1*86d7f5d3SJohn Marino #ifndef _LIBCRYPTSETUP_H 2*86d7f5d3SJohn Marino #define _LIBCRYPTSETUP_H 3*86d7f5d3SJohn Marino #ifdef __cplusplus 4*86d7f5d3SJohn Marino extern "C" { 5*86d7f5d3SJohn Marino #endif 6*86d7f5d3SJohn Marino 7*86d7f5d3SJohn Marino #include <stdint.h> 8*86d7f5d3SJohn Marino 9*86d7f5d3SJohn Marino struct crypt_device; /* crypt device handle */ 10*86d7f5d3SJohn Marino 11*86d7f5d3SJohn Marino /** 12*86d7f5d3SJohn Marino * Initialise crypt device handle and check if provided device exists. 13*86d7f5d3SJohn Marino * 14*86d7f5d3SJohn Marino * Returns 0 on success or negative errno value otherwise. 15*86d7f5d3SJohn Marino * 16*86d7f5d3SJohn Marino * @cd - returns pointer to crypt device handle 17*86d7f5d3SJohn Marino * @device - path to device 18*86d7f5d3SJohn Marino * 19*86d7f5d3SJohn Marino * Note that logging is not initialized here, possible messages uses 20*86d7f5d3SJohn Marino * default log function. 21*86d7f5d3SJohn Marino */ 22*86d7f5d3SJohn Marino int crypt_init(struct crypt_device **cd, const char *device); 23*86d7f5d3SJohn Marino 24*86d7f5d3SJohn Marino /** 25*86d7f5d3SJohn Marino * Initialise crypt device handle from provided active device name 26*86d7f5d3SJohn Marino * and check if provided device exists. 27*86d7f5d3SJohn Marino * 28*86d7f5d3SJohn Marino * Returns 0 on success or negative errno value otherwise. 29*86d7f5d3SJohn Marino * 30*86d7f5d3SJohn Marino * @cd - crypt device handle 31*86d7f5d3SJohn Marino * @name - name of active crypt device 32*86d7f5d3SJohn Marino */ 33*86d7f5d3SJohn Marino int crypt_init_by_name(struct crypt_device **cd, const char *name); 34*86d7f5d3SJohn Marino 35*86d7f5d3SJohn Marino /** 36*86d7f5d3SJohn Marino * Set log function. 37*86d7f5d3SJohn Marino * 38*86d7f5d3SJohn Marino * @cd - crypt device handle (can be NULL to set default log function) 39*86d7f5d3SJohn Marino * @usrptr - provided identification in callback 40*86d7f5d3SJohn Marino * @level - log level below (debug messages can uses other levels) 41*86d7f5d3SJohn Marino * @msg - log message 42*86d7f5d3SJohn Marino */ 43*86d7f5d3SJohn Marino #define CRYPT_LOG_NORMAL 0 44*86d7f5d3SJohn Marino #define CRYPT_LOG_ERROR 1 45*86d7f5d3SJohn Marino #define CRYPT_LOG_VERBOSE 2 46*86d7f5d3SJohn Marino #define CRYPT_LOG_DEBUG -1 /* always on stdout */ 47*86d7f5d3SJohn Marino void crypt_set_log_callback(struct crypt_device *cd, 48*86d7f5d3SJohn Marino void (*log)(int level, const char *msg, void *usrptr), 49*86d7f5d3SJohn Marino void *usrptr); 50*86d7f5d3SJohn Marino 51*86d7f5d3SJohn Marino /** 52*86d7f5d3SJohn Marino * Log message through log function. 53*86d7f5d3SJohn Marino * 54*86d7f5d3SJohn Marino * @cd - crypt device handle 55*86d7f5d3SJohn Marino * @level - log level 56*86d7f5d3SJohn Marino * @msg - log message 57*86d7f5d3SJohn Marino */ 58*86d7f5d3SJohn Marino void crypt_log(struct crypt_device *cd, int level, const char *msg); 59*86d7f5d3SJohn Marino 60*86d7f5d3SJohn Marino /** 61*86d7f5d3SJohn Marino * Set confirmation callback (yes/no) 62*86d7f5d3SJohn Marino * 63*86d7f5d3SJohn Marino * If code need confirmation (like deleting last key slot) this function 64*86d7f5d3SJohn Marino * is called. If not defined, everything is confirmed. 65*86d7f5d3SJohn Marino * 66*86d7f5d3SJohn Marino * Calback should return 0 if operation is declined, other values mean accepted. 67*86d7f5d3SJohn Marino * 68*86d7f5d3SJohn Marino * @cd - crypt device handle 69*86d7f5d3SJohn Marino * @usrptr - provided identification in callback 70*86d7f5d3SJohn Marino * @msg - Message for user to confirm 71*86d7f5d3SJohn Marino */ 72*86d7f5d3SJohn Marino void crypt_set_confirm_callback(struct crypt_device *cd, 73*86d7f5d3SJohn Marino int (*confirm)(const char *msg, void *usrptr), 74*86d7f5d3SJohn Marino void *usrptr); 75*86d7f5d3SJohn Marino 76*86d7f5d3SJohn Marino /** 77*86d7f5d3SJohn Marino * Set password query callback. 