diff options
author | Daniel P. Berrange <berrange@redhat.com> | 2016-07-22 13:53:34 +0100 |
---|---|---|
committer | Max Reitz <mreitz@redhat.com> | 2016-07-26 17:46:37 +0200 |
commit | 40c85028228d07c878cb58fc31222fb4d163a89f (patch) | |
tree | e06d68d1478a5d956e6fea4337de995665c1b21f /crypto | |
parent | 54a16a63d021b2e28f08082abb20b9431d3c97d3 (diff) | |
download | qemu-40c85028228d07c878cb58fc31222fb4d163a89f.zip qemu-40c85028228d07c878cb58fc31222fb4d163a89f.tar.gz qemu-40c85028228d07c878cb58fc31222fb4d163a89f.tar.bz2 |
crypto: add support for querying parameters for block encryption
When creating new block encryption volumes, we accept a list of
parameters to control the formatting process. It is useful to
be able to query what those parameters were for existing block
devices. Add a qcrypto_block_get_info() method which returns a
QCryptoBlockInfo instance to report this data.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1469192015-16487-2-git-send-email-berrange@redhat.com
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/block-luks.c | 67 | ||||
-rw-r--r-- | crypto/block.c | 17 | ||||
-rw-r--r-- | crypto/blockpriv.h | 4 |
3 files changed, 88 insertions, 0 deletions
diff --git a/crypto/block-luks.c b/crypto/block-luks.c index fcf3b04..aba4455 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -201,6 +201,15 @@ QEMU_BUILD_BUG_ON(sizeof(struct QCryptoBlockLUKSHeader) != 592); struct QCryptoBlockLUKS { QCryptoBlockLUKSHeader header; + + /* Cache parsed versions of what's in header fields, + * as we can't rely on QCryptoBlock.cipher being + * non-NULL */ + QCryptoCipherAlgorithm cipher_alg; + QCryptoCipherMode cipher_mode; + QCryptoIVGenAlgorithm ivgen_alg; + QCryptoHashAlgorithm ivgen_hash_alg; + QCryptoHashAlgorithm hash_alg; }; @@ -847,6 +856,12 @@ qcrypto_block_luks_open(QCryptoBlock *block, block->payload_offset = luks->header.payload_offset * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE; + luks->cipher_alg = cipheralg; + luks->cipher_mode = ciphermode; + luks->ivgen_alg = ivalg; + luks->ivgen_hash_alg = ivhash; + luks->hash_alg = hash; + g_free(masterkey); g_free(password); @@ -1271,6 +1286,12 @@ qcrypto_block_luks_create(QCryptoBlock *block, goto error; } + luks->cipher_alg = luks_opts.cipher_alg; + luks->cipher_mode = luks_opts.cipher_mode; + luks->ivgen_alg = luks_opts.ivgen_alg; + luks->ivgen_hash_alg = luks_opts.ivgen_hash_alg; + luks->hash_alg = luks_opts.hash_alg; + memset(masterkey, 0, luks->header.key_bytes); g_free(masterkey); memset(slotkey, 0, luks->header.key_bytes); @@ -1305,6 +1326,51 @@ qcrypto_block_luks_create(QCryptoBlock *block, } +static int qcrypto_block_luks_get_info(QCryptoBlock *block, + QCryptoBlockInfo *info, + Error **errp) +{ + QCryptoBlockLUKS *luks = block->opaque; + QCryptoBlockInfoLUKSSlot *slot; + QCryptoBlockInfoLUKSSlotList *slots = NULL, **prev = &info->u.luks.slots; + size_t i; + + info->u.luks.cipher_alg = luks->cipher_alg; + info->u.luks.cipher_mode = luks->cipher_mode; + info->u.luks.ivgen_alg = luks->ivgen_alg; + if (info->u.luks.ivgen_alg == QCRYPTO_IVGEN_ALG_ESSIV) { + info->u.luks.has_ivgen_hash_alg = true; + info->u.luks.ivgen_hash_alg = luks->ivgen_hash_alg; + } + info->u.luks.hash_alg = luks->hash_alg; + info->u.luks.payload_offset = block->payload_offset; + info->u.luks.master_key_iters = luks->header.master_key_iterations; + info->u.luks.uuid = g_strndup((const char *)luks->header.uuid, + sizeof(luks->header.uuid)); + + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { + slots = g_new0(QCryptoBlockInfoLUKSSlotList, 1); + *prev = slots; + + slots->value = slot = g_new0(QCryptoBlockInfoLUKSSlot, 1); + slot->active = luks->header.key_slots[i].active == + QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED; + slot->key_offset = luks->header.key_slots[i].key_offset + * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE; + if (slot->active) { + slot->has_iters = true; + slot->iters = luks->header.key_slots[i].iterations; + slot->has_stripes = true; + slot->stripes = luks->header.key_slots[i].stripes; + } + + prev = &slots->next; + } + + return 0; +} + + static void qcrypto_block_luks_cleanup(QCryptoBlock *block) { g_free(block->opaque); @@ -1342,6 +1408,7 @@ qcrypto_block_luks_encrypt(QCryptoBlock *block, const QCryptoBlockDriver qcrypto_block_driver_luks = { .open = qcrypto_block_luks_open, .create = qcrypto_block_luks_create, + .get_info = qcrypto_block_luks_get_info, .cleanup = qcrypto_block_luks_cleanup, .decrypt = qcrypto_block_luks_decrypt, .encrypt = qcrypto_block_luks_encrypt, diff --git a/crypto/block.c b/crypto/block.c index da60eba..be823ee 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -105,6 +105,23 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, } +QCryptoBlockInfo *qcrypto_block_get_info(QCryptoBlock *block, + Error **errp) +{ + QCryptoBlockInfo *info = g_new0(QCryptoBlockInfo, 1); + + info->format = block->format; + + if (block->driver->get_info && + block->driver->get_info(block, info, errp) < 0) { + g_free(info); + return NULL; + } + + return info; +} + + int qcrypto_block_decrypt(QCryptoBlock *block, uint64_t startsector, uint8_t *buf, diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 15b547d..68f0f06 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -53,6 +53,10 @@ struct QCryptoBlockDriver { void *opaque, Error **errp); + int (*get_info)(QCryptoBlock *block, + QCryptoBlockInfo *info, + Error **errp); + void (*cleanup)(QCryptoBlock *block); int (*encrypt)(QCryptoBlock *block, |