Documentation
¶
Overview ¶
Package encryption provides abstraction level for various disk encryption methods.
Index ¶
Constants ¶
View Source
const ( // LUKS2 encryption. LUKS2 = "luks2" // Unknown unecrypted or unsupported encryption. Unknown = "unknown" )
View Source
const AnyKeyslot = -1
AnyKeyslot tells providers to pick any keyslot.
Variables ¶
View Source
var ( // ErrEncryptionKeyRejected triggered when encryption key does not match. ErrEncryptionKeyRejected = fmt.Errorf("encryption key rejected") // ErrDeviceBusy returned when mapped device is still in use. ErrDeviceBusy = fmt.Errorf("mapped device is still in use") // ErrTokenNotFound returned when trying to get/delete not existing token. ErrTokenNotFound = fmt.Errorf("no token with supplied id exists") // ErrDeviceNotReady returned when device is not ready. ErrDeviceNotReady = fmt.Errorf("device is not ready") )
Functions ¶
This section is empty.
Types ¶
type JSONMetadata ¶ added in v2.0.27
type JSONMetadata struct {
Keyslots map[string]*Keyslot `json:"keyslots"`
Segments map[string]*Segment `json:"segments"`
}
JSONMetadata represents LUKS2 JSON metadata.
type Keyslot ¶
type Keyslot struct {
Type string `json:"type"`
Area KeyslotArea `json:"area"`
KDF KeyslotKDF `json:"kdf"`
KeySize int64 `json:"key_size"`
}
Keyslot represents a single LUKS2 keyslot.
type KeyslotArea ¶ added in v2.0.27
type KeyslotArea struct {
Encryption string `json:"encryption"`
}
KeyslotArea represents the area parameters of a LUKS2 keyslot.
type KeyslotKDF ¶ added in v2.0.27
type KeyslotKDF struct {
Type string `json:"type"`
}
KeyslotKDF represents the KDF parameters of a LUKS2 keyslot.
type Provider ¶
type Provider interface {
TokenProvider
Encrypt(ctx context.Context, devname string, key *Key) error
IsOpen(ctx context.Context, devname, mappedName string) (bool, string, error)
Open(ctx context.Context, devname, mappedName string, key *Key) (string, error)
Close(ctx context.Context, devname string) error
AddKey(ctx context.Context, devname string, key, newKey *Key) error
CheckKey(ctx context.Context, devname string, key *Key) (bool, error)
RemoveKey(ctx context.Context, devname string, slot int, key *Key) error
ReadKeyslots(deviceName string) (*Keyslots, error)
}
Provider represents encryption utility methods.
type Segment ¶ added in v2.0.27
type Segment struct {
Type string `json:"type"`
Size string `json:"size"`
IVTweak string `json:"iv_tweak"`
Encryption string `json:"encryption"`
Flags []string `json:"flags,omitempty"`
Offset StringUint `json:"offset"`
SectorSize int64 `json:"sector_size"`
}
Segment represents a single LUKS2 segment.
type StringUint ¶ added in v2.0.27
type StringUint uint64
StringUint is a uint64 that unmarshals from a JSON quoted string (e.g. "16777216").
func (*StringUint) UnmarshalJSON ¶ added in v2.0.27
func (s *StringUint) UnmarshalJSON(data []byte) error
UnmarshalJSON implements json.Unmarshaler.
type TokenProvider ¶
type TokenProvider interface {
SetToken(ctx context.Context, devname string, slot int, token token.Token) error
ReadToken(ctx context.Context, devname string, slot int, token token.Token) error
RemoveToken(ctx context.Context, devname string, slot int) error
}
TokenProvider represents token management methods.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.