[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH v8 19/20] qcow2: report encryption specific imag
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-block] [PATCH v8 19/20] qcow2: report encryption specific image information |
Date: |
Mon, 19 Jun 2017 15:08:02 +0100 |
User-agent: |
Mutt/1.8.0 (2017-02-23) |
On Wed, Jun 07, 2017 at 07:38:44PM +0200, Max Reitz wrote:
> On 2017-06-01 19:27, Daniel P. Berrange wrote:
> > Currently 'qemu-img info' reports a simple "encrypted: yes"
> > field. This is not very useful now that qcow2 can support
> > multiple encryption formats. Users want to know which format
> > is in use and some data related to it.
> >
> > Wire up usage of the qcrypto_block_get_info() method so that
> > 'qemu-img info' can report about the encryption format
> > and parameters in use
> >
> > $ qemu-img create \
> > --object secret,id=sec0,data=123456 \
> > -o encrypt.format=luks,encrypt.key-secret=sec0 \
> > -f qcow2 demo.qcow2 1G
> > Formatting 'demo.qcow2', fmt=qcow2 size=1073741824 \
> > encryption=off encrypt.format=luks encrypt.key-secret=sec0 \
> > cluster_size=65536 lazy_refcounts=off refcount_bits=16
> >
> > $ qemu-img info demo.qcow2
> > image: demo.qcow2
> > file format: qcow2
> > virtual size: 1.0G (1073741824 bytes)
> > disk size: 480K
> > encrypted: yes
> > cluster_size: 65536
> > Format specific information:
> > compat: 1.1
> > lazy refcounts: false
> > refcount bits: 16
> > encrypt:
> > ivgen alg: plain64
> > hash alg: sha256
> > cipher alg: aes-256
> > uuid: 3fa930c4-58c8-4ef7-b3c5-314bb5af21f3
> > format: luks
> > cipher mode: xts
> > slots:
> > [0]:
> > active: true
> > iters: 1839058
> > key offset: 4096
> > stripes: 4000
> > [1]:
> > active: false
> > key offset: 262144
> > [2]:
> > active: false
> > key offset: 520192
> > [3]:
> > active: false
> > key offset: 778240
> > [4]:
> > active: false
> > key offset: 1036288
> > [5]:
> > active: false
> > key offset: 1294336
> > [6]:
> > active: false
> > key offset: 1552384
> > [7]:
> > active: false
> > key offset: 1810432
> > payload offset: 2068480
> > master key iters: 438487
> > corrupt: false
> >
> > With the legacy "AES" encryption we just report the format
> > name
> >
> > $ qemu-img create \
> > --object secret,id=sec0,data=123456 \
> > -o encrypt.format=aes,encrypt.key-secret=sec0 \
> > -f qcow2 demo.qcow2 1G
> > Formatting 'demo.qcow2', fmt=qcow2 size=1073741824 \
> > encryption=off encrypt.format=aes encrypt.key-secret=sec0 \
> > cluster_size=65536 lazy_refcounts=off refcount_bits=16
> >
> > $ ./qemu-img info demo.qcow2
> > image: demo.qcow2
> > file format: qcow2
> > virtual size: 1.0G (1073741824 bytes)
> > disk size: 196K
> > encrypted: yes
> > cluster_size: 65536
> > Format specific information:
> > compat: 1.1
> > lazy refcounts: false
> > refcount bits: 16
> > encrypt:
> > format: aes
> > corrupt: false
> >
> > Signed-off-by: Daniel P. Berrange <address@hidden>
> > ---
> > block/qcow2.c | 32 +++++++++++++++++++++++++++++++-
> > qapi/block-core.json | 27 ++++++++++++++++++++++++++-
> > 2 files changed, 57 insertions(+), 2 deletions(-)
> >
> > diff --git a/block/qcow2.c b/block/qcow2.c
> > index 58da658..a8a23af 100644
> > --- a/block/qcow2.c
> > +++ b/block/qcow2.c
>
> [...]
>
> > @@ -3224,6 +3230,30 @@ static ImageInfoSpecific
> > *qcow2_get_specific_info(BlockDriverState *bs)
> > assert(false);
> > }
> >
> > + if (encrypt_info) {
> > + ImageInfoSpecificQCow2Encryption *qencrypt =
> > + g_new(ImageInfoSpecificQCow2Encryption, 1);
> > + switch (encrypt_info->format) {
> > + case Q_CRYPTO_BLOCK_FORMAT_QCOW:
> > + qencrypt->format = BLOCKDEV_QCOW2_ENCRYPTION_FORMAT_AES;
> > + qencrypt->u.aes = encrypt_info->u.qcow;
> > + break;
> > + case Q_CRYPTO_BLOCK_FORMAT_LUKS:
> > + qencrypt->format = BLOCKDEV_QCOW2_ENCRYPTION_FORMAT_LUKS;
> > + qencrypt->u.luks = encrypt_info->u.luks;
> > + break;
> > + default:
> > + assert(false);
>
> I'd rather like this to be either a plain abort() or a
> g_asert_not_reached(); the latter is more expressive, and the former
> will work even with NDEBUG.
Its very annoying that g_assert_not_reached() can be turned into
a no-op as that would lead to bad code, so I'll make it abort().
> I know we already have an assert(false) in this function, but I'd assert
> this is just wrong.
Agreed.
> With this changed (or with me convinced that we should just use
> assert(false)):
>
> Reviewed-by: Max Reitz <address@hidden>
>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- Re: [Qemu-block] [PATCH v8 13/20] qcow2: add support for LUKS encryption format, (continued)
- [Qemu-block] [PATCH v8 15/20] iotests: enable tests 134 and 158 to work with qcow (v1), Daniel P. Berrange, 2017/06/01
- [Qemu-block] [PATCH v8 14/20] qcow2: add iotests to cover LUKS encryption support, Daniel P. Berrange, 2017/06/01
- [Qemu-block] [PATCH v8 16/20] block: rip out all traces of password prompting, Daniel P. Berrange, 2017/06/01
- [Qemu-block] [PATCH v8 17/20] block: remove all encryption handling APIs, Daniel P. Berrange, 2017/06/01
- [Qemu-block] [PATCH v8 18/20] block: pass option prefix down to crypto layer, Daniel P. Berrange, 2017/06/01
- [Qemu-block] [PATCH v8 19/20] qcow2: report encryption specific image information, Daniel P. Berrange, 2017/06/01
- [Qemu-block] [PATCH v8 20/20] docs: document encryption options for qcow, qcow2 and luks, Daniel P. Berrange, 2017/06/01
- Re: [Qemu-block] [PATCH v8 00/20] Convert QCow[2] to QCryptoBlock & add LUKS support, Max Reitz, 2017/06/07