cryptsetup

package module
v0.0.0-...-fd0874f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 20, 2022 License: BSD-2-Clause Imports: 3 Imported by: 5

README

Go bindings for libcryptsetup

run-tests

Table of contents

  1. Rationale
  2. Compatibility
  3. Installation
  4. Currently supported device types/operating modes
  5. API reference
    1. Configuring logging
    2. Initializing devices
    3. Formatting devices
    4. Loading devices
    5. Adding a keyslot by volume key
    6. Adding a keyslot by passphrase
    7. Changing a keyslot by passphrase
    8. Activating devices using the volume key
    9. Activating devices using a passphrase
    10. Deactivating devices

Rationale

A number of projects have been using Go's os/exec package to interface with the upstream cryptsetup tools.

Doing so poses some technical issues:

  • Uses fork() to spawn subprocesses.
  • More complicated error handling: requires monitoring the subprocesses' return codes.
  • No direct access to cryptsetup's logging infrastructure.
  • Programs now depend on the cryptsetup binaries being installed and available in $PATH.
  • Couples programs to those binaries' command line interfaces.
  • Potentially harder to control cryptsetup's finer grained options.

This project is a pure Go interface for libcryptsetup, providing a clean and polymorphic API that is both correct and easy to work with.

Compatibility

These bindings have been tested using libcryptsetup >= 2.0.

GitHub Actions runs the test suite using the following version combinations:

Ubuntu version Go version libcryptsetup version
20.04 LTS 1.18 2.2.2
20.04 LTS 1.17 2.2.2
18.04 LTS 1.16 2.0.2

Locally, I also test on Fedora, using the latest version of libcryptsetup and Go.

Installation

Run the following command to install the bindings:

$ go get -u github.com/martinjungblut/go-cryptsetup

Before using these bindings, you have to install the upstream shared objects and development headers.

On Debian/Ubuntu/Linux Mint:

# apt install libcryptsetup12 libcryptset-dev

On Arch Linux, everything is available under a single package, including the upstream binaries:

# pacman -S cryptsetup

On Fedora, CentOS and RHEL:

# dnf install cryptsetup-devel cryptsetup-libs

On openSUSE Tumbleweed and Leap:

# zypper in libcryptsetup12 libcryptsetup-devel

On Gentoo:

# emerge sys-fs/cryptsetup

Currently supported device types/operating modes

Cryptsetup supports different encryption operating modes to use with dm-crypt. Some operations are only supported for some operating modes.

The following modes are currently supported by go-cryptsetup:

  • Plain
  • LUKS1
  • LUKS2

Notice that support for the remaining operating modes is planned.

API reference

Everything is available under the cryptsetup module.

1. Configuring logging

Cryptsetup's logging mechanism is incredibly useful when trying to use its library directly. Thanks to Go's ABI compatibility with C, it's possible to specify a logging callback directly from Go. This callback will be automatically called by libcryptsetup for loggable events.

Providing this callback is done by using the cryptsetup.SetLogCallback() function.

The provided callback must have the following parameters:

  • int: the event's severity level.
  • string: the actual event message.

Example:

cryptsetup.SetLogCallback(func(level int, message string) {
	fmt.Srintf("%d: %s", level, message)
})
2. Initializing devices

Initializing a device is the process of acquiring a reference to a particular device node for it to be manipulated.

Devices may be initialised using the cryptsetup.Init() function.

Parameters:

  • string: the device's path.

Return values:

  • nil on success.
  • error with code -15 if the specified device is not readable, or doesn't exist.

Supported operating modes: All

Example:

device, err := cryptsetup.Init("path-to-device-node")
if err == nil {
	// device was successfully initialised
} else {
	// error handling
}
3. Formatting devices

After a device has been initialised, it's possible to Format() it.

Formatting a device will write to its device node, based on the chosen device type/operating mode.

Parameters:

  • DeviceType: a valid implementation of the DeviceType interface, specifying the chosen device type and its parameters.
  • GenericParams: struct specifying generic parameters, applicable to all device types.

