+
+static int
+luks_format (const char *device, const char *key, int keyslot,
+ const char *cipher)
+{
+ char *tempfile = write_key_to_temp (key);
+ if (!tempfile)
+ return -1;
+
+ const char *argv[MAX_ARGS];
+ char keyslot_s[16];
+ size_t i = 0;
+
+ ADD_ARG (argv, i, "cryptsetup");
+ ADD_ARG (argv, i, "-q");
+ if (cipher) {
+ ADD_ARG (argv, i, "--cipher");
+ ADD_ARG (argv, i, cipher);
+ }
+ ADD_ARG (argv, i, "--key-slot");
+ snprintf (keyslot_s, sizeof keyslot_s, "%d", keyslot);
+ ADD_ARG (argv, i, keyslot_s);
+ ADD_ARG (argv, i, "luksFormat");
+ ADD_ARG (argv, i, device);
+ ADD_ARG (argv, i, tempfile);
+ ADD_ARG (argv, i, NULL);
+
+ char *err;
+ int r = commandv (NULL, &err, (const char * const *) argv);
+ remove_temp (tempfile);
+
+ if (r == -1) {
+ reply_with_error ("%s", err);
+ free (err);
+ return -1;
+ }
+
+ free (err);
+
+ udev_settle ();
+
+ return 0;
+}
+
+int
+do_luks_format (const char *device, const char *key, int keyslot)
+{
+ return luks_format (device, key, keyslot, NULL);
+}
+
+int
+do_luks_format_cipher (const char *device, const char *key, int keyslot,
+ const char *cipher)
+{
+ return luks_format (device, key, keyslot, cipher);
+}
+
+int
+do_luks_add_key (const char *device, const char *key, const char *newkey,
+ int keyslot)
+{
+ char *keyfile = write_key_to_temp (key);
+ if (!keyfile)
+ return -1;
+
+ char *newkeyfile = write_key_to_temp (newkey);
+ if (!newkeyfile) {
+ remove_temp (keyfile);
+ return -1;
+ }
+
+ const char *argv[MAX_ARGS];
+ char keyslot_s[16];
+ size_t i = 0;
+
+ ADD_ARG (argv, i, "cryptsetup");
+ ADD_ARG (argv, i, "-q");
+ ADD_ARG (argv, i, "-d");
+ ADD_ARG (argv, i, keyfile);
+ ADD_ARG (argv, i, "--key-slot");
+ snprintf (keyslot_s, sizeof keyslot_s, "%d", keyslot);
+ ADD_ARG (argv, i, keyslot_s);
+ ADD_ARG (argv, i, "luksAddKey");
+ ADD_ARG (argv, i, device);
+ ADD_ARG (argv, i, newkeyfile);
+ ADD_ARG (argv, i, NULL);
+
+ char *err;
+ int r = commandv (NULL, &err, (const char * const *) argv);
+ remove_temp (keyfile);
+ remove_temp (newkeyfile);
+
+ if (r == -1) {
+ reply_with_error ("%s", err);
+ free (err);
+ return -1;
+ }
+
+ free (err);
+
+ return 0;
+}
+
+int
+do_luks_kill_slot (const char *device, const char *key, int keyslot)
+{
+ char *tempfile = write_key_to_temp (key);
+ if (!tempfile)
+ return -1;
+
+ const char *argv[MAX_ARGS];
+ char keyslot_s[16];
+ size_t i = 0;
+
+ ADD_ARG (argv, i, "cryptsetup");
+ ADD_ARG (argv, i, "-q");
+ ADD_ARG (argv, i, "-d");
+ ADD_ARG (argv, i, tempfile);
+ ADD_ARG (argv, i, "luksKillSlot");
+ ADD_ARG (argv, i, device);
+ snprintf (keyslot_s, sizeof keyslot_s, "%d", keyslot);
+ ADD_ARG (argv, i, keyslot_s);
+ ADD_ARG (argv, i, NULL);
+
+ char *err;
+ int r = commandv (NULL, &err, (const char * const *) argv);
+ remove_temp (tempfile);
+
+ if (r == -1) {
+ reply_with_error ("%s", err);
+ free (err);
+ return -1;
+ }
+
+ free (err);
+
+ return 0;
+}