ivampiresp/Spdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
eb53c23236
Spdk/python/spdk/sma/volume/crypto.py
Konrad Sztyber cc3f842cd1 sma: initial crypto definitions 
This patch defines the interface for crypto engines, which provide
support for configuring crypto on a given volume.  Only a single crypto
engine can be active at a time and it's selected in the "crypto" section
of the config file.  Similarly to device managers, external crypto
engines can be loaded from plugins.

Signed-off-by: Konrad Sztyber <konrad.sztyber@intel.com>
Change-Id: Id942ef876e070816827d7ad1937eb510a85c8f8d
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/13869
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Ben Walker <benjamin.walker@intel.com>
Reviewed-by: Jim Harris <james.r.harris@intel.com>
Reviewed-by: <sebastian.brzezinka@intel.com>
2022-09-19 19:43:35 +00:00

88 lines
2.4 KiB
Python
Raw Blame History

import grpc
import logging
log = logging.getLogger(__name__)
class CryptoException(Exception):
def __init__(self, code, message):
self.code = code
self.message = message
class CryptoEngine:
def __init__(self, name):
self.name = name
def init(self, client, params):
"""Initialize crypto engine"""
self._client = client
def setup(self, volume_id, key, cipher, key2=None):
"""Set up crypto on a given volume"""
raise NotImplementedError()
def cleanup(self, volume_id):
"""
Disable crypto on a given volume. If crypto was not configured on that volume, this method
is a no-op and shouldn't raise any exceptions.
"""
raise NotImplementedError()
def verify(self, volume_id, key, cipher, key2=None):
"""
Verify that specified crypto parameters match those that are currently deployed on a given
volume. If key is None, this mehtod ensures that the volume doesn't use crypto. If
something is wrong (e.g. keys don't match, different cipher is used, etc.), this method
raises CryptoException.
"""
raise NotImplementedError()
def get_crypto_bdev(self, volume_id):
"""
Return the name of a crypto bdev on a given volume. This method might return volume_id if
crypto engine doesn't create a separate crypto bdev to set up crypto. If crypto is
disabled on a given volue, this method returns None.
"""
raise NotImplementedError()
class CryptoEngineNop(CryptoEngine):
def __init__(self):
super().__init__('nop')
def setup(self, volume_id, key, cipher, key2=None):
raise CryptoException(grpc.StatusCode.INVALID_ARGUMENT, 'Crypto is disabled')
def cleanup(self, volume_id):
pass
def verify(self, volume_id, key, cipher, key2=None):
pass
def get_crypto_bdev(self, volume_id):
return None
_crypto_engine = None
_crypto_engines = {}
def get_crypto_engine():
return _crypto_engine
def set_crypto_engine(name):
global _crypto_engine
engine = _crypto_engines.get(name)
if engine is None:
raise ValueError(f'Unknown crypto engine: {name}')
log.info(f'Setting crypto engine: {name}')
_crypto_engine = engine
def register_crypto_engine(engine):
global _crypto_engines
_crypto_engines[engine.name] = engine
Reference in New Issue View Git Blame Copy Permalink