[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [Qemu-devel] [PATCH v1 05/15] crypto: add block encrypt
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-block] [Qemu-devel] [PATCH v1 05/15] crypto: add block encryption framework |
Date: |
Thu, 14 Jan 2016 12:16:04 +0000 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Wed, Jan 13, 2016 at 04:40:31PM -0700, Eric Blake wrote:
> On 01/12/2016 11:56 AM, Daniel P. Berrange wrote:
> > Add a generic framework for support different block encryption
> > formats. Upon instantiating a QCryptoBlock object, it will read
> > the encryption header and extract the encryption keys. It is
> > then possible to call methods to encrypt/decrypt data buffers.
> >
> > There is also a mode whereby it will create/initialize a new
> > encryption header on a previously unformatted volume.
> >
> > The initial framework comes with support for the legacy QCow
> > AES based encryption. This enables code in the QCow driver to
> > be consolidated later.
> >
> > Signed-off-by: Daniel P. Berrange <address@hidden>
> > ---
>
> > +++ b/qapi/crypto.json
> > @@ -94,3 +94,68 @@
> > { 'enum': 'QCryptoIVGenAlgorithm',
> > 'prefix': 'QCRYPTO_IVGEN_ALG',
> > 'data': ['plain', 'plain64', 'essiv']}
> > +
> > +##
> > +# QCryptoBlockFormat:
> > +#
> > +# The supported full disk encryption formats
> > +#
> > +# @qcowaes: QCow/QCow2 built-in AES-CBC encryption. Do not use
> > +#
>
> Well, the only reason to use it would be to read data off an old
> insecurely-encrypted qcow2 file; so maybe it should read "Do not use on
> new files"
Yep
> > +# Since: 2.6
> > +##
> > +{ 'enum': 'QCryptoBlockFormat',
> > +# 'prefix': 'QCRYPTO_BLOCK_FORMAT',
> > + 'data': ['qcowaes']}
>
> Would 'qcow-aes' be any easier to read?
Or just shorten to 'qcow' perhaps ?
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
- Re: [Qemu-block] [PATCH v1 07/15] block: add flag to indicate that no I/O will be performed, (continued)
- [Qemu-block] [PATCH v1 12/15] qcow: convert QCow to use QCryptoBlock for encryption, Daniel P. Berrange, 2016/01/12
- [Qemu-block] [PATCH v1 14/15] block: remove all encryption handling APIs, Daniel P. Berrange, 2016/01/12
- [Qemu-block] [PATCH v1 08/15] block: add generic full disk encryption driver, Daniel P. Berrange, 2016/01/12
- [Qemu-block] [PATCH v1 15/15] block: remove support for legecy AES qcow/qcow2 encryption, Daniel P. Berrange, 2016/01/12
- [Qemu-block] [PATCH v1 05/15] crypto: add block encryption framework, Daniel P. Berrange, 2016/01/12
[Qemu-block] [PATCH v1 04/15] crypto: add support for anti-forensic split algorithm, Daniel P. Berrange, 2016/01/12
[Qemu-block] [PATCH v1 13/15] block: rip out all traces of password prompting, Daniel P. Berrange, 2016/01/12
[Qemu-block] [PATCH v1 10/15] qcow2: convert QCow2 to use QCryptoBlock for encryption, Daniel P. Berrange, 2016/01/12
[Qemu-block] [PATCH v1 06/15] crypto: implement the LUKS block encryption format, Daniel P. Berrange, 2016/01/12