qemu/qapi
Daniel P. Berrange 78368575a6 block: add generic full disk encryption driver
Add a block driver that is capable of supporting any full disk
encryption format. This utilizes the previously added block
encryption code, and at this time supports the LUKS format.

The driver code is capable of supporting any format supported
by the QCryptoBlock module, so it registers one block driver
for each format. This patch only registers the "luks" driver
since the "qcow" driver is there only for back-compatibility
with existing qcow built-in encryption.

New LUKS compatible volumes can be formatted using qemu-img
with defaults for all settings.

$ qemu-img create --object secret,data=123456,id=sec0 \
      -f luks -o key-secret=sec0 demo.luks 10G

Alternatively the cryptographic settings can be explicitly
set

$ qemu-img create --object secret,data=123456,id=sec0 \
      -f luks -o key-secret=sec0,cipher-alg=aes-256,\
                 cipher-mode=cbc,ivgen-alg=plain64,hash-alg=sha256 \
      demo.luks 10G

And query its size

$ qemu-img info demo.img
image: demo.img
file format: luks
virtual size: 10G (10737418240 bytes)
disk size: 132K
encrypted: yes

Note that it was not necessary to provide the password
when querying info for the volume. The password is only
required when performing I/O on the volume

All volumes created by this new 'luks' driver should be
capable of being opened by the kernel dm-crypt driver.

The only algorithms listed in the LUKS spec that are
not currently supported by this impl are sha512 and
ripemd160 hashes and cast6 cipher.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
[ kwolf - Added #include to resolve conflict with da34e65c ]
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2016-03-30 12:11:26 +02:00
..
Makefile.objs rename parse_enum_option to qapi_enum_parse and make it public 2014-09-08 11:12:43 +01:00
block-core.json block: add generic full disk encryption driver 2016-03-30 12:11:26 +02:00
block.json qmp event: Refactor QUORUM_REPORT_BAD 2016-03-14 16:46:43 +01:00
common.json kvm: add support for -machine kernel_irqchip=split 2015-12-17 17:15:40 +01:00
crypto.json crypto: implement the LUKS block encryption format 2016-03-17 16:50:40 +00:00
event.json qmp event: Refactor QUORUM_REPORT_BAD 2016-03-14 16:46:43 +01:00
introspect.json qapi: Use anonymous bases in QMP flat unions 2016-03-18 10:29:26 +01:00
opts-visitor.c util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
qapi-dealloc-visitor.c qapi: Change visit_start_implicit_struct to visit_start_alternate 2016-02-19 11:08:57 +01:00
qapi-util.c include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
qapi-visit-core.c include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
qmp-dispatch.c include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
qmp-event.c qapi: Clean up includes 2016-02-04 17:41:30 +00:00
qmp-input-visitor.c include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
qmp-output-visitor.c qapi: Adjust layout of FooList types 2016-02-19 11:08:57 +01:00
qmp-registry.c qapi: Clean up includes 2016-02-04 17:41:30 +00:00
rocker.json qmp/hmp: add rocker device support 2015-06-12 13:42:17 +01:00
string-input-visitor.c include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
string-output-visitor.c qapi: Adjust layout of FooList types 2016-02-19 11:08:57 +01:00
trace.json qapi: Use 'struct' instead of 'type' in schema 2015-05-05 18:39:01 +02:00