78*86d7f5d3SJohn Marino * 79*86d7f5d3SJohn Marino * If code need _interactive_ query for password, this callback is called. 80*86d7f5d3SJohn Marino * If not defined, compiled-in default is called (uses terminal input). 81*86d7f5d3SJohn Marino * 82*86d7f5d3SJohn Marino * @cd - crypt device handle 83*86d7f5d3SJohn Marino * @usrptr - provided identification in callback 84*86d7f5d3SJohn Marino * @msg - Message for user 85*86d7f5d3SJohn Marino * @buf - buffer for password 86*86d7f5d3SJohn Marino * @length - size of buffer 87*86d7f5d3SJohn Marino * 88*86d7f5d3SJohn Marino * - Note that if this function is defined, verify option is ignored 89*86d7f5d3SJohn Marino * (caller whch provided callback is responsible fo password verification) 90*86d7f5d3SJohn Marino * - Only zero terminated passwords can be enteted this way, for complex 91*86d7f5d3SJohn Marino * API functions directly. 92*86d7f5d3SJohn Marino * - Maximal length of password is limited to @length-1 (minimal 511 chars) 93*86d7f5d3SJohn Marino */ 94*86d7f5d3SJohn Marino void crypt_set_password_callback(struct crypt_device *cd, 95*86d7f5d3SJohn Marino int (*password)(const char *msg, char *buf, size_t length, void *usrptr), 96*86d7f5d3SJohn Marino void *usrptr); 97*86d7f5d3SJohn Marino 98*86d7f5d3SJohn Marino /** 99*86d7f5d3SJohn Marino * Various crypt device parameters 100*86d7f5d3SJohn Marino * 101*86d7f5d3SJohn Marino * @cd - crypt device handle 102*86d7f5d3SJohn Marino * @timeout - timeout in secons for password entry if compiled-in function used 103*86d7f5d3SJohn Marino * @password_retry - number of tries for password if not verified 104*86d7f5d3SJohn Marino * @iteration_time - iteration time for LUKS header in miliseconds 105*86d7f5d3SJohn Marino * @password_verify - for compiled-in password query always verify passwords twice 106*86d7f5d3SJohn Marino */ 107*86d7f5d3SJohn Marino void crypt_set_timeout(struct crypt_device *cd, uint64_t timeout_sec); 108*86d7f5d3SJohn Marino void crypt_set_password_retry(struct crypt_device *cd, int tries); 109*86d7f5d3SJohn Marino void crypt_set_iterarion_time(struct crypt_device *cd, uint64_t iteration_time_ms); 110*86d7f5d3SJohn Marino void crypt_set_password_verify(struct crypt_device *cd, int password_verify); 111*86d7f5d3SJohn Marino 112*86d7f5d3SJohn Marino /** 113*86d7f5d3SJohn Marino * Helper to lock/unlock memory to avoid swap sensitive data to disk 114*86d7f5d3SJohn Marino * 115*86d7f5d3SJohn Marino * @cd - crypt device handle, can be NULL 116*86d7f5d3SJohn Marino * @lock - 0 to unloct otherwise lock memory 117*86d7f5d3SJohn Marino * 118*86d7f5d3SJohn Marino * Return value indicates that memory is locked (function can be called multiple times). 119*86d7f5d3SJohn Marino * Only root can do this. Note it locks/unlocks all process memory, not only crypt context. 120*86d7f5d3SJohn Marino */ 121*86d7f5d3SJohn Marino int crypt_memory_lock(struct crypt_device *cd, int lock); 122*86d7f5d3SJohn Marino 123*86d7f5d3SJohn Marino #define CRYPT_PLAIN "PLAIN" /* regular crypt device, no on-disk header */ 124*86d7f5d3SJohn Marino #define CRYPT_LUKS1 "LUKS1" /* LUKS version 1 header on-disk */ 125*86d7f5d3SJohn Marino 126*86d7f5d3SJohn Marino struct crypt_params_plain { 127*86d7f5d3SJohn Marino const char *hash; /* password hash function */ 128*86d7f5d3SJohn Marino uint64_t offset; /* offset in sectors */ 129*86d7f5d3SJohn Marino uint64_t skip; /* IV initilisation sector */ 130*86d7f5d3SJohn Marino }; 131*86d7f5d3SJohn Marino 132*86d7f5d3SJohn Marino struct crypt_params_luks1 { 133*86d7f5d3SJohn Marino const char *hash; /* hash used in LUKS header */ 134*86d7f5d3SJohn Marino size_t data_alignment; /* in sectors, data offset is multiple of this */ 135*86d7f5d3SJohn Marino }; 136*86d7f5d3SJohn Marino 137*86d7f5d3SJohn Marino /** 138*86d7f5d3SJohn Marino * Create (format) new crypt device (and possible header on-disk) but not activates it. 139*86d7f5d3SJohn Marino * 140*86d7f5d3SJohn Marino * Returns 0 on success or negative errno value otherwise. 