From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493134880524685.4209718873215; Tue, 25 Apr 2017 08:41:20 -0700 (PDT) Received: from localhost ([::1]:49984 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32ad-0000zD-36 for importer@patchew.org; Tue, 25 Apr 2017 11:41:19 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51981) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32Yh-0007tP-EO for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32Yf-0007v7-Qp for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:19 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50760) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32YZ-0007s2-6c; Tue, 25 Apr 2017 11:39:11 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 23C767072A; Tue, 25 Apr 2017 15:39:10 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id 89113C14C4; Tue, 25 Apr 2017 15:39:08 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 23C767072A Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 23C767072A From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:41 +0100 Message-Id: <20170425153858.25660-2-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 25 Apr 2017 15:39:10 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 01/18] block: expose crypto option names / defs to other drivers X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The block/crypto.c defines a set of QemuOpts that provide parameters for encryption. This will also be needed by the qcow/qcow2 integration, so expose the relevant pieces in a new block/crypto.h header. Some helper methods taking QemuOpts are changed to take QDict to simplify usage in other places. Reviewed-by: Max Reitz Reviewed-by: Eric Blake Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- block/crypto.c | 82 +++++++++++++++++----------------------------------- block/crypto.h | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 117 insertions(+), 56 deletions(-) create mode 100644 block/crypto.h diff --git a/block/crypto.c b/block/crypto.c index 2a6a805..8205bd8 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -24,16 +24,10 @@ #include "sysemu/block-backend.h" #include "crypto/block.h" #include "qapi/opts-visitor.h" +#include "qapi/qobject-input-visitor.h" #include "qapi-visit.h" #include "qapi/error.h" - -#define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret" -#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg" -#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode" -#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg" -#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg" -#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg" -#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time" +#include "block/crypto.h" =20 typedef struct BlockCrypto BlockCrypto; =20 @@ -135,11 +129,7 @@ static QemuOptsList block_crypto_runtime_opts_luks =3D= { .name =3D "crypto", .head =3D QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head), .desc =3D { - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, - .type =3D QEMU_OPT_STRING, - .help =3D "ID of the secret that provides the encryption key", - }, + BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET, { /* end of list */ } }, }; @@ -154,49 +144,21 @@ static QemuOptsList block_crypto_create_opts_luks =3D= { .type =3D QEMU_OPT_SIZE, .help =3D "Virtual disk size" }, - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, - .type =3D QEMU_OPT_STRING, - .help =3D "ID of the secret that provides the encryption key", - }, - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, - .type =3D QEMU_OPT_STRING, - .help =3D "Name of encryption cipher algorithm", - }, - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, - .type =3D QEMU_OPT_STRING, - .help =3D "Name of encryption cipher mode", - }, - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, - .type =3D QEMU_OPT_STRING, - .help =3D "Name of IV generator algorithm", - }, - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, - .type =3D QEMU_OPT_STRING, - .help =3D "Name of IV generator hash algorithm", - }, - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, - .type =3D QEMU_OPT_STRING, - .help =3D "Name of encryption hash algorithm", - }, - { - .name =3D BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, - .type =3D QEMU_OPT_NUMBER, - .help =3D "Time to spend in PBKDF in milliseconds", - }, + BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET, + BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG, + BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE, + BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG, + BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG, + BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG, + BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME, { /* end of list */ } }, }; =20 =20 -static QCryptoBlockOpenOptions * +QCryptoBlockOpenOptions * block_crypto_open_opts_init(QCryptoBlockFormat format, - QemuOpts *opts, + QDict *opts, Error **errp) { Visitor *v; @@ -206,7 +168,7 @@ block_crypto_open_opts_init(QCryptoBlockFormat format, ret =3D g_new0(QCryptoBlockOpenOptions, 1); ret->format =3D format; =20 - v =3D opts_visitor_new(opts); + v =3D qobject_input_visitor_new_keyval(QOBJECT(opts)); =20 visit_start_struct(v, NULL, NULL, 0, &local_err); if (local_err) { @@ -240,9 +202,9 @@ block_crypto_open_opts_init(QCryptoBlockFormat format, } =20 =20 -static QCryptoBlockCreateOptions * +QCryptoBlockCreateOptions * block_crypto_create_opts_init(QCryptoBlockFormat format, - QemuOpts *opts, + QDict *opts, Error **errp) { Visitor *v; @@ -252,7 +214,7 @@ block_crypto_create_opts_init(QCryptoBlockFormat format, ret =3D g_new0(QCryptoBlockCreateOptions, 1); ret->format =3D format; =20 - v =3D opts_visitor_new(opts); + v =3D qobject_input_visitor_new_keyval(QOBJECT(opts)); =20 visit_start_struct(v, NULL, NULL, 0, &local_err); if (local_err) { @@ -299,6 +261,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat= format, int ret =3D -EINVAL; QCryptoBlockOpenOptions *open_opts =3D NULL; unsigned int cflags =3D 0; + QDict *cryptoopts =3D NULL; =20 bs->file =3D bdrv_open_child(NULL, options, "file", bs, &child_file, false, errp); @@ -313,7 +276,9 @@ static int block_crypto_open_generic(QCryptoBlockFormat= format, goto cleanup; } =20 - open_opts =3D block_crypto_open_opts_init(format, opts, errp); + cryptoopts =3D qemu_opts_to_qdict(opts, NULL); + + open_opts =3D block_crypto_open_opts_init(format, cryptoopts, errp); if (!open_opts) { goto cleanup; } @@ -337,6 +302,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat= format, =20 ret =3D 0; cleanup: + QDECREF(cryptoopts); qapi_free_QCryptoBlockOpenOptions(open_opts); return ret; } @@ -356,8 +322,11 @@ static int block_crypto_create_generic(QCryptoBlockFor= mat format, .opts =3D opts, .filename =3D filename, }; + QDict *cryptoopts; + + cryptoopts =3D qemu_opts_to_qdict(opts, NULL); =20 - create_opts =3D block_crypto_create_opts_init(format, opts, errp); + create_opts =3D block_crypto_create_opts_init(format, cryptoopts, errp= ); if (!create_opts) { return -1; } @@ -375,6 +344,7 @@ static int block_crypto_create_generic(QCryptoBlockForm= at format, =20 ret =3D 0; cleanup: + QDECREF(cryptoopts); qcrypto_block_free(crypto); blk_unref(data.blk); qapi_free_QCryptoBlockCreateOptions(create_opts); diff --git a/block/crypto.h b/block/crypto.h new file mode 100644 index 0000000..a4ea28a --- /dev/null +++ b/block/crypto.h @@ -0,0 +1,91 @@ +/* + * QEMU block full disk encryption + * + * Copyright (c) 2015-2016 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + * + */ + +#ifndef BLOCK_CRYPTO_H__ +#define BLOCK_CRYPTO_H__ + +#define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret" +#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg" +#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode" +#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg" +#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg" +#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg" +#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time" + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET \ + { \ + .name =3D BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "ID of the secret that provides the keyslot passphrase",= \ + } + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG \ + { \ + .name =3D BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "Name of encryption cipher algorithm", \ + } + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE \ + { \ + .name =3D BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "Name of encryption cipher mode", \ + } + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG \ + { \ + .name =3D BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "Name of IV generator algorithm", \ + } + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG \ + { \ + .name =3D BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "Name of IV generator hash algorithm", \ + } + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG \ + { \ + .name =3D BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "Name of encryption hash algorithm", \ + } + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME \ + { \ + .name =3D BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \ + .type =3D QEMU_OPT_NUMBER, \ + .help =3D "Time to spend in PBKDF in milliseconds", \ + } + +QCryptoBlockCreateOptions * +block_crypto_create_opts_init(QCryptoBlockFormat format, + QDict *opts, + Error **errp); + +QCryptoBlockOpenOptions * +block_crypto_open_opts_init(QCryptoBlockFormat format, + QDict *opts, + Error **errp); + +#endif /* BLOCK_CRYPTO_H__ */ --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493134889207914.5776504647273; Tue, 25 Apr 2017 08:41:29 -0700 (PDT) Received: from localhost ([::1]:49985 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32al-00018N-OZ for importer@patchew.org; Tue, 25 Apr 2017 11:41:27 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51986) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32Yh-0007td-Kt for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:20 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32Yg-0007vK-9B for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:19 -0400 Received: from mx1.redhat.com ([209.132.183.28]:44162) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32Yb-0007si-Hx; Tue, 25 Apr 2017 11:39:13 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id F230280473; Tue, 25 Apr 2017 15:39:11 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5EABEC14C4; Tue, 25 Apr 2017 15:39:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com F230280473 Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com F230280473 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:42 +0100 Message-Id: <20170425153858.25660-3-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 25 Apr 2017 15:39:12 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 02/18] block: add ability to set a prefix for opt names X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" When integrating the crypto support with qcow/qcow2, we don't want to use the bare LUKS option names "hash-alg", "key-secret", etc. We want to namespace them "luks-hash-alg", "luks-key-secret" so that they don't clash with any general qcow options at a later date. Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- block/crypto.c | 16 ++++++++-------- block/crypto.h | 40 ++++++++++++++++++++-------------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index 8205bd8..7edcc49 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -129,7 +129,7 @@ static QemuOptsList block_crypto_runtime_opts_luks =3D { .name =3D "crypto", .head =3D QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head), .desc =3D { - BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET, + BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""), { /* end of list */ } }, }; @@ -144,13 +144,13 @@ static QemuOptsList block_crypto_create_opts_luks =3D= { .type =3D QEMU_OPT_SIZE, .help =3D "Virtual disk size" }, - BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET, - BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG, - BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE, - BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG, - BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG, - BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG, - BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME, + BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""), { /* end of list */ } }, }; diff --git a/block/crypto.h b/block/crypto.h index a4ea28a..78c1f50 100644 --- a/block/crypto.h +++ b/block/crypto.h @@ -29,51 +29,51 @@ #define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg" #define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time" =20 -#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET \ +#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \ { \ - .name =3D BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, \ + .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, \ .type =3D QEMU_OPT_STRING, \ .help =3D "ID of the secret that provides the keyslot passphrase",= \ } =20 -#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG \ +#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix) \ { \ - .name =3D BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \ + .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \ .type =3D QEMU_OPT_STRING, \ .help =3D "Name of encryption cipher algorithm", \ } =20 -#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE \ - { \ - .name =3D BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \ - .type =3D QEMU_OPT_STRING, \ - .help =3D "Name of encryption cipher mode", \ +#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(prefix) \ + { \ + .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "Name of encryption cipher mode", \ } =20 -#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG \ - { \ - .name =3D BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \ - .type =3D QEMU_OPT_STRING, \ - .help =3D "Name of IV generator algorithm", \ +#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(prefix) \ + { \ + .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D "Name of IV generator algorithm", \ } =20 -#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG \ +#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(prefix) \ { \ - .name =3D BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \ + .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \ .type =3D QEMU_OPT_STRING, \ .help =3D "Name of IV generator hash algorithm", \ } =20 -#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG \ +#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(prefix) \ { \ - .name =3D BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \ + .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \ .type =3D QEMU_OPT_STRING, \ .help =3D "Name of encryption hash algorithm", \ } =20 -#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME \ +#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(prefix) \ { \ - .name =3D BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \ + .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \ .type =3D QEMU_OPT_NUMBER, \ .help =3D "Time to spend in PBKDF in milliseconds", \ } --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 149313502807825.533992815217857; Tue, 25 Apr 2017 08:43:48 -0700 (PDT) Received: from localhost ([::1]:49996 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32d0-0003RH-NV for importer@patchew.org; Tue, 25 Apr 2017 11:43:46 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51979) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32Yh-0007tN-Dk for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32Yg-0007ve-DX for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:19 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50890) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32Yd-0007th-Ry; Tue, 25 Apr 2017 11:39:16 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C811470722; Tue, 25 Apr 2017 15:39:14 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3687E7F599; Tue, 25 Apr 2017 15:39:12 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com C811470722 Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com C811470722 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:43 +0100 Message-Id: <20170425153858.25660-4-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 25 Apr 2017 15:39:14 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 03/18] qcow: document another weakness of qcow AES encryption X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Document that use of guest virtual sector numbers as the basis for the initialization vectors is a potential weakness, when combined with internal snapshots or multiple images using the same passphrase. This fixes the formatting of the itemized list too. Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- qemu-img.texi | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/qemu-img.texi b/qemu-img.texi index c81db3e..d6baae0 100644 --- a/qemu-img.texi +++ b/qemu-img.texi @@ -558,16 +558,29 @@ The use of encryption in qcow and qcow2 images is con= sidered to be flawed by modern cryptography standards, suffering from a number of design problems: =20 @itemize @minus -@item The AES-CBC cipher is used with predictable initialization vectors b= ased +@item +The AES-CBC cipher is used with predictable initialization vectors based on the sector number. This makes it vulnerable to chosen plaintext attacks which can reveal the existence of encrypted data. -@item The user passphrase is directly used as the encryption key. A poorly +@item +The user passphrase is directly used as the encryption key. A poorly chosen or short passphrase will compromise the security of the encryption. -@item In the event of the passphrase being compromised there is no way to +@item +In the event of the passphrase being compromised there is no way to change the passphrase to protect data in any qcow images. The files must be cloned, using a different encryption passphrase in the new file. The original file must then be securely erased using a program like shred, though even this is ineffective with many modern storage technologies. +@item +Initialization vectors used to encrypt sectors are based on the +guest virtual sector number, instead of the host physical sector. When +a disk image has multiple internal snapshots this means that data in +multiple physical sectors is encrypted with the same initialization +vector. With the CBC mode, this opens the possibility of watermarking +attacks if the attack can collect multiple sectors encrypted with the +same IV and some predictable data. Having multiple qcow2 images with +the same passphrase also exposes this weakness since the passphrase +is directly used as the key. @end itemize =20 Use of qcow / qcow2 encryption is thus strongly discouraged. Users are --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493135032114309.9999153242467; Tue, 25 Apr 2017 08:43:52 -0700 (PDT) Received: from localhost ([::1]:49997 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32d4-0003UI-Nw for importer@patchew.org; Tue, 25 Apr 2017 11:43:50 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52151) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32Yq-00081M-8S for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32Yp-00081y-FR for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:28 -0400 Received: from mx1.redhat.com ([209.132.183.28]:57060) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32Yi-0007wm-KJ; Tue, 25 Apr 2017 11:39:20 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7A0CF81240; Tue, 25 Apr 2017 15:39:19 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0D3FA84E1D; Tue, 25 Apr 2017 15:39:14 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 7A0CF81240 Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 7A0CF81240 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:44 +0100 Message-Id: <20170425153858.25660-5-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 25 Apr 2017 15:39:19 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 04/18] qcow: require image size to be > 1 for new images X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The qcow driver refuses to open images which are less than 2 bytes in size, but will happily create such images. Add a check in the create path to avoid this discrepancy. Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- block/qcow.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/block/qcow.c b/block/qcow.c index 9d6ac83..d6ce46c 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -811,6 +811,12 @@ static int qcow_create(const char *filename, QemuOpts = *opts, Error **errp) /* Read out options */ total_size =3D ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0), BDRV_SECTOR_SIZE); + if (total_size =3D=3D 0) { + error_setg(errp, "Image size is too small, cannot be zero length"); + ret =3D -EINVAL; + goto cleanup; + } + backing_file =3D qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FILE); if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) { flags |=3D BLOCK_FLAG_ENCRYPT; --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493135012729890.6396838596999; Tue, 25 Apr 2017 08:43:32 -0700 (PDT) Received: from localhost ([::1]:49995 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32ck-0003Cy-KS for importer@patchew.org; Tue, 25 Apr 2017 11:43:30 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52190) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32Yr-00082b-Cx for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32Yq-00082s-MP for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:29 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50068) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32Yk-0007xu-OF; Tue, 25 Apr 2017 11:39:22 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9FA2719D00C; Tue, 25 Apr 2017 15:39:21 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id B16D517CC1; Tue, 25 Apr 2017 15:39:19 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 9FA2719D00C Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 9FA2719D00C From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:45 +0100 Message-Id: <20170425153858.25660-6-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 25 Apr 2017 15:39:21 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 05/18] iotests: skip 042 with qcow which dosn't support zero sized images X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Test 042 is designed to verify operation with zero sized images. Such images are not supported with qcow (v1), so this test has always failed. Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/042 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/qemu-iotests/042 b/tests/qemu-iotests/042 index 351b283..a53e7cb 100755 --- a/tests/qemu-iotests/042 +++ b/tests/qemu-iotests/042 @@ -37,7 +37,7 @@ trap "_cleanup; exit \$status" 0 1 2 3 15 . ./common.rc . ./common.filter =20 -_supported_fmt qcow2 qcow qed +_supported_fmt qcow2 qed _supported_proto file _supported_os Linux =20 --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493135218864336.77866589377174; Tue, 25 Apr 2017 08:46:58 -0700 (PDT) Received: from localhost ([::1]:50017 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32g5-00069T-DX for importer@patchew.org; Tue, 25 Apr 2017 11:46:57 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52184) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32Yr-00082L-4L for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32Yq-00082g-DS for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:29 -0400 Received: from mx1.redhat.com ([209.132.183.28]:44584) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32Ym-0007yd-88; Tue, 25 Apr 2017 11:39:24 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 23AB17F7AD; Tue, 25 Apr 2017 15:39:23 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id D8DD8C14C4; Tue, 25 Apr 2017 15:39:21 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 23AB17F7AD Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 23AB17F7AD From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:46 +0100 Message-Id: <20170425153858.25660-7-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Tue, 25 Apr 2017 15:39:23 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 06/18] iotests: skip 048 with qcow which doesn't support resize X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Test 048 is designed to verify data preservation during an image resize. The qcow (v1) format impl has never supported resize so always fails. Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/048 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/qemu-iotests/048 b/tests/qemu-iotests/048 index 203c04f..9ed04a0 100755 --- a/tests/qemu-iotests/048 +++ b/tests/qemu-iotests/048 @@ -46,7 +46,7 @@ _compare() . ./common.filter . ./common.pattern =20 -_supported_fmt raw qcow qcow2 qed luks +_supported_fmt raw qcow2 qed luks _supported_proto file _supported_os Linux =20 --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493135179037557.9588210206226; Tue, 25 Apr 2017 08:46:19 -0700 (PDT) Received: from localhost ([::1]:50015 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32fR-0005gX-Ju for importer@patchew.org; Tue, 25 Apr 2017 11:46:17 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52315) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32Yz-0008AM-V2 for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32Yv-00085K-0c for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:37 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50190) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32Yn-0007zj-RB; Tue, 25 Apr 2017 11:39:26 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BE85819CB90; Tue, 25 Apr 2017 15:39:24 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5D71DC14C4; Tue, 25 Apr 2017 15:39:23 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com BE85819CB90 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com BE85819CB90 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:47 +0100 Message-Id: <20170425153858.25660-8-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 25 Apr 2017 15:39:24 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 07/18] block: deprecate "encryption=on" in favour of "encrypt.format=aes" X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Historically the qcow & qcow2 image formats supported a property "encryption=3Don" to enable their built-in AES encryption. We'll soon be supporting LUKS for qcow2, so need a more general purpose way to enable encryption, with a choice of formats. This introduces an "encrypt.format" option, which will later be joined by a number of other "encrypt.XXX" options. The use of a "encrypt." prefix instead of "encrypt-" is done to facilitate mapping to a nested QAPI schema at later date. e.g. the preferred syntax is now qemu-img create -f qcow2 -o encrypt.format=3Daes demo.qcow2 Signed-off-by: Daniel P. Berrange Reviewed-by: Alberto Garcia Reviewed-by: Eric Blake --- block/qcow.c | 30 ++++++++++++++--- block/qcow2.c | 33 +++++++++++++++---- include/block/block_int.h | 2 +- qemu-img.c | 4 ++- tests/qemu-iotests/082.out | 81 ++++++++++++++++++++++++++++++------------= ---- 5 files changed, 110 insertions(+), 40 deletions(-) diff --git a/block/qcow.c b/block/qcow.c index d6ce46c..e9b7861 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -803,10 +803,10 @@ static int qcow_create(const char *filename, QemuOpts= *opts, Error **errp) uint8_t *tmp; int64_t total_size =3D 0; char *backing_file =3D NULL; - int flags =3D 0; Error *local_err =3D NULL; int ret; BlockBackend *qcow_blk; + const char *encryptfmt =3D NULL; =20 /* Read out options */ total_size =3D ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0), @@ -818,8 +818,16 @@ static int qcow_create(const char *filename, QemuOpts = *opts, Error **errp) } =20 backing_file =3D qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FILE); - if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) { - flags |=3D BLOCK_FLAG_ENCRYPT; + encryptfmt =3D qemu_opt_get_del(opts, BLOCK_OPT_ENCRYPT_FORMAT); + if (encryptfmt) { + if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) { + error_setg(errp, "Options " BLOCK_OPT_ENCRYPT " and " + BLOCK_OPT_ENCRYPT_FORMAT " are mutually exclusive"); + ret =3D -EINVAL; + goto cleanup; + } + } else if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) { + encryptfmt =3D "aes"; } =20 ret =3D bdrv_create_file(filename, opts, &local_err); @@ -872,7 +880,13 @@ static int qcow_create(const char *filename, QemuOpts = *opts, Error **errp) l1_size =3D (total_size + (1LL << shift) - 1) >> shift; =20 header.l1_table_offset =3D cpu_to_be64(header_size); - if (flags & BLOCK_FLAG_ENCRYPT) { + if (encryptfmt) { + if (!g_str_equal(encryptfmt, "aes")) { + error_setg(errp, "Unknown encryption format '%s', expected 'ae= s'", + encryptfmt); + ret =3D -EINVAL; + goto exit; + } header.crypt_method =3D cpu_to_be32(QCOW_CRYPT_AES); } else { header.crypt_method =3D cpu_to_be32(QCOW_CRYPT_NONE); @@ -1046,9 +1060,15 @@ static QemuOptsList qcow_create_opts =3D { { .name =3D BLOCK_OPT_ENCRYPT, .type =3D QEMU_OPT_BOOL, - .help =3D "Encrypt the image", + .help =3D "Encrypt the image with format 'aes'. (Deprecated " + "in favour of " BLOCK_OPT_ENCRYPT_FORMAT "=3Daes)", .def_value_str =3D "off" }, + { + .name =3D BLOCK_OPT_ENCRYPT_FORMAT, + .type =3D QEMU_OPT_STRING, + .help =3D "Encrypt the image, format choices: 'aes'", + }, { /* end of list */ } } }; diff --git a/block/qcow2.c b/block/qcow2.c index 6a92d2e..98ca6ed 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -2099,7 +2099,7 @@ static int qcow2_create2(const char *filename, int64_= t total_size, const char *backing_file, const char *backing_for= mat, int flags, size_t cluster_size, PreallocMode prea= lloc, QemuOpts *opts, int version, int refcount_order, - Error **errp) + const char *encryptfmt, Error **errp) { int cluster_bits; QDict *options; @@ -2227,7 +2227,13 @@ static int qcow2_create2(const char *filename, int64= _t total_size, .header_length =3D cpu_to_be32(sizeof(*header)), }; =20 - if (flags & BLOCK_FLAG_ENCRYPT) { + if (encryptfmt) { + if (!g_str_equal(encryptfmt, "aes")) { + error_setg(errp, "Unknown encryption format '%s', expected 'ae= s'", + encryptfmt); + ret =3D -EINVAL; + goto out; + } header->crypt_method =3D cpu_to_be32(QCOW_CRYPT_AES); } else { header->crypt_method =3D cpu_to_be32(QCOW_CRYPT_NONE); @@ -2356,6 +2362,7 @@ static int qcow2_create(const char *filename, QemuOpt= s *opts, Error **errp) int version =3D 3; uint64_t refcount_bits =3D 16; int refcount_order; + const char *encryptfmt =3D NULL; Error *local_err =3D NULL; int ret; =20 @@ -2364,8 +2371,16 @@ static int qcow2_create(const char *filename, QemuOp= ts *opts, Error **errp) BDRV_SECTOR_SIZE); backing_file =3D qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FILE); backing_fmt =3D qemu_opt_get_del(opts, BLOCK_OPT_BACKING_FMT); - if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) { - flags |=3D BLOCK_FLAG_ENCRYPT; + encryptfmt =3D qemu_opt_get_del(opts, BLOCK_OPT_ENCRYPT_FORMAT); + if (encryptfmt) { + if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) { + error_setg(errp, "Options " BLOCK_OPT_ENCRYPT " and " + BLOCK_OPT_ENCRYPT_FORMAT " are mutually exclusive"); + ret =3D -EINVAL; + goto finish; + } + } else if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) { + encryptfmt =3D "aes"; } cluster_size =3D qemu_opt_get_size_del(opts, BLOCK_OPT_CLUSTER_SIZE, DEFAULT_CLUSTER_SIZE); @@ -2431,7 +2446,7 @@ static int qcow2_create(const char *filename, QemuOpt= s *opts, Error **errp) =20 ret =3D qcow2_create2(filename, size, backing_file, backing_fmt, flags, cluster_size, prealloc, opts, version, refcount_or= der, - &local_err); + encryptfmt, &local_err); error_propagate(errp, local_err); =20 finish: @@ -3370,10 +3385,16 @@ static QemuOptsList qcow2_create_opts =3D { { .name =3D BLOCK_OPT_ENCRYPT, .type =3D QEMU_OPT_BOOL, - .help =3D "Encrypt the image", + .help =3D "Encrypt the image with format 'aes'. (Deprecated " + "in favour of " BLOCK_OPT_ENCRYPT_FORMAT "=3Daes)", .def_value_str =3D "off" }, { + .name =3D BLOCK_OPT_ENCRYPT_FORMAT, + .type =3D QEMU_OPT_STRING, + .help =3D "Encrypt the image, format choices: 'aes'", + }, + { .name =3D BLOCK_OPT_CLUSTER_SIZE, .type =3D QEMU_OPT_SIZE, .help =3D "qcow2 cluster size", diff --git a/include/block/block_int.h b/include/block/block_int.h index 4f8cd29..4b2f8b0 100644 --- a/include/block/block_int.h +++ b/include/block/block_int.h @@ -36,11 +36,11 @@ #include "qemu/main-loop.h" #include "qemu/throttle.h" =20 -#define BLOCK_FLAG_ENCRYPT 1 #define BLOCK_FLAG_LAZY_REFCOUNTS 8 =20 #define BLOCK_OPT_SIZE "size" #define BLOCK_OPT_ENCRYPT "encryption" +#define BLOCK_OPT_ENCRYPT_FORMAT "encrypt.format" #define BLOCK_OPT_COMPAT6 "compat6" #define BLOCK_OPT_HWVERSION "hwversion" #define BLOCK_OPT_BACKING_FILE "backing_file" diff --git a/qemu-img.c b/qemu-img.c index bbe1574..26be4d6 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -2229,6 +2229,8 @@ static int img_convert(int argc, char **argv) if (compress) { bool encryption =3D qemu_opt_get_bool(opts, BLOCK_OPT_ENCRYPT, false); + const char *encryptfmt =3D + qemu_opt_get(opts, BLOCK_OPT_ENCRYPT_FORMAT); const char *preallocation =3D qemu_opt_get(opts, BLOCK_OPT_PREALLOC); =20 @@ -2238,7 +2240,7 @@ static int img_convert(int argc, char **argv) goto out; } =20 - if (encryption) { + if (encryption || encryptfmt) { error_report("Compression and encryption not supported at " "the same time"); ret =3D -1; diff --git a/tests/qemu-iotests/082.out b/tests/qemu-iotests/082.out index a952330..e7ca3b1 100644 --- a/tests/qemu-iotests/082.out +++ b/tests/qemu-iotests/082.out @@ -48,7 +48,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -61,7 +62,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -74,7 +76,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -87,7 +90,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -100,7 +104,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -113,7 +118,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -126,7 +132,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -139,7 +146,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -167,7 +175,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -229,7 +238,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -242,7 +252,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -255,7 +266,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -268,7 +280,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -281,7 +294,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -294,7 +308,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -307,7 +322,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -320,7 +336,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -348,7 +365,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -407,7 +425,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -420,7 +439,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -433,7 +453,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -446,7 +467,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -459,7 +481,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -472,7 +495,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -485,7 +509,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -498,7 +523,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -528,7 +554,8 @@ size Virtual disk size compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image -encryption Encrypt the image +encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) +encrypt.format Encrypt the image, format choices: 'aes' cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493135154339771.5378442930677; Tue, 25 Apr 2017 08:45:54 -0700 (PDT) Received: from localhost ([::1]:50014 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32f2-0005H2-Q0 for importer@patchew.org; Tue, 25 Apr 2017 11:45:52 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52240) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32Yt-00084m-FT for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32Ys-00084E-6C for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:31 -0400 Received: from mx1.redhat.com ([209.132.183.28]:46650) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32Yp-000812-CF; Tue, 25 Apr 2017 11:39:27 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 44B3EC21865F; Tue, 25 Apr 2017 15:39:26 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id 02357C14C4; Tue, 25 Apr 2017 15:39:24 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 44B3EC21865F Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 44B3EC21865F From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:48 +0100 Message-Id: <20170425153858.25660-9-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Tue, 25 Apr 2017 15:39:26 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 08/18] qcow: make encrypt_sectors encrypt in place X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Instead of requiring separate input/output buffers for encrypting data, change encrypt_sectors() to assume use of a single buffer, encrypting in place. One current caller uses the same buffer for input/output already and the other two callers are easily converted to do so. Reviewed-by: Alberto Garcia Reviewed-by: Eric Blake Reviewed-by: Max Reitz Reviewed-by: Kevin Wolf Signed-off-by: Daniel P. Berrange --- block/qcow.c | 45 +++++++++++++++------------------------------ 1 file changed, 15 insertions(+), 30 deletions(-) diff --git a/block/qcow.c b/block/qcow.c index e9b7861..8b38de2 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -322,11 +322,10 @@ static int qcow_set_key(BlockDriverState *bs, const c= har *key) } =20 /* The crypt function is compatible with the linux cryptoloop - algorithm for < 4 GB images. NOTE: out_buf =3D=3D in_buf is - supported */ + algorithm for < 4 GB images. */ static int encrypt_sectors(BDRVQcowState *s, int64_t sector_num, - uint8_t *out_buf, const uint8_t *in_buf, - int nb_sectors, bool enc, Error **errp) + uint8_t *buf, int nb_sectors, bool enc, + Error **errp) { union { uint64_t ll[2]; @@ -345,14 +344,12 @@ static int encrypt_sectors(BDRVQcowState *s, int64_t = sector_num, } if (enc) { ret =3D qcrypto_cipher_encrypt(s->cipher, - in_buf, - out_buf, + buf, buf, 512, errp); } else { ret =3D qcrypto_cipher_decrypt(s->cipher, - in_buf, - out_buf, + buf, buf, 512, errp); } @@ -360,8 +357,7 @@ static int encrypt_sectors(BDRVQcowState *s, int64_t se= ctor_num, return -1; } sector_num++; - in_buf +=3D 512; - out_buf +=3D 512; + buf +=3D 512; } return 0; } @@ -481,13 +477,12 @@ static uint64_t get_cluster_offset(BlockDriverState *= bs, uint64_t start_sect; assert(s->cipher); start_sect =3D (offset & ~(s->cluster_size - 1)) >> 9; - memset(s->cluster_data + 512, 0x00, 512); for(i =3D 0; i < s->cluster_sectors; i++) { if (i < n_start || i >=3D n_end) { Error *err =3D NULL; + memset(s->cluster_data, 0x00, 512); if (encrypt_sectors(s, start_sect + i, - s->cluster_data, - s->cluster_data + 512, 1, + s->cluster_data, 1, true, &err) < 0) { error_free(err); errno =3D EIO; @@ -665,7 +660,7 @@ static coroutine_fn int qcow_co_readv(BlockDriverState = *bs, int64_t sector_num, } if (bs->encrypted) { assert(s->cipher); - if (encrypt_sectors(s, sector_num, buf, buf, + if (encrypt_sectors(s, sector_num, buf, n, false, &err) < 0) { goto fail; } @@ -700,9 +695,7 @@ static coroutine_fn int qcow_co_writev(BlockDriverState= *bs, int64_t sector_num, BDRVQcowState *s =3D bs->opaque; int index_in_cluster; uint64_t cluster_offset; - const uint8_t *src_buf; int ret =3D 0, n; - uint8_t *cluster_data =3D NULL; struct iovec hd_iov; QEMUIOVector hd_qiov; uint8_t *buf; @@ -710,7 +703,9 @@ static coroutine_fn int qcow_co_writev(BlockDriverState= *bs, int64_t sector_num, =20 s->cluster_cache_offset =3D -1; /* disable compressed cache */ =20 - if (qiov->niov > 1) { + /* We must always copy the iov when encrypting, so we + * don't modify the original data buffer during encryption */ + if (bs->encrypted || qiov->niov > 1) { buf =3D orig_buf =3D qemu_try_blockalign(bs, qiov->size); if (buf =3D=3D NULL) { return -ENOMEM; @@ -740,21 +735,14 @@ static coroutine_fn int qcow_co_writev(BlockDriverSta= te *bs, int64_t sector_num, if (bs->encrypted) { Error *err =3D NULL; assert(s->cipher); - if (!cluster_data) { - cluster_data =3D g_malloc0(s->cluster_size); - } - if (encrypt_sectors(s, sector_num, cluster_data, buf, - n, true, &err) < 0) { + if (encrypt_sectors(s, sector_num, buf, n, true, &err) < 0) { error_free(err); ret =3D -EIO; break; } - src_buf =3D cluster_data; - } else { - src_buf =3D buf; } =20 - hd_iov.iov_base =3D (void *)src_buf; + hd_iov.iov_base =3D (void *)buf; hd_iov.iov_len =3D n * 512; qemu_iovec_init_external(&hd_qiov, &hd_iov, 1); qemu_co_mutex_unlock(&s->lock); @@ -773,10 +761,7 @@ static coroutine_fn int qcow_co_writev(BlockDriverStat= e *bs, int64_t sector_num, } qemu_co_mutex_unlock(&s->lock); =20 - if (qiov->niov > 1) { - qemu_vfree(orig_buf); - } - g_free(cluster_data); + qemu_vfree(orig_buf); =20 return ret; } --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493135370604571.00656185637; Tue, 25 Apr 2017 08:49:30 -0700 (PDT) Received: from localhost ([::1]:50029 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32iX-00082o-6Y for importer@patchew.org; Tue, 25 Apr 2017 11:49:29 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52314) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32Yz-0008AL-Ur for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32Yv-00085S-Fl for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:37 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50244) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32Yq-00082T-Qw; Tue, 25 Apr 2017 11:39:29 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BF90323E6D2; Tue, 25 Apr 2017 15:39:27 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7AD91C14C4; Tue, 25 Apr 2017 15:39:26 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com BF90323E6D2 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com BF90323E6D2 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:49 +0100 Message-Id: <20170425153858.25660-10-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Tue, 25 Apr 2017 15:39:27 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 09/18] qcow: convert QCow to use QCryptoBlock for encryption X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" This converts the qcow driver to make use of the QCryptoBlock APIs for encrypting image content. This is only wired up to permit use of the legacy QCow encryption format. Users who wish to have the strong LUKS format should switch to qcow2 instead. With this change it is now required to use the QCryptoSecret object for providing passwords, instead of the current block password APIs / interactive prompting. $QEMU \ -object secret,id=3Dsec0,filename=3D/home/berrange/encrypted.pw \ -drive file=3D/home/berrange/encrypted.qcow,encrypt.format=3Dqcow,\ encrypt.key-secret=3Dsec0 Likewise when creating such images qemu-img create -f qcow \ -object secret,id=3Dsec0,filename=3D/home/berrange/encrypted.pw \ -o encrypt.format=3Dqcow,encrypt.key-secret=3Dsec0 \ /home/berrange/encrypted.qcow Signed-off-by: Daniel P. Berrange Reviewed-by: Eric Blake --- block/crypto.c | 10 +++ block/crypto.h | 20 ++++-- block/qcow.c | 196 +++++++++++++++++++++++++----------------------= ---- qapi/block-core.json | 37 +++++++++- 4 files changed, 156 insertions(+), 107 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index 7edcc49..913723a 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -181,6 +181,11 @@ block_crypto_open_opts_init(QCryptoBlockFormat format, v, &ret->u.luks, &local_err); break; =20 + case Q_CRYPTO_BLOCK_FORMAT_QCOW: + visit_type_QCryptoBlockOptionsQCow_members( + v, &ret->u.qcow, &local_err); + break; + default: error_setg(&local_err, "Unsupported block format %d", format); break; @@ -227,6 +232,11 @@ block_crypto_create_opts_init(QCryptoBlockFormat forma= t, v, &ret->u.luks, &local_err); break; =20 + case Q_CRYPTO_BLOCK_FORMAT_QCOW: + visit_type_QCryptoBlockOptionsQCow_members( + v, &ret->u.qcow, &local_err); + break; + default: error_setg(&local_err, "Unsupported block format %d", format); break; diff --git a/block/crypto.h b/block/crypto.h index 78c1f50..a32e394 100644 --- a/block/crypto.h +++ b/block/crypto.h @@ -21,6 +21,19 @@ #ifndef BLOCK_CRYPTO_H__ #define BLOCK_CRYPTO_H__ =20 +#define BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, helpstr) \ + { \ + .name =3D prefix BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D helpstr, \ + } + +#define BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET "key-secret" + +#define BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET(prefix) \ + BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \ + "ID of the secret that provides the AES encryption key") + #define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret" #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg" #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode" @@ -30,11 +43,8 @@ #define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time" =20 #define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \ - { \ - .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, \ - .type =3D QEMU_OPT_STRING, \ - .help =3D "ID of the secret that provides the keyslot passphrase",= \ - } + BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \ + "ID of the secret that provides the keyslot passphrase") =20 #define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix) \ { \ diff --git a/block/qcow.c b/block/qcow.c index 8b38de2..7bfa0dd 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -31,8 +31,10 @@ #include "qemu/bswap.h" #include #include "qapi/qmp/qerror.h" -#include "crypto/cipher.h" +#include "qapi/qmp/qstring.h" +#include "crypto/block.h" #include "migration/migration.h" +#include "block/crypto.h" =20 /**************************************************************/ /* QEMU COW block driver with compression and encryption support */ @@ -77,7 +79,7 @@ typedef struct BDRVQcowState { uint8_t *cluster_cache; uint8_t *cluster_data; uint64_t cluster_cache_offset; - QCryptoCipher *cipher; /* NULL if no key yet */ + QCryptoBlock *crypto; /* Disk encryption format driver */ uint32_t crypt_method_header; CoMutex lock; Error *migration_blocker; @@ -97,6 +99,15 @@ static int qcow_probe(const uint8_t *buf, int buf_size, = const char *filename) return 0; } =20 +static QemuOptsList qcow_runtime_opts =3D { + .name =3D "qcow", + .head =3D QTAILQ_HEAD_INITIALIZER(qcow_runtime_opts.head), + .desc =3D { + BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."), + { /* end of list */ } + }, +}; + static int qcow_open(BlockDriverState *bs, QDict *options, int flags, Error **errp) { @@ -105,6 +116,13 @@ static int qcow_open(BlockDriverState *bs, QDict *opti= ons, int flags, int ret; QCowHeader header; Error *local_err =3D NULL; + QCryptoBlockOpenOptions *crypto_opts =3D NULL; + unsigned int cflags =3D 0; + QDict *encryptopts =3D NULL; + const char *encryptfmt; + + qdict_extract_subqdict(options, &encryptopts, "encrypt."); + encryptfmt =3D qdict_get_try_str(encryptopts, "format"); =20 bs->file =3D bdrv_open_child(NULL, options, "file", bs, &child_file, false, errp); @@ -155,17 +173,6 @@ static int qcow_open(BlockDriverState *bs, QDict *opti= ons, int flags, goto fail; } =20 - if (header.crypt_method > QCOW_CRYPT_AES) { - error_setg(errp, "invalid encryption method in qcow header"); - ret =3D -EINVAL; - goto fail; - } - if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128, - QCRYPTO_CIPHER_MODE_CBC)) { - error_setg(errp, "AES cipher not available"); - ret =3D -EINVAL; - goto fail; - } s->crypt_method_header =3D header.crypt_method; if (s->crypt_method_header) { if (bdrv_uses_whitelist() && @@ -181,8 +188,39 @@ static int qcow_open(BlockDriverState *bs, QDict *opti= ons, int flags, ret =3D -ENOSYS; goto fail; } + if (s->crypt_method_header =3D=3D QCOW_CRYPT_AES) { + if (encryptfmt && !g_str_equal(encryptfmt, "aes")) { + error_setg(errp, + "Header reported 'aes' encryption format but " + "options specify '%s'", encryptfmt); + ret =3D -EINVAL; + goto fail; + } + qdict_del(encryptopts, "format"); + crypto_opts =3D block_crypto_open_opts_init( + Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, &local_err); + if (local_err) { + error_propagate(errp, local_err); + ret =3D -EINVAL; + goto fail; + } =20 + if (flags & BDRV_O_NO_IO) { + cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; + } + s->crypto =3D qcrypto_block_open(crypto_opts, NULL, NULL, + cflags, errp); + if (!s->crypto) { + ret =3D -EINVAL; + goto fail; + } + } else { + error_setg(errp, "invalid encryption method in qcow header"); + ret =3D -EINVAL; + goto fail; + } bs->encrypted =3D true; + bs->valid_key =3D true; } s->cluster_bits =3D header.cluster_bits; s->cluster_size =3D 1 << s->cluster_bits; @@ -266,6 +304,8 @@ static int qcow_open(BlockDriverState *bs, QDict *optio= ns, int flags, goto fail; } =20 + QDECREF(encryptopts); + qapi_free_QCryptoBlockOpenOptions(crypto_opts); qemu_co_mutex_init(&s->lock); return 0; =20 @@ -274,6 +314,9 @@ static int qcow_open(BlockDriverState *bs, QDict *optio= ns, int flags, qemu_vfree(s->l2_cache); g_free(s->cluster_cache); g_free(s->cluster_data); + qcrypto_block_free(s->crypto); + QDECREF(encryptopts); + qapi_free_QCryptoBlockOpenOptions(crypto_opts); return ret; } =20 @@ -286,81 +329,6 @@ static int qcow_reopen_prepare(BDRVReopenState *state, return 0; } =20 -static int qcow_set_key(BlockDriverState *bs, const char *key) -{ - BDRVQcowState *s =3D bs->opaque; - uint8_t keybuf[16]; - int len, i; - Error *err; - - memset(keybuf, 0, 16); - len =3D strlen(key); - if (len > 16) - len =3D 16; - /* XXX: we could compress the chars to 7 bits to increase - entropy */ - for(i =3D 0;i < len;i++) { - keybuf[i] =3D key[i]; - } - assert(bs->encrypted); - - qcrypto_cipher_free(s->cipher); - s->cipher =3D qcrypto_cipher_new( - QCRYPTO_CIPHER_ALG_AES_128, - QCRYPTO_CIPHER_MODE_CBC, - keybuf, G_N_ELEMENTS(keybuf), - &err); - - if (!s->cipher) { - /* XXX would be nice if errors in this method could - * be properly propagate to the caller. Would need - * the bdrv_set_key() API signature to be fixed. */ - error_free(err); - return -1; - } - return 0; -} - -/* The crypt function is compatible with the linux cryptoloop - algorithm for < 4 GB images. */ -static int encrypt_sectors(BDRVQcowState *s, int64_t sector_num, - uint8_t *buf, int nb_sectors, bool enc, - Error **errp) -{ - union { - uint64_t ll[2]; - uint8_t b[16]; - } ivec; - int i; - int ret; - - for(i =3D 0; i < nb_sectors; i++) { - ivec.ll[0] =3D cpu_to_le64(sector_num); - ivec.ll[1] =3D 0; - if (qcrypto_cipher_setiv(s->cipher, - ivec.b, G_N_ELEMENTS(ivec.b), - errp) < 0) { - return -1; - } - if (enc) { - ret =3D qcrypto_cipher_encrypt(s->cipher, - buf, buf, - 512, - errp); - } else { - ret =3D qcrypto_cipher_decrypt(s->cipher, - buf, buf, - 512, - errp); - } - if (ret < 0) { - return -1; - } - sector_num++; - buf +=3D 512; - } - return 0; -} =20 /* 'allocate' is: * @@ -475,15 +443,16 @@ static uint64_t get_cluster_offset(BlockDriverState *= bs, if (bs->encrypted && (n_end - n_start) < s->cluster_sectors) { uint64_t start_sect; - assert(s->cipher); + assert(s->crypto); start_sect =3D (offset & ~(s->cluster_size - 1)) >> 9; for(i =3D 0; i < s->cluster_sectors; i++) { if (i < n_start || i >=3D n_end) { Error *err =3D NULL; memset(s->cluster_data, 0x00, 512); - if (encrypt_sectors(s, start_sect + i, - s->cluster_data, 1, - true, &err) < 0) { + if (qcrypto_block_encrypt(s->crypto, start_sec= t + i, + s->cluster_data, + BDRV_SECTOR_SIZE, + &err) < 0) { error_free(err); errno =3D EIO; return -1; @@ -528,7 +497,7 @@ static int64_t coroutine_fn qcow_co_get_block_status(Bl= ockDriverState *bs, if (!cluster_offset) { return 0; } - if ((cluster_offset & QCOW_OFLAG_COMPRESSED) || s->cipher) { + if ((cluster_offset & QCOW_OFLAG_COMPRESSED) || s->crypto) { return BDRV_BLOCK_DATA; } cluster_offset |=3D (index_in_cluster << BDRV_SECTOR_BITS); @@ -659,9 +628,9 @@ static coroutine_fn int qcow_co_readv(BlockDriverState = *bs, int64_t sector_num, break; } if (bs->encrypted) { - assert(s->cipher); - if (encrypt_sectors(s, sector_num, buf, - n, false, &err) < 0) { + assert(s->crypto); + if (qcrypto_block_decrypt(s->crypto, sector_num, buf, + n * BDRV_SECTOR_SIZE, &err) < 0)= { goto fail; } } @@ -734,8 +703,9 @@ static coroutine_fn int qcow_co_writev(BlockDriverState= *bs, int64_t sector_num, } if (bs->encrypted) { Error *err =3D NULL; - assert(s->cipher); - if (encrypt_sectors(s, sector_num, buf, n, true, &err) < 0) { + assert(s->crypto); + if (qcrypto_block_encrypt(s->crypto, sector_num, buf, + n * BDRV_SECTOR_SIZE, &err) < 0) { error_free(err); ret =3D -EIO; break; @@ -770,8 +740,8 @@ static void qcow_close(BlockDriverState *bs) { BDRVQcowState *s =3D bs->opaque; =20 - qcrypto_cipher_free(s->cipher); - s->cipher =3D NULL; + qcrypto_block_free(s->crypto); + s->crypto =3D NULL; g_free(s->l1_table); qemu_vfree(s->l2_cache); g_free(s->cluster_cache); @@ -792,6 +762,10 @@ static int qcow_create(const char *filename, QemuOpts = *opts, Error **errp) int ret; BlockBackend *qcow_blk; const char *encryptfmt =3D NULL; + QDict *options; + QDict *encryptopts =3D NULL; + QCryptoBlockCreateOptions *crypto_opts =3D NULL; + QCryptoBlock *crypto =3D NULL; =20 /* Read out options */ total_size =3D ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0), @@ -865,6 +839,10 @@ static int qcow_create(const char *filename, QemuOpts = *opts, Error **errp) l1_size =3D (total_size + (1LL << shift) - 1) >> shift; =20 header.l1_table_offset =3D cpu_to_be64(header_size); + + options =3D qemu_opts_to_qdict(opts, NULL); + qdict_extract_subqdict(options, &encryptopts, "encrypt."); + QDECREF(options); if (encryptfmt) { if (!g_str_equal(encryptfmt, "aes")) { error_setg(errp, "Unknown encryption format '%s', expected 'ae= s'", @@ -873,6 +851,20 @@ static int qcow_create(const char *filename, QemuOpts = *opts, Error **errp) goto exit; } header.crypt_method =3D cpu_to_be32(QCOW_CRYPT_AES); + + crypto_opts =3D block_crypto_create_opts_init( + Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, &local_err); + if (local_err) { + error_propagate(errp, local_err); + ret =3D -EINVAL; + goto exit; + } + + crypto =3D qcrypto_block_create(crypto_opts, NULL, NULL, NULL, err= p); + if (!crypto) { + ret =3D -EINVAL; + goto exit; + } } else { header.crypt_method =3D cpu_to_be32(QCOW_CRYPT_NONE); } @@ -907,6 +899,8 @@ static int qcow_create(const char *filename, QemuOpts *= opts, Error **errp) exit: blk_unref(qcow_blk); cleanup: + qcrypto_block_free(crypto); + qapi_free_QCryptoBlockCreateOptions(crypto_opts); g_free(backing_file); return ret; } @@ -1054,6 +1048,7 @@ static QemuOptsList qcow_create_opts =3D { .type =3D QEMU_OPT_STRING, .help =3D "Encrypt the image, format choices: 'aes'", }, + BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."), { /* end of list */ } } }; @@ -1074,7 +1069,6 @@ static BlockDriver bdrv_qcow =3D { .bdrv_co_writev =3D qcow_co_writev, .bdrv_co_get_block_status =3D qcow_co_get_block_status, =20 - .bdrv_set_key =3D qcow_set_key, .bdrv_make_empty =3D qcow_make_empty, .bdrv_co_pwritev_compressed =3D qcow_co_pwritev_compressed, .bdrv_get_info =3D qcow_get_info, diff --git a/qapi/block-core.json b/qapi/block-core.json index 87fb747..e7bed8c 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2277,6 +2277,41 @@ 'mode': 'Qcow2OverlapCheckMode' } } =20 ## +# @BlockdevQcowEncryptionFormat: +# @qcow: AES-CBC with plain64 initialization venctors +# +# Since: 2.10 +## +{ 'enum': 'BlockdevQcowEncryptionFormat', + 'data': [ 'qcow' ] } + +## +# @BlockdevQcowEncryption: +# +# Since: 2.10 +## +{ 'union': 'BlockdevQcowEncryption', + 'base': { 'format': 'BlockdevQcowEncryptionFormat' }, + 'discriminator': 'format', + 'data': { 'qcow': 'QCryptoBlockOptionsQCow' } } + +## +# @BlockdevOptionsQcow: +# +# Driver specific block device options for qcow. +# +# @encrypt: Image decryption options. Mandatory for +# encrypted images, except when doing a metadata-o= nly +# probe of the image. +# +# Since: 2.10 +## +{ 'struct': 'BlockdevOptionsQcow', + 'base': 'BlockdevOptionsGenericCOWFormat', + 'data': { '*encrypt': 'BlockdevQcowEncryption' } } + + +## # @BlockdevOptionsQcow2: # # Driver specific block device options for qcow2. @@ -2933,7 +2968,7 @@ 'null-co': 'BlockdevOptionsNull', 'parallels': 'BlockdevOptionsGenericFormat', 'qcow2': 'BlockdevOptionsQcow2', - 'qcow': 'BlockdevOptionsGenericCOWFormat', + 'qcow': 'BlockdevOptionsQcow', 'qed': 'BlockdevOptionsGenericCOWFormat', 'quorum': 'BlockdevOptionsQuorum', 'raw': 'BlockdevOptionsRaw', --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493135584667460.59548376173154; Tue, 25 Apr 2017 08:53:04 -0700 (PDT) Received: from localhost ([::1]:50052 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32lz-0002jD-GF for importer@patchew.org; Tue, 25 Apr 2017 11:53:03 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52409) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32Z4-0008F9-I4 for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:44 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32Z0-000877-Ay for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:42 -0400 Received: from mx1.redhat.com ([209.132.183.28]:54662) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32Ys-00083i-At; Tue, 25 Apr 2017 11:39:30 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3FF2D3D941; Tue, 25 Apr 2017 15:39:29 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id 01CDBC14C4; Tue, 25 Apr 2017 15:39:27 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3FF2D3D941 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 3FF2D3D941 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:50 +0100 Message-Id: <20170425153858.25660-11-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 25 Apr 2017 15:39:29 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Instead of requiring separate input/output buffers for encrypting data, change qcow2_encrypt_sectors() to assume use of a single buffer, encrypting in place. The current callers all used the same buffer for input/output already. Reviewed-by: Eric Blake Reviewed-by: Fam Zheng Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrange --- block/qcow2-cluster.c | 17 ++++++----------- block/qcow2.c | 4 ++-- block/qcow2.h | 3 +-- 3 files changed, 9 insertions(+), 15 deletions(-) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index 100398c..0a27399 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -346,11 +346,9 @@ static int count_contiguous_clusters_by_type(int nb_cl= usters, } =20 /* The crypt function is compatible with the linux cryptoloop - algorithm for < 4 GB images. NOTE: out_buf =3D=3D in_buf is - supported */ + algorithm for < 4 GB images. */ int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t sector_num, - uint8_t *out_buf, const uint8_t *in_buf, - int nb_sectors, bool enc, + uint8_t *buf, int nb_sectors, bool enc, Error **errp) { union { @@ -370,14 +368,12 @@ int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t = sector_num, } if (enc) { ret =3D qcrypto_cipher_encrypt(s->cipher, - in_buf, - out_buf, + buf, buf, 512, errp); } else { ret =3D qcrypto_cipher_decrypt(s->cipher, - in_buf, - out_buf, + buf, buf, 512, errp); } @@ -385,8 +381,7 @@ int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t se= ctor_num, return -1; } sector_num++; - in_buf +=3D 512; - out_buf +=3D 512; + buf +=3D 512; } return 0; } @@ -434,7 +429,7 @@ static int coroutine_fn do_perform_cow(BlockDriverState= *bs, assert(s->cipher); assert((offset_in_cluster & ~BDRV_SECTOR_MASK) =3D=3D 0); assert((bytes & ~BDRV_SECTOR_MASK) =3D=3D 0); - if (qcow2_encrypt_sectors(s, sector, iov.iov_base, iov.iov_base, + if (qcow2_encrypt_sectors(s, sector, iov.iov_base, bytes >> BDRV_SECTOR_BITS, true, &err) <= 0) { ret =3D -EIO; error_free(err); diff --git a/block/qcow2.c b/block/qcow2.c index 98ca6ed..8c28e9c 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -1542,7 +1542,7 @@ static coroutine_fn int qcow2_co_preadv(BlockDriverSt= ate *bs, uint64_t offset, assert((cur_bytes & (BDRV_SECTOR_SIZE - 1)) =3D=3D 0); Error *err =3D NULL; if (qcow2_encrypt_sectors(s, offset >> BDRV_SECTOR_BITS, - cluster_data, cluster_data, + cluster_data, cur_bytes >> BDRV_SECTOR_BITS, false, &err) < 0) { error_free(err); @@ -1638,7 +1638,7 @@ static coroutine_fn int qcow2_co_pwritev(BlockDriverS= tate *bs, uint64_t offset, qemu_iovec_to_buf(&hd_qiov, 0, cluster_data, hd_qiov.size); =20 if (qcow2_encrypt_sectors(s, offset >> BDRV_SECTOR_BITS, - cluster_data, cluster_data, + cluster_data, cur_bytes >>BDRV_SECTOR_BITS, true, &err) < 0) { error_free(err); diff --git a/block/qcow2.h b/block/qcow2.h index f8aeb08..f3051f1 