From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
qemu-block@nongnu.org, Markus Armbruster <armbru@redhat.com>,
qemu-devel@nongnu.org, Max Reitz <mreitz@redhat.com>,
John Snow <jsnow@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 02/10] qcrypto-luks: extend the create options for upcoming encryption key management
Date: Fri, 6 Sep 2019 15:15:49 +0100 [thread overview]
Message-ID: <20190906141549.GS5119@redhat.com> (raw)
In-Reply-To: <5ffec079e9f1fb8db7e92eba9b4187de2676b207.camel@redhat.com>
On Fri, Sep 06, 2019 at 04:57:22PM +0300, Maxim Levitsky wrote:
> On Fri, 2019-09-06 at 14:49 +0100, Daniel P. Berrangé wrote:
> > On Fri, Aug 30, 2019 at 11:56:00PM +0300, Maxim Levitsky wrote:
> > > Now you can specify which slot to put the encryption key to
> > > Plus add 'active' option which will let user erase the key secret
> > > instead of adding it.
> > > Check that it is true for creation
> > >
> > > Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
> > > ---
> > > block/crypto.c | 2 ++
> > > block/crypto.h | 16 +++++++++++
> > > block/qcow2.c | 2 ++
> > > crypto/block-luks.c | 26 +++++++++++++++---
> > > qapi/crypto.json | 19 ++++++++++++++
> > > tests/qemu-iotests/082.out | 54 ++++++++++++++++++++++++++++++++++++++
> > > 6 files changed, 115 insertions(+), 4 deletions(-)
> > >
> > > diff --git a/block/crypto.c b/block/crypto.c
> > > index 6e822c6e50..a6a3e1f1d8 100644
> > > --- a/block/crypto.c
> > > +++ b/block/crypto.c
> > > @@ -144,6 +144,8 @@ static QemuOptsList block_crypto_create_opts_luks = {
> > > BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""),
> > > BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""),
> > > BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
> > > + BLOCK_CRYPTO_OPT_DEF_LUKS_SLOT(""),
> > > + BLOCK_CRYPTO_OPT_DEF_LUKS_ACTIVE(""),
> > > { /* end of list */ }
> > > },
> > > };
> > > diff --git a/block/crypto.h b/block/crypto.h
> > > index b935695e79..05cc43d9bc 100644
> > > --- a/block/crypto.h
> > > +++ b/block/crypto.h
> > > @@ -35,12 +35,14 @@
> > > "ID of the secret that provides the AES encryption key")
> > >
> > > #define BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET "key-secret"
> > > +#define BLOCK_CRYPTO_OPT_LUKS_SLOT "slot"
> > > #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG "cipher-alg"
> > > #define BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE "cipher-mode"
> > > #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG "ivgen-alg"
> > > #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg"
> > > #define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
> > > #define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
> > > +#define BLOCK_CRYPTO_OPT_LUKS_ACTIVE "active"
> > >
> > > #define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \
> > > BLOCK_CRYPTO_OPT_DEF_KEY_SECRET(prefix, \
> > > @@ -88,6 +90,20 @@
> > > .help = "Time to spend in PBKDF in milliseconds", \
> > > }
> > >
> > > +#define BLOCK_CRYPTO_OPT_DEF_LUKS_SLOT(prefix) \
> > > + { \
> > > + .name = prefix BLOCK_CRYPTO_OPT_LUKS_SLOT, \
> > > + .type = QEMU_OPT_NUMBER, \
> > > + .help = "Controls the slot where the secret is added/erased", \
> > > + }
> > > +
> > > +#define BLOCK_CRYPTO_OPT_DEF_LUKS_ACTIVE(prefix) \
> > > + { \
> > > + .name = prefix BLOCK_CRYPTO_OPT_LUKS_ACTIVE, \
> > > + .type = QEMU_OPT_BOOL, \
> > > + .help = "Controls if the added secret is added or erased", \
> > > + }
> >
> > Do we actually need the "active" property for initial
> > creation. I think its only needed for amend, so perhaps
> > we shuold not register this at all ?
>
> Sadly we kind of do, since both amend and create use the same option list currently.
> I tried to duplicate it, and it is possible, but then you end up
> with significant code duplication in qcow2 with its huge create option list.
Ah, I see now.
> I am now thinking that we could have had , 'create only' option list, 'amend only' option list,
> and 'common' option list.
> What do you think?
I'm not too fussed - either way is fine with me.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2019-09-06 14:20 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-30 20:55 [Qemu-devel] [PATCH 00/10] RFC crypto/luks: encryption key managment using amend interface Maxim Levitsky
2019-08-30 20:55 ` [Qemu-devel] [PATCH 01/10] qcrypto: add suport for amend options Maxim Levitsky
2019-09-06 13:40 ` Daniel P. Berrangé
2019-08-30 20:56 ` [Qemu-devel] [PATCH 02/10] qcrypto-luks: extend the create options for upcoming encryption key management Maxim Levitsky
2019-09-06 13:49 ` Daniel P. Berrangé
2019-09-06 13:57 ` Maxim Levitsky
2019-09-06 14:15 ` Daniel P. Berrangé [this message]
2019-08-30 20:56 ` [Qemu-devel] [PATCH 03/10] qcrypto-luks: implement the " Maxim Levitsky
2019-09-06 13:55 ` Daniel P. Berrangé
2019-09-12 9:48 ` Maxim Levitsky
2019-08-30 20:56 ` [Qemu-devel] [PATCH 04/10] block: amend: add 'force' option Maxim Levitsky
2019-09-06 13:59 ` Daniel P. Berrangé
2019-09-12 9:53 ` Maxim Levitsky
2019-08-30 20:56 ` [Qemu-devel] [PATCH 05/10] block/crypto: implement the encryption key management Maxim Levitsky
2019-09-06 14:04 ` Daniel P. Berrangé
2019-09-12 10:08 ` Maxim Levitsky
2019-08-30 20:56 ` [Qemu-devel] [PATCH 06/10] qcow2: implement crypto amend options Maxim Levitsky
2019-09-06 14:06 ` Daniel P. Berrangé
2019-09-12 19:11 ` Maxim Levitsky
2019-08-30 20:56 ` [Qemu-devel] [PATCH 07/10] block: add x-blockdev-amend qmp command Maxim Levitsky
2019-08-30 20:56 ` [Qemu-devel] [PATCH 08/10] block/crypto: implement blockdev-amend Maxim Levitsky
2019-09-06 14:10 ` Daniel P. Berrangé
2019-09-12 19:18 ` Maxim Levitsky
2019-08-30 20:56 ` [Qemu-devel] [PATCH 09/10] block/qcow2: " Maxim Levitsky
2019-09-06 14:12 ` Daniel P. Berrangé
2019-09-12 19:22 ` Maxim Levitsky
2019-08-30 20:56 ` [Qemu-devel] [PATCH 10/10] iotests : add tests for encryption key management Maxim Levitsky
2019-09-06 14:14 ` Daniel P. Berrangé
2019-09-06 14:26 ` Maxim Levitsky
2019-09-06 14:27 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190906141549.GS5119@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=jsnow@redhat.com \
--cc=kwolf@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.