S
Sdk API
luks API

luks

package

API reference for the luks package.

Imports

(3)
STD errors STD path/filepath PKG github.com/kcolford/go-cryptsetup
S
struct

Params

Params is a minimal LUKS parameter set, intentionally generic.

Not all fields are used by all backends.

pkg/v1/crypto/luks/types.go:14-21 
type Params struct

Fields

Name Type Description
Cipher string
Mode string
Hash string
VolumeKeySize uint64
DataAlignment uint64
DataDevice *string
F
function

Probe

Probe checks if devicePath contains a LUKS1 header.

Parameters

devicePath
string

Returns

bool
error
pkg/v1/crypto/luks/luks_linux.go:33-44 
func Probe(devicePath string) (bool, error)

{
	d, err := cryptsetup.NewDevice(devicePath)
	if err != nil {
		return false, err
	}
	defer d.Close()

	if err := d.Load(cryptsetup.LuksParams{}); err != nil {
		return false, nil
	}
	return true, nil
}

Example 

ok, err := luks.Probe("/dev/sda2")
if err != nil {
	fmt.Printf("Error: %v\n", err)
	return
}
fmt.Printf("Is LUKS: %v\n", ok)
F
function

FormatLUKS1

FormatLUKS1 formats the given block device as LUKS1.

Parameters

devicePath
string
passphrase
[]byte
params
Params

Returns

error
pkg/v1/crypto/luks/luks_linux.go:55-71 
func FormatLUKS1(devicePath string, passphrase []byte, params Params) error

{
	d, err := cryptsetup.NewDevice(devicePath)
	if err != nil {
		return err
	}
	defer d.Close()

	p := cryptsetup.LuksParams{}
	p.Cipher = params.Cipher
	p.Mode = params.Mode
	p.Hash = params.Hash
	p.VolumeKeySize = params.VolumeKeySize
	p.DataAlignment = params.DataAlignment
	p.DataDevice = params.DataDevice

	return d.Format(passphrase, p)
}

Example 

err := luks.FormatLUKS1("/dev/sdb1", []byte("secret"), luks.Params{})
if err != nil {
	fmt.Printf("Error: %v\n", err)
	return
}

Uses

Params (luks)
F
function

Open

Open activates a LUKS device mapping with the given mapperName.

Parameters

devicePath
string
mapperName
string
passphrase
[]byte

Returns

error
pkg/v1/crypto/luks/luks_linux.go:82-93 
func Open(devicePath, mapperName string, passphrase []byte) error

{
	d, err := cryptsetup.NewDevice(devicePath)
	if err != nil {
		return err
	}
	defer d.Close()

	if err := d.Load(cryptsetup.LuksParams{}); err != nil {
		return ErrNotLUKS
	}
	return d.Activate(mapperName, passphrase)
}

Example 

err := luks.Open("/dev/sdb1", "vos-backup", []byte("secret"))
if err != nil {
	fmt.Printf("Error: %v\n", err)
	return
}
F
function

Close

Close deactivates a LUKS device mapping.

Parameters

mapperName
string

Returns

error
pkg/v1/crypto/luks/luks_linux.go:104-111 
func Close(mapperName string) error

{
	d, err := cryptsetup.NewDevice(filepath.Join("/dev/mapper", mapperName))
	if err != nil {
		return err
	}
	defer d.Close()
	return d.Deactivate(mapperName)
}

Example 

err := luks.Close("vos-backup")
if err != nil {
	fmt.Printf("Error: %v\n", err)
	return
}
F
function

AddKey

AddKey adds a new passphrase to a LUKS device.

Parameters

devicePath
string
oldPassphrase
[]byte
newPassphrase
[]byte

Returns

error
pkg/v1/crypto/luks/luks_linux.go:122-133 
func AddKey(devicePath string, oldPassphrase, newPassphrase []byte) error

{
	d, err := cryptsetup.NewDevice(devicePath)
	if err != nil {
		return err
	}
	defer d.Close()

	if err := d.Load(cryptsetup.LuksParams{}); err != nil {
		return ErrNotLUKS
	}
	return d.AddKey(oldPassphrase, newPassphrase)
}

Example 

err := luks.AddKey("/dev/sdb1", []byte("old"), []byte("new"))
if err != nil {
	fmt.Printf("Error: %v\n", err)
	return
}
F
function

DelKey

DelKey removes a passphrase from a LUKS device.

Parameters

devicePath
string
passphrase
[]byte

Returns

error
pkg/v1/crypto/luks/luks_linux.go:144-155 
func DelKey(devicePath string, passphrase []byte) error

{
	d, err := cryptsetup.NewDevice(devicePath)
	if err != nil {
		return err
	}
	defer d.Close()

	if err := d.Load(cryptsetup.LuksParams{}); err != nil {
		return ErrNotLUKS
	}
	return d.DelKey(passphrase)
}

Example 

err := luks.DelKey("/dev/sdb1", []byte("secret"))
if err != nil {
	fmt.Printf("Error: %v\n", err)
	return
}
F
function

Probe

Parameters

devicePath
string

Returns

bool
error
pkg/v1/crypto/luks/luks_other.go:17-17 
func Probe(devicePath string) (bool, error)

{ return false, ErrUnsupported }
F
function

FormatLUKS1

Parameters

devicePath
string
passphrase
[]byte
params
Params

Returns

error
pkg/v1/crypto/luks/luks_other.go:18-20 
func FormatLUKS1(devicePath string, passphrase []byte, params Params) error

{
	return ErrUnsupported
}

Uses

Params (luks)
F
function

Open

Parameters

devicePath
string
mapperName
string
passphrase
[]byte

Returns

error
pkg/v1/crypto/luks/luks_other.go:21-21 
func Open(devicePath, mapperName string, passphrase []byte) error

{ return ErrUnsupported }
F
function

Close

Parameters

mapperName
string

Returns

error
pkg/v1/crypto/luks/luks_other.go:22-22 
func Close(mapperName string) error

{ return ErrUnsupported }
F
function

AddKey

Parameters

devicePath
string
oldPassphrase
[]byte
newPassphrase
[]byte

Returns

error
pkg/v1/crypto/luks/luks_other.go:23-25 
func AddKey(devicePath string, oldPassphrase, newPassphrase []byte) error

{
	return ErrUnsupported
}
F
function

DelKey

Parameters

devicePath
string
passphrase
[]byte

Returns

error
pkg/v1/crypto/luks/luks_other.go:26-26 
func DelKey(devicePath string, passphrase []byte) error

{ return ErrUnsupported }