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -531,8 +531,7 @@ int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t = min_size, int qcow2_write_l1_entry(BlockDriverState *bs, int l1_index); int qcow2_decompress_cluster(BlockDriverState *bs, uint64_t cluster_offset= ); int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t sector_num, - uint8_t *out_buf, const uint8_t *in_buf, - int nb_sectors, bool enc, Error **errp); + uint8_t *buf, int nb_sectors, bool enc, Error **= errp); =20 int qcow2_get_cluster_offset(BlockDriverState *bs, uint64_t offset, unsigned int *bytes, uint64_t *cluster_offset= ); --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493134906432843.5437650299682; Tue, 25 Apr 2017 08:41:46 -0700 (PDT) Received: from localhost ([::1]:49986 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32b2-0001Js-QZ for importer@patchew.org; Tue, 25 Apr 2017 11:41:44 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52507) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32ZC-0008Mb-Gz for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32Z7-0008BA-In for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:50 -0400 Received: from mx1.redhat.com ([209.132.183.28]:54702) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32Yt-00084o-Uo; Tue, 25 Apr 2017 11:39:32 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D6DAC3D970; Tue, 25 Apr 2017 15:39:30 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id 79134C14C4; Tue, 25 Apr 2017 15:39:29 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com D6DAC3D970 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com D6DAC3D970 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:51 +0100 Message-Id: <20170425153858.25660-12-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 25 Apr 2017 15:39:31 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" This converts the qcow2 driver to make use of the QCryptoBlock APIs for encrypting image content, using the legacyy QCow2 AES scheme. With this change it is now required to use the QCryptoSecret object for providing passwords, instead of the current block password APIs / interactive prompting. $QEMU \ -object secret,id=3Dsec0,filename=3D/home/berrange/encrypted.pw \ -drive file=3D/home/berrange/encrypted.qcow2,encrypt.key-secret=3Dsec0 The test 087 could be simplified since there is no longer a difference in behaviour when using blockdev_add with encrypted images for the running vs stopped CPU state. Signed-off-by: Daniel P. Berrange Reviewed-by: Eric Blake --- block/qcow2-cluster.c | 47 +--------- block/qcow2.c | 225 ++++++++++++++++++++++++++++++-----------= ---- block/qcow2.h | 5 +- qapi/block-core.json | 27 +++++- tests/qemu-iotests/049 | 2 +- tests/qemu-iotests/049.out | 4 +- tests/qemu-iotests/082.out | 27 ++++++ tests/qemu-iotests/087 | 28 +++--- tests/qemu-iotests/087.out | 12 +-- tests/qemu-iotests/134 | 18 +++- tests/qemu-iotests/134.out | 10 +- tests/qemu-iotests/158 | 19 ++-- tests/qemu-iotests/158.out | 14 +-- tests/qemu-iotests/common | 10 +- 14 files changed, 262 insertions(+), 186 deletions(-) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index 0a27399..59ad087 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -345,47 +345,6 @@ static int count_contiguous_clusters_by_type(int nb_cl= usters, return i; } =20 -/* The crypt function is compatible with the linux cryptoloop - algorithm for < 4 GB images. */ -int qcow2_encrypt_sectors(BDRVQcow2State *s, int64_t sector_num, - uint8_t *buf, int nb_sectors, bool enc, - Error **errp) -{ - union { - uint64_t ll[2]; - uint8_t b[16]; - } ivec; - int i; - int ret; - - for(i =3D 0; i < nb_sectors; i++) { - ivec.ll[0] =3D cpu_to_le64(sector_num); - ivec.ll[1] =3D 0; - if (qcrypto_cipher_setiv(s->cipher, - ivec.b, G_N_ELEMENTS(ivec.b), - errp) < 0) { - return -1; - } - if (enc) { - ret =3D qcrypto_cipher_encrypt(s->cipher, - buf, buf, - 512, - errp); - } else { - ret =3D qcrypto_cipher_decrypt(s->cipher, - buf, buf, - 512, - errp); - } - if (ret < 0) { - return -1; - } - sector_num++; - buf +=3D 512; - } - return 0; -} - static int coroutine_fn do_perform_cow(BlockDriverState *bs, uint64_t src_cluster_offset, uint64_t cluster_offset, @@ -426,11 +385,11 @@ static int coroutine_fn do_perform_cow(BlockDriverSta= te *bs, Error *err =3D NULL; int64_t sector =3D (src_cluster_offset + offset_in_cluster) >> BDRV_SECTOR_BITS; - assert(s->cipher); assert((offset_in_cluster & ~BDRV_SECTOR_MASK) =3D=3D 0); assert((bytes & ~BDRV_SECTOR_MASK) =3D=3D 0); - if (qcow2_encrypt_sectors(s, sector, iov.iov_base, - bytes >> BDRV_SECTOR_BITS, true, &err) <= 0) { + assert(s->crypto); + if (qcrypto_block_encrypt(s->crypto, sector, iov.iov_base, + bytes, &err) < 0) { ret =3D -EIO; error_free(err); goto out; diff --git a/block/qcow2.c b/block/qcow2.c index 8c28e9c..1b9eca3 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -37,6 +37,9 @@ #include "qemu/option_int.h" #include "qemu/cutils.h" #include "qemu/bswap.h" +#include "qapi/opts-visitor.h" +#include "qapi-visit.h" +#include "block/crypto.h" =20 /* Differences with QCOW: @@ -461,6 +464,7 @@ static QemuOptsList qcow2_runtime_opts =3D { .type =3D QEMU_OPT_NUMBER, .help =3D "Clean unused cache entries after this time (in seco= nds)", }, + BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."), { /* end of list */ } }, }; @@ -585,6 +589,7 @@ typedef struct Qcow2ReopenState { int overlap_check; bool discard_passthrough[QCOW2_DISCARD_MAX]; uint64_t cache_clean_interval; + QCryptoBlockOpenOptions *crypto_opts; /* Disk encryption runtime optio= ns */ } Qcow2ReopenState; =20 static int qcow2_update_options_prepare(BlockDriverState *bs, @@ -598,9 +603,14 @@ static int qcow2_update_options_prepare(BlockDriverSta= te *bs, int overlap_check_template =3D 0; uint64_t l2_cache_size, refcount_cache_size; int i; + const char *encryptfmt; + QDict *encryptopts =3D NULL; Error *local_err =3D NULL; int ret; =20 + qdict_extract_subqdict(options, &encryptopts, "encrypt."); + encryptfmt =3D qdict_get_try_str(encryptopts, "format"); + opts =3D qemu_opts_create(&qcow2_runtime_opts, NULL, 0, &error_abort); qemu_opts_absorb_qdict(opts, options, &local_err); if (local_err) { @@ -751,8 +761,41 @@ static int qcow2_update_options_prepare(BlockDriverSta= te *bs, r->discard_passthrough[QCOW2_DISCARD_OTHER] =3D qemu_opt_get_bool(opts, QCOW2_OPT_DISCARD_OTHER, false); =20 + switch (s->crypt_method_header) { + case QCOW_CRYPT_NONE: + if (encryptfmt) { + error_setg(errp, "No encryption in image header, but options " + "specified format '%s'", encryptfmt); + goto fail; + } + break; + + case QCOW_CRYPT_AES: + if (encryptfmt && !g_str_equal(encryptfmt, "aes")) { + error_setg(errp, + "Header reported 'aes' encryption format but " + "options specify '%s'", encryptfmt); + ret =3D -EINVAL; + goto fail; + } + qdict_del(encryptopts, "format"); + r->crypto_opts =3D block_crypto_open_opts_init( + Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp); + break; + + default: + error_setg(errp, "Unsupported encryption method %d", + s->crypt_method_header); + break; + } + if (s->crypt_method_header !=3D QCOW_CRYPT_NONE && !r->crypto_opts) { + ret =3D -EINVAL; + goto fail; + } + ret =3D 0; fail: + QDECREF(encryptopts); qemu_opts_del(opts); opts =3D NULL; return ret; @@ -785,6 +828,9 @@ static void qcow2_update_options_commit(BlockDriverStat= e *bs, s->cache_clean_interval =3D r->cache_clean_interval; cache_clean_timer_init(bs, bdrv_get_aio_context(bs)); } + + qapi_free_QCryptoBlockOpenOptions(s->crypto_opts); + s->crypto_opts =3D r->crypto_opts; } =20 static void qcow2_update_options_abort(BlockDriverState *bs, @@ -796,6 +842,7 @@ static void qcow2_update_options_abort(BlockDriverState= *bs, if (r->refcount_block_cache) { qcow2_cache_destroy(bs, r->refcount_block_cache); } + qapi_free_QCryptoBlockOpenOptions(r->crypto_opts); } =20 static int qcow2_update_options(BlockDriverState *bs, QDict *options, @@ -967,12 +1014,6 @@ static int qcow2_do_open(BlockDriverState *bs, QDict = *options, int flags, ret =3D -EINVAL; goto fail; } - if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128, - QCRYPTO_CIPHER_MODE_CBC)) { - error_setg(errp, "AES cipher not available"); - ret =3D -EINVAL; - goto fail; - } s->crypt_method_header =3D header.crypt_method; if (s->crypt_method_header) { if (bdrv_uses_whitelist() && @@ -990,6 +1031,7 @@ static int qcow2_do_open(BlockDriverState *bs, QDict *= options, int flags, } =20 bs->encrypted =3D true; + bs->valid_key =3D true; } =20 s->l2_bits =3D s->cluster_bits - 3; /* L2 is always one cluster */ @@ -1122,6 +1164,19 @@ static int qcow2_do_open(BlockDriverState *bs, QDict= *options, int flags, goto fail; } =20 + if (s->crypt_method_header =3D=3D QCOW_CRYPT_AES) { + unsigned int cflags =3D 0; + if (flags & BDRV_O_NO_IO) { + cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; + } + s->crypto =3D qcrypto_block_open(s->crypto_opts, NULL, NULL, + cflags, errp); + if (!s->crypto) { + ret =3D -EINVAL; + goto fail; + } + } + /* read the backing file name */ if (header.backing_file_offset !=3D 0) { len =3D header.backing_file_size; @@ -1202,6 +1257,8 @@ static int qcow2_do_open(BlockDriverState *bs, QDict = *options, int flags, } g_free(s->cluster_cache); qemu_vfree(s->cluster_data); + qcrypto_block_free(s->crypto); + qapi_free_QCryptoBlockOpenOptions(s->crypto_opts); return ret; } =20 @@ -1229,41 +1286,6 @@ static void qcow2_refresh_limits(BlockDriverState *b= s, Error **errp) bs->bl.pdiscard_alignment =3D s->cluster_size; } =20 -static int qcow2_set_key(BlockDriverState *bs, const char *key) -{ - BDRVQcow2State *s =3D bs->opaque; - uint8_t keybuf[16]; - int len, i; - Error *err =3D NULL; - - memset(keybuf, 0, 16); - len =3D strlen(key); - if (len > 16) - len =3D 16; - /* XXX: we could compress the chars to 7 bits to increase - entropy */ - for(i =3D 0;i < len;i++) { - keybuf[i] =3D key[i]; - } - assert(bs->encrypted); - - qcrypto_cipher_free(s->cipher); - s->cipher =3D qcrypto_cipher_new( - QCRYPTO_CIPHER_ALG_AES_128, - QCRYPTO_CIPHER_MODE_CBC, - keybuf, G_N_ELEMENTS(keybuf), - &err); - - if (!s->cipher) { - /* XXX would be nice if errors in this method could - * be properly propagate to the caller. Would need - * the bdrv_set_key() API signature to be fixed. */ - error_free(err); - return -1; - } - return 0; -} - static int qcow2_reopen_prepare(BDRVReopenState *state, BlockReopenQueue *queue, Error **errp) { @@ -1379,7 +1401,7 @@ static int64_t coroutine_fn qcow2_co_get_block_status= (BlockDriverState *bs, *pnum =3D bytes >> BDRV_SECTOR_BITS; =20 if (cluster_offset !=3D 0 && ret !=3D QCOW2_CLUSTER_COMPRESSED && - !s->cipher) { + !s->crypto) { index_in_cluster =3D sector_num & (s->cluster_sectors - 1); cluster_offset |=3D (index_in_cluster << BDRV_SECTOR_BITS); *file =3D bs->file->bs; @@ -1436,7 +1458,7 @@ static coroutine_fn int qcow2_co_preadv(BlockDriverSt= ate *bs, uint64_t offset, =20 /* prepare next request */ cur_bytes =3D MIN(bytes, INT_MAX); - if (s->cipher) { + if (s->crypto) { cur_bytes =3D MIN(cur_bytes, QCOW_MAX_CRYPT_CLUSTERS * s->cluster_size); } @@ -1505,7 +1527,7 @@ static coroutine_fn int qcow2_co_preadv(BlockDriverSt= ate *bs, uint64_t offset, } =20 if (bs->encrypted) { - assert(s->cipher); + assert(s->crypto); =20 /* * For encrypted images, read everything into a temporary @@ -1537,14 +1559,15 @@ static coroutine_fn int qcow2_co_preadv(BlockDriver= State *bs, uint64_t offset, goto fail; } if (bs->encrypted) { - assert(s->cipher); + assert(s->crypto); assert((offset & (BDRV_SECTOR_SIZE - 1)) =3D=3D 0); assert((cur_bytes & (BDRV_SECTOR_SIZE - 1)) =3D=3D 0); Error *err =3D NULL; - if (qcow2_encrypt_sectors(s, offset >> BDRV_SECTOR_BITS, + if (qcrypto_block_decrypt(s->crypto, + offset >> BDRV_SECTOR_BITS, cluster_data, - cur_bytes >> BDRV_SECTOR_BITS, - false, &err) < 0) { + cur_bytes, + &err) < 0) { error_free(err); ret =3D -EIO; goto fail; @@ -1622,7 +1645,7 @@ static coroutine_fn int qcow2_co_pwritev(BlockDriverS= tate *bs, uint64_t offset, =20 if (bs->encrypted) { Error *err =3D NULL; - assert(s->cipher); + assert(s->crypto); if (!cluster_data) { cluster_data =3D qemu_try_blockalign(bs->file->bs, QCOW_MAX_CRYPT_CLUSTERS @@ -1637,10 +1660,9 @@ static coroutine_fn int qcow2_co_pwritev(BlockDriver= State *bs, uint64_t offset, QCOW_MAX_CRYPT_CLUSTERS * s->cluster_size); qemu_iovec_to_buf(&hd_qiov, 0, cluster_data, hd_qiov.size); =20 - if (qcow2_encrypt_sectors(s, offset >> BDRV_SECTOR_BITS, + if (qcrypto_block_encrypt(s->crypto, offset >> BDRV_SECTOR_BIT= S, cluster_data, - cur_bytes >>BDRV_SECTOR_BITS, - true, &err) < 0) { + cur_bytes, &err) < 0) { error_free(err); ret =3D -EIO; goto fail; @@ -1759,8 +1781,8 @@ static void qcow2_close(BlockDriverState *bs) qcow2_cache_destroy(bs, s->l2_table_cache); qcow2_cache_destroy(bs, s->refcount_block_cache); =20 - qcrypto_cipher_free(s->cipher); - s->cipher =3D NULL; + qcrypto_block_free(s->crypto); + s->crypto =3D NULL; =20 g_free(s->unknown_header_fields); cleanup_unknown_header_ext(bs); @@ -1778,7 +1800,7 @@ static void qcow2_invalidate_cache(BlockDriverState *= bs, Error **errp) { BDRVQcow2State *s =3D bs->opaque; int flags =3D s->flags; - QCryptoCipher *cipher =3D NULL; + QCryptoBlock *crypto =3D NULL; QDict *options; Error *local_err =3D NULL; int ret; @@ -1788,8 +1810,8 @@ static void qcow2_invalidate_cache(BlockDriverState *= bs, Error **errp) * that means we don't have to worry about reopening them here. */ =20 - cipher =3D s->cipher; - s->cipher =3D NULL; + crypto =3D s->crypto; + s->crypto =3D NULL; =20 qcow2_close(bs); =20 @@ -1810,7 +1832,7 @@ static void qcow2_invalidate_cache(BlockDriverState *= bs, Error **errp) return; } =20 - s->cipher =3D cipher; + s->crypto =3D crypto; } =20 static size_t header_ext_add(char *buf, uint32_t magic, const void *s, @@ -2034,6 +2056,56 @@ static int qcow2_change_backing_file(BlockDriverStat= e *bs, return qcow2_update_header(bs); } =20 + +static int qcow2_set_up_encryption(BlockDriverState *bs, const char *encry= ptfmt, + QemuOpts *opts, Error **errp) +{ + BDRVQcow2State *s =3D bs->opaque; + QCryptoBlockCreateOptions *cryptoopts =3D NULL; + QCryptoBlock *crypto =3D NULL; + int ret =3D -EINVAL; + QDict *options, *encryptopts; + + options =3D qemu_opts_to_qdict(opts, NULL); + qdict_extract_subqdict(options, &encryptopts, "encrypt."); + QDECREF(options); + + if (!g_str_equal(encryptfmt, "aes")) { + error_setg(errp, "Unknown encryption format '%s', expected 'aes'", + encryptfmt); + ret =3D -EINVAL; + goto out; + } + cryptoopts =3D block_crypto_create_opts_init( + Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp); + if (!cryptoopts) { + ret =3D -EINVAL; + goto out; + } + s->crypt_method_header =3D QCOW_CRYPT_AES; + + crypto =3D qcrypto_block_create(cryptoopts, + NULL, NULL, + bs, errp); + if (!crypto) { + ret =3D -EINVAL; + goto out; + } + + ret =3D qcow2_update_header(bs); + if (ret < 0) { + error_setg_errno(errp, -ret, "Could not write encryption header"); + goto out; + } + + out: + QDECREF(encryptopts); + qcrypto_block_free(crypto); + qapi_free_QCryptoBlockCreateOptions(cryptoopts); + return ret; +} + + static int preallocate(BlockDriverState *bs) { uint64_t bytes; @@ -2227,17 +2299,8 @@ static int qcow2_create2(const char *filename, int64= _t total_size, .header_length =3D cpu_to_be32(sizeof(*header)), }; =20 - if (encryptfmt) { - if (!g_str_equal(encryptfmt, "aes")) { - error_setg(errp, "Unknown encryption format '%s', expected 'ae= s'", - encryptfmt); - ret =3D -EINVAL; - goto out; - } - header->crypt_method =3D cpu_to_be32(QCOW_CRYPT_AES); - } else { - header->crypt_method =3D cpu_to_be32(QCOW_CRYPT_NONE); - } + /* We'll update this to correct value later */ + header->crypt_method =3D cpu_to_be32(QCOW_CRYPT_NONE); =20 if (flags & BLOCK_FLAG_LAZY_REFCOUNTS) { header->compatible_features |=3D @@ -2316,6 +2379,14 @@ static int qcow2_create2(const char *filename, int64= _t total_size, } } =20 + /* Want encryption? There you go. */ + if (encryptfmt) { + ret =3D qcow2_set_up_encryption(blk_bs(blk), encryptfmt, opts, err= p); + if (ret < 0) { + goto out; + } + } + /* And if we're supposed to preallocate metadata, do that now */ if (prealloc !=3D PREALLOC_MODE_OFF) { BDRVQcow2State *s =3D blk_bs(blk)->opaque; @@ -2331,11 +2402,17 @@ static int qcow2_create2(const char *filename, int6= 4_t total_size, blk_unref(blk); blk =3D NULL; =20 - /* Reopen the image without BDRV_O_NO_FLUSH to flush it before returni= ng */ + /* Reopen the image without BDRV_O_NO_FLUSH to flush it before returni= ng. + * Using BDRV_O_NO_IO, since encryption is now setup we don't want to + * have to setup decryption context. We're not doing any I/O on the top + * level BlockDriverState, only lower layers, where BDRV_O_NO_IO does + * not have effect. + */ options =3D qdict_new(); qdict_put(options, "driver", qstring_from_str("qcow2")); blk =3D blk_new_open(filename, NULL, options, - BDRV_O_RDWR | BDRV_O_NO_BACKING, &local_err); + BDRV_O_RDWR | BDRV_O_NO_BACKING | BDRV_O_NO_IO, + &local_err); if (blk =3D=3D NULL) { error_propagate(errp, local_err); ret =3D -EIO; @@ -3165,9 +3242,9 @@ static int qcow2_amend_options(BlockDriverState *bs, = QemuOpts *opts, backing_format =3D qemu_opt_get(opts, BLOCK_OPT_BACKING_FMT); } else if (!strcmp(desc->name, BLOCK_OPT_ENCRYPT)) { encrypt =3D qemu_opt_get_bool(opts, BLOCK_OPT_ENCRYPT, - !!s->cipher); + !!s->crypto); =20 - if (encrypt !=3D !!s->cipher) { + if (encrypt !