filename, opts, errp);
}
+static int block_crypto_get_info_luks(BlockDriverState *bs,
+ BlockDriverInfo *bdi)
+{
+ BlockDriverInfo subbdi;
+ int ret;
+
+ ret = bdrv_get_info(bs->file->bs, &subbdi);
+ if (ret != 0) {
+ return ret;
+ }
+
+ bdi->unallocated_blocks_are_zero = false;
+ bdi->can_write_zeroes_with_unmap = false;
+ bdi->cluster_size = subbdi.cluster_size;
+
+ return 0;
+}
+
+static ImageInfoSpecific *
+block_crypto_get_specific_info_luks(BlockDriverState *bs)
+{
+ BlockCrypto *crypto = bs->opaque;
+ ImageInfoSpecific *spec_info;
+ QCryptoBlockInfo *info;
+
+ info = qcrypto_block_get_info(crypto->block, NULL);
+ if (!info) {
+ return NULL;
+ }
+ if (info->format != Q_CRYPTO_BLOCK_FORMAT_LUKS) {
+ qapi_free_QCryptoBlockInfo(info);
+ return NULL;
+ }
+
+ spec_info = g_new(ImageInfoSpecific, 1);
+ spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS;
+ spec_info->u.luks.data = g_new(QCryptoBlockInfoLUKS, 1);
+ *spec_info->u.luks.data = info->u.luks;
+
+ /* Blank out pointers we've just stolen to avoid double free */
+ memset(&info->u.luks, 0, sizeof(info->u.luks));
+
+ qapi_free_QCryptoBlockInfo(info);
+
+ return spec_info;
+}
+
BlockDriver bdrv_crypto_luks = {
.format_name = "luks",
.instance_size = sizeof(BlockCrypto),
.bdrv_co_readv = block_crypto_co_readv,
.bdrv_co_writev = block_crypto_co_writev,
.bdrv_getlength = block_crypto_getlength,
+ .bdrv_get_info = block_crypto_get_info_luks,
+ .bdrv_get_specific_info = block_crypto_get_specific_info_luks,
};
static void block_crypto_init(void)
return ret;
}
- out_buf = g_malloc(s->cluster_size + (s->cluster_size / 1000) + 128);
+ out_buf = g_malloc(s->cluster_size);
/* best compression, small window, no zlib header */
memset(&strm, 0, sizeof(strm));
return ret;
}
- out_buf = g_malloc(s->cluster_size + (s->cluster_size / 1000) + 128);
+ out_buf = g_malloc(s->cluster_size);
/* best compression, small window, no zlib header */
memset(&strm, 0, sizeof(strm));
struct QCryptoBlockLUKS {
QCryptoBlockLUKSHeader header;
+
+ /* Cache parsed versions of what's in header fields,
+ * as we can't rely on QCryptoBlock.cipher being
+ * non-NULL */
+ QCryptoCipherAlgorithm cipher_alg;
+ QCryptoCipherMode cipher_mode;
+ QCryptoIVGenAlgorithm ivgen_alg;
+ QCryptoHashAlgorithm ivgen_hash_alg;
+ QCryptoHashAlgorithm hash_alg;
};
block->payload_offset = luks->header.payload_offset *
QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
+ luks->cipher_alg = cipheralg;
+ luks->cipher_mode = ciphermode;
+ luks->ivgen_alg = ivalg;
+ luks->ivgen_hash_alg = ivhash;
+ luks->hash_alg = hash;
+
g_free(masterkey);
g_free(password);
goto error;
}
+ luks->cipher_alg = luks_opts.cipher_alg;
+ luks->cipher_mode = luks_opts.cipher_mode;
+ luks->ivgen_alg = luks_opts.ivgen_alg;
+ luks->ivgen_hash_alg = luks_opts.ivgen_hash_alg;
+ luks->hash_alg = luks_opts.hash_alg;
+
memset(masterkey, 0, luks->header.key_bytes);
g_free(masterkey);
memset(slotkey, 0, luks->header.key_bytes);
}
+static int qcrypto_block_luks_get_info(QCryptoBlock *block,
+ QCryptoBlockInfo *info,
+ Error **errp)
