From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487678330030689.7322878736609; Tue, 21 Feb 2017 03:58:50 -0800 (PST) Received: from localhost ([::1]:43912 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg95k-0007yG-JX for importer@patchew.org; Tue, 21 Feb 2017 06:58:48 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37820) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg92Z-000522-W1 for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:33 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg92Y-00056O-Hd for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:32 -0500 Received: from mx1.redhat.com ([209.132.183.28]:44388) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg92U-00055S-Go; Tue, 21 Feb 2017 06:55:26 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8F9914E4F2; Tue, 21 Feb 2017 11:55:26 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjB032624; Tue, 21 Feb 2017 06:55:24 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:54:55 +0000 Message-Id: <20170221115512.21918-2-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 21 Feb 2017 11:55:26 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 01/18] block: expose crypto option names / defs to other drivers X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The block/crypto.c defines a set of QemuOpts that provide parameters for encryption. This will also be needed by the qcow/qcow2 integration, so expose the relevant pieces in a new block/crypto.h header. Reviewed-by: Max Reitz Reviewed-by: Eric Blake Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- block/crypto.c | 61 +++++++-------------------------------- block/crypto.h | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 102 insertions(+), 50 deletions(-) create mode 100644 block/crypto.h diff --git a/block/crypto.c b/block/crypto.c index 7aa7eb5..d281de6 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -26,14 +26,7 @@ #include "qapi/opts-visitor.h" #include "qapi-visit.h" #include "qapi/error.h" - -#define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret" -#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg" -#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode" -#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg" -#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg" -#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg" -#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time" +#include "block/crypto.h" =20 typedef struct BlockCrypto BlockCrypto; =20 @@ -135,11 +128,7 @@ static QemuOptsList block_crypto_runtime_opts_luks =3D= { .name =3D "crypto", .head =3D QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head), .desc =3D { - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, - .type =3D QEMU_OPT_STRING, - .help =3D "ID of the secret that provides the encryption key", - }, + BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET, { /* end of list */ } }, }; @@ -154,47 +143,19 @@ static QemuOptsList block_crypto_create_opts_luks =3D= { .type =3D QEMU_OPT_SIZE, .help =3D "Virtual disk size" }, - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, - .type =3D QEMU_OPT_STRING, - .help =3D "ID of the secret that provides the encryption key", - }, - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, - .type =3D QEMU_OPT_STRING, - .help =3D "Name of encryption cipher algorithm", - }, - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, - .type =3D QEMU_OPT_STRING, - .help =3D "Name of encryption cipher mode", - }, - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, - .type =3D QEMU_OPT_STRING, - .help =3D "Name of IV generator algorithm", - }, - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, - .type =3D QEMU_OPT_STRING, - .help =3D "Name of IV generator hash algorithm", - }, - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, - .type =3D QEMU_OPT_STRING, - .help =3D "Name of encryption hash algorithm", - }, - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, - .type =3D QEMU_OPT_NUMBER, - .help =3D "Time to spend in PBKDF in milliseconds", - }, + BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET, + BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG, + BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE, + BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG, + BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG, + BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG, + BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME, { /* end of list */ } }, }; =20 =20 -static QCryptoBlockOpenOptions * +QCryptoBlockOpenOptions * block_crypto_open_opts_init(QCryptoBlockFormat format, QemuOpts *opts, Error **errp) @@ -240,7 +201,7 @@ block_crypto_open_opts_init(QCryptoBlockFormat format, } =20 =20 -static QCryptoBlockCreateOptions * +QCryptoBlockCreateOptions * block_crypto_create_opts_init(QCryptoBlockFormat format, QemuOpts *opts, Error **errp) diff --git a/block/crypto.h b/block/crypto.h new file mode 100644 index 0000000..e42f20e --- /dev/null +++ b/block/crypto.h @@ -0,0 +1,91 @@ +/* + * QEMU block full disk encryption + * + * Copyright (c) 2015-2016 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#ifndef BLOCK_CRYPTO_H__ +#define BLOCK_CRYPTO_H__ + +#define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret" +#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg" +#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode" +#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg" +#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg" +#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg" +#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time" + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET \ + { \ + .name =3D BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "ID of the secret that provides the keyslot passphrase",= \ + } + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG \ + { \ + .name =3D BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "Name of encryption cipher algorithm", \ + } + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE \ + { \ + .name =3D BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "Name of encryption cipher mode", \ + } + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG \ + { \ + .name =3D BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "Name of IV generator algorithm", \ + } + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG \ + { \ + .name =3D BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "Name of IV generator hash algorithm", \ + } + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG \ + { \ + .name =3D BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "Name of encryption hash algorithm", \ + } + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME \ + { \ + .name =3D BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \ + .type =3D QEMU_OPT_NUMBER, \ + .help =3D "Time to spend in PBKDF in milliseconds", \ + } + +QCryptoBlockCreateOptions * +block_crypto_create_opts_init(QCryptoBlockFormat format, + QemuOpts *opts, + Error **errp); + +QCryptoBlockOpenOptions * +block_crypto_open_opts_init(QCryptoBlockFormat format, + QemuOpts *opts, + Error **errp); + +#endif /* BLOCK_CRYPTO_H__ */ --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487678597300715.7114817964612; Tue, 21 Feb 2017 04:03:17 -0800 (PST) Received: from localhost ([::1]:43939 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg9A2-0003lp-MW for importer@patchew.org; Tue, 21 Feb 2017 07:03:14 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37860) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg92b-00053i-Ux for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:36 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg92a-00057C-Fi for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:34 -0500 Received: from mx1.redhat.com ([209.132.183.28]:24298) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg92W-00055n-Rv; Tue, 21 Feb 2017 06:55:29 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E426E61B92; Tue, 21 Feb 2017 11:55:28 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjC032624; Tue, 21 Feb 2017 06:55:26 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:54:56 +0000 Message-Id: <20170221115512.21918-3-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 21 Feb 2017 11:55:28 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 02/18] block: add ability to set a prefix for opt names X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" When integrating the crypto support with qcow/qcow2, we don't want to use the bare LUKS option names "hash-alg", "key-secret", etc. We want to namespace them "luks-hash-alg", "luks-key-secret" so that they don't clash with any general qcow options at a later date. Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- block/crypto.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++++----= ---- block/crypto.h | 42 +++++++++++----------- 2 files changed, 119 insertions(+), 34 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index d281de6..876eabc 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -27,6 +27,7 @@ #include "qapi-visit.h" #include "qapi/error.h" #include "block/crypto.h" +#include "qemu/cutils.h" =20 typedef struct BlockCrypto BlockCrypto; =20 @@ -128,7 +129,7 @@ static QemuOptsList block_crypto_runtime_opts_luks =3D { .name =3D "crypto", .head =3D QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head), .desc =3D { - BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET, + BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""), { /* end of list */ } }, }; @@ -143,31 +144,101 @@ static QemuOptsList block_crypto_create_opts_luks = =3D { .type =3D QEMU_OPT_SIZE, .help =3D "Virtual disk size" }, - BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET, - BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG, - BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE, - BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG, - BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG, - BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG, - BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME, + BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""), { /* end of list */ } }, }; =20 +static QemuOptsList empty_opts =3D { + .name =3D "crypto-empty", + .merge_lists =3D false, + .head =3D QTAILQ_HEAD_INITIALIZER(empty_opts.head), + .desc =3D { + /* no elements =3D> accept any params */ + { /* end of list */ } + }, +}; + + +struct BlockCryptoCopyData { + QemuOpts *opts; + const char *prefix; +}; + +static int block_crypto_copy_value(void *opaque, const char *name, + const char *value, Error **errp) +{ + struct BlockCryptoCopyData *data =3D opaque; + const char *newname; + + if (strstart(name, data->prefix, &newname)) { + Error *local_err =3D NULL; + + qemu_opt_set(data->opts, newname, value, &local_err); + if (local_err) { + error_propagate(errp, local_err); + return -1; + } + } + + return 0; +} + +/* + * Create a copy of @opts containing only the fields with + * a prefix of @prefix, stripping the prefix in the returned + * opts + */ +static QemuOpts * +block_crypto_copy_opts(QemuOpts *opts, + const char *prefix, + Error **errp) +{ + struct BlockCryptoCopyData data =3D { + .opts =3D qemu_opts_create(&empty_opts, NULL, false, errp), + .prefix =3D prefix + }; + if (!data.opts) { + return NULL; + } + + if (qemu_opt_foreach(opts, block_crypto_copy_value, &data, errp) < 0) { + qemu_opts_del(data.opts); + return NULL; + } + + return data.opts; +} =20 QCryptoBlockOpenOptions * block_crypto_open_opts_init(QCryptoBlockFormat format, QemuOpts *opts, + const char *prefix, Error **errp) { - Visitor *v; + Visitor *v =3D NULL; QCryptoBlockOpenOptions *ret =3D NULL; Error *local_err =3D NULL; + QemuOpts *newopts =3D NULL; =20 ret =3D g_new0(QCryptoBlockOpenOptions, 1); ret->format =3D format; =20 - v =3D opts_visitor_new(opts); + if (prefix !=3D NULL) { + newopts =3D block_crypto_copy_opts(opts, prefix, &local_err); + if (local_err) { + goto out; + } + v =3D opts_visitor_new(newopts); + } else { + v =3D opts_visitor_new(opts); + } =20 visit_start_struct(v, NULL, NULL, 0, &local_err); if (local_err) { @@ -196,6 +267,7 @@ block_crypto_open_opts_init(QCryptoBlockFormat format, qapi_free_QCryptoBlockOpenOptions(ret); ret =3D NULL; } + qemu_opts_del(newopts); visit_free(v); return ret; } @@ -204,16 +276,26 @@ block_crypto_open_opts_init(QCryptoBlockFormat format, QCryptoBlockCreateOptions * block_crypto_create_opts_init(QCryptoBlockFormat format, QemuOpts *opts, + const char *prefix, Error **errp) { - Visitor *v; + Visitor *v =3D NULL; QCryptoBlockCreateOptions *ret =3D NULL; Error *local_err =3D NULL; + QemuOpts *newopts =3D NULL; =20 ret =3D g_new0(QCryptoBlockCreateOptions, 1); ret->format =3D format; =20 - v =3D opts_visitor_new(opts); + if (prefix !=3D NULL) { + newopts =3D block_crypto_copy_opts(opts, prefix, &local_err); + if (local_err) { + goto out; + } + v =3D opts_visitor_new(newopts); + } else { + v =3D opts_visitor_new(opts); + } =20 visit_start_struct(v, NULL, NULL, 0, &local_err); if (local_err) { @@ -242,6 +324,7 @@ block_crypto_create_opts_init(QCryptoBlockFormat format, qapi_free_QCryptoBlockCreateOptions(ret); ret =3D NULL; } + qemu_opts_del(newopts); visit_free(v); return ret; } @@ -268,7 +351,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat= format, goto cleanup; } =20 - open_opts =3D block_crypto_open_opts_init(format, opts, errp); + open_opts =3D block_crypto_open_opts_init(format, opts, NULL, errp); if (!open_opts) { goto cleanup; } @@ -312,7 +395,7 @@ static int block_crypto_create_generic(QCryptoBlockForm= at format, .filename =3D filename, }; =20 - create_opts =3D block_crypto_create_opts_init(format, opts, errp); + create_opts =3D block_crypto_create_opts_init(format, opts, NULL, errp= ); if (!create_opts) { return -1; } diff --git a/block/crypto.h b/block/crypto.h index e42f20e..e70e2f0 100644 --- a/block/crypto.h +++ b/block/crypto.h @@ -29,51 +29,51 @@ #define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg" #define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time" =20 -#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET \ +#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \ { \ - .name =3D BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, \ + .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, \ .type =3D QEMU_OPT_STRING, \ .help =3D "ID of the secret that provides the keyslot passphrase",= \ } =20 -#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG \ +#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix) \ { \ - .name =3D BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \ + .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \ .type =3D QEMU_OPT_STRING, \ .help =3D "Name of encryption cipher algorithm", \ } =20 -#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE \ - { \ - .name =3D BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \ - .type =3D QEMU_OPT_STRING, \ - .help =3D "Name of encryption cipher mode", \ +#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(prefix) \ + { \ + .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "Name of encryption cipher mode", \ } =20 -#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG \ - { \ - .name =3D BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \ - .type =3D QEMU_OPT_STRING, \ - .help =3D "Name of IV generator algorithm", \ +#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(prefix) \ + { \ + .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "Name of IV generator algorithm", \ } =20 -#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG \ +#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(prefix) \ { \ - .name =3D BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \ + .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \ .type =3D QEMU_OPT_STRING, \ .help =3D "Name of IV generator hash algorithm", \ } =20 -#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG \ +#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(prefix) \ { \ - .name =3D BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \ + .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \ .type =3D QEMU_OPT_STRING, \ .help =3D "Name of encryption hash algorithm", \ } =20 -#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME \ +#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(prefix) \ { \ - .name =3D BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \ + .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \ .type =3D QEMU_OPT_NUMBER, \ .help =3D "Time to spend in PBKDF in milliseconds", \ } @@ -81,11 +81,13 @@ QCryptoBlockCreateOptions * block_crypto_create_opts_init(QCryptoBlockFormat format, QemuOpts *opts, + const char *prefix, Error **errp); =20 QCryptoBlockOpenOptions * block_crypto_open_opts_init(QCryptoBlockFormat format, QemuOpts *opts, + const char *prefix, Error **errp); =20 #endif /* BLOCK_CRYPTO_H__ */ --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487678526618413.5684886653354; Tue, 21 Feb 2017 04:02:06 -0800 (PST) Received: from localhost ([::1]:43936 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg98t-0002Hn-Vi for importer@patchew.org; Tue, 21 Feb 2017 07:02:04 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37889) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg92f-00056U-1D for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:38 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg92b-00057Z-Vv for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:37 -0500 Received: from mx1.redhat.com ([209.132.183.28]:46642) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg92Z-00056W-Dx; Tue, 21 Feb 2017 06:55:31 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7511C155E4; Tue, 21 Feb 2017 11:55:31 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjD032624; Tue, 21 Feb 2017 06:55:29 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:54:57 +0000 Message-Id: <20170221115512.21918-4-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 21 Feb 2017 11:55:31 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 03/18] qcow: document another weakness of qcow AES encryption X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Document that use of guest virtual sector numbers as the basis for the initialization vectors is a potential weakness, when combined with internal snapshots or multiple images using the same passphrase. This fixes the formatting of the itemized list too. Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- qemu-img.texi | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/qemu-img.texi b/qemu-img.texi index 174aae3..db4534b 100644 --- a/qemu-img.texi +++ b/qemu-img.texi @@ -544,16 +544,29 @@ The use of encryption in qcow and qcow2 images is con= sidered to be flawed by modern cryptography standards, suffering from a number of design problems: =20 @itemize @minus -@item The AES-CBC cipher is used with predictable initialization vectors b= ased +@item +The AES-CBC cipher is used with predictable initialization vectors based on the sector number. This makes it vulnerable to chosen plaintext attacks which can reveal the existence of encrypted data. -@item The user passphrase is directly used as the encryption key. A poorly +@item +The user passphrase is directly used as the encryption key. A poorly chosen or short passphrase will compromise the security of the encryption. -@item In the event of the passphrase being compromised there is no way to +@item +In the event of the passphrase being compromised there is no way to change the passphrase to protect data in any qcow images. The files must be cloned, using a different encryption passphrase in the new file. The original file must then be securely erased using a program like shred, though even this is ineffective with many modern storage technologies. +@item +Initialization vectors used to encrypt sectors are based on the +guest virtual sector number, instead of the host physical sector. When +a disk image has multiple internal snapshots this means that data in +multiple physical sectors is encrypted with the same initialization +vector. With the CBC mode, this opens the possibility of watermarking +attacks if the attack can collect multiple sectors encrypted with the +same IV and some predictable data. Having multiple qcow2 images with +the same passphrase also exposes this weakness since the passphrase +is directly used as the key. @end itemize =20 Use of qcow / qcow2 encryption is thus strongly discouraged. Users are --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 148767826800445.19966708311313; Tue, 21 Feb 2017 03:57:48 -0800 (PST) Received: from localhost ([::1]:43910 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg94k-0006de-P4 for importer@patchew.org; Tue, 21 Feb 2017 06:57:46 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37909) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg92g-00057s-Bk for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:39 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg92f-00058T-Dc for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:38 -0500 Received: from mx1.redhat.com ([209.132.183.28]:46656) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg92b-00057G-86; Tue, 21 Feb 2017 06:55:33 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4833D1555C; Tue, 21 Feb 2017 11:55:33 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjE032624; Tue, 21 Feb 2017 06:55:31 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:54:58 +0000 Message-Id: <20170221115512.21918-5-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 21 Feb 2017 11:55:33 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 04/18] qcow: require image size to be > 1 for new images X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The qcow driver refuses to open images which are less than 2 bytes in size, but will happily create such images. Add a check in the create path to avoid this discrepancy. Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- block/qcow.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/block/qcow.c b/block/qcow.c index fb738fc..744b25e 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -805,6 +805,12 @@ static int qcow_create(const char *filename, QemuOpts = *opts, Error **errp) /* Read out options */ total_size =3D ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0), BDRV_SECTOR_SIZE); + if (total_size =3D=3D 0) { + error_setg(errp, "Image size is too small, cannot be zero length"); + ret =3D -EINVAL; + goto cleanup; + } + backing_file =3D qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FILE); if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) { flags |=3D BLOCK_FLAG_ENCRYPT; --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487678589201657.8941472278348; Tue, 21 Feb 2017 04:03:09 -0800 (PST) Received: from localhost ([::1]:43938 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg99t-0003eE-Rz for importer@patchew.org; Tue, 21 Feb 2017 07:03:05 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37929) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg92h-00058W-2d for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:40 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg92g-00058j-AX for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:39 -0500 Received: from mx1.redhat.com ([209.132.183.28]:47696) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg92d-00057v-Jx; Tue, 21 Feb 2017 06:55:35 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 99510FA283; Tue, 21 Feb 2017 11:55:35 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjF032624; Tue, 21 Feb 2017 06:55:33 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:54:59 +0000 Message-Id: <20170221115512.21918-6-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 21 Feb 2017 11:55:35 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 05/18] iotests: skip 042 with qcow which dosn't support zero sized images X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Test 042 is designed to verify operation with zero sized images. Such images are not supported with qcow (v1), so this test has always failed. Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/042 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/qemu-iotests/042 b/tests/qemu-iotests/042 index 351b283..a53e7cb 100755 --- a/tests/qemu-iotests/042 +++ b/tests/qemu-iotests/042 @@ -37,7 +37,7 @@ trap "_cleanup; exit \$status" 0 1 2 3 15 . ./common.rc . ./common.filter =20 -_supported_fmt qcow2 qcow qed +_supported_fmt qcow2 qed _supported_proto file _supported_os Linux =20 --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487678800502951.61889439533; Tue, 21 Feb 2017 04:06:40 -0800 (PST) Received: from localhost ([::1]:43964 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg9DJ-0006RO-8f for importer@patchew.org; Tue, 21 Feb 2017 07:06:37 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37950) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg92j-0005BK-JB for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:42 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg92i-00059V-Pm for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:41 -0500 Received: from mx1.redhat.com ([209.132.183.28]:44446) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg92g-00058X-30; Tue, 21 Feb 2017 06:55:38 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 25FA54E4F5; Tue, 21 Feb 2017 11:55:38 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjG032624; Tue, 21 Feb 2017 06:55:35 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:55:00 +0000 Message-Id: <20170221115512.21918-7-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 21 Feb 2017 11:55:38 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 06/18] iotests: skip 048 with qcow which doesn't support resize X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Test 048 is designed to verify data preservation during an image resize. The qcow (v1) format impl has never supported resize so always fails. Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/048 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/qemu-iotests/048 b/tests/qemu-iotests/048 index 203c04f..9ed04a0 100755 --- a/tests/qemu-iotests/048 +++ b/tests/qemu-iotests/048 @@ -46,7 +46,7 @@ _compare() . ./common.filter . ./common.pattern =20 -_supported_fmt raw qcow qcow2 qed luks +_supported_fmt raw qcow2 qed luks _supported_proto file _supported_os Linux =20 --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487678537241627.4577333763003; Tue, 21 Feb 2017 04:02:17 -0800 (PST) Received: from localhost ([::1]:43937 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg995-0002So-QH for importer@patchew.org; Tue, 21 Feb 2017 07:02:15 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38020) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg92t-0005HS-28 for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:53 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg92p-0005Ah-LN for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:50 -0500 Received: from mx1.redhat.com ([209.132.183.28]:50280) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg92j-00059S-4s; Tue, 21 Feb 2017 06:55:41 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2854B81255; Tue, 21 Feb 2017 11:55:41 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjH032624; Tue, 21 Feb 2017 06:55:38 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:55:01 +0000 Message-Id: <20170221115512.21918-8-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 21 Feb 2017 11:55:41 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 07/18] iotests: fix 097 when run with qcow X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The previous commit: commit a3e1505daec31ef56f0489f8c8fff1b8e4ca92bd Author: Eric Blake Date: Mon Dec 5 09:49:34 2016 -0600 qcow2: Don't strand clusters near 2G intervals during commit extended the 097 test case so that it did two passes, once with an internal snapshot, once without. qcow (v1) does not support internal snapshots, so this change broke test 097 when run against qcow. This splits 097 in two, creating a new 173 that tests the internal snapshot codepath, effectively putting 097 back to its content before the above commit. Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange Reviewed-by: Eric Blake --- tests/qemu-iotests/097 | 10 +--- tests/qemu-iotests/097.out | 125 ++---------------------------------------= --- tests/qemu-iotests/175 | 126 +++++++++++++++++++++++++++++++++++++++++= ++++ tests/qemu-iotests/175.out | 119 ++++++++++++++++++++++++++++++++++++++++++ tests/qemu-iotests/group | 1 + 5 files changed, 251 insertions(+), 130 deletions(-) create mode 100755 tests/qemu-iotests/175 create mode 100644 tests/qemu-iotests/175.out diff --git a/tests/qemu-iotests/097 b/tests/qemu-iotests/097 index 4c33e80..1d28aff 100755 --- a/tests/qemu-iotests/097 +++ b/tests/qemu-iotests/097 @@ -56,26 +56,19 @@ _supported_os Linux # 3: Two-layer backing chain, commit to lower backing file # (in this case, the top image will implicitly stay unchanged) # -# Each pass is run twice, since qcow2 has different code paths for cleaning -# an image depending on whether it has a snapshot. -# # 020 already tests committing, so this only tests whether image chains are # working properly and that all images above the base are emptied; therefo= re, # no complicated patterns are necessary. Check near the 2G mark, as qcow2 # has been buggy at that boundary in the past. for i in 0 1 2 3; do -for j in 0 1; do =20 echo -echo "=3D=3D=3D Test pass $i.$j =3D=3D=3D" +echo "=3D=3D=3D Test pass $i =3D=3D=3D" echo =20 TEST_IMG=3D"$TEST_IMG.base" _make_test_img 2100M TEST_IMG=3D"$TEST_IMG.itmd" _make_test_img -b "$TEST_IMG.base" 2100M _make_test_img -b "$TEST_IMG.itmd" 2100M -if [ $j -eq 0 ]; then - $QEMU_IMG snapshot -c snap "$TEST_IMG" -fi =20 $QEMU_IO -c 'write -P 1 0x7ffd0000 192k' "$TEST_IMG.base" | _filter_qemu_io $QEMU_IO -c 'write -P 2 0x7ffe0000 128k' "$TEST_IMG.itmd" | _filter_qemu_io @@ -121,7 +114,6 @@ $QEMU_IMG map "$TEST_IMG.itmd" | _filter_qemu_img_map $QEMU_IMG map "$TEST_IMG" | _filter_qemu_img_map =20 done -done =20 =20 # success, all done diff --git a/tests/qemu-iotests/097.out b/tests/qemu-iotests/097.out index 8106cc9..81fc225 100644 --- a/tests/qemu-iotests/097.out +++ b/tests/qemu-iotests/097.out @@ -1,6 +1,6 @@ QA output created by 097 =20 -=3D=3D=3D Test pass 0.0 =3D=3D=3D +=3D=3D=3D Test pass 0 =3D=3D=3D =20 Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D2202009600 Formatting 'TEST_DIR/t.IMGFMT.itmd', fmt=3DIMGFMT size=3D2202009600 backin= g_file=3DTEST_DIR/t.IMGFMT.base @@ -29,66 +29,7 @@ Offset Length File 0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base 0x7ffe0000 0x20000 TEST_DIR/t.IMGFMT.itmd =20 -=3D=3D=3D Test pass 0.1 =3D=3D=3D - -Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D2202009600 -Formatting 'TEST_DIR/t.IMGFMT.itmd', fmt=3DIMGFMT size=3D2202009600 backin= g_file=3DTEST_DIR/t.IMGFMT.base -Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D2202009600 backing_fil= e=3DTEST_DIR/t.IMGFMT.itmd -wrote 196608/196608 bytes at offset 2147287040 -192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -wrote 131072/131072 bytes at offset 2147352576 -128 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -wrote 65536/65536 bytes at offset 2147418112 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -Image committed. -read 196608/196608 bytes at offset 2147287040 -192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -read 65536/65536 bytes at offset 2147287040 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -read 65536/65536 bytes at offset 2147352576 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -read 65536/65536 bytes at offset 2147418112 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -Offset Length File -0x7ffd0000 0x30000 TEST_DIR/t.IMGFMT.base -Offset Length File -0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base -0x7ffe0000 0x20000 TEST_DIR/t.IMGFMT.itmd -Offset Length File -0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base -0x7ffe0000 0x20000 TEST_DIR/t.IMGFMT.itmd - -=3D=3D=3D Test pass 1.0 =3D=3D=3D - -Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D2202009600 -Formatting 'TEST_DIR/t.IMGFMT.itmd', fmt=3DIMGFMT size=3D2202009600 backin= g_file=3DTEST_DIR/t.IMGFMT.base -Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D2202009600 backing_fil= e=3DTEST_DIR/t.IMGFMT.itmd -wrote 196608/196608 bytes at offset 2147287040 -192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -wrote 131072/131072 bytes at offset 2147352576 -128 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -wrote 65536/65536 bytes at offset 2147418112 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -Image committed. -read 196608/196608 bytes at offset 2147287040 -192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -read 65536/65536 bytes at offset 2147287040 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -read 65536/65536 bytes at offset 2147352576 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -read 65536/65536 bytes at offset 2147418112 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -Offset Length File -0x7ffd0000 0x30000 TEST_DIR/t.IMGFMT.base -Offset Length File -0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base -0x7ffe0000 0x20000 TEST_DIR/t.IMGFMT.itmd -Offset Length File -0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base -0x7ffe0000 0x10000 TEST_DIR/t.IMGFMT.itmd -0x7fff0000 0x10000 TEST_DIR/t.IMGFMT - -=3D=3D=3D Test pass 1.1 =3D=3D=3D +=3D=3D=3D Test pass 1 =3D=3D=3D =20 Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D2202009600 Formatting 'TEST_DIR/t.IMGFMT.itmd', fmt=3DIMGFMT size=3D2202009600 backin= g_file=3DTEST_DIR/t.IMGFMT.base @@ -118,7 +59,7 @@ Offset Length File 0x7ffe0000 0x10000 TEST_DIR/t.IMGFMT.itmd 0x7fff0000 0x10000 TEST_DIR/t.IMGFMT =20 -=3D=3D=3D Test pass 2.0 =3D=3D=3D +=3D=3D=3D Test pass 2 =3D=3D=3D =20 Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D2202009600 Formatting 'TEST_DIR/t.IMGFMT.itmd', fmt=3DIMGFMT size=3D2202009600 backin= g_file=3DTEST_DIR/t.IMGFMT.base @@ -148,65 +89,7 @@ Offset Length File 0x7ffe0000 0x10000 TEST_DIR/t.IMGFMT.itmd 0x7fff0000 0x10000 TEST_DIR/t.IMGFMT =20 -=3D=3D=3D Test pass 2.1 =3D=3D=3D - -Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D2202009600 -Formatting 'TEST_DIR/t.IMGFMT.itmd', fmt=3DIMGFMT size=3D2202009600 backin= g_file=3DTEST_DIR/t.IMGFMT.base -Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D2202009600 backing_fil= e=3DTEST_DIR/t.IMGFMT.itmd -wrote 196608/196608 bytes at offset 2147287040 -192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -wrote 131072/131072 bytes at offset 2147352576 -128 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -wrote 65536/65536 bytes at offset 2147418112 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -Image committed. -read 196608/196608 bytes at offset 2147287040 -192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -read 65536/65536 bytes at offset 2147287040 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -read 65536/65536 bytes at offset 2147352576 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -read 65536/65536 bytes at offset 2147418112 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -Offset Length File -0x7ffd0000 0x30000 TEST_DIR/t.IMGFMT.base -Offset Length File -0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base -0x7ffe0000 0x20000 TEST_DIR/t.IMGFMT.itmd -Offset Length File -0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base -0x7ffe0000 0x10000 TEST_DIR/t.IMGFMT.itmd -0x7fff0000 0x10000 TEST_DIR/t.IMGFMT - -=3D=3D=3D Test pass 3.0 =3D=3D=3D - -Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D2202009600 -Formatting 'TEST_DIR/t.IMGFMT.itmd', fmt=3DIMGFMT size=3D2202009600 backin= g_file=3DTEST_DIR/t.IMGFMT.base -Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D2202009600 backing_fil= e=3DTEST_DIR/t.IMGFMT.itmd -wrote 196608/196608 bytes at offset 2147287040 -192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -wrote 131072/131072 bytes at offset 2147352576 -128 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -wrote 65536/65536 bytes at offset 2147418112 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -Image committed. -read 65536/65536 bytes at offset 2147287040 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -read 65536/65536 bytes at offset 2147352576 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -read 65536/65536 bytes at offset 2147418112 -64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -Offset Length File -0x7ffd0000 0x30000 TEST_DIR/t.IMGFMT.base -Offset Length File -0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base -0x7ffe0000 0x20000 TEST_DIR/t.IMGFMT.itmd -Offset Length File -0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base -0x7ffe0000 0x10000 TEST_DIR/t.IMGFMT.itmd -0x7fff0000 0x10000 TEST_DIR/t.IMGFMT - -=3D=3D=3D Test pass 3.1 =3D=3D=3D +=3D=3D=3D Test pass 3 =3D=3D=3D =20 Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D2202009600 Formatting 'TEST_DIR/t.IMGFMT.itmd', fmt=3DIMGFMT size=3D2202009600 backin= g_file=3DTEST_DIR/t.IMGFMT.base diff --git a/tests/qemu-iotests/175 b/tests/qemu-iotests/175 new file mode 100755 index 0000000..9a70a87 --- /dev/null +++ b/tests/qemu-iotests/175 @@ -0,0 +1,126 @@ +#!/bin/bash +# +# Commit changes into backing chains and empty the top image if the +# backing image is not explicitly specified. +# +# Variant of 097, which includes snapshots to test different codepath +# in qcow2 +# +# Copyright (C) 2014 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=3Dmreitz@redhat.com + +seq=3D"$(basename $0)" +echo "QA output created by $seq" + +here=3D"$PWD" +status=3D1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img + _rm_test_img "$TEST_IMG.itmd" +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter +. ./common.pattern + +# Any format supporting backing files and bdrv_make_empty +_supported_fmt qcow2 +_supported_proto file +_supported_os Linux + + +# Four passes: +# 0: Two-layer backing chain, commit to upper backing file (implicitly) +# (in this case, the top image will be emptied) +# 1: Two-layer backing chain, commit to upper backing file (explicitly) +# (in this case, the top image will implicitly stay unchanged) +# 2: Two-layer backing chain, commit to upper backing file (implicitly wi= th -d) +# (in this case, the top image will explicitly stay unchanged) +# 3: Two-layer backing chain, commit to lower backing file +# (in this case, the top image will implicitly stay unchanged) +# +# 020 already tests committing, so this only tests whether image chains are +# working properly and that all images above the base are emptied; therefo= re, +# no complicated patterns are necessary. Check near the 2G mark, as qcow2 +# has been buggy at that boundary in the past. +for i in 0 1 2 3; do + +echo +echo "=3D=3D=3D Test pass $i =3D=3D=3D" +echo + +TEST_IMG=3D"$TEST_IMG.base" _make_test_img 2100M +TEST_IMG=3D"$TEST_IMG.itmd" _make_test_img -b "$TEST_IMG.base" 2100M +_make_test_img -b "$TEST_IMG.itmd" 2100M +$QEMU_IMG snapshot -c snap "$TEST_IMG" + +$QEMU_IO -c 'write -P 1 0x7ffd0000 192k' "$TEST_IMG.base" | _filter_qemu_io +$QEMU_IO -c 'write -P 2 0x7ffe0000 128k' "$TEST_IMG.itmd" | _filter_qemu_io +$QEMU_IO -c 'write -P 3 0x7fff0000 64k' "$TEST_IMG" | _filter_qemu_io + +if [ $i -lt 3 ]; then + if [ $i =3D=3D 0 ]; then + # -b "$TEST_IMG.itmd" should be the default (that is, committing t= o the + # first backing file in the chain) + $QEMU_IMG commit "$TEST_IMG" + elif [ $i =3D=3D 1 ]; then + # explicitly specify the commit target (this should imply -d) + $QEMU_IMG commit -b "$TEST_IMG.itmd" "$TEST_IMG" + else + # do not explicitly specify the commit target, but use -d to leave= the + # top image unchanged + $QEMU_IMG commit -d "$TEST_IMG" + fi + + # Bottom should be unchanged + $QEMU_IO -c 'read -P 1 0x7ffd0000 192k' "$TEST_IMG.base" | _filter_qem= u_io + + # Intermediate should contain changes from top + $QEMU_IO -c 'read -P 1 0x7ffd0000 64k' "$TEST_IMG.itmd" | _filter_qemu= _io + $QEMU_IO -c 'read -P 2 0x7ffe0000 64k' "$TEST_IMG.itmd" | _filter_qemu= _io + $QEMU_IO -c 'read -P 3 0x7fff0000 64k' "$TEST_IMG.itmd" | _filter_qemu= _io + + # And in pass 0, the top image should be empty, whereas in both other = passes + # it should be unchanged (which is both checked by qemu-img map) +else + $QEMU_IMG commit -b "$TEST_IMG.base" "$TEST_IMG" + + # Bottom should contain all changes + $QEMU_IO -c 'read -P 1 0x7ffd0000 64k' "$TEST_IMG.base" | _filter_qemu= _io + $QEMU_IO -c 'read -P 2 0x7ffe0000 64k' "$TEST_IMG.base" | _filter_qemu= _io + $QEMU_IO -c 'read -P 3 0x7fff0000 64k' "$TEST_IMG.base" | _filter_qemu= _io + + # Both top and intermediate should be unchanged +fi + +$QEMU_IMG map "$TEST_IMG.base" | _filter_qemu_img_map +$QEMU_IMG map "$TEST_IMG.itmd" | _filter_qemu_img_map +$QEMU_IMG map "$TEST_IMG" | _filter_qemu_img_map + +done + + +# success, all done +echo "*** done" +rm -f $seq.full +status=3D0 diff --git a/tests/qemu-iotests/175.out b/tests/qemu-iotests/175.out new file mode 100644 index 0000000..c0f8cc8 --- /dev/null +++ b/tests/qemu-iotests/175.out @@ -0,0 +1,119 @@ +QA output created by 175 + +=3D=3D=3D Test pass 0 =3D=3D=3D + +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D2202009600 +Formatting 'TEST_DIR/t.IMGFMT.itmd', fmt=3DIMGFMT size=3D2202009600 backin= g_file=3DTEST_DIR/t.IMGFMT.base +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D2202009600 backing_fil= e=3DTEST_DIR/t.IMGFMT.itmd +wrote 196608/196608 bytes at offset 2147287040 +192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +wrote 131072/131072 bytes at offset 2147352576 +128 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +wrote 65536/65536 bytes at offset 2147418112 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +Image committed. +read 196608/196608 bytes at offset 2147287040 +192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 65536/65536 bytes at offset 2147287040 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 65536/65536 bytes at offset 2147352576 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 65536/65536 bytes at offset 2147418112 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +Offset Length File +0x7ffd0000 0x30000 TEST_DIR/t.IMGFMT.base +Offset Length File +0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base +0x7ffe0000 0x20000 TEST_DIR/t.IMGFMT.itmd +Offset Length File +0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base +0x7ffe0000 0x20000 TEST_DIR/t.IMGFMT.itmd + +=3D=3D=3D Test pass 1 =3D=3D=3D + +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D2202009600 +Formatting 'TEST_DIR/t.IMGFMT.itmd', fmt=3DIMGFMT size=3D2202009600 backin= g_file=3DTEST_DIR/t.IMGFMT.base +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D2202009600 backing_fil= e=3DTEST_DIR/t.IMGFMT.itmd +wrote 196608/196608 bytes at offset 2147287040 +192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +wrote 131072/131072 bytes at offset 2147352576 +128 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +wrote 65536/65536 bytes at offset 2147418112 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +Image committed. +read 196608/196608 bytes at offset 2147287040 +192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 65536/65536 bytes at offset 2147287040 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 65536/65536 bytes at offset 2147352576 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 65536/65536 bytes at offset 2147418112 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +Offset Length File +0x7ffd0000 0x30000 TEST_DIR/t.IMGFMT.base +Offset Length File +0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base +0x7ffe0000 0x20000 TEST_DIR/t.IMGFMT.itmd +Offset Length File +0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base +0x7ffe0000 0x10000 TEST_DIR/t.IMGFMT.itmd +0x7fff0000 0x10000 TEST_DIR/t.IMGFMT + +=3D=3D=3D Test pass 2 =3D=3D=3D + +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D2202009600 +Formatting 'TEST_DIR/t.IMGFMT.itmd', fmt=3DIMGFMT size=3D2202009600 backin= g_file=3DTEST_DIR/t.IMGFMT.base +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D2202009600 backing_fil= e=3DTEST_DIR/t.IMGFMT.itmd +wrote 196608/196608 bytes at offset 2147287040 +192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +wrote 131072/131072 bytes at offset 2147352576 +128 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +wrote 65536/65536 bytes at offset 2147418112 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +Image committed. +read 196608/196608 bytes at offset 2147287040 +192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 65536/65536 bytes at offset 2147287040 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 65536/65536 bytes at offset 2147352576 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 65536/65536 bytes at offset 2147418112 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +Offset Length File +0x7ffd0000 0x30000 TEST_DIR/t.IMGFMT.base +Offset Length File +0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base +0x7ffe0000 0x20000 TEST_DIR/t.IMGFMT.itmd +Offset Length File +0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base +0x7ffe0000 0x10000 TEST_DIR/t.IMGFMT.itmd +0x7fff0000 0x10000 TEST_DIR/t.IMGFMT + +=3D=3D=3D Test pass 3 =3D=3D=3D + +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D2202009600 +Formatting 'TEST_DIR/t.IMGFMT.itmd', fmt=3DIMGFMT size=3D2202009600 backin= g_file=3DTEST_DIR/t.IMGFMT.base +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D2202009600 backing_fil= e=3DTEST_DIR/t.IMGFMT.itmd +wrote 196608/196608 bytes at offset 2147287040 +192 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +wrote 131072/131072 bytes at offset 2147352576 +128 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +wrote 65536/65536 bytes at offset 2147418112 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +Image committed. +read 65536/65536 bytes at offset 2147287040 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 65536/65536 bytes at offset 2147352576 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 65536/65536 bytes at offset 2147418112 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +Offset Length File +0x7ffd0000 0x30000 TEST_DIR/t.IMGFMT.base +Offset Length File +0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base +0x7ffe0000 0x20000 TEST_DIR/t.IMGFMT.itmd +Offset Length File +0x7ffd0000 0x10000 TEST_DIR/t.IMGFMT.base +0x7ffe0000 0x10000 TEST_DIR/t.IMGFMT.itmd +0x7fff0000 0x10000 TEST_DIR/t.IMGFMT +*** done diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index 985b9a6..19169eb 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -167,3 +167,4 @@ 172 auto 173 rw auto 174 auto +175 rw auto backing --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487678275325628.5002706937373; Tue, 21 Feb 2017 03:57:55 -0800 (PST) Received: from localhost ([::1]:43911 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg94r-0006jB-1L for importer@patchew.org; Tue, 21 Feb 2017 06:57:53 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38042) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg92u-0005JS-F1 for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:53 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg92t-0005Bq-I9 for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:52 -0500 Received: from mx1.redhat.com ([209.132.183.28]:50306) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg92m-00059w-1l; Tue, 21 Feb 2017 06:55:44 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1B7247FB6A; Tue, 21 Feb 2017 11:55:44 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjI032624; Tue, 21 Feb 2017 06:55:41 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:55:02 +0000 Message-Id: <20170221115512.21918-9-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 21 Feb 2017 11:55:44 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 08/18] qcow: make encrypt_sectors encrypt in place X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Instead of requiring separate input/output buffers for encrypting data, change encrypt_sectors() to assume use of a single buffer, encrypting in place. One current caller uses the same buffer for input/output already and the other two callers are easily converted to do so. Reviewed-by: Alberto Garcia Reviewed-by: Eric Blake Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange Reviewed-by: Kevinn Wolf --- block/qcow.c | 44 +++++++++++++++----------------------------- 1 file changed, 15 insertions(+), 29 deletions(-) diff --git a/block/qcow.c b/block/qcow.c index 744b25e..f07cdbb 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -316,11 +316,10 @@ static int qcow_set_key(BlockDriverState *bs, const c= har *key) } =20 /* The crypt function is compatible with the linux cryptoloop - algorithm for < 4 GB images. NOTE: out_buf =3D=3D in_buf is - supported */ + algorithm for < 4 GB images. */ static int encrypt_sectors(BDRVQcowState *s, int64_t sector_num, - uint8_t *out_buf, const uint8_t *in_buf, - int nb_sectors, bool enc, Error **errp) + uint8_t *buf, int nb_sectors, bool enc, + Error **errp) { union { uint64_t ll[2]; @@ -339,14 +338,12 @@ static int encrypt_sectors(BDRVQcowState *s, int64_t = sector_num, } if (enc) { ret =3D qcrypto_cipher_encrypt(s->cipher, - in_buf, - out_buf, + buf, buf, 512, errp); } else { ret =3D qcrypto_cipher_decrypt(s->cipher, - in_buf, - out_buf, + buf, buf, 512, errp); } @@ -354,8 +351,7 @@ static int encrypt_sectors(BDRVQcowState *s, int64_t se= ctor_num, return -1; } sector_num++; - in_buf +=3D 512; - out_buf +=3D 512; + buf +=3D 512; } return 0; } @@ -475,13 +471,12 @@ static uint64_t get_cluster_offset(BlockDriverState *= bs, uint64_t start_sect; assert(s->cipher); start_sect =3D (offset & ~(s->cluster_size - 1)) >> 9; - memset(s->cluster_data + 512, 0x00, 512); for(i =3D 0; i < s->cluster_sectors; i++) { if (i < n_start || i >=3D n_end) { Error *err =3D NULL; + memset(s->cluster_data, 0x00, 512); if (encrypt_sectors(s, start_sect + i, - s->cluster_data, - s->cluster_data + 512, 1, + s->cluster_data, 1, true, &err) < 0) { error_free(err); errno =3D EIO; @@ -659,7 +654,7 @@ static coroutine_fn int qcow_co_readv(BlockDriverState = *bs, int64_t sector_num, } if (bs->encrypted) { assert(s->cipher); - if (encrypt_sectors(s, sector_num, buf, buf, + if (encrypt_sectors(s, sector_num, buf, n, false, &err) < 0) { goto fail; } @@ -694,9 +689,7 @@ static coroutine_fn int qcow_co_writev(BlockDriverState= *bs, int64_t sector_num, BDRVQcowState *s =3D bs->opaque; int index_in_cluster; uint64_t cluster_offset; - const uint8_t *src_buf; int ret =3D 0, n; - uint8_t *cluster_data =3D NULL; struct iovec hd_iov; QEMUIOVector hd_qiov; uint8_t *buf; @@ -704,7 +697,9 @@ static coroutine_fn int qcow_co_writev(BlockDriverState= *bs, int64_t sector_num, =20 s->cluster_cache_offset =3D -1; /* disable compressed cache */ =20 - if (qiov->niov > 1) { + /* We must always copy the iov when encrypting, so we + * don't modify the original data buffer during encryption */ + if (bs->encrypted || qiov->niov > 1) { buf =3D orig_buf =3D qemu_try_blockalign(bs, qiov->size); if (buf =3D=3D NULL) { return -ENOMEM; @@ -734,21 +729,15 @@ static coroutine_fn int qcow_co_writev(BlockDriverSta= te *bs, int64_t sector_num, if (bs->encrypted) { Error *err =3D NULL; assert(s->cipher); - if (!cluster_data) { - cluster_data =3D g_malloc0(s->cluster_size); - } - if (encrypt_sectors(s, sector_num, cluster_data, buf, + if (encrypt_sectors(s, sector_num, buf, n, true, &err) < 0) { error_free(err); ret =3D -EIO; break; } - src_buf =3D cluster_data; - } else { - src_buf =3D buf; } =20 - hd_iov.iov_base =3D (void *)src_buf; + hd_iov.iov_base =3D (void *)buf; hd_iov.iov_len =3D n * 512; qemu_iovec_init_external(&hd_qiov, &hd_iov, 1); qemu_co_mutex_unlock(&s->lock); @@ -767,10 +756,7 @@ static coroutine_fn int qcow_co_writev(BlockDriverStat= e *bs, int64_t sector_num, } qemu_co_mutex_unlock(&s->lock); =20 - if (qiov->niov > 1) { - qemu_vfree(orig_buf); - } - g_free(cluster_data); + qemu_vfree(orig_buf); =20 return ret; } --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487678877884135.72134980738144; Tue, 21 Feb 2017 04:07:57 -0800 (PST) Received: from localhost ([::1]:43971 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg9EY-0007MQ-Gm for importer@patchew.org; Tue, 21 Feb 2017 07:07:54 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38063) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg92v-0005K7-8z for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:56 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg92t-0005Bl-Gf for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:53 -0500 Received: from mx1.redhat.com ([209.132.183.28]:32992) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg92o-0005AQ-9f; Tue, 21 Feb 2017 06:55:46 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4FB5D61D24; Tue, 21 Feb 2017 11:55:46 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjJ032624; Tue, 21 Feb 2017 06:55:44 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:55:03 +0000 Message-Id: <20170221115512.21918-10-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 21 Feb 2017 11:55:46 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 09/18] qcow: convert QCow to use QCryptoBlock for encryption X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" This converts the qcow driver to make use of the QCryptoBlock APIs for encrypting image content. This is only wired up to permit use of the legacy QCow encryption format. Users who wish to have the strong LUKS format should switch to qcow2 instead. With this change it is now required to use the QCryptoSecret object for providing passwords, instead of the current block password APIs / interactive prompting. $QEMU \ -object secret,id=3Dsec0,filename=3D/home/berrange/encrypted.pw \ -drive file=3D/home/berrange/encrypted.qcow,aes-key-secret=3Dsec0 Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- block/crypto.c | 10 +++ block/crypto.h | 9 +++ block/qcow.c | 184 +++++++++++++++++++++++------------------------= ---- qapi/block-core.json | 17 ++++- 4 files changed, 117 insertions(+), 103 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index 876eabc..9201cb0 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -251,6 +251,11 @@ block_crypto_open_opts_init(QCryptoBlockFormat format, v, &ret->u.luks, &local_err); break; =20 + case Q_CRYPTO_BLOCK_FORMAT_QCOW: + visit_type_QCryptoBlockOptionsQCow_members( + v, &ret->u.qcow, &local_err); + break; + default: error_setg(&local_err, "Unsupported block format %d", format); break; @@ -308,6 +313,11 @@ block_crypto_create_opts_init(QCryptoBlockFormat forma= t, v, &ret->u.luks, &local_err); break; =20 + case Q_CRYPTO_BLOCK_FORMAT_QCOW: + visit_type_QCryptoBlockOptionsQCow_members( + v, &ret->u.qcow, &local_err); + break; + default: error_setg(&local_err, "Unsupported block format %d", format); break; diff --git a/block/crypto.h b/block/crypto.h index e70e2f0..1d64676 100644 --- a/block/crypto.h +++ b/block/crypto.h @@ -21,6 +21,15 @@ #ifndef BLOCK_CRYPTO_H__ #define BLOCK_CRYPTO_H__ =20 +#define BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET "key-secret" + +#define BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET(prefix) \ + { \ + .name =3D prefix BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "ID of the secret that provides the AES encryption key",= \ + } + #define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret" #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg" #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode" diff --git a/block/qcow.c b/block/qcow.c index f07cdbb..d3a840e 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -31,8 +31,9 @@ #include "qemu/bswap.h" #include #include "qapi/qmp/qerror.h" -#include "crypto/cipher.h" +#include "crypto/block.h" #include "migration/migration.h" +#include "block/crypto.h" =20 /**************************************************************/ /* QEMU COW block driver with compression and encryption support */ @@ -77,7 +78,7 @@ typedef struct BDRVQcowState { uint8_t *cluster_cache; uint8_t *cluster_data; uint64_t cluster_cache_offset; - QCryptoCipher *cipher; /* NULL if no key yet */ + QCryptoBlock *crypto; /* Disk encryption format driver */ uint32_t crypt_method_header; CoMutex lock; Error *migration_blocker; @@ -97,6 +98,15 @@ static int qcow_probe(const uint8_t *buf, int buf_size, = const char *filename) return 0; } =20 +static QemuOptsList qcow_runtime_opts =3D { + .name =3D "qcow", + .head =3D QTAILQ_HEAD_INITIALIZER(qcow_runtime_opts.head), + .desc =3D { + BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("aes-"), + { /* end of list */ } + }, +}; + static int qcow_open(BlockDriverState *bs, QDict *options, int flags, Error **errp) { @@ -104,7 +114,18 @@ static int qcow_open(BlockDriverState *bs, QDict *opti= ons, int flags, unsigned int len, i, shift; int ret; QCowHeader header; + QemuOpts *opts =3D NULL; Error *local_err =3D NULL; + QCryptoBlockOpenOptions *crypto_opts =3D NULL; + unsigned int cflags =3D 0; + + opts =3D qemu_opts_create(&qcow_runtime_opts, NULL, 0, &error_abort); + qemu_opts_absorb_qdict(opts, options, &local_err); + if (local_err) { + error_propagate(errp, local_err); + ret =3D -EINVAL; + goto fail; + } =20 ret =3D bdrv_pread(bs->file, 0, &header, sizeof(header)); if (ret < 0) { @@ -149,17 +170,6 @@ static int qcow_open(BlockDriverState *bs, QDict *opti= ons, int flags, goto fail; } =20 - if (header.crypt_method > QCOW_CRYPT_AES) { - error_setg(errp, "invalid encryption method in qcow header"); - ret =3D -EINVAL; - goto fail; - } - if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128, - QCRYPTO_CIPHER_MODE_CBC)) { - error_setg(errp, "AES cipher not available"); - ret =3D -EINVAL; - goto fail; - } s->crypt_method_header =3D header.crypt_method; if (s->crypt_method_header) { if (bdrv_uses_whitelist() && @@ -175,8 +185,31 @@ static int qcow_open(BlockDriverState *bs, QDict *opti= ons, int flags, ret =3D -ENOSYS; goto fail; } + if (s->crypt_method_header =3D=3D QCOW_CRYPT_AES) { + crypto_opts =3D block_crypto_open_opts_init( + Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, "aes-", &local_err); + if (local_err) { + error_propagate(errp, local_err); + ret =3D -EINVAL; + goto fail; + } =20 + if (flags & BDRV_O_NO_IO) { + cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; + } + s->crypto =3D qcrypto_block_open(crypto_opts, NULL, NULL, + cflags, errp); + if (!s->crypto) { + ret =3D -EINVAL; + goto fail; + } + } else { + error_setg(errp, "invalid encryption method in qcow header"); + ret =3D -EINVAL; + goto fail; + } bs->encrypted =3D true; + bs->valid_key =3D true; } s->cluster_bits =3D header.cluster_bits; s->cluster_size =3D 1 << s->cluster_bits; @@ -260,14 +293,17 @@ static int qcow_open(BlockDriverState *bs, QDict *opt= ions, int flags, goto fail; } =20 + qapi_free_QCryptoBlockOpenOptions(crypto_opts); qemu_co_mutex_init(&s->lock); return 0; =20 fail: + qemu_opts_del(opts); g_free(s->l1_table); qemu_vfree(s->l2_cache); g_free(s->cluster_cache); g_free(s->cluster_data); + qapi_free_QCryptoBlockOpenOptions(crypto_opts); return ret; } =20 @@ -280,81 +316,6 @@ static int qcow_reopen_prepare(BDRVReopenState *state, return 0; } =20 -static int qcow_set_key(BlockDriverState *bs, const char *key) -{ - BDRVQcowState *s =3D bs->opaque; - uint8_t keybuf[16]; - int len, i; - Error *err; - - memset(keybuf, 0, 16); - len =3D strlen(key); - if (len > 16) - len =3D 16; - /* XXX: we could compress the chars to 7 bits to increase - entropy */ - for(i =3D 0;i < len;i++) { - keybuf[i] =3D key[i]; - } - assert(bs->encrypted); - - qcrypto_cipher_free(s->cipher); - s->cipher =3D qcrypto_cipher_new( - QCRYPTO_CIPHER_ALG_AES_128, - QCRYPTO_CIPHER_MODE_CBC, - keybuf, G_N_ELEMENTS(keybuf), - &err); - - if (!s->cipher) { - /* XXX would be nice if errors in this method could - * be properly propagate to the caller. Would need - * the bdrv_set_key() API signature to be fixed. */ - error_free(err); - return -1; - } - return 0; -} - -/* The crypt function is compatible with the linux cryptoloop - algorithm for < 4 GB images. */ -static int encrypt_sectors(BDRVQcowState *s, int64_t sector_num, - uint8_t *buf, int nb_sectors, bool enc, - Error **errp) -{ - union { - uint64_t ll[2]; - uint8_t b[16]; - } ivec; - int i; - int ret; - - for(i =3D 0; i < nb_sectors; i++) { - ivec.ll[0] =3D cpu_to_le64(sector_num); - ivec.ll[1] =3D 0; - if (qcrypto_cipher_setiv(s->cipher, - ivec.b, G_N_ELEMENTS(ivec.b), - errp) < 0) { - return -1; - } - if (enc) { - ret =3D qcrypto_cipher_encrypt(s->cipher, - buf, buf, - 512, - errp); - } else { - ret =3D qcrypto_cipher_decrypt(s->cipher, - buf, buf, - 512, - errp); - } - if (ret < 0) { - return -1; - } - sector_num++; - buf +=3D 512; - } - return 0; -} =20 /* 'allocate' is: * @@ -469,15 +430,16 @@ static uint64_t get_cluster_offset(BlockDriverState *= bs, if (bs->encrypted && (n_end - n_start) < s->cluster_sectors) { uint64_t start_sect; - assert(s->cipher); + assert(s->crypto); start_sect =3D (offset & ~(s->cluster_size - 1)) >> 9; for(i =3D 0; i < s->cluster_sectors; i++) { if (i < n_start || i >=3D n_end) { Error *err =3D NULL; memset(s->cluster_data, 0x00, 512); - if (encrypt_sectors(s, start_sect + i, - s->cluster_data, 1, - true, &err) < 0) { + if (qcrypto_block_encrypt(s->crypto, start_sec= t + i, + s->cluster_data, + BDRV_SECTOR_SIZE, + &err) < 0) { error_free(err); errno =3D EIO; return -1; @@ -522,7 +484,7 @@ static int64_t coroutine_fn qcow_co_get_block_status(Bl= ockDriverState *bs, if (!cluster_offset) { return 0; } - if ((cluster_offset & QCOW_OFLAG_COMPRESSED) || s->cipher) { + if ((cluster_offset & QCOW_OFLAG_COMPRESSED) || s->crypto) { return BDRV_BLOCK_DATA; } cluster_offset |=3D (index_in_cluster << BDRV_SECTOR_BITS); @@ -653,9 +615,9 @@ static coroutine_fn int qcow_co_readv(BlockDriverState = *bs, int64_t sector_num, break; } if (bs->encrypted) { - assert(s->cipher); - if (encrypt_sectors(s, sector_num, buf, - n, false, &err) < 0) { + assert(s->crypto); + if (qcrypto_block_decrypt(s->crypto, sector_num, buf, + n * BDRV_SECTOR_SIZE, &err) < 0)= { goto fail; } } @@ -728,9 +690,9 @@ static coroutine_fn int qcow_co_writev(BlockDriverState= *bs, int64_t sector_num, } if (bs->encrypted) { Error *err =3D NULL; - assert(s->cipher); - if (encrypt_sectors(s, sector_num, buf, - n, true, &err) < 0) { + assert(s->crypto); + if (qcrypto_block_encrypt(s->crypto, sector_num, buf, + n * BDRV_SECTOR_SIZE, &err) < 0) { error_free(err); ret =3D -EIO; break; @@ -765,8 +727,8 @@ static void qcow_close(BlockDriverState *bs) { BDRVQcowState *s =3D bs->opaque; =20 - qcrypto_cipher_free(s->cipher); - s->cipher =3D NULL; + qcrypto_block_free(s->crypto); + s->crypto =3D NULL; g_free(s->l1_table); qemu_vfree(s->l2_cache); g_free(s->cluster_cache); @@ -787,6 +749,8 @@ static int qcow_create(const char *filename, QemuOpts *= opts, Error **errp) Error *local_err =3D NULL; int ret; BlockBackend *qcow_blk; + QCryptoBlockCreateOptions *crypto_opts =3D NULL; + QCryptoBlock *crypto =3D NULL; =20 /* Read out options */ total_size =3D ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0), @@ -853,6 +817,20 @@ static int qcow_create(const char *filename, QemuOpts = *opts, Error **errp) header.l1_table_offset =3D cpu_to_be64(header_size); if (flags & BLOCK_FLAG_ENCRYPT) { header.crypt_method =3D cpu_to_be32(QCOW_CRYPT_AES); + + crypto_opts =3D block_crypto_create_opts_init( + Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, "aes-", &local_err); + if (local_err) { + error_propagate(errp, local_err); + ret =3D -EINVAL; + goto exit; + } + + crypto =3D qcrypto_block_create(crypto_opts, NULL, NULL, NULL, err= p); + if (!crypto) { + ret =3D -EINVAL; + goto exit; + } } else { header.crypt_method =3D cpu_to_be32(QCOW_CRYPT_NONE); } @@ -887,6 +865,8 @@ static int qcow_create(const char *filename, QemuOpts *= opts, Error **errp) exit: blk_unref(qcow_blk); cleanup: + qcrypto_block_free(crypto); + qapi_free_QCryptoBlockCreateOptions(crypto_opts); g_free(backing_file); return ret; } @@ -1028,6 +1008,7 @@ static QemuOptsList qcow_create_opts =3D { .help =3D "Encrypt the image", .def_value_str =3D "off" }, + BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("aes-"), { /* end of list */ } } }; @@ -1047,7 +1028,6 @@ static BlockDriver bdrv_qcow =3D { .bdrv_co_writev =3D qcow_co_writev, .bdrv_co_get_block_status =3D qcow_co_get_block_status, =20 - .bdrv_set_key =3D qcow_set_key, .bdrv_make_empty =3D qcow_make_empty, .bdrv_co_pwritev_compressed =3D qcow_co_pwritev_compressed, .bdrv_get_info =3D qcow_get_info, diff --git a/qapi/block-core.json b/qapi/block-core.json index 932f5bb..0bb61ea 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2278,6 +2278,21 @@ 'mode': 'Qcow2OverlapCheckMode' } } =20 ## +# @BlockdevOptionsQcow: +# +# Driver specific block device options for qcow. +# +# @aes-key-secret: #optional ID of the "secret" object providing the +# AES decryption key. +# +# Since: 2.9 +## +{ 'struct': 'BlockdevOptionsQcow', + 'base': 'BlockdevOptionsGenericCOWFormat', + 'data': { '*aes-key-secret': 'str' } } + + +## # @BlockdevOptionsQcow2: # # Driver specific block device options for qcow2. @@ -2794,7 +2809,7 @@ 'null-co': 'BlockdevOptionsNull', 'parallels': 'BlockdevOptionsGenericFormat', 'qcow2': 'BlockdevOptionsQcow2', - 'qcow': 'BlockdevOptionsGenericCOWFormat', + 'qcow': 'BlockdevOptionsQcow', 'qed': 'BlockdevOptionsGenericCOWFormat', 'quorum': 'BlockdevOptionsQuorum', 'raw': 'BlockdevOptionsRaw', --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 148767909044321.029675935919613; Tue, 21 Feb 2017 04:11:30 -0800 (PST) Received: from localhost ([::1]:43990 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg9Hz-0002ON-3W for importer@patchew.org; Tue, 21 Feb 2017 07:11:27 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38066) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg92v-0005KB-A3 for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:56 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg92u-0005CC-Fw for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:53 -0500 Received: from mx1.redhat.com ([209.132.183.28]:37090) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg92r-0005Ax-5t; Tue, 21 Feb 2017 06:55:49 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3AACF3D957; Tue, 21 Feb 2017 11:55:49 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjK032624; Tue, 21 Feb 2017 06:55:46 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:55:04 +0000 Message-Id: <20170221115512.21918-11-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 21 Feb 2017 11:55:49 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Instead of requiring separate input/output buffers for encrypting data, change qcow2_encrypt_sectors() to assume use of a single buffer, encrypting in place. The current callers all used the same buffer for input/output already. Reviewed-by: Eric Blake Reviewed-by: Fam Zheng Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- block/qcow2-cluster.c | 17 ++++++----------- block/qcow2.c | 4 ++-- block/qcow2.h | 3 +-- 3 files changed, 9 insertions(+), 15 deletions(-) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index 928c1e2..907e869 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -346,11 +346,9 @@ static int count_contiguous_clusters_by_type(int nb_cl= usters, } =20 /* The crypt function is compatible with the linux cryptoloop - algorithm for < 4 GB images. NOTE: out_buf =3D=3D in_buf is - supported */ + algorithm for < 4 GB images. */ int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t sector_num, - uint8_t *out_buf, const uint8_t *in_buf, - int nb_sectors, bool enc, + uint8_t *buf, int nb_sectors, bool enc, Error **errp) { union { @@ -370,14 +368,12 @@ int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t = sector_num, } if (enc) { ret =3D qcrypto_cipher_encrypt(s->cipher, - in_buf, - out_buf, + buf, buf, 512, errp); } else { ret =3D qcrypto_cipher_decrypt(s->cipher, - in_buf, - out_buf, + buf, buf, 512, errp); } @@ -385,8 +381,7 @@ int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t se= ctor_num, return -1; } sector_num++; - in_buf +=3D 512; - out_buf +=3D 512; + buf +=3D 512; } return 0; } @@ -434,7 +429,7 @@ static int coroutine_fn do_perform_cow(BlockDriverState= *bs, assert(s->cipher); assert((offset_in_cluster & ~BDRV_SECTOR_MASK) =3D=3D 0); assert((bytes & ~BDRV_SECTOR_MASK) =3D=3D 0); - if (qcow2_encrypt_sectors(s, sector, iov.iov_base, iov.iov_base, + if (qcow2_encrypt_sectors(s, sector, iov.iov_base, bytes >> BDRV_SECTOR_BITS, true, &err) <= 0) { ret =3D -EIO; error_free(err); diff --git a/block/qcow2.c b/block/qcow2.c index 3e274bd..c9f3406 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -1530,7 +1530,7 @@ static coroutine_fn int qcow2_co_preadv(BlockDriverSt= ate *bs, uint64_t offset, assert((cur_bytes & (BDRV_SECTOR_SIZE - 1)) =3D=3D 0); Error *err =3D NULL; if (qcow2_encrypt_sectors(s, offset >> BDRV_SECTOR_BITS, - cluster_data, cluster_data, + cluster_data, cur_bytes >> BDRV_SECTOR_BITS, false, &err) < 0) { error_free(err); @@ -1626,7 +1626,7 @@ static coroutine_fn int qcow2_co_pwritev(BlockDriverS= tate *bs, uint64_t offset, qemu_iovec_to_buf(&hd_qiov, 0, cluster_data, hd_qiov.size); =20 if (qcow2_encrypt_sectors(s, offset >> BDRV_SECTOR_BITS, - cluster_data, cluster_data, + cluster_data, cur_bytes >>BDRV_SECTOR_BITS, true, &err) < 0) { error_free(err); diff --git a/block/qcow2.h b/block/qcow2.h index f8aeb08..f3051f1 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -531,8 +531,7 @@ int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t = min_size, int qcow2_write_l1_entry(BlockDriverState *bs, int l1_index); int qcow2_decompress_cluster(BlockDriverState *bs, uint64_t cluster_offset= ); int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t sector_num, - uint8_t *out_buf, const uint8_t *in_buf, - int nb_sectors, bool enc, Error **errp); + uint8_t *buf, int nb_sectors, bool enc, Error **= errp); =20 int qcow2_get_cluster_offset(BlockDriverState *bs, uint64_t offset, unsigned int *bytes, uint64_t *cluster_offset= ); --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487678850853857.6068649013399; Tue, 21 Feb 2017 04:07:30 -0800 (PST) Received: from localhost ([::1]:43970 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg9E6-0006z1-VC for importer@patchew.org; Tue, 21 Feb 2017 07:07:27 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38173) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg937-0005WO-8Z for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg933-0005Ed-Fv for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:05 -0500 Received: from mx1.redhat.com ([209.132.183.28]:44548) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg92t-0005Ba-ET; Tue, 21 Feb 2017 06:55:51 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7F9F44E02B; Tue, 21 Feb 2017 11:55:51 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjL032624; Tue, 21 Feb 2017 06:55:49 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:55:05 +0000 Message-Id: <20170221115512.21918-12-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 21 Feb 2017 11:55:51 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" This converts the qcow2 driver to make use of the QCryptoBlock APIs for encrypting image content, using the legacyy QCow2 AES scheme. With this change it is now required to use the QCryptoSecret object for providing passwords, instead of the current block password APIs / interactive prompting. $QEMU \ -object secret,id=3Dsec0,filename=3D/home/berrange/encrypted.pw \ -drive file=3D/home/berrange/encrypted.qcow2,aes-key-secret=3Dsec0 The test 087 could be simplified since there is no longer a difference in behaviour when using blockdev_add with encrypted images for the running vs stopped CPU state. Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- block/qcow2-cluster.c | 47 +---------- block/qcow2.c | 191 +++++++++++++++++++++++++++++------------= ---- block/qcow2.h | 5 +- qapi/block-core.json | 8 +- tests/qemu-iotests/049 | 2 +- tests/qemu-iotests/049.out | 4 +- tests/qemu-iotests/082.out | 27 +++++++ tests/qemu-iotests/087 | 27 +++---- tests/qemu-iotests/087.out | 12 +-- tests/qemu-iotests/134 | 18 +++-- tests/qemu-iotests/134.out | 10 +-- tests/qemu-iotests/158 | 19 +++-- tests/qemu-iotests/158.out | 14 +--- tests/qemu-iotests/common | 10 ++- 14 files changed, 213 insertions(+), 181 deletions(-) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index 907e869..a2103dc 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -345,47 +345,6 @@ static int count_contiguous_clusters_by_type(int nb_cl= usters, return i; } =20 -/* The crypt function is compatible with the linux cryptoloop - algorithm for < 4 GB images. */ -int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t sector_num, - uint8_t *buf, int nb_sectors, bool enc, - Error **errp) -{ - union { - uint64_t ll[2]; - uint8_t b[16]; - } ivec; - int i; - int ret; - - for(i =3D 0; i < nb_sectors; i++) { - ivec.ll[0] =3D cpu_to_le64(sector_num); - ivec.ll[1] =3D 0; - if (qcrypto_cipher_setiv(s->cipher, - ivec.b, G_N_ELEMENTS(ivec.b), - errp) < 0) { - return -1; - } - if (enc) { - ret =3D qcrypto_cipher_encrypt(s->cipher, - buf, buf, - 512, - errp); - } else { - ret =3D qcrypto_cipher_decrypt(s->cipher, - buf, buf, - 512, - errp); - } - if (ret < 0) { - return -1; - } - sector_num++; - buf +=3D 512; - } - return 0; -} - static int coroutine_fn do_perform_cow(BlockDriverState *bs, uint64_t src_cluster_offset, uint64_t cluster_offset, @@ -426,11 +385,11 @@ static int coroutine_fn do_perform_cow(BlockDriverSta= te *bs, Error *err =3D NULL; int64_t sector =3D (src_cluster_offset + offset_in_cluster) >> BDRV_SECTOR_BITS; - assert(s->cipher); assert((offset_in_cluster & ~BDRV_SECTOR_MASK) =3D=3D 0); assert((bytes & ~BDRV_SECTOR_MASK) =3D=3D 0); - if (qcow2_encrypt_sectors(s, sector, iov.iov_base, - bytes >> BDRV_SECTOR_BITS, true, &err) <= 0) { + assert(s->crypto); + if (qcrypto_block_encrypt(s->crypto, sector, iov.iov_base, + bytes, &err) < 0) { ret =3D -EIO; error_free(err); goto out; diff --git a/block/qcow2.c b/block/qcow2.c index c9f3406..56b5b58 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -37,6 +37,9 @@ #include "qemu/option_int.h" #include "qemu/cutils.h" #include "qemu/bswap.h" +#include "qapi/opts-visitor.h" +#include "qapi-visit.h" +#include "block/crypto.h" =20 /* Differences with QCOW: @@ -461,6 +464,7 @@ static QemuOptsList qcow2_runtime_opts =3D { .type =3D QEMU_OPT_NUMBER, .help =3D "Clean unused cache entries after this time (in seco= nds)", }, + BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("aes-"), { /* end of list */ } }, }; @@ -585,6 +589,7 @@ typedef struct Qcow2ReopenState { int overlap_check; bool discard_passthrough[QCOW2_DISCARD_MAX]; uint64_t cache_clean_interval; + QCryptoBlockOpenOptions *crypto_opts; /* Disk encryption runtime optio= ns */ } Qcow2ReopenState; =20 static int qcow2_update_options_prepare(BlockDriverState *bs, @@ -751,6 +756,25 @@ static int qcow2_update_options_prepare(BlockDriverSta= te *bs, r->discard_passthrough[QCOW2_DISCARD_OTHER] =3D qemu_opt_get_bool(opts, QCOW2_OPT_DISCARD_OTHER, false); =20 + switch (s->crypt_method_header) { + case QCOW_CRYPT_NONE: + break; + + case QCOW_CRYPT_AES: + r->crypto_opts =3D block_crypto_open_opts_init( + Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, "aes-", errp); + break; + + default: + error_setg(errp, "Unsupported encryption method %d", + s->crypt_method_header); + break; + } + if (s->crypt_method_header && !r->crypto_opts) { + ret =3D -EINVAL; + goto fail; + } + ret =3D 0; fail: qemu_opts_del(opts); @@ -785,6 +809,9 @@ static void qcow2_update_options_commit(BlockDriverStat= e *bs, s->cache_clean_interval =3D r->cache_clean_interval; cache_clean_timer_init(bs, bdrv_get_aio_context(bs)); } + + qapi_free_QCryptoBlockOpenOptions(s->crypto_opts); + s->crypto_opts =3D r->crypto_opts; } =20 static void qcow2_update_options_abort(BlockDriverState *bs, @@ -796,6 +823,7 @@ static void qcow2_update_options_abort(BlockDriverState= *bs, if (r->refcount_block_cache) { qcow2_cache_destroy(bs, r->refcount_block_cache); } + qapi_free_QCryptoBlockOpenOptions(r->crypto_opts); } =20 static int qcow2_update_options(BlockDriverState *bs, QDict *options, @@ -967,12 +995,6 @@ static int qcow2_open(BlockDriverState *bs, QDict *opt= ions, int flags, ret =3D -EINVAL; goto fail; } - if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128, - QCRYPTO_CIPHER_MODE_CBC)) { - error_setg(errp, "AES cipher not available"); - ret =3D -EINVAL; - goto fail; - } s->crypt_method_header =3D header.crypt_method; if (s->crypt_method_header) { if (bdrv_uses_whitelist() && @@ -990,6 +1012,7 @@ static int qcow2_open(BlockDriverState *bs, QDict *opt= ions, int flags, } =20 bs->encrypted =3D true; + bs->valid_key =3D true; } =20 s->l2_bits =3D s->cluster_bits - 3; /* L2 is always one cluster */ @@ -1122,6 +1145,24 @@ static int qcow2_open(BlockDriverState *bs, QDict *o= ptions, int flags, goto fail; } =20 + if (s->crypt_method_header =3D=3D QCOW_CRYPT_AES) { + unsigned int cflags =3D 0; + if (flags & BDRV_O_NO_IO) { + cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; + } + /* TODO how do we pass the same crypto opts down to the + * backing file by default, so we don't have to manually + * provide the same key-secret property against the full + * backing chain + */ + s->crypto =3D qcrypto_block_open(s->crypto_opts, NULL, NULL, + cflags, errp); + if (!s->crypto) { + ret =3D -EINVAL; + goto fail; + } + } + /* read the backing file name */ if (header.backing_file_offset !=3D 0) { len =3D header.backing_file_size; @@ -1217,41 +1258,6 @@ static void qcow2_refresh_limits(BlockDriverState *b= s, Error **errp) bs->bl.pdiscard_alignment =3D s->cluster_size; } =20 -static int qcow2_set_key(BlockDriverState *bs, const char *key) -{ - BDRVQcow2State *s =3D bs->opaque; - uint8_t keybuf[16]; - int len, i; - Error *err =3D NULL; - - memset(keybuf, 0, 16); - len =3D strlen(key); - if (len > 16) - len =3D 16; - /* XXX: we could compress the chars to 7 bits to increase - entropy */ - for(i =3D 0;i < len;i++) { - keybuf[i] =3D key[i]; - } - assert(bs->encrypted); - - qcrypto_cipher_free(s->cipher); - s->cipher =3D qcrypto_cipher_new( - QCRYPTO_CIPHER_ALG_AES_128, - QCRYPTO_CIPHER_MODE_CBC, - keybuf, G_N_ELEMENTS(keybuf), - &err); - - if (!s->cipher) { - /* XXX would be nice if errors in this method could - * be properly propagate to the caller. Would need - * the bdrv_set_key() API signature to be fixed. */ - error_free(err); - return -1; - } - return 0; -} - static int qcow2_reopen_prepare(BDRVReopenState *state, BlockReopenQueue *queue, Error **errp) { @@ -1367,7 +1373,7 @@ static int64_t coroutine_fn qcow2_co_get_block_status= (BlockDriverState *bs, *pnum =3D bytes >> BDRV_SECTOR_BITS; =20 if (cluster_offset !=3D 0 && ret !=3D QCOW2_CLUSTER_COMPRESSED && - !s->cipher) { + !s->crypto) { index_in_cluster =3D sector_num & (s->cluster_sectors - 1); cluster_offset |=3D (index_in_cluster << BDRV_SECTOR_BITS); *file =3D bs->file->bs; @@ -1424,7 +1430,7 @@ static coroutine_fn int qcow2_co_preadv(BlockDriverSt= ate *bs, uint64_t offset, =20 /* prepare next request */ cur_bytes =3D MIN(bytes, INT_MAX); - if (s->cipher) { + if (s->crypto) { cur_bytes =3D MIN(cur_bytes, QCOW_MAX_CRYPT_CLUSTERS * s->cluster_size); } @@ -1493,7 +1499,7 @@ static coroutine_fn int qcow2_co_preadv(BlockDriverSt= ate *bs, uint64_t offset, } =20 if (bs->encrypted) { - assert(s->cipher); + assert(s->crypto); =20 /* * For encrypted images, read everything into a temporary @@ -1525,14 +1531,15 @@ static coroutine_fn int qcow2_co_preadv(BlockDriver= State *bs, uint64_t offset, goto fail; } if (bs->encrypted) { - assert(s->cipher); + assert(s->crypto); assert((offset & (BDRV_SECTOR_SIZE - 1)) =3D=3D 0); assert((cur_bytes & (BDRV_SECTOR_SIZE - 1)) =3D=3D 0); Error *err =3D NULL; - if (qcow2_encrypt_sectors(s, offset >> BDRV_SECTOR_BITS, + if (qcrypto_block_decrypt(s->crypto, + offset >> BDRV_SECTOR_BITS, cluster_data, - cur_bytes >> BDRV_SECTOR_BITS, - false, &err) < 0) { + cur_bytes, + &err) < 0) { error_free(err); ret =3D -EIO; goto fail; @@ -1610,7 +1617,7 @@ static coroutine_fn int qcow2_co_pwritev(BlockDriverS= tate *bs, uint64_t offset, =20 if (bs->encrypted) { Error *err =3D NULL; - assert(s->cipher); + assert(s->crypto); if (!cluster_data) { cluster_data =3D qemu_try_blockalign(bs->file->bs, QCOW_MAX_CRYPT_CLUSTERS @@ -1625,10 +1632,9 @@ static coroutine_fn int qcow2_co_pwritev(BlockDriver= State *bs, uint64_t offset, QCOW_MAX_CRYPT_CLUSTERS * s->cluster_size); qemu_iovec_to_buf(&hd_qiov, 0, cluster_data, hd_qiov.size); =20 - if (qcow2_encrypt_sectors(s, offset >> BDRV_SECTOR_BITS, + if (qcrypto_block_encrypt(s->crypto, offset >> BDRV_SECTOR_BIT= S, cluster_data, - cur_bytes >>BDRV_SECTOR_BITS, - true, &err) < 0) { + cur_bytes, &err) < 0) { error_free(err); ret =3D -EIO; goto fail; @@ -1747,8 +1753,8 @@ static void qcow2_close(BlockDriverState *bs) qcow2_cache_destroy(bs, s->l2_table_cache); qcow2_cache_destroy(bs, s->refcount_block_cache); =20 - qcrypto_cipher_free(s->cipher); - s->cipher =3D NULL; + qcrypto_block_free(s->crypto); + s->crypto =3D NULL; =20 g_free(s->unknown_header_fields); cleanup_unknown_header_ext(bs); @@ -1766,7 +1772,7 @@ static void qcow2_invalidate_cache(BlockDriverState *= bs, Error **errp) { BDRVQcow2State *s =3D bs->opaque; int flags =3D s->flags; - QCryptoCipher *cipher =3D NULL; + QCryptoBlock *crypto =3D NULL; QDict *options; Error *local_err =3D NULL; int ret; @@ -1776,8 +1782,8 @@ static void qcow2_invalidate_cache(BlockDriverState *= bs, Error **errp) * that means we don't have to worry about reopening them here. */ =20 - cipher =3D s->cipher; - s->cipher =3D NULL; + crypto =3D s->crypto; + s->crypto =3D NULL; =20 qcow2_close(bs); =20 @@ -1798,7 +1804,7 @@ static void qcow2_invalidate_cache(BlockDriverState *= bs, Error **errp) return; } =20 - s->cipher =3D cipher; + s->crypto =3D crypto; } =20 static size_t header_ext_add(char *buf, uint32_t magic, const void *s, @@ -2022,6 +2028,44 @@ static int qcow2_change_backing_file(BlockDriverStat= e *bs, return qcow2_update_header(bs); } =20 + +static int qcow2_set_up_encryption(BlockDriverState *bs, QemuOpts *opts, + Error **errp) +{ + BDRVQcow2State *s =3D bs->opaque; + QCryptoBlockCreateOptions *cryptoopts =3D NULL; + QCryptoBlock *crypto =3D NULL; + int ret =3D -EINVAL; + + cryptoopts =3D block_crypto_create_opts_init( + Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, "aes-", errp); + if (!cryptoopts) { + ret =3D -EINVAL; + goto out; + } + s->crypt_method_header =3D QCOW_CRYPT_AES; + + crypto =3D qcrypto_block_create(cryptoopts, + NULL, NULL, + bs, errp); + if (!crypto) { + ret =3D -EINVAL; + goto out; + } + + ret =3D qcow2_update_header(bs); + if (ret < 0) { + error_setg_errno(errp, -ret, "Could not write encryption header"); + goto out; + } + + out: + qcrypto_block_free(crypto); + qapi_free_QCryptoBlockCreateOptions(cryptoopts); + return ret; +} + + static int preallocate(BlockDriverState *bs) { uint64_t bytes; @@ -2214,11 +2258,8 @@ static int qcow2_create2(const char *filename, int64= _t total_size, .header_length =3D cpu_to_be32(sizeof(*header)), }; =20 - if (flags & BLOCK_FLAG_ENCRYPT) { - header->crypt_method =3D cpu_to_be32(QCOW_CRYPT_AES); - } else { - header->crypt_method =3D cpu_to_be32(QCOW_CRYPT_NONE); - } + /* We'll update this to correct value later */ + header->crypt_method =3D cpu_to_be32(QCOW_CRYPT_NONE); =20 if (flags & BLOCK_FLAG_LAZY_REFCOUNTS) { header->compatible_features |=3D @@ -2296,6 +2337,14 @@ static int qcow2_create2(const char *filename, int64= _t total_size, } } =20 + /* Want encryption? There you go. */ + if (flags & BLOCK_FLAG_ENCRYPT) { + ret =3D qcow2_set_up_encryption(blk_bs(blk), opts, errp); + if (ret < 0) { + goto out; + } + } + /* And if we're supposed to preallocate metadata, do that now */ if (prealloc !=3D PREALLOC_MODE_OFF) { BDRVQcow2State *s =3D blk_bs(blk)->opaque; @@ -2311,11 +2360,17 @@ static int qcow2_create2(const char *filename, int6= 4_t total_size, blk_unref(blk); blk =3D NULL; =20 - /* Reopen the image without BDRV_O_NO_FLUSH to flush it before returni= ng */ + /* Reopen the image without BDRV_O_NO_FLUSH to flush it before returni= ng. + * Using BDRV_O_NO_IO, since encryption is now setup we don't want to + * have to setup decryption context. We're not doing any I/O on the top + * level BlockDriverState, only lower layers, where BDRV_O_NO_IO does + * not have effect. + */ options =3D qdict_new(); qdict_put(options, "driver", qstring_from_str("qcow2")); blk =3D blk_new_open(filename, NULL, options, - BDRV_O_RDWR | BDRV_O_NO_BACKING, &local_err); + BDRV_O_RDWR | BDRV_O_NO_BACKING | BDRV_O_NO_IO, + &local_err); if (blk =3D=3D NULL) { error_propagate(errp, local_err); ret =3D -EIO; @@ -3135,9 +3190,9 @@ static int qcow2_amend_options(BlockDriverState *bs, = QemuOpts *opts, backing_format =3D qemu_opt_get(opts, BLOCK_OPT_BACKING_FMT); } else if (!strcmp(desc->name, BLOCK_OPT_ENCRYPT)) { encrypt =3D qemu_opt_get_bool(opts, BLOCK_OPT_ENCRYPT, - !!s->cipher); + !!s->crypto); =20 - if (encrypt !=3D !!s->cipher) { + if (encrypt !