From nobody Wed Apr 16 03:29:37 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1499790005220896.475449345401; Tue, 11 Jul 2017 09:20:05 -0700 (PDT) Received: from localhost ([::1]:47372 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dUxtG-0000H0-Hf for importer@patchew.org; Tue, 11 Jul 2017 12:19:58 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44286) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dUxid-0006UO-L5 for qemu-devel@nongnu.org; Tue, 11 Jul 2017 12:09:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dUxib-0005Ef-EL for qemu-devel@nongnu.org; Tue, 11 Jul 2017 12:08:59 -0400 Received: from mx1.redhat.com ([209.132.183.28]:46264) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dUxiR-00051n-38; Tue, 11 Jul 2017 12:08:47 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 23C0681127; Tue, 11 Jul 2017 16:08:46 +0000 (UTC) Received: from localhost (ovpn-204-123.brq.redhat.com [10.40.204.123]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D6DE660BF0; Tue, 11 Jul 2017 16:08:44 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 23C0681127 Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=mreitz@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 23C0681127 From: Max Reitz To: qemu-block@nongnu.org Date: Tue, 11 Jul 2017 18:06:58 +0200 Message-Id: <20170711160814.20941-10-mreitz@redhat.com> In-Reply-To: <20170711160814.20941-1-mreitz@redhat.com> References: <20170711160814.20941-1-mreitz@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Tue, 11 Jul 2017 16:08:46 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 09/85] qcow: convert QCow to use QCryptoBlock for encryption X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: qemu-devel@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: "Daniel P. Berrange" This converts the qcow driver to make use of the QCryptoBlock APIs for encrypting image content. This is only wired up to permit use of the legacy QCow encryption format. Users who wish to have the strong LUKS format should switch to qcow2 instead. With this change it is now required to use the QCryptoSecret object for providing passwords, instead of the current block password APIs / interactive prompting. $QEMU \ -object secret,id=3Dsec0,file=3D/home/berrange/encrypted.pw \ -drive file=3D/home/berrange/encrypted.qcow,encrypt.format=3Daes,\ encrypt.key-secret=3Dsec0 Though note that running QEMU system emulators with the AES encryption is no longer supported, so while the above syntax is valid, QEMU will refuse to actually run the VM in this particular example. Likewise when creating images with the legacy AES-CBC format qemu-img create -f qcow \ --object secret,id=3Dsec0,file=3D/home/berrange/encrypted.pw \ -o encrypt.format=3Daes,encrypt.key-secret=3Dsec0 \ /home/berrange/encrypted.qcow 64M Reviewed-by: Max Reitz Reviewed-by: Alberto Garcia Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange Message-id: 20170623162419.26068-10-berrange@redhat.com Signed-off-by: Max Reitz --- qapi/block-core.json | 38 +++++++++- block/crypto.h | 20 ++++-- block/crypto.c | 10 +++ block/qcow.c | 198 +++++++++++++++++++++++++----------------------= ---- 4 files changed, 158 insertions(+), 108 deletions(-) diff --git a/qapi/block-core.json b/qapi/block-core.json index f85c223..c4b7e6e 