libcryptsetup.h

Go to the documentation of this file.

/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
 * libcryptsetup - cryptsetup library
 *
 * Copyright (C) 2004 Jana Saout <jana@saout.de>
 * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
 * Copyright (C) 2009-2025 Red Hat, Inc. All rights reserved.
 * Copyright (C) 2009-2025 Milan Broz
 */
 
#ifndef _LIBCRYPTSETUP_H
#define _LIBCRYPTSETUP_H
#ifdef __cplusplus
extern "C" {
#endif
 
#include <stddef.h>
#include <stdint.h>
 
struct crypt_device; /* crypt device handle */
struct crypt_keyslot_context;
 
int crypt_init(struct crypt_device **cd, const char *device);
 
int crypt_init_data_device(struct crypt_device **cd,
        const char *device,
        const char *data_device);
 
int crypt_init_by_name_and_header(struct crypt_device **cd,
        const char *name,
        const char *header_device);
 
int crypt_init_by_name(struct crypt_device **cd, const char *name);
 
void crypt_free(struct crypt_device *cd);
 
void crypt_set_confirm_callback(struct crypt_device *cd,
        int (*confirm)(const char *msg, void *usrptr),
        void *usrptr);
 
int crypt_set_data_device(struct crypt_device *cd, const char *device);
 
int crypt_set_data_offset(struct crypt_device *cd, uint64_t data_offset);
 
#define CRYPT_LOG_NORMAL 0
#define CRYPT_LOG_ERROR  1
#define CRYPT_LOG_VERBOSE  2
#define CRYPT_LOG_DEBUG -1
#define CRYPT_LOG_DEBUG_JSON -2
 
void crypt_set_log_callback(struct crypt_device *cd,
        void (*log)(int level, const char *msg, void *usrptr),
        void *usrptr);
 
void crypt_log(struct crypt_device *cd, int level, const char *msg);
 
void crypt_logf(struct crypt_device *cd, int level, const char *format, ...);
#define CRYPT_RNG_URANDOM 0
#define CRYPT_RNG_RANDOM  1
 
void crypt_set_rng_type(struct crypt_device *cd, int rng_type);
 
int crypt_get_rng_type(struct crypt_device *cd);
 
struct crypt_pbkdf_type {
        const char *type;         
        const char *hash;         
        uint32_t time_ms;         
        uint32_t iterations;      
        uint32_t max_memory_kb;   
        uint32_t parallel_threads;
        uint32_t flags;           
};
 
#define CRYPT_PBKDF_ITER_TIME_SET   (UINT32_C(1) << 0)
#define CRYPT_PBKDF_NO_BENCHMARK    (UINT32_C(1) << 1)
 
#define CRYPT_KDF_PBKDF2   "pbkdf2"
#define CRYPT_KDF_ARGON2I  "argon2i"
#define CRYPT_KDF_ARGON2ID "argon2id"
 
int crypt_set_pbkdf_type(struct crypt_device *cd,
         const struct crypt_pbkdf_type *pbkdf);
 
const struct crypt_pbkdf_type *crypt_get_pbkdf_type_params(const char *pbkdf_type);
 
const struct crypt_pbkdf_type *crypt_get_pbkdf_default(const char *type);
 
const struct crypt_pbkdf_type *crypt_get_pbkdf_type(struct crypt_device *cd);
 
void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_ms);
 
int crypt_memory_lock(struct crypt_device *cd, int lock) __attribute__((deprecated));
 
int crypt_metadata_locking(struct crypt_device *cd, int enable);
 
int crypt_set_metadata_size(struct crypt_device *cd,
        uint64_t metadata_size,
        uint64_t keyslots_size);
 
int crypt_get_metadata_size(struct crypt_device *cd,
        uint64_t *metadata_size,
        uint64_t *keyslots_size);
 
#define CRYPT_PLAIN "PLAIN"
#define CRYPT_LUKS1 "LUKS1"
#define CRYPT_LUKS2 "LUKS2"
#define CRYPT_LOOPAES "LOOPAES"
#define CRYPT_VERITY "VERITY"
#define CRYPT_TCRYPT "TCRYPT"
#define CRYPT_INTEGRITY "INTEGRITY"
#define CRYPT_BITLK "BITLK"
#define CRYPT_FVAULT2 "FVAULT2"
 
#define CRYPT_LUKS NULL
 
const char *crypt_get_type(struct crypt_device *cd);
 
const char *crypt_get_default_type(void);
 
