[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH v5 11/18] qcow2: convert QCow2 to use QCryptoBlo
From: |
Alberto Garcia |
Subject: |
Re: [Qemu-block] [PATCH v5 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption |
Date: |
Tue, 21 Feb 2017 14:30:10 +0100 |
User-agent: |
Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (i586-pc-linux-gnu) |
On Tue 21 Feb 2017 12:55:05 PM CET, Daniel P. Berrange wrote:
> + switch (s->crypt_method_header) {
> + case QCOW_CRYPT_NONE:
> + break;
> +
> + case QCOW_CRYPT_AES:
> + r->crypto_opts = block_crypto_open_opts_init(
> + Q_CRYPTO_BLOCK_FORMAT_QCOW, opts, "aes-", errp);
> + break;
> +
> + default:
> + error_setg(errp, "Unsupported encryption method %d",
> + s->crypt_method_header);
> + break;
> + }
> + if (s->crypt_method_header && !r->crypto_opts) {
> + ret = -EINVAL;
> + goto fail;
> + }
This last condition relies on the assumption that QCOW_CRYPT_NONE == 0.
I think it's safe to assume that its value is never going to change and
therefore this isn't too important, but I'm just pointing it out in case
you want to make it explicit.
> @@ -1122,6 +1145,24 @@ static int qcow2_open(BlockDriverState *bs, QDict
> *options, int flags,
> goto fail;
> }
>
> + if (s->crypt_method_header == QCOW_CRYPT_AES) {
> + unsigned int cflags = 0;
> + if (flags & BDRV_O_NO_IO) {
> + cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
> + }
> + /* TODO how do we pass the same crypto opts down to the
> + * backing file by default, so we don't have to manually
> + * provide the same key-secret property against the full
> + * backing chain
> + */
> + s->crypto = qcrypto_block_open(s->crypto_opts, NULL, NULL,
> + cflags, errp);
> + if (!s->crypto) {
> + ret = -EINVAL;
> + goto fail;
> + }
> + }
Actually this has the same problem that I mentioned for patch 9: if
qcow2_open() fails then s->crypto is leaked.
Berto
- [Qemu-block] [PATCH v5 07/18] iotests: fix 097 when run with qcow, (continued)
- [Qemu-block] [PATCH v5 07/18] iotests: fix 097 when run with qcow, Daniel P. Berrange, 2017/02/21
- [Qemu-block] [PATCH v5 09/18] qcow: convert QCow to use QCryptoBlock for encryption, Daniel P. Berrange, 2017/02/21
- [Qemu-block] [PATCH v5 08/18] qcow: make encrypt_sectors encrypt in place, Daniel P. Berrange, 2017/02/21
- [Qemu-block] [PATCH v5 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place, Daniel P. Berrange, 2017/02/21
- [Qemu-block] [PATCH v5 12/18] qcow2: extend specification to cover LUKS encryption, Daniel P. Berrange, 2017/02/21
- [Qemu-block] [PATCH v5 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption, Daniel P. Berrange, 2017/02/21
- Re: [Qemu-block] [PATCH v5 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption,
Alberto Garcia <=
- [Qemu-block] [PATCH v5 15/18] iotests: enable tests 134 and 158 to work with qcow (v1), Daniel P. Berrange, 2017/02/21
- [Qemu-block] [PATCH v5 14/18] qcow2: add iotests to cover LUKS encryption support, Daniel P. Berrange, 2017/02/21
- [Qemu-block] [PATCH v5 13/18] qcow2: add support for LUKS encryption format, Daniel P. Berrange, 2017/02/21
- [Qemu-block] [PATCH v5 16/18] block: rip out all traces of password prompting, Daniel P. Berrange, 2017/02/21
- [Qemu-block] [PATCH v5 17/18] block: remove all encryption handling APIs, Daniel P. Berrange, 2017/02/21
- [Qemu-block] [PATCH v5 18/18] block: pass option prefix down to crypto layer, Daniel P. Berrange, 2017/02/21