Re: [Qemu-devel] [PATCH v1 2/6] block: export LUKS specific data to qemu-img info

[Eric Blake <eblake@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 3813 bytes --]

On 06/07/2016 04:11 AM, Daniel P. Berrange wrote:
> The qemu-img info command has the ability to expose format
> specific metadata about volumes. Wire up this facility for
> the LUKS driver to report on cipher configuration and key
> slot usage.
> 

> 
> One somewhat undesirable artifact is that the data fields are
> printed out in (apparantly) random order. This will be addressed

s/apparantly/apparently/

> later by changing the way the block layer pretty-prints the
> image specific data.

Ah, so your new visitor pretty-prints HMP, not JSON.  Okay, then I get
to review it after all, and it is probably a good addition in parallel
to my JSON printer.

> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  block/crypto.c       | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++
>  qapi/block-core.json | 34 +++++++++++++++++++++-
>  2 files changed, 113 insertions(+), 1 deletion(-)
> 

> +
> +    spec_info = g_new(ImageInfoSpecific, 1);
> +    spec_info->type =  IMAGE_INFO_SPECIFIC_KIND_LUKS;
> +    spec_info->u.luks.data = g_new(ImageInfoSpecificLUKS, 1);
> +    spec_info->u.luks.data->cipher_alg = info->u.luks.cipher_alg;
> +    spec_info->u.luks.data->cipher_mode = info->u.luks.cipher_mode;
> +    spec_info->u.luks.data->ivgen_alg = info->u.luks.ivgen_alg;
> +    spec_info->u.luks.data->has_ivgen_hash_alg =
> +        info->u.luks.has_ivgen_hash_alg;
> +    spec_info->u.luks.data->ivgen_hash_alg = info->u.luks.ivgen_hash_alg;
> +    spec_info->u.luks.data->hash_alg = info->u.luks.hash_alg;
> +    spec_info->u.luks.data->payload_offset = info->u.luks.payload_offset;
> +    spec_info->u.luks.data->master_key_iters = info->u.luks.master_key_iters;
> +    spec_info->u.luks.data->uuid = g_strdup(info->u.luks.uuid);

My clone visitor patches would help here.


> +++ b/qapi/block-core.json
> @@ -74,6 +74,37 @@
>        'extents': ['ImageInfo']
>    } }
>  
> +
> +{ 'struct': 'ImageInfoSpecificLUKSSlot',
> +  'data': {'active': 'bool',
> +           'iters': 'int',
> +           'stripes': 'int',
> +           'key-offset': 'int' } }

Missing documentation, but why do you need it, since it is identical to
QCryptoBlockInfoLUKSSlot in the previous patch?

> +
> +##
> +# @ImageInfoSpecificLUKS:
> +#
> +# @cipher-alg: the cipher algorithm for data encryption
> +# @cipher-mode: the cipher mode for data encryption
> +# @ivgen-alg: the initialization vector generator
> +# @ivgen-hash-alg: the initialization vector generator hash
> +# @hash-alg: the master key hash algorithm
> +#

Not all the members are documented, but isn't this identical to
QCryptoBlockInfoLUKS in the previous patch?

> +# Since: 2.7
> +##
> +{ 'struct': 'ImageInfoSpecificLUKS',
> +  'data': {
> +      'cipher-alg': 'QCryptoCipherAlgorithm',
> +      'cipher-mode': 'QCryptoCipherMode',
> +      'ivgen-alg': 'QCryptoIVGenAlgorithm',
> +      '*ivgen-hash-alg': 'QCryptoHashAlgorithm',
> +      'hash-alg': 'QCryptoHashAlgorithm',
> +      'payload-offset': 'int',
> +      'master-key-iters': 'int',
> +      'uuid': 'str',
> +      'slots': [ 'ImageInfoSpecificLUKSSlot' ]
> +  } }
> +
>  ##
>  # @ImageInfoSpecific:
>  #
> @@ -85,7 +116,8 @@
>  { 'union': 'ImageInfoSpecific',
>    'data': {
>        'qcow2': 'ImageInfoSpecificQCow2',
> -      'vmdk': 'ImageInfoSpecificVmdk'
> +      'vmdk': 'ImageInfoSpecificVmdk',
> +      'luks': 'ImageInfoSpecificLUKS'

I guess the difference is whether you are giving the info on a LUKS
image regardless of underlying storage, vs. on a qcow2 image with LUKS
encryption. Still, can't we reuse the type, rather than duplicate it?

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]