#define CRYPT_SW_ONLY        INT16_C(0)
#define CRYPT_OPAL_HW_ONLY   INT16_C(1)
#define CRYPT_SW_AND_OPAL_HW INT16_C(2)
int crypt_get_hw_encryption_type(struct crypt_device *cd);
 
int crypt_get_hw_encryption_key_size(struct crypt_device *cd);
 
struct crypt_params_plain {
        const char *hash;     
        uint64_t offset;      
        uint64_t skip;        
        uint64_t size;        
        uint32_t sector_size; 
};
 
struct crypt_params_luks1 {
        const char *hash;        
        size_t data_alignment;   
        const char *data_device; 
};
 
struct crypt_params_loopaes {
        const char *hash; 
        uint64_t offset;  
        uint64_t skip;    
};
 
struct crypt_params_verity {
        const char *hash_name;     
        const char *data_device;   
        const char *hash_device;   
        const char *fec_device;    
        const char *salt;          
        uint32_t salt_size;        
        uint32_t hash_type;        
        uint32_t data_block_size;  
        uint32_t hash_block_size;  
        uint64_t data_size;        
        uint64_t hash_area_offset; 
        uint64_t fec_area_offset;  
        uint32_t fec_roots;        
        uint32_t flags;            
};
 
#define CRYPT_VERITY_NO_HEADER   (UINT32_C(1) << 0)
#define CRYPT_VERITY_CHECK_HASH  (UINT32_C(1) << 1)
#define CRYPT_VERITY_CREATE_HASH (UINT32_C(1) << 2)
#define CRYPT_VERITY_ROOT_HASH_SIGNATURE (UINT32_C(1) << 3)
 
struct crypt_params_tcrypt {
        const char *passphrase;    
        size_t passphrase_size;    
        const char **keyfiles;     
        unsigned int keyfiles_count;
        const char *hash_name;     
        const char *cipher;        
        const char *mode;          
        size_t key_size;           
        uint32_t flags;            
        uint32_t veracrypt_pim;    
};
 
#define CRYPT_TCRYPT_LEGACY_MODES    (UINT32_C(1) << 0)
#define CRYPT_TCRYPT_HIDDEN_HEADER   (UINT32_C(1) << 1)
#define CRYPT_TCRYPT_BACKUP_HEADER   (UINT32_C(1) << 2)
#define CRYPT_TCRYPT_SYSTEM_HEADER   (UINT32_C(1) << 3)
#define CRYPT_TCRYPT_VERA_MODES      (UINT32_C(1) << 4)
 
struct crypt_params_integrity {
        uint64_t journal_size;               
        unsigned int journal_watermark;      
        unsigned int journal_commit_time;    
        uint32_t interleave_sectors;         
        uint32_t tag_size;                   
        uint32_t sector_size;                
        uint32_t buffer_sectors;             
        const char *integrity;               
        uint32_t integrity_key_size;         
        const char *journal_integrity;       
        const char *journal_integrity_key;   
        uint32_t journal_integrity_key_size; 
        const char *journal_crypt;           
        const char *journal_crypt_key;       
        uint32_t journal_crypt_key_size;     
};
 
struct crypt_params_luks2 {
        const struct crypt_pbkdf_type *pbkdf; 
        const char *integrity;                
        const struct crypt_params_integrity *integrity_params; 
        size_t data_alignment;   
        const char *data_device; 
        uint32_t sector_size;    
        const char *label;       
        const char *subsystem;   
};
 
struct crypt_params_hw_opal {
        const char *admin_key;   
        size_t admin_key_size;   
        size_t user_key_size;    
};
int crypt_format(struct crypt_device *cd,
        const char *type,
        const char *cipher,
        const char *cipher_mode,
        const char *uuid,
        const char *volume_key,
        size_t volume_key_size,
        void *params);
 
int crypt_format_luks2_opal(struct crypt_device *cd,
        const char *cipher,
        const char *cipher_mode,
        const char *uuid,
        const char *volume_keys,
        size_t volume_keys_size,
        struct crypt_params_luks2 *params,
        struct crypt_params_hw_opal *opal_params);
 
int crypt_format_inline(struct crypt_device *cd,
        const char *type,
        const char *cipher,
        const char *cipher_mode,
        const char *uuid,
        const char *volume_key,
        size_t volume_key_size,
        void *params);
 
void crypt_set_compatibility(struct crypt_device *cd, uint32_t flags);
 
uint32_t crypt_get_compatibility(struct crypt_device *cd);
 
