luks

package
v2.0.11 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 13, 2025 License: MPL-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package luks provides a way to call LUKS2 cryptsetup.

Package luks provides a way to call LUKS2 cryptsetup.

Index

Constants

View Source
const (
	// AESXTSPlain64CipherString string representation of aes-xts-plain64 cipher.
	AESXTSPlain64CipherString = "aes-xts-plain64"
	// XChaCha12String string representation of xchacha12 cipher.
	XChaCha12String = "xchacha12,aes-adiantum-plain64"
	// XChaCha20String string representation of xchacha20 cipher.
	XChaCha20String = "xchacha20,aes-adiantum-plain64"
	// AESXTSPlain64Cipher represents aes-xts-plain64 encryption cipher.
	AESXTSPlain64Cipher Cipher = iota
	// XChaCha12Cipher represents xchacha12 encryption cipher.
	XChaCha12Cipher
	// XChaCha20Cipher represents xchacha20 encryption cipher.
	XChaCha20Cipher
)
View Source
const (
	// PerfNoReadWorkqueue sets --perf-no_read_workqueue.
	PerfNoReadWorkqueue = "no_read_workqueue"
	// PerfNoWriteWorkqueue sets --perf-no_write_workqueue.
	PerfNoWriteWorkqueue = "no_write_workqueue"
	// PerfSameCPUCrypt sets --perf-same_cpu_crypt.
	PerfSameCPUCrypt = "same_cpu_crypt"
)

Variables

This section is empty.

Functions

func ValidatePerfOption

func ValidatePerfOption(value string) error

ValidatePerfOption checks that specified string is a valid perf option.

Types

type Cipher

type Cipher int

Cipher LUKS2 cipher type.

func ParseCipherKind

func ParseCipherKind(s string) (Cipher, error)

ParseCipherKind converts cipher string into cipher type.

func (Cipher) String

func (c Cipher) String() (string, error)

String converts to command line string parameter value.

type LUKS

type LUKS struct {
	// contains filtered or unexported fields
}

LUKS implements LUKS2 encryption provider.

func New

func New(cipher Cipher, options ...Option) *LUKS

New creates new LUKS2 encryption provider.

func (*LUKS) AddKey

func (l *LUKS) AddKey(ctx context.Context, devname string, key, newKey *encryption.Key) error

AddKey adds a new key at the LUKS encryption slot.

func (*LUKS) CheckKey

func (l *LUKS) CheckKey(ctx context.Context, devname string, key *encryption.Key) (bool, error)

CheckKey checks if the key is valid.

func (*LUKS) Close

func (l *LUKS) Close(ctx context.Context, devname string) error

Close implements encryption.Provider.

func (*LUKS) Encrypt

func (l *LUKS) Encrypt(ctx context.Context, deviceName string, key *encryption.Key) error

Encrypt implements encryption.Provider.

func (*LUKS) IsOpen added in v2.0.3

func (l *LUKS) IsOpen(ctx context.Context, _, mappedName string) (bool, string, error)

IsOpen checks if the device is already opened.

func (*LUKS) Open

func (l *LUKS) Open(ctx context.Context, deviceName, mappedName string, key *encryption.Key) (string, error)

Open runs luksOpen on a device and returns mapped device path.

func (*LUKS) ReadKeyslots

func (l *LUKS) ReadKeyslots(deviceName string) (*encryption.Keyslots, error)

ReadKeyslots returns deserialized LUKS2 keyslots JSON.

func (*LUKS) ReadToken

func (l *LUKS) ReadToken(ctx context.Context, devname string, slot int, token token.Token) error

ReadToken reads arbitrary token from the luks metadata.

func (*LUKS) RemoveKey

func (l *LUKS) RemoveKey(ctx context.Context, devname string, slot int, key *encryption.Key) error

RemoveKey removes a key at the specified LUKS encryption slot.

func (*LUKS) RemoveToken

func (l *LUKS) RemoveToken(ctx context.Context, devname string, slot int) error

RemoveToken removes token from the luks metadata.

func (*LUKS) Resize

func (l *LUKS) Resize(ctx context.Context, devname string, key *encryption.Key) error

Resize implements encryption.Provider.

func (*LUKS) SetKey

func (l *LUKS) SetKey(ctx context.Context, devname string, oldKey, newKey *encryption.Key) error

SetKey sets new key value at the LUKS encryption slot.

func (*LUKS) SetToken

func (l *LUKS) SetToken(ctx context.Context, devname string, slot int, token token.Token) error

SetToken adds arbitrary token to the key slot. Token id == slot id: only one token per key slot is supported.

type Option

type Option func(l *LUKS)

Option represents luks configuration callback.

func WithBlockSize

func WithBlockSize(value uint64) Option

WithBlockSize sets block size.

func WithIterTime

func WithIterTime(value time.Duration) Option

WithIterTime sets iter-time parameter.

func WithKeySize

func WithKeySize(value uint) Option

WithKeySize sets generated key size.

func WithPBKDFForceIterations

func WithPBKDFForceIterations(value uint) Option

WithPBKDFForceIterations sets pbkdf-force-iterations parameter.

func WithPBKDFMemory

func WithPBKDFMemory(value uint64) Option

WithPBKDFMemory sets pbkdf-memory parameter.

func WithPerfOptions

func WithPerfOptions(options ...string) Option

WithPerfOptions enables encryption perf options.

type Token

type Token[UserData any] struct {
	// UserData has a strange JSON tag, but this keeps it backwards compatible with v1 library.
	UserData UserData `json:"UserData"`
	Type     string   `json:"type"`
}

Token defines LUKS2 token.

func (*Token[UserData]) Bytes

func (t *Token[UserData]) Bytes() ([]byte, error)

Bytes encodes token into bytes.

func (*Token[UserData]) Decode

func (t *Token[UserData]) Decode(in []byte) error

Decode reads token data from bytes.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL