Re: [Qemu-block] [Qemu-devel] [PATCH v1 06/15] crypto: implement the LUKS block encryption format

Wed, 13 Jan 2016 15:43:46 -0800 

On 01/12/2016 11:56 AM, Daniel P. Berrange wrote:
> Provide a block encryption implementation that follows the
> LUKS/dm-crypt specification.
> 
> This supports all combinations of hash, cipher algorithm,
> cipher mode and iv generator that are implemented by the
> current crypto layer.
> 
> The notable missing feature is support for the 'xts'
> cipher mode, which is commonly used for disk encryption
> instead of 'cbc'. This is because it is not provided by
> either nettle or libgcrypt. A suitable implementation
> will be identified & integrated later.
> 
> There is support for opening existing volumes formatted
> by dm-crypt, and for formatting new volumes. In the latter
> case it will only use key slot 0.
> 
> Signed-off-by: Daniel P. Berrange <[email protected]>
> ---

> +++ b/qapi/crypto.json
> @@ -101,12 +101,13 @@
>  # The supported full disk encryption formats
>  #
>  # @qcowaes: QCow/QCow2 built-in AES-CBC encryption. Do not use
> +# @luks: LUKS encryption format. Recommended
>  #
>  # Since: 2.6
>  ##
>  { 'enum': 'QCryptoBlockFormat',
>  #  'prefix': 'QCRYPTO_BLOCK_FORMAT',
> -  'data': ['qcowaes']}
> +  'data': ['qcowaes', 'luks']}
>  
>  ##
>  # QCryptoBlockOptionsBase:
> @@ -134,6 +135,39 @@
>    'data': { '*key-id': 'str' }}
>  
>  ##
> +# QCryptoBlockOptionsLUKS:
> +#
> +# The options that apply to LUKS encryption format
> +#
> +# @key-id: the ID of a QCryptoSecret object providing the decryption key

Is the key-id really optional?  If so, missing the '#optional' tag.

> +# Since: 2.6
> +##
> +{ 'struct': 'QCryptoBlockOptionsLUKS',
> +  'data': { '*key-id': 'str' }}
> +
> +
> +##
> +# QCryptoBlockCreateOptionsLUKS:
> +#
> +# The options that apply to LUKS encryption format initialization
> +#
> +# @cipher-alg: (optional) the cipher algorithm for data encryption

Marc-Andre's pending patches to auto-generate docs from the .json files
want this to be s/(optional)/#optional/ (here and elsewhere).

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to