encryption

package

v2.0.0 Latest Latest Go to latest Published: Aug 30, 2024 License: MPL-2.0 Imports: 2 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/siderolabs/go-blockdevice

Links

Open Source Insights

Documentation ¶

Overview ¶

Package encryption provides abstraction level for various disk encryption methods.

Index ¶

Constants
Variables
type Key
- func NewKey(slot int, value []byte) *Key
type Keyslot
type Keyslots
type Provider
type TokenProvider

Constants ¶

View Source

const (
	// LUKS2 encryption.
	LUKS2 = "luks2"
	// Unknown unecrypted or unsupported encryption.
	Unknown = "unknown"
)

View Source

const AnyKeyslot = -1

AnyKeyslot tells providers to pick any keyslot.

Variables ¶

View Source

var (
	// ErrEncryptionKeyRejected triggered when encryption key does not match.
	ErrEncryptionKeyRejected = fmt.Errorf("encryption key rejected")

	// ErrDeviceBusy returned when mapped device is still in use.
	ErrDeviceBusy = fmt.Errorf("mapped device is still in use")

	// ErrTokenNotFound returned when trying to get/delete not existing token.
	ErrTokenNotFound = fmt.Errorf("no token with supplied id exists")
)

Functions ¶

This section is empty.

Types ¶

type Key ¶

type Key struct {
	Value []byte
	Slot  int
}

Key represents a single key.

func NewKey ¶

func NewKey(slot int, value []byte) *Key

NewKey create a new key.

type Keyslot ¶

type Keyslot struct {
	Type    string `json:"type"`
	KeySize int64  `json:"key_size"`
}

Keyslot represents a single LUKS2 keyslot.

type Keyslots ¶

type Keyslots struct {
	Keyslots map[string]*Keyslot `json:"keyslots"`
}

Keyslots represents LUKS2 keyslots metadata.

type Provider ¶

type Provider interface {
	TokenProvider
	Encrypt(devname string, key *Key) error
	Open(devname, mappedName string, key *Key) (string, error)
	Close(devname string) error
	AddKey(devname string, key, newKey *Key) error
	SetKey(devname string, key, newKey *Key) error
	CheckKey(devname string, key *Key) (bool, error)
	RemoveKey(devname string, slot int, key *Key) error
	ReadKeyslots(deviceName string) (*Keyslots, error)
}

Provider represents encryption utility methods.

type TokenProvider ¶

type TokenProvider interface {
	SetToken(devname string, slot int, token token.Token) error
	ReadToken(devname string, slot int, token token.Token) error
	RemoveToken(devname string, slot int) error
}

TokenProvider represents token management methods.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
luks Package luks provides a way to call LUKS2 cryptsetup.	Package luks provides a way to call LUKS2 cryptsetup.
token Package token contains token management interfaces.	Package token contains token management interfaces.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL