[11/13] block/qcow2: implement the encryption key managment

Message ID	20190814202219.1870-12-mlevitsk@redhat.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org> From: Maxim Levitsky <mlevitsk@redhat.com> To: qemu-devel@nongnu.org Date: Wed, 14 Aug 2019 23:22:17 +0300 Message-Id: <20190814202219.1870-12-mlevitsk@redhat.com> In-Reply-To: <20190814202219.1870-1-mlevitsk@redhat.com> References: <20190814202219.1870-1-mlevitsk@redhat.com> Subject: [Qemu-devel] [PATCH 11/13] block/qcow2: implement the encryption key managment Precedence: list Cc: Kevin Wolf <kwolf@redhat.com>, Fam Zheng <fam@euphon.net>, =?utf-8?q?Dan?= =?utf-8?q?iel_P=2E_Berrang=C3=A9?= <berrange@redhat.com>, qemu-block@nongnu.org, Markus Armbruster <armbru@redhat.com>, Max Reitz <mreitz@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>, Maxim Levitsky <mlevitsk@redhat.com> Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Series	RFC: luks/encrypted qcow2 key management \| expand [00/13] RFC: luks/encrypted qcow2 key management [01/13] block-crypto: misc refactoring [02/13] qcrypto-luks: misc refactoring [03/13] qcrypto-luks: refactoring: extract load/store/check/parse header functions [04/13] qcrypto-luks: refactoring: simplify the math used for keyslot locations [05/13] qcrypto-luks: clear the masterkey and password before freeing them always [06/13] qcrypto-luks: implement more rigorous header checking [07/13] block: add manage-encryption command (qmp and blockdev) [08/13] qcrypto: add the plumbing for encryption management [09/13] qcrypto-luks: implement the encryption key management [10/13] block/crypto: implement the encryption key management [11/13] block/qcow2: implement the encryption key managment [12/13] qemu-img: implement key management [13/13] iotests : add tests for encryption key management

Message ID

20190814202219.1870-12-mlevitsk@redhat.com (mailing list archive)

State

New, archived

Headers

From: Maxim Levitsky <mlevitsk@redhat.com>
To: qemu-devel@nongnu.org
Date: Wed, 14 Aug 2019 23:22:17 +0300
Message-Id: <20190814202219.1870-12-mlevitsk@redhat.com>
In-Reply-To: <20190814202219.1870-1-mlevitsk@redhat.com>
References: <20190814202219.1870-1-mlevitsk@redhat.com>
Subject: [Qemu-devel] [PATCH 11/13] block/qcow2: implement the encryption
 key managment
Precedence: list
Cc: Kevin Wolf <kwolf@redhat.com>, Fam Zheng <fam@euphon.net>, =?utf-8?q?Dan?=
	=?utf-8?q?iel_P=2E_Berrang=C3=A9?= <berrange@redhat.com>,
 qemu-block@nongnu.org, Markus Armbruster <armbru@redhat.com>,
 Max Reitz <mreitz@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>,
 Maxim Levitsky <mlevitsk@redhat.com>
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Series

RFC: luks/encrypted qcow2 key management | expand

Commit Message

Maxim Levitsky Aug. 14, 2019, 8:22 p.m. UTC

This is the main purpose of the patchset, to enaable
us to manage luks like header, embedded in the qcow2
image, which standard cryptosetup tools don't support.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
---
 block/qcow2.c | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/block/qcow2.c b/block/qcow2.c
index 039bdc2f7e..a87e58f36a 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -5086,6 +5086,31 @@  void qcow2_signal_corruption(BlockDriverState *bs, bool fatal, int64_t offset,
     s->signaled_corruption = true;
 }
 
+
+static int qcow2_setup_encryption(BlockDriverState *bs,
+                                  enum BlkSetupEncryptionAction action,
+                                  QCryptoEncryptionSetupOptions *options,
+                                  bool force,
+                                  Error **errp)
+{
+    BDRVQcow2State *s = bs->opaque;
+
+    if (!s->crypto) {
+        error_setg(errp, "Can't manage encryption - image is not encrypted");
+        return -EINVAL;
+    }
+
+    return qcrypto_block_setup_encryption(s->crypto,
+                                          qcow2_crypto_hdr_read_func,
+                                          qcow2_crypto_hdr_write_func,
+                                          bs,
+                                          action,
+                                          options,
+                                          force,
+                                          errp);
+}
+
+
 static QemuOptsList qcow2_create_opts = {
     .name = "qcow2-create-opts",
     .head = QTAILQ_HEAD_INITIALIZER(qcow2_create_opts.head),
@@ -5232,6 +5257,8 @@  BlockDriver bdrv_qcow2 = {
     .bdrv_reopen_bitmaps_rw = qcow2_reopen_bitmaps_rw,
     .bdrv_can_store_new_dirty_bitmap = qcow2_can_store_new_dirty_bitmap,
     .bdrv_remove_persistent_dirty_bitmap = qcow2_remove_persistent_dirty_bitmap,
+
+    .bdrv_setup_encryption = qcow2_setup_encryption,
 };
 
 static void bdrv_qcow2_init(void)

[11/13] block/qcow2: implement the encryption key managment

Commit Message

Patch