=3D !!s->crypto) { error_report("Changing the encryption flag is not supporte= d"); return -ENOTSUP; } @@ -3373,6 +3428,7 @@ static QemuOptsList qcow2_create_opts =3D { .help =3D "Width of a reference count entry in bits", .def_value_str =3D "16" }, + BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("aes-"), { /* end of list */ } } }; @@ -3390,7 +3446,6 @@ BlockDriver bdrv_qcow2 =3D { .bdrv_create =3D qcow2_create, .bdrv_has_zero_init =3D bdrv_has_zero_init_1, .bdrv_co_get_block_status =3D qcow2_co_get_block_status, - .bdrv_set_key =3D qcow2_set_key, =20 .bdrv_co_preadv =3D qcow2_co_preadv, .bdrv_co_pwritev =3D qcow2_co_pwritev, diff --git a/block/qcow2.h b/block/qcow2.h index f3051f1..9746aaf 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -25,7 +25,7 @@ #ifndef BLOCK_QCOW2_H #define BLOCK_QCOW2_H =20 -#include "crypto/cipher.h" +#include "crypto/block.h" #include "qemu/coroutine.h" =20 //#define DEBUG_ALLOC @@ -257,7 +257,8 @@ typedef struct BDRVQcow2State { =20 CoMutex lock; =20 - QCryptoCipher *cipher; /* current cipher, NULL if no key yet */ + QCryptoBlockOpenOptions *crypto_opts; /* Disk encryption runtime optio= ns */ + QCryptoBlock *crypto; /* Disk encryption format driver */ uint32_t crypt_method_header; uint64_t snapshots_offset; int snapshots_size; diff --git a/qapi/block-core.json b/qapi/block-core.json index 0bb61ea..6866a0d 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2326,6 +2326,10 @@ # @cache-clean-interval: #optional clean unused entries in the L2 and ref= count # caches. The interval is in seconds. The default = value # is 0 and it disables this feature (since 2.5) +# @aes-key-secret: #optional the ID of a QCryptoSecret object provi= ding +# the AES decryption key (since 2.9). Mandatory for +# encrypted images, except when doing a metadata-o= nly +# probe of the image. # # Since: 1.7 ## @@ -2339,8 +2343,8 @@ '*cache-size': 'int', '*l2-cache-size': 'int', '*refcount-cache-size': 'int', - '*cache-clean-interval': 'int' } } - + '*cache-clean-interval': 'int', + '*aes-key-secret': 'str' } } =20 ## # @BlockdevOptionsArchipelago: diff --git a/tests/qemu-iotests/049 b/tests/qemu-iotests/049 index fff0760..a16430d 100755 --- a/tests/qemu-iotests/049 +++ b/tests/qemu-iotests/049 @@ -106,7 +106,7 @@ test_qemu_img create -f $IMGFMT -o preallocation=3D1234= "$TEST_IMG" 64M echo "=3D=3D Check encryption option =3D=3D" echo test_qemu_img create -f $IMGFMT -o encryption=3Doff "$TEST_IMG" 64M -test_qemu_img create -f $IMGFMT -o encryption=3Don "$TEST_IMG" 64M +test_qemu_img create -f $IMGFMT --object secret,id=3Dsec0,data=3D123456 -o= encryption=3Don,aes-key-secret=3Dsec0 "$TEST_IMG" 64M =20 echo "=3D=3D Check lazy_refcounts option (only with v3) =3D=3D" echo diff --git a/tests/qemu-iotests/049.out b/tests/qemu-iotests/049.out index 4673b67..2615200 100644 --- a/tests/qemu-iotests/049.out +++ b/tests/qemu-iotests/049.out @@ -186,8 +186,8 @@ Formatting 'TEST_DIR/t.qcow2', fmt=3Dqcow2 size=3D67108= 864 encryption=3Doff cluster_si qemu-img create -f qcow2 -o encryption=3Doff TEST_DIR/t.qcow2 64M Formatting 'TEST_DIR/t.qcow2', fmt=3Dqcow2 size=3D67108864 encryption=3Dof= f cluster_size=3D65536 lazy_refcounts=3Doff refcount_bits=3D16 =20 -qemu-img create -f qcow2 -o encryption=3Don TEST_DIR/t.qcow2 64M -Formatting 'TEST_DIR/t.qcow2', fmt=3Dqcow2 size=3D67108864 encryption=3Don= cluster_size=3D65536 lazy_refcounts=3Doff refcount_bits=3D16 +qemu-img create -f qcow2 --object secret,id=3Dsec0,data=3D123456 -o encryp= tion=3Don,aes-key-secret=3Dsec0 TEST_DIR/t.qcow2 64M +Formatting 'TEST_DIR/t.qcow2', fmt=3Dqcow2 size=3D67108864 encryption=3Don= cluster_size=3D65536 lazy_refcounts=3Doff refcount_bits=3D16 aes-key-secre= t=3Dsec0 =20 =3D=3D Check lazy_refcounts option (only with v3) =3D=3D =20 diff --git a/tests/qemu-iotests/082.out b/tests/qemu-iotests/082.out index a952330..f8dee34 100644 --- a/tests/qemu-iotests/082.out +++ b/tests/qemu-iotests/082.out @@ -53,6 +53,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o ? TEST_DIR/t.qcow2 128M @@ -66,6 +67,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o cluster_size=3D4k,help TEST_DIR/t.qcow2 128M @@ -79,6 +81,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o cluster_size=3D4k,? TEST_DIR/t.qcow2 128M @@ -92,6 +95,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o help,cluster_size=3D4k TEST_DIR/t.qcow2 128M @@ -105,6 +109,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o ?,cluster_size=3D4k TEST_DIR/t.qcow2 128M @@ -118,6 +123,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o cluster_size=3D4k -o help TEST_DIR/t.qcow2 128M @@ -131,6 +137,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o cluster_size=3D4k -o ? TEST_DIR/t.qcow2 128M @@ -144,6 +151,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o backing_file=3DTEST_DIR/t.qcow2,,help TEST_DIR= /t.qcow2 128M @@ -172,6 +180,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key =20 Testing: create -o help Supported options: @@ -234,6 +243,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o ? TEST_DIR/t.qcow2 TEST_DIR/t.qcow2.base @@ -247,6 +257,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o cluster_size=3D4k,help TEST_DIR/t.qcow2 TEST_= DIR/t.qcow2.base @@ -260,6 +271,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o cluster_size=3D4k,? TEST_DIR/t.qcow2 TEST_DIR= /t.qcow2.base @@ -273,6 +285,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o help,cluster_size=3D4k TEST_DIR/t.qcow2 TEST_= DIR/t.qcow2.base @@ -286,6 +299,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o ?,cluster_size=3D4k TEST_DIR/t.qcow2 TEST_DIR= /t.qcow2.base @@ -299,6 +313,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o cluster_size=3D4k -o help TEST_DIR/t.qcow2 TE= ST_DIR/t.qcow2.base @@ -312,6 +327,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o cluster_size=3D4k -o ? TEST_DIR/t.qcow2 TEST_= DIR/t.qcow2.base @@ -325,6 +341,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o backing_file=3DTEST_DIR/t.qcow2,,help TEST_DI= R/t.qcow2 TEST_DIR/t.qcow2.base @@ -353,6 +370,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key =20 Testing: convert -o help Supported options: @@ -412,6 +430,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o ? TEST_DIR/t.qcow2 @@ -425,6 +444,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o cluster_size=3D4k,help TEST_DIR/t.qcow2 @@ -438,6 +458,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o cluster_size=3D4k,? TEST_DIR/t.qcow2 @@ -451,6 +472,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o help,cluster_size=3D4k TEST_DIR/t.qcow2 @@ -464,6 +486,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o ?,cluster_size=3D4k TEST_DIR/t.qcow2 @@ -477,6 +500,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o cluster_size=3D4k -o help TEST_DIR/t.qcow2 @@ -490,6 +514,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o cluster_size=3D4k -o ? TEST_DIR/t.qcow2 @@ -503,6 +528,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o backing_file=3DTEST_DIR/t.qcow2,,help TEST_DIR/= t.qcow2 @@ -533,6 +559,7 @@ cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +aes-key-secret ID of the secret that provides the AES encryption key =20 Testing: convert -o help Supported options: diff --git a/tests/qemu-iotests/087 b/tests/qemu-iotests/087 index 9de57dd..55a9e06 100755 --- a/tests/qemu-iotests/087 +++ b/tests/qemu-iotests/087 @@ -124,24 +124,18 @@ echo echo =3D=3D=3D Encrypted image =3D=3D=3D echo =20 -_make_test_img -o encryption=3Don $size -run_qemu -S < Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487679156431397.86876776486474; Tue, 21 Feb 2017 04:12:36 -0800 (PST) Received: from localhost ([::1]:43995 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg9J3-0003oU-EO for importer@patchew.org; Tue, 21 Feb 2017 07:12:33 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38123) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg931-0005QP-6L for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:00 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg930-0005Dh-2t for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:55:59 -0500 Received: from mx1.redhat.com ([209.132.183.28]:50000) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg92v-0005CV-PL; Tue, 21 Feb 2017 06:55:53 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CEBFEC0467F3; Tue, 21 Feb 2017 11:55:53 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjM032624; Tue, 21 Feb 2017 06:55:51 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:55:06 +0000 Message-Id: <20170221115512.21918-13-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 21 Feb 2017 11:55:53 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 12/18] qcow2: extend specification to cover LUKS encryption X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Update the qcow2 specification to describe how the LUKS header is placed inside a qcow2 file, when using LUKS encryption for the qcow2 payload instead of the legacy AES-CBC encryption Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange Reviewed-by: Alberto Garcia --- docs/specs/qcow2.txt | 96 ++++++++++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 96 insertions(+) diff --git a/docs/specs/qcow2.txt b/docs/specs/qcow2.txt index 80cdfd0..6509b91 100644 --- a/docs/specs/qcow2.txt +++ b/docs/specs/qcow2.txt @@ -45,6 +45,7 @@ The first cluster of a qcow2 image contains the file head= er: 32 - 35: crypt_method 0 for no encryption 1 for AES encryption + 2 for LUKS encryption =20 36 - 39: l1_size Number of entries in the active L1 table @@ -135,6 +136,7 @@ be stored. Each extension has a structure like the foll= owing: 0xE2792ACA - Backing file format name 0x6803f857 - Feature name table 0x23852875 - Bitmaps extension + 0x0537be77 - Full disk encryption header pointer other - Unknown header extension, can be safe= ly ignored =20 @@ -207,6 +209,100 @@ The fields of the bitmaps extension are: Offset into the image file at which the bitmap directory starts. Must be aligned to a cluster boundary. =20 +=3D=3D Full disk encryption header pointer =3D=3D + +The full disk encryption header must be present if, and only if, the +'crypt_method' header requires metadata. Currently this is only true +of the 'LUKS' crypt method. The header extension must be absent for +other methods. + +This header provides the offset at which the crypt method can store +its additional data, as well as the length of such data. + + Byte 0 - 7: Offset into the image file at which the encryption + header starts in bytes. Must be aligned to a cluster + boundary. + Byte 8 - 15: Length of the written encryption header in bytes. + Note actual space allocated in the qcow2 file may + be larger than this value, since it will be rounded + to the nearest multiple of the cluster size. Any + unused bytes in the allocated space will be initialized + to 0. + +For the LUKS crypt method, the encryption header works as follows. + +The first 592 bytes of the header clusters will contain the LUKS +partition header. This is then followed by the key material data areas. +The size of the key material data areas is determined by the number of +stripes in the key slot and key size. Refer to the LUKS format +specification ('docs/on-disk-format.pdf' in the cryptsetup source +package) for details of the LUKS partition header format. + +In the LUKS partition header, the "payload-offset" field will be +calculated as normal for the LUKS spec. ie the size of the LUKS +header, plus key material regions, plus padding, relative to the +start of the LUKS header. Its value is never used in the context +of qcow2, however, since the qcow2 file format itself defines where +the real payload offset is. + +In the LUKS key slots header, the "key-material-offset" is relative +to the start of the LUKS header clusters in the qcow2 container, +not the start of the qcow2 file. + +Logically the layout looks like + + +-----------------------------+ + | QCow2 header | + | QCow2 header extension X | + | QCow2 header extension FDE | + | QCow2 header extension ... | + | QCow2 header extension Z | + +-----------------------------+ + | ....other QCow2 tables.... | + . . + . . + +-----------------------------+ + | +-------------------------+ | + | | LUKS partition header | | + | +-------------------------+ | + | | LUKS key material 1 | | + | +-------------------------+ | + | | LUKS key material 2 | | + | +-------------------------+ | + | | LUKS key material ... | | + | +-------------------------+ | + | | LUKS key material 8 | | + | +-------------------------+ | + +-----------------------------+ + | QCow2 cluster payload | + . . + . . + . . + | | + +-----------------------------+ + +=3D=3D Data encryption =3D=3D + +When an encryption method is requested in the header, the image payload +data must be encrypted/decrypted on every write/read. The image headers +and metadata is never encrypted. + +The algorithms used for encryption vary depending on the method + + - AES: + + The AES cipher, in CBC mode, with 256 bit keys. + + Initialization vectors generated using plain64 method, with + the virtual disk sector as the input tweak. + + - LUKS: + + The algorithms are specified in the LUKS header. + + Initialization vectors generated using the method specified + in the LUKS header, with the physical disk sector as the + input tweak. =20 =3D=3D Host cluster management =3D=3D =20 --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487679474105879.2671218511503; Tue, 21 Feb 2017 04:17:54 -0800 (PST) Received: from localhost ([::1]:44027 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg9OC-0008FS-FS for importer@patchew.org; Tue, 21 Feb 2017 07:17:52 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38312) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg93F-0005f5-Hl for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:19 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg93A-0005Gu-HK for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:13 -0500 Received: from mx1.redhat.com ([209.132.183.28]:64230) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg92z-0005DE-3H; Tue, 21 Feb 2017 06:55:57 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 233E161BAC; Tue, 21 Feb 2017 11:55:57 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjN032624; Tue, 21 Feb 2017 06:55:54 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:55:07 +0000 Message-Id: <20170221115512.21918-14-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 21 Feb 2017 11:55:57 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 13/18] qcow2: add support for LUKS encryption format X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" This adds support for using LUKS as an encryption format with the qcow2 file. The use of the existing 'encryption=3Don' parameter is replaced by a new parameter 'encryption-format' which takes the values 'aes' or 'luks'. e.g. # qemu-img create --object secret,data=3D123456,id=3Dsec0 \ -f qcow2 -o encryption-format=3Dluks,luks-key-secret=3Dsec0 \ test.qcow2 10G results in the creation of an image using the LUKS format. Use of the legacy 'encryption=3Don' parameter still results in creation of the old qcow2 AES format, and is equivalent to the new 'encryption-format=3Daes'. e.g. the following are equivalent: # qemu-img create --object secret,data=3D123456,id=3Dsec0 \ -f qcow2 -o encryption=3Don,aes-key-secret=3Dsec0 \ test.qcow2 10G # qemu-img create --object secret,data=3D123456,id=3Dsec0 \ -f qcow2 -o encryption-format=3Daes,aes-key-secret=3Dsec0 \ test.qcow2 10G With the LUKS format it is necessary to store the LUKS partition header and key material in the QCow2 file. This data can be many MB in size, so cannot go into the QCow2 header region directly. Thus the spec defines a FDE (Full Disk Encryption) header extension that specifies the offset of a set of clusters to hold the FDE headers, as well as the length of that region. The LUKS header is thus stored in these extra allocated clusters before the main image payload. Aside from all the cryptographic differences implied by use of the LUKS format, there is one further key difference between the use of legacy AES and LUKS encryption in qcow2. For LUKS, the initialiazation vectors are generated using the host physical sector as the input, rather than the guest virtual sector. This guarantees unique initialization vectors for all sectors when qcow2 internal snapshots are used, thus giving stronger protection against watermarking attacks. Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange Reviewed-by: Alberto Garcia --- block/qcow2-cluster.c | 4 +- block/qcow2-refcount.c | 10 ++ block/qcow2.c | 289 +++++++++++++++++++++++++++++++++++++++--= ---- block/qcow2.h | 9 ++ include/block/block_int.h | 1 + qapi/block-core.json | 9 +- qemu-img.c | 4 +- tests/qemu-iotests/082.out | 270 +++++++++++++++++++++++++++++++++++++----- 8 files changed, 530 insertions(+), 66 deletions(-) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index a2103dc..866b122 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -383,7 +383,9 @@ static int coroutine_fn do_perform_cow(BlockDriverState= *bs, =20 if (bs->encrypted) { Error *err =3D NULL; - int64_t sector =3D (src_cluster_offset + offset_in_cluster) + int64_t sector =3D (s->crypt_physical_offset ? + (cluster_offset + offset_in_cluster) : + (src_cluster_offset + offset_in_cluster)) >> BDRV_SECTOR_BITS; assert((offset_in_cluster & ~BDRV_SECTOR_MASK) =3D=3D 0); assert((bytes & ~BDRV_SECTOR_MASK) =3D=3D 0); diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 3dbde18..8460316 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -1859,6 +1859,16 @@ static int calculate_refcounts(BlockDriverState *bs,= BdrvCheckResult *res, return ret; } =20 + /* encryption */ + if (s->crypto_header.length) { + ret =3D inc_refcounts(bs, res, refcount_table, nb_clusters, + s->crypto_header.offset, + s->crypto_header.length); + if (ret < 0) { + return ret; + } + } + return check_refblocks(bs, res, fix, rebuild, refcount_table, nb_clust= ers); } =20 diff --git a/block/qcow2.c b/block/qcow2.c index 56b5b58..12f84bb 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -66,6 +66,7 @@ typedef struct { #define QCOW2_EXT_MAGIC_END 0 #define QCOW2_EXT_MAGIC_BACKING_FORMAT 0xE2792ACA #define QCOW2_EXT_MAGIC_FEATURE_TABLE 0x6803f857 +#define QCOW2_EXT_MAGIC_CRYPTO_HEADER 0x0537be77 =20 static int qcow2_probe(const uint8_t *buf, int buf_size, const char *filen= ame) { @@ -80,6 +81,86 @@ static int qcow2_probe(const uint8_t *buf, int buf_size,= const char *filename) } =20 =20 +static ssize_t qcow2_crypto_hdr_read_func(QCryptoBlock *block, size_t offs= et, + uint8_t *buf, size_t buflen, + Error **errp, void *opaque) +{ + BlockDriverState *bs =3D opaque; + BDRVQcow2State *s =3D bs->opaque; + ssize_t ret; + + if ((offset + buflen) > s->crypto_header.length) { + error_setg(errp, "Request for data outside of extension header"); + return -1; + } + + ret =3D bdrv_pread(bs->file, + s->crypto_header.offset + offset, buf, buflen); + if (ret < 0) { + error_setg_errno(errp, -ret, "Could not read encryption header"); + return -1; + } + return ret; +} + + +static ssize_t qcow2_crypto_hdr_init_func(QCryptoBlock *block, size_t head= erlen, + Error **errp, void *opaque) +{ + BlockDriverState *bs =3D opaque; + BDRVQcow2State *s =3D bs->opaque; + int64_t ret; + int64_t clusterlen; + + ret =3D qcow2_alloc_clusters(bs, headerlen); + if (ret < 0) { + error_setg_errno(errp, -ret, + "Cannot allocate cluster for LUKS header size %zu= ", + headerlen); + return -1; + } + + s->crypto_header.length =3D headerlen; + s->crypto_header.offset =3D ret; + + /* Zero fill remaining space in cluster so it has predictable + * content in case of future spec changes */ + clusterlen =3D size_to_clusters(s, headerlen) * s->cluster_size; + ret =3D bdrv_pwrite_zeroes(bs->file, + ret + headerlen, + clusterlen - headerlen, 0); + if (ret < 0) { + error_setg_errno(errp, -ret, "Could not zero fill encryption heade= r"); + return -1; + } + + return ret; +} + + +static ssize_t qcow2_crypto_hdr_write_func(QCryptoBlock *block, size_t off= set, + const uint8_t *buf, size_t bufl= en, + Error **errp, void *opaque) +{ + BlockDriverState *bs =3D opaque; + BDRVQcow2State *s =3D bs->opaque; + ssize_t ret; + + if ((offset + buflen) > s->crypto_header.length) { + error_setg(errp, "Request for data outside of extension header"); + return -1; + } + + ret =3D bdrv_pwrite(bs->file, + s->crypto_header.offset + offset, buf, buflen); + if (ret < 0) { + error_setg_errno(errp, -ret, "Could not read encryption header"); + return -1; + } + return ret; +} + + /*=20 * read qcow2 extension and fill bs * start reading from start_offset @@ -89,7 +170,7 @@ static int qcow2_probe(const uint8_t *buf, int buf_size,= const char *filename) */ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offs= et, uint64_t end_offset, void **p_feature_tab= le, - Error **errp) + int flags, Error **errp) { BDRVQcow2State *s =3D bs->opaque; QCowExtension ext; @@ -165,6 +246,52 @@ static int qcow2_read_extensions(BlockDriverState *bs,= uint64_t start_offset, } break; =20 + case QCOW2_EXT_MAGIC_CRYPTO_HEADER: { + unsigned int cflags =3D 0; + if (s->crypt_method_header !=3D QCOW_CRYPT_LUKS) { + error_setg(errp, "CRYPTO header extension only " + "expected with LUKS encryption method"); + return -EINVAL; + } + if (ext.len !=3D sizeof(Qcow2CryptoHeaderExtension)) { + error_setg(errp, "CRYPTO header extension size %u, " + "but expected size %zu", ext.len, + sizeof(Qcow2CryptoHeaderExtension)); + return -EINVAL; + } + + ret =3D bdrv_pread(bs->file, offset, &s->crypto_header, ext.le= n); + if (ret < 0) { + error_setg_errno(errp, -ret, + "Unable to read CRYPTO header extension"); + return ret; + } + be64_to_cpus(&s->crypto_header.offset); + be64_to_cpus(&s->crypto_header.length); + + if ((s->crypto_header.offset % s->cluster_size) !