Add crypt_keyslot_area() API call.

Useful if you want to analyze/wipe area of disk used for keyslot from external tool.
2025-12-11 10:50:01 +01:00 · 2012-09-11 11:59:06 +02:00
parent 64558a57e3
commit f45d4d0755
6 changed files with 59 additions and 10 deletions
--- a/3
+++ b/3
@@ -1,3 +1,6 @@
 2012-09-11  Milan Broz  <gmazyland@gmail.com>
 	* Add crypt_keyslot_area() API call.
 2012-08-27  Milan Broz  <gmazyland@gmail.com>
 	* Optimize seek to keyfile-offset (Issue #135, thx to dreisner).
 	* Fix luksHeaderBackup for very old v1.0 unaligned LUKS headers.
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -570,16 +570,6 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
 	const char *new_passphrase,
 	size_t new_passphrase_size);
 /**
 * Get number of keyslots supported for device type.
 *
 * @param type crypt device type
 *
 * @return slot count or negative errno otherwise if device
 * doesn't not support keyslots.
 */
 int crypt_keyslot_max(const char *type);
 /**
 * Add key slot using provided key file path
 *
@@ -972,6 +962,32 @@ typedef enum {
 crypt_keyslot_info crypt_keyslot_status(struct crypt_device *cd, int keyslot);
 /** @} */
 /**
 * Get number of keyslots supported for device type.
 *
 * @param type crypt device type
 *
 * @return slot count or negative errno otherwise if device
 * doesn't not support keyslots.
 */
 int crypt_keyslot_max(const char *type);
 /**
 * Get keyslot area pointers (relative to metadata device)
 *
 * @param cd crypt device handle
 * @param keyslot keyslot number
 * @param offset offset on metadata device (in bytes)
 * @param length length of keyslot area (in bytes)
 *
 * @return @e 0 on success or negative errno value otherwise.
 *
 */
 int crypt_keyslot_area(struct crypt_device *cd,
 	int keyslot,
 	uint64_t *offset,
 	uint64_t *length);
 /**
 * Backup header and keyslots to file
 *
--- a/lib/libcryptsetup.sym
+++ b/lib/libcryptsetup.sym
@@ -55,6 +55,7 @@ CRYPTSETUP_1.0 {
 		crypt_get_rng_type;
 		crypt_keyslot_max;
 		crypt_keyslot_area;
 		crypt_keyslot_status;
 		crypt_last_error;
 		crypt_get_error;
--- a/lib/luks1/keymanage.c
+++ b/lib/luks1/keymanage.c
@@ -53,6 +53,20 @@ static size_t LUKS_device_sectors(size_t keyLen)
 	return sector;
 }
 int LUKS_keyslot_area(struct luks_phdr *hdr,
 	int keyslot,
 	uint64_t *offset,
 	uint64_t *length)
 {
 	if(keyslot >= LUKS_NUMKEYS || keyslot < 0)
 		return -EINVAL;
 	*offset = hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE;
 	*length = AF_split_sectors(hdr->keyBytes, LUKS_STRIPES) * SECTOR_SIZE;
 	return 0;
 }
 static int LUKS_check_device_size(struct crypt_device *ctx, size_t keyLength)
 {
 	struct device *device = crypt_metadata_device(ctx);
--- a/lib/luks1/luks.h
+++ b/lib/luks1/luks.h
@@ -168,6 +168,10 @@ crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
 int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
 int LUKS_keyslot_active_count(struct luks_phdr *hdr);
 int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable);
 int LUKS_keyslot_area(struct luks_phdr *hdr,
 	int keyslot,
 	uint64_t *offset,
 	uint64_t *length);
 int LUKS_encrypt_to_storage(
 	char *src, size_t srcLength,
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -2393,6 +2393,17 @@ int crypt_keyslot_max(const char *type)
 	return -EINVAL;
 }
 int crypt_keyslot_area(struct crypt_device *cd,
 	int keyslot,
 	uint64_t *offset,
 	uint64_t *length)
 {
 	if (!isLUKS(cd->type))
 		return -EINVAL;
 	return LUKS_keyslot_area(&cd->hdr, keyslot, offset, length);
 }
 const char *crypt_get_type(struct crypt_device *cd)
 {
 	return cd->type;