Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 1 | /* |
| 2 | * QEMU block full disk encryption |
| 3 | * |
| 4 | * Copyright (c) 2015-2017 Red Hat, Inc. |
| 5 | * |
| 6 | * This library is free software; you can redistribute it and/or |
| 7 | * modify it under the terms of the GNU Lesser General Public |
| 8 | * License as published by the Free Software Foundation; either |
Chetan Pant | 61f3c91 | 2020-10-23 12:44:24 +0000 | [diff] [blame] | 9 | * version 2.1 of the License, or (at your option) any later version. |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 10 | * |
| 11 | * This library is distributed in the hope that it will be useful, |
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 14 | * Lesser General Public License for more details. |
| 15 | * |
| 16 | * You should have received a copy of the GNU Lesser General Public |
| 17 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | */ |
| 20 | |
Markus Armbruster | a8b991b | 2019-03-15 15:51:21 +0100 | [diff] [blame] | 21 | #ifndef BLOCK_CRYPTO_H |
| 22 | #define BLOCK_CRYPTO_H |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 23 | |
Daniel P. Berrange | d85f422 | 2017-06-23 17:24:08 +0100 | [diff] [blame] | 24 | #define BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, helpstr) \ |
| 25 | { \ |
| 26 | .name = prefix BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET, \ |
| 27 | .type = QEMU_OPT_STRING, \ |
| 28 | .help = helpstr, \ |
| 29 | } |
| 30 | |
| 31 | #define BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET "key-secret" |
| 32 | |
| 33 | #define BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET(prefix) \ |
| 34 | BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \ |
| 35 | "ID of the secret that provides the AES encryption key") |
| 36 | |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 37 | #define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret" |
| 38 | #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg" |
| 39 | #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode" |
| 40 | #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg" |
| 41 | #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg" |
| 42 | #define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg" |
| 43 | #define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time" |
Maxim Levitsky | bbfdae9 | 2020-06-25 14:55:42 +0200 | [diff] [blame] | 44 | #define BLOCK_CRYPTO_OPT_LUKS_KEYSLOT "keyslot" |
| 45 | #define BLOCK_CRYPTO_OPT_LUKS_STATE "state" |
| 46 | #define BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET "old-secret" |
| 47 | #define BLOCK_CRYPTO_OPT_LUKS_NEW_SECRET "new-secret" |
| 48 | |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 49 | |
Daniel P. Berrange | 4a47f85 | 2017-06-23 17:24:01 +0100 | [diff] [blame] | 50 | #define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \ |
Daniel P. Berrange | d85f422 | 2017-06-23 17:24:08 +0100 | [diff] [blame] | 51 | BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \ |
| 52 | "ID of the secret that provides the keyslot passphrase") |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 53 | |
Daniel P. Berrange | 4a47f85 | 2017-06-23 17:24:01 +0100 | [diff] [blame] | 54 | #define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix) \ |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 55 | { \ |
Daniel P. Berrange | 4a47f85 | 2017-06-23 17:24:01 +0100 | [diff] [blame] | 56 | .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \ |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 57 | .type = QEMU_OPT_STRING, \ |
| 58 | .help = "Name of encryption cipher algorithm", \ |
| 59 | } |
| 60 | |
Daniel P. Berrange | 4a47f85 | 2017-06-23 17:24:01 +0100 | [diff] [blame] | 61 | #define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(prefix) \ |
| 62 | { \ |
| 63 | .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \ |
| 64 | .type = QEMU_OPT_STRING, \ |
| 65 | .help = "Name of encryption cipher mode", \ |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 66 | } |
| 67 | |