#define CRYPT_COMPAT_LEGACY_INTEGRITY_PADDING (UINT32_C(1) << 0)
#define CRYPT_COMPAT_LEGACY_INTEGRITY_HMAC (UINT32_C(1) << 1)
#define CRYPT_COMPAT_LEGACY_INTEGRITY_RECALC (UINT32_C(1) << 2)
 
int crypt_convert(struct crypt_device *cd,
        const char *type,
        void *params);
 
int crypt_set_uuid(struct crypt_device *cd,
        const char *uuid);
 
int crypt_set_label(struct crypt_device *cd,
        const char *label,
        const char *subsystem);
 
const char *crypt_get_label(struct crypt_device *cd);
 
const char *crypt_get_subsystem(struct crypt_device *cd);
 
int crypt_volume_key_keyring(struct crypt_device *cd, int enable);
 
int crypt_load(struct crypt_device *cd,
        const char *requested_type,
        void *params);
 
int crypt_repair(struct crypt_device *cd,
        const char *requested_type,
        void *params);
 
int crypt_resize(struct crypt_device *cd,
        const char *name,
        uint64_t new_size);
 
int crypt_suspend(struct crypt_device *cd,
        const char *name);
 
int crypt_resume_by_passphrase(struct crypt_device *cd,
        const char *name,
        int keyslot,
        const char *passphrase,
        size_t passphrase_size);
 
int crypt_resume_by_keyfile_device_offset(struct crypt_device *cd,
        const char *name,
        int keyslot,
        const char *keyfile,
        size_t keyfile_size,
        uint64_t keyfile_offset);
 
int crypt_resume_by_keyfile_offset(struct crypt_device *cd,
        const char *name,
        int keyslot,
        const char *keyfile,
        size_t keyfile_size,
        size_t keyfile_offset);
 
int crypt_resume_by_keyfile(struct crypt_device *cd,
        const char *name,
        int keyslot,
        const char *keyfile,
        size_t keyfile_size);
int crypt_resume_by_volume_key(struct crypt_device *cd,
        const char *name,
        const char *volume_key,
        size_t volume_key_size);
int crypt_resume_by_token_pin(struct crypt_device *cd,
        const char *name,
        const char *type,
        int token,
        const char *pin,
        size_t pin_size,
        void *usrptr);
 
int crypt_resume_by_keyslot_context(struct crypt_device *cd,
                               const char *name,
                               int keyslot,
                               struct crypt_keyslot_context *kc);
#define CRYPT_ANY_SLOT -1
 
int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
        int keyslot,
        const char *passphrase,
        size_t passphrase_size,
        const char *new_passphrase,
        size_t new_passphrase_size);
 
int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
        int keyslot_old,
        int keyslot_new,
        const char *passphrase,
        size_t passphrase_size,
        const char *new_passphrase,
        size_t new_passphrase_size);
 
int crypt_keyslot_add_by_keyfile_device_offset(struct crypt_device *cd,
        int keyslot,
        const char *keyfile,
        size_t keyfile_size,
        uint64_t keyfile_offset,
        const char *new_keyfile,
        size_t new_keyfile_size,
        uint64_t new_keyfile_offset);
 
int crypt_keyslot_add_by_keyfile_offset(struct crypt_device *cd,
        int keyslot,
        const char *keyfile,
        size_t keyfile_size,
        size_t keyfile_offset,
        const char *new_keyfile,
        size_t new_keyfile_size,
        size_t new_keyfile_offset);
 
int crypt_keyslot_add_by_keyfile(struct crypt_device *cd,
        int keyslot,
        const char *keyfile,
        size_t keyfile_size,
        const char *new_keyfile,
        size_t new_keyfile_size);
 
int crypt_keyslot_add_by_volume_key(struct crypt_device *cd,
        int keyslot,
        const char *volume_key,
        size_t volume_key_size,
        const char *passphrase,
        size_t passphrase_size);
 
#define CRYPT_VOLUME_KEY_NO_SEGMENT (UINT32_C(1) << 0)
 
#define CRYPT_VOLUME_KEY_SET (UINT32_C(1) << 1)
 
