From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, Max Reitz <mreitz@redhat.com>,
Kevin Wolf <kwolf@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>
Subject: [Qemu-devel] [PATCH v3 18/18] block: pass option prefix down to crypto layer
Date: Thu, 26 Jan 2017 10:18:27 +0000 [thread overview]
Message-ID: <20170126101827.22378-19-berrange@redhat.com> (raw)
In-Reply-To: <20170126101827.22378-1-berrange@redhat.com>
While the crypto layer uses a fixed option name "key-secret",
the upper block layer may have a prefix on the options. e.g.
"luks-key-secret", "aes-key-secret", in order to avoid clashes
between crypto option names & other block option names. To
ensure the crypto layer can report accurate error messages,
we must tell it what option name prefix was used.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/crypto.c | 4 ++--
block/qcow.c | 7 ++++---
block/qcow2.c | 15 +++++++++------
crypto/block-luks.c | 8 ++++++--
crypto/block-qcow.c | 8 ++++++--
crypto/block.c | 6 ++++--
crypto/blockpriv.h | 2 ++
include/crypto/block.h | 6 +++++-
8 files changed, 38 insertions(+), 18 deletions(-)
diff --git a/block/crypto.c b/block/crypto.c
index 6d6bd90..22bc6ba 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -369,7 +369,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
if (flags & BDRV_O_NO_IO) {
cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
}
- crypto->block = qcrypto_block_open(open_opts,
+ crypto->block = qcrypto_block_open(open_opts, NULL,
block_crypto_read_func,
bs,
cflags,
@@ -409,7 +409,7 @@ static int block_crypto_create_generic(QCryptoBlockFormat format,
return -1;
}
- crypto = qcrypto_block_create(create_opts,
+ crypto = qcrypto_block_create(create_opts, NULL,
block_crypto_init_func,
block_crypto_write_func,
&data,
diff --git a/block/qcow.c b/block/qcow.c
index cf05449..8047415 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -197,8 +197,8 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
if (flags & BDRV_O_NO_IO) {
cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
}
- s->crypto = qcrypto_block_open(crypto_opts, NULL, NULL,
- cflags, errp);
+ s->crypto = qcrypto_block_open(crypto_opts, "aes-",
+ NULL, NULL, cflags, errp);
if (!s->crypto) {
ret = -EINVAL;
goto fail;
@@ -819,7 +819,8 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
goto exit;
}
- crypto = qcrypto_block_create(crypto_opts, NULL, NULL, NULL, errp);
+ crypto = qcrypto_block_create(crypto_opts, "aes-",
+ NULL, NULL, NULL, errp);
if (!crypto) {
ret = -EINVAL;
goto exit;
diff --git a/block/qcow2.c b/block/qcow2.c
index 7c8e602..4f2da2f 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -284,7 +284,7 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
* provide the same key-secret property against the full
* backing chain
*/
- s->crypto = qcrypto_block_open(s->crypto_opts,
+ s->crypto = qcrypto_block_open(s->crypto_opts, "luks-",
qcow2_crypto_hdr_read_func,
bs, cflags, errp);
if (!s->crypto) {
@@ -1291,8 +1291,8 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags,
* provide the same key-secret property against the full
* backing chain
*/
- s->crypto = qcrypto_block_open(s->crypto_opts, NULL, NULL,
- cflags, errp);
+ s->crypto = qcrypto_block_open(s->crypto_opts, "aes-",
+ NULL, NULL, cflags, errp);
if (!s->crypto) {
ret = -EINVAL;
goto fail;
@@ -2209,14 +2209,17 @@ static int qcow2_set_up_encryption(BlockDriverState *bs, QemuOpts *opts,
QCryptoBlockCreateOptions *cryptoopts = NULL;
QCryptoBlock *crypto = NULL;
int ret = -EINVAL;
+ const char *optprefix;
if (g_str_equal(format, "luks")) {
+ optprefix = "luks-";
cryptoopts = block_crypto_create_opts_init(
- Q_CRYPTO_BLOCK_FORMAT_LUKS, opts, "luks-", errp);
+ Q_CRYPTO_BLOCK_FORMAT_LUKS, opts, optprefix, errp);
s->crypt_method_header = QCOW_CRYPT_LUKS;
} else if (g_str_equal(format, "aes")) {
+ optprefix = "aes-";
cryptoopts = block_crypto_create_opts_init(
- Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, "aes-", errp);
+ Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, optprefix, errp);
s->crypt_method_header = QCOW_CRYPT_AES;
} else {
error_setg(errp, "Unknown encryption format %s", format);
@@ -2228,7 +2231,7 @@ static int qcow2_set_up_encryption(BlockDriverState *bs, QemuOpts *opts,
goto out;
}
- crypto = qcrypto_block_create(cryptoopts,
+ crypto = qcrypto_block_create(cryptoopts, optprefix,
qcow2_crypto_hdr_init_func,
qcow2_crypto_hdr_write_func,
bs, errp);
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 4530f82..4a4c4a0 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -638,6 +638,7 @@ qcrypto_block_luks_find_key(QCryptoBlock *block,
static int
qcrypto_block_luks_open(QCryptoBlock *block,
QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -661,7 +662,8 @@ qcrypto_block_luks_open(QCryptoBlock *block,
if (!(flags & QCRYPTO_BLOCK_OPEN_NO_IO)) {
if (!options->u.luks.key_secret) {
- error_setg(errp, "Parameter 'key-secret' is required for cipher");
+ error_setg(errp, "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
password = qcrypto_secret_lookup_as_utf8(
@@ -885,6 +887,7 @@ qcrypto_block_luks_uuid_gen(uint8_t *uuidstr)
static int
qcrypto_block_luks_create(QCryptoBlock *block,
QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
@@ -937,7 +940,8 @@ qcrypto_block_luks_create(QCryptoBlock *block,
* be silently ignored, for compatibility with dm-crypt */
if (!options->u.luks.key_secret) {
- error_setg(errp, "Parameter 'key-secret' is required for cipher");
+ error_setg(errp, "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp);
diff --git a/crypto/block-qcow.c b/crypto/block-qcow.c
index be88c6f..a456fe3 100644
--- a/crypto/block-qcow.c
+++ b/crypto/block-qcow.c
@@ -94,6 +94,7 @@ qcrypto_block_qcow_init(QCryptoBlock *block,
static int
qcrypto_block_qcow_open(QCryptoBlock *block,
QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc G_GNUC_UNUSED,
void *opaque G_GNUC_UNUSED,
unsigned int flags,
@@ -104,7 +105,8 @@ qcrypto_block_qcow_open(QCryptoBlock *block,
} else {
if (!options->u.qcow.key_secret) {
error_setg(errp,
- "Parameter 'key-secret' is required for cipher");
+ "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
return qcrypto_block_qcow_init(block,
@@ -116,13 +118,15 @@ qcrypto_block_qcow_open(QCryptoBlock *block,
static int
qcrypto_block_qcow_create(QCryptoBlock *block,
QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc G_GNUC_UNUSED,
QCryptoBlockWriteFunc writefunc G_GNUC_UNUSED,
void *opaque G_GNUC_UNUSED,
Error **errp)
{
if (!options->u.qcow.key_secret) {
- error_setg(errp, "Parameter 'key-secret' is required for cipher");
+ error_setg(errp, "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
/* QCow2 has no special header, since everything is hardwired */
diff --git a/crypto/block.c b/crypto/block.c
index 64c8420..b097d45 100644
--- a/crypto/block.c
+++ b/crypto/block.c
@@ -48,6 +48,7 @@ bool qcrypto_block_has_format(QCryptoBlockFormat format,
QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -67,7 +68,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
block->driver = qcrypto_block_drivers[options->format];
- if (block->driver->open(block, options,
+ if (block->driver->open(block, options, optprefix,
readfunc, opaque, flags, errp) < 0) {
g_free(block);
return NULL;
@@ -78,6 +79,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
@@ -97,7 +99,7 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
block->driver = qcrypto_block_drivers[options->format];
- if (block->driver->create(block, options, initfunc,
+ if (block->driver->create(block, options, optprefix, initfunc,
writefunc, opaque, errp) < 0) {
g_free(block);
return NULL;
diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h
index 68f0f06..0edb810 100644
--- a/crypto/blockpriv.h
+++ b/crypto/blockpriv.h
@@ -41,6 +41,7 @@ struct QCryptoBlock {
struct QCryptoBlockDriver {
int (*open)(QCryptoBlock *block,
QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -48,6 +49,7 @@ struct QCryptoBlockDriver {
int (*create)(QCryptoBlock *block,
QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
diff --git a/include/crypto/block.h b/include/crypto/block.h
index b6971de..c0c202a 100644
--- a/include/crypto/block.h
+++ b/include/crypto/block.h
@@ -71,6 +71,7 @@ typedef enum {
/**
* qcrypto_block_open:
* @options: the encryption options
+ * @optprefix: name prefix for options
* @readfunc: callback for reading data from the volume
* @opaque: data to pass to @readfunc
* @flags: bitmask of QCryptoBlockOpenFlags values
@@ -102,6 +103,7 @@ typedef enum {
* Returns: a block encryption format, or NULL on error
*/
QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -109,7 +111,8 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
/**
* qcrypto_block_create:
- * @format: the encryption format
+ * @options: the encryption options
+ * @optprefix: name prefix for options
* @initfunc: callback for initializing volume header
* @writefunc: callback for writing data to the volume header
* @opaque: data to pass to @initfunc and @writefunc
@@ -133,6 +136,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
* Returns: a block encryption format, or NULL on error
*/
QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
--
2.9.3
next prev parent reply other threads:[~2017-01-26 10:19 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-26 10:18 [Qemu-devel] [PATCH v3 00/18] Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 01/18] block: expose crypto option names / defs to other drivers Daniel P. Berrange
2017-02-08 15:26 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 02/18] block: add ability to set a prefix for opt names Daniel P. Berrange
2017-02-09 13:30 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 03/18] qcow: document another weakness of qcow AES encryption Daniel P. Berrange
2017-02-08 15:30 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-02-08 22:49 ` [Qemu-devel] " Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 04/18] qcow: require image size to be > 1 for new images Daniel P. Berrange
2017-02-08 19:29 ` Eric Blake
2017-02-09 11:30 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 05/18] iotests: skip 042 with qcow which dosn't support zero sized images Daniel P. Berrange
2017-02-09 11:47 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 06/18] iotests: skip 048 with qcow which doesn't support resize Daniel P. Berrange
2017-02-09 11:50 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 07/18] iotests: fix 097 when run with qcow Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 08/18] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
2017-02-08 19:35 ` Eric Blake
2017-02-08 22:57 ` Max Reitz
2017-02-10 10:44 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-02-10 16:19 ` Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 09/18] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2017-02-09 14:24 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2017-02-08 16:15 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-02-08 16:23 ` Daniel P. Berrange
2017-02-08 23:26 ` [Qemu-devel] " Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 12/18] qcow2: extend specification to cover LUKS encryption Daniel P. Berrange
2017-02-08 23:33 ` Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 13/18] qcow2: add support for LUKS encryption format Daniel P. Berrange
2017-02-09 0:28 ` Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 14/18] qcow2: add iotests to cover LUKS encryption support Daniel P. Berrange
2017-02-09 0:36 ` Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 15/18] iotests: enable tests 134 and 158 to work with qcow (v1) Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 16/18] block: rip out all traces of password prompting Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 17/18] block: remove all encryption handling APIs Daniel P. Berrange
2017-01-26 10:18 ` Daniel P. Berrange [this message]
2017-02-09 0:51 ` [Qemu-devel] [PATCH v3 18/18] block: pass option prefix down to crypto layer Max Reitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170126101827.22378-19-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.