jcs.org
qemu with hax to log dma reads & writes
jcs.org/2018/11/12/vfio
qcrypto/core: add generic infrastructure for crypto options amendment
This will be used first to implement luks keyslot management.
block_crypto_amend_opts_init will be used to convert
qemu-img cmdline to QCryptoBlockAmendOptions
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200608094030.670121-2-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
authored by
Maxim Levitsky
and committed by
Max Reitz
43cbd06d
d2a839ed
+95
+17
block/crypto.c
+17
block/crypto.c
···
202
202
return ret;
203
203
}
204
204
205
+
QCryptoBlockAmendOptions *
206
+
block_crypto_amend_opts_init(QDict *opts, Error **errp)
207
+
{
208
+
Visitor *v;
209
+
QCryptoBlockAmendOptions *ret;
210
+
211
+
v = qobject_input_visitor_new_flat_confused(opts, errp);
212
+
if (!v) {
213
+
return NULL;
214
+
}
215
+
216
+
visit_type_QCryptoBlockAmendOptions(v, NULL, &ret, errp);
217
+
218
+
visit_free(v);
219
+
return ret;
220
+
}
221
+
205
222
206
223
static int block_crypto_open_generic(QCryptoBlockFormat format,
207
224
QemuOptsList *opts_spec,
+3
block/crypto.h
+3
block/crypto.h
···
91
91
QCryptoBlockCreateOptions *
92
92
block_crypto_create_opts_init(QDict *opts, Error **errp);
93
93
94
+
QCryptoBlockAmendOptions *
95
+
block_crypto_amend_opts_init(QDict *opts, Error **errp);
96
+
94
97
QCryptoBlockOpenOptions *
95
98
block_crypto_open_opts_init(QDict *opts, Error **errp);
96
99
+29
crypto/block.c
+29
crypto/block.c
···
150
150
return crypto != NULL;
151
151
}
152
152
153
+
int qcrypto_block_amend_options(QCryptoBlock *block,
154
+
QCryptoBlockReadFunc readfunc,
155
+
QCryptoBlockWriteFunc writefunc,
156
+
void *opaque,
157
+
QCryptoBlockAmendOptions *options,
158
+
bool force,
159
+
Error **errp)
160
+
{
161
+
if (options->format != block->format) {
162
+
error_setg(errp,
163
+
"Cannot amend encryption format");
164
+
return -1;
165
+
}
166
+
167
+
if (!block->driver->amend) {
168
+
error_setg(errp,
169
+
"Crypto format %s doesn't support format options amendment",
170
+
QCryptoBlockFormat_str(block->format));
171
+
return -1;
172
+
}
173
+
174
+
return block->driver->amend(block,
175
+
readfunc,
176
+
writefunc,
177
+
opaque,
178
+
options,
179
+
force,
180
+
errp);
181
+
}
153
182
154
183
QCryptoBlockInfo *qcrypto_block_get_info(QCryptoBlock *block,
155
184
Error **errp)
+8
crypto/blockpriv.h
+8
crypto/blockpriv.h
···
62
62
void *opaque,
63
63
Error **errp);
64
64
65
+
int (*amend)(QCryptoBlock *block,
66
+
QCryptoBlockReadFunc readfunc,
67
+
QCryptoBlockWriteFunc writefunc,
68
+
void *opaque,
69
+
QCryptoBlockAmendOptions *options,
70
+
bool force,
71
+
Error **errp);
72
+
65
73
int (*get_info)(QCryptoBlock *block,
66
74
QCryptoBlockInfo *info,
67
75
Error **errp);
+22
include/crypto/block.h
+22
include/crypto/block.h
···
144
144
void *opaque,
145
145
Error **errp);
146
146
147
+
/**
148
+
* qcrypto_block_amend_options:
149
+
* @block: the block encryption object
150
+
*
151
+
* @readfunc: callback for reading data from the volume header
152
+
* @writefunc: callback for writing data to the volume header
153
+
* @opaque: data to pass to @readfunc and @writefunc
154
+
* @options: the new/amended encryption options
155
+
* @force: hint for the driver to allow unsafe operation
156
+
* @errp: error pointer
157
+
*
158
+
* Changes the crypto options of the encryption format
159
+
*
160
+
*/
161
+
int qcrypto_block_amend_options(QCryptoBlock *block,
162
+
QCryptoBlockReadFunc readfunc,
163
+
QCryptoBlockWriteFunc writefunc,
164
+
void *opaque,
165
+
QCryptoBlockAmendOptions *options,
166
+
bool force,
167
+
Error **errp);
168
+
147
169
148
170
/**
149
171
* qcrypto_block_calculate_payload_offset:
+16
qapi/crypto.json
+16
qapi/crypto.json
···
309
309
'base': 'QCryptoBlockInfoBase',
310
310
'discriminator': 'format',
311
311
'data': { 'luks': 'QCryptoBlockInfoLUKS' } }
312
+
313
+
314
+
315
+
##
316
+
# @QCryptoBlockAmendOptions:
317
+
#
318
+
# The options that are available for all encryption formats
319
+
# when amending encryption settings
320
+
#
321
+
# Since: 5.1
322
+
##
323
+
{ 'union': 'QCryptoBlockAmendOptions',
324
+
'base': 'QCryptoBlockOptionsBase',
325
+
'discriminator': 'format',
326
+
'data': {
327
+
} }