1#![deny(warnings)]
2#![allow(non_camel_case_types)]
3extern crate libc;
4
5use libc::{c_char, c_double, c_int, c_uint, c_void, size_t};
6use std::str::FromStr;
7
8#[derive(PartialEq, Eq, Clone, Copy, Debug)]
11pub enum crypt_device_type {
12 PLAIN,
13 LUKS1,
14 LUKS2,
15 LOOPAES,
16 VERITY,
17 TCRYPT,
18 INTEGRITY,
19 BITLK,
20}
21
22#[derive(PartialEq, Eq, Clone, Copy, Debug)]
23pub enum crypt_pbkdf_algo_type {
24 pbkdf2,
25 argon2i,
26 argon2id,
27}
28
29#[derive(PartialEq, Eq, Clone, Copy, Debug)]
30pub enum reencrypt_resilience_mode {
31 none,
32 checksum,
33 journal,
34 shift,
35}
36
37pub enum crypt_device {}
40
41#[repr(C)]
42#[derive(PartialEq, Eq, Clone, Copy, Debug)]
43pub enum crypt_log_level {
44 CRYPT_LOG_NORMAL = 0,
45 CRYPT_LOG_ERROR = 1,
46 CRYPT_LOG_VERBOSE = 2,
47 CRYPT_LOG_DEBUG = -1,
48 CRYPT_LOG_DEBUG_JSON = -2,
49}
50
51pub type crypt_log_cb = extern "C" fn(crypt_log_level, *const c_char, *mut c_void);
52pub type crypt_confirm_cb = extern "C" fn(*const c_char, *mut c_void) -> c_int;
53pub type crypt_benchmark_cb = extern "C" fn(u32, *mut c_void) -> c_int;
54pub type crypt_write_op_cb = extern "C" fn(u64, u64, *mut c_void) -> c_int;
55
56pub type crypt_token_open_func =
57 extern "C" fn(*mut crypt_device, c_int, *mut *mut c_char, *mut size_t, *mut c_void) -> c_int;
58pub type crypt_token_buffer_free_func = extern "C" fn(*mut c_void, size_t);
59pub type crypt_token_validate_func = extern "C" fn(*mut crypt_device, *const c_char) -> c_int;
60pub type crypt_token_dump_func = extern "C" fn(*mut crypt_device, *const c_char);
61
62#[repr(C)]
63#[derive(PartialEq, Eq, Clone, Copy, Debug)]
64pub enum crypt_rng_type {
65 CRYPT_RNG_URANDOM = 0,
66 CRYPT_RNG_RANDOM = 1,
67}
68
69#[repr(C)]
70pub struct crypt_pbkdf_type {
71 pub type_: *const c_char,
72 pub hash: *const c_char,
73 pub time_ms: u32,
74 pub iterations: u32,
75 pub max_memory_kb: u32,
76 pub parallel_threads: u32,
77 pub flags: u32,
78}
79
80#[repr(C)]
81#[derive(PartialEq, Eq, Clone, Copy, Debug)]
82pub enum crypt_pbkdf_flag {
83 CRYPT_PBKDF_ITER_TIME_SET = 1 << 0,
84 CRYPT_PBKDF_NO_BENCHMARK = 1 << 1,
85}
86
87#[repr(C)]
88pub struct crypt_params_plain {
89 pub hash: *const c_char,
90 pub offset: u64,
91 pub skip: u64,
92 pub size: u64,
93 pub sector_size: u32,
94}
95
96#[repr(C)]
97pub struct crypt_params_luks1 {
98 pub hash: *const c_char,
99 pub data_alignment: size_t,
100 pub data_device: *const c_char,
101}
102
103#[repr(C)]
104pub struct crypt_params_loopaes {
105 pub hash: *const c_char,
106 pub offset: u64,
107 pub skip: u64,
108}
109
110#[repr(C)]
111pub struct crypt_params_verity {
112 pub hash_name: *const c_char,
113 pub data_device: *const c_char,
114 pub hash_device: *const c_char,
115 pub fec_device: *const c_char,
116 pub salt: *const c_char,
117 pub salt_size: u32,
118 pub hash_type: u32,
119 pub data_block_size: u32,
120 pub hash_block_size: u32,
121 pub data_size: u64,
122 pub hash_area_offset: u64,
123 pub fec_area_offset: u64,
124 pub fec_roots: u32,
125 pub flags: u32,
126}
127
128#[repr(u32)]
129#[derive(PartialEq, Eq, Clone, Copy, Debug)]
130pub enum crypt_verity_flag {
131 CRYPT_VERITY_NO_HEADER = 1 << 0,
132 CRYPT_VERITY_CHECK_HASH = 1 << 1,
133 CRYPT_VERITY_CREATE_HASH = 1 << 2,
134 CRYPT_VERITY_ROOT_HASH_SIGNATURE = 1 << 3,
135}
136
137#[repr(C)]
138pub struct crypt_params_tcrypt {
139 pub passphrase: *const c_char,
140 pub passphrase_size: size_t,
141 pub keyfiles: *mut *const c_char,
142 pub keyfiles_count: c_uint,
143 pub hash_name: *const c_char,
144 pub cipher: *const c_char,
145 pub mode: *const c_char,
146 pub key_size: size_t,
147 pub flags: u32,
148 pub veracrypt_pim: u32,
149}
150
151#[repr(u32)]
152#[derive(PartialEq, Eq, Clone, Copy, Debug)]