Daniel P. Berrange | 4a47f85 | 2017-06-23 17:24:01 +0100 | [diff] [blame] | 68 | #define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(prefix) \ |
| 69 | { \ |
| 70 | .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \ |
| 71 | .type = QEMU_OPT_STRING, \ |
| 72 | .help = "Name of IV generator algorithm", \ |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 73 | } |
| 74 | |
Daniel P. Berrange | 4a47f85 | 2017-06-23 17:24:01 +0100 | [diff] [blame] | 75 | #define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(prefix) \ |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 76 | { \ |
Daniel P. Berrange | 4a47f85 | 2017-06-23 17:24:01 +0100 | [diff] [blame] | 77 | .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \ |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 78 | .type = QEMU_OPT_STRING, \ |
| 79 | .help = "Name of IV generator hash algorithm", \ |
| 80 | } |
| 81 | |
Daniel P. Berrange | 4a47f85 | 2017-06-23 17:24:01 +0100 | [diff] [blame] | 82 | #define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(prefix) \ |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 83 | { \ |
Daniel P. Berrange | 4a47f85 | 2017-06-23 17:24:01 +0100 | [diff] [blame] | 84 | .name = prefix BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \ |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 85 | .type = QEMU_OPT_STRING, \ |
| 86 | .help = "Name of encryption hash algorithm", \ |
| 87 | } |
| 88 | |
Daniel P. Berrange | 4a47f85 | 2017-06-23 17:24:01 +0100 | [diff] [blame] | 89 | #define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(prefix) \ |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 90 | { \ |
Daniel P. Berrange | 4a47f85 | 2017-06-23 17:24:01 +0100 | [diff] [blame] | 91 | .name = prefix BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \ |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 92 | .type = QEMU_OPT_NUMBER, \ |
| 93 | .help = "Time to spend in PBKDF in milliseconds", \ |
| 94 | } |
| 95 | |
Maxim Levitsky | bbfdae9 | 2020-06-25 14:55:42 +0200 | [diff] [blame] | 96 | #define BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(prefix) \ |
| 97 | { \ |
| 98 | .name = prefix BLOCK_CRYPTO_OPT_LUKS_STATE, \ |
| 99 | .type = QEMU_OPT_STRING, \ |
| 100 | .help = "Select new state of affected keyslots (active/inactive)",\ |
| 101 | } |
| 102 | |
| 103 | #define BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(prefix) \ |
| 104 | { \ |
| 105 | .name = prefix BLOCK_CRYPTO_OPT_LUKS_KEYSLOT, \ |
| 106 | .type = QEMU_OPT_NUMBER, \ |
| 107 | .help = "Select a single keyslot to modify explicitly",\ |
| 108 | } |
| 109 | |
| 110 | #define BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(prefix) \ |
| 111 | { \ |
| 112 | .name = prefix BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET, \ |
| 113 | .type = QEMU_OPT_STRING, \ |
| 114 | .help = "Select all keyslots that match this password", \ |
| 115 | } |
| 116 | |
| 117 | #define BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(prefix) \ |
| 118 | { \ |
| 119 | .name = prefix BLOCK_CRYPTO_OPT_LUKS_NEW_SECRET, \ |
| 120 | .type = QEMU_OPT_STRING, \ |
| 121 | .help = "New secret to set in the matching keyslots. " \ |
| 122 | "Empty string to erase", \ |
| 123 | } |
| 124 | |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 125 | QCryptoBlockCreateOptions * |
Markus Armbruster | 796d323 | 2018-06-26 19:41:19 +0200 | [diff] [blame] | 126 | block_crypto_create_opts_init(QDict *opts, Error **errp); |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 127 | |
Maxim Levitsky | 43cbd06 | 2020-06-25 14:55:36 +0200 | [diff] [blame] | 128 | QCryptoBlockAmendOptions * |
| 129 | block_crypto_amend_opts_init(QDict *opts, Error **errp); |
| 130 | |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 131 | QCryptoBlockOpenOptions * |
Markus Armbruster | 796d323 | 2018-06-26 19:41:19 +0200 | [diff] [blame] | 132 | block_crypto_open_opts_init(QDict *opts, Error **errp); |
Daniel P. Berrange | 306a06e | 2017-06-23 17:24:00 +0100 | [diff] [blame] | 133 | |
Markus Armbruster | a8b991b | 2019-03-15 15:51:21 +0100 | [diff] [blame] | 134 | #endif /* BLOCK_CRYPTO_H */ |