ json_object_object_add(jobj_af, "hash", json_object_new_string(params->af.luks1.hash)); - JSON_DBG(cd, jobj_keyslot, "Keyslot JSON"); + JSON_DBG(cd, jobj_keyslot, "Keyslot JSON:"); return 0; } diff --git a/man/cryptsetup.8 b/man/cryptsetup.8 index 95f24ad3..d945554c 100644 --- a/man/cryptsetup.8 +++ b/man/cryptsetup.8 @@ -740,9 +740,10 @@ If you are configuring kernel yourself, enable .B "\-\-verbose, \-v" Print more information on command execution. .TP -.B "\-\-debug" +.B "\-\-debug or \-\-debug\-json" Run in debug mode with full diagnostic logs. Debug output lines are always prefixed by '#'. +If \-\-debug\-json is used, additional LUKS2 JSON data structures are printed. .TP .B "\-\-type Specifies required device type, for more info diff --git a/src/cryptsetup.c b/src/cryptsetup.c index 08fa4f1e..13461b2b 100644 --- a/src/cryptsetup.c +++ b/src/cryptsetup.c @@ -2497,6 +2497,7 @@ int main(int argc, const char **argv) { "version", '\0', POPT_ARG_NONE, &opt_version_mode, 0, N_("Print package version"), NULL }, { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 0, N_("Shows more detailed error messages"), NULL }, { "debug", '\0', POPT_ARG_NONE, &opt_debug, 0, N_("Show debug messages"), NULL }, + { "debug-json", '\0', POPT_ARG_NONE, &opt_debug_json, 0, N_("Show debug messages including JSON metadata"), NULL }, { "cipher", 'c', POPT_ARG_STRING, &opt_cipher, 0, N_("The cipher used to encrypt the disk (see /proc/crypto)"), NULL }, { "hash", 'h', POPT_ARG_STRING, &opt_hash, 0, N_("The hash used to create the encryption key from the passphrase"), NULL }, { "verify-passphrase", 'y', POPT_ARG_NONE, &opt_verify_passphrase, 0, N_("Verifies the passphrase by asking for it twice"), NULL }, @@ -2934,9 +2935,10 @@ int main(int argc, const char **argv) _("Option --refresh may be used only with open action.\n"), poptGetInvocationName(popt_context)); - if (opt_debug) { + if (opt_debug || opt_debug_json) { + opt_debug = 1; opt_verbose = 1; - crypt_set_debug_level(CRYPT_DEBUG_ALL); + crypt_set_debug_level(opt_debug_json? CRYPT_DEBUG_JSON : CRYPT_DEBUG_ALL); dbg_version_and_cmd(argc, argv); } diff --git a/src/cryptsetup.h b/src/cryptsetup.h index 60128ce7..b6694144 100644 --- a/src/cryptsetup.h +++ b/src/cryptsetup.h @@ -57,6 +57,7 @@ #define DEFAULT_WIPE_BLOCK 1048576 /* 1 MiB */ extern int opt_debug; +extern int opt_debug_json; extern int opt_verbose; extern int opt_batch_mode; extern int opt_force_password; diff --git a/src/utils_tools.c b/src/utils_tools.c index 63817b7a..b6271b07 100644 --- a/src/utils_tools.c +++ b/src/utils_tools.c @@ -27,6 +27,7 @@ int opt_verbose = 0; int opt_debug = 0; +int opt_debug_json = 0; int opt_batch_mode = 0; int opt_progress_frequency = 0; @@ -112,6 +113,7 @@ void tool_log(int level, const char *msg, void *usrptr __attribute__((unused))) case CRYPT_LOG_ERROR: fprintf(stderr, "%s", msg); break; + case CRYPT_LOG_DEBUG_JSON: case CRYPT_LOG_DEBUG: if (opt_debug) fprintf(stdout, "# %s\n", msg); diff --git a/tests/test_utils.c b/tests/test_utils.c index 1e5dd669..060253ed 100644 --- a/tests/test_utils.c +++ b/tests/test_utils.c @@ -263,7 +263,7 @@ void global_log_callback(int level, const char *msg, void *usrptr) fprintf(stdout, "%s", msg); } - if (level == CRYPT_LOG_DEBUG) + if (level <= CRYPT_LOG_DEBUG) return; strncat(global_log, msg, sizeof(global_log) - strlen(global_log));