Return values:

  • A Device object, and nil on success.
  • nil, and an error on failure.

Supported operating modes:

  • LUKS1
  • LUKS2

Example using LUKS1:

luks1 := cryptsetup.LUKS1{Hash: "sha256"}
genericParams := cryptsetup.GenericParams{
	Cipher: "aes",
	CipherMode: "xts-plain64",
	VolumeKeySize: 512 / 8,
}

device, err := cryptsetup.Init("/dev/hypothetical-device-node")
if err == nil {
	err = device.Format(luks1, genericParams)
	if err == nil {
		// success: device was formatted correctly and may be used
	} else {
		// Format() error handling
	}
} else {
	// Init() error handling
}
4. Loading devices

After formatting a device, the next time you allocate an object referencing it, it will have to be loaded.

Doing this is as simple as calling Load().

Return values:

  • nil on success, or an error on failure.

Supported operating modes:

  • LUKS1
  • LUKS2

Example using LUKS1:

// we assume this device node had already been formatted using LUKS1
luks1 := cryptsetup.LUKS1{Hash: "sha256"}

device, err := cryptsetup.Init("/dev/hypothetical-device-node")
if err == nil {
	err = device.Load()
	if err == nil {
		// success: device was loaded correctly and may be used
	} else {
		// Load() error handling
	}
} else {
	// Init() error handling
}
5. Adding a keyslot by volume key

For LUKS 1 or 2 devices, you might want to add a keyslot having a passphrase, by using the configured volume key.

This is done by calling the KeyslotAddByVolumeKey() method.

Parameters:

  • int: The keyslot to be added.
  • string: The volume key. Must match the volume key that was used to format the device. Use an empty string if the key was auto-generated by crytpsetup (not provided when formatting the device).
  • string: The passphrase to be added to the keyslot.

Return values:

  • nil on success, or an error on failure.

Supported operating modes:

  • LUKS1
  • LUKS2

Example using LUKS1:

luks1 := cryptsetup.LUKS1{Hash: "sha256"}
genericParams := cryptsetup.GenericParams{
	Cipher: "aes",
	CipherMode: "xts-plain64",
	VolumeKeySize: 512 / 8,
}

device, err := cryptsetup.Init("/dev/hypothetical-device-node")
if err == nil {
	if device.Format(luks1, genericParams) == nil {
		device.KeyslotAddByVolumeKey(0, "", "hypothetical-passphrase")
	}
}
6. Adding a keyslot by passphrase

After a keyslot has been added, it's possible to use its passphrase to add subsequent keyslots.

This is done by calling the KeyslotAddByPassphrase() method.

Parameters:

  • int: The keyslot to be added.
  • string: A passphrase that already exists in a keyslot on this device.
  • string: Passphrase to be added to the keyslot.

Return values:

  • nil on success, or an error on failure.

Supported operating modes:

  • LUKS1
  • LUKS2

Example using LUKS1:

luks1 := cryptsetup.LUKS1{Hash: "sha256"}
genericParams := cryptsetup.GenericParams{
	Cipher: "aes",
	CipherMode: "xts-plain64",
	VolumeKeySize: 512 / 8,
}

device, err := cryptsetup.Init("/dev/hypothetical-device-node")
if err == nil {
	if device.Format(luks1, genericParams) == nil {
		if device.KeyslotAddByVolumeKey(0, "", "first-passphrase") == nil {
			device.KeyslotAddByPassphrase(1, "first-passphrase", "second-passphrase")
		}
	}
}
7. Changing a keyslot by passphrase

It's also possible to update a keyslot by using a valid passphrase.

This is done by calling the KeyslotChangeByPassphrase() method.

Parameters:

  • int: Current keyslot, must already exist. Will be replaced with the new one.
  • int: New keyslot.
  • string: Current passphrase, must be valid. Will be replaced by the new one.
  • string: New passphrase.

Return values:

  • nil on success, or an error on failure.