=3D !!s->crypto) { error_report("Changing the encryption flag is not supporte= d"); return -ENOTSUP; } @@ -3394,6 +3471,7 @@ static QemuOptsList qcow2_create_opts =3D { .type =3D QEMU_OPT_STRING, .help =3D "Encrypt the image, format choices: 'aes'", }, + BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."), { .name =3D BLOCK_OPT_CLUSTER_SIZE, .type =3D QEMU_OPT_SIZE, @@ -3436,7 +3514,6 @@ BlockDriver bdrv_qcow2 =3D { .bdrv_create =3D qcow2_create, .bdrv_has_zero_init =3D bdrv_has_zero_init_1, .bdrv_co_get_block_status =3D qcow2_co_get_block_status, - .bdrv_set_key =3D qcow2_set_key, =20 .bdrv_co_preadv =3D qcow2_co_preadv, .bdrv_co_pwritev =3D qcow2_co_pwritev, diff --git a/block/qcow2.h b/block/qcow2.h index f3051f1..9746aaf 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -25,7 +25,7 @@ #ifndef BLOCK_QCOW2_H #define BLOCK_QCOW2_H =20 -#include "crypto/cipher.h" +#include "crypto/block.h" #include "qemu/coroutine.h" =20 //#define DEBUG_ALLOC @@ -257,7 +257,8 @@ typedef struct BDRVQcow2State { =20 CoMutex lock; =20 - QCryptoCipher *cipher; /* current cipher, NULL if no key yet */ + QCryptoBlockOpenOptions *crypto_opts; /* Disk encryption runtime optio= ns */ + QCryptoBlock *crypto; /* Disk encryption format driver */ uint32_t crypt_method_header; uint64_t snapshots_offset; int snapshots_size; diff --git a/qapi/block-core.json b/qapi/block-core.json index e7bed8c..2a3ab47 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2311,6 +2311,26 @@ 'data': { '*encrypt': 'BlockdevQcowEncryption' } } =20 =20 + +## +# @BlockdevQcow2EncryptionFormat: +# @qcow: AES-CBC with plain64 initialization venctors +# +# Since: 2.10 +## +{ 'enum': 'BlockdevQcow2EncryptionFormat', + 'data': [ 'qcow' ] } + +## +# @BlockdevQcow2Encryption: +# +# Since: 2.10 +## +{ 'union': 'BlockdevQcow2Encryption', + 'base': { 'format': 'BlockdevQcow2EncryptionFormat' }, + 'discriminator': 'format', + 'data': { 'qcow': 'QCryptoBlockOptionsQCow' } } + ## # @BlockdevOptionsQcow2: # @@ -2345,6 +2365,9 @@ # @cache-clean-interval: clean unused entries in the L2 and refcount # caches. The interval is in seconds. The default = value # is 0 and it disables this feature (since 2.5) +# @encrypt: Image decryption options. Mandatory for +# encrypted images, except when doing a metadata-o= nly +# probe of the image. (since 2.10) # # Since: 2.9 ## @@ -2358,8 +2381,8 @@ '*cache-size': 'int', '*l2-cache-size': 'int', '*refcount-cache-size': 'int', - '*cache-clean-interval': 'int' } } - + '*cache-clean-interval': 'int', + '*encrypt': 'BlockdevQcow2Encryption' } } =20 ## # @BlockdevOptionsSsh: diff --git a/tests/qemu-iotests/049 b/tests/qemu-iotests/049 index fff0760..df35b6d 100755 --- a/tests/qemu-iotests/049 +++ b/tests/qemu-iotests/049 @@ -106,7 +106,7 @@ test_qemu_img create -f $IMGFMT -o preallocation=3D1234= "$TEST_IMG" 64M echo "=3D=3D Check encryption option =3D=3D" echo test_qemu_img create -f $IMGFMT -o encryption=3Doff "$TEST_IMG" 64M -test_qemu_img create -f $IMGFMT -o encryption=3Don "$TEST_IMG" 64M +test_qemu_img create -f $IMGFMT --object secret,id=3Dsec0,data=3D123456 -o= encryption=3Don,encrypt.key-secret=3Dsec0 "$TEST_IMG" 64M =20 echo "=3D=3D Check lazy_refcounts option (only with v3) =3D=3D" echo diff --git a/tests/qemu-iotests/049.out b/tests/qemu-iotests/049.out index 34e66db..2e5204a 100644 --- a/tests/qemu-iotests/049.out +++ b/tests/qemu-iotests/049.out @@ -190,8 +190,8 @@ Formatting 'TEST_DIR/t.qcow2', fmt=3Dqcow2 size=3D67108= 864 encryption=3Doff cluster_si qemu-img create -f qcow2 -o encryption=3Doff TEST_DIR/t.qcow2 64M Formatting 'TEST_DIR/t.qcow2', fmt=3Dqcow2 size=3D67108864 encryption=3Dof= f cluster_size=3D65536 lazy_refcounts=3Doff refcount_bits=3D16 =20 -qemu-img create -f qcow2 -o encryption=3Don TEST_DIR/t.qcow2 64M -Formatting 'TEST_DIR/t.qcow2', fmt=3Dqcow2 size=3D67108864 encryption=3Don= cluster_size=3D65536 lazy_refcounts=3Doff refcount_bits=3D16 +qemu-img create -f qcow2 --object secret,id=3Dsec0,data=3D123456 -o encryp= tion=3Don,encrypt.key-secret=3Dsec0 TEST_DIR/t.qcow2 64M +Formatting 'TEST_DIR/t.qcow2', fmt=3Dqcow2 size=3D67108864 encryption=3Don= encrypt.key-secret=3Dsec0 cluster_size=3D65536 lazy_refcounts=3Doff refcou= nt_bits=3D16 =20 =3D=3D Check lazy_refcounts option (only with v3) =3D=3D =20 diff --git a/tests/qemu-iotests/082.out b/tests/qemu-iotests/082.out index e7ca3b1..7026dc4 100644 --- a/tests/qemu-iotests/082.out +++ b/tests/qemu-iotests/082.out @@ -50,6 +50,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -64,6 +65,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -78,6 +80,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -92,6 +95,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -106,6 +110,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -120,6 +125,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -134,6 +140,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -148,6 +155,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -177,6 +185,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -240,6 +249,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -254,6 +264,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -268,6 +279,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -282,6 +294,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -296,6 +309,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -310,6 +324,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -324,6 +339,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -338,6 +354,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -367,6 +384,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -427,6 +445,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -441,6 +460,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -455,6 +475,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -469,6 +490,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -483,6 +505,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -497,6 +520,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -511,6 +535,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -525,6 +550,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -556,6 +582,7 @@ backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) encrypt.format Encrypt the image, format choices: 'aes' +encrypt.key-secret ID of the secret that provides the AES encryption key cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates diff --git a/tests/qemu-iotests/087 b/tests/qemu-iotests/087 index 9de57dd..730270e 100755 --- a/tests/qemu-iotests/087 +++ b/tests/qemu-iotests/087 @@ -124,24 +124,18 @@ echo echo =3D=3D=3D Encrypted image =3D=3D=3D echo =20 -_make_test_img -o encryption=3Don $size -run_qemu -S < Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493135480081379.93879569722617; Tue, 25 Apr 2017 08:51:20 -0700 (PDT) Received: from localhost ([::1]:50045 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32kI-0000un-Ih for importer@patchew.org; Tue, 25 Apr 2017 11:51:18 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52374) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32Z2-0008Cx-Ks for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32Z1-00087u-DP for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:40 -0400 Received: from mx1.redhat.com ([209.132.183.28]:39594) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32Yw-00085P-0j; Tue, 25 Apr 2017 11:39:34 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DE17F80515; Tue, 25 Apr 2017 15:39:32 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1C3FFC14C4; Tue, 25 Apr 2017 15:39:30 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com DE17F80515 Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com DE17F80515 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:52 +0100 Message-Id: <20170425153858.25660-13-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Tue, 25 Apr 2017 15:39:33 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 12/18] qcow2: extend specification to cover LUKS encryption X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Update the qcow2 specification to describe how the LUKS header is placed inside a qcow2 file, when using LUKS encryption for the qcow2 payload instead of the legacy AES-CBC encryption Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- docs/specs/qcow2.txt | 96 ++++++++++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 96 insertions(+) diff --git a/docs/specs/qcow2.txt b/docs/specs/qcow2.txt index 80cdfd0..6509b91 100644 --- a/docs/specs/qcow2.txt +++ b/docs/specs/qcow2.txt @@ -45,6 +45,7 @@ The first cluster of a qcow2 image contains the file head= er: 32 - 35: crypt_method 0 for no encryption 1 for AES encryption + 2 for LUKS encryption =20 36 - 39: l1_size Number of entries in the active L1 table @@ -135,6 +136,7 @@ be stored. Each extension has a structure like the foll= owing: 0xE2792ACA - Backing file format name 0x6803f857 - Feature name table 0x23852875 - Bitmaps extension + 0x0537be77 - Full disk encryption header pointer other - Unknown header extension, can be safe= ly ignored =20 @@ -207,6 +209,100 @@ The fields of the bitmaps extension are: Offset into the image file at which the bitmap directory starts. Must be aligned to a cluster boundary. =20 +=3D=3D Full disk encryption header pointer =3D=3D + +The full disk encryption header must be present if, and only if, the +'crypt_method' header requires metadata. Currently this is only true +of the 'LUKS' crypt method. The header extension must be absent for +other methods. + +This header provides the offset at which the crypt method can store +its additional data, as well as the length of such data. + + Byte 0 - 7: Offset into the image file at which the encryption + header starts in bytes. Must be aligned to a cluster + boundary. + Byte 8 - 15: Length of the written encryption header in bytes. + Note actual space allocated in the qcow2 file may + be larger than this value, since it will be rounded + to the nearest multiple of the cluster size. Any + unused bytes in the allocated space will be initialized + to 0. + +For the LUKS crypt method, the encryption header works as follows. + +The first 592 bytes of the header clusters will contain the LUKS +partition header. This is then followed by the key material data areas. +The size of the key material data areas is determined by the number of +stripes in the key slot and key size. Refer to the LUKS format +specification ('docs/on-disk-format.pdf' in the cryptsetup source +package) for details of the LUKS partition header format. + +In the LUKS partition header, the "payload-offset" field will be +calculated as normal for the LUKS spec. ie the size of the LUKS +header, plus key material regions, plus padding, relative to the +start of the LUKS header. Its value is never used in the context +of qcow2, however, since the qcow2 file format itself defines where +the real payload offset is. + +In the LUKS key slots header, the "key-material-offset" is relative +to the start of the LUKS header clusters in the qcow2 container, +not the start of the qcow2 file. + +Logically the layout looks like + + +-----------------------------+ + | QCow2 header | + | QCow2 header extension X | + | QCow2 header extension FDE | + | QCow2 header extension ... | + | QCow2 header extension Z | + +-----------------------------+ + | ....other QCow2 tables.... | + . . + . . + +-----------------------------+ + | +-------------------------+ | + | | LUKS partition header | | + | +-------------------------+ | + | | LUKS key material 1 | | + | +-------------------------+ | + | | LUKS key material 2 | | + | +-------------------------+ | + | | LUKS key material ... | | + | +-------------------------+ | + | | LUKS key material 8 | | + | +-------------------------+ | + +-----------------------------+ + | QCow2 cluster payload | + . . + . . + . . + | | + +-----------------------------+ + +=3D=3D Data encryption =3D=3D + +When an encryption method is requested in the header, the image payload +data must be encrypted/decrypted on every write/read. The image headers +and metadata is never encrypted. + +The algorithms used for encryption vary depending on the method + + - AES: + + The AES cipher, in CBC mode, with 256 bit keys. + + Initialization vectors generated using plain64 method, with + the virtual disk sector as the input tweak. + + - LUKS: + + The algorithms are specified in the LUKS header. + + Initialization vectors generated using the method specified + in the LUKS header, with the physical disk sector as the + input tweak. =20 =3D=3D Host cluster management =3D=3D =20 --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493135422832894.5201630756717; Tue, 25 Apr 2017 08:50:22 -0700 (PDT) Received: from localhost ([::1]:50036 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32jL-0000FP-Ue for importer@patchew.org; Tue, 25 Apr 2017 11:50:19 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52559) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32ZH-0008SS-Fs for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:40:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32ZC-0008E5-N8 for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:55 -0400 Received: from mx1.redhat.com ([209.132.183.28]:57596) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32Z1-00087i-O1; Tue, 25 Apr 2017 11:39:40 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9BF637F3E1; Tue, 25 Apr 2017 15:39:38 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1EDA9C14C4; Tue, 25 Apr 2017 15:39:32 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 9BF637F3E1 Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 9BF637F3E1 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:53 +0100 Message-Id: <20170425153858.25660-14-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 25 Apr 2017 15:39:38 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 13/18] qcow2: add support for LUKS encryption format X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" This adds support for using LUKS as an encryption format with the qcow2 file, using the new encrypt.format parameter to request "luks" format. e.g. # qemu-img create --object secret,data=3D123456,id=3Dsec0 \ -f qcow2 -o encrypt.-format=3Dluks,encrypt.key-secret=3Dsec0 \ test.qcow2 10G The legacy "encryption=3Don" parameter still results in creation of the old qcow2 AES format (and is equivalent to the new 'encryption-format=3Daes'). e.g. the following are equivalent: # qemu-img create --object secret,data=3D123456,id=3Dsec0 \ -f qcow2 -o encryption=3Don,encrypt.key-secret=3Dsec0 \ test.qcow2 10G # qemu-img create --object secret,data=3D123456,id=3Dsec0 \ -f qcow2 -o encryption-format=3Daes,encrypt.key-secret=3Dsec0 \ test.qcow2 10G With the LUKS format it is necessary to store the LUKS partition header and key material in the QCow2 file. This data can be many MB in size, so cannot go into the QCow2 header region directly. Thus the spec defines a FDE (Full Disk Encryption) header extension that specifies the offset of a set of clusters to hold the FDE headers, as well as the length of that region. The LUKS header is thus stored in these extra allocated clusters before the main image payload. Aside from all the cryptographic differences implied by use of the LUKS format, there is one further key difference between the use of legacy AES and LUKS encryption in qcow2. For LUKS, the initialiazation vectors are generated using the host physical sector as the input, rather than the guest virtual sector. This guarantees unique initialization vectors for all sectors when qcow2 internal snapshots are used, thus giving stronger protection against watermarking attacks. Signed-off-by: Daniel P. Berrange Reviewed-by: Alberto Garcia Reviewed-by: Eric Blake --- block/qcow2-cluster.c | 4 +- block/qcow2-refcount.c | 10 ++ block/qcow2.c | 267 ++++++++++++++++++++++++++++++++++++++---= --- block/qcow2.h | 9 ++ qapi/block-core.json | 5 +- tests/qemu-iotests/082.out | 270 ++++++++++++++++++++++++++++++++++++-----= ---- 6 files changed, 477 insertions(+), 88 deletions(-) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index 59ad087..75f8b3e 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -383,7 +383,9 @@ static int coroutine_fn do_perform_cow(BlockDriverState= *bs, =20 if (bs->encrypted) { Error *err =3D NULL; - int64_t sector =3D (src_cluster_offset + offset_in_cluster) + int64_t sector =3D (s->crypt_physical_offset ? + (cluster_offset + offset_in_cluster) : + (src_cluster_offset + offset_in_cluster)) >> BDRV_SECTOR_BITS; assert((offset_in_cluster & ~BDRV_SECTOR_MASK) =3D=3D 0); assert((bytes & ~BDRV_SECTOR_MASK) =3D=3D 0); diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 9e96f64..1e8d33a 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -1859,6 +1859,16 @@ static int calculate_refcounts(BlockDriverState *bs,= BdrvCheckResult *res, return ret; } =20 + /* encryption */ + if (s->crypto_header.length) { + ret =3D inc_refcounts(bs, res, refcount_table, nb_clusters, + s->crypto_header.offset, + s->crypto_header.length); + if (ret < 0) { + return ret; + } + } + return check_refblocks(bs, res, fix, rebuild, refcount_table, nb_clust= ers); } =20 diff --git a/block/qcow2.c b/block/qcow2.c index 1b9eca3..44a573b 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -66,6 +66,7 @@ typedef struct { #define QCOW2_EXT_MAGIC_END 0 #define QCOW2_EXT_MAGIC_BACKING_FORMAT 0xE2792ACA #define QCOW2_EXT_MAGIC_FEATURE_TABLE 0x6803f857 +#define QCOW2_EXT_MAGIC_CRYPTO_HEADER 0x0537be77 =20 static int qcow2_probe(const uint8_t *buf, int buf_size, const char *filen= ame) { @@ -80,6 +81,86 @@ static int qcow2_probe(const uint8_t *buf, int buf_size,= const char *filename) } =20 =20 +static ssize_t qcow2_crypto_hdr_read_func(QCryptoBlock *block, size_t offs= et, + uint8_t *buf, size_t buflen, + void *opaque, Error **errp) +{ + BlockDriverState *bs =3D opaque; + BDRVQcow2State *s =3D bs->opaque; + ssize_t ret; + + if ((offset + buflen) > s->crypto_header.length) { + error_setg(errp, "Request for data outside of extension header"); + return -1; + } + + ret =3D bdrv_pread(bs->file, + s->crypto_header.offset + offset, buf, buflen); + if (ret < 0) { + error_setg_errno(errp, -ret, "Could not read encryption header"); + return -1; + } + return ret; +} + + +static ssize_t qcow2_crypto_hdr_init_func(QCryptoBlock *block, size_t head= erlen, + void *opaque, Error **errp) +{ + BlockDriverState *bs =3D opaque; + BDRVQcow2State *s =3D bs->opaque; + int64_t ret; + int64_t clusterlen; + + ret =3D qcow2_alloc_clusters(bs, headerlen); + if (ret < 0) { + error_setg_errno(errp, -ret, + "Cannot allocate cluster for LUKS header size %zu= ", + headerlen); + return -1; + } + + s->crypto_header.length =3D headerlen; + s->crypto_header.offset =3D ret; + + /* Zero fill remaining space in cluster so it has predictable + * content in case of future spec changes */ + clusterlen =3D size_to_clusters(s, headerlen) * s->cluster_size; + ret =3D bdrv_pwrite_zeroes(bs->file, + ret + headerlen, + clusterlen - headerlen, 0); + if (ret < 0) { + error_setg_errno(errp, -ret, "Could not zero fill encryption heade= r"); + return -1; + } + + return ret; +} + + +static ssize_t qcow2_crypto_hdr_write_func(QCryptoBlock *block, size_t off= set, + const uint8_t *buf, size_t bufl= en, + void *opaque, Error **errp) +{ + BlockDriverState *bs =3D opaque; + BDRVQcow2State *s =3D bs->opaque; + ssize_t ret; + + if ((offset + buflen) > s->crypto_header.length) { + error_setg(errp, "Request for data outside of extension header"); + return -1; + } + + ret =3D bdrv_pwrite(bs->file, + s->crypto_header.offset + offset, buf, buflen); + if (ret < 0) { + error_setg_errno(errp, -ret, "Could not read encryption header"); + return -1; + } + return ret; +} + + /*=20 * read qcow2 extension and fill bs * start reading from start_offset @@ -89,7 +170,7 @@ static int qcow2_probe(const uint8_t *buf, int buf_size,= const char *filename) */ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offs= et, uint64_t end_offset, void **p_feature_tab= le, - Error **errp) + int flags, Error **errp) { BDRVQcow2State *s =3D bs->opaque; QCowExtension ext; @@ -165,6 +246,47 @@ static int qcow2_read_extensions(BlockDriverState *bs,= uint64_t start_offset, } break; =20 + case QCOW2_EXT_MAGIC_CRYPTO_HEADER: { + unsigned int cflags =3D 0; + if (s->crypt_method_header !=3D QCOW_CRYPT_LUKS) { + error_setg(errp, "CRYPTO header extension only " + "expected with LUKS encryption method"); + return -EINVAL; + } + if (ext.len !=3D sizeof(Qcow2CryptoHeaderExtension)) { + error_setg(errp, "CRYPTO header extension size %u, " + "but expected size %zu", ext.len, + sizeof(Qcow2CryptoHeaderExtension)); + return -EINVAL; + } + + ret =3D bdrv_pread(bs->file, offset, &s->crypto_header, ext.le= n); + if (ret < 0) { + error_setg_errno(errp, -ret, + "Unable to read CRYPTO header extension"); + return ret; + } + be64_to_cpus(&s->crypto_header.offset); + be64_to_cpus(&s->crypto_header.length); + + if ((s->crypto_header.offset % s->cluster_size) !=3D 0) { + error_setg(errp, "Encryption header offset '%" PRIu64 "' i= s " + "not a multiple of cluster size '%u'", + s->crypto_header.offset, s->cluster_size); + return -EINVAL; + } + + if (flags & BDRV_O_NO_IO) { + cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; + } + s->crypto =3D qcrypto_block_open(s->crypto_opts, + qcow2_crypto_hdr_read_func, + bs, cflags, errp); + if (!s->crypto) { + return -EINVAL; + } + } break; + default: /* unknown magic - save it in case we need to rewrite the head= er */ { @@ -464,7 +586,8 @@ static QemuOptsList qcow2_runtime_opts =3D { .type =3D QEMU_OPT_NUMBER, .help =3D "Clean unused cache entries after this time (in seco= nds)", }, - BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."), + BLOCK_CRYPTO_OPT_DEF_KEY_SECRET("encrypt.", + "ID of secret providing qcow AES key or LUKS passphrase"), { /* end of list */ } }, }; @@ -783,6 +906,19 @@ static int qcow2_update_options_prepare(BlockDriverSta= te *bs, Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp); break; =20 + case QCOW_CRYPT_LUKS: + if (encryptfmt && !g_str_equal(encryptfmt, "luks")) { + error_setg(errp, + "Header reported 'luks' encryption format but " + "options specify '%s'", encryptfmt); + ret =3D -EINVAL; + goto fail; + } + qdict_del(encryptopts, "format"); + r->crypto_opts =3D block_crypto_open_opts_init( + Q_CRYPTO_BLOCK_FORMAT_LUKS, encryptopts, errp); + break; + default: error_setg(errp, "Unsupported encryption method %d", s->crypt_method_header); @@ -976,7 +1112,7 @@ static int qcow2_do_open(BlockDriverState *bs, QDict *= options, int flags, if (s->incompatible_features & ~QCOW2_INCOMPAT_MASK) { void *feature_table =3D NULL; qcow2_read_extensions(bs, header.header_length, ext_end, - &feature_table, NULL); + &feature_table, flags, NULL); report_unsupported_feature(errp, feature_table, s->incompatible_features & ~QCOW2_INCOMPAT_MASK); @@ -1008,12 +1144,6 @@ static int qcow2_do_open(BlockDriverState *bs, QDict= *options, int flags, s->refcount_max =3D UINT64_C(1) << (s->refcount_bits - 1); s->refcount_max +=3D s->refcount_max - 1; =20 - if (header.crypt_method > QCOW_CRYPT_AES) { - error_setg(errp, "Unsupported encryption method: %" PRIu32, - header.crypt_method); - ret =3D -EINVAL; - goto fail; - } s->crypt_method_header =3D header.crypt_method; if (s->crypt_method_header) { if (bdrv_uses_whitelist() && @@ -1030,6 +1160,15 @@ static int qcow2_do_open(BlockDriverState *bs, QDict= *options, int flags, goto fail; } =20 + if (s->crypt_method_header =3D=3D QCOW_CRYPT_AES) { + s->crypt_physical_offset =3D false; + } else { + /* Assuming LUKS and any future crypt methods we + * add will all use physical offsets, due to the + * fact that the alternative is insecure... */ + s->crypt_physical_offset =3D true; + } + bs->encrypted =3D true; bs->valid_key =3D true; } @@ -1158,20 +1297,31 @@ static int qcow2_do_open(BlockDriverState *bs, QDic= t *options, int flags, =20 /* read qcow2 extensions */ if (qcow2_read_extensions(bs, header.header_length, ext_end, NULL, - &local_err)) { + flags, &local_err)) { error_propagate(errp, local_err); ret =3D -EINVAL; goto fail; } =20 - if (s->crypt_method_header =3D=3D QCOW_CRYPT_AES) { - unsigned int cflags =3D 0; - if (flags & BDRV_O_NO_IO) { - cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; - } - s->crypto =3D qcrypto_block_open(s->crypto_opts, NULL, NULL, - cflags, errp); - if (!s->crypto) { + /* qcow2_read_extension may have set up the crypto context + * if the crypt method needs a header region, some methods + * don't need header extensions, so must check here + */ + if (s->crypt_method_header && !s->crypto) { + if (s->crypt_method_header =3D=3D QCOW_CRYPT_AES) { + unsigned int cflags =3D 0; + if (flags & BDRV_O_NO_IO) { + cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; + } + s->crypto =3D qcrypto_block_open(s->crypto_opts, NULL, NULL, + cflags, errp); + if (!s->crypto) { + ret =3D -EINVAL; + goto fail; + } + } else if (!