fs_crypto_domain_add_flags()

Create an encryption domain and unlock it if requested

Synopsis:

#include <fs_crypto_api.h>
#include <sys/fs_crypto.h>

int fs_crypto_domain_add_flags(
    const char *path,
    int domain,
    int type,
    int flags,
    int state,
    int length,
    const uint8_t bytes[],
    int *preply);

Arguments:

path
The path to the filesystem's mountpoint.
domain
The domain number to add (the domain must be unused).
type
The type of encryption to employ; one of the following (defined in <sys/fs_crypto.h>):
  • FS_CRYPTO_TYPE_NONE
  • FS_CRYPTO_TYPE_XTS — AES-256, in XTS mode
  • FS_CRYPTO_TYPE_CBC — AES-256, in CBC mode
flags
Flags for the new file and domain keys (defined in <sys/fs_crypto.h>). The only flag currently defined is:
  • FS_CRYPTO_ENABLE_SHA256_HMAC
state
The lock state for the new domain (1 is locked, 0 is unlocked).
length
The number of bytes available in the key array, bytes.
bytes
The binary representation of the key.
preply
A pointer to a location where the function can store additional success or error information.

Library:

libfscrypto

Use the -l fscrypto option to qcc to link against this library.

Description:

The fs_crypto_domain_add_flags() function creates the given domain/type if it doesn't already exist. The domain is created in either the unlocked or locked state, as desired.

Note:
  • In order to use filesystem encryption, download the Encrypted Filesystem package from the QNX Software Center.
  • You must be in the group that owns the filesystem's mountpoint in order to create a domain.

This function sets the variable pointed to by preply to one of the following values:

FS_CRYPTO_REPLY_COMPLETE
The domain was successfully created.
FS_CRYPTO_REPLY_ERRNO
See the error code.
FS_CRYPTO_REPLY_DOMAIN_EXISTS
The domain already exists.
FS_CRYPTO_REPLY_INVALID
The command wasn't completed successfully.
FS_CRYPTO_REPLY_READONLY
The filesystem is mounted read-only.
FS_CRYPTO_REPLY_UNKNOWN_TYPE
The type argument isn't a valid type of encryption.

Returns:

EOK
Success.
EINVAL
Invalid arguments.

This function can also return any of the errors indicated by devctl(), fs_crypto_domain_unlock(), malloc(), or open().

Classification:

QNX Neutrino

Safety:  
Cancellation point Yes
Interrupt handler No
Signal handler No
Thread Yes