Supported operating modes:

  • LUKS1
  • LUKS2

Example using LUKS1:

luks1 := cryptsetup.LUKS1{Hash: "sha256"}
genericParams := cryptsetup.GenericParams{
	Cipher: "aes",
	CipherMode: "xts-plain64",
	VolumeKeySize: 512 / 8,
}

device, err := cryptsetup.Init("/dev/hypothetical-device-node")
if err == nil {
	if device.Format(luks1, genericParams) == nil {
		if device.KeyslotAddByVolumeKey(0, "", "passphrase") == nil {
			device.KeyslotChangeByPassphrase(0, 0, "passphrase", "new-passphrase")
		}
	}
}
8. Activating devices using the volume key

The volume key may be used to activate the device, by using the ActivateByVolumeKey() method.

Parameters:

  • string: A name for the device to be activated with. This will be the name of the new device node in /dev/mapper.
  • string: The volume key to be used to activate the device. Use an empty string if the key was auto-generated by crytpsetup (not provided when formatting the device).
  • int: The volume key's length.
  • int: Activation flags. Check const.go for more information.

Return values:

  • nil on success, or an error on failure.

Supported operating modes: All

Example using LUKS1:

luks1 := cryptsetup.LUKS1{Hash: "sha256"}
genericParams := cryptsetup.GenericParams{
	Cipher: "aes",
	CipherMode: "xts-plain64",
	VolumeKeySize: 512 / 8,
}

device, err := cryptsetup.Init("/dev/hypothetical-device-node")
if err == nil {
	if device.Format(luks1, genericParams) == nil {
	    device.ActivateByVolumeKey("hypothetical-device-name", "", 24, 0)
	}
}
9. Activating devices using a passphrase

A valid passphrase may be used to activate the device, by using the ActivateByPassphrase() method.

Parameters:

  • string: A name for the device to be activated with. This will be the name of the new device node in /dev/mapper.
  • int: Keyslot having the passphrase that will be used for activation.
  • string: Passphrase to activate the device. Must be valid for the specified keyslot.
  • int: Activation flags. Check const.go for more information.

Return values:

  • nil on success, or an error on failure.

Supported operating modes: All

Example using LUKS1:

luks1 := cryptsetup.LUKS1{Hash: "sha256"}
genericParams := cryptsetup.GenericParams{
	Cipher: "aes",
	CipherMode: "xts-plain64",
	VolumeKeySize: 512 / 8,
}

device, err := cryptsetup.Init("/dev/hypothetical-device-node")
if err == nil {
	if device.Format(luks1, genericParams) == nil {
		if device.KeyslotAddByVolumeKey(0, "", "passphrase") == nil {
			device.ActivateByPassphrase("hypothetical-device", 0, "passphrase", 0)
		}
	}
}
10. Deactivating devices

Deactivating a device is done by calling the Deactivate() method.

Parameters:

  • string: The name the device was given when it was activated. This corresponds to its device node name in /dev/mapper.

Return values:

  • nil on success, or an error on failure.

Supported operating modes: All

Example using LUKS1:

luks1 := cryptsetup.LUKS1{Hash: "sha256"}
genericParams := cryptsetup.GenericParams{
	Cipher: "aes",
	CipherMode: "xts-plain64",
	VolumeKeySize: 512 / 8,
}

device, err := cryptsetup.Init("/dev/hypothetical-device-node")
if err == nil {
	if device.Format(luks1, genericParams) == nil {
		if device.ActivateByVolumeKey("hypothetical-device", "", 24, 0) == nil {
			device.Deactivate("hypothetical-device")
		}
	}
}

Documentation

Index

Constants

View Source 
const (
	/** enable discards aka trim */
	CRYPT_ACTIVATE_ALLOW_DISCARDS = C.CRYPT_ACTIVATE_ALLOW_DISCARDS

	/** corruption detected (verity), output only */
	CRYPT_ACTIVATE_CORRUPTED = C.CRYPT_ACTIVATE_CORRUPTED

	/** dm-verity: ignore_corruption flag - ignore corruption, log it only */
	CRYPT_ACTIVATE_IGNORE_CORRUPTION = C.CRYPT_ACTIVATE_IGNORE_CORRUPTION

