From patchwork Mon Dec 25 05:26:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 1880034 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=smartx-com.20230601.gappssmtp.com header.i=@smartx-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=Bs7SehCn; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz61q6TMfz20RL for ; Mon, 25 Dec 2023 16:30:37 +1100 (AEDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdWq-000515-Bz; Mon, 25 Dec 2023 00:29:28 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdWo-00050S-3v for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:26 -0500 Received: from mail-oi1-x22b.google.com ([2607:f8b0:4864:20::22b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdWm-0007HU-NS for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:25 -0500 Received: by mail-oi1-x22b.google.com with SMTP id 5614622812f47-3ba52d0f9feso2842025b6e.0 for ; Sun, 24 Dec 2023 21:27:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703482043; x=1704086843; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=R3WxEzglk8uoFov+TGXHb/niKmhlgSt8io2ZCxKmYxI=; b=Bs7SehCnxRBeV2tRxh+Z5xMDTfEki0yR+qEG5KyDNm2NVYKFS0KZKVePFgYJRp87yb EEa8URHjXpW2WgcVKR1LVU0boie/TH5VsK4vqtLUJiQGjXQ1bt+qZp2HXP4XHT4N0vmi 3Hn3+RLPrkTIIiYBGVDvFQkkwPMxDG3sjpKUY6nKAnP8Vs83AKFZb6QJjaWPEhsC2VrQ kcIEa1FuxymUPaBhWI/TqjirPLD/jK5IyfAqxHoSWPOQqeZcMrwaLF0mkKUavhQgIQbW byZVr4MEd+nQ5P/0SFoZJ1lOLeYPkRHkCbwdnAy6P9YTCkaWzS2VgrQ3V7pGmXFpoAzX phcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703482043; x=1704086843; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R3WxEzglk8uoFov+TGXHb/niKmhlgSt8io2ZCxKmYxI=; b=phoxsuxyDe8WMqijVY9AnnJTdKPTaFTFWGHRe+YN3Xxd9bF2q30WC5lWn/1kLpHQlz jSwlpzggie5IFEY+zUGJIkfCe68TkdNG7smCAONdvKwVWfp6jySJL89BdbWCAG8Zewn7 KPAoqPgUUlNe0LsUGdKZ7w9AKCj6Lg+hC/+T4yUGKU5WGj/5Y5+IHMvwcEBPvLhA44uF kTl0CxDpAxN8BCqtf01DVZvXWUW1BuUhIlCuM3Fa82nPD6Ica3G2nd+TbSoCb9ds7MWS ZfvhkPO1d+ULQbqEJ0yg+j74wEdECrz/mZ4wPgPEDYZU/99gAXX28QwkM/v3rdyj9YY0 Ua2g== X-Gm-Message-State: AOJu0Yz/mu5zs569GJw2kDqgWLGnORrwyoFi1z88FzxYSp7owaptuoB9 oiznzdIbcFn96OrI46fRKtAVRLFxEOhexYVDX1zlA0EGc4nGAg== X-Google-Smtp-Source: AGHT+IGObvQGA/FjvNuLDp8F9M+flWpqSWsYErTJcf2NXrBbZ10T2NGAFz6890VrWB6rMQ+iZ2opmQ== X-Received: by 2002:a05:6808:1493:b0:3bb:9636:1c04 with SMTP id e19-20020a056808149300b003bb96361c04mr4303647oiw.22.1703482042531; Sun, 24 Dec 2023 21:27:22 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id f7-20020aa79d87000000b006d991505b4csm4555800pfq.76.2023.12.24.21.27.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:27:22 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [v3 01/10] crypto: Introduce option and structure for detached LUKS header Date: Mon, 25 Dec 2023 13:26:51 +0800 Message-Id: X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::22b; envelope-from=yong.huang@smartx.com; helo=mail-oi1-x22b.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Add the "header" option for the LUKS format. This field would be used to identify the blockdev's position where a detachable LUKS header is stored. In addition, introduce header field in struct BlockCrypto Signed-off-by: Hyman Huang Reviewed-by: Daniel P. Berrangé Message-Id: <5b99f60c7317092a563d7ca3fb4b414197015eb2.1701879996.git.yong.huang@smartx.com> --- block/crypto.c | 1 + qapi/block-core.json | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/block/crypto.c b/block/crypto.c index 921933a5e5..f82b13d32b 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -39,6 +39,7 @@ typedef struct BlockCrypto BlockCrypto; struct BlockCrypto { QCryptoBlock *block; bool updating_keys; + BdrvChild *header; /* Reference to the detached LUKS header */ }; diff --git a/qapi/block-core.json b/qapi/block-core.json index ca390c5700..10be08d08f 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -3352,11 +3352,15 @@ # decryption key (since 2.6). Mandatory except when doing a # metadata-only probe of the image. # +# @header: optional reference to the location of a blockdev +# storing a detached LUKS header. (since 9.0) +# # Since: 2.9 ## { 'struct': 'BlockdevOptionsLUKS', 'base': 'BlockdevOptionsGenericFormat', - 'data': { '*key-secret': 'str' } } + 'data': { '*key-secret': 'str', + '*header': 'BlockdevRef'} } ## # @BlockdevOptionsGenericCOWFormat: From patchwork Mon Dec 25 05:26:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 1880038 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=smartx-com.20230601.gappssmtp.com header.i=@smartx-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=m9XEnKZx; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz62F0vYyz23dC for ; Mon, 25 Dec 2023 16:31:00 +1100 (AEDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdWu-00051O-28; Mon, 25 Dec 2023 00:29:32 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdWs-000519-In for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:30 -0500 Received: from mail-ot1-x331.google.com ([2607:f8b0:4864:20::331]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdWq-0007Hh-W6 for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:30 -0500 Received: by mail-ot1-x331.google.com with SMTP id 46e09a7af769-6dbde06ae70so167711a34.1 for ; Sun, 24 Dec 2023 21:27:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703482047; x=1704086847; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=a9e2pyacaPTFtXd3fyhslqs/g1BZY38PqvyuZ6SQ0GM=; b=m9XEnKZxbjQVcQmFc/I/yVsr14IGuxw3KIFDvZVo0yld80sdmSfd4ubTQBkn9tHYdJ WCERZkfNKDW9LDSZbJVFyogf6V1AdlEg67gceNMzTT3gZi16p0huXElDJmFYt/3BtRXY 3KEI9JaSMA1vpTq7jf73UhB71npRqtjuo6Vcnsy5DVIQEpRNbwW20S0veq6qYPhb1h54 aeV3Jd7Smh6turKJ43SqihS6Z6te/fCY4e1Qktxm7Ern/ppjEwsQmV1VBpnQhztNlAo3 fFt5M3y0S+hseRFhONfDYQgwMUsDbeZ3gZZkjNC8LAdBLMg3TUbf8z2CCzF7CNGH9cew 9fpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703482047; x=1704086847; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=a9e2pyacaPTFtXd3fyhslqs/g1BZY38PqvyuZ6SQ0GM=; b=ZOz6RmCUGNuo0/xrFdRSbkzjcHVMvYNJRToI2d8+DRTwXfegrk1X94R73okuT+AD2a X0asmbT54KZSocXtZucHISRYQixA0zm5vUQYjuEKiZRE/8gm7qxnOq42FMqmn7p8+liE wg1EUTU5Zen/MHiei7FrUa9PmarmPi2AWa5jpM7BVEvkLXMkaYszMuZzMpzOvsGAKhPM owkcKpHpODyH2mkIUAHo6urK0I/eAyVgyLof6CFqLLIcqyiRxNjHkc0oB8hG2kkrxtCf soBRe4J8Ff9t461KdBvIXwpf0Ztq+YAyTlX/1CCoYY10oY3JYaXSM4fnjNYWaKxXNYFH n31w== X-Gm-Message-State: AOJu0YwWQ7WpVzequg6/HoIG5k4KIic3mb3k3j5FUrmfDafi6Ed42ddU +9Bera9Juz/GElYTZZiVuj8SM3kYMLN1ZccXe4SNBS/R0a36MQ== X-Google-Smtp-Source: AGHT+IF8C0aj6X5pWfu2ElLRfMh3oxephGI/WjzQACieJKVQSKwRvgRZujoRGO8omWvEHVR9E9kJVw== X-Received: by 2002:a05:6830:615:b0:6db:f26a:9734 with SMTP id w21-20020a056830061500b006dbf26a9734mr15222oti.46.1703482046428; Sun, 24 Dec 2023 21:27:26 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id f7-20020aa79d87000000b006d991505b4csm4555800pfq.76.2023.12.24.21.27.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:27:26 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [v3 02/10] crypto: Support generic LUKS encryption Date: Mon, 25 Dec 2023 13:26:52 +0800 Message-Id: X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::331; envelope-from=yong.huang@smartx.com; helo=mail-ot1-x331.