aboutsummaryrefslogtreecommitdiff
path: root/qapi
diff options
context:
space:
mode:
authorDaniel P. Berrange <berrange@redhat.com>2015-10-15 12:35:28 +0100
committerDaniel P. Berrange <berrange@redhat.com>2016-03-17 14:41:14 +0000
commitcb730894ae284965e03a40eabbf623b87206777b (patch)
tree9394f77b5d7f285918dc134d61da8630ba0fab68 /qapi
parent37788f253a4a9ad5f27dae68aee261c784e1fa17 (diff)
crypto: add support for generating initialization vectors
There are a number of different algorithms that can be used to generate initialization vectors for disk encryption. This introduces a simple internal QCryptoBlockIV object to provide a consistent internal API to the different algorithms. The initially implemented algorithms are 'plain', 'plain64' and 'essiv', each matching the same named algorithm provided by the Linux kernel dm-crypt driver. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'qapi')
-rw-r--r--qapi/crypto.json19
1 files changed, 19 insertions, 0 deletions
diff --git a/qapi/crypto.json b/qapi/crypto.json
index 4bd690fcfb..42b979a0d5 100644
--- a/qapi/crypto.json
+++ b/qapi/crypto.json
@@ -78,3 +78,22 @@
{ 'enum': 'QCryptoCipherMode',
'prefix': 'QCRYPTO_CIPHER_MODE',
'data': ['ecb', 'cbc']}
+
+
+##
+# QCryptoIVGenAlgorithm:
+#
+# The supported algorithms for generating initialization
+# vectors for full disk encryption. The 'plain' generator
+# should not be used for disks with sector numbers larger
+# than 2^32, except where compatibility with pre-existing
+# Linux dm-crypt volumes is required.
+#
+# @plain: 64-bit sector number truncated to 32-bits
+# @plain64: 64-bit sector number
+# @essiv: 64-bit sector number encrypted with a hash of the encryption key
+# Since: 2.6
+##
+{ 'enum': 'QCryptoIVGenAlgorithm',
+ 'prefix': 'QCRYPTO_IVGEN_ALG',
+ 'data': ['plain', 'plain64', 'essiv']}