Documentation
¶
Index ¶
- Constants
- func SetDebugLevel(debugLevel int)
- func SetLogCallback(newLogCallback func(level int, message string))
- type Device
- func (device *Device) ActivateByPassphrase(deviceName string, keyslot int, passphrase string, flags int) error
- func (device *Device) ActivateByVolumeKey(deviceName string, volumeKey string, volumeKeySize int, flags int) error
- func (device *Device) Deactivate(deviceName string) error
- func (device *Device) Dump() int
- func (device *Device) Format(deviceType DeviceType, genericParams GenericParams) error
- func (device *Device) Free() bool
- func (device *Device) GetDeviceName() string
- func (device *Device) GetUUID() string
- func (device *Device) KeyslotAddByPassphrase(keyslot int, currentPassphrase string, newPassphrase string) error
- func (device *Device) KeyslotAddByVolumeKey(keyslot int, volumeKey string, passphrase string) error
- func (device *Device) KeyslotChangeByPassphrase(currentKeyslot int, newKeyslot int, currentPassphrase string, ...) error
- func (device *Device) Load(deviceType DeviceType) error
- func (device *Device) Resize(name string, newSize uint64) error
- func (device *Device) Type() string
- func (device *Device) VolumeKeyGet(keyslot int, passphrase string) ([]byte, int, error)
- func (device *Device) Wipe(devicePath string, pattern int, offset, length uint64, ...) error
- type DeviceType
- type Error
- type GenericParams
- type IntegrityParams
- type LUKS1
- type LUKS2
- type PbkdfType
- type Plain
Constants ¶
const ( /** enable discards aka trim */ CRYPT_ACTIVATE_ALLOW_DISCARDS = C.CRYPT_ACTIVATE_ALLOW_DISCARDS /** corruption detected (verity), output only */ CRYPT_ACTIVATE_CORRUPTED = C.CRYPT_ACTIVATE_CORRUPTED /** dm-verity: ignore_corruption flag - ignore corruption, log it only */ CRYPT_ACTIVATE_IGNORE_CORRUPTION = C.CRYPT_ACTIVATE_IGNORE_CORRUPTION /** ignore persistently stored flags */ CRYPT_ACTIVATE_IGNORE_PERSISTENT = C.CRYPT_ACTIVATE_IGNORE_PERSISTENT /** dm-verity: ignore_zero_blocks - do not verify zero blocks */ CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS = C.CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS /** key loaded in kernel keyring instead directly in dm-crypt */ CRYPT_ACTIVATE_KEYRING_KEY = C.CRYPT_ACTIVATE_KEYRING_KEY /** dm-integrity: direct writes, do not use journal */ CRYPT_ACTIVATE_NO_JOURNAL = C.CRYPT_ACTIVATE_NO_JOURNAL /** only reported for device without uuid */ CRYPT_ACTIVATE_NO_UUID = C.CRYPT_ACTIVATE_NO_UUID /** skip global udev rules in activation ("private device"), input only */ CRYPT_ACTIVATE_PRIVATE = C.CRYPT_ACTIVATE_PRIVATE /** device is read only */ CRYPT_ACTIVATE_READONLY = C.CRYPT_ACTIVATE_READONLY /** dm-integrity: recovery mode - no journal, no integrity checks */ CRYPT_ACTIVATE_RECOVERY = C.CRYPT_ACTIVATE_RECOVERY /** dm-verity: restart_on_corruption flag - restart kernel on corruption */ CRYPT_ACTIVATE_RESTART_ON_CORRUPTION = C.CRYPT_ACTIVATE_RESTART_ON_CORRUPTION /** use same_cpu_crypt option for dm-crypt */ CRYPT_ACTIVATE_SAME_CPU_CRYPT = C.CRYPT_ACTIVATE_SAME_CPU_CRYPT /** activate even if cannot grant exclusive access (dangerous) */ CRYPT_ACTIVATE_SHARED = C.CRYPT_ACTIVATE_SHARED /** use submit_from_crypt_cpus for dm-crypt */ CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS = C.CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS /** iterate through all keyslots and find first one that fits */ CRYPT_ANY_SLOT = C.CRYPT_ANY_SLOT /** iterate through all tokens */ CRYPT_ANY_TOKEN = C.CRYPT_ANY_TOKEN /** lazy deactivation - remove once last user releases