Add crypt_keyslot_area() API call.

Useful if you want to analyze/wipe area of disk used for keyslot from external tool.
2025-12-11 19:00:02 +01:00 · 2012-09-11 11:59:06 +02:00
parent 64558a57e3
commit f45d4d0755
6 changed files with 59 additions and 10 deletions
--- a/3
+++ b/3
@@ -1,3 +1,6 @@
+2012-09-11  Milan Broz  <gmazyland@gmail.com>
+	* Add crypt_keyslot_area() API call.
+
 2012-08-27  Milan Broz  <gmazyland@gmail.com>
 	* Optimize seek to keyfile-offset (Issue #135, thx to dreisner).
 	* Fix luksHeaderBackup for very old v1.0 unaligned LUKS headers.
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -570,16 +570,6 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
 	const char *new_passphrase,
 	size_t new_passphrase_size);

-/**
- * Get number of keyslots supported for device type.
- *
- * @param type crypt device type
- *
- * @return slot count or negative errno otherwise if device
- * doesn't not support keyslots.
- */
-int crypt_keyslot_max(const char *type);
-
 /**
 * Add key slot using provided key file path
 *
@@ -972,6 +962,32 @@ typedef enum {
 crypt_keyslot_info crypt_keyslot_status(struct crypt_device *cd, int keyslot);
 /** @} */

+/**
+ * Get number of keyslots supported for device type.
+ *
+ * @param type crypt device type
+ *
+ * @return slot count or negative errno otherwise if device
+ * doesn't not support keyslots.
+ */
+int crypt_keyslot_max(const char *type);
+
+/**
+ * Get keyslot area pointers (relative to metadata device)
+ *
+ * @param cd crypt device handle
+ * @param keyslot keyslot number
+ * @param offset offset on metadata device (in bytes)
+ * @param length length of keyslot area (in bytes)
+ *
+ * @return @e 0 on success or negative errno value otherwise.
+ *
+ */
+int crypt_keyslot_area(struct crypt_device *cd,
+	int keyslot,
+	uint64_t *offset,
+	uint64_t *length);
+
 /**
 * Backup header and keyslots to file
 *
--- a/lib/libcryptsetup.sym
+++ b/lib/libcryptsetup.sym
@@ -55,6 +55,7 @@ CRYPTSETUP_1.0 {
 		crypt_get_rng_type;

 		crypt_keyslot_max;
+		crypt_keyslot_area;
 		crypt_keyslot_status;
 		crypt_last_error;
 		crypt_get_error;
--- a/lib/luks1/keymanage.c
+++ b/lib/luks1/keymanage.c
@@ -53,6 +53,20 @@ static size_t LUKS_device_sectors(size_t keyLen)
 	return sector;
 }

+int LUKS_keyslot_area(struct luks_phdr *hdr,
+	int keyslot,
+	uint64_t *offset,
+	uint64_t *length)
+{
+	if(keyslot >= LUKS_NUMKEYS || keyslot < 0)
+		return -EINVAL;
+
+	*offset = hdr->keyblock[keyslot].keyMaterialOffset * SECTOR_SIZE;
+	*length = AF_split_sectors(hdr->keyBytes, LUKS_STRIPES) * SECTOR_SIZE;
+
+	return 0;
+}
+
 static int LUKS_check_device_size(struct crypt_device *ctx, size_t keyLength)
 {
 	struct device *device = crypt_metadata_device(ctx);
--- a/lib/luks1/luks.h
+++ b/lib/luks1/luks.h
@@ -168,6 +168,10 @@ crypt_keyslot_info LUKS_keyslot_info(struct luks_phdr *hdr, int keyslot);
 int LUKS_keyslot_find_empty(struct luks_phdr *hdr);
 int LUKS_keyslot_active_count(struct luks_phdr *hdr);
 int LUKS_keyslot_set(struct luks_phdr *hdr, int keyslot, int enable);
+int LUKS_keyslot_area(struct luks_phdr *hdr,
+	int keyslot,
+	uint64_t *offset,
+	uint64_t *length);

 int LUKS_encrypt_to_storage(
 	char *src, size_t srcLength,
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -2393,6 +2393,17 @@ int crypt_keyslot_max(const char *type)
 	return -EINVAL;
 }

+int crypt_keyslot_area(struct crypt_device *cd,
+	int keyslot,
+	uint64_t *offset,
+	uint64_t *length)
+{
+	if (!isLUKS(cd->type))
+		return -EINVAL;
+
+	return LUKS_keyslot_area(&cd->hdr, keyslot, offset, length);
+}
+
 const char *crypt_get_type(struct crypt_device *cd)
 {
 	return cd->type;