/usr/include/blockdev/crypto.h is in libblockdev-crypto-dev 2.16-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 | #include <glib.h>
#include <blockdev/utils.h>
#ifndef BD_CRYPTO
#define BD_CRYPTO
#define BD_CRYPTO_LUKS_METADATA_SIZE (2 MiB)
GQuark bd_crypto_error_quark (void);
#define BD_CRYPTO_ERROR bd_crypto_error_quark ()
typedef enum {
BD_CRYPTO_ERROR_DEVICE,
BD_CRYPTO_ERROR_STATE,
BD_CRYPTO_ERROR_INVALID_SPEC,
BD_CRYPTO_ERROR_FORMAT_FAILED,
BD_CRYPTO_ERROR_RESIZE_FAILED,
BD_CRYPTO_ERROR_ADD_KEY,
BD_CRYPTO_ERROR_REMOVE_KEY,
BD_CRYPTO_ERROR_NO_KEY,
BD_CRYPTO_ERROR_KEY_SLOT,
BD_CRYPTO_ERROR_NSS_INIT_FAILED,
BD_CRYPTO_ERROR_CERT_DECODE,
BD_CRYPTO_ERROR_ESCROW_FAILED,
BD_CRYPTO_ERROR_TECH_UNAVAIL,
} BDCryptoError;
#define BD_CRYPTO_BACKUP_PASSPHRASE_CHARSET "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"
/* KEEP THIS A MULTIPLE OF 5 SO THAT '-' CAN BE INSERTED BETWEEN EVERY 5 CHARACTERS! */
/* 20 chars * 6 bits per char (64-item charset) = 120 "bits of security" */
#define BD_CRYPTO_BACKUP_PASSPHRASE_LENGTH 20
#define DEFAULT_LUKS_KEYSIZE_BITS 256
#define DEFAULT_LUKS_CIPHER "aes-xts-plain64"
typedef enum {
BD_CRYPTO_TECH_LUKS = 0,
BD_CRYPTO_TECH_TRUECRYPT,
BD_CRYPTO_TECH_ESCROW,
} BDCryptoTech;
typedef enum {
BD_CRYPTO_TECH_MODE_CREATE = 1 << 0,
BD_CRYPTO_TECH_MODE_OPEN_CLOSE = 1 << 1,
BD_CRYPTO_TECH_MODE_QUERY = 1 << 2,
BD_CRYPTO_TECH_MODE_ADD_KEY = 1 << 3,
BD_CRYPTO_TECH_MODE_REMOVE_KEY = 1 << 4,
BD_CRYPTO_TECH_MODE_RESIZE = 1 << 5,
} BDCryptoTechMode;
/*
* If using the plugin as a standalone library, the following functions should
* be called to:
*
* check_deps() - check plugin's dependencies, returning TRUE if satisfied
* init() - initialize the plugin, returning TRUE on success
* close() - clean after the plugin at the end or if no longer used
*
*/
gboolean bd_crypto_check_deps ();
gboolean bd_crypto_init ();
void bd_crypto_close ();
gboolean bd_crypto_is_tech_avail (BDCryptoTech tech, guint64 mode, GError **error);
gchar* bd_crypto_generate_backup_passphrase(GError **error);
gboolean bd_crypto_device_is_luks (const gchar *device, GError **error);
gchar* bd_crypto_luks_uuid (const gchar *device, GError **error);
gchar* bd_crypto_luks_status (const gchar *luks_device, GError **error);
gboolean bd_crypto_luks_format (const gchar *device, const gchar *cipher, guint64 key_size, const gchar *passphrase, const gchar *key_file, guint64 min_entropy, GError **error);
gboolean bd_crypto_luks_format_blob (const gchar *device, const gchar *cipher, guint64 key_size, const guint8 *pass_data, gsize data_len, guint64 min_entropy, GError **error);
gboolean bd_crypto_luks_open (const gchar *device, const gchar *name, const gchar *passphrase, const gchar *key_file, gboolean read_only, GError **error);
gboolean bd_crypto_luks_open_blob (const gchar *device, const gchar *name, const guint8* pass_data, gsize data_len, gboolean read_only, GError **error);
gboolean bd_crypto_luks_close (const gchar *luks_device, GError **error);
gboolean bd_crypto_luks_add_key (const gchar *device, const gchar *pass, const gchar *key_file, const gchar *npass, const gchar *nkey_file, GError **error);
gboolean bd_crypto_luks_add_key_blob (const gchar *device, const guint8 *pass_data, gsize data_len, const guint8 *npass_data, gsize ndata_len, GError **error);
gboolean bd_crypto_luks_remove_key (const gchar *device, const gchar *pass, const gchar *key_file, GError **error);
gboolean bd_crypto_luks_remove_key_blob (const gchar *device, const guint8 *pass_data, gsize data_len, GError **error);
gboolean bd_crypto_luks_change_key (const gchar *device, const gchar *pass, const gchar *npass, GError **error);
gboolean bd_crypto_luks_change_key_blob (const gchar *device, const guint8 *pass_data, gsize data_len, const guint8 *npass_data, gsize ndata_len, GError **error);
gboolean bd_crypto_luks_resize (const gchar *device, guint64 size, GError **error);
gboolean bd_crypto_tc_open (const gchar *device, const gchar *name, const guint8* pass_data, gsize data_len, gboolean read_only, GError **error);
gboolean bd_crypto_tc_close (const gchar *tc_device, GError **error);
gboolean bd_crypto_escrow_device (const gchar *device, const gchar *passphrase, const gchar *cert_data, const gchar *directory, const gchar *backup_passphrase, GError **error);
#endif /* BD_CRYPTO */
|