#include "features.h"
#define LIBRBD_VER_MAJOR 1
-#define LIBRBD_VER_MINOR 17
+#define LIBRBD_VER_MINOR 18
#define LIBRBD_VER_EXTRA 0
#define LIBRBD_VERSION(maj, min, extra) ((maj << 16) + (min << 8) + extra)
#define LIBRBD_SUPPORTS_WRITESAME 1
#define LIBRBD_SUPPORTS_WRITE_ZEROES 1
#define LIBRBD_SUPPORTS_ENCRYPTION 1
+#define LIBRBD_SUPPORTS_ENCRYPTION_LOAD2 1
#if __GNUC__ >= 4
#define CEPH_RBD_API __attribute__ ((visibility ("default")))
typedef enum {
RBD_ENCRYPTION_FORMAT_LUKS1 = 0,
- RBD_ENCRYPTION_FORMAT_LUKS2 = 1
+ RBD_ENCRYPTION_FORMAT_LUKS2 = 1,
+ RBD_ENCRYPTION_FORMAT_LUKS = 2
} rbd_encryption_format_t;
typedef enum {
typedef void *rbd_encryption_options_t;
+typedef struct {
+ rbd_encryption_format_t format;
+ rbd_encryption_options_t opts;
+ size_t opts_size;
+} rbd_encryption_spec_t;
+
typedef struct {
rbd_encryption_algorithm_t alg;
const char* passphrase;
size_t passphrase_size;
} rbd_encryption_luks2_format_options_t;
+typedef struct {
+ const char* passphrase;
+ size_t passphrase_size;
+} rbd_encryption_luks_format_options_t;
+
CEPH_RBD_API void rbd_image_options_create(rbd_image_options_t* opts);
CEPH_RBD_API void rbd_image_options_destroy(rbd_image_options_t opts);
CEPH_RBD_API int rbd_image_options_set_string(rbd_image_options_t opts,
void *cbdata);
/* encryption */
+
+/*
+ * Format the image using the encryption spec specified by
+ * (format, opts, opts_size) tuple.
+ *
+ * For a flat (i.e. non-cloned) image, the new encryption is loaded
+ * implicitly, calling rbd_encryption_load() afterwards is not needed.
+ * If existing encryption is already loaded, it is automatically
+ * replaced with the new encryption.
+ *
+ * For a cloned image, the new encryption must be loaded explicitly.
+ * Existing encryption (if any) must not be loaded.
+ */
CEPH_RBD_API int rbd_encryption_format(rbd_image_t image,
rbd_encryption_format_t format,
rbd_encryption_options_t opts,
size_t opts_size);
+/*
+ * Load the encryption spec specified by (format, opts, opts_size)
+ * tuple for the image and all ancestor images. If an ancestor image
+ * which does not match any encryption format known to librbd is
+ * encountered, it - along with remaining ancestor images - is
+ * interpreted as plaintext.
+ */
CEPH_RBD_API int rbd_encryption_load(rbd_image_t image,
rbd_encryption_format_t format,
rbd_encryption_options_t opts,
size_t opts_size);
+/*
+ * Load encryption specs. The first spec in the passed array is
+ * applied to the image itself, the second spec is applied to its
+ * ancestor image, the third spec is applied to the ancestor of
+ * that ancestor image and so on.
+ *
+ * If not enough specs are passed, the last spec is reused exactly as
+ * in rbd_encryption_load(). If an ancestor image for which the last
+ * spec is being reused turns out to not match any encryption format
+ * known to librbd, it - along with remaining ancestor images - is
+ * interpreted as plaintext.
+ */
+CEPH_RBD_API int rbd_encryption_load2(rbd_image_t image,
+ const rbd_encryption_spec_t *specs,
+ size_t spec_count);
/* snapshots */
CEPH_RBD_API int rbd_snap_list(rbd_image_t image, rbd_snap_info_t *snaps,
* @param handle which watch is complete
* @param r the return code
*/
-CEPH_RADOS_API void rbd_quiesce_complete(rbd_image_t image, uint64_t handle,
- int r);
+CEPH_RBD_API void rbd_quiesce_complete(rbd_image_t image, uint64_t handle,
+ int r);
/**
* Unregister a quiesce/unquiesce watcher.