	/** ignore persistently stored flags */
	CRYPT_ACTIVATE_IGNORE_PERSISTENT = C.CRYPT_ACTIVATE_IGNORE_PERSISTENT

	/** dm-verity: ignore_zero_blocks - do not verify zero blocks */
	CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS = C.CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS

	/** key loaded in kernel keyring instead directly in dm-crypt */
	CRYPT_ACTIVATE_KEYRING_KEY = C.CRYPT_ACTIVATE_KEYRING_KEY

	/** dm-integrity: direct writes, do not use journal */
	CRYPT_ACTIVATE_NO_JOURNAL = C.CRYPT_ACTIVATE_NO_JOURNAL

	/** only reported for device without uuid */
	CRYPT_ACTIVATE_NO_UUID = C.CRYPT_ACTIVATE_NO_UUID

	/** skip global udev rules in activation ("private device"), input only */
	CRYPT_ACTIVATE_PRIVATE = C.CRYPT_ACTIVATE_PRIVATE

	/** device is read only */
	CRYPT_ACTIVATE_READONLY = C.CRYPT_ACTIVATE_READONLY

	/** dm-integrity: recovery mode - no journal, no integrity checks */
	CRYPT_ACTIVATE_RECOVERY = C.CRYPT_ACTIVATE_RECOVERY

	/** dm-verity: restart_on_corruption flag - restart kernel on corruption */
	CRYPT_ACTIVATE_RESTART_ON_CORRUPTION = C.CRYPT_ACTIVATE_RESTART_ON_CORRUPTION

	/** use same_cpu_crypt option for dm-crypt */
	CRYPT_ACTIVATE_SAME_CPU_CRYPT = C.CRYPT_ACTIVATE_SAME_CPU_CRYPT

	/** activate even if cannot grant exclusive access (dangerous) */
	CRYPT_ACTIVATE_SHARED = C.CRYPT_ACTIVATE_SHARED

	/** use submit_from_crypt_cpus for dm-crypt */
	CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS = C.CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS

	/** iterate through all keyslots and find first one that fits */
	CRYPT_ANY_SLOT = C.CRYPT_ANY_SLOT

	/** iterate through all tokens */
	CRYPT_ANY_TOKEN = C.CRYPT_ANY_TOKEN

	/** lazy deactivation - remove once last user releases it */
	CRYPT_DEACTIVATE_DEFERRED = C.CRYPT_DEACTIVATE_DEFERRED

	/** force deactivation - if the device is busy, it is replaced by error device */
	CRYPT_DEACTIVATE_FORCE = C.CRYPT_DEACTIVATE_FORCE

	/** debug all */
	CRYPT_DEBUG_ALL = C.CRYPT_DEBUG_ALL

	/** debug none */
	CRYPT_DEBUG_NONE = C.CRYPT_DEBUG_NONE

	/** integrity dm-integrity device */
	CRYPT_INTEGRITY = C.CRYPT_INTEGRITY

	/** argon2i according to rfc */
	CRYPT_KDF_ARGON2I = C.CRYPT_KDF_ARGON2I

	/** argon2id according to rfc */
	CRYPT_KDF_ARGON2ID = C.CRYPT_KDF_ARGON2ID

	/** pbkdf2 according to rfc2898, luks1 legacy */
	CRYPT_KDF_PBKDF2 = C.CRYPT_KDF_PBKDF2

	/** read key only to the first end of line (\\n). */
	CRYPT_KEYFILE_STOP_EOL = C.CRYPT_KEYFILE_STOP_EOL

