* [Qemu-devel] [PATCH v5 0/7] Add new LUKS block driver (for 2.6)
@ 2016-03-17 17:51 Daniel P. Berrange
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 1/7] block: add flag to indicate that no I/O will be performed Daniel P. Berrange
` (6 more replies)
0 siblings, 7 replies; 17+ messages in thread
From: Daniel P. Berrange @ 2016-03-17 17:51 UTC (permalink / raw)
To: qemu-devel; +Cc: Kevin Wolf, Fam Zheng, qemu-block
This series is just the block layer parts needed to add
a LUKS driver to QEMU. It was previously posted as part
of the larger series
v1: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg04748.html
v2: https://lists.gnu.org/archive/html/qemu-block/2016-01/msg00534.html
v3: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03176.html
v4: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06552.html
The crypto subsystem pieces that this series depends on have
been submitted for merge
https://lists.gnu.org/archive/html/qemu-devel/2016-03/msg04371.html
In this posting I am only proposing merge of the generic
LUKS driver. This can be added as a layer above any of the
existing drivers for accessing LUKS formatted volumes.
When creating new volumes, however, only the file backend
can be used, since the block driver API doesn't allow for
arbitrary stacking of protocols when creating images.
The integration with the qcow2 driver to replace the existing
built-in AES-CBC code is dropped from this series, postponed
until the 2.7 development cycle.
There is a QEMU I/O test 149 that exercises the LUKS driver
and checks for compatibility with the dm-crypt/cryptsetup
impl.
Daniel P. Berrange (7):
block: add flag to indicate that no I/O will be performed
qemu-img/qemu-io: don't prompt for passwords if not required
tests: redirect stderr to stdout for iotests
tests: refactor python I/O tests helper main method
tests: add output filter to python I/O tests helper
block: add generic full disk encryption driver
block: drop support for using qcow[2] encryption with system emulators
block.c | 17 +-
block/Makefile.objs | 2 +
block/crypto.c | 587 +++++++++++++
block/io.c | 2 +
block/qcow.c | 11 +
block/qcow2.c | 11 +
include/block/block.h | 2 +
qapi/block-core.json | 22 +-
qemu-img.c | 45 +-
qemu-io.c | 2 +-
tests/qemu-iotests/049.out | 6 -
tests/qemu-iotests/087.out | 22 +-
tests/qemu-iotests/134.out | 18 -
tests/qemu-iotests/149 | 521 ++++++++++++
tests/qemu-iotests/149.out | 1880 +++++++++++++++++++++++++++++++++++++++++
tests/qemu-iotests/common | 7 +
tests/qemu-iotests/group | 1 +
tests/qemu-iotests/iotests.py | 48 +-
18 files changed, 3118 insertions(+), 86 deletions(-)
create mode 100644 block/crypto.c
create mode 100755 tests/qemu-iotests/149
create mode 100644 tests/qemu-iotests/149.out
--
2.5.0
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Qemu-devel] [PATCH v5 1/7] block: add flag to indicate that no I/O will be performed
2016-03-17 17:51 [Qemu-devel] [PATCH v5 0/7] Add new LUKS block driver (for 2.6) Daniel P. Berrange
@ 2016-03-17 17:51 ` Daniel P. Berrange
2016-03-18 11:01 ` Kevin Wolf
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 2/7] qemu-img/qemu-io: don't prompt for passwords if not required Daniel P. Berrange
` (5 subsequent siblings)
6 siblings, 1 reply; 17+ messages in thread
From: Daniel P. Berrange @ 2016-03-17 17:51 UTC (permalink / raw)
To: qemu-devel; +Cc: Kevin Wolf, Fam Zheng, qemu-block
When opening an image it is useful to know whether the caller
intends to perform I/O on the image or not. In the case of
encrypted images this will allow the block driver to avoid
having to prompt for decryption keys when we merely want to
query header metadata about the image. eg qemu-img info
This flag is enforced at the top level only, since even if
we don't want todo I/O on the 'qcow2' file payload, the
underlying 'file' driver will still need todo I/O to read
the qcow2 header, for example.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block.c | 5 +++--
block/io.c | 2 ++
include/block/block.h | 1 +
qemu-img.c | 44 ++++++++++++++++++++++----------------------
4 files changed, 28 insertions(+), 24 deletions(-)
diff --git a/block.c b/block.c
index 59a18a3..4d1a9d3 100644
--- a/block.c
+++ b/block.c
@@ -706,7 +706,8 @@ static void bdrv_inherited_options(int *child_flags, QDict *child_options,
flags |= BDRV_O_UNMAP;
/* Clear flags that only apply to the top layer */
- flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING | BDRV_O_COPY_ON_READ);
+ flags &= ~(BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING | BDRV_O_COPY_ON_READ |
+ BDRV_O_NO_IO);
*child_flags = flags;
}
@@ -726,7 +727,7 @@ static void bdrv_inherited_fmt_options(int *child_flags, QDict *child_options,
child_file.inherit_options(child_flags, child_options,
parent_flags, parent_options);
- *child_flags &= ~BDRV_O_PROTOCOL;
+ *child_flags &= ~(BDRV_O_PROTOCOL | BDRV_O_NO_IO);
}
const BdrvChildRole child_format = {
diff --git a/block/io.c b/block/io.c
index a69bfc4..010e25a 100644
--- a/block/io.c
+++ b/block/io.c
@@ -862,6 +862,7 @@ static int coroutine_fn bdrv_aligned_preadv(BlockDriverState *bs,
assert((offset & (BDRV_SECTOR_SIZE - 1)) == 0);
assert((bytes & (BDRV_SECTOR_SIZE - 1)) == 0);
assert(!qiov || bytes == qiov->size);
+ assert((bs->open_flags & BDRV_O_NO_IO) == 0);
/* Handle Copy on Read and associated serialisation */
if (flags & BDRV_REQ_COPY_ON_READ) {
@@ -1148,6 +1149,7 @@ static int coroutine_fn bdrv_aligned_pwritev(BlockDriverState *bs,
assert((offset & (BDRV_SECTOR_SIZE - 1)) == 0);
assert((bytes & (BDRV_SECTOR_SIZE - 1)) == 0);
assert(!qiov || bytes == qiov->size);
+ assert((bs->open_flags & BDRV_O_NO_IO) == 0);
waited = wait_serialising_requests(req);
assert(!waited || !req->serialising);
diff --git a/include/block/block.h b/include/block/block.h
index eaa6426..bb8e97d 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -93,6 +93,7 @@ typedef struct HDGeometry {
#define BDRV_O_PROTOCOL 0x8000 /* if no block driver is explicitly given:
select an appropriate protocol driver,
ignoring the format layer */
+#define BDRV_O_NO_IO 0x10000 /* don't initialize for I/O */
#define BDRV_O_CACHE_MASK (BDRV_O_NOCACHE | BDRV_O_CACHE_WB | BDRV_O_NO_FLUSH)
diff --git a/qemu-img.c b/qemu-img.c
index 3103150..a03e501 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -224,13 +224,13 @@ static int print_block_option_help(const char *filename, const char *fmt)
static int img_open_password(BlockBackend *blk, const char *filename,
- bool require_io, bool quiet)
+ int flags, bool quiet)
{
BlockDriverState *bs;
char password[256];
bs = blk_bs(blk);
- if (bdrv_is_encrypted(bs) && require_io) {
+ if (bdrv_is_encrypted(bs) && !(flags & BDRV_O_NO_IO)) {
qprintf(quiet, "Disk image '%s' is encrypted.\n", filename);
if (qemu_read_password(password, sizeof(password)) < 0) {
error_report("No password given");
@@ -248,7 +248,7 @@ static int img_open_password(BlockBackend *blk, const char *filename,
static BlockBackend *img_open_opts(const char *id,
const char *optstr,
QemuOpts *opts, int flags,
- bool require_io, bool quiet)
+ bool quiet)
{
QDict *options;
Error *local_err = NULL;
@@ -260,7 +260,7 @@ static BlockBackend *img_open_opts(const char *id,
return NULL;
}
- if (img_open_password(blk, optstr, require_io, quiet) < 0) {
+ if (img_open_password(blk, optstr, flags, quiet) < 0) {
blk_unref(blk);
return NULL;
}
@@ -269,7 +269,7 @@ static BlockBackend *img_open_opts(const char *id,
static BlockBackend *img_open_file(const char *id, const char *filename,
const char *fmt, int flags,
- bool require_io, bool quiet)
+ bool quiet)
{
BlockBackend *blk;
Error *local_err = NULL;
@@ -286,7 +286,7 @@ static BlockBackend *img_open_file(const char *id, const char *filename,
return NULL;
}
- if (img_open_password(blk, filename, require_io, quiet) < 0) {
+ if (img_open_password(blk, filename, flags, quiet) < 0) {
blk_unref(blk);
return NULL;
}
@@ -298,7 +298,7 @@ static BlockBackend *img_open(const char *id,
bool image_opts,
const char *filename,
const char *fmt, int flags,
- bool require_io, bool quiet)
+ bool quiet)
{
BlockBackend *blk;
if (image_opts) {
@@ -312,9 +312,9 @@ static BlockBackend *img_open(const char *id,
if (!opts) {
return NULL;
}
- blk = img_open_opts(id, filename, opts, flags, true, quiet);
+ blk = img_open_opts(id, filename, opts, flags, quiet);
} else {
- blk = img_open_file(id, filename, fmt, flags, true, quiet);
+ blk = img_open_file(id, filename, fmt, flags, quiet);
}
return blk;
}
@@ -686,7 +686,7 @@ static int img_check(int argc, char **argv)
return 1;
}
- blk = img_open("image", image_opts, filename, fmt, flags, true, quiet);
+ blk = img_open("image", image_opts, filename, fmt, flags, quiet);
if (!blk) {
return 1;
}
@@ -878,7 +878,7 @@ static int img_commit(int argc, char **argv)
return 1;
}
- blk = img_open("image", image_opts, filename, fmt, flags, true, quiet);
+ blk = img_open("image", image_opts, filename, fmt, flags, quiet);
if (!blk) {
return 1;
}
@@ -1212,13 +1212,13 @@ static int img_compare(int argc, char **argv)
goto out3;
}
- blk1 = img_open("image_1", image_opts, filename1, fmt1, flags, true, quiet);
+ blk1 = img_open("image_1", image_opts, filename1, fmt1, flags, quiet);
if (!blk1) {
ret = 2;
goto out3;
}
- blk2 = img_open("image_2", image_opts, filename2, fmt2, flags, true, quiet);
+ blk2 = img_open("image_2", image_opts, filename2, fmt2, flags, quiet);
if (!blk2) {
ret = 2;
goto out2;
@@ -1902,7 +1902,7 @@ static int img_convert(int argc, char **argv)
char *id = bs_n > 1 ? g_strdup_printf("source_%d", bs_i)
: g_strdup("source");
blk[bs_i] = img_open(id, image_opts, argv[optind + bs_i],
- fmt, src_flags, true, quiet);
+ fmt, src_flags, quiet);
g_free(id);
if (!blk[bs_i]) {
ret = -1;
@@ -2049,7 +2049,7 @@ static int img_convert(int argc, char **argv)
* Not critical right now, so fix can wait...
*/
out_blk = img_open_file("target", out_filename,
- out_fmt, flags, true, quiet);
+ out_fmt, flags, quiet);
if (!out_blk) {
ret = -1;
goto out;
@@ -2241,8 +2241,8 @@ static ImageInfoList *collect_image_info_list(bool image_opts,
g_hash_table_insert(filenames, (gpointer)filename, NULL);
blk = img_open("image", image_opts, filename, fmt,
- BDRV_O_FLAGS | BDRV_O_NO_BACKING,
- false, false);
+ BDRV_O_FLAGS | BDRV_O_NO_BACKING | BDRV_O_NO_IO,
+ false);
if (!blk) {
goto err;
}
@@ -2573,7 +2573,7 @@ static int img_map(int argc, char **argv)
}
blk = img_open("image", image_opts, filename, fmt,
- BDRV_O_FLAGS, true, false);
+ BDRV_O_FLAGS, false);
if (!blk) {
return 1;
}
@@ -2719,7 +2719,7 @@ static int img_snapshot(int argc, char **argv)
/* Open the image */
blk = img_open("image", image_opts, filename, NULL,
- bdrv_oflags, true, quiet);
+ bdrv_oflags, quiet);
if (!blk) {
return 1;
}
@@ -2890,7 +2890,7 @@ static int img_rebase(int argc, char **argv)
* Ignore the old backing file for unsafe rebase in case we want to correct
* the reference to a renamed or moved backing file.
*/
- blk = img_open("image", image_opts, filename, fmt, flags, true, quiet);
+ blk = img_open("image", image_opts, filename, fmt, flags, quiet);
if (!blk) {
ret = -1;
goto out;
@@ -3228,7 +3228,7 @@ static int img_resize(int argc, char **argv)
qemu_opts_del(param);
blk = img_open("image", image_opts, filename, fmt,
- BDRV_O_FLAGS | BDRV_O_RDWR, true, quiet);
+ BDRV_O_FLAGS | BDRV_O_RDWR, quiet);
if (!blk) {
ret = -1;
goto out;
@@ -3387,7 +3387,7 @@ static int img_amend(int argc, char **argv)
goto out;
}
- blk = img_open("image", image_opts, filename, fmt, flags, true, quiet);
+ blk = img_open("image", image_opts, filename, fmt, flags, quiet);
if (!blk) {
ret = -1;
goto out;
--
2.5.0
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Qemu-devel] [PATCH v5 2/7] qemu-img/qemu-io: don't prompt for passwords if not required
2016-03-17 17:51 [Qemu-devel] [PATCH v5 0/7] Add new LUKS block driver (for 2.6) Daniel P. Berrange
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 1/7] block: add flag to indicate that no I/O will be performed Daniel P. Berrange
@ 2016-03-17 17:51 ` Daniel P. Berrange
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 3/7] tests: redirect stderr to stdout for iotests Daniel P. Berrange
` (4 subsequent siblings)
6 siblings, 0 replies; 17+ messages in thread
From: Daniel P. Berrange @ 2016-03-17 17:51 UTC (permalink / raw)
To: qemu-devel; +Cc: Kevin Wolf, Fam Zheng, qemu-block
The qemu-img/qemu-io tools prompt for disk encryption passwords
regardless of whether any are actually required. Adding a check
on bdrv_key_required() avoids this prompt for disk formats which
have been converted to the QCryptoSecret APIs.
This is just a temporary hack to ensure the block I/O tests
continue to work after each patch, since the last patch will
completely delete all the password prompting code.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
qemu-img.c | 3 ++-
qemu-io.c | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/qemu-img.c b/qemu-img.c
index a03e501..21b45fd 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -230,7 +230,8 @@ static int img_open_password(BlockBackend *blk, const char *filename,
char password[256];
bs = blk_bs(blk);
- if (bdrv_is_encrypted(bs) && !(flags & BDRV_O_NO_IO)) {
+ if (bdrv_is_encrypted(bs) && bdrv_key_required(bs) &&
+ !(flags & BDRV_O_NO_IO)) {
qprintf(quiet, "Disk image '%s' is encrypted.\n", filename);
if (qemu_read_password(password, sizeof(password)) < 0) {
error_report("No password given");
diff --git a/qemu-io.c b/qemu-io.c
index 8c31257..d825723 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -69,7 +69,7 @@ static int openfile(char *name, int flags, QDict *opts)
}
bs = blk_bs(qemuio_blk);
- if (bdrv_is_encrypted(bs)) {
+ if (bdrv_is_encrypted(bs) && bdrv_key_required(bs)) {
char password[256];
printf("Disk image '%s' is encrypted.\n", name);
if (qemu_read_password(password, sizeof(password)) < 0) {
--
2.5.0
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Qemu-devel] [PATCH v5 3/7] tests: redirect stderr to stdout for iotests
2016-03-17 17:51 [Qemu-devel] [PATCH v5 0/7] Add new LUKS block driver (for 2.6) Daniel P. Berrange
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 1/7] block: add flag to indicate that no I/O will be performed Daniel P. Berrange
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 2/7] qemu-img/qemu-io: don't prompt for passwords if not required Daniel P. Berrange
@ 2016-03-17 17:51 ` Daniel P. Berrange
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 4/7] tests: refactor python I/O tests helper main method Daniel P. Berrange
` (3 subsequent siblings)
6 siblings, 0 replies; 17+ messages in thread
From: Daniel P. Berrange @ 2016-03-17 17:51 UTC (permalink / raw)
To: qemu-devel; +Cc: Kevin Wolf, Fam Zheng, qemu-block
The python I/O tests helper for running qemu-img/qemu-io
setup stdout to be captured to a pipe, but left stderr
untouched. As a result, if something failed in qemu-img/
qemu-io, data written to stderr would get output directly
and not line up with data on the test stdout due to
buffering. If we explicitly redirect stderr to the same
pipe as stdout, things are much clearer when they go
wrong.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
tests/qemu-iotests/iotests.py | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 0a238ec..5f82bbe 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -71,7 +71,9 @@ def qemu_img_verbose(*args):
def qemu_img_pipe(*args):
'''Run qemu-img and return its output'''
- subp = subprocess.Popen(qemu_img_args + list(args), stdout=subprocess.PIPE)
+ subp = subprocess.Popen(qemu_img_args + list(args),
+ stdout=subprocess.PIPE,
+ stderr=subprocess.STDOUT)
exitcode = subp.wait()
if exitcode < 0:
sys.stderr.write('qemu-img received signal %i: %s\n' % (-exitcode, ' '.join(qemu_img_args + list(args))))
@@ -80,7 +82,8 @@ def qemu_img_pipe(*args):
def qemu_io(*args):
'''Run qemu-io and return the stdout data'''
args = qemu_io_args + list(args)
- subp = subprocess.Popen(args, stdout=subprocess.PIPE)
+ subp = subprocess.Popen(args, stdout=subprocess.PIPE,
+ stderr=subprocess.STDOUT)
exitcode = subp.wait()
if exitcode < 0:
sys.stderr.write('qemu-io received signal %i: %s\n' % (-exitcode, ' '.join(args)))
--
2.5.0
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Qemu-devel] [PATCH v5 4/7] tests: refactor python I/O tests helper main method
2016-03-17 17:51 [Qemu-devel] [PATCH v5 0/7] Add new LUKS block driver (for 2.6) Daniel P. Berrange
` (2 preceding siblings ...)
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 3/7] tests: redirect stderr to stdout for iotests Daniel P. Berrange
@ 2016-03-17 17:51 ` Daniel P. Berrange
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 5/7] tests: add output filter to python I/O tests helper Daniel P. Berrange
` (2 subsequent siblings)
6 siblings, 0 replies; 17+ messages in thread
From: Daniel P. Berrange @ 2016-03-17 17:51 UTC (permalink / raw)
To: qemu-devel; +Cc: Kevin Wolf, Fam Zheng, qemu-block
The iotests.py helper provides a main() method for running
tests via the python unit test framework. Not all tests
will want to use this, so refactor it to split the testing
of compatible formats and platforms into separate helper
methods
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
tests/qemu-iotests/iotests.py | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 5f82bbe..51e53bb 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -29,7 +29,8 @@ import qtest
import struct
__all__ = ['imgfmt', 'imgproto', 'test_dir' 'qemu_img', 'qemu_io',
- 'VM', 'QMPTestCase', 'notrun', 'main']
+ 'VM', 'QMPTestCase', 'notrun', 'main', 'verify_image_format',
+ 'verify_platform']
# This will not work if arguments contain spaces but is necessary if we
# want to support the override options that ./check supports.
@@ -394,17 +395,22 @@ def notrun(reason):
print '%s not run: %s' % (seq, reason)
sys.exit(0)
-def main(supported_fmts=[], supported_oses=['linux']):
- '''Run tests'''
-
- debug = '-d' in sys.argv
- verbosity = 1
+def verify_image_format(supported_fmts=[]):
if supported_fmts and (imgfmt not in supported_fmts):
notrun('not suitable for this image format: %s' % imgfmt)
+def verify_platform(supported_oses=['linux']):
if True not in [sys.platform.startswith(x) for x in supported_oses]:
notrun('not suitable for this OS: %s' % sys.platform)
+def main(supported_fmts=[], supported_oses=['linux']):
+ '''Run tests'''
+
+ debug = '-d' in sys.argv
+ verbosity = 1
+ verify_image_format(supported_fmts)
+ verify_platform(supported_oses)
+
# We need to filter out the time taken from the output so that qemu-iotest
# can reliably diff the results against master output.
import StringIO
--
2.5.0
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Qemu-devel] [PATCH v5 5/7] tests: add output filter to python I/O tests helper
2016-03-17 17:51 [Qemu-devel] [PATCH v5 0/7] Add new LUKS block driver (for 2.6) Daniel P. Berrange
` (3 preceding siblings ...)
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 4/7] tests: refactor python I/O tests helper main method Daniel P. Berrange
@ 2016-03-17 17:51 ` Daniel P. Berrange
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 6/7] block: add generic full disk encryption driver Daniel P. Berrange
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 7/7] block: drop support for using qcow[2] encryption with system emulators Daniel P. Berrange
6 siblings, 0 replies; 17+ messages in thread
From: Daniel P. Berrange @ 2016-03-17 17:51 UTC (permalink / raw)
To: qemu-devel; +Cc: Kevin Wolf, Fam Zheng, qemu-block
Add a 'log' method to iotests.py which prints messages to
stdout, with optional filtering of data. Port over some
standard filters already present in the shell common.filter
code to be usable in python too.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
tests/qemu-iotests/iotests.py | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 51e53bb..8499e1b 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -30,7 +30,8 @@ import struct
__all__ = ['imgfmt', 'imgproto', 'test_dir' 'qemu_img', 'qemu_io',
'VM', 'QMPTestCase', 'notrun', 'main', 'verify_image_format',
- 'verify_platform']
+ 'verify_platform', 'filter_test_dir', 'filter_win32',
+ 'filter_qemu_io', 'filter_chown', 'log']
# This will not work if arguments contain spaces but is necessary if we
# want to support the override options that ./check supports.
@@ -105,6 +106,28 @@ def create_image(name, size):
i = i + 512
file.close()
+test_dir_re = re.compile(r"%s" % test_dir)
+def filter_test_dir(msg):
+ return test_dir_re.sub("TEST_DIR", msg)
+
+win32_re = re.compile(r"\r")
+def filter_win32(msg):
+ return win32_re.sub("", msg)
+
+qemu_io_re = re.compile(r"[0-9]* ops; [0-9\/:. sec]* \([0-9\/.inf]* [EPTGMKiBbytes]*\/sec and [0-9\/.inf]* ops\/sec\)")
+def filter_qemu_io(msg):
+ msg = filter_win32(msg)
+ return qemu_io_re.sub("X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)", msg)
+
+chown_re = re.compile(r"chown [0-9]+:[0-9]+")
+def filter_chown(msg):
+ return chown_re.sub("chown UID:GID", msg)
+
+def log(msg, filters=[]):
+ for flt in filters:
+ msg = flt(msg)
+ print msg
+
# Test if 'match' is a recursive subset of 'event'
def event_match(event, match=None):
if match is None:
--
2.5.0
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Qemu-devel] [PATCH v5 6/7] block: add generic full disk encryption driver
2016-03-17 17:51 [Qemu-devel] [PATCH v5 0/7] Add new LUKS block driver (for 2.6) Daniel P. Berrange
` (4 preceding siblings ...)
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 5/7] tests: add output filter to python I/O tests helper Daniel P. Berrange
@ 2016-03-17 17:51 ` Daniel P. Berrange
2016-03-18 12:09 ` Kevin Wolf
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 7/7] block: drop support for using qcow[2] encryption with system emulators Daniel P. Berrange
6 siblings, 1 reply; 17+ messages in thread
From: Daniel P. Berrange @ 2016-03-17 17:51 UTC (permalink / raw)
To: qemu-devel; +Cc: Kevin Wolf, Fam Zheng, qemu-block
Add a block driver that is capable of supporting any full disk
encryption format. This utilizes the previously added block
encryption code, and at this time supports the LUKS format.
The driver code is capable of supporting any format supported
by the QCryptoBlock module, so it registers one block driver
for each format. This patch only registers the "luks" driver
since the "qcow" driver is there only for back-compatibility
with existing qcow built-in encryption.
New LUKS compatible volumes can be formatted using qemu-img
with defaults for all settings.
$ qemu-img create --object secret,data=123456,id=sec0 \
-f luks -o key-secret=sec0 demo.luks 10G
Alternatively the cryptographic settings can be explicitly
set
$ qemu-img create --object secret,data=123456,id=sec0 \
-f luks -o key-secret=sec0,cipher-alg=aes-256,\
cipher-mode=cbc,ivgen-alg=plain64,hash-alg=sha256 \
demo.luks 10G
And query its size
$ qemu-img info demo.img
image: demo.img
file format: luks
virtual size: 10G (10737418240 bytes)
disk size: 132K
encrypted: yes
Note that it was not necessary to provide the password
when querying info for the volume. The password is only
required when performing I/O on the volume
All volumes created by this new 'luks' driver should be
capable of being opened by the kernel dm-crypt driver.
The only algorithms listed in the LUKS spec that are
not currently supported by this impl are sha512 and
ripemd160 hashes and cast6 cipher.
A new I/O test is added which is used to validate the
interoperability of the QEMU implementation of LUKS,
with the dm-crypt/cryptsetup implementation. Due to
the need to run cryptsetup as root, this test requires
that the user have password-less sudo configured.
The test is set to only run against the 'luks' format
so needs to be manually invoked with
cd tests/qemu-iotests
./check -luks 149
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/Makefile.objs | 2 +
block/crypto.c | 587 ++++++++++++
qapi/block-core.json | 22 +-
tests/qemu-iotests/149 | 521 ++++++++++
tests/qemu-iotests/149.out | 2252 ++++++++++++++++++++++++++++++++++++++++++++
tests/qemu-iotests/common | 7 +
tests/qemu-iotests/group | 1 +
7 files changed, 3390 insertions(+), 2 deletions(-)
create mode 100644 block/crypto.c
create mode 100755 tests/qemu-iotests/149
create mode 100644 tests/qemu-iotests/149.out
diff --git a/block/Makefile.objs b/block/Makefile.objs
index cdd8655..3426a15 100644
--- a/block/Makefile.objs
+++ b/block/Makefile.objs
@@ -23,6 +23,8 @@ block-obj-$(CONFIG_LIBSSH2) += ssh.o
block-obj-y += accounting.o dirty-bitmap.o
block-obj-y += write-threshold.o
+block-obj-y += crypto.o
+
common-obj-y += stream.o
common-obj-y += commit.o
common-obj-y += backup.o
diff --git a/block/crypto.c b/block/crypto.c
new file mode 100644
index 0000000..5efca6c
--- /dev/null
+++ b/block/crypto.c
@@ -0,0 +1,587 @@
+/*
+ * QEMU block full disk encryption
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+
+#include "block/block_int.h"
+#include "crypto/block.h"
+#include "qapi/opts-visitor.h"
+#include "qapi-visit.h"
+
+#define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret"
+#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg"
+#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode"
+#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg"
+#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg"
+#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
+
+typedef struct BlockCrypto BlockCrypto;
+
+struct BlockCrypto {
+ QCryptoBlock *block;
+ CoMutex lock;
+};
+
+
+static int block_crypto_probe_generic(QCryptoBlockFormat format,
+ const uint8_t *buf,
+ int buf_size,
+ const char *filename)
+{
+ if (qcrypto_block_has_format(format,
+ buf, buf_size)) {
+ return 100;
+ } else {
+ return 0;
+ }
+}
+
+
+static ssize_t block_crypto_read_func(QCryptoBlock *block,
+ size_t offset,
+ uint8_t *buf,
+ size_t buflen,
+ Error **errp,
+ void *opaque)
+{
+ BlockDriverState *bs = opaque;
+ ssize_t ret;
+
+ ret = bdrv_pread(bs->file->bs, offset, buf, buflen);
+ if (ret < 0) {
+ error_setg_errno(errp, -ret, "Could not read encryption header");
+ return ret;
+ }
+ return ret;
+}
+
+
+struct BlockCryptoCreateData {
+ const char *filename;
+ QemuOpts *opts;
+ BlockDriverState *bs;
+ uint64_t size;
+};
+
+
+static ssize_t block_crypto_write_func(QCryptoBlock *block,
+ size_t offset,
+ const uint8_t *buf,
+ size_t buflen,
+ Error **errp,
+ void *opaque)
+{
+ struct BlockCryptoCreateData *data = opaque;
+ ssize_t ret;
+
+ ret = bdrv_pwrite(data->bs, offset, buf, buflen);
+ if (ret < 0) {
+ error_setg_errno(errp, -ret, "Could not write encryption header");
+ return ret;
+ }
+ return ret;
+}
+
+
+static ssize_t block_crypto_init_func(QCryptoBlock *block,
+ size_t headerlen,
+ Error **errp,
+ void *opaque)
+{
+ struct BlockCryptoCreateData *data = opaque;
+ int ret;
+
+ /* User provided size should reflect amount of space made
+ * available to the guest, so we must take account of that
+ * which will be used by the crypto header
+ */
+ data->size += headerlen;
+
+ qemu_opt_set_number(data->opts, BLOCK_OPT_SIZE, data->size, &error_abort);
+ ret = bdrv_create_file(data->filename, data->opts, errp);
+ if (ret < 0) {
+ return -1;
+ }
+
+ ret = bdrv_open(&data->bs, data->filename, NULL, NULL,
+ BDRV_O_RDWR | BDRV_O_PROTOCOL, errp);
+ if (ret < 0) {
+ return -1;
+ }
+
+ return 0;
+}
+
+
+static QemuOptsList block_crypto_runtime_opts_luks = {
+ .name = "crypto",
+ .head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head),
+ .desc = {
+ {
+ .name = BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
+ .type = QEMU_OPT_STRING,
+ .help = "ID of the secret that provides the encryption key",
+ },
+ { /* end of list */ }
+ },
+};
+
+
+static QemuOptsList block_crypto_create_opts_luks = {
+ .name = "crypto",
+ .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head),
+ .desc = {
+ {
+ .name = BLOCK_OPT_SIZE,
+ .type = QEMU_OPT_SIZE,
+ .help = "Virtual disk size"
+ },
+ {
+ .name = BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
+ .type = QEMU_OPT_STRING,
+ .help = "ID of the secret that provides the encryption key",
+ },
+ {
+ .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG,
+ .type = QEMU_OPT_STRING,
+ .help = "Name of encryption cipher algorithm",
+ },
+ {
+ .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE,
+ .type = QEMU_OPT_STRING,
+ .help = "Name of encryption cipher mode",
+ },
+ {
+ .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG,
+ .type = QEMU_OPT_STRING,
+ .help = "Name of IV generator algorithm",
+ },
+ {
+ .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG,
+ .type = QEMU_OPT_STRING,
+ .help = "Name of IV generator hash algorithm",
+ },
+ {
+ .name = BLOCK_CRYPTO_OPT_LUKS_HASH_ALG,
+ .type = QEMU_OPT_STRING,
+ .help = "Name of encryption hash algorithm",
+ },
+ { /* end of list */ }
+ },
+};
+
+
+static QCryptoBlockOpenOptions *
+block_crypto_open_opts_init(QCryptoBlockFormat format,
+ QemuOpts *opts,
+ Error **errp)
+{
+ OptsVisitor *ov;
+ QCryptoBlockOpenOptions *ret = NULL;
+ Error *local_err = NULL;
+
+ ret = g_new0(QCryptoBlockOpenOptions, 1);
+ ret->format = format;
+
+ ov = opts_visitor_new(opts);
+
+ visit_start_struct(opts_get_visitor(ov),
+ "luks", NULL, 0, &local_err);
+ if (local_err) {
+ goto out;
+ }
+
+ switch (format) {
+ case Q_CRYPTO_BLOCK_FORMAT_LUKS:
+ visit_type_QCryptoBlockOptionsLUKS_members(
+ opts_get_visitor(ov), &ret->u.luks, &local_err);
+ break;
+
+ default:
+ error_setg(&local_err, "Unsupported block format %d", format);
+ break;
+ }
+ error_propagate(errp, local_err);
+ local_err = NULL;
+
+ visit_end_struct(opts_get_visitor(ov), &local_err);
+
+ out:
+ if (local_err) {
+ error_propagate(errp, local_err);
+ qapi_free_QCryptoBlockOpenOptions(ret);
+ ret = NULL;
+ }
+ opts_visitor_cleanup(ov);
+ return ret;
+}
+
+
+static QCryptoBlockCreateOptions *
+block_crypto_create_opts_init(QCryptoBlockFormat format,
+ QemuOpts *opts,
+ Error **errp)
+{
+ OptsVisitor *ov;
+ QCryptoBlockCreateOptions *ret = NULL;
+ Error *local_err = NULL;
+
+ ret = g_new0(QCryptoBlockCreateOptions, 1);
+ ret->format = format;
+
+ ov = opts_visitor_new(opts);
+
+ visit_start_struct(opts_get_visitor(ov),
+ "luks", NULL, 0, &local_err);
+ if (local_err) {
+ goto out;
+ }
+
+ switch (format) {
+ case Q_CRYPTO_BLOCK_FORMAT_LUKS:
+ visit_type_QCryptoBlockCreateOptionsLUKS_members(
+ opts_get_visitor(ov), &ret->u.luks, &local_err);
+ break;
+
+ default:
+ error_setg(&local_err, "Unsupported block format %d", format);
+ break;
+ }
+ error_propagate(errp, local_err);
+ local_err = NULL;
+
+ visit_end_struct(opts_get_visitor(ov), &local_err);
+
+ out:
+ if (local_err) {
+ error_propagate(errp, local_err);
+ qapi_free_QCryptoBlockCreateOptions(ret);
+ ret = NULL;
+ }
+ opts_visitor_cleanup(ov);
+ return ret;
+}
+
+
+static int block_crypto_open_generic(QCryptoBlockFormat format,
+ QemuOptsList *opts_spec,
+ BlockDriverState *bs,
+ QDict *options,
+ int flags,
+ Error **errp)
+{
+ BlockCrypto *crypto = bs->opaque;
+ QemuOpts *opts = NULL;
+ Error *local_err = NULL;
+ int ret = -EINVAL;
+ QCryptoBlockOpenOptions *open_opts = NULL;
+ unsigned int cflags = 0;
+
+ opts = qemu_opts_create(opts_spec, NULL, 0, &error_abort);
+ qemu_opts_absorb_qdict(opts, options, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ goto cleanup;
+ }
+
+ open_opts = block_crypto_open_opts_init(format, opts, errp);
+ if (!open_opts) {
+ goto cleanup;
+ }
+
+ if (flags & BDRV_O_NO_IO) {
+ cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
+ }
+ crypto->block = qcrypto_block_open(open_opts,
+ block_crypto_read_func,
+ bs,
+ cflags,
+ errp);
+
+ if (!crypto->block) {
+ ret = -EIO;
+ goto cleanup;
+ }
+
+ bs->encrypted = 1;
+ bs->valid_key = 1;
+
+ qemu_co_mutex_init(&crypto->lock);
+
+ ret = 0;
+ cleanup:
+ qapi_free_QCryptoBlockOpenOptions(open_opts);
+ return ret;
+}
+
+
+static int block_crypto_create_generic(QCryptoBlockFormat format,
+ const char *filename,
+ QemuOpts *opts,
+ Error **errp)
+{
+ int ret = -EINVAL;
+ QCryptoBlockCreateOptions *create_opts = NULL;
+ QCryptoBlock *crypto = NULL;
+ struct BlockCryptoCreateData data;
+
+ data.size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
+ BDRV_SECTOR_SIZE);
+ data.opts = opts;
+ data.filename = filename;
+ data.bs = NULL;
+
+ create_opts = block_crypto_create_opts_init(format, opts, errp);
+ if (!create_opts) {
+ return -1;
+ }
+
+ crypto = qcrypto_block_create(create_opts,
+ block_crypto_init_func,
+ block_crypto_write_func,
+ &data,
+ errp);
+
+ if (!crypto) {
+ ret = -EIO;
+ goto cleanup;
+ }
+
+ ret = 0;
+ cleanup:
+ qcrypto_block_free(crypto);
+ bdrv_unref(data.bs);
+ qapi_free_QCryptoBlockCreateOptions(create_opts);
+ return ret;
+}
+
+static void block_crypto_close(BlockDriverState *bs)
+{
+ BlockCrypto *crypto = bs->opaque;
+ qcrypto_block_free(crypto->block);
+}
+
+
+#define BLOCK_CRYPTO_MAX_SECTORS 32
+
+static coroutine_fn int
+block_crypto_co_readv(BlockDriverState *bs, int64_t sector_num,
+ int remaining_sectors, QEMUIOVector *qiov)
+{
+ BlockCrypto *crypto = bs->opaque;
+ int cur_nr_sectors; /* number of sectors in current iteration */
+ uint64_t bytes_done = 0;
+ uint8_t *cipher_data = NULL;
+ QEMUIOVector hd_qiov;
+ int ret = 0;
+ size_t payload_offset =
+ qcrypto_block_get_payload_offset(crypto->block) / 512;
+
+ qemu_iovec_init(&hd_qiov, qiov->niov);
+
+ qemu_co_mutex_lock(&crypto->lock);
+
+ /* Bounce buffer so we have a linear mem region for
+ * entire sector. XXX optimize so we avoid bounce
+ * buffer in case that qiov->niov == 1
+ */
+ cipher_data =
+ qemu_try_blockalign(bs->file->bs, BLOCK_CRYPTO_MAX_SECTORS * 512);
+ if (cipher_data == NULL) {
+ ret = -ENOMEM;
+ goto cleanup;
+ }
+
+ while (remaining_sectors) {
+ cur_nr_sectors = remaining_sectors;
+
+ if (cur_nr_sectors > BLOCK_CRYPTO_MAX_SECTORS) {
+ cur_nr_sectors = BLOCK_CRYPTO_MAX_SECTORS;
+ }
+
+ qemu_iovec_reset(&hd_qiov);
+ qemu_iovec_add(&hd_qiov, cipher_data, cur_nr_sectors * 512);
+
+ qemu_co_mutex_unlock(&crypto->lock);
+ ret = bdrv_co_readv(bs->file->bs,
+ payload_offset + sector_num,
+ cur_nr_sectors, &hd_qiov);
+ qemu_co_mutex_lock(&crypto->lock);
+ if (ret < 0) {
+ goto cleanup;
+ }
+
+ if (qcrypto_block_decrypt(crypto->block,
+ sector_num,
+ cipher_data, cur_nr_sectors * 512,
+ NULL) < 0) {
+ ret = -1;
+ goto cleanup;
+ }
+
+ qemu_iovec_from_buf(qiov, bytes_done,
+ cipher_data, cur_nr_sectors * 512);
+
+ remaining_sectors -= cur_nr_sectors;
+ sector_num += cur_nr_sectors;
+ bytes_done += cur_nr_sectors * 512;
+ }
+
+ cleanup:
+ qemu_co_mutex_unlock(&crypto->lock);
+
+ qemu_iovec_destroy(&hd_qiov);
+ qemu_vfree(cipher_data);
+
+ return ret;
+}
+
+
+static coroutine_fn int
+block_crypto_co_writev(BlockDriverState *bs, int64_t sector_num,
+ int remaining_sectors, QEMUIOVector *qiov)
+{
+ BlockCrypto *crypto = bs->opaque;
+ int cur_nr_sectors; /* number of sectors in current iteration */
+ uint64_t bytes_done = 0;
+ uint8_t *cipher_data = NULL;
+ QEMUIOVector hd_qiov;
+ int ret = 0;
+ size_t payload_offset =
+ qcrypto_block_get_payload_offset(crypto->block) / 512;
+
+ qemu_iovec_init(&hd_qiov, qiov->niov);
+
+ qemu_co_mutex_lock(&crypto->lock);
+
+ /* Bounce buffer so we have a linear mem region for
+ * entire sector. XXX optimize so we avoid bounce
+ * buffer in case that qiov->niov == 1
+ */
+ cipher_data =
+ qemu_try_blockalign(bs->file->bs, BLOCK_CRYPTO_MAX_SECTORS * 512);
+ if (cipher_data == NULL) {
+ ret = -ENOMEM;
+ goto cleanup;
+ }
+
+ while (remaining_sectors) {
+ cur_nr_sectors = remaining_sectors;
+
+ if (cur_nr_sectors > BLOCK_CRYPTO_MAX_SECTORS) {
+ cur_nr_sectors = BLOCK_CRYPTO_MAX_SECTORS;
+ }
+
+ qemu_iovec_to_buf(qiov, bytes_done,
+ cipher_data, cur_nr_sectors * 512);
+
+ if (qcrypto_block_encrypt(crypto->block,
+ sector_num,
+ cipher_data, cur_nr_sectors * 512,
+ NULL) < 0) {
+ ret = -1;
+ goto cleanup;
+ }
+
+ qemu_iovec_reset(&hd_qiov);
+ qemu_iovec_add(&hd_qiov, cipher_data, cur_nr_sectors * 512);
+
+ qemu_co_mutex_unlock(&crypto->lock);
+ ret = bdrv_co_writev(bs->file->bs,
+ payload_offset + sector_num,
+ cur_nr_sectors, &hd_qiov);
+ qemu_co_mutex_lock(&crypto->lock);
+ if (ret < 0) {
+ goto cleanup;
+ }
+
+ remaining_sectors -= cur_nr_sectors;
+ sector_num += cur_nr_sectors;
+ bytes_done += cur_nr_sectors * 512;
+ }
+
+ cleanup:
+ qemu_co_mutex_unlock(&crypto->lock);
+
+ qemu_iovec_destroy(&hd_qiov);
+ qemu_vfree(cipher_data);
+
+ return ret;
+}
+
+
+static int64_t block_crypto_getlength(BlockDriverState *bs)
+{
+ BlockCrypto *crypto = bs->opaque;
+ int64_t len = bdrv_getlength(bs->file->bs);
+
+ ssize_t offset = qcrypto_block_get_payload_offset(crypto->block);
+
+ len -= offset;
+
+ return len;
+}
+
+
+static int block_crypto_probe_luks(const uint8_t *buf,
+ int buf_size,
+ const char *filename) {
+ return block_crypto_probe_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
+ buf, buf_size, filename);
+}
+
+static int block_crypto_open_luks(BlockDriverState *bs,
+ QDict *options,
+ int flags,
+ Error **errp)
+{
+ return block_crypto_open_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
+ &block_crypto_runtime_opts_luks,
+ bs, options, flags, errp);
+}
+
+static int block_crypto_create_luks(const char *filename,
+ QemuOpts *opts,
+ Error **errp)
+{
+ return block_crypto_create_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
+ filename, opts, errp);
+}
+
+BlockDriver bdrv_crypto_luks = {
+ .format_name = "luks",
+ .instance_size = sizeof(BlockCrypto),
+ .bdrv_probe = block_crypto_probe_luks,
+ .bdrv_open = block_crypto_open_luks,
+ .bdrv_close = block_crypto_close,
+ .bdrv_create = block_crypto_create_luks,
+ .create_opts = &block_crypto_create_opts_luks,
+
+ .bdrv_co_readv = block_crypto_co_readv,
+ .bdrv_co_writev = block_crypto_co_writev,
+ .bdrv_getlength = block_crypto_getlength,
+};
+
+static void block_crypto_init(void)
+{
+ bdrv_register(&bdrv_crypto_luks);
+}
+
+block_init(block_crypto_init);
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 9bf1b22..f2103b6 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -242,11 +242,12 @@
# @drv: the name of the block format used to open the backing device. As of
# 0.14.0 this can be: 'blkdebug', 'bochs', 'cloop', 'cow', 'dmg',
# 'file', 'file', 'ftp', 'ftps', 'host_cdrom', 'host_device',
-# 'http', 'https', 'nbd', 'parallels', 'qcow',
+# 'http', 'https', 'luks', 'nbd', 'parallels', 'qcow',
# 'qcow2', 'raw', 'tftp', 'vdi', 'vmdk', 'vpc', 'vvfat'
# 2.2: 'archipelago' added, 'cow' dropped
# 2.3: 'host_floppy' deprecated
# 2.5: 'host_floppy' dropped
+# 2.6: 'luks' added
#
# @backing_file: #optional the name of the backing file (for copy-on-write)
#
@@ -1639,7 +1640,7 @@
{ 'enum': 'BlockdevDriver',
'data': [ 'archipelago', 'blkdebug', 'blkverify', 'bochs', 'cloop',
'dmg', 'file', 'ftp', 'ftps', 'host_cdrom', 'host_device',
- 'http', 'https', 'null-aio', 'null-co', 'parallels',
+ 'http', 'https', 'luks', 'null-aio', 'null-co', 'parallels',
'qcow', 'qcow2', 'qed', 'quorum', 'raw', 'tftp', 'vdi', 'vhdx',
'vmdk', 'vpc', 'vvfat' ] }
@@ -1757,6 +1758,22 @@
'data': { 'file': 'BlockdevRef' } }
##
+# @BlockdevOptionsLUKS
+#
+# Driver specific block device options for LUKS.
