| libblockdev Reference Manual | ||||
|---|---|---|---|---|
| Top | Description | ||||
#include <crypto.h> gboolean bd_crypto_check_deps (); void bd_crypto_close (); gboolean bd_crypto_init (); #define BD_CRYPTO_LUKS_METADATA_SIZE GQuark bd_crypto_error_quark (void); #define BD_CRYPTO_ERROR enum BDCryptoError; #define BD_CRYPTO_BACKUP_PASSPHRASE_CHARSET #define BD_CRYPTO_BACKUP_PASSPHRASE_LENGTH #define DEFAULT_LUKS_KEYSIZE_BITS #define DEFAULT_LUKS_CIPHER gchar * bd_crypto_generate_backup_passphrase (GError **error); gboolean bd_crypto_device_is_luks (const gchar *device,GError **error); gchar * bd_crypto_luks_uuid (const gchar *device,GError **error); gchar * bd_crypto_luks_status (const gchar *luks_device,GError **error); gboolean bd_crypto_luks_format (const gchar *device,const gchar *cipher,guint64 key_size,const gchar *passphrase,const gchar *key_file,guint64 min_entropy,GError **error); gboolean bd_crypto_luks_format_blob (const gchar *device,const gchar *cipher,guint64 key_size,const guint8 *pass_data,gsize data_len,guint64 min_entropy,GError **error); gboolean bd_crypto_luks_open (const gchar *device,const gchar *name,const gchar *passphrase,const gchar *key_file,gboolean read_only,GError **error); gboolean bd_crypto_luks_open_blob (const gchar *device,const gchar *name,const guint8 *pass_data,gsize data_len,gboolean read_only,GError **error); gboolean bd_crypto_luks_close (const gchar *luks_device,GError **error); gboolean bd_crypto_luks_add_key (const gchar *device,const gchar *pass,const gchar *key_file,const gchar *npass,const gchar *nkey_file,GError **error); gboolean bd_crypto_luks_add_key_blob (const gchar *device,const guint8 *pass_data,gsize data_len,const guint8 *npass_data,gsize ndata_len,GError **error); gboolean bd_crypto_luks_remove_key (const gchar *device,const gchar *pass,const gchar *key_file,GError **error); gboolean bd_crypto_luks_remove_key_blob (const gchar *device,const guint8 *pass_data,gsize data_len,GError **error); gboolean bd_crypto_luks_change_key (const gchar *device,const gchar *pass,const gchar *npass,GError **error); gboolean bd_crypto_luks_change_key_blob (const gchar *device,const guint8 *pass_data,gsize data_len,const guint8 *npass_data,gsize ndata_len,GError **error); gboolean bd_crypto_luks_resize (const gchar *device,guint64 size,GError **error); gboolean bd_crypto_tc_open (const gchar *device,const gchar *name,const guint8 *pass_data,gsize data_len,gboolean read_only,GError **error); gboolean bd_crypto_tc_close (const gchar *tc_device,GError **error); gboolean bd_crypto_escrow_device (const gchar *device,const gchar *passphrase,const gchar *cert_data,const gchar *directory,const gchar *backup_passphrase,GError **error);
A plugin for operations with encrypted devices. For now, only LUKS devices are supported.
Functions taking a parameter called "device" require the backing device to be passed. On the other hand functions taking the "luks_device" parameter require the LUKS device (/dev/mapper/SOMETHING").
Sizes are given in bytes unless stated otherwise.
gboolean bd_crypto_check_deps ();
Returns : |
whether the plugin's runtime dependencies are satisfied or not Function checking plugin's runtime dependencies. |
void bd_crypto_close ();
Cleans up after the plugin. **This function is called automatically by the library's functions that unload it.**
gboolean bd_crypto_init ();
Initializes the plugin. **This function is called automatically by the library's initialization functions.**
typedef enum {
BD_CRYPTO_ERROR_DEVICE,
BD_CRYPTO_ERROR_STATE,
BD_CRYPTO_ERROR_INVALID_SPEC,
BD_CRYPTO_ERROR_FORMAT_FAILED,
BD_CRYPTO_ERROR_RESIZE_FAILED,
BD_CRYPTO_ERROR_ADD_KEY,
BD_CRYPTO_ERROR_REMOVE_KEY,
BD_CRYPTO_ERROR_NO_KEY,
BD_CRYPTO_ERROR_KEY_SLOT,
BD_CRYPTO_ERROR_NSS_INIT_FAILED,
BD_CRYPTO_ERROR_CERT_DECODE,
BD_CRYPTO_ERROR_ESCROW_FAILED,
} BDCryptoError;
#define BD_CRYPTO_BACKUP_PASSPHRASE_CHARSET "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"
gchar * bd_crypto_generate_backup_passphrase
(GError **error);
|
place to store error (if any). [out] |
Returns : |
A newly generated BD_CRYPTO_BACKUP_PASSPHRASE_LENGTH-long passphrase.
