From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, Kevin Wolf <kwolf@redhat.com>,
Max Reitz <mreitz@redhat.com>,
Markus Armbruster <armbru@redhat.com>,
Michael Roth <mdroth@linux.vnet.ibm.com>,
Eric Blake <eblake@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>
Subject: [Qemu-devel] [PATCH v1 2/6] block: export LUKS specific data to qemu-img info
Date: Tue, 7 Jun 2016 11:11:11 +0100 [thread overview]
Message-ID: <1465294275-8733-3-git-send-email-berrange@redhat.com> (raw)
In-Reply-To: <1465294275-8733-1-git-send-email-berrange@redhat.com>
The qemu-img info command has the ability to expose format
specific metadata about volumes. Wire up this facility for
the LUKS driver to report on cipher configuration and key
slot usage.
$ qemu-img info ~/VirtualMachines/demo.luks
image: /home/berrange/VirtualMachines/demo.luks
file format: luks
virtual size: 98M (102760448 bytes)
disk size: 100M
encrypted: yes
Format specific information:
ivgen alg: plain64
hash alg: sha1
cipher alg: aes-128
uuid: 6ddee74b-3a22-408c-8909-6789d4fa2594
cipher mode: xts
slots:
[0]:
active: true
iters: 572706
key offset: 8
stripes: 4000
[1]:
active: false
iters: 0
key offset: 264
stripes: 4000
[2]:
active: false
iters: 0
key offset: 520
stripes: 4000
[3]:
active: false
iters: 0
key offset: 776
stripes: 4000
[4]:
active: false
iters: 0
key offset: 1032
stripes: 4000
[5]:
active: false
iters: 0
key offset: 1288
stripes: 4000
[6]:
active: false
iters: 0
key offset: 1544
stripes: 4000
[7]:
active: false
iters: 0
key offset: 1800
stripes: 4000
payload offset: 2097152
master key iters: 142375
One somewhat undesirable artifact is that the data fields are
printed out in (apparantly) random order. This will be addressed
later by changing the way the block layer pretty-prints the
image specific data.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/crypto.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++
qapi/block-core.json | 34 +++++++++++++++++++++-
2 files changed, 113 insertions(+), 1 deletion(-)
diff --git a/block/crypto.c b/block/crypto.c
index 758e14e..6f12c4d 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -565,6 +565,84 @@ static int block_crypto_create_luks(const char *filename,
filename, opts, errp);
}
+static int block_crypto_get_info_luks(BlockDriverState *bs,
+ BlockDriverInfo *bdi)
+{
+ BlockDriverInfo subbdi;
+ int ret;
+
+ ret = bdrv_get_info(bs->file->bs, &subbdi);
+ if (ret != 0) {
+ return ret;
+ }
+
+ bdi->unallocated_blocks_are_zero = false;
+ bdi->can_write_zeroes_with_unmap = false;
+ bdi->cluster_size = subbdi.cluster_size;
+
+ return 0;
+}
+
+static ImageInfoSpecific *
+block_crypto_get_specific_info_luks(BlockDriverState *bs)
+{
+ BlockCrypto *crypto = bs->opaque;
+ ImageInfoSpecific *spec_info;
+ QCryptoBlockInfo *info;
+ QCryptoBlockInfoLUKSSlot *luks_slot;
+ QCryptoBlockInfoLUKSSlotList *luks_slots;
+ ImageInfoSpecificLUKSSlot *slot;
+ ImageInfoSpecificLUKSSlotList *slots, *prev = NULL;
+
+ info = qcrypto_block_get_info(crypto->block, NULL);
+ if (!info) {
+ return NULL;
+ }
+ if (info->format != Q_CRYPTO_BLOCK_FORMAT_LUKS) {
+ qapi_free_QCryptoBlockInfo(info);
+ return NULL;
+ }
+
+ spec_info = g_new(ImageInfoSpecific, 1);
+ spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS;
+ spec_info->u.luks.data = g_new(ImageInfoSpecificLUKS, 1);
+ spec_info->u.luks.data->cipher_alg = info->u.luks.cipher_alg;
+ spec_info->u.luks.data->cipher_mode = info->u.luks.cipher_mode;
+ spec_info->u.luks.data->ivgen_alg = info->u.luks.ivgen_alg;
+ spec_info->u.luks.data->has_ivgen_hash_alg =
+ info->u.luks.has_ivgen_hash_alg;
+ spec_info->u.luks.data->ivgen_hash_alg = info->u.luks.ivgen_hash_alg;
+ spec_info->u.luks.data->hash_alg = info->u.luks.hash_alg;
+ spec_info->u.luks.data->payload_offset = info->u.luks.payload_offset;
+ spec_info->u.luks.data->master_key_iters = info->u.luks.master_key_iters;
+ spec_info->u.luks.data->uuid = g_strdup(info->u.luks.uuid);
+
+ luks_slots = info->u.luks.slots;
+ while (luks_slots) {
+ luks_slot = luks_slots->value;
+
+ slots = g_new0(ImageInfoSpecificLUKSSlotList, 1);
+ if (prev == NULL) {
+ spec_info->u.luks.data->slots = slots;
+ } else {
+ prev->next = slots;
+ }
+
+ slots->value = slot = g_new0(ImageInfoSpecificLUKSSlot, 1);
+ slot->active = luks_slot->active;
+ slot->iters = luks_slot->iters;
+ slot->stripes = luks_slot->stripes;
+ slot->key_offset = luks_slot->key_offset;
+
+ prev = slots;
+ luks_slots = luks_slots->next;
+ }
+
+ qapi_free_QCryptoBlockInfo(info);
+
+ return spec_info;
+}
+
BlockDriver bdrv_crypto_luks = {
.format_name = "luks",
.instance_size = sizeof(BlockCrypto),
@@ -578,6 +656,8 @@ BlockDriver bdrv_crypto_luks = {
.bdrv_co_readv = block_crypto_co_readv,
.bdrv_co_writev = block_crypto_co_writev,
.bdrv_getlength = block_crypto_getlength,
+ .bdrv_get_info = block_crypto_get_info_luks,
+ .bdrv_get_specific_info = block_crypto_get_specific_info_luks,
};
static void block_crypto_init(void)
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 98a20d2..58a6093 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -74,6 +74,37 @@
'extents': ['ImageInfo']
} }
+
+{ 'struct': 'ImageInfoSpecificLUKSSlot',
+ 'data': {'active': 'bool',
+ 'iters': 'int',
+ 'stripes': 'int',
+ 'key-offset': 'int' } }
+
+##
+# @ImageInfoSpecificLUKS:
+#
+# @cipher-alg: the cipher algorithm for data encryption
+# @cipher-mode: the cipher mode for data encryption
+# @ivgen-alg: the initialization vector generator
+# @ivgen-hash-alg: the initialization vector generator hash
+# @hash-alg: the master key hash algorithm
+#
+# Since: 2.7
+##
+{ 'struct': 'ImageInfoSpecificLUKS',
+ 'data': {
+ 'cipher-alg': 'QCryptoCipherAlgorithm',
+ 'cipher-mode': 'QCryptoCipherMode',
+ 'ivgen-alg': 'QCryptoIVGenAlgorithm',
+ '*ivgen-hash-alg': 'QCryptoHashAlgorithm',
+ 'hash-alg': 'QCryptoHashAlgorithm',
+ 'payload-offset': 'int',
+ 'master-key-iters': 'int',
+ 'uuid': 'str',
+ 'slots': [ 'ImageInfoSpecificLUKSSlot' ]
+ } }
+
##
# @ImageInfoSpecific:
#
@@ -85,7 +116,8 @@
{ 'union': 'ImageInfoSpecific',
'data': {
'qcow2': 'ImageInfoSpecificQCow2',
- 'vmdk': 'ImageInfoSpecificVmdk'
+ 'vmdk': 'ImageInfoSpecificVmdk',
+ 'luks': 'ImageInfoSpecificLUKS'
} }
##
--
2.5.5
next prev parent reply other threads:[~2016-06-07 10:11 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-07 10:11 [Qemu-devel] [PATCH v1 0/6] Report format specific info for LUKS block driver Daniel P. Berrange
2016-06-07 10:11 ` [Qemu-devel] [PATCH v1 1/6] crypto: add support for querying parameters for block encryption Daniel P. Berrange
2016-06-07 14:17 ` Eric Blake
2016-06-07 10:11 ` Daniel P. Berrange [this message]
2016-06-07 15:36 ` [Qemu-devel] [PATCH v1 2/6] block: export LUKS specific data to qemu-img info Eric Blake
2016-06-07 15:51 ` Daniel P. Berrange
2016-06-07 16:11 ` Eric Blake
2016-06-07 10:11 ` [Qemu-devel] [PATCH v1 3/6] qapi: assert that visitor impls have required callbacks Daniel P. Berrange
2016-06-07 15:40 ` Eric Blake
2016-06-07 15:46 ` Daniel P. Berrange
2016-06-07 10:11 ` [Qemu-devel] [PATCH v1 4/6] qapi: add a text output visitor for pretty printing types Daniel P. Berrange
2016-06-07 16:09 ` Eric Blake
2016-06-07 16:20 ` Daniel P. Berrange
2016-06-07 16:40 ` Eric Blake
2016-06-07 16:45 ` Daniel P. Berrange
2016-06-07 10:11 ` [Qemu-devel] [PATCH v1 5/6] qapi: generate a qapi_stringify_TYPENAME method for all types Daniel P. Berrange
2016-06-07 16:23 ` Eric Blake
2016-06-07 10:11 ` [Qemu-devel] [PATCH v1 6/6] block: convert to use qapi_stringify_ImageInfoSpecific Daniel P. Berrange
2016-06-07 16:59 ` Eric Blake
2016-06-07 12:04 ` [Qemu-devel] [PATCH v1 0/6] Report format specific info for LUKS block driver Eric Blake
2016-06-07 14:35 ` Daniel P. Berrange
2016-06-14 13:56 ` Max Reitz
2016-06-14 14:05 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1465294275-8733-3-git-send-email-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=kwolf@redhat.com \
--cc=mdroth@linux.vnet.ibm.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.