(flags & BDRV_O_NO_IO)) { + error_setg(errp, "Missing CRYPTO header for crypt method %d", + s->crypt_method_header); ret =3D -EINVAL; goto fail; } @@ -1564,7 +1714,9 @@ static coroutine_fn int qcow2_co_preadv(BlockDriverSt= ate *bs, uint64_t offset, assert((cur_bytes & (BDRV_SECTOR_SIZE - 1)) =3D=3D 0); Error *err =3D NULL; if (qcrypto_block_decrypt(s->crypto, - offset >> BDRV_SECTOR_BITS, + (s->crypt_physical_offset ? + cluster_offset + offset_in_clus= ter : + offset) >> BDRV_SECTOR_BITS, cluster_data, cur_bytes, &err) < 0) { @@ -1660,7 +1812,10 @@ static coroutine_fn int qcow2_co_pwritev(BlockDriver= State *bs, uint64_t offset, QCOW_MAX_CRYPT_CLUSTERS * s->cluster_size); qemu_iovec_to_buf(&hd_qiov, 0, cluster_data, hd_qiov.size); =20 - if (qcrypto_block_encrypt(s->crypto, offset >> BDRV_SECTOR_BIT= S, + if (qcrypto_block_encrypt(s->crypto, + (s->crypt_physical_offset ? + cluster_offset + offset_in_cluster : + offset) >> BDRV_SECTOR_BITS, cluster_data, cur_bytes, &err) < 0) { error_free(err); @@ -1958,6 +2113,22 @@ int qcow2_update_header(BlockDriverState *bs) buflen -=3D ret; } =20 + /* Full disk encryption header pointer extension */ + if (s->crypto_header.offset !=3D 0) { + cpu_to_be64s(&s->crypto_header.offset); + cpu_to_be64s(&s->crypto_header.length); + ret =3D header_ext_add(buf, QCOW2_EXT_MAGIC_CRYPTO_HEADER, + &s->crypto_header, sizeof(s->crypto_header), + buflen); + be64_to_cpus(&s->crypto_header.offset); + be64_to_cpus(&s->crypto_header.length); + if (ret < 0) { + goto fail; + } + buf +=3D ret; + buflen -=3D ret; + } + /* Feature table */ if (s->qcow_version >=3D 3) { Qcow2Feature features[] =3D { @@ -2056,6 +2227,16 @@ static int qcow2_change_backing_file(BlockDriverStat= e *bs, return qcow2_update_header(bs); } =20 +static int qcow2_crypt_method_from_format(const char *encryptfmt) +{ + if (g_str_equal(encryptfmt, "luks")) { + return QCOW_CRYPT_LUKS; + } else if (g_str_equal(encryptfmt, "aes")) { + return QCOW_CRYPT_AES; + } else { + return -EINVAL; + } +} =20 static int qcow2_set_up_encryption(BlockDriverState *bs, const char *encry= ptfmt, QemuOpts *opts, Error **errp) @@ -2070,22 +2251,30 @@ static int qcow2_set_up_encryption(BlockDriverState= *bs, const char *encryptfmt, qdict_extract_subqdict(options, &encryptopts, "encrypt."); QDECREF(options); =20 - if (!g_str_equal(encryptfmt, "aes")) { - error_setg(errp, "Unknown encryption format '%s', expected 'aes'", - encryptfmt); - ret =3D -EINVAL; - goto out; + int fmt =3D qcow2_crypt_method_from_format(encryptfmt); + + switch (fmt) { + case QCOW_CRYPT_LUKS: + cryptoopts =3D block_crypto_create_opts_init( + Q_CRYPTO_BLOCK_FORMAT_LUKS, encryptopts, errp); + break; + case QCOW_CRYPT_AES: + cryptoopts =3D block_crypto_create_opts_init( + Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp); + break; + default: + error_setg(errp, "Unknown encryption format '%s'", encryptfmt); + break; } - cryptoopts =3D block_crypto_create_opts_init( - Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp); if (!cryptoopts) { ret =3D -EINVAL; goto out; } - s->crypt_method_header =3D QCOW_CRYPT_AES; + s->crypt_method_header =3D fmt; =20 crypto =3D qcrypto_block_create(cryptoopts, - NULL, NULL, + qcow2_crypto_hdr_init_func, + qcow2_crypto_hdr_write_func, bs, errp); if (!crypto) { ret =3D -EINVAL; @@ -3206,6 +3395,7 @@ static int qcow2_amend_options(BlockDriverState *bs, = QemuOpts *opts, const char *compat =3D NULL; uint64_t cluster_size =3D s->cluster_size; bool encrypt; + int encformat; int refcount_bits =3D s->refcount_bits; Error *local_err =3D NULL; int ret; @@ -3248,6 +3438,14 @@ static int qcow2_amend_options(BlockDriverState *bs,= QemuOpts *opts, error_report("Changing the encryption flag is not supporte= d"); return -ENOTSUP; } + } else if (!strcmp(desc->name, BLOCK_OPT_ENCRYPT_FORMAT)) { + encformat =3D qcow2_crypt_method_from_format( + qemu_opt_get(opts, BLOCK_OPT_ENCRYPT_FORMAT)); + + if (encformat !=3D s->crypt_method_header) { + error_report("Changing the encryption format is not suppor= ted"); + return -ENOTSUP; + } } else if (!strcmp(desc->name, BLOCK_OPT_CLUSTER_SIZE)) { cluster_size =3D qemu_opt_get_size(opts, BLOCK_OPT_CLUSTER_SIZ= E, cluster_size); @@ -3469,9 +3667,16 @@ static QemuOptsList qcow2_create_opts =3D { { .name =3D BLOCK_OPT_ENCRYPT_FORMAT, .type =3D QEMU_OPT_STRING, - .help =3D "Encrypt the image, format choices: 'aes'", + .help =3D "Encrypt the image, format choices: 'aes', 'luks'", }, - BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."), + BLOCK_CRYPTO_OPT_DEF_KEY_SECRET("encrypt.", + "ID of secret providing qcow AES key or LUKS passphrase"), + BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG("encrypt."), + BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE("encrypt."), + BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG("encrypt."), + BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG("encrypt."), + BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG("encrypt."), + BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME("encrypt."), { .name =3D BLOCK_OPT_CLUSTER_SIZE, .type =3D QEMU_OPT_SIZE, diff --git a/block/qcow2.h b/block/qcow2.h index 9746aaf..3cf577d 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -36,6 +36,7 @@ =20 #define QCOW_CRYPT_NONE 0 #define QCOW_CRYPT_AES 1 +#define QCOW_CRYPT_LUKS 2 =20 #define QCOW_MAX_CRYPT_CLUSTERS 32 #define QCOW_MAX_SNAPSHOTS 65536 @@ -163,6 +164,11 @@ typedef struct QCowSnapshot { struct Qcow2Cache; typedef struct Qcow2Cache Qcow2Cache; =20 +typedef struct Qcow2CryptoHeaderExtension { + uint64_t offset; + uint64_t length; +} QEMU_PACKED Qcow2CryptoHeaderExtension; + typedef struct Qcow2UnknownHeaderExtension { uint32_t magic; uint32_t len; @@ -257,8 +263,11 @@ typedef struct BDRVQcow2State { =20 CoMutex lock; =20 + Qcow2CryptoHeaderExtension crypto_header; /* QCow2 header extension */ QCryptoBlockOpenOptions *crypto_opts; /* Disk encryption runtime optio= ns */ QCryptoBlock *crypto; /* Disk encryption format driver */ + bool crypt_physical_offset; /* Whether to use virtual or physical offs= et + for encryption initialization vector tw= eak */ uint32_t crypt_method_header; uint64_t snapshots_offset; int snapshots_size; diff --git a/qapi/block-core.json b/qapi/block-core.json index 2a3ab47..6d418db 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2319,7 +2319,7 @@ # Since: 2.10 ## { 'enum': 'BlockdevQcow2EncryptionFormat', - 'data': [ 'qcow' ] } + 'data': [ 'qcow', 'luks' ] } =20 ## # @BlockdevQcow2Encryption: @@ -2329,7 +2329,8 @@ { 'union': 'BlockdevQcow2Encryption', 'base': { 'format': 'BlockdevQcow2EncryptionFormat' }, 'discriminator': 'format', - 'data': { 'qcow': 'QCryptoBlockOptionsQCow' } } + 'data': { 'qcow': 'QCryptoBlockOptionsQCow', + 'luks': 'QCryptoBlockOptionsLUKS'} } =20 ## # @BlockdevOptionsQcow2: diff --git a/tests/qemu-iotests/082.out b/tests/qemu-iotests/082.out index 7026dc4..f3398bc 100644 --- a/tests/qemu-iotests/082.out +++ b/tests/qemu-iotests/082.out @@ -49,8 +49,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -64,8 +70,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -79,8 +91,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -94,8 +112,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -109,8 +133,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -124,8 +154,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -139,8 +175,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -154,8 +196,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -184,8 +232,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -248,8 +302,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -263,8 +323,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -278,8 +344,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -293,8 +365,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -308,8 +386,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -323,8 +407,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -338,8 +428,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -353,8 +449,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -383,8 +485,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -444,8 +552,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -459,8 +573,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -474,8 +594,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -489,8 +615,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -504,8 +636,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -519,8 +657,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -534,8 +678,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -549,8 +699,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates @@ -581,8 +737,14 @@ compat Compatibility level (0.10 or 1.1) backing_file File name of a base image backing_fmt Image format of the base image encryption Encrypt the image with format 'aes'. (Deprecated in favou= r of encrypt.format=3Daes) -encrypt.format Encrypt the image, format choices: 'aes' -encrypt.key-secret ID of the secret that provides the AES encryption key +encrypt.format Encrypt the image, format choices: 'aes', 'luks' +encrypt.key-secret ID of secret providing qcow AES key or LUKS passphrase +encrypt.cipher-alg Name of encryption cipher algorithm +encrypt.cipher-mode Name of encryption cipher mode +encrypt.ivgen-alg Name of IV generator algorithm +encrypt.ivgen-hash-alg Name of IV generator hash algorithm +encrypt.hash-alg Name of encryption hash algorithm +encrypt.iter-time Time to spend in PBKDF in milliseconds cluster_size qcow2 cluster size preallocation Preallocation mode (allowed values: off, metadata, falloc= , full) lazy_refcounts Postpone refcount updates --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493135299972570.8418709455478; Tue, 25 Apr 2017 08:48:19 -0700 (PDT) Received: from localhost ([::1]:50026 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32hO-0007Dm-Ae for importer@patchew.org; Tue, 25 Apr 2017 11:48:18 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52556) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32ZH-0008S3-3Q for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32ZF-0008FJ-3e for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:55 -0400 Received: from mx1.redhat.com ([209.132.183.28]:57846) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32ZA-0008D3-L6; Tue, 25 Apr 2017 11:39:48 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7F2BF7AE99; Tue, 25 Apr 2017 15:39:47 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id D517DC14C4; Tue, 25 Apr 2017 15:39:38 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 7F2BF7AE99 Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 7F2BF7AE99 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:54 +0100 Message-Id: <20170425153858.25660-15-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Tue, 25 Apr 2017 15:39:47 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 14/18] qcow2: add iotests to cover LUKS encryption support X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" This extends the 087 iotest to cover LUKS encryption when doing blockdev-add. Two further tests are added to validate read/write of LUKS encrypted images with a single file and with a backing file. Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/087 | 35 ++++++++++++++++++- tests/qemu-iotests/087.out | 14 +++++++- tests/qemu-iotests/177 | 76 ++++++++++++++++++++++++++++++++++++++++ tests/qemu-iotests/177.out | 18 ++++++++++ tests/qemu-iotests/178 | 86 ++++++++++++++++++++++++++++++++++++++++++= ++++ tests/qemu-iotests/178.out | 26 ++++++++++++++ tests/qemu-iotests/group | 2 ++ 7 files changed, 255 insertions(+), 2 deletions(-) create mode 100755 tests/qemu-iotests/177 create mode 100644 tests/qemu-iotests/177.out create mode 100755 tests/qemu-iotests/178 create mode 100644 tests/qemu-iotests/178.out diff --git a/tests/qemu-iotests/087 b/tests/qemu-iotests/087 index 730270e..153dad0 100755 --- a/tests/qemu-iotests/087 +++ b/tests/qemu-iotests/087 @@ -121,7 +121,7 @@ run_qemu <. +# + +# creator +owner=3Dberrange@redhat.com + +seq=3D`basename $0` +echo "QA output created by $seq" + +here=3D`pwd` +status=3D1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt qcow2 +_supported_proto generic +_supported_os Linux + + +size=3D16M + +SECRET=3D"secret,id=3Dsec0,data=3Dastrochicken" +SECRETALT=3D"secret,id=3Dsec0,data=3Dplatypus" + +_make_test_img --object $SECRET -o "encrypt.format=3Dluks,encrypt.key-secr= et=3Dsec0,encrypt.iter-time=3D10" $size + +IMGSPEC=3D"driver=3D$IMGFMT,file.filename=3D$TEST_IMG,encrypt.key-secret= =3Dsec0" + +QEMU_IO_OPTIONS=3D$QEMU_IO_OPTIONS_NO_FMT + +echo +echo "=3D=3D reading whole image =3D=3D" +$QEMU_IO --object $SECRET -c "read -P 0 0 $size" --image-opts $IMGSPEC | _= filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D rewriting whole image =3D=3D" +$QEMU_IO --object $SECRET -c "write -P 0xa 0 $size" --image-opts $IMGSPEC = | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET -c "read -P 0xa 0 $size" --image-opts $IMGSPEC = | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify open failure with wrong password =3D=3D" +$QEMU_IO --object $SECRETALT -c "read -P 0xa 0 $size" --image-opts $IMGSPE= C | _filter_qemu_io | _filter_testdir + + +# success, all done +echo "*** done" +rm -f $seq.full +status=3D0 diff --git a/tests/qemu-iotests/177.out b/tests/qemu-iotests/177.out new file mode 100644 index 0000000..95d558b --- /dev/null +++ b/tests/qemu-iotests/177.out @@ -0,0 +1,18 @@ +QA output created by 177 +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 encrypt.forma= t=3Dluks encrypt.key-secret=3Dsec0 encrypt.iter-time=3D10 + +=3D=3D reading whole image =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D rewriting whole image =3D=3D +wrote 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify open failure with wrong password =3D=3D +can't open: Invalid password, cannot unlock any keyslot +*** done diff --git a/tests/qemu-iotests/178 b/tests/qemu-iotests/178 new file mode 100755 index 0000000..54ad980 --- /dev/null +++ b/tests/qemu-iotests/178 @@ -0,0 +1,86 @@ +#!/bin/bash +# +# Test encrypted read/write using backing files +# +# Copyright (C) 2017 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=3Dberrange@redhat.com + +seq=3D`basename $0` +echo "QA output created by $seq" + +here=3D`pwd` +status=3D1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt qcow2 +_supported_proto generic +_supported_os Linux + + +size=3D16M +TEST_IMG_BASE=3D$TEST_IMG.base +SECRET0=3D"secret,id=3Dsec0,data=3Dastrochicken" +SECRET1=3D"secret,id=3Dsec1,data=3Dfurby" + +TEST_IMG_SAVE=3D$TEST_IMG +TEST_IMG=3D$TEST_IMG_BASE +echo "=3D=3D create base =3D=3D" +_make_test_img --object $SECRET0 -o "encrypt.format=3Dluks,encrypt.key-sec= ret=3Dsec0,encrypt.iter-time=3D10" $size +TEST_IMG=3D$TEST_IMG_SAVE + +IMGSPECBASE=3D"driver=3D$IMGFMT,file.filename=3D$TEST_IMG_BASE,encrypt.key= -secret=3Dsec0" +IMGSPEC=3D"driver=3D$IMGFMT,file.filename=3D$TEST_IMG,backing.driver=3D$IM= GFMT,backing.file.filename=3D$TEST_IMG_BASE,backing.encrypt.key-secret=3Dse= c0,encrypt.key-secret=3Dsec1" +QEMU_IO_OPTIONS=3D$QEMU_IO_OPTIONS_NO_FMT + +echo +echo "=3D=3D writing whole image =3D=3D" +$QEMU_IO --object $SECRET0 -c "write -P 0xa 0 $size" --image-opts $IMGSPEC= BASE | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET0 -c "read -P 0xa 0 $size" --image-opts $IMGSPECB= ASE | _filter_qemu_io | _filter_testdir + +echo "=3D=3D create overlay =3D=3D" +_make_test_img --object $SECRET1 -o "encrypt.format=3Dluks,encrypt.key-sec= ret=3Dsec1,encrypt.iter-time=3D10" -b "$TEST_IMG_BASE" $size + +echo +echo "=3D=3D writing part of a cluster =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "write -P 0xe 0 1024" --im= age-opts $IMGSPEC | _filter_qemu_io | _filter_testdir + +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0xe 0 1024" --ima= ge-opts $IMGSPEC | _filter_qemu_io | _filter_testdir +echo +echo "=3D=3D verify pattern =3D=3D" +$QEMU_IO --object $SECRET0 --object $SECRET1 -c "read -P 0xa 1024 64512" -= -image-opts $IMGSPEC | _filter_qemu_io | _filter_testdir + + +# success, all done +echo "*** done" +rm -f $seq.full +status=3D0 diff --git a/tests/qemu-iotests/178.out b/tests/qemu-iotests/178.out new file mode 100644 index 0000000..ab5342d --- /dev/null +++ b/tests/qemu-iotests/178.out @@ -0,0 +1,26 @@ +QA output created by 178 +=3D=3D create base =3D=3D +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=3DIMGFMT size=3D16777216 encrypt.= format=3Dluks encrypt.key-secret=3Dsec0 encrypt.iter-time=3D10 + +=3D=3D writing whole image =3D=3D +wrote 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 16777216/16777216 bytes at offset 0 +16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +=3D=3D create overlay =3D=3D +Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D16777216 backing_file= =3DTEST_DIR/t.IMGFMT.base encrypt.format=3Dluks encrypt.key-secret=3Dsec1 e= ncrypt.iter-time=3D10 + +=3D=3D writing part of a cluster =3D=3D +wrote 1024/1024 bytes at offset 0 +1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 1024/1024 bytes at offset 0 +1 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +=3D=3D verify pattern =3D=3D +read 64512/64512 bytes at offset 1024 +63 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +*** done diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index 43142dd..e0709f2 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -169,3 +169,5 @@ 174 auto 175 auto quick 176 rw auto backing +177 rw auto quick +178 rw auto quick --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493135310970621.4275581730162; Tue, 25 Apr 2017 08:48:30 -0700 (PDT) Received: from localhost ([::1]:50027 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32hZ-0007Mx-Jx for importer@patchew.org; Tue, 25 Apr 2017 11:48:29 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52565) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32ZI-0008T6-6V for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:40:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32ZH-0008IP-F8 for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:39:56 -0400 Received: from mx1.redhat.com ([209.132.183.28]:45940) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32ZF-0008F5-0j; Tue, 25 Apr 2017 11:39:53 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E1BA7C0A15F9; Tue, 25 Apr 2017 15:39:51 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id B607786D21; Tue, 25 Apr 2017 15:39:47 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E1BA7C0A15F9 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com E1BA7C0A15F9 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:55 +0100 Message-Id: <20170425153858.25660-16-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 25 Apr 2017 15:39:52 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 15/18] iotests: enable tests 134 and 158 to work with qcow (v1) X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The 138 and 158 iotests exercise the legacy qcow2 aes encryption code path and they work fine with qcow v1 too. Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- tests/qemu-iotests/134 | 2 +- tests/qemu-iotests/158 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/qemu-iotests/134 b/tests/qemu-iotests/134 index f851d92..9914415 100755 --- a/tests/qemu-iotests/134 +++ b/tests/qemu-iotests/134 @@ -37,7 +37,7 @@ trap "_cleanup; exit \$status" 0 1 2 3 15 . ./common.rc . ./common.filter =20 -_supported_fmt qcow2 +_supported_fmt qcow qcow2 _supported_proto generic _unsupported_proto vxhs _supported_os Linux diff --git a/tests/qemu-iotests/158 b/tests/qemu-iotests/158 index e280b79..823c120 100755 --- a/tests/qemu-iotests/158 +++ b/tests/qemu-iotests/158 @@ -37,7 +37,7 @@ trap "_cleanup; exit \$status" 0 1 2 3 15 . ./common.rc . ./common.filter =20 -_supported_fmt qcow2 +_supported_fmt qcow qcow2 _supported_proto generic _unsupported_proto vxhs _supported_os Linux --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493135539820466.5820297097897; Tue, 25 Apr 2017 08:52:19 -0700 (PDT) Received: from localhost ([::1]:50049 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32lG-0001v0-Ep for importer@patchew.org; Tue, 25 Apr 2017 11:52:18 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52712) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32ZW-0000H7-4T for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:40:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32ZP-0008Nr-HN for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:40:10 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48266) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32ZJ-0008JS-TH; Tue, 25 Apr 2017 11:39:58 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C52BFA08E8; Tue, 25 Apr 2017 15:39:56 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2496217CC1; Tue, 25 Apr 2017 15:39:52 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com C52BFA08E8 Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com C52BFA08E8 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:56 +0100 Message-Id: <20170425153858.25660-17-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 25 Apr 2017 15:39:56 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 16/18] block: rip out all traces of password prompting X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Now that qcow & qcow2 are wired up to get encryption keys via the QCryptoSecret object, nothing is relying on the interactive prompting for passwords. All the code related to password prompting can thus be ripped out. Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- hmp.c | 31 --------------------- include/monitor/monitor.h | 7 ----- include/qemu/osdep.h | 2 -- monitor.c | 68 -------------------------------------------= ---- qapi-schema.json | 10 +------ qemu-img.c | 31 --------------------- qemu-io.c | 20 -------------- qmp.c | 12 +-------- util/oslib-posix.c | 66 -------------------------------------------= -- util/oslib-win32.c | 24 ----------------- 10 files changed, 2 insertions(+), 269 deletions(-) diff --git a/hmp.c b/hmp.c index ab407d6..510d412 100644 --- a/hmp.c +++ b/hmp.c @@ -1076,37 +1076,12 @@ void hmp_ringbuf_read(Monitor *mon, const QDict *qd= ict) g_free(data); } =20 -static void hmp_cont_cb(void *opaque, int err) -{ - if (!err) { - qmp_cont(NULL); - } -} - -static bool key_is_missing(const BlockInfo *bdev) -{ - return (bdev->inserted && bdev->inserted->encryption_key_missing); -} - void hmp_cont(Monitor *mon, const QDict *qdict) { - BlockInfoList *bdev_list, *bdev; Error *err =3D NULL; =20 - bdev_list =3D qmp_query_block(NULL); - for (bdev =3D bdev_list; bdev; bdev =3D bdev->next) { - if (key_is_missing(bdev->value)) { - monitor_read_block_device_key(mon, bdev->value->device, - hmp_cont_cb, NULL); - goto out; - } - } - qmp_cont(&err); hmp_handle_error(mon, &err); - -out: - qapi_free_BlockInfoList(bdev_list); } =20 void hmp_system_wakeup(Monitor *mon, const QDict *qdict) @@ -1541,12 +1516,6 @@ void hmp_change(Monitor *mon, const QDict *qdict) qmp_blockdev_change_medium(true, device, false, NULL, target, !!arg, arg, !!read_only, read_only_mode, &err); - if (err && - error_get_class(err) =3D=3D ERROR_CLASS_DEVICE_ENCRYPTED) { - error_free(err); - monitor_read_block_device_key(mon, device, NULL, NULL); - return; - } } =20 hmp_handle_error(mon, &err); diff --git a/include/monitor/monitor.h b/include/monitor/monitor.h index d2b3aaf..83ea4a1 100644 --- a/include/monitor/monitor.h +++ b/include/monitor/monitor.h @@ -23,13 +23,6 @@ void monitor_cleanup(void); int monitor_suspend(Monitor *mon); void monitor_resume(Monitor *mon); =20 -int monitor_read_bdrv_key_start(Monitor *mon, BlockDriverState *bs, - BlockCompletionFunc *completion_cb, - void *opaque); -int monitor_read_block_device_key(Monitor *mon, const char *device, - BlockCompletionFunc *completion_cb, - void *opaque); - int monitor_get_fd(Monitor *mon, const char *fdname, Error **errp); int monitor_fd_param(Monitor *mon, const char *fdname, Error **errp); =20 diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h index 122ff06..85587b8 100644 --- a/include/qemu/osdep.h +++ b/include/qemu/osdep.h @@ -441,8 +441,6 @@ void qemu_set_tty_echo(int fd, bool echo); void os_mem_prealloc(int fd, char *area, size_t sz, int smp_cpus, Error **errp); =20 -int qemu_read_password(char *buf, int buf_size); - /** * qemu_get_pid_name: * @pid: pid of a process diff --git a/monitor.c b/monitor.c index be282ec..357383f 100644 --- a/monitor.c +++ b/monitor.c @@ -4017,74 +4017,6 @@ void monitor_cleanup(void) qemu_mutex_unlock(&monitor_lock); } =20 -static void bdrv_password_cb(void *opaque, const char *password, - void *readline_opaque) -{ - Monitor *mon =3D opaque; - BlockDriverState *bs =3D readline_opaque; - int ret =3D 0; - Error *local_err =3D NULL; - - bdrv_add_key(bs, password, &local_err); - if (local_err) { - error_report_err(local_err); - ret =3D -EPERM; - } - if (mon->password_completion_cb) - mon->password_completion_cb(mon->password_opaque, ret); - - monitor_read_command(mon, 1); -} - -int monitor_read_bdrv_key_start(Monitor *mon, BlockDriverState *bs, - BlockCompletionFunc *completion_cb, - void *opaque) -{ - int err; - - monitor_printf(mon, "%s (%s) is encrypted.\n", bdrv_get_device_name(bs= ), - bdrv_get_encrypted_filename(bs)); - - mon->password_completion_cb =3D completion_cb; - mon->password_opaque =3D opaque; - - err =3D monitor_read_password(mon, bdrv_password_cb, bs); - - if (err && completion_cb) - completion_cb(opaque, err); - - return err; -} - -int monitor_read_block_device_key(Monitor *mon, const char *device, - BlockCompletionFunc *completion_cb, - void *opaque) -{ - Error *err =3D NULL; - BlockBackend *blk; - - blk =3D blk_by_name(device); - if (!blk) { - monitor_printf(mon, "Device not found %s\n", device); - return -1; - } - if (!blk_bs(blk)) { - monitor_printf(mon, "Device '%s' has no medium\n", device); - return -1; - } - - bdrv_add_key(blk_bs(blk), NULL, &err); - if (err) { - error_free(err); - return monitor_read_bdrv_key_start(mon, blk_bs(blk), completion_cb= , opaque); - } - - if (completion_cb) { - completion_cb(opaque, 0); - } - return 0; -} - QemuOptsList qemu_mon_opts =3D { .name =3D "mon", .implied_opt_name =3D "chardev", diff --git a/qapi-schema.json b/qapi-schema.json index 01b087f..bb0214b 100644 --- a/qapi-schema.json +++ b/qapi-schema.json @@ -2402,8 +2402,6 @@ # Since: 0.14.0 # # Returns: If successful, nothing -# If QEMU was started with an encrypted block device and a key h= as -# not yet been set, DeviceEncrypted. # # Notes: This command will succeed if the guest is currently running. It # will also succeed if the guest is in the "inmigrate" state; in @@ -2684,8 +2682,7 @@ # * This command is stateless, this means that commands that depend # on state information (such as getfd) might not work # -# * Commands that prompt the user for data (eg. 'cont' when the blo= ck -# device is encrypted) don't currently work +# * Commands that prompt the user for data don't currently work # # Example: # @@ -2990,11 +2987,6 @@ # # Returns: Nothing on success. # If @device is not a valid block device, DeviceNotFound -# If the new block device is encrypted, DeviceEncrypted. Note th= at -# if this error is returned, the device has been opened successfu= lly -# and an additional call to @block_passwd is required to set the -# device's password. The behavior of reads and writes to the blo= ck -# device between when these calls are executed is undefined. # # Notes: This interface is deprecated, and it is strongly recommended tha= t you # avoid using it. For changing block devices, use diff --git a/qemu-img.c b/qemu-img.c index 26be4d6..3ca0704 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -258,29 +258,6 @@ static int print_block_option_help(const char *filenam= e, const char *fmt) } =20 =20 -static int img_open_password(BlockBackend *blk, const char *filename, - int flags, bool quiet) -{ - BlockDriverState *bs; - char password[256]; - - bs =3D blk_bs(blk); - if (bdrv_is_encrypted(bs) && bdrv_key_required(bs) && - !(flags & BDRV_O_NO_IO)) { - qprintf(quiet, "Disk image '%s' is encrypted.\n", filename); - if (qemu_read_password(password, sizeof(password)) < 0) { - error_report("No password given"); - return -1; - } - if (bdrv_set_key(bs, password) < 0) { - error_report("invalid password"); - return -1; - } - } - return 0; -} - - static BlockBackend *img_open_opts(const char *optstr, QemuOpts *opts, int flags, bool writeth= rough, bool quiet) @@ -296,10 +273,6 @@ static BlockBackend *img_open_opts(const char *optstr, } blk_set_enable_write_cache(blk, !writethrough); =20 - if (img_open_password(blk, optstr, flags, quiet) < 0) { - blk_unref(blk); - return NULL; - } return blk; } =20 @@ -323,10 +296,6 @@ static BlockBackend *img_open_file(const char *filenam= e, } blk_set_enable_write_cache(blk, !writethrough); =20 - if (img_open_password(blk, filename, flags, quiet) < 0) { - blk_unref(blk); - return NULL; - } return blk; } =20 diff --git a/qemu-io.c b/qemu-io.c index 427cbae..864b32e 100644 --- a/qemu-io.c +++ b/qemu-io.c @@ -56,7 +56,6 @@ static const cmdinfo_t close_cmd =3D { static int openfile(char *name, int flags, bool writethrough, QDict *opts) { Error *local_err =3D NULL; - BlockDriverState *bs; =20 if (qemuio_blk) { error_report("file open already, try 'help close'"); @@ -71,28 +70,9 @@ static int openfile(char *name, int flags, bool writethr= ough, QDict *opts) return 1; } =20 - bs =3D blk_bs(qemuio_blk); - if (bdrv_is_encrypted(bs) && bdrv_key_required(bs)) { - char password[256]; - printf("Disk image '%s' is encrypted.\n", name); - if (qemu_read_password(password, sizeof(password)) < 0) { - error_report("No password given"); - goto error; - } - if (bdrv_set_key(bs, password) < 0) { - error_report("invalid password"); - goto error; - } - } - blk_set_enable_write_cache(qemuio_blk, !writethrough); =20 return 0; - - error: - blk_unref(qemuio_blk); - qemuio_blk =3D NULL; - return 1; } =20 static void open_help(void) diff --git a/qmp.c b/qmp.c index ab74cd7..da46770 100644 --- a/qmp.c +++ b/qmp.c @@ -164,10 +164,8 @@ SpiceInfo *qmp_query_spice(Error **errp) =20 void qmp_cont(Error **errp) { - Error *local_err =3D NULL; BlockBackend *blk; - BlockDriverState *bs; - BdrvNextIterator it; + Error *local_err =3D NULL; =20 /* if there is a dump in background, we should wait until the dump * finished */ @@ -187,14 +185,6 @@ void qmp_cont(Error **errp) blk_iostatus_reset(blk); } =20 - for (bs =3D bdrv_first(&it); bs; bs =3D bdrv_next(&it)) { - bdrv_add_key(bs, NULL, &local_err); - if (local_err) { - error_propagate(errp, local_err); - return; - } - } - /* Continuing after completed migration. Images have been inactivated = to * allow the destination to take control. Need to get control back now= . */ if (runstate_check(RUN_STATE_FINISH_MIGRATE) || diff --git a/util/oslib-posix.c b/util/oslib-posix.c index 4d9189e..29fd4d3 100644 --- a/util/oslib-posix.c +++ b/util/oslib-posix.c @@ -459,72 +459,6 @@ void os_mem_prealloc(int fd, char *area, size_t memory= , int smp_cpus, } =20 =20 -static struct termios oldtty; - -static void term_exit(void) -{ - tcsetattr(0, TCSANOW, &oldtty); -} - -static void term_init(void) -{ - struct termios tty; - - tcgetattr(0, &tty); - oldtty =3D tty; - - tty.c_iflag &=3D ~(IGNBRK|BRKINT|PARMRK|ISTRIP - |INLCR|IGNCR|ICRNL|IXON); - tty.c_oflag |=3D OPOST; - tty.c_lflag &=3D ~(ECHO|ECHONL|ICANON|IEXTEN); - tty.c_cflag &=3D ~(CSIZE|PARENB); - tty.c_cflag |=3D CS8; - tty.c_cc[VMIN] =3D 1; - tty.c_cc[VTIME] =3D 0; - - tcsetattr(0, TCSANOW, &tty); - - atexit(term_exit); -} - -int qemu_read_password(char *buf, int buf_size) -{ - uint8_t ch; - int i, ret; - - printf("password: "); - fflush(stdout); - term_init(); - i =3D 0; - for (;;) { - ret =3D read(0, &ch, 1); - if (ret =3D=3D -1) { - if (errno =3D=3D EAGAIN || errno =3D=3D EINTR) { - continue; - } else { - break; - } - } else if (ret =3D=3D 0) { - ret =3D -1; - break; - } else { - if (ch =3D=3D '\r' || - ch =3D=3D '\n') { - ret =3D 0; - break; - } - if (i < (buf_size - 1)) { - buf[i++] =3D ch; - } - } - } - term_exit(); - buf[i] =3D '\0'; - printf("\n"); - return ret; -} - - char *qemu_get_pid_name(pid_t pid) { char *name =3D NULL; diff --git a/util/oslib-win32.c b/util/oslib-win32.c index 80e4668..aacdaed 100644 --- a/util/oslib-win32.c +++ b/util/oslib-win32.c @@ -554,30 +554,6 @@ void os_mem_prealloc(int fd, char *area, size_t memory= , int smp_cpus, } =20 =20 -/* XXX: put correct support for win32 */ -int qemu_read_password(char *buf, int buf_size) -{ - int c, i; - - printf("Password: "); - fflush(stdout); - i =3D 0; - for (;;) { - c =3D getchar(); - if (c < 0) { - buf[i] =3D '\0'; - return -1; - } else if (c =3D=3D '\n') { - break; - } else if (i < (buf_size - 1)) { - buf[i++] =3D c; - } - } - buf[i] =3D '\0'; - return 0; -} - - char *qemu_get_pid_name(pid_t pid) { /* XXX Implement me */ --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493135118786754.6572855917799; Tue, 25 Apr 2017 08:45:18 -0700 (PDT) Received: from localhost ([::1]:50007 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32eT-0004jC-B1 for importer@patchew.org; Tue, 25 Apr 2017 11:45:17 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52675) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32ZT-0000DQ-Cn for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:40:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32ZR-0008OV-JX for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:40:07 -0400 Received: from mx1.redhat.com ([209.132.183.28]:52194) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32ZM-0008LB-Gy; Tue, 25 Apr 2017 11:40:00 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 69B9770727; Tue, 25 Apr 2017 15:39:59 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0ABD47F599; Tue, 25 Apr 2017 15:39:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 69B9770727 Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 69B9770727 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:57 +0100 Message-Id: <20170425153858.25660-18-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 25 Apr 2017 15:39:59 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 17/18] block: remove all encryption handling APIs X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Now that all encryption keys must be provided upfront via the QCryptoSecret API and associated block driver properties there is no need for any explicit encryption handling APIs in the block layer. Encryption can be handled transparently within the block driver. We only retain an API for querying whether an image is encrypted or not, since that is a potentially useful piece of metadata to report to the user. Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- block.c | 77 +------------------------------------------= ---- block/crypto.c | 1 - block/qapi.c | 2 +- block/qcow.c | 7 ++++- block/qcow2.c | 1 - blockdev.c | 37 ++--------------------- hmp-commands.hx | 2 ++ include/block/block.h | 3 -- include/block/block_int.h | 1 - include/qapi/error.h | 1 - qapi/block-core.json | 37 ++--------------------- qapi/common.json | 5 +-- 12 files changed, 15 insertions(+), 159 deletions(-) diff --git a/block.c b/block.c index 5db266b..a3de487 100644 --- a/block.c +++ b/block.c @@ -2482,15 +2482,7 @@ static BlockDriverState *bdrv_open_inherit(const cha= r *filename, goto close_and_fail; } =20 - if (!bdrv_key_required(bs)) { - bdrv_parent_cb_change_media(bs, true); - } else if (!runstate_check(RUN_STATE_PRELAUNCH) - && !runstate_check(RUN_STATE_INMIGRATE) - && !runstate_check(RUN_STATE_PAUSED)) { /* HACK */ - error_setg(errp, - "Guest must be stopped for opening of encrypted image"); - goto close_and_fail; - } + bdrv_parent_cb_change_media(bs, true); =20 QDECREF(options); =20 @@ -2981,7 +2973,6 @@ static void bdrv_close(BlockDriverState *bs) bs->backing_format[0] =3D '\0'; bs->total_sectors =3D 0; bs->encrypted =3D false; - bs->valid_key =3D false; bs->sg =3D false; QDECREF(bs->options); QDECREF(bs->explicit_options); @@ -3407,72 +3398,6 @@ bool bdrv_is_encrypted(BlockDriverState *bs) return bs->encrypted; } =20 -bool bdrv_key_required(BlockDriverState *bs) -{ - BdrvChild *backing =3D bs->backing; - - if (backing && backing->bs->encrypted && !backing->bs->valid_key) { - return true; - } - return (bs->encrypted && !bs->valid_key); -} - -int bdrv_set_key(BlockDriverState *bs, const char *key) -{ - int ret; - if (bs->backing && bs->backing->bs->encrypted) { - ret =3D bdrv_set_key(bs->backing->bs, key); - if (ret < 0) - return ret; - if (!bs->encrypted) - return 0; - } - if (!bs->encrypted) { - return -EINVAL; - } else if (!bs->drv || !bs->drv->bdrv_set_key) { - return -ENOMEDIUM; - } - ret =3D bs->drv->bdrv_set_key(bs, key); - if (ret < 0) { - bs->valid_key =3D false; - } else if (!bs->valid_key) { - /* call the change callback now, we skipped it on open */ - bs->valid_key =3D true; - bdrv_parent_cb_change_media(bs, true); - } - return ret; -} - -/* - * Provide an encryption key for @bs. - * If @key is non-null: - * If @bs is not encrypted, fail. - * Else if the key is invalid, fail. - * Else set @bs's key to @key, replacing the existing key, if any. - * If @key is null: - * If @bs is encrypted and still lacks a key, fail. - * Else do nothing. - * On failure, store an error object through @errp if non-null. - */ -void bdrv_add_key(BlockDriverState *bs, const char *key, Error **errp) -{ - if (key) { - if (!bdrv_is_encrypted(bs)) { - error_setg(errp, "Node '%s' is not encrypted", - bdrv_get_device_or_node_name(bs)); - } else if (bdrv_set_key(bs, key) < 0) { - error_setg(errp, QERR_INVALID_PASSWORD); - } - } else { - if (bdrv_key_required(bs)) { - error_set(errp, ERROR_CLASS_DEVICE_ENCRYPTED, - "'%s' (%s) is encrypted", - bdrv_get_device_or_node_name(bs), - bdrv_get_encrypted_filename(bs)); - } - } -} - const char *bdrv_get_format_name(BlockDriverState *bs) { return bs->drv ? bs->drv->format_name : NULL; diff --git a/block/crypto.c b/block/crypto.c index 913723a..045836d 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -308,7 +308,6 @@ static int block_crypto_open_generic(QCryptoBlockFormat= format, } =20 bs->encrypted =3D true; - bs->valid_key =3D true; =20 ret =3D 0; cleanup: diff --git a/block/qapi.c b/block/qapi.c index a40922e..9d724c2 100644 --- a/block/qapi.c +++ b/block/qapi.c @@ -45,7 +45,7 @@ BlockDeviceInfo *bdrv_block_device_info(BlockBackend *blk, info->ro =3D bs->read_only; info->drv =3D g_strdup(bs->drv->format_name); info->encrypted =3D bs->encrypted; - info->encryption_key_missing =3D bdrv_key_required(bs); + info->encryption_key_missing =3D false; =20 info->cache =3D g_new(BlockdevCacheInfo, 1); *info->cache =3D (BlockdevCacheInfo) { diff --git a/block/qcow.c b/block/qcow.c index 7bfa0dd..962b941 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -220,7 +220,12 @@ static int qcow_open(BlockDriverState *bs, QDict *opti= ons, int flags, goto fail; } bs->encrypted =3D true; - bs->valid_key =3D true; + } else { + if (encryptfmt) { + error_setg(errp, "No encryption in image