qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, Max Reitz <mreitz@redhat.com>,
	Kevin Wolf <kwolf@redhat.com>,
	"Daniel P. Berrange" <berrange@redhat.com>
Subject: [Qemu-devel] [PATCH v3 02/18] block: add ability to set a prefix for opt names
Date: Thu, 26 Jan 2017 10:18:11 +0000	[thread overview]
Message-ID: <20170126101827.22378-3-berrange@redhat.com> (raw)
In-Reply-To: <20170126101827.22378-1-berrange@redhat.com>

When integrating the crypto support with qcow/qcow2, we don't
want to use the bare LUKS option names "hash-alg", "key-secret",
etc. We want to namespace them "luks-hash-alg", "luks-key-secret"
so that they don't clash with any general qcow options at a later
date.

Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 block/crypto.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++++--------
 block/crypto.h |  42 +++++++++++-----------
 2 files changed, 119 insertions(+), 34 deletions(-)

diff --git a/block/crypto.c b/block/crypto.c
index d281de6..876eabc 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -27,6 +27,7 @@
 #include "qapi-visit.h"
 #include "qapi/error.h"
 #include "block/crypto.h"
+#include "qemu/cutils.h"
 
 typedef struct BlockCrypto BlockCrypto;
 
@@ -128,7 +129,7 @@ static QemuOptsList block_crypto_runtime_opts_luks = {
     .name = "crypto",
     .head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head),
     .desc = {
-        BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET,
+        BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
         { /* end of list */ }
     },
 };
@@ -143,31 +144,101 @@ static QemuOptsList block_crypto_create_opts_luks = {
             .type = QEMU_OPT_SIZE,
             .help = "Virtual disk size"
         },
-        BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET,
-        BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG,
-        BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE,
-        BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG,
-        BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG,
-        BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG,
-        BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME,
+        BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
+        BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(""),
+        BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(""),
+        BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(""),
+        BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""),
+        BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""),
+        BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
         { /* end of list */ }
     },
 };
 
+static QemuOptsList empty_opts = {
+    .name = "crypto-empty",
+    .merge_lists = false,
+    .head = QTAILQ_HEAD_INITIALIZER(empty_opts.head),
+    .desc = {
+        /* no elements => accept any params */
+        { /* end of list */ }
+    },
+};
+
+
+struct BlockCryptoCopyData {
+    QemuOpts *opts;
+    const char *prefix;
+};
+
+static int block_crypto_copy_value(void *opaque, const char *name,
+                                   const char *value, Error **errp)
+{
+    struct BlockCryptoCopyData *data = opaque;
+    const char *newname;
+
+    if (strstart(name, data->prefix, &newname)) {
+        Error *local_err = NULL;
+
+        qemu_opt_set(data->opts, newname, value, &local_err);
+        if (local_err) {
+            error_propagate(errp, local_err);
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+/*
+ * Create a copy of @opts containing only the fields with
+ * a prefix of @prefix, stripping the prefix in the returned
+ * opts
+ */
+static QemuOpts *
+block_crypto_copy_opts(QemuOpts *opts,
+                       const char *prefix,
+                       Error **errp)
+{
+    struct BlockCryptoCopyData data = {
+        .opts = qemu_opts_create(&empty_opts, NULL, false, errp),
+        .prefix = prefix
+    };
+    if (!data.opts) {
+        return NULL;
+    }
+
+    if (qemu_opt_foreach(opts, block_crypto_copy_value, &data, errp) < 0) {
+        qemu_opts_del(data.opts);
+        return NULL;
+    }
+
+    return data.opts;
+}
 
 QCryptoBlockOpenOptions *
 block_crypto_open_opts_init(QCryptoBlockFormat format,
                             QemuOpts *opts,
+                            const char *prefix,
                             Error **errp)
 {
-    Visitor *v;
+    Visitor *v = NULL;
     QCryptoBlockOpenOptions *ret = NULL;
     Error *local_err = NULL;
+    QemuOpts *newopts = NULL;
 
     ret = g_new0(QCryptoBlockOpenOptions, 1);
     ret->format = format;
 