153pub enum crypt_tcrypt_flag {
154 CRYPT_TCRYPT_LEGACY_MODES = 1 << 0,
155 CRYPT_TCRYPT_HIDDEN_HEADER = 1 << 1,
156 CRYPT_TCRYPT_BACKUP_HEADER = 1 << 2,
157 CRYPT_TCRYPT_SYSTEM_HEADER = 1 << 3,
158 CRYPT_TCRYPT_VERA_MODES = 1 << 4,
159}
160
161#[repr(C)]
162pub struct crypt_params_integrity {
163 pub journal_size: u64,
164 pub journal_watermark: c_uint,
165 pub journal_commit_time: c_uint,
166 pub interleave_sectors: u32,
167 pub tag_size: u32,
168 pub sector_size: u32,
169 pub buffer_sectors: u32,
170 pub integrity: *const c_char,
171 pub integrity_key_size: u32,
172 pub journal_integrity: *const c_char,
173 pub journal_integrity_key: *const c_char,
174 pub journal_integrity_key_size: u32,
175 pub journal_crypt: *const c_char,
176 pub journal_crypt_key: *const c_char,
177 pub journal_crypt_key_size: u32,
178}
179
180#[repr(C)]
181pub struct crypt_params_luks2 {
182 pub pbkdf: *const crypt_pbkdf_type,
183 pub integrity: *const c_char,
184 pub integrity_params: *const crypt_params_integrity,
185 pub data_alignment: size_t,
186 pub data_device: *const c_char,
187 pub sector_size: u32,
188 pub label: *const c_char,
189 pub subsystem: *const c_char,
190}
191
192pub const CRYPT_ANY_SLOT: c_int = -1;
193pub const CRYPT_ANY_TOKEN: c_int = -1;
194
195#[repr(u32)]
196#[derive(PartialEq, Eq, Clone, Copy, Debug)]
197pub enum crypt_activation_flag {
198 CRYPT_ACTIVATE_READONLY = 1 << 0,
199 CRYPT_ACTIVATE_NO_UUID = 1 << 1,
200 CRYPT_ACTIVATE_SHARED = 1 << 2,
201 CRYPT_ACTIVATE_ALLOW_DISCARDS = 1 << 3,
202 CRYPT_ACTIVATE_PRIVATE = 1 << 4,
203 CRYPT_ACTIVATE_CORRUPTED = 1 << 5,
204 CRYPT_ACTIVATE_SAME_CPU_CRYPT = 1 << 6,
205 CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS = 1 << 7,
206 CRYPT_ACTIVATE_IGNORE_CORRUPTION = 1 << 8,
207 CRYPT_ACTIVATE_RESTART_ON_CORRUPTION = 1 << 9,
208 CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS = 1 << 10,
209 CRYPT_ACTIVATE_KEYRING_KEY = 1 << 11,
210 CRYPT_ACTIVATE_NO_JOURNAL = 1 << 12,
211 CRYPT_ACTIVATE_RECOVERY = 1 << 13,
212 CRYPT_ACTIVATE_IGNORE_PERSISTENT = 1 << 14,
213 CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE = 1 << 15,
214 CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY = 1 << 16,
215 CRYPT_ACTIVATE_RECALCULATE = 1 << 17,
216 CRYPT_ACTIVATE_REFRESH = 1 << 18,
217 CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF = 1 << 19,
218 CRYPT_ACTIVATE_NO_JOURNAL_BITMAP = 1 << 20,
219 CRYPT_ACTIVATE_SUSPENDED = 1 << 21,
220}
221
222#[repr(C)]
223pub struct crypt_active_device {
224 pub offset: u64,
225 pub iv_offset: u64,
226 pub size: u64,
227 pub flags: u32,
228}
229
230#[repr(C)]
231#[derive(PartialEq, Eq, Clone, Copy, Debug)]
232pub enum crypt_status_info {
233 CRYPT_INVALID,
234 CRYPT_INACTIVE,
235 CRYPT_ACTIVE,
236 CRYPT_BUSY,
237}
238
239#[repr(C)]
240#[derive(PartialEq, Eq, Clone, Copy, Debug)]
241pub enum crypt_keyslot_info {
242 CRYPT_SLOT_INVALID,
243 CRYPT_SLOT_INACTIVE,
244 CRYPT_SLOT_ACTIVE,
245 CRYPT_SLOT_ACTIVE_LAST,
246 CRYPT_SLOT_UNBOUND,
247}
248
249#[repr(C)]
250#[derive(PartialEq, Eq, Clone, Copy, Debug)]
251pub enum crypt_debug_level {
252 CRYPT_DEBUG_JSON = -2,
253 CRYPT_DEBUG_ALL = -1,
254 CRYPT_DEBUG_NONE = 0,
255}
256
257#[repr(C)]
258#[derive(PartialEq, Eq, Clone, Copy, Debug)]
259pub enum crypt_keyslot_priority {
260 CRYPT_SLOT_PRIORITY_INVALID = -1,
261 CRYPT_SLOT_PRIORITY_IGNORE = 0,
262 CRYPT_SLOT_PRIORITY_NORMAL = 1,
263 CRYPT_SLOT_PRIORITY_PREFER = 2,
264}
265
266#[repr(u32)]
267#[derive(PartialEq, Eq, Clone, Copy, Debug)]
268pub enum crypt_volume_key_flag {
269 CRYPT_VOLUME_KEY_NO_SEGMENT = 1 << 0,
270 CRYPT_VOLUME_KEY_SET = 1 << 1,
271 CRYPT_VOLUME_KEY_DIGEST_REUSE = 1 << 2,
272}
273
274#[repr(u32)]
275#[derive(PartialEq, Eq, Clone, Copy, Debug)]
276pub enum crypt_luks2_header_requirement_flag {
277 CRYPT_REQUIREMENT_OFFLINE_REENCRYPT = 1 << 0,
278 CRYPT_REQUIREMENT_ONLINE_REENCRYPT = 1 << 1,
279 CRYPT_REQUIREMENT_UNKNOWN = 1 << 31,
280}
281
282#[repr(C)]
283#[derive(PartialEq, Eq, Clone, Copy, Debug)]
284pub enum crypt_flags_type {
285 CRYPT_FLAGS_ACTIVATION,
286 CRYPT_FLAGS_REQUIREMENTS,
287}
288
289#[repr(u32)]
290#[derive(PartialEq, Eq, Clone, Copy, Debug)]
291pub enum crypt_deactivate_flag {
292 CRYPT_DEACTIVATE_DEFERRED = 1 << 0,
293 CRYPT_DEACTIVATE_FORCE = 1 << 1,
294}
295
296#[repr(u32)]
297#[derive(PartialEq, Eq, Clone, Copy, Debug)]
298pub enum crypt_keyfile_read_flag {
299 CRYPT_KEYFILE_STOP_EOL = 1 << 0,
300}
301
302#[repr(C)]
303#[derive(PartialEq, Eq, Clone, Copy, Debug)]
304pub enum crypt_wipe_pattern {
305 CRYPT_WIPE_ZERO,
306 CRYPT_WIPE_RANDOM,
307 CRYPT_WIPE_ENCRYPTED_ZERO,
308 CRYPT_WIPE_SPECIAL,
309}
310
311#[repr(u32)]
312#[derive(PartialEq, Eq, Clone, Copy, Debug)]
313pub enum crypt_wipe_flag {
314 CRYPT_WIPE_NO_DIRECT_IO = 1 << 0,
315}
316
317#[repr(C)]
318#[derive(PartialEq, Eq, Clone, Copy, Debug)]
319pub enum crypt_token_info {
320 CRYPT_TOKEN_INVALID,
321 CRYPT_TOKEN_INACTIVE,
322 CRYPT_TOKEN_INTERNAL,
323 CRYPT_TOKEN_INTERNAL_UNKNOWN,
324 CRYPT_TOKEN_EXTERNAL,
325 CRYPT_TOKEN_EXTERNAL_UNKNOWN,
326}
327
328#[repr(C)]
329pub struct crypt_token_handler {
330 pub name: *const c_char,
331 pub open: crypt_token_open_func,
332 pub buffer_free: Option<crypt_token_buffer_free_func>,
333 pub validate: Option<crypt_token_validate_func>,
334 pub dump: Option<crypt_token_dump_func>,
335}
336
337#[repr(C)]
338pub struct crypt_token_params_luks2_keyring {
339 pub key_description: *const c_char,
340}
341
342#[repr(u32)]
343#[derive(PartialEq, Eq, Clone, Copy, Debug)]
344pub enum crypt_reencrypt_flag {
345 CRYPT_REENCRYPT_INITIALIZE_ONLY = 1 << 0,
346 CRYPT_REENCRYPT_MOVE_FIRST_SEGMENT = 1 << 1,
347 CRYPT_REENCRYPT_RESUME_ONLY = 1 << 2,
348 CRYPT_REENCRYPT_RECOVERY = 1 << 3,
349}
350
351#[repr(C)]
352#[derive(PartialEq, Eq, Clone, Copy, Debug)]
353pub enum crypt_reencrypt_direction_info {
354 CRYPT_REENCRYPT_FORWARD = 0,
355 CRYPT_REENCRYPT_BACKWARD,
356}
357
358#[repr(C)]
359#[derive(PartialEq, Eq, Clone, Copy, Debug)]
360pub enum crypt_reencrypt_mode_info {
361 CRYPT_REENCRYPT_REENCRYPT = 0,
362 CRYPT_REENCRYPT_ENCRYPT,
363 CRYPT_REENCRYPT_DECRYPT,
364}
365
366#[cfg(cryptsetup2_2)]
367#[repr(C)]
368pub struct crypt_params_reencrypt {
369 pub mode: crypt_reencrypt_mode_info,
370 pub direction: crypt_reencrypt_direction_info,
371 pub resilience: *const c_char,
372 pub hash: *const c_char,
373 pub data_shift: u64,
374 pub max_hotzone_size: u64,
375 pub device_size: u64,
376 pub luks2: *const crypt_params_luks2,
377 pub flags: u32,
378}
379
380#[repr(C)]
381#[derive(PartialEq, Eq, Clone, Copy, Debug)]
382pub enum crypt_reencrypt_info {
383 CRYPT_REENCRYPT_NONE = 0,
384 CRYPT_REENCRYPT_CLEAN,
385 CRYPT_REENCRYPT_CRASH,
386 CRYPT_REENCRYPT_INVALID,
387}
388
389extern "C" {
390 pub fn crypt_init(cd: *mut *mut crypt_device, device: *const c_char) -> c_int;
391 pub fn crypt_init_data_device(
392 cd: *mut *mut crypt_device,
393 device: *const c_char,
394 data_device: *const c_char,
395 ) -> c_int;
396 pub fn crypt_init_by_name_and_header(
397 cd: *mut *mut crypt_device,
398 name: *const c_char,
399 header_device: *const c_char,
400 ) -> c_int;
401 pub fn crypt_init_by_name(cd: *mut *mut crypt_device, name: *const c_char) -> c_int;
402
403 pub fn crypt_free(cd: *mut crypt_device);
404
405 pub fn crypt_set_confirm_callback(cd: *mut crypt_device, confirm: crypt_confirm_cb, usrptr: *mut c_void);
406 pub fn crypt_set_data_device(cd: *mut crypt_device, device: *const c_char) -> c_int;
407 pub fn crypt_set_data_offset(cd: *mut crypt_device, data_offset: u64) -> c_int;
408 pub fn crypt_set_log_callback(cd: *mut crypt_device, log: Option<crypt_log_cb>, usrptr: *mut c_void);
409
410 pub fn crypt_log(cd: *mut crypt_device, level: crypt_log_level, msg: *const c_char);
411
412 pub fn crypt_set_rng_type(cd: *mut crypt_device, rng_type: crypt_rng_type);
413 pub fn crypt_get_rng_type(cd: *mut crypt_device) -> c_int;
414
415 pub fn crypt_set_pbkdf_type(cd: *mut crypt_device, pbkdf: *const crypt_pbkdf_type) -> c_int;
416 pub fn crypt_get_pbkdf_type_params(pbkdf_type: *const c_char) -> *const crypt_pbkdf_type;
417 pub fn crypt_get_pbkdf_default(type_: *const c_char) -> *const crypt_pbkdf_type;
418 pub fn crypt_get_pbkdf_type(cd: *mut crypt_device) -> *const crypt_pbkdf_type;
419
420 #[deprecated]
421 pub fn crypt_set_iteration_time(cd: *mut crypt_device, iteration_time_ms: u64);
422
423 pub fn crypt_memory_lock(cd: *mut crypt_device, lock: c_int) -> c_int;
424
425 pub fn crypt_metadata_locking(cd: *mut crypt_device, enable: c_int) -> c_int;
426 pub fn crypt_set_metadata_size(cd: *mut crypt_device, metadata_size: u64, keyslots_size: u64) -> c_int;
427 pub fn crypt_get_metadata_size(cd: *mut crypt_device, metadata_size: *mut u64, keyslots_size: *mut u64) -> c_int;
428
429 pub fn crypt_get_type(cd: *mut crypt_device) -> *const c_char;
430 pub fn crypt_get_default_type() -> *const c_char;
431
432 pub fn crypt_format(
433 cd: *mut crypt_device,
434 crypt_type: *const c_char,
435 cipher: *const c_char,
436 cipher_mode: *const c_char,
437 uuid: *const c_char,
438 volume_key: *const c_char,
439 volume_key_size: size_t,
440 params: *mut c_void,
441 ) -> c_int;
442
443 #[cfg(cryptsetup2_3)]
444 pub fn crypt_set_compatibility(cd: *mut crypt_device, flags: u32);
445
446 #[cfg(cryptsetup2_3)]
447 pub fn crypt_get_compatibility(cd: *mut crypt_device) -> u32;
448
449 pub fn crypt_convert(cd: *mut crypt_device, type_: *const c_char, params: *mut c_void) -> c_int;
450
451 pub fn crypt_set_uuid(cd: *mut crypt_device, uuid: *const c_char) -> c_int;
452 pub fn crypt_set_label(cd: *mut crypt_device, label: *const c_char, subsystem: *const c_char) -> c_int;
453
454 pub fn crypt_volume_key_keyring(cd: *mut crypt_device, enable: c_int) -> c_int;
455
456 pub fn crypt_load(cd: *mut crypt_device, requested_type: *const c_char, params: *mut c_void) -> c_int;
457
458 pub fn crypt_repair(cd: *mut crypt_device, requested_type: *const c_char, params: *mut c_void) -> c_int;
459
460 pub fn crypt_resize(cd: *mut crypt_device, name: *const c_char, new_size: u64) -> c_int;
461
462 pub fn crypt_suspend(cd: *mut crypt_device, name: *const c_char) -> c_int;
463
464 pub fn crypt_resume_by_passphrase(
465 cd: *mut crypt_device,
466 name: *const c_char,
467 keyslot: c_int,
468 passphrase: *const c_char,
469 passphrase_size: size_t,
470 ) -> c_int;
471 pub fn crypt_resume_by_keyfile_device_offset(
472 cd: *mut crypt_device,
473 name: *const c_char,
474 keyslot: c_int,
475 keyfile: *const c_char,
476 keyfile_size: size_t,
477 keyfile_offset: u64,
478 ) -> c_int;
479 pub fn crypt_resume_by_keyfile_offset(
480 cd: *mut crypt_device,
481 name: *const c_char,
482 keyslot: c_int,
483 keyfile: *const c_char,
484 keyfile_size: size_t,
485 keyfile_offset: size_t,
486 ) -> c_int;
487 pub fn crypt_resume_by_keyfile(
488 cd: *mut crypt_device,
489 name: *const c_char,
490 keyslot: c_int,
491 keyfile: *const c_char,
492 keyfile_size: size_t,
493 ) -> c_int;
494
495 #[cfg(cryptsetup2_3)]
496 pub fn crypt_resume_by_volume_key(
497 cd: *mut crypt_device,
498 name: *const c_char,
499 volume_key: *const c_char,
500 volume_key_size: size_t,
501 ) -> c_int;
502
503 pub fn crypt_keyslot_add_by_passphrase(
504 cd: *mut crypt_device,
505 keyslot: c_int,
506 passphrase: *const c_char,
507 passphrase_size: size_t,
508 new_passphrase: *const c_char,
509 new_passphrase_size: size_t,
510 ) -> c_int;
511 pub fn crypt_keyslot_change_by_passphrase(
512 cd: *mut crypt_device,
513 keyslot_old: c_int,
514 keyslot_new: c_int,
515 passphrase: *const c_char,
516 passphrase_size: size_t,
517 new_passphrase: *const c_char,
518 new_passphrase_size: size_t,
519 ) -> c_int;
520
521 pub fn crypt_keyslot_add_by_keyfile_device_offset(
522 cd: *mut crypt_device,
523 keyslot: c_int,
524 keyfile: *const c_char,
525 keyfile_size: size_t,
526 keyfile_offset: u64,
527 new_keyfile: *const c_char,
528 new_keyfile_size: size_t,
529 new_keyfile_offset: u64,
530 ) -> c_int;
531 pub fn crypt_keyslot_add_by_keyfile_offset(
532 cd: *mut crypt_device,
533 keyslot: c_int,
534 keyfile: *const c_char,
535 keyfile_size: size_t,
536 keyfile_offset: size_t,
537 new_keyfile: *const c_char,
538 new_keyfile_size: size_t,
539 new_keyfile_offset: size_t,
540 ) -> c_int;
541 pub fn crypt_keyslot_add_by_keyfile(
542 cd: *mut crypt_device,
543 keyslot: c_int,
544 keyfile: *const c_char,
545 keyfile_size: size_t,
546 new_keyfile: *const c_char,
547 new_keyfile_size: size_t,
548 ) -> c_int;
549 pub fn crypt_keyslot_add_by_volume_key(
550 cd: *mut crypt_device,
551 keyslot: c_int,
552 volume_key: *const c_char,
553 volume_key_size: size_t,
554 passphrase: *const c_char,
555 passphrase_size: size_t,
556 ) -> c_int;
557 pub fn crypt_keyslot_add_by_key(
558 cd: *mut crypt_device,
559 keyslot: c_int,
560 volume_key: *const c_char,
561 volume_key_size: size_t,
562 passphrase: *const c_char,
563 passphrase_size: size_t,
564 flags: u32,
565 ) -> c_int;
566
567 pub fn crypt_keyslot_destroy(cd: *mut crypt_device, keyslot: c_int) -> c_int;
568
569 pub fn crypt_get_active_device(cd: *mut crypt_device, name: *const c_char, cad: *mut crypt_active_device) -> c_int;
570 pub fn crypt_get_active_integrity_failures(cd: *mut crypt_device, name: *const c_char) -> u64;
571
572 pub fn crypt_persistent_flags_set(cd: *mut crypt_device, type_: crypt_flags_type, flags: u32) -> c_int;
573 pub fn crypt_persistent_flags_get(cd: *mut crypt_device, type_: crypt_flags_type, flags: *mut u32) -> c_int;
574
575 pub fn crypt_activate_by_passphrase(
576 cd: *mut crypt_device,
577 name: *const c_char,
578 keyslot: c_int,
579 passphrase: *const c_char,
580 passphrase_size: size_t,
581 flags: u32,
582 ) -> c_int;
583 pub fn crypt_activate_by_keyfile_device_offset(
584 cd: *mut crypt_device,
585 name: *const c_char,
586 keyslot: c_int,
587 keyfile: *const c_char,
588 keyfile_size: size_t,
589 keyfile_offset: u64,
590 flags: u32,
591 ) -> c_int;
592 pub fn crypt_activate_by_keyfile_offset(
593 cd: *mut crypt_device,
594 name: *const c_char,
595 keyslot: c_int,
596 keyfile: *const c_char,
597 keyfile_size: size_t,
598 keyfile_offset: size_t,
599 flags: u32,
600 ) -> c_int;
601 pub fn crypt_activate_by_keyfile(
602 cd: *mut crypt_device,
603 name: *const c_char,
604 keyslot: c_int,
605 keyfile: *const c_char,
606 keyfile_size: size_t,
607 flags: u32,
608 ) -> c_int;
609 pub fn crypt_activate_by_volume_key(
610 cd: *mut crypt_device,
611 name: *const c_char,
612 volume_key: *const c_char,
613 volume_key_size: size_t,
614 flags: u32,
615 ) -> c_int;
616
617 #[cfg(cryptsetup2_3)]
618 pub fn crypt_activate_by_signed_key(
619 cd: *mut crypt_device,
620 name: *const c_char,
621 volume_key: *const c_char,
622 volume_key_size: size_t,
623 signature: *const c_char,
624 signature_size: size_t,
625 flags: u32,
626 ) -> c_int;
627 pub fn crypt_activate_by_keyring(
628 cd: *mut crypt_device,
629 name: *const c_char,
630 key_description: *const c_char,
631 keyslot: c_int,
632 flags: u32,
633 ) -> c_int;
634
635 pub fn crypt_deactivate_by_name(cd: *mut crypt_device, name: *const c_char, flags: u32) -> c_int;
636 pub fn crypt_deactivate(cd: *mut crypt_device, name: *const c_char) -> c_int;
637
638 pub fn crypt_volume_key_get(
639 cd: *mut crypt_device,
640 keyslot: c_int,
641 volume_key: *mut c_char,
642 volume_key_size: *mut size_t,
643 passphrase: *const c_char,
644 passphrase_size: size_t,
645 ) -> c_int;
646
647 pub fn crypt_volume_key_verify(cd: *mut crypt_device, volume_key: *const c_char, volume_key_size: size_t) -> c_int;
648
649 pub fn crypt_status(cd: *mut crypt_device, name: *const c_char) -> crypt_status_info;
650
651 pub fn crypt_dump(cd: *mut crypt_device) -> c_int;
652
653 pub fn crypt_get_cipher(cd: *mut crypt_device) -> *const c_char;
654 pub fn crypt_get_cipher_mode(cd: *mut crypt_device) -> *const c_char;
655 pub fn crypt_get_uuid(cd: *mut crypt_device) -> *const c_char;
656 pub fn crypt_get_device_name(cd: *mut crypt_device) -> *const c_char;
657 pub fn crypt_get_metadata_device_name(cd: *mut crypt_device) -> *const c_char;
658 pub fn crypt_get_data_offset(cd: *mut crypt_device) -> u64;
659 pub fn crypt_get_iv_offset(cd: *mut crypt_device) -> u64;
660 pub fn crypt_get_volume_key_size(cd: *mut crypt_device) -> c_int;
661 pub fn crypt_get_sector_size(cd: *mut crypt_device) -> c_int;
662 pub fn crypt_get_verity_info(cd: *mut crypt_device, vp: *mut crypt_params_verity) -> c_int;
663 pub fn crypt_get_integrity_info(cd: *mut crypt_device, ip: *mut crypt_params_integrity) -> c_int;
664
665 pub fn crypt_benchmark(
666 cd: *mut crypt_device,
667 cipher: *const c_char,
668 cipher_mode: *const c_char,
669 volume_key_size: size_t,
670 iv_size: size_t,
671 buffer_size: size_t,
672 encryption_mbs: *mut c_double,
673 decryption_mbs: *mut c_double,
674 ) -> c_int;
675 pub fn crypt_benchmark_pbkdf(
676 cd: *mut crypt_device,
677 pbkdf: *mut crypt_pbkdf_type,
678 password: *const c_char,
679 password_size: size_t,
680 salt: *const c_char,
681 salt_size: size_t,
682 volume_key_size: size_t,
683 progress: crypt_benchmark_cb,
684 usrptr: *mut c_void,
685 ) -> c_int;
686
687 pub fn crypt_keyslot_status(cd: *mut crypt_device, keyslot: c_int) -> crypt_keyslot_info;
688
689 pub fn crypt_keyslot_get_priority(cd: *mut crypt_device, keyslot: c_int) -> crypt_keyslot_priority;
690 pub fn crypt_keyslot_set_priority(cd: *mut crypt_device, keyslot: c_int, priority: crypt_keyslot_priority)
691 -> c_int;
692
693 pub fn crypt_keyslot_max(crypt_device_type: *const c_char) -> c_int;
694
695 pub fn crypt_keyslot_area(cd: *mut crypt_device, keyslot: c_int, offset: *mut u64, length: *mut u64) -> c_int;
696
697 pub fn crypt_keyslot_get_key_size(cd: *mut crypt_device, keyslot: c_int) -> c_int;
698 pub fn crypt_keyslot_get_encryption(cd: *mut crypt_device, keyslot: c_int, key_size: *mut size_t) -> *const c_char;
699
700 pub fn crypt_keyslot_get_pbkdf(cd: *mut crypt_device, keyslot: c_int, pbkdf: *mut crypt_pbkdf_type) -> c_int;
701 pub fn crypt_keyslot_set_encryption(cd: *mut crypt_device, cipher: *const c_char, key_size: size_t) -> c_int;
702
703 pub fn crypt_get_dir() -> *const c_char;
704
705 pub fn crypt_header_backup(
706 cd: *mut crypt_device,
707 requested_type: *const c_char,
708 backup_file: *const c_char,
709 ) -> c_int;
710 pub fn crypt_header_restore(
711 cd: *mut crypt_device,
712 requested_type: *const c_char,
713 backup_file: *const c_char,
714 ) -> c_int;
715
716 pub fn crypt_set_debug_level(level: crypt_debug_level);
717
718 pub fn crypt_keyfile_device_read(
719 cd: *mut crypt_device,
720 keyfile: *const c_char,
721 key: *mut *mut c_char,
722 key_size_read: *mut size_t,
