From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 19/22] qemu-io: prompt for encryption keys when required
Date: Fri, 22 May 2015 17:26:37 +0200 [thread overview]
Message-ID: <1432308400-13958-20-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1432308400-13958-1-git-send-email-kwolf@redhat.com>
From: "Daniel P. Berrange" <berrange@redhat.com>
The qemu-io tool does not check if the image is encrypted so
historically would silently corrupt the sectors by writing
plain text data into them instead of cipher text. The earlier
commit turns this mistake into a fatal abort, so check for
encryption and prompt for key when required.
This enables us to add unit tests to ensure we don't break
the ability of qemu-img to convert existing encrypted qcow2
files into a non-encrypted format.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
qemu-io.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/qemu-io.c b/qemu-io.c
index ae5e274..9bc83c6 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -52,6 +52,7 @@ static const cmdinfo_t close_cmd = {
static int openfile(char *name, int flags, QDict *opts)
{
Error *local_err = NULL;
+ BlockDriverState *bs;
if (qemuio_blk) {
fprintf(stderr, "file open already, try 'help close'\n");
@@ -68,7 +69,27 @@ static int openfile(char *name, int flags, QDict *opts)
return 1;
}
+ bs = blk_bs(qemuio_blk);
+ if (bdrv_is_encrypted(bs)) {
+ char password[256];
+ printf("Disk image '%s' is encrypted.\n", name);
+ if (qemu_read_password(password, sizeof(password)) < 0) {
+ error_report("No password given");
+ goto error;
+ }
+ if (bdrv_set_key(bs, password) < 0) {
+ error_report("invalid password");
+ goto error;
+ }
+ }
+
+
return 0;
+
+ error:
+ blk_unref(qemuio_blk);
+ qemuio_blk = NULL;
+ return 1;
}
static void open_help(void)
--
1.8.3.1
next prev parent reply other threads:[~2015-05-22 15:27 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-22 15:26 [Qemu-devel] [PULL 00/22] Block layer core and image format patches Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 01/22] qcow2: Flush pending discards before allocating cluster Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 02/22] nvme: support NVME_VOLATILE_WRITE_CACHE feature Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 03/22] vmdk: Fix next_cluster_sector for compressed write Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 04/22] vmdk: Fix overflow if l1_size is 0x20000000 Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 05/22] qcow2: use one single memory block for the L2/refcount cache tables Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 06/22] qcow2: simplify qcow2_cache_put() and qcow2_cache_entry_mark_dirty() Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 07/22] qcow2: use an LRU algorithm to replace entries from the L2 cache Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 08/22] qcow2: remove qcow2_cache_find_entry_to_replace() Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 09/22] qcow2: use a hash to look for entries in the L2 cache Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 10/22] qcow2: make qcow2_cache_put() a void function Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 11/22] qcow2: style fixes in qcow2-cache.c Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 12/22] qemu-io: Use getopt() correctly Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 13/22] block: Detect multiplication overflow in bdrv_getlength Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 14/22] qemu-iotests: qemu-img info on afl VMDK image with a huge capacity Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 15/22] qemu-iotests: Make debugging python tests easier Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 16/22] qcow2/qcow: protect against uninitialized encryption key Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 17/22] util: move read_password method out of qemu-img into osdep/oslib Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 18/22] util: allow \n to terminate password input Kevin Wolf
2015-05-22 15:26 ` Kevin Wolf [this message]
2015-05-22 15:26 ` [Qemu-devel] [PULL 20/22] tests: add test case for encrypted qcow2 read/write Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 21/22] MAINTAINERS: Add header files to Block Layer Core section Kevin Wolf
2015-05-22 15:26 ` [Qemu-devel] [PULL 22/22] MAINTAINERS: Split "Block QAPI, monitor, command line" off core Kevin Wolf
2015-05-26 10:30 ` [Qemu-devel] [PULL 00/22] Block layer core and image format patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1432308400-13958-20-git-send-email-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).