141*86d7f5d3SJohn Marino * 142*86d7f5d3SJohn Marino * @cd - crypt device handle 143*86d7f5d3SJohn Marino * @type - type of device (optional params struct must be of this type) 144*86d7f5d3SJohn Marino * @cipher - (e.g. "aes") 145*86d7f5d3SJohn Marino * @cipher_mode - including IV specification (e.g. "xts-plain") 146*86d7f5d3SJohn Marino * @uuid - requested UUID or NULL if it should be generated 147*86d7f5d3SJohn Marino * @volume_key - pre-generated volume key or NULL if it should be generated (only for LUKS) 148*86d7f5d3SJohn Marino * @volume_key_size - size og volume key in bytes. 149*86d7f5d3SJohn Marino * @params - crypt type specific parameters 150*86d7f5d3SJohn Marino * 151*86d7f5d3SJohn Marino * Note that crypt_format do not enable any keyslot, but it stores volume key internally 152*86d7f5d3SJohn Marino * and subsequent crypt_keyslot_add_* calls can be used. 153*86d7f5d3SJohn Marino * (It is the only situation when crypt_keyslot_add_* do not require active key slots.) 154*86d7f5d3SJohn Marino */ 155*86d7f5d3SJohn Marino int crypt_format(struct crypt_device *cd, 156*86d7f5d3SJohn Marino const char *type, 157*86d7f5d3SJohn Marino const char *cipher, 158*86d7f5d3SJohn Marino const char *cipher_mode, 159*86d7f5d3SJohn Marino const char *uuid, 160*86d7f5d3SJohn Marino const char *volume_key, 161*86d7f5d3SJohn Marino size_t volume_key_size, 162*86d7f5d3SJohn Marino void *params); 163*86d7f5d3SJohn Marino 164*86d7f5d3SJohn Marino /** 165*86d7f5d3SJohn Marino * Load crypt device parameters from on-disk header 166*86d7f5d3SJohn Marino * 167*86d7f5d3SJohn Marino * Returns 0 on success or negative errno value otherwise. 168*86d7f5d3SJohn Marino * 169*86d7f5d3SJohn Marino * @cd - crypt device handle 170*86d7f5d3SJohn Marino * @requested_type - use NULL for all known 171*86d7f5d3SJohn Marino * @params - crypt type specific parameters 172*86d7f5d3SJohn Marino */ 173*86d7f5d3SJohn Marino int crypt_load(struct crypt_device *cd, 174*86d7f5d3SJohn Marino const char *requested_type, 175*86d7f5d3SJohn Marino void *params); 176*86d7f5d3SJohn Marino 177*86d7f5d3SJohn Marino /** 178*86d7f5d3SJohn Marino * Suspends crypt device. 179*86d7f5d3SJohn Marino * 180*86d7f5d3SJohn Marino * Returns 0 on success or negative errno value otherwise. 181*86d7f5d3SJohn Marino * 182*86d7f5d3SJohn Marino * @cd - crypt device handle, can be NULL 183*86d7f5d3SJohn Marino * @name - name of device to suspend 184*86d7f5d3SJohn Marino */ 185*86d7f5d3SJohn Marino int crypt_suspend(struct crypt_device *cd, 186*86d7f5d3SJohn Marino const char *name); 187*86d7f5d3SJohn Marino 188*86d7f5d3SJohn Marino /** 189*86d7f5d3SJohn Marino * Resumes crypt device using passphrase. 190*86d7f5d3SJohn Marino * 191*86d7f5d3SJohn Marino * Returns unlocked key slot number or negative errno otherwise. 192*86d7f5d3SJohn Marino * 193*86d7f5d3SJohn Marino * @cd - crypt device handle 194*86d7f5d3SJohn Marino * @name - name of device to resume 195*86d7f5d3SJohn Marino * @keyslot - requested keyslot or CRYPT_ANY_SLOT 196*86d7f5d3SJohn Marino * @passphrase - passphrase used to unlock volume key, NULL for query 197*86d7f5d3SJohn Marino * @passphrase_size - size of @passphrase (binary data) 198*86d7f5d3SJohn Marino */ 199*86d7f5d3SJohn Marino int crypt_resume_by_passphrase(struct crypt_device *cd, 200*86d7f5d3SJohn Marino const char *name, 201*86d7f5d3SJohn Marino int keyslot, 202*86d7f5d3SJohn Marino const char *passphrase, 203*86d7f5d3SJohn Marino size_t passphrase_size); 204*86d7f5d3SJohn Marino 205*86d7f5d3SJohn Marino /** 206*86d7f5d3SJohn Marino * Resumes crypt device using key file. 207*86d7f5d3SJohn Marino * 208*86d7f5d3SJohn Marino * Returns unlocked key slot number or negative errno otherwise. 