#define CRYPT_VOLUME_KEY_DIGEST_REUSE (UINT32_C(1) << 2)
 
int crypt_keyslot_add_by_key(struct crypt_device *cd,
        int keyslot,
        const char *volume_key,
        size_t volume_key_size,
        const char *passphrase,
        size_t passphrase_size,
        uint32_t flags);
 
void crypt_keyslot_context_free(struct crypt_keyslot_context *kc);
 
int crypt_keyslot_context_init_by_passphrase(struct crypt_device *cd,
        const char *passphrase,
        size_t passphrase_size,
        struct crypt_keyslot_context **kc);
 
int crypt_keyslot_context_init_by_keyfile(struct crypt_device *cd,
        const char *keyfile,
        size_t keyfile_size,
        uint64_t keyfile_offset,
        struct crypt_keyslot_context **kc);
 
int crypt_keyslot_context_init_by_token(struct crypt_device *cd,
        int token,
        const char *type,
        const char *pin, size_t pin_size,
        void *usrptr,
        struct crypt_keyslot_context **kc);
 
int crypt_keyslot_context_init_by_volume_key(struct crypt_device *cd,
        const char *volume_key,
        size_t volume_key_size,
        struct crypt_keyslot_context **kc);
 
int crypt_keyslot_context_init_by_signed_key(struct crypt_device *cd,
        const char *volume_key,
        size_t volume_key_size,
        const char *signature,
        size_t signature_size,
        struct crypt_keyslot_context **kc);
 
int crypt_keyslot_context_init_by_keyring(struct crypt_device *cd,
        const char *key_description,
        struct crypt_keyslot_context **kc);
 
int crypt_keyslot_context_init_by_vk_in_keyring(struct crypt_device *cd,
        const char *key_description,
        struct crypt_keyslot_context **kc);
 
int crypt_keyslot_context_get_error(struct crypt_keyslot_context *kc);
 
int crypt_keyslot_context_set_pin(struct crypt_device *cd,
        const char *pin, size_t pin_size,
        struct crypt_keyslot_context *kc);
 
#define CRYPT_KC_TYPE_PASSPHRASE INT16_C(1)
#define CRYPT_KC_TYPE_KEYFILE    INT16_C(2)
#define CRYPT_KC_TYPE_TOKEN      INT16_C(3)
#define CRYPT_KC_TYPE_KEY        INT16_C(4)
#define CRYPT_KC_TYPE_KEYRING    INT16_C(5)
#define CRYPT_KC_TYPE_VK_KEYRING    INT16_C(6)
#define CRYPT_KC_TYPE_SIGNED_KEY    INT16_C(7)
int crypt_keyslot_context_get_type(const struct crypt_keyslot_context *kc);
int crypt_keyslot_add_by_keyslot_context(struct crypt_device *cd,
        int keyslot_existing,
        struct crypt_keyslot_context *kc,
        int keyslot_new,
        struct crypt_keyslot_context *new_kc,
        uint32_t flags);
 
int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
#define CRYPT_ACTIVATE_READONLY (UINT32_C(1) << 0)
#define CRYPT_ACTIVATE_NO_UUID  (UINT32_C(1) << 1)
#define CRYPT_ACTIVATE_SHARED   (UINT32_C(1) << 2)
#define CRYPT_ACTIVATE_ALLOW_DISCARDS (UINT32_C(1) << 3)
#define CRYPT_ACTIVATE_PRIVATE (UINT32_C(1) << 4)
#define CRYPT_ACTIVATE_CORRUPTED (UINT32_C(1) << 5)
#define CRYPT_ACTIVATE_SAME_CPU_CRYPT (UINT32_C(1) << 6)
#define CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS (UINT32_C(1) << 7)
#define CRYPT_ACTIVATE_IGNORE_CORRUPTION (UINT32_C(1) << 8)
#define CRYPT_ACTIVATE_RESTART_ON_CORRUPTION (UINT32_C(1) << 9)
#define CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS (UINT32_C(1) << 10)
#define CRYPT_ACTIVATE_KEYRING_KEY (UINT32_C(1) << 11)
#define CRYPT_ACTIVATE_NO_JOURNAL (UINT32_C(1) << 12)
#define CRYPT_ACTIVATE_RECOVERY (UINT32_C(1) << 13)
#define CRYPT_ACTIVATE_IGNORE_PERSISTENT (UINT32_C(1) << 14)
#define CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE (UINT32_C(1) << 15)
#define CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY (UINT32_C(1) << 16)
#define CRYPT_ACTIVATE_RECALCULATE (UINT32_C(1) << 17)
#define CRYPT_ACTIVATE_REFRESH  (UINT32_C(1) << 18)
#define CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF (UINT32_C(1) << 19)
#define CRYPT_ACTIVATE_NO_JOURNAL_BITMAP (UINT32_C(1) << 20)
#define CRYPT_ACTIVATE_SUSPENDED (UINT32_C(1) << 21)
#define CRYPT_ACTIVATE_IV_LARGE_SECTORS (UINT32_C(1) << 22)
#define CRYPT_ACTIVATE_PANIC_ON_CORRUPTION (UINT32_C(1) << 23)
#define CRYPT_ACTIVATE_NO_READ_WORKQUEUE (UINT32_C(1) << 24)
#define CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE (UINT32_C(1) << 25)
#define CRYPT_ACTIVATE_RECALCULATE_RESET (UINT32_C(1) << 26)
#define CRYPT_ACTIVATE_TASKLETS (UINT32_C(1) << 27)
#define CRYPT_ACTIVATE_HIGH_PRIORITY (UINT32_C(1) << 28)
#define CRYPT_ACTIVATE_ERROR_AS_CORRUPTION (UINT32_C(1) << 29)
#define CRYPT_ACTIVATE_INLINE_MODE (UINT32_C(1) << 30)
 