-    v = opts_visitor_new(opts);
+    if (prefix != NULL) {
+        newopts = block_crypto_copy_opts(opts, prefix, &local_err);
+        if (local_err) {
+            goto out;
+        }
+        v = opts_visitor_new(newopts);
+    } else {
+        v = opts_visitor_new(opts);
+    }
 
     visit_start_struct(v, NULL, NULL, 0, &local_err);
     if (local_err) {
@@ -196,6 +267,7 @@ block_crypto_open_opts_init(QCryptoBlockFormat format,
         qapi_free_QCryptoBlockOpenOptions(ret);
         ret = NULL;
     }
+    qemu_opts_del(newopts);
     visit_free(v);
     return ret;
 }
@@ -204,16 +276,26 @@ block_crypto_open_opts_init(QCryptoBlockFormat format,
 QCryptoBlockCreateOptions *
 block_crypto_create_opts_init(QCryptoBlockFormat format,
                               QemuOpts *opts,
+                              const char *prefix,
                               Error **errp)
 {
-    Visitor *v;
+    Visitor *v = NULL;
     QCryptoBlockCreateOptions *ret = NULL;
     Error *local_err = NULL;
+    QemuOpts *newopts = NULL;
 
     ret = g_new0(QCryptoBlockCreateOptions, 1);
     ret->format = format;
 
-    v = opts_visitor_new(opts);
+    if (prefix != NULL) {
+        newopts = block_crypto_copy_opts(opts, prefix, &local_err);
+        if (local_err) {
+            goto out;
+        }
+        v = opts_visitor_new(newopts);
+    } else {
+        v = opts_visitor_new(opts);
+    }
 
     visit_start_struct(v, NULL, NULL, 0, &local_err);
     if (local_err) {
@@ -242,6 +324,7 @@ block_crypto_create_opts_init(QCryptoBlockFormat format,
         qapi_free_QCryptoBlockCreateOptions(ret);
         ret = NULL;
     }
+    qemu_opts_del(newopts);
     visit_free(v);
     return ret;
 }
@@ -268,7 +351,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
         goto cleanup;
     }
 
-    open_opts = block_crypto_open_opts_init(format, opts, errp);
+    open_opts = block_crypto_open_opts_init(format, opts, NULL, errp);
     if (!open_opts) {
         goto cleanup;
     }
@@ -312,7 +395,7 @@ static int block_crypto_create_generic(QCryptoBlockFormat format,
         .filename = filename,
     };
 
-    create_opts = block_crypto_create_opts_init(format, opts, errp);
+    create_opts = block_crypto_create_opts_init(format, opts, NULL, errp);
     if (!create_opts) {
         return -1;
     }
diff --git a/block/crypto.h b/block/crypto.h
index e42f20e..e70e2f0 100644
--- a/block/crypto.h
+++ b/block/crypto.h
@@ -29,51 +29,51 @@
 #define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
 #define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
 
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET                            \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(prefix)                    \
     {                                                                   \
-        .name = BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,                       \
+        .name = prefix BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,                \
         .type = QEMU_OPT_STRING,                                        \
         .help = "ID of the secret that provides the keyslot passphrase", \
     }
 
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG               \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(prefix)       \
     {                                                      \
-        .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG,          \
+        .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_ALG,   \
         .type = QEMU_OPT_STRING,                           \
         .help = "Name of encryption cipher algorithm",     \
     }
 
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE         \
-    {                                                 \
-        .name = BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE,    \
-        .type = QEMU_OPT_STRING,                      \
-        .help = "Name of encryption cipher mode",     \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(prefix)      \
+    {                                                      \
+        .name = prefix BLOCK_CRYPTO_OPT_LUKS_CIPHER_MODE,  \
+        .type = QEMU_OPT_STRING,                           \
+        .help = "Name of encryption cipher mode",          \
     }
 
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG           \
-    {                                                 \
-        .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG,      \
-        .type = QEMU_OPT_STRING,                      \
-        .help = "Name of IV generator algorithm",     \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(prefix)     \
+    {                                                   \
+        .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_ALG, \
+        .type = QEMU_OPT_STRING,                        \
+        .help = "Name of IV generator algorithm",       \
     }
 
