From patchwork Mon Dec 25 05:45:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 13504488 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 54FFAC3DA6E for ; Mon, 25 Dec 2023 05:49:18 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdoL-0004fc-Am; Mon, 25 Dec 2023 00:47:33 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdoI-0004fF-OI for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:30 -0500 Received: from mail-pg1-x531.google.com ([2607:f8b0:4864:20::531]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdoG-00022r-PT for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:30 -0500 Received: by mail-pg1-x531.google.com with SMTP id 41be03b00d2f7-5c21e185df5so2737647a12.1 for ; Sun, 24 Dec 2023 21:45:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703483126; x=1704087926; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=R3WxEzglk8uoFov+TGXHb/niKmhlgSt8io2ZCxKmYxI=; b=RRVJwg3Utxh+7RrayNQr5mH6jduEdc1MD6o0L2fy5bpvYn2uPm/cutBAoENNRmB6bb aWFmbZxhdOO6ryjNSEj5T/8fpGodPRnEXavT8EcDBkYvQdW8vnWEyE8BldPi+2IhXJ/i /BJv1LkwPw7xqIbDmXPSBFp0Z+mktUBqXft5gdoLAu4eOVrNIbSUi/m03Yj7Q4V0FFGk 1e5lhhM/XsBrim7NzUS/PUmgl46rV5UJzOZp/9H57ZyREsdKYgIeZYEGZRHbcf80KRbY 837Fnpr5oO+l0d07zqPOtjuZBuCfGpBNad+IJG/CvniCovrPakWVmXJpoxJ6ZF7Lh50t DnZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703483126; x=1704087926; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R3WxEzglk8uoFov+TGXHb/niKmhlgSt8io2ZCxKmYxI=; b=E4G+gsgsqCUsKJK+HjTp40NitNzS3LsFMAV3SzPbWcuRLKYjeQwOffbBxFONsJMr1A TKWz2S9+aVSEKanGHqbhPsk8fYIf4TdMtaeTkszvmTUdxWeEQfuqHdyOzaGilDvT8ZiX FC7s8ZtSmaYP72ZjrvvuDH2aGzE/ZOSK5MCKa1BCAz153V388bJR+yo6aiY6oHhrx1Ge Di1ZQBewQaKEFhhZuwmKAeOw8dIokS2uo4y8N1fO1H5exYqlfnAD5oSmTNxXzzgf6uS6 MbkcLC7MATuzIoBJhlJbC4RhM4U6UKmtnNRY/tdEVDkNKrFNJ+nbhhb1JnfDAAra6z3G bBHQ== X-Gm-Message-State: AOJu0YzFJ1KOn61kV5fnEA/R5uEgcP/SzmaDZAbXrqqvMCo+r5a8bIIV ezJkU6QSHsSCZK4vo0Uslv3q2wmWPpO6AfP60BKGrvVONulRsQ== X-Google-Smtp-Source: AGHT+IGTczOAqaLjn2DWekj8+QlvuaqQxB3WyeiWcJXQXtrBtFeGWOm/ZeTsHc8OhMohVaSbA5+q2A== X-Received: by 2002:a05:6a20:7f94:b0:194:f454:8e9 with SMTP id d20-20020a056a207f9400b00194f45408e9mr5618654pzj.106.1703483126116; Sun, 24 Dec 2023 21:45:26 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id y22-20020a056a00191600b006cef521b151sm7342415pfi.168.2023.12.24.21.45.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:45:25 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [PATCH RESEND v3 01/10] crypto: Introduce option and structure for detached LUKS header Date: Mon, 25 Dec 2023 13:45:03 +0800 Message-Id: X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::531; envelope-from=yong.huang@smartx.com; helo=mail-pg1-x531.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Add the "header" option for the LUKS format. This field would be used to identify the blockdev's position where a detachable LUKS header is stored. In addition, introduce header field in struct BlockCrypto Signed-off-by: Hyman Huang Reviewed-by: Daniel P. Berrangé Message-Id: <5b99f60c7317092a563d7ca3fb4b414197015eb2.1701879996.git.yong.huang@smartx.com> --- block/crypto.c | 1 + qapi/block-core.json | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/block/crypto.c b/block/crypto.c index 921933a5e5..f82b13d32b 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -39,6 +39,7 @@ typedef struct BlockCrypto BlockCrypto; struct BlockCrypto { QCryptoBlock *block; bool updating_keys; + BdrvChild *header; /* Reference to the detached LUKS header */ }; diff --git a/qapi/block-core.json b/qapi/block-core.json index ca390c5700..10be08d08f 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -3352,11 +3352,15 @@ # decryption key (since 2.6). Mandatory except when doing a # metadata-only probe of the image. # +# @header: optional reference to the location of a blockdev +# storing a detached LUKS header. (since 9.0) +# # Since: 2.9 ## { 'struct': 'BlockdevOptionsLUKS', 'base': 'BlockdevOptionsGenericFormat', - 'data': { '*key-secret': 'str' } } + 'data': { '*key-secret': 'str', + '*header': 'BlockdevRef'} } ## # @BlockdevOptionsGenericCOWFormat: From patchwork Mon Dec 25 05:45:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 13504480 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 78E5EC4706F for ; Mon, 25 Dec 2023 05:48:17 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdoM-0004gS-T1; Mon, 25 Dec 2023 00:47:34 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdoL-0004g9-N1 for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:33 -0500 Received: from mail-pj1-x1031.google.com ([2607:f8b0:4864:20::1031]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdoK-000236-3l for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:33 -0500 Received: by mail-pj1-x1031.google.com with SMTP id 98e67ed59e1d1-28bcc273833so3004580a91.1 for ; Sun, 24 Dec 2023 21:45:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703483130; x=1704087930; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=a9e2pyacaPTFtXd3fyhslqs/g1BZY38PqvyuZ6SQ0GM=; b=zQ4oWMLG8BgBmGbLDtq8CkYIC7WHSnaIi5xtx9fq4yR2xCBxgu03irS80Ydx8OqPIA K7bjuUzUSPyZ+vfsXlpfmvqSc7rO7aUcwoLvSQ8r4qz5DhscvMFHXoqwlVCyJgEfsDKr PQyu4fT05dor90BR4wK+K83ZskhJqU+i0XZ7/mjCzjbz+vSQffKxwM+YpQeKkza8rt2q 0Je4yEfehdj6s9N/vyYWv9c5m1zkXnJ+8ii8jhgcc+1CG/jSksv34X1TtcL/pEZy2p52 suBJTXtOgOj576v2K3t60yMdmq9qGSvGXMg3UWj4bVk0H5POk/nxrhRaMs+gQBjfLwHf 4vCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703483130; x=1704087930; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=a9e2pyacaPTFtXd3fyhslqs/g1BZY38PqvyuZ6SQ0GM=; b=awzsuiRnlp3F6r2Lgo0zJACHLPjfDBrYzZAHD/pCG2pm0aQMfgFVu7tKjnpjWbfLOP W1IrRH+90pQn7Aeq5ppaRPB5gHZVC/L6L0vMsc3LGlx2+STcKdeN4oE7cVM+v1II80Of Yvhrh+KIKCWuanZbkuZfVHFOpTlH9XBrCv6hmLJebf6YjvYZeOSz1L+w6TPK0Gog4VvS XIjDjA6vSx0lh/AwbGmDbmdW9aICZWbxEO2ee+oeNFBuewAbwGe2VJqdgQQFpTx7Dc8O 86jRPRapVWqtiOIo7x5Y/RAPDRuonn/AZmImstCT1ko9jTID2RnxWzis6xvcPKZ/Oezd oLCw== X-Gm-Message-State: AOJu0YznnXVGMng0oswdF3l+qgq9wPADlKZ90zHAUMSFIdUid+Y1H0Si 9qXHbu7ZnPj2ud45PP8rwE10pPZfUfzwCozhqKjaRjo52DIvXg== X-Google-Smtp-Source: AGHT+IFCvqg5d1Da4+WNqgWOTPB1N/c9DyrrqZIdTAbaBpLKQxDDS58vDAr4bFD9Zy8SwqMcF6saqA== X-Received: by 2002:a05:6a20:29b:b0:190:38ef:3a57 with SMTP id 27-20020a056a20029b00b0019038ef3a57mr5346508pza.28.1703483130073; Sun, 24 Dec 2023 21:45:30 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id y22-20020a056a00191600b006cef521b151sm7342415pfi.168.2023.12.24.21.45.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:45:29 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [PATCH RESEND v3 02/10] crypto: Support generic LUKS encryption Date: Mon, 25 Dec 2023 13:45:04 +0800 Message-Id: X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::1031; envelope-from=yong.huang@smartx.com; helo=mail-pj1-x1031.