struct crypt_active_device {
        uint64_t offset;    
        uint64_t iv_offset; 
        uint64_t size;      
        uint32_t flags;     
};
 
int crypt_get_active_device(struct crypt_device *cd,
        const char *name,
        struct crypt_active_device *cad);
 
uint64_t crypt_get_active_integrity_failures(struct crypt_device *cd,
        const char *name);
#define CRYPT_REQUIREMENT_OFFLINE_REENCRYPT     (UINT32_C(1) << 0)
#define CRYPT_REQUIREMENT_ONLINE_REENCRYPT      (UINT32_C(1) << 1)
#define CRYPT_REQUIREMENT_OPAL                  (UINT32_C(1) << 2)
#define CRYPT_REQUIREMENT_INLINE_HW_TAGS        (UINT32_C(1) << 3)
#define CRYPT_REQUIREMENT_UNKNOWN               (UINT32_C(1) << 31)
 
typedef enum {
        CRYPT_FLAGS_ACTIVATION, 
        CRYPT_FLAGS_REQUIREMENTS 
} crypt_flags_type;
 
int crypt_persistent_flags_set(struct crypt_device *cd,
        crypt_flags_type type,
        uint32_t flags);
 
int crypt_persistent_flags_get(struct crypt_device *cd,
        crypt_flags_type type,
        uint32_t *flags);
int crypt_activate_by_keyslot_context(struct crypt_device *cd,
        const char *name,
        int keyslot,
        struct crypt_keyslot_context *kc,
        int additional_keyslot,
        struct crypt_keyslot_context *additional_kc,
        uint32_t flags);
 
int crypt_activate_by_passphrase(struct crypt_device *cd,
        const char *name,
        int keyslot,
        const char *passphrase,
        size_t passphrase_size,
        uint32_t flags);
 
int crypt_activate_by_keyfile_device_offset(struct crypt_device *cd,
        const char *name,
        int keyslot,
        const char *keyfile,
        size_t keyfile_size,
        uint64_t keyfile_offset,
        uint32_t flags);
 
int crypt_activate_by_keyfile_offset(struct crypt_device *cd,
        const char *name,
        int keyslot,
        const char *keyfile,
        size_t keyfile_size,
        size_t keyfile_offset,
        uint32_t flags);
 
int crypt_activate_by_keyfile(struct crypt_device *cd,
        const char *name,
        int keyslot,
        const char *keyfile,
        size_t keyfile_size,
        uint32_t flags);
 
int crypt_activate_by_volume_key(struct crypt_device *cd,
        const char *name,
        const char *volume_key,
        size_t volume_key_size,
        uint32_t flags);
 
int crypt_activate_by_signed_key(struct crypt_device *cd,
        const char *name,
        const char *volume_key,
        size_t volume_key_size,
        const char *signature,
        size_t signature_size,
        uint32_t flags);
 
int crypt_activate_by_keyring(struct crypt_device *cd,
        const char *name,
        const char *key_description,
        int keyslot,
        uint32_t flags);
 
#define CRYPT_DEACTIVATE_DEFERRED (UINT32_C(1) << 0)
#define CRYPT_DEACTIVATE_FORCE    (UINT32_C(1) << 1)
#define CRYPT_DEACTIVATE_DEFERRED_CANCEL (UINT32_C(1) << 2)
 
int crypt_deactivate_by_name(struct crypt_device *cd,
        const char *name,
        uint32_t flags);
 
int crypt_deactivate(struct crypt_device *cd, const char *name);
int crypt_volume_key_get(struct crypt_device *cd,
        int keyslot,
        char *volume_key,
        size_t *volume_key_size,
        const char *passphrase,
        size_t passphrase_size);
 