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG                \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(prefix)        \
     {                                                           \
-        .name = BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG,           \
+        .name = prefix BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG,    \
         .type = QEMU_OPT_STRING,                                \
         .help = "Name of IV generator hash algorithm",          \
     }
 
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG               \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(prefix)       \
     {                                                    \
-        .name = BLOCK_CRYPTO_OPT_LUKS_HASH_ALG,          \
+        .name = prefix BLOCK_CRYPTO_OPT_LUKS_HASH_ALG,   \
         .type = QEMU_OPT_STRING,                         \
         .help = "Name of encryption hash algorithm",     \
     }
 
-#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME                   \
+#define BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(prefix)           \
     {                                                         \
-        .name = BLOCK_CRYPTO_OPT_LUKS_ITER_TIME,              \
+        .name = prefix BLOCK_CRYPTO_OPT_LUKS_ITER_TIME,       \
         .type = QEMU_OPT_NUMBER,                              \
         .help = "Time to spend in PBKDF in milliseconds",     \
     }
@@ -81,11 +81,13 @@
 QCryptoBlockCreateOptions *
 block_crypto_create_opts_init(QCryptoBlockFormat format,
                               QemuOpts *opts,
+                              const char *prefix,
                               Error **errp);
 
 QCryptoBlockOpenOptions *
 block_crypto_open_opts_init(QCryptoBlockFormat format,
                             QemuOpts *opts,
+                            const char *prefix,
                             Error **errp);
 
 #endif /* BLOCK_CRYPTO_H__ */
-- 
2.9.3

  parent reply	other threads:[~2017-01-26 10:18 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-26 10:18 [Qemu-devel] [PATCH v3 00/18] Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 01/18] block: expose crypto option names / defs to other drivers Daniel P. Berrange
2017-02-08 15:26   ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` Daniel P. Berrange [this message]
2017-02-09 13:30   ` [Qemu-devel] [Qemu-block] [PATCH v3 02/18] block: add ability to set a prefix for opt names Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 03/18] qcow: document another weakness of qcow AES encryption Daniel P. Berrange
2017-02-08 15:30   ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-02-08 22:49   ` [Qemu-devel] " Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 04/18] qcow: require image size to be > 1 for new images Daniel P. Berrange
2017-02-08 19:29   ` Eric Blake
2017-02-09 11:30     ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 05/18] iotests: skip 042 with qcow which dosn't support zero sized images Daniel P. Berrange
2017-02-09 11:47   ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 06/18] iotests: skip 048 with qcow which doesn't support resize Daniel P. Berrange
2017-02-09 11:50   ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 07/18] iotests: fix 097 when run with qcow Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 08/18] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
2017-02-08 19:35   ` Eric Blake
2017-02-08 22:57   ` Max Reitz
2017-02-10 10:44   ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-02-10 16:19     ` Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 09/18] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2017-02-09 14:24   ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2017-02-08 16:15   ` [Qemu-devel] [Qemu-block] " Alberto Garcia
2017-02-08 16:23     ` Daniel P. Berrange
2017-02-08 23:26   ` [Qemu-devel] " Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 12/18] qcow2: extend specification to cover LUKS encryption Daniel P. Berrange
2017-02-08 23:33   ` Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 13/18] qcow2: add support for LUKS encryption format Daniel P. Berrange
2017-02-09  0:28   ` Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 14/18] qcow2: add iotests to cover LUKS encryption support Daniel P. Berrange
2017-02-09  0:36   ` Max Reitz
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 15/18] iotests: enable tests 134 and 158 to work with qcow (v1) Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 16/18] block: rip out all traces of password prompting Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 17/18] block: remove all encryption handling APIs Daniel P. Berrange
2017-01-26 10:18 ` [Qemu-devel] [PATCH v3 18/18] block: pass option prefix down to crypto layer Daniel P. Berrange
2017-02-09  0:51   ` Max Reitz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170126101827.22378-3-berrange@redhat.com \
    --to=berrange@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=mreitz@redhat.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).