cryptsetup API
Public cryptsetup API
|
Macros | |
#define | CRYPT_DEACTIVATE_DEFERRED (1 << 0) |
#define | CRYPT_DEACTIVATE_FORCE (1 << 1) |
#define | CRYPT_DEACTIVATE_DEFERRED_CANCEL (1 << 2) |
Functions | |
int | crypt_activate_by_passphrase (struct crypt_device *cd, const char *name, int keyslot, const char *passphrase, size_t passphrase_size, uint32_t flags) |
int | crypt_activate_by_keyfile_device_offset (struct crypt_device *cd, const char *name, int keyslot, const char *keyfile, size_t keyfile_size, uint64_t keyfile_offset, uint32_t flags) |
int | crypt_activate_by_keyfile_offset (struct crypt_device *cd, const char *name, int keyslot, const char *keyfile, size_t keyfile_size, size_t keyfile_offset, uint32_t flags) |
int | crypt_activate_by_keyfile (struct crypt_device *cd, const char *name, int keyslot, const char *keyfile, size_t keyfile_size, uint32_t flags) |
int | crypt_activate_by_volume_key (struct crypt_device *cd, const char *name, const char *volume_key, size_t volume_key_size, uint32_t flags) |
int | crypt_activate_by_signed_key (struct crypt_device *cd, const char *name, const char *volume_key, size_t volume_key_size, const char *signature, size_t signature_size, uint32_t flags) |
int | crypt_activate_by_keyring (struct crypt_device *cd, const char *name, const char *key_description, int keyslot, uint32_t flags) |
int | crypt_deactivate_by_name (struct crypt_device *cd, const char *name, uint32_t flags) |
int | crypt_deactivate (struct crypt_device *cd, const char *name) |
#define CRYPT_DEACTIVATE_DEFERRED (1 << 0) |
lazy deactivation - remove once last user releases it
#define CRYPT_DEACTIVATE_DEFERRED_CANCEL (1 << 2) |
if set, remove lazy deactivation
#define CRYPT_DEACTIVATE_FORCE (1 << 1) |
force deactivation - if the device is busy, it is replaced by error device
int crypt_activate_by_keyfile | ( | struct crypt_device * | cd, |
const char * | name, | ||
int | keyslot, | ||
const char * | keyfile, | ||
size_t | keyfile_size, | ||
uint32_t | flags | ||
) |
Backward compatible crypt_activate_by_keyfile_device_offset() (without offset).
int crypt_activate_by_keyfile_device_offset | ( | struct crypt_device * | cd, |
const char * | name, | ||
int | keyslot, | ||
const char * | keyfile, | ||
size_t | keyfile_size, | ||
uint64_t | keyfile_offset, | ||
uint32_t | flags | ||
) |
Activate device or check using key file.
cd | crypt device handle |
name | name of device to create, if NULL only check keyfile |
keyslot | requested keyslot to check or CRYPT_ANY_SLOT |
keyfile | key file used to unlock volume key |
keyfile_size | number of bytes to read from keyfile, 0 is unlimited |
keyfile_offset | number of bytes to skip at start of keyfile |
flags | activation flags |
int crypt_activate_by_keyfile_offset | ( | struct crypt_device * | cd, |
const char * | name, | ||
int | keyslot, | ||
const char * | keyfile, | ||
size_t | keyfile_size, | ||
size_t | keyfile_offset, | ||
uint32_t | flags | ||
) |
Backward compatible crypt_activate_by_keyfile_device_offset() (with size_t offset).
int crypt_activate_by_keyring | ( | struct crypt_device * | cd, |
const char * | name, | ||
const char * | key_description, | ||
int | keyslot, | ||
uint32_t | flags | ||
) |
Activate device using passphrase stored in kernel keyring.
cd | crypt device handle |
name | name of device to create, if NULL only check passphrase in keyring |
key_description | kernel keyring key description library should look for passphrase in |
keyslot | requested keyslot to check or CRYPT_ANY_SLOT |
flags | activation flags |
int crypt_activate_by_passphrase | ( | struct crypt_device * | cd, |
const char * | name, | ||
int | keyslot, | ||
const char * | passphrase, | ||
size_t | passphrase_size, | ||
uint32_t | flags | ||
) |
Activate device or check passphrase.
cd | crypt device handle |
name | name of device to create, if NULL only check passphrase |
keyslot | requested keyslot to check or CRYPT_ANY_SLOT |
passphrase | passphrase used to unlock volume key |
passphrase_size | size of passphrase |
flags | activation flags |
int crypt_activate_by_signed_key | ( | struct crypt_device * | cd, |
const char * | name, | ||
const char * | volume_key, | ||
size_t | volume_key_size, | ||
const char * | signature, | ||
size_t | signature_size, | ||
uint32_t | flags | ||
) |
Activate VERITY device using provided key and optional signature).
cd | crypt device handle |
name | name of device to create |
volume_key | provided volume key |
volume_key_size | size of volume_key |
signature | buffer with signature for the key |
signature_size | bsize of signature buffer |
flags | activation flags |
int crypt_activate_by_volume_key | ( | struct crypt_device * | cd, |
const char * | name, | ||
const char * | volume_key, | ||
size_t | volume_key_size, | ||
uint32_t | flags | ||
) |
Activate device using provided volume key.
cd | crypt device handle |
name | name of device to create, if NULL only check volume key |
volume_key | provided volume key (or NULL to use internal) |
volume_key_size | size of volume_key |
flags | activation flags |
int crypt_deactivate | ( | struct crypt_device * | cd, |
const char * | name | ||
) |
Deactivate crypt device. See crypt_deactivate_by_name with empty flags.
int crypt_deactivate_by_name | ( | struct crypt_device * | cd, |
const char * | name, | ||
uint32_t | flags | ||
) |
Deactivate crypt device. This function tries to remove active device-mapper mapping from kernel. Also, sensitive data like the volume key are removed from memory
cd | crypt device handle, can be NULL |
name | name of device to deactivate |
flags | deactivation flags |