int crypt_volume_key_get_by_keyslot_context(struct crypt_device *cd,
        int keyslot,
        char *volume_key,
        size_t *volume_key_size,
        struct crypt_keyslot_context *kc);
 
int crypt_volume_key_verify(struct crypt_device *cd,
        const char *volume_key,
        size_t volume_key_size);
typedef enum {
        CRYPT_INVALID,  
        CRYPT_INACTIVE, 
        CRYPT_ACTIVE,   
        CRYPT_BUSY      
} crypt_status_info;
 
crypt_status_info crypt_status(struct crypt_device *cd, const char *name);
 
int crypt_dump(struct crypt_device *cd);
 
int crypt_dump_json(struct crypt_device *cd, const char **json, uint32_t flags);
 
const char *crypt_get_cipher(struct crypt_device *cd);
 
const char *crypt_get_cipher_mode(struct crypt_device *cd);
 
const char *crypt_get_uuid(struct crypt_device *cd);
 
const char *crypt_get_device_name(struct crypt_device *cd);
 
const char *crypt_get_metadata_device_name(struct crypt_device *cd);
 
uint64_t crypt_get_data_offset(struct crypt_device *cd);
 
uint64_t crypt_get_iv_offset(struct crypt_device *cd);
 
int crypt_get_volume_key_size(struct crypt_device *cd);
 
int crypt_get_old_volume_key_size(struct crypt_device *cd);
 
int crypt_get_sector_size(struct crypt_device *cd);
 
int crypt_header_is_detached(struct crypt_device *cd);
 
int crypt_get_verity_info(struct crypt_device *cd,
        struct crypt_params_verity *vp);
 
int crypt_get_integrity_info(struct crypt_device *cd,
        struct crypt_params_integrity *ip);
int crypt_benchmark(struct crypt_device *cd,
        const char *cipher,
        const char *cipher_mode,
        size_t volume_key_size,
        size_t iv_size,
        size_t buffer_size,
        double *encryption_mbs,
        double *decryption_mbs);
 
int crypt_benchmark_pbkdf(struct crypt_device *cd,
        struct crypt_pbkdf_type *pbkdf,
        const char *password,
        size_t password_size,
        const char *salt,
        size_t salt_size,
        size_t volume_key_size,
        int (*progress)(uint32_t time_ms, void *usrptr),
        void *usrptr);
typedef enum {
        CRYPT_SLOT_INVALID,    
        CRYPT_SLOT_INACTIVE,   
        CRYPT_SLOT_ACTIVE,     
        CRYPT_SLOT_ACTIVE_LAST,
        CRYPT_SLOT_UNBOUND     
} crypt_keyslot_info;
 
crypt_keyslot_info crypt_keyslot_status(struct crypt_device *cd, int keyslot);
 
typedef enum {
        CRYPT_SLOT_PRIORITY_INVALID =-1, 
        CRYPT_SLOT_PRIORITY_IGNORE  = 0, 
        CRYPT_SLOT_PRIORITY_NORMAL  = 1, 
        CRYPT_SLOT_PRIORITY_PREFER  = 2, 
} crypt_keyslot_priority;
 
crypt_keyslot_priority crypt_keyslot_get_priority(struct crypt_device *cd, int keyslot);
 
int crypt_keyslot_set_priority(struct crypt_device *cd, int keyslot, crypt_keyslot_priority priority);
 
int crypt_keyslot_max(const char *type);
 
int crypt_keyslot_area(struct crypt_device *cd,
        int keyslot,
        uint64_t *offset,
        uint64_t *length);
 
int crypt_keyslot_get_key_size(struct crypt_device *cd, int keyslot);
 
const char *crypt_keyslot_get_encryption(struct crypt_device *cd, int keyslot, size_t *key_size);
 
int crypt_keyslot_get_pbkdf(struct crypt_device *cd, int keyslot, struct crypt_pbkdf_type *pbkdf);
 
int crypt_keyslot_set_encryption(struct crypt_device *cd,
        const char *cipher,
        size_t key_size);
 
const char *crypt_get_dir(void);
 
int crypt_header_backup(struct crypt_device *cd,
        const char *requested_type,
        const char *backup_file);
 
int crypt_header_restore(struct crypt_device *cd,
        const char *requested_type,
        const char *backup_file);
#define CRYPT_DEBUG_ALL  -1
#define CRYPT_DEBUG_JSON  -2
#define CRYPT_DEBUG_NONE  0
 
void crypt_set_debug_level(int level);
int crypt_keyfile_device_read(struct crypt_device *cd,
        const char *keyfile,
        char **key, size_t *key_size_read,
        uint64_t keyfile_offset,
        size_t key_size,
        uint32_t flags);
 
int crypt_keyfile_read(struct crypt_device *cd,
        const char *keyfile,
        char **key, size_t *key_size_read,
        size_t keyfile_offset,
        size_t key_size,
        uint32_t flags);
 
