Home
last modified time | relevance | path

Searched full:luks (Results 1 – 25 of 94) sorted by relevance

1234

/openbmc/qemu/crypto/
H A Dblock-luks.c2 * QEMU Crypto block device encryption LUKS format
25 #include "block-luks.h"
26 #include "block-luks-priv.h"
39 * Reference for the LUKS format implemented here is
343 qcrypto_block_luks_splitkeylen_sectors(const QCryptoBlockLUKS *luks, in qcrypto_block_luks_splitkeylen_sectors() argument
352 size_t splitkeylen = luks->header.master_key_len * stripes; in qcrypto_block_luks_splitkeylen_sectors()
408 * Stores the main LUKS header, taking care of endianness
416 const QCryptoBlockLUKS *luks = block->opaque; in qcrypto_block_luks_store_header() local
422 memcpy(hdr_copy, &luks->header, sizeof(QCryptoBlockLUKSHeader)); in qcrypto_block_luks_store_header()
438 * Loads the main LUKS header, and byteswaps it to native endianness
[all …]
H A Dblock-luks-priv.h2 * QEMU Crypto block device encryption LUKS format
24 #include "block-luks.h"
36 * Reference for the LUKS format implemented here is
50 /* The following constants are all defined by the LUKS spec */
103 /* LUKS version, currently 1 */
/openbmc/qemu/tests/qemu-iotests/tests/
H A Dluks-detached-header4 # Test LUKS volume with detached header
38 luks_img = os.path.join(iotests.test_dir, "luks.img")
49 "driver": "luks",
58 "driver": "luks",
74 # 1. Create the normal LUKS disk with 128M size
82 node_name="luks-1-storage",
87 "file": "luks-1-storage",
96 # 2. Create the LUKS disk with detached header (raw)
98 # Create detached LUKS header
106 node_name="luks-2-header-storage",
[all …]
/openbmc/qemu/tests/qemu-iotests/
H A D149.out3 truncate TEST_DIR/luks-aes-256-xts-plain64-sha1.img --size 4194304MB
5 …ey-size 512 --hash sha1 --key-slot 0 --key-file - --iter-time 10 TEST_DIR/luks-aes-256-xts-plain64…
7 sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain64-sha1.img qiotest-145-aes-256-xts-p…
23 …ec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/lu…
28 …ec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/lu…
33 …ec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/lu…
38 …ec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/lu…
43 sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain64-sha1.img qiotest-145-aes-256-xts-p…
59 unlink TEST_DIR/luks-aes-256-xts-plain64-sha1.img
63luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,iter-time=10,cipher-al…
[all …]
H A D14921 # Exercise the QEMU 'luks' block driver to validate interoperability
34 """Represent configuration parameters for a single LUKS
62 return "luks-%s.img" % self.name
130 """Add another password to a LUKS key slot"""
151 """Format a new LUKS volume with cryptsetup, adding the
178 """Set the ownership of a open LUKS device to this user"""
196 """Open an image as a LUKS device"""
206 """Close an active LUKS device """
246 """Create and format a disk image with LUKS using qemu-img"""
259 args = ["create", "-f", "luks",
[all …]
H A D210.out3 …": {"job-id": "job0", "options": {"driver": "file", "filename": "TEST_DIR/PID-t.luks", "size": 0}}}
8 {"execute": "blockdev-add", "arguments": {"driver": "file", "filename": "TEST_DIR/PID-t.luks", "nod…
10 {"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": {"driver": "luks", "file"…
58 …": {"job-id": "job0", "options": {"driver": "file", "filename": "TEST_DIR/PID-t.luks", "size": 0}}}
63 …aes-128", "cipher-mode": "cbc", "driver": "luks", "file": {"driver": "file", "filename": "TEST_DIR…
111 {"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": {"driver": "luks", "file"…
119 {"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": {"driver": "luks", "file"…
167 {"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": {"driver": "luks", "file"…
173 {"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": {"driver": "luks", "file"…
179 {"execute": "blockdev-create", "arguments": {"job-id": "job0", "options": {"driver": "luks", "file"…
H A D2104 # Test luks and file image creation
28 supported_fmts=['luks'],
32 with iotests.FilePath('t.luks') as disk_path, \
62 'driver=luks,file.driver=file,file.filename=%s,key-secret=keysec0' % (disk_path),
96 'driver=luks,file.driver=file,file.filename=%s,key-secret=keysec0' % (disk_path),
132 'driver=luks,file.driver=file,file.filename=%s,key-secret=keysec0' % (disk_path),
166 vm.add_blockdev('driver=luks,file=node0,key-secret=keysec0,node-name=node1')
176 'driver=luks,file.driver=file,file.filename=%s,key-secret=keysec0' % (disk_path),
H A D082.out60 encrypt.format=<str> - Encrypt the image, format choices: 'aes', 'luks'
65 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
86 encrypt.format=<str> - Encrypt the image, format choices: 'aes', 'luks'
91 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
112 encrypt.format=<str> - Encrypt the image, format choices: 'aes', 'luks'
117 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
138 encrypt.format=<str> - Encrypt the image, format choices: 'aes', 'luks'
143 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
164 encrypt.format=<str> - Encrypt the image, format choices: 'aes', 'luks'
169 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase
[all …]
H A D282.out4 Formatting 'vol.img', fmt=luks size=4194304 key-secret=sec0
8 Formatting 'vol.img', fmt=luks size=4194304 key-secret=sec0
H A D29564 self.img_opts = [ '-o', "encrypt.format=luks" ]
99 'format':'luks',
141 crypt_options['format'] = 'luks'
175 crypt_options['format'] = 'luks'
275 iotests.main(supported_fmts = ['qcow2', 'luks'])
H A D296250 # test that two VMs can't open the same luks image by default
262 # test that two VMs can attach the same luks image to a guest device,
276 # support only raw luks since luks encrypted qcow2 is a proper
279 iotests.main(supported_fmts = ['luks'])
H A D087167 echo === Encrypted image LUKS ===
170 _make_test_img --object secret,id=sec0,data=123456 -o encrypt.format=luks,encrypt.key-secret=sec0 $…
189 "format": "luks",
H A D2824 # Test qemu-img file cleanup for LUKS when using a non-UTF8 secret
40 _supported_fmt luks
H A D178.out.qcow276 == qcow2 input image and LUKS encryption ==
130 == raw input image and LUKS encryption ==
231 == qcow2 input image and LUKS encryption ==
299 == raw input image and LUKS encryption ==
/openbmc/estoraged/include/
H A Destoraged.hpp31 * @brief eStoraged object to manage a LUKS encrypted storage device.
41 * @param[in] luksName - name for the LUKS container
76 /** @brief Format the LUKS encrypted device and create empty filesystem.
78 * @param[in] password - password to set for the LUKS device.
90 /** @brief Unmount filesystem and lock the LUKS device.
96 * @param[in] password - password for the LUKS device.
100 /** @brief Change the password for the LUKS device.
102 * @param[in] oldPassword - old password for the LUKS device.
103 * @param[in] newPassword - new password for the LUKS device.
108 /** @brief Check if the LUKS device is currently locked. */
[all …]
/openbmc/qemu/tests/unit/
H A Dtest-crypto-block.c25 #include "crypto/block-luks-priv.h"
59 .u.luks = {
68 .u.luks = {
77 .u.luks = {
91 .u.luks = {
138 .path = "/crypto/block/luks/default",
153 .path = "/crypto/block/luks/aes-256-cbc-plain64",
168 .path = "/crypto/block/luks/aes-256-cbc-essiv",
402 return "LUKS header cipher name is not NUL terminated"; in luks_bad_null_term_cipher_name()
411 return "LUKS header cipher mode is not NUL terminated"; in luks_bad_null_term_cipher_mode()
[all …]
/openbmc/qemu/docs/devel/
H A Dluks-detached-header.rst2 LUKS volume with detached header
8 This document gives an overview of the design of LUKS volume with detached
14 The LUKS format has ability to store the header in a separate volume from
15 the payload. We could extend the LUKS driver in QEMU to support this use
18 Normally a LUKS volume has a layout:
28 With a detached LUKS header, you need 2 disks so getting:
41 * Secrecy - the disk2 cannot be identified as containing LUKS
51 add encryption.You can store the LUKS header
65 LUKS volume with detached header is shown in the diagram below.
69 LUKS header and key material are located in the header node,
[all …]
/openbmc/phosphor-dbus-interfaces/yaml/xyz/openbmc_project/Inventory/Item/
H A DVolume.interface.yaml3 interface only supports LUKS encrypted volumes, but it can be extended in
9 Format a LUKS encrypted device and create a filesystem.
14 Array of bytes to use as the LUKS password.
51 Array of bytes to use as the LUKS password.
58 Change the LUKS password that unlocks the storage volume.
63 Array of bytes for the old LUKS password.
67 Array of bytes to use as the LUKS password.
77 Indicates whether the LUKS volume is locked.
/openbmc/openbmc/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/
H A Dcryptsetup_2.7.5.bb1 SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes"
4 LUKS volumes. The difference is that LUKS uses a metadata header \
39 luks-adjust-xts-keysize \
65 PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xt…
71 PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1"
/openbmc/qemu/block/
H A Dcrypto.c42 BdrvChild *header; /* Reference to the detached LUKS header */
654 qdict_put_str(cryptoopts, "format", "luks"); in block_crypto_measure()
711 luks_opts = &create_options->u.luks; in block_crypto_co_create_luks()
722 "specified for formatting LUKS disk"); in block_crypto_co_create_luks()
728 .u.luks = *qapi_BlockdevCreateOptionsLUKS_base(luks_opts), in block_crypto_co_create_luks()
736 /* LUKS volume with detached header */ in block_crypto_co_create_luks()
744 /* Format the LUKS header node */ in block_crypto_co_create_luks()
751 /* Format the LUKS payload node */ in block_crypto_co_create_luks()
759 /* LUKS volume with none-detached header */ in block_crypto_co_create_luks()
816 qdict_put_str(cryptoopts, "format", "luks"); in block_crypto_co_create_opts_luks()
[all …]
/openbmc/openbmc/meta-security/recipes-security/cryptmount/
H A Dcryptmount_6.2.0.bb13 PACKAGECONFIG ?="intl luks gcrypt nls"
19 PACKAGECONFIG[luks] = "--enable-luks, --disable-luks, cryptsetup"
/openbmc/qemu/qapi/
H A Dcrypto.json153 # @luks: LUKS encryption format. Recommended for new images
158 'data': ['qcow', 'luks']}
189 # The options that apply to LUKS encryption format
203 # The options that apply to LUKS encryption format initialization
246 'luks': 'QCryptoBlockOptionsLUKS' } }
260 'luks': 'QCryptoBlockCreateOptionsLUKS' } }
278 # Information about the LUKS block encryption key slot options
299 # Information about the LUKS block encryption options
311 # @detached-header: whether the LUKS header is detached (Since 9.0)
345 'data': { 'luks': 'QCryptoBlockInfoLUKS' } }
[all …]
/openbmc/qemu/docs/interop/
H A Dqcow2.txt65 2 for LUKS encryption
338 of the 'LUKS' crypt method. The header extension must be absent for
354 For the LUKS crypt method, the encryption header works as follows.
356 The first 592 bytes of the header clusters will contain the LUKS
359 stripes in the key slot and key size. Refer to the LUKS format
361 package) for details of the LUKS partition header format.
363 In the LUKS partition header, the "payload-offset" field will be
364 calculated as normal for the LUKS spec. ie the size of the LUKS
366 start of the LUKS header. This offset value is not required to be
372 In the LUKS key slots header, the "key-material-offset" is relative
[all …]
/openbmc/qemu/docs/system/
H A Dqemu-block-drivers.rst.inc67 If this is set to ``luks``, it requests that the qcow2 payload (not
68 qcow2 header) be encrypted using the LUKS format. The passphrase to
69 use to unlock the LUKS key slot is given by the ``encrypt.key-secret``
70 parameter. LUKS encryption parameters can be tuned with the other
91 and interoperability with old versions of QEMU. The ``luks`` format
97 (``encrypt.format=luks``) or encryption key (``encrypt.format=aes``).
102 to ``aes-256``. Only used when ``encrypt.format=luks``.
107 Only used when ``encrypt.format=luks``.
112 to ``plain64``. Only used when ``encrypt.format=luks``.
117 (if required). Defaults to ``sha256``. Only used when ``encrypt.format=luks``.
[all …]
/openbmc/estoraged/src/
H A Destoraged.cpp287 * Check if the mapped virtual device exists. If it exists, the LUKS volume in isLocked()
328 /* Format the LUKS encrypted device. */ in formatLuksDev()
365 lg2::error("Failed to load LUKS header: {RETVAL}", "RETVAL", retval, in loadLuksHeader()
388 lg2::info("Activating LUKS dev {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID", in activateLuksDev()
400 lg2::error("Failed to activate LUKS dev: {RETVAL}", "RETVAL", retval, in activateLuksDev()
406 lg2::info("Successfully activated LUKS dev {DEV}", "DEV", devPath, in activateLuksDev()
499 lg2::info("Deactivating LUKS device {DEV}", "DEV", devPath, in deactivateLuksDev()
512 lg2::info("Successfully deactivated LUKS device {DEV}", "DEV", devPath, in deactivateLuksDev()

1234