header, but options " + "specified format '%s'", encryptfmt); + goto fail; + } } s->cluster_bits =3D header.cluster_bits; s->cluster_size =3D 1 << s->cluster_bits; diff --git a/block/qcow2.c b/block/qcow2.c index 44a573b..03997c1 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -1170,7 +1170,6 @@ static int qcow2_do_open(BlockDriverState *bs, QDict = *options, int flags, } =20 bs->encrypted =3D true; - bs->valid_key =3D true; } =20 s->l2_bits =3D s->cluster_bits - 3; /* L2 is always one cluster */ diff --git a/blockdev.c b/blockdev.c index 6428206..b3dd277 100644 --- a/blockdev.c +++ b/blockdev.c @@ -591,10 +591,6 @@ static BlockBackend *blockdev_init(const char *file, Q= Dict *bs_opts, =20 bs->detect_zeroes =3D detect_zeroes; =20 - if (bdrv_key_required(bs)) { - autostart =3D 0; - } - block_acct_init(blk_get_stats(blk), account_invalid, account_faile= d); =20 if (!parse_stats_intervals(blk_get_stats(blk), interval_list, errp= )) { @@ -2264,24 +2260,8 @@ void qmp_block_passwd(bool has_device, const char *d= evice, bool has_node_name, const char *node_name, const char *password, Error **errp) { - Error *local_err =3D NULL; - BlockDriverState *bs; - AioContext *aio_context; - - bs =3D bdrv_lookup_bs(has_device ? device : NULL, - has_node_name ? node_name : NULL, - &local_err); - if (local_err) { - error_propagate(errp, local_err); - return; - } - - aio_context =3D bdrv_get_aio_context(bs); - aio_context_acquire(aio_context); - - bdrv_add_key(bs, password, errp); - - aio_context_release(aio_context); + error_setg(errp, + "Setting block passwords directly is no longer supported"); } =20 /* @@ -2591,12 +2571,6 @@ void qmp_blockdev_change_medium(bool has_device, con= st char *device, goto fail; } =20 - bdrv_add_key(medium_bs, NULL, &err); - if (err) { - error_propagate(errp, err); - goto fail; - } - rc =3D do_open_tray(has_device ? device : NULL, has_id ? id : NULL, false, &err); @@ -3889,13 +3863,6 @@ void qmp_blockdev_add(BlockdevOptions *options, Erro= r **errp) =20 QTAILQ_INSERT_TAIL(&monitor_bdrv_states, bs, monitor_list); =20 - if (bs && bdrv_key_required(bs)) { - QTAILQ_REMOVE(&monitor_bdrv_states, bs, monitor_list); - bdrv_unref(bs); - error_setg(errp, "blockdev-add doesn't support encrypted devices"); - goto fail; - } - fail: visit_free(v); } diff --git a/hmp-commands.hx b/hmp-commands.hx index 8819281..d1a69a6 100644 --- a/hmp-commands.hx +++ b/hmp-commands.hx @@ -1612,6 +1612,8 @@ STEXI @item block_passwd @var{device} @var{password} @findex block_passwd Set the encrypted device @var{device} password to @var{password} + +This command is now obsolete and will always return an error since 2.10 ETEXI =20 { diff --git a/include/block/block.h b/include/block/block.h index 144df0d..dd7b103 100644 --- a/include/block/block.h +++ b/include/block/block.h @@ -464,9 +464,6 @@ BlockDriverState *bdrv_next(BdrvNextIterator *it); =20 BlockDriverState *bdrv_next_monitor_owned(BlockDriverState *bs); bool bdrv_is_encrypted(BlockDriverState *bs); -bool bdrv_key_required(BlockDriverState *bs); -int bdrv_set_key(BlockDriverState *bs, const char *key); -void bdrv_add_key(BlockDriverState *bs, const char *key, Error **errp); void bdrv_iterate_format(void (*it)(void *opaque, const char *name), void *opaque); const char *bdrv_get_node_name(const BlockDriverState *bs); diff --git a/include/block/block_int.h b/include/block/block_int.h index 4b2f8b0..9d5aba1 100644 --- a/include/block/block_int.h +++ b/include/block/block_int.h @@ -515,7 +515,6 @@ struct BlockDriverState { int open_flags; /* flags used to open the file, re-used for re-open */ bool read_only; /* if true, the media is read only */ bool encrypted; /* if true, the media is encrypted */ - bool valid_key; /* if true, a valid encryption key has been set */ bool sg; /* if true, the device is a /dev/sg* */ bool probed; /* if true, format was probed rather than specified */ =20 diff --git a/include/qapi/error.h b/include/qapi/error.h index 7e532d0..5d5e737 100644 --- a/include/qapi/error.h +++ b/include/qapi/error.h @@ -125,7 +125,6 @@ typedef enum ErrorClass { ERROR_CLASS_GENERIC_ERROR =3D QAPI_ERROR_CLASS_GENERICERROR, ERROR_CLASS_COMMAND_NOT_FOUND =3D QAPI_ERROR_CLASS_COMMANDNOTFOUND, - ERROR_CLASS_DEVICE_ENCRYPTED =3D QAPI_ERROR_CLASS_DEVICEENCRYPTED, ERROR_CLASS_DEVICE_NOT_ACTIVE =3D QAPI_ERROR_CLASS_DEVICENOTACTIVE, ERROR_CLASS_DEVICE_NOT_FOUND =3D QAPI_ERROR_CLASS_DEVICENOTFOUND, ERROR_CLASS_KVM_MISSING_CAP =3D QAPI_ERROR_CLASS_KVMMISSINGCAP, diff --git a/qapi/block-core.json b/qapi/block-core.json index 6d418db..e83a83f 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -259,8 +259,7 @@ # # @encrypted: true if the backing device is encrypted # -# @encryption_key_missing: true if the backing device is encrypted but an -# valid encryption key is missing +# @encryption_key_missing: Deprecated; always false # # @detect_zeroes: detect and optimize zero writes (Since 2.1) # @@ -945,39 +944,7 @@ # This command sets the password of a block device that has not been open # with a password and requires one. # -# The two cases where this can happen are a block device is created through -# QEMU's initial command line or a block device is changed through the leg= acy -# @change interface. -# -# In the event that the block device is created through the initial command -# line, the VM will start in the stopped state regardless of whether '-S' = is -# used. The intention is for a management tool to query the block devices= to -# determine which ones are encrypted, set the passwords with this command,= and -# then start the guest with the @cont command. -# -# Either @device or @node-name must be set but not both. -# -# @device: the name of the block backend device to set the password on -# -# @node-name: graph node name to set the password on (Since 2.0) -# -# @password: the password to use for the device -# -# Returns: nothing on success -# If @device is not a valid block device, DeviceNotFound -# If @device is not encrypted, DeviceNotEncrypted -# -# Notes: Not all block formats support encryption and some that do are not -# able to validate that a password is correct. Disk corruption may -# occur if an invalid password is specified. -# -# Since: 0.14.0 -# -# Example: -# -# -> { "execute": "block_passwd", "arguments": { "device": "ide0-hd0", -# "password": "12345" } } -# <- { "return": {} } +# This command is now obsolete and will always return an error since 2.10 # ## { 'command': 'block_passwd', 'data': {'*device': 'str', diff --git a/qapi/common.json b/qapi/common.json index b626647..8355d5a 100644 --- a/qapi/common.json +++ b/qapi/common.json @@ -14,9 +14,6 @@ # # @CommandNotFound: the requested command has not been found # -# @DeviceEncrypted: the requested operation can't be fulfilled because the -# selected device is encrypted -# # @DeviceNotActive: a device has failed to be become active # # @DeviceNotFound: the requested device has not been found @@ -28,7 +25,7 @@ ## { 'enum': 'QapiErrorClass', # Keep this in sync with ErrorClass in error.h - 'data': [ 'GenericError', 'CommandNotFound', 'DeviceEncrypted', + 'data': [ 'GenericError', 'CommandNotFound', 'DeviceNotActive', 'DeviceNotFound', 'KVMMissingCap' ] } =20 ## --=20 2.9.3 From nobody Sat May 4 16:47:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1493135636813555.0324922845913; Tue, 25 Apr 2017 08:53:56 -0700 (PDT) Received: from localhost ([::1]:50056 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32mp-0003Gs-CW for importer@patchew.org; Tue, 25 Apr 2017 11:53:55 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52785) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d32Za-0000NH-Hm for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:40:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d32ZY-0008Vf-KV for qemu-devel@nongnu.org; Tue, 25 Apr 2017 11:40:14 -0400 Received: from mx1.redhat.com ([209.132.183.28]:55360) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d32ZP-0008NO-BG; Tue, 25 Apr 2017 11:40:03 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3217E3DBC7; Tue, 25 Apr 2017 15:40:01 +0000 (UTC) Received: from dhcp-17-113.lcy.redhat.com (unknown [10.42.17.113]) by smtp.corp.redhat.com (Postfix) with ESMTP id A1D8AC14C4; Tue, 25 Apr 2017 15:39:59 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3217E3DBC7 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 3217E3DBC7 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 25 Apr 2017 16:38:58 +0100 Message-Id: <20170425153858.25660-19-berrange@redhat.com> In-Reply-To: <20170425153858.25660-1-berrange@redhat.com> References: <20170425153858.25660-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Tue, 25 Apr 2017 15:40:02 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 18/18] block: pass option prefix down to crypto layer X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Alberto Garcia , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" While the crypto layer uses a fixed option name "key-secret", the upper block layer may have a prefix on the options. e.g. "luks-key-secret", "aes-key-secret", in order to avoid clashes between crypto option names & other block option names. To ensure the crypto layer can report accurate error messages, we must tell it what option name prefix was used. Reviewed-by: Alberto Garcia Reviewed-by: Max Reitz Signed-off-by: Daniel P. Berrange --- block/crypto.c | 4 ++-- block/qcow.c | 7 ++++--- block/qcow2.c | 11 +++++++---- crypto/block-luks.c | 8 ++++++-- crypto/block-qcow.c | 8 ++++++-- crypto/block.c | 6 ++++-- crypto/blockpriv.h | 2 ++ include/crypto/block.h | 6 +++++- tests/test-crypto-block.c | 8 ++++---- 9 files changed, 40 insertions(+), 20 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index 045836d..faa5501 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -296,7 +296,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat= format, if (flags & BDRV_O_NO_IO) { cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; } - crypto->block =3D qcrypto_block_open(open_opts, + crypto->block =3D qcrypto_block_open(open_opts, NULL, block_crypto_read_func, bs, cflags, @@ -340,7 +340,7 @@ static int block_crypto_create_generic(QCryptoBlockForm= at format, return -1; } =20 - crypto =3D qcrypto_block_create(create_opts, + crypto =3D qcrypto_block_create(create_opts, NULL, block_crypto_init_func, block_crypto_write_func, &data, diff --git a/block/qcow.c b/block/qcow.c index 962b941..06f2df0 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -208,8 +208,8 @@ static int qcow_open(BlockDriverState *bs, QDict *optio= ns, int flags, if (flags & BDRV_O_NO_IO) { cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; } - s->crypto =3D qcrypto_block_open(crypto_opts, NULL, NULL, - cflags, errp); + s->crypto =3D qcrypto_block_open(crypto_opts, "encrypt.", + NULL, NULL, cflags, errp); if (!s->crypto) { ret =3D -EINVAL; goto fail; @@ -865,7 +865,8 @@ static int qcow_create(const char *filename, QemuOpts *= opts, Error **errp) goto exit; } =20 - crypto =3D qcrypto_block_create(crypto_opts, NULL, NULL, NULL, err= p); + crypto =3D qcrypto_block_create(crypto_opts, "encrypt.", + NULL, NULL, NULL, errp); if (!crypto) { ret =3D -EINVAL; goto exit; diff --git a/block/qcow2.c b/block/qcow2.c index 03997c1..a6e1453 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -279,7 +279,7 @@ static int qcow2_read_extensions(BlockDriverState *bs, = uint64_t start_offset, if (flags & BDRV_O_NO_IO) { cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; } - s->crypto =3D qcrypto_block_open(s->crypto_opts, + s->crypto =3D qcrypto_block_open(s->crypto_opts, "encrypt.", qcow2_crypto_hdr_read_func, bs, cflags, errp); if (!s->crypto) { @@ -1312,8 +1312,8 @@ static int qcow2_do_open(BlockDriverState *bs, QDict = *options, int flags, if (flags & BDRV_O_NO_IO) { cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; } - s->crypto =3D qcrypto_block_open(s->crypto_opts, NULL, NULL, - cflags, errp); + s->crypto =3D qcrypto_block_open(s->crypto_opts, "encrypt.", + NULL, NULL, cflags, errp); if (!s->crypto) { ret =3D -EINVAL; goto fail; @@ -2245,6 +2245,7 @@ static int qcow2_set_up_encryption(BlockDriverState *= bs, const char *encryptfmt, QCryptoBlock *crypto =3D NULL; int ret =3D -EINVAL; QDict *options, *encryptopts; + const char *optprefix; =20 options =3D qemu_opts_to_qdict(opts, NULL); qdict_extract_subqdict(options, &encryptopts, "encrypt."); @@ -2254,10 +2255,12 @@ static int qcow2_set_up_encryption(BlockDriverState= *bs, const char *encryptfmt, =20 switch (fmt) { case QCOW_CRYPT_LUKS: + optprefix =3D "luks-"; cryptoopts =3D block_crypto_create_opts_init( Q_CRYPTO_BLOCK_FORMAT_LUKS, encryptopts, errp); break; case QCOW_CRYPT_AES: + optprefix =3D "aes-"; cryptoopts =3D block_crypto_create_opts_init( Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp); break; @@ -2271,7 +2274,7 @@ static int qcow2_set_up_encryption(BlockDriverState *= bs, const char *encryptfmt, } s->crypt_method_header =3D fmt; =20 - crypto =3D qcrypto_block_create(cryptoopts, + crypto =3D qcrypto_block_create(cryptoopts, optprefix, qcow2_crypto_hdr_init_func, qcow2_crypto_hdr_write_func, bs, errp); diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 2b97d89..afb8543 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -638,6 +638,7 @@ qcrypto_block_luks_find_key(QCryptoBlock *block, static int qcrypto_block_luks_open(QCryptoBlock *block, QCryptoBlockOpenOptions *options, + const char *optprefix, QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, @@ -661,7 +662,8 @@ qcrypto_block_luks_open(QCryptoBlock *block, =20 if (!(flags & QCRYPTO_BLOCK_OPEN_NO_IO)) { if (!options->u.luks.key_secret) { - error_setg(errp, "Parameter 'key-secret' is required for ciphe= r"); + error_setg(errp, "Parameter '%skey-secret' is required for cip= her", + optprefix ? optprefix : ""); return -1; } password =3D qcrypto_secret_lookup_as_utf8( @@ -885,6 +887,7 @@ qcrypto_block_luks_uuid_gen(uint8_t *uuidstr) static int qcrypto_block_luks_create(QCryptoBlock *block, QCryptoBlockCreateOptions *options, + const char *optprefix, QCryptoBlockInitFunc initfunc, QCryptoBlockWriteFunc writefunc, void *opaque, @@ -937,7 +940,8 @@ qcrypto_block_luks_create(QCryptoBlock *block, * be silently ignored, for compatibility with dm-crypt */ =20 if (!options->u.luks.key_secret) { - error_setg(errp, "Parameter 'key-secret' is required for cipher"); + error_setg(errp, "Parameter '%skey-secret' is required for cipher", + optprefix ? optprefix : ""); return -1; } password =3D qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp); diff --git a/crypto/block-qcow.c b/crypto/block-qcow.c index be88c6f..a456fe3 100644 --- a/crypto/block-qcow.c +++ b/crypto/block-qcow.c @@ -94,6 +94,7 @@ qcrypto_block_qcow_init(QCryptoBlock *block, static int qcrypto_block_qcow_open(QCryptoBlock *block, QCryptoBlockOpenOptions *options, + const char *optprefix, QCryptoBlockReadFunc readfunc G_GNUC_UNUSED, void *opaque G_GNUC_UNUSED, unsigned int flags, @@ -104,7 +105,8 @@ qcrypto_block_qcow_open(QCryptoBlock *block, } else { if (!options->u.qcow.key_secret) { error_setg(errp, - "Parameter 'key-secret' is required for cipher"); + "Parameter '%skey-secret' is required for cipher", + optprefix ? optprefix : ""); return -1; } return qcrypto_block_qcow_init(block, @@ -116,13 +118,15 @@ qcrypto_block_qcow_open(QCryptoBlock *block, static int qcrypto_block_qcow_create(QCryptoBlock *block, QCryptoBlockCreateOptions *options, + const char *optprefix, QCryptoBlockInitFunc initfunc G_GNUC_UNUSED, QCryptoBlockWriteFunc writefunc G_GNUC_UNUSED, void *opaque G_GNUC_UNUSED, Error **errp) { if (!options->u.qcow.key_secret) { - error_setg(errp, "Parameter 'key-secret' is required for cipher"); + error_setg(errp, "Parameter '%skey-secret' is required for cipher", + optprefix ? optprefix : ""); return -1; } /* QCow2 has no special header, since everything is hardwired */ diff --git a/crypto/block.c b/crypto/block.c index 64c8420..b097d45 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -48,6 +48,7 @@ bool qcrypto_block_has_format(QCryptoBlockFormat format, =20 =20 QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options, + const char *optprefix, QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, @@ -67,7 +68,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions = *options, =20 block->driver =3D qcrypto_block_drivers[options->format]; =20 - if (block->driver->open(block, options, + if (block->driver->open(block, options, optprefix, readfunc, opaque, flags, errp) < 0) { g_free(block); return NULL; @@ -78,6 +79,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions = *options, =20 =20 QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, + const char *optprefix, QCryptoBlockInitFunc initfunc, QCryptoBlockWriteFunc writefunc, void *opaque, @@ -97,7 +99,7 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOpti= ons *options, =20 block->driver =3D qcrypto_block_drivers[options->format]; =20 - if (block->driver->create(block, options, initfunc, + if (block->driver->create(block, options, optprefix, initfunc, writefunc, opaque, errp) < 0) { g_free(block); return NULL; diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 68f0f06..0edb810 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -41,6 +41,7 @@ struct QCryptoBlock { struct QCryptoBlockDriver { int (*open)(QCryptoBlock *block, QCryptoBlockOpenOptions *options, + const char *optprefix, QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, @@ -48,6 +49,7 @@ struct QCryptoBlockDriver { =20 int (*create)(QCryptoBlock *block, QCryptoBlockCreateOptions *options, + const char *optprefix, QCryptoBlockInitFunc initfunc, QCryptoBlockWriteFunc writefunc, void *opaque, diff --git a/include/crypto/block.h b/include/crypto/block.h index 013a435..f0e543b 100644 --- a/include/crypto/block.h +++ b/include/crypto/block.h @@ -71,6 +71,7 @@ typedef enum { /** * qcrypto_block_open: * @options: the encryption options + * @optprefix: name prefix for options * @readfunc: callback for reading data from the volume * @opaque: data to pass to @readfunc * @flags: bitmask of QCryptoBlockOpenFlags values @@ -102,6 +103,7 @@ typedef enum { * Returns: a block encryption format, or NULL on error */ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options, + const char *optprefix, QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, @@ -109,7 +111,8 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOption= s *options, =20 /** * qcrypto_block_create: - * @format: the encryption format + * @options: the encryption options + * @optprefix: name prefix for options * @initfunc: callback for initializing volume header * @writefunc: callback for writing data to the volume header * @opaque: data to pass to @initfunc and @writefunc @@ -133,6 +136,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOption= s *options, * Returns: a block encryption format, or NULL on error */ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, + const char *optprefix, QCryptoBlockInitFunc initfunc, QCryptoBlockWriteFunc writefunc, void *opaque, diff --git a/tests/test-crypto-block.c b/tests/test-crypto-block.c index 95c4bd5..bd7fe59 100644 --- a/tests/test-crypto-block.c +++ b/tests/test-crypto-block.c @@ -281,7 +281,7 @@ static void test_block(gconstpointer opaque) memset(&header, 0, sizeof(header)); buffer_init(&header, "header"); =20 - blk =3D qcrypto_block_create(data->create_opts, + blk =3D qcrypto_block_create(data->create_opts, NULL, test_block_init_func, test_block_write_func, &header, @@ -300,7 +300,7 @@ static void test_block(gconstpointer opaque) object_unparent(sec); =20 /* Ensure we can't open without the secret */ - blk =3D qcrypto_block_open(data->open_opts, + blk =3D qcrypto_block_open(data->open_opts, NULL, test_block_read_func, &header, 0, @@ -308,7 +308,7 @@ static void test_block(gconstpointer opaque) g_assert(blk =3D=3D NULL); =20 /* Ensure we can't open without the secret, unless NO_IO */ - blk =3D qcrypto_block_open(data->open_opts, + blk =3D qcrypto_block_open(data->open_opts, NULL, test_block_read_func, &header, QCRYPTO_BLOCK_OPEN_NO_IO, @@ -322,7 +322,7 @@ static void test_block(gconstpointer opaque) =20 /* Now open for real with secret */ sec =3D test_block_secret(); - blk =3D qcrypto_block_open(data->open_opts, + blk =3D qcrypto_block_open(data->open_opts, NULL, test_block_read_func, &header, 0, --=20 2.9.3