LXR qemu/block/crypto.h

   1/*
   2 * QEMU block full disk encryption
   3 *
   4 * Copyright (c) 2015-2017 Red Hat, Inc.
   5 *
   6 * This library is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU Lesser General Public
   8 * License as published by the Free Software Foundation; either
   9 * version 2 of the License, or (at your option) any later version.
  10 *
  11 * This library is distributed in the hope that it will be useful,
  12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 * Lesser General Public License for more details.
  15 *
  16 * You should have received a copy of the GNU Lesser General Public
  17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18 *
  19 */
  20
  21#ifndef BLOCK_CRYPTO_H
  22#define BLOCK_CRYPTO_H
  23
  24#define BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, helpstr)                \
  25    {                                                                   \
  26        .name = prefix BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET,                \
  27        .type = QEMU_OPT_STRING,                                        \
  28        .help = helpstr,                                                \
  29    }
  30
  31#define BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET "key-secret"
  32
  33#define BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET(prefix)                    \
  34    BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix,                             \
  35        "ID of the secret that provides the AES encryption key")
  36
  37#define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret"
  38#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg"
  39#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode"
  40#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg"
  41#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg"
  42#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
  43#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
  44
  45#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix)                    \
  46    BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix,                             \
  47        "ID of the secret that provides the keyslot passphrase")
  48
  49#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix)       \
  50    {                                                      \
  51        .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG,   \
  52        .type = QEMU_OPT_STRING,                           \
  53        .help = "Name of encryption cipher algorithm",     \
  54    }
  55
  56#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(prefix)      \
  57    {                                                      \
  58        .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE,  \
  59        .type = QEMU_OPT_STRING,                           \
  60        .help = "Name of encryption cipher mode",          \
  61    }
  62
  63#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(prefix)     \
  64    {                                                   \
  65        .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \
  66        .type = QEMU_OPT_STRING,                        \
  67        .help = "Name of IV generator algorithm",       \
  68    }
  69
  70#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(prefix)        \
  71    {                                                           \
  72        .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG,    \
  73        .type = QEMU_OPT_STRING,                                \
  74        .help = "Name of IV generator hash algorithm",          \
  75    }
  76
  77#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(prefix)       \
  78    {                                                    \
  79        .name = prefix BLOCK_CRYPTO_OPT_LUKS_HASH_ALG,   \
  80        .type = QEMU_OPT_STRING,                         \
  81        .help = "Name of encryption hash algorithm",     \
  82    }
  83
  84#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(prefix)           \
  85    {                                                         \
  86        .name = prefix BLOCK_CRYPTO_OPT_LUKS_ITER_TIME,       \
  87        .type = QEMU_OPT_NUMBER,                              \
  88        .help = "Time to spend in PBKDF in milliseconds",     \
  89    }
  90
  91QCryptoBlockCreateOptions *
  92block_crypto_create_opts_init(QDict *opts, Error **errp);
  93
  94QCryptoBlockOpenOptions *
  95block_crypto_open_opts_init(QDict *opts, Error **errp);
  96
  97#endif /* BLOCK_CRYPTO_H */
  98