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -2282,6 +2282,42 @@ 'mode': 'Qcow2OverlapCheckMode' } } =20 ## +# @BlockdevQcowEncryptionFormat: +# +# @aes: AES-CBC with plain64 initialization vectors +# +# Since: 2.10 +## +{ 'enum': 'BlockdevQcowEncryptionFormat', + 'data': [ 'aes' ] } + +## +# @BlockdevQcowEncryption: +# +# Since: 2.10 +## +{ 'union': 'BlockdevQcowEncryption', + 'base': { 'format': 'BlockdevQcowEncryptionFormat' }, + 'discriminator': 'format', + 'data': { 'aes': 'QCryptoBlockOptionsQCow' } } + +## +# @BlockdevOptionsQcow: +# +# Driver specific block device options for qcow. +# +# @encrypt: Image decryption options. Mandatory for +# encrypted images, except when doing a metadata-o= nly +# probe of the image. +# +# Since: 2.10 +## +{ 'struct': 'BlockdevOptionsQcow', + 'base': 'BlockdevOptionsGenericCOWFormat', + 'data': { '*encrypt': 'BlockdevQcowEncryption' } } + + +## # @BlockdevOptionsQcow2: # # Driver specific block device options for qcow2. @@ -2976,7 +3012,7 @@ 'null-co': 'BlockdevOptionsNull', 'parallels': 'BlockdevOptionsGenericFormat', 'qcow2': 'BlockdevOptionsQcow2', - 'qcow': 'BlockdevOptionsGenericCOWFormat', + 'qcow': 'BlockdevOptionsQcow', 'qed': 'BlockdevOptionsGenericCOWFormat', 'quorum': 'BlockdevOptionsQuorum', 'raw': 'BlockdevOptionsRaw', diff --git a/block/crypto.h b/block/crypto.h index 3430dcd..0f985ea 100644 --- a/block/crypto.h +++ b/block/crypto.h @@ -21,6 +21,19 @@ #ifndef BLOCK_CRYPTO_H__ #define BLOCK_CRYPTO_H__ =20 +#define BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, helpstr) \ + { \ + .name =3D prefix BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET, \ + .type =3D QEMU_OPT_STRING, \ + .help =3D helpstr, \ + } + +#define BLOCK_CRYPTO_OPT_QCOW_KEY_SECRET "key-secret" + +#define BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET(prefix) \ + BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \ + "ID of the secret that provides the AES encryption key") + #define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret" #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg" #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode" @@ -30,11 +43,8 @@ #define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time" =20 #define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \ - { \ - .name =3D prefix BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, \ - .type =3D QEMU_OPT_STRING, \ - .help =3D "ID of the secret that provides the keyslot passphrase",= \ - } + BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \ + "ID of the secret that provides the keyslot passphrase") =20 #define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix) \ { \ diff --git a/block/crypto.c b/block/crypto.c index 9df1e5d..da4be74 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -181,6 +181,11 @@ block_crypto_open_opts_init(QCryptoBlockFormat format, v, &ret->u.luks, &local_err); break; =20 + case Q_CRYPTO_BLOCK_FORMAT_QCOW: + visit_type_QCryptoBlockOptionsQCow_members( + v, &ret->u.qcow, &local_err); + break; + default: error_setg(&local_err, "Unsupported block format %d", format); break; @@ -227,6 +232,11 @@ block_crypto_create_opts_init(QCryptoBlockFormat forma= t, v, &ret->u.luks, &local_err); break; =20 + case Q_CRYPTO_BLOCK_FORMAT_QCOW: + visit_type_QCryptoBlockOptionsQCow_members( + v, &ret->u.qcow, &local_err); + break; + default: error_setg(&local_err, "Unsupported block format %d", format); break; diff --git a/block/qcow.c b/block/qcow.c index 3a3dbf9..db0c5a9 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -31,8 +31,10 @@ #include "qemu/bswap.h" #include #include "qapi/qmp/qerror.h" -#include "crypto/cipher.h" +#include "qapi/qmp/qstring.h" +#include "crypto/block.h" #include "migration/blocker.h" +#include "block/crypto.h" =20 /**************************************************************/ /* QEMU COW block driver with compression and encryption support */ @@ -77,7 +79,7 @@ typedef struct BDRVQcowState { uint8_t *cluster_cache; uint8_t *cluster_data; uint64_t cluster_cache_offset; - QCryptoCipher *cipher; /* NULL if no key yet */ + QCryptoBlock *crypto; /* Disk encryption format driver */ uint32_t crypt_method_header; CoMutex lock; Error *migration_blocker; @@ -97,6 +99,15 @@ static int qcow_probe(const uint8_t *buf, int buf_size, = const char *filename) return 0; } =20 +static QemuOptsList qcow_runtime_opts =3D { + .name =3D "qcow", + .head =3D QTAILQ_HEAD_INITIALIZER(qcow_runtime_opts.head), + .desc =3D { + BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."), + { /* end of list */ } + }, +}; + static int qcow_open(BlockDriverState *bs, QDict *options, int flags, Error **errp) { @@ -105,11 +116,19 @@ static int qcow_open(BlockDriverState *bs, QDict *opt= ions, int flags, int ret; QCowHeader header; Error *local_err =3D NULL; + QCryptoBlockOpenOptions *crypto_opts =3D NULL; + unsigned int cflags =3D 0; + QDict *encryptopts =3D NULL; + const char *encryptfmt; + + qdict_extract_subqdict(options, &encryptopts, "encrypt."); + encryptfmt =3D qdict_get_try_str(encryptopts, "format"); =20 bs->file =3D bdrv_open_child(NULL, options, "file", bs, &child_file, false, errp); if (!bs->file) { - return -EINVAL; + ret =3D -EINVAL; + goto fail; } =20 ret =3D bdrv_pread(bs->file, 0, &header, sizeof(header)); @@ -155,17 +174,6 @@ static int qcow_open(BlockDriverState *bs, QDict *opti= ons, int flags, goto fail; } =20 - if (header.crypt_method > QCOW_CRYPT_AES) { - error_setg(errp, "invalid encryption method in qcow header"); - ret =3D -EINVAL; - goto fail; - } - if (!qcrypto_cipher_supports(QCRYPTO_CIPHER_ALG_AES_128, - QCRYPTO_CIPHER_MODE_CBC)) { - error_setg(errp, "AES cipher not available"); - ret =3D -EINVAL; - goto fail; - } s->crypt_method_header =3D header.crypt_method; if (s->crypt_method_header) { if (bdrv_uses_whitelist() && @@ -181,8 +189,38 @@ static int qcow_open(BlockDriverState *bs, QDict *opti= ons, int flags, ret =3D -ENOSYS; goto fail; } + if (s->crypt_method_header =3D=3D QCOW_CRYPT_AES) { + if (encryptfmt && !g_str_equal(encryptfmt, "aes")) { + error_setg(errp, + "Header reported 'aes' encryption format but " + "options specify '%s'", encryptfmt); + ret =3D -EINVAL; + goto fail; + } + qdict_del(encryptopts, "format"); + crypto_opts =3D block_crypto_open_opts_init( + Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp); + if (!crypto_opts) { + ret =3D -EINVAL; + goto fail; + } =20 + if (flags & BDRV_O_NO_IO) { + cflags |=3D QCRYPTO_BLOCK_OPEN_NO_IO; + } + s->crypto =3D qcrypto_block_open(crypto_opts, NULL, NULL, + cflags, errp); + if (!s->crypto) { + ret =3D -EINVAL; + goto fail; + } + } else { + error_setg(errp, "invalid encryption method in qcow header"); + ret =3D -EINVAL; + goto fail; + } bs->encrypted =3D true; + bs->valid_key =3D true; } s->cluster_bits =3D header.cluster_bits; s->cluster_size =3D 1 << s->cluster_bits; @@ -266,6 +304,8 @@ static int qcow_open(BlockDriverState *bs, QDict *optio= ns, int flags, goto fail; } =20 + QDECREF(encryptopts); + qapi_free_QCryptoBlockOpenOptions(crypto_opts); qemu_co_mutex_init(&s->lock); return 0; =20 @@ -274,6 +314,9 @@ static int qcow_open(BlockDriverState *bs, QDict *optio= ns, int flags, qemu_vfree(s->l2_cache); g_free(s->cluster_cache); g_free(s->cluster_data); + qcrypto_block_free(s->crypto); + QDECREF(encryptopts); + qapi_free_QCryptoBlockOpenOptions(crypto_opts); return ret; } =20 @@ -286,81 +329,6 @@ static int qcow_reopen_prepare(BDRVReopenState *state, return 0; } =20 -static int qcow_set_key(BlockDriverState *bs, const char *key) -{ - BDRVQcowState *s =3D bs->opaque; - uint8_t keybuf[16]; - int len, i; - Error *err; - - memset(keybuf, 0, 16); - len =3D strlen(key); - if (len > 16) - len =3D 16; - /* XXX: we could compress the chars to 7 bits to increase - entropy */ - for(i =3D 0;i < len;i++) { - keybuf[i] =3D key[i]; - } - assert(bs->encrypted); - - qcrypto_cipher_free(s->cipher); - s->cipher =3D qcrypto_cipher_new( - QCRYPTO_CIPHER_ALG_AES_128, - QCRYPTO_CIPHER_MODE_CBC, - keybuf, G_N_ELEMENTS(keybuf), - &err); - - if (!s->cipher) { - /* XXX would be nice if errors in this method could - * be properly propagate to the caller. Would need - * the bdrv_set_key() API signature to be fixed. */ - error_free(err); - return -1; - } - return 0; -} - -/* The crypt function is compatible with the linux cryptoloop - algorithm for < 4 GB images. */ -static int encrypt_sectors(BDRVQcowState *s, int64_t sector_num, - uint8_t *buf, int nb_sectors, bool enc, - Error **errp) -{ - union { - uint64_t ll[2]; - uint8_t b[16]; - } ivec; - int i; - int ret; - - for(i =3D 0; i < nb_sectors; i++) { - ivec.ll[0] =3D cpu_to_le64(sector_num); - ivec.ll[1] =3D 0; - if (qcrypto_cipher_setiv(s->cipher, - ivec.b, G_N_ELEMENTS(ivec.b), - errp) < 0) { - return -1; - } - if (enc) { - ret =3D qcrypto_cipher_encrypt(s->cipher, - buf, buf, - 512, - errp); - } else { - ret =3D qcrypto_cipher_decrypt(s->cipher, - buf, buf, - 512, - errp); - } - if (ret < 0) { - return -1; - } - sector_num++; - buf +=3D 512; - } - return 0; -} =20 /* 'allocate' is: * @@ -475,15 +443,16 @@ static uint64_t get_cluster_offset(BlockDriverState *= bs, if (bs->encrypted && (n_end - n_start) < s->cluster_sectors) { uint64_t start_sect; - assert(s->cipher); + assert(s->crypto); start_sect =3D (offset & ~(s->cluster_size - 1)) >> 9; for(i =3D 0; i < s->cluster_sectors; i++) { if (i < n_start || i >=3D n_end) { Error *err =3D NULL; memset(s->cluster_data, 0x00, 512); - if (encrypt_sectors(s, start_sect + i, - s->cluster_data, 1, - true, &err) < 0) { + if (qcrypto_block_encrypt(s->crypto, start_sec= t + i, + s->cluster_data, + BDRV_SECTOR_SIZE, + &err) < 0) { error_free(err); errno =3D EIO; return -1; @@ -528,7 +497,7 @@ static int64_t coroutine_fn qcow_co_get_block_status(Bl= ockDriverState *bs, if (!cluster_offset) { return 0; } - if ((cluster_offset & QCOW_OFLAG_COMPRESSED) || s->cipher) { + if ((cluster_offset & QCOW_OFLAG_COMPRESSED) || s->crypto) { return BDRV_BLOCK_DATA; } cluster_offset |=3D (index_in_cluster << BDRV_SECTOR_BITS); @@ -659,9 +628,9 @@ static coroutine_fn int qcow_co_readv(BlockDriverState = *bs, int64_t sector_num, break; } if (bs->encrypted) { - assert(s->cipher); - if (encrypt_sectors(s, sector_num, buf, - n, false, &err) < 0) { + assert(s->crypto); + if (qcrypto_block_decrypt(s->crypto, sector_num, buf, + n * BDRV_SECTOR_SIZE, &err) < 0)= { goto fail; } } @@ -734,8 +703,9 @@ static coroutine_fn int qcow_co_writev(BlockDriverState= *bs, int64_t sector_num, } if (bs->encrypted) { Error *err =3D NULL; - assert(s->cipher); - if (encrypt_sectors(s, sector_num, buf, n, true, &err) < 0) { + assert(s->crypto); + if (qcrypto_block_encrypt(s->crypto, sector_num, buf, + n * BDRV_SECTOR_SIZE, &err) < 0) { error_free(err); ret =3D -EIO; break; @@ -770,8 +740,8 @@ static void qcow_close(BlockDriverState *bs) { BDRVQcowState *s =3D bs->opaque; =20 - qcrypto_cipher_free(s->cipher); - s->cipher =3D NULL; + qcrypto_block_free(s->crypto); + s->crypto =3D NULL; g_free(s->l1_table); qemu_vfree(s->l2_cache); g_free(s->cluster_cache); @@ -792,6 +762,10 @@ static int qcow_create(const char *filename, QemuOpts = *opts, Error **errp) int ret; BlockBackend *qcow_blk; const char *encryptfmt =3D NULL; + QDict *options; + QDict *encryptopts =3D NULL; + QCryptoBlockCreateOptions *crypto_opts =3D NULL; + QCryptoBlock *crypto =3D NULL; =20 /* Read out options */ total_size =3D ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0), @@ -866,6 +840,10 @@ static int qcow_create(const char *filename, QemuOpts = *opts, Error **errp) l1_size =3D (total_size + (1LL << shift) - 1) >> shift; =20 header.l1_table_offset =3D cpu_to_be64(header_size); + + options =3D qemu_opts_to_qdict(opts, NULL); + qdict_extract_subqdict(options, &encryptopts, "encrypt."); + QDECREF(options); if (encryptfmt) { if (!g_str_equal(encryptfmt, "aes")) { error_setg(errp, "Unknown encryption format '%s', expected 'ae= s'", @@ -874,6 +852,19 @@ static int qcow_create(const char *filename, QemuOpts = *opts, Error **errp) goto exit; } header.crypt_method =3D cpu_to_be32(QCOW_CRYPT_AES); + + crypto_opts =3D block_crypto_create_opts_init( + Q_CRYPTO_BLOCK_FORMAT_QCOW, encryptopts, errp); + if (!crypto_opts) { + ret =3D -EINVAL; + goto exit; + } + + crypto =3D qcrypto_block_create(crypto_opts, NULL, NULL, NULL, err= p); + if (!crypto) { + ret =3D -EINVAL; + goto exit; + } } else { header.crypt_method =3D cpu_to_be32(QCOW_CRYPT_NONE); } @@ -908,6 +899,9 @@ static int qcow_create(const char *filename, QemuOpts *= opts, Error **errp) exit: blk_unref(qcow_blk); cleanup: + QDECREF(encryptopts); + qcrypto_block_free(crypto); + qapi_free_QCryptoBlockCreateOptions(crypto_opts); g_free(backing_file); return ret; } @@ -1054,6 +1048,7 @@ static QemuOptsList qcow_create_opts =3D { .type =3D QEMU_OPT_STRING, .help =3D "Encrypt the image, format choices: 'aes'", }, + BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."), { /* end of list */ } } }; @@ -1074,7 +1069,6 @@ static BlockDriver bdrv_qcow =3D { .bdrv_co_writev =3D qcow_co_writev, .bdrv_co_get_block_status =3D qcow_co_get_block_status, =20 - .bdrv_set_key =3D qcow_set_key, .bdrv_make_empty =3D qcow_make_empty, .bdrv_co_pwritev_compressed =3D qcow_co_pwritev_compressed, .bdrv_get_info =3D qcow_get_info, --=20 2.9.4