/* luksrku - Tool to remotely unlock LUKS disks using TLS. Copyright (C) 2016-2016 Johannes Bauer This file is part of luksrku. luksrku is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; this program is ONLY licensed under version 3 of the License, later versions are explicitly excluded. luksrku is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with luksrku; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Johannes Bauer */ #include #include #include #include "openssl.h" #include "log.h" #include "pgmopts.h" #include "editor.h" #include "openssl.h" #include "server.h" #include "client.h" #if OPENSSL_VERSION_NUMBER < 0x010100000 #error "luksrku requires at least OpenSSL v1.1 to work." #endif static int main_edit(const struct pgmopts_edit_t *opts) { log_setlvl(LOGLEVEL_DEFAULT + opts->verbosity); return editor_start(opts) ? 0 : 1; } static int main_server(const struct pgmopts_server_t *opts) { log_setlvl(LOGLEVEL_DEFAULT + opts->verbosity); return keyserver_start(opts) ? 0 : 1; } static int main_client(const struct pgmopts_client_t *opts) { log_setlvl(LOGLEVEL_DEFAULT + opts->verbosity); return keyclient_start(opts) ? 0 : 1; } int main(int argc, char **argv) { #ifdef DEBUG fprintf(stderr, "WARNING: This has been compiled in DEBUG mode and uses reduced security.\n"); #endif parse_pgmopts_or_quit(argc, argv); if (!openssl_init()) { log_msg(LLVL_FATAL, "Could not initialize OpenSSL."); exit(EXIT_FAILURE); } switch (pgmopts->pgm) { case PGM_EDIT: return main_edit(&pgmopts->edit); case PGM_SERVER: return main_server(&pgmopts->server); case PGM_CLIENT: return main_client(&pgmopts->client); } return 0; #if 0 struct options_t options; if (!parse_cmdline_arguments(&options, argc, argv)) { print_syntax(argv[0]); exit(EXIT_FAILURE); } if (options.verbose) { log_setlvl(LLVL_DEBUG); } struct keydb_t keydb; bool success = true; memset(&keydb, 0, sizeof(keydb)); do { if (!read_binary_keyfile(options.keydbfile, &keydb)) { log_msg(LLVL_FATAL, "Could not read key database file %s.", options.keydbfile); success = false; break; } log_msg(LLVL_DEBUG, "Successfully loaded key database file %s with %d entries and %d disk keys.", options.keydbfile, keydb.entrycnt, keydb_disk_key_count(&keydb)); #ifdef DEBUG keydb_dump(&keydb); #endif if (keydb.entrycnt == 0) { log_msg(LLVL_FATAL, "Key database file %s contains no keys.", options.keydbfile); success = false; break; } if (options.mode == SERVER_MODE) { if (keydb.entrycnt != 1) { log_msg(LLVL_FATAL, "Server configuration files need to have exactly one host entry."); success = false; break; } if (keydb_disk_key_count(&keydb) != 0) { log_msg(LLVL_FATAL, "Server configuration files may not contain disk unlocking keys."); success = false; break; } if (!dtls_server(keydb_getentry(&keydb, 0), &options)) { log_msg(LLVL_FATAL, "Failed to start TLS server."); success = false; break; } } else { if (!dtls_client(&keydb, &options)) { log_msg(LLVL_FATAL, "Failed to connect TLS client."); success = false; break; } } } while (false); keydb_free(&keydb); if (!success) { exit(EXIT_FAILURE); } #endif return 0; }