+{
+ QCryptoBlockLUKS *luks = block->opaque;
+ QCryptoBlockInfoLUKSSlot *slot;
+ QCryptoBlockInfoLUKSSlotList *slots = NULL, **prev = &info->u.luks.slots;
+ size_t i;
+
+ info->u.luks.cipher_alg = luks->cipher_alg;
+ info->u.luks.cipher_mode = luks->cipher_mode;
+ info->u.luks.ivgen_alg = luks->ivgen_alg;
+ if (info->u.luks.ivgen_alg == QCRYPTO_IVGEN_ALG_ESSIV) {
+ info->u.luks.has_ivgen_hash_alg = true;
+ info->u.luks.ivgen_hash_alg = luks->ivgen_hash_alg;
+ }
+ info->u.luks.hash_alg = luks->hash_alg;
+ info->u.luks.payload_offset = block->payload_offset;
+ info->u.luks.master_key_iters = luks->header.master_key_iterations;
+ info->u.luks.uuid = g_strndup((const char *)luks->header.uuid,
+ sizeof(luks->header.uuid));
+
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ slots = g_new0(QCryptoBlockInfoLUKSSlotList, 1);
+ *prev = slots;
+
+ slots->value = slot = g_new0(QCryptoBlockInfoLUKSSlot, 1);
+ slot->active = luks->header.key_slots[i].active ==
+ QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED;
+ slot->key_offset = luks->header.key_slots[i].key_offset
+ * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
+ if (slot->active) {
+ slot->has_iters = true;
+ slot->iters = luks->header.key_slots[i].iterations;
+ slot->has_stripes = true;
+ slot->stripes = luks->header.key_slots[i].stripes;
+ }
+
+ prev = &slots->next;
+ }
+
+ return 0;
+}
+
+
static void qcrypto_block_luks_cleanup(QCryptoBlock *block)
{
g_free(block->opaque);
const QCryptoBlockDriver qcrypto_block_driver_luks = {
.open = qcrypto_block_luks_open,
.create = qcrypto_block_luks_create,
+ .get_info = qcrypto_block_luks_get_info,
.cleanup = qcrypto_block_luks_cleanup,
.decrypt = qcrypto_block_luks_decrypt,
.encrypt = qcrypto_block_luks_encrypt,
}
+QCryptoBlockInfo *qcrypto_block_get_info(QCryptoBlock *block,
+ Error **errp)
+{
+ QCryptoBlockInfo *info = g_new0(QCryptoBlockInfo, 1);
+
+ info->format = block->format;
+
+ if (block->driver->get_info &&
+ block->driver->get_info(block, info, errp) < 0) {
+ g_free(info);
+ return NULL;
+ }
+
+ return info;
+}
+
+
int qcrypto_block_decrypt(QCryptoBlock *block,
uint64_t startsector,
uint8_t *buf,
void *opaque,
Error **errp);
+ int (*get_info)(QCryptoBlock *block,
+ QCryptoBlockInfo *info,
+ Error **errp);
+
void (*cleanup)(QCryptoBlock *block);
int (*encrypt)(QCryptoBlock *block,
* event_notifier_set necessary.
*
* Bit 0 is reserved for GSource usage of the AioContext, and is 1
- * between a call to aio_ctx_check and the next call to aio_ctx_dispatch.
+ * between a call to aio_ctx_prepare and the next call to aio_ctx_check.
* Bits 1-31 simply count the number of active calls to aio_poll
* that are in the prepare or poll phase.
*
void *opaque,
Error **errp);
+
+/**
+ * qcrypto_block_get_info:
+ * @block: the block encryption object
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Get information about the configuration options for the
+ * block encryption object. This includes details such as
+ * the cipher algorithms, modes, and initialization vector
+ * generators.
