From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36102) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aJV1r-0001Ze-Pp for qemu-devel@nongnu.org; Wed, 13 Jan 2016 18:40:40 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aJV1q-0005hw-O2 for qemu-devel@nongnu.org; Wed, 13 Jan 2016 18:40:39 -0500 References: <1452624982-19332-1-git-send-email-berrange@redhat.com> <1452624982-19332-6-git-send-email-berrange@redhat.com> From: Eric Blake Message-ID: <5696E06F.7060906@redhat.com> Date: Wed, 13 Jan 2016 16:40:31 -0700 MIME-Version: 1.0 In-Reply-To: <1452624982-19332-6-git-send-email-berrange@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="1XqIhnAh24wSR4QIxuJR6wqniN5nweVfa" Subject: Re: [Qemu-devel] [PATCH v1 05/15] crypto: add block encryption framework List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: qemu-block@nongnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --1XqIhnAh24wSR4QIxuJR6wqniN5nweVfa Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 01/12/2016 11:56 AM, Daniel P. Berrange wrote: > Add a generic framework for support different block encryption > formats. Upon instantiating a QCryptoBlock object, it will read > the encryption header and extract the encryption keys. It is > then possible to call methods to encrypt/decrypt data buffers. >=20 > There is also a mode whereby it will create/initialize a new > encryption header on a previously unformatted volume. >=20 > The initial framework comes with support for the legacy QCow > AES based encryption. This enables code in the QCow driver to > be consolidated later. >=20 > Signed-off-by: Daniel P. Berrange > --- > +++ b/qapi/crypto.json > @@ -94,3 +94,68 @@ > { 'enum': 'QCryptoIVGenAlgorithm', > 'prefix': 'QCRYPTO_IVGEN_ALG', > 'data': ['plain', 'plain64', 'essiv']} > + > +## > +# QCryptoBlockFormat: > +# > +# The supported full disk encryption formats > +# > +# @qcowaes: QCow/QCow2 built-in AES-CBC encryption. Do not use > +# Well, the only reason to use it would be to read data off an old insecurely-encrypted qcow2 file; so maybe it should read "Do not use on new files" > +# Since: 2.6 > +## > +{ 'enum': 'QCryptoBlockFormat', > +# 'prefix': 'QCRYPTO_BLOCK_FORMAT', > + 'data': ['qcowaes']} Would 'qcow-aes' be any easier to read? > + > +## > +# QCryptoBlockOptionsBase: > +# > +# The common options that apply to all full disk > +# encryption formats > +# > +# @format: the encryption format > +# > +# Since: 2.6 > +## > +{ 'struct': 'QCryptoBlockOptionsBase', > + 'data': { 'format': 'QCryptoBlockFormat' }} My pending series to add anonymous flat union base types can simplify this a bit; I've added it to my list of cleanups that are awaiting merge of my code. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --1XqIhnAh24wSR4QIxuJR6wqniN5nweVfa Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJWluBvAAoJEKeha0olJ0NqiGwH/RkOZZSGZd9WZcXQcVASlE+9 JYz6WG8zK/F1ZWIoXknMKOakgTEB7Be82VlFfOKItRc87Vt+W3O99pNTlI6QwsvO tqs3T59DB4aZyvSGH5WNUO02rHmEBI4jo6x2IRd3chV2NdkDQsufcTeTtE9reXLp 6Y6pQ18u3z4oVux7KQaNuzsXC3uC3aWYpLRWgDNE29PXpDGZ7Uqg9tnMqfrvBSMg XRLAaF1ZJYCREbG7bGFXSDNd1kL3CZnULcIMiUtQ/KZG6VrG0iHx6PvJC5jCFHjG DVOdXTmm76xdIN9w72PYGcLmzjxzcd1/S6UDpXVKlu1XCrKq418rQrklLzn74k0= =3ZoP -----END PGP SIGNATURE----- --1XqIhnAh24wSR4QIxuJR6wqniN5nweVfa--