From patchwork Wed Dec 12 11:24:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 10726143 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 60FD015A6 for ; Wed, 12 Dec 2018 11:26:08 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 459E02882A for ; Wed, 12 Dec 2018 11:26:08 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3A02428845; Wed, 12 Dec 2018 11:26:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id C9D6F2882A for ; Wed, 12 Dec 2018 11:26:06 +0000 (UTC) Received: from localhost ([::1]:43920 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gX2eT-0002pZ-CX for patchwork-qemu-devel@patchwork.kernel.org; Wed, 12 Dec 2018 06:26:05 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37254) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gX2dR-0002my-4S for qemu-devel@nongnu.org; Wed, 12 Dec 2018 06:25:01 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gX2dQ-00046b-AD for qemu-devel@nongnu.org; Wed, 12 Dec 2018 06:25:01 -0500 Received: from mx1.redhat.com ([209.132.183.28]:41164) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gX2dN-00043y-8D; Wed, 12 Dec 2018 06:24:57 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6B41031256A8; Wed, 12 Dec 2018 11:24:56 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-73.ams2.redhat.com [10.36.112.73]) by smtp.corp.redhat.com (Postfix) with ESMTP id C66211001F41; Wed, 12 Dec 2018 11:24:53 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Wed, 12 Dec 2018 11:24:45 +0000 Message-Id: <20181212112450.2103-2-berrange@redhat.com> In-Reply-To: <20181212112450.2103-1-berrange@redhat.com> References: <20181212112450.2103-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Wed, 12 Dec 2018 11:24:56 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 1/6] crypto: Fix defaults in QCryptoBlockCreateOptionsLUKS X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , qemu-block@nongnu.org, Max Reitz , Alberto Garcia Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Alberto Garcia The values specified in the documentation don't match the actual defaults set in qcrypto_block_luks_create(). Signed-off-by: Alberto Garcia Signed-off-by: Daniel P. Berrangé --- qapi/crypto.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qapi/crypto.json b/qapi/crypto.json index a51b434412..b2a4cff683 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -181,11 +181,11 @@ # The options that apply to LUKS encryption format initialization # # @cipher-alg: the cipher algorithm for data encryption -# Currently defaults to 'aes'. +# Currently defaults to 'aes-256'. # @cipher-mode: the cipher mode for data encryption -# Currently defaults to 'cbc' +# Currently defaults to 'xts' # @ivgen-alg: the initialization vector generator -# Currently defaults to 'essiv' +# Currently defaults to 'plain64' # @ivgen-hash-alg: the initialization vector generator hash # Currently defaults to 'sha256' # @hash-alg: the master key hash algorithm From patchwork Wed Dec 12 11:24:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 10726145 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8F793112E for ; Wed, 12 Dec 2018 11:26:43 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7F3DE2882A for ; Wed, 12 Dec 2018 11:26:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 734F628845; Wed, 12 Dec 2018 11:26:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 2C7022882A for ; Wed, 12 Dec 2018 11:26:43 +0000 (UTC) Received: from localhost ([::1]:43934 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gX2f4-00049M-8I for patchwork-qemu-devel@patchwork.kernel.org; Wed, 12 Dec 2018 06:26:42 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37351) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gX2do-00035k-5s for qemu-devel@nongnu.org; Wed, 12 Dec 2018 06:25:26 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gX2dX-0004Cw-Ek for qemu-devel@nongnu.org; Wed, 12 Dec 2018 06:25:17 -0500 Received: from mx1.redhat.com ([209.132.183.28]:58612) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gX2dQ-000469-CG; Wed, 12 Dec 2018 06:25:00 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4338B30820D8; Wed, 12 Dec 2018 11:24:59 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-73.ams2.redhat.com [10.36.112.73]) by smtp.corp.redhat.com (Postfix) with ESMTP id C8C621001F41; Wed, 12 Dec 2018 11:24:56 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Wed, 12 Dec 2018 11:24:46 +0000 Message-Id: <20181212112450.2103-3-berrange@redhat.com> In-Reply-To: <20181212112450.2103-1-berrange@redhat.com> References: <20181212112450.2103-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]); Wed, 12 Dec 2018 11:24:59 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 2/6] crypto/block-luks: fix memory leak in qcrypto_block_luks_create X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , Vladimir Sementsov-Ogievskiy , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Vladimir Sementsov-Ogievskiy Free block->cipher and block->ivgen on error path. Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrangé --- crypto/block-luks.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 5738124773..51e24d23ca 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -1341,6 +1341,9 @@ qcrypto_block_luks_create(QCryptoBlock *block, qcrypto_ivgen_free(ivgen); qcrypto_cipher_free(cipher); + qcrypto_cipher_free(block->cipher); + qcrypto_ivgen_free(block->ivgen); + g_free(luks); return -1; } From patchwork Wed Dec 12 11:24:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 10726153 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0407C112E for ; Wed, 12 Dec 2018 11:29:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E6BDF2A3FE for ; Wed, 12 Dec 2018 11:29:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D970F2A40F; Wed, 12 Dec 2018 11:29:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 5C2FE2A3FE for ; Wed, 12 Dec 2018 11:29:55 +0000 (UTC) Received: from localhost ([::1]:43953 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gX2iA-0006Tm-GD for patchwork-qemu-devel@patchwork.kernel.org; Wed, 12 Dec 2018 06:29:54 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37404) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gX2ds-00039F-G2 for qemu-devel@nongnu.org; Wed, 12 Dec 2018 06:25:29 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gX2dq-0004U5-Aa for qemu-devel@nongnu.org; Wed, 12 Dec 2018 06:25:28 -0500 Received: from mx1.redhat.com ([209.132.183.28]:42752) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gX2dT-00049G-3T; Wed, 12 Dec 2018 06:25:03 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5862E308FB9E; Wed, 12 Dec 2018 11:25:02 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-73.ams2.redhat.com [10.36.112.73]) by smtp.corp.redhat.com (Postfix) with ESMTP id AECD81001F41; Wed, 12 Dec 2018 11:24:59 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Wed, 12 Dec 2018 11:24:47 +0000 Message-Id: <20181212112450.2103-4-berrange@redhat.com> In-Reply-To: <20181212112450.2103-1-berrange@redhat.com> References: <20181212112450.2103-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Wed, 12 Dec 2018 11:25:02 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 3/6] crypto/block: refactor qcrypto_block_*crypt_helper functions X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , Vladimir Sementsov-Ogievskiy , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Vladimir Sementsov-Ogievskiy qcrypto_block_encrypt_helper and qcrypto_block_decrypt_helper are almost identical, let's reduce code duplication and simplify further improvements. Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrangé --- crypto/block.c | 81 +++++++++++++++++++------------------------------- 1 file changed, 31 insertions(+), 50 deletions(-) diff --git a/crypto/block.c b/crypto/block.c index e59d1140fe..8d0e4bdbb2 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -190,14 +190,21 @@ void qcrypto_block_free(QCryptoBlock *block) } -int qcrypto_block_decrypt_helper(QCryptoCipher *cipher, - size_t niv, - QCryptoIVGen *ivgen, - int sectorsize, - uint64_t offset, - uint8_t *buf, - size_t len, - Error **errp) +typedef int (*QCryptoCipherEncDecFunc)(QCryptoCipher *cipher, + const void *in, + void *out, + size_t len, + Error **errp); + +static int do_qcrypto_block_encdec(QCryptoCipher *cipher, + size_t niv, + QCryptoIVGen *ivgen, + int sectorsize, + uint64_t offset, + uint8_t *buf, + size_t len, + QCryptoCipherEncDecFunc func, + Error **errp) { uint8_t *iv; int ret = -1; @@ -226,8 +233,7 @@ int qcrypto_block_decrypt_helper(QCryptoCipher *cipher, } nbytes = len > sectorsize ? sectorsize : len; - if (qcrypto_cipher_decrypt(cipher, buf, buf, - nbytes, errp) < 0) { + if (func(cipher, buf, buf, nbytes, errp) < 0) { goto cleanup; } @@ -243,7 +249,7 @@ int qcrypto_block_decrypt_helper(QCryptoCipher *cipher, } -int qcrypto_block_encrypt_helper(QCryptoCipher *cipher, +int qcrypto_block_decrypt_helper(QCryptoCipher *cipher, size_t niv, QCryptoIVGen *ivgen, int sectorsize, @@ -252,45 +258,20 @@ int qcrypto_block_encrypt_helper(QCryptoCipher *cipher, size_t len, Error **errp) { - uint8_t *iv; - int ret = -1; - uint64_t startsector = offset / sectorsize; - - assert(QEMU_IS_ALIGNED(offset, sectorsize)); - assert(QEMU_IS_ALIGNED(len, sectorsize)); - - iv = niv ? g_new0(uint8_t, niv) : NULL; - - while (len > 0) { - size_t nbytes; - if (niv) { - if (qcrypto_ivgen_calculate(ivgen, - startsector, - iv, niv, - errp) < 0) { - goto cleanup; - } + return do_qcrypto_block_encdec(cipher, niv, ivgen, sectorsize, offset, + buf, len, qcrypto_cipher_decrypt, errp); +} - if (qcrypto_cipher_setiv(cipher, - iv, niv, - errp) < 0) { - goto cleanup; - } - } - nbytes = len > sectorsize ? sectorsize : len; - if (qcrypto_cipher_encrypt(cipher, buf, buf, - nbytes, errp) < 0) { - goto cleanup; - } - - startsector++; - buf += nbytes; - len -= nbytes; - } - - ret = 0; - cleanup: - g_free(iv); - return ret; +int qcrypto_block_encrypt_helper(QCryptoCipher *cipher, + size_t niv, + QCryptoIVGen *ivgen, + int sectorsize, + uint64_t offset, + uint8_t *buf, + size_t len, + Error **errp) +{ + return do_qcrypto_block_encdec(cipher, niv, ivgen, sectorsize, offset, + buf, len, qcrypto_cipher_encrypt, errp); } From patchwork Wed Dec 12 11:24:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 10726155 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 98A5113BF for ; Wed, 12 Dec 2018 11:31:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 85CE22AEC0 for ; Wed, 12 Dec 2018 11:31:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 79DB52AEF3; Wed, 12 Dec 2018 11:31:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id CC0302AEC0 for ; Wed, 12 Dec 2018 11:31:21 +0000 (UTC) Received: from localhost ([::1]:43968 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gX2jY-0007UM-Qo for patchwork-qemu-devel@patchwork.kernel.org; Wed, 12 Dec 2018 06:31:20 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37578) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gX2e1-0003G9-LF for qemu-devel@nongnu.org; Wed, 12 Dec 2018 06:25:41 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gX2dz-0004ew-2A for qemu-devel@nongnu.org; Wed, 12 Dec 2018 06:25:37 -0500 Received: from mx1.redhat.com ([209.132.183.28]:48946) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gX2dq-0004GH-S6; Wed, 12 Dec 2018 06:25:28 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 293E28046F; Wed, 12 Dec 2018 11:25:10 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-73.ams2.redhat.com [10.36.112.73]) by smtp.corp.redhat.com (Postfix) with ESMTP id B56051054FDD; Wed, 12 Dec 2018 11:25:02 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Wed, 12 Dec 2018 11:24:48 +0000 Message-Id: <20181212112450.2103-5-berrange@redhat.com> In-Reply-To: <20181212112450.2103-1-berrange@redhat.com> References: <20181212112450.2103-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 12 Dec 2018 11:25:10 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 4/6] crypto/block: rename qcrypto_block_*crypt_helper X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , Vladimir Sementsov-Ogievskiy , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Vladimir Sementsov-Ogievskiy Rename qcrypto_block_*crypt_helper to qcrypto_block_cipher_*crypt_helper, as it's not about QCryptoBlock. This is needed to introduce qcrypto_block_*crypt_helper in the next commit, which will have QCryptoBlock pointer and than will be able to use additional fields of it, which in turn will be used to implement thread-safe QCryptoBlock operations. Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrangé --- crypto/block-luks.c | 44 ++++++++++++++-------------- crypto/block-qcow.c | 16 +++++------ crypto/block.c | 70 +++++++++++++++++++++++---------------------- crypto/blockpriv.h | 34 +++++++++++----------- 4 files changed, 83 insertions(+), 81 deletions(-) diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 51e24d23ca..353a400595 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -504,14 +504,14 @@ qcrypto_block_luks_load_key(QCryptoBlock *block, * to reset the encryption cipher every time the master * key crosses a sector boundary. */ - if (qcrypto_block_decrypt_helper(cipher, - niv, - ivgen, - QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, - 0, - splitkey, - splitkeylen, - errp) < 0) { + if (qcrypto_block_cipher_decrypt_helper(cipher, + niv, + ivgen, + QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, + 0, + splitkey, + splitkeylen, + errp) < 0) { goto cleanup; } @@ -1219,12 +1219,12 @@ qcrypto_block_luks_create(QCryptoBlock *block, /* Now we encrypt the split master key with the key generated * from the user's password, before storing it */ - if (qcrypto_block_encrypt_helper(cipher, block->niv, ivgen, - QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, - 0, - splitkey, - splitkeylen, - errp) < 0) { + if (qcrypto_block_cipher_encrypt_helper(cipher, block->niv, ivgen, + QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, + 0, + splitkey, + splitkeylen, + errp) < 0) { goto error; } @@ -1409,10 +1409,10 @@ qcrypto_block_luks_decrypt(QCryptoBlock *block, { assert(QEMU_IS_ALIGNED(offset, QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)); assert(QEMU_IS_ALIGNED(len, QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)); - return qcrypto_block_decrypt_helper(block->cipher, - block->niv, block->ivgen, - QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, - offset, buf, len, errp); + return qcrypto_block_cipher_decrypt_helper(block->cipher, + block->niv, block->ivgen, + QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, + offset, buf, len, errp); } @@ -1425,10 +1425,10 @@ qcrypto_block_luks_encrypt(QCryptoBlock *block, { assert(QEMU_IS_ALIGNED(offset, QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)); assert(QEMU_IS_ALIGNED(len, QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)); - return qcrypto_block_encrypt_helper(block->cipher, - block->niv, block->ivgen, - QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, - offset, buf, len, errp); + return qcrypto_block_cipher_encrypt_helper(block->cipher, + block->niv, block->ivgen, + QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, + offset, buf, len, errp); } diff --git a/crypto/block-qcow.c b/crypto/block-qcow.c index 7606231e79..3b6722deb0 100644 --- a/crypto/block-qcow.c +++ b/crypto/block-qcow.c @@ -152,10 +152,10 @@ qcrypto_block_qcow_decrypt(QCryptoBlock *block, { assert(QEMU_IS_ALIGNED(offset, QCRYPTO_BLOCK_QCOW_SECTOR_SIZE)); assert(QEMU_IS_ALIGNED(len, QCRYPTO_BLOCK_QCOW_SECTOR_SIZE)); - return qcrypto_block_decrypt_helper(block->cipher, - block->niv, block->ivgen, - QCRYPTO_BLOCK_QCOW_SECTOR_SIZE, - offset, buf, len, errp); + return qcrypto_block_cipher_decrypt_helper(block->cipher, + block->niv, block->ivgen, + QCRYPTO_BLOCK_QCOW_SECTOR_SIZE, + offset, buf, len, errp); } @@ -168,10 +168,10 @@ qcrypto_block_qcow_encrypt(QCryptoBlock *block, { assert(QEMU_IS_ALIGNED(offset, QCRYPTO_BLOCK_QCOW_SECTOR_SIZE)); assert(QEMU_IS_ALIGNED(len, QCRYPTO_BLOCK_QCOW_SECTOR_SIZE)); - return qcrypto_block_encrypt_helper(block->cipher, - block->niv, block->ivgen, - QCRYPTO_BLOCK_QCOW_SECTOR_SIZE, - offset, buf, len, errp); + return qcrypto_block_cipher_encrypt_helper(block->cipher, + block->niv, block->ivgen, + QCRYPTO_BLOCK_QCOW_SECTOR_SIZE, + offset, buf, len, errp); } diff --git a/crypto/block.c b/crypto/block.c index 8d0e4bdbb2..d43139dbc7 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -191,20 +191,20 @@ void qcrypto_block_free(QCryptoBlock *block) typedef int (*QCryptoCipherEncDecFunc)(QCryptoCipher *cipher, - const void *in, - void *out, - size_t len, - Error **errp); - -static int do_qcrypto_block_encdec(QCryptoCipher *cipher, - size_t niv, - QCryptoIVGen *ivgen, - int sectorsize, - uint64_t offset, - uint8_t *buf, - size_t len, - QCryptoCipherEncDecFunc func, - Error **errp) + const void *in, + void *out, + size_t len, + Error **errp); + +static int do_qcrypto_block_cipher_encdec(QCryptoCipher *cipher, + size_t niv, + QCryptoIVGen *ivgen, + int sectorsize, + uint64_t offset, + uint8_t *buf, + size_t len, + QCryptoCipherEncDecFunc func, + Error **errp) { uint8_t *iv; int ret = -1; @@ -249,29 +249,31 @@ static int do_qcrypto_block_encdec(QCryptoCipher *cipher, } -int qcrypto_block_decrypt_helper(QCryptoCipher *cipher, - size_t niv, - QCryptoIVGen *ivgen, - int sectorsize, - uint64_t offset, - uint8_t *buf, - size_t len, - Error **errp) +int qcrypto_block_cipher_decrypt_helper(QCryptoCipher *cipher, + size_t niv, + QCryptoIVGen *ivgen, + int sectorsize, + uint64_t offset, + uint8_t *buf, + size_t len, + Error **errp) { - return do_qcrypto_block_encdec(cipher, niv, ivgen, sectorsize, offset, - buf, len, qcrypto_cipher_decrypt, errp); + return do_qcrypto_block_cipher_encdec(cipher, niv, ivgen, sectorsize, + offset, buf, len, + qcrypto_cipher_decrypt, errp); } -int qcrypto_block_encrypt_helper(QCryptoCipher *cipher, - size_t niv, - QCryptoIVGen *ivgen, - int sectorsize, - uint64_t offset, - uint8_t *buf, - size_t len, - Error **errp) +int qcrypto_block_cipher_encrypt_helper(QCryptoCipher *cipher, + size_t niv, + QCryptoIVGen *ivgen, + int sectorsize, + uint64_t offset, + uint8_t *buf, + size_t len, + Error **errp) { - return do_qcrypto_block_encdec(cipher, niv, ivgen, sectorsize, offset, - buf, len, qcrypto_cipher_encrypt, errp); + return do_qcrypto_block_cipher_encdec(cipher, niv, ivgen, sectorsize, + offset, buf, len, + qcrypto_cipher_encrypt, errp); } diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 41840abcec..54bbe1eb6a 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -78,22 +78,22 @@ struct QCryptoBlockDriver { }; -int qcrypto_block_decrypt_helper(QCryptoCipher *cipher, - size_t niv, - QCryptoIVGen *ivgen, - int sectorsize, - uint64_t offset, - uint8_t *buf, - size_t len, - Error **errp); - -int qcrypto_block_encrypt_helper(QCryptoCipher *cipher, - size_t niv, - QCryptoIVGen *ivgen, - int sectorsize, - uint64_t offset, - uint8_t *buf, - size_t len, - Error **errp); +int qcrypto_block_cipher_decrypt_helper(QCryptoCipher *cipher, + size_t niv, + QCryptoIVGen *ivgen, + int sectorsize, + uint64_t offset, + uint8_t *buf, + size_t len, + Error **errp); + +int qcrypto_block_cipher_encrypt_helper(QCryptoCipher *cipher, + size_t niv, + QCryptoIVGen *ivgen, + int sectorsize, + uint64_t offset, + uint8_t *buf, + size_t len, + Error **errp); #endif /* QCRYPTO_BLOCKPRIV_H */ From patchwork Wed Dec 12 11:24:49 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 10726147 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D5D2B112E for ; Wed, 12 Dec 2018 11:27:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C076F2882A for ; Wed, 12 Dec 2018 11:27:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AE9CD28857; Wed, 12 Dec 2018 11:27:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 098A22882A for ; Wed, 12 Dec 2018 11:27:02 +0000 (UTC) Received: from localhost ([::1]:43931 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gX2fO-0003KB-5A for patchwork-qemu-devel@patchwork.kernel.org; Wed, 12 Dec 2018 06:27:02 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37615) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gX2e2-0003Gl-Vf for qemu-devel@nongnu.org; Wed, 12 Dec 2018 06:25:41 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gX2e0-0004gV-QR for qemu-devel@nongnu.org; Wed, 12 Dec 2018 06:25:38 -0500 Received: from mx1.redhat.com ([209.132.183.28]:49338) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gX2ds-0004KL-Fo; Wed, 12 Dec 2018 06:25:28 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0237E308212A; Wed, 12 Dec 2018 11:25:13 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-73.ams2.redhat.com [10.36.112.73]) by smtp.corp.redhat.com (Postfix) with ESMTP id BB8A51001F41; Wed, 12 Dec 2018 11:25:10 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Wed, 12 Dec 2018 11:24:49 +0000 Message-Id: <20181212112450.2103-6-berrange@redhat.com> In-Reply-To: <20181212112450.2103-1-berrange@redhat.com> References: <20181212112450.2103-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Wed, 12 Dec 2018 11:25:13 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 5/6] crypto/block: introduce qcrypto_block_*crypt_helper functions X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , Vladimir Sementsov-Ogievskiy , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Vladimir Sementsov-Ogievskiy Introduce QCryptoBlock-based functions and use them where possible. This is needed to implement thread-safe encrypt/decrypt operations. Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrangé --- crypto/block-luks.c | 14 ++++++-------- crypto/block-qcow.c | 14 ++++++-------- crypto/block.c | 28 ++++++++++++++++++++++++++++ crypto/blockpriv.h | 14 ++++++++++++++ 4 files changed, 54 insertions(+), 16 deletions(-) diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 353a400595..e486e7ee94 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -1409,10 +1409,9 @@ qcrypto_block_luks_decrypt(QCryptoBlock *block, { assert(QEMU_IS_ALIGNED(offset, QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)); assert(QEMU_IS_ALIGNED(len, QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)); - return qcrypto_block_cipher_decrypt_helper(block->cipher, - block->niv, block->ivgen, - QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, - offset, buf, len, errp); + return qcrypto_block_decrypt_helper(block, + QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, + offset, buf, len, errp); } @@ -1425,10 +1424,9 @@ qcrypto_block_luks_encrypt(QCryptoBlock *block, { assert(QEMU_IS_ALIGNED(offset, QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)); assert(QEMU_IS_ALIGNED(len, QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)); - return qcrypto_block_cipher_encrypt_helper(block->cipher, - block->niv, block->ivgen, - QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, - offset, buf, len, errp); + return qcrypto_block_encrypt_helper(block, + QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, + offset, buf, len, errp); } diff --git a/crypto/block-qcow.c b/crypto/block-qcow.c index 3b6722deb0..36bf5f09b7 100644 --- a/crypto/block-qcow.c +++ b/crypto/block-qcow.c @@ -152,10 +152,9 @@ qcrypto_block_qcow_decrypt(QCryptoBlock *block, { assert(QEMU_IS_ALIGNED(offset, QCRYPTO_BLOCK_QCOW_SECTOR_SIZE)); assert(QEMU_IS_ALIGNED(len, QCRYPTO_BLOCK_QCOW_SECTOR_SIZE)); - return qcrypto_block_cipher_decrypt_helper(block->cipher, - block->niv, block->ivgen, - QCRYPTO_BLOCK_QCOW_SECTOR_SIZE, - offset, buf, len, errp); + return qcrypto_block_decrypt_helper(block, + QCRYPTO_BLOCK_QCOW_SECTOR_SIZE, + offset, buf, len, errp); } @@ -168,10 +167,9 @@ qcrypto_block_qcow_encrypt(QCryptoBlock *block, { assert(QEMU_IS_ALIGNED(offset, QCRYPTO_BLOCK_QCOW_SECTOR_SIZE)); assert(QEMU_IS_ALIGNED(len, QCRYPTO_BLOCK_QCOW_SECTOR_SIZE)); - return qcrypto_block_cipher_encrypt_helper(block->cipher, - block->niv, block->ivgen, - QCRYPTO_BLOCK_QCOW_SECTOR_SIZE, - offset, buf, len, errp); + return qcrypto_block_encrypt_helper(block, + QCRYPTO_BLOCK_QCOW_SECTOR_SIZE, + offset, buf, len, errp); } diff --git a/crypto/block.c b/crypto/block.c index d43139dbc7..3fe3de2ef8 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -277,3 +277,31 @@ int qcrypto_block_cipher_encrypt_helper(QCryptoCipher *cipher, offset, buf, len, qcrypto_cipher_encrypt, errp); } + + +int qcrypto_block_decrypt_helper(QCryptoBlock *block, + int sectorsize, + uint64_t offset, + uint8_t *buf, + size_t len, + Error **errp) +{ + return do_qcrypto_block_cipher_encdec(block->cipher, block->niv, + block->ivgen, + sectorsize, offset, buf, len, + qcrypto_cipher_decrypt, errp); +} + + +int qcrypto_block_encrypt_helper(QCryptoBlock *block, + int sectorsize, + uint64_t offset, + uint8_t *buf, + size_t len, + Error **errp) +{ + return do_qcrypto_block_cipher_encdec(block->cipher, block->niv, + block->ivgen, + sectorsize, offset, buf, len, + qcrypto_cipher_encrypt, errp); +} diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 54bbe1eb6a..438c08bec2 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -96,4 +96,18 @@ int qcrypto_block_cipher_encrypt_helper(QCryptoCipher *cipher, size_t len, Error **errp); +int qcrypto_block_decrypt_helper(QCryptoBlock *block, + int sectorsize, + uint64_t offset, + uint8_t *buf, + size_t len, + Error **errp); + +int qcrypto_block_encrypt_helper(QCryptoBlock *block, + int sectorsize, + uint64_t offset, + uint8_t *buf, + size_t len, + Error **errp); + #endif /* QCRYPTO_BLOCKPRIV_H */ From patchwork Wed Dec 12 11:24:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 10726149 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 43D97112E for ; Wed, 12 Dec 2018 11:27:15 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2FDD62882A for ; Wed, 12 Dec 2018 11:27:15 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 22FD828857; Wed, 12 Dec 2018 11:27:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 12B1D2882A for ; Wed, 12 Dec 2018 11:27:14 +0000 (UTC) Received: from localhost ([::1]:43932 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gX2fZ-0003TH-AK for patchwork-qemu-devel@patchwork.kernel.org; Wed, 12 Dec 2018 06:27:13 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37681) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gX2e6-0003I0-Ff for qemu-devel@nongnu.org; Wed, 12 Dec 2018 06:25:45 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gX2e2-0004jE-OX for qemu-devel@nongnu.org; Wed, 12 Dec 2018 06:25:42 -0500 Received: from mx1.redhat.com ([209.132.183.28]:48984) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gX2ds-0004MP-Hk; Wed, 12 Dec 2018 06:25:28 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 31C8188306; Wed, 12 Dec 2018 11:25:16 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-112-73.ams2.redhat.com [10.36.112.73]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5667A1001F41; Wed, 12 Dec 2018 11:25:13 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Date: Wed, 12 Dec 2018 11:24:50 +0000 Message-Id: <20181212112450.2103-7-berrange@redhat.com> In-Reply-To: <20181212112450.2103-1-berrange@redhat.com> References: <20181212112450.2103-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 12 Dec 2018 11:25:16 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 6/6] crypto: support multiple threads accessing one QCryptoBlock X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , Peter Maydell , Vladimir Sementsov-Ogievskiy , qemu-block@nongnu.org, Max Reitz Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Vladimir Sementsov-Ogievskiy The two thing that should be handled are cipher and ivgen. For ivgen the solution is just mutex, as iv calculations should not be long in comparison with encryption/decryption. And for cipher let's just keep per-thread ciphers. Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Alberto Garcia Signed-off-by: Daniel P. Berrangé --- block/crypto.c | 1 + block/qcow.c | 2 +- block/qcow2.c | 4 +- crypto/block-luks.c | 22 +++--- crypto/block-qcow.c | 20 +++--- crypto/block.c | 146 +++++++++++++++++++++++++++++++++----- crypto/blockpriv.h | 16 ++++- include/crypto/block.h | 2 + tests/test-crypto-block.c | 3 + 9 files changed, 172 insertions(+), 44 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index 33ee01bebd..f0a5f6b987 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -229,6 +229,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat format, block_crypto_read_func, bs, cflags, + 1, errp); if (!crypto->block) { diff --git a/block/qcow.c b/block/qcow.c index 4518cb4c35..0a235bf393 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -213,7 +213,7 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, cflags |= QCRYPTO_BLOCK_OPEN_NO_IO; } s->crypto = qcrypto_block_open(crypto_opts, "encrypt.", - NULL, NULL, cflags, errp); + NULL, NULL, cflags, 1, errp); if (!s->crypto) { ret = -EINVAL; goto fail; diff --git a/block/qcow2.c b/block/qcow2.c index 991d6ac91b..bc8868c36a 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -294,7 +294,7 @@ static int qcow2_read_extensions(BlockDriverState *bs, uint64_t start_offset, } s->crypto = qcrypto_block_open(s->crypto_opts, "encrypt.", qcow2_crypto_hdr_read_func, - bs, cflags, errp); + bs, cflags, 1, errp); if (!s->crypto) { return -EINVAL; } @@ -1445,7 +1445,7 @@ static int coroutine_fn qcow2_do_open(BlockDriverState *bs, QDict *options, cflags |= QCRYPTO_BLOCK_OPEN_NO_IO; } s->crypto = qcrypto_block_open(s->crypto_opts, "encrypt.", - NULL, NULL, cflags, errp); + NULL, NULL, cflags, 1, errp); if (!s->crypto) { ret = -EINVAL; goto fail; diff --git a/crypto/block-luks.c b/crypto/block-luks.c index e486e7ee94..6bac79c3ab 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -636,6 +636,7 @@ qcrypto_block_luks_open(QCryptoBlock *block, QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, + size_t n_threads, Error **errp) { QCryptoBlockLUKS *luks; @@ -836,11 +837,10 @@ qcrypto_block_luks_open(QCryptoBlock *block, goto fail; } - block->cipher = qcrypto_cipher_new(cipheralg, - ciphermode, - masterkey, masterkeylen, - errp); - if (!block->cipher) { + ret = qcrypto_block_init_cipher(block, cipheralg, ciphermode, + masterkey, masterkeylen, n_threads, + errp); + if (ret < 0) { ret = -ENOTSUP; goto fail; } @@ -863,7 +863,7 @@ qcrypto_block_luks_open(QCryptoBlock *block, fail: g_free(masterkey); - qcrypto_cipher_free(block->cipher); + qcrypto_block_free_cipher(block); qcrypto_ivgen_free(block->ivgen); g_free(luks); g_free(password); @@ -1030,11 +1030,9 @@ qcrypto_block_luks_create(QCryptoBlock *block, /* Setup the block device payload encryption objects */ - block->cipher = qcrypto_cipher_new(luks_opts.cipher_alg, - luks_opts.cipher_mode, - masterkey, luks->header.key_bytes, - errp); - if (!block->cipher) { + if (qcrypto_block_init_cipher(block, luks_opts.cipher_alg, + luks_opts.cipher_mode, masterkey, + luks->header.key_bytes, 1, errp) < 0) { goto error; } @@ -1341,7 +1339,7 @@ qcrypto_block_luks_create(QCryptoBlock *block, qcrypto_ivgen_free(ivgen); qcrypto_cipher_free(cipher); - qcrypto_cipher_free(block->cipher); + qcrypto_block_free_cipher(block); qcrypto_ivgen_free(block->ivgen); g_free(luks); diff --git a/crypto/block-qcow.c b/crypto/block-qcow.c index 36bf5f09b7..cefb3b2a7b 100644 --- a/crypto/block-qcow.c +++ b/crypto/block-qcow.c @@ -44,6 +44,7 @@ qcrypto_block_qcow_has_format(const uint8_t *buf G_GNUC_UNUSED, static int qcrypto_block_qcow_init(QCryptoBlock *block, const char *keysecret, + size_t n_threads, Error **errp) { char *password; @@ -71,11 +72,11 @@ qcrypto_block_qcow_init(QCryptoBlock *block, goto fail; } - block->cipher = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_128, - QCRYPTO_CIPHER_MODE_CBC, - keybuf, G_N_ELEMENTS(keybuf), - errp); - if (!block->cipher) { + ret = qcrypto_block_init_cipher(block, QCRYPTO_CIPHER_ALG_AES_128, + QCRYPTO_CIPHER_MODE_CBC, + keybuf, G_N_ELEMENTS(keybuf), + n_threads, errp); + if (ret < 0) { ret = -ENOTSUP; goto fail; } @@ -86,7 +87,7 @@ qcrypto_block_qcow_init(QCryptoBlock *block, return 0; fail: - qcrypto_cipher_free(block->cipher); + qcrypto_block_free_cipher(block); qcrypto_ivgen_free(block->ivgen); return ret; } @@ -99,6 +100,7 @@ qcrypto_block_qcow_open(QCryptoBlock *block, QCryptoBlockReadFunc readfunc G_GNUC_UNUSED, void *opaque G_GNUC_UNUSED, unsigned int flags, + size_t n_threads, Error **errp) { if (flags & QCRYPTO_BLOCK_OPEN_NO_IO) { @@ -112,8 +114,8 @@ qcrypto_block_qcow_open(QCryptoBlock *block, optprefix ? optprefix : ""); return -1; } - return qcrypto_block_qcow_init(block, - options->u.qcow.key_secret, errp); + return qcrypto_block_qcow_init(block, options->u.qcow.key_secret, + n_threads, errp); } } @@ -133,7 +135,7 @@ qcrypto_block_qcow_create(QCryptoBlock *block, return -1; } /* QCow2 has no special header, since everything is hardwired */ - return qcrypto_block_qcow_init(block, options->u.qcow.key_secret, errp); + return qcrypto_block_qcow_init(block, options->u.qcow.key_secret, 1, errp); } diff --git a/crypto/block.c b/crypto/block.c index 3fe3de2ef8..d70d401f87 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -52,6 +52,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options, QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, + size_t n_threads, Error **errp) { QCryptoBlock *block = g_new0(QCryptoBlock, 1); @@ -69,11 +70,14 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options, block->driver = qcrypto_block_drivers[options->format]; if (block->driver->open(block, options, optprefix, - readfunc, opaque, flags, errp) < 0) { + readfunc, opaque, flags, n_threads, errp) < 0) + { g_free(block); return NULL; } + qemu_mutex_init(&block->mutex); + return block; } @@ -105,6 +109,8 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, return NULL; } + qemu_mutex_init(&block->mutex); + return block; } @@ -148,12 +154,97 @@ int qcrypto_block_encrypt(QCryptoBlock *block, QCryptoCipher *qcrypto_block_get_cipher(QCryptoBlock *block) { - return block->cipher; + /* Ciphers should be accessed through pop/push method to be thread-safe. + * Better, they should not be accessed externally at all (note, that + * pop/push are static functions) + * This function is used only in test with one thread (it's safe to skip + * pop/push interface), so it's enough to assert it here: + */ + assert(block->n_ciphers <= 1); + return block->ciphers ? block->ciphers[0] : NULL; +} + + +static QCryptoCipher *qcrypto_block_pop_cipher(QCryptoBlock *block) +{ + QCryptoCipher *cipher; + + qemu_mutex_lock(&block->mutex); + + assert(block->n_free_ciphers > 0); + block->n_free_ciphers--; + cipher = block->ciphers[block->n_free_ciphers]; + + qemu_mutex_unlock(&block->mutex); + + return cipher; +} + + +static void qcrypto_block_push_cipher(QCryptoBlock *block, + QCryptoCipher *cipher) +{ + qemu_mutex_lock(&block->mutex); + + assert(block->n_free_ciphers < block->n_ciphers); + block->ciphers[block->n_free_ciphers] = cipher; + block->n_free_ciphers++; + + qemu_mutex_unlock(&block->mutex); +} + + +int qcrypto_block_init_cipher(QCryptoBlock *block, + QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode, + const uint8_t *key, size_t nkey, + size_t n_threads, Error **errp) +{ + size_t i; + + assert(!block->ciphers && !block->n_ciphers && !block->n_free_ciphers); + + block->ciphers = g_new0(QCryptoCipher *, n_threads); + + for (i = 0; i < n_threads; i++) { + block->ciphers[i] = qcrypto_cipher_new(alg, mode, key, nkey, errp); + if (!block->ciphers[i]) { + qcrypto_block_free_cipher(block); + return -1; + } + block->n_ciphers++; + block->n_free_ciphers++; + } + + return 0; } +void qcrypto_block_free_cipher(QCryptoBlock *block) +{ + size_t i; + + if (!block->ciphers) { + return; + } + + assert(block->n_ciphers == block->n_free_ciphers); + + for (i = 0; i < block->n_ciphers; i++) { + qcrypto_cipher_free(block->ciphers[i]); + } + + g_free(block->ciphers); + block->ciphers = NULL; + block->n_ciphers = block->n_free_ciphers = 0; +} + QCryptoIVGen *qcrypto_block_get_ivgen(QCryptoBlock *block) { + /* ivgen should be accessed under mutex. However, this function is used only + * in test with one thread, so it's enough to assert it here: + */ + assert(block->n_ciphers <= 1); return block->ivgen; } @@ -184,8 +275,9 @@ void qcrypto_block_free(QCryptoBlock *block) block->driver->cleanup(block); - qcrypto_cipher_free(block->cipher); + qcrypto_block_free_cipher(block); qcrypto_ivgen_free(block->ivgen); + qemu_mutex_destroy(&block->mutex); g_free(block); } @@ -199,6 +291,7 @@ typedef int (*QCryptoCipherEncDecFunc)(QCryptoCipher *cipher, static int do_qcrypto_block_cipher_encdec(QCryptoCipher *cipher, size_t niv, QCryptoIVGen *ivgen, + QemuMutex *ivgen_mutex, int sectorsize, uint64_t offset, uint8_t *buf, @@ -218,10 +311,15 @@ static int do_qcrypto_block_cipher_encdec(QCryptoCipher *cipher, while (len > 0) { size_t nbytes; if (niv) { - if (qcrypto_ivgen_calculate(ivgen, - startsector, - iv, niv, - errp) < 0) { + if (ivgen_mutex) { + qemu_mutex_lock(ivgen_mutex); + } + ret = qcrypto_ivgen_calculate(ivgen, startsector, iv, niv, errp); + if (ivgen_mutex) { + qemu_mutex_unlock(ivgen_mutex); + } + + if (ret < 0) { goto cleanup; } @@ -258,7 +356,7 @@ int qcrypto_block_cipher_decrypt_helper(QCryptoCipher *cipher, size_t len, Error **errp) { - return do_qcrypto_block_cipher_encdec(cipher, niv, ivgen, sectorsize, + return do_qcrypto_block_cipher_encdec(cipher, niv, ivgen, NULL, sectorsize, offset, buf, len, qcrypto_cipher_decrypt, errp); } @@ -273,12 +371,11 @@ int qcrypto_block_cipher_encrypt_helper(QCryptoCipher *cipher, size_t len, Error **errp) { - return do_qcrypto_block_cipher_encdec(cipher, niv, ivgen, sectorsize, + return do_qcrypto_block_cipher_encdec(cipher, niv, ivgen, NULL, sectorsize, offset, buf, len, qcrypto_cipher_encrypt, errp); } - int qcrypto_block_decrypt_helper(QCryptoBlock *block, int sectorsize, uint64_t offset, @@ -286,12 +383,17 @@ int qcrypto_block_decrypt_helper(QCryptoBlock *block, size_t len, Error **errp) { - return do_qcrypto_block_cipher_encdec(block->cipher, block->niv, - block->ivgen, - sectorsize, offset, buf, len, - qcrypto_cipher_decrypt, errp); -} + int ret; + QCryptoCipher *cipher = qcrypto_block_pop_cipher(block); + ret = do_qcrypto_block_cipher_encdec(cipher, block->niv, block->ivgen, + &block->mutex, sectorsize, offset, buf, + len, qcrypto_cipher_decrypt, errp); + + qcrypto_block_push_cipher(block, cipher); + + return ret; +} int qcrypto_block_encrypt_helper(QCryptoBlock *block, int sectorsize, @@ -300,8 +402,14 @@ int qcrypto_block_encrypt_helper(QCryptoBlock *block, size_t len, Error **errp) { - return do_qcrypto_block_cipher_encdec(block->cipher, block->niv, - block->ivgen, - sectorsize, offset, buf, len, - qcrypto_cipher_encrypt, errp); + int ret; + QCryptoCipher *cipher = qcrypto_block_pop_cipher(block); + + ret = do_qcrypto_block_cipher_encdec(cipher, block->niv, block->ivgen, + &block->mutex, sectorsize, offset, buf, + len, qcrypto_cipher_encrypt, errp); + + qcrypto_block_push_cipher(block, cipher); + + return ret; } diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 438c08bec2..5438e822fd 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -22,6 +22,7 @@ #define QCRYPTO_BLOCKPRIV_H #include "crypto/block.h" +#include "qemu/thread.h" typedef struct QCryptoBlockDriver QCryptoBlockDriver; @@ -31,8 +32,12 @@ struct QCryptoBlock { const QCryptoBlockDriver *driver; void *opaque; - QCryptoCipher *cipher; + QCryptoCipher **ciphers; + size_t n_ciphers; + size_t n_free_ciphers; QCryptoIVGen *ivgen; + QemuMutex mutex; + QCryptoHashAlgorithm kdfhash; size_t niv; uint64_t payload_offset; /* In bytes */ @@ -46,6 +51,7 @@ struct QCryptoBlockDriver { QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, + size_t n_threads, Error **errp); int (*create)(QCryptoBlock *block, @@ -110,4 +116,12 @@ int qcrypto_block_encrypt_helper(QCryptoBlock *block, size_t len, Error **errp); +int qcrypto_block_init_cipher(QCryptoBlock *block, + QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode, + const uint8_t *key, size_t nkey, + size_t n_threads, Error **errp); + +void qcrypto_block_free_cipher(QCryptoBlock *block); + #endif /* QCRYPTO_BLOCKPRIV_H */ diff --git a/include/crypto/block.h b/include/crypto/block.h index cd18f46d56..e729d5bd66 100644 --- a/include/crypto/block.h +++ b/include/crypto/block.h @@ -75,6 +75,7 @@ typedef enum { * @readfunc: callback for reading data from the volume * @opaque: data to pass to @readfunc * @flags: bitmask of QCryptoBlockOpenFlags values + * @n_threads: allow concurrent I/O from up to @n_threads threads * @errp: pointer to a NULL-initialized error object * * Create a new block encryption object for an existing @@ -107,6 +108,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options, QCryptoBlockReadFunc readfunc, void *opaque, unsigned int flags, + size_t n_threads, Error **errp); /** diff --git a/tests/test-crypto-block.c b/tests/test-crypto-block.c index fae4ffc453..d309d044ef 100644 --- a/tests/test-crypto-block.c +++ b/tests/test-crypto-block.c @@ -305,6 +305,7 @@ static void test_block(gconstpointer opaque) test_block_read_func, &header, 0, + 1, NULL); g_assert(blk == NULL); @@ -313,6 +314,7 @@ static void test_block(gconstpointer opaque) test_block_read_func, &header, QCRYPTO_BLOCK_OPEN_NO_IO, + 1, &error_abort); g_assert(qcrypto_block_get_cipher(blk) == NULL); @@ -327,6 +329,7 @@ static void test_block(gconstpointer opaque) test_block_read_func, &header, 0, + 1, &error_abort); g_assert(blk);