From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37732) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aJV4V-00034a-K1 for qemu-devel@nongnu.org; Wed, 13 Jan 2016 18:43:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aJV4U-0007Jh-Mh for qemu-devel@nongnu.org; Wed, 13 Jan 2016 18:43:23 -0500 References: <1452624982-19332-1-git-send-email-berrange@redhat.com> <1452624982-19332-7-git-send-email-berrange@redhat.com> From: Eric Blake Message-ID: <5696E113.2010103@redhat.com> Date: Wed, 13 Jan 2016 16:43:15 -0700 MIME-Version: 1.0 In-Reply-To: <1452624982-19332-7-git-send-email-berrange@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Ppcp5HpjniIwQrhAhvLdkLdRjrsJSNvVG" Subject: Re: [Qemu-devel] [PATCH v1 06/15] crypto: implement the LUKS block encryption format List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: qemu-block@nongnu.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Ppcp5HpjniIwQrhAhvLdkLdRjrsJSNvVG Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 01/12/2016 11:56 AM, Daniel P. Berrange wrote: > Provide a block encryption implementation that follows the > LUKS/dm-crypt specification. >=20 > This supports all combinations of hash, cipher algorithm, > cipher mode and iv generator that are implemented by the > current crypto layer. >=20 > The notable missing feature is support for the 'xts' > cipher mode, which is commonly used for disk encryption > instead of 'cbc'. This is because it is not provided by > either nettle or libgcrypt. A suitable implementation > will be identified & integrated later. >=20 > There is support for opening existing volumes formatted > by dm-crypt, and for formatting new volumes. In the latter > case it will only use key slot 0. >=20 > Signed-off-by: Daniel P. Berrange > --- > +++ b/qapi/crypto.json > @@ -101,12 +101,13 @@ > # The supported full disk encryption formats > # > # @qcowaes: QCow/QCow2 built-in AES-CBC encryption. Do not use > +# @luks: LUKS encryption format. Recommended > # > # Since: 2.6 > ## > { 'enum': 'QCryptoBlockFormat', > # 'prefix': 'QCRYPTO_BLOCK_FORMAT', > - 'data': ['qcowaes']} > + 'data': ['qcowaes', 'luks']} > =20 > ## > # QCryptoBlockOptionsBase: > @@ -134,6 +135,39 @@ > 'data': { '*key-id': 'str' }} > =20 > ## > +# QCryptoBlockOptionsLUKS: > +# > +# The options that apply to LUKS encryption format > +# > +# @key-id: the ID of a QCryptoSecret object providing the decryption k= ey Is the key-id really optional? If so, missing the '#optional' tag. > +# Since: 2.6 > +## > +{ 'struct': 'QCryptoBlockOptionsLUKS', > + 'data': { '*key-id': 'str' }} > + > + > +## > +# QCryptoBlockCreateOptionsLUKS: > +# > +# The options that apply to LUKS encryption format initialization > +# > +# @cipher-alg: (optional) the cipher algorithm for data encryption Marc-Andre's pending patches to auto-generate docs from the .json files want this to be s/(optional)/#optional/ (here and elsewhere). --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --Ppcp5HpjniIwQrhAhvLdkLdRjrsJSNvVG Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJWluETAAoJEKeha0olJ0NqXtsH/jfpSqKPn7E5QjDnSBPHjcYo 9u0GOtju7QIpfNgcQ95HBprTDEFdMlLrQcd2g/rOI6lDQkosF7dTpGKC0JAv9UDe Ocx7ZLt/jSDBgdXxO6W6L15shgDzlNT1GDIpb7LsDgRmSZRCUTrqF7N5VN4cnaKX aKCJyz8zVXk5S6TxYzzEU+0JEpuMC666quLctEuJGX4x+PqFoyumFC4pZe9BjPeg D4LGX3jcZq6if+VHOKpY4irzGj0ZtvdZaz3RDRqBjys+6hzwMBR+81URmPz6jyaS /QKh8TMkUx5fHAicIu7mcLeMUOXR98UYOdOTXI45CWxdDlOTpe6YRZx66XheFPY= =CNFP -----END PGP SIGNATURE----- --Ppcp5HpjniIwQrhAhvLdkLdRjrsJSNvVG--