[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH v4 12/26] crypto: add block encryption framework
|
From: |
Eric Blake |
|
Subject: |
Re: [Qemu-block] [PATCH v4 12/26] crypto: add block encryption framework |
|
Date: |
Fri, 11 Mar 2016 13:58:33 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 |
On 02/29/2016 05:00 AM, Daniel P. Berrange wrote:
> Add a generic framework for support different block encryption
s/support/supporting/
> formats. Upon instantiating a QCryptoBlock object, it will read
> the encryption header and extract the encryption keys. It is
> then possible to call methods to encrypt/decrypt data buffers.
>
> There is also a mode whereby it will create/initialize a new
> encryption header on a previously unformatted volume.
>
> The initial framework comes with support for the legacy QCow
> AES based encryption. This enables code in the QCow driver to
> be consolidated later.
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
> +/**
> + * qcrypto_block_open:
> + * @options: the encryption options
> + * @readfunc: callback for reading data from the volume
> + * @opaque: data to pass to @readfunc
> + * @flags: bitmask of QCryptoBlockOpenFlags values
> + * @errp: pointer to a NULL-initialized error object
> + *
> + * If any part of initializing the encryption context
> + * fails an error will be returned. This could be due
> + * to the volume being in the wrong format, an cipher
s/an/a/
> + * or IV generator algorithm that is not supported,
> + * or incorrect passphrases.
> + *
> + * Returns: a block encryption format, or NULL on error
> + */
> +QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
> + QCryptoBlockReadFunc readfunc,
> + void *opaque,
> + unsigned int flags,
> + Error **errp);
> +
> +/**
> + * qcrypto_block_create:
> + * If any part of initializing the encryption context
> + * fails an error will be returned. This could be due
> + * to the volume being in the wrong format, an cipher
and again
> +++ b/qapi/crypto.json
> @@ -109,3 +109,70 @@
> { 'enum': 'QCryptoIVGenAlgorithm',
> +
> +##
> +# QCryptoBlockOptionsBase:
> +#
> +# The common options that apply to all full disk
> +# encryption formats
> +#
> +# @format: the encryption format
> +#
> +# Since: 2.6
> +##
> +{ 'struct': 'QCryptoBlockOptionsBase',
> + 'data': { 'format': 'QCryptoBlockFormat' }}
We are so close to having my patches in for anonymous base; depending on
whose lands first, we can clean this up to get rid of the one-shot base
(followup is fine).
https://lists.gnu.org/archive/html/qemu-devel/2016-03/msg02296.html
> +
> +##
> +# QCryptoBlockOptionsQCow:
> +#
> +# The options that apply to QCow/QCow2 AES-CBC encryption format
> +#
> +# @key-secret: #optional the ID of a QCryptoSecret object providing the
> +# decryption key
I mentioned in a previous round that you may want to mention that it is
optional only when probing the image metadata, and mandatory for
reading/writing guest-visible data. Don't know if that is worth adding
words here.
With the typo fixes,
Reviewed-by: Eric Blake <address@hidden>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Qemu-block] [PATCH v4 12/26] crypto: add block encryption framework,
Eric Blake <=