723 keyfile_offset: u64,
724 key_size: size_t,
725 flags: u32,
726 ) -> c_int;
727
728 pub fn crypt_keyfile_read(
729 cd: *mut crypt_device,
730 keyfile: *const c_char,
731 key: *mut *mut c_char,
732 key_size_read: *mut size_t,
733 keyfile_offset: size_t,
734 key_size: size_t,
735 flags: u32,
736 ) -> c_int;
737
738 pub fn crypt_wipe(
739 cd: *mut crypt_device,
740 dev_path: *const c_char,
741 pattern: crypt_wipe_pattern,
742 offset: u64,
743 length: u64,
744 wipe_block_size: size_t,
745 flags: u32,
746 progress: crypt_write_op_cb,
747 usrptr: *mut c_void,
748 ) -> c_int;
749
750 pub fn crypt_token_json_get(cd: *mut crypt_device, token: c_int, json: *mut *const c_char) -> c_int;
751 pub fn crypt_token_json_set(cd: *mut crypt_device, token: c_int, json: *const c_char) -> c_int;
752 pub fn crypt_token_status(cd: *mut crypt_device, token: c_int, type_: *mut *const c_char) -> crypt_token_info;
753 pub fn crypt_token_luks2_keyring_set(
754 cd: *mut crypt_device,
755 token: c_int,
756 params: *const crypt_token_params_luks2_keyring,
757 ) -> c_int;
758 pub fn crypt_token_luks2_keyring_get(
759 cd: *mut crypt_device,
760 token: c_int,
761 params: *mut crypt_token_params_luks2_keyring,
762 ) -> c_int;
763 pub fn crypt_token_assign_keyslot(cd: *mut crypt_device, token: c_int, keyslot: c_int) -> c_int;
764 pub fn crypt_token_unassign_keyslot(cd: *mut crypt_device, token: c_int, keyslot: c_int) -> c_int;
765 pub fn crypt_token_is_assigned(cd: *mut crypt_device, token: c_int, keyslot: c_int) -> c_int;
766 pub fn crypt_token_register(handler: *const crypt_token_handler) -> c_int;
767 pub fn crypt_activate_by_token(
768 cd: *mut crypt_device,
769 name: *const c_char,
770 token: c_int,
771 usrptr: *mut c_void,
772 flags: u32,
773 ) -> c_int;
774
775 #[cfg(cryptsetup2_2)]
776 pub fn crypt_reencrypt_init_by_passphrase(
777 cd: *mut crypt_device,
778 name: *const c_char,
779 passphrase: *const c_char,
780 passphrase_size: size_t,
781 keyslot_old: c_int,
782 keyslot_new: c_int,
783 cipher: *const c_char,
784 cipher_mode: *const c_char,
785 params: *const crypt_params_reencrypt,
786 ) -> c_int;
787
788 #[cfg(cryptsetup2_2)]
789 pub fn crypt_reencrypt_init_by_keyring(
790 cd: *mut crypt_device,
791 name: *const c_char,
792 key_description: *const c_char,
793 keyslot_old: c_int,
794 keyslot_new: c_int,
795 cipher: *const c_char,
796 cipher_mode: *const c_char,
797 params: *const crypt_params_reencrypt,
798 ) -> c_int;
799
800 #[cfg(cryptsetup2_2)]
801 pub fn crypt_reencrypt(cd: *mut crypt_device, progress: crypt_write_op_cb) -> c_int;
802
803 #[cfg(cryptsetup2_2)]
804 pub fn crypt_reencrypt_status(cd: *mut crypt_device, params: *mut crypt_params_reencrypt) -> crypt_reencrypt_info;
805
806 #[cfg(cryptsetup2_3)]
807 pub fn crypt_safe_alloc(size: size_t) -> *mut c_void;
808
809 #[cfg(cryptsetup2_3)]
810 pub fn crypt_safe_free(data: *mut c_void);
811
812 #[cfg(cryptsetup2_3)]
813 pub fn crypt_safe_realloc(data: *mut c_void, size: size_t) -> *mut c_void;
814
815 #[cfg(cryptsetup2_3)]
816 pub fn crypt_safe_memzero(data: *mut c_void, size: size_t);
817}
818
819impl FromStr for crypt_device_type {
820 type Err = ();
821
822 fn from_str(s: &str) -> Result<crypt_device_type, ()> {
823 match s {
824 "PLAIN" => Ok(crypt_device_type::PLAIN),
825 "LUKS1" => Ok(crypt_device_type::LUKS1),
826 "LUKS2" => Ok(crypt_device_type::LUKS2),
827 "LOOPAES" => Ok(crypt_device_type::LOOPAES),
828 "VERITY" => Ok(crypt_device_type::VERITY),
829 "TCRYPT" => Ok(crypt_device_type::TCRYPT),
830 "INTEGRITY" => Ok(crypt_device_type::INTEGRITY),
831 "BITLK" => Ok(crypt_device_type::BITLK),
832 _ => Err(()),
833 }
834 }
835}
836
837impl crypt_device_type {
838 pub fn to_str(&self) -> &'static str {
839 match self {