it */ CRYPT_DEACTIVATE_DEFERRED = C.CRYPT_DEACTIVATE_DEFERRED /** force deactivation - if the device is busy, it is replaced by error device */ CRYPT_DEACTIVATE_FORCE = C.CRYPT_DEACTIVATE_FORCE /** debug all */ CRYPT_DEBUG_ALL = C.CRYPT_DEBUG_ALL /** debug none */ CRYPT_DEBUG_NONE = C.CRYPT_DEBUG_NONE /** integrity dm-integrity device */ CRYPT_INTEGRITY = C.CRYPT_INTEGRITY /** argon2i according to rfc */ CRYPT_KDF_ARGON2I = C.CRYPT_KDF_ARGON2I /** argon2id according to rfc */ CRYPT_KDF_ARGON2ID = C.CRYPT_KDF_ARGON2ID /** pbkdf2 according to rfc2898, luks1 legacy */ CRYPT_KDF_PBKDF2 = C.CRYPT_KDF_PBKDF2 /** read key only to the first end of line (\\n). */ CRYPT_KEYFILE_STOP_EOL = C.CRYPT_KEYFILE_STOP_EOL /** debug log level - always on stdout */ CRYPT_LOG_DEBUG = C.CRYPT_LOG_DEBUG /** error log level */ CRYPT_LOG_ERROR = C.CRYPT_LOG_ERROR /** normal log level */ CRYPT_LOG_NORMAL = C.CRYPT_LOG_NORMAL /** verbose log level */ CRYPT_LOG_VERBOSE = C.CRYPT_LOG_VERBOSE /** loop-aes compatibility mode */ CRYPT_LOOPAES = C.CRYPT_LOOPAES /** luks version 1 header on-disk */ CRYPT_LUKS1 = C.CRYPT_LUKS1 /** luks version 2 header on-disk */ CRYPT_LUKS2 = C.CRYPT_LUKS2 /** iteration time set by crypt_set_iteration_time(), for compatibility only. */ CRYPT_PBKDF_ITER_TIME_SET = C.CRYPT_PBKDF_ITER_TIME_SET /** never run benchmarks, use pre-set value or defaults. */ CRYPT_PBKDF_NO_BENCHMARK = C.CRYPT_PBKDF_NO_BENCHMARK /** plain crypt device, no on-disk header */ CRYPT_PLAIN = C.CRYPT_PLAIN /** unfinished offline reencryption */ CRYPT_REQUIREMENT_OFFLINE_REENCRYPT = C.CRYPT_REQUIREMENT_OFFLINE_REENCRYPT /** unknown requirement in header (output only) */ CRYPT_REQUIREMENT_UNKNOWN = C.CRYPT_REQUIREMENT_UNKNOWN /** crypt_rng_random - use /dev/random (waits if no entropy in system) */ CRYPT_RNG_RANDOM = C.CRYPT_RNG_RANDOM /** crypt_rng_urandom - use /dev/urandom */ CRYPT_RNG_URANDOM = C.CRYPT_RNG_URANDOM /** tcrypt (truecrypt-compatible and veracrypt-compatible) mode */ CRYPT_TCRYPT = C.CRYPT_TCRYPT /** try to load backup header */ CRYPT_TCRYPT_BACKUP_HEADER = C.CRYPT_TCRYPT_BACKUP_HEADER /** try to load hidden header (describing hidden device) */ CRYPT_TCRYPT_HIDDEN_HEADER = C.CRYPT_TCRYPT_HIDDEN_HEADER /** include legacy modes when scanning for header */ CRYPT_TCRYPT_LEGACY_MODES = C.CRYPT_TCRYPT_LEGACY_MODES /** device contains encrypted system (with boot loader) */ CRYPT_TCRYPT_SYSTEM_HEADER = C.CRYPT_TCRYPT_SYSTEM_HEADER /** include veracrypt modes when scanning for header, * all other tcrypt flags applies as well. * veracrypt device is reported as tcrypt type. */ CRYPT_TCRYPT_VERA_MODES = C.CRYPT_TCRYPT_VERA_MODES /** dm-verity mode */ CRYPT_VERITY = C.CRYPT_VERITY /** verity hash in userspace before activation */ CRYPT_VERITY_CHECK_HASH = C.CRYPT_VERITY_CHECK_HASH /** create hash - format hash device */ CRYPT_VERITY_CREATE_HASH = C.CRYPT_VERITY_CREATE_HASH /** no on-disk header (only hashes) */ CRYPT_VERITY_NO_HEADER = C.CRYPT_VERITY_NO_HEADER /** create keyslot with volume key not associated with current dm-crypt segment */ CRYPT_VOLUME_KEY_NO_SEGMENT = C.CRYPT_VOLUME_KEY_NO_SEGMENT /** use direct-io */ CRYPT_WIPE_NO_DIRECT_IO = C.CRYPT_WIPE_NO_DIRECT_IO /**< Fill with zeroes */ CRYPT_WIPE_ZERO = C.CRYPT_WIPE_ZERO /**< Use RNG to fill data */ CRYPT_WIPE_RANDOM = C.CRYPT_WIPE_RANDOM /**< Add encryption and fill with zeroes as plaintext */ CRYPT_WIPE_ENCRYPTED_ZERO = C.CRYPT_WIPE_ENCRYPTED_ZERO /**< Compatibility only, do not use (Gutmann method) */ CRYPT_WIPE_SPECIAL = C.CRYPT_WIPE_SPECIAL )
Variables ¶
This section is empty.