209*86d7f5d3SJohn Marino * 210*86d7f5d3SJohn Marino * @cd - crypt device handle 211*86d7f5d3SJohn Marino * @name - name of device to resume 212*86d7f5d3SJohn Marino * @keyslot - requested keyslot or CRYPT_ANY_SLOT 213*86d7f5d3SJohn Marino * @keyfile - key file used to unlock volume key, NULL for passphrase query 214*86d7f5d3SJohn Marino * @keyfile_size - number of bytes to read from @keyfile, 0 is unlimited 215*86d7f5d3SJohn Marino */ 216*86d7f5d3SJohn Marino int crypt_resume_by_keyfile(struct crypt_device *cd, 217*86d7f5d3SJohn Marino const char *name, 218*86d7f5d3SJohn Marino int keyslot, 219*86d7f5d3SJohn Marino const char *keyfile, 220*86d7f5d3SJohn Marino size_t keyfile_size); 221*86d7f5d3SJohn Marino 222*86d7f5d3SJohn Marino /** 223*86d7f5d3SJohn Marino * Releases crypt device context and used memory. 224*86d7f5d3SJohn Marino * 225*86d7f5d3SJohn Marino * @cd - crypt device handle 226*86d7f5d3SJohn Marino */ 227*86d7f5d3SJohn Marino void crypt_free(struct crypt_device *cd); 228*86d7f5d3SJohn Marino 229*86d7f5d3SJohn Marino /** 230*86d7f5d3SJohn Marino * Add key slot using provided passphrase 231*86d7f5d3SJohn Marino * 232*86d7f5d3SJohn Marino * Returns allocated key slot number or negative errno otherwise. 233*86d7f5d3SJohn Marino * 234*86d7f5d3SJohn Marino * @cd - crypt device handle 235*86d7f5d3SJohn Marino * @keyslot - requested keyslot or CRYPT_ANY_SLOT 236*86d7f5d3SJohn Marino * @passphrase - passphrase used to unlock volume key, NULL for query 237*86d7f5d3SJohn Marino * @passphrase_size - size of @passphrase (binary data) 238*86d7f5d3SJohn Marino * @new_passphrase - passphrase for new keyslot, NULL for query 239*86d7f5d3SJohn Marino * @new_passphrase_size - size of @new_passphrase (binary data) 240*86d7f5d3SJohn Marino */ 241*86d7f5d3SJohn Marino #define CRYPT_ANY_SLOT -1 242*86d7f5d3SJohn Marino int crypt_keyslot_add_by_passphrase(struct crypt_device *cd, 243*86d7f5d3SJohn Marino int keyslot, 244*86d7f5d3SJohn Marino const char *passphrase, 245*86d7f5d3SJohn Marino size_t passphrase_size, 246*86d7f5d3SJohn Marino const char *new_passphrase, 247*86d7f5d3SJohn Marino size_t new_passphrase_size); 248*86d7f5d3SJohn Marino 249*86d7f5d3SJohn Marino /** 250*86d7f5d3SJohn Marino * Add key slot using provided key file path 251*86d7f5d3SJohn Marino * 252*86d7f5d3SJohn Marino * Returns allocated key slot number or negative errno otherwise. 253*86d7f5d3SJohn Marino * 254*86d7f5d3SJohn Marino * @cd - crypt device handle 255*86d7f5d3SJohn Marino * @keyslot - requested keyslot or CRYPT_ANY_SLOT 256*86d7f5d3SJohn Marino * @keyfile - key file used to unlock volume key, NULL for passphrase query 257*86d7f5d3SJohn Marino * @keyfile_size - number of bytes to read from @keyfile, 0 is unlimited 258*86d7f5d3SJohn Marino * @new_keyfile - keyfile for new keyslot, NULL for passphrase query 259*86d7f5d3SJohn Marino * @new_keyfile_size - number of bytes to read from @new_keyfile, 0 is unlimited 260*86d7f5d3SJohn Marino * 261*86d7f5d3SJohn Marino * Note that @keyfile can be "-" for STDIN 262*86d7f5d3SJohn Marino */ 263*86d7f5d3SJohn Marino int crypt_keyslot_add_by_keyfile(struct crypt_device *cd, 264*86d7f5d3SJohn Marino int keyslot, 265*86d7f5d3SJohn Marino const char *keyfile, 266*86d7f5d3SJohn Marino size_t keyfile_size, 267*86d7f5d3SJohn Marino const char *new_keyfile, 268*86d7f5d3SJohn Marino size_t new_keyfile_size); 269*86d7f5d3SJohn Marino 270*86d7f5d3SJohn Marino /** 271*86d7f5d3SJohn Marino * Add key slot using provided volume key 272*86d7f5d3SJohn Marino * 273*86d7f5d3SJohn Marino * Returns allocated key slot number or negative errno otherwise. 