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org By enhancing the LUKS driver, it is possible to enable the detachable LUKS header and, as a result, achieve general encryption for any disk format that QEMU has supported. Take the qcow2 as an example, the usage of the generic LUKS encryption as follows: 1. add a protocol blockdev node of data disk $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments":{"node-name":"libvirt-1-storage", "driver":"file", > "filename":"/path/to/test_disk.qcow2"}}' 2. add a protocol blockdev node of LUKS header as above. $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments":{"node-name":"libvirt-2-storage", "driver":"file", > "filename": "/path/to/cipher.gluks" }}' 3. add the secret for decrypting the cipher stored in LUKS header above $ virsh qemu-monitor-command vm '{"execute":"object-add", > "arguments":{"qom-type":"secret", "id": > "libvirt-2-storage-secret0", "data":"abc123"}}' 4. add the qcow2-drived blockdev format node $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments":{"node-name":"libvirt-1-format", "driver":"qcow2", > "file":"libvirt-1-storage"}}' 5. add the luks-drived blockdev to link the qcow2 disk with LUKS header by specifying the field "header" $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments":{"node-name":"libvirt-2-format", "driver":"luks", > "file":"libvirt-1-format", "header":"libvirt-2-storage", > "key-secret":"libvirt-2-format-secret0"}}' 6. add the virtio-blk device finally $ virsh qemu-monitor-command vm '{"execute":"device_add", > "arguments": {"num-queues":"1", "driver":"virtio-blk-pci", > "drive": "libvirt-2-format", "id":"virtio-disk2"}}' The generic LUKS encryption method of starting a virtual machine (VM) is somewhat similar to hot-plug in that both maintaining the same json command while the starting VM changes the "blockdev-add/device_add" parameters to "blockdev/device". Signed-off-by: Hyman Huang Message-Id: <910801f303da1601051479d3b7e5c2c6b4e01eb7.1701879996.git.yong.huang@smartx.com> --- block/crypto.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/block/crypto.c b/block/crypto.c index f82b13d32b..6063879bac 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -64,12 +64,14 @@ static int block_crypto_read_func(QCryptoBlock *block, Error **errp) { BlockDriverState *bs = opaque; + BlockCrypto *crypto = bs->opaque; ssize_t ret; GLOBAL_STATE_CODE(); GRAPH_RDLOCK_GUARD_MAINLOOP(); - ret = bdrv_pread(bs->file, offset, buflen, buf, 0); + ret = bdrv_pread(crypto->header ? crypto->header : bs->file, + offset, buflen, buf, 0); if (ret < 0) { error_setg_errno(errp, -ret, "Could not read encryption header"); return ret; @@ -269,6 +271,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat format, QCryptoBlockOpenOptions *open_opts = NULL; unsigned int cflags = 0; QDict *cryptoopts = NULL; + const char *hdr_bdref = qdict_get_try_str(options, "header"); GLOBAL_STATE_CODE(); @@ -277,6 +280,15 @@ static int block_crypto_open_generic(QCryptoBlockFormat format, return ret; } + if (hdr_bdref) { + crypto->header = bdrv_open_child(NULL, options, "header", bs, + &child_of_bds, BDRV_CHILD_METADATA, + false, errp); + if (!crypto->header) { + return -EINVAL; + } + } + GRAPH_RDLOCK_GUARD_MAINLOOP(); bs->supported_write_flags = BDRV_REQ_FUA & From patchwork Mon Dec 25 05:26:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 1880039 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=smartx-com.20230601.gappssmtp.com header.i=@smartx-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=HrP3ywen; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz62K1vDFz20RL for ; Mon, 25 Dec 2023 16:31:05 +1100 (AEDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdWw-000526-JJ; Mon, 25 Dec 2023 00:29:34 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdWv-00051h-I1 for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:33 -0500 Received: from mail-ot1-x32c.google.com ([2607:f8b0:4864:20::32c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdWu-0007Hr-2g for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:33 -0500 Received: by mail-ot1-x32c.google.com with SMTP id 46e09a7af769-6dbbef36fe0so1939064a34.2 for ; Sun, 24 Dec 2023 21:27:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703482050; x=1704086850; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=AdL9uW9EvZjhGBTaXUAVF2PzM+GCkP3v2dbTBdBWS6M=; b=HrP3ywen1hcVnhJ4VqhHAHGfvRJmjCi/o5J4U8rzDspk4xc69JPXgm9dCmU29mTMwX w6FrguwPplYXd5S2ZOhaRuGe9up9toGlq2l+BHqRTtAMic82kaRR1EnR3iklV2wdWZIN AApDJa6wCrE8p8QJI8MMQoSJldvSXvb0iJPz83VIhcmRcZqoFzTwDs5MlUnbK3iFi7oY 6QDSuVdHSjbI7iaJl9EfJd8/N1TG/i2WVE1X7ivUsThuxI5shypao291qHTdYtRiJ01i mL8Y9AYHLjXIE0cEzhP9KLeD5bW3g7ghhb9hmnrdeor0k6Idn099cvlt2WR/snoGvgTL h+MQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703482050; x=1704086850; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AdL9uW9EvZjhGBTaXUAVF2PzM+GCkP3v2dbTBdBWS6M=; b=mq0R6+6kCh7DQEDcM+b+1R04HqmSxf6XBXsk+zGPt6frvLNDEbyhq4bR6u8RkTl+1l SDRHPl4Lh4NKD2u7elIh+9c/TMu0lQTx7qPoxXVneXAyCYYPJ3oNCZ4Bl37Z3+TYxp0t HNnq7LtH76QmBNB46uuT+W/hCoIvDhUiY09akHzZhqou3eW2roKo62RSH/AYk0ii/dGD 5i05XnCpskdvM8wvJHMHq382wC6CV+O6iYLVb4KQUjsFsUeO/Jz2QRXM7BzdZhLQXYqL fHDJG+nKSBOSM/QuN/Xc6mXc1nhaR2ZBE4FeCabeSGr9UajsZQEYacJ6AtUrlqz8hPUX 6Kgg== X-Gm-Message-State: AOJu0Yw5S/K+kt8RYBTHAZ8vqEe0RYICc2lrNFbUxja9AGhYkvuhnQET /RjrQrOc1zOR6tFZTGlLAMibLpzBFq8L/9ygJPeY67P3sD79mw== X-Google-Smtp-Source: AGHT+IGWceJBTn9b+2C4Qcv6L783T9lDBBSJ3YpX/1c2H5jHCtxEMG24PSY2ksplNpFaVI5SzoKUjw== X-Received: by 2002:a9d:62d9:0:b0:6da:2edf:30de with SMTP id z25-20020a9d62d9000000b006da2edf30demr3670315otk.40.1703482050372; Sun, 24 Dec 2023 21:27:30 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id f7-20020aa79d87000000b006d991505b4csm4555800pfq.76.2023.12.24.21.27.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:27:29 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [v3 03/10] qapi: Make parameter 'file' optional for BlockdevCreateOptionsLUKS Date: Mon, 25 Dec 2023 13:26:53 +0800 Message-Id: <720f901d0df6ecb2da94c48c38b0abde933c3429.1703481380.git.yong.huang@smartx.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::32c; envelope-from=yong.huang@smartx.com; helo=mail-ot1-x32c.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org To support detached LUKS header creation, make the existing 'file' filed in BlockdevCreateOptionsLUKS optional, while also adding an extra optional 'header' field in the next commit. Signed-off-by: Hyman Huang --- block/crypto.c | 21 ++++++++++++++------- qapi/block-core.json | 5 +++-- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index 6063879bac..78fbe79c95 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -659,9 +659,9 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) assert(create_options->driver == BLOCKDEV_DRIVER_LUKS); luks_opts = &create_options->u.luks; - bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp); - if (bs == NULL) { - return -EIO; + if (luks_opts->file == NULL) { + error_setg(errp, "Formatting LUKS disk requires parameter 'file'"); + return -EINVAL; } create_opts = (QCryptoBlockCreateOptions) { @@ -673,10 +673,17 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) preallocation = luks_opts->preallocation; } - ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts, - preallocation, errp); - if (ret < 0) { - goto fail; + if (luks_opts->file) { + bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp); + if (bs == NULL) { + return -EIO; + } + + ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts, + preallocation, errp); + if (ret < 0) { + goto fail; + } } ret = 0; diff --git a/qapi/block-core.json b/qapi/block-core.json index 10be08d08f..9ac256c489 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -4945,7 +4945,8 @@ # # Driver specific image creation options for LUKS. # -# @file: Node to create the image format on +# @file: Node to create the image format on, mandatory except when +# 'preallocation' is not requested # # @size: Size of the virtual disk in bytes # @@ -4956,7 +4957,7 @@ ## { 'struct': 'BlockdevCreateOptionsLUKS', 'base': 'QCryptoBlockCreateOptionsLUKS', - 'data': { 'file': 'BlockdevRef', + 'data': { '*file': 'BlockdevRef', 'size': 'size', '*preallocation': 'PreallocMode' } } From patchwork Mon Dec 25 05:26:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 1880043 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=smartx-com.20230601.gappssmtp.com header.i=@smartx-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=dt5+r3J0; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz6316vrqz23dC for ; Mon, 25 Dec 2023 16:31:41 +1100 (AEDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdX1-00052j-5Q; Mon, 25 Dec 2023 00:29:39 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdX0-00052Z-6I for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:38 -0500 Received: from mail-pj1-x1034.google.com ([2607:f8b0:4864:20::1034]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdWy-0007I2-Lm for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:37 -0500 Received: by mail-pj1-x1034.google.com with SMTP id 98e67ed59e1d1-28beb1d946fso2878731a91.0 for ; Sun, 24 Dec 2023 21:27:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703482055; x=1704086855; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qJQlTzAWPO+/klEeEAp+k9zko8Nhs/GsMEahvb4ufUs=; b=dt5+r3J0j8fKD6pkedFoM8wCLjs5C7Rsd3juuK0YegK9+WZyVTq4aLMH456NZAxMAJ JqdUUH96FEReACY6W+HvXPxya+voFSijbZKhqf/FDR1KThPG35pjJJaM8I3HRwwZUtmw 69zxsAXD7TSwEkL4XNkWUwqw50Td2f0UIMNoOho84MTA6S1gtC9PQUp/Eemdec2K9N7x aI9tft4JB+gtaAPuGK3UPJAyeR8LjRhJnHzdeMwBZZw2Fqv2OO+EeOIDrw3AgPkpZ9wh z9VA0ohCOv0WVW7kpW2sRWN2KZhNkzzYBsQAGURK4AYHpVzvX3AxnIgTLffh8sV888gV 2aCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703482055; x=1704086855; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qJQlTzAWPO+/klEeEAp+k9zko8Nhs/GsMEahvb4ufUs=; b=t+qndHC0kuAFiHI/r6PeU/KSsc5QtSbFOd9j8rt0cScz11+Ffpn3JqeT20oLJaiiPV Zr+0M2f7dvXWL9FvI0nHV+3Wvta3+5KNeM39ACHzSy6Y7eCYyWoWGgfXSXnRp61dyDq1 cNqFQ9I50UJstrmvq5mUNA1PFlLZ7qLCO9bCZd4ElBMtgGhMsx037SWuWNUZ40pnYCmY HoHEcrazPnludBrQRaKQ0nd4GK5asn2nAZljH0AJSzNuMwqaBxex7RqbPjwdIWc8uCDS AHp/AX43fzZXJXNlStoM6567ztwoejECQ8TtB2j58LPH6Ye9ZpsZ+hCUTtXrqFhxcos3 nHhQ== X-Gm-Message-State: AOJu0YxAh2xhxdbMyzDkt43xu/dnPwvd54PojZBpRmAixh3KxcoMKJbJ KOQVpmrOb8J8T3mzThhs3tR6UrUYn+0jxKTFTlqaq0Xrq9KrNw== X-Google-Smtp-Source: AGHT+IFPE5GzdDtMg6A3zWm6NTcGG1EF+Kh5Z205xLGf0YWvsqtPk8A/rYGKdYB453VMjpOzqVWIwA== X-Received: by 2002:a05:6a20:12c9:b0:195:1df1:dd89 with SMTP id v9-20020a056a2012c900b001951df1dd89mr6789081pzg.95.1703482054686; Sun, 24 Dec 2023 21:27:34 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id f7-20020aa79d87000000b006d991505b4csm4555800pfq.76.2023.12.24.21.27.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:27:34 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [v3 04/10] crypto: Introduce creation option and structure for detached LUKS header Date: Mon, 25 Dec 2023 13:26:54 +0800 Message-Id: <57ccc93a05f69973d41b571615f9ef13fd9b2983.1703481380.git.yong.huang@smartx.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::1034; envelope-from=yong.huang@smartx.com; helo=mail-pj1-x1034.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Introduce 'header' field in BlockdevCreateOptionsLUKS to support detached LUKS header creation. Meanwhile, introduce header-related field in QCryptoBlock. Signed-off-by: Hyman Huang --- crypto/blockpriv.h | 3 +++ qapi/block-core.json | 3 +++ qapi/crypto.json | 5 ++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 3c7ccea504..6289aea961 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -42,6 +42,9 @@ struct QCryptoBlock { size_t niv; uint64_t payload_offset; /* In bytes */ uint64_t sector_size; /* In bytes */ + + bool detached_header; /* True if disk has a detached LUKS header */ + uint64_t detached_header_size; /* LUKS header size plus key slot size */ }; struct QCryptoBlockDriver { diff --git a/qapi/block-core.json b/qapi/block-core.json index 9ac256c489..8aec179926 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -4948,6 +4948,8 @@ # @file: Node to create the image format on, mandatory except when # 'preallocation' is not requested # +# @header: Detached LUKS header node to format. (since 9.0) +# # @size: Size of the virtual disk in bytes # # @preallocation: Preallocation mode for the new image (since: 4.2) @@ -4958,6 +4960,7 @@ { 'struct': 'BlockdevCreateOptionsLUKS', 'base': 'QCryptoBlockCreateOptionsLUKS', 'data': { '*file': 'BlockdevRef', + '*header': 'BlockdevRef', 'size': 'size', '*preallocation': 'PreallocMode' } } diff --git a/qapi/crypto.json b/qapi/crypto.json index fd3d46ebd1..6b4e86cb81 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -195,10 +195,13 @@ # decryption key. Mandatory except when probing image for # metadata only. # +# @detached-header: if true, disk has detached LUKS header. +# # Since: 2.6 ## { 'struct': 'QCryptoBlockOptionsLUKS', - 'data': { '*key-secret': 'str' }} + 'data': { '*key-secret': 'str', + '*detached-header': 'bool' }} ## # @QCryptoBlockCreateOptionsLUKS: From patchwork Mon Dec 25 05:26:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 1880044 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=smartx-com.20230601.gappssmtp.com header.i=@smartx-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=dLkDzq0+; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz63168zCz20RL for ; Mon, 25 Dec 2023 16:31:41 +1100 (AEDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdX6-00055B-ME; Mon, 25 Dec 2023 00:29:44 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdX4-00054i-NA for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:42 -0500 Received: from mail-oi1-x22e.google.com ([2607:f8b0:4864:20::22e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdX3-0007IH-4f for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:42 -0500 Received: by mail-oi1-x22e.google.com with SMTP id 5614622812f47-3ba52d0f9feso2842108b6e.0 for ; Sun, 24 Dec 2023 21:27:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703482059; x=1704086859; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=IPxH7gFNnh+/q7MXVJgutLRfldlr/zL58xbkQj7lR5Y=; b=dLkDzq0+oSiHASpX5dA6Rp/4Oiq204SyDXf1mYDURNUJc1j743oY+G+DfoloI2TEPf +VfgJVfr41Sr/3QU8yTDpHcI7YQv2rrAfSx5Hz9nfRgIsoVy/NIKTpSyR6GWRDPrhxy6 FTbvBM4JKbdFRy4QOoiNz+EOWzr4qGxf1gQYq2rqHspSEZOXrxlA8YjYez/kHzXOV/9l uF7EuydwhBN8pGIReXoe7QlBJpGnI534no7M+dD7uN3eP0nZnYr1Po84Ok0Vd+tR1V8Y Nlr8RTPxR83BHInZXtv+idddg5dwYb37Ks60qQsIBorKm56BSs3hnajXG6wBkp7UsUTm L/pA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703482059; x=1704086859; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IPxH7gFNnh+/q7MXVJgutLRfldlr/zL58xbkQj7lR5Y=; b=ZvzBXkQeeZdtPP2/HmAsiXO7J7d7iT9PDknE7POMpRpBheCkmtdHAhmarvT0nPOHBj I1yPEzQ4lmcHqZvRyx439RYJYbzMCbr716c9IRyWVqEHNnCcXmU2zb0D4tb0PphI+M7U 9V1+gtpLZVGhEMB7uBzzGqpwttE+NuuXF5NKdNnXFjgQ+3X7lVcVHD9i5UvUBg/pe9sq XfrsFuJ3KVu5Jp+Y76Tw9vBTfjq1bUmEYdhaJKex36lW73ySbAjeoTyB/x+R+OhLUnAG 5qEraU1Dmd/qS+KUEWVgYXqwopOeap0dxofpGj0F6PCjAfQ/OEtAqR1SqPF2yBTfd6jU G7MA== X-Gm-Message-State: AOJu0Yx7kRIGneTRJXh7usCSy79csozdv3fbJ/vhH+ZyvnguucGcQcSl L1KSHG26BZzwmCc8EU6MvXBJpErnnnOHz67igQmgxEzSA1jz7w== X-Google-Smtp-Source: AGHT+IH2tVs/BodH9ExVJOR5ky6B7cY2SPbouZZJKVuyfTBdAXOjtN2lphVWgs2v2S+SVIq6wq0unA== X-Received: by 2002:a05:6808:1395:b0:3ba:f4a:4310 with SMTP id c21-20020a056808139500b003ba0f4a4310mr5992389oiw.11.1703482059064; Sun, 24 Dec 2023 21:27:39 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id f7-20020aa79d87000000b006d991505b4csm4555800pfq.76.2023.12.24.21.27.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:27:38 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [v3 05/10] crypto: Mark the payload_offset_sector invalid for detached LUKS header Date: Mon, 25 Dec 2023 13:26:55 +0800 Message-Id: <02d08ca67a4ec88cee61446d6b330c2945b5588f.1703481380.git.yong.huang@smartx.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::22e; envelope-from=yong.huang@smartx.com; helo=mail-oi1-x22e.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Set the payload_offset_sector to a value that is nearly never reached in order to mark it as invalid and indicate that 0 should be the offset of the read/write operation on the 'file' protocol blockdev node. Signed-off-by: Hyman Huang --- crypto/block-luks.c | 41 +++++++++++++++++++++++++++++++---------- 1 file changed, 31 insertions(+), 10 deletions(-) diff --git a/crypto/block-luks.c b/crypto/block-luks.c index fb01ec38bb..48443ffcae 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -34,6 +34,8 @@ #include "qemu/bitmap.h" +#define INVALID_SECTOR_OFFSET UINT32_MAX + /* * Reference for the LUKS format implemented here is * @@ -136,6 +138,13 @@ struct QCryptoBlockLUKS { }; +static inline uint32_t +qcrypto_block_luks_payload_offset(uint32_t sector) +{ + return sector == INVALID_SECTOR_OFFSET ? 0 : + sector * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE; +} + static int qcrypto_block_luks_cipher_name_lookup(const char *name, QCryptoCipherMode mode, uint32_t key_bytes, @@ -1255,8 +1264,8 @@ qcrypto_block_luks_open(QCryptoBlock *block, } block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE; - block->payload_offset = luks->header.payload_offset_sector * - block->sector_size; + block->payload_offset = + qcrypto_block_luks_payload_offset(luks->header.payload_offset_sector); return 0; @@ -1529,16 +1538,28 @@ qcrypto_block_luks_create(QCryptoBlock *block, slot->stripes = QCRYPTO_BLOCK_LUKS_STRIPES; } - /* The total size of the LUKS headers is the partition header + key - * slot headers, rounded up to the nearest sector, combined with - * the size of each master key material region, also rounded up - * to the nearest sector */ - luks->header.payload_offset_sector = header_sectors + - QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS * split_key_sectors; + if (block->detached_header) { + /* + * Set the payload_offset_sector to a value that is nearly never + * reached in order to mark it as invalid and indicate that 0 should + * be the offset of the read/write operation on the 'file' protocol + * blockdev node. Here the UINT32_MAX is choosed + */ + luks->header.payload_offset_sector = INVALID_SECTOR_OFFSET; + } else { + /* + * The total size of the LUKS headers is the partition header + key + * slot headers, rounded up to the nearest sector, combined with + * the size of each master key material region, also rounded up + * to the nearest sector + */ + luks->header.payload_offset_sector = header_sectors + + QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS * split_key_sectors; + } block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE; - block->payload_offset = luks->header.payload_offset_sector * - block->sector_size; + block->payload_offset = + qcrypto_block_luks_payload_offset(luks->header.payload_offset_sector); /* Reserve header space to match payload offset */ initfunc(block, block->payload_offset, opaque, &local_err); From patchwork Mon Dec 25 05:26:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 1880036 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=smartx-com.20230601.gappssmtp.com header.i=@smartx-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=FgOgfScY; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz62D0YlQz20RL for ; Mon, 25 Dec 2023 16:31:00 +1100 (AEDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdXA-00055j-42; Mon, 25 Dec 2023 00:29:48 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdX8-00055L-JD for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:46 -0500 Received: from mail-oi1-x231.google.com ([2607:f8b0:4864:20::231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdX6-0007Jt-QY for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:46 -0500 Received: by mail-oi1-x231.google.com with SMTP id 5614622812f47-3ba52d0f9feso2842132b6e.0 for ; Sun, 24 Dec 2023 21:27:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703482063; x=1704086863; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=L3ApTkAuvEEyKhHkfQqZ7GJ+q36mBNZFj8dE6xUr2+E=; b=FgOgfScYgrhbPsMfDBNd8TGhAu/srDlBbeQbwVZM8pkX5g6B5S4rBzkB9qmL/+waSu 2xQCcrRLE2wLTgF7/1mTDxOHeI+TLYVeqd4mdW52QtxA/AEm3h7WfxjhD1bQVRc018Dz DkgqT3yB262yVJlM/H/qInUuMF78/03xb/Ml8u8HXQnj+tk6BB+KEopNU6tQnM7AuRjI LlXCIoYPnlaXbOMSsuOanG+DwZ3KMGFCcgtPL3+wvS4y6x0IA+NZXOBGb8BHVp02XsBV AiAtTrklNERGn2qkt4QtM8yyBfXLef/Bog8h4r2F6Z88w8Pz3l2hxw5N8c7U0wXtrQzs SmKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703482063; x=1704086863; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=L3ApTkAuvEEyKhHkfQqZ7GJ+q36mBNZFj8dE6xUr2+E=; b=qNaJzUn3luA96V9ESIZBSpRMDjOhOXjXMP91I9m+A1TqRBr6WSTNboppRLAZ8xx+2k Gv1fId0PWISnzQzmXONm92g7vEic+FghqQme1cFkiE1d2AYpyguRsAoXSHDsxdRZZiZe 7KwUH6oA/LIZtUeNvnOOZUXt9PkzyV6jO9n9PHWILKcCf/HZi74RsdaVlP15b7ni1oWz wXBOAhZqz4u/nIox7EuK250pd9Qm3oaD+aKTgkGrjzJ7SrpIO0lXoQ4GMAOQGqF2f5c1 GgZ0u+KgR8UD4QEjqqNp1f3uWw1IMZn1swo2X/+3UEzMpZ96MAf+t90OoHE/9H21gwb2 t9CQ== X-Gm-Message-State: AOJu0YzHlC6vkLHNL2vjytBINX/s1U757j/BikUKAsFF43pJ0++tJ7f2 9JzpiK4XVp2vfUsVWGEdM3M9upR8BJcJlNrUAe9WT7U44/6GCg== X-Google-Smtp-Source: AGHT+IHj/uoN+AIt8v1z9vnEwv81FaGGtD69jiBWh3d8X2nqgCc6Xhvs7lZvrFQlD0ECk1rMG7S4RA== X-Received: by 2002:a05:6808:2f1a:b0:3bb:afe2:e758 with SMTP id gu26-20020a0568082f1a00b003bbafe2e758mr422308oib.105.1703482063017; Sun, 24 Dec 2023 21:27:43 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id f7-20020aa79d87000000b006d991505b4csm4555800pfq.76.2023.12.24.21.27.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:27:42 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [v3 06/10] block: Support detached LUKS header creation using blockdev-create Date: Mon, 25 Dec 2023 13:26:56 +0800 Message-Id: <20ab47b728492cedb7ea671239f0397a141c3f5a.1703481380.git.yong.huang@smartx.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::231; envelope-from=yong.huang@smartx.com; helo=mail-oi1-x231.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org The LUKS disk with detached header consists of a separate LUKS header and payload. This LUKS disk type should be formatted as follows: 1. add the secret to lock/unlock the cipher stored in the detached LUKS header $ virsh qemu-monitor-command vm '{"execute":"object-add", > "arguments":{"qom-type": "secret", "id": "sec0", "data": "foo"}}' 2. create a header img with 0 size $ virsh qemu-monitor-command vm '{"execute":"blockdev-create", > "arguments":{"job-id":"job0", "options":{"driver":"file", > "filename":"/path/to/detached_luks_header.img", "size":0 }}}' 3. add protocol blockdev node for header $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments": {"driver":"file", "filename": > "/path/to/detached_luks_header.img", "node-name": > "detached-luks-header-storage"}}' 4. create a payload img with 0 size $ virsh qemu-monitor-command vm '{"execute":"blockdev-create", > "arguments":{"job-id":"job1", "options":{"driver":"file", > "filename":"/path/to/detached_luks_payload_raw.img", "size":0}}}' 5. add protocol blockdev node for payload $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments": {"driver":"file", "filename": > "/path/to/detached_luks_payload_raw.img", "node-name": > "luks-payload-raw-storage"}}' 6. do the formatting with 128M size $ virsh qemu-monitor-command c81_node1 '{"execute":"blockdev-create", > "arguments":{"job-id":"job2", "options":{"driver":"luks", "header": > "detached-luks-header-storage", "file":"luks-payload-raw-storage", > "size":134217728, "preallocation":"full", "key-secret":"sec0" }}}' Signed-off-by: Hyman Huang --- block/crypto.c | 109 ++++++++++++++++++++++++++++++++++++++++---- crypto/block-luks.c | 6 ++- crypto/block.c | 1 + 3 files changed, 106 insertions(+), 10 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index 78fbe79c95..76cc8bda49 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -160,6 +160,48 @@ error: return ret; } +static int coroutine_fn GRAPH_UNLOCKED +block_crypto_co_format_luks_payload(BlockdevCreateOptionsLUKS *luks_opts, + Error **errp) +{ + BlockDriverState *bs = NULL; + BlockBackend *blk = NULL; + Error *local_error = NULL; + int ret; + + if (luks_opts->size > INT64_MAX) { + return -EFBIG; + } + + bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp); + if (bs == NULL) { + return -EIO; + } + + blk = blk_co_new_with_bs(bs, BLK_PERM_WRITE | BLK_PERM_RESIZE, + BLK_PERM_ALL, errp); + if (!blk) { + ret = -EPERM; + goto fail; + } + + ret = blk_truncate(blk, luks_opts->size, true, + luks_opts->preallocation, 0, &local_error); + if (ret < 0) { + if (ret == -EFBIG) { + /* Replace the error message with a better one */ + error_free(local_error); + error_setg(errp, "The requested file size is too large"); + } + goto fail; + } + + ret = 0; + +fail: + bdrv_co_unref(bs); + return ret; +} static QemuOptsList block_crypto_runtime_opts_luks = { .name = "crypto", @@ -651,6 +693,7 @@ static int coroutine_fn GRAPH_UNLOCKED block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) { BlockdevCreateOptionsLUKS *luks_opts; + BlockDriverState *hdr_bs = NULL; BlockDriverState *bs = NULL; QCryptoBlockCreateOptions create_opts; PreallocMode preallocation = PREALLOC_MODE_OFF; @@ -659,8 +702,22 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) assert(create_options->driver == BLOCKDEV_DRIVER_LUKS); luks_opts = &create_options->u.luks; - if (luks_opts->file == NULL) { - error_setg(errp, "Formatting LUKS disk requires parameter 'file'"); + if (luks_opts->header == NULL && luks_opts->file == NULL) { + error_setg(errp, "Either the parameter 'header' or 'file' should " + "be specified"); + return -EINVAL; + } + + if (luks_opts->detached_header && luks_opts->header == NULL) { + error_setg(errp, "Formatting a detached LUKS disk requries " + "'header' to be specified"); + return -EINVAL; + } + + if ((luks_opts->preallocation != PREALLOC_MODE_OFF) && + (luks_opts->file == NULL)) { + error_setg(errp, "Parameter 'preallocation' requries 'file' to be " + "specified for formatting LUKS disk"); return -EINVAL; } @@ -673,7 +730,40 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) preallocation = luks_opts->preallocation; } - if (luks_opts->file) { + if (luks_opts->header) { + hdr_bs = bdrv_co_open_blockdev_ref(luks_opts->header, errp); + if (hdr_bs == NULL) { + return -EIO; + } + + /* + * If blockdev reference of header is specified, + * detached_header default to true + */ + create_opts.u.luks.detached_header = true; + + /* Format the LUKS header node */ + ret = block_crypto_co_create_generic(hdr_bs, 0, &create_opts, + PREALLOC_MODE_OFF, errp); + if (ret < 0) { + goto hdr_bs_failed; + } + + /* Format the LUKS payload node */ + if (luks_opts->file) { + ret = block_crypto_co_format_luks_payload(luks_opts, errp); + if (ret < 0) { + goto hdr_bs_failed; + } + } + + ret = 0; + +hdr_bs_failed: + bdrv_co_unref(hdr_bs); + return ret; + } else if (luks_opts->file) { + /* None detached LUKS header path */ bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp); if (bs == NULL) { return -EIO; @@ -682,14 +772,15 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts, preallocation, errp); if (ret < 0) { - goto fail; + goto bs_failed; } - } - ret = 0; -fail: - bdrv_co_unref(bs); - return ret; + ret = 0; + +bs_failed: + bdrv_co_unref(bs); + return ret; + } } static int coroutine_fn GRAPH_UNLOCKED diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 48443ffcae..474c7aee2e 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -1561,8 +1561,12 @@ qcrypto_block_luks_create(QCryptoBlock *block, block->payload_offset = qcrypto_block_luks_payload_offset(luks->header.payload_offset_sector); + block->detached_header_size = + (header_sectors + QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS * + split_key_sectors) * block->sector_size; + /* Reserve header space to match payload offset */ - initfunc(block, block->payload_offset, opaque, &local_err); + initfunc(block, block->detached_header_size, opaque, &local_err); if (local_err) { error_propagate(errp, local_err); goto error; diff --git a/crypto/block.c b/crypto/block.c index 7bb4b74a37..ea493f056e 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -102,6 +102,7 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, } block->driver = qcrypto_block_drivers[options->format]; + block->detached_header = options->u.luks.detached_header; if (block->driver->create(block, options, optprefix, initfunc, writefunc, opaque, errp) < 0) { From patchwork Mon Dec 25 05:26:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 1880040 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=smartx-com.20230601.gappssmtp.com header.i=@smartx-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=oEq3manE; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz62K5DWLz23dC for ; Mon, 25 Dec 2023 16:31:05 +1100 (AEDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdXD-000565-LE; Mon, 25 Dec 2023 00:29:51 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdXC-00055n-9m for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:50 -0500 Received: from mail-ot1-x32c.google.com ([2607:f8b0:4864:20::32c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdXA-0007K1-Ne for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:50 -0500 Received: by mail-ot1-x32c.google.com with SMTP id 46e09a7af769-6dbed9bb54eso157630a34.3 for ; Sun, 24 Dec 2023 21:27:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703482067; x=1704086867; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Bld8BoqgmZ1DODtactYuR62piREfvI2piUdxD5IPPLM=; b=oEq3manE1MTZfKK5CSltZmAW73sgBnital4Hp4AO5p6LjlV9fvL/XmdptZuqMLLI1t ABLQWe5NUhoeqG6ZHTxvyILbMPNSN2CI/4zkfZUqzA6iscpgQBwuksRpbVkE5R/3J6G/ zrruupa8E64WC3oncoYqGt22jOPkQxuhHljlnzKjsQoK//P1E4dPNeQcZOUMrpWu3OBP VxbPVmztGsVT1ldxElwN/NYHvVWO5uqbcwLsFiEa9BnkBtsbPT33gjZTn4UcWB5rj9E9 gAzauzMZ9Gp66St7FIhPBb3Aa3ZCR9hWjG6RlkvOAPtd2P+FxVFOAMn5gWBZFZe/4UZQ yE2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703482067; x=1704086867; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Bld8BoqgmZ1DODtactYuR62piREfvI2piUdxD5IPPLM=; b=iQNMxIyRIoUxQ7mbM8tkgoW+t1XcgSxqVSAX6D2QFeMbDqYM/vWZA12ebmhpQBdCrc bQ9nHS5AJJ3gHcoLpib6ChI7qzt0DdA2Fu33Y0zL+wvdTR3uNGyEog9W12uHDI25q4dO Ii7PmyrQyFDwm1oTmjbfNgy1Hz1lKBCu6Hzz7P1Cm8jQJAlw3bu9FFK0LP7SrnP+8U4g W8tNWKP21YYzzNSMwn94rcMdHdfHrdUOyNdEdhfpCvUPYKIgvvofIa3/4AlV5IaAspiC BgeHNWYxm/7T2oFTHtKVUDO7C0VSoBsiiYLOBIdK6PUosnYJ6ac6N7KfLPxAijbun3Nn CJgg== X-Gm-Message-State: AOJu0YyVGpboEUuohAU/QKyMSAQ76tYUgLdX9F+08ZN0FSV8Ea2EFUHP 3bdOgE+MGD7E/+2J+r5AHp0d/lEpHO0ZQfDRAC+To5GGM3EZIA== X-Google-Smtp-Source: AGHT+IFqsOQZrHXQTnPAowZ0lbrQKWsFf7FgGEmoDaYo4eCOVYL8D4kYNcX8icIrTFA/FXfQ0kfQIw== X-Received: by 2002:a05:6830:2701:b0:6d9:d3dc:231e with SMTP id j1-20020a056830270100b006d9d3dc231emr3647119otu.66.1703482066989; Sun, 24 Dec 2023 21:27:46 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id f7-20020aa79d87000000b006d991505b4csm4555800pfq.76.2023.12.24.21.27.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:27:46 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [v3 07/10] block: Support detached LUKS header creation using qemu-img Date: Mon, 25 Dec 2023 13:26:57 +0800 Message-Id: <3179dbd4232303c64906eeffa2912d09a0fdcbeb.1703481380.git.yong.huang@smartx.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::32c; envelope-from=yong.huang@smartx.com; helo=mail-ot1-x32c.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Add the 'detached-mode' option to specify the creation of a detached LUKS header. This is how it is used: $ qemu-img create --object secret,id=sec0,data=abc123 -f luks > -o cipher-alg=aes-256,cipher-mode=xts -o key-secret=sec0 > -o detached-mode=true header.luks Signed-off-by: Hyman Huang --- block.c | 5 ++++- block/crypto.c | 9 ++++++++- block/crypto.h | 8 ++++++++ qapi/crypto.json | 5 ++++- 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/block.c b/block.c index bfb0861ec6..fa9ce36928 100644 --- a/block.c +++ b/block.c @@ -7517,7 +7517,10 @@ void bdrv_img_create(const char *filename, const char *fmt, goto out; } - if (size == -1) { + /* Parameter 'size' is not needed for detached LUKS header */ + if (size == -1 && + !(!strcmp(fmt, "luks") && + qemu_opt_get_bool(opts, "detached-mode", false))) { error_setg(errp, "Image creation needs a size parameter"); goto out; } diff --git a/block/crypto.c b/block/crypto.c index 76cc8bda49..812c3c28f5 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -229,6 +229,7 @@ static QemuOptsList block_crypto_create_opts_luks = { BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""), BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""), BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_DETACHED_MODE(""), { /* end of list */ } }, }; @@ -793,6 +794,8 @@ block_crypto_co_create_opts_luks(BlockDriver *drv, const char *filename, PreallocMode prealloc; char *buf = NULL; int64_t size; + bool detached_mode = + qemu_opt_get_bool(opts, "detached-mode", false); int ret; Error *local_err = NULL; @@ -832,8 +835,12 @@ block_crypto_co_create_opts_luks(BlockDriver *drv, const char *filename, goto fail; } + /* The detached_header default to true if detached-mode is specified */ + create_opts->u.luks.detached_header = detached_mode ? true : false; + /* Create format layer */ - ret = block_crypto_co_create_generic(bs, size, create_opts, prealloc, errp); + ret = block_crypto_co_create_generic(bs, detached_mode ? 0 : size, + create_opts, prealloc, errp); if (ret < 0) { goto fail; } diff --git a/block/crypto.h b/block/crypto.h index 72e792c9af..bceefd45bd 100644 --- a/block/crypto.h +++ b/block/crypto.h @@ -41,6 +41,7 @@ #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg" #define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg" #define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time" +#define BLOCK_CRYPTO_OPT_LUKS_DETACHED_MODE "detached-mode" #define BLOCK_CRYPTO_OPT_LUKS_KEYSLOT "keyslot" #define BLOCK_CRYPTO_OPT_LUKS_STATE "state" #define BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET "old-secret" @@ -100,6 +101,13 @@ .help = "Select new state of affected keyslots (active/inactive)",\ } +#define BLOCK_CRYPTO_OPT_DEF_LUKS_DETACHED_MODE(prefix) \ + { \ + .name = prefix BLOCK_CRYPTO_OPT_LUKS_DETACHED_MODE, \ + .type = QEMU_OPT_BOOL, \ + .help = "Create a detached LUKS header", \ + } + #define BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(prefix) \ { \ .name = prefix BLOCK_CRYPTO_OPT_LUKS_KEYSLOT, \ diff --git a/qapi/crypto.json b/qapi/crypto.json index 6b4e86cb81..8e81aa8454 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -226,6 +226,8 @@ # @iter-time: number of milliseconds to spend in PBKDF passphrase # processing. Currently defaults to 2000. (since 2.8) # +# @detached-mode: create a detached LUKS header. (since 9.0) +# # Since: 2.6 ## { 'struct': 'QCryptoBlockCreateOptionsLUKS', @@ -235,7 +237,8 @@ '*ivgen-alg': 'QCryptoIVGenAlgorithm', '*ivgen-hash-alg': 'QCryptoHashAlgorithm', '*hash-alg': 'QCryptoHashAlgorithm', - '*iter-time': 'int'}} + '*iter-time': 'int', + '*detached-mode': 'bool'}} ## # @QCryptoBlockOpenOptions: From patchwork Mon Dec 25 05:26:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 1880041 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=smartx-com.20230601.gappssmtp.com header.i=@smartx-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=USWchmyV; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz62P1YRVz20RL for ; Mon, 25 Dec 2023 16:31:09 +1100 (AEDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdXJ-00056c-9r; Mon, 25 Dec 2023 00:29:57 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdXH-00056O-HI for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:55 -0500 Received: from mail-pj1-x102a.google.com ([2607:f8b0:4864:20::102a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdXF-0007Kj-LB for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:54 -0500 Received: by mail-pj1-x102a.google.com with SMTP id 98e67ed59e1d1-28c075ad8e7so1974738a91.2 for ; Sun, 24 Dec 2023 21:27:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703482072; x=1704086872; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=V41DNB1pjZ9O5cZD/tszsVFWwnvqdC0t0assc5W46WI=; b=USWchmyVYlvVGG4SMKTjuZmgT/AXGROI8eZ6WtWNx3iL3PB3gIAwFQqo4s6H9EsLhU PXTosMi9t301odffVJbS0N9GOXk1DOiRp7qCxYR0BJOUQaVy/WLNgDx+9V3DrP280euh 5+DWB3TxAevnsrjNoGFYghmS/QGYqJK0ZWqNAR/sWmxusPM+2wkK2m5a1lodbnRE23CT nX22anJ0+jO2+Ks9WQk9yG5CT8l15RTNUDnOZZ8njfaP2QtIyZkIsWFO2tAHQsDyjMpm WBDL4WowiNBfjkmdgNlchl+4SUUYoS4cjBC7Ig/1FCGH3h4M5HOunPBVY2+mVbIkCVl8 0h8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703482072; x=1704086872; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=V41DNB1pjZ9O5cZD/tszsVFWwnvqdC0t0assc5W46WI=; b=cwsPVRo8lTsZZj/QAu0tIuSCFMIf26Hs1trIMxjMUCLhEckGzKkRj+PNVajEoOzR3M dFASUBUuEdW1we+0BYnWYRVdZe1ID9k3VQnCMSMTjm+2fhEfLpUrHgszuGpriw5rjeUO w6fChNw9Rwdhv+kFl7mo8575EiDHdPKyRcIzSKqU7s1Oc79RY08tyPBEmTZvhAsVlJOK vbuLRbjznIhTKfJs3XLLQa7xp32LcIM0PZ9v1gcnSj93K6HtgZ//+rIowvnROylhN9zr z4tM9C7IUjE10c891SMTnlEBGTxTVJeGelJClgz3hb1ySvTmnAlAdCh9H6W5RCUeoJtY Hwww== X-Gm-Message-State: AOJu0YyQuMgzMCKV72FCTIoD8L/KVrN/5TlLWX4+OGD8Tudzu/WfrNnP bFEqkZI9eKC07xSK6/TTabzBV+wRBJxS++sETgvz9y8kQuKdgg== X-Google-Smtp-Source: AGHT+IERiULVmCpklvA/U7zcUjZBziGoQXLEjY2XXwB5PTb7k47EsJ/AeKSGZjEB53Ny4k3MugNxag== X-Received: by 2002:a05:6a20:9185:b0:195:a3d1:bf6 with SMTP id v5-20020a056a20918500b00195a3d10bf6mr1584685pzd.101.1703482071729; Sun, 24 Dec 2023 21:27:51 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id f7-20020aa79d87000000b006d991505b4csm4555800pfq.76.2023.12.24.21.27.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:27:51 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [v3 08/10] crypto: Introduce 'detached-header' field in QCryptoBlockInfoLUKS Date: Mon, 25 Dec 2023 13:26:58 +0800 Message-Id: <0866d2a1e7011831570a377e02cddb5db4b7d855.1703481380.git.yong.huang@smartx.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::102a; envelope-from=yong.huang@smartx.com; helo=mail-pj1-x102a.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org When querying the LUKS disk with the qemu-img tool or other APIs, add information about whether the LUKS header is detached. Additionally, update the test case with the appropriate modification. Signed-off-by: Hyman Huang --- crypto/block-luks.c | 2 ++ qapi/crypto.json | 3 +++ tests/qemu-iotests/210.out | 4 ++++ 3 files changed, 9 insertions(+) diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 474c7aee2e..c5e53b4ee4 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -1266,6 +1266,7 @@ qcrypto_block_luks_open(QCryptoBlock *block, block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE; block->payload_offset = qcrypto_block_luks_payload_offset(luks->header.payload_offset_sector); + block->detached_header = (block->payload_offset == 0) ? true : false; return 0; @@ -1892,6 +1893,7 @@ static int qcrypto_block_luks_get_info(QCryptoBlock *block, info->u.luks.master_key_iters = luks->header.master_key_iterations; info->u.luks.uuid = g_strndup((const char *)luks->header.uuid, sizeof(luks->header.uuid)); + info->u.luks.detached_header = block->detached_header; for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { slot = g_new0(QCryptoBlockInfoLUKSSlot, 1); diff --git a/qapi/crypto.json b/qapi/crypto.json index 8e81aa8454..336c880b5d 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -317,6 +317,8 @@ # # @hash-alg: the master key hash algorithm # +# @detached-header: whether the LUKS header is detached (Since 9.0) +# # @payload-offset: offset to the payload data in bytes # # @master-key-iters: number of PBKDF2 iterations for key material @@ -333,6 +335,7 @@ 'ivgen-alg': 'QCryptoIVGenAlgorithm', '*ivgen-hash-alg': 'QCryptoHashAlgorithm', 'hash-alg': 'QCryptoHashAlgorithm', + 'detached-header': 'bool', 'payload-offset': 'int', 'master-key-iters': 'int', 'uuid': 'str', diff --git a/tests/qemu-iotests/210.out b/tests/qemu-iotests/210.out index 96d9f749dd..94b29b2120 100644 --- a/tests/qemu-iotests/210.out +++ b/tests/qemu-iotests/210.out @@ -18,6 +18,7 @@ virtual size: 128 MiB (134217728 bytes) encrypted: yes Format specific information: ivgen alg: plain64 + detached header: false hash alg: sha256 cipher alg: aes-256 uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX @@ -70,6 +71,7 @@ virtual size: 64 MiB (67108864 bytes) encrypted: yes Format specific information: ivgen alg: plain64 + detached header: false hash alg: sha1 cipher alg: aes-128 uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX @@ -125,6 +127,7 @@ virtual size: 0 B (0 bytes) encrypted: yes Format specific information: ivgen alg: plain64 + detached header: false hash alg: sha256 cipher alg: aes-256 uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX @@ -195,6 +198,7 @@ virtual size: 0 B (0 bytes) encrypted: yes Format specific information: ivgen alg: plain64 + detached header: false hash alg: sha256 cipher alg: aes-256 uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX From patchwork Mon Dec 25 05:26:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 1880042 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=smartx-com.20230601.gappssmtp.com header.i=@smartx-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=EWwxI5iZ; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz62p27xmz20RL for ; Mon, 25 Dec 2023 16:31:30 +1100 (AEDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdXM-000579-Sh; Mon, 25 Dec 2023 00:30:00 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdXL-00056v-PS for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:59 -0500 Received: from mail-oi1-x234.google.com ([2607:f8b0:4864:20::234]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdXJ-0007L6-QP for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:29:59 -0500 Received: by mail-oi1-x234.google.com with SMTP id 5614622812f47-3bb85a202c2so2365394b6e.2 for ; Sun, 24 Dec 2023 21:27:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703482076; x=1704086876; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=atVUFHIuvcwN+GlL1DnypsI1Up3UkYdIbJbv6i2R2a0=; b=EWwxI5iZjxNE6chep/cY5b8hl1xQbN3m1x7Ktw60COUxkJfTmCf4ZM+7xtORpDGH9c h88dmpCS9go0RwXiDKGKbCrpveU4xQzBFGY70AVbCvY8A3fEQ6eTYJkrLh7+ACFIdBuG lABCJQtC/znyO7mTjFxS31US74/RyZSbOPDooe2V3VMMIk0P9SjWkrlkoZtcQtrKbw4r 13rzDwl4YWLZHcrH+EVZworR/7Yq6+pMLaFzMcndUMV5iugqQc9dxHMUsqw0AzCKjgNq sSfxLy5WDlubjz2SGqTai0N+8AX8nSemWslk0XjMPWZatoUWz4zqxljnvvKWj/9qZ6MK BP7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703482076; x=1704086876; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=atVUFHIuvcwN+GlL1DnypsI1Up3UkYdIbJbv6i2R2a0=; b=khtAwjVA7e3rm2gv/RGSHEPC83X5wSck37D7qK4pWuDm1PqdOSgzckYq/94q/YGPcs u6UQ/60aztLLtEZU/p8P7tW9X2pGQgCXs5+1aNL1AST+RvRssOpRVN3XzKsMXV2q3nw/ /xosWBpAKmmawzk9hNeUuIgxRDcsWCvhlfbHf9v8RaAb+YD9u2WPoDVTzA9GiCcm64PT WmY0dxT5LKOEfJ3xfYP3wHu4r7ulm5zWuy8nbASryRiBJZJRQUdQAumqqxkxzgJyownd 6UvQE5pR55PDGQtL785/jH3H0PGRkbi8xgT7qAJThMdWpf0DrhWmc0rjTNkvayQVxpx/ GFKA== X-Gm-Message-State: AOJu0Yywstgps1JBygGcPdGZmiiNxfGTJlcFK2gZlH/Zf/q8zD4/Zde7 Bf536ct9BbNeFUp9UgwcKg5k7GQuQV2JH3wY9R9/QOqxTb5kNQ== X-Google-Smtp-Source: AGHT+IGhOIlc7NrZseOWuTTNmpCyFI3Lv5YDabZxV6h7inHycVHNLqC4wJN8KY8UgT70MogvDQtT1A== X-Received: by 2002:a05:6808:124b:b0:3b8:b063:9b6d with SMTP id o11-20020a056808124b00b003b8b0639b6dmr6052761oiv.95.1703482076109; Sun, 24 Dec 2023 21:27:56 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id f7-20020aa79d87000000b006d991505b4csm4555800pfq.76.2023.12.24.21.27.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:27:55 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [v3 09/10] tests: Add detached LUKS header case Date: Mon, 25 Dec 2023 13:26:59 +0800 Message-Id: <1c201f745c591a163d45119bf25b077bd4898343.1703481380.git.yong.huang@smartx.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::234; envelope-from=yong.huang@smartx.com; helo=mail-oi1-x234.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Signed-off-by: Hyman Huang --- tests/qemu-iotests/tests/luks-detached-header | 214 ++++++++++++++++++ .../tests/luks-detached-header.out | 5 + 2 files changed, 219 insertions(+) create mode 100755 tests/qemu-iotests/tests/luks-detached-header create mode 100644 tests/qemu-iotests/tests/luks-detached-header.out diff --git a/tests/qemu-iotests/tests/luks-detached-header b/tests/qemu-iotests/tests/luks-detached-header new file mode 100755 index 0000000000..cf305bfa47 --- /dev/null +++ b/tests/qemu-iotests/tests/luks-detached-header @@ -0,0 +1,214 @@ +#!/usr/bin/env python3 +# group: rw auto +# +# Test detached LUKS header +# +# Copyright (C) 2024 SmartX Inc. +# +# Authors: +# Hyman Huang +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import os +import iotests +from iotests import imgfmt, qemu_img_create, img_info_log, qemu_img_info, QMPTestCase + + +image_size = 128 * 1024 * 1024 + +luks_img = os.path.join(iotests.test_dir, 'luks.img') +detached_header_img1 = os.path.join(iotests.test_dir, 'detached_header.img1') +detached_header_img2 = os.path.join(iotests.test_dir, 'detached_header.img2') +detached_payload_raw_img = os.path.join(iotests.test_dir, 'detached_payload_raw.img') +detached_payload_qcow2_img = os.path.join(iotests.test_dir, 'detached_payload_qcow2.img') + +secret_obj = 'secret,id=sec0,data=foo' +luks_opts = 'key-secret=sec0' + + +class TestDetachedLUKSHeader(QMPTestCase): + def setUp(self) -> None: + self.vm = iotests.VM() + self.vm.add_object(secret_obj) + self.vm.launch() + + # 1. Create the normal LUKS disk with 128M size + self.vm.blockdev_create({ 'driver': 'file', + 'filename': luks_img, + 'size': 0 }) + self.vm.qmp_log('blockdev-add', driver='file', filename=luks_img, + node_name='luks-1-storage') + result = self.vm.blockdev_create({ 'driver': imgfmt, + 'file': 'luks-1-storage', + 'key-secret': 'sec0', + 'size': image_size, + 'iter-time': 10 }) + # None is expected + self.assertEqual(result, None) + + # 2. Create the LUKS disk with detached header (raw) + + # Create detached LUKS header + self.vm.blockdev_create({ 'driver': 'file', + 'filename': detached_header_img1, + 'size': 0 }) + self.vm.qmp_log('blockdev-add', driver='file', filename=detached_header_img1, + node_name='luks-2-header-storage') + + # Create detached LUKS raw payload + self.vm.blockdev_create({ 'driver': 'file', + 'filename': detached_payload_raw_img, + 'size': 0 }) + self.vm.qmp_log('blockdev-add', driver='file', + filename=detached_payload_raw_img, + node_name='luks-2-payload-storage') + + # Format LUKS disk with detached header + result = self.vm.blockdev_create({ 'driver': imgfmt, + 'header': 'luks-2-header-storage', + 'file': 'luks-2-payload-storage', + 'key-secret': 'sec0', + 'preallocation': 'full', + 'size': image_size, + 'iter-time': 10 }) + self.assertEqual(result, None) + + self.vm.shutdown() + + # 3. Create the LUKS disk with detached header (qcow2) + + # Create detached LUKS header using qemu-img + res = qemu_img_create('-f', 'luks', '--object', secret_obj, '-o', luks_opts, + '-o', "detached-mode=true", detached_header_img2) + assert res.returncode == 0 + + # Create detached LUKS qcow2 payload + res = qemu_img_create('-f', 'qcow2', detached_payload_qcow2_img, str(image_size)) + assert res.returncode == 0 + + def tearDown(self) -> None: + os.remove(luks_img) + os.remove(detached_header_img1) + os.remove(detached_header_img2) + os.remove(detached_payload_raw_img) + os.remove(detached_payload_qcow2_img) + + # Check if there was any qemu-io run that failed + if 'Pattern verification failed' in self.vm.get_log(): + print('ERROR: Pattern verification failed:') + print(self.vm.get_log()) + self.fail('qemu-io pattern verification failed') + + def test_img_creation(self) -> None: + # Check if the images created above are expected + + data = qemu_img_info(luks_img)['format-specific'] + self.assertEqual(data['type'], imgfmt) + self.assertEqual(data['data']['detached-header'], False) + + data = qemu_img_info(detached_header_img1)['format-specific'] + self.assertEqual(data['type'], imgfmt) + self.assertEqual(data['data']['detached-header'], True) + + data = qemu_img_info(detached_header_img2)['format-specific'] + self.assertEqual(data['type'], imgfmt) + self.assertEqual(data['data']['detached-header'], True) + + # Check if preallocation works + size = qemu_img_info(detached_payload_raw_img)['actual-size'] + self.assertGreaterEqual(size, image_size) + + def test_detached_luks_header(self) -> None: + self.vm.launch() + + # 1. Add the disk created above + + # Add normal LUKS disk + self.vm.qmp_log('blockdev-add', driver='file', filename=luks_img, + node_name='luks-1-storage') + result = self.vm.qmp_log('blockdev-add', driver='luks', file='luks-1-storage', + key_secret='sec0', node_name='luks-1-format') + + # Expected result{ "return": {} } + self.assert_qmp(result, 'return', {}) + + # Add detached LUKS header with raw payload + self.vm.qmp_log('blockdev-add', driver='file', filename=detached_header_img1, + node_name='luks-header1-storage') + + self.vm.qmp_log('blockdev-add', driver='file', filename=detached_payload_raw_img, + node_name='luks-2-payload-raw-storage') + + result = self.vm.qmp_log('blockdev-add', driver=imgfmt, + header='luks-header1-storage', + file='luks-2-payload-raw-storage', + key_secret='sec0', + node_name='luks-2-payload-raw-format') + self.assert_qmp(result, 'return', {}) + + # Add detached LUKS header with qcow2 payload + self.vm.qmp_log('blockdev-add', driver='file', filename=detached_header_img2, + node_name='luks-header2-storage') + + self.vm.qmp_log('blockdev-add', driver='file', filename=detached_payload_qcow2_img, + node_name='luks-3-payload-qcow2-storage') + + result = self.vm.qmp_log('blockdev-add', driver=imgfmt, + header='luks-header2-storage', + file='luks-3-payload-qcow2-storage', + key_secret='sec0', + node_name='luks-3-payload-qcow2-format') + self.assert_qmp(result, 'return', {}) + + # 2. Do I/O test + + # Do some I/O to the image to see whether it still works + # (Pattern verification will be checked by tearDown()) + + # Normal LUKS disk + result = self.vm.qmp_log('human-monitor-command', + command_line='qemu-io luks-1-format "write -P 40 0 64k"') + self.assert_qmp(result, 'return', '') + + result = self.vm.qmp_log('human-monitor-command', + command_line='qemu-io luks-1-format "read -P 40 0 64k"') + self.assert_qmp(result, 'return', '') + + # Detached LUKS header with raw payload + result = self.vm.qmp('human-monitor-command', + command_line='qemu-io luks-2-payload-raw-format "write -P 41 0 64k"') + self.assert_qmp(result, 'return', '') + + result = self.vm.qmp('human-monitor-command', + command_line='qemu-io luks-2-payload-raw-format "read -P 41 0 64k"') + self.assert_qmp(result, 'return', '') + + # Detached LUKS header with qcow2 payload + result = self.vm.qmp('human-monitor-command', + command_line='qemu-io luks-3-payload-qcow2-format "write -P 42 0 64k"') + self.assert_qmp(result, 'return', '') + + result = self.vm.qmp('human-monitor-command', + command_line='qemu-io luks-3-payload-qcow2-format "read -P 42 0 64k"') + self.assert_qmp(result, 'return', '') + + self.vm.shutdown() + + +if __name__ == '__main__': + # Test image creation and I/O + iotests.main(supported_fmts=['luks'], + supported_protocols=['file']) diff --git a/tests/qemu-iotests/tests/luks-detached-header.out b/tests/qemu-iotests/tests/luks-detached-header.out new file mode 100644 index 0000000000..fbc63e62f8 --- /dev/null +++ b/tests/qemu-iotests/tests/luks-detached-header.out @@ -0,0 +1,5 @@ +.. +---------------------------------------------------------------------- +Ran 2 tests + +OK From patchwork Mon Dec 25 05:27:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 1880037 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=smartx-com.20230601.gappssmtp.com header.i=@smartx-com.20230601.gappssmtp.com header.a=rsa-sha256 header.s=20230601 header.b=RQUnXwAi; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=patchwork.ozlabs.org) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Sz62D5jXHz23dK for ; Mon, 25 Dec 2023 16:31:00 +1100 (AEDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdXR-000588-2j; Mon, 25 Dec 2023 00:30:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdXQ-00057z-66 for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:30:04 -0500 Received: from mail-ot1-x329.google.com ([2607:f8b0:4864:20::329]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdXO-0007LU-Ny for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:30:03 -0500 Received: by mail-ot1-x329.google.com with SMTP id 46e09a7af769-6dbef8420aaso87928a34.3 for ; Sun, 24 Dec 2023 21:28:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703482080; x=1704086880; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=cRysB8cvYPSKAt6SyvAAu4RjPWDEBwqeC3YTz4T4KdA=; b=RQUnXwAivgjDI2zQPJd9kvjYRAvTY3b+pr2bjFK8CFjqy3C/BOioBYdsV3oRAHRltt SgVa3AVBEZGYsXyES1A260UgRA7KZrRK4AfC1C5vtFiGZQnMXGRbDMQerkbhQPQQ9Kq1 /Y4wesz4u4ItFnthhn3zqz4bORczGC19eHK+XFl+LO1UVGB+zUOtyheuG9kMr8EdM2er TJG0pnj73WXqMwJrPwLKtF3lb4dipI2Ysy3RJ0/ZHJqMJhRGSIku67suZtTjgtc6z3HS Uhw7mfG7gG7WQneX4rp1vkIxg6R2qi7N9bMo/oRdlQ5YLuYooDg0S4G2NmWEEGEwASFi aRyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703482080; x=1704086880; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cRysB8cvYPSKAt6SyvAAu4RjPWDEBwqeC3YTz4T4KdA=; b=wTgL3YDGGuwkZGP/S/qA0FkmQuFHk//neFPSifT7WGXEcL8fVMxh1nnw6ej+3JOmmP hu27PtRQK7K86X/jLDmdPRruHsuyT/febPbgf09BLYbzIEkLRPV5Vl/GdJXsydsry1yZ fJWj3Cdfu/bXJz9K2XyXZXiE//GJg9aHFQXxhkBDp+jyxFSJvMrS3eRGDyT0zpDGOTgX QmDKTDApRtNcpI+yvkr9gPdMV3myx/E4LtVNPc5zQxCSnizCg7EH8MywzAW0c7j6JaTJ y5VMvnh/4cZbh3iv3nxByYOJ4ZiiMcsWdQ6058hPNrvK73RTWNtcU3v7uG32JVz9w4++ Fkqw== X-Gm-Message-State: AOJu0YzUCsmhao+z83mW4TUU9UcOJns322cPeNZZfjmUuXGmpwlvJvoe uksPIwmf0viIO32acVH5UlXV4tmfBiKYxVqyjtMytZuZi0hynQ== X-Google-Smtp-Source: AGHT+IEvmzD+ZXl78ggQ8kyFTW5nf8K83dY3CmuLcPqb9AFfQaxDpVcC5xgdnnqHYxkPbAFGxGH+uQ== X-Received: by 2002:a05:6808:23d4:b0:3bb:89ad:9802 with SMTP id bq20-20020a05680823d400b003bb89ad9802mr6230690oib.114.1703482080063; Sun, 24 Dec 2023 21:28:00 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id f7-20020aa79d87000000b006d991505b4csm4555800pfq.76.2023.12.24.21.27.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:27:59 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [v3 10/10] MAINTAINERS: Add section "Detached LUKS header" Date: Mon, 25 Dec 2023 13:27:00 +0800 Message-Id: X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::329; envelope-from=yong.huang@smartx.com; helo=mail-ot1-x329.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org I've built interests in block cryptography and also have been working on projects related to this subsystem. Add a section to the MAINTAINERS file for detached LUKS header, it only has a test case in it currently. Signed-off-by: Hyman Huang --- MAINTAINERS | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 395f26ba86..f0f7b889a3 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -3391,6 +3391,11 @@ F: migration/dirtyrate.c F: migration/dirtyrate.h F: include/sysemu/dirtyrate.h +Detached LUKS header +M: Hyman Huang +S: Maintained +F: tests/qemu-iotests/tests/luks-detached-header + D-Bus M: Marc-André Lureau S: Maintained