TCRYPT: add dump command

lib/setup.c

@@ -2334,6 +2334,8 @@ int crypt_dump(struct crypt_device *cd)
 		return _luks_dump(cd);
 	else if (isVERITY(cd->type))
 		return _verity_dump(cd);
+	else if (isTCRYPT(cd->type))
+		return TCRYPT_dump(cd, &cd->tcrypt_hdr, &cd->tcrypt_params);
 
 	log_err(cd, _("Dump operation is not supported for this device type.\n"));
 	return -EINVAL;

lib/tcrypt/tcrypt.c

@@ -766,3 +766,23 @@ int TCRYPT_get_volume_key(struct crypt_device *cd,
 
 	return 0;
 }
+
+int TCRYPT_dump(struct crypt_device *cd,
+		struct tcrypt_phdr *hdr,
+		struct crypt_params_tcrypt *params)
+{
+	log_std(cd, "TCRYPT header information for %s\n",
+		device_path(crypt_metadata_device(cd)));
+	if (hdr->d.version) {
+		log_std(cd, "Version:       \t%d\n", hdr->d.version);
+		log_std(cd, "Driver req.:\t%d\n", hdr->d.version_tc);
+
+		log_std(cd, "Sector size:\t%" PRIu32 "\n", hdr->d.sector_size);
+		log_std(cd, "MK offset:\t%" PRIu64 "\n", hdr->d.mk_offset);
+		log_std(cd, "PBKDF2 hash:\t%s\n", params->hash_name);
+	}
+	log_std(cd, "Cipher chain:\t%s\n", params->cipher);
+	log_std(cd, "Cipher mode:\t%s\n", params->mode);
+	log_std(cd, "MK bits:       \t%d\n", params->key_size * 8);
+	return 0;
+}

lib/tcrypt/tcrypt.h

@@ -95,4 +95,8 @@ int TCRYPT_get_volume_key(struct crypt_device *cd,
 			  struct crypt_params_tcrypt *params,
 			  struct volume_key **vk);
 
+int TCRYPT_dump(struct crypt_device *cd,
+		struct tcrypt_phdr *hdr,
+		struct crypt_params_tcrypt *params);
+
 #endif

src/cryptsetup.c

@@ -82,6 +82,7 @@ static int action_luksRestore(int arg);
 static int action_loopaesOpen(int arg);
 static int action_luksRepair(int arg);
 static int action_tcryptOpen(int arg);
+static int action_tcryptDump(int arg);
 
 static struct action_type {
 	const char *type;
@@ -115,6 +116,7 @@ static struct action_type {
 	{ "loopaesOpen",action_loopaesOpen,	0, 2, 1, N_("<device> <name> "), N_("open loop-AES device as mapping <name>") },
 	{ "loopaesClose",action_remove,		0, 1, 1, N_("<name>"), N_("remove loop-AES mapping") },
 	{ "tcryptOpen", action_tcryptOpen,	0, 2, 1, N_("<device> <name> "), N_("open TCRYPT device as mapping <name>") },
+	{ "tcryptDump", action_tcryptDump,	0, 1, 1, N_("<device>"), N_("dump TCRYPT device information") },
 	{ NULL, NULL, 0, 0, 0, NULL, NULL }
 };
 
@@ -302,6 +304,41 @@ out:
 	return r;
 }
 
+static int action_tcryptDump(int arg __attribute__((unused)))
+{
+	struct crypt_device *cd = NULL;
+	struct crypt_params_tcrypt params = {
+		.keyfiles = opt_keyfiles,
+		.keyfiles_count = opt_keyfiles_count,
+		.flags = CRYPT_TCRYPT_LEGACY_MODES,
+	};
+	int r;
+
+	if ((r = crypt_init(&cd, action_argv[0])))
+		goto out;
+
+	/* TCRYPT header is encrypted, get passphrase now */
+	r = crypt_get_key(_("Enter passphrase: "),
+			  CONST_CAST(char**)&params.passphrase,
+			  &params.passphrase_size, 0, 0, NULL, opt_timeout,
+			  _verify_passphrase(0), cd);
+	if (r < 0)
+		goto out;
+
+	if (opt_hidden)
+		params.flags |= CRYPT_TCRYPT_HIDDEN_HEADER;
+
+	r = crypt_load(cd, CRYPT_TCRYPT, &params);
+	if (r < 0)
+		goto out;
+
+	r = crypt_dump(cd);
+out:
+	crypt_free(cd);
+	crypt_safe_free(CONST_CAST(char*)params.passphrase);
+	return r;
+}
+
 static int action_remove(int arg __attribute__((unused)))
 {
 	struct crypt_device *cd = NULL;
@@ -1425,9 +1462,9 @@ int main(int argc, const char **argv)
 		_("Option --offset is supported only for create and loopaesOpen commands.\n"),
 		poptGetInvocationName(popt_context));
 
-	if (opt_hidden && strcmp(aname, "tcryptOpen"))
+	if (opt_hidden && strcmp(aname, "tcryptOpen") && strcmp(aname, "tcryptDump"))
 		usage(popt_context, EXIT_FAILURE,
-		_("Option --hidden is supported only for tcryptOpen command.\n"),
+		_("Option --hidden is supported only for TCRYPT commands.\n"),
 		poptGetInvocationName(popt_context));
 
 	if (opt_debug) {