=3D 0) { + error_setg(errp, "Encryption header offset '%" PRIu64 "' i= s " + "not a multiple of cluster size '%u'", + s->crypto_header.offset, s->cluster_size); + return -EINVAL; + } + + if (flags & BDRV_O_NO_IO) { + cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; + } + /* TODO how do we pass the same crypto opts down to the + * backing file by default, so we don't have to manually + * provide the same key-secret property against the full + * backing chain + */ + s->crypto =3D qcrypto_block_open(s->crypto_opts, + qcow2_crypto_hdr_read_func, + bs, cflags, errp); + if (!s->crypto) { + return -EINVAL; + } + } break; + default: /* unknown magic - save it in case we need to rewrite the head= er */ { @@ -465,6 +592,7 @@ static QemuOptsList qcow2_runtime_opts =3D { .help =3D "Clean unused cache entries after this time (in seco= nds)", }, BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("aes-"), + BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET("luks-"), { /* end of list */ } }, }; @@ -765,6 +893,11 @@ static int qcow2_update_options_prepare(BlockDriverSta= te *bs, Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, "aes-", errp); break; =20 + case QCOW_CRYPT_LUKS: + r->crypto_opts =3D block_crypto_open_opts_init( + Q_CRYPTO_BLOCK_FORMAT_LUKS, opts, "luks-", errp); + break; + default: error_setg(errp, "Unsupported encryption method %d", s->crypt_method_header); @@ -957,7 +1090,7 @@ static int qcow2_open(BlockDriverState *bs, QDict *opt= ions, int flags, if (s->incompatible_features & ~QCOW2_INCOMPAT_MASK) { void *feature_table =3D NULL; qcow2_read_extensions(bs, header.header_length, ext_end, - &feature_table, NULL); + &feature_table, flags, NULL); report_unsupported_feature(errp, feature_table, s->incompatible_features & ~QCOW2_INCOMPAT_MASK); @@ -989,12 +1122,6 @@ static int qcow2_open(BlockDriverState *bs, QDict *op= tions, int flags, s->refcount_max =3D UINT64_C(1) << (s->refcount_bits - 1); s->refcount_max +=3D s->refcount_max - 1; =20 - if (header.crypt_method > QCOW_CRYPT_AES) { - error_setg(errp, "Unsupported encryption method: %" PRIu32, - header.crypt_method); - ret =3D -EINVAL; - goto fail; - } s->crypt_method_header =3D header.crypt_method; if (s->crypt_method_header) { if (bdrv_uses_whitelist() && @@ -1011,6 +1138,15 @@ static int qcow2_open(BlockDriverState *bs, QDict *o= ptions, int flags, goto fail; } =20 + if (s->crypt_method_header =3D=3D QCOW_CRYPT_AES) { + s->crypt_physical_offset =3D false; + } else { + /* Assuming LUKS and any future crypt methods we + * add will all use physical offsets, due to the + * fact that the alternative is insecure... */ + s->crypt_physical_offset =3D true; + } + bs->encrypted =3D true; bs->valid_key =3D true; } @@ -1139,25 +1275,36 @@ static int qcow2_open(BlockDriverState *bs, QDict *= options, int flags, =20 /* read qcow2 extensions */ if (qcow2_read_extensions(bs, header.header_length, ext_end, NULL, - &local_err)) { + flags, &local_err)) { error_propagate(errp, local_err); ret =3D -EINVAL; goto fail; } =20 - if (s->crypt_method_header =3D=3D QCOW_CRYPT_AES) { - unsigned int cflags =3D 0; - if (flags & BDRV_O_NO_IO) { - cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; - } - /* TODO how do we pass the same crypto opts down to the - * backing file by default, so we don't have to manually - * provide the same key-secret property against the full - * backing chain - */ - s->crypto =3D qcrypto_block_open(s->crypto_opts, NULL, NULL, - cflags, errp); - if (!s->crypto) { + /* qcow2_read_extension may have set up the crypto context + * if the crypt method needs a header region, some methods + * don't need header extensions, so must check here + */ + if (s->crypt_method_header && !s->crypto) { + if (s->crypt_method_header =3D=3D QCOW_CRYPT_AES) { + unsigned int cflags =3D 0; + if (flags & BDRV_O_NO_IO) { + cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; + } + /* TODO how do we pass the same crypto opts down to the + * backing file by default, so we don't have to manually + * provide the same key-secret property against the full + * backing chain + */ + s->crypto =3D qcrypto_block_open(s->crypto_opts, NULL, NULL, + cflags, errp); + if (!s->crypto) { + ret =3D -EINVAL; + goto fail; + } + } else if (!(flags & BDRV_O_NO_IO)) { + error_setg(errp, "Missing CRYPTO header for crypt method %d", + s->crypt_method_header); ret =3D -EINVAL; goto fail; } @@ -1536,7 +1683,9 @@ static coroutine_fn int qcow2_co_preadv(BlockDriverSt= ate *bs, uint64_t offset, assert((cur_bytes & (BDRV_SECTOR_SIZE - 1)) =3D=3D 0); Error *err =3D NULL; if (qcrypto_block_decrypt(s->crypto, - offset >> BDRV_SECTOR_BITS, + (s->crypt_physical_offset ? + cluster_offset + offset_in_clus= ter : + offset) >> BDRV_SECTOR_BITS, cluster_data, cur_bytes, &err) < 0) { @@ -1632,7 +1781,10 @@ static coroutine_fn int qcow2_co_pwritev(BlockDriver= State *bs, uint64_t offset, QCOW_MAX_CRYPT_CLUSTERS * s->cluster_size); qemu_iovec_to_buf(&hd_qiov, 0, cluster_data, hd_qiov.size); =20 - if (qcrypto_block_encrypt(s->crypto, offset >> BDRV_SECTOR_BIT= S, + if (qcrypto_block_encrypt(s->crypto, + (s->crypt_physical_offset ? + cluster_offset + offset_in_cluster : + offset) >> BDRV_SECTOR_BITS, cluster_data, cur_bytes, &err) < 0) { error_free(err); @@ -1930,6 +2082,22 @@ int qcow2_update_header(BlockDriverState *bs) buflen -=3D ret; } =20 + /* Full disk encryption header pointer extension */ + if (s->crypto_header.offset !=3D 0) { + cpu_to_be64s(&s->crypto_header.offset); + cpu_to_be64s(&s->crypto_header.length); + ret =3D header_ext_add(buf, QCOW2_EXT_MAGIC_CRYPTO_HEADER, + &s->crypto_header, sizeof(s->crypto_header), + buflen); + be64_to_cpus(&s->crypto_header.offset); + be64_to_cpus(&s->crypto_header.length); + if (ret < 0) { + goto fail; + } + buf +=3D ret; + buflen -=3D ret; + } + /* Feature table */ if (s->qcow_version >=3D 3) { Qcow2Feature features[] =3D { @@ -2028,25 +2196,48 @@ static int qcow2_change_backing_file(BlockDriverSta= te *bs, return qcow2_update_header(bs); } =20 +static int qcow2_crypt_method_from_format(const char *fmtstr) +{ + if (g_str_equal(fmtstr, "luks")) { + return QCOW_CRYPT_LUKS; + } else if (g_str_equal(fmtstr, "aes")) { + return QCOW_CRYPT_AES; + } else { + return -EINVAL; + } +} =20 static int qcow2_set_up_encryption(BlockDriverState *bs, QemuOpts *opts, - Error **errp) + const char *fmtstr, Error **errp) { BDRVQcow2State *s =3D bs->opaque; QCryptoBlockCreateOptions *cryptoopts =3D NULL; QCryptoBlock *crypto =3D NULL; int ret =3D -EINVAL; + int fmt =3D qcow2_crypt_method_from_format(fmtstr); =20 - cryptoopts =3D block_crypto_create_opts_init( - Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, "aes-", errp); + switch (fmt) { + case QCOW_CRYPT_LUKS: + cryptoopts =3D block_crypto_create_opts_init( + Q_CRYPTO_BLOCK_FORMAT_LUKS, opts, "luks-", errp); + break; + case QCOW_CRYPT_AES: + cryptoopts =3D block_crypto_create_opts_init( + Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, "aes-", errp); + break; + default: + error_setg(errp, "Unknown encryption format %s", fmtstr); + break; + } + s->crypt_method_header =3D fmt; if (!cryptoopts) { ret =3D -EINVAL; goto out; } - s->crypt_method_header =3D QCOW_CRYPT_AES; =20 crypto =3D qcrypto_block_create(cryptoopts, - NULL, NULL, + qcow2_crypto_hdr_init_func, + qcow2_crypto_hdr_write_func, bs, errp); if (!crypto) { ret =3D -EINVAL; @@ -2135,6 +2326,7 @@ static int qcow2_create2(const char *filename, int64_= t total_size, { int cluster_bits; QDict *options; + const char *encryption_format; =20 /* Calculate cluster_bits */ cluster_bits =3D ctz32(cluster_size); @@ -2338,8 +2530,15 @@ static int qcow2_create2(const char *filename, int64= _t total_size, } =20 /* Want encryption? There you go. */ - if (flags & BLOCK_FLAG_ENCRYPT) { - ret =3D qcow2_set_up_encryption(blk_bs(blk), opts, errp); + encryption_format =3D qemu_opt_get_del(opts, BLOCK_OPT_ENCRYPTION_FORM= AT); + if (!encryption_format && + qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) { + encryption_format =3D "aes"; + } + + if (encryption_format) { + ret =3D qcow2_set_up_encryption(blk_bs(blk), opts, encryption_form= at, + errp); if (ret < 0) { goto out; } @@ -2405,9 +2604,6 @@ static int qcow2_create(const char *filename, QemuOpt= s *opts, Error **errp) BDRV_SECTOR_SIZE); backing_file =3D qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FILE); backing_fmt =3D qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FMT); - if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) { - flags |=3D BLOCK_FLAG_ENCRYPT; - } cluster_size =3D qemu_opt_get_size_del(opts, BLOCK_OPT_CLUSTER_SIZE, DEFAULT_CLUSTER_SIZE); buf =3D qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC); @@ -3155,6 +3351,7 @@ static int qcow2_amend_options(BlockDriverState *bs, = QemuOpts *opts, const char *compat =3D NULL; uint64_t cluster_size =3D s->cluster_size; bool encrypt; + int encformat; int refcount_bits =3D s->refcount_bits; int ret; QemuOptDesc *desc =3D opts->list->desc; @@ -3196,6 +3393,14 @@ static int qcow2_amend_options(BlockDriverState *bs,= QemuOpts *opts, error_report("Changing the encryption flag is not supporte= d"); return -ENOTSUP; } + } else if (!strcmp(desc->name, BLOCK_OPT_ENCRYPTION_FORMAT)) { + encformat =3D qcow2_crypt_method_from_format( + qemu_opt_get(opts, BLOCK_OPT_ENCRYPT)); + + if (encformat !=3D s->crypt_method_header) { + error_report("Changing the encryption format is not suppor= ted"); + return -ENOTSUP; + } } else if (!strcmp(desc->name, BLOCK_OPT_CLUSTER_SIZE)) { cluster_size =3D qemu_opt_get_size(opts, BLOCK_OPT_CLUSTER_SIZ= E, cluster_size); @@ -3401,7 +3606,8 @@ static QemuOptsList qcow2_create_opts =3D { { .name =3D BLOCK_OPT_ENCRYPT, .type =3D QEMU_OPT_BOOL, - .help =3D "Encrypt the image", + .help =3D "Deprecated, use the " BLOCK_OPT_ENCRYPTION_FORMAT + " option instead", .def_value_str =3D "off" }, { @@ -3428,7 +3634,20 @@ static QemuOptsList qcow2_create_opts =3D { .help =3D "Width of a reference count entry in bits", .def_value_str =3D "16" }, + { + .name =3D BLOCK_OPT_ENCRYPTION_FORMAT, + .type =3D QEMU_OPT_STRING, + .help =3D "Encryption data format 'luks' (recommended) or " + "'aes' (deprecated)", + }, BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("aes-"), + BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET("luks-"), + BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG("luks-"), + BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE("luks-"), + BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG("luks-"), + BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG("luks-"), + BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG("luks-"), + BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME("luks-"), { /* end of list */ } } }; diff --git a/block/qcow2.h b/block/qcow2.h index 9746aaf..3cf577d 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -36,6 +36,7 @@ =20 #define QCOW_CRYPT_NONE 0 #define QCOW_CRYPT_AES 1 +#define QCOW_CRYPT_LUKS 2 =20 #define QCOW_MAX_CRYPT_CLUSTERS 32 #define QCOW_MAX_SNAPSHOTS 65536 @@ -163,6 +164,11 @@ typedef struct QCowSnapshot { struct Qcow2Cache; typedef struct Qcow2Cache Qcow2Cache; =20 +typedef struct Qcow2CryptoHeaderExtension { + uint64_t offset; + uint64_t length; +} QEMU_PACKED Qcow2CryptoHeaderExtension; + typedef struct Qcow2UnknownHeaderExtension { uint32_t magic; uint32_t len; @@ -257,8 +263,11 @@ typedef struct BDRVQcow2State { =20 CoMutex lock; =20 + Qcow2CryptoHeaderExtension crypto_header; /* QCow2 header extension */ QCryptoBlockOpenOptions *crypto_opts; /* Disk encryption runtime optio= ns */ QCryptoBlock *crypto; /* Disk encryption format driver */ + bool crypt_physical_offset; /* Whether to use virtual or physical offs= et + for encryption initialization vector tw= eak */ uint32_t crypt_method_header; uint64_t snapshots_offset; int snapshots_size; diff --git a/include/block/block_int.h b/include/block/block_int.h index 2d92d7e..95e630e 100644 --- a/include/block/block_int.h +++ b/include/block/block_int.h @@ -41,6 +41,7 @@ =20 #define BLOCK_OPT_SIZE "size" #define BLOCK_OPT_ENCRYPT "encryption" +#define BLOCK_OPT_ENCRYPTION_FORMAT "encryption-format" #define BLOCK_OPT_COMPAT6 "compat6" #define BLOCK_OPT_HWVERSION "hwversion" #define BLOCK_OPT_BACKING_FILE "backing_file" diff --git a/qapi/block-core.json b/qapi/block-core.json index 6866a0d..f083cd3 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2327,9 +2327,13 @@ # caches. The interval is in seconds. The default = value # is 0 and it disables this feature (since 2.5) # @aes-key-secret: #optional the ID of a QCryptoSecret object provi= ding -# the AES decryption key (since 2.9). Mandatory for +# the AES decryption key (since 2.9). Mandatory fo= r AES # encrypted images, except when doing a metadata-o= nly # probe of the image. +# @luks-key-secret: #optional the ID of a QCryptoSecret object provi= ding +# the LUKS keyslot passphrase (since 2.9). Mandato= ry for +# LUKS encrypted images, except when doing a metad= ata- +# only probe of the image. # # Since: 1.7 ## @@ -2344,7 +2348,8 @@ '*l2-cache-size': 'int', '*refcount-cache-size': 'int', '*cache-clean-interval': 'int', - '*aes-key-secret': 'str' } } + '*aes-key-secret': 'str', + '*luks-key-secret': 'str' } } =20 ## # @BlockdevOptionsArchipelago: diff --git a/qemu-img.c b/qemu-img.c index cff22e3..8a70bf7 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -2048,6 +2048,8 @@ static int img_convert(int argc, char **argv) if (compress) { bool encryption =3D qemu_opt_get_bool(opts, BLOCK_OPT_ENCRYPT, false); + const char *encryption_format =3D + qemu_opt_get(opts, BLOCK_OPT_ENCRYPTION_FORMAT); const char *preallocation =3D qemu_opt_get(opts, BLOCK_OPT_PREALLOC); =20 @@ -2057,7 +2059,7 @@ static int img_convert(int argc, char **argv) goto out; } =20 - if (encryption) { + if (encryption || encryption_format) { error_report("Compression and encryption not supported at " "the same time"); ret =3D -1; diff --git a/tests/qemu-iotests/082.out b/tests/qemu-iotests/082.out index f8dee34..953a1c9 100644 --- a/tests/qemu-iotests/082.out +++ b/tests/qemu-iotests/082.out @@ -48,12 +48,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o ? TEST_DIR/t.qcow2 128M @@ -62,12 +70,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o cluster_size=3D4k,help TEST_DIR/t.qcow2 128M @@ -76,12 +92,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o cluster_size=3D4k,? TEST_DIR/t.qcow2 128M @@ -90,12 +114,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o help,cluster_size=3D4k TEST_DIR/t.qcow2 128M @@ -104,12 +136,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o ?,cluster_size=3D4k TEST_DIR/t.qcow2 128M @@ -118,12 +158,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o cluster_size=3D4k -o help TEST_DIR/t.qcow2 128M @@ -132,12 +180,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o cluster_size=3D4k -o ? TEST_DIR/t.qcow2 128M @@ -146,12 +202,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: create -f qcow2 -o backing_file=3DTEST_DIR/t.qcow2,,help TEST_DIR= /t.qcow2 128M @@ -175,12 +239,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds =20 Testing: create -o help Supported options: @@ -238,12 +310,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o ? TEST_DIR/t.qcow2 TEST_DIR/t.qcow2.base @@ -252,12 +332,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o cluster_size=3D4k,help TEST_DIR/t.qcow2 TEST_= DIR/t.qcow2.base @@ -266,12 +354,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o cluster_size=3D4k,? TEST_DIR/t.qcow2 TEST_DIR= /t.qcow2.base @@ -280,12 +376,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o help,cluster_size=3D4k TEST_DIR/t.qcow2 TEST_= DIR/t.qcow2.base @@ -294,12 +398,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o ?,cluster_size=3D4k TEST_DIR/t.qcow2 TEST_DIR= /t.qcow2.base @@ -308,12 +420,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o cluster_size=3D4k -o help TEST_DIR/t.qcow2 TE= ST_DIR/t.qcow2.base @@ -322,12 +442,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o cluster_size=3D4k -o ? TEST_DIR/t.qcow2 TEST_= DIR/t.qcow2.base @@ -336,12 +464,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: convert -O qcow2 -o backing_file=3DTEST_DIR/t.qcow2,,help TEST_DI= R/t.qcow2 TEST_DIR/t.qcow2.base @@ -365,12 +501,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds =20 Testing: convert -o help Supported options: @@ -425,12 +569,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o ? TEST_DIR/t.qcow2 @@ -439,12 +591,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o cluster_size=3D4k,help TEST_DIR/t.qcow2 @@ -453,12 +613,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o cluster_size=3D4k,? TEST_DIR/t.qcow2 @@ -467,12 +635,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o help,cluster_size=3D4k TEST_DIR/t.qcow2 @@ -481,12 +657,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o ?,cluster_size=3D4k TEST_DIR/t.qcow2 @@ -495,12 +679,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o cluster_size=3D4k -o help TEST_DIR/t.qcow2 @@ -509,12 +701,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o cluster_size=3D4k -o ? TEST_DIR/t.qcow2 @@ -523,12 +723,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds nocow Turn off copy-on-write (valid only on btrfs) =20 Testing: amend -f qcow2 -o backing_file=3DTEST_DIR/t.qcow2,,help TEST_DIR/= t.qcow2 @@ -554,12 +762,20 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Deprecated, use the encryption-format option instead cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates refcount_bits Width of a reference count entry in bits +encryption-format Encryption data format 'luks' (recommended) or 'aes' (de= precated) aes-key-secret ID of the secret that provides the AES encryption key +luks-key-secret ID of the secret that provides the keyslot passphrase +luks-cipher-alg Name of encryption cipher algorithm +luks-cipher-mode Name of encryption cipher mode +luks-ivgen-alg Name of IV generator algorithm +luks-ivgen-hash-alg Name of IV generator hash algorithm +luks-hash-alg Name of encryption hash algorithm +luks-iter-time Time to spend in PBKDF in milliseconds =20 Testing: convert -o help Supported options: --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487678920415188.83728798886068; Tue, 21 Feb 2017 04:08:40 -0800 (PST) Received: from localhost ([::1]:43973 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg9FF-0008NK-OR for importer@patchew.org; Tue, 21 Feb 2017 07:08:37 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38228) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg939-0005Yr-SX for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg938-0005Fi-3n for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:07 -0500 Received: from mx1.redhat.com ([209.132.183.28]:35288) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg932-0005E5-Cm; Tue, 21 Feb 2017 06:56:00 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 74D767E9CB; Tue, 21 Feb 2017 11:56:00 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjO032624; Tue, 21 Feb 2017 06:55:57 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:55:08 +0000 Message-Id: <20170221115512.21918-15-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 21 Feb 2017 11:56:00 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 14/18] qcow2: add iotests to cover LUKS encryption support X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" This extends the 087 iotest to cover LUKS encryption when doing blockdev-add. Two further tests are added to validate read/write of LUKS encrypted images with a single file and with a backing file. Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/087 | 32 ++++++++++++++++- tests/qemu-iotests/087.out | 14 +++++++- tests/qemu-iotests/176 | 76 ++++++++++++++++++++++++++++++++++++++++ tests/qemu-iotests/176.out | 18 ++++++++++ tests/qemu-iotests/177 | 86 ++++++++++++++++++++++++++++++++++++++++++= ++++ tests/qemu-iotests/177.out | 26 ++++++++++++++ tests/qemu-iotests/group | 2 ++ 7 files changed, 252 insertions(+), 2 deletions(-) create mode 100755 tests/qemu-iotests/176 create mode 100644 tests/qemu-iotests/176.out create mode 100755 tests/qemu-iotests/177 create mode 100644 tests/qemu-iotests/177.out diff --git a/tests/qemu-iotests/087 b/tests/qemu-iotests/087 index 55a9e06..1c3ca9f 100755 --- a/tests/qemu-iotests/087 +++ b/tests/qemu-iotests/087 @@ -121,7 +121,7 @@ run_qemu <. +# + +# creator +owner=3Dberrange@redhat.com + +seq=3D`basename $0` +echo "QA output created by $seq" + +here=3D`pwd` +status=3D1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt qcow2 +_supported_proto generic +_supported_os Linux + + +size=3D16M + +SECRET=3D"secret,id=3Dsec0,data=3Dastrochicken" +SECRETALT=3D"secret,id=3Dsec0,data=3Dplatypus" + +_make_test_img --object $SECRET -o "encryption-format=3Dluks,luks-key-secr= et=3Dsec0,luks-iter-time=3D10" $size + +IMGSPEC=3D"driver=3D$IMGFMT,file.filename=3D$TEST_IMG,luks-key-secret=3Dse= c0" + +QEMU_IO_OPTIONS=3D$QEMU_IO_OPTIONS_NO_FMT + +echo +echo "=3D=3D reading whole image =3D=3D" +$QEMU_IO --object $SECRET -c "read -P 0 0 $size" --image-opts $IMGSPEC | _= filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D rewriting whole image =3D=3D" +$QEMU_IO --object $SECRET -c "write -P 0xa 0 $size" --image-opts $IMGSPEC = | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET -c "read -P 0xa 0 $size" --image-opts $IMGSPEC = | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify open failure with wrong password =3D=3D" +$QEMU_IO --object $SECRETALT -c "read -P 0xa 0 $size" --image-opts $IMGSPE= C | _filter_qemu_io | _filter_testdir + + +# success, all done +echo "*** done" +rm -f $seq.full +status=3D0 diff --git a/tests/qemu-iotests/176.out b/tests/qemu-iotests/176.out new file mode 100644 index 0000000..0662154 --- /dev/null +++ b/tests/qemu-iotests/176.out @@ -0,0 +1,18 @@ +QA output created by 176 +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 encryption-fo= rmat=3Dluks luks-key-secret=3Dsec0 luks-iter-time=3D10 + +=3D=3D reading whole image =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D rewriting whole image =3D=3D +wrote 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify open failure with wrong password =3D=3D +can't open: Invalid password, cannot unlock any keyslot +*** done diff --git a/tests/qemu-iotests/177 b/tests/qemu-iotests/177 new file mode 100755 index 0000000..9dd03d5 --- /dev/null +++ b/tests/qemu-iotests/177 @@ -0,0 +1,86 @@ +#!