See BD_CRYPTO_BACKUP_PASSPHRASE_CHARSET for the definition of the charset used for the passphrase. |
gboolean bd_crypto_device_is_luks (const gchar *device,GError **error);
|
the queried device |
|
place to store error (if any). [out] |
Returns : |
TRUE if the given device is a LUKS device or FALSE if not or
failed to determine (the error) is populated with the error in such
cases) |
gchar * bd_crypto_luks_uuid (const gchar *device,GError **error);
|
the queried device |
|
place to store error (if any). [out] |
Returns : |
UUID of the device or NULL if failed to determine (error)
is populated with the error in such cases) |
gchar * bd_crypto_luks_status (const gchar *luks_device,GError **error);
|
the queried LUKS device |
|
place to store error (if any). [out] |
Returns : |
one of "invalid", "inactive", "active" or "busy" or
NULL if failed to determine (error is populated with the error in
such cases). [transfer none]
|
gboolean bd_crypto_luks_format (const gchar *device,const gchar *cipher,guint64 key_size,const gchar *passphrase,const gchar *key_file,guint64 min_entropy,GError **error);
Formats the given device as LUKS according to the other parameters given. If
min_entropy is specified (greater than 0), the function waits for enough
entropy to be available in the random data pool (WHICH MAY POTENTIALLY TAKE
FOREVER).
|
a device to format as LUKS |
|
cipher specification (type-mode, e.g. "aes-xts-plain64") or NULL to use the default. [allow-none]
|
|
size of the volume key in bits or 0 to use the default |
|
a passphrase for the new LUKS device or NULL if not requested. [allow-none]
|
|
a key file for the new LUKS device or NULL if not requested. [allow-none]
|
|
minimum random data entropy (in bits) required to format device as LUKS |
|
place to store error (if any). [out] |
Returns : |
whether the given device was successfully formatted as LUKS or not
(the error) contains the error in such cases) |
gboolean bd_crypto_luks_format_blob (const gchar *device,const gchar *cipher,guint64 key_size,const guint8 *pass_data,gsize data_len,guint64 min_entropy,GError **error);
Formats the given device as LUKS according to the other parameters given. If
min_entropy is specified (greater than 0), the function waits for enough
entropy to be available in the random data pool (WHICH MAY POTENTIALLY TAKE
FOREVER).
|
a device to format as LUKS |
|
cipher specification (type-mode, e.g. "aes-xts-plain64") or NULL to use the default. [allow-none]
|
|
size of the volume key in bits or 0 to use the default |
|
a passphrase for the new LUKS device (may contain arbitrary binary data). [array length=data_len] |
|
length of the pass_data buffer |
|
minimum random data entropy (in bits) required to format device as LUKS |
|
place to store error (if any). [out] |
Returns : |
whether the given device was successfully formatted as LUKS or not
(the error) contains the error in such cases) |
gboolean bd_crypto_luks_open (const gchar *device,const gchar *name,const gchar *passphrase,const gchar *key_file,gboolean read_only,GError **error);
|
the device to open |
|
name for the LUKS device |
|
passphrase to open the device or NULL. [allow-none]
|
|
key file path to use for opening the device or NULL. [allow-none]
|
|
whether to open as read-only or not (meaning read-write) |
|
place to store error (if any). [out] |
Returns : |
whether the device was successfully opened or not
One of passphrase, key_file has to be != NULL. |
gboolean bd_crypto_luks_open_blob (const gchar *device,const gchar *name,const guint8 *pass_data,gsize data_len,gboolean read_only,GError **error);
|
the device to open |
|
name for the LUKS device |
|
a passphrase for the new LUKS device (may contain arbitrary binary data). [array length=data_len] |
|
length of the pass_data buffer |
|
whether to open as read-only or not (meaning read-write) |
|
place to store error (if any). [out] |
Returns : |
whether the device was successfully opened or not |
gboolean bd_crypto_luks_close (const gchar *luks_device,GError **error);
|
LUKS device to close |
|
place to store error (if any). [out] |
Returns : |
whether the given luks_device was successfully closed or not |
gboolean bd_crypto_luks_add_key (const gchar *device,const gchar *pass,const gchar *key_file,const gchar *npass,const gchar *nkey_file,GError **error);
|