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org By enhancing the LUKS driver, it is possible to enable the detachable LUKS header and, as a result, achieve general encryption for any disk format that QEMU has supported. Take the qcow2 as an example, the usage of the generic LUKS encryption as follows: 1. add a protocol blockdev node of data disk $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments":{"node-name":"libvirt-1-storage", "driver":"file", > "filename":"/path/to/test_disk.qcow2"}}' 2. add a protocol blockdev node of LUKS header as above. $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments":{"node-name":"libvirt-2-storage", "driver":"file", > "filename": "/path/to/cipher.gluks" }}' 3. add the secret for decrypting the cipher stored in LUKS header above $ virsh qemu-monitor-command vm '{"execute":"object-add", > "arguments":{"qom-type":"secret", "id": > "libvirt-2-storage-secret0", "data":"abc123"}}' 4. add the qcow2-drived blockdev format node $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments":{"node-name":"libvirt-1-format", "driver":"qcow2", > "file":"libvirt-1-storage"}}' 5. add the luks-drived blockdev to link the qcow2 disk with LUKS header by specifying the field "header" $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments":{"node-name":"libvirt-2-format", "driver":"luks", > "file":"libvirt-1-format", "header":"libvirt-2-storage", > "key-secret":"libvirt-2-format-secret0"}}' 6. add the virtio-blk device finally $ virsh qemu-monitor-command vm '{"execute":"device_add", > "arguments": {"num-queues":"1", "driver":"virtio-blk-pci", > "drive": "libvirt-2-format", "id":"virtio-disk2"}}' The generic LUKS encryption method of starting a virtual machine (VM) is somewhat similar to hot-plug in that both maintaining the same json command while the starting VM changes the "blockdev-add/device_add" parameters to "blockdev/device". Signed-off-by: Hyman Huang Message-Id: <910801f303da1601051479d3b7e5c2c6b4e01eb7.1701879996.git.yong.huang@smartx.com> --- block/crypto.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/block/crypto.c b/block/crypto.c index f82b13d32b..6063879bac 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -64,12 +64,14 @@ static int block_crypto_read_func(QCryptoBlock *block, Error **errp) { BlockDriverState *bs = opaque; + BlockCrypto *crypto = bs->opaque; ssize_t ret; GLOBAL_STATE_CODE(); GRAPH_RDLOCK_GUARD_MAINLOOP(); - ret = bdrv_pread(bs->file, offset, buflen, buf, 0); + ret = bdrv_pread(crypto->header ? crypto->header : bs->file, + offset, buflen, buf, 0); if (ret < 0) { error_setg_errno(errp, -ret, "Could not read encryption header"); return ret; @@ -269,6 +271,7 @@ static int block_crypto_open_generic(QCryptoBlockFormat format, QCryptoBlockOpenOptions *open_opts = NULL; unsigned int cflags = 0; QDict *cryptoopts = NULL; + const char *hdr_bdref = qdict_get_try_str(options, "header"); GLOBAL_STATE_CODE(); @@ -277,6 +280,15 @@ static int block_crypto_open_generic(QCryptoBlockFormat format, return ret; } + if (hdr_bdref) { + crypto->header = bdrv_open_child(NULL, options, "header", bs, + &child_of_bds, BDRV_CHILD_METADATA, + false, errp); + if (!crypto->header) { + return -EINVAL; + } + } + GRAPH_RDLOCK_GUARD_MAINLOOP(); bs->supported_write_flags = BDRV_REQ_FUA & From patchwork Mon Dec 25 05:45:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 13504479 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8C9CAC47072 for ; Mon, 25 Dec 2023 05:48:17 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdoS-0004gv-Eu; Mon, 25 Dec 2023 00:47:40 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdoQ-0004gk-BR for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:38 -0500 Received: from mail-oi1-x229.google.com ([2607:f8b0:4864:20::229]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdoO-00023U-Um for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:38 -0500 Received: by mail-oi1-x229.google.com with SMTP id 5614622812f47-3bb82a52002so3157178b6e.2 for ; Sun, 24 Dec 2023 21:45:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703483134; x=1704087934; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=AdL9uW9EvZjhGBTaXUAVF2PzM+GCkP3v2dbTBdBWS6M=; b=aoIfUzjeNZCRR3pD0vqOaROkbrqNFbpjgHRl4i7FJ9XJAMmFIINlSD5Q+O4bBDx15F yWklm21IMGPvHfsapYmaFhyC770AFUJcnTrHsEclCjt5pPysEzwDg98yV3ZE5Rmiox6j 6qogHm7XNnYrFLN/WMOiqOyJxTdsYxHqaL0xCr3yxAMPUuijNiLGGjfrWNimsA+uAq3D eGCSYOb6uwvasCF42Bti0wNtmsSGihFY6zRltTUfwqrqVkpOHvQtOXrfuV9Z/rNm13lX F7iaMn1P1P4AR146qQl5h9H7yJ4N18D/SISktyuuADqHA0JLXA1PGf61G7PTvQfJMAHI U97w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703483134; x=1704087934; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AdL9uW9EvZjhGBTaXUAVF2PzM+GCkP3v2dbTBdBWS6M=; b=PWo7ahgNHr4yr9/y1h983LgoyabCfP8NLSqRlOPVhQoyIcFNrwZ+TpG5cL89PRVx9e YLXnkIMCE0ej7bMbXd7kvmsvaWjV0EzJvWCLflsG2WCuQJRx5S0v7vDBjg8buXJ9f6f8 eG6zQAaIPb459wjI1qqynl6VtCG6BJTK3puZ3XLpXw5U4JiC1qi+7ISsax2jo2DPQ+dM rJd6vyr7VH9mU0ZVOq4RU9CENlCBzGxM85+PLKDmP1RmXxBip6LVGv5eo+1sI+UP1Zz5 dXaCX4rApQV5XyVnbGq8wfpMPhj8sJnnMTF24b5tjO8T2DidipTO3qmB4IRnWD3ujive HsdA== X-Gm-Message-State: AOJu0YxwNaKteKKeY4ckhqsKrU78Gywy14jqJOV/yb9539bqbBY+1Qwb VD3yO3264bV1ukL5VWd/jDLih3R2Q3etTeIb1j9D4nCGd1MFgA== X-Google-Smtp-Source: AGHT+IGXm0QUrJSRzkJKth00XkBg6Khj8uorx2qkm7s+1A5sZw+nDJVkS5BpjQNXThcrq2QQ6jBO4w== X-Received: by 2002:a05:6808:1186:b0:3bb:6cf0:fce0 with SMTP id j6-20020a056808118600b003bb6cf0fce0mr7067688oil.34.1703483134042; Sun, 24 Dec 2023 21:45:34 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id y22-20020a056a00191600b006cef521b151sm7342415pfi.168.2023.12.24.21.45.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:45:33 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [PATCH RESEND v3 03/10] qapi: Make parameter 'file' optional for BlockdevCreateOptionsLUKS Date: Mon, 25 Dec 2023 13:45:05 +0800 Message-Id: <720f901d0df6ecb2da94c48c38b0abde933c3429.1703482349.git.yong.huang@smartx.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::229; envelope-from=yong.huang@smartx.com; helo=mail-oi1-x229.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org To support detached LUKS header creation, make the existing 'file' filed in BlockdevCreateOptionsLUKS optional, while also adding an extra optional 'header' field in the next commit. Signed-off-by: Hyman Huang Reviewed-by: Daniel P. Berrangé --- block/crypto.c | 21 ++++++++++++++------- qapi/block-core.json | 5 +++-- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index 6063879bac..78fbe79c95 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -659,9 +659,9 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) assert(create_options->driver == BLOCKDEV_DRIVER_LUKS); luks_opts = &create_options->u.luks; - bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp); - if (bs == NULL) { - return -EIO; + if (luks_opts->file == NULL) { + error_setg(errp, "Formatting LUKS disk requires parameter 'file'"); + return -EINVAL; } create_opts = (QCryptoBlockCreateOptions) { @@ -673,10 +673,17 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) preallocation = luks_opts->preallocation; } - ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts, - preallocation, errp); - if (ret < 0) { - goto fail; + if (luks_opts->file) { + bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp); + if (bs == NULL) { + return -EIO; + } + + ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts, + preallocation, errp); + if (ret < 0) { + goto fail; + } } ret = 0; diff --git a/qapi/block-core.json b/qapi/block-core.json index 10be08d08f..9ac256c489 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -4945,7 +4945,8 @@ # # Driver specific image creation options for LUKS. # -# @file: Node to create the image format on +# @file: Node to create the image format on, mandatory except when +# 'preallocation' is not requested # # @size: Size of the virtual disk in bytes # @@ -4956,7 +4957,7 @@ ## { 'struct': 'BlockdevCreateOptionsLUKS', 'base': 'QCryptoBlockCreateOptionsLUKS', - 'data': { 'file': 'BlockdevRef', + 'data': { '*file': 'BlockdevRef', 'size': 'size', '*preallocation': 'PreallocMode' } } From patchwork Mon Dec 25 05:45:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 13504478 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 464F9C3DA6E for ; Mon, 25 Dec 2023 05:48:17 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdoU-0004jF-Ud; Mon, 25 Dec 2023 00:47:42 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdoT-0004im-8t for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:41 -0500 Received: from mail-oi1-x22d.google.com ([2607:f8b0:4864:20::22d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdoR-00023v-Nk for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:41 -0500 Received: by mail-oi1-x22d.google.com with SMTP id 5614622812f47-3bb53e20a43so2822086b6e.1 for ; Sun, 24 Dec 2023 21:45:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703483138; x=1704087938; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qJQlTzAWPO+/klEeEAp+k9zko8Nhs/GsMEahvb4ufUs=; b=RE/c/efDBqsZfdfdUWlzySFl8DcfbNimIATD1oUQB+mUb+f/oC6wZV8vk5xAyisAnp ocLcg3f0PN/VQadgpepIAXil65XqWrPj66x+VBxH99yprXrkFsXXw/qXPlzqH8Qf4YtK I2c+twEN9n9lbUm2izn5C2drVpePY32t3MQqq1xFkpYN1MWMpS8jw3b+ocXDGk8qjJRb jGCMuFX5G5vGb0MEjDj/PcaTq72rXxDFAWoDAYVYSD9RuRG2yBHrupdz6uh6uokodcQj KIbeBOuAX+KzAxOVUwbnX5rnMBHuAyuO0ADU1QWnMKfpCbsRjlUXy8rUdYjVp3ZVGM/A pJUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703483138; x=1704087938; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qJQlTzAWPO+/klEeEAp+k9zko8Nhs/GsMEahvb4ufUs=; b=XoEAlc70WWVR0hPhwaXpojLYWPgzEmi17FnJair4eFtqOr0ggpUjlukVgaMlHknNcG rBMHxiwD4jSs66uoG3l02JXjnFtNeaQNeYXlElRUAwnCj2ZtAq694zrRDw+rEGamRxtp ZM3a+ZFPmkXhpC+z2TNDGoNsURNQMW3SW5Qq98yxHwoulmaT3nvyfTlURKZs64YDKYdR OxhyufDEwuZRnGzLBwz7iulP5Hb37f6/k9UEg/NKKBI95KoOj7+DQA5U5rlXfixbRRLU PNh2ZsGRtDnJ5xzFKbBqqYfQL2vB+4mtevM4BbYEPRtEznUlHxJ1kI6gl48SSazuVYWG Y4ww== X-Gm-Message-State: AOJu0Yzd/ms28uShPccCewWkmGFz1P51FEARMTijkJF5VyH3+X9NtnGF cRK8CMugICNh5z9cVLAtuIIxbS9C5M4GCTUsR06pk3Oz38xvhQ== X-Google-Smtp-Source: AGHT+IGB+3Flm2chnspm2v4DeR47JMmLuUrj+8FdtPmByL6TUKwizdnoJe78EKguV0g5zeJW6ukf+w== X-Received: by 2002:a05:6808:148a:b0:3bb:aab0:d899 with SMTP id e10-20020a056808148a00b003bbaab0d899mr1195437oiw.37.1703483137943; Sun, 24 Dec 2023 21:45:37 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id y22-20020a056a00191600b006cef521b151sm7342415pfi.168.2023.12.24.21.45.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:45:37 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [PATCH RESEND v3 04/10] crypto: Introduce creation option and structure for detached LUKS header Date: Mon, 25 Dec 2023 13:45:06 +0800 Message-Id: <57ccc93a05f69973d41b571615f9ef13fd9b2983.1703482349.git.yong.huang@smartx.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::22d; envelope-from=yong.huang@smartx.com; helo=mail-oi1-x22d.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Introduce 'header' field in BlockdevCreateOptionsLUKS to support detached LUKS header creation. Meanwhile, introduce header-related field in QCryptoBlock. Signed-off-by: Hyman Huang --- crypto/blockpriv.h | 3 +++ qapi/block-core.json | 3 +++ qapi/crypto.json | 5 ++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 3c7ccea504..6289aea961 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -42,6 +42,9 @@ struct QCryptoBlock { size_t niv; uint64_t payload_offset; /* In bytes */ uint64_t sector_size; /* In bytes */ + + bool detached_header; /* True if disk has a detached LUKS header */ + uint64_t detached_header_size; /* LUKS header size plus key slot size */ }; struct QCryptoBlockDriver { diff --git a/qapi/block-core.json b/qapi/block-core.json index 9ac256c489..8aec179926 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -4948,6 +4948,8 @@ # @file: Node to create the image format on, mandatory except when # 'preallocation' is not requested # +# @header: Detached LUKS header node to format. (since 9.0) +# # @size: Size of the virtual disk in bytes # # @preallocation: Preallocation mode for the new image (since: 4.2) @@ -4958,6 +4960,7 @@ { 'struct': 'BlockdevCreateOptionsLUKS', 'base': 'QCryptoBlockCreateOptionsLUKS', 'data': { '*file': 'BlockdevRef', + '*header': 'BlockdevRef', 'size': 'size', '*preallocation': 'PreallocMode' } } diff --git a/qapi/crypto.json b/qapi/crypto.json index fd3d46ebd1..6b4e86cb81 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -195,10 +195,13 @@ # decryption key. Mandatory except when probing image for # metadata only. # +# @detached-header: if true, disk has detached LUKS header. +# # Since: 2.6 ## { 'struct': 'QCryptoBlockOptionsLUKS', - 'data': { '*key-secret': 'str' }} + 'data': { '*key-secret': 'str', + '*detached-header': 'bool' }} ## # @QCryptoBlockCreateOptionsLUKS: From patchwork Mon Dec 25 05:45:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 13504484 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id ECD52C3DA6E for ; Mon, 25 Dec 2023 05:48:52 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdoZ-0004jw-1j; Mon, 25 Dec 2023 00:47:47 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdoX-0004jL-Hw for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:45 -0500 Received: from mail-pf1-x42d.google.com ([2607:f8b0:4864:20::42d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdoW-00025p-1v for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:45 -0500 Received: by mail-pf1-x42d.google.com with SMTP id d2e1a72fcca58-6d099d316a8so3432203b3a.0 for ; Sun, 24 Dec 2023 21:45:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703483142; x=1704087942; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=IPxH7gFNnh+/q7MXVJgutLRfldlr/zL58xbkQj7lR5Y=; b=FLESyh+3qQSeaa6L/ZXztT+iDFEtprc8HcKwyw8JGIAN5dkqTnvGwQZvaS++p6p3Xi LCFcHiH7BEiwcoTpfW3BFYotDbaeq0Pqt6zvqumdnCAZCEht1A1Yp+vtgCemmPZgwyLH XJKNkwp2VSuU3Qd5v++/gbHPwCHZ7GAnilEMeTPYOVNkfbKy6DM8kT2d8xPC0820lLKl uKDIT4oR5jmkHA+1YWjWnD1TSM9SzBVzUlyDVjX9YqmAMePSEc7ehbEJEYro81g3s0aQ iv6d4LY7dEOeFDmUu/RJslRCJIBqV9dI4cMzO1+VBb858Ys23atJgNW6RhkQO2V47f9n tPCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703483142; x=1704087942; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IPxH7gFNnh+/q7MXVJgutLRfldlr/zL58xbkQj7lR5Y=; b=nJiE84MvhMAzI2yLoddp00l+57/b/puNnn4n0sNE+S3XSU1WsllCo3O/v6rNtNsIkA QKwtU6QZaeuttEFy74R4uD02dEhYz526l8etgwlzkvvGuYATFWr9bAoOtPqFS4RjXVTN 3W/HNqIKHsifoxxdcZ4x5X7LNgx2t5GKm2iLXEzEsD+eA+NLk01JzXOwxCZhps2ccZdr mHnG1T1NCTBFxQ9U/Ouhao0uKtyxQaZakfXn0ktAyEiZcTqkpYid9e8ZicKBkMmC7shn 3H4zcEf+dnIhrcGoyIL7CSZ41OxTAo3Q5JfejMFcBPvhb6bZck2deetS0vs858qadQM+ gRRQ== X-Gm-Message-State: AOJu0YxZZ1daNBNrGUKed6GEdGvo8GokZWrfgOuMlnhe1+em+Eh+44sK fv/wGcPfWo3M+S9TLNMU+wh8juBbiES/YDcM6DM3JGsUzDOijg== X-Google-Smtp-Source: AGHT+IFdvD2jk9uSWxK/xaJVOqlgKswFU+mHLmgBZLZnMUueowRIod2KPjq1PSD2Xl2qgkFzq87qjA== X-Received: by 2002:a05:6a00:2147:b0:6d9:9447:5f2d with SMTP id o7-20020a056a00214700b006d994475f2dmr4299503pfk.33.1703483141957; Sun, 24 Dec 2023 21:45:41 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id y22-20020a056a00191600b006cef521b151sm7342415pfi.168.2023.12.24.21.45.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:45:41 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [PATCH RESEND v3 05/10] crypto: Mark the payload_offset_sector invalid for detached LUKS header Date: Mon, 25 Dec 2023 13:45:07 +0800 Message-Id: <02d08ca67a4ec88cee61446d6b330c2945b5588f.1703482349.git.yong.huang@smartx.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::42d; envelope-from=yong.huang@smartx.com; helo=mail-pf1-x42d.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Set the payload_offset_sector to a value that is nearly never reached in order to mark it as invalid and indicate that 0 should be the offset of the read/write operation on the 'file' protocol blockdev node. Signed-off-by: Hyman Huang --- crypto/block-luks.c | 41 +++++++++++++++++++++++++++++++---------- 1 file changed, 31 insertions(+), 10 deletions(-) diff --git a/crypto/block-luks.c b/crypto/block-luks.c index fb01ec38bb..48443ffcae 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -34,6 +34,8 @@ #include "qemu/bitmap.h" +#define INVALID_SECTOR_OFFSET UINT32_MAX + /* * Reference for the LUKS format implemented here is * @@ -136,6 +138,13 @@ struct QCryptoBlockLUKS { }; +static inline uint32_t +qcrypto_block_luks_payload_offset(uint32_t sector) +{ + return sector == INVALID_SECTOR_OFFSET ? 0 : + sector * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE; +} + static int qcrypto_block_luks_cipher_name_lookup(const char *name, QCryptoCipherMode mode, uint32_t key_bytes, @@ -1255,8 +1264,8 @@ qcrypto_block_luks_open(QCryptoBlock *block, } block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE; - block->payload_offset = luks->header.payload_offset_sector * - block->sector_size; + block->payload_offset = + qcrypto_block_luks_payload_offset(luks->header.payload_offset_sector); return 0; @@ -1529,16 +1538,28 @@ qcrypto_block_luks_create(QCryptoBlock *block, slot->stripes = QCRYPTO_BLOCK_LUKS_STRIPES; } - /* The total size of the LUKS headers is the partition header + key - * slot headers, rounded up to the nearest sector, combined with - * the size of each master key material region, also rounded up - * to the nearest sector */ - luks->header.payload_offset_sector = header_sectors + - QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS * split_key_sectors; + if (block->detached_header) { + /* + * Set the payload_offset_sector to a value that is nearly never + * reached in order to mark it as invalid and indicate that 0 should + * be the offset of the read/write operation on the 'file' protocol + * blockdev node. Here the UINT32_MAX is choosed + */ + luks->header.payload_offset_sector = INVALID_SECTOR_OFFSET; + } else { + /* + * The total size of the LUKS headers is the partition header + key + * slot headers, rounded up to the nearest sector, combined with + * the size of each master key material region, also rounded up + * to the nearest sector + */ + luks->header.payload_offset_sector = header_sectors + + QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS * split_key_sectors; + } block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE; - block->payload_offset = luks->header.payload_offset_sector * - block->sector_size; + block->payload_offset = + qcrypto_block_luks_payload_offset(luks->header.payload_offset_sector); /* Reserve header space to match payload offset */ initfunc(block, block->payload_offset, opaque, &local_err); From patchwork Mon Dec 25 05:45:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 13504482 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1CCA6C3DA6E for ; Mon, 25 Dec 2023 05:48:41 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdod-0004kr-KB; Mon, 25 Dec 2023 00:47:51 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdob-0004ka-MM for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:49 -0500 Received: from mail-ot1-x332.google.com ([2607:f8b0:4864:20::332]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdoZ-000263-Jw for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:49 -0500 Received: by mail-ot1-x332.google.com with SMTP id 46e09a7af769-6dbf0561f8bso72724a34.1 for ; Sun, 24 Dec 2023 21:45:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703483146; x=1704087946; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=L3ApTkAuvEEyKhHkfQqZ7GJ+q36mBNZFj8dE6xUr2+E=; b=OcCze2SSguuFK+ppbRmWJzrUwihKy94CwLan7Rbz3x56wowM8ao+WkK36gUUHn2kAm bmaYCdTXWVqljh9UPdkf5kV4ZC2y2OwA/eDnvuSnP/7O47FHRIXvpB+OPGOMt0cYhs8I wtjCYXq+XbfYruZgDbVxiLVCA3NlRfPphDBYAGKObOB9TyvokaLyvsUk/brIhIpRBMio +HzT4W/VCIPzxbuFsux2izZxZEcYJ7lSgMls5HI/7uofJZ8gJA5Sfz5KI8PPwzEvKSgE n0ShKsJf28lA4f82ta5HBA1HvtQF7mMw2ikWpyG0nZ0p86cS1Oa5SFnq5f47JX96qRcA FJoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703483146; x=1704087946; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=L3ApTkAuvEEyKhHkfQqZ7GJ+q36mBNZFj8dE6xUr2+E=; b=ESEmXDmu0GpTk7a3W2W5IOI9BBkNGJ50XvcRJukBpAn2qMFhmhnAA6OdccQCsctbmj NPiptrGQxbzPPZCf37OhjJENgCZJrEv5EDHPS7A1k0LeskaRs1TpGfUhqP7IjNF+cez0 1tT4mobTmQ1jk+iRiFu7cGUdD+ZdOsycUeHNVbbLnpo0pJQdeuh9SySi332KY14ZMi+9 eECirzVrJDKEqnPV5fb3r5HClp92YuYNZXRkarxmcGX6C08TN01IOS4P4ExZy5vsEKEU u7PEgE9CUU229wNpNka1+YgVeKpwJjHR5OkPe7/Ms0TuEL4vfyp/O0KuwYYUchpGmNeD IeCA== X-Gm-Message-State: AOJu0YwNGygG8hfywPZa5HVOcdESpaLZW0nPt2UD89NMYshP+YlrEXJP 0aQ34mu55tBA7VdkUJKywlbEeBaUCPxKXQ0OPfXDQax1tVotbQ== X-Google-Smtp-Source: AGHT+IHeuKnwFrDANsHUX35HsKcroE3SYkcAFePM06XJmrn99p6MR9rw+/KxujMXUumLLGE/1VZGQQ== X-Received: by 2002:a9d:7cc9:0:b0:6db:dbdf:727f with SMTP id r9-20020a9d7cc9000000b006dbdbdf727fmr991400otn.0.1703483145837; Sun, 24 Dec 2023 21:45:45 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id y22-20020a056a00191600b006cef521b151sm7342415pfi.168.2023.12.24.21.45.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:45:45 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [PATCH RESEND v3 06/10] block: Support detached LUKS header creation using blockdev-create Date: Mon, 25 Dec 2023 13:45:08 +0800 Message-Id: <20ab47b728492cedb7ea671239f0397a141c3f5a.1703482349.git.yong.huang@smartx.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::332; envelope-from=yong.huang@smartx.com; helo=mail-ot1-x332.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The LUKS disk with detached header consists of a separate LUKS header and payload. This LUKS disk type should be formatted as follows: 1. add the secret to lock/unlock the cipher stored in the detached LUKS header $ virsh qemu-monitor-command vm '{"execute":"object-add", > "arguments":{"qom-type": "secret", "id": "sec0", "data": "foo"}}' 2. create a header img with 0 size $ virsh qemu-monitor-command vm '{"execute":"blockdev-create", > "arguments":{"job-id":"job0", "options":{"driver":"file", > "filename":"/path/to/detached_luks_header.img", "size":0 }}}' 3. add protocol blockdev node for header $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments": {"driver":"file", "filename": > "/path/to/detached_luks_header.img", "node-name": > "detached-luks-header-storage"}}' 4. create a payload img with 0 size $ virsh qemu-monitor-command vm '{"execute":"blockdev-create", > "arguments":{"job-id":"job1", "options":{"driver":"file", > "filename":"/path/to/detached_luks_payload_raw.img", "size":0}}}' 5. add protocol blockdev node for payload $ virsh qemu-monitor-command vm '{"execute":"blockdev-add", > "arguments": {"driver":"file", "filename": > "/path/to/detached_luks_payload_raw.img", "node-name": > "luks-payload-raw-storage"}}' 6. do the formatting with 128M size $ virsh qemu-monitor-command c81_node1 '{"execute":"blockdev-create", > "arguments":{"job-id":"job2", "options":{"driver":"luks", "header": > "detached-luks-header-storage", "file":"luks-payload-raw-storage", > "size":134217728, "preallocation":"full", "key-secret":"sec0" }}}' Signed-off-by: Hyman Huang --- block/crypto.c | 109 ++++++++++++++++++++++++++++++++++++++++---- crypto/block-luks.c | 6 ++- crypto/block.c | 1 + 3 files changed, 106 insertions(+), 10 deletions(-) diff --git a/block/crypto.c b/block/crypto.c index 78fbe79c95..76cc8bda49 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -160,6 +160,48 @@ error: return ret; } +static int coroutine_fn GRAPH_UNLOCKED +block_crypto_co_format_luks_payload(BlockdevCreateOptionsLUKS *luks_opts, + Error **errp) +{ + BlockDriverState *bs = NULL; + BlockBackend *blk = NULL; + Error *local_error = NULL; + int ret; + + if (luks_opts->size > INT64_MAX) { + return -EFBIG; + } + + bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp); + if (bs == NULL) { + return -EIO; + } + + blk = blk_co_new_with_bs(bs, BLK_PERM_WRITE | BLK_PERM_RESIZE, + BLK_PERM_ALL, errp); + if (!blk) { + ret = -EPERM; + goto fail; + } + + ret = blk_truncate(blk, luks_opts->size, true, + luks_opts->preallocation, 0, &local_error); + if (ret < 0) { + if (ret == -EFBIG) { + /* Replace the error message with a better one */ + error_free(local_error); + error_setg(errp, "The requested file size is too large"); + } + goto fail; + } + + ret = 0; + +fail: + bdrv_co_unref(bs); + return ret; +} static QemuOptsList block_crypto_runtime_opts_luks = { .name = "crypto", @@ -651,6 +693,7 @@ static int coroutine_fn GRAPH_UNLOCKED block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) { BlockdevCreateOptionsLUKS *luks_opts; + BlockDriverState *hdr_bs = NULL; BlockDriverState *bs = NULL; QCryptoBlockCreateOptions create_opts; PreallocMode preallocation = PREALLOC_MODE_OFF; @@ -659,8 +702,22 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) assert(create_options->driver == BLOCKDEV_DRIVER_LUKS); luks_opts = &create_options->u.luks; - if (luks_opts->file == NULL) { - error_setg(errp, "Formatting LUKS disk requires parameter 'file'"); + if (luks_opts->header == NULL && luks_opts->file == NULL) { + error_setg(errp, "Either the parameter 'header' or 'file' should " + "be specified"); + return -EINVAL; + } + + if (luks_opts->detached_header && luks_opts->header == NULL) { + error_setg(errp, "Formatting a detached LUKS disk requries " + "'header' to be specified"); + return -EINVAL; + } + + if ((luks_opts->preallocation != PREALLOC_MODE_OFF) && + (luks_opts->file == NULL)) { + error_setg(errp, "Parameter 'preallocation' requries 'file' to be " + "specified for formatting LUKS disk"); return -EINVAL; } @@ -673,7 +730,40 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) preallocation = luks_opts->preallocation; } - if (luks_opts->file) { + if (luks_opts->header) { + hdr_bs = bdrv_co_open_blockdev_ref(luks_opts->header, errp); + if (hdr_bs == NULL) { + return -EIO; + } + + /* + * If blockdev reference of header is specified, + * detached_header default to true + */ + create_opts.u.luks.detached_header = true; + + /* Format the LUKS header node */ + ret = block_crypto_co_create_generic(hdr_bs, 0, &create_opts, + PREALLOC_MODE_OFF, errp); + if (ret < 0) { + goto hdr_bs_failed; + } + + /* Format the LUKS payload node */ + if (luks_opts->file) { + ret = block_crypto_co_format_luks_payload(luks_opts, errp); + if (ret < 0) { + goto hdr_bs_failed; + } + } + + ret = 0; + +hdr_bs_failed: + bdrv_co_unref(hdr_bs); + return ret; + } else if (luks_opts->file) { + /* None detached LUKS header path */ bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp); if (bs == NULL) { return -EIO; @@ -682,14 +772,15 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts, preallocation, errp); if (ret < 0) { - goto fail; + goto bs_failed; } - } - ret = 0; -fail: - bdrv_co_unref(bs); - return ret; + ret = 0; + +bs_failed: + bdrv_co_unref(bs); + return ret; + } } static int coroutine_fn GRAPH_UNLOCKED diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 48443ffcae..474c7aee2e 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -1561,8 +1561,12 @@ qcrypto_block_luks_create(QCryptoBlock *block, block->payload_offset = qcrypto_block_luks_payload_offset(luks->header.payload_offset_sector); + block->detached_header_size = + (header_sectors + QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS * + split_key_sectors) * block->sector_size; + /* Reserve header space to match payload offset */ - initfunc(block, block->payload_offset, opaque, &local_err); + initfunc(block, block->detached_header_size, opaque, &local_err); if (local_err) { error_propagate(errp, local_err); goto error; diff --git a/crypto/block.c b/crypto/block.c index 7bb4b74a37..ea493f056e 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -102,6 +102,7 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, } block->driver = qcrypto_block_drivers[options->format]; + block->detached_header = options->u.luks.detached_header; if (block->driver->create(block, options, optprefix, initfunc, writefunc, opaque, errp) < 0) { From patchwork Mon Dec 25 05:45:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 13504483 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 60F4EC3DA6E for ; Mon, 25 Dec 2023 05:48:49 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdoh-0004lK-H4; Mon, 25 Dec 2023 00:47:55 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdog-0004lA-0t for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:54 -0500 Received: from mail-oi1-x22c.google.com ([2607:f8b0:4864:20::22c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdod-00027A-W6 for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:53 -0500 Received: by mail-oi1-x22c.google.com with SMTP id 5614622812f47-3bb8f3d9f98so2295822b6e.3 for ; Sun, 24 Dec 2023 21:45:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703483150; x=1704087950; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Bld8BoqgmZ1DODtactYuR62piREfvI2piUdxD5IPPLM=; b=bxLx4wV+hrUyJNTTVuQ+jE2uOwLl2VKMCANbqmwVj1caPFvPKJo5MQyAyyQF/tpIVq 7fTkwh8cj1y4eK9DEFtSzd1GkDr0lJnDeT3BfHn9l3AfWR78vlerTNcWrKGu1be8XB+4 4P1P5G4ivv7jKADlph0Bbu8cg2die+1LI+q1yNs7W8Ec5V33Wnn0PeClpowUj6VFGmI3 Qv+ISWAo5u1iPOO2wT0TxZocTc4j2sfsoLti/LO1Yi2q3N4adFKS412/BJFJU2NXHzhQ 9kJEWyBaMOT6ZAfWsmMTLfDRtXjSPplOJnCUaQiDYItq+o2j+EPwOCIACPolU1q8SDuC V6Xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703483150; x=1704087950; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Bld8BoqgmZ1DODtactYuR62piREfvI2piUdxD5IPPLM=; b=YMmS37uVsfx6wO699yp5uxjogVJ96m+n7vt4G64CmPF2ozlKS7ptLc3R4iaxGe3Lzr Jh9le7k7bqdZlSqKDntkxPxyvUkd+dIM4M472K7FLx/FfIdE5EAFGs87rJo+LUhR7Z0u aFUloZl3yh72k/7d4snb6G6UWGKyflD78KeLszvh2OPDTRG3KXssFBkhQzmwzkeNyRbe HSNBuuiAhp0Sqers4MujwjtapqrxRu4naCIiBb/rd/EcMMtnyMtameqTBkkdJHrV2CrD 0Sxb/CGIYm3jugq0z8ST3MQxBDMdJZtepjtmVvl8N2WbfacRy5P95GCMVjDwEak4tmNm dc+A== X-Gm-Message-State: AOJu0YxiuME8hjNv+stqUcqkZ/j5vNV+BOTKQbLLL5HoWTm20yxlZf8N iV33jANiWLaVNW3UlSebx7t8SEut846JSfLtBulk9QY2VsR8nQ== X-Google-Smtp-Source: AGHT+IFcbXY3bURXyeTcMUtuYPKTGcVQM5AkR06OiHR5XLFiv3ULzd1DLMaJF1/KucajAb4yDaYQTA== X-Received: by 2002:a05:6808:1820:b0:3bb:73d6:f8b9 with SMTP id bh32-20020a056808182000b003bb73d6f8b9mr6919991oib.31.1703483150146; Sun, 24 Dec 2023 21:45:50 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id y22-20020a056a00191600b006cef521b151sm7342415pfi.168.2023.12.24.21.45.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:45:49 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [PATCH RESEND v3 07/10] block: Support detached LUKS header creation using qemu-img Date: Mon, 25 Dec 2023 13:45:09 +0800 Message-Id: <3179dbd4232303c64906eeffa2912d09a0fdcbeb.1703482349.git.yong.huang@smartx.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::22c; envelope-from=yong.huang@smartx.com; helo=mail-oi1-x22c.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Add the 'detached-mode' option to specify the creation of a detached LUKS header. This is how it is used: $ qemu-img create --object secret,id=sec0,data=abc123 -f luks > -o cipher-alg=aes-256,cipher-mode=xts -o key-secret=sec0 > -o detached-mode=true header.luks Signed-off-by: Hyman Huang --- block.c | 5 ++++- block/crypto.c | 9 ++++++++- block/crypto.h | 8 ++++++++ qapi/crypto.json | 5 ++++- 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/block.c b/block.c index bfb0861ec6..fa9ce36928 100644 --- a/block.c +++ b/block.c @@ -7517,7 +7517,10 @@ void bdrv_img_create(const char *filename, const char *fmt, goto out; } - if (size == -1) { + /* Parameter 'size' is not needed for detached LUKS header */ + if (size == -1 && + !(!strcmp(fmt, "luks") && + qemu_opt_get_bool(opts, "detached-mode", false))) { error_setg(errp, "Image creation needs a size parameter"); goto out; } diff --git a/block/crypto.c b/block/crypto.c index 76cc8bda49..812c3c28f5 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -229,6 +229,7 @@ static QemuOptsList block_crypto_create_opts_luks = { BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""), BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""), BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""), + BLOCK_CRYPTO_OPT_DEF_LUKS_DETACHED_MODE(""), { /* end of list */ } }, }; @@ -793,6 +794,8 @@ block_crypto_co_create_opts_luks(BlockDriver *drv, const char *filename, PreallocMode prealloc; char *buf = NULL; int64_t size; + bool detached_mode = + qemu_opt_get_bool(opts, "detached-mode", false); int ret; Error *local_err = NULL; @@ -832,8 +835,12 @@ block_crypto_co_create_opts_luks(BlockDriver *drv, const char *filename, goto fail; } + /* The detached_header default to true if detached-mode is specified */ + create_opts->u.luks.detached_header = detached_mode ? true : false; + /* Create format layer */ - ret = block_crypto_co_create_generic(bs, size, create_opts, prealloc, errp); + ret = block_crypto_co_create_generic(bs, detached_mode ? 0 : size, + create_opts, prealloc, errp); if (ret < 0) { goto fail; } diff --git a/block/crypto.h b/block/crypto.h index 72e792c9af..bceefd45bd 100644 --- a/block/crypto.h +++ b/block/crypto.h @@ -41,6 +41,7 @@ #define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg" #define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg" #define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time" +#define BLOCK_CRYPTO_OPT_LUKS_DETACHED_MODE "detached-mode" #define BLOCK_CRYPTO_OPT_LUKS_KEYSLOT "keyslot" #define BLOCK_CRYPTO_OPT_LUKS_STATE "state" #define BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET "old-secret" @@ -100,6 +101,13 @@ .help = "Select new state of affected keyslots (active/inactive)",\ } +#define BLOCK_CRYPTO_OPT_DEF_LUKS_DETACHED_MODE(prefix) \ + { \ + .name = prefix BLOCK_CRYPTO_OPT_LUKS_DETACHED_MODE, \ + .type = QEMU_OPT_BOOL, \ + .help = "Create a detached LUKS header", \ + } + #define BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(prefix) \ { \ .name = prefix BLOCK_CRYPTO_OPT_LUKS_KEYSLOT, \ diff --git a/qapi/crypto.json b/qapi/crypto.json index 6b4e86cb81..8e81aa8454 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -226,6 +226,8 @@ # @iter-time: number of milliseconds to spend in PBKDF passphrase # processing. Currently defaults to 2000. (since 2.8) # +# @detached-mode: create a detached LUKS header. (since 9.0) +# # Since: 2.6 ## { 'struct': 'QCryptoBlockCreateOptionsLUKS', @@ -235,7 +237,8 @@ '*ivgen-alg': 'QCryptoIVGenAlgorithm', '*ivgen-hash-alg': 'QCryptoHashAlgorithm', '*hash-alg': 'QCryptoHashAlgorithm', - '*iter-time': 'int'}} + '*iter-time': 'int', + '*detached-mode': 'bool'}} ## # @QCryptoBlockOpenOptions: From patchwork Mon Dec 25 05:45:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 13504486 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4DAC9C3DA6E for ; Mon, 25 Dec 2023 05:49:05 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdol-0004m7-EF; Mon, 25 Dec 2023 00:47:59 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdok-0004lz-GD for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:58 -0500 Received: from mail-pf1-x430.google.com ([2607:f8b0:4864:20::430]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdoi-0002AQ-BE for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:47:58 -0500 Received: by mail-pf1-x430.google.com with SMTP id d2e1a72fcca58-6d9b3a967dbso612098b3a.1 for ; Sun, 24 Dec 2023 21:45:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703483154; x=1704087954; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=V41DNB1pjZ9O5cZD/tszsVFWwnvqdC0t0assc5W46WI=; b=YouGugFQ25dPZCBi/1ViuZU1c+FRnL/QeMrEFGdjQQ/JI1uC5ZHeZe5vuSklb26r02 Uuyy+f0kTKBm+FORNgWMXn3qwtEbnjovfCUql+cyuCdUxO1c6QGucPgAjFr4bNKG/2Ht bmbF1c6S57jo0HmXeS9jPMWGPrkOU8vsL1zSup52n7IYmEqxvnnMRpDamhsxh8E2oUdX b2//TQHKh7WnOeFK441eLwojWAKkvbzOHbx8MiaMuCVfJ/F1N9xZrGW3xBoT7Bt1VWJc bfPGaXWi6GDk8z4B0RAJ2BlYJufxNTsRtR96UfiM0ghzZa3IFJ8wykQBYuLFZseTXDlA UY6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703483154; x=1704087954; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=V41DNB1pjZ9O5cZD/tszsVFWwnvqdC0t0assc5W46WI=; b=WtyJmMKHtwqafAv+Y+KqVIpmOXC05J4E0dlNUYWwXayfjCVPn7gU9wIRSN7p0L2ptx 7+FsdNYYCRjnpOvk6+Rkil0AXmWy0H8gFSGsqPc/K0MDpDuuFZUKzwSnxcZOeEeKKk56 6rLSODO/rtB1XB8jbao4vZGF+F7LWK+4O6f1XaRNMJwDSnmn2h/v686WJ+bBB41Y16ay +OGur9nTxlne6/WheXy+1BqE6+B7/27DfjOHyWQWi7G+qjQzSpsYPc8XrrBK3uhi7wJZ aVdeMDNzh7q+TlIg78yKmcd8yNeGd28nTymijtlCpvgsXPdFsYptLEax3dfrsJvqZYUq vd/g== X-Gm-Message-State: AOJu0YwRTGJc8FoZVb7jSCoRl6ICDsde2DJH29P8eThXWaZ4280pLPcp vPIgYv0jXqiNkptI7yo+1Mj6Kq986ta9+TQ4QhFk75kQATN2Gw== X-Google-Smtp-Source: AGHT+IFR5ilnvhJ+yf9dbCHboxZxUphYJvmL62Y+cysV2eyWAdnfVLQevSHwruesqev+5BzZh5xdDw== X-Received: by 2002:aa7:8694:0:b0:6d9:ac49:4e36 with SMTP id d20-20020aa78694000000b006d9ac494e36mr2458897pfo.68.1703483154041; Sun, 24 Dec 2023 21:45:54 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id y22-20020a056a00191600b006cef521b151sm7342415pfi.168.2023.12.24.21.45.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:45:53 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [PATCH RESEND v3 08/10] crypto: Introduce 'detached-header' field in QCryptoBlockInfoLUKS Date: Mon, 25 Dec 2023 13:45:10 +0800 Message-Id: <0866d2a1e7011831570a377e02cddb5db4b7d855.1703482349.git.yong.huang@smartx.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::430; envelope-from=yong.huang@smartx.com; helo=mail-pf1-x430.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org When querying the LUKS disk with the qemu-img tool or other APIs, add information about whether the LUKS header is detached. Additionally, update the test case with the appropriate modification. Signed-off-by: Hyman Huang --- crypto/block-luks.c | 2 ++ qapi/crypto.json | 3 +++ tests/qemu-iotests/210.out | 4 ++++ 3 files changed, 9 insertions(+) diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 474c7aee2e..c5e53b4ee4 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -1266,6 +1266,7 @@ qcrypto_block_luks_open(QCryptoBlock *block, block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE; block->payload_offset = qcrypto_block_luks_payload_offset(luks->header.payload_offset_sector); + block->detached_header = (block->payload_offset == 0) ? true : false; return 0; @@ -1892,6 +1893,7 @@ static int qcrypto_block_luks_get_info(QCryptoBlock *block, info->u.luks.master_key_iters = luks->header.master_key_iterations; info->u.luks.uuid = g_strndup((const char *)luks->header.uuid, sizeof(luks->header.uuid)); + info->u.luks.detached_header = block->detached_header; for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { slot = g_new0(QCryptoBlockInfoLUKSSlot, 1); diff --git a/qapi/crypto.json b/qapi/crypto.json index 8e81aa8454..336c880b5d 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -317,6 +317,8 @@ # # @hash-alg: the master key hash algorithm # +# @detached-header: whether the LUKS header is detached (Since 9.0) +# # @payload-offset: offset to the payload data in bytes # # @master-key-iters: number of PBKDF2 iterations for key material @@ -333,6 +335,7 @@ 'ivgen-alg': 'QCryptoIVGenAlgorithm', '*ivgen-hash-alg': 'QCryptoHashAlgorithm', 'hash-alg': 'QCryptoHashAlgorithm', + 'detached-header': 'bool', 'payload-offset': 'int', 'master-key-iters': 