From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, Max Reitz <mreitz@redhat.com>,
qemu-block@nongnu.org, "Daniel P. Berrange" <berrange@redhat.com>
Subject: [Qemu-devel] [PATCH v1 02/15] block: add ability to set a prefix for opt names
Date: Tue, 3 Jan 2017 18:27:48 +0000 [thread overview]
Message-ID: <20170103182801.9638-3-berrange@redhat.com> (raw)
In-Reply-To: <20170103182801.9638-1-berrange@redhat.com>
When integrating the crypto support with qcow/qcow2, we don't
want to use the bare LUKS option names "hash-alg", "key-secret",
etc. We want to namespace them "luks-hash-alg", "luks-key-secret"
so that they don't clash with any general qcow options at a later
date.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/crypto.c | 110 +++++++++++++++++++++++++++++++++++++++++++++++++--------
block/crypto.h | 42 +++++++++++-----------
2 files changed, 118 insertions(+), 34 deletions(-)
diff --git a/block/crypto.c b/block/crypto.c
index d281de6..1037c70 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -128,7 +128,7 @@ static QemuOptsList block_crypto_runtime_opts_luks = {
.name = "crypto",
.head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head),
.desc = {
- BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET,
+ BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
{ /* end of list */ }
},
};
@@ -143,31 +143,101 @@ static QemuOptsList block_crypto_create_opts_luks = {
.type = QEMU_OPT_SIZE,
.help = "Virtual disk size"
},
- BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET,
- BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG,
- BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE,
- BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG,
- BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG,
- BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG,
- BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME,
+ BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""),
+ BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
{ /* end of list */ }
},
};
+static QemuOptsList empty_opts = {
+ .name = "crypto-empty",
+ .merge_lists = false,
+ .head = QTAILQ_HEAD_INITIALIZER(empty_opts.head),
+ .desc = {
+ /* no elements => accept any params */
+ { /* end of list */ }
+ },
+};
+
+
+struct BlockCryptoCopyData {
+ QemuOpts *opts;
+ const char *prefix;
+};
+
+static int block_crypto_copy_value(void *opaque, const char *name,
+ const char *value, Error **errp)
+{
+ struct BlockCryptoCopyData *data = opaque;
+
+ if (g_str_has_prefix(name, data->prefix)) {
+ Error *local_err = NULL;
+ const char *newname = name + strlen(data->prefix);
+
+ qemu_opt_set(data->opts, newname, value, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+/*
+ * Create a copy of @opts containing only the fields with
+ * a prefix of @prefix, stripping the prefix in the returned
+ * opts
+ */
+static QemuOpts *
+block_crypto_copy_opts(QemuOpts *opts,
+ const char *prefix,
+ Error **errp)
+{
+ struct BlockCryptoCopyData data = {
+ .opts = qemu_opts_create(&empty_opts, NULL, false, errp),
+ .prefix = prefix
+ };
+ if (!data.opts) {
+ return NULL;
+ }
+
+ if (qemu_opt_foreach(opts, block_crypto_copy_value, &data, errp) != 0) {
+ qemu_opts_del(data.opts);
+ return NULL;
+ }
+
+ return data.opts;
+}
QCryptoBlockOpenOptions *
block_crypto_open_opts_init(QCryptoBlockFormat format,
QemuOpts *opts,
+ const char *prefix,
Error **errp)
{
- Visitor *v;
+ Visitor *v = NULL;
QCryptoBlockOpenOptions *ret = NULL;
Error *local_err = NULL;
+ QemuOpts *newopts = NULL;
ret = g_new0(QCryptoBlockOpenOptions, 1);
ret->format = format;
- v = opts_visitor_new(opts);
+ if (prefix != NULL) {
+ newopts = block_crypto_copy_opts(opts, prefix, &local_err);
+ if (local_err) {
+ goto out;
+ }
+ v = opts_visitor_new(newopts);
+ } else {
+ v = opts_visitor_new(opts);
+ }
visit_start_struct(v, NULL, NULL, 0, &local_err);
if (local_err) {
@@ -196,6 +266,7 @@ block_crypto_open_opts_init(QCryptoBlockFormat format,
qapi_free_QCryptoBlockOpenOptions(ret);
ret = NULL;
}
+ qemu_opts_del(newopts);
visit_free(v);
return ret;
}
@@ -204,16 +275,26 @@ block_crypto_open_opts_init(QCryptoBlockFormat format,
QCryptoBlockCreateOptions *
block_crypto_create_opts_init(QCryptoBlockFormat format,
QemuOpts *opts,
+ const char *prefix,
Error **errp)
{
- Visitor *v;
+ Visitor *v = NULL;
QCryptoBlockCreateOptions *ret = NULL;
Error *local_err = NULL;
+ QemuOpts *newopts = NULL;
ret = g_new0(QCryptoBlockCreateOptions, 1);
ret->format = format;
- v = opts_visitor_new(opts);
+ if (prefix != NULL) {
+ newopts = block_crypto_copy_opts(opts, prefix, &local_err);
+ if (local_err) {
+ goto out;
+ }
+ v = opts_visitor_new(newopts);
+ } else {
+ v = opts_visitor_new(opts);
+ }
visit_start_struct(v, NULL, NULL, 0, &local_err);
if (local_err) {
@@ -242,6 +323,7 @@ block_crypto_create_opts_init(QCryptoBlockFormat format,
qapi_free_QCryptoBlockCreateOptions(ret);
ret = NULL;
}
+ qemu_opts_del(newopts);
visit_free(v);
return ret;
}
@@ -268,7 +350,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
goto cleanup;
}
- open_opts = block_crypto_open_opts_init(format, opts, errp);
+ open_opts = block_crypto_open_opts_init(format, opts, NULL, errp);
if (!open_opts) {
goto cleanup;
}
@@ -312,7 +394,7 @@ static int block_crypto_create_generic(QCryptoBlockFormat format,
.filename = filename,
};
- create_opts = block_crypto_create_opts_init(format, opts, errp);
+ create_opts = block_crypto_create_opts_init(format, opts, NULL, errp);
if (!create_opts) {
return -1;
}
diff --git a/block/crypto.h b/block/crypto.h