+#
+# @key-secret: #optional the ID of a QCryptoSecret object providing
+# the decryption key (since 2.6). Mandatory except when
+# doing a metadata-only probe of the image.
+#
+# Since: 2.6
+##
+{ 'struct': 'BlockdevOptionsLUKS',
+ 'base': 'BlockdevOptionsGenericFormat',
+ 'data': { '*key-secret': 'str' } }
+
+
+##
# @BlockdevOptionsGenericCOWFormat
#
# Driver specific block device options for image format that have no option
@@ -2093,6 +2110,7 @@
'http': 'BlockdevOptionsFile',
'https': 'BlockdevOptionsFile',
# TODO iscsi: Wait for structured options
+ 'luks': 'BlockdevOptionsLUKS',
# TODO nbd: Should take InetSocketAddress for 'host'?
# TODO nfs: Wait for structured options
'null-aio': 'BlockdevOptionsNull',
diff --git a/tests/qemu-iotests/149 b/tests/qemu-iotests/149
new file mode 100755
index 0000000..915c961
--- /dev/null
+++ b/tests/qemu-iotests/149
@@ -0,0 +1,521 @@
+#!/usr/bin/python
+#
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# Creator/Owner: Daniel P. Berrange <berrange@redhat.com>
+#
+# Exercise the QEMU 'luks' block driver to validate interoperability
+# with the Linux dm-crypt + cryptsetup implementation
+
+import subprocess
+import os
+import os.path
+
+import base64
+
+os.environ["QEMU_IO_OPTIONS"] = os.environ["QEMU_IO_OPTIONS_NO_FMT"]
+
+import iotests
+
+
+class LUKSConfig(object):
+ """Represent configuration parameters for a single LUKS
+ setup to be tested"""
+
+ def __init__(self, name, cipher, keylen, mode, ivgen,
+ ivgen_hash, hash, password=None, passwords=None):
+
+ self.name = name
+ self.cipher = cipher
+ self.keylen = keylen
+ self.mode = mode
+ self.ivgen = ivgen
+ self.ivgen_hash = ivgen_hash
+ self.hash = hash
+
+ if passwords is not None:
+ self.passwords = passwords
+ else:
+ self.passwords = {}
+
+ if password is None:
+ self.passwords["0"] = "123456"
+ else:
+ self.passwords["0"] = password
+
+ def __repr__(self):
+ return self.name
+
+ def image_name(self):
+ return "luks-%s.img" % self.name
+
+ def image_path(self):
+ return os.path.join(iotests.test_dir, self.image_name())
+
+ def device_name(self):
+ return "qiotest-145-%s" % self.name
+
+ def device_path(self):
+ return "/dev/mapper/" + self.device_name()
+
+ def first_password(self):
+ for i in range(8):
+ slot = str(i)
+ if slot in self.passwords:
+ return (self.passwords[slot], slot)
+ raise Exception("No password found")
+
+ def first_password_base64(self):
+ (pw, slot) = self.first_password()
+ return base64.b64encode(pw)
+
+ def active_slots(self):
+ slots = []
+ for i in range(8):
+ slot = str(i)
+ if slot in self.passwords:
+ slots.append(slot)
+ return slots
+
+def verify_passwordless_sudo():
+ """Check whether sudo is configured to allow
+ password-less access to commands"""
+
+ args = ["sudo", "-n", "/bin/true"]
+
+ proc = subprocess.Popen(args,
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.STDOUT)
+
+ msg = proc.communicate()[0]
+
+ if proc.returncode != 0:
+ iotests.notrun('requires password-less sudo access: %s' % msg)
+
+
+def cryptsetup(args, password=None):
+ """Run the cryptsetup command in batch mode"""
+
+ fullargs = ["sudo", "cryptsetup", "-q", "-v"]
+ fullargs.extend(args)
+
+ iotests.log(" ".join(fullargs), filters=[iotests.filter_test_dir])
+ proc = subprocess.Popen(fullargs,
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.STDOUT)
+
+ msg = proc.communicate(password)[0]
+
+ if proc.returncode != 0:
+ raise Exception(msg)
+
+
+def cryptsetup_add_password(config, slot):
+ """Add another password to a LUKS key slot"""
+
+ (password, mainslot) = config.first_password()
+
+ pwfile = os.path.join(iotests.test_dir, "passwd.txt")
+ with open(pwfile, "w") as fh:
+ fh.write(config.passwords[slot])
+
+ try:
+ args = ["luksAddKey", config.image_path(),
+ "--key-slot", slot,
+ "--key-file", "-",
+ pwfile]
+
+ cryptsetup(args, password)
+ finally:
+ os.unlink(pwfile)
+
+
+def cryptsetup_format(config):
+ """Format a new LUKS volume with cryptsetup, adding the
+ first key slot only"""
+
+ (password, slot) = config.first_password()
+
+ args = ["luksFormat"]
+ cipher = config.cipher + "-" + config.mode + "-" + config.ivgen
+ if config.ivgen_hash is not None:
+ cipher = cipher + ":" + config.ivgen_hash
+ args.extend(["--cipher", cipher])
+ if config.mode == "xts":
+ args.extend(["--key-size", str(config.keylen * 2)])
+ else:
+ args.extend(["--key-size", str(config.keylen)])
+ if config.hash is not None:
+ args.extend(["--hash", config.hash])
+ args.extend(["--key-slot", slot])
+ args.extend(["--key-file", "-"])
+ args.append(config.image_path())
+
+ cryptsetup(args, password)
+
+
+def chown(config):
+ """Set the ownership of a open LUKS device to this user"""
+
+ path = config.device_path()
+
+ args = ["sudo", "chown", "%d:%d" % (os.getuid(), os.getgid()), path]
+ iotests.log(" ".join(args), filters=[iotests.filter_chown])
+ proc = subprocess.Popen(args,
+ stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.STDOUT)
+
+ msg = proc.communicate()[0]
+
+ if proc.returncode != 0:
+ raise Exception("Cannot change owner on %s" % path)
+
+
+def cryptsetup_open(config):
+ """Open an image as a LUKS device"""
+
+ (password, slot) = config.first_password()
+
+ args = ["luksOpen", config.image_path(), config.device_name()]
+
+ cryptsetup(args, password)
+
+
+def cryptsetup_close(config):
+ """Close an active LUKS device """
+
+ args = ["luksClose", config.device_name()]
+ cryptsetup(args)
+
+
+def delete_image(config):
+ """Delete a disk image"""
+
+ try:
+ os.unlink(config.image_path())
+ iotests.log("unlink %s" % config.image_path(),
+ filters=[iotests.filter_test_dir])
+ except Exception as e:
+ pass
+
+
+def create_image(config, size_mb):
+ """Create a bare disk image with requested size"""
+
+ delete_image(config)
+ iotests.log("truncate %s --size %dMB" % (config.image_path(), size_mb),
+ filters=[iotests.filter_test_dir])
+ with open(config.image_path(), "w") as fn:
+ fn.truncate(size_mb * 1024 * 1024)
+
+
+def qemu_img_create(config, size_mb):
+ """Create and format a disk image with LUKS using qemu-img"""
+
+ opts = [
+ "key-secret=sec0",
+ "cipher-alg=%s-%d" % (config.cipher, config.keylen),
+ "cipher-mode=%s" % config.mode,
+ "ivgen-alg=%s" % config.ivgen,
+ "hash-alg=%s" % config.hash,
+ ]
+ if config.ivgen_hash is not None:
+ opts.append("ivgen-hash-alg=%s" % config.ivgen_hash)
+
+ args = ["create", "-f", "luks",
+ "--object",
+ ("secret,id=sec0,data=%s,format=base64" %
+ config.first_password_base64()),
+ "-o", ",".join(opts),
+ config.image_path(),
+ "%dM" % size_mb]
+
+ iotests.log("qemu-img " + " ".join(args), filters=[iotests.filter_test_dir])
+ iotests.log(iotests.qemu_img_pipe(*args), filters=[iotests.filter_test_dir])
+
+def qemu_io_image_args(config, dev=False):
+ """Get the args for access an image or device with qemu-io"""
+
+ if dev:
+ return [
+ "--image-opts",
+ "driver=file,filename=%s" % config.device_path()]
+ else:
+ return [
+ "--object",
+ ("secret,id=sec0,data=%s,format=base64" %
+ config.first_password_base64()),
+ "--image-opts",
+ ("driver=luks,key-secret=sec0,file.filename=%s" %
+ config.image_path())]
+
+def qemu_io_write_pattern(config, pattern, offset_mb, size_mb, dev=False):
+ """Write a pattern of data to a LUKS image or device"""
+
+ args = ["-c", "write -P 0x%x %dM %dM" % (pattern, offset_mb, size_mb)]
+ args.extend(qemu_io_image_args(config, dev))
+ iotests.log("qemu-io " + " ".join(args), filters=[iotests.filter_test_dir])
+ iotests.log(iotests.qemu_io(*args), filters=[iotests.filter_test_dir,
+ iotests.filter_qemu_io])
+
+
+def qemu_io_read_pattern(config, pattern, offset_mb, size_mb, dev=False):
+ """Read a pattern of data to a LUKS image or device"""
+
+ args = ["-c", "read -P 0x%x %dM %dM" % (pattern, offset_mb, size_mb)]
+ args.extend(qemu_io_image_args(config, dev))
+ iotests.log("qemu-io " + " ".join(args), filters=[iotests.filter_test_dir])
+ iotests.log(iotests.qemu_io(*args), filters=[iotests.filter_test_dir,
+ iotests.filter_qemu_io])
+
+
+def test_once(config, qemu_img=False):
+ """Run the test with a desired LUKS configuration. Can either
+ use qemu-img for creating the initial volume, or cryptsetup,
+ in order to test interoperability in both directions"""
+
+ iotests.log("# ================= %s %s =================" % (
+ "qemu-img" if qemu_img else "dm-crypt", config))
+
+ oneKB = 1024
+ oneMB = oneKB * 1024
+ oneGB = oneMB * 1024
+ oneTB = oneGB * 1024
+
+ # 4 TB, so that we pass the 32-bit sector number boundary.
+ # Important for testing correctness of some IV generators
+ # The files are sparse, so not actually using this much space
+ image_size = 4 * oneTB
+ if qemu_img:
+ iotests.log("# Create image")
+ qemu_img_create(config, image_size / oneMB)
+ else:
+ iotests.log("# Create image")
+ create_image(config, image_size / oneMB)
+
+ lowOffsetMB = 100
+ highOffsetMB = 3 * oneTB / oneMB
+
+ try:
+ if not qemu_img:
+ iotests.log("# Format image")
+ cryptsetup_format(config)
+
+ for slot in config.active_slots()[1:]:
+ iotests.log("# Add password slot %s" % slot)
+ cryptsetup_add_password(config, slot)
+
+ # First we'll open the image using cryptsetup and write a
+ # known pattern of data that we'll then verify with QEMU
+
+ iotests.log("# Open dev")
+ cryptsetup_open(config)
+
+ try:
+ iotests.log("# Set dev owner")
+ chown(config)
+
+ iotests.log("# Write test pattern 0xa7")
+ qemu_io_write_pattern(config, 0xa7, lowOffsetMB, 10, dev=True)
+ iotests.log("# Write test pattern 0x13")
+ qemu_io_write_pattern(config, 0x13, highOffsetMB, 10, dev=True)
+ finally:
+ iotests.log("# Close dev")
+ cryptsetup_close(config)
+
+ # Ok, now we're using QEMU to verify the pattern just
+ # written via dm-crypt
+
+ iotests.log("# Read test pattern 0xa7")
+ qemu_io_read_pattern(config, 0xa7, lowOffsetMB, 10, dev=False)
+ iotests.log("# Read test pattern 0x13")
+ qemu_io_read_pattern(config, 0x13, highOffsetMB, 10, dev=False)
+
+
+ # Write a new pattern to the image, which we'll later
+ # verify with dm-crypt
+ iotests.log("# Write test pattern 0x91")
+ qemu_io_write_pattern(config, 0x91, lowOffsetMB, 10, dev=False)
+ iotests.log("# Write test pattern 0x5e")
+ qemu_io_write_pattern(config, 0x5e, highOffsetMB, 10, dev=False)
+
+
+ # Now we're opening the image with dm-crypt once more
+ # and verifying what QEMU wrote, completing the circle
+ iotests.log("# Open dev")
+ cryptsetup_open(config)
+
+ try:
+ iotests.log("# Set dev owner")
+ chown(config)
+
+ iotests.log("# Read test pattern 0x91")
+ qemu_io_read_pattern(config, 0x91, lowOffsetMB, 10, dev=True)
+ iotests.log("# Read test pattern 0x5e")
+ qemu_io_read_pattern(config, 0x5e, highOffsetMB, 10, dev=True)
+ finally:
+ iotests.log("# Close dev")
+ cryptsetup_close(config)
+ finally:
+ iotests.log("# Delete image")
+ delete_image(config)
+ print
+
+
+# Obviously we only work with the luks image format
+iotests.verify_image_format(supported_fmts=['luks'])
+iotests.verify_platform()
+
+# We need sudo in order to run cryptsetup to create
+# dm-crypt devices. This is safe to use on any
+# machine, since all dm-crypt devices are backed
+# by newly created plain files, and have a dm-crypt
+# name prefix of 'qiotest' to avoid clashing with
+# user LUKS volumes
+verify_passwordless_sudo()
+
+
+# If we look at all permutations of cipher, key size,
+# mode, ivgen, hash, there are ~1000 possible configs.
+#
+# We certainly don't want/need to test every permutation
+# to get good validation of interoperability between QEMU
+# and dm-crypt/cryptsetup.
+#
+# The configs below are a representative set that aim to
+# exercise each axis of configurability.
+#
+configs = [
+ # A common LUKS default
+ LUKSConfig("aes-256-xts-plain64-sha1",
+ "aes", 256, "xts", "plain64", None, "sha1"),
+
+
+ # LUKS default but diff ciphers
+ LUKSConfig("twofish-256-xts-plain64-sha1",
+ "twofish", 256, "xts", "plain64", None, "sha1"),
+ LUKSConfig("serpent-256-xts-plain64-sha1",
+ "serpent", 256, "xts", "plain64", None, "sha1"),
+ # Should really be xts, but kernel doesn't support xts+cast5
+ # nor does it do essiv+cast5
+ LUKSConfig("cast5-128-cbc-plain64-sha1",
+ "cast5", 128, "cbc", "plain64", None, "sha1"),
+ LUKSConfig("cast6-256-xts-plain64-sha1",
+ "cast6", 256, "xts", "plain64", None, "sha1"),
+
+
+ # LUKS default but diff modes / ivgens
+ LUKSConfig("aes-256-cbc-plain-sha1",
+ "aes", 256, "cbc", "plain", None, "sha1"),
+ LUKSConfig("aes-256-cbc-plain64-sha1",
+ "aes", 256, "cbc", "plain64", None, "sha1"),
+ LUKSConfig("aes-256-cbc-essiv-sha256-sha1",
+ "aes", 256, "cbc", "essiv", "sha256", "sha1"),
+ LUKSConfig("aes-256-xts-essiv-sha256-sha1",
+ "aes", 256, "xts", "essiv", "sha256", "sha1"),
+
+
+ # LUKS default but smaller key sizes
+ LUKSConfig("aes-128-xts-plain64-sha256-sha1",
+ "aes", 128, "xts", "plain64", None, "sha1"),
+ LUKSConfig("aes-192-xts-plain64-sha256-sha1",
+ "aes", 192, "xts", "plain64", None, "sha1"),
+
+ LUKSConfig("twofish-128-xts-plain64-sha1",
+ "twofish", 128, "xts", "plain64", None, "sha1"),
+ LUKSConfig("twofish-192-xts-plain64-sha1",
+ "twofish", 192, "xts", "plain64", None, "sha1"),
+
+ LUKSConfig("serpent-128-xts-plain64-sha1",
+ "serpent", 128, "xts", "plain64", None, "sha1"),
+ LUKSConfig("serpent-192-xts-plain64-sha1",
+ "serpent", 192, "xts", "plain64", None, "sha1"),
+
+ LUKSConfig("cast6-128-xts-plain64-sha1",
+ "cast6", 128, "xts", "plain", None, "sha1"),
+ LUKSConfig("cast6-192-xts-plain64-sha1",
+ "cast6", 192, "xts", "plain64", None, "sha1"),
+
+
+ # LUKS default but diff hash
+ LUKSConfig("aes-256-xts-plain64-sha256",
+ "aes", 256, "xts", "plain64", None, "sha256"),
+ LUKSConfig("aes-256-xts-plain64-sha512",
+ "aes", 256, "xts", "plain64", None, "sha512"),
+ LUKSConfig("aes-256-xts-plain64-ripemd160",
+ "aes", 256, "xts", "plain64", None, "ripemd160"),
+
+ # Password in slot 3
+ LUKSConfig("aes-256-xts-plain-sha1-pwslot3",
+ "aes", 256, "xts", "plain", None, "sha1",
+ passwords={
+ "3": "slot3",
+ }),
+
+ # Passwords in every slot
+ LUKSConfig("aes-256-xts-plain-sha1-pwallslots",
+ "aes", 256, "xts", "plain", None, "sha1",
+ passwords={
+ "0": "slot1",
+ "1": "slot1",
+ "2": "slot2",
+ "3": "slot3",
+ "4": "slot4",
+ "5": "slot5",
+ "6": "slot6",
+ "7": "slot7",
+ }),
+]
+
+blacklist = [
+ # We don't have a cast-6 cipher impl for QEMU yet
+ "cast6-256-xts-plain64-sha1",
+ "cast6-128-xts-plain64-sha1",
+ "cast6-192-xts-plain64-sha1",
+
+ # GCrypt doesn't support Twofish with 192 bit key
+ "twofish-192-xts-plain64-sha1",
+
+ # We don't have sha512 hash wired up yet
+ "aes-256-xts-plain64-sha512",
+
+ # We don't have ripemd160 hash wired up yet
+ "aes-256-xts-plain64-ripemd160",
+]
+
+whitelist = []
+if "LUKS_CONFIG" in os.environ:
+ whitelist = os.environ["LUKS_CONFIG"].split(",")
+
+for config in configs:
+ if config.name in blacklist:
+ iotests.log("Skipping %s in blacklist" % config.name)
+ continue
+
+ if len(whitelist) > 0 and config.name not in whitelist:
+ iotests.log("Skipping %s not in whitelist" % config.name)
+ continue
+
+ test_once(config, qemu_img=False)
+
+ # XXX we should support setting passwords in a non-0
+ # key slot with 'qemu-img create' in future
+ (pw, slot) = config.first_password()
+ if slot == "0":
+ test_once(config, qemu_img=True)
diff --git a/tests/qemu-iotests/149.out b/tests/qemu-iotests/149.out
new file mode 100644
index 0000000..0486dad
--- /dev/null
+++ b/tests/qemu-iotests/149.out
@@ -0,0 +1,2252 @@
+# ================= dm-crypt aes-256-xts-plain64-sha1 =================
+# Create image
+truncate TEST_DIR/luks-aes-256-xts-plain64-sha1.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher aes-xts-plain64 --key-size 512 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-aes-256-xts-plain64-sha1.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain64-sha1.img qiotest-145-aes-256-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain64-sha1.img qiotest-145-aes-256-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-aes-256-xts-plain64-sha1.img
+
+# ================= qemu-img aes-256-xts-plain64-sha1 =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=aes-256,cipher-mode=xts,ivgen-alg=plain64,hash-alg=sha1 TEST_DIR/luks-aes-256-xts-plain64-sha1.img 4194304M
+Formatting 'TEST_DIR/luks-aes-256-xts-plain64-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=aes-256 cipher-mode=xts ivgen-alg=plain64 hash-alg=sha1
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain64-sha1.img qiotest-145-aes-256-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain64-sha1.img qiotest-145-aes-256-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-aes-256-xts-plain64-sha1.img
+
+# ================= dm-crypt twofish-256-xts-plain64-sha1 =================
+# Create image
+truncate TEST_DIR/luks-twofish-256-xts-plain64-sha1.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher twofish-xts-plain64 --key-size 512 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-twofish-256-xts-plain64-sha1.img qiotest-145-twofish-256-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-twofish-256-xts-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-256-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-256-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-twofish-256-xts-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-twofish-256-xts-plain64-sha1.img qiotest-145-twofish-256-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-twofish-256-xts-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-256-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-256-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-twofish-256-xts-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
+
+# ================= qemu-img twofish-256-xts-plain64-sha1 =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=twofish-256,cipher-mode=xts,ivgen-alg=plain64,hash-alg=sha1 TEST_DIR/luks-twofish-256-xts-plain64-sha1.img 4194304M
+Formatting 'TEST_DIR/luks-twofish-256-xts-plain64-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=twofish-256 cipher-mode=xts ivgen-alg=plain64 hash-alg=sha1
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-twofish-256-xts-plain64-sha1.img qiotest-145-twofish-256-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-twofish-256-xts-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-256-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-256-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-twofish-256-xts-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-twofish-256-xts-plain64-sha1.img qiotest-145-twofish-256-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-twofish-256-xts-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-256-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-256-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-twofish-256-xts-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
+
+# ================= dm-crypt serpent-256-xts-plain64-sha1 =================
+# Create image
+truncate TEST_DIR/luks-serpent-256-xts-plain64-sha1.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher serpent-xts-plain64 --key-size 512 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-serpent-256-xts-plain64-sha1.img qiotest-145-serpent-256-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-serpent-256-xts-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-256-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-256-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-serpent-256-xts-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-serpent-256-xts-plain64-sha1.img qiotest-145-serpent-256-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-serpent-256-xts-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-256-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-256-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-serpent-256-xts-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
+
+# ================= qemu-img serpent-256-xts-plain64-sha1 =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=serpent-256,cipher-mode=xts,ivgen-alg=plain64,hash-alg=sha1 TEST_DIR/luks-serpent-256-xts-plain64-sha1.img 4194304M
+Formatting 'TEST_DIR/luks-serpent-256-xts-plain64-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=serpent-256 cipher-mode=xts ivgen-alg=plain64 hash-alg=sha1
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-serpent-256-xts-plain64-sha1.img qiotest-145-serpent-256-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-serpent-256-xts-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-256-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-256-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-serpent-256-xts-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-serpent-256-xts-plain64-sha1.img qiotest-145-serpent-256-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-serpent-256-xts-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-256-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-256-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-serpent-256-xts-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
+
+# ================= dm-crypt cast5-128-cbc-plain64-sha1 =================
+# Create image
+truncate TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher cast5-cbc-plain64 --key-size 128 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img qiotest-145-cast5-128-cbc-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-cast5-128-cbc-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-cast5-128-cbc-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-cast5-128-cbc-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-cast5-128-cbc-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img qiotest-145-cast5-128-cbc-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-cast5-128-cbc-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-cast5-128-cbc-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-cast5-128-cbc-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-cast5-128-cbc-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
+
+# ================= qemu-img cast5-128-cbc-plain64-sha1 =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=cast5-128,cipher-mode=cbc,ivgen-alg=plain64,hash-alg=sha1 TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img 4194304M
+Formatting 'TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=cast5-128 cipher-mode=cbc ivgen-alg=plain64 hash-alg=sha1
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img qiotest-145-cast5-128-cbc-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-cast5-128-cbc-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-cast5-128-cbc-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-cast5-128-cbc-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-cast5-128-cbc-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img qiotest-145-cast5-128-cbc-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-cast5-128-cbc-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-cast5-128-cbc-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-cast5-128-cbc-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-cast5-128-cbc-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
+
+Skipping cast6-256-xts-plain64-sha1 in blacklist
+# ================= dm-crypt aes-256-cbc-plain-sha1 =================
+# Create image
+truncate TEST_DIR/luks-aes-256-cbc-plain-sha1.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher aes-cbc-plain --key-size 256 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-aes-256-cbc-plain-sha1.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain-sha1.img qiotest-145-aes-256-cbc-plain-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain-sha1.img qiotest-145-aes-256-cbc-plain-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain-sha1
+# Delete image
+unlink TEST_DIR/luks-aes-256-cbc-plain-sha1.img
+
+# ================= qemu-img aes-256-cbc-plain-sha1 =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=aes-256,cipher-mode=cbc,ivgen-alg=plain,hash-alg=sha1 TEST_DIR/luks-aes-256-cbc-plain-sha1.img 4194304M
+Formatting 'TEST_DIR/luks-aes-256-cbc-plain-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=aes-256 cipher-mode=cbc ivgen-alg=plain hash-alg=sha1
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain-sha1.img qiotest-145-aes-256-cbc-plain-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain-sha1.img qiotest-145-aes-256-cbc-plain-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain-sha1
+# Delete image
+unlink TEST_DIR/luks-aes-256-cbc-plain-sha1.img
+
+# ================= dm-crypt aes-256-cbc-plain64-sha1 =================
+# Create image
+truncate TEST_DIR/luks-aes-256-cbc-plain64-sha1.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher aes-cbc-plain64 --key-size 256 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain64-sha1.img qiotest-145-aes-256-cbc-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain64-sha1.img qiotest-145-aes-256-cbc-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
+
+# ================= qemu-img aes-256-cbc-plain64-sha1 =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=aes-256,cipher-mode=cbc,ivgen-alg=plain64,hash-alg=sha1 TEST_DIR/luks-aes-256-cbc-plain64-sha1.img 4194304M
+Formatting 'TEST_DIR/luks-aes-256-cbc-plain64-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=aes-256 cipher-mode=cbc ivgen-alg=plain64 hash-alg=sha1
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain64-sha1.img qiotest-145-aes-256-cbc-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-plain64-sha1.img qiotest-145-aes-256-cbc-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
+
+# ================= dm-crypt aes-256-cbc-essiv-sha256-sha1 =================
+# Create image
+truncate TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher aes-cbc-essiv:sha256 --key-size 256 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img qiotest-145-aes-256-cbc-essiv-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-essiv-sha256-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-sha256-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-sha256-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-essiv-sha256-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img qiotest-145-aes-256-cbc-essiv-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-essiv-sha256-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-sha256-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-sha256-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-essiv-sha256-sha1
+# Delete image
+unlink TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
+
+# ================= qemu-img aes-256-cbc-essiv-sha256-sha1 =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=aes-256,cipher-mode=cbc,ivgen-alg=essiv,hash-alg=sha1,ivgen-hash-alg=sha256 TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img 4194304M
+Formatting 'TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=aes-256 cipher-mode=cbc ivgen-alg=essiv ivgen-hash-alg=sha256 hash-alg=sha1
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img qiotest-145-aes-256-cbc-essiv-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-essiv-sha256-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-sha256-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-sha256-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-essiv-sha256-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img qiotest-145-aes-256-cbc-essiv-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-cbc-essiv-sha256-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-sha256-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-cbc-essiv-sha256-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-essiv-sha256-sha1
+# Delete image
+unlink TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
+
+# ================= dm-crypt aes-256-xts-essiv-sha256-sha1 =================
+# Create image
+truncate TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher aes-xts-essiv:sha256 --key-size 512 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img qiotest-145-aes-256-xts-essiv-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-essiv-sha256-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-essiv-sha256-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-essiv-sha256-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-essiv-sha256-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img qiotest-145-aes-256-xts-essiv-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-essiv-sha256-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-essiv-sha256-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-essiv-sha256-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-essiv-sha256-sha1
+# Delete image
+unlink TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
+
+# ================= qemu-img aes-256-xts-essiv-sha256-sha1 =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=aes-256,cipher-mode=xts,ivgen-alg=essiv,hash-alg=sha1,ivgen-hash-alg=sha256 TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img 4194304M
+Formatting 'TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=aes-256 cipher-mode=xts ivgen-alg=essiv ivgen-hash-alg=sha256 hash-alg=sha1
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img qiotest-145-aes-256-xts-essiv-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-essiv-sha256-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-essiv-sha256-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-essiv-sha256-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-essiv-sha256-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img qiotest-145-aes-256-xts-essiv-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-essiv-sha256-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-essiv-sha256-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-essiv-sha256-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-essiv-sha256-sha1
+# Delete image
+unlink TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
+
+# ================= dm-crypt aes-128-xts-plain64-sha256-sha1 =================
+# Create image
+truncate TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher aes-xts-plain64 --key-size 256 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img qiotest-145-aes-128-xts-plain64-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-128-xts-plain64-sha256-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-128-xts-plain64-sha256-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-128-xts-plain64-sha256-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-128-xts-plain64-sha256-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img qiotest-145-aes-128-xts-plain64-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-128-xts-plain64-sha256-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-128-xts-plain64-sha256-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-128-xts-plain64-sha256-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-128-xts-plain64-sha256-sha1
+# Delete image
+unlink TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
+
+# ================= qemu-img aes-128-xts-plain64-sha256-sha1 =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=aes-128,cipher-mode=xts,ivgen-alg=plain64,hash-alg=sha1 TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img 4194304M
+Formatting 'TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=aes-128 cipher-mode=xts ivgen-alg=plain64 hash-alg=sha1
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img qiotest-145-aes-128-xts-plain64-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-128-xts-plain64-sha256-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-128-xts-plain64-sha256-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-128-xts-plain64-sha256-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-128-xts-plain64-sha256-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img qiotest-145-aes-128-xts-plain64-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-128-xts-plain64-sha256-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-128-xts-plain64-sha256-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-128-xts-plain64-sha256-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-128-xts-plain64-sha256-sha1
+# Delete image
+unlink TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
+
+# ================= dm-crypt aes-192-xts-plain64-sha256-sha1 =================
+# Create image
+truncate TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher aes-xts-plain64 --key-size 384 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img qiotest-145-aes-192-xts-plain64-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-192-xts-plain64-sha256-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-192-xts-plain64-sha256-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-192-xts-plain64-sha256-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-192-xts-plain64-sha256-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img qiotest-145-aes-192-xts-plain64-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-192-xts-plain64-sha256-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-192-xts-plain64-sha256-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-192-xts-plain64-sha256-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-192-xts-plain64-sha256-sha1
+# Delete image
+unlink TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
+
+# ================= qemu-img aes-192-xts-plain64-sha256-sha1 =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=aes-192,cipher-mode=xts,ivgen-alg=plain64,hash-alg=sha1 TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img 4194304M
+Formatting 'TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=aes-192 cipher-mode=xts ivgen-alg=plain64 hash-alg=sha1
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img qiotest-145-aes-192-xts-plain64-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-192-xts-plain64-sha256-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-192-xts-plain64-sha256-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-192-xts-plain64-sha256-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-192-xts-plain64-sha256-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img qiotest-145-aes-192-xts-plain64-sha256-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-192-xts-plain64-sha256-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-192-xts-plain64-sha256-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-192-xts-plain64-sha256-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-192-xts-plain64-sha256-sha1
+# Delete image
+unlink TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
+
+# ================= dm-crypt twofish-128-xts-plain64-sha1 =================
+# Create image
+truncate TEST_DIR/luks-twofish-128-xts-plain64-sha1.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher twofish-xts-plain64 --key-size 256 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-twofish-128-xts-plain64-sha1.img qiotest-145-twofish-128-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-twofish-128-xts-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-128-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-128-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-twofish-128-xts-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-twofish-128-xts-plain64-sha1.img qiotest-145-twofish-128-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-twofish-128-xts-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-128-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-128-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-twofish-128-xts-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
+
+# ================= qemu-img twofish-128-xts-plain64-sha1 =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=twofish-128,cipher-mode=xts,ivgen-alg=plain64,hash-alg=sha1 TEST_DIR/luks-twofish-128-xts-plain64-sha1.img 4194304M
+Formatting 'TEST_DIR/luks-twofish-128-xts-plain64-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=twofish-128 cipher-mode=xts ivgen-alg=plain64 hash-alg=sha1
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-twofish-128-xts-plain64-sha1.img qiotest-145-twofish-128-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-twofish-128-xts-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-128-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-128-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-twofish-128-xts-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-twofish-128-xts-plain64-sha1.img qiotest-145-twofish-128-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-twofish-128-xts-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-128-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-twofish-128-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-twofish-128-xts-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
+
+Skipping twofish-192-xts-plain64-sha1 in blacklist
+# ================= dm-crypt serpent-128-xts-plain64-sha1 =================
+# Create image
+truncate TEST_DIR/luks-serpent-128-xts-plain64-sha1.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher serpent-xts-plain64 --key-size 256 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-serpent-128-xts-plain64-sha1.img qiotest-145-serpent-128-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-serpent-128-xts-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-128-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-128-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-serpent-128-xts-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-serpent-128-xts-plain64-sha1.img qiotest-145-serpent-128-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-serpent-128-xts-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-128-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-128-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-serpent-128-xts-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
+
+# ================= qemu-img serpent-128-xts-plain64-sha1 =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=serpent-128,cipher-mode=xts,ivgen-alg=plain64,hash-alg=sha1 TEST_DIR/luks-serpent-128-xts-plain64-sha1.img 4194304M
+Formatting 'TEST_DIR/luks-serpent-128-xts-plain64-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=serpent-128 cipher-mode=xts ivgen-alg=plain64 hash-alg=sha1
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-serpent-128-xts-plain64-sha1.img qiotest-145-serpent-128-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-serpent-128-xts-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-128-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-128-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-serpent-128-xts-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-serpent-128-xts-plain64-sha1.img qiotest-145-serpent-128-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-serpent-128-xts-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-128-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-128-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-serpent-128-xts-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
+
+# ================= dm-crypt serpent-192-xts-plain64-sha1 =================
+# Create image
+truncate TEST_DIR/luks-serpent-192-xts-plain64-sha1.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher serpent-xts-plain64 --key-size 384 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-serpent-192-xts-plain64-sha1.img qiotest-145-serpent-192-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-serpent-192-xts-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-192-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-192-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-serpent-192-xts-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-serpent-192-xts-plain64-sha1.img qiotest-145-serpent-192-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-serpent-192-xts-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-192-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-192-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-serpent-192-xts-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
+
+# ================= qemu-img serpent-192-xts-plain64-sha1 =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=serpent-192,cipher-mode=xts,ivgen-alg=plain64,hash-alg=sha1 TEST_DIR/luks-serpent-192-xts-plain64-sha1.img 4194304M
+Formatting 'TEST_DIR/luks-serpent-192-xts-plain64-sha1.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=serpent-192 cipher-mode=xts ivgen-alg=plain64 hash-alg=sha1
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-serpent-192-xts-plain64-sha1.img qiotest-145-serpent-192-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-serpent-192-xts-plain64-sha1
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-192-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-192-xts-plain64-sha1
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-serpent-192-xts-plain64-sha1
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-serpent-192-xts-plain64-sha1.img qiotest-145-serpent-192-xts-plain64-sha1
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-serpent-192-xts-plain64-sha1
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-192-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-serpent-192-xts-plain64-sha1
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-serpent-192-xts-plain64-sha1
+# Delete image
+unlink TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
+
+Skipping cast6-128-xts-plain64-sha1 in blacklist
+Skipping cast6-192-xts-plain64-sha1 in blacklist
+# ================= dm-crypt aes-256-xts-plain64-sha256 =================
+# Create image
+truncate TEST_DIR/luks-aes-256-xts-plain64-sha256.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher aes-xts-plain64 --key-size 512 --hash sha256 --key-slot 0 --key-file - TEST_DIR/luks-aes-256-xts-plain64-sha256.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain64-sha256.img qiotest-145-aes-256-xts-plain64-sha256
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-plain64-sha256
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha256
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha256
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain64-sha256
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain64-sha256.img qiotest-145-aes-256-xts-plain64-sha256
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-plain64-sha256
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha256
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha256
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain64-sha256
+# Delete image
+unlink TEST_DIR/luks-aes-256-xts-plain64-sha256.img
+
+# ================= qemu-img aes-256-xts-plain64-sha256 =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=MTIzNDU2,format=base64 -o key-secret=sec0,cipher-alg=aes-256,cipher-mode=xts,ivgen-alg=plain64,hash-alg=sha256 TEST_DIR/luks-aes-256-xts-plain64-sha256.img 4194304M
+Formatting 'TEST_DIR/luks-aes-256-xts-plain64-sha256.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=aes-256 cipher-mode=xts ivgen-alg=plain64 hash-alg=sha256
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain64-sha256.img qiotest-145-aes-256-xts-plain64-sha256
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-plain64-sha256
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha256
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha256
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain64-sha256
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain64-sha256.img qiotest-145-aes-256-xts-plain64-sha256
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-plain64-sha256
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha256
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain64-sha256
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain64-sha256
+# Delete image
+unlink TEST_DIR/luks-aes-256-xts-plain64-sha256.img
+
+Skipping aes-256-xts-plain64-sha512 in blacklist
+Skipping aes-256-xts-plain64-ripemd160 in blacklist
+# ================= dm-crypt aes-256-xts-plain-sha1-pwslot3 =================
+# Create image
+truncate TEST_DIR/luks-aes-256-xts-plain-sha1-pwslot3.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher aes-xts-plain --key-size 512 --hash sha1 --key-slot 3 --key-file - TEST_DIR/luks-aes-256-xts-plain-sha1-pwslot3.img
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain-sha1-pwslot3.img qiotest-145-aes-256-xts-plain-sha1-pwslot3
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwslot3
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwslot3
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwslot3
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain-sha1-pwslot3
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=c2xvdDM=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwslot3.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=c2xvdDM=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwslot3.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=c2xvdDM=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwslot3.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=c2xvdDM=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwslot3.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain-sha1-pwslot3.img qiotest-145-aes-256-xts-plain-sha1-pwslot3
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwslot3
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwslot3
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwslot3
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain-sha1-pwslot3
+# Delete image
+unlink TEST_DIR/luks-aes-256-xts-plain-sha1-pwslot3.img
+
+# ================= dm-crypt aes-256-xts-plain-sha1-pwallslots =================
+# Create image
+truncate TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img --size 4194304MB
+# Format image
+sudo cryptsetup -q -v luksFormat --cipher aes-xts-plain --key-size 512 --hash sha1 --key-slot 0 --key-file - TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
+# Add password slot 1
+sudo cryptsetup -q -v luksAddKey TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img --key-slot 1 --key-file - TEST_DIR/passwd.txt
+# Add password slot 2
+sudo cryptsetup -q -v luksAddKey TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img --key-slot 2 --key-file - TEST_DIR/passwd.txt
+# Add password slot 3
+sudo cryptsetup -q -v luksAddKey TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img --key-slot 3 --key-file - TEST_DIR/passwd.txt
+# Add password slot 4
+sudo cryptsetup -q -v luksAddKey TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img --key-slot 4 --key-file - TEST_DIR/passwd.txt
+# Add password slot 5
+sudo cryptsetup -q -v luksAddKey TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img --key-slot 5 --key-file - TEST_DIR/passwd.txt
+# Add password slot 6
+sudo cryptsetup -q -v luksAddKey TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img --key-slot 6 --key-file - TEST_DIR/passwd.txt
+# Add password slot 7
+sudo cryptsetup -q -v luksAddKey TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img --key-slot 7 --key-file - TEST_DIR/passwd.txt
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img qiotest-145-aes-256-xts-plain-sha1-pwallslots
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwallslots
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwallslots
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwallslots
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain-sha1-pwallslots
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img qiotest-145-aes-256-xts-plain-sha1-pwallslots
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwallslots
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwallslots
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwallslots
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain-sha1-pwallslots
+# Delete image
+unlink TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
+
+# ================= qemu-img aes-256-xts-plain-sha1-pwallslots =================
+# Create image
+qemu-img create -f luks --object secret,id=sec0,data=c2xvdDE=,format=base64 -o key-secret=sec0,cipher-alg=aes-256,cipher-mode=xts,ivgen-alg=plain,hash-alg=sha1 TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img 4194304M
+Formatting 'TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img', fmt=luks size=4398046511104 key-secret=sec0 cipher-alg=aes-256 cipher-mode=xts ivgen-alg=plain hash-alg=sha1
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img qiotest-145-aes-256-xts-plain-sha1-pwallslots
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwallslots
+# Write test pattern 0xa7
+qemu-io -c write -P 0xa7 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwallslots
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x13
+qemu-io -c write -P 0x13 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwallslots
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain-sha1-pwallslots
+# Read test pattern 0xa7
+qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x13
+qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x91
+qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Write test pattern 0x5e
+qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
+Encrypted images are deprecated
+Support for them will be removed in a future release.
+You can use 'qemu-img convert' to convert your image to an unencrypted one.
+wrote 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Open dev
+sudo cryptsetup -q -v luksOpen TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img qiotest-145-aes-256-xts-plain-sha1-pwallslots
+# Set dev owner
+sudo chown UID:GID /dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwallslots
+# Read test pattern 0x91
+qemu-io -c read -P 0x91 100M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwallslots
+read 10485760/10485760 bytes at offset 104857600
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Read test pattern 0x5e
+qemu-io -c read -P 0x5e 3145728M 10M --image-opts driver=file,filename=/dev/mapper/qiotest-145-aes-256-xts-plain-sha1-pwallslots
+read 10485760/10485760 bytes at offset 3298534883328
+10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+# Close dev
+sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain-sha1-pwallslots
+# Delete image
+unlink TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
+
diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common
index ff84f4b..5575ddd 100644
--- a/tests/qemu-iotests/common
+++ b/tests/qemu-iotests/common
@@ -50,6 +50,7 @@ export IMGPROTO=file
export IMGOPTS=""
export CACHEMODE="writeback"
export QEMU_IO_OPTIONS=""
+export QEMU_IO_OPTIONS_NO_FMT=""
export CACHEMODE_IS_DEFAULT=true
export QEMU_OPTIONS="-nodefaults"
export VALGRIND_QEMU=
@@ -155,6 +156,7 @@ check options
-ssh test ssh
-nfs test nfs
-archipelago test archipelago
+ -luks test luks
-xdiff graphical mode diff
-nocache use O_DIRECT on backing file
-misalign misalign memory allocations
@@ -206,6 +208,11 @@ testlist options
xpand=false
;;
+ -luks)
+ IMGFMT=luks
+ xpand=false
+ ;;
+
-qed)
IMGFMT=qed
xpand=false
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index faf0f21..92ae8ec 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -150,3 +150,4 @@
145 auto quick
146 auto quick
148 rw auto quick
+149 rw auto sudo
--
2.5.0
^ permalink raw reply related [flat|nested] 17+ messages in thread
* [Qemu-devel] [PATCH v5 7/7] block: drop support for using qcow[2] encryption with system emulators
2016-03-17 17:51 [Qemu-devel] [PATCH v5 0/7] Add new LUKS block driver (for 2.6) Daniel P. Berrange
` (5 preceding siblings ...)
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 6/7] block: add generic full disk encryption driver Daniel P. Berrange
@ 2016-03-17 17:51 ` Daniel P. Berrange
2016-03-18 12:11 ` Kevin Wolf
6 siblings, 1 reply; 17+ messages in thread
From: Daniel P. Berrange @ 2016-03-17 17:51 UTC (permalink / raw)
To: qemu-devel; +Cc: Kevin Wolf, Fam Zheng, qemu-block
For a couple of releases we have been warning
Encrypted images are deprecated
Support for them will be removed in a future release.
You can use 'qemu-img convert' to convert your image to an unencrypted one.
This warning was issued by system emulators, qemu-img, qemu-nbd
and qemu-io. Such a broad warning was issued because the original
intention was to rip out all the code for dealing with encryption
inside the QEMU block layer APIs.
The new block encryption framework used for the LUKS driver does
not rely on the unloved block layer API for encryption keys,
instead using the QOM 'secret' object type. It is thus no longer
appropriate to warn about encryption unconditionally.
When the qcow/qcow2 drivers are converted to use the new encryption
framework too, it will be practical to keep AES-CBC support present
for use in qemu-img, qemu-io & qemu-nbd to allow for interoperability
with older QEMU versions and liberation of data from existing encrypted
qcow2 files.
Thus this change, removes the deprecation warning, in its place adding
a fatal error preventing use of qcow[2] built-in encryption inside the
system emulators. Use of qcow[2] encryption in qemu-img, qemu-io, qemu-nbd
no longer triggers any warning message, since that support is now expected
to remain available long term, given the maint burden has been eliminated.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block.c | 12 +-
block/qcow.c | 11 ++
block/qcow2.c | 11 ++
include/block/block.h | 1 +
tests/qemu-iotests/049.out | 6 -
tests/qemu-iotests/087.out | 22 +--
tests/qemu-iotests/134.out | 18 ---
tests/qemu-iotests/149.out | 372 ---------------------------------------------
8 files changed, 30 insertions(+), 423 deletions(-)
diff --git a/block.c b/block.c
index 4d1a9d3..d105ae4 100644
--- a/block.c
+++ b/block.c
@@ -293,6 +293,11 @@ static int bdrv_is_whitelisted(BlockDriver *drv, bool read_only)
return 0;
}
+bool bdrv_uses_whitelist(void)
+{
+ return use_bdrv_whitelist;
+}
+
typedef struct CreateCo {
BlockDriver *drv;
char *filename;
@@ -1009,13 +1014,6 @@ static int bdrv_open_common(BlockDriverState *bs, BdrvChild *file,
goto free_and_fail;
}
- if (bs->encrypted) {
- error_report("Encrypted images are deprecated");
- error_printf("Support for them will be removed in a future release.\n"
- "You can use 'qemu-img convert' to convert your image"
- " to an unencrypted one.\n");
- }
-
ret = refresh_total_sectors(bs, bs->total_sectors);
if (ret < 0) {
error_setg_errno(errp, -ret, "Could not refresh total sector count");
diff --git a/block/qcow.c b/block/qcow.c
index 2fd5ee6..cfa3781 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -161,6 +161,17 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
}
s->crypt_method_header = header.crypt_method;
if (s->crypt_method_header) {
+ if (s->crypt_method_header == QCOW_CRYPT_AES &&
+ bdrv_uses_whitelist()) {
+ error_setg(errp,
+ "Use of AES-CBC encrypted qcow images is no longer "
+ "supported in system emulators. You can use "
+ "'qemu-img convert' to convert your image to use "
+ "the LUKS format instead.");
+ ret = -ENOSYS;
+ goto fail;
+ }
+
bs->encrypted = 1;
}
s->cluster_bits = header.cluster_bits;
diff --git a/block/qcow2.c b/block/qcow2.c
index 1ce6264..ba8b818 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -979,6 +979,17 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags,
}
s->crypt_method_header = header.crypt_method;
if (s->crypt_method_header) {
+ if (s->crypt_method_header == QCOW_CRYPT_AES &&
+ bdrv_uses_whitelist()) {
+ error_setg(errp,
+ "Use of AES-CBC encrypted qcow2 images is no longer "
+ "supported in system emulators. You can use "
+ "'qemu-img convert' to convert your image to use "
+ "the LUKS format instead.");
+ ret = -ENOSYS;
+ goto fail;
+ }
+
bs->encrypted = 1;
}
diff --git a/include/block/block.h b/include/block/block.h
index bb8e97d..2920a1d 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -193,6 +193,7 @@ void bdrv_io_limits_update_group(BlockDriverState *bs, const char *group);
void bdrv_init(void);
void bdrv_init_with_whitelist(void);
+bool bdrv_uses_whitelist(void);
BlockDriver *bdrv_find_protocol(const char *filename,
bool allow_protocol_prefix,
Error **errp);
diff --git a/tests/qemu-iotests/049.out b/tests/qemu-iotests/049.out
index a2b6703..4673b67 100644
--- a/tests/qemu-iotests/049.out
+++ b/tests/qemu-iotests/049.out
@@ -187,12 +187,6 @@ qemu-img create -f qcow2 -o encryption=off TEST_DIR/t.qcow2 64M
Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16
qemu-img create -f qcow2 -o encryption=on TEST_DIR/t.qcow2 64M
-qemu-img: Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
-qemu-img: Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=67108864 encryption=on cluster_size=65536 lazy_refcounts=off refcount_bits=16
== Check lazy_refcounts option (only with v3) ==
diff --git a/tests/qemu-iotests/087.out b/tests/qemu-iotests/087.out
index 7d62cd5..f47d8d9 100644
--- a/tests/qemu-iotests/087.out
+++ b/tests/qemu-iotests/087.out
@@ -38,42 +38,24 @@ QMP_VERSION
=== Encrypted image ===
-qemu-img: Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
-qemu-img: Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on
Testing: -S
QMP_VERSION
{"return": {}}
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
-{"error": {"class": "GenericError", "desc": "blockdev-add doesn't support encrypted devices"}}
+{"error": {"class": "GenericError", "desc": "Use of AES-CBC encrypted qcow2 images is no longer supported in system emulators. You can use 'qemu-img convert' to convert your image to use the LUKS format instead."}}
{"return": {}}
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN"}
Testing:
QMP_VERSION
{"return": {}}
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
-{"error": {"class": "GenericError", "desc": "Guest must be stopped for opening of encrypted image"}}
+{"error": {"class": "GenericError", "desc": "Use of AES-CBC encrypted qcow2 images is no longer supported in system emulators. You can use 'qemu-img convert' to convert your image to use the LUKS format instead."}}
{"return": {}}
{"timestamp": {"seconds": TIMESTAMP, "microseconds": TIMESTAMP}, "event": "SHUTDOWN"}
=== Missing driver ===
-qemu-img: Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
-qemu-img: Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on
Testing: -S
QMP_VERSION
diff --git a/tests/qemu-iotests/134.out b/tests/qemu-iotests/134.out
index a16acb8..6493704 100644
--- a/tests/qemu-iotests/134.out
+++ b/tests/qemu-iotests/134.out
@@ -1,43 +1,25 @@
QA output created by 134
-qemu-img: Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
-qemu-img: Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 encryption=on
== reading whole image ==
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
Disk image 'TEST_DIR/t.qcow2' is encrypted.
password:
read 134217728/134217728 bytes at offset 0
128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
== rewriting whole image ==
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
Disk image 'TEST_DIR/t.qcow2' is encrypted.
password:
wrote 134217728/134217728 bytes at offset 0
128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
== verify pattern ==
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
Disk image 'TEST_DIR/t.qcow2' is encrypted.
password:
read 134217728/134217728 bytes at offset 0
128 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
== verify pattern failure with wrong password ==
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
Disk image 'TEST_DIR/t.qcow2' is encrypted.
password:
Pattern verification failed at offset 0, 134217728 bytes
diff --git a/tests/qemu-iotests/149.out b/tests/qemu-iotests/149.out
index 0486dad..287f013 100644
--- a/tests/qemu-iotests/149.out
+++ b/tests/qemu-iotests/149.out
@@ -21,33 +21,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -93,33 +81,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -165,33 +141,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-twofish-256-xts-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -237,33 +201,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-twofish-256-xts-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -309,33 +261,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-serpent-256-xts-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -381,33 +321,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-serpent-256-xts-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-256-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -453,33 +381,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-cast5-128-cbc-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -525,33 +441,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-cast5-128-cbc-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-cast5-128-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -598,33 +502,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -670,33 +562,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -742,33 +622,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -814,33 +682,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -886,33 +742,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-essiv-sha256-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -958,33 +802,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-cbc-essiv-sha256-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-cbc-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -1030,33 +862,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-essiv-sha256-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -1102,33 +922,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-essiv-sha256-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-essiv-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -1174,33 +982,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-128-xts-plain64-sha256-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -1246,33 +1042,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-128-xts-plain64-sha256-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-128-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -1318,33 +1102,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-192-xts-plain64-sha256-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -1390,33 +1162,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-192-xts-plain64-sha256-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-192-xts-plain64-sha256-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -1462,33 +1222,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-twofish-128-xts-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -1534,33 +1282,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-twofish-128-xts-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-twofish-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -1607,33 +1343,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-serpent-128-xts-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -1679,33 +1403,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-serpent-128-xts-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-128-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -1751,33 +1463,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-serpent-192-xts-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -1823,33 +1523,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-serpent-192-xts-plain64-sha1
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-serpent-192-xts-plain64-sha1.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -1897,33 +1585,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain64-sha256
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -1969,33 +1645,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain64-sha256
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain64-sha256.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -2043,33 +1707,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain-sha1-pwslot3
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=c2xvdDM=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwslot3.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=c2xvdDM=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwslot3.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=c2xvdDM=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwslot3.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=c2xvdDM=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwslot3.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -2129,33 +1781,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain-sha1-pwallslots
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
@@ -2201,33 +1841,21 @@ wrote 10485760/10485760 bytes at offset 3298534883328
sudo cryptsetup -q -v luksClose qiotest-145-aes-256-xts-plain-sha1-pwallslots
# Read test pattern 0xa7
qemu-io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Read test pattern 0x13
qemu-io -c read -P 0x13 3145728M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
read 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x91
qemu-io -c write -P 0x91 100M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 104857600
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
# Write test pattern 0x5e
qemu-io -c write -P 0x5e 3145728M 10M --object secret,id=sec0,data=c2xvdDE=,format=base64 --image-opts driver=luks,key-secret=sec0,file.filename=TEST_DIR/luks-aes-256-xts-plain-sha1-pwallslots.img
-Encrypted images are deprecated
-Support for them will be removed in a future release.
-You can use 'qemu-img convert' to convert your image to an unencrypted one.
wrote 10485760/10485760 bytes at offset 3298534883328
10 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
--
2.5.0
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [Qemu-devel] [PATCH v5 1/7] block: add flag to indicate that no I/O will be performed
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 1/7] block: add flag to indicate that no I/O will be performed Daniel P. Berrange
@ 2016-03-18 11:01 ` Kevin Wolf
0 siblings, 0 replies; 17+ messages in thread
From: Kevin Wolf @ 2016-03-18 11:01 UTC (permalink / raw)
To: Daniel P. Berrange; +Cc: Fam Zheng, qemu-devel, qemu-block
Am 17.03.2016 um 18:51 hat Daniel P. Berrange geschrieben:
> When opening an image it is useful to know whether the caller
> intends to perform I/O on the image or not. In the case of
> encrypted images this will allow the block driver to avoid
> having to prompt for decryption keys when we merely want to
> query header metadata about the image. eg qemu-img info
>
> This flag is enforced at the top level only, since even if
> we don't want todo I/O on the 'qcow2' file payload, the
> underlying 'file' driver will still need todo I/O to read
> the qcow2 header, for example.
>
> Reviewed-by: Eric Blake <eblake@redhat.com>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Looks good to me, but it needs a rebase because it conflicts with the
latest changes to qemu-img.
Kevin
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Qemu-devel] [PATCH v5 6/7] block: add generic full disk encryption driver
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 6/7] block: add generic full disk encryption driver Daniel P. Berrange
@ 2016-03-18 12:09 ` Kevin Wolf
2016-03-18 14:45 ` Daniel P. Berrange
0 siblings, 1 reply; 17+ messages in thread
From: Kevin Wolf @ 2016-03-18 12:09 UTC (permalink / raw)
To: Daniel P. Berrange; +Cc: Fam Zheng, qemu-devel, qemu-block
Am 17.03.2016 um 18:51 hat Daniel P. Berrange geschrieben:
> Add a block driver that is capable of supporting any full disk
> encryption format. This utilizes the previously added block
> encryption code, and at this time supports the LUKS format.