'int', 'uuid': 'str', diff --git a/tests/qemu-iotests/210.out b/tests/qemu-iotests/210.out index 96d9f749dd..94b29b2120 100644 --- a/tests/qemu-iotests/210.out +++ b/tests/qemu-iotests/210.out @@ -18,6 +18,7 @@ virtual size: 128 MiB (134217728 bytes) encrypted: yes Format specific information: ivgen alg: plain64 + detached header: false hash alg: sha256 cipher alg: aes-256 uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX @@ -70,6 +71,7 @@ virtual size: 64 MiB (67108864 bytes) encrypted: yes Format specific information: ivgen alg: plain64 + detached header: false hash alg: sha1 cipher alg: aes-128 uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX @@ -125,6 +127,7 @@ virtual size: 0 B (0 bytes) encrypted: yes Format specific information: ivgen alg: plain64 + detached header: false hash alg: sha256 cipher alg: aes-256 uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX @@ -195,6 +198,7 @@ virtual size: 0 B (0 bytes) encrypted: yes Format specific information: ivgen alg: plain64 + detached header: false hash alg: sha256 cipher alg: aes-256 uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX From patchwork Mon Dec 25 05:45:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 13504481 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DE22FC3DA6E for ; Mon, 25 Dec 2023 05:48:30 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdor-0004nK-6b; Mon, 25 Dec 2023 00:48:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdoo-0004mz-DB for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:48:02 -0500 Received: from mail-pf1-x42a.google.com ([2607:f8b0:4864:20::42a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdom-0002Bq-Cc for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:48:02 -0500 Received: by mail-pf1-x42a.google.com with SMTP id d2e1a72fcca58-6d9b37f4804so354008b3a.1 for ; Sun, 24 Dec 2023 21:46:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703483159; x=1704087959; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=atVUFHIuvcwN+GlL1DnypsI1Up3UkYdIbJbv6i2R2a0=; b=bhkjf8FMkpBSj6lhWCrMQJSeR9v9TfM6AD8P4ysIANtKioe9S0V8lixDofx/dHqUhc +gm+B3Va+BgAgwTj93W9XFlMXOQin7EleITCQY5PWIE0AUqSDn7OhCmSfMzxX3Tww3HL 7Ce8sqfya68PGjAzmYwljuC+/AftlCggJPLDx5jSAvEB9FwCG/ZHoiOvBHB1yxd6ebwh +g4K0a3xS9XDPgJtqC07S+Sej9Z6dnAA1iNsv7896H6EO6N8t47J9o1qj3iS9VQlPi9+ B8G+3fr+/+/3W/YGAXBi/ivPLSUzetqykszr52GKCGQr0RKtPjRftYUGsn9kPZjrTbYC ALjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703483159; x=1704087959; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=atVUFHIuvcwN+GlL1DnypsI1Up3UkYdIbJbv6i2R2a0=; b=Np7ACBGW7b6ce+hACwXyvhZ2aaOucD2hdUhMK8uVFHx7yI///GRAdI2vJyJU5+jfwl n8FUEZPdDoJHR89QtwbLDNLjV29uYleVLSoXADQCpVlRQG7z2DXtoznYicxSV2o92VeW EChpUzDZfrRgLOEfe4/PoNFLlfp0EDSg8KQfnjTlbqNYr5oV6HYnwk0LqJfQum46Qigk +UlBXuQQ+l1xzzSLCB6GeRn2yMRgKduxf+Qumgvt2jSgTtNCiJKfT7QECTqwRvxeXF2P 6qqfHD6wtbjGB8POP+86xpV2NHdw8j3rBzCrIxQog9cCSAPkNobg4WfeQ/tpS6hr7qVN QUKQ== X-Gm-Message-State: AOJu0YxXVX6+ORHR0YHUblKCpNXu5jafNJJPtoA1W2NH6ddVOKLzA0Em k9bvsZSm32/kBH0+75BoZLf7hL/4WyTB0Pl3Q0M8xIh8LZGl1g== X-Google-Smtp-Source: AGHT+IEDxhmmFx4Yud+ylWWF8CtfD8f5orFdL5ZBn+Eo1JmWrGlz4BoN3DT3oqEYc00HGTaB2Olhsg== X-Received: by 2002:a05:6a20:548c:b0:190:e402:8bc6 with SMTP id i12-20020a056a20548c00b00190e4028bc6mr5683374pzk.43.1703483158319; Sun, 24 Dec 2023 21:45:58 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id y22-20020a056a00191600b006cef521b151sm7342415pfi.168.2023.12.24.21.45.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:45:58 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [PATCH RESEND v3 09/10] tests: Add detached LUKS header case Date: Mon, 25 Dec 2023 13:45:11 +0800 Message-Id: <1c201f745c591a163d45119bf25b077bd4898343.1703482349.git.yong.huang@smartx.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::42a; envelope-from=yong.huang@smartx.com; helo=mail-pf1-x42a.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Hyman Huang --- tests/qemu-iotests/tests/luks-detached-header | 214 ++++++++++++++++++ .../tests/luks-detached-header.out | 5 + 2 files changed, 219 insertions(+) create mode 100755 tests/qemu-iotests/tests/luks-detached-header create mode 100644 tests/qemu-iotests/tests/luks-detached-header.out diff --git a/tests/qemu-iotests/tests/luks-detached-header b/tests/qemu-iotests/tests/luks-detached-header new file mode 100755 index 0000000000..cf305bfa47 --- /dev/null +++ b/tests/qemu-iotests/tests/luks-detached-header @@ -0,0 +1,214 @@ +#!/usr/bin/env python3 +# group: rw auto +# +# Test detached LUKS header +# +# Copyright (C) 2024 SmartX Inc. +# +# Authors: +# Hyman Huang +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import os +import iotests +from iotests import imgfmt, qemu_img_create, img_info_log, qemu_img_info, QMPTestCase + + +image_size = 128 * 1024 * 1024 + +luks_img = os.path.join(iotests.test_dir, 'luks.img') +detached_header_img1 = os.path.join(iotests.test_dir, 'detached_header.img1') +detached_header_img2 = os.path.join(iotests.test_dir, 'detached_header.img2') +detached_payload_raw_img = os.path.join(iotests.test_dir, 'detached_payload_raw.img') +detached_payload_qcow2_img = os.path.join(iotests.test_dir, 'detached_payload_qcow2.img') + +secret_obj = 'secret,id=sec0,data=foo' +luks_opts = 'key-secret=sec0' + + +class TestDetachedLUKSHeader(QMPTestCase): + def setUp(self) -> None: + self.vm = iotests.VM() + self.vm.add_object(secret_obj) + self.vm.launch() + + # 1. Create the normal LUKS disk with 128M size + self.vm.blockdev_create({ 'driver': 'file', + 'filename': luks_img, + 'size': 0 }) + self.vm.qmp_log('blockdev-add', driver='file', filename=luks_img, + node_name='luks-1-storage') + result = self.vm.blockdev_create({ 'driver': imgfmt, + 'file': 'luks-1-storage', + 'key-secret': 'sec0', + 'size': image_size, + 'iter-time': 10 }) + # None is expected + self.assertEqual(result, None) + + # 2. Create the LUKS disk with detached header (raw) + + # Create detached LUKS header + self.vm.blockdev_create({ 'driver': 'file', + 'filename': detached_header_img1, + 'size': 0 }) + self.vm.qmp_log('blockdev-add', driver='file', filename=detached_header_img1, + node_name='luks-2-header-storage') + + # Create detached LUKS raw payload + self.vm.blockdev_create({ 'driver': 'file', + 'filename': detached_payload_raw_img, + 'size': 0 }) + self.vm.qmp_log('blockdev-add', driver='file', + filename=detached_payload_raw_img, + node_name='luks-2-payload-storage') + + # Format LUKS disk with detached header + result = self.vm.blockdev_create({ 'driver': imgfmt, + 'header': 'luks-2-header-storage', + 'file': 'luks-2-payload-storage', + 'key-secret': 'sec0', + 'preallocation': 'full', + 'size': image_size, + 'iter-time': 10 }) + self.assertEqual(result, None) + + self.vm.shutdown() + + # 3. Create the LUKS disk with detached header (qcow2) + + # Create detached LUKS header using qemu-img + res = qemu_img_create('-f', 'luks', '--object', secret_obj, '-o', luks_opts, + '-o', "detached-mode=true", detached_header_img2) + assert res.returncode == 0 + + # Create detached LUKS qcow2 payload + res = qemu_img_create('-f', 'qcow2', detached_payload_qcow2_img, str(image_size)) + assert res.returncode == 0 + + def tearDown(self) -> None: + os.remove(luks_img) + os.remove(detached_header_img1) + os.remove(detached_header_img2) + os.remove(detached_payload_raw_img) + os.remove(detached_payload_qcow2_img) + + # Check if there was any qemu-io run that failed + if 'Pattern verification failed' in self.vm.get_log(): + print('ERROR: Pattern verification failed:') + print(self.vm.get_log()) + self.fail('qemu-io pattern verification failed') + + def