luks2

package
v0.0.0-...-58fadb6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 10, 2025 License: GPL-3.0 Imports: 7 Imported by: 1

Documentation

Index

Constants

View Source
const (
	// AnySlot tells a command to automatically choose an appropriate slot
	// as opposed to hard coding one.
	AnySlot = -1
)

Variables

This section is empty.

Functions

func AddKey

func AddKey(devicePath string, existingKey, key []byte, options *AddKeyOptions) error

AddKey adds the supplied key in to a new keyslot for specified LUKS2 container. In order to do this, an existing key must be provided. The KDF for the new keyslot will be configured to use argon2i with the supplied benchmark time. The key will be added to the supplied slot.

If options is not supplied, the default KDF benchmark time is used and the command will automatically choose an appropriate slot.

func KillSlot

func KillSlot(devicePath string, slot int, key []byte) error

KillSlot erases the keyslot with the supplied slot number from the specified LUKS2 container. Note that a valid key for a remaining keyslot must be supplied, in order to prevent the last keyslot from being erased.

func SetSlotPriority

func SetSlotPriority(devicePath string, slot int, priority SlotPriority) error

SetSlotPriority sets the priority of the keyslot with the supplied slot number on the specified LUKS2 container.

Types

type AddKeyOptions

type AddKeyOptions struct {
	// KDFOptions describes the KDF options for the new key slot.
	KDFOptions KDFOptions

	// Slot is the keyslot to use. Note that the default value is slot 0. In
	// order to automatically choose a slot, use AnySlot.
	Slot int
}

AddKeyOptions provides the options for adding a key to a LUKS2 volume

type KDFOptions

type KDFOptions struct {
	// TargetDuration specifies the target time for benchmarking of the
	// time and memory cost parameters. If it is zero then the cryptsetup
	// default is used. If ForceIterations is not zero then this is ignored.
	TargetDuration time.Duration

	// MemoryKiB specifies the maximum memory cost in KiB when ForceIterations
	// is zero, or the actual memory cost in KiB when ForceIterations is not zero.
	// If this is set to zero, then the cryptsetup default is used.
	MemoryKiB int

	// ForceIterations specifies the time cost. If set to zero, the time
	// and memory cost are determined by benchmarking the algorithm based on
	// the specified TargetDuration. Set to a non-zero number to force the
	// time cost to the value of this field, and the memory cost to the value
	// of MemoryKiB, disabling benchmarking.
	ForceIterations int

	// Parallel sets the maximum number of parallel threads. Cryptsetup may
	// choose a lower value based on its own maximum and the number of available
	// CPU cores.
	Parallel int
}

KDFOptions specifies parameters for the Argon2 KDF.

type SlotPriority

type SlotPriority int

SlotPriority represents the priority of a keyslot.

const (
	// SlotPriorityIgnore means that cryptsetup will not use the associated
	// keyslot unless it is specified explicitly.
	SlotPriorityIgnore SlotPriority = iota

	// SlotPriorityNormal is the default keyslot priority.
	SlotPriorityNormal

	// SlotPriorityHigh means that cryptsetup will try the associated keyslot
	// before it tries any keyslots with a priority of SlotPriorityNormal.
	SlotPriorityHigh
)

func (SlotPriority) String

func (p SlotPriority) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL