From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46058)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1bAHoi-0007Oa-3E
	for qemu-devel@nongnu.org; Tue, 07 Jun 2016 10:17:17 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1bAHog-0004kT-Qm
	for qemu-devel@nongnu.org; Tue, 07 Jun 2016 10:17:16 -0400
References: <1465294275-8733-1-git-send-email-berrange@redhat.com>
	<1465294275-8733-2-git-send-email-berrange@redhat.com>
From: Eric Blake <eblake@redhat.com>
Message-ID: <5756D763.6000701@redhat.com>
Date: Tue, 7 Jun 2016 08:17:07 -0600
MIME-Version: 1.0
In-Reply-To: <1465294275-8733-2-git-send-email-berrange@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="gCFsUG675xnww2lH8KxnALSMinMtHbco5"
Subject: Re: [Qemu-devel] [PATCH v1 1/6] crypto: add support for querying
 parameters for block encryption
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, Kevin Wolf <kwolf@redhat.com>, Max Reitz <mreitz@redhat.com>, Markus Armbruster <armbru@redhat.com>, Michael Roth <mdroth@linux.vnet.ibm.com>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--gCFsUG675xnww2lH8KxnALSMinMtHbco5
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 06/07/2016 04:11 AM, Daniel P. Berrange wrote:
> When creating new block encryption volumes, we accept a list of
> parameters to control the formatting process. It is useful to
> be able to query what those parameters were for existing block
> devices. Add a qcrypto_block_get_info() method which returns a
> QCryptoBlockInfo instance to report this data.
>=20
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  crypto/block-luks.c    | 66 ++++++++++++++++++++++++++++++++++++++++++=
+++++++-
>  crypto/block.c         | 17 +++++++++++++
>  crypto/blockpriv.h     |  4 +++
>  include/crypto/block.h | 16 ++++++++++++
>  qapi/crypto.json       | 65 ++++++++++++++++++++++++++++++++++++++++++=
+++++++
>  5 files changed, 167 insertions(+), 1 deletion(-)
>=20
> diff --git a/crypto/block-luks.c b/crypto/block-luks.c
> index 17c4300..1c8e4d6 100644
> --- a/crypto/block-luks.c
> +++ b/crypto/block-luks.c
> @@ -201,6 +201,15 @@ QEMU_BUILD_BUG_ON(sizeof(struct QCryptoBlockLUKSHe=
ader) !=3D 592);
> =20
>  struct QCryptoBlockLUKS {
>      QCryptoBlockLUKSHeader header;
> +
> +    /* Cache parsed versions of what's in header fields.

s/\./,/


> @@ -947,7 +962,6 @@ qcrypto_block_luks_create(QCryptoBlock *block,
>      }
>      hash_alg =3D QCryptoHashAlgorithm_lookup[luks_opts.hash_alg];
> =20
> -
>      if (strlen(cipher_alg) >=3D QCRYPTO_BLOCK_LUKS_CIPHER_NAME_LEN) {

Unrelated cleanup, but I guess it's okay.

> +    info->u.luks.hash_alg =3D luks->hash_alg;
> +    info->u.luks.payload_offset =3D block->payload_offset;
> +    info->u.luks.master_key_iters =3D luks->header.master_key_iteratio=
ns;
> +    info->u.luks.uuid =3D g_strdup((const char *)luks->header.uuid);

Cast is necessary because the header declared it as uint8_t[]; fair enoug=
h.

> +
> +    for (i =3D 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
> +        slots =3D g_new0(QCryptoBlockInfoLUKSSlotList, 1);
> +        if (i =3D=3D 0) {
> +            info->u.luks.slots =3D slots;
> +        } else {
> +            prev->next =3D slots;
> +        }
> +
> +        slots->value =3D slot =3D g_new0(QCryptoBlockInfoLUKSSlot, 1);=

> +        slot->active =3D luks->header.key_slots[i].active =3D=3D
> +            QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED;
> +        slot->iters =3D luks->header.key_slots[i].iterations;
> +        slot->stripes =3D luks->header.key_slots[i].stripes;

See my comment on cover letter, on whether iters and stripes need to be
filled out for inactive slots.


> +++ b/include/crypto/block.h
> @@ -138,6 +138,22 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCre=
ateOptions *options,
>                                     void *opaque,
>                                     Error **errp);
> =20
> +
> +/**
> + * qcrypto_block_get_info:
> + * block:L the block encryption object

stray L

> +++ b/qapi/crypto.json
> @@ -220,3 +220,68 @@
>    'discriminator': 'format',
>    'data': { 'qcow': 'QCryptoBlockOptionsQCow',
>              'luks': 'QCryptoBlockCreateOptionsLUKS' } }
> +
> +
> +##
> +# QCryptoBlockInfoBase:
> +#
> +# The common information that applies to all full disk
> +# encryption formats
> +#
> +# @format: the encryption format
> +#
> +# Since: 2.7
> +##
> +{ 'struct': 'QCryptoBlockInfoBase',
> +  'data': { 'format': 'QCryptoBlockFormat' }}
> +

Another candidate for my anonymous union base, once my qapi patches
land. Nothing for you to change now, though.

> +
> +##
> +# QCryptoBlockInfoLUKSSlot:
> +#
> +# Information about the LUKS block encryption key
> +# slot options
> +#

Missing ## terminator and description of the members. Plus a decision on
whether things should be optional.

> +{ 'struct': 'QCryptoBlockInfoLUKSSlot',
> +  'data': {'active': 'bool',
> +           'iters': 'int',
> +           'stripes': 'int',
> +           'key-offset': 'int' } }
> +
> +
> +##
> +# QCryptoBlockInfoLUKS:
> +#
> +# Information about the LUKS block encryption options
> +#
> +# @cipher-alg: the cipher algorithm for data encryption
> +# @cipher-mode: the cipher mode for data encryption
> +# @ivgen-alg: the initialization vector generator
> +# @ivgen-hash-alg: the initialization vector generator hash

Missing #optional marker.

> +# @hash-alg: the master key hash algorithm

Missing docs on payload-offset, master-key-iters,  uuid, and slots

> +#
> +# Since: 2.7
> +##
> +{ 'struct': 'QCryptoBlockInfoLUKS',
> +  'data': {'cipher-alg': 'QCryptoCipherAlgorithm',
> +           'cipher-mode': 'QCryptoCipherMode',
> +           'ivgen-alg': 'QCryptoIVGenAlgorithm',
> +           '*ivgen-hash-alg': 'QCryptoHashAlgorithm',
> +           'hash-alg': 'QCryptoHashAlgorithm',
> +           'payload-offset': 'int',
> +           'master-key-iters': 'int',
> +           'uuid': 'str',
> +           'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }}
> +
> +
> +##
> +# QCryptoBlockInfo:
> +#
> +# Information about the block encryption options
> +#
> +# Since: 2.7
> +##
> +{ 'union': 'QCryptoBlockInfo',
> +  'base': 'QCryptoBlockInfoBase',
> +  'discriminator': 'format',
> +  'data': { 'luks': 'QCryptoBlockInfoLUKS' } }
>=20

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--gCFsUG675xnww2lH8KxnALSMinMtHbco5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJXVtdjAAoJEKeha0olJ0NqDWwIALBYZyPX5xlmBP2l52aShxBl
vT3vPlIg9Uj8Y1NWpR5eRbNxjxvQGsfjsinTIseDlvZ5KNDoE93yoS04YTS9X89o
wjq8X/mICTRkh7I2tQLjKsWEOfwU5mP+xZs/Ir9RGdazp76ZpVSFahNafBW/6d+Z
MqHii/7iJMC4654ae6VWC5G7VBz1GKT/4IPQDxqW+8feDw1C4Llif58UziHjmzsz
TS1hI0j5SVQw6ax/iwwmidwBjM82R3BhsB4mvO9TCG0Qij25m36iBiHj5MQq+ugr
uRwxEQ+s5FUMvQ3b+2x1HEAoJB86WS2tL6tDbBA8Tqo3O7IoyfL0gDODhust1V0=
=oA/n
-----END PGP SIGNATURE-----

--gCFsUG675xnww2lH8KxnALSMinMtHbco5--