274*86d7f5d3SJohn Marino * 275*86d7f5d3SJohn Marino * @cd - crypt device handle 276*86d7f5d3SJohn Marino * @keyslot - requested keyslot or CRYPT_ANY_SLOT 277*86d7f5d3SJohn Marino * @volume_key - provided volume key or NULL if used after crypt_format 278*86d7f5d3SJohn Marino * @volume_key_size - size of @volume_key 279*86d7f5d3SJohn Marino * @passphrase - passphrase for new keyslot, NULL for query 280*86d7f5d3SJohn Marino * @passphrase_size - size of @passphrase 281*86d7f5d3SJohn Marino */ 282*86d7f5d3SJohn Marino int crypt_keyslot_add_by_volume_key(struct crypt_device *cd, 283*86d7f5d3SJohn Marino int keyslot, 284*86d7f5d3SJohn Marino const char *volume_key, 285*86d7f5d3SJohn Marino size_t volume_key_size, 286*86d7f5d3SJohn Marino const char *passphrase, 287*86d7f5d3SJohn Marino size_t passphrase_size); 288*86d7f5d3SJohn Marino 289*86d7f5d3SJohn Marino /** 290*86d7f5d3SJohn Marino * Destroy (and disable) key slot 291*86d7f5d3SJohn Marino * 292*86d7f5d3SJohn Marino * Returns 0 on success or negative errno value otherwise. 293*86d7f5d3SJohn Marino * 294*86d7f5d3SJohn Marino * @cd - crypt device handle 295*86d7f5d3SJohn Marino * @keyslot - requested key slot to destroy 296*86d7f5d3SJohn Marino * 297*86d7f5d3SJohn Marino * Note that there is no passphrase verification used. 298*86d7f5d3SJohn Marino */ 299*86d7f5d3SJohn Marino int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot); 300*86d7f5d3SJohn Marino 301*86d7f5d3SJohn Marino /** 302*86d7f5d3SJohn Marino * Activation flags 303*86d7f5d3SJohn Marino */ 304*86d7f5d3SJohn Marino #define CRYPT_ACTIVATE_READONLY (1 << 0) 305*86d7f5d3SJohn Marino #define CRYPT_ACTIVATE_NO_UUID (1 << 1) 306*86d7f5d3SJohn Marino 307*86d7f5d3SJohn Marino /** 308*86d7f5d3SJohn Marino * Activate device or check passphrase 309*86d7f5d3SJohn Marino * 310*86d7f5d3SJohn Marino * Returns unlocked key slot number or negative errno otherwise. 311*86d7f5d3SJohn Marino * 312*86d7f5d3SJohn Marino * @cd - crypt device handle 313*86d7f5d3SJohn Marino * @name - name of device to create, if NULL only check passphrase 314*86d7f5d3SJohn Marino * @keyslot - requested keyslot to check or CRYPT_ANY_SLOT 315*86d7f5d3SJohn Marino * @passphrase - passphrase used to unlock volume key, NULL for query 316*86d7f5d3SJohn Marino * @passphrase_size - size of @passphrase 317*86d7f5d3SJohn Marino * @flags - activation flags 318*86d7f5d3SJohn Marino */ 319*86d7f5d3SJohn Marino int crypt_activate_by_passphrase(struct crypt_device *cd, 320*86d7f5d3SJohn Marino const char *name, 321*86d7f5d3SJohn Marino int keyslot, 322*86d7f5d3SJohn Marino const char *passphrase, 323*86d7f5d3SJohn Marino size_t passphrase_size, 324*86d7f5d3SJohn Marino uint32_t flags); 325*86d7f5d3SJohn Marino 326*86d7f5d3SJohn Marino /** 327*86d7f5d3SJohn Marino * Activate device or check using key file 328*86d7f5d3SJohn Marino * 329*86d7f5d3SJohn Marino * Returns unlocked key slot number or negative errno otherwise. 330*86d7f5d3SJohn Marino * 331*86d7f5d3SJohn Marino * @cd - crypt device handle 332*86d7f5d3SJohn Marino * @name - name of device to create, if NULL only check keyfile 333*86d7f5d3SJohn Marino * @keyslot - requested keyslot to check or CRYPT_ANY_SLOT 334*86d7f5d3SJohn Marino * @keyfile - key file used to unlock volume key 335*86d7f5d3SJohn Marino * @keyfile_size - number of bytes to read from @keyfile, 0 is unlimited 336*86d7f5d3SJohn Marino * @flags - activation flags 337*86d7f5d3SJohn Marino */ 338*86d7f5d3SJohn Marino int crypt_activate_by_keyfile(struct crypt_device *cd, 339*86d7f5d3SJohn Marino const char *name, 340*86d7f5d3SJohn Marino int keyslot, 341*86d7f5d3SJohn Marino const char *keyfile, 342*86d7f5d3SJohn Marino size_t keyfile_size, 343*86d7f5d3SJohn Marino uint32_t flags); 344*86d7f5d3SJohn Marino 345*86d7f5d3SJohn Marino /** 346*86d7f5d3SJohn Marino * Activate device using provided volume key 347*86d7f5d3SJohn Marino * 348*86d7f5d3SJohn Marino * Returns 0 on success or negative errno value otherwise. 