From: Eric Blake <eblake@redhat.com>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, Max Reitz <mreitz@redhat.com>,
Kevin Wolf <kwolf@redhat.com>, Alberto Garcia <berto@igalia.com>
Subject: Re: [Qemu-devel] [PATCH v6 13/18] qcow2: add support for LUKS encryption format
Date: Wed, 26 Apr 2017 12:46:18 -0500 [thread overview]
Message-ID: <b3f9f0dd-8925-4528-807e-3cf97a199298@redhat.com> (raw)
In-Reply-To: <20170425153858.25660-14-berrange@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 3852 bytes --]
On 04/25/2017 10:38 AM, Daniel P. Berrange wrote:
> This adds support for using LUKS as an encryption format
> with the qcow2 file, using the new encrypt.format parameter
> to request "luks" format. e.g.
>
> # qemu-img create --object secret,data=123456,id=sec0 \
> -f qcow2 -o encrypt.-format=luks,encrypt.key-secret=sec0 \
s/encrypt.-format/encrypt.format/
> test.qcow2 10G
>
>
> Aside from all the cryptographic differences implied by
> use of the LUKS format, there is one further key difference
> between the use of legacy AES and LUKS encryption in qcow2.
> For LUKS, the initialiazation vectors are generated using
> the host physical sector as the input, rather than the
> guest virtual sector. This guarantees unique initialization
> vectors for all sectors when qcow2 internal snapshots are
> used, thus giving stronger protection against watermarking
> attacks.
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
> @@ -165,6 +246,47 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset,
> }
> break;
>
> + case QCOW2_EXT_MAGIC_CRYPTO_HEADER: {
> + unsigned int cflags = 0;
> + if (s->crypt_method_header != QCOW_CRYPT_LUKS) {
> + error_setg(errp, "CRYPTO header extension only "
> + "expected with LUKS encryption method");
> + return -EINVAL;
> + }
> + if (ext.len != sizeof(Qcow2CryptoHeaderExtension)) {
> + error_setg(errp, "CRYPTO header extension size %u, "
> + "but expected size %zu", ext.len,
> + sizeof(Qcow2CryptoHeaderExtension));
> + return -EINVAL;
> + }
> +
> + ret = bdrv_pread(bs->file, offset, &s->crypto_header, ext.len);
> + if (ret < 0) {
> + error_setg_errno(errp, -ret,
> + "Unable to read CRYPTO header extension");
> + return ret;
> + }
> + be64_to_cpus(&s->crypto_header.offset);
> + be64_to_cpus(&s->crypto_header.length);
> +
> + if ((s->crypto_header.offset % s->cluster_size) != 0) {
> + error_setg(errp, "Encryption header offset '%" PRIu64 "' is "
> + "not a multiple of cluster size '%u'",
> + s->crypto_header.offset, s->cluster_size);
> + return -EINVAL;
> + }
Do we need to sanity check that crypto_header.length is not bogus?
> +
> + if (flags & BDRV_O_NO_IO) {
> + cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
> + }
> + s->crypto = qcrypto_block_open(s->crypto_opts,
> + qcow2_crypto_hdr_read_func,
> + bs, cflags, errp);
> + if (!s->crypto) {
> + return -EINVAL;
> + }
> + } break;
> +
> default:
> /* unknown magic - save it in case we need to rewrite the header */
> {
> @@ -464,7 +586,8 @@ static QemuOptsList qcow2_runtime_opts = {
> .type = QEMU_OPT_NUMBER,
> .help = "Clean unused cache entries after this time (in seconds)",
> },
> - BLOCK_CRYPTO_OPT_DEF_QCOW_KEY_SECRET("encrypt."),
> + BLOCK_CRYPTO_OPT_DEF_KEY_SECRET("encrypt.",
> + "ID of secret providing qcow AES key or LUKS passphrase"),
s/qcow/qcow2/ ?
Minor enough that I'm okay giving:
Reviewed-by: Eric Blake <eblake@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
next prev parent reply other threads:[~2017-04-26 17:46 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-25 15:38 [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 01/18] block: expose crypto option names / defs to other drivers Daniel P. Berrange
2017-04-26 13:26 ` Eric Blake
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 02/18] block: add ability to set a prefix for opt names Daniel P. Berrange
2017-04-26 13:28 ` Eric Blake
2017-04-26 13:50 ` Daniel P. Berrange
2017-04-26 14:12 ` Eric Blake
2017-04-26 14:13 ` Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 03/18] qcow: document another weakness of qcow AES encryption Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 04/18] qcow: require image size to be > 1 for new images Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 05/18] iotests: skip 042 with qcow which dosn't support zero sized images Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 06/18] iotests: skip 048 with qcow which doesn't support resize Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 07/18] block: deprecate "encryption=on" in favour of "encrypt.format=aes" Daniel P. Berrange
2017-04-26 14:14 ` Eric Blake
2017-05-11 12:55 ` Alberto Garcia
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 08/18] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 09/18] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2017-04-26 15:12 ` Eric Blake
2017-05-11 14:05 ` Alberto Garcia
2017-05-11 14:09 ` Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2017-04-26 15:25 ` Eric Blake
2017-05-11 14:29 ` Alberto Garcia
2017-05-24 16:46 ` Daniel P. Berrange
2017-05-25 10:46 ` Alberto Garcia
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 12/18] qcow2: extend specification to cover LUKS encryption Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 13/18] qcow2: add support for LUKS encryption format Daniel P. Berrange
2017-04-26 17:46 ` Eric Blake [this message]
2017-05-09 14:05 ` Daniel P. Berrange
2017-05-11 14:44 ` Alberto Garcia
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 14/18] qcow2: add iotests to cover LUKS encryption support Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 15/18] iotests: enable tests 134 and 158 to work with qcow (v1) Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 16/18] block: rip out all traces of password prompting Daniel P. Berrange
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 17/18] block: remove all encryption handling APIs Daniel P. Berrange
2017-05-11 14:49 ` Alberto Garcia
2017-04-25 15:38 ` [Qemu-devel] [PATCH v6 18/18] block: pass option prefix down to crypto layer Daniel P. Berrange
2017-04-26 17:47 ` Eric Blake
2017-04-25 15:56 ` [Qemu-devel] [PATCH v6 00/18]Convert QCow[2] to QCryptoBlock & add LUKS support no-reply
2017-04-25 17:25 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b3f9f0dd-8925-4528-807e-3cf97a199298@redhat.com \
--to=eblake@redhat.com \
--cc=berrange@redhat.com \
--cc=berto@igalia.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).