aboutsummaryrefslogtreecommitdiff
path: root/crypto/blockpriv.h
diff options
context:
space:
mode:
authorDaniel P. Berrange <berrange@redhat.com>2015-10-24 11:44:13 +0100
committerDaniel P. Berrange <berrange@redhat.com>2016-03-17 14:41:15 +0000
commit7d9690148ac25bc755a759adab7d63f517d092b1 (patch)
tree4d0602424dc0864328c4c6617f318d646a3a0f51 /crypto/blockpriv.h
parenteaec903c5b830ed9d9610ba72072b97763c2f996 (diff)
downloadqemu-7d9690148ac25bc755a759adab7d63f517d092b1.zip
qemu-7d9690148ac25bc755a759adab7d63f517d092b1.tar.gz
qemu-7d9690148ac25bc755a759adab7d63f517d092b1.tar.bz2
crypto: add block encryption framework
Add a generic framework for supporting different block encryption formats. Upon instantiating a QCryptoBlock object, it will read the encryption header and extract the encryption keys. It is then possible to call methods to encrypt/decrypt data buffers. There is also a mode whereby it will create/initialize a new encryption header on a previously unformatted volume. The initial framework comes with support for the legacy QCow AES based encryption. This enables code in the QCow driver to be consolidated later. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'crypto/blockpriv.h')
-rw-r--r--crypto/blockpriv.h92
1 files changed, 92 insertions, 0 deletions
diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h
new file mode 100644
index 0000000..6297085
--- /dev/null
+++ b/crypto/blockpriv.h
@@ -0,0 +1,92 @@
+/*
+ * QEMU Crypto block device encryption
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef QCRYPTO_BLOCK_PRIV_H__
+#define QCRYPTO_BLOCK_PRIV_H__
+
+#include "crypto/block.h"
+
+typedef struct QCryptoBlockDriver QCryptoBlockDriver;
+
+struct QCryptoBlock {
+ QCryptoBlockFormat format;
+
+ const QCryptoBlockDriver *driver;
+ void *opaque;
+
+ QCryptoCipher *cipher;
+ QCryptoIVGen *ivgen;
+ QCryptoHashAlgorithm kdfhash;
+ size_t niv;
+ uint64_t payload_offset; /* In bytes */
+};
+
+struct QCryptoBlockDriver {
+ int (*open)(QCryptoBlock *block,
+ QCryptoBlockOpenOptions *options,
+ QCryptoBlockReadFunc readfunc,
+ void *opaque,
+ unsigned int flags,
+ Error **errp);
+
+ int (*create)(QCryptoBlock *block,
+ QCryptoBlockCreateOptions *options,
+ QCryptoBlockInitFunc initfunc,
+ QCryptoBlockWriteFunc writefunc,
+ void *opaque,
+ Error **errp);
+
+ void (*cleanup)(QCryptoBlock *block);
+
+ int (*encrypt)(QCryptoBlock *block,
+ uint64_t startsector,
+ uint8_t *buf,
+ size_t len,
+ Error **errp);
+ int (*decrypt)(QCryptoBlock *block,
+ uint64_t startsector,
+ uint8_t *buf,
+ size_t len,
+ Error **errp);
+
+ bool (*has_format)(const uint8_t *buf,
+ size_t buflen);
+};
+
+
+int qcrypto_block_decrypt_helper(QCryptoCipher *cipher,
+ size_t niv,
+ QCryptoIVGen *ivgen,
+ int sectorsize,
+ uint64_t startsector,
+ uint8_t *buf,
+ size_t len,
+ Error **errp);
+
+int qcrypto_block_encrypt_helper(QCryptoCipher *cipher,
+ size_t niv,
+ QCryptoIVGen *ivgen,
+ int sectorsize,
+ uint64_t startsector,
+ uint8_t *buf,
+ size_t len,
+ Error **errp);
+
+#endif /* QCRYPTO_BLOCK_PRIV_H__ */