	/** debug log level - always on stdout */
	CRYPT_LOG_DEBUG = C.CRYPT_LOG_DEBUG

	/** error log level */
	CRYPT_LOG_ERROR = C.CRYPT_LOG_ERROR

	/** normal log level */
	CRYPT_LOG_NORMAL = C.CRYPT_LOG_NORMAL

	/** verbose log level */
	CRYPT_LOG_VERBOSE = C.CRYPT_LOG_VERBOSE

	/** loop-aes compatibility mode */
	CRYPT_LOOPAES = C.CRYPT_LOOPAES

	/** luks version 1 header on-disk */
	CRYPT_LUKS1 = C.CRYPT_LUKS1

	/** luks version 2 header on-disk */
	CRYPT_LUKS2 = C.CRYPT_LUKS2

	/** iteration time set by crypt_set_iteration_time(), for compatibility only. */
	CRYPT_PBKDF_ITER_TIME_SET = C.CRYPT_PBKDF_ITER_TIME_SET

	/** never run benchmarks, use pre-set value or defaults. */
	CRYPT_PBKDF_NO_BENCHMARK = C.CRYPT_PBKDF_NO_BENCHMARK

	/** plain crypt device, no on-disk header */
	CRYPT_PLAIN = C.CRYPT_PLAIN

	/** unfinished offline reencryption */
	CRYPT_REQUIREMENT_OFFLINE_REENCRYPT = C.CRYPT_REQUIREMENT_OFFLINE_REENCRYPT

	/** unknown requirement in header (output only) */
	CRYPT_REQUIREMENT_UNKNOWN = C.CRYPT_REQUIREMENT_UNKNOWN

	/** crypt_rng_random  - use /dev/random (waits if no entropy in system) */
	CRYPT_RNG_RANDOM = C.CRYPT_RNG_RANDOM

	/** crypt_rng_urandom - use /dev/urandom */
	CRYPT_RNG_URANDOM = C.CRYPT_RNG_URANDOM

	/** tcrypt (truecrypt-compatible and veracrypt-compatible) mode */
	CRYPT_TCRYPT = C.CRYPT_TCRYPT

	/** try to load backup header */
	CRYPT_TCRYPT_BACKUP_HEADER = C.CRYPT_TCRYPT_BACKUP_HEADER

	/** try to load hidden header (describing hidden device) */
	CRYPT_TCRYPT_HIDDEN_HEADER = C.CRYPT_TCRYPT_HIDDEN_HEADER

	/** include legacy modes when scanning for header */
	CRYPT_TCRYPT_LEGACY_MODES = C.CRYPT_TCRYPT_LEGACY_MODES

	/** device contains encrypted system (with boot loader) */
	CRYPT_TCRYPT_SYSTEM_HEADER = C.CRYPT_TCRYPT_SYSTEM_HEADER

	/** include veracrypt modes when scanning for header,
	 *  all other tcrypt flags applies as well.
	 *  veracrypt device is reported as tcrypt type.
	 */
	CRYPT_TCRYPT_VERA_MODES = C.CRYPT_TCRYPT_VERA_MODES

	/** dm-verity mode */
	CRYPT_VERITY = C.CRYPT_VERITY

	/** verity hash in userspace before activation */
	CRYPT_VERITY_CHECK_HASH = C.CRYPT_VERITY_CHECK_HASH

	/** create hash - format hash device */
	CRYPT_VERITY_CREATE_HASH = C.CRYPT_VERITY_CREATE_HASH

	/** no on-disk header (only hashes) */
	CRYPT_VERITY_NO_HEADER = C.CRYPT_VERITY_NO_HEADER

	/** create keyslot with volume key not associated with current dm-crypt segment */
	CRYPT_VOLUME_KEY_NO_SEGMENT = C.CRYPT_VOLUME_KEY_NO_SEGMENT

	/** use direct-io */
	CRYPT_WIPE_NO_DIRECT_IO = C.CRYPT_WIPE_NO_DIRECT_IO

	/**< Fill with zeroes */
	CRYPT_WIPE_ZERO = C.CRYPT_WIPE_ZERO

	/**< Use RNG to fill data */
	CRYPT_WIPE_RANDOM = C.CRYPT_WIPE_RANDOM

	/**< Add encryption and fill with zeroes as plaintext */
	CRYPT_WIPE_ENCRYPTED_ZERO = C.CRYPT_WIPE_ENCRYPTED_ZERO

	/**< Compatibility only, do not use (Gutmann method) */
	CRYPT_WIPE_SPECIAL = C.CRYPT_WIPE_SPECIAL
)

Variables

This section is empty.