>
> The driver code is capable of supporting any format supported
> by the QCryptoBlock module, so it registers one block driver
> for each format. This patch only registers the "luks" driver
> since the "qcow" driver is there only for back-compatibility
> with existing qcow built-in encryption.
>
> New LUKS compatible volumes can be formatted using qemu-img
> with defaults for all settings.
>
> $ qemu-img create --object secret,data=123456,id=sec0 \
> -f luks -o key-secret=sec0 demo.luks 10G
>
> Alternatively the cryptographic settings can be explicitly
> set
>
> $ qemu-img create --object secret,data=123456,id=sec0 \
> -f luks -o key-secret=sec0,cipher-alg=aes-256,\
> cipher-mode=cbc,ivgen-alg=plain64,hash-alg=sha256 \
> demo.luks 10G
>
> And query its size
>
> $ qemu-img info demo.img
> image: demo.img
> file format: luks
> virtual size: 10G (10737418240 bytes)
> disk size: 132K
> encrypted: yes
>
> Note that it was not necessary to provide the password
> when querying info for the volume. The password is only
> required when performing I/O on the volume
>
> All volumes created by this new 'luks' driver should be
> capable of being opened by the kernel dm-crypt driver.
>
> The only algorithms listed in the LUKS spec that are
> not currently supported by this impl are sha512 and
> ripemd160 hashes and cast6 cipher.
>
> A new I/O test is added which is used to validate the
> interoperability of the QEMU implementation of LUKS,
> with the dm-crypt/cryptsetup implementation. Due to
> the need to run cryptsetup as root, this test requires
> that the user have password-less sudo configured.
>
> The test is set to only run against the 'luks' format
> so needs to be manually invoked with
>
> cd tests/qemu-iotests
> ./check -luks 149
>
> Reviewed-by: Eric Blake <eblake@redhat.com>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This is a huge patch. I'm not sure if it wouldn't be better to split off
the test. I also think that having some test cases that don't require
root privileges would be helpful, so maybe the test can be split in two
halves as well, one requiring passwordless sudo and the other without
special requirements.
> block/Makefile.objs | 2 +
> block/crypto.c | 587 ++++++++++++
> qapi/block-core.json | 22 +-
> tests/qemu-iotests/149 | 521 ++++++++++
> tests/qemu-iotests/149.out | 2252 ++++++++++++++++++++++++++++++++++++++++++++
> tests/qemu-iotests/common | 7 +
> tests/qemu-iotests/group | 1 +
> 7 files changed, 3390 insertions(+), 2 deletions(-)
> create mode 100644 block/crypto.c
> create mode 100755 tests/qemu-iotests/149
> create mode 100644 tests/qemu-iotests/149.out
>
> diff --git a/block/Makefile.objs b/block/Makefile.objs
> index cdd8655..3426a15 100644
> --- a/block/Makefile.objs
> +++ b/block/Makefile.objs
> @@ -23,6 +23,8 @@ block-obj-$(CONFIG_LIBSSH2) += ssh.o
> block-obj-y += accounting.o dirty-bitmap.o
> block-obj-y += write-threshold.o
>
> +block-obj-y += crypto.o
> +
> common-obj-y += stream.o
> common-obj-y += commit.o
> common-obj-y += backup.o
> diff --git a/block/crypto.c b/block/crypto.c
> new file mode 100644
> index 0000000..5efca6c
> --- /dev/null
> +++ b/block/crypto.c
> @@ -0,0 +1,587 @@
> +/*
> + * QEMU block full disk encryption
> + *
> + * Copyright (c) 2015-2016 Red Hat, Inc.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +
> +#include "block/block_int.h"
> +#include "crypto/block.h"
> +#include "qapi/opts-visitor.h"
> +#include "qapi-visit.h"
> +
> +#define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret"
> +#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg"
> +#define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode"
> +#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg"
> +#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg"
> +#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
> +
> +typedef struct BlockCrypto BlockCrypto;
> +
> +struct BlockCrypto {
> + QCryptoBlock *block;
> + CoMutex lock;
> +};
> +
> +
> +static int block_crypto_probe_generic(QCryptoBlockFormat format,
> + const uint8_t *buf,
> + int buf_size,
> + const char *filename)
> +{
> + if (qcrypto_block_has_format(format,
> + buf, buf_size)) {
This is short enough for a single line.
> + return 100;
> + } else {
> + return 0;
> + }
> +}
> +
> +
> +static ssize_t block_crypto_read_func(QCryptoBlock *block,
> + size_t offset,
> + uint8_t *buf,
> + size_t buflen,
> + Error **errp,
> + void *opaque)
> +{
> + BlockDriverState *bs = opaque;
> + ssize_t ret;
> +
> + ret = bdrv_pread(bs->file->bs, offset, buf, buflen);
> + if (ret < 0) {
> + error_setg_errno(errp, -ret, "Could not read encryption header");
> + return ret;
> + }
> + return ret;
> +}
> +
> +
> +struct BlockCryptoCreateData {
> + const char *filename;
> + QemuOpts *opts;
> + BlockDriverState *bs;
> + uint64_t size;
> +};
> +
> +
> +static ssize_t block_crypto_write_func(QCryptoBlock *block,
> + size_t offset,
> + const uint8_t *buf,
> + size_t buflen,
> + Error **errp,
> + void *opaque)
> +{
> + struct BlockCryptoCreateData *data = opaque;
> + ssize_t ret;
> +
> + ret = bdrv_pwrite(data->bs, offset, buf, buflen);
> + if (ret < 0) {
> + error_setg_errno(errp, -ret, "Could not write encryption header");
> + return ret;
> + }
> + return ret;
> +}
> +
> +
> +static ssize_t block_crypto_init_func(QCryptoBlock *block,
> + size_t headerlen,
> + Error **errp,
> + void *opaque)
> +{
> + struct BlockCryptoCreateData *data = opaque;
> + int ret;
> +
> + /* User provided size should reflect amount of space made
> + * available to the guest, so we must take account of that
> + * which will be used by the crypto header
> + */
> + data->size += headerlen;
> +
> + qemu_opt_set_number(data->opts, BLOCK_OPT_SIZE, data->size, &error_abort);
> + ret = bdrv_create_file(data->filename, data->opts, errp);
> + if (ret < 0) {
> + return -1;
> + }
> +
> + ret = bdrv_open(&data->bs, data->filename, NULL, NULL,
> + BDRV_O_RDWR | BDRV_O_PROTOCOL, errp);
We should probably use blk_open() here like the other image format
drivers do now, and preferably use blk_*() functions to access the
image.
You will also want to specify BDRV_O_CACHE_WB (while it exists, I'm
going to remove it soon).
> + if (ret < 0) {
> + return -1;
> + }
> +
> + return 0;
> +}
> +
> +
> +static QemuOptsList block_crypto_runtime_opts_luks = {
> + .name = "crypto",
> + .head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head),
> + .desc = {
> + {
> + .name = BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
> + .type = QEMU_OPT_STRING,
> + .help = "ID of the secret that provides the encryption key",
> + },
> + { /* end of list */ }
> + },
> +};
> +
> +
> +static QemuOptsList block_crypto_create_opts_luks = {
> + .name = "crypto",
> + .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head),
> + .desc = {
> + {
> + .name = BLOCK_OPT_SIZE,
> + .type = QEMU_OPT_SIZE,
> + .help = "Virtual disk size"
> + },
> + {
> + .name = BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
> + .type = QEMU_OPT_STRING,
> + .help = "ID of the secret that provides the encryption key",
> + },
> + {
> + .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG,
> + .type = QEMU_OPT_STRING,
> + .help = "Name of encryption cipher algorithm",
> + },
> + {
> + .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE,
> + .type = QEMU_OPT_STRING,
> + .help = "Name of encryption cipher mode",
> + },
> + {
> + .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG,
> + .type = QEMU_OPT_STRING,
> + .help = "Name of IV generator algorithm",
> + },
> + {
> + .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG,
> + .type = QEMU_OPT_STRING,
> + .help = "Name of IV generator hash algorithm",
> + },
> + {
> + .name = BLOCK_CRYPTO_OPT_LUKS_HASH_ALG,
> + .type = QEMU_OPT_STRING,
> + .help = "Name of encryption hash algorithm",
> + },
> + { /* end of list */ }
> + },
> +};
> +
> +
> +static QCryptoBlockOpenOptions *
> +block_crypto_open_opts_init(QCryptoBlockFormat format,
> + QemuOpts *opts,
> + Error **errp)
> +{
> + OptsVisitor *ov;
> + QCryptoBlockOpenOptions *ret = NULL;
> + Error *local_err = NULL;
> +
> + ret = g_new0(QCryptoBlockOpenOptions, 1);
> + ret->format = format;
> +
> + ov = opts_visitor_new(opts);
> +
> + visit_start_struct(opts_get_visitor(ov),
> + "luks", NULL, 0, &local_err);
As this refers to "luks" specifically, shouldn't it be inside the switch
below?
> + if (local_err) {
> + goto out;
> + }
> +
> + switch (format) {
> + case Q_CRYPTO_BLOCK_FORMAT_LUKS:
> + visit_type_QCryptoBlockOptionsLUKS_members(
> + opts_get_visitor(ov), &ret->u.luks, &local_err);
> + break;
> +
> + default:
> + error_setg(&local_err, "Unsupported block format %d", format);
> + break;
> + }
> + error_propagate(errp, local_err);
> + local_err = NULL;
> +
> + visit_end_struct(opts_get_visitor(ov), &local_err);
> +
> + out:
> + if (local_err) {
> + error_propagate(errp, local_err);
> + qapi_free_QCryptoBlockOpenOptions(ret);
> + ret = NULL;
> + }
> + opts_visitor_cleanup(ov);
> + return ret;
> +}
> +
> +
> +static QCryptoBlockCreateOptions *
> +block_crypto_create_opts_init(QCryptoBlockFormat format,
> + QemuOpts *opts,
> + Error **errp)
> +{
> + OptsVisitor *ov;
> + QCryptoBlockCreateOptions *ret = NULL;
> + Error *local_err = NULL;
> +
> + ret = g_new0(QCryptoBlockCreateOptions, 1);
> + ret->format = format;
> +
> + ov = opts_visitor_new(opts);
> +
> + visit_start_struct(opts_get_visitor(ov),
> + "luks", NULL, 0, &local_err);
Same here.
> + if (local_err) {
> + goto out;
> + }
> +
> + switch (format) {
> + case Q_CRYPTO_BLOCK_FORMAT_LUKS:
> + visit_type_QCryptoBlockCreateOptionsLUKS_members(
> + opts_get_visitor(ov), &ret->u.luks, &local_err);
> + break;
> +
> + default:
> + error_setg(&local_err, "Unsupported block format %d", format);
> + break;
> + }
> + error_propagate(errp, local_err);
> + local_err = NULL;
> +
> + visit_end_struct(opts_get_visitor(ov), &local_err);
> +
> + out:
> + if (local_err) {
> + error_propagate(errp, local_err);
> + qapi_free_QCryptoBlockCreateOptions(ret);
> + ret = NULL;
> + }
> + opts_visitor_cleanup(ov);
> + return ret;
> +}
> +
> +
> +static int block_crypto_open_generic(QCryptoBlockFormat format,
> + QemuOptsList *opts_spec,
> + BlockDriverState *bs,
> + QDict *options,
> + int flags,
> + Error **errp)
> +{
> + BlockCrypto *crypto = bs->opaque;
> + QemuOpts *opts = NULL;
> + Error *local_err = NULL;
> + int ret = -EINVAL;
> + QCryptoBlockOpenOptions *open_opts = NULL;
> + unsigned int cflags = 0;
> +
> + opts = qemu_opts_create(opts_spec, NULL, 0, &error_abort);
> + qemu_opts_absorb_qdict(opts, options, &local_err);
> + if (local_err) {
> + error_propagate(errp, local_err);
> + goto cleanup;
> + }
> +
> + open_opts = block_crypto_open_opts_init(format, opts, errp);
> + if (!open_opts) {
> + goto cleanup;
> + }
> +
> + if (flags & BDRV_O_NO_IO) {
> + cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
> + }
> + crypto->block = qcrypto_block_open(open_opts,
> + block_crypto_read_func,
> + bs,
> + cflags,
> + errp);
> +
> + if (!crypto->block) {
> + ret = -EIO;
> + goto cleanup;
> + }
> +
> + bs->encrypted = 1;
> + bs->valid_key = 1;
> +
> + qemu_co_mutex_init(&crypto->lock);
> +
> + ret = 0;
> + cleanup:
> + qapi_free_QCryptoBlockOpenOptions(open_opts);
> + return ret;
> +}
> +
> +
> +static int block_crypto_create_generic(QCryptoBlockFormat format,
> + const char *filename,
> + QemuOpts *opts,
> + Error **errp)
> +{
> + int ret = -EINVAL;
> + QCryptoBlockCreateOptions *create_opts = NULL;
> + QCryptoBlock *crypto = NULL;
> + struct BlockCryptoCreateData data;
> +
> + data.size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
> + BDRV_SECTOR_SIZE);
> + data.opts = opts;
> + data.filename = filename;
> + data.bs = NULL;
> +
> + create_opts = block_crypto_create_opts_init(format, opts, errp);
> + if (!create_opts) {
> + return -1;
> + }
> +
> + crypto = qcrypto_block_create(create_opts,
> + block_crypto_init_func,
> + block_crypto_write_func,
> + &data,
> + errp);
> +
> + if (!crypto) {
> + ret = -EIO;
> + goto cleanup;
> + }
> +
> + ret = 0;
> + cleanup:
> + qcrypto_block_free(crypto);
> + bdrv_unref(data.bs);
> + qapi_free_QCryptoBlockCreateOptions(create_opts);
> + return ret;
> +}
> +
> +static void block_crypto_close(BlockDriverState *bs)
> +{
> + BlockCrypto *crypto = bs->opaque;
> + qcrypto_block_free(crypto->block);
> +}
> +
> +
> +#define BLOCK_CRYPTO_MAX_SECTORS 32
> +
> +static coroutine_fn int
> +block_crypto_co_readv(BlockDriverState *bs, int64_t sector_num,
> + int remaining_sectors, QEMUIOVector *qiov)
> +{
> + BlockCrypto *crypto = bs->opaque;
> + int cur_nr_sectors; /* number of sectors in current iteration */
> + uint64_t bytes_done = 0;
> + uint8_t *cipher_data = NULL;
> + QEMUIOVector hd_qiov;
> + int ret = 0;
> + size_t payload_offset =
> + qcrypto_block_get_payload_offset(crypto->block) / 512;
> +
> + qemu_iovec_init(&hd_qiov, qiov->niov);
> +
> + qemu_co_mutex_lock(&crypto->lock);
> +
> + /* Bounce buffer so we have a linear mem region for
> + * entire sector. XXX optimize so we avoid bounce
> + * buffer in case that qiov->niov == 1
> + */
> + cipher_data =
> + qemu_try_blockalign(bs->file->bs, BLOCK_CRYPTO_MAX_SECTORS * 512);
As long as we create an individual buffer for each request, shouldn't
MIN(BLOCK_CRYPTO_MAX_SECTORS * 512, qiov->size) be enough?
> + if (cipher_data == NULL) {
> + ret = -ENOMEM;
> + goto cleanup;
> + }
> +
> + while (remaining_sectors) {
> + cur_nr_sectors = remaining_sectors;
> +
> + if (cur_nr_sectors > BLOCK_CRYPTO_MAX_SECTORS) {
> + cur_nr_sectors = BLOCK_CRYPTO_MAX_SECTORS;
> + }
> +
> + qemu_iovec_reset(&hd_qiov);
> + qemu_iovec_add(&hd_qiov, cipher_data, cur_nr_sectors * 512);
> +
> + qemu_co_mutex_unlock(&crypto->lock);
Between qemu_co_mutex_lock() and here, there is no yield point...
> + ret = bdrv_co_readv(bs->file->bs,
> + payload_offset + sector_num,
> + cur_nr_sectors, &hd_qiov);
> + qemu_co_mutex_lock(&crypto->lock);
> + if (ret < 0) {
> + goto cleanup;
> + }
> +
> + if (qcrypto_block_decrypt(crypto->block,
> + sector_num,
> + cipher_data, cur_nr_sectors * 512,
> + NULL) < 0) {
> + ret = -1;
Need a real -errno code here.
> + goto cleanup;
> + }
...nor is there one between here and the end of the function.
So what does this CoMutex protect? If qcrypto_block_decrypt() needs this
for some reason (it doesn't seem to be touching anything that isn't per
request, but maybe I'm missing something), would it be clearer to put
the locking only around that call?
> +
> + qemu_iovec_from_buf(qiov, bytes_done,
> + cipher_data, cur_nr_sectors * 512);
> +
> + remaining_sectors -= cur_nr_sectors;
> + sector_num += cur_nr_sectors;
> + bytes_done += cur_nr_sectors * 512;
> + }
> +
> + cleanup:
> + qemu_co_mutex_unlock(&crypto->lock);
> +
> + qemu_iovec_destroy(&hd_qiov);
> + qemu_vfree(cipher_data);
> +
> + return ret;
> +}
> +
> +
> +static coroutine_fn int
> +block_crypto_co_writev(BlockDriverState *bs, int64_t sector_num,
> + int remaining_sectors, QEMUIOVector *qiov)
> +{
> + BlockCrypto *crypto = bs->opaque;
> + int cur_nr_sectors; /* number of sectors in current iteration */
> + uint64_t bytes_done = 0;
> + uint8_t *cipher_data = NULL;
> + QEMUIOVector hd_qiov;
> + int ret = 0;
> + size_t payload_offset =
> + qcrypto_block_get_payload_offset(crypto->block) / 512;
> +
> + qemu_iovec_init(&hd_qiov, qiov->niov);
> +
> + qemu_co_mutex_lock(&crypto->lock);
Same locking question as above.
> + /* Bounce buffer so we have a linear mem region for
> + * entire sector. XXX optimize so we avoid bounce
> + * buffer in case that qiov->niov == 1
> + */
> + cipher_data =
> + qemu_try_blockalign(bs->file->bs, BLOCK_CRYPTO_MAX_SECTORS * 512);
Same as above as well.
> + if (cipher_data == NULL) {
> + ret = -ENOMEM;
> + goto cleanup;
> + }
> +
> + while (remaining_sectors) {
> + cur_nr_sectors = remaining_sectors;
> +
> + if (cur_nr_sectors > BLOCK_CRYPTO_MAX_SECTORS) {
> + cur_nr_sectors = BLOCK_CRYPTO_MAX_SECTORS;
> + }
> +
> + qemu_iovec_to_buf(qiov, bytes_done,
> + cipher_data, cur_nr_sectors * 512);
> +
> + if (qcrypto_block_encrypt(crypto->block,
> + sector_num,
> + cipher_data, cur_nr_sectors * 512,
> + NULL) < 0) {
> + ret = -1;
> + goto cleanup;
> + }
> +
> + qemu_iovec_reset(&hd_qiov);
> + qemu_iovec_add(&hd_qiov, cipher_data, cur_nr_sectors * 512);
> +
> + qemu_co_mutex_unlock(&crypto->lock);
> + ret = bdrv_co_writev(bs->file->bs,
> + payload_offset + sector_num,
> + cur_nr_sectors, &hd_qiov);
> + qemu_co_mutex_lock(&crypto->lock);
> + if (ret < 0) {
> + goto cleanup;
> + }
> +
> + remaining_sectors -= cur_nr_sectors;
> + sector_num += cur_nr_sectors;
> + bytes_done += cur_nr_sectors * 512;
> + }
> +
> + cleanup:
> + qemu_co_mutex_unlock(&crypto->lock);
> +
> + qemu_iovec_destroy(&hd_qiov);
> + qemu_vfree(cipher_data);
> +
> + return ret;
> +}
> +
> +
> +static int64_t block_crypto_getlength(BlockDriverState *bs)
> +{
> + BlockCrypto *crypto = bs->opaque;
> + int64_t len = bdrv_getlength(bs->file->bs);
> +
> + ssize_t offset = qcrypto_block_get_payload_offset(crypto->block);
> +
> + len -= offset;
> +
> + return len;
> +}
> +
> +
> +static int block_crypto_probe_luks(const uint8_t *buf,
> + int buf_size,
> + const char *filename) {
> + return block_crypto_probe_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
> + buf, buf_size, filename);
> +}
> +
> +static int block_crypto_open_luks(BlockDriverState *bs,
> + QDict *options,
> + int flags,
> + Error **errp)
> +{
> + return block_crypto_open_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
> + &block_crypto_runtime_opts_luks,
> + bs, options, flags, errp);
> +}
> +
> +static int block_crypto_create_luks(const char *filename,
> + QemuOpts *opts,
> + Error **errp)
> +{
> + return block_crypto_create_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
> + filename, opts, errp);
> +}
> +
> +BlockDriver bdrv_crypto_luks = {
> + .format_name = "luks",
> + .instance_size = sizeof(BlockCrypto),
> + .bdrv_probe = block_crypto_probe_luks,
> + .bdrv_open = block_crypto_open_luks,
> + .bdrv_close = block_crypto_close,
> + .bdrv_create = block_crypto_create_luks,
> + .create_opts = &block_crypto_create_opts_luks,
> +
> + .bdrv_co_readv = block_crypto_co_readv,
> + .bdrv_co_writev = block_crypto_co_writev,
> + .bdrv_getlength = block_crypto_getlength,
> +};
Rather minimalistic, but we can always add the missing functions later.
> +static void block_crypto_init(void)
> +{
> + bdrv_register(&bdrv_crypto_luks);
> +}
> +
> +block_init(block_crypto_init);
> diff --git a/qapi/block-core.json b/qapi/block-core.json
> index 9bf1b22..f2103b6 100644
> --- a/qapi/block-core.json
> +++ b/qapi/block-core.json
> @@ -242,11 +242,12 @@
> # @drv: the name of the block format used to open the backing device. As of
> # 0.14.0 this can be: 'blkdebug', 'bochs', 'cloop', 'cow', 'dmg',
> # 'file', 'file', 'ftp', 'ftps', 'host_cdrom', 'host_device',
> -# 'http', 'https', 'nbd', 'parallels', 'qcow',
> +# 'http', 'https', 'luks', 'nbd', 'parallels', 'qcow',
> # 'qcow2', 'raw', 'tftp', 'vdi', 'vmdk', 'vpc', 'vvfat'
> # 2.2: 'archipelago' added, 'cow' dropped
> # 2.3: 'host_floppy' deprecated
> # 2.5: 'host_floppy' dropped
> +# 2.6: 'luks' added
> #
> # @backing_file: #optional the name of the backing file (for copy-on-write)
> #
> @@ -1639,7 +1640,7 @@
> { 'enum': 'BlockdevDriver',
> 'data': [ 'archipelago', 'blkdebug', 'blkverify', 'bochs', 'cloop',
> 'dmg', 'file', 'ftp', 'ftps', 'host_cdrom', 'host_device',
> - 'http', 'https', 'null-aio', 'null-co', 'parallels',
> + 'http', 'https', 'luks', 'null-aio', 'null-co', 'parallels',
> 'qcow', 'qcow2', 'qed', 'quorum', 'raw', 'tftp', 'vdi', 'vhdx',
> 'vmdk', 'vpc', 'vvfat' ] }
>
> @@ -1757,6 +1758,22 @@
> 'data': { 'file': 'BlockdevRef' } }
>
> ##
> +# @BlockdevOptionsLUKS
> +#
> +# Driver specific block device options for LUKS.
> +#
> +# @key-secret: #optional the ID of a QCryptoSecret object providing
> +# the decryption key (since 2.6). Mandatory except when
> +# doing a metadata-only probe of the image.
> +#
> +# Since: 2.6
> +##
> +{ 'struct': 'BlockdevOptionsLUKS',
> + 'base': 'BlockdevOptionsGenericFormat',
> + 'data': { '*key-secret': 'str' } }
> +
> +
> +##
> # @BlockdevOptionsGenericCOWFormat
> #
> # Driver specific block device options for image format that have no option
> @@ -2093,6 +2110,7 @@
> 'http': 'BlockdevOptionsFile',
> 'https': 'BlockdevOptionsFile',
> # TODO iscsi: Wait for structured options
> + 'luks': 'BlockdevOptionsLUKS',
> # TODO nbd: Should take InetSocketAddress for 'host'?
> # TODO nfs: Wait for structured options
> 'null-aio': 'BlockdevOptionsNull',
Kevin
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Qemu-devel] [PATCH v5 7/7] block: drop support for using qcow[2] encryption with system emulators
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 7/7] block: drop support for using qcow[2] encryption with system emulators Daniel P. Berrange
@ 2016-03-18 12:11 ` Kevin Wolf
2016-03-18 12:18 ` Daniel P. Berrange
0 siblings, 1 reply; 17+ messages in thread
From: Kevin Wolf @ 2016-03-18 12:11 UTC (permalink / raw)
To: Daniel P. Berrange; +Cc: Fam Zheng, qemu-devel, qemu-block
Am 17.03.2016 um 18:51 hat Daniel P. Berrange geschrieben:
> For a couple of releases we have been warning
>
> Encrypted images are deprecated
> Support for them will be removed in a future release.
> You can use 'qemu-img convert' to convert your image to an unencrypted one.
>
> This warning was issued by system emulators, qemu-img, qemu-nbd
> and qemu-io. Such a broad warning was issued because the original
> intention was to rip out all the code for dealing with encryption
> inside the QEMU block layer APIs.
>
> The new block encryption framework used for the LUKS driver does
> not rely on the unloved block layer API for encryption keys,
> instead using the QOM 'secret' object type. It is thus no longer
> appropriate to warn about encryption unconditionally.
>
> When the qcow/qcow2 drivers are converted to use the new encryption
> framework too, it will be practical to keep AES-CBC support present
> for use in qemu-img, qemu-io & qemu-nbd to allow for interoperability
> with older QEMU versions and liberation of data from existing encrypted
> qcow2 files.
>
> Thus this change, removes the deprecation warning, in its place adding
> a fatal error preventing use of qcow[2] built-in encryption inside the
> system emulators. Use of qcow[2] encryption in qemu-img, qemu-io, qemu-nbd
> no longer triggers any warning message, since that support is now expected
> to remain available long term, given the maint burden has been eliminated.
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Let's do this only after the qcow2 LUKS support has been merged so that
users have an alternative to switch to.
Kevin
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Qemu-devel] [PATCH v5 7/7] block: drop support for using qcow[2] encryption with system emulators
2016-03-18 12:11 ` Kevin Wolf
@ 2016-03-18 12:18 ` Daniel P. Berrange
0 siblings, 0 replies; 17+ messages in thread
From: Daniel P. Berrange @ 2016-03-18 12:18 UTC (permalink / raw)
To: Kevin Wolf; +Cc: Fam Zheng, qemu-devel, qemu-block
On Fri, Mar 18, 2016 at 01:11:27PM +0100, Kevin Wolf wrote:
> Am 17.03.2016 um 18:51 hat Daniel P. Berrange geschrieben:
> > For a couple of releases we have been warning
> >
> > Encrypted images are deprecated
> > Support for them will be removed in a future release.
> > You can use 'qemu-img convert' to convert your image to an unencrypted one.
> >
> > This warning was issued by system emulators, qemu-img, qemu-nbd
> > and qemu-io. Such a broad warning was issued because the original
> > intention was to rip out all the code for dealing with encryption
> > inside the QEMU block layer APIs.
> >
> > The new block encryption framework used for the LUKS driver does
> > not rely on the unloved block layer API for encryption keys,
> > instead using the QOM 'secret' object type. It is thus no longer
> > appropriate to warn about encryption unconditionally.
> >
> > When the qcow/qcow2 drivers are converted to use the new encryption
> > framework too, it will be practical to keep AES-CBC support present
> > for use in qemu-img, qemu-io & qemu-nbd to allow for interoperability
> > with older QEMU versions and liberation of data from existing encrypted
> > qcow2 files.
> >
> > Thus this change, removes the deprecation warning, in its place adding
> > a fatal error preventing use of qcow[2] built-in encryption inside the
> > system emulators. Use of qcow[2] encryption in qemu-img, qemu-io, qemu-nbd
> > no longer triggers any warning message, since that support is now expected
> > to remain available long term, given the maint burden has been eliminated.
> >
> > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
>
> Let's do this only after the qcow2 LUKS support has been merged so that
> users have an alternative to switch to.
Ok, I'll need to respin this to just move the deprecation warning
then
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Qemu-devel] [PATCH v5 6/7] block: add generic full disk encryption driver
2016-03-18 12:09 ` Kevin Wolf
@ 2016-03-18 14:45 ` Daniel P. Berrange
2016-03-18 15:19 ` Kevin Wolf
0 siblings, 1 reply; 17+ messages in thread
From: Daniel P. Berrange @ 2016-03-18 14:45 UTC (permalink / raw)
To: Kevin Wolf; +Cc: Fam Zheng, qemu-devel, qemu-block
On Fri, Mar 18, 2016 at 01:09:35PM +0100, Kevin Wolf wrote:
> Am 17.03.2016 um 18:51 hat Daniel P. Berrange geschrieben:
> > Add a block driver that is capable of supporting any full disk
> > encryption format. This utilizes the previously added block
> > encryption code, and at this time supports the LUKS format.
> >
> > The driver code is capable of supporting any format supported
> > by the QCryptoBlock module, so it registers one block driver
> > for each format. This patch only registers the "luks" driver
> > since the "qcow" driver is there only for back-compatibility
> > with existing qcow built-in encryption.
> >
> > New LUKS compatible volumes can be formatted using qemu-img
> > with defaults for all settings.
> >
> > $ qemu-img create --object secret,data=123456,id=sec0 \
> > -f luks -o key-secret=sec0 demo.luks 10G
> >
> > Alternatively the cryptographic settings can be explicitly
> > set
> >
> > $ qemu-img create --object secret,data=123456,id=sec0 \
> > -f luks -o key-secret=sec0,cipher-alg=aes-256,\
> > cipher-mode=cbc,ivgen-alg=plain64,hash-alg=sha256 \
> > demo.luks 10G
> >
> > And query its size
> >
> > $ qemu-img info demo.img
> > image: demo.img
> > file format: luks
> > virtual size: 10G (10737418240 bytes)
> > disk size: 132K
> > encrypted: yes
> >
> > Note that it was not necessary to provide the password
> > when querying info for the volume. The password is only
> > required when performing I/O on the volume
> >
> > All volumes created by this new 'luks' driver should be
> > capable of being opened by the kernel dm-crypt driver.
> >
> > The only algorithms listed in the LUKS spec that are
> > not currently supported by this impl are sha512 and
> > ripemd160 hashes and cast6 cipher.
> >
> > A new I/O test is added which is used to validate the
> > interoperability of the QEMU implementation of LUKS,
> > with the dm-crypt/cryptsetup implementation. Due to
> > the need to run cryptsetup as root, this test requires
> > that the user have password-less sudo configured.
> >
> > The test is set to only run against the 'luks' format
> > so needs to be manually invoked with
> >
> > cd tests/qemu-iotests
> > ./check -luks 149
> >
> > Reviewed-by: Eric Blake <eblake@redhat.com>
> > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
>
> This is a huge patch. I'm not sure if it wouldn't be better to split off
> the test. I also think that having some test cases that don't require
> root privileges would be helpful, so maybe the test can be split in two
> halves as well, one requiring passwordless sudo and the other without
> special requirements.
I can certainly split off the test, however, I don't think it can be
split into 2 as you describe, as both halves of the two require sudo
privileges. So in one half we're creating images with dm-crypt and
processing them with qemu, and in the other half we're creating images
with qemu-img and processing them with dm-crypt.
This test was specifically designed to validate dm-crypt interoperability,
and my intention was that "pure" QEMU block driver testing of it would be
covered by the various pre-existing I/O tests. The problem is that I need
to update those existing tests to know how to pass the right args to
qemu-img to setup passwords. If I can do that, then we'll have some good
testing cover of the luks driver without needing sudo.
So I'll look at converting a couple of key pre-existing tests to get
such coverage, and put this test in its own patch.
> > +static ssize_t block_crypto_init_func(QCryptoBlock *block,
> > + size_t headerlen,
> > + Error **errp,
> > + void *opaque)
> > +{
> > + struct BlockCryptoCreateData *data = opaque;
> > + int ret;
> > +
> > + /* User provided size should reflect amount of space made
> > + * available to the guest, so we must take account of that
> > + * which will be used by the crypto header
> > + */
> > + data->size += headerlen;
> > +
> > + qemu_opt_set_number(data->opts, BLOCK_OPT_SIZE, data->size, &error_abort);
> > + ret = bdrv_create_file(data->filename, data->opts, errp);
> > + if (ret < 0) {
> > + return -1;
> > + }
> > +
> > + ret = bdrv_open(&data->bs, data->filename, NULL, NULL,
> > + BDRV_O_RDWR | BDRV_O_PROTOCOL, errp);
>
> We should probably use blk_open() here like the other image format
> drivers do now, and preferably use blk_*() functions to access the
> image.
>
> You will also want to specify BDRV_O_CACHE_WB (while it exists, I'm
> going to remove it soon).
Ok, will do.
> > +static QCryptoBlockOpenOptions *
> > +block_crypto_open_opts_init(QCryptoBlockFormat format,
> > + QemuOpts *opts,
> > + Error **errp)
> > +{
> > + OptsVisitor *ov;
> > + QCryptoBlockOpenOptions *ret = NULL;
> > + Error *local_err = NULL;
> > +
> > + ret = g_new0(QCryptoBlockOpenOptions, 1);
> > + ret->format = format;
> > +
> > + ov = opts_visitor_new(opts);
> > +
> > + visit_start_struct(opts_get_visitor(ov),
> > + "luks", NULL, 0, &local_err);
>
> As this refers to "luks" specifically, shouldn't it be inside the switch
> below?
Or probably better if I just change it to "", since this parameter
is not actually used in this context IIRC.
> > + if (local_err) {
> > + goto out;
> > + }
> > +
> > + switch (format) {
> > + case Q_CRYPTO_BLOCK_FORMAT_LUKS:
> > + visit_type_QCryptoBlockOptionsLUKS_members(
> > + opts_get_visitor(ov), &ret->u.luks, &local_err);
> > + break;
> > +
> > + default:
> > + error_setg(&local_err, "Unsupported block format %d", format);
> > + break;
> > + }
> > + error_propagate(errp, local_err);
> > + local_err = NULL;
> > +
> > + visit_end_struct(opts_get_visitor(ov), &local_err);
> > +
> > + out:
> > + if (local_err) {
> > + error_propagate(errp, local_err);
> > + qapi_free_QCryptoBlockOpenOptions(ret);
> > + ret = NULL;
> > + }
> > + opts_visitor_cleanup(ov);
> > + return ret;
> > +}
> > +#define BLOCK_CRYPTO_MAX_SECTORS 32
> > +
> > +static coroutine_fn int
> > +block_crypto_co_readv(BlockDriverState *bs, int64_t sector_num,
> > + int remaining_sectors, QEMUIOVector *qiov)
> > +{
> > + BlockCrypto *crypto = bs->opaque;
> > + int cur_nr_sectors; /* number of sectors in current iteration */
> > + uint64_t bytes_done = 0;
> > + uint8_t *cipher_data = NULL;
> > + QEMUIOVector hd_qiov;
> > + int ret = 0;
> > + size_t payload_offset =
> > + qcrypto_block_get_payload_offset(crypto->block) / 512;
> > +
> > + qemu_iovec_init(&hd_qiov, qiov->niov);
> > +
> > + qemu_co_mutex_lock(&crypto->lock);
> > +
> > + /* Bounce buffer so we have a linear mem region for
> > + * entire sector. XXX optimize so we avoid bounce
> > + * buffer in case that qiov->niov == 1
> > + */
> > + cipher_data =
> > + qemu_try_blockalign(bs->file->bs, BLOCK_CRYPTO_MAX_SECTORS * 512);
>
> As long as we create an individual buffer for each request, shouldn't
> MIN(BLOCK_CRYPTO_MAX_SECTORS * 512, qiov->size) be enough?
Yes, you're right. I didn't realize there was a pre-calcuated total
size field in QEMUIOVector
> > + if (cipher_data == NULL) {
> > + ret = -ENOMEM;
> > + goto cleanup;
> > + }
> > +
> > + while (remaining_sectors) {
> > + cur_nr_sectors = remaining_sectors;
> > +
> > + if (cur_nr_sectors > BLOCK_CRYPTO_MAX_SECTORS) {
> > + cur_nr_sectors = BLOCK_CRYPTO_MAX_SECTORS;
> > + }
> > +
> > + qemu_iovec_reset(&hd_qiov);
> > + qemu_iovec_add(&hd_qiov, cipher_data, cur_nr_sectors * 512);
> > +
> > + qemu_co_mutex_unlock(&crypto->lock);
>
> Between qemu_co_mutex_lock() and here, there is no yield point...
>
> > + ret = bdrv_co_readv(bs->file->bs,
> > + payload_offset + sector_num,
> > + cur_nr_sectors, &hd_qiov);
> > + qemu_co_mutex_lock(&crypto->lock);
> > + if (ret < 0) {
> > + goto cleanup;
> > + }
> > +
> > + if (qcrypto_block_decrypt(crypto->block,
> > + sector_num,
> > + cipher_data, cur_nr_sectors * 512,
> > + NULL) < 0) {
> > + ret = -1;
>
> Need a real -errno code here.
>
> > + goto cleanup;
> > + }
>
> ...nor is there one between here and the end of the function.
>
> So what does this CoMutex protect? If qcrypto_block_decrypt() needs this
> for some reason (it doesn't seem to be touching anything that isn't per
> request, but maybe I'm missing something), would it be clearer to put
> the locking only around that call?
This just a result of me blindly copying the locking pattern from
qcow2.c qcow2_co_readv() method without really understanding what
it was protecting.
If it not possible for two calls to bdrv_co_readv() to run in
parallel, then I can drop this mutex.
>
> > +
> > + qemu_iovec_from_buf(qiov, bytes_done,
> > + cipher_data, cur_nr_sectors * 512);
> > +
> > + remaining_sectors -= cur_nr_sectors;
> > + sector_num += cur_nr_sectors;
> > + bytes_done += cur_nr_sectors * 512;
> > + }
> > +
> > + cleanup:
> > + qemu_co_mutex_unlock(&crypto->lock);
> > +
> > + qemu_iovec_destroy(&hd_qiov);
> > + qemu_vfree(cipher_data);
> > +
> > + return ret;
> > +}
> > +
> > +BlockDriver bdrv_crypto_luks = {
> > + .format_name = "luks",
> > + .instance_size = sizeof(BlockCrypto),
> > + .bdrv_probe = block_crypto_probe_luks,
> > + .bdrv_open = block_crypto_open_luks,
> > + .bdrv_close = block_crypto_close,
> > + .bdrv_create = block_crypto_create_luks,
> > + .create_opts = &block_crypto_create_opts_luks,
> > +
> > + .bdrv_co_readv = block_crypto_co_readv,
> > + .bdrv_co_writev = block_crypto_co_writev,
> > + .bdrv_getlength = block_crypto_getlength,
> > +};
>
> Rather minimalistic, but we can always add the missing functions later.
Do you have any recommendations on which are top priority / important
callbacks to add support for so I can prioritize future effort.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Qemu-devel] [PATCH v5 6/7] block: add generic full disk encryption driver
2016-03-18 14:45 ` Daniel P. Berrange
@ 2016-03-18 15:19 ` Kevin Wolf
2016-03-18 15:37 ` Daniel P. Berrange
2016-03-23 20:44 ` Eric Blake
0 siblings, 2 replies; 17+ messages in thread
From: Kevin Wolf @ 2016-03-18 15:19 UTC (permalink / raw)
To: Daniel P. Berrange; +Cc: Fam Zheng, qemu-devel, qemu-block
Am 18.03.2016 um 15:45 hat Daniel P. Berrange geschrieben:
> On Fri, Mar 18, 2016 at 01:09:35PM +0100, Kevin Wolf wrote:
> > Am 17.03.2016 um 18:51 hat Daniel P. Berrange geschrieben:
> > > Add a block driver that is capable of supporting any full disk
> > > encryption format. This utilizes the previously added block
> > > encryption code, and at this time supports the LUKS format.
> > >
> > > The driver code is capable of supporting any format supported
> > > by the QCryptoBlock module, so it registers one block driver
> > > for each format. This patch only registers the "luks" driver
> > > since the "qcow" driver is there only for back-compatibility
> > > with existing qcow built-in encryption.
> > >
> > > New LUKS compatible volumes can be formatted using qemu-img
> > > with defaults for all settings.
> > >
> > > $ qemu-img create --object secret,data=123456,id=sec0 \
> > > -f luks -o key-secret=sec0 demo.luks 10G
> > >
> > > Alternatively the cryptographic settings can be explicitly
> > > set
> > >
> > > $ qemu-img create --object secret,data=123456,id=sec0 \
> > > -f luks -o key-secret=sec0,cipher-alg=aes-256,\
> > > cipher-mode=cbc,ivgen-alg=plain64,hash-alg=sha256 \
> > > demo.luks 10G
> > >
> > > And query its size
> > >
> > > $ qemu-img info demo.img
> > > image: demo.img
> > > file format: luks
> > > virtual size: 10G (10737418240 bytes)
> > > disk size: 132K
> > > encrypted: yes
> > >
> > > Note that it was not necessary to provide the password
> > > when querying info for the volume. The password is only
> > > required when performing I/O on the volume
> > >
> > > All volumes created by this new 'luks' driver should be
> > > capable of being opened by the kernel dm-crypt driver.
> > >
> > > The only algorithms listed in the LUKS spec that are
> > > not currently supported by this impl are sha512 and
> > > ripemd160 hashes and cast6 cipher.
> > >
> > > A new I/O test is added which is used to validate the
> > > interoperability of the QEMU implementation of LUKS,
> > > with the dm-crypt/cryptsetup implementation. Due to
> > > the need to run cryptsetup as root, this test requires
> > > that the user have password-less sudo configured.
> > >
> > > The test is set to only run against the 'luks' format
> > > so needs to be manually invoked with
> > >
> > > cd tests/qemu-iotests
> > > ./check -luks 149
> > >
> > > Reviewed-by: Eric Blake <eblake@redhat.com>
> > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> >
> > This is a huge patch. I'm not sure if it wouldn't be better to split off
> > the test. I also think that having some test cases that don't require
> > root privileges would be helpful, so maybe the test can be split in two
> > halves as well, one requiring passwordless sudo and the other without
> > special requirements.
>
> I can certainly split off the test, however, I don't think it can be
> split into 2 as you describe, as both halves of the two require sudo
> privileges. So in one half we're creating images with dm-crypt and
> processing them with qemu, and in the other half we're creating images
> with qemu-img and processing them with dm-crypt.
Yes, I only read the test case after writing this comment.
> This test was specifically designed to validate dm-crypt interoperability,
> and my intention was that "pure" QEMU block driver testing of it would be
> covered by the various pre-existing I/O tests. The problem is that I need
> to update those existing tests to know how to pass the right args to
> qemu-img to setup passwords. If I can do that, then we'll have some good
> testing cover of the luks driver without needing sudo.
>
> So I'll look at converting a couple of key pre-existing tests to get
> such coverage, and put this test in its own patch.
Okay, that makes sense. Then we don't need a new test case.
> > > +static QCryptoBlockOpenOptions *
> > > +block_crypto_open_opts_init(QCryptoBlockFormat format,
> > > + QemuOpts *opts,
> > > + Error **errp)
> > > +{
> > > + OptsVisitor *ov;
> > > + QCryptoBlockOpenOptions *ret = NULL;
> > > + Error *local_err = NULL;
> > > +
> > > + ret = g_new0(QCryptoBlockOpenOptions, 1);
> > > + ret->format = format;
> > > +
> > > + ov = opts_visitor_new(opts);
> > > +
> > > + visit_start_struct(opts_get_visitor(ov),
> > > + "luks", NULL, 0, &local_err);
> >
> > As this refers to "luks" specifically, shouldn't it be inside the switch
> > below?
>
> Or probably better if I just change it to "", since this parameter
> is not actually used in this context IIRC.
NULL then? It would be very obvious then if it were used against our
expectations.
> > > +#define BLOCK_CRYPTO_MAX_SECTORS 32
> > > +
> > > +static coroutine_fn int
> > > +block_crypto_co_readv(BlockDriverState *bs, int64_t sector_num,
> > > + int remaining_sectors, QEMUIOVector *qiov)
> > > +{
> > > + BlockCrypto *crypto = bs->opaque;
> > > + int cur_nr_sectors; /* number of sectors in current iteration */
> > > + uint64_t bytes_done = 0;
> > > + uint8_t *cipher_data = NULL;
> > > + QEMUIOVector hd_qiov;
> > > + int ret = 0;
> > > + size_t payload_offset =
> > > + qcrypto_block_get_payload_offset(crypto->block) / 512;
> > > +
> > > + qemu_iovec_init(&hd_qiov, qiov->niov);
> > > +
> > > + qemu_co_mutex_lock(&crypto->lock);
> > > +
> > > + /* Bounce buffer so we have a linear mem region for
> > > + * entire sector. XXX optimize so we avoid bounce
> > > + * buffer in case that qiov->niov == 1
> > > + */
> > > + cipher_data =
> > > + qemu_try_blockalign(bs->file->bs, BLOCK_CRYPTO_MAX_SECTORS * 512);
> >
> > As long as we create an individual buffer for each request, shouldn't
> > MIN(BLOCK_CRYPTO_MAX_SECTORS * 512, qiov->size) be enough?
>
> Yes, you're right. I didn't realize there was a pre-calcuated total
> size field in QEMUIOVector
>
> > > + if (cipher_data == NULL) {
> > > + ret = -ENOMEM;
> > > + goto cleanup;
> > > + }
> > > +
> > > + while (remaining_sectors) {
> > > + cur_nr_sectors = remaining_sectors;
> > > +
> > > + if (cur_nr_sectors > BLOCK_CRYPTO_MAX_SECTORS) {
> > > + cur_nr_sectors = BLOCK_CRYPTO_MAX_SECTORS;
> > > + }
> > > +
> > > + qemu_iovec_reset(&hd_qiov);
> > > + qemu_iovec_add(&hd_qiov, cipher_data, cur_nr_sectors * 512);
> > > +
> > > + qemu_co_mutex_unlock(&crypto->lock);
> >
> > Between qemu_co_mutex_lock() and here, there is no yield point...
> >
> > > + ret = bdrv_co_readv(bs->file->bs,
> > > + payload_offset + sector_num,
> > > + cur_nr_sectors, &hd_qiov);
> > > + qemu_co_mutex_lock(&crypto->lock);
> > > + if (ret < 0) {
> > > + goto cleanup;
> > > + }
> > > +
> > > + if (qcrypto_block_decrypt(crypto->block,
> > > + sector_num,
> > > + cipher_data, cur_nr_sectors * 512,
> > > + NULL) < 0) {
> > > + ret = -1;
> >
> > Need a real -errno code here.
> >
> > > + goto cleanup;
> > > + }
> >
> > ...nor is there one between here and the end of the function.
> >
> > So what does this CoMutex protect? If qcrypto_block_decrypt() needs this
> > for some reason (it doesn't seem to be touching anything that isn't per
> > request, but maybe I'm missing something), would it be clearer to put
> > the locking only around that call?
>
> This just a result of me blindly copying the locking pattern from
> qcow2.c qcow2_co_readv() method without really understanding what
> it was protecting.
qcow2 protects a few fields in BDRVQcow2State and metadata that is used
and possibly modified by requests. For example, after reading in some
metadata, another request could make changes that invalidate it, and we
need to protect against that.
I don't see that the crypto driver relies on any global (i.e. not
per-request) state either in memory or on disk, except for things that
are never changed after open, so the lock might not be needed.
> If it not possible for two calls to bdrv_co_readv() to run in
> parallel, then I can drop this mutex.
They can. The obvious yield point where a coroutine switch can happen is
the bdrv_co_readv() call above (but you already unlock for that one).
Unless qcrypto_block_decrypt() does some I/O internally, we can't have
any other yield points.
> > > +BlockDriver bdrv_crypto_luks = {
> > > + .format_name = "luks",
> > > + .instance_size = sizeof(BlockCrypto),
> > > + .bdrv_probe = block_crypto_probe_luks,
> > > + .bdrv_open = block_crypto_open_luks,
> > > + .bdrv_close = block_crypto_close,
> > > + .bdrv_create = block_crypto_create_luks,
> > > + .create_opts = &block_crypto_create_opts_luks,
> > > +
> > > + .bdrv_co_readv = block_crypto_co_readv,
> > > + .bdrv_co_writev = block_crypto_co_writev,
> > > + .bdrv_getlength = block_crypto_getlength,
> > > +};
> >
> > Rather minimalistic, but we can always add the missing functions later.
>
> Do you have any recommendations on which are top priority / important
> callbacks to add support for so I can prioritize future effort.
Hm... I was thinking of has_zero_init/discard/get_block_status, but I'm
not sure how interesting that really is with encryption.
In theory, we could discard with undefined contents as the result, if we
don't mind that we would be exposing that information (on the other
hand, encrypted qcow2 images will expose it, too). And you have to
enable unmap manually anyway.
Efficient zero write is out of question, I'm afraid.
The other thing that would be nice are several functions that provide
information about the image, like refresh_limits, bdrv_info, etc.
Kevin
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Qemu-devel] [PATCH v5 6/7] block: add generic full disk encryption driver
2016-03-18 15:19 ` Kevin Wolf
@ 2016-03-18 15:37 ` Daniel P. Berrange
2016-03-18 15:46 ` Daniel P. Berrange
2016-03-23 20:44 ` Eric Blake
1 sibling, 1 reply; 17+ messages in thread
From: Daniel P. Berrange @ 2016-03-18 15:37 UTC (permalink / raw)
To: Kevin Wolf; +Cc: Fam Zheng, qemu-devel, qemu-block
On Fri, Mar 18, 2016 at 04:19:07PM +0100, Kevin Wolf wrote:
> Am 18.03.2016 um 15:45 hat Daniel P. Berrange geschrieben:
> > On Fri, Mar 18, 2016 at 01:09:35PM +0100, Kevin Wolf wrote:
> > > Am 17.03.2016 um 18:51 hat Daniel P. Berrange geschrieben:
> > > > + ret = bdrv_co_readv(bs->file->bs,
> > > > + payload_offset + sector_num,
> > > > + cur_nr_sectors, &hd_qiov);
> > > > + qemu_co_mutex_lock(&crypto->lock);
> > > > + if (ret < 0) {
> > > > + goto cleanup;
> > > > + }
> > > > +
> > > > + if (qcrypto_block_decrypt(crypto->block,
> > > > + sector_num,
> > > > + cipher_data, cur_nr_sectors * 512,
> > > > + NULL) < 0) {
> > > > + ret = -1;
> > >
> > > Need a real -errno code here.
> > >
> > > > + goto cleanup;
> > > > + }
> > >
> > > ...nor is there one between here and the end of the function.
> > >
> > > So what does this CoMutex protect? If qcrypto_block_decrypt() needs this
> > > for some reason (it doesn't seem to be touching anything that isn't per
> > > request, but maybe I'm missing something), would it be clearer to put
> > > the locking only around that call?
> >
> > This just a result of me blindly copying the locking pattern from
> > qcow2.c qcow2_co_readv() method without really understanding what
> > it was protecting.
>
> qcow2 protects a few fields in BDRVQcow2State and metadata that is used
> and possibly modified by requests. For example, after reading in some
> metadata, another request could make changes that invalidate it, and we
> need to protect against that.
>
> I don't see that the crypto driver relies on any global (i.e. not
> per-request) state either in memory or on disk, except for things that
> are never changed after open, so the lock might not be needed.
Actually it does have global state - the QCryptoCipher object that's
into the QCryptoBlock object must not be used concurrently by multiple
threads, as each thread will need to initialize different IV data.
> > If it not possible for two calls to bdrv_co_readv() to run in
> > parallel, then I can drop this mutex.
>
> They can. The obvious yield point where a coroutine switch can happen is
> the bdrv_co_readv() call above (but you already unlock for that one).
> Unless qcrypto_block_decrypt() does some I/O internally, we can't have
> any other yield points.
Ok, so we do need the mutex then to protect the cipher object state
against concurrent use.
> > > > +BlockDriver bdrv_crypto_luks = {
> > > > + .format_name = "luks",
> > > > + .instance_size = sizeof(BlockCrypto),
> > > > + .bdrv_probe = block_crypto_probe_luks,
> > > > + .bdrv_open = block_crypto_open_luks,
> > > > + .bdrv_close = block_crypto_close,
> > > > + .bdrv_create = block_crypto_create_luks,
> > > > + .create_opts = &block_crypto_create_opts_luks,
> > > > +
> > > > + .bdrv_co_readv = block_crypto_co_readv,
> > > > + .bdrv_co_writev = block_crypto_co_writev,
> > > > + .bdrv_getlength = block_crypto_getlength,
> > > > +};
> > >
> > > Rather minimalistic, but we can always add the missing functions later.
> >
> > Do you have any recommendations on which are top priority / important
> > callbacks to add support for so I can prioritize future effort.
>
> Hm... I was thinking of has_zero_init/discard/get_block_status, but I'm
> not sure how interesting that really is with encryption.
>
> In theory, we could discard with undefined contents as the result, if we
> don't mind that we would be exposing that information (on the other
> hand, encrypted qcow2 images will expose it, too). And you have to
> enable unmap manually anyway.
>
> Efficient zero write is out of question, I'm afraid.
>
> The other thing that would be nice are several functions that provide
> information about the image, like refresh_limits, bdrv_info, etc.
Ok, I'll have a look at these.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Qemu-devel] [PATCH v5 6/7] block: add generic full disk encryption driver
2016-03-18 15:37 ` Daniel P. Berrange
@ 2016-03-18 15:46 ` Daniel P. Berrange
0 siblings, 0 replies; 17+ messages in thread
From: Daniel P. Berrange @ 2016-03-18 15:46 UTC (permalink / raw)
To: Kevin Wolf; +Cc: Fam Zheng, qemu-devel, qemu-block
On Fri, Mar 18, 2016 at 03:37:12PM +0000, Daniel P. Berrange wrote:
> On Fri, Mar 18, 2016 at 04:19:07PM +0100, Kevin Wolf wrote:
> > Am 18.03.2016 um 15:45 hat Daniel P. Berrange geschrieben:
> > > On Fri, Mar 18, 2016 at 01:09:35PM +0100, Kevin Wolf wrote:
> > > > Am 17.03.2016 um 18:51 hat Daniel P. Berrange geschrieben:
> > > > > + ret = bdrv_co_readv(bs->file->bs,
> > > > > + payload_offset + sector_num,
> > > > > + cur_nr_sectors, &hd_qiov);
> > > > > + qemu_co_mutex_lock(&crypto->lock);
> > > > > + if (ret < 0) {
> > > > > + goto cleanup;
> > > > > + }
> > > > > +
> > > > > + if (qcrypto_block_decrypt(crypto->block,
> > > > > + sector_num,
> > > > > + cipher_data, cur_nr_sectors * 512,
> > > > > + NULL) < 0) {
> > > > > + ret = -1;
> > > >
> > > > Need a real -errno code here.
> > > >
> > > > > + goto cleanup;
> > > > > + }
> > > >
> > > > ...nor is there one between here and the end of the function.
> > > >
> > > > So what does this CoMutex protect? If qcrypto_block_decrypt() needs this
> > > > for some reason (it doesn't seem to be touching anything that isn't per
> > > > request, but maybe I'm missing something), would it be clearer to put
> > > > the locking only around that call?
> > >
> > > This just a result of me blindly copying the locking pattern from
> > > qcow2.c qcow2_co_readv() method without really understanding what
> > > it was protecting.
> >
> > qcow2 protects a few fields in BDRVQcow2State and metadata that is used
> > and possibly modified by requests. For example, after reading in some
> > metadata, another request could make changes that invalidate it, and we
> > need to protect against that.
> >
> > I don't see that the crypto driver relies on any global (i.e. not
> > per-request) state either in memory or on disk, except for things that
> > are never changed after open, so the lock might not be needed.
>
> Actually it does have global state - the QCryptoCipher object that's
> into the QCryptoBlock object must not be used concurrently by multiple
> threads, as each thread will need to initialize different IV data.
>
> > > If it not possible for two calls to bdrv_co_readv() to run in
> > > parallel, then I can drop this mutex.
> >
> > They can. The obvious yield point where a coroutine switch can happen is
> > the bdrv_co_readv() call above (but you already unlock for that one).
> > Unless qcrypto_block_decrypt() does some I/O internally, we can't have
> > any other yield points.
>
> Ok, so we do need the mutex then to protect the cipher object state
> against concurrent use.
Ignore this comment & the one above. Since we're using coroutines the
qcrypto_block_decrypt() calls can't ever be running truely concurrently.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Qemu-devel] [PATCH v5 6/7] block: add generic full disk encryption driver
2016-03-18 15:19 ` Kevin Wolf
2016-03-18 15:37 ` Daniel P. Berrange
@ 2016-03-23 20:44 ` Eric Blake
1 sibling, 0 replies; 17+ messages in thread
From: Eric Blake @ 2016-03-23 20:44 UTC (permalink / raw)
To: Kevin Wolf, Daniel P. Berrange; +Cc: Fam Zheng, qemu-devel, qemu-block
[-- Attachment #1: Type: text/plain, Size: 882 bytes --]
On 03/18/2016 09:19 AM, Kevin Wolf wrote:
>>>> + ov = opts_visitor_new(opts);
>>>> +
>>>> + visit_start_struct(opts_get_visitor(ov),
>>>> + "luks", NULL, 0, &local_err);
>>>
>>> As this refers to "luks" specifically, shouldn't it be inside the switch
>>> below?
>>
>> Or probably better if I just change it to "", since this parameter
>> is not actually used in this context IIRC.
>
> NULL then? It would be very obvious then if it were used against our
> expectations.
Yes, please. The QMP input visitor has a bug where passing non-NULL at
the top-level visit can cause weird behavior with parsing an extra {}; I
have patches to fix it, but in the meantime consistently passing NULL
for the top-level visit is safest.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2016-03-23 20:44 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-03-17 17:51 [Qemu-devel] [PATCH v5 0/7] Add new LUKS block driver (for 2.6) Daniel P. Berrange
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 1/7] block: add flag to indicate that no I/O will be performed Daniel P. Berrange
2016-03-18 11:01 ` Kevin Wolf
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 2/7] qemu-img/qemu-io: don't prompt for passwords if not required Daniel P. Berrange
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 3/7] tests: redirect stderr to stdout for iotests Daniel P. Berrange
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 4/7] tests: refactor python I/O tests helper main method Daniel P. Berrange
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 5/7] tests: add output filter to python I/O tests helper Daniel P. Berrange
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 6/7] block: add generic full disk encryption driver Daniel P. Berrange
2016-03-18 12:09 ` Kevin Wolf
2016-03-18 14:45 ` Daniel P. Berrange
2016-03-18 15:19 ` Kevin Wolf
2016-03-18 15:37 ` Daniel P. Berrange
2016-03-18 15:46 ` Daniel P. Berrange
2016-03-23 20:44 ` Eric Blake
2016-03-17 17:51 ` [Qemu-devel] [PATCH v5 7/7] block: drop support for using qcow[2] encryption with system emulators Daniel P. Berrange
2016-03-18 12:11 ` Kevin Wolf
2016-03-18 12:18 ` Daniel P. Berrange
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.