+ *
+ * Returns: a block encryption info object, or NULL on error
+ */
+QCryptoBlockInfo *qcrypto_block_get_info(QCryptoBlock *block,
+ Error **errp);
+
/**
* @qcrypto_block_decrypt:
* @block: the block encryption object
{ 'union': 'ImageInfoSpecific',
'data': {
'qcow2': 'ImageInfoSpecificQCow2',
- 'vmdk': 'ImageInfoSpecificVmdk'
+ 'vmdk': 'ImageInfoSpecificVmdk',
+ # If we need to add block driver specific parameters for
+ # LUKS in future, then we'll subclass QCryptoBlockInfoLUKS
+ # to define a ImageInfoSpecificLUKS
+ 'luks': 'QCryptoBlockInfoLUKS'
} }
##
'discriminator': 'format',
'data': { 'qcow': 'QCryptoBlockOptionsQCow',
'luks': 'QCryptoBlockCreateOptionsLUKS' } }
+
+
+##
+# QCryptoBlockInfoBase:
+#
+# The common information that applies to all full disk
+# encryption formats
+#
+# @format: the encryption format
+#
+# Since: 2.7
+##
+{ 'struct': 'QCryptoBlockInfoBase',
+ 'data': { 'format': 'QCryptoBlockFormat' }}
+
+
+##
+# QCryptoBlockInfoLUKSSlot:
+#
+# Information about the LUKS block encryption key
+# slot options
+#
+# @active: whether the key slot is currently in use
+# @key-offset: offset to the key material in bytes
+# @iters: #optional number of PBKDF2 iterations for key material
+# @stripes: #optional number of stripes for splitting key material
+#
+# Since: 2.7
+##
+{ 'struct': 'QCryptoBlockInfoLUKSSlot',
+ 'data': {'active': 'bool',
+ '*iters': 'int',
+ '*stripes': 'int',
+ 'key-offset': 'int' } }
+
+
+##
+# QCryptoBlockInfoLUKS:
+#
+# Information about the LUKS block encryption options
+#
+# @cipher-alg: the cipher algorithm for data encryption
+# @cipher-mode: the cipher mode for data encryption
+# @ivgen-alg: the initialization vector generator
+# @ivgen-hash-alg: #optional the initialization vector generator hash
+# @hash-alg: the master key hash algorithm
+# @payload-offset: offset to the payload data in bytes
+# @master-key-iters: number of PBKDF2 iterations for key material
+# @uuid: unique identifier for the volume
+# @slots: information about each key slot
+#
+# Since: 2.7
+##
+{ 'struct': 'QCryptoBlockInfoLUKS',
+ 'data': {'cipher-alg': 'QCryptoCipherAlgorithm',
+ 'cipher-mode': 'QCryptoCipherMode',
+ 'ivgen-alg': 'QCryptoIVGenAlgorithm',
+ '*ivgen-hash-alg': 'QCryptoHashAlgorithm',
+ 'hash-alg': 'QCryptoHashAlgorithm',
+ 'payload-offset': 'int',
+ 'master-key-iters': 'int',
+ 'uuid': 'str',
+ 'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }}
+
+##
+# QCryptoBlockInfoQCow:
+#
+# Information about the QCow block encryption options
+#
+# Since: 2.7
+##
+{ 'struct': 'QCryptoBlockInfoQCow',
+ 'data': { }}
+
+
+##
+# QCryptoBlockInfo:
+#
+# Information about the block encryption options
+#
+# Since: 2.7
+##
+{ 'union': 'QCryptoBlockInfo',
+ 'base': 'QCryptoBlockInfoBase',
+ 'discriminator': 'format',
+ 'data': { 'qcow': 'QCryptoBlockInfoQCow',
+ 'luks': 'QCryptoBlockInfoLUKS' } }
'''A QEMU VM'''
def __init__(self, binary, args=[], wrapper=[], name=None, test_dir="/var/tmp",
- monitor_address=None, debug=False):
+ monitor_address=None, socket_scm_helper=None, debug=False):
if name is None:
name = "qemu-%d" % os.getpid()
if monitor_address is None:
self._qemu_log_path = os.path.join(test_dir, name + ".log")
self._popen = None
self._binary = binary
- self._args = args
+ self._args = list(args) # Force copy args in case we modify them
self._wrapper = wrapper
self._events = []
self._iolog = None
+ self._socket_scm_helper = socket_scm_helper
self._debug = debug
# This can be used to add an unused monitor instance.
def send_fd_scm(self, fd_file_path):
# In iotest.py, the qmp should always use unix socket.
assert self._qmp.is_scm_available()
- bin = socket_scm_helper
- if os.path.exists(bin) == False:
- print "Scm help program does not present, path '%s'." % bin
+ if self._socket_scm_helper is None:
+ print >>sys.stderr, "No path to socket_scm_helper set"
return -1
- fd_param = ["%s" % bin,
+ if os.path.exists(self._socket_scm_helper) == False:
+ print >>sys.stderr, "%s does not exist" % self._socket_scm_helper
+ return -1
+ fd_param = ["%s" % self._socket_scm_helper,
"%d" % self._qmp.get_sock_fd(),
"%s" % fd_file_path]
devnull = open('/dev/null', 'rb')
return events
def event_wait(self, name, timeout=60.0, match=None):
+ # Test if 'match' is a recursive subset of 'event'
+ def event_match(event, match=None):
+ if match is None:
+ return True
+
+ for key in match:
+ if key in event:
+ if isinstance(event[key], dict):
+ if not event_match(event[key], match[key]):
+ return False
+ elif event[key] != match[key]:
+ return False
+ else:
+ return False
+
+ return True
+
# Search cached events
for event in self._events:
if (event['event'] == name) and event_match(event, match):
class QEMUQtestMachine(qemu.QEMUMachine):
'''A QEMU VM'''
- def __init__(self, binary, args=[], name=None, test_dir="/var/tmp"):
- super(self, QEMUQtestMachine).__init__(binary, args, name, test_dir)
+ def __init__(self, binary, args=[], name=None, test_dir="/var/tmp",
+ socket_scm_helper=None):
+ if name is None:
+ name = "qemu-%d" % os.getpid()
+ super(QEMUQtestMachine, self).__init__(binary, args, name=name, test_dir=test_dir,
+ socket_scm_helper=socket_scm_helper)
self._qtest_path = os.path.join(test_dir, name + "-qtest.sock")
def _base_args(self):
- args = super(self, QEMUQtestMachine)._base_args()
- args.extend(['-qtest', 'unix:path=' + self._qtest_path])
+ args = super(QEMUQtestMachine, self)._base_args()
+ args.extend(['-qtest', 'unix:path=' + self._qtest_path,
+ '-machine', 'accel=qtest'])
return args
def _pre_launch(self):
- super(self, QEMUQtestMachine)._pre_launch()
+ super(QEMUQtestMachine, self)._pre_launch()
self._qtest = QEMUQtestProtocol(self._qtest_path, server=True)
def _post_launch(self):
- super(self, QEMUQtestMachine)._post_launch()
+ super(QEMUQtestMachine, self)._post_launch()
self._qtest.accept()
def _post_shutdown(self):
- super(self, QEMUQtestMachine)._post_shutdown()
+ super(QEMUQtestMachine, self)._post_shutdown()
self._remove_if_exists(self._qtest_path)
def qtest(self, cmd):
if os.environ.get('QEMU_IO_OPTIONS'):
qemu_io_args += os.environ['QEMU_IO_OPTIONS'].strip().split(' ')
-qemu_prog = [os.environ.get('QEMU_PROG', 'qemu')]
+qemu_prog = os.environ.get('QEMU_PROG', 'qemu')
qemu_opts = os.environ.get('QEMU_OPTIONS', '').strip().split(' ')
imgfmt = os.environ.get('IMGFMT', 'raw')
msg = flt(msg)
print msg
-# Test if 'match' is a recursive subset of 'event'
-def event_match(event, match=None):
- if match is None:
- return True
-
- for key in match:
- if key in event:
- if isinstance(event[key], dict):
- if not event_match(event[key], match[key]):
- return False
- elif event[key] != match[key]:
- return False
- else:
- return False
-
- return True
-
-class VM(qtest.QEMUMachine):
+class VM(qtest.QEMUQtestMachine):
'''A QEMU VM'''
def __init__(self):
- super(self, VM).__init__(qemu_prog, qemu_opts, test_dir)
+ super(VM, self).__init__(qemu_prog, qemu_opts, test_dir=test_dir,
+ socket_scm_helper=socket_scm_helper)
self._num_drives = 0
def add_drive_raw(self, opts):