#define CRYPT_KEYFILE_STOP_EOL   (UINT32_C(1) << 0)
typedef enum {
        CRYPT_WIPE_ZERO,           
        CRYPT_WIPE_RANDOM,         
        CRYPT_WIPE_ENCRYPTED_ZERO, 
        CRYPT_WIPE_SPECIAL,        
} crypt_wipe_pattern;
 
int crypt_wipe(struct crypt_device *cd,
        const char *dev_path, /* if null, use data device */
        crypt_wipe_pattern pattern,
        uint64_t offset,
        uint64_t length,
        size_t wipe_block_size,
        uint32_t flags,
        int (*progress)(uint64_t size, uint64_t offset, void *usrptr),
        void *usrptr
);
 
#define CRYPT_WIPE_NO_DIRECT_IO (UINT32_C(1) << 0)
 
enum {
        CRYPT_LUKS2_SEGMENT = -2,
        CRYPT_NO_SEGMENT = -1,
};
 
int crypt_wipe_hw_opal(struct crypt_device *cd,
        int segment, /* 0..8, CRYPT_LUKS2_SEGMENT -2, CRYPT_NO_SEGMENT -1 */
        const char *password, /* Admin1 PIN or PSID */
        size_t password_size,
        uint32_t flags /* currently unused */
);
 
int crypt_token_max(const char *type);
 
#define CRYPT_ANY_TOKEN -1
 
int crypt_token_json_get(struct crypt_device *cd,
        int token,
        const char **json);
 
int crypt_token_json_set(struct crypt_device *cd,
        int token,
        const char *json);
 
typedef enum {
        CRYPT_TOKEN_INVALID,          
        CRYPT_TOKEN_INACTIVE,         
        CRYPT_TOKEN_INTERNAL,         
        CRYPT_TOKEN_INTERNAL_UNKNOWN, 
        CRYPT_TOKEN_EXTERNAL,         
        CRYPT_TOKEN_EXTERNAL_UNKNOWN, 
} crypt_token_info;
 
crypt_token_info crypt_token_status(struct crypt_device *cd, int token, const char **type);
 
struct crypt_token_params_luks2_keyring {
        const char *key_description; 
};
 
int crypt_token_luks2_keyring_set(struct crypt_device *cd,
        int token,
        const struct crypt_token_params_luks2_keyring *params);
 
int crypt_token_luks2_keyring_get(struct crypt_device *cd,
        int token,
        struct crypt_token_params_luks2_keyring *params);
 
int crypt_token_assign_keyslot(struct crypt_device *cd,
        int token,
        int keyslot);
 
int crypt_token_unassign_keyslot(struct crypt_device *cd,
        int token,
        int keyslot);
 
int crypt_token_is_assigned(struct crypt_device *cd,
        int token,
        int keyslot);
 
typedef int (*crypt_token_open_func) (
        struct crypt_device *cd,
        int token,
        char **buffer,
        size_t *buffer_len,
        void *usrptr);
 
typedef int (*crypt_token_open_pin_func) (
        struct crypt_device *cd,
        int token,
        const char *pin,
        size_t pin_size,
        char **buffer,
        size_t *buffer_len,
        void *usrptr);
 
typedef void (*crypt_token_buffer_free_func) (void *buffer, size_t buffer_len);
 
typedef int (*crypt_token_validate_func) (struct crypt_device *cd, const char *json);
 
typedef void (*crypt_token_dump_func) (struct crypt_device *cd, const char *json);
 
typedef const char * (*crypt_token_version_func) (void);
 
typedef struct  {
        const char *name;           
        crypt_token_open_func open; 
        crypt_token_buffer_free_func buffer_free; 
        crypt_token_validate_func validate; 
        crypt_token_dump_func dump; 
} crypt_token_handler;
 
int crypt_token_register(const crypt_token_handler *handler);
 
const char *crypt_token_external_path(void);
 
int crypt_token_set_external_path(const char *path);
 
void crypt_token_external_disable(void);
 
#define CRYPT_TOKEN_ABI_VERSION1    "CRYPTSETUP_TOKEN_1.0"
 
