From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, Max Reitz <mreitz@redhat.com>,
Kevin Wolf <kwolf@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>
Subject: [Qemu-devel] [PATCH v3 18/18] block: pass option prefix down to crypto layer
Date: Thu, 26 Jan 2017 10:18:27 +0000 [thread overview]
Message-ID: <20170126101827.22378-19-berrange@redhat.com> (raw)
In-Reply-To: <20170126101827.22378-1-berrange@redhat.com>
While the crypto layer uses a fixed option name "key-secret",
the upper block layer may have a prefix on the options. e.g.
"luks-key-secret", "aes-key-secret", in order to avoid clashes
between crypto option names & other block option names. To
ensure the crypto layer can report accurate error messages,
we must tell it what option name prefix was used.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
block/crypto.c | 4 ++--
block/qcow.c | 7 ++++---
block/qcow2.c | 15 +++++++++------
crypto/block-luks.c | 8 ++++++--
crypto/block-qcow.c | 8 ++++++--
crypto/block.c | 6 ++++--
crypto/blockpriv.h | 2 ++
include/crypto/block.h | 6 +++++-
8 files changed, 38 insertions(+), 18 deletions(-)
diff --git a/block/crypto.c b/block/crypto.c
index 6d6bd90..22bc6ba 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -369,7 +369,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
if (flags & BDRV_O_NO_IO) {
cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
}
- crypto->block = qcrypto_block_open(open_opts,
+ crypto->block = qcrypto_block_open(open_opts, NULL,
block_crypto_read_func,
bs,
cflags,
@@ -409,7 +409,7 @@ static int block_crypto_create_generic(QCryptoBlockFormat format,
return -1;
}
- crypto = qcrypto_block_create(create_opts,
+ crypto = qcrypto_block_create(create_opts, NULL,
block_crypto_init_func,
block_crypto_write_func,
&data,
diff --git a/block/qcow.c b/block/qcow.c
index cf05449..8047415 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -197,8 +197,8 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags,
if (flags & BDRV_O_NO_IO) {
cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
}
- s->crypto = qcrypto_block_open(crypto_opts, NULL, NULL,
- cflags, errp);
+ s->crypto = qcrypto_block_open(crypto_opts, "aes-",
+ NULL, NULL, cflags, errp);
if (!s->crypto) {
ret = -EINVAL;
goto fail;
@@ -819,7 +819,8 @@ static int qcow_create(const char *filename, QemuOpts *opts, Error **errp)
goto exit;
}
- crypto = qcrypto_block_create(crypto_opts, NULL, NULL, NULL, errp);
+ crypto = qcrypto_block_create(crypto_opts, "aes-",
+ NULL, NULL, NULL, errp);
if (!crypto) {
ret = -EINVAL;
goto exit;
diff --git a/block/qcow2.c b/block/qcow2.c
index 7c8e602..4f2da2f 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -284,7 +284,7 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
* provide the same key-secret property against the full
* backing chain
*/
- s->crypto = qcrypto_block_open(s->crypto_opts,
+ s->crypto = qcrypto_block_open(s->crypto_opts, "luks-",
qcow2_crypto_hdr_read_func,
bs, cflags, errp);
if (!s->crypto) {
@@ -1291,8 +1291,8 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags,
* provide the same key-secret property against the full
* backing chain
*/
- s->crypto = qcrypto_block_open(s->crypto_opts, NULL, NULL,
- cflags, errp);
+ s->crypto = qcrypto_block_open(s->crypto_opts, "aes-",
+ NULL, NULL, cflags, errp);
if (!s->crypto) {
ret = -EINVAL;
goto fail;
@@ -2209,14 +2209,17 @@ static int qcow2_set_up_encryption(BlockDriverState *bs, QemuOpts *opts,
QCryptoBlockCreateOptions *cryptoopts = NULL;
QCryptoBlock *crypto = NULL;
int ret = -EINVAL;
+ const char *optprefix;
if (g_str_equal(format, "luks")) {
+ optprefix = "luks-";
cryptoopts = block_crypto_create_opts_init(
- Q_CRYPTO_BLOCK_FORMAT_LUKS, opts, "luks-", errp);
+ Q_CRYPTO_BLOCK_FORMAT_LUKS, opts, optprefix, errp);
s->crypt_method_header = QCOW_CRYPT_LUKS;
} else if (g_str_equal(format, "aes")) {
+ optprefix = "aes-";
cryptoopts = block_crypto_create_opts_init(
- Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, "aes-", errp);
+ Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, optprefix, errp);
s->crypt_method_header = QCOW_CRYPT_AES;
} else {
error_setg(errp, "Unknown encryption format %s", format);
@@ -2228,7 +2231,7 @@ static int qcow2_set_up_encryption(BlockDriverState *bs, QemuOpts *opts,
goto out;
}
- crypto = qcrypto_block_create(cryptoopts,
+ crypto = qcrypto_block_create(cryptoopts, optprefix,
qcow2_crypto_hdr_init_func,
qcow2_crypto_hdr_write_func,
bs, errp);
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 4530f82..4a4c4a0 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -638,6 +638,7 @@ qcrypto_block_luks_find_key(QCryptoBlock *block,
static int
qcrypto_block_luks_open(QCryptoBlock *block,
QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -661,7 +662,8 @@ qcrypto_block_luks_open(QCryptoBlock *block,
if (!(flags & QCRYPTO_BLOCK_OPEN_NO_IO)) {
if (!options->u.luks.key_secret) {
- error_setg(errp, "Parameter 'key-secret' is required for cipher");
+ error_setg(errp, "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
password = qcrypto_secret_lookup_as_utf8(
@@ -885,6 +887,7 @@ qcrypto_block_luks_uuid_gen(uint8_t *uuidstr)
static int
qcrypto_block_luks_create(QCryptoBlock *block,
QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
@@ -937,7 +940,8 @@ qcrypto_block_luks_create(QCryptoBlock *block,
* be silently ignored, for compatibility with dm-crypt */
if (!options->u.luks.key_secret) {
- error_setg(errp, "Parameter 'key-secret' is required for cipher");
+ error_setg(errp, "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp);
diff --git a/crypto/block-qcow.c b/crypto/block-qcow.c
index be88c6f..a456fe3 100644
--- a/crypto/block-qcow.c
+++ b/crypto/block-qcow.c
@@ -94,6 +94,7 @@ qcrypto_block_qcow_init(QCryptoBlock *block,
static int
qcrypto_block_qcow_open(QCryptoBlock *block,
QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc G_GNUC_UNUSED,
void *opaque G_GNUC_UNUSED,
unsigned int flags,
@@ -104,7 +105,8 @@ qcrypto_block_qcow_open(QCryptoBlock *block,
} else {
if (!options->u.qcow.key_secret) {
error_setg(errp,
- "Parameter 'key-secret' is required for cipher");
+ "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
return qcrypto_block_qcow_init(block,
@@ -116,13 +118,15 @@ qcrypto_block_qcow_open(QCryptoBlock *block,
static int
qcrypto_block_qcow_create(QCryptoBlock *block,
QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc G_GNUC_UNUSED,
QCryptoBlockWriteFunc writefunc G_GNUC_UNUSED,
void *opaque G_GNUC_UNUSED,
Error **errp)
{
if (!options->u.qcow.key_secret) {
- error_setg(errp, "Parameter 'key-secret' is required for cipher");
+ error_setg(errp, "Parameter '%skey-secret' is required for cipher",
+ optprefix ? optprefix : "");
return -1;
}
/* QCow2 has no special header, since everything is hardwired */
diff --git a/crypto/block.c b/crypto/block.c
index 64c8420..b097d45 100644
--- a/crypto/block.c
+++ b/crypto/block.c
@@ -48,6 +48,7 @@ bool qcrypto_block_has_format(QCryptoBlockFormat format,
QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -67,7 +68,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
block->driver = qcrypto_block_drivers[options->format];
- if (block->driver->open(block, options,
+ if (block->driver->open(block, options, optprefix,
readfunc, opaque, flags, errp) < 0) {
g_free(block);
return NULL;
@@ -78,6 +79,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
@@ -97,7 +99,7 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
block->driver = qcrypto_block_drivers[options->format];
- if (block->driver->create(block, options, initfunc,
+ if (block->driver->create(block, options, optprefix, initfunc,
writefunc, opaque, errp) < 0) {
g_free(block);
return NULL;
diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h
index 68f0f06..0edb810 100644
--- a/crypto/blockpriv.h
+++ b/crypto/blockpriv.h
@@ -41,6 +41,7 @@ struct QCryptoBlock {
struct QCryptoBlockDriver {
int (*open)(QCryptoBlock *block,
QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -48,6 +49,7 @@ struct QCryptoBlockDriver {
int (*create)(QCryptoBlock *block,
QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
diff --git a/include/crypto/block.h b/include/crypto/block.h
index b6971de..c0c202a 100644
--- a/include/crypto/block.h
+++ b/include/crypto/block.h
@@ -71,6 +71,7 @@ typedef enum {
/**
* qcrypto_block_open:
* @options: the encryption options
+ * @optprefix: name prefix for options
* @readfunc: callback for reading data from the volume
* @opaque: data to pass to @readfunc
* @flags: bitmask of QCryptoBlockOpenFlags values
@@ -102,6 +103,7 @@ typedef enum {
* Returns: a block encryption format, or NULL on error
*/
QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
+ const char *optprefix,
QCryptoBlockReadFunc readfunc,
void *opaque,
unsigned int flags,
@@ -109,7 +111,8 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
/**
* qcrypto_block_create:
- * @format: the encryption format
+ * @options: the encryption options
+ * @optprefix: name prefix for options
* @initfunc: callback for initializing volume header
* @writefunc: callback for writing data to the volume header
* @opaque: data to pass to @initfunc and @writefunc
@@ -133,6 +136,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
* Returns: a block encryption format, or NULL on error
*/
QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
+ const char *optprefix,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
--
2.9.3
next prev parent reply other threads:[~2017-01-26 10:19 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-26 10:18 [Qemu-devel] [PATCH v3 00/18] Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 01/18] block: expose crypto option names / defs to other drivers Daniel P. Berrange
2017-02-08 15:26 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 02/18] block: add ability to set a prefix for opt names Daniel P. Berrange
2017-02-09 13:30 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 03/18] qcow: document another weakness of qcow AES encryption Daniel P. Berrange
2017-02-08 15:30 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-02-08 22:49 ` [Qemu-devel] " Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 04/18] qcow: require image size to be > 1 for new images Daniel P. Berrange
2017-02-08 19:29 ` Eric Blake
2017-02-09 11:30 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 05/18] iotests: skip 042 with qcow which dosn't support zero sized images Daniel P. Berrange
2017-02-09 11:47 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 06/18] iotests: skip 048 with qcow which doesn't support resize Daniel P. Berrange
2017-02-09 11:50 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 07/18] iotests: fix 097 when run with qcow Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 08/18] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
2017-02-08 19:35 ` Eric Blake
2017-02-08 22:57 ` Max Reitz
2017-02-10 10:44 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-02-10 16:19 ` Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 09/18] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2017-02-09 14:24 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2017-02-08 16:15 ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-02-08 16:23 ` Daniel P. Berrange
2017-02-08 23:26 ` [Qemu-devel] " Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 12/18] qcow2: extend specification to cover LUKS encryption Daniel P. Berrange
2017-02-08 23:33 ` Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 13/18] qcow2: add support for LUKS encryption format Daniel P. Berrange
2017-02-09 0:28 ` Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 14/18] qcow2: add iotests to cover LUKS encryption support Daniel P. Berrange
2017-02-09 0:36 ` Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 15/18] iotests: enable tests 134 and 158 to work with qcow (v1) Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 16/18] block: rip out all traces of password prompting Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 17/18] block: remove all encryption handling APIs Daniel P. Berrange
2017-01-26 10:18 ` Daniel P. Berrange [this message]
2017-02-09 0:51 ` [Qemu-devel] [PATCH v3 18/18] block: pass option prefix down to crypto layer Max Reitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170126101827.22378-19-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).