blob: 72e792c9af1c333e05fd91a5d9262c1860cb22fa [file] [log] [blame]
Daniel P. Berrange306a06e2017-06-23 17:24:00 +01001/*
2 * QEMU block full disk encryption
3 *
4 * Copyright (c) 2015-2017 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
Chetan Pant61f3c912020-10-23 12:44:24 +00009 * version 2.1 of the License, or (at your option) any later version.
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010010 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
20
Markus Armbrustera8b991b2019-03-15 15:51:21 +010021#ifndef BLOCK_CRYPTO_H
22#define BLOCK_CRYPTO_H
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010023
Daniel P. Berranged85f4222017-06-23 17:24:08 +010024#define BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, helpstr) \
25 { \
26 .name = prefix BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET, \
27 .type = QEMU_OPT_STRING, \
28 .help = helpstr, \
29 }
30
31#define BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET "key-secret"
32
33#define BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET(prefix) \
34 BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \
35 "ID of the secret that provides the AES encryption key")
36
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010037#define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret"
38#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg"
39#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode"
40#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg"
41#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg"
42#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
43#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
Maxim Levitskybbfdae92020-06-25 14:55:42 +020044#define BLOCK_CRYPTO_OPT_LUKS_KEYSLOT "keyslot"
45#define BLOCK_CRYPTO_OPT_LUKS_STATE "state"
46#define BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET "old-secret"
47#define BLOCK_CRYPTO_OPT_LUKS_NEW_SECRET "new-secret"
48
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010049
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010050#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \
Daniel P. Berranged85f4222017-06-23 17:24:08 +010051 BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \
52 "ID of the secret that provides the keyslot passphrase")
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010053
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010054#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix) \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010055 { \
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010056 .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010057 .type = QEMU_OPT_STRING, \
58 .help = "Name of encryption cipher algorithm", \
59 }
60
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010061#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(prefix) \
62 { \
63 .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \
64 .type = QEMU_OPT_STRING, \
65 .help = "Name of encryption cipher mode", \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010066 }
67
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010068#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(prefix) \
69 { \
70 .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \
71 .type = QEMU_OPT_STRING, \
72 .help = "Name of IV generator algorithm", \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010073 }
74
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010075#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(prefix) \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010076 { \
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010077 .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010078 .type = QEMU_OPT_STRING, \
79 .help = "Name of IV generator hash algorithm", \
80 }
81
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010082#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(prefix) \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010083 { \
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010084 .name = prefix BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010085 .type = QEMU_OPT_STRING, \
86 .help = "Name of encryption hash algorithm", \
87 }
88
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010089#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(prefix) \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010090 { \
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010091 .name = prefix BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010092 .type = QEMU_OPT_NUMBER, \
93 .help = "Time to spend in PBKDF in milliseconds", \
94 }
95
Maxim Levitskybbfdae92020-06-25 14:55:42 +020096#define BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(prefix) \
97 { \
98 .name = prefix BLOCK_CRYPTO_OPT_LUKS_STATE, \
99 .type = QEMU_OPT_STRING, \
100 .help = "Select new state of affected keyslots (active/inactive)",\
101 }
102
103#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(prefix) \
104 { \
105 .name = prefix BLOCK_CRYPTO_OPT_LUKS_KEYSLOT, \
106 .type = QEMU_OPT_NUMBER, \
107 .help = "Select a single keyslot to modify explicitly",\
108 }
109
110#define BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(prefix) \
111 { \
112 .name = prefix BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET, \
113 .type = QEMU_OPT_STRING, \
114 .help = "Select all keyslots that match this password", \
115 }
116
117#define BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(prefix) \
118 { \
119 .name = prefix BLOCK_CRYPTO_OPT_LUKS_NEW_SECRET, \
120 .type = QEMU_OPT_STRING, \
121 .help = "New secret to set in the matching keyslots. " \
122 "Empty string to erase", \
123 }
124
Daniel P. Berrange306a06e2017-06-23 17:24:00 +0100125QCryptoBlockCreateOptions *
Markus Armbruster796d3232018-06-26 19:41:19 +0200126block_crypto_create_opts_init(QDict *opts, Error **errp);
Daniel P. Berrange306a06e2017-06-23 17:24:00 +0100127
Maxim Levitsky43cbd062020-06-25 14:55:36 +0200128QCryptoBlockAmendOptions *
129block_crypto_amend_opts_init(QDict *opts, Error **errp);
130
Daniel P. Berrange306a06e2017-06-23 17:24:00 +0100131QCryptoBlockOpenOptions *
Markus Armbruster796d3232018-06-26 19:41:19 +0200132block_crypto_open_opts_init(QDict *opts, Error **errp);
Daniel P. Berrange306a06e2017-06-23 17:24:00 +0100133
Markus Armbrustera8b991b2019-03-15 15:51:21 +0100134#endif /* BLOCK_CRYPTO_H */