test_img_creation(self) -> None: + # Check if the images created above are expected + + data = qemu_img_info(luks_img)['format-specific'] + self.assertEqual(data['type'], imgfmt) + self.assertEqual(data['data']['detached-header'], False) + + data = qemu_img_info(detached_header_img1)['format-specific'] + self.assertEqual(data['type'], imgfmt) + self.assertEqual(data['data']['detached-header'], True) + + data = qemu_img_info(detached_header_img2)['format-specific'] + self.assertEqual(data['type'], imgfmt) + self.assertEqual(data['data']['detached-header'], True) + + # Check if preallocation works + size = qemu_img_info(detached_payload_raw_img)['actual-size'] + self.assertGreaterEqual(size, image_size) + + def test_detached_luks_header(self) -> None: + self.vm.launch() + + # 1. Add the disk created above + + # Add normal LUKS disk + self.vm.qmp_log('blockdev-add', driver='file', filename=luks_img, + node_name='luks-1-storage') + result = self.vm.qmp_log('blockdev-add', driver='luks', file='luks-1-storage', + key_secret='sec0', node_name='luks-1-format') + + # Expected result{ "return": {} } + self.assert_qmp(result, 'return', {}) + + # Add detached LUKS header with raw payload + self.vm.qmp_log('blockdev-add', driver='file', filename=detached_header_img1, + node_name='luks-header1-storage') + + self.vm.qmp_log('blockdev-add', driver='file', filename=detached_payload_raw_img, + node_name='luks-2-payload-raw-storage') + + result = self.vm.qmp_log('blockdev-add', driver=imgfmt, + header='luks-header1-storage', + file='luks-2-payload-raw-storage', + key_secret='sec0', + node_name='luks-2-payload-raw-format') + self.assert_qmp(result, 'return', {}) + + # Add detached LUKS header with qcow2 payload + self.vm.qmp_log('blockdev-add', driver='file', filename=detached_header_img2, + node_name='luks-header2-storage') + + self.vm.qmp_log('blockdev-add', driver='file', filename=detached_payload_qcow2_img, + node_name='luks-3-payload-qcow2-storage') + + result = self.vm.qmp_log('blockdev-add', driver=imgfmt, + header='luks-header2-storage', + file='luks-3-payload-qcow2-storage', + key_secret='sec0', + node_name='luks-3-payload-qcow2-format') + self.assert_qmp(result, 'return', {}) + + # 2. Do I/O test + + # Do some I/O to the image to see whether it still works + # (Pattern verification will be checked by tearDown()) + + # Normal LUKS disk + result = self.vm.qmp_log('human-monitor-command', + command_line='qemu-io luks-1-format "write -P 40 0 64k"') + self.assert_qmp(result, 'return', '') + + result = self.vm.qmp_log('human-monitor-command', + command_line='qemu-io luks-1-format "read -P 40 0 64k"') + self.assert_qmp(result, 'return', '') + + # Detached LUKS header with raw payload + result = self.vm.qmp('human-monitor-command', + command_line='qemu-io luks-2-payload-raw-format "write -P 41 0 64k"') + self.assert_qmp(result, 'return', '') + + result = self.vm.qmp('human-monitor-command', + command_line='qemu-io luks-2-payload-raw-format "read -P 41 0 64k"') + self.assert_qmp(result, 'return', '') + + # Detached LUKS header with qcow2 payload + result = self.vm.qmp('human-monitor-command', + command_line='qemu-io luks-3-payload-qcow2-format "write -P 42 0 64k"') + self.assert_qmp(result, 'return', '') + + result = self.vm.qmp('human-monitor-command', + command_line='qemu-io luks-3-payload-qcow2-format "read -P 42 0 64k"') + self.assert_qmp(result, 'return', '') + + self.vm.shutdown() + + +if __name__ == '__main__': + # Test image creation and I/O + iotests.main(supported_fmts=['luks'], + supported_protocols=['file']) diff --git a/tests/qemu-iotests/tests/luks-detached-header.out b/tests/qemu-iotests/tests/luks-detached-header.out new file mode 100644 index 0000000000..fbc63e62f8 --- /dev/null +++ b/tests/qemu-iotests/tests/luks-detached-header.out @@ -0,0 +1,5 @@ +.. +---------------------------------------------------------------------- +Ran 2 tests + +OK From patchwork Mon Dec 25 05:45:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yong Huang X-Patchwork-Id: 13504485 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D7C52C3DA6E for ; Mon, 25 Dec 2023 05:48:56 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rHdou-0004nu-5R; Mon, 25 Dec 2023 00:48:08 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rHdos-0004na-Dm for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:48:06 -0500 Received: from mail-oi1-x22e.google.com ([2607:f8b0:4864:20::22e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rHdor-0002C4-4J for qemu-devel@nongnu.org; Mon, 25 Dec 2023 00:48:06 -0500 Received: by mail-oi1-x22e.google.com with SMTP id 5614622812f47-3ba2e4ff6e1so2900874b6e.3 for ; Sun, 24 Dec 2023 21:46:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smartx-com.20230601.gappssmtp.com; s=20230601; t=1703483162; x=1704087962; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=cRysB8cvYPSKAt6SyvAAu4RjPWDEBwqeC3YTz4T4KdA=; b=fqNdfAj3+a6Acw5jC1UMN8NjSSYytja/dniwYDEU2NuesvoMpFtQiA1c+95Gkk2Mii 8pK3z8IP6pxNQkBGte1qkR+4dnaztCT9MVHqsr7PBoHcZOqHeCF0yUt0oV0hc/BpS+DZ NeGw0rfykM5pUKJ1f2uGRbKIgfbxPWz7O9pJoLsCTOyyVl3GZ9+dTCSKVrh+RIhA+Yhf iviT6bBuk3s6QrCMPTXeeee1qpWpclJi8TPjY/53P20WlElN2EtAcVMMjpO2+UKAk4/+ vEJCwicZnFlKbb1ySlC40jJ90zB1nRee9v8KytFBHcd991zkW3OtByEvDlk2qzCZexZw cIkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703483162; x=1704087962; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cRysB8cvYPSKAt6SyvAAu4RjPWDEBwqeC3YTz4T4KdA=; b=q8B2G2GUbK5JKlxZIORqVBYQiTjPTv8g6mIyOgEcZeiH/YKPXvWYZ2x4+rwWEYAXuU Goknv5gIkc5wKhyqxPG/0LmrGKEddHElBVQCmDDdI8dbbZML2QUtXRXcYnZYg1g+YIyR Fr4madsW/GlesL0U2r19/1mzPFPLHIdZV77V+2lwTwOezhmil/kvnRisBkALBiXBZ3/9 oJI+F4SyCThBPG2sm/WuSrho8Q6dgASO12N6AnwtbhAXzCTBXdPzfvb4A7LT61Q91mY3 crQLeKoJDYjy1+zTklYWO4XZeUQcT8GclNU8LCyT+8BOcABPq+FCMK/NkRbHPaM9dVis XrHw== X-Gm-Message-State: AOJu0YwqDu6DMOxzxuBHaNyBu3fif23tly6tBOcQH6154Wgo1VNDVLm+ kYa/ouz35tnUqwWitlXRGVwm3Dl9fC0CQPqh37ZwSa9SdX9K2A== X-Google-Smtp-Source: AGHT+IH7KG0tltyCwjAjK5IIfrQGk1UXqsuOyZTwgy2ZjKD8sm4tianfwhkRuIwRE+hRCzSIUOaAmg== X-Received: by 2002:a05:6808:f91:b0:3b8:45cf:9b2 with SMTP id o17-20020a0568080f9100b003b845cf09b2mr6157554oiw.20.1703483162349; Sun, 24 Dec 2023 21:46:02 -0800 (PST) Received: from localhost.localdomain ([118.114.58.28]) by smtp.gmail.com with ESMTPSA id y22-20020a056a00191600b006cef521b151sm7342415pfi.168.2023.12.24.21.45.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Dec 2023 21:46:01 -0800 (PST) From: Hyman Huang To: qemu-devel Cc: Kevin Wolf , =?utf-8?q?Daniel_P_=2E_Berrang=C3=A9?= , Hanna Reitz , Eric Blake , Markus Armbruster , Hyman Huang Subject: [PATCH RESEND v3 10/10] MAINTAINERS: Add section "Detached LUKS header" Date: Mon, 25 Dec 2023 13:45:12 +0800 Message-Id: X-Mailer: git-send-email 2.39.1 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: none client-ip=2607:f8b0:4864:20::22e; envelope-from=yong.huang@smartx.com; helo=mail-oi1-x22e.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org I've built interests in block cryptography and also have been working on projects related to this subsystem. Add a section to the MAINTAINERS file for detached LUKS header, it only has a test case in it currently. Signed-off-by: Hyman Huang --- MAINTAINERS | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index 395f26ba86..f0f7b889a3 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -3391,6 +3391,11 @@ F: migration/dirtyrate.c F: migration/dirtyrate.h F: include/sysemu/dirtyrate.h +Detached LUKS header +M: Hyman Huang +S: Maintained +F: tests/qemu-iotests/tests/luks-detached-header + D-Bus M: Marc-André Lureau S: Maintained