From patchwork Fri Aug 30 20:55:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 11124507 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 89EC7112C for ; Fri, 30 Aug 2019 20:59:00 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6AD3923429 for ; Fri, 30 Aug 2019 20:59:00 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6AD3923429 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:41068 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3nz1-0004hU-Fm for patchwork-qemu-devel@patchwork.kernel.org; Fri, 30 Aug 2019 16:58:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47083) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3nwV-0002y5-AB for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i3nwU-0001J9-1l for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:23 -0400 Received: from mx1.redhat.com ([209.132.183.28]:44734) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i3nwR-0001Gd-L0; Fri, 30 Aug 2019 16:56:19 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E10293001836; Fri, 30 Aug 2019 20:56:18 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 932485D9CA; Fri, 30 Aug 2019 20:56:16 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Date: Fri, 30 Aug 2019 23:55:59 +0300 Message-Id: <20190830205608.18192-2-mlevitsk@redhat.com> In-Reply-To: <20190830205608.18192-1-mlevitsk@redhat.com> References: <20190830205608.18192-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Fri, 30 Aug 2019 20:56:18 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 01/10] qcrypto: add suport for amend options X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , qemu-block@nongnu.org, Markus Armbruster , Max Reitz , Maxim Levitsky , John Snow Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" This adds the qcrypto_amend_options and corresponding crypto driver callbacks for the for encrypted key managedment Signed-off-by: Maxim Levitsky Reviewed-by: Daniel P. Berrangé --- crypto/block.c | 31 +++++++++++++++++++++++++++++++ crypto/blockpriv.h | 8 ++++++++ include/crypto/block.h | 22 ++++++++++++++++++++++ 3 files changed, 61 insertions(+) diff --git a/crypto/block.c b/crypto/block.c index 325752871c..14b684de7f 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -115,6 +115,37 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, } +int qcrypto_block_amend_options(QCryptoBlock *block, + QCryptoBlockReadFunc readfunc, + QCryptoBlockWriteFunc writefunc, + void *opaque, + QCryptoBlockCreateOptions *options, + bool force, + Error **errp) +{ + if (options->format != block->format) { + error_setg(errp, + "Its not possible to change encryption format with amend interface"); + return -1; + } + + if (!block->driver->amend) { + error_setg(errp, + "Crypto format %s doesn't support format options amendment", + QCryptoBlockFormat_str(block->format)); + return -1; + } + + return block->driver->amend(block, + readfunc, + writefunc, + opaque, + options, + force, + errp); +} + + QCryptoBlockInfo *qcrypto_block_get_info(QCryptoBlock *block, Error **errp) { diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 71c59cb542..c18a4e0b43 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -62,6 +62,14 @@ struct QCryptoBlockDriver { void *opaque, Error **errp); + int (*amend)(QCryptoBlock *block, + QCryptoBlockReadFunc readfunc, + QCryptoBlockWriteFunc writefunc, + void *opaque, + QCryptoBlockCreateOptions *options, + bool force, + Error **errp); + int (*get_info)(QCryptoBlock *block, QCryptoBlockInfo *info, Error **errp); diff --git a/include/crypto/block.h b/include/crypto/block.h index d49d2c2da9..777fd51ebe 100644 --- a/include/crypto/block.h +++ b/include/crypto/block.h @@ -144,6 +144,28 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, void *opaque, Error **errp); +/** + * qcrypto_block_amend_options: + * @block: the block encryption object + * + * @readfunc: callback for reading data from the volume header + * @writefunc: callback for writing data to the volume header + * @opaque: data to pass to @readfunc and @writefunc + * @options: the new/amended encryption options + * @force: hint for the driver to allow unsafe operation + * @errp: error pointer + * + * Changes the crypto options of the encryption format + * + */ +int qcrypto_block_amend_options(QCryptoBlock *block, + QCryptoBlockReadFunc readfunc, + QCryptoBlockWriteFunc writefunc, + void *opaque, + QCryptoBlockCreateOptions *options, + bool force, + Error **errp); + /** * qcrypto_block_get_info: From patchwork Fri Aug 30 20:56:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 11124517 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BF931112C for ; Fri, 30 Aug 2019 21:02:42 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4D3F223429 for ; Fri, 30 Aug 2019 21:02:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4D3F223429 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:41122 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3o2b-0007x6-AV for patchwork-qemu-devel@patchwork.kernel.org; Fri, 30 Aug 2019 17:02:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47343) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3nwk-0003Av-GO for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i3nwg-0001QN-8Y for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:38 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48216) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i3nwU-0001Iy-GF; Fri, 30 Aug 2019 16:56:22 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CA8207FDFE; Fri, 30 Aug 2019 20:56:21 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 482125D9CA; Fri, 30 Aug 2019 20:56:19 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Date: Fri, 30 Aug 2019 23:56:00 +0300 Message-Id: <20190830205608.18192-3-mlevitsk@redhat.com> In-Reply-To: <20190830205608.18192-1-mlevitsk@redhat.com> References: <20190830205608.18192-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Fri, 30 Aug 2019 20:56:21 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 02/10] qcrypto-luks: extend the create options for upcoming encryption key management X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , qemu-block@nongnu.org, Markus Armbruster , Max Reitz , Maxim Levitsky , John Snow Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" Now you can specify which slot to put the encryption key to Plus add 'active' option which will let user erase the key secret instead of adding it. Check that it is true for creation Signed-off-by: Maxim Levitsky --- block/crypto.c | 2 ++ block/crypto.h | 16 +++++++++++ block/qcow2.c | 2 ++ crypto/block-luks.c | 26 +++++++++++++++--- qapi/crypto.json | 19 ++++++++++++++ tests/qemu-iotests/082.out | 54 ++++++++++++++++++++++++++++++++++++++ 6 files changed, 115 insertions(+), 4 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index 6e822c6e50..a6a3e1f1d8 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -144,6 +144,8 @@ static QemuOptsList block_crypto_create_opts_luks = { BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""), BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""), BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_SLOT(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_ACTIVE(""), { /* end of list */ } }, }; diff --git a/block/crypto.h b/block/crypto.h index b935695e79..05cc43d9bc 100644 --- a/block/crypto.h +++ b/block/crypto.h @@ -35,12 +35,14 @@ "ID of the secret that provides the AES encryption key") #define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret" +#define BLOCK_CRYPTO_OPT_LUKS_SLOT "slot" #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg" #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode" #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg" #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg" #define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg" #define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time" +#define BLOCK_CRYPTO_OPT_LUKS_ACTIVE "active" #define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \ BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \ @@ -88,6 +90,20 @@ .help = "Time to spend in PBKDF in milliseconds", \ } +#define BLOCK_CRYPTO_OPT_DEF_LUKS_SLOT(prefix) \ + { \ + .name = prefix BLOCK_CRYPTO_OPT_LUKS_SLOT, \ + .type = QEMU_OPT_NUMBER, \ + .help = "Controls the slot where the secret is added/erased", \ + } + +#define BLOCK_CRYPTO_OPT_DEF_LUKS_ACTIVE(prefix) \ + { \ + .name = prefix BLOCK_CRYPTO_OPT_LUKS_ACTIVE, \ + .type = QEMU_OPT_BOOL, \ + .help = "Controls if the added secret is added or erased", \ + } + QCryptoBlockCreateOptions * block_crypto_create_opts_init(QDict *opts, Error **errp); diff --git a/block/qcow2.c b/block/qcow2.c index 7c5a4859f7..be4a5063e5 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -5167,6 +5167,8 @@ static QemuOptsList qcow2_create_opts = { BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG("encrypt."), BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG("encrypt."), BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME("encrypt."), + BLOCK_CRYPTO_OPT_DEF_LUKS_SLOT("encrypt."), + BLOCK_CRYPTO_OPT_DEF_LUKS_ACTIVE("encrypt."), { .name = BLOCK_OPT_CLUSTER_SIZE, .type = QEMU_OPT_SIZE, diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 3af137e364..ba20d55246 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -1230,6 +1230,7 @@ qcrypto_block_luks_create(QCryptoBlock *block, const char *hash_alg; g_autofree char *cipher_mode_spec = NULL; uint64_t iters; + unsigned int slot_idx = 0; memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts)); if (!luks_opts.has_iter_time) { @@ -1263,12 +1264,30 @@ qcrypto_block_luks_create(QCryptoBlock *block, luks->ivgen_hash_alg = luks_opts.ivgen_hash_alg; luks->hash_alg = luks_opts.hash_alg; + if (luks_opts.has_active && !luks_opts.active) { + error_setg(errp, + "For image creation, the added secret must be active!"); + goto error; + + } + + if (luks_opts.has_slot) { + if (luks_opts.slot >= QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS || + luks_opts.slot < 0) { + error_setg(errp, + "Invalid slot %" PRId64 " is specified", + luks_opts.slot); + goto error; + } + slot_idx = (unsigned int)luks_opts.slot; + } + /* Note we're allowing ivgen_hash_alg to be set even for * non-essiv iv generators that don't need a hash. It will * be silently ignored, for compatibility with dm-crypt */ - if (!options->u.luks.key_secret) { + if (!luks_opts.has_key_secret) { error_setg(errp, "Parameter '%skey-secret' is required for cipher", optprefix ? optprefix : ""); goto error; @@ -1473,11 +1492,10 @@ qcrypto_block_luks_create(QCryptoBlock *block, goto error; } - - /* populate the slot 0 with the password encrypted master key*/ + /* populate one of the slots with the password encrypted master key*/ /* This will also store the header */ if (qcrypto_block_luks_store_key(block, - 0, + slot_idx, password, masterkey, luks_opts.iter_time, diff --git a/qapi/crypto.json b/qapi/crypto.json index b2a4cff683..9b83a70634 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -190,6 +190,20 @@ # Currently defaults to 'sha256' # @hash-alg: the master key hash algorithm # Currently defaults to 'sha256' +# +# @active: Should the new secret be added (true) or erased (false) +# (amend only, since 4.2) +# +# @slot: The slot in which to put/erase the secret +# if not given, will select first free slot for secret addtion +# and erase all matching keyslots for erase. except last one +# (optional, since 4.2) +# +# @unlock-secret: The secret to use to unlock the image +# If not given, will use the secret that was used +# when opening the image. +# (optional, for amend only, since 4.2) +# # @iter-time: number of milliseconds to spend in # PBKDF passphrase processing. Currently defaults # to 2000. (since 2.8) @@ -201,7 +215,12 @@ '*cipher-mode': 'QCryptoCipherMode', '*ivgen-alg': 'QCryptoIVGenAlgorithm', '*ivgen-hash-alg': 'QCryptoHashAlgorithm', + '*hash-alg': 'QCryptoHashAlgorithm', + '*active' : 'bool', + '*slot': 'int', + '*unlock-secret': 'str', + '*iter-time': 'int'}} diff --git a/tests/qemu-iotests/082.out b/tests/qemu-iotests/082.out index 9d4ed4dc9d..5651a0b953 100644 --- a/tests/qemu-iotests/082.out +++ b/tests/qemu-iotests/082.out @@ -50,6 +50,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -58,6 +59,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -73,6 +75,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -81,6 +84,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -96,6 +100,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -104,6 +109,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -119,6 +125,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -127,6 +134,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -142,6 +150,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -150,6 +159,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -165,6 +175,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -173,6 +184,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -188,6 +200,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -196,6 +209,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -211,6 +225,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -219,6 +234,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -249,6 +265,7 @@ Supported qcow2 options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -257,6 +274,7 @@ Supported qcow2 options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates preallocation= - Preallocation mode (allowed values: off, metadata, falloc, full) @@ -330,6 +348,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -338,6 +357,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -353,6 +373,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -361,6 +382,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -376,6 +398,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -384,6 +407,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -399,6 +423,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -407,6 +432,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -422,6 +448,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -430,6 +457,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -445,6 +473,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -453,6 +482,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -468,6 +498,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -476,6 +507,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -491,6 +523,7 @@ Supported options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -499,6 +532,7 @@ Supported options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates nocow= - Turn off copy-on-write (valid only on btrfs) @@ -529,6 +563,7 @@ Supported qcow2 options: compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -537,6 +572,7 @@ Supported qcow2 options: encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates preallocation= - Preallocation mode (allowed values: off, metadata, falloc, full) @@ -621,6 +657,7 @@ Creation options for 'qcow2': compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -629,6 +666,7 @@ Creation options for 'qcow2': encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates preallocation= - Preallocation mode (allowed values: off, metadata, falloc, full) @@ -645,6 +683,7 @@ Creation options for 'qcow2': compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -653,6 +692,7 @@ Creation options for 'qcow2': encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates preallocation= - Preallocation mode (allowed values: off, metadata, falloc, full) @@ -669,6 +709,7 @@ Creation options for 'qcow2': compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -677,6 +718,7 @@ Creation options for 'qcow2': encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates preallocation= - Preallocation mode (allowed values: off, metadata, falloc, full) @@ -693,6 +735,7 @@ Creation options for 'qcow2': compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -701,6 +744,7 @@ Creation options for 'qcow2': encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates preallocation= - Preallocation mode (allowed values: off, metadata, falloc, full) @@ -717,6 +761,7 @@ Creation options for 'qcow2': compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -725,6 +770,7 @@ Creation options for 'qcow2': encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates preallocation= - Preallocation mode (allowed values: off, metadata, falloc, full) @@ -741,6 +787,7 @@ Creation options for 'qcow2': compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -749,6 +796,7 @@ Creation options for 'qcow2': encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates preallocation= - Preallocation mode (allowed values: off, metadata, falloc, full) @@ -765,6 +813,7 @@ Creation options for 'qcow2': compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -773,6 +822,7 @@ Creation options for 'qcow2': encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates preallocation= - Preallocation mode (allowed values: off, metadata, falloc, full) @@ -789,6 +839,7 @@ Creation options for 'qcow2': compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -797,6 +848,7 @@ Creation options for 'qcow2': encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates preallocation= - Preallocation mode (allowed values: off, metadata, falloc, full) @@ -830,6 +882,7 @@ Creation options for 'qcow2': compat= - Compatibility level (v2 [0.10] or v3 [1.1]) data_file= - File name of an external data file data_file_raw= - The external data file must stay valid as a raw image + encrypt.active= - Controls if the added secret is added or erased encrypt.cipher-alg= - Name of encryption cipher algorithm encrypt.cipher-mode= - Name of encryption cipher mode encrypt.format= - Encrypt the image, format choices: 'aes', 'luks' @@ -838,6 +891,7 @@ Creation options for 'qcow2': encrypt.ivgen-alg= - Name of IV generator algorithm encrypt.ivgen-hash-alg= - Name of IV generator hash algorithm encrypt.key-secret= - ID of secret providing qcow AES key or LUKS passphrase + encrypt.slot= - Controls the slot where the secret is added/erased encryption= - Encrypt the image with format 'aes'. (Deprecated in favor of encrypt.format=aes) lazy_refcounts= - Postpone refcount updates preallocation= - Preallocation mode (allowed values: off, metadata, falloc, full) From patchwork Fri Aug 30 20:56:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 11124515 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 81E1A112C for ; Fri, 30 Aug 2019 21:02:18 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5369823429 for ; Fri, 30 Aug 2019 21:02:18 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5369823429 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:41118 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3o2D-0007XK-9o for patchwork-qemu-devel@patchwork.kernel.org; Fri, 30 Aug 2019 17:02:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47234) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3nwg-000357-AO for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i3nwe-0001P6-6d for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:34 -0400 Received: from mx1.redhat.com ([209.132.183.28]:33864) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i3nwY-0001L0-D4; Fri, 30 Aug 2019 16:56:26 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8065A10F23F9; Fri, 30 Aug 2019 20:56:24 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2FCB55D9CA; Fri, 30 Aug 2019 20:56:21 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Date: Fri, 30 Aug 2019 23:56:01 +0300 Message-Id: <20190830205608.18192-4-mlevitsk@redhat.com> In-Reply-To: <20190830205608.18192-1-mlevitsk@redhat.com> References: <20190830205608.18192-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.66]); Fri, 30 Aug 2019 20:56:24 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 03/10] qcrypto-luks: implement the encryption key management X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , qemu-block@nongnu.org, Markus Armbruster , Max Reitz , Maxim Levitsky , John Snow Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" Signed-off-by: Maxim Levitsky --- crypto/block-luks.c | 366 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 364 insertions(+), 2 deletions(-) diff --git a/crypto/block-luks.c b/crypto/block-luks.c index ba20d55246..21325fbc79 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -70,6 +70,9 @@ typedef struct QCryptoBlockLUKSKeySlot QCryptoBlockLUKSKeySlot; #define QCRYPTO_BLOCK_LUKS_SECTOR_SIZE 512LL +#define QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME 2000 +#define QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS 40 + static const char qcrypto_block_luks_magic[QCRYPTO_BLOCK_LUKS_MAGIC_LEN] = { 'L', 'U', 'K', 'S', 0xBA, 0xBE }; @@ -219,6 +222,9 @@ struct QCryptoBlockLUKS { /* Hash algorithm used in pbkdf2 function */ QCryptoHashAlgorithm hash_alg; + + /* Name of the secret that was used to open the image */ + char *secret; }; @@ -1089,6 +1095,175 @@ qcrypto_block_luks_find_key(QCryptoBlock *block, } + +/* + * Returns true if a slot i is marked as active + * (contains encrypted copy of the master key) + */ + +static bool +qcrypto_block_luks_slot_active(const QCryptoBlockLUKS *luks, + unsigned int slot_idx) +{ + uint32_t val = luks->header.key_slots[slot_idx].active; + return val == QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED; +} + +/* + * Returns the number of slots that are marked as active + * (contains encrypted copy of the master key) + */ + +static unsigned int +qcrypto_block_luks_count_active_slots(const QCryptoBlockLUKS *luks) +{ + size_t i = 0; + unsigned int ret = 0; + + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { + if (qcrypto_block_luks_slot_active(luks, i)) { + ret++; + } + } + return ret; +} + + +/* + * Finds first key slot which is not active + * Returns the key slot index, or -1 if doesn't exist + */ + +static int +qcrypto_block_luks_find_free_keyslot(const QCryptoBlockLUKS *luks) +{ + size_t i; + + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { + if (!qcrypto_block_luks_slot_active(luks, i)) { + return i; + } + } + return -1; + +} + +/* + * Erases an keyslot given its index + * Returns: + * 0 if the keyslot was erased successfully + * -1 if a error occurred while erasing the keyslot + * + */ + +static int +qcrypto_block_luks_erase_key(QCryptoBlock *block, + unsigned int slot_idx, + QCryptoBlockWriteFunc writefunc, + void *opaque, + Error **errp) +{ + QCryptoBlockLUKS *luks = block->opaque; + QCryptoBlockLUKSKeySlot *slot = &luks->header.key_slots[slot_idx]; + g_autofree uint8_t *garbagesplitkey = NULL; + size_t splitkeylen = luks->header.master_key_len * slot->stripes; + size_t i; + + assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS); + assert(splitkeylen > 0); + + garbagesplitkey = g_malloc0(splitkeylen); + + /* Reset the key slot header */ + memset(slot->salt, 0, QCRYPTO_BLOCK_LUKS_SALT_LEN); + slot->iterations = 0; + slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED; + + qcrypto_block_luks_store_header(block, writefunc, opaque, errp); + + /* + * Now try to erase the key material, even if the header + * update failed + */ + + for (i = 0 ; i < QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS ; i++) { + if (qcrypto_random_bytes(garbagesplitkey, splitkeylen, errp) < 0) { + /* + * If we failed to get the random data, still write + * at least zeros to the key slot at least once + */ + + if (i > 0) { + return -1; + } + } + + if (writefunc(block, + slot->key_offset_sector * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, + garbagesplitkey, + splitkeylen, + opaque, + errp) != splitkeylen) { + return -1; + } + } + return 0; +} + + +/* + * Erase all the keys that match the given password + * Will stop when only one keyslot is remaining + * Returns number of slots that were erased or -1 on failure + */ + +static int +qcrypto_block_luks_erase_matching_keys(QCryptoBlock *block, + const char *password, + QCryptoBlockReadFunc readfunc, + QCryptoBlockWriteFunc writefunc, + void *opaque, + bool force, + Error **errp) +{ + QCryptoBlockLUKS *luks = block->opaque; + size_t i; + int rv; + g_autofree uint8_t *masterkey = NULL; + unsigned int erased_cnt = 0; + unsigned int active_slot_cnt = qcrypto_block_luks_count_active_slots(luks); + + masterkey = g_new0(uint8_t, luks->header.master_key_len); + + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { + + /* refuse to erase last key if not forced */ + if (!force && active_slot_cnt == 1) { + break; + } + + rv = qcrypto_block_luks_load_key(block, i, password, masterkey, + readfunc, opaque, errp); + if (rv < 0) { + return -1; + } + if (rv == 0) { + continue; + } + + rv = qcrypto_block_luks_erase_key(block, i, writefunc, opaque, errp); + if (rv < 0) { + return -1; + } + + erased_cnt++; + active_slot_cnt--; + } + + return erased_cnt; +} + + static int qcrypto_block_luks_open(QCryptoBlock *block, QCryptoBlockOpenOptions *options, @@ -1119,6 +1294,7 @@ qcrypto_block_luks_open(QCryptoBlock *block, luks = g_new0(QCryptoBlockLUKS, 1); block->opaque = luks; + luks->secret = g_strdup(options->u.luks.key_secret); ret = qcrypto_block_luks_load_header(block, readfunc, opaque, errp); if (ret) { @@ -1234,7 +1410,7 @@ qcrypto_block_luks_create(QCryptoBlock *block, memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts)); if (!luks_opts.has_iter_time) { - luks_opts.iter_time = 2000; + luks_opts.iter_time = QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME; } if (!luks_opts.has_cipher_alg) { luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256; @@ -1292,6 +1468,8 @@ qcrypto_block_luks_create(QCryptoBlock *block, optprefix ? optprefix : ""); goto error; } + luks->secret = g_strdup(options->u.luks.key_secret); + password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp); if (!password) { goto error; @@ -1522,6 +1700,187 @@ qcrypto_block_luks_create(QCryptoBlock *block, } +#define CHECK_NON_AMEND_OPTION(luks, luks_opts, name) \ + if (luks_opts.has_##name && luks_opts.name != luks->name) { \ + error_setg(errp, "Option \"" #name "\" can't be amended"); \ + goto cleanup; \ + } + +static int +qcrypto_block_luks_amend_options(QCryptoBlock *block, + QCryptoBlockReadFunc readfunc, + QCryptoBlockWriteFunc writefunc, + void *opaque, + QCryptoBlockCreateOptions *options, + bool force, + Error **errp) +{ + QCryptoBlockLUKS *luks = block->opaque; + QCryptoBlockCreateOptionsLUKS luks_opts; + g_autofree char *old_password = NULL; + g_autofree char *password = NULL; + const char *unlock_secret = luks->secret; + g_autofree uint8_t *masterkey = NULL; + int slot = -1; + int ret = -1; + bool active = true; + int64_t iter_time = QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME; + + memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts)); + + CHECK_NON_AMEND_OPTION(luks, luks_opts, cipher_alg); + CHECK_NON_AMEND_OPTION(luks, luks_opts, cipher_mode); + CHECK_NON_AMEND_OPTION(luks, luks_opts, ivgen_alg); + CHECK_NON_AMEND_OPTION(luks, luks_opts, ivgen_hash_alg); + CHECK_NON_AMEND_OPTION(luks, luks_opts, hash_alg); + + /* Read given slot and check it */ + if (luks_opts.has_slot) { + slot = luks_opts.slot; + if (slot < 0 || slot >= QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS) { + error_setg(errp, + "Given key slot %i is not supported by LUKS", slot); + goto cleanup; + } + } + + if (luks_opts.has_iter_time) { + iter_time = luks_opts.iter_time; + } + + if (luks_opts.has_active && luks_opts.active == false) { + active = false; + } + + if (active) { + + /* Check that we are not overwriting an active slot */ + if (!force && slot != -1 && + qcrypto_block_luks_slot_active(luks, slot)) { + + error_setg(errp, "Can't update an active key slot %i", + slot); + goto cleanup; + } + + /* check that we have the passwords*/ + if (!luks_opts.has_key_secret) { + error_setg(errp, "Can't add a key slot without a password"); + goto cleanup; + } + + if (luks_opts.has_unlock_secret) { + unlock_secret = luks_opts.unlock_secret; + } + + /* Read the old password */ + old_password = qcrypto_secret_lookup_as_utf8(unlock_secret, errp); + if (!old_password) { + goto cleanup; + } + + masterkey = g_new0(uint8_t, luks->header.master_key_len); + + /* Retrieve the master key*/ + if (qcrypto_block_luks_find_key(block, old_password, masterkey, + readfunc, opaque, + errp) < 0) { + error_append_hint(errp, + "unlock secret, doesn't unlock the image"); + goto cleanup; + } + + /* Read the new password*/ + password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp); + if (!password) { + goto cleanup; + } + + /* Find the new slot to write to */ + if (slot == -1) { + slot = qcrypto_block_luks_find_free_keyslot(luks); + + if (slot == -1) { + error_setg(errp, + "Can't add a keyslot - all key slots are in use"); + goto cleanup; + + } + } + + /* Store the master key to the new slot */ + if (qcrypto_block_luks_store_key(block, slot, password, masterkey, + iter_time, writefunc, opaque, + errp)) { + + error_append_hint(errp, "Failed to store the keyslot %i", slot); + goto cleanup; + } + + } else { + + /* Check that we are not erasing last key slot */ + if (qcrypto_block_luks_count_active_slots(luks) <= 1) { + + if (!force) { + error_setg(errp, "Only one slot active - can't erase"); + goto cleanup; + } + } + + if (slot != -1) { + /* Check that we are not erasing an inactive slot */ + if (!qcrypto_block_luks_slot_active(luks, luks_opts.slot)) { + if (!force) { + error_setg(errp, "Can't erase an inactive key slot %i", + slot); + goto cleanup; + } + } + + /* Erase the given slot */ + if (qcrypto_block_luks_erase_key(block, slot, + writefunc, opaque, errp)) { + goto cleanup; + } + + } else { + if (!luks_opts.has_key_secret) { + error_setg(errp, + "To erase a keyslot you have to specify either the" + "slot index or a password " + "(to erase all slots that match it)"); + goto cleanup; + } + + password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, + errp); + if (!password) { + goto cleanup; + } + + ret = qcrypto_block_luks_erase_matching_keys(block, password, + readfunc, writefunc, + opaque, force, errp); + if (ret == 0) { + error_setg(errp, + "Didn't erase a keyslot, because no keyslots match" + " the given password"); + ret = -EINVAL; + goto cleanup; + } + + if (ret < 0) { + goto cleanup; + } + } + } + ret = 0; +cleanup: + return ret; +} + + static int qcrypto_block_luks_get_info(QCryptoBlock *block, QCryptoBlockInfo *info, Error **errp) @@ -1569,7 +1928,9 @@ static int qcrypto_block_luks_get_info(QCryptoBlock *block, static void qcrypto_block_luks_cleanup(QCryptoBlock *block) { - g_free(block->opaque); + QCryptoBlockLUKS *luks = block->opaque; + g_free(luks->secret); + g_free(luks); } @@ -1606,6 +1967,7 @@ qcrypto_block_luks_encrypt(QCryptoBlock *block, const QCryptoBlockDriver qcrypto_block_driver_luks = { .open = qcrypto_block_luks_open, .create = qcrypto_block_luks_create, + .amend = qcrypto_block_luks_amend_options, .get_info = qcrypto_block_luks_get_info, .cleanup = qcrypto_block_luks_cleanup, .decrypt = qcrypto_block_luks_decrypt, From patchwork Fri Aug 30 20:56:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 11124533 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0FEB814E5 for ; Fri, 30 Aug 2019 21:04:41 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id E5B812070B for ; Fri, 30 Aug 2019 21:04:40 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E5B812070B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:41140 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3o4W-00012t-1p for patchwork-qemu-devel@patchwork.kernel.org; Fri, 30 Aug 2019 17:04:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47349) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3nwk-0003B9-IM for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:40 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i3nwj-0001Sb-3z for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:38 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48244) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i3nwe-0001OT-6k; Fri, 30 Aug 2019 16:56:33 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4CD9E7EBAE; Fri, 30 Aug 2019 20:56:31 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id DB8C65D9CA; Fri, 30 Aug 2019 20:56:24 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Date: Fri, 30 Aug 2019 23:56:02 +0300 Message-Id: <20190830205608.18192-5-mlevitsk@redhat.com> In-Reply-To: <20190830205608.18192-1-mlevitsk@redhat.com> References: <20190830205608.18192-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Fri, 30 Aug 2019 20:56:31 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 04/10] block: amend: add 'force' option X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , qemu-block@nongnu.org, Markus Armbruster , Max Reitz , Maxim Levitsky , John Snow Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" Signed-off-by: Maxim Levitsky Reviewed-by: Daniel P. Berrangé --- block.c | 4 +++- block/qcow2.c | 1 + include/block/block.h | 1 + include/block/block_int.h | 1 + qemu-img-cmds.hx | 4 ++-- qemu-img.c | 8 +++++++- qemu-img.texi | 6 +++++- 7 files changed, 20 insertions(+), 5 deletions(-) diff --git a/block.c b/block.c index 874a29a983..df6707677a 100644 --- a/block.c +++ b/block.c @@ -6142,6 +6142,7 @@ void bdrv_remove_aio_context_notifier(BlockDriverState *bs, int bdrv_amend_options(BlockDriverState *bs, QemuOpts *opts, BlockDriverAmendStatusCB *status_cb, void *cb_opaque, + bool force, Error **errp) { if (!bs->drv) { @@ -6153,7 +6154,8 @@ int bdrv_amend_options(BlockDriverState *bs, QemuOpts *opts, bs->drv->format_name); return -ENOTSUP; } - return bs->drv->bdrv_amend_options(bs, opts, status_cb, cb_opaque, errp); + return bs->drv->bdrv_amend_options(bs, opts, status_cb, + cb_opaque, force, errp); } /* This function will be called by the bdrv_recurse_is_first_non_filter method diff --git a/block/qcow2.c b/block/qcow2.c index be4a5063e5..376bb416fd 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -4823,6 +4823,7 @@ static void qcow2_amend_helper_cb(BlockDriverState *bs, static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts, BlockDriverAmendStatusCB *status_cb, void *cb_opaque, + bool force, Error **errp) { BDRVQcow2State *s = bs->opaque; diff --git a/include/block/block.h b/include/block/block.h index 124ad40809..6bc89c7667 100644 --- a/include/block/block.h +++ b/include/block/block.h @@ -400,6 +400,7 @@ typedef void BlockDriverAmendStatusCB(BlockDriverState *bs, int64_t offset, int64_t total_work_size, void *opaque); int bdrv_amend_options(BlockDriverState *bs_new, QemuOpts *opts, BlockDriverAmendStatusCB *status_cb, void *cb_opaque, + bool force, Error **errp); /* external snapshots */ diff --git a/include/block/block_int.h b/include/block/block_int.h index ceec8c2f56..c6aa05214f 100644 --- a/include/block/block_int.h +++ b/include/block/block_int.h @@ -402,6 +402,7 @@ struct BlockDriver { int (*bdrv_amend_options)(BlockDriverState *bs, QemuOpts *opts, BlockDriverAmendStatusCB *status_cb, void *cb_opaque, + bool force, Error **errp); void (*bdrv_debug_event)(BlockDriverState *bs, BlkdebugEvent event); diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx index 1c93e6d185..323ea10ad0 100644 --- a/qemu-img-cmds.hx +++ b/qemu-img-cmds.hx @@ -14,9 +14,9 @@ STEXI ETEXI DEF("amend", img_amend, - "amend [--object objectdef] [--image-opts] [-p] [-q] [-f fmt] [-t cache] -o options filename") + "amend [--object objectdef] [--image-opts] [-p] [-q] [-f fmt] [-t cache] [--force] -o options filename") STEXI -@item amend [--object @var{objectdef}] [--image-opts] [-p] [-q] [-f @var{fmt}] [-t @var{cache}] -o @var{options} @var{filename} +@item amend [--object @var{objectdef}] [--image-opts] [-p] [-q] [-f @var{fmt}] [-t @var{cache}] [--force] -o @var{options} @var{filename} ETEXI DEF("bench", img_bench, diff --git a/qemu-img.c b/qemu-img.c index 7daa05e51a..4533a44c1d 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -70,6 +70,7 @@ enum { OPTION_PREALLOCATION = 265, OPTION_SHRINK = 266, OPTION_SALVAGE = 267, + OPTION_FORCE = 268, }; typedef enum OutputFormat { @@ -3915,6 +3916,7 @@ static int img_amend(int argc, char **argv) BlockBackend *blk = NULL; BlockDriverState *bs = NULL; bool image_opts = false; + bool force = false; cache = BDRV_DEFAULT_CACHE; for (;;) { @@ -3922,6 +3924,7 @@ static int img_amend(int argc, char **argv) {"help", no_argument, 0, 'h'}, {"object", required_argument, 0, OPTION_OBJECT}, {"image-opts", no_argument, 0, OPTION_IMAGE_OPTS}, + {"force", no_argument, 0, OPTION_FORCE}, {0, 0, 0, 0} }; c = getopt_long(argc, argv, ":ho:f:t:pq", @@ -3977,6 +3980,9 @@ static int img_amend(int argc, char **argv) case OPTION_IMAGE_OPTS: image_opts = true; break; + case OPTION_FORCE: + force = true; + break; } } @@ -4054,7 +4060,7 @@ static int img_amend(int argc, char **argv) /* In case the driver does not call amend_status_cb() */ qemu_progress_print(0.f, 0); - ret = bdrv_amend_options(bs, opts, &amend_status_cb, NULL, &err); + ret = bdrv_amend_options(bs, opts, &amend_status_cb, NULL, force, &err); qemu_progress_print(100.f, 0); if (ret < 0) { error_report_err(err); diff --git a/qemu-img.texi b/qemu-img.texi index b5156d6316..b6ed4357e8 100644 --- a/qemu-img.texi +++ b/qemu-img.texi @@ -201,11 +201,15 @@ Command description: @table @option -@item amend [--object @var{objectdef}] [--image-opts] [-p] [-q] [-f @var{fmt}] [-t @var{cache}] -o @var{options} @var{filename} +@item amend [--object @var{objectdef}] [--image-opts] [-p] [-q] [-f @var{fmt}] [-t @var{cache}] [--force] -o @var{options} @var{filename} Amends the image format specific @var{options} for the image file @var{filename}. Not all file formats support this operation. +--force allows some unsafe operations. Currently for -f luks, +it allows to erase last encryption key, and to overwrite an active +encryption key. + @item bench [-c @var{count}] [-d @var{depth}] [-f @var{fmt}] [--flush-interval=@var{flush_interval}] [-n] [--no-drain] [-o @var{offset}] [--pattern=@var{pattern}] [-q] [-s @var{buffer_size}] [-S @var{step_size}] [-t @var{cache}] [-w] [-U] @var{filename} Run a simple sequential I/O benchmark on the specified image. If @code{-w} is From patchwork Fri Aug 30 20:56:03 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 11124511 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C1971112C for ; Fri, 30 Aug 2019 20:59:49 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A347623430 for ; Fri, 30 Aug 2019 20:59:49 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A347623430 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:41076 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3nzo-0005Wd-I4 for patchwork-qemu-devel@patchwork.kernel.org; Fri, 30 Aug 2019 16:59:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47421) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3nwn-0003FJ-BY for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i3nwl-0001VH-Rw for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:41 -0400 Received: from mx1.redhat.com ([209.132.183.28]:33900) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i3nwi-0001Rz-TN; Fri, 30 Aug 2019 16:56:37 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3C7B3102700C; Fri, 30 Aug 2019 20:56:36 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id A97585D9CA; Fri, 30 Aug 2019 20:56:31 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Date: Fri, 30 Aug 2019 23:56:03 +0300 Message-Id: <20190830205608.18192-6-mlevitsk@redhat.com> In-Reply-To: <20190830205608.18192-1-mlevitsk@redhat.com> References: <20190830205608.18192-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.66]); Fri, 30 Aug 2019 20:56:36 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 05/10] block/crypto: implement the encryption key management X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , qemu-block@nongnu.org, Markus Armbruster , Max Reitz , Maxim Levitsky , John Snow Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" This implements the encryption key management using the generic code in qcrypto layer (currently only for qemu-img amend) This code adds another 'write_func' because the initialization write_func works directly on the underlying file, because during the creation, there is no open instance of the luks driver, but during regular use, we have it, and should use it instead. Signed-off-by: Maxim Levitsky --- block/crypto.c | 106 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 103 insertions(+), 3 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index a6a3e1f1d8..dbd95a99ba 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -36,6 +36,7 @@ typedef struct BlockCrypto BlockCrypto; struct BlockCrypto { QCryptoBlock *block; + bool updating_keys; }; @@ -70,6 +71,24 @@ static ssize_t block_crypto_read_func(QCryptoBlock *block, return ret; } +static ssize_t block_crypto_write_func(QCryptoBlock *block, + size_t offset, + const uint8_t *buf, + size_t buflen, + void *opaque, + Error **errp) +{ + BlockDriverState *bs = opaque; + ssize_t ret; + + ret = bdrv_pwrite(bs->file, offset, buf, buflen); + if (ret < 0) { + error_setg_errno(errp, -ret, "Could not write encryption header"); + return ret; + } + return ret; +} + struct BlockCryptoCreateData { BlockBackend *blk; @@ -647,6 +666,88 @@ block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp) return spec_info; } + +static int +block_crypto_amend_options(BlockDriverState *bs, + QemuOpts *opts, + BlockDriverAmendStatusCB *status_cb, + void *cb_opaque, + bool force, + Error **errp) +{ + BlockCrypto *crypto = bs->opaque; + QDict *cryptoopts = NULL; + QCryptoBlockCreateOptions *amend_options = NULL; + int ret; + + assert(crypto); + assert(crypto->block); + + crypto->updating_keys = true; + + ret = bdrv_child_refresh_perms(bs, bs->file, errp); + if (ret) { + goto cleanup; + } + + cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL, + &block_crypto_create_opts_luks, + true); + + qdict_put_str(cryptoopts, "format", "luks"); + amend_options = block_crypto_create_opts_init(cryptoopts, errp); + if (!amend_options) { + ret = -EINVAL; + goto cleanup; + } + + ret = qcrypto_block_amend_options(crypto->block, + block_crypto_read_func, + block_crypto_write_func, + bs, + amend_options, + force, + errp); +cleanup: + crypto->updating_keys = false; + bdrv_child_refresh_perms(bs, bs->file, errp); + qapi_free_QCryptoBlockCreateOptions(amend_options); + qobject_unref(cryptoopts); + return ret; +} + + +static void +block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c, + const BdrvChildRole *role, + BlockReopenQueue *reopen_queue, + uint64_t perm, uint64_t shared, + uint64_t *nperm, uint64_t *nshared) +{ + + BlockCrypto *crypto = bs->opaque; + + /* + * This driver doesn't modify LUKS metadata except + * when updating the encryption slots. + * Allow share-rw=on as a special case. + * + * Encryption update will set the crypto->updating_keys + * during that period and refresh permissions + * + * */ + + if (crypto->updating_keys) { + /*need exclusive write access for header update */ + perm |= BLK_PERM_WRITE; + shared &= ~BLK_PERM_WRITE; + } + + bdrv_filter_default_perms(bs, c, role, reopen_queue, + perm, shared, nperm, nshared); +} + + static const char *const block_crypto_strong_runtime_opts[] = { BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, @@ -659,9 +760,7 @@ static BlockDriver bdrv_crypto_luks = { .bdrv_probe = block_crypto_probe_luks, .bdrv_open = block_crypto_open_luks, .bdrv_close = block_crypto_close, - /* This driver doesn't modify LUKS metadata except when creating image. - * Allow share-rw=on as a special case. */ - .bdrv_child_perm = bdrv_filter_default_perms, + .bdrv_child_perm = block_crypto_child_perms, .bdrv_co_create = block_crypto_co_create_luks, .bdrv_co_create_opts = block_crypto_co_create_opts_luks, .bdrv_co_truncate = block_crypto_co_truncate, @@ -674,6 +773,7 @@ static BlockDriver bdrv_crypto_luks = { .bdrv_getlength = block_crypto_getlength, .bdrv_get_info = block_crypto_get_info_luks, .bdrv_get_specific_info = block_crypto_get_specific_info_luks, + .bdrv_amend_options = block_crypto_amend_options, .strong_runtime_opts = block_crypto_strong_runtime_opts, }; From patchwork Fri Aug 30 20:56:04 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 11124541 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EA02D112C for ; Fri, 30 Aug 2019 21:06:27 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CBAED2070B for ; Fri, 30 Aug 2019 21:06:27 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CBAED2070B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:41154 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3o6F-0002tw-1K for patchwork-qemu-devel@patchwork.kernel.org; Fri, 30 Aug 2019 17:06:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47495) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3nwq-0003JR-1j for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i3nwo-0001Xn-LZ for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:43 -0400 Received: from mx1.redhat.com ([209.132.183.28]:58968) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i3nwl-0001UQ-Ly; Fri, 30 Aug 2019 16:56:39 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E4F80898102; Fri, 30 Aug 2019 20:56:38 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 99F735D9CA; Fri, 30 Aug 2019 20:56:36 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Date: Fri, 30 Aug 2019 23:56:04 +0300 Message-Id: <20190830205608.18192-7-mlevitsk@redhat.com> In-Reply-To: <20190830205608.18192-1-mlevitsk@redhat.com> References: <20190830205608.18192-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.67]); Fri, 30 Aug 2019 20:56:38 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 06/10] qcow2: implement crypto amend options X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , qemu-block@nongnu.org, Markus Armbruster , Max Reitz , Maxim Levitsky , John Snow Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" --- block/qcow2.c | 79 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 63 insertions(+), 16 deletions(-) diff --git a/block/qcow2.c b/block/qcow2.c index 376bb416fd..8dff4c6b5f 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -171,6 +171,25 @@ static ssize_t qcow2_crypto_hdr_write_func(QCryptoBlock *block, size_t offset, return ret; } +static QCryptoBlockCreateOptions* +qcow2_extract_crypto_create_opts(QemuOpts *opts, const char *fmt, Error **errp) +{ + QDict *cryptoopts_qdict; + QCryptoBlockCreateOptions *cryptoopts; + QDict *opts_qdict; + + /* Extract "encrypt." options into a qdict */ + opts_qdict = qemu_opts_to_qdict(opts, NULL); + qdict_extract_subqdict(opts_qdict, &cryptoopts_qdict, "encrypt."); + qobject_unref(opts_qdict); + + /* Build QCryptoBlockCreateOptions object from qdict */ + qdict_put_str(cryptoopts_qdict, "format", "luks"); + cryptoopts = block_crypto_create_opts_init(cryptoopts_qdict, errp); + qobject_unref(cryptoopts_qdict); + return cryptoopts; +} + /* * read qcow2 extension and fill bs @@ -4366,20 +4385,10 @@ static ssize_t qcow2_measure_crypto_hdr_write_func(QCryptoBlock *block, static bool qcow2_measure_luks_headerlen(QemuOpts *opts, size_t *len, Error **errp) { - QDict *opts_qdict; - QDict *cryptoopts_qdict; QCryptoBlockCreateOptions *cryptoopts; QCryptoBlock *crypto; - /* Extract "encrypt." options into a qdict */ - opts_qdict = qemu_opts_to_qdict(opts, NULL); - qdict_extract_subqdict(opts_qdict, &cryptoopts_qdict, "encrypt."); - qobject_unref(opts_qdict); - - /* Build QCryptoBlockCreateOptions object from qdict */ - qdict_put_str(cryptoopts_qdict, "format", "luks"); - cryptoopts = block_crypto_create_opts_init(cryptoopts_qdict, errp); - qobject_unref(cryptoopts_qdict); + cryptoopts = qcow2_extract_crypto_create_opts(opts, "luks", errp); if (!cryptoopts) { return false; } @@ -4756,6 +4765,7 @@ typedef enum Qcow2AmendOperation { * invocation from an operation change */ QCOW2_NO_OPERATION = 0, + QCOW2_UPDATING_ENCRYPTION, QCOW2_CHANGING_REFCOUNT_ORDER, QCOW2_DOWNGRADING, } Qcow2AmendOperation; @@ -4840,6 +4850,7 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts, int ret; QemuOptDesc *desc = opts->list->desc; Qcow2AmendHelperCBInfo helper_cb_info; + bool encryption_update = false; while (desc && desc->name) { if (!qemu_opt_find(opts, desc->name)) { @@ -4888,9 +4899,22 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts, return -ENOTSUP; } } else if (g_str_has_prefix(desc->name, "encrypt.")) { - error_setg(errp, - "Changing the encryption parameters is not supported"); - return -ENOTSUP; + + if (!s->crypto) { + error_setg(errp, + "Can't amend encryption options - encryption not supported"); + return -ENOTSUP; + + } + + if (s->crypt_method_header != QCOW_CRYPT_LUKS) { + error_setg(errp, + "Only LUKS encryption options can be amended"); + return -ENOTSUP; + } + + encryption_update = true; + } else if (!strcmp(desc->name, BLOCK_OPT_CLUSTER_SIZE)) { cluster_size = qemu_opt_get_size(opts, BLOCK_OPT_CLUSTER_SIZE, cluster_size); @@ -4927,7 +4951,7 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts, "images"); return -EINVAL; } - } else { + } else { /* if this point is reached, this probably means a new option was * added without having it covered here */ abort(); @@ -4940,7 +4964,8 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts, .original_status_cb = status_cb, .original_cb_opaque = cb_opaque, .total_operations = (new_version < old_version) - + (s->refcount_bits != refcount_bits) + + (s->refcount_bits != refcount_bits) + + (encryption_update == true) }; /* Upgrade first (some features may require compat=1.1) */ @@ -4954,6 +4979,28 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts, } } + if (encryption_update) { + + QCryptoBlockCreateOptions *cryptoopts; + + cryptoopts = qcow2_extract_crypto_create_opts(opts, "luks", errp); + if (!cryptoopts) + return -EINVAL; + + helper_cb_info.current_operation = QCOW2_UPDATING_ENCRYPTION; + + ret = qcrypto_block_amend_options(s->crypto, + qcow2_crypto_hdr_read_func, + qcow2_crypto_hdr_write_func, + bs, + cryptoopts, + force, + errp); + if (ret) { + return ret; + } + } + if (s->refcount_bits != refcount_bits) { int refcount_order = ctz32(refcount_bits); From patchwork Fri Aug 30 20:56:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 11124535 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7619C14E5 for ; Fri, 30 Aug 2019 21:05:05 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 579A52070B for ; Fri, 30 Aug 2019 21:05:05 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 579A52070B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:41142 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3o4u-0001Lt-Fl for patchwork-qemu-devel@patchwork.kernel.org; Fri, 30 Aug 2019 17:05:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47597) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3nwt-0003O5-V9 for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i3nws-0001b2-99 for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:47 -0400 Received: from mx1.redhat.com ([209.132.183.28]:49800) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i3nwo-0001X4-9N; Fri, 30 Aug 2019 16:56:42 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 96ECE79704; Fri, 30 Aug 2019 20:56:41 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4D8145D9CA; Fri, 30 Aug 2019 20:56:39 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Date: Fri, 30 Aug 2019 23:56:05 +0300 Message-Id: <20190830205608.18192-8-mlevitsk@redhat.com> In-Reply-To: <20190830205608.18192-1-mlevitsk@redhat.com> References: <20190830205608.18192-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Fri, 30 Aug 2019 20:56:41 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 07/10] block: add x-blockdev-amend qmp command X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , qemu-block@nongnu.org, Markus Armbruster , Max Reitz , Maxim Levitsky , John Snow Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" Signed-off-by: Maxim Levitsky --- block/Makefile.objs | 2 +- block/amend.c | 116 ++++++++++++++++++++++++++++++++++++++ include/block/block_int.h | 23 ++++++-- qapi/block-core.json | 26 +++++++++ qapi/job.json | 4 +- 5 files changed, 163 insertions(+), 8 deletions(-) create mode 100644 block/amend.c diff --git a/block/Makefile.objs b/block/Makefile.objs index 35f3bca4d9..10d0308792 100644 --- a/block/Makefile.objs +++ b/block/Makefile.objs @@ -18,7 +18,7 @@ block-obj-y += block-backend.o snapshot.o qapi.o block-obj-$(CONFIG_WIN32) += file-win32.o win32-aio.o block-obj-$(CONFIG_POSIX) += file-posix.o block-obj-$(CONFIG_LINUX_AIO) += linux-aio.o -block-obj-y += null.o mirror.o commit.o io.o create.o +block-obj-y += null.o mirror.o commit.o io.o create.o amend.o block-obj-y += throttle-groups.o block-obj-$(CONFIG_LINUX) += nvme.o diff --git a/block/amend.c b/block/amend.c new file mode 100644 index 0000000000..9bd28e08e7 --- /dev/null +++ b/block/amend.c @@ -0,0 +1,116 @@ +/* + * Block layer code related to image options amend + * + * Copyright (c) 2018 Kevin Wolf + * Copyright (c) 2019 Maxim Levitsky + * + * Heavily based on create.c + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "qemu/osdep.h" +#include "block/block_int.h" +#include "qemu/job.h" +#include "qemu/main-loop.h" +#include "qapi/qapi-commands-block-core.h" +#include "qapi/qapi-visit-block-core.h" +#include "qapi/clone-visitor.h" +#include "qapi/error.h" + +typedef struct BlockdevAmendJob { + Job common; + BlockdevCreateOptions *opts; + BlockDriverState *bs; + bool force; +} BlockdevAmendJob; + +static int coroutine_fn blockdev_amend_run(Job *job, Error **errp) +{ + BlockdevAmendJob *s = container_of(job, BlockdevAmendJob, common); + int ret; + + job_progress_set_remaining(&s->common, 1); + ret = s->bs->drv->bdrv_co_amend(s->bs, s->opts, s->force, errp); + job_progress_update(&s->common, 1); + + qapi_free_BlockdevCreateOptions(s->opts); + + return ret; +} + +static const JobDriver blockdev_amend_job_driver = { + .instance_size = sizeof(BlockdevAmendJob), + .job_type = JOB_TYPE_AMEND, + .run = blockdev_amend_run, +}; + +void qmp_x_blockdev_amend(const char *job_id, + const char *node_name, + BlockdevCreateOptions *options, + bool has_force, + bool force, + Error **errp) +{ + BlockdevAmendJob *s; + const char *fmt = BlockdevDriver_str(options->driver); + BlockDriver *drv = bdrv_find_format(fmt); + BlockDriverState *bs = bdrv_find_node(node_name); + + /* + * If the driver is in the schema, we know that it exists. But it may not + * be whitelisted. + */ + assert(drv); + if (bdrv_uses_whitelist() && !bdrv_is_whitelisted(drv, false)) { + error_setg(errp, "Driver is not whitelisted"); + return; + } + + if (bs->drv != drv) { + error_setg(errp, + "x-blockdev-amend doesn't support changing the block driver"); + return; + + } + + /* Error out if the driver doesn't support .bdrv_co_amend */ + if (!drv->bdrv_co_amend) { + error_setg(errp, "Driver does not support x-blockdev-amend"); + return; + } + + /* + * Create the block job + * TODO Running in the main context. Block drivers need to error out or add + * locking when they use a BDS in a different AioContext. + */ + s = job_create(job_id, &blockdev_amend_job_driver, NULL, + qemu_get_aio_context(), JOB_DEFAULT | JOB_MANUAL_DISMISS, + NULL, NULL, errp); + if (!s) { + return; + } + + s->bs = bs, + s->opts = QAPI_CLONE(BlockdevCreateOptions, options), + s->force = has_force ? force : false; + + job_start(&s->common); +} diff --git a/include/block/block_int.h b/include/block/block_int.h index c6aa05214f..546c84957c 100644 --- a/include/block/block_int.h +++ b/include/block/block_int.h @@ -133,11 +133,28 @@ struct BlockDriver { int (*bdrv_file_open)(BlockDriverState *bs, QDict *options, int flags, Error **errp); void (*bdrv_close)(BlockDriverState *bs); + + int coroutine_fn (*bdrv_co_create)(BlockdevCreateOptions *opts, Error **errp); int coroutine_fn (*bdrv_co_create_opts)(const char *filename, QemuOpts *opts, Error **errp); + + + int coroutine_fn (*bdrv_co_amend)(BlockDriverState *bs, + BlockdevCreateOptions *opts, + bool force, + Error **errp); + + int (*bdrv_amend_options)(BlockDriverState *bs, + QemuOpts *opts, + BlockDriverAmendStatusCB *status_cb, + void *cb_opaque, + bool force, + Error **errp); + + int (*bdrv_make_empty)(BlockDriverState *bs); /* @@ -399,12 +416,6 @@ struct BlockDriver { BdrvCheckResult *result, BdrvCheckMode fix); - int (*bdrv_amend_options)(BlockDriverState *bs, QemuOpts *opts, - BlockDriverAmendStatusCB *status_cb, - void *cb_opaque, - bool force, - Error **errp); - void (*bdrv_debug_event)(BlockDriverState *bs, BlkdebugEvent event); /* TODO Better pass a option string/QDict/QemuOpts to add any rule? */ diff --git a/qapi/block-core.json b/qapi/block-core.json index e6edd641f1..7900914506 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -4650,6 +4650,32 @@ 'data': { 'job-id': 'str', 'options': 'BlockdevCreateOptions' } } +## +# @x-blockdev-amend: +# +# Starts a job to amend format specific options of an existing open block device. +# The job is automatically finalized, but a manual job-dismiss is required. +# +# @job-id: Identifier for the newly created job. +# +# @node-name: Name of the block node to work on +# +# @options: Options (same as for image creation) +# +# @force: Allow unsafe operations, format specific +# For luks that allows erase of the last active keyslot +# (permanent loss of data), +# and replacement of an active keyslot +# (possible loss of data if IO error happens) +# +# Since: 4.2 +## +{ 'command': 'x-blockdev-amend', + 'data': { 'job-id': 'str', + 'node-name': 'str', + 'options': 'BlockdevCreateOptions', + '*force': 'bool' } } + ## # @blockdev-open-tray: # diff --git a/qapi/job.json b/qapi/job.json index a121b615fb..342d29a7aa 100644 --- a/qapi/job.json +++ b/qapi/job.json @@ -19,10 +19,12 @@ # # @create: image creation job type, see "blockdev-create" (since 3.0) # +# @amend: image options amend job type, see "x-blockdev-amend" (since 4.2) +# # Since: 1.7 ## { 'enum': 'JobType', - 'data': ['commit', 'stream', 'mirror', 'backup', 'create'] } + 'data': ['commit', 'stream', 'mirror', 'backup', 'create', 'amend'] } ## # @JobStatus: From patchwork Fri Aug 30 20:56:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 11124543 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 50EEE112C for ; Fri, 30 Aug 2019 21:06:41 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 327E02070B for ; Fri, 30 Aug 2019 21:06:41 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 327E02070B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:41156 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3o6S-0003DO-77 for patchwork-qemu-devel@patchwork.kernel.org; Fri, 30 Aug 2019 17:06:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47660) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3nwv-0003Oz-U9 for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i3nwu-0001d0-H7 for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:49 -0400 Received: from mx1.redhat.com ([209.132.183.28]:52606) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i3nwq-0001Za-Vk; Fri, 30 Aug 2019 16:56:45 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4D00018F3521; Fri, 30 Aug 2019 20:56:44 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 012115D9CA; Fri, 30 Aug 2019 20:56:41 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Date: Fri, 30 Aug 2019 23:56:06 +0300 Message-Id: <20190830205608.18192-9-mlevitsk@redhat.com> In-Reply-To: <20190830205608.18192-1-mlevitsk@redhat.com> References: <20190830205608.18192-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.63]); Fri, 30 Aug 2019 20:56:44 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 08/10] block/crypto: implement blockdev-amend X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , qemu-block@nongnu.org, Markus Armbruster , Max Reitz , Maxim Levitsky , John Snow Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" Signed-off-by: Maxim Levitsky Reviewed-by: Daniel P. Berrangé --- block/crypto.c | 86 +++++++++++++++++++++++++++++++++----------- qapi/block-core.json | 4 +-- 2 files changed, 68 insertions(+), 22 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index dbd95a99ba..9cb668ff0e 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -534,6 +534,17 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) assert(create_options->driver == BLOCKDEV_DRIVER_LUKS); luks_opts = &create_options->u.luks; + if (!luks_opts->has_size) { + error_setg(errp, "'size' is manadatory for image creation"); + return -EINVAL; + } + + if (!luks_opts->has_file) { + error_setg(errp, "'file' is manadatory for image creation"); + return -EINVAL; + } + + bs = bdrv_open_blockdev_ref(luks_opts->file, errp); if (bs == NULL) { return -EIO; @@ -667,6 +678,39 @@ block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp) } +static int +block_crypto_amend_options_generic(BlockDriverState *bs, + QCryptoBlockCreateOptions *amend_options, + bool force, + Error **errp) +{ + BlockCrypto *crypto = bs->opaque; + int ret = -1; + + assert(crypto); + assert(crypto->block); + + /* apply for exclusive write permissions to the underlying file*/ + crypto->updating_keys = true; + ret = bdrv_child_refresh_perms(bs, bs->file, errp); + if (ret) { + goto cleanup; + } + + ret = qcrypto_block_amend_options(crypto->block, + block_crypto_read_func, + block_crypto_write_func, + bs, + amend_options, + force, + errp); +cleanup: + /* release exclusive write permissions to the underlying file*/ + crypto->updating_keys = false; + bdrv_child_refresh_perms(bs, bs->file, errp); + return ret; +} + static int block_crypto_amend_options(BlockDriverState *bs, QemuOpts *opts, @@ -678,44 +722,45 @@ block_crypto_amend_options(BlockDriverState *bs, BlockCrypto *crypto = bs->opaque; QDict *cryptoopts = NULL; QCryptoBlockCreateOptions *amend_options = NULL; - int ret; + int ret= -EINVAL; assert(crypto); assert(crypto->block); - crypto->updating_keys = true; - - ret = bdrv_child_refresh_perms(bs, bs->file, errp); - if (ret) { - goto cleanup; - } - cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL, &block_crypto_create_opts_luks, true); qdict_put_str(cryptoopts, "format", "luks"); amend_options = block_crypto_create_opts_init(cryptoopts, errp); + if (!amend_options) { - ret = -EINVAL; - goto cleanup; + goto out; } - ret = qcrypto_block_amend_options(crypto->block, - block_crypto_read_func, - block_crypto_write_func, - bs, - amend_options, - force, - errp); -cleanup: - crypto->updating_keys = false; - bdrv_child_refresh_perms(bs, bs->file, errp); + ret = block_crypto_amend_options_generic(bs, amend_options, force, errp); +out: qapi_free_QCryptoBlockCreateOptions(amend_options); qobject_unref(cryptoopts); return ret; } +static int +coroutine_fn block_crypto_co_amend(BlockDriverState *bs, + BlockdevCreateOptions *opts, + bool force, + Error **errp) +{ + QCryptoBlockCreateOptions amend_opts; + + amend_opts = (QCryptoBlockCreateOptions) { + .format = Q_CRYPTO_BLOCK_FORMAT_LUKS, + .u.luks = *qapi_BlockdevCreateOptionsLUKS_base(&opts->u.luks), + }; + + return block_crypto_amend_options_generic(bs, &amend_opts, force, errp); +} + static void block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c, @@ -774,6 +819,7 @@ static BlockDriver bdrv_crypto_luks = { .bdrv_get_info = block_crypto_get_info_luks, .bdrv_get_specific_info = block_crypto_get_specific_info_luks, .bdrv_amend_options = block_crypto_amend_options, + .bdrv_co_amend = block_crypto_co_amend, .strong_runtime_opts = block_crypto_strong_runtime_opts, }; diff --git a/qapi/block-core.json b/qapi/block-core.json index 7900914506..02375fb59a 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -4220,8 +4220,8 @@ ## { 'struct': 'BlockdevCreateOptionsLUKS', 'base': 'QCryptoBlockCreateOptionsLUKS', - 'data': { 'file': 'BlockdevRef', - 'size': 'size', + 'data': { '*file': 'BlockdevRef', + '*size': 'size', '*preallocation': 'PreallocMode' } } ## From patchwork Fri Aug 30 20:56:07 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 11124555 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6E53C112C for ; Fri, 30 Aug 2019 21:08:40 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4EF0C23439 for ; Fri, 30 Aug 2019 21:08:40 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4EF0C23439 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:41170 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3o8N-0004rD-G6 for patchwork-qemu-devel@patchwork.kernel.org; Fri, 30 Aug 2019 17:08:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47702) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3nwz-0003RW-Bz for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i3nww-0001fR-AG for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:56:51 -0400 Received: from mx1.redhat.com ([209.132.183.28]:43900) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i3nwt-0001bp-MJ; Fri, 30 Aug 2019 16:56:47 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 029CD317528A; Fri, 30 Aug 2019 20:56:47 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id AAEA55D9CA; Fri, 30 Aug 2019 20:56:44 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Date: Fri, 30 Aug 2019 23:56:07 +0300 Message-Id: <20190830205608.18192-10-mlevitsk@redhat.com> In-Reply-To: <20190830205608.18192-1-mlevitsk@redhat.com> References: <20190830205608.18192-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.49]); Fri, 30 Aug 2019 20:56:47 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 09/10] block/qcow2: implement blockdev-amend X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , qemu-block@nongnu.org, Markus Armbruster , Max Reitz , Maxim Levitsky , John Snow Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" Currently only for changing crypto parameters Signed-off-by: Maxim Levitsky --- block/qcow2.c | 71 ++++++++++++++++++++++++++++++++++++++++++++ qapi/block-core.json | 4 +-- 2 files changed, 73 insertions(+), 2 deletions(-) diff --git a/block/qcow2.c b/block/qcow2.c index 8dff4c6b5f..327d2afd9f 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -3082,6 +3082,18 @@ qcow2_co_create(BlockdevCreateOptions *create_options, Error **errp) assert(create_options->driver == BLOCKDEV_DRIVER_QCOW2); qcow2_opts = &create_options->u.qcow2; + if (!qcow2_opts->has_size) { + error_setg(errp, "Size is manadatory for image creation"); + return -EINVAL; + + } + + if (!qcow2_opts->has_file) { + error_setg(errp, "'file' is manadatory for image creation"); + return -EINVAL; + + } + bs = bdrv_open_blockdev_ref(qcow2_opts->file, errp); if (bs == NULL) { return -EIO; @@ -5112,6 +5124,64 @@ static int qcow2_amend_options(BlockDriverState *bs, QemuOpts *opts, return 0; } + +static int coroutine_fn qcow2_co_amend(BlockDriverState *bs, + BlockdevCreateOptions *opts, + bool force, + Error **errp) +{ + BlockdevCreateOptionsQcow2 *qopts = &opts->u.qcow2; + BDRVQcow2State *s = bs->opaque; + int ret; + + /* + * This is ugly as hell, in later versions of this patch + * something has to be done about this + */ + if (qopts->has_file || qopts->has_size || qopts->has_data_file || + qopts->has_data_file_raw || qopts->has_version || + qopts->has_backing_file || qopts->has_backing_fmt || + qopts->has_cluster_size || qopts->has_preallocation || + qopts->has_lazy_refcounts || qopts->has_refcount_bits) { + + error_setg(errp, + "Only LUKS encryption options can be amended for qcow2 with blockdev-amend"); + return -EOPNOTSUPP; + + } + + if (qopts->has_encrypt) { + if (!s->crypto) { + error_setg(errp, "QCOW2 image is not encrypted, can't amend"); + return -EOPNOTSUPP; + } + + if (qopts->encrypt->format != Q_CRYPTO_BLOCK_FORMAT_LUKS) { + error_setg(errp, + "Amend can't be used to change the qcow2 encryption format"); + return -EOPNOTSUPP; + } + + if (s->crypt_method_header != QCOW_CRYPT_LUKS) { + error_setg(errp, + "Only LUKS encryption options can be amended for qcow2 with blockdev-amend"); + return -EOPNOTSUPP; + } + + ret = qcrypto_block_amend_options(s->crypto, + qcow2_crypto_hdr_read_func, + qcow2_crypto_hdr_write_func, + bs, + qopts->encrypt, + force, + errp); + if (ret) { + return ret; + } + } + return 0; +} + /* * If offset or size are negative, respectively, they will not be included in * the BLOCK_IMAGE_CORRUPTED event emitted. @@ -5304,6 +5374,7 @@ BlockDriver bdrv_qcow2 = { .mutable_opts = mutable_opts, .bdrv_co_check = qcow2_co_check, .bdrv_amend_options = qcow2_amend_options, + .bdrv_co_amend = qcow2_co_amend, .bdrv_detach_aio_context = qcow2_detach_aio_context, .bdrv_attach_aio_context = qcow2_attach_aio_context, diff --git a/qapi/block-core.json b/qapi/block-core.json index 02375fb59a..ba41744427 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -4312,10 +4312,10 @@ # Since: 2.12 ## { 'struct': 'BlockdevCreateOptionsQcow2', - 'data': { 'file': 'BlockdevRef', + 'data': { '*file': 'BlockdevRef', '*data-file': 'BlockdevRef', '*data-file-raw': 'bool', - 'size': 'size', + '*size': 'size', '*version': 'BlockdevQcow2Version', '*backing-file': 'str', '*backing-fmt': 'BlockdevDriver', From patchwork Fri Aug 30 20:56:08 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 11124559 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 45408112C for ; Fri, 30 Aug 2019 21:08:58 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 16F6D23439 for ; Fri, 30 Aug 2019 21:08:58 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 16F6D23439 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:41176 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3o8f-00057l-AE for patchwork-qemu-devel@patchwork.kernel.org; Fri, 30 Aug 2019 17:08:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47868) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i3nxR-0003W1-29 for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:57:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i3nxH-0001oV-0I for qemu-devel@nongnu.org; Fri, 30 Aug 2019 16:57:16 -0400 Received: from mx1.redhat.com ([209.132.183.28]:45776) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i3nww-0001ek-DI; Fri, 30 Aug 2019 16:56:51 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B1740308218D; Fri, 30 Aug 2019 20:56:49 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 605B55DAAE; Fri, 30 Aug 2019 20:56:47 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Date: Fri, 30 Aug 2019 23:56:08 +0300 Message-Id: <20190830205608.18192-11-mlevitsk@redhat.com> In-Reply-To: <20190830205608.18192-1-mlevitsk@redhat.com> References: <20190830205608.18192-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Fri, 30 Aug 2019 20:56:49 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH 10/10] iotests : add tests for encryption key management X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , qemu-block@nongnu.org, Markus Armbruster , Max Reitz , Maxim Levitsky , John Snow Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" Note that currently I add tests 300-302, which are placeholders to ease the rebase. In final version of these patches I will update these. Signed-off-by: Maxim Levitsky --- tests/qemu-iotests/087.out | 6 +- tests/qemu-iotests/134.out | 2 +- tests/qemu-iotests/158.out | 4 +- tests/qemu-iotests/188.out | 2 +- tests/qemu-iotests/189.out | 4 +- tests/qemu-iotests/198.out | 4 +- tests/qemu-iotests/300 | 202 +++++++++++++++++++++++++ tests/qemu-iotests/300.out | 98 ++++++++++++ tests/qemu-iotests/301 | 90 +++++++++++ tests/qemu-iotests/301.out | 30 ++++ tests/qemu-iotests/302 | 247 +++++++++++++++++++++++++++++++ tests/qemu-iotests/302.out | 18 +++ tests/qemu-iotests/common.filter | 6 +- tests/qemu-iotests/group | 8 + 14 files changed, 708 insertions(+), 13 deletions(-) create mode 100755 tests/qemu-iotests/300 create mode 100644 tests/qemu-iotests/300.out create mode 100755 tests/qemu-iotests/301 create mode 100644 tests/qemu-iotests/301.out create mode 100644 tests/qemu-iotests/302 create mode 100644 tests/qemu-iotests/302.out diff --git a/tests/qemu-iotests/087.out b/tests/qemu-iotests/087.out index 2d92ea847b..b61ba638af 100644 --- a/tests/qemu-iotests/087.out +++ b/tests/qemu-iotests/087.out @@ -34,7 +34,7 @@ QMP_VERSION === Encrypted image QCow === -Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on encrypt.key-secret=sec0 +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on Testing: QMP_VERSION {"return": {}} @@ -46,7 +46,7 @@ QMP_VERSION === Encrypted image LUKS === -Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encrypt.format=luks encrypt.key-secret=sec0 +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 Testing: QMP_VERSION {"return": {}} @@ -58,7 +58,7 @@ QMP_VERSION === Missing driver === -Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on encrypt.key-secret=sec0 +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on Testing: -S QMP_VERSION {"return": {}} diff --git a/tests/qemu-iotests/134.out b/tests/qemu-iotests/134.out index 09d46f6b17..4abc5b5f7d 100644 --- a/tests/qemu-iotests/134.out +++ b/tests/qemu-iotests/134.out @@ -1,5 +1,5 @@ QA output created by 134 -Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on encrypt.key-secret=sec0 +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on == reading whole image == read 134217728/134217728 bytes at offset 0 diff --git a/tests/qemu-iotests/158.out b/tests/qemu-iotests/158.out index 6def216e55..f28a17626b 100644 --- a/tests/qemu-iotests/158.out +++ b/tests/qemu-iotests/158.out @@ -1,6 +1,6 @@ QA output created by 158 == create base == -Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=134217728 encryption=on encrypt.key-secret=sec0 +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=134217728 encryption=on == writing whole image == wrote 134217728/134217728 bytes at offset 0 @@ -10,7 +10,7 @@ wrote 134217728/134217728 bytes at offset 0 read 134217728/134217728 bytes at offset 0 128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) == create overlay == -Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 backing_file=TEST_DIR/t.IMGFMT.base encryption=on encrypt.key-secret=sec0 +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 backing_file=TEST_DIR/t.IMGFMT.base encryption=on == writing part of a cluster == wrote 1024/1024 bytes at offset 0 diff --git a/tests/qemu-iotests/188.out b/tests/qemu-iotests/188.out index c568ef3701..5426861b18 100644 --- a/tests/qemu-iotests/188.out +++ b/tests/qemu-iotests/188.out @@ -1,5 +1,5 @@ QA output created by 188 -Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 encrypt.format=luks encrypt.key-secret=sec0 encrypt.iter-time=10 +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 == reading whole image == read 16777216/16777216 bytes at offset 0 diff --git a/tests/qemu-iotests/189.out b/tests/qemu-iotests/189.out index a0b7c9c24c..bc213cbe14 100644 --- a/tests/qemu-iotests/189.out +++ b/tests/qemu-iotests/189.out @@ -1,6 +1,6 @@ QA output created by 189 == create base == -Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=16777216 encrypt.format=luks encrypt.key-secret=sec0 encrypt.iter-time=10 +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=16777216 == writing whole image == wrote 16777216/16777216 bytes at offset 0 @@ -10,7 +10,7 @@ wrote 16777216/16777216 bytes at offset 0 read 16777216/16777216 bytes at offset 0 16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) == create overlay == -Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 backing_file=TEST_DIR/t.IMGFMT.base encrypt.format=luks encrypt.key-secret=sec1 encrypt.iter-time=10 +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 backing_file=TEST_DIR/t.IMGFMT.base == writing part of a cluster == wrote 1024/1024 bytes at offset 0 diff --git a/tests/qemu-iotests/198.out b/tests/qemu-iotests/198.out index e86b175e39..2eff420795 100644 --- a/tests/qemu-iotests/198.out +++ b/tests/qemu-iotests/198.out @@ -1,12 +1,12 @@ QA output created by 198 == create base == -Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=16777216 encrypt.format=luks encrypt.key-secret=sec0 encrypt.iter-time=10 +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=16777216 == writing whole image base == wrote 16777216/16777216 bytes at offset 0 16 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) == create overlay == -Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 backing_file=TEST_DIR/t.IMGFMT.base encrypt.format=luks encrypt.key-secret=sec1 encrypt.iter-time=10 +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 backing_file=TEST_DIR/t.IMGFMT.base == writing whole image layer == wrote 16777216/16777216 bytes at offset 0 diff --git a/tests/qemu-iotests/300 b/tests/qemu-iotests/300 new file mode 100755 index 0000000000..5b65ef95de --- /dev/null +++ b/tests/qemu-iotests/300 @@ -0,0 +1,202 @@ +#!/usr/bin/env bash +# +# Test encryption key management with luks +# Based on 134 +# +# Copyright (C) 2019 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=mlevitsk@redhat.com + +seq=`basename $0` +echo "QA output created by $seq" + +status=1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt qcow2 luks +_supported_proto file #TODO + +QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT + +if [ "$IMGFMT" = "qcow2" ] ; then + PR="encrypt." + EXTRA_IMG_ARGS="-o encrypt.format=luks" +fi + + +# secrets: you are supposed to see the password as *******, see :-) +S0="--object secret,id=sec0,data=hunter0" +S1="--object secret,id=sec1,data=hunter1" +S2="--object secret,id=sec2,data=hunter2" +S3="--object secret,id=sec3,data=hunter3" +S4="--object secret,id=sec4,data=hunter4" +SECRETS="$S0 $S1 $S2 $S3 $S4" + +# image with given secret +IMGS0="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec0" +IMGS1="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec1" +IMGS2="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec2" +IMGS3="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec3" +IMGS4="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,${PR}key-secret=sec4" + + +echo "== creating a test image ==" +_make_test_img $S4 $EXTRA_IMG_ARGS -o ${PR}key-secret=sec4,${PR}iter-time=10,${PR}slot=4 32M + +echo +echo "== test that key 4 opens the image ==" +$QEMU_IO $S4 -c "read 0 4096" $IMGS4 | _filter_qemu_io | _filter_testdir + +echo +echo "== adding a password to slot 0 ==" +$QEMU_IMG amend $SECRETS $IMGS4 -o ${PR}key-secret=sec0,${PR}iter-time=10 +echo "== adding a password to slot 1 ==" +$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}key-secret=sec1,${PR}iter-time=10 +echo "== adding a password to slot 3 ==" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}key-secret=sec3,${PR}iter-time=10,${PR}slot=3 +echo "== adding a password to slot 2 ==" +$QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}key-secret=sec2,${PR}iter-time=10 + + +echo "== erase slot 4 ==" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=off,${PR}slot=4 | _filter_img_create + + +echo +echo "== all secrets should work ==" +for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do + $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir +done + +echo +echo "== erase slot 0 and try it ==" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=off,${PR}key-secret=sec0 | _filter_img_create +$QEMU_IO $SECRETS -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir + +echo +echo "== erase slot 2 and try it ==" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=off,${PR}slot=2| _filter_img_create +$QEMU_IO $SECRETS -c "read 0 4096" $IMGS2 | _filter_qemu_io | _filter_testdir + + +# at this point slots 1 and 3 should be active + +echo +echo "== filling 4 slots with secret 2 ==" +for i in $(seq 0 3) ; do + $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}key-secret=sec2,${PR}iter-time=10 +done + +echo +echo "== adding secret 0 ==" + $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}key-secret=sec0,${PR}iter-time=10 + +echo +echo "== adding secret 3 (last slot) ==" + $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}key-secret=sec3,${PR}iter-time=10 + +echo +echo "== trying to add another slot (should fail) ==" +$QEMU_IMG amend $SECRETS $IMGS2 -o ${PR}key-secret=sec3,${PR}iter-time=10 + +echo +echo "== all secrets should work again ==" +for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do + $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir +done + +echo +echo "== erase all keys of secret 2==" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=off,${PR}key-secret=sec2 +echo "== erase all keys of secret 1==" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=off,${PR}key-secret=sec1 +echo "== erase all keys of secret 0==" +$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}active=off,${PR}key-secret=sec0 +echo "== erase all keys of secret 3, except a remaining key ==" +$QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}active=off,${PR}key-secret=sec3 + + +echo +echo "== only secret3 should work now ==" +for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do + $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir +done + +echo +echo "== add secret0 ==" +$QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}key-secret=sec0,${PR}iter-time=10 + +echo "== erase secret3 ==" +$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}active=off,${PR}key-secret=sec3 + +echo +echo "== only secret0 should work now ==" +for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do + $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir +done + +echo +echo "== replace secret0 with secret1 (should fail) ==" +$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}key-secret=sec1,${PR}iter-time=10,${PR}slot=0 + +echo +echo "== replace secret0 with secret1 with force (should work) ==" +$QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}key-secret=sec1,${PR}iter-time=10,${PR}slot=0 --force + +echo +echo "== only secret1 should work now ==" +for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do + $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir +done + + +echo +echo "== erase last secret (should fail) ==" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=off,${PR}slot=0 +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=off,${PR}key-secret=sec1 + + +echo "== erase non existing secrets (should fail) ==" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=off,${PR}key-secret=sec5 --force +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=off,${PR}key-secret=sec0 --force +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=off,${PR}slot=1 --force + +echo +echo "== erase last secret with force by slot (should work) ==" +$QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}active=off,${PR}slot=0 --force + +echo +echo "== we have no secrets now, data is lost forever ==" +for IMG in "$IMGS0" "$IMGS1" "$IMGS2" "$IMGS3"; do + $QEMU_IO $SECRETS -c "read 0 4096" $IMG | _filter_qemu_io | _filter_testdir +done + +# success, all done +echo "*** done" +rm -f $seq.full +status=0 + diff --git a/tests/qemu-iotests/300.out b/tests/qemu-iotests/300.out new file mode 100644 index 0000000000..d809595381 --- /dev/null +++ b/tests/qemu-iotests/300.out @@ -0,0 +1,98 @@ +QA output created by 300 +== creating a test image == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=33554432 + +== test that key 4 opens the image == +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +== adding a password to slot 0 == +== adding a password to slot 1 == +== adding a password to slot 3 == +== adding a password to slot 2 == +== erase slot 4 == + +== all secrets should work == +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +== erase slot 0 and try it == +qemu-io: can't open: Invalid password, cannot unlock any keyslot + +== erase slot 2 and try it == +qemu-io: can't open: Invalid password, cannot unlock any keyslot + +== filling 4 slots with secret 2 == + +== adding secret 0 == + +== adding secret 3 (last slot) == + +== trying to add another slot (should fail) == +qemu-img: Can't add a keyslot - all key slots are in use + +== all secrets should work again == +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +== erase all keys of secret 2== +== erase all keys of secret 1== +== erase all keys of secret 0== +== erase all keys of secret 3, except a remaining key == + +== only secret3 should work now == +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +== add secret0 == +== erase secret3 == + +== only secret0 should work now == +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot + +== replace secret0 with secret1 (should fail) == +qemu-img: Can't update an active key slot 0 + +== replace secret0 with secret1 with force (should work) == + +== only secret1 should work now == +qemu-io: can't open: Invalid password, cannot unlock any keyslot +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot + +== erase last secret (should fail) == +qemu-img: Only one slot active - can't erase +qemu-img: Only one slot active - can't erase +== erase non existing secrets (should fail) == +qemu-img: No secret with id 'sec5' +qemu-img: Didn't erase a keyslot, because no keyslots match the given password + +== erase last secret with force by slot (should work) == + +== we have no secrets now, data is lost forever == +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot +qemu-io: can't open: Invalid password, cannot unlock any keyslot +*** done diff --git a/tests/qemu-iotests/301 b/tests/qemu-iotests/301 new file mode 100755 index 0000000000..ba29bf10a0 --- /dev/null +++ b/tests/qemu-iotests/301 @@ -0,0 +1,90 @@ +# +# Copyright (C) 2019 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=mlevitsk@redhat.com + +seq=`basename $0` +echo "QA output created by $seq" + +status=1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt luks +_supported_proto file #TODO + +QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT + +# you are supposed to see the password as *******, see :-) +S0="--object secret,id=sec0,data=hunter0" +S1="--object secret,id=sec1,data=hunter1" +SECRETS="$S0 $S1" + + +IMGS0="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,key-secret=sec0" +IMGS1="--image-opts driver=$IMGFMT,file.filename=$TEST_IMG,key-secret=sec1" + +echo "== creating a test image ==" +_make_test_img $S0 -o "key-secret=sec0,iter-time=10" 32M + +echo +echo "== test that key 0 opens the image ==" +$QEMU_IO $S0 -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir + +echo +echo "== adding a password to slot 1 ==" +$QEMU_IMG amend $SECRETS $IMGS0 -o active=on,key-secret=sec1,slot=1,iter-time=10 + +echo +echo "== 'backup' the image header ==" +dd if=$TEST_IMG_FILE of=${TEST_IMG_FILE}.bk bs=4K skip=0 count=1 + +echo +echo "== erase slot 0 ==" +$QEMU_IMG amend $SECRETS $IMGS1 -o active=off,slot=0 | _filter_img_create + +echo +echo "== test that key 0 doesn't open the image ==" +$QEMU_IO $S0 -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir + +echo +echo "== 'restore' the image header ==" +dd if=${TEST_IMG_FILE}.bk of=${TEST_IMG_FILE} bs=4K skip=0 count=1 conv=notrunc + +echo +echo "== test that key 0 still doesn't open the image (key material is erased) ==" +$QEMU_IO $SECRETS -c "read 0 4096" $IMGS0 | _filter_qemu_io | _filter_testdir + +echo +echo "== test that key 1 still works ==" +$QEMU_IO $SECRETS -c "read 0 4096" $IMGS1 | _filter_qemu_io | _filter_testdir + +echo "*** done" +rm -f $seq.full +status=0 + + +exit 0 diff --git a/tests/qemu-iotests/301.out b/tests/qemu-iotests/301.out new file mode 100644 index 0000000000..e653c30330 --- /dev/null +++ b/tests/qemu-iotests/301.out @@ -0,0 +1,30 @@ +QA output created by 301 +== creating a test image == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=33554432 + +== test that key 0 opens the image == +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +== adding a password to slot 1 == + +== 'backup' the image header == +1+0 records in +1+0 records out + +== erase slot 0 == + +== test that key 0 doesn't open the image == +qemu-io: can't open: Invalid password, cannot unlock any keyslot + +== 'restore' the image header == +1+0 records in +1+0 records out + +== test that key 0 still doesn't open the image (key material is erased) == +qemu-io: can't open: Invalid password, cannot unlock any keyslot + +== test that key 1 still works == +read 4096/4096 bytes at offset 0 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +*** done diff --git a/tests/qemu-iotests/302 b/tests/qemu-iotests/302 new file mode 100644 index 0000000000..ef33d6fff5 --- /dev/null +++ b/tests/qemu-iotests/302 @@ -0,0 +1,247 @@ +#!/usr/bin/env python +# +# Test case QMP's encrypted key management +# +# Copyright (C) 2019 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import iotests +import os +import time + +test_img = os.path.join(iotests.test_dir, 'test.img') + +class Secret: + def __init__(self, index): + self._id = "keysec" + str(index) + # you are not supposed to see the password... + self._secret = "hunter" + str(index) + + def id(self): + return self._id + + def secret(self): + return self._secret + + def to_cmdline_object(self): + return [ "secret,id=" + self._id + ",data=" + self._secret] + + def to_qmp_object(self): + return { "qom_type" : "secret", "id": self.id(), + "props": { "data": self.secret() } } + +################################################################################ + +class EncryptionSetupTestCase(iotests.QMPTestCase): + + # test case startup + def setUp(self): + # start the VM + self.vm = iotests.VM() + self.vm.launch() + + # create the secrets and load 'em into the VM + self.secrets = [ Secret(i) for i in range(0, 4) ] + for secret in self.secrets: + result = self.vm.qmp("object-add", **secret.to_qmp_object()) + self.assert_qmp(result, 'return', {}) + + if iotests.imgfmt == "qcow2": + self.pfx="encrypt." + self.img_opts = [ '-o', "encrypt.format=luks" ] + else: + self.pfx="" + self.img_opts = [] + + + # test case shutdown + def tearDown(self): + # stop the VM + self.vm.shutdown() + + ########################################################################### + # create the encrypted block device + def createImg(self, file, secret): + + iotests.qemu_img( + 'create', + '--object', *secret.to_cmdline_object(), + '-f', iotests.imgfmt, + '-o', self.pfx+'key-secret=' + secret.id(), + '-o', self.pfx+'iter-time=10', + *self.img_opts, + file, + '1M') + + ########################################################################### + # open an encrypted block device + def openLUKS(self, id, file, secret): + if iotests.imgfmt == "qcow2": + encrypt_options = { + 'encrypt': { + 'format':'luks', + 'key-secret' : secret.id()} + } + else: + encrypt_options = { + 'key-secret' : secret.id() + } + + result = self.vm.qmp('blockdev-add', ** + { + 'driver': iotests.imgfmt, + 'node-name': id, + + **encrypt_options, + + 'file': { + 'driver': 'file', + 'filename': test_img, + } + } + ) + self.assert_qmp(result, 'return', {}) + + # close the encrypted block device + def closeLUKS(self, id): + result = self.vm.qmp('blockdev-del', **{ 'node-name': id }) + self.assert_qmp(result, 'return', {}) + + ########################################################################### + + # add a key to an encrypted block device + def addKey(self, id, secret, unlock_secret = None, slot = None, force = False): + + crypt_options = { + 'active': True, + 'key-secret' : secret.id(), + 'iter-time' : 10 + } + + if slot != None: + crypt_options['slot'] = slot + if unlock_secret != None: + crypt_options['unlock-secret'] = unlock_secret.id() + + if iotests.imgfmt == "qcow2": + crypt_options['format'] = 'luks' + crypt_options = { + 'encrypt': crypt_options + } + + args = { + 'node-name': id, + 'job-id' : 'job0', + 'options' : { + 'driver' : iotests.imgfmt, + **crypt_options + }, + } + + if force == True: + args['force'] = True + + #TODO: check what jobs return + result = self.vm.qmp('x-blockdev-amend', **args) + assert result['return'] == {} + self.vm.run_job('job0') + + # erase a key from an encrypted block device + def eraseKey(self, id, secret = None, slot = None, force = False): + + crypt_options = { + 'active': False, + 'iter-time' : 10 + } + + if slot != None: + crypt_options['slot'] = slot + if secret != None: + crypt_options['key-secret'] = secret.id() + + if iotests.imgfmt == "qcow2": + crypt_options['format'] = 'luks' + crypt_options = { + 'encrypt': crypt_options + } + + args = { + 'node-name': id, + 'job-id' : 'job1', + 'options' : { + 'driver' : iotests.imgfmt, + **crypt_options + }, + } + + if force == True: + args['force'] = True + + result = self.vm.qmp('x-blockdev-amend', **args) + assert result['return'] == {} + self.vm.run_job('job1') + + ########################################################################### + # create image, and change its key + def testChangeKey(self): + + # create the image with secret0 and open it + self.createImg(test_img, self.secrets[0]); + self.openLUKS("testdev", test_img, self.secrets[0]) + + # add key to slot 1 + self.addKey("testdev", secret=self.secrets[1]) + + + # erase key from slot 0 + self.eraseKey("testdev", secret=self.secrets[0]) + + #reopen the image with secret1 + self.closeLUKS("testdev") + self.openLUKS("testdev", test_img, self.secrets[1]) + + # close and erase the image for good + self.closeLUKS("testdev") + os.remove(test_img) + + # test that if we erase the old password, + # we can still change the encryption keys using 'old-secret' + def testOldPassword(self): + + # create the image with secret0 and open it + self.createImg(test_img, self.secrets[0]); + self.openLUKS("testdev", test_img, self.secrets[0]) + + # add key to slot 1 + self.addKey("testdev", secret=self.secrets[1]) + + # erase key from slot 0 + self.eraseKey("testdev", secret=self.secrets[0]) + + # this will fail as the old password is no longer valid + self.addKey("testdev", secret=self.secrets[2]) + + # this will work + self.addKey("testdev", secret=self.secrets[2], unlock_secret=self.secrets[1]) + + # close and erase the image for good + self.closeLUKS("testdev") + os.remove(test_img) + + +if __name__ == '__main__': + # Encrypted formats support + iotests.main(iotests.main(supported_fmts=['qcow2','luks'])) diff --git a/tests/qemu-iotests/302.out b/tests/qemu-iotests/302.out new file mode 100644 index 0000000000..78bfc0864c --- /dev/null +++ b/tests/qemu-iotests/302.out @@ -0,0 +1,18 @@ +.. +---------------------------------------------------------------------- +Ran 2 tests + +OK +{"execute": "job-dismiss", "arguments": {"id": "job0"}} +{"return": {}} +{"execute": "job-dismiss", "arguments": {"id": "job1"}} +{"return": {}} +{"execute": "job-dismiss", "arguments": {"id": "job0"}} +{"return": {}} +{"execute": "job-dismiss", "arguments": {"id": "job1"}} +{"return": {}} +Job failed: Invalid password, cannot unlock any keyslot +{"execute": "job-dismiss", "arguments": {"id": "job0"}} +{"return": {}} +{"execute": "job-dismiss", "arguments": {"id": "job0"}} +{"return": {}} diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.filter index 8e9235d6fe..a93808cac2 100644 --- a/tests/qemu-iotests/common.filter +++ b/tests/qemu-iotests/common.filter @@ -138,8 +138,10 @@ _filter_img_create() -e "s# block_state_zero=\\(on\\|off\\)##g" \ -e "s# log_size=[0-9]\\+##g" \ -e "s# refcount_bits=[0-9]\\+##g" \ - -e "s# key-secret=[a-zA-Z0-9]\\+##g" \ - -e "s# iter-time=[0-9]\\+##g" \ + -e "s# \\(encrypt\\.\\)\\?key-secret=[a-zA-Z0-9]\\+##g" \ + -e "s# \\(encrypt\\.\\)\\?slot=[0-9]\\+##g" \ + -e "s# \\(encrypt\\.\\)\\?iter-time=[0-9]\\+##g" \ + -e "s# encrypt\\.format=[a-zA-Z0-9]\\+##g" \ -e "s# force_size=\\(on\\|off\\)##g" } diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index d95d556414..cc2c824b7d 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -274,3 +274,11 @@ 257 rw 258 rw quick 262 rw quick migration + + + + + +300 rw auto +301 rw auto quick +302 rw auto