clevis/src/luks/clevis-luks-pass

#!/bin/bash -e
# vim: set ts=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
#
# Copyright (c) 2019 Red Hat, Inc.
# Author: Sergio Correia <scorreia@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

. clevis-luks-common-functions

SUMMARY="Returns the LUKS passphrase used for binding a particular slot."

usage() {
    exec >&2
    echo "Usage: clevis luks pass -d DEV -s SLT"
    echo
    echo "$SUMMARY"
    echo
    echo "  -d DEV  The LUKS device to extract the LUKS passphrase used for binding"
    echo
    echo "  -s SLOT The slot number to extract the LUKS passphrase"
    echo
    exit 1
}

if [ ${#} -eq 1 ] && [ "${1}" = "--summary" ]; then
    echo "${SUMMARY}"
    exit 0
fi

while getopts ":d:s:" o; do
    case "$o" in
    d) DEV=${OPTARG};;
    s) SLT=${OPTARG};;
    *) usage;;
    esac
done

if [ -z "${DEV}" ]; then
    echo "Did not specify a device!" >&2
    usage
fi

if [ -z "${SLT}" ]; then
    echo "Did not specify a slot!" >&2
    usage
fi

if ! clevis_luks_unlock_device_by_slot "${DEV}" "${SLT}"; then
    echo "It was not possible to decrypt the passphrase associated to slot ${SLT} in ${DEV}!" >&2
    exit 1
fi