From nobody Wed Apr 16 07:41:26 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1499450112274852.1382350468984; Fri, 7 Jul 2017 10:55:12 -0700 (PDT) Received: from localhost ([::1]:57957 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dTXTD-0003bE-0n for importer@patchew.org; Fri, 07 Jul 2017 13:55:11 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42740) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dTWm3-000634-Oc for qemu-devel@nongnu.org; Fri, 07 Jul 2017 13:10:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dTWm1-0000H6-2Q for qemu-devel@nongnu.org; Fri, 07 Jul 2017 13:10:35 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50686) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dTWlv-0000B9-VJ; Fri, 07 Jul 2017 13:10:28 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0BBF77CE06; Fri, 7 Jul 2017 17:10:27 +0000 (UTC) Received: from noname.redhat.com (ovpn-117-34.ams2.redhat.com [10.36.117.34]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1940161F23; Fri, 7 Jul 2017 17:10:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 0BBF77CE06 Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=kwolf@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 0BBF77CE06 From: Kevin Wolf To: qemu-block@nongnu.org Date: Fri, 7 Jul 2017 19:08:14 +0200 Message-Id: <1499447335-6125-60-git-send-email-kwolf@redhat.com> In-Reply-To: <1499447335-6125-1-git-send-email-kwolf@redhat.com> References: <1499447335-6125-1-git-send-email-kwolf@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Fri, 07 Jul 2017 17:10:27 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 059/100] qcow2: report encryption specific image information X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: "Daniel P. Berrange" Currently 'qemu-img info' reports a simple "encrypted: yes" field. This is not very useful now that qcow2 can support multiple encryption formats. Users want to know which format is in use and some data related to it. Wire up usage of the qcrypto_block_get_info() method so that 'qemu-img info' can report about the encryption format and parameters in use $ qemu-img create \ --object secret,id=3Dsec0,data=3D123456 \ -o encrypt.format=3Dluks,encrypt.key-secret=3Dsec0 \ -f qcow2 demo.qcow2 1G Formatting 'demo.qcow2', fmt=3Dqcow2 size=3D1073741824 \ encryption=3Doff encrypt.format=3Dluks encrypt.key-secret=3Dsec0 \ cluster_size=3D65536 lazy_refcounts=3Doff refcount_bits=3D16 $ qemu-img info demo.qcow2 image: demo.qcow2 file format: qcow2 virtual size: 1.0G (1073741824 bytes) disk size: 480K encrypted: yes cluster_size: 65536 Format specific information: compat: 1.1 lazy refcounts: false refcount bits: 16 encrypt: ivgen alg: plain64 hash alg: sha256 cipher alg: aes-256 uuid: 3fa930c4-58c8-4ef7-b3c5-314bb5af21f3 format: luks cipher mode: xts slots: [0]: active: true iters: 1839058 key offset: 4096 stripes: 4000 [1]: active: false key offset: 262144 [2]: active: false key offset: 520192 [3]: active: false key offset: 778240 [4]: active: false key offset: 1036288 [5]: active: false key offset: 1294336 [6]: active: false key offset: 1552384 [7]: active: false key offset: 1810432 payload offset: 2068480 master key iters: 438487 corrupt: false With the legacy "AES" encryption we just report the format name $ qemu-img create \ --object secret,id=3Dsec0,data=3D123456 \ -o encrypt.format=3Daes,encrypt.key-secret=3Dsec0 \ -f qcow2 demo.qcow2 1G Formatting 'demo.qcow2', fmt=3Dqcow2 size=3D1073741824 \ encryption=3Doff encrypt.format=3Daes encrypt.key-secret=3Dsec0 \ cluster_size=3D65536 lazy_refcounts=3Doff refcount_bits=3D16 $ ./qemu-img info demo.qcow2 image: demo.qcow2 file format: qcow2 virtual size: 1.0G (1073741824 bytes) disk size: 196K encrypted: yes cluster_size: 65536 Format specific information: compat: 1.1 lazy refcounts: false refcount bits: 16 encrypt: format: aes corrupt: false Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange Message-id: 20170623162419.26068-20-berrange@redhat.com Signed-off-by: Max Reitz --- block/qcow2.c | 32 +++++++++++++++++++++++++++++++- qapi/block-core.json | 27 ++++++++++++++++++++++++++- 2 files changed, 57 insertions(+), 2 deletions(-) diff --git a/block/qcow2.c b/block/qcow2.c index f597fd0..5339aa0 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -3241,8 +3241,14 @@ static int qcow2_get_info(BlockDriverState *bs, Bloc= kDriverInfo *bdi) static ImageInfoSpecific *qcow2_get_specific_info(BlockDriverState *bs) { BDRVQcow2State *s =3D bs->opaque; - ImageInfoSpecific *spec_info =3D g_new(ImageInfoSpecific, 1); + ImageInfoSpecific *spec_info; + QCryptoBlockInfo *encrypt_info =3D NULL; =20 + if (s->crypto !=3D NULL) { + encrypt_info =3D qcrypto_block_get_info(s->crypto, &error_abort); + } + + spec_info =3D g_new(ImageInfoSpecific, 1); *spec_info =3D (ImageInfoSpecific){ .type =3D IMAGE_INFO_SPECIFIC_KIND_QCOW2, .u.qcow2.data =3D g_new(ImageInfoSpecificQCow2, 1), @@ -3269,6 +3275,30 @@ static ImageInfoSpecific *qcow2_get_specific_info(Bl= ockDriverState *bs) assert(false); } =20 + if (encrypt_info) { + ImageInfoSpecificQCow2Encryption *qencrypt =3D + g_new(ImageInfoSpecificQCow2Encryption, 1); + switch (encrypt_info->format) { + case Q_CRYPTO_BLOCK_FORMAT_QCOW: + qencrypt->format =3D BLOCKDEV_QCOW2_ENCRYPTION_FORMAT_AES; + qencrypt->u.aes =3D encrypt_info->u.qcow; + break; + case Q_CRYPTO_BLOCK_FORMAT_LUKS: + qencrypt->format =3D BLOCKDEV_QCOW2_ENCRYPTION_FORMAT_LUKS; + qencrypt->u.luks =3D encrypt_info->u.luks; + break; + default: + abort(); + } + /* Since we did shallow copy above, erase any pointers + * in the original info */ + memset(&encrypt_info->u, 0, sizeof(encrypt_info->u)); + qapi_free_QCryptoBlockInfo(encrypt_info); + + spec_info->u.qcow2.data->has_encrypt =3D true; + spec_info->u.qcow2.data->encrypt =3D qencrypt; + } + return spec_info; } =20 diff --git a/qapi/block-core.json b/qapi/block-core.json index d04d277..9570963 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -33,6 +33,27 @@ 'vm-clock-sec': 'int', 'vm-clock-nsec': 'int' } } =20 ## +# @ImageInfoSpecificQCow2EncryptionBase: +# +# @format: The encryption format +# +# Since: 2.10 +## +{ 'struct': 'ImageInfoSpecificQCow2EncryptionBase', + 'data': { 'format': 'BlockdevQcow2EncryptionFormat'}} + +## +# @ImageInfoSpecificQCow2Encryption: +# +# Since: 2.10 +## +{ 'union': 'ImageInfoSpecificQCow2Encryption', + 'base': 'ImageInfoSpecificQCow2EncryptionBase', + 'discriminator': 'format', + 'data': { 'aes': 'QCryptoBlockInfoQCow', + 'luks': 'QCryptoBlockInfoLUKS' } } + +## # @ImageInfoSpecificQCow2: # # @compat: compatibility level @@ -44,6 +65,9 @@ # # @refcount-bits: width of a refcount entry in bits (since 2.3) # +# @encrypt: details about encryption parameters; only set if image +# is encrypted (since 2.10) +# # Since: 1.7 ## { 'struct': 'ImageInfoSpecificQCow2', @@ -51,7 +75,8 @@ 'compat': 'str', '*lazy-refcounts': 'bool', '*corrupt': 'bool', - 'refcount-bits': 'int' + 'refcount-bits': 'int', + '*encrypt': 'ImageInfoSpecificQCow2Encryption' } } =20 ## --=20 1.8.3.1