]> git.proxmox.com Git - mirror_qemu.git/blame - block/crypto.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
block/amend: refactor qcow2 amend options
[mirror_qemu.git] / block / crypto.c
CommitLineData
78368575
DB		 1/*
2 * QEMU block full disk encryption
3 *
4 * Copyright (c) 2015-2016 Red Hat, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18 *
19 */
20
21#include "qemu/osdep.h"
22
23#include "block/block_int.h"
f853465a 24#include "block/qdict.h"
78368575
DB		 25#include "sysemu/block-backend.h"
26#include "crypto/block.h"
27#include "qapi/opts-visitor.h"
9af23989 28#include "qapi/qapi-visit-crypto.h"
306a06e5 29#include "qapi/qobject-input-visitor.h"
78368575 30#include "qapi/error.h"
0b8fa32f 31#include "qemu/module.h"
922a01a0 32#include "qemu/option.h"
1bba30da 33#include "qemu/cutils.h"
0d8c41da 34#include "crypto.h"
78368575
DB		 35
36typedef struct BlockCrypto BlockCrypto;
37
38struct BlockCrypto {
39 QCryptoBlock *block;
40};
41
42
43static int block_crypto_probe_generic(QCryptoBlockFormat format,
44 const uint8_t *buf,
45 int buf_size,
46 const char *filename)
47{
48 if (qcrypto_block_has_format(format, buf, buf_size)) {
49 return 100;
50 } else {
51 return 0;
52 }
53}
54
55
56static ssize_t block_crypto_read_func(QCryptoBlock *block,
57 size_t offset,
58 uint8_t *buf,
59 size_t buflen,
e4a3507e 60 void *opaque,
37509233 61 Error **errp)
78368575
DB		 62{
63 BlockDriverState *bs = opaque;
64 ssize_t ret;
65
cf2ab8fc 66 ret = bdrv_pread(bs->file, offset, buf, buflen);
78368575
DB		 67 if (ret < 0) {
68 error_setg_errno(errp, -ret, "Could not read encryption header");
69 return ret;
70 }
71 return ret;
72}
73
74
75struct BlockCryptoCreateData {
78368575
DB		 76 BlockBackend *blk;
77 uint64_t size;
672de729 78 PreallocMode prealloc;
78368575
DB		 79};
80
81
82static ssize_t block_crypto_write_func(QCryptoBlock *block,
83 size_t offset,
84 const uint8_t *buf,
85 size_t buflen,
e4a3507e 86 void *opaque,
37509233 87 Error **errp)
78368575
DB		 88{
89 struct BlockCryptoCreateData *data = opaque;
90 ssize_t ret;
91
8341f00d 92 ret = blk_pwrite(data->blk, offset, buf, buflen, 0);
78368575
DB		 93 if (ret < 0) {
94 error_setg_errno(errp, -ret, "Could not write encryption header");
95 return ret;
96 }
97 return ret;
98}
99
100
101static ssize_t block_crypto_init_func(QCryptoBlock *block,
102 size_t headerlen,
e4a3507e 103 void *opaque,
37509233 104 Error **errp)
78368575
DB		 105{
106 struct BlockCryptoCreateData *data = opaque;
3d1900a4
ML		 107 Error *local_error = NULL;
108 int ret;
78368575 109
3d7ed9c4 110 if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) {
3d1900a4
ML		 111 ret = -EFBIG;
112 goto error;
3d7ed9c4
KW		 113 }
114
78368575
DB		 115 /* User provided size should reflect amount of space made
116 * available to the guest, so we must take account of that
117 * which will be used by the crypto header
118 */
3d1900a4
ML		 119 ret = blk_truncate(data->blk, data->size + headerlen, false,
120 data->prealloc, 0, &local_error);
121
122 if (ret >= 0) {
123 return ret;
124 }
125
126error:
127 if (ret == -EFBIG) {
128 /* Replace the error message with a better one */
129 error_free(local_error);
130 error_setg(errp, "The requested file size is too large");
131 } else {
132 error_propagate(errp, local_error);
133 }
134
135 return ret;
78368575
DB		 136}
137
138
139static QemuOptsList block_crypto_runtime_opts_luks = {
140 .name = "crypto",
141 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head),
142 .desc = {
4a47f854 143 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
78368575
DB		 144 { /* end of list */ }
145 },
146};
147
148
149static QemuOptsList block_crypto_create_opts_luks = {
150 .name = "crypto",
151 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head),
152 .desc = {
153 {
154 .name = BLOCK_OPT_SIZE,
155 .type = QEMU_OPT_SIZE,
156 .help = "Virtual disk size"
157 },
4a47f854
DB		 158 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
159 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(""),
160 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(""),
161 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(""),
162 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""),
163 BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""),
164 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
78368575
DB		 165 { /* end of list */ }
166 },
167};
168
169
306a06e5 170QCryptoBlockOpenOptions *
796d3239 171block_crypto_open_opts_init(QDict *opts, Error **errp)
78368575 172{
09204eac 173 Visitor *v;
796d3239 174 QCryptoBlockOpenOptions *ret;
78368575 175
796d3239 176 v = qobject_input_visitor_new_flat_confused(opts, errp);
e6af90f3 177 if (!v) {
796d3239 178 return NULL;
f853465a 179 }
78368575 180
796d3239 181 visit_type_QCryptoBlockOpenOptions(v, NULL, &ret, errp);
78368575 182
09204eac 183 visit_free(v);
78368575
DB		 184 return ret;
185}
186
187
306a06e5 188QCryptoBlockCreateOptions *
796d3239 189block_crypto_create_opts_init(QDict *opts, Error **errp)
78368575 190{
09204eac 191 Visitor *v;
796d3239 192 QCryptoBlockCreateOptions *ret;
78368575 193
796d3239 194 v = qobject_input_visitor_new_flat_confused(opts, errp);
e6af90f3 195 if (!v) {
796d3239 196 return NULL;
f853465a 197 }
78368575 198
796d3239 199 visit_type_QCryptoBlockCreateOptions(v, NULL, &ret, errp);
78368575 200
09204eac 201 visit_free(v);
78368575
DB		 202 return ret;
203}
204
43cbd06d
ML		 205QCryptoBlockAmendOptions *
206block_crypto_amend_opts_init(QDict *opts, Error **errp)
207{
208 Visitor *v;
209 QCryptoBlockAmendOptions *ret;
210
211 v = qobject_input_visitor_new_flat_confused(opts, errp);
212 if (!v) {
213 return NULL;
214 }
215
216 visit_type_QCryptoBlockAmendOptions(v, NULL, &ret, errp);
217
218 visit_free(v);
219 return ret;
220}
221
78368575
DB		 222
223static int block_crypto_open_generic(QCryptoBlockFormat format,
224 QemuOptsList *opts_spec,
225 BlockDriverState *bs,
226 QDict *options,
227 int flags,
228 Error **errp)
229{
230 BlockCrypto *crypto = bs->opaque;
231 QemuOpts *opts = NULL;
232 Error *local_err = NULL;
233 int ret = -EINVAL;
234 QCryptoBlockOpenOptions *open_opts = NULL;
235 unsigned int cflags = 0;
306a06e5 236 QDict *cryptoopts = NULL;
78368575 237
8b1869da
HR		 238 bs->file = bdrv_open_child(NULL, options, "file", bs, &child_of_bds,
239 BDRV_CHILD_IMAGE, false, errp);
4e4bf5c4
KW		 240 if (!bs->file) {
241 return -EINVAL;
242 }
243
d67a6b09
DB		 244 bs->supported_write_flags = BDRV_REQ_FUA &
245 bs->file->bs->supported_write_flags;
246
78368575
DB		 247 opts = qemu_opts_create(opts_spec, NULL, 0, &error_abort);
248 qemu_opts_absorb_qdict(opts, options, &local_err);
249 if (local_err) {
250 error_propagate(errp, local_err);
251 goto cleanup;
252 }
253
306a06e5 254 cryptoopts = qemu_opts_to_qdict(opts, NULL);
796d3239 255 qdict_put_str(cryptoopts, "format", QCryptoBlockFormat_str(format));
306a06e5 256
796d3239 257 open_opts = block_crypto_open_opts_init(cryptoopts, errp);
78368575
DB		 258 if (!open_opts) {
259 goto cleanup;
260 }
261
262 if (flags & BDRV_O_NO_IO) {
263 cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
264 }
1cd9a787 265 crypto->block = qcrypto_block_open(open_opts, NULL,
78368575
DB		 266 block_crypto_read_func,
267 bs,
268 cflags,
c972fa12 269 1,
78368575
DB		 270 errp);
271
272 if (!crypto->block) {
273 ret = -EIO;
274 goto cleanup;
275 }
276
54115412 277 bs->encrypted = true;
78368575
DB		 278
279 ret = 0;
280 cleanup:
cb3e7f08 281 qobject_unref(cryptoopts);
78368575
DB		 282 qapi_free_QCryptoBlockOpenOptions(open_opts);
283 return ret;
284}
285
286
1ec4f416
KW		 287static int block_crypto_co_create_generic(BlockDriverState *bs,
288 int64_t size,
289 QCryptoBlockCreateOptions *opts,
672de729 290 PreallocMode prealloc,
1ec4f416 291 Error **errp)
78368575 292{
1ec4f416
KW		 293 int ret;
294 BlockBackend *blk;
78368575 295 QCryptoBlock *crypto = NULL;
1ec4f416 296 struct BlockCryptoCreateData data;
306a06e5 297
a3aeeab5
EB		 298 blk = blk_new_with_bs(bs, BLK_PERM_WRITE | BLK_PERM_RESIZE, BLK_PERM_ALL,
299 errp);
300 if (!blk) {
301 ret = -EPERM;
1ec4f416 302 goto cleanup;
3b5a1f6a
KW		 303 }
304
672de729
ML		 305 if (prealloc == PREALLOC_MODE_METADATA) {
306 prealloc = PREALLOC_MODE_OFF;
307 }
308
1ec4f416
KW		 309 data = (struct BlockCryptoCreateData) {
310 .blk = blk,
311 .size = size,
672de729 312 .prealloc = prealloc,
1ec4f416 313 };
3b5a1f6a 314
1ec4f416 315 crypto = qcrypto_block_create(opts, NULL,
78368575
DB		 316 block_crypto_init_func,
317 block_crypto_write_func,
318 &data,
319 errp);
320
321 if (!crypto) {
322 ret = -EIO;
323 goto cleanup;
324 }
325
326 ret = 0;
327 cleanup:
328 qcrypto_block_free(crypto);
1ec4f416 329 blk_unref(blk);
78368575
DB		 330 return ret;
331}
332
061ca8a3 333static int coroutine_fn
c80d8b06 334block_crypto_co_truncate(BlockDriverState *bs, int64_t offset, bool exact,
92b92799
KW		 335 PreallocMode prealloc, BdrvRequestFlags flags,
336 Error **errp)
78368575
DB		 337{
338 BlockCrypto *crypto = bs->opaque;
31376555 339 uint64_t payload_offset =
78368575 340 qcrypto_block_get_payload_offset(crypto->block);
120bc742
KW		 341
342 if (payload_offset > INT64_MAX - offset) {
343 error_setg(errp, "The requested file size is too large");
344 return -EFBIG;
345 }
78368575
DB		 346
347 offset += payload_offset;
348
7b8e4857 349 return bdrv_co_truncate(bs->file, offset, exact, prealloc, 0, errp);
78368575
DB		 350}
351
352static void block_crypto_close(BlockDriverState *bs)
353{
354 BlockCrypto *crypto = bs->opaque;
355 qcrypto_block_free(crypto->block);
356}
357
f87e08f9
DB		 358static int block_crypto_reopen_prepare(BDRVReopenState *state,
359 BlockReopenQueue *queue, Error **errp)
360{
361 /* nothing needs checking */
362 return 0;
363}
78368575 364
161253e2
DB		 365/*
366 * 1 MB bounce buffer gives good performance / memory tradeoff
367 * when using cache=none|directsync.
368 */
369#define BLOCK_CRYPTO_MAX_IO_SIZE (1024 * 1024)
78368575
DB		 370
371static coroutine_fn int
a73466fb
DB		 372block_crypto_co_preadv(BlockDriverState *bs, uint64_t offset, uint64_t bytes,
373 QEMUIOVector *qiov, int flags)
78368575
DB		 374{
375 BlockCrypto *crypto = bs->opaque;
a73466fb 376 uint64_t cur_bytes; /* number of bytes in current iteration */
78368575
DB		 377 uint64_t bytes_done = 0;
378 uint8_t *cipher_data = NULL;
379 QEMUIOVector hd_qiov;
380 int ret = 0;
a73466fb
DB		 381 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block);
382 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block);
a73466fb
DB		 383
384 assert(!flags);
385 assert(payload_offset < INT64_MAX);
386 assert(QEMU_IS_ALIGNED(offset, sector_size));
387 assert(QEMU_IS_ALIGNED(bytes, sector_size));
78368575
DB		 388
389 qemu_iovec_init(&hd_qiov, qiov->niov);
390
161253e2
DB		 391 /* Bounce buffer because we don't wish to expose cipher text
392 * in qiov which points to guest memory.
78368575
DB		 393 */
394 cipher_data =
161253e2 395 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE,
78368575
DB		 396 qiov->size));
397 if (cipher_data == NULL) {
398 ret = -ENOMEM;
399 goto cleanup;
400 }
401
a73466fb
DB		 402 while (bytes) {
403 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE);
78368575
DB		 404
405 qemu_iovec_reset(&hd_qiov);
a73466fb 406 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes);
78368575 407
a73466fb
DB		 408 ret = bdrv_co_preadv(bs->file, payload_offset + offset + bytes_done,
409 cur_bytes, &hd_qiov, 0);
78368575
DB		 410 if (ret < 0) {
411 goto cleanup;
412 }
413
4609742a
DB		 414 if (qcrypto_block_decrypt(crypto->block, offset + bytes_done,
415 cipher_data, cur_bytes, NULL) < 0) {
78368575
DB		 416 ret = -EIO;
417 goto cleanup;
418 }
419
a73466fb 420 qemu_iovec_from_buf(qiov, bytes_done, cipher_data, cur_bytes);
78368575 421
a73466fb
DB		 422 bytes -= cur_bytes;
423 bytes_done += cur_bytes;
78368575
DB		 424 }
425
426 cleanup:
427 qemu_iovec_destroy(&hd_qiov);
428 qemu_vfree(cipher_data);
429
430 return ret;
431}
432
433
434static coroutine_fn int
a73466fb
DB		 435block_crypto_co_pwritev(BlockDriverState *bs, uint64_t offset, uint64_t bytes,
436 QEMUIOVector *qiov, int flags)
78368575
DB		 437{
438 BlockCrypto *crypto = bs->opaque;
a73466fb 439 uint64_t cur_bytes; /* number of bytes in current iteration */
78368575
DB		 440 uint64_t bytes_done = 0;
441 uint8_t *cipher_data = NULL;
442 QEMUIOVector hd_qiov;
443 int ret = 0;
a73466fb
DB		 444 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block);
445 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block);
a73466fb 446
d67a6b09 447 assert(!(flags & ~BDRV_REQ_FUA));
a73466fb
DB		 448 assert(payload_offset < INT64_MAX);
449 assert(QEMU_IS_ALIGNED(offset, sector_size));
450 assert(QEMU_IS_ALIGNED(bytes, sector_size));
78368575
DB		 451
452 qemu_iovec_init(&hd_qiov, qiov->niov);
453
161253e2
DB		 454 /* Bounce buffer because we're not permitted to touch
455 * contents of qiov - it points to guest memory.
78368575
DB		 456 */
457 cipher_data =
161253e2 458 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE,
78368575
DB		 459 qiov->size));
460 if (cipher_data == NULL) {
461 ret = -ENOMEM;
462 goto cleanup;
463 }
464
a73466fb
DB		 465 while (bytes) {
466 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE);
78368575 467
a73466fb 468 qemu_iovec_to_buf(qiov, bytes_done, cipher_data, cur_bytes);
78368575 469
4609742a
DB		 470 if (qcrypto_block_encrypt(crypto->block, offset + bytes_done,
471 cipher_data, cur_bytes, NULL) < 0) {
78368575
DB		 472 ret = -EIO;
473 goto cleanup;
474 }
475
476 qemu_iovec_reset(&hd_qiov);
a73466fb 477 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes);
78368575 478
a73466fb 479 ret = bdrv_co_pwritev(bs->file, payload_offset + offset + bytes_done,
d67a6b09 480 cur_bytes, &hd_qiov, flags);
78368575
DB		 481 if (ret < 0) {
482 goto cleanup;
483 }
484
a73466fb
DB		 485 bytes -= cur_bytes;
486 bytes_done += cur_bytes;
78368575
DB		 487 }
488
489 cleanup:
490 qemu_iovec_destroy(&hd_qiov);
491 qemu_vfree(cipher_data);
492
493 return ret;
494}
495
a73466fb
DB		 496static void block_crypto_refresh_limits(BlockDriverState *bs, Error **errp)
497{
498 BlockCrypto *crypto = bs->opaque;
499 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block);
500 bs->bl.request_alignment = sector_size; /* No sub-sector I/O */
501}
502
78368575
DB		 503
504static int64_t block_crypto_getlength(BlockDriverState *bs)
505{
506 BlockCrypto *crypto = bs->opaque;
507 int64_t len = bdrv_getlength(bs->file->bs);
508
31376555
DB		 509 uint64_t offset = qcrypto_block_get_payload_offset(crypto->block);
510 assert(offset < INT64_MAX);
e39e959e
KW		 511
512 if (offset > len) {
513 return -EIO;
514 }
78368575
DB		 515
516 len -= offset;
517
518 return len;
519}
520
521
a9da6e49
SH		 522static BlockMeasureInfo *block_crypto_measure(QemuOpts *opts,
523 BlockDriverState *in_bs,
524 Error **errp)
525{
526 g_autoptr(QCryptoBlockCreateOptions) create_opts = NULL;
527 Error *local_err = NULL;
528 BlockMeasureInfo *info;
529 uint64_t size;
530 size_t luks_payload_size;
531 QDict *cryptoopts;
532
533 /*
534 * Preallocation mode doesn't affect size requirements but we must consume
535 * the option.
536 */
537 g_free(qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC));
538
539 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0);
540
541 if (in_bs) {
542 int64_t ssize = bdrv_getlength(in_bs);
543
544 if (ssize < 0) {
545 error_setg_errno(&local_err, -ssize,
546 "Unable to get image virtual_size");
547 goto err;
548 }
549
550 size = ssize;
551 }
552
553 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL,
554 &block_crypto_create_opts_luks, true);
555 qdict_put_str(cryptoopts, "format", "luks");
556 create_opts = block_crypto_create_opts_init(cryptoopts, &local_err);
557 qobject_unref(cryptoopts);
558 if (!create_opts) {
559 goto err;
560 }
561
562 if (!qcrypto_block_calculate_payload_offset(create_opts, NULL,
563 &luks_payload_size,
564 &local_err)) {
565 goto err;
566 }
567
568 /*
569 * Unallocated blocks are still encrypted so allocation status makes no
570 * difference to the file size.
571 */
5d72c68b 572 info = g_new0(BlockMeasureInfo, 1);
a9da6e49
SH		 573 info->fully_allocated = luks_payload_size + size;
574 info->required = luks_payload_size + size;
575 return info;
576
577err:
578 error_propagate(errp, local_err);
579 return NULL;
580}
581
582
78368575
DB		 583static int block_crypto_probe_luks(const uint8_t *buf,
584 int buf_size,
585 const char *filename) {
586 return block_crypto_probe_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
587 buf, buf_size, filename);
588}
589
590static int block_crypto_open_luks(BlockDriverState *bs,
591 QDict *options,
592 int flags,
593 Error **errp)
594{
595 return block_crypto_open_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS,
596 &block_crypto_runtime_opts_luks,
597 bs, options, flags, errp);
598}
599
1bedcaf1
KW		 600static int coroutine_fn
601block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp)
602{
603 BlockdevCreateOptionsLUKS *luks_opts;
604 BlockDriverState *bs = NULL;
605 QCryptoBlockCreateOptions create_opts;
672de729 606 PreallocMode preallocation = PREALLOC_MODE_OFF;
1bedcaf1
KW		 607 int ret;
608
609 assert(create_options->driver == BLOCKDEV_DRIVER_LUKS);
610 luks_opts = &create_options->u.luks;
611
612 bs = bdrv_open_blockdev_ref(luks_opts->file, errp);
613 if (bs == NULL) {
614 return -EIO;
615 }
616
617 create_opts = (QCryptoBlockCreateOptions) {
618 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS,
619 .u.luks = *qapi_BlockdevCreateOptionsLUKS_base(luks_opts),
620 };
621
672de729
ML		 622 if (luks_opts->has_preallocation) {
623 preallocation = luks_opts->preallocation;
624 }
625
1bedcaf1 626 ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts,
672de729 627 preallocation, errp);
1bedcaf1
KW		 628 if (ret < 0) {
629 goto fail;
630 }
631
632 ret = 0;
633fail:
634 bdrv_unref(bs);
635 return ret;
636}
637
b92902df
ML		 638static int coroutine_fn block_crypto_co_create_opts_luks(BlockDriver *drv,
639 const char *filename,
efc75e2a
SH		 640 QemuOpts *opts,
641 Error **errp)
78368575 642{
1ec4f416
KW		 643 QCryptoBlockCreateOptions *create_opts = NULL;
644 BlockDriverState *bs = NULL;
645 QDict *cryptoopts;
672de729
ML		 646 PreallocMode prealloc;
647 char *buf = NULL;
1ec4f416
KW		 648 int64_t size;
649 int ret;
672de729 650 Error *local_err = NULL;
1ec4f416
KW		 651
652 /* Parse options */
653 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0);
654
672de729
ML		 655 buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC);
656 prealloc = qapi_enum_parse(&PreallocMode_lookup, buf,
657 PREALLOC_MODE_OFF, &local_err);
658 g_free(buf);
659 if (local_err) {
660 error_propagate(errp, local_err);
661 return -EINVAL;
662 }
663
1ec4f416
KW		 664 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL,
665 &block_crypto_create_opts_luks,
666 true);
667
796d3239
MA		 668 qdict_put_str(cryptoopts, "format", "luks");
669 create_opts = block_crypto_create_opts_init(cryptoopts, errp);
1ec4f416
KW		 670 if (!create_opts) {
671 ret = -EINVAL;
672 goto fail;
673 }
674
675 /* Create protocol layer */
676 ret = bdrv_create_file(filename, opts, errp);
677 if (ret < 0) {
0b68589d 678 goto fail;
1ec4f416
KW		 679 }
680
681 bs = bdrv_open(filename, NULL, NULL,
682 BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL, errp);
683 if (!bs) {
684 ret = -EINVAL;
685 goto fail;
686 }
687
688 /* Create format layer */
672de729 689 ret = block_crypto_co_create_generic(bs, size, create_opts, prealloc, errp);
1ec4f416
KW		 690 if (ret < 0) {
691 goto fail;
692 }
693
694 ret = 0;
695fail:
1bba30da
DHB		 696 /*
697 * If an error occurred, delete 'filename'. Even if the file existed
698 * beforehand, it has been truncated and corrupted in the process.
699 */
700 if (ret && bs) {
701 Error *local_delete_err = NULL;
702 int r_del = bdrv_co_delete_file(bs, &local_delete_err);
703 /*
704 * ENOTSUP will happen if the block driver doesn't support
705 * the 'bdrv_co_delete_file' interface. This is a predictable
706 * scenario and shouldn't be reported back to the user.
707 */
708 if ((r_del < 0) && (r_del != -ENOTSUP)) {
709 error_report_err(local_delete_err);
710 }
711 }
712
1ec4f416
KW		 713 bdrv_unref(bs);
714 qapi_free_QCryptoBlockCreateOptions(create_opts);
cb3e7f08 715 qobject_unref(cryptoopts);
1ec4f416 716 return ret;
78368575
DB		 717}
718
c7c4cf49
DB		 719static int block_crypto_get_info_luks(BlockDriverState *bs,
720 BlockDriverInfo *bdi)
721{
722 BlockDriverInfo subbdi;
723 int ret;
724
725 ret = bdrv_get_info(bs->file->bs, &subbdi);
726 if (ret != 0) {
727 return ret;
728 }
729
730 bdi->unallocated_blocks_are_zero = false;
c7c4cf49
DB		 731 bdi->cluster_size = subbdi.cluster_size;
732
733 return 0;
734}
735
736static ImageInfoSpecific *
1bf6e9ca 737block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp)
c7c4cf49
DB		 738{
739 BlockCrypto *crypto = bs->opaque;
740 ImageInfoSpecific *spec_info;
741 QCryptoBlockInfo *info;
742
1bf6e9ca 743 info = qcrypto_block_get_info(crypto->block, errp);
c7c4cf49
DB		 744 if (!info) {
745 return NULL;
746 }
1bf6e9ca 747 assert(info->format == Q_CRYPTO_BLOCK_FORMAT_LUKS);
c7c4cf49
DB		 748
749 spec_info = g_new(ImageInfoSpecific, 1);
750 spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS;
751 spec_info->u.luks.data = g_new(QCryptoBlockInfoLUKS, 1);
752 *spec_info->u.luks.data = info->u.luks;
753
754 /* Blank out pointers we've just stolen to avoid double free */
755 memset(&info->u.luks, 0, sizeof(info->u.luks));
756
757 qapi_free_QCryptoBlockInfo(info);
758
759 return spec_info;
760}
761
2654267c
HR		 762static const char *const block_crypto_strong_runtime_opts[] = {
763 BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET,
764
765 NULL
766};
767
782b9d06 768static BlockDriver bdrv_crypto_luks = {
78368575
DB		 769 .format_name = "luks",
770 .instance_size = sizeof(BlockCrypto),
771 .bdrv_probe = block_crypto_probe_luks,
772 .bdrv_open = block_crypto_open_luks,
773 .bdrv_close = block_crypto_close,
497da823
FZ		 774 /* This driver doesn't modify LUKS metadata except when creating image.
775 * Allow share-rw=on as a special case. */
69dca43d 776 .bdrv_child_perm = bdrv_default_perms,
1bedcaf1 777 .bdrv_co_create = block_crypto_co_create_luks,
efc75e2a 778 .bdrv_co_create_opts = block_crypto_co_create_opts_luks,
061ca8a3 779 .bdrv_co_truncate = block_crypto_co_truncate,
78368575
DB		 780 .create_opts = &block_crypto_create_opts_luks,
781
f87e08f9 782 .bdrv_reopen_prepare = block_crypto_reopen_prepare,
a73466fb
DB		 783 .bdrv_refresh_limits = block_crypto_refresh_limits,
784 .bdrv_co_preadv = block_crypto_co_preadv,
785 .bdrv_co_pwritev = block_crypto_co_pwritev,
78368575 786 .bdrv_getlength = block_crypto_getlength,
a9da6e49 787 .bdrv_measure = block_crypto_measure,
c7c4cf49
DB		 788 .bdrv_get_info = block_crypto_get_info_luks,
789 .bdrv_get_specific_info = block_crypto_get_specific_info_luks,
2654267c 790
d67066d8
HR		 791 .is_format = true,
792
2654267c 793 .strong_runtime_opts = block_crypto_strong_runtime_opts,
78368575
DB		 794};
795
796static void block_crypto_init(void)
797{
798 bdrv_register(&bdrv_crypto_luks);
799}
800
801block_init(block_crypto_init);
QEMU mirror