From nobody Thu Nov 13 16:15:06 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1581437082233879.114233595393; Tue, 11 Feb 2020 08:04:42 -0800 (PST) Received: from localhost ([::1]:52308 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1j1Y1g-000102-DO for importer@patchew.org; Tue, 11 Feb 2020 11:04:40 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:50143) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1j1Y0a-000845-IY for qemu-devel@nongnu.org; Tue, 11 Feb 2020 11:03:34 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1j1Y0Z-0005Js-7J for qemu-devel@nongnu.org; Tue, 11 Feb 2020 11:03:32 -0500 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:22831 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1j1Y0Z-0005JZ-3U for qemu-devel@nongnu.org; Tue, 11 Feb 2020 11:03:31 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-37-ACaHjOEYN0uX5CT_cjsKWA-1; Tue, 11 Feb 2020 11:03:28 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 05042189F765; Tue, 11 Feb 2020 16:03:27 +0000 (UTC) Received: from localhost (unknown [10.36.118.99]) by smtp.corp.redhat.com (Postfix) with ESMTP id DE33A5D9CA; Tue, 11 Feb 2020 16:03:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1581437010; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GEnrzzYcwkTkFWJ0AlUJXy1se3+9cWYFRQV5OFhmpK0=; b=eWxVamNz9nxkr2MBbfubI1dqu0EMuIyVci9koBdGwY1mjm0oRPcRPgVRx1PcMPQ8bBSl+d X0S8rvCiea8I028AEKWx1w+yVzPPYz7GxnI72oEJWWvWWT77o7uGAsrAYmv42dxDoaWMBG UyzVkUVZDmObbMCcUvr48GuGw31iodo= From: Stefan Hajnoczi To: qemu-devel@nongnu.org Subject: [PATCH v3 1/4] luks: extract qcrypto_block_calculate_payload_offset() Date: Tue, 11 Feb 2020 16:03:15 +0000 Message-Id: <20200211160318.453650-2-stefanha@redhat.com> In-Reply-To: <20200211160318.453650-1-stefanha@redhat.com> References: <20200211160318.453650-1-stefanha@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: ACaHjOEYN0uX5CT_cjsKWA-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 207.211.31.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Stefan Hajnoczi , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" The qcow2 .bdrv_measure() code calculates the crypto payload offset. This logic really belongs in crypto/block.c where it can be reused by other image formats. The "luks" block driver will need this same logic in order to implement .bdrv_measure(), so extract the qcrypto_block_calculate_payload_offset() function now. Signed-off-by: Stefan Hajnoczi Reviewed-by: Max Reitz --- block/qcow2.c | 74 +++++++++++------------------------------- crypto/block.c | 40 +++++++++++++++++++++++ include/crypto/block.h | 22 +++++++++++++ 3 files changed, 81 insertions(+), 55 deletions(-) diff --git a/block/qcow2.c b/block/qcow2.c index ef96606f8d..aca2c78fd9 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -4603,60 +4603,6 @@ static coroutine_fn int qcow2_co_flush_to_os(BlockDr= iverState *bs) return ret; } =20 -static ssize_t qcow2_measure_crypto_hdr_init_func(QCryptoBlock *block, - size_t headerlen, void *opaque, Error **errp) -{ - size_t *headerlenp =3D opaque; - - /* Stash away the payload size */ - *headerlenp =3D headerlen; - return 0; -} - -static ssize_t qcow2_measure_crypto_hdr_write_func(QCryptoBlock *block, - size_t offset, const uint8_t *buf, size_t buflen, - void *opaque, Error **errp) -{ - /* Discard the bytes, we're not actually writing to an image */ - return buflen; -} - -/* Determine the number of bytes for the LUKS payload */ -static bool qcow2_measure_luks_headerlen(QemuOpts *opts, size_t *len, - Error **errp) -{ - QDict *opts_qdict; - QDict *cryptoopts_qdict; - QCryptoBlockCreateOptions *cryptoopts; - QCryptoBlock *crypto; - - /* Extract "encrypt." options into a qdict */ - opts_qdict =3D qemu_opts_to_qdict(opts, NULL); - qdict_extract_subqdict(opts_qdict, &cryptoopts_qdict, "encrypt."); - qobject_unref(opts_qdict); - - /* Build QCryptoBlockCreateOptions object from qdict */ - qdict_put_str(cryptoopts_qdict, "format", "luks"); - cryptoopts =3D block_crypto_create_opts_init(cryptoopts_qdict, errp); - qobject_unref(cryptoopts_qdict); - if (!cryptoopts) { - return false; - } - - /* Fake LUKS creation in order to determine the payload size */ - crypto =3D qcrypto_block_create(cryptoopts, "encrypt.", - qcow2_measure_crypto_hdr_init_func, - qcow2_measure_crypto_hdr_write_func, - len, errp); - qapi_free_QCryptoBlockCreateOptions(cryptoopts); - if (!crypto) { - return false; - } - - qcrypto_block_free(crypto); - return true; -} - static BlockMeasureInfo *qcow2_measure(QemuOpts *opts, BlockDriverState *i= n_bs, Error **errp) { @@ -4707,9 +4653,27 @@ static BlockMeasureInfo *qcow2_measure(QemuOpts *opt= s, BlockDriverState *in_bs, g_free(optstr); =20 if (has_luks) { + g_autoptr(QCryptoBlockCreateOptions) create_opts =3D NULL; + QDict *opts_qdict; + QDict *cryptoopts; size_t headerlen; =20 - if (!qcow2_measure_luks_headerlen(opts, &headerlen, &local_err)) { + opts_qdict =3D qemu_opts_to_qdict(opts, NULL); + qdict_extract_subqdict(opts_qdict, &cryptoopts, "encrypt."); + qobject_unref(opts_qdict); + + qdict_put_str(cryptoopts, "format", "luks"); + + create_opts =3D block_crypto_create_opts_init(cryptoopts, errp); + qobject_unref(cryptoopts); + if (!create_opts) { + goto err; + } + + if (!qcrypto_block_calculate_payload_offset(create_opts, + "encrypt.", + &headerlen, + &local_err)) { goto err; } =20 diff --git a/crypto/block.c b/crypto/block.c index 325752871c..a9e1b8cc36 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -115,6 +115,46 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateO= ptions *options, } =20 =20 +static ssize_t qcrypto_block_headerlen_hdr_init_func(QCryptoBlock *block, + size_t headerlen, void *opaque, Error **errp) +{ + size_t *headerlenp =3D opaque; + + /* Stash away the payload size */ + *headerlenp =3D headerlen; + return 0; +} + + +static ssize_t qcrypto_block_headerlen_hdr_write_func(QCryptoBlock *block, + size_t offset, const uint8_t *buf, size_t buflen, + void *opaque, Error **errp) +{ + /* Discard the bytes, we're not actually writing to an image */ + return buflen; +} + + +bool +qcrypto_block_calculate_payload_offset(QCryptoBlockCreateOptions *create_o= pts, + const char *optprefix, + size_t *len, + Error **errp) +{ + QCryptoBlock *crypto; + bool ok; + + /* Fake LUKS creation in order to determine the payload size */ + crypto =3D qcrypto_block_create(create_opts, optprefix, + qcrypto_block_headerlen_hdr_init_func, + qcrypto_block_headerlen_hdr_write_func, + len, errp); + ok =3D crypto !=3D NULL; + qcrypto_block_free(crypto); + return ok; +} + + QCryptoBlockInfo *qcrypto_block_get_info(QCryptoBlock *block, Error **errp) { diff --git a/include/crypto/block.h b/include/crypto/block.h index d49d2c2da9..c77ccaf9c0 100644 --- a/include/crypto/block.h +++ b/include/crypto/block.h @@ -145,6 +145,26 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateO= ptions *options, Error **errp); =20 =20 +/** + * qcrypto_block_calculate_payload_offset: + * @create_opts: the encryption options + * @optprefix: name prefix for options + * @len: output for number of header bytes before payload + * @errp: pointer to a NULL-initialized error object + * + * Calculate the number of header bytes before the payload in an encrypted + * storage volume. The header is an area before the payload that is reser= ved + * for encryption metadata. + * + * Returns: true on success, false on error + */ +bool +qcrypto_block_calculate_payload_offset(QCryptoBlockCreateOptions *create_o= pts, + const char *optprefix, + size_t *len, + Error **errp); + + /** * qcrypto_block_get_info: * @block: the block encryption object @@ -269,5 +289,7 @@ uint64_t qcrypto_block_get_sector_size(QCryptoBlock *bl= ock); void qcrypto_block_free(QCryptoBlock *block); =20 G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoBlock, qcrypto_block_free) +G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoBlockCreateOptions, + qapi_free_QCryptoBlockCreateOptions) =20 #endif /* QCRYPTO_BLOCK_H */ --=20 2.24.1