349*86d7f5d3SJohn Marino * 350*86d7f5d3SJohn Marino * @cd - crypt device handle 351*86d7f5d3SJohn Marino * @name - name of device to create, if NULL only check volume key 352*86d7f5d3SJohn Marino * @volume_key - provided volume key 353*86d7f5d3SJohn Marino * @volume_key_size - size of @volume_key 354*86d7f5d3SJohn Marino * @flags - activation flags 355*86d7f5d3SJohn Marino */ 356*86d7f5d3SJohn Marino int crypt_activate_by_volume_key(struct crypt_device *cd, 357*86d7f5d3SJohn Marino const char *name, 358*86d7f5d3SJohn Marino const char *volume_key, 359*86d7f5d3SJohn Marino size_t volume_key_size, 360*86d7f5d3SJohn Marino uint32_t flags); 361*86d7f5d3SJohn Marino 362*86d7f5d3SJohn Marino /** 363*86d7f5d3SJohn Marino * Deactivate crypt device 364*86d7f5d3SJohn Marino * 365*86d7f5d3SJohn Marino * @cd - crypt device handle, can be NULL 366*86d7f5d3SJohn Marino * @name - name of device to deactivate 367*86d7f5d3SJohn Marino */ 368*86d7f5d3SJohn Marino int crypt_deactivate(struct crypt_device *cd, const char *name); 369*86d7f5d3SJohn Marino 370*86d7f5d3SJohn Marino /** 371*86d7f5d3SJohn Marino * Get volume key from of crypt device 372*86d7f5d3SJohn Marino * 373*86d7f5d3SJohn Marino * Returns unlocked key slot number or negative errno otherwise. 374*86d7f5d3SJohn Marino * 375*86d7f5d3SJohn Marino * @cd - crypt device handle 376*86d7f5d3SJohn Marino * @keyslot - use this keyslot or CRYPT_ANY_SLOT 377*86d7f5d3SJohn Marino * @volume_key - buffer for volume key 378*86d7f5d3SJohn Marino * @volume_key_size - on input, size of buffer @volume_key, 379*86d7f5d3SJohn Marino * on output size of @volume_key 380*86d7f5d3SJohn Marino * @passphrase - passphrase used to unlock volume key, NULL for query 381*86d7f5d3SJohn Marino * @passphrase_size - size of @passphrase 382*86d7f5d3SJohn Marino */ 383*86d7f5d3SJohn Marino int crypt_volume_key_get(struct crypt_device *cd, 384*86d7f5d3SJohn Marino int keyslot, 385*86d7f5d3SJohn Marino char *volume_key, 386*86d7f5d3SJohn Marino size_t *volume_key_size, 387*86d7f5d3SJohn Marino const char *passphrase, 388*86d7f5d3SJohn Marino size_t passphrase_size); 389*86d7f5d3SJohn Marino 390*86d7f5d3SJohn Marino /** 391*86d7f5d3SJohn Marino * Verify that provided volume key is valid for crypt device 392*86d7f5d3SJohn Marino * 393*86d7f5d3SJohn Marino * Returns 0 on success or negative errno value otherwise. 394*86d7f5d3SJohn Marino * 395*86d7f5d3SJohn Marino * @cd - crypt device handle 396*86d7f5d3SJohn Marino * @volume_key - provided volume key 397*86d7f5d3SJohn Marino * @volume_key_size - size of @volume_key 398*86d7f5d3SJohn Marino */ 399*86d7f5d3SJohn Marino int crypt_volume_key_verify(struct crypt_device *cd, 400*86d7f5d3SJohn Marino const char *volume_key, 401*86d7f5d3SJohn Marino size_t volume_key_size); 402*86d7f5d3SJohn Marino 403*86d7f5d3SJohn Marino /** 404*86d7f5d3SJohn Marino * Get status info about device name 405*86d7f5d3SJohn Marino * 406*86d7f5d3SJohn Marino * Returns value defined by crypt_status_info. 407*86d7f5d3SJohn Marino * 408*86d7f5d3SJohn Marino * @cd - crypt device handle, can be NULL 409*86d7f5d3SJohn Marino * @name -crypt device name 410*86d7f5d3SJohn Marino * 411*86d7f5d3SJohn Marino * CRYPT_INACTIVE - no such mapped device 412*86d7f5d3SJohn Marino * CRYPT_ACTIVE - device is active 413*86d7f5d3SJohn Marino * CRYPT_BUSY - device is active and has open count > 0 414*86d7f5d3SJohn Marino */ 415*86d7f5d3SJohn Marino typedef enum { 416*86d7f5d3SJohn Marino CRYPT_INVALID, 417*86d7f5d3SJohn Marino CRYPT_INACTIVE, 418*86d7f5d3SJohn Marino CRYPT_ACTIVE, 419*86d7f5d3SJohn Marino CRYPT_BUSY 420*86d7f5d3SJohn Marino } crypt_status_info; 421*86d7f5d3SJohn Marino crypt_status_info crypt_status(struct crypt_device *cd, const char *name); 422*86d7f5d3SJohn Marino 423*86d7f5d3SJohn Marino /** 424*86d7f5d3SJohn Marino * Dump text-formatted information about crypt device to log output 425*86d7f5d3SJohn Marino * 426*86d7f5d3SJohn Marino * Returns 0 on success or negative errno value otherwise. 