1306a06e5SDaniel P. Berrange /* 2306a06e5SDaniel P. Berrange * QEMU block full disk encryption 3306a06e5SDaniel P. Berrange * 4306a06e5SDaniel P. Berrange * Copyright (c) 2015-2017 Red Hat, Inc. 5306a06e5SDaniel P. Berrange * 6306a06e5SDaniel P. Berrange * This library is free software; you can redistribute it and/or 7306a06e5SDaniel P. Berrange * modify it under the terms of the GNU Lesser General Public 8306a06e5SDaniel P. Berrange * License as published by the Free Software Foundation; either 961f3c91aSChetan Pant * version 2.1 of the License, or (at your option) any later version. 10306a06e5SDaniel P. Berrange * 11306a06e5SDaniel P. Berrange * This library is distributed in the hope that it will be useful, 12306a06e5SDaniel P. Berrange * but WITHOUT ANY WARRANTY; without even the implied warranty of 13306a06e5SDaniel P. Berrange * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14306a06e5SDaniel P. Berrange * Lesser General Public License for more details. 15306a06e5SDaniel P. Berrange * 16306a06e5SDaniel P. Berrange * You should have received a copy of the GNU Lesser General Public 17306a06e5SDaniel P. Berrange * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18306a06e5SDaniel P. Berrange * 19306a06e5SDaniel P. Berrange */ 20306a06e5SDaniel P. Berrange 21a8b991b5SMarkus Armbruster #ifndef BLOCK_CRYPTO_H 22a8b991b5SMarkus Armbruster #define BLOCK_CRYPTO_H 23306a06e5SDaniel P. Berrange 24d85f4222SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, helpstr) \ 25d85f4222SDaniel P. Berrange { \ 26d85f4222SDaniel P. Berrange .name = prefix BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET, \ 27d85f4222SDaniel P. Berrange .type = QEMU_OPT_STRING, \ 28d85f4222SDaniel P. Berrange .help = helpstr, \ 29d85f4222SDaniel P. Berrange } 30d85f4222SDaniel P. Berrange 31d85f4222SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET "key-secret" 32d85f4222SDaniel P. Berrange 33d85f4222SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET(prefix) \ 34d85f4222SDaniel P. Berrange BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \ 35d85f4222SDaniel P. Berrange "ID of the secret that provides the AES encryption key") 36d85f4222SDaniel P. Berrange 37306a06e5SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret" 38306a06e5SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg" 39306a06e5SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode" 40306a06e5SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg" 41306a06e5SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg" 42306a06e5SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg" 43306a06e5SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time" 44*35286daeSHyman Huang #define BLOCK_CRYPTO_OPT_LUKS_DETACHED_HEADER "detached-header" 45bbfdae91SMaxim Levitsky #define BLOCK_CRYPTO_OPT_LUKS_KEYSLOT "keyslot" 46bbfdae91SMaxim Levitsky #define BLOCK_CRYPTO_OPT_LUKS_STATE "state" 47bbfdae91SMaxim Levitsky #define BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET "old-secret" 48bbfdae91SMaxim Levitsky #define BLOCK_CRYPTO_OPT_LUKS_NEW_SECRET "new-secret" 49bbfdae91SMaxim Levitsky 50306a06e5SDaniel P. Berrange 514a47f854SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \ 52d85f4222SDaniel P. Berrange BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \ 53d85f4222SDaniel P. Berrange "ID of the secret that provides the keyslot passphrase") 54306a06e5SDaniel P. Berrange 554a47f854SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix) \ 56306a06e5SDaniel P. Berrange { \ 574a47f854SDaniel P. Berrange .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \ 58306a06e5SDaniel P. Berrange .type = QEMU_OPT_STRING, \ 59306a06e5SDaniel P. Berrange .help = "Name of encryption cipher algorithm", \ 60306a06e5SDaniel P. Berrange } 61306a06e5SDaniel P. Berrange 624a47f854SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(prefix) \ 63306a06e5SDaniel P. Berrange { \ 644a47f854SDaniel P. Berrange .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \ 65306a06e5SDaniel P. Berrange .type = QEMU_OPT_STRING, \ 66306a06e5SDaniel P. Berrange .help = "Name of encryption cipher mode", \ 67306a06e5SDaniel P. Berrange } 68306a06e5SDaniel P. Berrange 694a47f854SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(prefix) \ 70306a06e5SDaniel P. Berrange { \ 714a47f854SDaniel P. Berrange .