cryptsetup API
Public cryptsetup API
|
Macros | |
#define | CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING (1 << 0) |
#define | CRYPT_COMPAT_LEGACY_INTEGRITY_HMAC (1 << 1) |
#define | CRYPT_COMPAT_LEGACY_INTEGRITY_RECALC (1 << 2) |
Functions | |
int | crypt_format (struct crypt_device *cd, const char *type, const char *cipher, const char *cipher_mode, const char *uuid, const char *volume_key, size_t volume_key_size, void *params) |
void | crypt_set_compatibility (struct crypt_device *cd, uint32_t flags) |
uint32_t | crypt_get_compatibility (struct crypt_device *cd) |
int | crypt_convert (struct crypt_device *cd, const char *type, void *params) |
int | crypt_set_uuid (struct crypt_device *cd, const char *uuid) |
int | crypt_set_label (struct crypt_device *cd, const char *label, const char *subsystem) |
int | crypt_volume_key_keyring (struct crypt_device *cd, int enable) |
int | crypt_load (struct crypt_device *cd, const char *requested_type, void *params) |
int | crypt_repair (struct crypt_device *cd, const char *requested_type, void *params) |
int | crypt_resize (struct crypt_device *cd, const char *name, uint64_t new_size) |
int | crypt_suspend (struct crypt_device *cd, const char *name) |
int | crypt_resume_by_passphrase (struct crypt_device *cd, const char *name, int keyslot, const char *passphrase, size_t passphrase_size) |
int | crypt_resume_by_keyfile_device_offset (struct crypt_device *cd, const char *name, int keyslot, const char *keyfile, size_t keyfile_size, uint64_t keyfile_offset) |
int | crypt_resume_by_keyfile_offset (struct crypt_device *cd, const char *name, int keyslot, const char *keyfile, size_t keyfile_size, size_t keyfile_offset) |
int | crypt_resume_by_keyfile (struct crypt_device *cd, const char *name, int keyslot, const char *keyfile, size_t keyfile_size) |
int | crypt_resume_by_volume_key (struct crypt_device *cd, const char *name, const char *volume_key, size_t volume_key_size) |
Set of functions for formatting and manipulating with specific crypt_type
#define CRYPT_COMPAT_LEGACY_INTEGRITY_HMAC (1 << 1) |
dm-integrity device does not protect superblock with HMAC (old kernels)
#define CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING (1 << 0) |
dm-integrity device uses less effective (legacy) padding (old kernels)
#define CRYPT_COMPAT_LEGACY_INTEGRITY_RECALC (1 << 2) |
dm-integrity allow recalculating of volumes with HMAC keys (old kernels)
int crypt_convert | ( | struct crypt_device * | cd, |
const char * | type, | ||
void * | params | ||
) |
Convert to new type for already existing device.
cd | crypt device handle |
type | type of device (optional params struct must be of this type) |
params | crypt type specific parameters (see crypt-type) |
int crypt_format | ( | struct crypt_device * | cd, |
const char * | type, | ||
const char * | cipher, | ||
const char * | cipher_mode, | ||
const char * | uuid, | ||
const char * | volume_key, | ||
size_t | volume_key_size, | ||
void * | params | ||
) |
Create (format) new crypt device (and possible header on-disk) but do not activate it.
cd | crypt device handle |
type | type of device (optional params struct must be of this type) |
cipher | (e.g. "aes") |
cipher_mode | including IV specification (e.g. "xts-plain") |
uuid | requested UUID or NULL if it should be generated |
volume_key | pre-generated volume key or NULL if it should be generated (only for LUKS) |
volume_key_size | size of volume key in bytes. |
params | crypt type specific parameters (see crypt-type) |
uint32_t crypt_get_compatibility | ( | struct crypt_device * | cd | ) |
Get compatibility flags.
cd | crypt device handle |
int crypt_load | ( | struct crypt_device * | cd, |
const char * | requested_type, | ||
void * | params | ||
) |
Load crypt device parameters from on-disk header.
