From: Fam Zheng <famz@redhat.com>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v4 04/26] crypto: add support for anti-forensic split algorithm
Date: Mon, 7 Mar 2016 13:51:40 +0800 [thread overview]
Message-ID: <20160307055140.GC21446@ad.usersys.redhat.com> (raw)
In-Reply-To: <1456747261-22032-5-git-send-email-berrange@redhat.com>
On Mon, 02/29 12:00, Daniel P. Berrange wrote:
> The LUKS format specifies an anti-forensic split algorithm which
> is used to artificially expand the size of the key material on
> disk. This is an implementation of that algorithm.
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
> crypto/Makefile.objs | 1 +
> crypto/afsplit.c | 158 ++++++++++++++++++++++++++++++++++++
> include/crypto/afsplit.h | 135 +++++++++++++++++++++++++++++++
> tests/.gitignore | 1 +
> tests/Makefile | 2 +
> tests/test-crypto-afsplit.c | 190 ++++++++++++++++++++++++++++++++++++++++++++
> 6 files changed, 487 insertions(+)
> create mode 100644 crypto/afsplit.c
> create mode 100644 include/crypto/afsplit.h
> create mode 100644 tests/test-crypto-afsplit.c
>
> diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
> index 3040989..5136737 100644
> --- a/crypto/Makefile.objs
> +++ b/crypto/Makefile.objs
> @@ -17,6 +17,7 @@ crypto-obj-y += ivgen.o
> crypto-obj-y += ivgen-essiv.o
> crypto-obj-y += ivgen-plain.o
> crypto-obj-y += ivgen-plain64.o
> +crypto-obj-y += afsplit.o
>
> # Let the userspace emulators avoid linking gnutls/etc
> crypto-aes-obj-y = aes.o
> diff --git a/crypto/afsplit.c b/crypto/afsplit.c
> new file mode 100644
> index 0000000..8074913
> --- /dev/null
> +++ b/crypto/afsplit.c
> @@ -0,0 +1,158 @@
> +/*
> + * QEMU Crypto anti forensic information splitter
> + *
> + * Copyright (c) 2015-2016 Red Hat, Inc.
> + *
> + * Derived from cryptsetup package lib/luks1/af.c
> + *
> + * Copyright (C) 2004, Clemens Fruhwirth <clemens@endorphin.org>
> + * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License
> + * as published by the Free Software Foundation; either version 2
> + * of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +#include "crypto/afsplit.h"
> +#include "crypto/random.h"
> +
> +
> +static void qcrypto_afsplit_xor(size_t blocklen,
> + const uint8_t *in1,
> + const uint8_t *in2,
> + uint8_t *out)
> +{
> + size_t i;
> + for (i = 0; i < blocklen; i++) {
> + out[i] = in1[i] ^ in2[i];
> + }
> +}
> +
> +
> +static int qcrypto_afsplit_hash(QCryptoHashAlgorithm hash,
> + size_t blocklen,
> + uint8_t *block,
> + Error **errp)
> +{
> + size_t digestlen = qcrypto_hash_digest_len(hash);
> +
> + size_t hashcount = blocklen / digestlen;
Do you want to use DIV_ROUND_UP? Because if blocklen < digestlen, hashcount is
0, and your for loop below will be skipped.
Fam
> + size_t finallen = blocklen % digestlen;
> + uint32_t i;
> +
> + if (finallen) {
> + hashcount++;
> + } else {
> + finallen = digestlen;
> + }
> +
> + for (i = 0; i < hashcount; i++) {
> + uint8_t *out = NULL;
> + size_t outlen = 0;
> + uint32_t iv = cpu_to_be32(i);
> + struct iovec in[] = {
> + { .iov_base = &iv,
> + .iov_len = sizeof(iv) },
> + { .iov_base = block + (i * digestlen),
> + .iov_len = (i == (hashcount - 1)) ? finallen : digestlen },
> + };
> +
> + if (qcrypto_hash_bytesv(hash,
> + in,
> + G_N_ELEMENTS(in),
> + &out, &outlen,
> + errp) < 0) {
> + return -1;
> + }
> +
> + assert(outlen == digestlen);
> + memcpy(block + (i * digestlen), out,
> + (i == (hashcount - 1)) ? finallen : digestlen);
> + g_free(out);
> + }
> +
> + return 0;
> +}
> +
> +
> +int qcrypto_afsplit_encode(QCryptoHashAlgorithm hash,
> + size_t blocklen,
> + uint32_t stripes,
> + const uint8_t *in,
> + uint8_t *out,
> + Error **errp)
> +{
> + uint8_t *block = g_new0(uint8_t, blocklen);
> + size_t i;
> + int ret = -1;
> +
> + for (i = 0; i < (stripes - 1); i++) {
> + if (qcrypto_random_bytes(out + (i * blocklen), blocklen, errp) < 0) {
> + goto cleanup;
> + }
> +
> + qcrypto_afsplit_xor(blocklen,
> + out + (i * blocklen),
> + block,
> + block);
> + if (qcrypto_afsplit_hash(hash, blocklen, block,
> + errp) < 0) {
> + goto cleanup;
> + }
> + }
> + qcrypto_afsplit_xor(blocklen,
> + in,
> + block,
> + out + (i * blocklen));
> + ret = 0;
> +
> + cleanup:
> + g_free(block);
> + return ret;
> +}
> +
> +
> +int qcrypto_afsplit_decode(QCryptoHashAlgorithm hash,
> + size_t blocklen,
> + uint32_t stripes,
> + const uint8_t *in,
> + uint8_t *out,
> + Error **errp)
> +{
> + uint8_t *block = g_new0(uint8_t, blocklen);
> + size_t i;
> + int ret = -1;
> +
> + for (i = 0; i < (stripes - 1); i++) {
> + qcrypto_afsplit_xor(blocklen,
> + in + (i * blocklen),
> + block,
> + block);
> + if (qcrypto_afsplit_hash(hash, blocklen, block,
> + errp) < 0) {
> + goto cleanup;
> + }
> + }
> +
> + qcrypto_afsplit_xor(blocklen,
> + in + (i * blocklen),
> + block,
> + out);
> +
> + ret = 0;
> +
> + cleanup:
> + g_free(block);
> + return ret;
> +}
> diff --git a/include/crypto/afsplit.h b/include/crypto/afsplit.h
> new file mode 100644
> index 0000000..4cc4ca4
> --- /dev/null
> +++ b/include/crypto/afsplit.h
> @@ -0,0 +1,135 @@
> +/*
> + * QEMU Crypto anti forensic information splitter
> + *
> + * Copyright (c) 2015-2016 Red Hat, Inc.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License
> + * as published by the Free Software Foundation; either version 2
> + * of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#ifndef QCRYPTO_AFSPLIT_H__
> +#define QCRYPTO_AFSPLIT_H__
> +
> +#include "crypto/hash.h"
> +
> +/**
> + * This module implements the anti-forensic splitter that is specified
> + * as part of the LUKS format:
> + *
> + * http://clemens.endorphin.org/cryptography
> + * http://clemens.endorphin.org/TKS1-draft.pdf
> + *
> + * The core idea is to take a short piece of data (key material)
> + * and process it to expand it to a much larger piece of data.
> + * The expansion process is reversible, to obtain the original
> + * short data. The key property of the expansion is that if any
> + * byte in the larger data set is changed / missing, it should be
> + * impossible to recreate the original short data.
> + *
> + * <example>
> + * <title>Creating a large split key for storage</title>
> + * <programlisting>
> + * size_t nkey = 32;
> + * uint32_t stripes = 32768; // To produce a 1 MB split key
> + * uint8_t *masterkey = ....a 32-byte AES key...
> + * uint8_t *splitkey;
> + *
> + * splitkey = g_new0(uint8_t, nkey * stripes);
> + *
> + * if (qcrypto_afsplit_encode(QCRYPTO_HASH_ALG_SHA256,
> + * nkey, stripes,
> + * masterkey, splitkey, errp) < 0) {
> + * g_free(splitkey);
> + * g_free(masterkey);
> + * return -1;
> + * }
> + *
> + * ...store splitkey somewhere...
> + *
> + * g_free(splitkey);
> + * g_free(masterkey);
> + * </programlisting>
> + * </example>
> + *
> + * <example>
> + * <title>Retrieving a master key from storage</title>
> + * <programlisting>
> + * size_t nkey = 32;
> + * uint32_t stripes = 32768; // To produce a 1 MB split key
> + * uint8_t *masterkey;
> + * uint8_t *splitkey = .... read in 1 MB of data...
> + *
> + * masterkey = g_new0(uint8_t, nkey);
> + *
> + * if (qcrypto_afsplit_decode(QCRYPTO_HASH_ALG_SHA256,
> + * nkey, stripes,
> + * splitkey, masterkey, errp) < 0) {
> + * g_free(splitkey);
> + * g_free(masterkey);
> + * return -1;
> + * }
> + *
> + * ..decrypt data with masterkey...
> + *
> + * g_free(splitkey);
> + * g_free(masterkey);
> + * </programlisting>
> + * </example>
> + */
> +
> +/**
> + * qcrypto_afsplit_encode:
> + * @hash: the hash algorithm to use for data expansion
> + * @blocklen: the size of @in in bytes
> + * @stripes: the number of times to expand @in in size
> + * @in: the master key to be expanded in size
> + * @out: preallocated buffer to hold the split key
> + * @errp: pointer to a NULL-initialized error object
> + *
> + * Split the data in @in, which is @blocklen bytes in
> + * size, to form a larger piece of data @out, which is
> + * @blocklen * @stripes bytes in size.
> + *
> + * Returns: 0 on success, -1 on error;
> + */
> +int qcrypto_afsplit_encode(QCryptoHashAlgorithm hash,
> + size_t blocklen,
> + uint32_t stripes,
> + const uint8_t *in,
> + uint8_t *out,
> + Error **errp);
> +
> +/**
> + * qcrypto_afsplit_decode:
> + * @hash: the hash algorithm to use for data compression
> + * @blocklen: the size of @out in bytes
> + * @stripes: the number of times to decrease @in in size
> + * @in: the split key to be recombined
> + * @out: preallocated buffer to hold the master key
> + * @errp: pointer to a NULL-initialized error object
> + *
> + * Join the data in @in, which is @blocklen * @stripes
> + * bytes in size, to form the original small piece of
> + * data @out, which is @blocklen bytes in size.
> + *
> + * Returns: 0 on success, -1 on error;
> + */
> +int qcrypto_afsplit_decode(QCryptoHashAlgorithm hash,
> + size_t blocklen,
> + uint32_t stripes,
> + const uint8_t *in,
> + uint8_t *out,
> + Error **errp);
> +
> +#endif /* QCRYPTO_AFSPLIT_H__ */
> diff --git a/tests/.gitignore b/tests/.gitignore
> index 369f848..5b97e8c 100644
> --- a/tests/.gitignore
> +++ b/tests/.gitignore
> @@ -12,6 +12,7 @@ test-base64
> test-bitops
> test-blockjob-txn
> test-coroutine
> +test-crypto-afsplit
> test-crypto-cipher
> test-crypto-hash
> test-crypto-ivgen
> diff --git a/tests/Makefile b/tests/Makefile
> index ef6b717..868e67d 100644
> --- a/tests/Makefile
> +++ b/tests/Makefile
> @@ -94,6 +94,7 @@ check-unit-y += tests/test-io-channel-buffer$(EXESUF)
> check-unit-y += tests/test-base64$(EXESUF)
> check-unit-y += tests/test-crypto-pbkdf$(EXESUF)
> check-unit-y += tests/test-crypto-ivgen$(EXESUF)
> +check-unit-y += tests/test-crypto-afsplit$(EXESUF)
>
> check-block-$(CONFIG_POSIX) += tests/qemu-iotests-quick.sh
>
> @@ -501,6 +502,7 @@ tests/test-io-channel-buffer$(EXESUF): tests/test-io-channel-buffer.o \
> tests/io-channel-helpers.o $(test-io-obj-y)
> tests/test-crypto-pbkdf$(EXESUF): tests/test-crypto-pbkdf.o $(test-crypto-obj-y)
> tests/test-crypto-ivgen$(EXESUF): tests/test-crypto-ivgen.o $(test-crypto-obj-y)
> +tests/test-crypto-afsplit$(EXESUF): tests/test-crypto-afsplit.o $(test-crypto-obj-y)
>
> libqos-obj-y = tests/libqos/pci.o tests/libqos/fw_cfg.o tests/libqos/malloc.o
> libqos-obj-y += tests/libqos/i2c.o tests/libqos/libqos.o
> diff --git a/tests/test-crypto-afsplit.c b/tests/test-crypto-afsplit.c
> new file mode 100644
> index 0000000..52c0b71
> --- /dev/null
> +++ b/tests/test-crypto-afsplit.c
> @@ -0,0 +1,190 @@
> +/*
> + * QEMU Crypto anti-forensic splitter
> + *
> + * Copyright (c) 2015-2016 Red Hat, Inc.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + *
> + */
> +
> +#include "qemu/osdep.h"
> +#include "crypto/init.h"
> +#include "crypto/afsplit.h"
> +
> +typedef struct QCryptoAFSplitTestData QCryptoAFSplitTestData;
> +struct QCryptoAFSplitTestData {
> + const char *path;
> + QCryptoHashAlgorithm hash;
> + uint32_t stripes;
> + size_t blocklen;
> + const uint8_t *key;
> + const uint8_t *splitkey;
> +};
> +
> +static QCryptoAFSplitTestData test_data[] = {
> + {
> + .path = "/crypto/afsplit/sha256/5",
> + .hash = QCRYPTO_HASH_ALG_SHA256,
> + .stripes = 5,
> + .blocklen = 32,
> + .key = (const uint8_t *)
> + "\x00\x01\x02\x03\x04\x05\x06\x07"
> + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
> + "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
> + "\xa8\xa9\xaa\xab\xac\xad\xae\xaf",
> + .splitkey = (const uint8_t *)
> + "\xfd\xd2\x73\xb1\x7d\x99\x93\x34"
> + "\x70\xde\xfa\x07\xc5\xac\x58\xd2"
> + "\x30\x67\x2f\x1a\x35\x43\x60\x7d"
> + "\x77\x02\xdb\x62\x3c\xcb\x2c\x33"
> + "\x48\x08\xb6\xf1\x7c\xa3\x20\xa0"
> + "\xad\x2d\x4c\xf3\xcd\x18\x6f\x53"
> + "\xf9\xe8\xe7\x59\x27\x3c\xa9\x54"
> + "\x61\x87\xb3\xaf\xf6\xf7\x7e\x64"
> + "\x86\xaa\x89\x7f\x1f\x9f\xdb\x86"
> + "\xf4\xa2\x16\xff\xa3\x4f\x8c\xa1"
> + "\x59\xc4\x23\x34\x28\xc4\x77\x71"
> + "\x83\xd4\xcd\x8e\x89\x1b\xc7\xc5"
> + "\xae\x4d\xa9\xcd\xc9\x72\x85\x70"
> + "\x13\x68\x52\x83\xfc\xb8\x11\x72"
> + "\xba\x3d\xc6\x4a\x28\xfa\xe2\x86"
> + "\x7b\x27\xab\x58\xe1\xa4\xca\xf6"
> + "\x9e\xbc\xfe\x0c\x92\x79\xb3\xec"
> + "\x1c\x5f\x79\x3b\x0d\x1e\xaa\x1a"
> + "\x77\x0f\x70\x19\x4b\xc8\x80\xee"
> + "\x27\x7c\x6e\x4a\x91\x96\x5c\xf4"
> + },
> + {
> + .path = "/crypto/afsplit/sha256/5000",
> + .hash = QCRYPTO_HASH_ALG_SHA256,
> + .stripes = 5000,
> + .blocklen = 16,
> + .key = (const uint8_t *)
> + "\x00\x01\x02\x03\x04\x05\x06\x07"
> + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
> + },
> + {
> + .path = "/crypto/afsplit/sha1/1000",
> + .hash = QCRYPTO_HASH_ALG_SHA1,
> + .stripes = 1000,
> + .blocklen = 32,
> + .key = (const uint8_t *)
> + "\x00\x01\x02\x03\x04\x05\x06\x07"
> + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
> + "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
> + "\xa8\xa9\xaa\xab\xac\xad\xae\xaf",
> + },
> + {
> + .path = "/crypto/afsplit/sha256/big",
> + .hash = QCRYPTO_HASH_ALG_SHA256,
> + .stripes = 1000,
> + .blocklen = 64,
> + .key = (const uint8_t *)
> + "\x00\x01\x02\x03\x04\x05\x06\x07"
> + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
> + "\x00\x01\x02\x03\x04\x05\x06\x07"
> + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
> + "\x00\x01\x02\x03\x04\x05\x06\x07"
> + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
> + "\x00\x01\x02\x03\x04\x05\x06\x07"
> + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
> + },
> +};
> +
> +
> +static inline char hex(int i)
> +{
> + if (i < 10) {
> + return '0' + i;
> + }
> + return 'a' + (i - 10);
> +}
> +
> +static char *hex_string(const uint8_t *bytes,
> + size_t len)
> +{
> + char *hexstr = g_new0(char, len * 2 + 1);
> + size_t i;
> +
> + for (i = 0; i < len; i++) {
> + hexstr[i * 2] = hex((bytes[i] >> 4) & 0xf);
> + hexstr[i * 2 + 1] = hex(bytes[i] & 0xf);
> + }
> + hexstr[len * 2] = '\0';
> +
> + return hexstr;
> +}
> +
> +static void test_afsplit(const void *opaque)
> +{
> + const QCryptoAFSplitTestData *data = opaque;
> + size_t splitlen = data->blocklen * data->stripes;
> + uint8_t *splitkey = g_new0(uint8_t, splitlen);
> + uint8_t *key = g_new0(uint8_t, data->blocklen);
> + gchar *expect, *actual;
> +
> + /* First time we round-trip the key */
> + qcrypto_afsplit_encode(data->hash,
> + data->blocklen, data->stripes,
> + data->key, splitkey,
> + &error_abort);
> +
> + qcrypto_afsplit_decode(data->hash,
> + data->blocklen, data->stripes,
> + splitkey, key,
> + &error_abort);
> +
> + expect = hex_string(data->key, data->blocklen);
> + actual = hex_string(key, data->blocklen);
> +
> + g_assert_cmpstr(actual, ==, expect);
> +
> + g_free(actual);
> + g_free(expect);
> +
> + /* Second time we merely try decoding a previous split */
> + if (data->splitkey) {
> + memset(key, 0, data->blocklen);
> +
> + qcrypto_afsplit_decode(data->hash,
> + data->blocklen, data->stripes,
> + data->splitkey, key,
> + &error_abort);
> +
> + expect = hex_string(data->key, data->blocklen);
> + actual = hex_string(key, data->blocklen);
> +
> + g_assert_cmpstr(actual, ==, expect);
> +
> + g_free(actual);
> + g_free(expect);
> + }
> +
> + g_free(key);
> + g_free(splitkey);
> +}
> +
> +int main(int argc, char **argv)
> +{
> + size_t i;
> +
> + g_test_init(&argc, &argv, NULL);
> +
> + g_assert(qcrypto_init(NULL) == 0);
> +
> + for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
> + g_test_add_data_func(test_data[i].path, &test_data[i], test_afsplit);
> + }
> + return g_test_run();
> +}
> --
> 2.5.0
>
next prev parent reply other threads:[~2016-03-07 5:51 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-29 12:00 [Qemu-devel] [PATCH v4 00/26] Support LUKS encryption in block devices Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 01/26] crypto: add cryptographic random byte source Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 02/26] crypto: add support for PBKDF2 algorithm Daniel P. Berrange
2016-03-03 0:20 ` Eric Blake
2016-03-07 5:18 ` Fam Zheng
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 03/26] crypto: add support for generating initialization vectors Daniel P. Berrange
2016-03-03 0:31 ` Eric Blake
2016-03-03 10:49 ` Daniel P. Berrange
2016-03-07 5:39 ` Fam Zheng
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 04/26] crypto: add support for anti-forensic split algorithm Daniel P. Berrange
2016-03-03 0:41 ` Eric Blake
2016-03-07 5:51 ` Fam Zheng [this message]
2016-03-11 16:55 ` Daniel P. Berrange
2016-03-14 3:23 ` Fam Zheng
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 05/26] crypto: skip testing of unsupported cipher algorithms Daniel P. Berrange
2016-03-07 5:52 ` Fam Zheng
2016-03-11 19:10 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 06/26] crypto: add support for the cast5-128 cipher algorithm Daniel P. Berrange
2016-03-07 5:56 ` Fam Zheng
2016-03-11 19:14 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 07/26] crypto: add support for the serpent " Daniel P. Berrange
2016-03-07 6:05 ` Fam Zheng
2016-03-11 19:18 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 08/26] crypto: add support for the twofish " Daniel P. Berrange
2016-03-08 6:01 ` Fam Zheng
2016-03-11 19:19 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 09/26] crypto: import an implementation of the XTS cipher mode Daniel P. Berrange
2016-03-11 19:51 ` Eric Blake
2016-03-14 14:22 ` Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 10/26] crypto: refactor code for dealing with AES cipher Daniel P. Berrange
2016-03-11 20:14 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 11/26] crypto: wire up XTS mode for cipher APIs Daniel P. Berrange
2016-03-11 20:23 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 12/26] crypto: add block encryption framework Daniel P. Berrange
2016-03-11 20:58 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 13/26] crypto: implement the LUKS block encryption format Daniel P. Berrange
2016-03-11 22:31 ` Eric Blake
2016-03-14 14:27 ` Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 14/26] block: add flag to indicate that no I/O will be performed Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 15/26] qemu-img/qemu-io: don't prompt for passwords if not required Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 16/26] tests: redirect stderr to stdout for iotests Daniel P. Berrange
2016-03-11 22:51 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 17/26] tests: refactor python I/O tests helper main method Daniel P. Berrange
2016-03-11 22:57 ` Eric Blake
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 18/26] tests: add output filter to python I/O tests helper Daniel P. Berrange
2016-03-14 17:57 ` Eric Blake
2016-03-14 18:33 ` Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 19/26] block: add generic full disk encryption driver Daniel P. Berrange
2016-03-15 13:59 ` Eric Blake
2016-03-15 14:03 ` Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 20/26] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 21/26] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 22/26] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 23/26] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2016-02-29 12:00 ` [Qemu-devel] [PATCH v4 24/26] block: rip out all traces of password prompting Daniel P. Berrange
2016-05-12 20:35 ` Eric Blake
2016-02-29 12:01 ` [Qemu-devel] [PATCH v4 25/26] block: remove all encryption handling APIs Daniel P. Berrange
2016-02-29 12:01 ` [Qemu-devel] [PATCH v4 26/26] block: remove support for legecy AES qcow/qcow2 encryption Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160307055140.GC21446@ad.usersys.redhat.com \
--to=famz@redhat.com \
--cc=berrange@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.