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \ 72306a06e5SDaniel P. Berrange .type = QEMU_OPT_STRING, \ 73306a06e5SDaniel P. Berrange .help = "Name of IV generator algorithm", \ 74306a06e5SDaniel P. Berrange } 75306a06e5SDaniel P. Berrange 764a47f854SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(prefix) \ 77306a06e5SDaniel P. Berrange { \ 784a47f854SDaniel P. Berrange .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \ 79306a06e5SDaniel P. Berrange .type = QEMU_OPT_STRING, \ 80306a06e5SDaniel P. Berrange .help = "Name of IV generator hash algorithm", \ 81306a06e5SDaniel P. Berrange } 82306a06e5SDaniel P. Berrange 834a47f854SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(prefix) \ 84306a06e5SDaniel P. Berrange { \ 854a47f854SDaniel P. Berrange .name = prefix BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \ 86306a06e5SDaniel P. Berrange .type = QEMU_OPT_STRING, \ 87306a06e5SDaniel P. Berrange .help = "Name of encryption hash algorithm", \ 88306a06e5SDaniel P. Berrange } 89306a06e5SDaniel P. Berrange 904a47f854SDaniel P. Berrange #define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(prefix) \ 91306a06e5SDaniel P. Berrange { \ 924a47f854SDaniel P. Berrange .name = prefix BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \ 93306a06e5SDaniel P. Berrange .type = QEMU_OPT_NUMBER, \ 94306a06e5SDaniel P. Berrange .help = "Time to spend in PBKDF in milliseconds", \ 95306a06e5SDaniel P. Berrange } 96306a06e5SDaniel P. Berrange 97bbfdae91SMaxim Levitsky #define BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(prefix) \ 98bbfdae91SMaxim Levitsky { \ 99bbfdae91SMaxim Levitsky .name = prefix BLOCK_CRYPTO_OPT_LUKS_STATE, \ 100bbfdae91SMaxim Levitsky .type = QEMU_OPT_STRING, \ 101bbfdae91SMaxim Levitsky .help = "Select new state of affected keyslots (active/inactive)",\ 102bbfdae91SMaxim Levitsky } 103bbfdae91SMaxim Levitsky 104*35286daeSHyman Huang #define BLOCK_CRYPTO_OPT_DEF_LUKS_DETACHED_HEADER(prefix) \ 105*35286daeSHyman Huang { \ 106*35286daeSHyman Huang .name = prefix BLOCK_CRYPTO_OPT_LUKS_DETACHED_HEADER, \ 107*35286daeSHyman Huang .type = QEMU_OPT_BOOL, \ 108*35286daeSHyman Huang .help = "Create a detached LUKS header", \ 109*35286daeSHyman Huang } 110*35286daeSHyman Huang 111bbfdae91SMaxim Levitsky #define BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(prefix) \ 112bbfdae91SMaxim Levitsky { \ 113bbfdae91SMaxim Levitsky .name = prefix BLOCK_CRYPTO_OPT_LUKS_KEYSLOT, \ 114bbfdae91SMaxim Levitsky .type = QEMU_OPT_NUMBER, \ 115bbfdae91SMaxim Levitsky .help = "Select a single keyslot to modify explicitly",\ 116bbfdae91SMaxim Levitsky } 117bbfdae91SMaxim Levitsky 118bbfdae91SMaxim Levitsky #define BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(prefix) \ 119bbfdae91SMaxim Levitsky { \ 120bbfdae91SMaxim Levitsky .name = prefix BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET, \ 121bbfdae91SMaxim Levitsky .type = QEMU_OPT_STRING, \ 122bbfdae91SMaxim Levitsky .help = "Select all keyslots that match this password", \ 123bbfdae91SMaxim Levitsky } 124bbfdae91SMaxim Levitsky 125bbfdae91SMaxim Levitsky #define BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(prefix) \ 126bbfdae91SMaxim Levitsky { \ 127bbfdae91SMaxim Levitsky .name = prefix BLOCK_CRYPTO_OPT_LUKS_NEW_SECRET, \ 128bbfdae91SMaxim Levitsky .type = QEMU_OPT_STRING, \ 129bbfdae91SMaxim Levitsky .help = "New secret to set in the matching keyslots. " \ 130bbfdae91SMaxim Levitsky "Empty string to erase", \ 131bbfdae91SMaxim Levitsky } 132bbfdae91SMaxim Levitsky 133306a06e5SDaniel P. Berrange QCryptoBlockCreateOptions * 134796d3239SMarkus Armbruster block_crypto_create_opts_init(QDict *opts, Error **errp); 135306a06e5SDaniel P. Berrange 13643cbd06dSMaxim Levitsky QCryptoBlockAmendOptions * 13743cbd06dSMaxim Levitsky block_crypto_amend_opts_init(QDict *opts, Error **errp); 13843cbd06dSMaxim Levitsky 139306a06e5SDaniel P. Berrange QCryptoBlockOpenOptions * 140796d3239SMarkus Armbruster block_crypto_open_opts_init(QDict *opts, Error **errp); 141306a06e5SDaniel P. Berrange 142a8b991b5SMarkus Armbruster #endif /* BLOCK_CRYPTO_H */ 143