427*86d7f5d3SJohn Marino * 428*86d7f5d3SJohn Marino * @cd - crypt device handle, can be NULL 429*86d7f5d3SJohn Marino */ 430*86d7f5d3SJohn Marino int crypt_dump(struct crypt_device *cd); 431*86d7f5d3SJohn Marino 432*86d7f5d3SJohn Marino /** 433*86d7f5d3SJohn Marino * Various crypt device info functions 434*86d7f5d3SJohn Marino * 435*86d7f5d3SJohn Marino * @cd - crypt device handle 436*86d7f5d3SJohn Marino * 437*86d7f5d3SJohn Marino * cipher - used cipher, e.g. "aes" or NULL otherwise 438*86d7f5d3SJohn Marino * cipher_mode - used cipher mode including IV, e.g. "xts-plain" or NULL otherwise 439*86d7f5d3SJohn Marino * uuid - device UUID or NULL if not set 440*86d7f5d3SJohn Marino * data_offset - device offset in sectors where real data starts on underlying device) 441*86d7f5d3SJohn Marino * volume_key_size - size (in bytes) of volume key for crypt device 442*86d7f5d3SJohn Marino */ 443*86d7f5d3SJohn Marino const char *crypt_get_cipher(struct crypt_device *cd); 444*86d7f5d3SJohn Marino const char *crypt_get_cipher_mode(struct crypt_device *cd); 445*86d7f5d3SJohn Marino const char *crypt_get_uuid(struct crypt_device *cd); 446*86d7f5d3SJohn Marino uint64_t crypt_get_data_offset(struct crypt_device *cd); 447*86d7f5d3SJohn Marino int crypt_get_volume_key_size(struct crypt_device *cd); 448*86d7f5d3SJohn Marino 449*86d7f5d3SJohn Marino /** 450*86d7f5d3SJohn Marino * Get information about particular key slot 451*86d7f5d3SJohn Marino * 452*86d7f5d3SJohn Marino * Returns value defined by crypt_keyslot_info. 453*86d7f5d3SJohn Marino * 454*86d7f5d3SJohn Marino * @cd - crypt device handle 455*86d7f5d3SJohn Marino * @keyslot - requested keyslot to check or CRYPT_ANY_SLOT 456*86d7f5d3SJohn Marino */ 457*86d7f5d3SJohn Marino typedef enum { 458*86d7f5d3SJohn Marino CRYPT_SLOT_INVALID, 459*86d7f5d3SJohn Marino CRYPT_SLOT_INACTIVE, 460*86d7f5d3SJohn Marino CRYPT_SLOT_ACTIVE, 461*86d7f5d3SJohn Marino CRYPT_SLOT_ACTIVE_LAST 462*86d7f5d3SJohn Marino } crypt_keyslot_info; 463*86d7f5d3SJohn Marino crypt_keyslot_info crypt_keyslot_status(struct crypt_device *cd, int keyslot); 464*86d7f5d3SJohn Marino 465*86d7f5d3SJohn Marino /** 466*86d7f5d3SJohn Marino * Backup header and keyslots to file 467*86d7f5d3SJohn Marino * 468*86d7f5d3SJohn Marino * Returns 0 on success or negative errno value otherwise. 469*86d7f5d3SJohn Marino * 470*86d7f5d3SJohn Marino * @cd - crypt device handle 471*86d7f5d3SJohn Marino * @requested_type - type of header to backup 472*86d7f5d3SJohn Marino * @backup_file - file to backup header to 473*86d7f5d3SJohn Marino */ 474*86d7f5d3SJohn Marino int crypt_header_backup(struct crypt_device *cd, 475*86d7f5d3SJohn Marino const char *requested_type, 476*86d7f5d3SJohn Marino const char *backup_file); 477*86d7f5d3SJohn Marino 478*86d7f5d3SJohn Marino /** 479*86d7f5d3SJohn Marino * Restore header and keyslots from backup file 480*86d7f5d3SJohn Marino * 481*86d7f5d3SJohn Marino * Returns 0 on success or negative errno value otherwise. 482*86d7f5d3SJohn Marino * 483*86d7f5d3SJohn Marino * @cd - crypt device handle 484*86d7f5d3SJohn Marino * @requested_type - type of header to restore 485*86d7f5d3SJohn Marino * @backup_file - file to restore header from 486*86d7f5d3SJohn Marino */ 487*86d7f5d3SJohn Marino int crypt_header_restore(struct crypt_device *cd, 488*86d7f5d3SJohn Marino const char *requested_type, 489*86d7f5d3SJohn Marino const char *backup_file); 490*86d7f5d3SJohn Marino 491*86d7f5d3SJohn Marino /** 492*86d7f5d3SJohn Marino * Receives last reported error 493*86d7f5d3SJohn Marino * 494*86d7f5d3SJohn Marino * @buf - buffef for message 495*86d7f5d3SJohn Marino * @size - size of buffer 496*86d7f5d3SJohn Marino * 497*86d7f5d3SJohn Marino * Note that this is old API function using global context. 498*86d7f5d3SJohn Marino * All error messages are reported also through log callback. 