blob: dd7d47903cbf0175fe15cc41ad73f9f66672ad0d [file] [log] [blame]
Daniel P. Berrange306a06e2017-06-23 17:24:00 +01001/*
2 * QEMU block full disk encryption
3 *
4 * Copyright (c) 2015-2017 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
20
21#ifndef BLOCK_CRYPTO_H__
22#define BLOCK_CRYPTO_H__
23
Daniel P. Berranged85f4222017-06-23 17:24:08 +010024#define BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, helpstr) \
25 { \
26 .name = prefix BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET, \
27 .type = QEMU_OPT_STRING, \
28 .help = helpstr, \
29 }
30
31#define BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET "key-secret"
32
33#define BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET(prefix) \
34 BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \
35 "ID of the secret that provides the AES encryption key")
36
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010037#define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret"
38#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg"
39#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode"
40#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg"
41#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg"
42#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
43#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
44
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010045#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \
Daniel P. Berranged85f4222017-06-23 17:24:08 +010046 BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \
47 "ID of the secret that provides the keyslot passphrase")
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010048
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010049#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix) \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010050 { \
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010051 .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010052 .type = QEMU_OPT_STRING, \
53 .help = "Name of encryption cipher algorithm", \
54 }
55
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010056#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(prefix) \
57 { \
58 .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \
59 .type = QEMU_OPT_STRING, \
60 .help = "Name of encryption cipher mode", \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010061 }
62
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010063#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(prefix) \
64 { \
65 .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \
66 .type = QEMU_OPT_STRING, \
67 .help = "Name of IV generator algorithm", \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010068 }
69
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010070#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(prefix) \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010071 { \
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010072 .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010073 .type = QEMU_OPT_STRING, \
74 .help = "Name of IV generator hash algorithm", \
75 }
76
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010077#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(prefix) \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010078 { \
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010079 .name = prefix BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010080 .type = QEMU_OPT_STRING, \
81 .help = "Name of encryption hash algorithm", \
82 }
83
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010084#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(prefix) \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010085 { \
Daniel P. Berrange4a47f852017-06-23 17:24:01 +010086 .name = prefix BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010087 .type = QEMU_OPT_NUMBER, \
88 .help = "Time to spend in PBKDF in milliseconds", \
89 }
90
91QCryptoBlockCreateOptions *
Markus Armbruster796d3232018-06-26 19:41:19 +020092block_crypto_create_opts_init(QDict *opts, Error **errp);
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010093
94QCryptoBlockOpenOptions *
Markus Armbruster796d3232018-06-26 19:41:19 +020095block_crypto_open_opts_init(QDict *opts, Error **errp);
Daniel P. Berrange306a06e2017-06-23 17:24:00 +010096
97#endif /* BLOCK_CRYPTO_H__ */