cd | crypt device handle |
requested_type | crypt-type or NULL for all known |
params | crypt type specific parameters (see crypt-type) |
int crypt_repair | ( | struct crypt_device * | cd, |
const char * | requested_type, | ||
void * | params | ||
) |
Try to repair crypt device LUKS on-disk header if invalid.
cd | crypt device handle |
requested_type | crypt-type or NULL for all known |
params | crypt type specific parameters (see crypt-type) |
int crypt_resize | ( | struct crypt_device * | cd, |
const char * | name, | ||
uint64_t | new_size | ||
) |
Resize crypt device.
cd | - crypt device handle |
name | - name of device to resize |
new_size | - new device size in sectors or 0 to use all of the underlying device size |
int crypt_resume_by_keyfile | ( | struct crypt_device * | cd, |
const char * | name, | ||
int | keyslot, | ||
const char * | keyfile, | ||
size_t | keyfile_size | ||
) |
Backward compatible crypt_resume_by_keyfile_device_offset() (without offset).
int crypt_resume_by_keyfile_device_offset | ( | struct crypt_device * | cd, |
const char * | name, | ||
int | keyslot, | ||
const char * | keyfile, | ||
size_t | keyfile_size, | ||
uint64_t | keyfile_offset | ||
) |
Resume crypt device using key file.
cd | crypt device handle |
name | name of device to resume |
keyslot | requested keyslot or CRYPT_ANY_SLOT |
keyfile | key file used to unlock volume key |
keyfile_size | number of bytes to read from keyfile, 0 is unlimited |
keyfile_offset | number of bytes to skip at start of keyfile |
int crypt_resume_by_keyfile_offset | ( | struct crypt_device * | cd, |
const char * | name, | ||
int | keyslot, | ||
const char * | keyfile, | ||
size_t | keyfile_size, | ||
size_t | keyfile_offset | ||
) |
Backward compatible crypt_resume_by_keyfile_device_offset() (with size_t offset).
int crypt_resume_by_passphrase | ( | struct crypt_device * | cd, |
const char * | name, | ||
int | keyslot, | ||
const char * | passphrase, | ||
size_t | passphrase_size | ||
) |
Resume crypt device using passphrase.
cd | crypt device handle |
name | name of device to resume |
keyslot | requested keyslot or CRYPT_ANY_SLOT |
passphrase | passphrase used to unlock volume key |
passphrase_size | size of passphrase (binary data) |
int crypt_resume_by_volume_key | ( | struct crypt_device * | cd, |
const char * | name, | ||
const char * | volume_key, | ||
size_t | volume_key_size | ||
) |
Resume crypt device using provided volume key.
cd | crypt device handle |
name | name of device to resume |
volume_key | provided volume key |
volume_key_size | size of volume_key |
void crypt_set_compatibility | ( | struct crypt_device * | cd, |
uint32_t | flags | ||
) |
Set format compatibility flags.
cd | crypt device handle |
flags | CRYPT_COMPATIBILITY_* flags |
int crypt_set_label | ( | struct crypt_device * | cd, |
const char * | label, | ||
const char * | subsystem | ||
) |
Set new labels (label and subsystem) for already existing device.
cd | crypt device handle |
label | requested label or NULL |
subsystem | requested subsystem label or NULL |
int crypt_set_uuid | ( | struct crypt_device * | cd, |
const char * | uuid | ||
) |
Set new UUID for already existing device.
cd | crypt device handle |
uuid | requested UUID or NULL if it should be generated |
int crypt_suspend | ( | struct crypt_device * | cd, |
const char * | name | ||
) |
Suspend crypt device.
cd | crypt device handle, can be NULL |
name | name of device to suspend |
int crypt_volume_key_keyring | ( | struct crypt_device * | cd, |
int | enable | ||
) |
Enable or disable loading of volume keys via kernel keyring. When set to 'enabled' library loads key in kernel keyring first and pass the key description to dm-crypt instead of binary key copy. If set to 'disabled' library fallbacks to old method of loading volume key directly in dm-crypt target.
cd | crypt device handle, can be NULL |
enable | 0 to disable loading of volume keys via kernel keyring (classical method) otherwise enable it (default) |