index e42f20e..e70e2f0 100644
--- a/block/crypto.h
+++ b/block/crypto.h
@@ -29,51 +29,51 @@
#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix) \
{ \
- .name = BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, \
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, \
.type = QEMU_OPT_STRING, \
.help = "ID of the secret that provides the keyslot passphrase", \
}
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix) \
{ \
- .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG, \
.type = QEMU_OPT_STRING, \
.help = "Name of encryption cipher algorithm", \
}
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE \
- { \
- .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \
- .type = QEMU_OPT_STRING, \
- .help = "Name of encryption cipher mode", \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(prefix) \
+ { \
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE, \
+ .type = QEMU_OPT_STRING, \
+ .help = "Name of encryption cipher mode", \
}
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG \
- { \
- .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \
- .type = QEMU_OPT_STRING, \
- .help = "Name of IV generator algorithm", \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(prefix) \
+ { \
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \
+ .type = QEMU_OPT_STRING, \
+ .help = "Name of IV generator algorithm", \
}
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(prefix) \
{ \
- .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG, \
.type = QEMU_OPT_STRING, \
.help = "Name of IV generator hash algorithm", \
}
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(prefix) \
{ \
- .name = BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_HASH_ALG, \
.type = QEMU_OPT_STRING, \
.help = "Name of encryption hash algorithm", \
}
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(prefix) \
{ \
- .name = BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \
+ .name = prefix BLOCK_CRYPTO_OPT_LUKS_ITER_TIME, \
.type = QEMU_OPT_NUMBER, \
.help = "Time to spend in PBKDF in milliseconds", \
}
@@ -81,11 +81,13 @@
QCryptoBlockCreateOptions *
block_crypto_create_opts_init(QCryptoBlockFormat format,
QemuOpts *opts,
+ const char *prefix,
Error **errp);
QCryptoBlockOpenOptions *
block_crypto_open_opts_init(QCryptoBlockFormat format,
QemuOpts *opts,
+ const char *prefix,
Error **errp);
#endif /* BLOCK_CRYPTO_H__ */
--
2.9.3
next prev parent reply other threads:[~2017-01-03 18:28 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-03 18:27 [Qemu-devel] [PATCH v1 00/15] Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 01/15] block: expose crypto option names / defs to other drivers Daniel P. Berrange
2017-01-03 19:46 ` Eric Blake
2017-01-16 19:42 ` Max Reitz
2017-01-03 18:27 ` Daniel P. Berrange [this message]
2017-01-16 19:31 ` [Qemu-devel] [PATCH v1 02/15] block: add ability to set a prefix for opt names Max Reitz
2017-01-24 12:15 ` Daniel P. Berrange
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 03/15] qcow: document another weakness of qcow AES encryption Daniel P. Berrange
2017-01-16 19:37 ` Max Reitz
2017-01-24 12:11 ` Daniel P. Berrange
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 04/15] qcow: require image size to be > 1 for new images Daniel P. Berrange
2017-01-16 19:41 ` Max Reitz
2017-01-24 12:14 ` Daniel P. Berrange
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 05/15] iotests: skip 042 with qcow which dosn't support zero sized images Daniel P. Berrange
2017-01-16 19:42 ` Max Reitz
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 06/15] iotests: skip 048 with qcow which doesn't support resize Daniel P. Berrange
2017-01-16 19:48 ` Max Reitz
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 07/15] iotests: fix 097 when run with qcow Daniel P. Berrange
2017-01-16 20:04 ` Max Reitz
2017-01-17 9:59 ` Daniel P. Berrange
2017-01-18 12:44 ` Max Reitz
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 08/15] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
2017-01-16 20:25 ` Max Reitz
2017-01-24 12:21 ` Daniel P. Berrange
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 09/15] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2017-01-16 21:16 ` Max Reitz
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 10/15] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 11/15] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2017-01-18 18:13 ` Max Reitz
2017-01-19 9:39 ` Daniel P. Berrange
2017-01-21 19:07 ` Max Reitz
2017-01-24 12:33 ` Daniel P. Berrange
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 12/15] qcow2: add support for LUKS encryption format Daniel P. Berrange
2017-01-21 18:57 ` Max Reitz
2017-01-24 13:58 ` Daniel P. Berrange
2017-01-25 15:45 ` Max Reitz
2017-01-03 18:27 ` [Qemu-devel] [PATCH v1 13/15] iotests: enable tests 134 and 158 to work with qcow (v1) Daniel P. Berrange
2017-01-21 19:12 ` Max Reitz
2017-01-03 18:28 ` [Qemu-devel] [PATCH v1 14/15] block: rip out all traces of password prompting Daniel P. Berrange
2017-01-21 19:17 ` Max Reitz
2017-01-03 18:28 ` [Qemu-devel] [PATCH v1 15/15] block: remove all encryption handling APIs Daniel P. Berrange
2017-01-21 19:22 ` Max Reitz
2017-01-24 12:49 ` Daniel P. Berrange
2017-01-25 15:58 ` [Qemu-devel] [PATCH v1 00/15] Convert QCow[2] to QCryptoBlock & add LUKS support Max Reitz
2017-01-25 16:29 ` Daniel P. Berrange
2017-01-25 16:41 ` Max Reitz
2017-01-25 17:18 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170103182801.9638-3-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).