499*86d7f5d3SJohn Marino */ 500*86d7f5d3SJohn Marino void crypt_get_error(char *buf, size_t size); 501*86d7f5d3SJohn Marino 502*86d7f5d3SJohn Marino /** 503*86d7f5d3SJohn Marino * Get directory where mapped crypt devices are created 504*86d7f5d3SJohn Marino */ 505*86d7f5d3SJohn Marino const char *crypt_get_dir(void); 506*86d7f5d3SJohn Marino 507*86d7f5d3SJohn Marino /** 508*86d7f5d3SJohn Marino * Set library debug level 509*86d7f5d3SJohn Marino */ 510*86d7f5d3SJohn Marino #define CRYPT_DEBUG_ALL -1 511*86d7f5d3SJohn Marino #define CRYPT_DEBUG_NONE 0 512*86d7f5d3SJohn Marino void crypt_set_debug_level(int level); 513*86d7f5d3SJohn Marino 514*86d7f5d3SJohn Marino /** 515*86d7f5d3SJohn Marino * OLD DEPRECATED API ********************************** 516*86d7f5d3SJohn Marino * 517*86d7f5d3SJohn Marino * Provided only for backward compatibility. 518*86d7f5d3SJohn Marino */ 519*86d7f5d3SJohn Marino 520*86d7f5d3SJohn Marino struct interface_callbacks { 521*86d7f5d3SJohn Marino int (*yesDialog)(char *msg); 522*86d7f5d3SJohn Marino void (*log)(int level, char *msg); 523*86d7f5d3SJohn Marino }; 524*86d7f5d3SJohn Marino 525*86d7f5d3SJohn Marino #define CRYPT_FLAG_VERIFY (1 << 0) 526*86d7f5d3SJohn Marino #define CRYPT_FLAG_READONLY (1 << 1) 527*86d7f5d3SJohn Marino #define CRYPT_FLAG_VERIFY_IF_POSSIBLE (1 << 2) 528*86d7f5d3SJohn Marino #define CRYPT_FLAG_VERIFY_ON_DELKEY (1 << 3) 529*86d7f5d3SJohn Marino #define CRYPT_FLAG_NON_EXCLUSIVE_ACCESS (1 << 4) 530*86d7f5d3SJohn Marino 531*86d7f5d3SJohn Marino struct crypt_options { 532*86d7f5d3SJohn Marino const char *name; 533*86d7f5d3SJohn Marino const char *device; 534*86d7f5d3SJohn Marino 535*86d7f5d3SJohn Marino const char *cipher; 536*86d7f5d3SJohn Marino const char *hash; 537*86d7f5d3SJohn Marino 538*86d7f5d3SJohn Marino const char *passphrase; 539*86d7f5d3SJohn Marino int passphrase_fd; 540*86d7f5d3SJohn Marino const char *key_file; 541*86d7f5d3SJohn Marino const char *new_key_file; 542*86d7f5d3SJohn Marino int key_size; 543*86d7f5d3SJohn Marino 544*86d7f5d3SJohn Marino unsigned int flags; 545*86d7f5d3SJohn Marino int key_slot; 546*86d7f5d3SJohn Marino 547*86d7f5d3SJohn Marino uint64_t size; 548*86d7f5d3SJohn Marino uint64_t offset; 549*86d7f5d3SJohn Marino uint64_t skip; 550*86d7f5d3SJohn Marino uint64_t iteration_time; 551*86d7f5d3SJohn Marino uint64_t timeout; 552*86d7f5d3SJohn Marino 553*86d7f5d3SJohn Marino uint64_t align_payload; 554*86d7f5d3SJohn Marino int tries; 555*86d7f5d3SJohn Marino 556*86d7f5d3SJohn Marino struct interface_callbacks *icb; 557*86d7f5d3SJohn Marino }; 558*86d7f5d3SJohn Marino 559*86d7f5d3SJohn Marino int crypt_create_device(struct crypt_options *options); 560*86d7f5d3SJohn Marino int crypt_update_device(struct crypt_options *options); 561*86d7f5d3SJohn Marino int crypt_resize_device(struct crypt_options *options); 562*86d7f5d3SJohn Marino int crypt_query_device(struct crypt_options *options); 563*86d7f5d3SJohn Marino int crypt_remove_device(struct crypt_options *options); 564*86d7f5d3SJohn Marino int crypt_luksFormat(struct crypt_options *options); 565*86d7f5d3SJohn Marino int crypt_luksOpen(struct crypt_options *options); 566*86d7f5d3SJohn Marino int crypt_luksKillSlot(struct crypt_options *options); 567*86d7f5d3SJohn Marino int crypt_luksRemoveKey(struct crypt_options *options); 568*86d7f5d3SJohn Marino int crypt_luksAddKey(struct crypt_options *options); 569*86d7f5d3SJohn Marino int crypt_luksUUID(struct crypt_options *options); 570*86d7f5d3SJohn Marino int crypt_isLuks(struct crypt_options *options); 571*86d7f5d3SJohn Marino int crypt_luksDump(struct crypt_options *options); 572*86d7f5d3SJohn Marino 573*86d7f5d3SJohn Marino void crypt_put_options(struct crypt_options *options); 574*86d7f5d3SJohn Marino 575*86d7f5d3SJohn Marino #ifdef __cplusplus 576*86d7f5d3SJohn Marino } 577*86d7f5d3SJohn Marino #endif 578*86d7f5d3SJohn Marino #endif /* _LIBCRYPTSETUP_H */ 579