crypto.h - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt
crypto.h (5879B)
      1/*
      2 * QEMU block full disk encryption
      3 *
      4 * Copyright (c) 2015-2017 Red Hat, Inc.
      5 *
      6 * This library is free software; you can redistribute it and/or
      7 * modify it under the terms of the GNU Lesser General Public
      8 * License as published by the Free Software Foundation; either
      9 * version 2.1 of the License, or (at your option) any later version.
     10 *
     11 * This library is distributed in the hope that it will be useful,
     12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
     13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     14 * Lesser General Public License for more details.
     15 *
     16 * You should have received a copy of the GNU Lesser General Public
     17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
     18 *
     19 */
     20
     21#ifndef BLOCK_CRYPTO_H
     22#define BLOCK_CRYPTO_H
     23
     24#define BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, helpstr)                \
     25    {                                                                   \
     26        .name = prefix BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET,                \
     27        .type = QEMU_OPT_STRING,                                        \
     28        .help = helpstr,                                                \
     29    }
     30
     31#define BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET "key-secret"
     32
     33#define BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET(prefix)                    \
     34    BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix,                             \
     35        "ID of the secret that provides the AES encryption key")
     36
     37#define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret"
     38#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg"
     39#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode"
     40#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg"
     41#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg"
     42#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
     43#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
     44#define BLOCK_CRYPTO_OPT_LUKS_KEYSLOT "keyslot"
     45#define BLOCK_CRYPTO_OPT_LUKS_STATE "state"
     46#define BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET "old-secret"
     47#define BLOCK_CRYPTO_OPT_LUKS_NEW_SECRET "new-secret"
     48
     49
     50#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix)                    \
     51    BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix,                             \
     52        "ID of the secret that provides the keyslot passphrase")
     53
     54#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix)       \
     55    {                                                      \
     56        .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG,   \
     57        .type = QEMU_OPT_STRING,                           \
     58        .help = "Name of encryption cipher algorithm",     \
     59    }
     60
     61#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(prefix)      \
     62    {                                                      \
     63        .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE,  \
     64        .type = QEMU_OPT_STRING,                           \
     65        .help = "Name of encryption cipher mode",          \
     66    }
     67
     68#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(prefix)     \
     69    {                                                   \
     70        .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \
     71        .type = QEMU_OPT_STRING,                        \
     72        .help = "Name of IV generator algorithm",       \
     73    }
     74
     75#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(prefix)        \
     76    {                                                           \
     77        .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG,    \
     78        .type = QEMU_OPT_STRING,                                \
     79        .help = "Name of IV generator hash algorithm",          \
     80    }
     81
     82#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(prefix)       \
     83    {                                                    \
     84        .name = prefix BLOCK_CRYPTO_OPT_LUKS_HASH_ALG,   \
     85        .type = QEMU_OPT_STRING,                         \
     86        .help = "Name of encryption hash algorithm",     \
     87    }
     88
     89#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(prefix)           \
     90    {                                                         \
     91        .name = prefix BLOCK_CRYPTO_OPT_LUKS_ITER_TIME,       \
     92        .type = QEMU_OPT_NUMBER,                              \
     93        .help = "Time to spend in PBKDF in milliseconds",     \
     94    }
     95
     96#define BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(prefix)                           \
     97    {                                                                     \
     98        .name = prefix BLOCK_CRYPTO_OPT_LUKS_STATE,                       \
     99        .type = QEMU_OPT_STRING,                                          \
    100        .help = "Select new state of affected keyslots (active/inactive)",\
    101    }
    102
    103#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(prefix)              \
    104    {                                                          \
    105        .name = prefix BLOCK_CRYPTO_OPT_LUKS_KEYSLOT,          \
    106        .type = QEMU_OPT_NUMBER,                               \
    107        .help = "Select a single keyslot to modify explicitly",\
    108    }
    109
    110#define BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(prefix)            \
    111    {                                                           \
    112        .name = prefix BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET,        \
    113        .type = QEMU_OPT_STRING,                                \
    114        .help = "Select all keyslots that match this password", \
    115    }
    116
    117#define BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(prefix)            \
    118    {                                                           \
    119        .name = prefix BLOCK_CRYPTO_OPT_LUKS_NEW_SECRET,        \
    120        .type = QEMU_OPT_STRING,                                \
    121        .help = "New secret to set in the matching keyslots. "  \
    122                "Empty string to erase",                        \
    123    }
    124
    125QCryptoBlockCreateOptions *
    126block_crypto_create_opts_init(QDict *opts, Error **errp);
    127
    128QCryptoBlockAmendOptions *
    129block_crypto_amend_opts_init(QDict *opts, Error **errp);
    130
    131QCryptoBlockOpenOptions *
    132block_crypto_open_opts_init(QDict *opts, Error **errp);
    133
    134#endif /* BLOCK_CRYPTO_H */