device to add new key to |
|
passphrase for the device or NULL. [allow-none]
|
|
key file for the device or NULL. [allow-none]
|
|
passphrase to add to device or NULL. [allow-none]
|
|
key file to add to device or NULL. [allow-none]
|
|
place to store error (if any). [out] |
Returns : |
whether the npass or nkey_file was successfully added to device
or not
One of pass, key_file has to be != NULL and the same applies to npass,
nkey_file. |
gboolean bd_crypto_luks_add_key_blob (const gchar *device,const guint8 *pass_data,gsize data_len,const guint8 *npass_data,gsize ndata_len,GError **error);
|
device to add new key to |
|
a passphrase for the new LUKS device (may contain arbitrary binary data). [array length=data_len] |
|
length of the pass_data buffer |
|
a new passphrase for the new LUKS device (may contain arbitrary binary data). [array length=ndata_len] |
|
length of the npass_data buffer |
|
place to store error (if any). [out] |
Returns : |
whether the npass_data was successfully added to device or not |
gboolean bd_crypto_luks_remove_key (const gchar *device,const gchar *pass,const gchar *key_file,GError **error);
|
device to add new key to |
|
passphrase for the device or NULL. [allow-none]
|
|
key file for the device or NULL. [allow-none]
|
|
place to store error (if any). [out] |
Returns : |
whether the key was successfully removed or not
Either pass or key_file has to be != NULL. |
gboolean bd_crypto_luks_remove_key_blob (const gchar *device,const guint8 *pass_data,gsize data_len,GError **error);
|
device to add new key to |
|
a passphrase for the new LUKS device (may contain arbitrary binary data) to remove. [array length=data_len] |
|
length of the pass_data buffer |
|
place to store error (if any). [out] |
Returns : |
whether the key was successfully removed or not
Either pass or key_file has to be != NULL. |
gboolean bd_crypto_luks_change_key (const gchar *device,const gchar *pass,const gchar *npass,GError **error);
|
device to change key of |
|
old passphrase |
|
new passphrase |
|
place to store error (if any). [out] |
Returns : |
whether the key was successfully changed or not No support for changing key files (yet). |
gboolean bd_crypto_luks_change_key_blob (const gchar *device,const guint8 *pass_data,gsize data_len,const guint8 *npass_data,gsize ndata_len,GError **error);
|
device to change key of |
|
a passphrase for the new LUKS device (may contain arbitrary binary data). [array length=data_len] |
|
length of the pass_data buffer |
|
a new passphrase for the new LUKS device (may contain arbitrary binary data). [array length=ndata_len] |
|
length of the npass_data buffer |
|
place to store error (if any). [out] |
Returns : |
whether the key was successfully changed or not |
gboolean bd_crypto_luks_resize (const gchar *device,guint64 size,GError **error);
|
opened LUKS device to resize |
|
requested size in sectors or 0 to adapt to the backing device |
|
place to store error (if any). [out] |
Returns : |
whether the luks_device was successfully resized or not |
gboolean bd_crypto_tc_open (const gchar *device,const gchar *name,const guint8 *pass_data,gsize data_len,gboolean read_only,GError **error);
|
the device to open |
|
name for the TrueCrypt/VeraCrypt device |
|
a passphrase for the TrueCrypt/VeraCrypt volume (may contain arbitrary binary data). [array length=data_len] |
|
length of the pass_data buffer |
|
whether to open as read-only or not (meaning read-write) |
|
place to store error (if any). [out] |
Returns : |
whether the device was successfully opened or not |
gboolean bd_crypto_tc_close (const gchar *tc_device,GError **error);
|
TrueCrypt/VeraCrypt device to close |
|
place to store error (if any). [out] |
Returns : |
whether the given tc_device was successfully closed or not |
gboolean bd_crypto_escrow_device (const gchar *device,const gchar *passphrase,const gchar *cert_data,const gchar *directory,const gchar *backup_passphrase,GError **error);
|
path of the device to create escrow data for |
|
passphrase used for the device |
|
certificate data to use for escrow. [array zero-terminated=1][element-type gchar] |
|
directory to put escrow data into |
|
backup passphrase for the device or NULL. [allow-none]
|
|
place to store error (if any). [out] |
Returns : |
whether the ecrow data was successfully created for device or not |