840 &crypt_device_type::PLAIN => "PLAIN",
841 &crypt_device_type::LUKS1 => "LUKS1",
842 &crypt_device_type::LUKS2 => "LUKS2",
843 &crypt_device_type::LOOPAES => "LOOPAES",
844 &crypt_device_type::VERITY => "VERITY",
845 &crypt_device_type::TCRYPT => "TCRYPT",
846 &crypt_device_type::INTEGRITY => "INTEGRITY",
847 &crypt_device_type::BITLK => "BITLK",
848 }
849 }
850}
851
852impl FromStr for crypt_pbkdf_algo_type {
853 type Err = ();
854
855 fn from_str(s: &str) -> Result<crypt_pbkdf_algo_type, ()> {
856 match s {
857 "pbkdf2" => Ok(crypt_pbkdf_algo_type::pbkdf2),
858 "argon2i" => Ok(crypt_pbkdf_algo_type::argon2i),
859 "argon2id" => Ok(crypt_pbkdf_algo_type::argon2id),
860 _ => Err(()),
861 }
862 }
863}
864
865impl crypt_pbkdf_algo_type {
866 pub fn to_str(&self) -> &'static str {
867 match self {
868 &crypt_pbkdf_algo_type::pbkdf2 => "pbkdf2",
869 &crypt_pbkdf_algo_type::argon2i => "argon2i",
870 &crypt_pbkdf_algo_type::argon2id => "argon2id",
871 }
872 }
873}
874
875impl FromStr for reencrypt_resilience_mode {
876 type Err = ();
877
878 fn from_str(s: &str) -> Result<reencrypt_resilience_mode, ()> {
879 match s {
880 "none" => Ok(reencrypt_resilience_mode::none),
881 "checksum" => Ok(reencrypt_resilience_mode::checksum),
882 "journal" => Ok(reencrypt_resilience_mode::journal),
883 "shift" => Ok(reencrypt_resilience_mode::shift),
884 _ => Err(()),
885 }
886 }
887}
888
889impl reencrypt_resilience_mode {
890 pub fn to_str(&self) -> &'static str {
891 match self {
892 &reencrypt_resilience_mode::none => "none",
893 &reencrypt_resilience_mode::checksum => "checksum",
894 &reencrypt_resilience_mode::journal => "journal",
895 &reencrypt_resilience_mode::shift => "shift",
896 }
897 }
898}
899
900#[cfg(test)]
901mod tests {
902 use super::*;
903 use std::ffi::CString;
904 use std::str::FromStr;
905
906 #[test]
907 fn test_device_type_conversion() {
908 assert_eq!(Ok(crypt_device_type::PLAIN), crypt_device_type::from_str("PLAIN"));
909 assert_eq!(Ok(crypt_device_type::LUKS1), crypt_device_type::from_str("LUKS1"));
910 assert_eq!(Ok(crypt_device_type::LUKS2), crypt_device_type::from_str("LUKS2"));
911 assert_eq!(Ok(crypt_device_type::LOOPAES), crypt_device_type::from_str("LOOPAES"));
912 assert_eq!(Ok(crypt_device_type::VERITY), crypt_device_type::from_str("VERITY"));
913 assert_eq!(Ok(crypt_device_type::TCRYPT), crypt_device_type::from_str("TCRYPT"));
914 assert_eq!(
915 Ok(crypt_device_type::INTEGRITY),
916 crypt_device_type::from_str("INTEGRITY")
917 );
918 assert_eq!(Ok(crypt_device_type::BITLK), crypt_device_type::from_str("BITLK"));
919 }
920
921 #[test]
922 fn test_pbkdf_algo_type_conversion() {
923 assert_eq!(
924 Ok(crypt_pbkdf_algo_type::pbkdf2),
925 crypt_pbkdf_algo_type::from_str("pbkdf2")
926 );
927 assert_eq!(
928 Ok(crypt_pbkdf_algo_type::argon2i),
929 crypt_pbkdf_algo_type::from_str("argon2i")
930 );
931 assert_eq!(
932 Ok(crypt_pbkdf_algo_type::argon2id),
933 crypt_pbkdf_algo_type::from_str("argon2id")
934 );
935 }
936
937 #[test]
938 fn test_reencrypt_resilience_mode_conversion() {
939 assert_eq!(
940 Ok(reencrypt_resilience_mode::none),
941 reencrypt_resilience_mode::from_str("none")
942 );
943 assert_eq!(
944 Ok(reencrypt_resilience_mode::checksum),
945 reencrypt_resilience_mode::from_str("checksum")
946 );
947 assert_eq!(
948 Ok(reencrypt_resilience_mode::journal),
949 reencrypt_resilience_mode::from_str("journal")
950 );
951 assert_eq!(
952 Ok(reencrypt_resilience_mode::shift),
953 reencrypt_resilience_mode::from_str("shift")
954 );
955 }
956
957 #[test]
958 fn test_keyslot_max_gt_zero() {
959 unsafe {
960 let luks_type = CString::new("LUKS1").unwrap();
961 assert!(crypt_keyslot_max(luks_type.as_ptr()) > 0);
962 }
963 }
964}