Functions ¶
func SetDebugLevel ¶
func SetDebugLevel(debugLevel int)
SetDebugLevel sets the debug level for the library. C equivalent: crypt_set_debug_level
func SetLogCallback ¶
Types ¶
type Device ¶
type Device struct {
// contains filtered or unexported fields
}
Device is a handle to the crypto device. It encapsulates libcryptsetup's 'crypt_device' struct.
func Init ¶
Init initializes a crypt device backed by 'devicePath'. Returns a pointer to the newly allocated Device or any error encountered. C equivalent: crypt_init
func InitByName ¶
InitByName initializes a crypt device from provided active device 'name'. Returns a pointer to the newly allocated Device or any error encountered. C equivalent: crypt_init_by_name
func (*Device) ActivateByPassphrase ¶
func (device *Device) ActivateByPassphrase(deviceName string, keyslot int, passphrase string, flags int) error
ActivateByPassphrase activates a device by using a passphrase from a specific keyslot. If deviceName is empty only check passphrase. Returns nil on success, or an error otherwise. C equivalent: crypt_activate_by_passphrase
func (*Device) ActivateByVolumeKey ¶
func (device *Device) ActivateByVolumeKey(deviceName string, volumeKey string, volumeKeySize int, flags int) error
ActivateByVolumeKey activates a device by using a volume key. If deviceName is empty only check passphrase. Returns nil on success, or an error otherwise. C equivalent: crypt_activate_by_volume_key
func (*Device) Deactivate ¶
Deactivate deactivates a device. Returns nil on success, or an error otherwise. C equivalent: crypt_deactivate
func (*Device) Format ¶
func (device *Device) Format(deviceType DeviceType, genericParams GenericParams) error
Format formats a Device, using a specific device type, and type-independent parameters. Returns nil on success, or an error otherwise. C equivalent: crypt_format
func (*Device) GetDeviceName ¶
GetDeviceName gets the path to the underlying device. C equivalent: crypt_get_device_name
func (*Device) KeyslotAddByPassphrase ¶
func (device *Device) KeyslotAddByPassphrase(keyslot int, currentPassphrase string, newPassphrase string) error
KeyslotAddByPassphrase adds a key slot using a previously added passphrase to perform the required security check. Returns nil on success, or an error otherwise. C equivalent: crypt_keyslot_add_by_passphrase
func (*Device) KeyslotAddByVolumeKey ¶
KeyslotAddByVolumeKey adds a key slot using a volume key to perform the required security check. Returns nil on success, or an error otherwise. C equivalent: crypt_keyslot_add_by_volume_key
func (*Device) KeyslotChangeByPassphrase ¶
func (device *Device) KeyslotChangeByPassphrase(currentKeyslot int, newKeyslot int, currentPassphrase string, newPassphrase string) error
KeyslotChangeByPassphrase changes a defined a key slot using a previously added passphrase to perform the required security check. Returns nil on success, or an error otherwise. C equivalent: crypt_keyslot_change_by_passphrase
func (*Device) Load ¶
func (device *Device) Load(deviceType DeviceType) error
Load loads crypt device parameters from the device type parameters if it is specified, otherwise it loads the device from the on-disk header. Returns nil on success, or an error otherwise. C equivalent: crypt_load
func (*Device) Resize ¶
Resize the crypt device. Set newSize to 0 to use all of the underlying device size Returns nil on success, or an error otherwise. C equivalent: crypt_resize
func (*Device) Type ¶
Type returns the device's type as a string. Returns an empty string if the information is not available.
func (*Device) VolumeKeyGet ¶
VolumeKeyGet gets the volume key from a crypt device. Returns a slice of bytes having the volume key and the unlocked key slot number, or an error otherwise. C equivalent: crypt_volume_key_get
func (*Device) Wipe ¶
func (device *Device) Wipe(devicePath string, pattern int, offset, length uint64, wipeBlockSize, flags int, progress func(size, offset uint64) int) error
Wipe wipes/fills (part of) a device with the selected pattern. Returns nil on success, or an error otherwise. C equivalent: crypt_wipe
type DeviceType ¶
Interface that all device types must implement.
type Error ¶
type Error struct {
// contains filtered or unexported fields
}
Error holds the name and the return value of a libcryptsetup function that was executed with an error.
type GenericParams ¶
type GenericParams struct { Cipher string CipherMode string UUID string VolumeKey string VolumeKeySize int }
GenericParams are device type independent parameters that are used to manipulate devices in various ways.
type IntegrityParams ¶
type IntegrityParams struct { JournalSize uint64 JournalWatermark uint JournalCommitTime uint InterleaveSectors uint32 TagSize uint32 SectorSize uint32 BufferSectors uint32 Integrity string IntegrityKeySize uint32 JournalIntegrity string JournalIntegrityKey string JournalIntegrityKeySize uint32 JournalCrypt string JournalCryptKey string JournalCryptKeySize uint32 }
type LUKS1 ¶
LUKS1 is the struct used to manipulate LUKS1 devices.
type LUKS2 ¶
type LUKS2 struct { PBKDFType *PbkdfType Integrity string IntegrityParams *IntegrityParams DataAlignment int DataDevice string SectorSize uint32 Label string Subsystem string }
LUKS2 is the struct used to manipulate LUKS2 devices.