Functions

func SetDebugLevel 

func SetDebugLevel(debugLevel int)

SetDebugLevel sets the debug level for the library. C equivalent: crypt_set_debug_level

func SetLogCallback 

func SetLogCallback(newLogCallback func(level int, message string))

Types

type Device 

type Device struct {
	// contains filtered or unexported fields
}

Device is a handle to the crypto device. It encapsulates libcryptsetup's 'crypt_device' struct.

func Init 

func Init(devicePath string) (*Device, error)

Init initializes a crypt device backed by 'devicePath'. Returns a pointer to the newly allocated Device or any error encountered. C equivalent: crypt_init

func InitByName 

func InitByName(name string) (*Device, error)

InitByName initializes a crypt device from provided active device 'name'. Returns a pointer to the newly allocated Device or any error encountered. C equivalent: crypt_init_by_name

func (*Device) ActivateByPassphrase 

func (device *Device) ActivateByPassphrase(deviceName string, keyslot int, passphrase string, flags int) error

ActivateByPassphrase activates a device by using a passphrase from a specific keyslot. If deviceName is empty only check passphrase. Returns nil on success, or an error otherwise. C equivalent: crypt_activate_by_passphrase

func (*Device) ActivateByVolumeKey 

func (device *Device) ActivateByVolumeKey(deviceName string, volumeKey string, volumeKeySize int, flags int) error

ActivateByVolumeKey activates a device by using a volume key. If deviceName is empty only check passphrase. Returns nil on success, or an error otherwise. C equivalent: crypt_activate_by_volume_key

func (*Device) Deactivate 

func (device *Device) Deactivate(deviceName string) error

Deactivate deactivates a device. Returns nil on success, or an error otherwise. C equivalent: crypt_deactivate

func (*Device) Dump 

func (device *Device) Dump() int

C equivalent: crypt_dump

func (*Device) Format 

func (device *Device) Format(deviceType DeviceType, genericParams GenericParams) error

Format formats a Device, using a specific device type, and type-independent parameters. Returns nil on success, or an error otherwise. C equivalent: crypt_format

func (*Device) Free 

func (device *Device) Free() bool

Free releases crypt device context and used memory. C equivalent: crypt_free

func (*Device) GetDeviceName 

func (device *Device) GetDeviceName() string

GetDeviceName gets the path to the underlying device. C equivalent: crypt_get_device_name

func (*Device) GetUUID 

func (device *Device) GetUUID() string

GetUUID gets the device's UUID. C equivalent: crypt_get_uuid

func (*Device) KeyslotAddByPassphrase 

func (device *Device) KeyslotAddByPassphrase(keyslot int, currentPassphrase string, newPassphrase string) error

KeyslotAddByPassphrase adds a key slot using a previously added passphrase to perform the required security check. Returns nil on success, or an error otherwise. C equivalent: crypt_keyslot_add_by_passphrase

func (*Device) KeyslotAddByVolumeKey 

func (device *Device) KeyslotAddByVolumeKey(keyslot int, volumeKey string, passphrase string) error

KeyslotAddByVolumeKey adds a key slot using a volume key to perform the required security check. Returns nil on success, or an error otherwise. C equivalent: crypt_keyslot_add_by_volume_key

func (*Device) KeyslotChangeByPassphrase 

func (device *Device) KeyslotChangeByPassphrase(currentKeyslot int, newKeyslot int, currentPassphrase string, newPassphrase string) error

KeyslotChangeByPassphrase changes a defined a key slot using a previously added passphrase to perform the required security check. Returns nil on success, or an error otherwise. C equivalent: crypt_keyslot_change_by_passphrase

func (*Device) Load 

func (device *Device) Load(deviceType DeviceType) error

Load loads crypt device parameters from the device type parameters if it is specified, otherwise it loads the device from the on-disk header. Returns nil on success, or an error otherwise. C equivalent: crypt_load

func (*Device) Resize 

func (device *Device) Resize(name string, newSize uint64) error

Resize the crypt device. Set newSize to 0 to use all of the underlying device size Returns nil on success, or an error otherwise. C equivalent: crypt_resize

func (*Device) Type 

func (device *Device) Type() string

Type returns the device's type as a string. Returns an empty string if the information is not available.

func (*Device) VolumeKeyGet 

func (device *Device) VolumeKeyGet(keyslot int, passphrase string) ([]byte, int, error)

VolumeKeyGet gets the volume key from a crypt device. Returns a slice of bytes having the volume key and the unlocked key slot number, or an error otherwise. C equivalent: crypt_volume_key_get

func (*Device) Wipe 

func (device *Device) Wipe(devicePath string, pattern int, offset, length uint64, wipeBlockSize, flags int, progress func(size, offset uint64) int) error

Wipe wipes/fills (part of) a device with the selected pattern. Returns nil on success, or an error otherwise. C equivalent: crypt_wipe

type DeviceType 

type DeviceType interface {
	Name() string
	Unmanaged() (unsafe.Pointer, func())
}

Interface that all device types must implement.

type Error 

type Error struct {
	// contains filtered or unexported fields
}

Error holds the name and the return value of a libcryptsetup function that was executed with an error.

func (*Error) Code 

func (e *Error) Code() int

Code returns the error code returned by a libcryptsetup function.

func (*Error) Error 

func (e *Error) Error() string

type GenericParams 

type GenericParams struct {
	Cipher        string
	CipherMode    string
	UUID          string
	VolumeKey     string
	VolumeKeySize int
}

GenericParams are device type independent parameters that are used to manipulate devices in various ways.

type IntegrityParams 

type IntegrityParams struct {
	JournalSize       uint64
	JournalWatermark  uint
	JournalCommitTime uint

	InterleaveSectors uint32
	TagSize           uint32
	SectorSize        uint32
	BufferSectors     uint32

	Integrity        string
	IntegrityKeySize uint32

	JournalIntegrity        string
	JournalIntegrityKey     string
	JournalIntegrityKeySize uint32

	JournalCrypt        string
	JournalCryptKey     string
	JournalCryptKeySize uint32
}

type LUKS1 

type LUKS1 struct {
	Hash          string
	DataAlignment int
	DataDevice    string
}

LUKS1 is the struct used to manipulate LUKS1 devices.

func (LUKS1) Name 

func (luks1 LUKS1) Name() string

Name returns the LUKS1 device type name as a string.

func (LUKS1) Unmanaged 

func (luks1 LUKS1) Unmanaged() (unsafe.Pointer, func())

Unmanaged is used to specialize LUKS1.

type LUKS2 

type LUKS2 struct {
	PBKDFType       *PbkdfType
	Integrity       string
	IntegrityParams *IntegrityParams
	DataAlignment   int
	DataDevice      string
	SectorSize      uint32
	Label           string
	Subsystem       string
}

LUKS2 is the struct used to manipulate LUKS2 devices.

func (LUKS2) Name 

func (luks2 LUKS2) Name() string

Name returns the LUKS2 device type name as a string.

func (LUKS2) Unmanaged 

func (luks2 LUKS2) Unmanaged() (unsafe.Pointer, func())

Unmanaged is used to specialize LUKS2.

type PbkdfType 

type PbkdfType struct {
	Type            string
	Hash            string
	TimeMs          uint32
	Iterations      uint32
	MaxMemoryKb     uint32
	ParallelThreads uint32
	Flags           uint32
}

type Plain 

type Plain struct {
	Hash       string
	Offset     uint64
	Skip       uint64
	Size       uint64
	SectorSize uint32
}

func (Plain) Name 

func (plain Plain) Name() string

Name returns the PLAIN device type name as a string.

func (Plain) Unmanaged 

func (plain Plain) Unmanaged() (unsafe.Pointer, func())

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.