#define CRYPT_TOKEN_ABI_OPEN        "cryptsetup_token_open"
#define CRYPT_TOKEN_ABI_OPEN_PIN    "cryptsetup_token_open_pin"
#define CRYPT_TOKEN_ABI_BUFFER_FREE "cryptsetup_token_buffer_free"
#define CRYPT_TOKEN_ABI_VALIDATE    "cryptsetup_token_validate"
#define CRYPT_TOKEN_ABI_DUMP        "cryptsetup_token_dump"
#define CRYPT_TOKEN_ABI_VERSION     "cryptsetup_token_version"
 
int crypt_activate_by_token(struct crypt_device *cd,
        const char *name,
        int token,
        void *usrptr,
        uint32_t flags);
 
int crypt_activate_by_token_pin(struct crypt_device *cd,
        const char *name,
        const char *type,
        int token,
        const char *pin,
        size_t pin_size,
        void *usrptr,
        uint32_t flags);
#define CRYPT_REENCRYPT_INITIALIZE_ONLY    (UINT32_C(1) << 0)
#define CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT (UINT32_C(1) << 1)
#define CRYPT_REENCRYPT_RESUME_ONLY        (UINT32_C(1) << 2)
#define CRYPT_REENCRYPT_RECOVERY           (UINT32_C(1) << 3)
#define CRYPT_REENCRYPT_REPAIR_NEEDED      (UINT32_C(1) << 4)
#define CRYPT_REENCRYPT_CREATE_NEW_DIGEST  (UINT32_C(1) << 5)
 
typedef enum {
        CRYPT_REENCRYPT_FORWARD = 0, 
        CRYPT_REENCRYPT_BACKWARD     
} crypt_reencrypt_direction_info;
 
typedef enum {
        CRYPT_REENCRYPT_REENCRYPT = 0, 
        CRYPT_REENCRYPT_ENCRYPT,       
        CRYPT_REENCRYPT_DECRYPT,       
} crypt_reencrypt_mode_info;
 
struct crypt_params_reencrypt {
        crypt_reencrypt_mode_info mode;           
        crypt_reencrypt_direction_info direction; 
        const char *resilience;                   
        const char *hash;                         
        uint64_t data_shift;                      
        uint64_t max_hotzone_size;                
        uint64_t device_size;                     
        const struct crypt_params_luks2 *luks2;   
        uint32_t flags;                           
};
 
int crypt_reencrypt_init_by_passphrase(struct crypt_device *cd,
        const char *name,
        const char *passphrase,
        size_t passphrase_size,
        int keyslot_old,
        int keyslot_new,
        const char *cipher,
        const char *cipher_mode,
        const struct crypt_params_reencrypt *params);
 
int crypt_reencrypt_init_by_keyring(struct crypt_device *cd,
        const char *name,
        const char *key_description,
        int keyslot_old,
        int keyslot_new,
        const char *cipher,
        const char *cipher_mode,
        const struct crypt_params_reencrypt *params);
 
int crypt_reencrypt_init_by_keyslot_context(struct crypt_device *cd,
        const char *name,
        struct crypt_keyslot_context *kc_old,
        struct crypt_keyslot_context *kc_new,
        int keyslot_old,
        int keyslot_new,
        const char *cipher,
        const char *cipher_mode,
        const struct crypt_params_reencrypt *params);
 
int crypt_reencrypt(struct crypt_device *cd,
                    int (*progress)(uint64_t size, uint64_t offset, void *usrptr))
__attribute__((deprecated));
 
int crypt_reencrypt_run(struct crypt_device *cd,
                    int (*progress)(uint64_t size, uint64_t offset, void *usrptr),
                    void *usrptr);
 
typedef enum {
        CRYPT_REENCRYPT_NONE = 0, 
        CRYPT_REENCRYPT_CLEAN,    
        CRYPT_REENCRYPT_CRASH,    
        CRYPT_REENCRYPT_INVALID   
} crypt_reencrypt_info;
 
crypt_reencrypt_info crypt_reencrypt_status(struct crypt_device *cd,
                struct crypt_params_reencrypt *params);
void *crypt_safe_alloc(size_t size);
 
void crypt_safe_free(void *data);
 
void *crypt_safe_realloc(void *data, size_t size);
 
void crypt_safe_memzero(void *data, size_t size);
 
void *crypt_safe_memcpy(void *dst, const void *src, size_t size);
 
int crypt_set_keyring_to_link(struct crypt_device* cd,
        const char* key_description,
        const char* old_key_description,
        const char* key_type_desc,
        const char* keyring_to_link_vk);
 
#ifdef __cplusplus
}
#endif
#endif /* _LIBCRYPTSETUP_H */