cryptsetup

package
v2.19.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 18, 2024 License: AGPL-3.0 Imports: 8 Imported by: 0

Documentation

Overview

Package cryptsetup provides a wrapper around libcryptsetup. The package is used to manage encrypted disks for Constellation.

Since libcryptsetup is not thread safe, this package uses a global lock to prevent concurrent use. There should only be one instance using this package per process.

SPDX-License-Identifier: AGPL-3.0-only

Index

Constants

View Source
const (
	// ConstellationStateDiskTokenID is the ID of Constellation's state disk token.
	ConstellationStateDiskTokenID = 0
	// SetDiskInitialized is a flag to set the Constellation state disk token to initialized.
	SetDiskInitialized = true
	// SetDiskNotInitialized is a flag to set the Constellation state disk token to not initialized.
	SetDiskNotInitialized = false

	// FormatIntegrity is a flag to enable dm-integrity for a crypt device when formatting.
	FormatIntegrity = true
	// FormatNoIntegrity is a flag to disable dm-integrity for a crypt device when formatting.
	FormatNoIntegrity = false
)
View Source
const (
	// ReadWriteQueueBypass is a flag to disable the write and read workqueues for a crypt device.
	ReadWriteQueueBypass = C.CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE | C.CRYPT_ACTIVATE_NO_READ_WORKQUEUE
)

Variables

This section is empty.

Functions

This section is empty.

Types

type CryptSetup added in v2.10.0

type CryptSetup struct {
	// contains filtered or unexported fields
}

CryptSetup manages encrypted devices.

func New added in v2.10.0

func New() *CryptSetup

New creates a new CryptSetup. Before first use, call Init() or InitByName() to open a crypt device.

func (*CryptSetup) ActivateByPassphrase added in v2.10.0

func (c *CryptSetup) ActivateByPassphrase(deviceName string, keyslot int, passphrase string, flags int) error

ActivateByPassphrase actives a crypt device using a passphrase.

func (*CryptSetup) ActivateByVolumeKey added in v2.10.0

func (c *CryptSetup) ActivateByVolumeKey(deviceName, volumeKey string, volumeKeySize, flags int) error

ActivateByVolumeKey activates a crypt device using a volume key. Set volumeKey to empty string to use the internal key.

func (*CryptSetup) ConstellationStateDiskTokenIsInitialized added in v2.10.0

func (c *CryptSetup) ConstellationStateDiskTokenIsInitialized() bool

ConstellationStateDiskTokenIsInitialized returns true if the Constellation state disk token is set to initialized.

func (*CryptSetup) Deactivate added in v2.10.0

func (c *CryptSetup) Deactivate(deviceName string) error

Deactivate deactivates a crypt device, removing the mapped device.

func (*CryptSetup) Format added in v2.10.0

func (c *CryptSetup) Format(integrity bool) error

Format formats a disk as a LUKS2 crypt device. Optionally set integrity to true to enable dm-integrity for the device.

func (*CryptSetup) Free added in v2.10.0

func (c *CryptSetup) Free()

Free frees resources from a previously opened crypt device.

func (*CryptSetup) GetDeviceName added in v2.10.0

func (c *CryptSetup) GetDeviceName() string

GetDeviceName gets the path to the underlying device.

func (*CryptSetup) GetUUID added in v2.10.0

func (c *CryptSetup) GetUUID() (string, error)

GetUUID gets the device's LUKS2 UUID. The UUID is returned in lowercase.

func (*CryptSetup) Init added in v2.10.0

func (c *CryptSetup) Init(devicePath string) (free func(), err error)

Init opens a crypt device by device path.

func (*CryptSetup) InitByName added in v2.10.0

func (c *CryptSetup) InitByName(name string) (free func(), err error)

InitByName opens an active crypt device using its mapped name.

func (*CryptSetup) KeyslotAddByVolumeKey added in v2.10.0

func (c *CryptSetup) KeyslotAddByVolumeKey(keyslot int, volumeKey string, passphrase string) error

KeyslotAddByVolumeKey adds a key slot to a device, allowing later activations using the chosen passphrase. Set volumeKey to empty string to use the internal key.

func (*CryptSetup) KeyslotChangeByPassphrase added in v2.10.0

func (c *CryptSetup) KeyslotChangeByPassphrase(currentKeyslot, newKeyslot int, currentPassphrase, newPassphrase string) error

KeyslotChangeByPassphrase changes the passphrase for a keyslot.

func (*CryptSetup) LoadLUKS2 added in v2.10.0

func (c *CryptSetup) LoadLUKS2() error

LoadLUKS2 loads the device as LUKS2 crypt device.

func (*CryptSetup) Resize added in v2.10.0

func (c *CryptSetup) Resize(name string, newSize uint64) error

Resize resizes a device to the given size. name must be equal to the mapped device name. Set newSize to 0 to use the maximum available size.

func (*CryptSetup) SetConstellationStateDiskToken added in v2.10.0

func (c *CryptSetup) SetConstellationStateDiskToken(diskIsInitialized bool) error

SetConstellationStateDiskToken sets the Constellation state disk token.

func (*CryptSetup) TokenJSONGet added in v2.10.0

func (c *CryptSetup) TokenJSONGet(token int) (string, error)

TokenJSONGet gets the JSON data for a token.

func (*CryptSetup) TokenJSONSet added in v2.10.0

func (c *CryptSetup) TokenJSONSet(token int, json string) (int, error)

TokenJSONSet sets the JSON data for a token. The JSON data must be a valid LUKS2 token. Required fields are:

  • type [string] the token type (tokens with luks2- prefix are reserved)
  • keyslots [array] the array of keyslot objects names that are assigned to the token

Returns the allocated token ID on success.

func (*CryptSetup) Wipe added in v2.10.0

func (c *CryptSetup) Wipe(
	name string, blockWipeSize int, flags int, logCallback func(size, offset uint64), logFrequency time.Duration,
) (err error)

Wipe overwrites the device with zeros to initialize integrity checksums.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL