1 /* 2 * QEMU block full disk encryption 3 * 4 * Copyright (c) 2015-2017 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #ifndef BLOCK_CRYPTO_H 22 #define BLOCK_CRYPTO_H 23 24 #define BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, helpstr) \ 25 { \ 26 .name = prefix BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET, \ 27 .type = QEMU_OPT_STRING, \ 28 .help = helpstr, \ 29 } 30 31 #define BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET "key-secret" 32 33 #define BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET(prefix) \ 34 BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \ 35 "ID of the secret that provides the AES encryption key") 36 37 #define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret" 38 #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg" 39 #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode" 40 #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg" 41 #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg" 42 #define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg" 43 #define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time" 44 45 #define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \ 46 BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \ 47 "ID of the secret that provides the keyslot passphrase") 48 49 #define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix) \ 50 { \ 51 .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \ 52 .type = QEMU_OPT_STRING, \ 53 .help = "Name of encryption cipher algorithm", \ 54 } 55 56 #define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(prefix) \ 57 { \ 58 .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \ 59 .type = QEMU_OPT_STRING, \ 60 .help = "Name of encryption cipher mode", \ 61 } 62 63 #define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(prefix) \ 64 { \ 65 .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \ 66 .type = QEMU_OPT_STRING, \ 67 .help = "Name of IV generator algorithm", \ 68 } 69 70 #define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(prefix) \ 71 { \ 72 .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \ 73 .type = QEMU_OPT_STRING, \ 74 .help = "Name of IV generator hash algorithm", \ 75 } 76 77 #define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(prefix) \ 78 { \ 79 .name = prefix BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \ 80 .type = QEMU_OPT_STRING, \ 81 .help = "Name of encryption hash algorithm", \ 82 } 83 84 #define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(prefix) \ 85 { \ 86 .name = prefix BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \ 87 .type = QEMU_OPT_NUMBER, \ 88 .help = "Time to spend in PBKDF in milliseconds", \ 89 } 90 91 QCryptoBlockCreateOptions * 92 block_crypto_create_opts_init(QDict *opts, Error **errp); 93 94 QCryptoBlockOpenOptions * 95 block_crypto_open_opts_init(QDict *opts, Error **errp); 96 97 #endif /* BLOCK_CRYPTO_H */ 98