diff options
author | Daniel P. Berrange <berrange@redhat.com> | 2015-10-15 12:35:28 +0100 |
---|---|---|
committer | Daniel P. Berrange <berrange@redhat.com> | 2016-03-17 14:41:14 +0000 |
commit | cb730894ae284965e03a40eabbf623b87206777b (patch) | |
tree | 9394f77b5d7f285918dc134d61da8630ba0fab68 /qapi | |
parent | 37788f253a4a9ad5f27dae68aee261c784e1fa17 (diff) |
crypto: add support for generating initialization vectors
There are a number of different algorithms that can be used
to generate initialization vectors for disk encryption. This
introduces a simple internal QCryptoBlockIV object to provide
a consistent internal API to the different algorithms. The
initially implemented algorithms are 'plain', 'plain64' and
'essiv', each matching the same named algorithm provided
by the Linux kernel dm-crypt driver.
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'qapi')
-rw-r--r-- | qapi/crypto.json | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/qapi/crypto.json b/qapi/crypto.json index 4bd690fcfb..42b979a0d5 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -78,3 +78,22 @@ { 'enum': 'QCryptoCipherMode', 'prefix': 'QCRYPTO_CIPHER_MODE', 'data': ['ecb', 'cbc']} + + +## +# QCryptoIVGenAlgorithm: +# +# The supported algorithms for generating initialization +# vectors for full disk encryption. The 'plain' generator +# should not be used for disks with sector numbers larger +# than 2^32, except where compatibility with pre-existing +# Linux dm-crypt volumes is required. +# +# @plain: 64-bit sector number truncated to 32-bits +# @plain64: 64-bit sector number +# @essiv: 64-bit sector number encrypted with a hash of the encryption key +# Since: 2.6 +## +{ 'enum': 'QCryptoIVGenAlgorithm', + 'prefix': 'QCRYPTO_IVGEN_ALG', + 'data': ['plain', 'plain64', 'essiv']} |