/bin/bash +# +# Test encrypted read/write using backing files +# +# Copyright (C) 2017 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=3Dberrange@redhat.com + +seq=3D`basename $0` +echo "QA output created by $seq" + +here=3D`pwd` +status=3D1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt qcow2 +_supported_proto generic +_supported_os Linux + + +size=3D16M +TEST_IMG_BASE=3D$TEST_IMG.base +SECRET0=3D"secret,id=3Dsec0,data=3Dastrochicken" +SECRET1=3D"secret,id=3Dsec1,data=3Dfurby" + +TEST_IMG_SAVE=3D$TEST_IMG +TEST_IMG=3D$TEST_IMG_BASE +echo "=3D=3D create base =3D=3D" +_make_test_img --object $SECRET0 -o "encryption-format=3Dluks,luks-key-sec= ret=3Dsec0,luks-iter-time=3D10" $size +TEST_IMG=3D$TEST_IMG_SAVE + +IMGSPECBASE=3D"driver=3D$IMGFMT,file.filename=3D$TEST_IMG_BASE,luks-key-se= cret=3Dsec0" +IMGSPEC=3D"driver=3D$IMGFMT,file.filename=3D$TEST_IMG,backing.driver=3D$IM= GFMT,backing.file.filename=3D$TEST_IMG_BASE,backing.luks-key-secret=3Dsec0,= luks-key-secret=3Dsec1" +QEMU_IO_OPTIONS=3D$QEMU_IO_OPTIONS_NO_FMT + +echo +echo "=3D=3D writing whole image =3D=3D" +$QEMU_IO --object $SECRET0 -c "write -P 0xa 0 $size" --image-opts $IMGSPEC= BASE | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET0 -c "read -P 0xa 0 $size" --image-opts $IMGSPECB= ASE | _filter_qemu_io | _filter_testdir + +echo "=3D=3D create overlay =3D=3D" +_make_test_img --object $SECRET1 -o "encryption-format=3Dluks,luks-key-sec= ret=3Dsec1,luks-iter-time=3D10" -b "$TEST_IMG_BASE" $size + +echo +echo "=3D=3D writing part of a cluster =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "write -P 0xe 0 1024" --im= age-opts $IMGSPEC | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0xe 0 1024" --ima= ge-opts $IMGSPEC | _filter_qemu_io | _filter_testdir +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0xa 1024 64512" -= -image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir + + +# success, all done +echo "*** done" +rm -f $seq.full +status=3D0 diff --git a/tests/qemu-iotests/177.out b/tests/qemu-iotests/177.out new file mode 100644 index 0000000..5a91b12 --- /dev/null +++ b/tests/qemu-iotests/177.out @@ -0,0 +1,26 @@ +QA output created by 177 +=3D=3D create base =3D=3D +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D16777216 encrypti= on-format=3Dluks luks-key-secret=3Dsec0 luks-iter-time=3D10 + +=3D=3D writing whole image =3D=3D +wrote 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +=3D=3D create overlay =3D=3D +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 backing_file= =3DTEST_DIR/t.IMGFMT.base encryption-format=3Dluks luks-key-secret=3Dsec1 l= uks-iter-time=3D10 + +=3D=3D writing part of a cluster =3D=3D +wrote 1024/1024 bytes at offset 0 +1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 1024/1024 bytes at offset 0 +1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 64512/64512 bytes at offset 1024 +63 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +*** done diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index 19169eb..a7cdd3f 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -168,3 +168,5 @@ 173 rw auto 174 auto 175 rw auto backing +176 rw auto quick +177 rw auto quick --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487679346080394.44040931535596; Tue, 21 Feb 2017 04:15:46 -0800 (PST) Received: from localhost ([::1]:44017 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg9M7-0006Ui-JR for importer@patchew.org; Tue, 21 Feb 2017 07:15:43 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38212) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg939-0005YT-Ei for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg938-0005G6-P4 for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:07 -0500 Received: from mx1.redhat.com ([209.132.183.28]:37188) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg935-0005En-8x; Tue, 21 Feb 2017 06:56:03 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 577243D94E; Tue, 21 Feb 2017 11:56:03 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjP032624; Tue, 21 Feb 2017 06:56:00 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:55:09 +0000 Message-Id: <20170221115512.21918-16-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 21 Feb 2017 11:56:03 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 15/18] iotests: enable tests 134 and 158 to work with qcow (v1) X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The 138 and 158 iotests exercise the legacy qcow2 aes encryption code path and they work fine with qcow v1 too. Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/134 | 2 +- tests/qemu-iotests/158 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/qemu-iotests/134 b/tests/qemu-iotests/134 index dd080a2..1a24a70 100755 --- a/tests/qemu-iotests/134 +++ b/tests/qemu-iotests/134 @@ -37,7 +37,7 @@ trap "_cleanup; exit \$status" 0 1 2 3 15 . ./common.rc . ./common.filter =20 -_supported_fmt qcow2 +_supported_fmt qcow qcow2 _supported_proto generic _supported_os Linux =20 diff --git a/tests/qemu-iotests/158 b/tests/qemu-iotests/158 index 7a1eb5c..2b53d9f 100755 --- a/tests/qemu-iotests/158 +++ b/tests/qemu-iotests/158 @@ -37,7 +37,7 @@ trap "_cleanup; exit \$status" 0 1 2 3 15 . ./common.rc . ./common.filter =20 -_supported_fmt qcow2 +_supported_fmt qcow qcow2 _supported_proto generic _supported_os Linux =20 --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487679194904602.2495345719553; Tue, 21 Feb 2017 04:13:14 -0800 (PST) Received: from localhost ([::1]:43999 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg9Jg-0004Lc-FL for importer@patchew.org; Tue, 21 Feb 2017 07:13:12 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38290) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg93D-0005dE-VW for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:14 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg93C-0005HR-AJ for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:12 -0500 Received: from mx1.redhat.com ([209.132.183.28]:61740) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg938-0005FQ-2L; Tue, 21 Feb 2017 06:56:06 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 242C561B91; Tue, 21 Feb 2017 11:56:06 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjQ032624; Tue, 21 Feb 2017 06:56:03 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:55:10 +0000 Message-Id: <20170221115512.21918-17-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 21 Feb 2017 11:56:06 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 16/18] block: rip out all traces of password prompting X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Now that qcow & qcow2 are wired up to get encryption keys via the QCryptoSecret object, nothing is relying on the interactive prompting for passwords. All the code related to password prompting can thus be ripped out. Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange Reviewed-by: Alberto Garcia --- hmp.c | 31 --------------------- include/monitor/monitor.h | 7 ----- include/qemu/osdep.h | 2 -- monitor.c | 68 -------------------------------------------= ---- qapi-schema.json | 10 +------ qemu-img.c | 31 --------------------- qemu-io.c | 20 -------------- qmp.c | 12 +-------- util/oslib-posix.c | 66 -------------------------------------------= -- util/oslib-win32.c | 24 ----------------- 10 files changed, 2 insertions(+), 269 deletions(-) diff --git a/hmp.c b/hmp.c index 2bc4f06..1a33e66 100644 --- a/hmp.c +++ b/hmp.c @@ -1071,37 +1071,12 @@ void hmp_ringbuf_read(Monitor *mon, const QDict *qd= ict) g_free(data); } =20 -static void hmp_cont_cb(void *opaque, int err) -{ - if (!err) { - qmp_cont(NULL); - } -} - -static bool key_is_missing(const BlockInfo *bdev) -{ - return (bdev->inserted && bdev->inserted->encryption_key_missing); -} - void hmp_cont(Monitor *mon, const QDict *qdict) { - BlockInfoList *bdev_list, *bdev; Error *err =3D NULL; =20 - bdev_list =3D qmp_query_block(NULL); - for (bdev =3D bdev_list; bdev; bdev =3D bdev->next) { - if (key_is_missing(bdev->value)) { - monitor_read_block_device_key(mon, bdev->value->device, - hmp_cont_cb, NULL); - goto out; - } - } - qmp_cont(&err); hmp_handle_error(mon, &err); - -out: - qapi_free_BlockInfoList(bdev_list); } =20 void hmp_system_wakeup(Monitor *mon, const QDict *qdict) @@ -1537,12 +1512,6 @@ void hmp_change(Monitor *mon, const QDict *qdict) qmp_blockdev_change_medium(true, device, false, NULL, target, !!arg, arg, !!read_only, read_only_mode, &err); - if (err && - error_get_class(err) =3D=3D ERROR_CLASS_DEVICE_ENCRYPTED) { - error_free(err); - monitor_read_block_device_key(mon, device, NULL, NULL); - return; - } } =20 hmp_handle_error(mon, &err); diff --git a/include/monitor/monitor.h b/include/monitor/monitor.h index e64b944..b1dc5e8 100644 --- a/include/monitor/monitor.h +++ b/include/monitor/monitor.h @@ -22,13 +22,6 @@ void monitor_cleanup(void); int monitor_suspend(Monitor *mon); void monitor_resume(Monitor *mon); =20 -int monitor_read_bdrv_key_start(Monitor *mon, BlockDriverState *bs, - BlockCompletionFunc *completion_cb, - void *opaque); -int monitor_read_block_device_key(Monitor *mon, const char *device, - BlockCompletionFunc *completion_cb, - void *opaque); - int monitor_get_fd(Monitor *mon, const char *fdname, Error **errp); int monitor_fd_param(Monitor *mon, const char *fdname, Error **errp); =20 diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h index 56c9e22..e19f03c 100644 --- a/include/qemu/osdep.h +++ b/include/qemu/osdep.h @@ -403,8 +403,6 @@ void qemu_set_tty_echo(int fd, bool echo); =20 void os_mem_prealloc(int fd, char *area, size_t sz, Error **errp); =20 -int qemu_read_password(char *buf, int buf_size); - /** * qemu_get_pid_name: * @pid: pid of a process diff --git a/monitor.c b/monitor.c index 3cd72a9..512561b 100644 --- a/monitor.c +++ b/monitor.c @@ -4038,74 +4038,6 @@ void monitor_cleanup(void) qemu_mutex_unlock(&monitor_lock); } =20 -static void bdrv_password_cb(void *opaque, const char *password, - void *readline_opaque) -{ - Monitor *mon =3D opaque; - BlockDriverState *bs =3D readline_opaque; - int ret =3D 0; - Error *local_err =3D NULL; - - bdrv_add_key(bs, password, &local_err); - if (local_err) { - error_report_err(local_err); - ret =3D -EPERM; - } - if (mon->password_completion_cb) - mon->password_completion_cb(mon->password_opaque, ret); - - monitor_read_command(mon, 1); -} - -int monitor_read_bdrv_key_start(Monitor *mon, BlockDriverState *bs, - BlockCompletionFunc *completion_cb, - void *opaque) -{ - int err; - - monitor_printf(mon, "%s (%s) is encrypted.\n", bdrv_get_device_name(bs= ), - bdrv_get_encrypted_filename(bs)); - - mon->password_completion_cb =3D completion_cb; - mon->password_opaque =3D opaque; - - err =3D monitor_read_password(mon, bdrv_password_cb, bs); - - if (err && completion_cb) - completion_cb(opaque, err); - - return err; -} - -int monitor_read_block_device_key(Monitor *mon, const char *device, - BlockCompletionFunc *completion_cb, - void *opaque) -{ - Error *err =3D NULL; - BlockBackend *blk; - - blk =3D blk_by_name(device); - if (!blk) { - monitor_printf(mon, "Device not found %s\n", device); - return -1; - } - if (!blk_bs(blk)) { - monitor_printf(mon, "Device '%s' has no medium\n", device); - return -1; - } - - bdrv_add_key(blk_bs(blk), NULL, &err); - if (err) { - error_free(err); - return monitor_read_bdrv_key_start(mon, blk_bs(blk), completion_cb= , opaque); - } - - if (completion_cb) { - completion_cb(opaque, 0); - } - return 0; -} - QemuOptsList qemu_mon_opts =3D { .name =3D "mon", .implied_opt_name =3D "chardev", diff --git a/qapi-schema.json b/qapi-schema.json index e9a6364..587f098 100644 --- a/qapi-schema.json +++ b/qapi-schema.json @@ -2359,8 +2359,6 @@ # Since: 0.14.0 # # Returns: If successful, nothing -# If QEMU was started with an encrypted block device and a key h= as -# not yet been set, DeviceEncrypted. # # Notes: This command will succeed if the guest is currently running. It # will also succeed if the guest is in the "inmigrate" state; in @@ -2641,8 +2639,7 @@ # * This command is stateless, this means that commands that depend # on state information (such as getfd) might not work # -# * Commands that prompt the user for data (eg. 'cont' when the blo= ck -# device is encrypted) don't currently work +# * Commands that prompt the user for data don't currently work # # Example: # @@ -2947,11 +2944,6 @@ # # Returns: Nothing on success. # If @device is not a valid block device, DeviceNotFound -# If the new block device is encrypted, DeviceEncrypted. Note th= at -# if this error is returned, the device has been opened successfu= lly -# and an additional call to @block_passwd is required to set the -# device's password. The behavior of reads and writes to the blo= ck -# device between when these calls are executed is undefined. # # Notes: This interface is deprecated, and it is strongly recommended tha= t you # avoid using it. For changing block devices, use diff --git a/qemu-img.c b/qemu-img.c index 8a70bf7..c33a15f 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -243,29 +243,6 @@ static int print_block_option_help(const char *filenam= e, const char *fmt) } =20 =20 -static int img_open_password(BlockBackend *blk, const char *filename, - int flags, bool quiet) -{ - BlockDriverState *bs; - char password[256]; - - bs =3D blk_bs(blk); - if (bdrv_is_encrypted(bs) && bdrv_key_required(bs) && - !(flags & BDRV_O_NO_IO)) { - qprintf(quiet, "Disk image '%s' is encrypted.\n", filename); - if (qemu_read_password(password, sizeof(password)) < 0) { - error_report("No password given"); - return -1; - } - if (bdrv_set_key(bs, password) < 0) { - error_report("invalid password"); - return -1; - } - } - return 0; -} - - static BlockBackend *img_open_opts(const char *optstr, QemuOpts *opts, int flags, bool writeth= rough, bool quiet) @@ -281,10 +258,6 @@ static BlockBackend *img_open_opts(const char *optstr, } blk_set_enable_write_cache(blk, !writethrough); =20 - if (img_open_password(blk, optstr, flags, quiet) < 0) { - blk_unref(blk); - return NULL; - } return blk; } =20 @@ -308,10 +281,6 @@ static BlockBackend *img_open_file(const char *filenam= e, } blk_set_enable_write_cache(blk, !writethrough); =20 - if (img_open_password(blk, filename, flags, quiet) < 0) { - blk_unref(blk); - return NULL; - } return blk; } =20 diff --git a/qemu-io.c b/qemu-io.c index 427cbae..864b32e 100644 --- a/qemu-io.c +++ b/qemu-io.c @@ -56,7 +56,6 @@ static const cmdinfo_t close_cmd =3D { static int openfile(char *name, int flags, bool writethrough, QDict *opts) { Error *local_err =3D NULL; - BlockDriverState *bs; =20 if (qemuio_blk) { error_report("file open already, try 'help close'"); @@ -71,28 +70,9 @@ static int openfile(char *name, int flags, bool writethr= ough, QDict *opts) return 1; } =20 - bs =3D blk_bs(qemuio_blk); - if (bdrv_is_encrypted(bs) && bdrv_key_required(bs)) { - char password[256]; - printf("Disk image '%s' is encrypted.\n", name); - if (qemu_read_password(password, sizeof(password)) < 0) { - error_report("No password given"); - goto error; - } - if (bdrv_set_key(bs, password) < 0) { - error_report("invalid password"); - goto error; - } - } - blk_set_enable_write_cache(qemuio_blk, !writethrough); =20 return 0; - - error: - blk_unref(qemuio_blk); - qemuio_blk =3D NULL; - return 1; } =20 static void open_help(void) diff --git a/qmp.c b/qmp.c index dfaabac..c054dfb 100644 --- a/qmp.c +++ b/qmp.c @@ -164,10 +164,8 @@ SpiceInfo *qmp_query_spice(Error **errp) =20 void qmp_cont(Error **errp) { - Error *local_err =3D NULL; BlockBackend *blk; - BlockDriverState *bs; - BdrvNextIterator it; + Error *local_err =3D NULL; =20 /* if there is a dump in background, we should wait until the dump * finished */ @@ -187,14 +185,6 @@ void qmp_cont(Error **errp) blk_iostatus_reset(blk); } =20 - for (bs =3D bdrv_first(&it); bs; bs =3D bdrv_next(&it)) { - bdrv_add_key(bs, NULL, &local_err); - if (local_err) { - error_propagate(errp, local_err); - return; - } - } - /* Continuing after completed migration. Images have been inactivated = to * allow the destination to take control. Need to get control back now= . */ if (runstate_check(RUN_STATE_FINISH_MIGRATE) || diff --git a/util/oslib-posix.c b/util/oslib-posix.c index f631464..35012b9 100644 --- a/util/oslib-posix.c +++ b/util/oslib-posix.c @@ -369,72 +369,6 @@ void os_mem_prealloc(int fd, char *area, size_t memory= , Error **errp) } =20 =20 -static struct termios oldtty; - -static void term_exit(void) -{ - tcsetattr(0, TCSANOW, &oldtty); -} - -static void term_init(void) -{ - struct termios tty; - - tcgetattr(0, &tty); - oldtty =3D tty; - - tty.c_iflag &=3D ~(IGNBRK|BRKINT|PARMRK|ISTRIP - |INLCR|IGNCR|ICRNL|IXON); - tty.c_oflag |=3D OPOST; - tty.c_lflag &=3D ~(ECHO|ECHONL|ICANON|IEXTEN); - tty.c_cflag &=3D ~(CSIZE|PARENB); - tty.c_cflag |=3D CS8; - tty.c_cc[VMIN] =3D 1; - tty.c_cc[VTIME] =3D 0; - - tcsetattr(0, TCSANOW, &tty); - - atexit(term_exit); -} - -int qemu_read_password(char *buf, int buf_size) -{ - uint8_t ch; - int i, ret; - - printf("password: "); - fflush(stdout); - term_init(); - i =3D 0; - for (;;) { - ret =3D read(0, &ch, 1); - if (ret =3D=3D -1) { - if (errno =3D=3D EAGAIN || errno =3D=3D EINTR) { - continue; - } else { - break; - } - } else if (ret =3D=3D 0) { - ret =3D -1; - break; - } else { - if (ch =3D=3D '\r' || - ch =3D=3D '\n') { - ret =3D 0; - break; - } - if (i < (buf_size - 1)) { - buf[i++] =3D ch; - } - } - } - term_exit(); - buf[i] =3D '\0'; - printf("\n"); - return ret; -} - - char *qemu_get_pid_name(pid_t pid) { char *name =3D NULL; diff --git a/util/oslib-win32.c b/util/oslib-win32.c index 0b1890f..69ad74b 100644 --- a/util/oslib-win32.c +++ b/util/oslib-win32.c @@ -553,30 +553,6 @@ void os_mem_prealloc(int fd, char *area, size_t memory= , Error **errp) } =20 =20 -/* XXX: put correct support for win32 */ -int qemu_read_password(char *buf, int buf_size) -{ - int c, i; - - printf("Password: "); - fflush(stdout); - i =3D 0; - for (;;) { - c =3D getchar(); - if (c < 0) { - buf[i] =3D '\0'; - return -1; - } else if (c =3D=3D '\n') { - break; - } else if (i < (buf_size - 1)) { - buf[i++] =3D c; - } - } - buf[i] =3D '\0'; - return 0; -} - - char *qemu_get_pid_name(pid_t pid) { /* XXX Implement me */ --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487679633942259.2260471494179; Tue, 21 Feb 2017 04:20:33 -0800 (PST) Received: from localhost ([::1]:44037 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg9Qm-00027Q-AO for importer@patchew.org; Tue, 21 Feb 2017 07:20:32 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38357) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg93I-0005hV-2i for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:18 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg93G-0005JT-HE for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:16 -0500 Received: from mx1.redhat.com ([209.132.183.28]:44668) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg93A-0005Gr-V5; Tue, 21 Feb 2017 06:56:09 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 099194E33C; Tue, 21 Feb 2017 11:56:09 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjR032624; Tue, 21 Feb 2017 06:56:06 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:55:11 +0000 Message-Id: <20170221115512.21918-18-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 21 Feb 2017 11:56:09 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 17/18] block: remove all encryption handling APIs X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Now that all encryption keys must be provided upfront via the QCryptoSecret API and associated block driver properties there is no need for any explicit encryption handling APIs in the block layer. Encryption can be handled transparently within the block driver. We only retain an API for querying whether an image is encrypted or not, since that is a potentially useful piece of metadata to report to the user. Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- block.c | 77 +------------------------------------------= ---- block/crypto.c | 1 - block/qapi.c | 2 +- block/qcow.c | 1 - block/qcow2.c | 1 - blockdev.c | 37 ++--------------------- include/block/block.h | 3 -- include/block/block_int.h | 1 - include/qapi/error.h | 1 - qapi/block-core.json | 3 +- qapi/common.json | 5 +-- 11 files changed, 6 insertions(+), 126 deletions(-) diff --git a/block.c b/block.c index 743c349..228c943 100644 --- a/block.c +++ b/block.c @@ -1865,15 +1865,7 @@ static BlockDriverState *bdrv_open_inherit(const cha= r *filename, goto close_and_fail; } =20 - if (!bdrv_key_required(bs)) { - bdrv_parent_cb_change_media(bs, true); - } else if (!runstate_check(RUN_STATE_PRELAUNCH) - && !runstate_check(RUN_STATE_INMIGRATE) - && !runstate_check(RUN_STATE_PAUSED)) { /* HACK */ - error_setg(errp, - "Guest must be stopped for opening of encrypted image"); - goto close_and_fail; - } + bdrv_parent_cb_change_media(bs, true); =20 QDECREF(options); =20 @@ -2354,7 +2346,6 @@ static void bdrv_close(BlockDriverState *bs) bs->backing_format[0] =3D '\0'; bs->total_sectors =3D 0; bs->encrypted =3D false; - bs->valid_key =3D false; bs->sg =3D false; QDECREF(bs->options); QDECREF(bs->explicit_options); @@ -2723,72 +2714,6 @@ bool bdrv_is_encrypted(BlockDriverState *bs) return bs->encrypted; } =20 -bool bdrv_key_required(BlockDriverState *bs) -{ - BdrvChild *backing =3D bs->backing; - - if (backing && backing->bs->encrypted && !backing->bs->valid_key) { - return true; - } - return (bs->encrypted && !bs->valid_key); -} - -int bdrv_set_key(BlockDriverState *bs, const char *key) -{ - int ret; - if (bs->backing && bs->backing->bs->encrypted) { - ret =3D bdrv_set_key(bs->backing->bs, key); - if (ret < 0) - return ret; - if (!bs->encrypted) - return 0; - } - if (!bs->encrypted) { - return -EINVAL; - } else if (!bs->drv || !bs->drv->bdrv_set_key) { - return -ENOMEDIUM; - } - ret =3D bs->drv->bdrv_set_key(bs, key); - if (ret < 0) { - bs->valid_key =3D false; - } else if (!bs->valid_key) { - /* call the change callback now, we skipped it on open */ - bs->valid_key =3D true; - bdrv_parent_cb_change_media(bs, true); - } - return ret; -} - -/* - * Provide an encryption key for @bs. - * If @key is non-null: - * If @bs is not encrypted, fail. - * Else if the key is invalid, fail. - * Else set @bs's key to @key, replacing the existing key, if any. - * If @key is null: - * If @bs is encrypted and still lacks a key, fail. - * Else do nothing. - * On failure, store an error object through @errp if non-null. - */ -void bdrv_add_key(BlockDriverState *bs, const char *key, Error **errp) -{ - if (key) { - if (!bdrv_is_encrypted(bs)) { - error_setg(errp, "Node '%s' is not encrypted", - bdrv_get_device_or_node_name(bs)); - } else if (bdrv_set_key(bs, key) < 0) { - error_setg(errp, QERR_INVALID_PASSWORD); - } - } else { - if (bdrv_key_required(bs)) { - error_set(errp, ERROR_CLASS_DEVICE_ENCRYPTED, - "'%s' (%s) is encrypted", - bdrv_get_device_or_node_name(bs), - bdrv_get_encrypted_filename(bs)); - } - } -} - const char *bdrv_get_format_name(BlockDriverState *bs) { return bs->drv ? bs->drv->format_name : NULL; diff --git a/block/crypto.c b/block/crypto.c index 9201cb0..6d6bd90 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -381,7 +381,6 @@ static int block_crypto_open_generic(QCryptoBlockFormat= format, } =20 bs->encrypted =3D true; - bs->valid_key =3D true; =20 ret =3D 0; cleanup: diff --git a/block/qapi.c b/block/qapi.c index ac480aa..578f06f 100644 --- a/block/qapi.c +++ b/block/qapi.c @@ -45,7 +45,7 @@ BlockDeviceInfo *bdrv_block_device_info(BlockBackend *blk, info->ro =3D bs->read_only; info->drv =3D g_strdup(bs->drv->format_name); info->encrypted =3D bs->encrypted; - info->encryption_key_missing =3D bdrv_key_required(bs); + info->encryption_key_missing =3D false; =20 info->cache =3D g_new(BlockdevCacheInfo, 1); *info->cache =3D (BlockdevCacheInfo) { diff --git a/block/qcow.c b/block/qcow.c index d3a840e..47398ef 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -209,7 +209,6 @@ static int qcow_open(BlockDriverState *bs, QDict *optio= ns, int flags, goto fail; } bs->encrypted =3D true; - bs->valid_key =3D true; } s->cluster_bits =3D header.cluster_bits; s->cluster_size =3D 1 << s->cluster_bits; diff --git a/block/qcow2.c b/block/qcow2.c index 12f84bb..642bd1a 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -1148,7 +1148,6 @@ static int qcow2_open(BlockDriverState *bs, QDict *op= tions, int flags, } =20 bs->encrypted =3D true; - bs->valid_key =3D true; } =20 s->l2_bits =3D s->cluster_bits - 3; /* L2 is always one cluster */ diff --git a/blockdev.c b/blockdev.c index db82ac9..64b5c96 100644 --- a/blockdev.c +++ b/blockdev.c @@ -587,10 +587,6 @@ static BlockBackend *blockdev_init(const char *file, Q= Dict *bs_opts, =20 bs->detect_zeroes =3D detect_zeroes; =20 - if (bdrv_key_required(bs)) { - autostart =3D 0; - } - block_acct_init(blk_get_stats(blk), account_invalid, account_faile= d); =20 if (!parse_stats_intervals(blk_get_stats(blk), interval_list, errp= )) { @@ -2244,24 +2240,8 @@ void qmp_block_passwd(bool has_device, const char *d= evice, bool has_node_name, const char *node_name, const char *password, Error **errp) { - Error *local_err =3D NULL; - BlockDriverState *bs; - AioContext *aio_context; - - bs =3D bdrv_lookup_bs(has_device ? device : NULL, - has_node_name ? node_name : NULL, - &local_err); - if (local_err) { - error_propagate(errp, local_err); - return; - } - - aio_context =3D bdrv_get_aio_context(bs); - aio_context_acquire(aio_context); - - bdrv_add_key(bs, password, errp); - - aio_context_release(aio_context); + error_setg(errp, + "Setting block passwords directly is no longer supported"); } =20 /* @@ -2556,12 +2536,6 @@ void qmp_blockdev_change_medium(bool has_device, con= st char *device, goto fail; } =20 - bdrv_add_key(medium_bs, NULL, &err); - if (err) { - error_propagate(errp, err); - goto fail; - } - rc =3D do_open_tray(has_device ? device : NULL, has_id ? id : NULL, false, &err); @@ -3832,13 +3806,6 @@ void qmp_blockdev_add(BlockdevOptions *options, Erro= r **errp) =20 QTAILQ_INSERT_TAIL(&monitor_bdrv_states, bs, monitor_list); =20 - if (bs && bdrv_key_required(bs)) { - QTAILQ_REMOVE(&monitor_bdrv_states, bs, monitor_list); - bdrv_unref(bs); - error_setg(errp, "blockdev-add doesn't support encrypted devices"); - goto fail; - } - fail: visit_free(v); } diff --git a/include/block/block.h b/include/block/block.h index 4e81f20..5b9ae6a 100644 --- a/include/block/block.h +++ b/include/block/block.h @@ -413,9 +413,6 @@ BlockDriverState *bdrv_next(BdrvNextIterator *it); =20 BlockDriverState *bdrv_next_monitor_owned(BlockDriverState *bs); bool bdrv_is_encrypted(BlockDriverState *bs); -bool bdrv_key_required(BlockDriverState *bs); -int bdrv_set_key(BlockDriverState *bs, const char *key); -void bdrv_add_key(BlockDriverState *bs, const char *key, Error **errp); void bdrv_iterate_format(void (*it)(void *opaque, const char *name), void *opaque); const char *bdrv_get_node_name(const BlockDriverState *bs); diff --git a/include/block/block_int.h b/include/block/block_int.h index 95e630e..a26ed00 100644 --- a/include/block/block_int.h +++ b/include/block/block_int.h @@ -436,7 +436,6 @@ struct BlockDriverState { int open_flags; /* flags used to open the file, re-used for re-open */ bool read_only; /* if true, the media is read only */ bool encrypted; /* if true, the media is encrypted */ - bool valid_key; /* if true, a valid encryption key has been set */ bool sg; /* if true, the device is a /dev/sg* */ bool probed; /* if true, format was probed rather than specified */ =20 diff --git a/include/qapi/error.h b/include/qapi/error.h index 7e532d0..5d5e737 100644 --- a/include/qapi/error.h +++ b/include/qapi/error.h @@ -125,7 +125,6 @@ typedef enum ErrorClass { ERROR_CLASS_GENERIC_ERROR =3D QAPI_ERROR_CLASS_GENERICERROR, ERROR_CLASS_COMMAND_NOT_FOUND =3D QAPI_ERROR_CLASS_COMMANDNOTFOUND, - ERROR_CLASS_DEVICE_ENCRYPTED =3D QAPI_ERROR_CLASS_DEVICEENCRYPTED, ERROR_CLASS_DEVICE_NOT_ACTIVE =3D QAPI_ERROR_CLASS_DEVICENOTACTIVE, ERROR_CLASS_DEVICE_NOT_FOUND =3D QAPI_ERROR_CLASS_DEVICENOTFOUND, ERROR_CLASS_KVM_MISSING_CAP =3D QAPI_ERROR_CLASS_KVMMISSINGCAP, diff --git a/qapi/block-core.json b/qapi/block-core.json index f083cd3..5920ff0 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -258,8 +258,7 @@ # # @encrypted: true if the backing device is encrypted # -# @encryption_key_missing: true if the backing device is encrypted but an -# valid encryption key is missing +# @encryption_key_missing: Deprecated; always false # # @detect_zeroes: detect and optimize zero writes (Since 2.1) # diff --git a/qapi/common.json b/qapi/common.json index b626647..8355d5a 100644 --- a/qapi/common.json +++ b/qapi/common.json @@ -14,9 +14,6 @@ # # @CommandNotFound: the requested command has not been found # -# @DeviceEncrypted: the requested operation can't be fulfilled because the -# selected device is encrypted -# # @DeviceNotActive: a device has failed to be become active # # @DeviceNotFound: the requested device has not been found @@ -28,7 +25,7 @@ ## { 'enum': 'QapiErrorClass', # Keep this in sync with ErrorClass in error.h - 'data': [ 'GenericError', 'CommandNotFound', 'DeviceEncrypted', + 'data': [ 'GenericError', 'CommandNotFound', 'DeviceNotActive', 'DeviceNotFound', 'KVMMissingCap' ] } =20 ## --=20 2.9.3 From nobody Thu Apr 25 21:25:05 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1487679772305478.77216605934336; Tue, 21 Feb 2017 04:22:52 -0800 (PST) Received: from localhost ([::1]:44051 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg9T1-0004VG-23 for importer@patchew.org; Tue, 21 Feb 2017 07:22:51 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38396) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cg93K-0005jY-D3 for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:20 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cg93I-0005KD-M9 for qemu-devel@nongnu.org; Tue, 21 Feb 2017 06:56:18 -0500 Received: from mx1.redhat.com ([209.132.183.28]:48064) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cg93D-0005HV-3o; Tue, 21 Feb 2017 06:56:11 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 2F573C056792; Tue, 21 Feb 2017 11:56:11 +0000 (UTC) Received: from t460.redhat.com (ovpn-117-196.ams2.redhat.com [10.36.117.196]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v1LBtLjS032624; Tue, 21 Feb 2017 06:56:09 -0500 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 21 Feb 2017 11:55:12 +0000 Message-Id: <20170221115512.21918-19-berrange@redhat.com> In-Reply-To: <20170221115512.21918-1-berrange@redhat.com> References: <20170221115512.21918-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Tue, 21 Feb 2017 11:56:11 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v5 18/18] block: pass option prefix down to crypto layer X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" While the crypto layer uses a fixed option name "key-secret", the upper block layer may have a prefix on the options. e.g. "luks-key-secret", "aes-key-secret", in order to avoid clashes between crypto option names & other block option names. To ensure the crypto layer can report accurate error messages, we must tell it what option name prefix was used. Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange Reviewed-by: Alberto Garcia --- block/crypto.c | 4 ++-- block/qcow.c | 7 ++++--- block/qcow2.c | 15 +++++++++------ crypto/block-luks.c | 8 ++++++-- crypto/block-qcow.c | 8 ++++++-- crypto/block.c | 6 ++++-- crypto/blockpriv.h | 2 ++ include/crypto/block.h | 6 +++++- tests/test-crypto-block.c | 8 ++++---- 9 files changed, 42 insertions(+), 22 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index 6d6bd90..22bc6ba 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -369,7 +369,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat= format, if (flags & BDRV_O_NO_IO) { cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; } - crypto->block =3D qcrypto_block_open(open_opts, + crypto->block =3D qcrypto_block_open(open_opts, NULL, block_crypto_read_func, bs, cflags, @@ -409,7 +409,7 @@ static int block_crypto_create_generic(QCryptoBlockForm= at format, return -1; } =20 - crypto =3D qcrypto_block_create(create_opts, + crypto =3D qcrypto_block_create(create_opts, NULL, block_crypto_init_func, block_crypto_write_func, &data, diff --git a/block/qcow.c b/block/qcow.c index 47398ef..3e87c6d 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -197,8 +197,8 @@ static int qcow_open(BlockDriverState *bs, QDict *optio= ns, int flags, if (flags & BDRV_O_NO_IO) { cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; } - s->crypto =3D qcrypto_block_open(crypto_opts, NULL, NULL, - cflags, errp); + s->crypto =3D qcrypto_block_open(crypto_opts, "aes-", + NULL, NULL, cflags, errp); if (!s->crypto) { ret =3D -EINVAL; goto fail; @@ -825,7 +825,8 @@ static int qcow_create(const char *filename, QemuOpts *= opts, Error **errp) goto exit; } =20 - crypto =3D qcrypto_block_create(crypto_opts, NULL, NULL, NULL, err= p); + crypto =3D qcrypto_block_create(crypto_opts, "aes-", + NULL, NULL, NULL, errp); if (!crypto) { ret =3D -EINVAL; goto exit; diff --git a/block/qcow2.c b/block/qcow2.c index 642bd1a..cb0e4b5 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -284,7 +284,7 @@ static int qcow2_read_extensions(BlockDriverState *bs, = uint64_t start_offset, * provide the same key-secret property against the full * backing chain */ - s->crypto =3D qcrypto_block_open(s->crypto_opts, + s->crypto =3D qcrypto_block_open(s->crypto_opts, "luks-", qcow2_crypto_hdr_read_func, bs, cflags, errp); if (!s->crypto) { @@ -1295,8 +1295,8 @@ static int qcow2_open(BlockDriverState *bs, QDict *op= tions, int flags, * provide the same key-secret property against the full * backing chain */ - s->crypto =3D qcrypto_block_open(s->crypto_opts, NULL, NULL, - cflags, errp); + s->crypto =3D qcrypto_block_open(s->crypto_opts, "aes-", + NULL, NULL, cflags, errp); if (!s->crypto) { ret =3D -EINVAL; goto fail; @@ -2213,16 +2213,19 @@ static int qcow2_set_up_encryption(BlockDriverState= *bs, QemuOpts *opts, QCryptoBlockCreateOptions *cryptoopts =3D NULL; QCryptoBlock *crypto =3D NULL; int ret =3D -EINVAL; + const char *optprefix; int fmt =3D qcow2_crypt_method_from_format(fmtstr); =20 switch (fmt) { case QCOW_CRYPT_LUKS: + optprefix =3D "luks-"; cryptoopts =3D block_crypto_create_opts_init( - Q_CRYPTO_BLOCK_FORMAT_LUKS, opts, "luks-", errp); + Q_CRYPTO_BLOCK_FORMAT_LUKS, opts, optprefix, errp); break; case QCOW_CRYPT_AES: + optprefix =3D "aes-"; cryptoopts =3D block_crypto_create_opts_init( - Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, "aes-", errp); + Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, optprefix, errp); break; default: error_setg(errp, "Unknown encryption format %s", fmtstr); @@ -2234,7 +2237,7 @@ static int qcow2_set_up_encryption(BlockDriverState *= bs, QemuOpts *opts, goto out; } =20 - crypto =3D qcrypto_block_create(cryptoopts, + crypto =3D qcrypto_block_create(cryptoopts, optprefix, qcow2_crypto_hdr_init_func, qcow2_crypto_hdr_write_func, bs, errp); diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 4530f82..4a4c4a0 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -638,6 +638,7 @@ qcrypto_block_luks_find_key(QCryptoBlock *block, static int qcrypto_block_luks_open(QCryptoBlock *block, QCryptoBlockOpenOptions *options, + const char *optprefix, QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, @@ -661,7 +662,8 @@ qcrypto_block_luks_open(QCryptoBlock *block, =20 if (!(flags & QCRYPTO_BLOCK_OPEN_NO_IO)) { if (!options->u.luks.key_secret) { - error_setg(errp, "Parameter 'key-secret' is required for ciphe= r"); + error_setg(errp, "Parameter '%skey-secret' is required for cip= her", + optprefix ? optprefix : ""); return -1; } password =3D qcrypto_secret_lookup_as_utf8( @@ -885,6 +887,7 @@ qcrypto_block_luks_uuid_gen(uint8_t *uuidstr) static int qcrypto_block_luks_create(QCryptoBlock *block, QCryptoBlockCreateOptions *options, + const char *optprefix, QCryptoBlockInitFunc initfunc, QCryptoBlockWriteFunc writefunc, void *opaque, @@ -937,7 +940,8 @@ qcrypto_block_luks_create(QCryptoBlock *block, * be silently ignored, for compatibility with dm-crypt */ =20 if (!options->u.luks.key_secret) { - error_setg(errp, "Parameter 'key-secret' is required for cipher"); + error_setg(errp, "Parameter '%skey-secret' is required for cipher", + optprefix ? optprefix : ""); return -1; } password =3D qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp); diff --git a/crypto/block-qcow.c b/crypto/block-qcow.c index be88c6f..a456fe3 100644 --- a/crypto/block-qcow.c +++ b/crypto/block-qcow.c @@ -94,6 +94,7 @@ qcrypto_block_qcow_init(QCryptoBlock *block, static int qcrypto_block_qcow_open(QCryptoBlock *block, QCryptoBlockOpenOptions *options, + const char *optprefix, QCryptoBlockReadFunc readfunc G_GNUC_UNUSED, void *opaque G_GNUC_UNUSED, unsigned int flags, @@ -104,7 +105,8 @@ qcrypto_block_qcow_open(QCryptoBlock *block, } else { if (!options->u.qcow.key_secret) { error_setg(errp, - "Parameter 'key-secret' is required for cipher"); + "Parameter '%skey-secret' is required for cipher", + optprefix ? optprefix : ""); return -1; } return qcrypto_block_qcow_init(block, @@ -116,13 +118,15 @@ qcrypto_block_qcow_open(QCryptoBlock *block, static int qcrypto_block_qcow_create(QCryptoBlock *block, QCryptoBlockCreateOptions *options, + const char *optprefix, QCryptoBlockInitFunc initfunc G_GNUC_UNUSED, QCryptoBlockWriteFunc writefunc G_GNUC_UNUSED, void *opaque G_GNUC_UNUSED, Error **errp) { if (!options->u.qcow.key_secret) { - error_setg(errp, "Parameter 'key-secret' is required for cipher"); + error_setg(errp, "Parameter '%skey-secret' is required for cipher", + optprefix ? optprefix : ""); return -1; } /* QCow2 has no special header, since everything is hardwired */ diff --git a/crypto/block.c b/crypto/block.c index 64c8420..b097d45 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -48,6 +48,7 @@ bool qcrypto_block_has_format(QCryptoBlockFormat format, =20 =20 QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options, + const char *optprefix, QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, @@ -67,7 +68,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions = *options, =20 block->driver =3D qcrypto_block_drivers[options->format]; =20 - if (block->driver->open(block, options, + if (block->driver->open(block, options, optprefix, readfunc, opaque, flags, errp) < 0) { g_free(block); return NULL; @@ -78,6 +79,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions = *options, =20 =20 QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, + const char *optprefix, QCryptoBlockInitFunc initfunc, QCryptoBlockWriteFunc writefunc, void *opaque, @@ -97,7 +99,7 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOpti= ons *options, =20 block->driver =3D qcrypto_block_drivers[options->format]; =20 - if (block->driver->create(block, options, initfunc, + if (block->driver->create(block, options, optprefix, initfunc, writefunc, opaque, errp) < 0) { g_free(block); return NULL; diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 68f0f06..0edb810 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -41,6 +41,7 @@ struct QCryptoBlock { struct QCryptoBlockDriver { int (*open)(QCryptoBlock *block, QCryptoBlockOpenOptions *options, + const char *optprefix, QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, @@ -48,6 +49,7 @@ struct QCryptoBlockDriver { =20 int (*create)(QCryptoBlock *block, QCryptoBlockCreateOptions *options, + const char *optprefix, QCryptoBlockInitFunc initfunc, QCryptoBlockWriteFunc writefunc, void *opaque, diff --git a/include/crypto/block.h b/include/crypto/block.h index b6971de..c0c202a 100644 --- a/include/crypto/block.h +++ b/include/crypto/block.h @@ -71,6 +71,7 @@ typedef enum { /** * qcrypto_block_open: * @options: the encryption options + * @optprefix: name prefix for options * @readfunc: callback for reading data from the volume * @opaque: data to pass to @readfunc * @flags: bitmask of QCryptoBlockOpenFlags values @@ -102,6 +103,7 @@ typedef enum { * Returns: a block encryption format, or NULL on error */ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options, + const char *optprefix, QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, @@ -109,7 +111,8 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOption= s *options, =20 /** * qcrypto_block_create: - * @format: the encryption format + * @options: the encryption options + * @optprefix: name prefix for options * @initfunc: callback for initializing volume header * @writefunc: callback for writing data to the volume header * @opaque: data to pass to @initfunc and @writefunc @@ -133,6 +136,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOption= s *options, * Returns: a block encryption format, or NULL on error */ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, + const char *optprefix, QCryptoBlockInitFunc initfunc, QCryptoBlockWriteFunc writefunc, void *opaque, diff --git a/tests/test-crypto-block.c b/tests/test-crypto-block.c index 1957a86..f018692 100644 --- a/tests/test-crypto-block.c +++ b/tests/test-crypto-block.c @@ -281,7 +281,7 @@ static void test_block(gconstpointer opaque) memset(&header, 0, sizeof(header)); buffer_init(&header, "header"); =20 - blk =3D qcrypto_block_create(data->create_opts, + blk =3D qcrypto_block_create(data->create_opts, NULL, test_block_init_func, test_block_write_func, &header, @@ -300,7 +300,7 @@ static void test_block(gconstpointer opaque) object_unparent(sec); =20 /* Ensure we can't open without the secret */ - blk =3D qcrypto_block_open(data->open_opts, + blk =3D qcrypto_block_open(data->open_opts, NULL, test_block_read_func, &header, 0, @@ -308,7 +308,7 @@ static void test_block(gconstpointer opaque) g_assert(blk =3D=3D NULL); =20 /* Ensure we can't open without the secret, unless NO_IO */ - blk =3D qcrypto_block_open(data->open_opts, + blk =3D qcrypto_block_open(data->open_opts, NULL, test_block_read_func, &header, QCRYPTO_BLOCK_OPEN_NO_IO, @@ -322,7 +322,7 @@ static void test_block(gconstpointer opaque) =20 /* Now open for real with secret */ sec =3D test_block_secret(); - blk =3D qcrypto_block_open(data->open_opts, + blk =3D qcrypto_block_open(data->open_opts, NULL, test_block_read_func, &header, 0, --=20 2.9.3